Contrail Architecture

Total Page:16

File Type:pdf, Size:1020Kb

Contrail Architecture White Paper Contrail Architecture 1 Contrail Architecture White Paper Table of Contents Executive Summary ........................................................................................................................................................................................................4 Introduction ........................................................................................................................................................................................................................4 Overview of Contrail .......................................................................................................................................................................................................4 Use Cases ....................................................................................................................................................................................................................4 Contrail SDN Controller and the vRouter ........................................................................................................................................................ 5 Virtual Networks........................................................................................................................................................................................................ 5 Overlay Networking .................................................................................................................................................................................................. 5 Overlays Based on MPLS L3VPNs and EVPNs ............................................................................................................................................. 5 Contrail and Open Source .....................................................................................................................................................................................6 Scale-Out Architecture and High Availability .......................................................................................................................................................6 The Central Role of Data Models: SDN as a Compiler................................................................................................................................7 Northbound Application Programming Interfaces .......................................................................................................................................7 Graphical User Interface ........................................................................................................................................................................................8 An Extensible Platform ...........................................................................................................................................................................................8 Contrail Architecture Details .......................................................................................................................................................................................8 Nodes .......................................................................................................................................................................................................................... 10 Compute Node ...................................................................................................................................................................................................11 vRouter Agent ...........................................................................................................................................................................................................12 vRouter Forwarding Plane ....................................................................................................................................................................................12 Control Node ......................................................................................................................................................................................................13 Configuration Node ..........................................................................................................................................................................................14 Analytics Node ..................................................................................................................................................................................................15 The Contrail Forwarding Plane .................................................................................................................................................................. 16 MPLS over GRE ......................................................................................................................................................................................................... 17 VXLAN .......................................................................................................................................................................................................................... 17 MPLS over UDP ....................................................................................................................................................................................................... 18 Overlay Multicast Trees ....................................................................................................................................................................................... 20 Underlay Multicast Trees .....................................................................................................................................................................................22 Comparison ...............................................................................................................................................................................................................22 Service Chaining ......................................................................................................................................................................................................23 Control and Management Plane Protocols ..................................................................................................................................................24 IF-MAP .................................................................................................................................................................................................................24 XMPP ....................................................................................................................................................................................................................24 BGP .......................................................................................................................................................................................................................25 Sandesh ..............................................................................................................................................................................................................25 OpenStack Integration .........................................................................................................................................................................................25 Security .......................................................................................................................................................................................................................25 Horizontal Scalability and High Availability .................................................................................................................................................26 Control Nodes ...................................................................................................................................................................................................26 Configuration Nodes ......................................................................................................................................................................................26 Analytics Nodes ...............................................................................................................................................................................................26 vRouter Agent ...................................................................................................................................................................................................26 vRouter Forwarding Plane ............................................................................................................................................................................26 The Data Model .............................................................................................................................................................................................................. 27 Programming Model .............................................................................................................................................................................................. 27 Configuration
Recommended publications
  • Contrail Software Is the Visualization Tool of Choice When Managing and Controlling Access to Your Environmental Data Is Critical
    Contrail® Total Control of Your Environmental Network Data and Information Distribution Contrail software is the visualization tool of choice when managing and controlling access to your environmental data is critical. Contrail supports the real-time data collection, processing, archiving and dissemination of your hydrological, meteorological and other environmental data in one place. Contrail gives users instant access to what they need, when they need it, on any Web-enabled device. HIGHLIGHTS Contrail collects, validates, processes for alarming and notification, displays on maps, graphs and tables, archives, exports and disseminates hydro-meteorological Seamless integration of data from data and information, including gauge-adjusted radar rainfall and inundation many sensor types and 35+ source maps. Encompassed are tools and reports for sensor management, rainfall and types (e.g., ALERT2, SCADA, Modbus, stream-related reporting, maintenance, and custom alarm and notification features. and many others) OneRain’s solutions enable management of and quick access to water-related Complete data management and emergency action plan (EAP) content, links to any outside resources, webcam video automated archiving feeds from difficult sites, and many other web-hosted tools. Unlimited number of users–desktop and mobile Web-accessible (no special Makes Decision-Critical Support Data Highly Available app to install except on the hosting Contrail is used for operational decision support and emergency operations, post- servers) event analysis, model calibration and planning in hydrology and flood early warning, Advanced multi-sensor alarm rules dam safety and reservoir operations, water resource management, road weather, and and notification management environmental monitoring applications. Historical and real-time data The Contrail application is configurable to suit specific user needs, for multiple user Ingests information such as USGS, groups and different types of users simultaneously.
