Network as a programmable asset Cloud Networking With Contrail Michael Langdon Director systems engineering, orchestration systems & SDN

Agenda 1 2 3 4 5 6 CHALLENGES & TRENDS NETWORK FOR CLOUD ERA CONTRAIL USE CASES 5 CASE STUDY 6 WHY CONTRAIL?

CHALLENGES AND TRENDS

ENTERPRISE IT CHALLENGES Hardware Centric & Static Virtualized & Agile IT Transformation to support support increasingly dynamic operations and business processes BUSINESS REQUIRE Agility and Automation Statistically Multiplex Resources - Reduce time- to-market Leverage big data for planning and optimization Mobility Centric Applications INFRASTRCTURE NEEDS Automated/Orchestrated & Self Service Leverage Physical Infrastructure Leverage Hybrid Cloud Infrastructure

72% $54.5B $131B Cloud Drives agility PRIVATE CLOUD APPS IN THE CLOUD Only 11% no plans to deploy private cloud** PRIVATE CLOUD $54.5B 19% CAGR* APPS IN THE CLOUD $131B 17% CAGR* PUBLIC CLOUD VM Virtual Physical VM Virtual Physical VM Virtual Physical VM Virtual Physical VM Virtual My on-premises data center My managed service provider My hosted service provider My cloud service provider *Gartner, June 2013, “Public Cloud Forecast 2011-2017, ** Gartner, Sept 2013, “Private Cloud Matures, Hybrid cloud is Next”

NEW ENTERPRISE APPS - NEW ARCHITECTURE HORIZONTAL PRESENT NEW ENTERPRISE APPS - NEW ARCHITECTURE Technology architectures must better support increasingly dynamic operational and business processes SILOS SCALE UP SCALE OUT APPLICATIONS Big data, real-time analytics Self-service Tightly coupled Client/server Web enablement App performance COMPUTE Large & dynamic workloads, VM mobility Virtualization, automation Specialized hardware STORAGE SAN, NAS Storage networks SAN/NAS Converged Network Distributed storage (DBS, DFS, DDB) NETWORK Hierarchical, Traffic 80% north-south $$$/port Dynamic network, Automation, x-domain virtualization DC fabric $$/port

NEXT GENERATION ENTERPRISE IT ARCHITECTURE CONFIG MANAGEMENT Self-Service Catalog, Reference Architecture Self-Service Service Automation SLA-drive, Usage Billing Elastic, Scale-out Infra App Inventory, Configured Containers, IDE’s APPS (SaaS) Infra Stack (OS, DBs, System Tools, etc) Tiered Service Offerings (Monitoring, Scheduling) PLATFORM (PaaS) ASSET MANAGEMENT Audit, Billing, Capacity, Performance INFRASTRUCTURE (IaaS) Service Pools (Security, DR) Virtualized Resources (Compute, Storage Network)

TCO & ROI BENEFIT 95% reduction in Time-to-Revenue OpEx 95% reduction in Time-to-Revenue 45 to 1 day to deploy new apps 70% TCO reduction (~$14,300 to $4,500/server/yr – app, db, compute, storage) Roll out new services faster to grow new topline revenue OpEx Automation, Self-Service Automated Incident/Service Management Flexible Cloud Enablement NMS Network Orchestration, SW Licensing Zero-touch Provisioning, Configuration Real-time diagnostics and analytics Virtualization, Orchestration Platform HW/SW Platform HW/SW Cost Optimized Hardware Services Balanced HW/SW High-density silicon Traditional Data Center Networking Spend DC Operator Spend w/ Cloud - SDN, Orchestration

Network for cloud era

46% 71% 54% 29% NETWORK WAS NOT DESIGNED FOR CLOUD 2011 2016 100% 46% VIRTUAL COMPUTE 71% VIRTUAL COMPUTE Rapid Growth in Virtualized Nodes in DC 54% PHYSICAL COMPUTE Networks designed for Physical Hosts and Physical Services 29% PHYSICAL COMPUTE 0% Time 2011 2016

Cloud ready – network virtualization Physical Servers IPS LBs FWs Routers VLAN ACLs FW Policies LB Standalone Application (Dedicated Resources) SEGMENTED NETWORKS WAN TRADITIONAL NETWORKING SCALE-OUT NETWORKING WAN Virtual WAN Network STORAGE POOL FW Service POOL LB Service POOL COMPUTE POOL Dynamic Virtual Network + Service Orchestration ? Common Resource Pools (Datacenter & Beyond) External Cloud Based Resources Evolving Applications (on Resource Pool) VM Physical Switching Fabric ~ Physical Compute Servers Pool of Resources – Sliced on Demand Automated Networking Services Virtualized, Multi-tenanted

