Juniper in virtuellen Netzen Karl-Heinz Lutz Partner Development DACh Juniper der Innovationsführer TALENT • 8,800+ employees and extensive partner ecosystem • 16 around-the-clock technical support centers globally • 47 offices serving 100+ countries INNOVATION • Securing more than 86% of U.S. smartphone traffic • Powering the world’s largest networks, including 97 of Fortune Global 100 • The world’s top 5 social media properties run on Juniper FINANCIALS • $4.6B in revenue in 2014; Non-GAAP EPS increased 13% yoy • Generated ~$842M of operating cash flow in 2014; $1.8B in cash and investments • ~$9B+ market cap Die Anforderungen an die IT wachsen • Mehr Flexibilität • Apps • Schnellere Umsetzung von Anforderungen • Kostendruck • Weniger Fachpersonal • Sicherheit Automatisierung, Virtualisierung ….. • Virtualisierung • Virtualisierung bezeichnet in der Informatik die Erzeugung virtueller (d. h. nicht-physikalischer) Dinge wie einer emulierten Hardware, eines Betriebssystems, Datenspeichers oder einer Netzwerkressource. Dies erlaubt es etwa, Computer-Ressourcen (insbesondere im Server-Bereich) transparent zusammenzufassen oder aufzuteilen, oder ein Betriebssystem innerhalb eines anderen auszuführen. • Automatisierung: • „Das Ausrüsten einer Einrichtung, so daß sie ganz oder teilweise ohne Mitwirkung des Menschen bestimmungsgemäß arbeitet.“[1] Wer steht für Virtualisierung? VMware’s SDDC Vision Software-Defined Data Center Priorities: Data Center Virtualization and Standardization Streamlined and Automated Data Center Ops Security Controls Native to Infrastructure High Availability and Resilient Infrastructure Application and Infrastructure Delivery Automation Software-Defined Data Center Outcomes: CapEx Reduction OpEx Reduction Effortless Security Improved Uptime ITaaS DAS DATA CENTER NETZ… Internet COMPUTE INFRASTRUKTUR…. Internet HYPERVISOREN UND VSWITCHES… Internet VIRTUELLE NETZE – VERGLEICHBAR MIT LOGISCHEN SWITCHES ODER VLANS Internet DAS VIRTUELLE NETZ? DAS VIRTUELLE NETZ? DAS VIRTUELLE NETZ? SERVICES DISTRIBUTED TO THE VIRTUAL SWITCH PHYSICAL WORKLOADS AND LEGACY VLANS VMware NSX Overlay Tunnels VxLAN VxLAN VTEP – Virtual Tunnel End Point Overlay attributes • L2 extension over Layer 3 underlay • Any to any at massive scale, up to 16 million logical segments • Overlay address are hidden from underlay Underlay attributes • Ideally a single element to manage (One Fabric) • All links active 100% of the time • All features on every port • Predictable latency and performance • In Service Software Upgrade Overlay ist maßgeblich abhängig von dem verwendeten Hypervisor Multiple Overlay Architekturen Overlay Networks Controller-less Controller Unicast VXLAN EVPN-VxLAN Scale out Networks L2 extension VMware NSX OpenContrail Centralized & Automated Management Polices & Service Chaining Data Center Virtualization Any x86 Any Storage Any IP network Load Balancing L2 Switching 3rd Party Firewalling/ACLs IPsec VPN L2 VPN SSLVPN Virtualized Network Access Port, Router, Firewall, Load Balancer Anywhere Underlay Network Any Network Fabric Any X86 Anywhere Virtualized Compute Virtualized Storage Complete Automation SDDC Platform L3 Routing Open, No vendor preference Workload Anywhere Any Application Advanced Data Center Network Services in Software - Automated Vmware Sicht der Netzwerk Welt Ist Netzwerkvirtualisierung Hardware-Unabhängig? • Meistens ja, ABER: • Die Grundlage muss mindestens folgende Schlüsselattribute bieten (Beschreibung aus dem "VMware NSX Network Virtualization Design Guide”) • Scalable • High-bandwidth • Fault-tolerant • QoS • Spines / Leave topology • Equal-Cost Multipathing • …. • Why not add Simple, easy to manage, automated with strong analytics? • Und Gateways sind notwendig (Hardware?) Netzarchitekturen müssen angepasst werden Server Virtualisierung reicht nicht aus • Silos im RZ eliminieren • Rechenzentren miteinander verbinden • Cloud Services integrieren • Sicherheitskonzepte integrieren Der Blick