    [Show full text]
  • REDDIG II – Computer Networking Training
    REDDIG II – Computer Networking Training JM SANCHEZ / PH RASSAT - 20/06/2012 IP Addressing and Subnetting Invierno 2011 | Capacitacion en fabrica - CORPAC IP Addressing and Subnetting IP Addresses An IP address is an address used to uniquely identify a device on an IP network. The address is made up of 32 binary bits which can be divisible into a network portion and host portion with the help of a subnet mask. 32 binary bits are broken into four octets (1 octet = 8 bits) Dotted decimal format (for example, 172.16.254.1) REDDIG II | Network Course | Module 2 | 3 IP Addressing and Subnetting Binary and Decimal Conversion REDDIG II | Network Course | Module 2 | 4 IP Addressing and Subnetting IP Address Classes • IP classes are used to assist in assigning IP addresses to networks with different size requirements. • Classful addressing: REDDIG II | Network Course | Module 2 | 5 IP Addressing and Subnetting Private Address Range • Private IP addresses provide an entirely separate set of addresses that still allow access on a network but without taking up a public IP address space. • Private addresses are not allowed to be routed out to the Internet, so devices using private addresses cannot communicate directly with devices on the Internet. REDDIG II | Network Course | Module 2 | 6 IP Addressing and Subnetting Network Masks • Distinguishes which portion of the address identifies the network and which portion of the address identifies the node. • Default masks: Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0 • Once you have the address and the mask represented in binary, then identification of the network and host ID is easier.
    [Show full text]
  • IBM Tivoli Netcool/Omnibus Probe for Juniper Contrail: Reference Guide Chapter 1
    IBM® Tivoli® Netcool/OMNIbus Probe for Juniper Contrail 1.0 Reference Guide December 10, 2015 IBM SC27-8705-00 Note Before using this information and the product it supports, read the information in Appendix A, “Notices and Trademarks,” on page 19. Edition notice This edition (SC27-8705-00) applies to version 1.0 of IBM Tivoli Netcool/OMNIbus Probe for Juniper Contrail and to all subsequent releases and modifications until otherwise indicated in new editions. © Copyright International Business Machines Corporation 2015. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents About this guide.................................................................................................... v Document control page................................................................................................................................v Conventions used in this guide.................................................................................................................... v Chapter 1. Probe for Juniper Contrail..................................................................... 1 Summary...................................................................................................................................................... 1 Installing probes.......................................................................................................................................... 2 SSL-based connectivity................................................................................................................................3
    [Show full text]
  • A Survey on Data Plane Programming with P4: Fundamentals, Advances, and Applied Research
    A Survey on Data Plane Programming with P4: Fundamentals, Advances, and Applied Research Frederik Hausera, Marco Häberlea, Daniel Merlinga, Steffen Lindnera, Vladimir Gurevichb, Florian Zeigerc, Reinhard Frankc, Michael Mentha aUniversity of Tuebingen, Department of Computer Science, Chair of Communication Networks, Tuebingen, Germany bIntel, Barefoot Division (BXD), United States of America cSiemens AG, Corporate Technology, Munich, Germany Abstract Programmable data planes allow users to define their own data plane algorithms for network devices including appropriate data plane application programming interfaces (APIs) which may be leveraged by user-defined software-defined net- working (SDN) control. This offers great flexibility for network customization, be it for specialized, commercial appliances, e.g., in 5G or data center networks, or for rapid prototyping in industrial and academic research. Programming protocol-independent packet processors (P4) has emerged as the currently most widespread abstraction, programming language, and concept for data plane pro- gramming. It is developed and standardized by an open community, and it is supported by various software and hardware platforms. In the first part of this paper we give a tutorial of data plane programming models, the P4 programming language, architectures, compilers, targets, and data plane APIs. We also consider research efforts to advance P4 technology. In the second part, we categorize a large body of literature of P4-based applied research into different research domains, summarize the contributions of these papers, and extract prototypes, target platforms, and source code availability. For each research domain, we analyze how the reviewed works benefit from P4’s core features. Finally, we discuss potential next steps based on our findings.