THE NEW NETWORK – BUILT FOR CLOUD AUTOMATED & ORCHESTRATED CONFIGURED, MANAGED VIRTUALIZED, ON DEMAND SERVICES HARDWARE SERVICES HYBRID CLOUD INFRASTRUCTURE PRIVATE INFRASTRUCTURE Virtual Network Scalability With the advent of server virtualization and the adoption of virtual switches in the hypervisor, there has been a gradual shift at the edge of the network from the top-of-rack switches to the server. Each application tier or tenant is isolated using a VLAN (or VXLAN), and the switching and related policies are enforced in the virtual switches or the top-of-rack switching layer, while the routing and related policies are enforced in the spine/core switching layer. With the increasing dynamism of virtualized environments, applications and storage can get distributed over the entire cluster with time. This means that every top-of-rack switch could have many/all VLANs (or VXLAN) provisioned, and this presents scalability problems as typical top-of-rack switches have limited capacity for switching/forwarding tables and even more constrained table sizes for policy enforcement. Recently, there has been an emergence of network virtualization that uses overlay techniques to carry the tenant/application VLAN traffic over a routed physical network. As a result, the physical switching fabric does not contain any tenant/application VLAN information and is not involved in the switching and policy enforcement of traffic within the VLAN. However, most of the traffic needs to be routed from one VLAN to another, and this solution requires gateways (physical or software) and multiple hops through the switching fabric for routing and associated policy enforcement. Lack of Programmatic APIs Enterprises have to deal with multiple silos of disconnected management and operations systems for application orchestration, server virtualization, storage virtualization, and network provisioning. Since most application and infrastructure management is moving towards the use of an integrated orchestration system like VMware, OpenStack, and CloudStack, it is essential to present programmatic APIs (e.g., REST APIs) as an interface to the network instead of CLIs. Inability to Orchestrate Multi-Cloud/Hybrid Cloud Environments Existing networking approaches do not lend themselves to the seamless creation of new workload and/or the transport of workloads across multiple clouds/hybrid clouds. Lack of API compatibility and the federation of orchestration platforms are a major gap that inhibits different autonomous systems to securely cooperate for workload migration. Service Insertion Challenges Traditional appliance-centric network services require physical network elements to be reconfigured for any workload migration, and it takes an unacceptably long time to provision new service capacity and upgrade services. In addition, there is not any uniform management model (programmatic APIs) for services provided by different vendors and third parties including VM security, firewall, Network Address Translation (NAT), and VPN. OPEN SOURCE, OPEN STANDARDS PROPRIETARY

THE NEW NETWORK – BUILding blocks PROVIDED BY OPEN BGP VPN TECHNOLOGIES VIRTUAL NETWORKS NETWORK POLICY FOR TOPOLOGY AND PACKET FOR TRAFFIC CONTROL NETWORK AND PACKET POLICY NETWORK FUNCTIONS AND SERVICES STITCHED TO TOPOLOGY VIRTUALIZED SERVICES CONNECTS VIRTUAL AND PHYSICAL DOMAINS GATEWAYS

CONTRAIL

CONTRAIL – VIRTUALIZED & AUTOMATED NETWORK CONVERGED NETWORK ORCHESTRATION AUTOMATION, ANALYTICS CONTROL PLANE, MANAGEMENT PLANE NETWORK PROGRAMMABILITY ENABLING NFV (NETWORK FUNCTION VIRTUALIZATION) VIRTUALIZED NETWORK SERVICES INTEROPERABILITY WITH PHYSICAL NETWORK NETWORK VIRTUALIZATION (PRIVATE, HYBRID)

Physical Network (no changes) OPENContrail components TODAY 2014 Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network Analytics OPENCONTRAIL CONTROLLER Control Configuration Real-time analytics engine collects, stores and analyzes network elements Interacts with network elements for VM network provisioning and ensures uptime Physical Host with Hypervisor vRouter VM Physical Host with Hypervisor vRouter VM Physical Network (no changes) Analytics - Real-time analytics engine collects, stores and analyzes network elements Control - Interacts with network elements for VM network provisioning and ensures uptime Configuration - Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network vRouter - Virtualized routing element handles localized control plane and forwarding plane work on the compute node Gateway - MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node WAN, Internet Gateway Gatewa: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance

Cloud Enabled Networks What makes contrail unique … 1 Scale-out architecture for unlimited scalability and manageability 2 Real-time analytics for better insight and easy diagnosis 3 Programmability with REST APIs and SDN as a “complier” abstraction 4 Interoperability with multi-vendor physical infrastructure for investment protection 5 Inter-cloud orchestration for unified data center and WAN control 6 Network Function Virtualization for service agility and high availability So You Can Create Cloud Enabled Networks Simple Open Agile

USE CASES

Virtual-Network based Orchestration (Compute, Storage, Apps) enterprise IT CLOUD providing PAAS/Iaas/saas Dynamic Resource Allocation Automatic Configuration Dynamic Service Chains Silo’ed Resource Allocation Manual Configuration Static Service Chains CURRENT IT DATACENTER EVOLVED IT DATACENTER Firewalls Load-Balancer It wouldn’t be a real network presentation without a cartoon level picture of networking today and in the future. A traditional data center has 1.2.3 Moving VM’s is next to impossible as the network services do not move with the application. Side by side comparison of traditional vs. SDN ready data center Silo vs. location independent resources Manual vs. abstracted, automated configuration Static services vs. dynamic service chains We need to be clear that there is agility, which can be had by automation. Agility can be had by virtualization. Agility can be had by overlay. The market will determine if the added complexity is worth the benefits to agility. One thing is certain, is that you  don’t HAVE to go to a full SDN infrastructure to get many of these benefits… Automation - Orchestration - Virtualization – Each of those three elements adds greatly to the reduction of human latency, the increasing of agility in your ability to provide new services and applications. We know that the pictures drawn here are a simplistic overview of what will happen in most real data centers. The reality is that only 70 to 80% of applications can and will be virtualized. In most scenarios only virtualized applications can be abstracted in an overlay in software. This means you will have a portion of your network in a software overlay and a portion of your network that will need a physical hardware gateway to enable the communication and sharing of data between the overlay and non-overlay infrastructure. VLANS VLANS VIRTUALIZED FINANCE FINANCE HR MARKETING HR MARKETING Physical Servers Local Hard Drives Virtual-Network based Orchestration (Compute, Storage, Apps)

ENTERPRISE PRIVATE CLOUD Virtualized private & Hybrid clouds Contrail enables enterprises to adopt private or hybrid virtual cloud strategies, with application and workload mobility. Human Resources Finance Engineering HR VPC FINANCE ENGINEERING ENTERPRISE PRIVATE CLOUD Orchestrator CONTRAIL SDN CONTROLLER ENGINEERING VPC PUBLIC CLOUD (i.e. Amazon Web Services) Workload Mobility scalability and capex inefficiencies are result of the inability to handle policies, security, and routing at scale, without changes to physical switching infrastructure BENEFITS Contrail enables enterprises to adopt private or hybrid virtualized clouds to increase business agility. Integration with Cloudscaling enables workload mobility between private and public clouds

DYNAMIC SERVICE CHAINING & INSERTION Dynamically provision and chain physical or virtual network services, and connect virtual networks without any downtime. CONTRAIL SDN CONTROLLER Human Resources Orchestrator Dynamic Service Chain Configuration Finance MX Router w x86 Service Card MX Router w x86 Appliances Engineering Pool of x86 Appliances BENEFITS Increased agility and velocity of network services supporting critical business processes Reduced capital and operational expense via network simplification Simplified tenant isolation for security and regulation compliance

Case study

enterprise private cloud INITIAL CHALLENGE A recent acquisition target had to migrate development environment from its public cloud to internal Juniper resources SOLUTION Use Contrail to enable a dynamic private cloud that replicates pre- acquisition environment IMPROVEMENTS Leveraged Contrail to build a dynamic self-service cloud for a variety of needs Adapts to the ever-changing needs of software developers Able to reproduce flexibility of public cloud in a secure private cloud WHAT WE LIKE ABOUT CONTRAIL Contrail enables dynamic self-service cloud model—reducing IT costs while improving productivity Ease of integration with existing network infrastructure Ability to seamlessly connect network, storage and compute via orchestration tool integration

Go here for more…

Check out following for more info OpenContrail http://www.opencontrail.org Juniper SDN Portfolio http://www.juniper.net/us/en/products-services/sdn/ Youtube Channel showcasing some use cases http://www.youtube.com/user/opencontrail