Contrail介紹-Juniperover教學(xué)講解課件

Contrail介紹

---JuniperoverlaySDN解決方案Contrail介紹---JuniperoverlayContrail介紹---Juniperoverlay網(wǎng)絡(luò)虛擬化演進方向VirtualNetworkOverlaysReactiveEnd-to-EndVLANconfiguredonphysicalswitchesRequiresprogrammingofflowsNoimpact

tophysical

networkManualEnd-to-EndPROACTIVE

SOFTWAREOVERLAYOPENFLOWREACTIVEAPPOACHVLANAPPROACH網(wǎng)絡(luò)虛擬化演進方向VirtualNetworkOverl網(wǎng)絡(luò)虛擬化演進方向VirtualNetworkOverl需要手動在每臺配置每隔VLAN的信息插入服務(wù)相對比較復(fù)雜

VLANID一共只有4096個，支持的用戶數(shù)量也是4096

用戶的流量在物理網(wǎng)絡(luò)直接傳輸網(wǎng)絡(luò)虛擬化---VLAN手工控制.低效率.擴展性低.需要手動在每臺配置每隔VLAN的信息插入服務(wù)相對比較復(fù)雜V需要手動在每臺配置每隔VLAN的信息插入服務(wù)相對比較復(fù)雜V網(wǎng)絡(luò)虛擬化----OpenflowOpenFlow需要底層交換機的支持OpenFlow需要編程每個用戶的流量都要經(jīng)過物理網(wǎng)絡(luò)轉(zhuǎn)發(fā)延遲較高.擴展性低.增加故障的考慮點.可升級.Openflow控制器每個流量的首個數(shù)據(jù)包都要去到控制器進行分析網(wǎng)絡(luò)虛擬化----OpenflowOpenFlow需要底層交網(wǎng)絡(luò)虛擬化----OpenflowOpenFlow需要底層交數(shù)據(jù)包不用經(jīng)過控制器，僅通過隧道進行轉(zhuǎn)發(fā)通過已存在的網(wǎng)絡(luò)轉(zhuǎn)發(fā)數(shù)據(jù)用戶的信息通過隧道轉(zhuǎn)發(fā)，對現(xiàn)網(wǎng)沒有感知，即使現(xiàn)網(wǎng)的結(jié)構(gòu)在發(fā)生改變控制器運用編程手段控制虛擬的vswitch和虛擬網(wǎng)關(guān)網(wǎng)絡(luò)虛擬化----OVerlay低延遲.高擴展性.自動恢復(fù)能力.可以在任何網(wǎng)絡(luò)上實現(xiàn).數(shù)據(jù)包不用經(jīng)過控制器，僅通過隧道進行轉(zhuǎn)發(fā)通過已存在的網(wǎng)絡(luò)轉(zhuǎn)發(fā)數(shù)據(jù)包不用經(jīng)過控制器，僅通過隧道進行轉(zhuǎn)發(fā)通過已存在的網(wǎng)絡(luò)轉(zhuǎn)發(fā)JuniperCONTRAIL的角色與作用ServiceNodesInternetVPNDCIWANGatewayRouter

JunosVContrailOrchestratorComputeAPIsStorageAPIsNetworkAPIsServerVirtualMachinevRouterPhysicalSwitchesvSRX,F5…Juniper的contrail以openstack為基礎(chǔ)，通過API調(diào)用openstack的組件JuniperCONTRAIL的角色與作用ServiceJuniperCONTRAIL的角色與作用ServiceContrail組件PhysicalNetwork

(nochanges)AnalyticsOPENCONTRAILCONTROLLERControlConfigurationPhysicalHostwithHypervisorvRouterVMVMVMVMPhysicalHostwithHypervisorvRouterVMVMVMVMWAN,InternetGateway通過API戒口接收VM的狀態(tài)信息，包括遷移，新建等可以實時分析數(shù)據(jù)和流量通過openstack的API控制其他的節(jié)點信息vRouter:虛擬化的vswitch，為虛擬機接入提供虛擬化戒口Gateway:可以采用juniper的MX或者EX9200TODAY2014Juniper目前完成openstack的集成，后續(xù)還會支持Vmware等更多的云平臺系統(tǒng)contrail控制器Contrail節(jié)點Contrail節(jié)點Contrail組件PhysicalNetwork