    [Show full text]
  • A CAM-Based, High-Performance Classifier-Scheduler for a Video
    A CAM-BASED, HIGH-PERFORMA NCE CLASSIFIER-SCHEDULER FOR A VIDEO NETWORK PROCESSOR Srivamsi Tarigopula Thesis Prepared for the Degree of MASTER OF SCIENCE UNIVERSITY OF NORTH TEXAS May 2008 APPROVED: Saraju P. Mohanty, Major Professor Elias Kougianos, Committee Member Murali Varanasi, Committee Member Krishna Kavi, Chair of the Department of Computer Science and Engineering Oscar Garcia, Dean of the College of Engineering Sandra L. Terrell, Dean of the Robert B. Tarigopula, Srivamsi. A CAM-based, high-performance classifier-scheduler for a video network processor. Master of Science (Computer Engineering), May 2007, 82 pp., 3 tables, 24 figures, references, 67 titles. Classification and scheduling are key functionalities of a network processor. Network processors are equipped with application specific integrated circuits (ASIC), so that as IP (Internet Protocol) packets arrive, they can be processed directly without using the central processing unit. A new network processor is proposed called the video network processor (VNP) for real time broadcasting of video streams for IP television (IPTV). This thesis explores the challenge in designing a combined classification and scheduling module for a VNP. I propose and design the classifier-scheduler module which will classify and schedule data for VNP. The proposed module discriminates between IP packets and video packets. The video packets are further processed for digital rights management (DRM). IP packets which carry regular traffic will traverse without any modification. Basic architecture of VNP and architecture of classifier- scheduler module based on content addressable memory (CAM) and random access memory (RAM) has been proposed. The module has been designed and simulated in Xilinx 9.1i; is built in ISE simulator with a throughput of 1.79 Mbps and a maximum working frequency of 111.89 MHz at a power dissipation of 33.6mW.
    [Show full text]
  • Contrail Networking Installation and Upgrade Guide
    Contrail® Networking Contrail Networking Installation and Upgrade Guide Release Published 1912 2020-10-28 ii Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. ® Contrail Networking Contrail Networking Installation and Upgrade Guide 1912 Copyright © 2020 Juniper Networks, Inc. All rights reserved. The information in this document is current as of the date on the title page. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms
    [Show full text]
  • Towards Loop-Free Forwarding of Anonymous Internet Datagrams That Enforce Provenance
    Towards Loop-Free Forwarding of Anonymous Internet Datagrams that Enforce Provenance J.J. Garcia-Luna-Aceves1;2 1Department of Computer Engineering, University of California, Santa Cruz, CA 95064 2Palo Alto Research Center, Palo Alto, CA 94304 Email: [email protected] Abstract—The way in which addressing and forwarding are Internet datagram specifies the source address of the datagram implemented in the Internet constitutes one of its biggest privacy independently of any forwarding mechanism and end nodes and security challenges. The fact that source addresses in Internet are allowed to specify IP source addresses. datagrams cannot be trusted makes the IP Internet inherently vulnerable to DoS and DDoS attacks. The Internet forwarding Because of the algorithms used to assign IP addresses to plane is open to attacks to the privacy of datagram sources, be- entities and write source addresses into Internet datagrams, cause source addresses in Internet datagrams have global scope. the source address of an Internet datagram fails to convey The fact an Internet datagrams are forwarded based solely on the its provenance correctly. The recipient of an Internet data- destination addresses stated in datagram headers and the next gram is unable to authenticate the claimed IP address of the hops stored in the forwarding information bases (FIB) of relaying routers allows Internet datagrams to traverse loops, which wastes source of the datagram based solely on the basic operation resources and leaves the Internet open to further attacks. We of the forwarding plane of the IP Internet. The receivers of introduce PEAR (Provenance Enforcement through Addressing Internet datagrams are forced to use additional mechanisms and Routing), a new approach for addressing and forwarding and information to cope with the fact that a source address of Internet datagrams that enables anonymous forwarding of need not denote the valid provenance of an Internet datagram.