unter die Motorhaube… Der Blick unter die Motorhaube… Juniper Unterscheidungsmerkmale High-Performance DC Fabrics Virtual Networking Intelligence • DC Switches • VXLAN switching • Any topology • NSX SDN-overlay bridging gateway • Fabric technologies • Operational ease • Highly available • Massively scalable • Open standards • API/tool automatable • In-hypervisor & in-switch cloud analytics engine • Adaptive load balancing of “elephant & mice” flows / flowlets Data Center Interconnect Joint Management and Automation • Best-of-breed WAN and DCI routing • Web 2.0-style GUI • VPLS and E-VPN • Correlate physical and virtual networks • NSX SDN-overlay routing gateway • Universal SDN Gateway for multiple VXLAN & MPLS overlays • In-VM-Router scaling to 160Gbps • Manage DC network • Monitor vMotion • Analytics collector with network and inVM application visibility Complementary Network Security • NSX hypervisor FW and virtual network micro-segmentation • Juniper DC L2-7 perimeter with highperformance NGFW • Juniper in-VM FW offers Anti-APT/UTM with vSphereintegrated management Cloud Networking Architekturen Multi-tier MC-LAG IP Fabric Ethernet Fabric MX L2/L3 L3 L2/L3 L2 • Single broadcast domain • VLAN anywhere • MC-LAG • MAC mobility • Operational simplicity • • • L2 and L3 in single fabric Single point of management Automation within the fabric • • • Layer 3 Routing (OSPF or BGP) Fabric resiliency with ECMP Reduced scope of L2 broadcast domains . Charles CLOS – 1953 CLOS is required when the switching needs are greater than the largest, single switch 1 m 1 n Ingress http://en.wikipedia.org/wiki/Clos_network Middle Egress Cloud Networking Architekturen Multi-tier MC-LAG IP Fabric Ethernet Fabric IP Fabric with Overlay MX L2/L3 L3 L2/L3 L3 L2 Virtual Network • Single broadcast domain • VLAN anywhere • MC-LAG • MAC mobility • Operational simplicity • • • L2 and L3 in single fabric Single point of management Automation within the fabric • • • Layer 3 Routing (OSPF or BGP) Fabric resiliency with ECMP Reduced scope of L2 broadcast domains . • IP underlay fabric • Ethernet overlay • Subnets independent of physical topology Juniper Switching Architekturen Vorteile QFabric Juniper Architekturen Virtual Chassis Up to 10 members MC-LAG Offene Architekturen Up to 128 members Virtual Chassis Fabric Up to 32 members QFX5100 IP Fabric Single Point of Management Schlüsselfertig und bedarfsgerecht Benefits Flexible Einsatzgebiete … Offene Technologie und Eine einzige Architektur passt nicht überall – Protokolle L3 Fabric Der QFX5100 bietet die Wahl !! Virtual Chassis Fabric … … Virtual Chassis Fabric *AFS = Adaptive Flowlet Splicing • Single point of management • Ethernet Fabric – L2 für das gesamte DC oder Pods • Einfaches VTEP/L2 Gateway (mit OVSDB Integration) • Vereinfachter Multicast support (No need for PIM) • Flexibel in Größe, Interface Typen, zukünftige Erweiterungen • Spine-Leaf Topology für vorhersehbare Performance. • AFS* zur Gleichverteilung von Datenverkehr Intelligent Underlays: Adaptive Flowlet Splicing VN VN … Virtual Chassis Fabric underlay … overlay VN • Dynamischer Load Balancing Algorithmus für VCF • TCP Flow Splicing • No packet re-ordering • Load und Queue Depth Messungen für das Flowlet Balancing • Bessere ECMP Nutzung für Overlay und Underlay Verkehr. • Berechenbare und ausgewogene Performance Cloud Switching Portfolio Abbildung auf eine Spine-Leaf Lösung MODULAR EX9200 QFX10000 Up to 480 X 100 GbE Ports SPINE SCALE UP ARCHITECTURE FIXED LEAF QFX5100-24Q EX4300 GIGABIT ETHERNET QFX10002 OCX1100 QFX5100 OCP NETWORKING 10 GIGABIT ETHERNET QFX5100-24Q-AA QFX-PFA-4Q APPLICATION INTEGRATED SWITCHING QFX10002-72Q • Fixed platform to support transition from 10GbE to 40GbE and 100GbE • Compact form factor with high density Durchgängige Data Center Fabric Architektur Business Critical IT & Private Cloud Multi-tier MC-LAG SaaS, Web Services Ethernet Fabric VCF QFabric Junos Fusion IP Fabric … Virtual Network <4,260Servers < 1,500 Servers <6,000 Servers 10,000+ JUNOS: one common operating system for all fabrics Q: When a bear fights a shark, who wins? A: It depends on whether the fight was on the beach or in the water. We should pick the location where we choose to invest our energy fighting. Networking Ende zu Ende Hosted/ Managed Campus and Branch WAN Internet Public Cloud (Hybrid) MX (USG) MX (USG) Junos Space Network Director ANY NETWORK OR SDN Virtual & Physical Security Virtual & Physical Security QFX, EX, and QFabic Switching QFX, EX, and QFabic Switching Private Cloud Private Cloud Multi-Data Center, Multi-Cloud, One Network Architecture Overlay Architektur All Devices Need to Communicate Provide SDN-to-non-SDN translation, same IP subnet SDN to IP (Layer 2) Layer2 Provide SDN-to-non-SDN translation, different IP subnet SDN to IP (Layer 3) Layer3 Provide SDN-to-SDN translation, same or different IP subnet, same or different overlay SDN to SDN SDN Provide SDN-to-WAN translation, same or different IP subnet, same or different encapsulation SDN to WAN WAN Remote Data Center Public Cloud Internet MX-Series – Universal SDN Gateway WAN WAN GW Layer 3 GW Layer 2 GW SDN GW VMWare NSX Pod DC 1 Juniper Contrail Pod Mixed Pod DC 2 Integriertes Management, Orchestration & Automation Network Director Overview Web 2.0 GUI ND App Junos Space Junos OS NETCONF DMI ---------- B/OSS, ITSMs, DevOps, Platforms & Apps --------- Open RESTful API Custom DevOps/ITSM Integrated Management, Orchestration & Automation Network Director-to-VMware Integration Overview server controller … … VISUALIZE Holistic and correlated view ANALYZE Smarter and Proactive Networks CONTROL Lifecycle and Workflow Automation Data center and campus topologies Built-in collection and correlation engine Scalable multi-site management Correlated server/VM/network visibility Heat map and root-cause analysis Provisioning templating and planning Overlay and underlay connectivity Telemetry for overlays & underlays Fabric automation and management Physical and virtualized connectivity Inter-VM network trace and flow analysis Data center fabric management Physical & Virtual Visibility in Junos Space ND Data Center Topology and Devices Physical to Virtual Topology NSX Overlay Networks Topology Exceptional Networking Analytics JOINT-OPS VN • Insightful metrics monitoring • Faster troubleshooting and planning • Correlate & coordinate network and apps Overlay Awareness … s1>show analytics overlay vxlan … VNI Green: VM1, VM2, VM6, VM7 VNI Blue: VM5, VM10 VNI Red: VM3, VM4, VM8, VM9 VM VM VM KVM VM VM VM KVM VM VM VM KVM compute • Proactive & passive application QoE VN underlay • VXLAN ping, traceroute, VM path visibility VN overlay ADVANTAGES CAE Flow/App Visibility & Analysis VMs/Apps, Hosts, Networks • • Network Telemetry App Placement • • Troubleshooting Watch lists Flow-path Analytics • • • CAE Cloud Analytics Engine Health & capacity assessment End-to-end and per-hop analysis Unhealthy VMs/apps/hosts • • • Physical/virtual correlation Topology visualization Simple end-to-end mirroring Juniper Switching One Suite of Data Center Platforms (QFX and EX) One Operating System (Junos) Multi-Tier Ethernet Traditional Approach Ethernet Fabric Turn-Key Simplicity IP Fabric Hyper Scalability MPLS Fabric End-to-end Consistency BETTER + TOGETHER SDDC: Virtualization & Automation MetaFabric: Performance & Automation • Maximize agility and flexibility • DC programmatic control • Common policy across DC • High performance and scalable • Secure and reliable foundation • Physical-Virtual Ops. simplification NETWORK IS NSX Virtual Networking Physical-to-Virtual Switching & Routing plugged into VMware Compute Virtualization NOW YOUR THE SDDC + VM-aware Management and VNFs 1. Seamless forwarding across physical and virtual infrastructure 2. Virtualization-aware network management and orchestration 3. Analytics and visibility of both physical and virtual Herzlichen Dank
© Copyright 2024 ExpyDoc