(noContrail組件PhysicalNetwork

(noIPAM,VirtualDNSSecurityLoad

Balancing3rdPartyNetworkServicesRichAnalyticsHigh

AvailabilityServiceChainingAPI

ServicesRoutingandSwitchingGatewayServicesContrail功能IPAM,VirtualDNSSecurityLoad

IPAM,VirtualDNSSecurityLoad

Contrail–

控制器和節(jié)點ControlNode

"BGPmodule"

ProxiesXMPPControl

NodeControl

NodeComputeNodeComputeNodeConfigurationNodeConfigurationNodeIF-MAPXMPPIBGPIF-MAPClient控制器和節(jié)點之間可以實現(xiàn)控制和轉(zhuǎn)發(fā)分離

控制器可以控制多個節(jié)點，包括路由器和computenode控制層面通過BGP協(xié)議實現(xiàn)路由控制轉(zhuǎn)發(fā)點通過動態(tài)的GRE的隧道轉(zhuǎn)發(fā)數(shù)據(jù)物理拓撲和交換機對于用戶是透明的Gateway

RoutersServiceNodesContrail–控制器和節(jié)點CContrail–控制器和節(jié)點CControlplane–路由發(fā)布方式10.1.1.110.1.1.270.10.10.1151.10.10.110.1.1.2:NH=151.10.10.1;LBL=1710.1.1.1:NH=70.10.10.1;LBL=3910.1.1.110.1.1.2PAYLOADVRFPriSrcIPPriDstIP10.1.1.110.1.1.2PAYLOADLBL=17GRE70.10.10.1151.10.10.1PubSrcIPPubDstIPVMVRFPriSrcIPPriDstIP10.1.1.110.1.1.2PAYLOADPriSrcIPPriDstIPVMIPNetworkAgentAgentXMPPXMPPControlNodeConfigurationNodeREST/API10.1.1.2:NH=151.10.10.1;LBL=1710.1.1.1:NH=70.10.10.1;LBL=39(DynamicTunnelEncapsulation)(DynamicTunnelDecapsulation)Server1Server2ControlPlane*OuterMACheaderwasleftoutintentionallytoreduceclutter10.1.1.1:NH=70.10.10.1;LBL=3910.1.1.2:NH=151.10.10.1;LBL=17ControlPlaneIF-MAP通過BGP協(xié)議VM的地址被宣告到控制器中轉(zhuǎn)發(fā)時原始數(shù)據(jù)包經(jīng)過GRE再次封裝Controlplane–路由發(fā)布方式10.1.1.1Controlplane–路由發(fā)布方式10.1.1.1應(yīng)用場景—邏輯拓撲VM

G1VM

G2VM

G3VNGVM

R1VM

R2VM

R3VNRPNVM

FW虛擬網(wǎng)絡(luò)用戶的VM虛擬防火墻物理路由器物理網(wǎng)絡(luò)應(yīng)用場景—邏輯拓撲VM

G1VM

G2VM

G3VNGVM應(yīng)用場景—邏輯拓撲VM

G1VM

G2VM

G3VNGVM應(yīng)用場景—物理拓撲OpenStackContrail

ControllerNeutronNova虛擬VM帶vrouter的Hypervisor物理交換機物理出口路由器應(yīng)用場景—物理拓撲OpenStackContrail

Con應(yīng)用場景—物理拓撲OpenStackContrail

Con邏輯與物理拓撲對應(yīng)VM

G1VM

G2VM

G3VNGVM

R1VM

R2VM

R3VNRL3VPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICAL邏輯與物理拓撲對應(yīng)VM