    [Show full text]
  • Contrail Base Station Pre-Installation Planning
    Contrail® Base Station Pre-Installation Planning Software Version 8.X.X CORPORATE HEADQUARTERS OneRain Incorporated 1531 Skyway Drive, Unit D Longmont, CO 80504-6270, USA Revision: 2.4 March 2021 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS DOCUMENT ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS DOCUMENT ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE CONTRAIL BASE STATION PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT ONERAIN INCORPORATED FOR A COPY. Contents Introduction ...................................................................................................................................... 4 Customer Pre-Installation Checklist ..................................................................................................... 4 Planning your installation ............................................................................................................... 4 Time .......................................................................................................................................................... 4 Pre-Installation Plan ...............................................................................................................................
    [Show full text]
  • Contrail Security
    Data Sheet Contrail Security Product Overview Product Description Contrail Security, a member of Chief Information Security Officers (CISOs) and security administrators are faced with the Contrail product family, is a an ever-increasing list of threats to their applications, whether they are deployed in simple, open, fully distributed development, staging, production, or public cloud environments; running on bare-metal cloud security solution that servers (BMS), on virtual machines (VMs), or within containers; or orchestrated by allows users to protect OpenStack, Kubernetes, or OpenShift. Workload mobility in modern cloud environments applications running in any virtual exacerbates the problem, adding a new level of difficulty for securing workloads that environment. Policies based on migrate frequently. known application attributes defined by tags, labels, and As a result, the network perimeter is now blurred, rendering traditional perimeter-based other grouping constructs can application security measures insufficient, inflexible, and extremely cumbersome and be universally applied in various costly to manage. The current decentralized, distributed, and democratized application environments without having to development model, spurred by the rise of containerized infrastructure and the availability rewrite them every time. of cloud infrastructure, both public and on-premise, demands a similarly democratized Contrail Security further and agile solution for securing the applications themselves. Developers must be able to enhances the security framework express their application security requirements, while security administrators must be by providing critical insights empowered to overlay those requirements with additional rules and policies transparent to into traffic flows, establishing the developers. a new security paradigm that reduces the overall number of Juniper® Contrail™ Security introduces a new paradigm for expressing, enforcing, and policies, simplifies enforcement, visualizing security rules and policies.
    [Show full text]
  • Tungstenfabric Release Master
    TungstenFabric Release master Tungsten Fabric Project Jul 05, 2021 CONTENTS 1 Documentation Structure 3 1.1 User Documentation...........................................3 1.1.1 Getting Started.........................................3 1.1.2 Releases.............................................3 1.2 About Tungsten Fabric.......................................... 38 1.2.1 Contribute to Tungsten Fabric................................. 38 1.2.2 Getting Started as a Contributor................................ 40 1.2.3 Processes before submitting a blueprint............................ 44 1.2.4 Blueprint Submission...................................... 44 1.2.5 Code Submission........................................ 46 1.2.6 Test plan Submission...................................... 46 1.2.7 Tungsten Fabric JIRA workflow................................ 46 1.2.8 How to review a patch in Gerrit................................. 48 1.2.9 RST conventions........................................ 50 1.2.10 Writing style.......................................... 69 1.3 Infrastructure............................................... 84 1.4 Administration.............................................. 84 1.4.1 Documentation Structure.................................... 84 1.5 Tungsten Fabric Governance....................................... 87 1.5.1 Docs Structure......................................... 87 1.5.2 Governance Documents..................................... 110 1.5.3 Current Committee Membership................................ 111 1.5.4 Elections...........................................
    [Show full text]
  • Decentralized Modular Router Architectures
    DECENTRALIZED MODULAR ROUTER ARCHITECTURES Doctoral Thesis Markus Hidell Laboratory for Communication Networks School of Electrical Engineering KTH, Royal Institute of Technology Stockholm 2006 Decentralized Modular Router Architectures A dissertation submitted to the Royal Institute of Technology (KTH) in partial fulfillment of the requirements for the Doctor of Philosophy degree. Akademisk avhandling som med tillstånd av Kungliga Tekniska Högskolan framlägges till offentlig granskning för avläggande av teknologie doktorsexamen fredagen den 22 september 2006 i Salongen, KTHB, KTH, Stockholm. © Markus Hidell, 2006 Royal Institute of Technology (KTH) School of Electrical Engineering Laboratory for Communication Networks SE-100 44 Stockholm Sweden TRITA-EE 2006:036 ISSN 1653-5146 ISRN KTH/EE—06/036—SE ISBN 91-7178-424-1 Printed by Universitetsservice US-AB, Stockholm 2006 ABSTRACT The Internet grows extremely fast in terms of number of users and traffic volume, as well as in the number of services that must be supported. This development results in new requirements on routers—the main building blocks of the Internet. Existing router designs suffer from architectural limitations that make it difficult to meet future requirements, and the purpose of this thesis is to explore new ways of building routers. We take the approach to investigate distributed and modular router designs, where routers are composed of multiple modules that can be mapped onto different processing elements. The modules communicate through open well-defined interfaces over an internal network. Our overall hypothesis is that such a combination of modularization and decentralization is a promising way to improve scalability, flexibility, and robustness of Internet routers—properties that will be critical for new generations of routers.
    [Show full text]
  • BGP-Default 108 Local 150000 1500 89395477 3845915191
    Packet Journey Inside ASR 9000 Mike Mikhail, Solutions Architect [email protected] BRKARC-2017 Cisco Spark Questions? Use Cisco Spark to chat with the speaker after the session How 1. Find this session in the Cisco Live Mobile App 2. Click “Join the Discussion” 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be cs.co/clus17/#BRKARC-2017 available until July 3, 2017. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Abstract • System architecture overview: Control & forwarding paths • Control and exception traffic: Internal handling, forwarding, and security • Transit frame forwarding: L3/L2 unicast/multicast forwarding/replication • MPLS forwarding: Forwarding and L3/L2 service operation in hardware • Troubleshooting: Counters, drops, and packet/frame capture Acknowledgement • Content • Jeff Byzek, Technical Marketing Engineer • Gawel Mikolajczyk, Technical Solutions Architect • David Pothier, Enterprise Architect • Xander Thuijs, Principal Engineer • Mei Zhang, Technical Leader • Review • David Pothier, Enterprise Architect • Matt Breneisen, Solutions Integration Architect • Neel Shah • Xander Thuijs, Principal Engineer BRKARC-2017 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Agenda • System architecture overview: Control & forwarding paths • Control and exception traffic: Internal forwarding, and security • Transit frame forwarding: L3/L2 unicast/multicast in hardware • MPLS operation: Forwarding & service in hardware • Troubleshooting:
    [Show full text]