G1VM

G2VM

G3VNGVM邏輯與物理拓撲對應(yīng)VM

G1VM

G2VM

G3VNGVM初始化過程，網(wǎng)絡(luò)還沒有建立VM

G1VM

G2VM

G3VNGVM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICAL初始化過程，網(wǎng)絡(luò)還沒有建立VM

G1VM

G2VM

G3VN初始化過程，網(wǎng)絡(luò)還沒有建立VM

G1VM

G2VM

G3VN用戶新建虛擬網(wǎng)絡(luò)VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGCreateVNG用戶新建虛擬網(wǎng)絡(luò)VM

G1VM

G2VM

G3VM

R1VM用戶新建虛擬網(wǎng)絡(luò)VM

G1VM

G2VM

G3VM

R1VM用戶新建虛擬機VMG1VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGCreateVMG1

AttachtoVNGNova:CreateVMVM

G1用戶新建虛擬機VMG1VM

G1VM

G2VM

G3VM

用戶新建虛擬機VMG1VM

G1VM

G2VM

G3VM

VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1Neutron:

AttachVMtoVNCreateVMG1

AttachtoVNGXMPP:

Createrouting-instance用戶新建虛擬機VMG1VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3用戶新建VMG2VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGCreateVMG2

AttachtoVNGVM

G1Nova:CreateVMVM

G2用戶新建VMG2VM

G1VM

G2VM

G3VM

R1V用戶新建VMG2VM

G1VM

G2VM

G3VM

R1V用戶新建VMG2VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1Neutron:

AttachVMtoVNCreateVMG2

AttachtoVNGVM

G2XMPP:

Createrouting-instanceVM

G2用戶新建VMG2VM

G1VM

G3VM

R1VM

R2V用戶新建VMG2VM

G1VM

G3VM

R1VM

R2VContrail通過指令在兩個服務(wù)器之間建立隧道VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1CreateVMG2

AttachtoVNGVM

G2XMPP:

ExchangeroutesCreatetunnelsVM

G2Contrail通過指令在兩個服務(wù)器之間建立隧道VM

G1VContrail通過指令在兩個服務(wù)器之間建立隧道VM

G1V用戶的數(shù)據(jù)包在隧道中轉(zhuǎn)發(fā)的情況VM

G1VM

G2IPprefixNexthopVMG1Virtualethernetport

toVMG1Greenrouting-instanceIPFIBVMG2PushlabelL2+

GREencapstoserverS2MPLSlabelNexthopL1Pop+Greenrouting-instanceGlobalMPLSFIBIPprefixNexthopServerS2PhysicalethernetportGlobalIPFIBIPprefixNexthopVMG1PushlabelL1

GREencapstoserverS1Greenrouting-instanceIPFIBVMG2VirtualethernetporttoVMG2MPLSlabelNexthopL2Pop+Greenrouting-instanceGlobalMPLSFIBIPprefixNexthopServerS1PhysicalethernetportGlobalIPFIBInnerIPheaderPayloadVMG1SourceIPVMG2DestIP...MPLSL2LabelGRE...OuterIPheaderServerS1SourceIPServerS2DestIPEthernetServerS1SourceMACServerS2DestMACPacketS1S2用戶的數(shù)據(jù)包在隧道中轉(zhuǎn)發(fā)的情況VM

G1VM

G2IPpr用戶的數(shù)據(jù)包在隧道中轉(zhuǎn)發(fā)的情況VM

G1VM

G2IPpr用戶新建VMG3VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2CreateVMG3

AttachtoVNGNova:CreateVMVM

G3用戶新建VMG3VM

G1VM

G3VM

R1VM

R2V用戶新建VMG3VM

G1VM

G3VM

R1VM

R2V用戶新建VMG3VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2CreateVMG3

AttachtoVNGVM

G3Neutron:

AttachVMtoVNXMPP:

Createrouting-instance用戶新建VMG3VM

G1VM

G3VM

R1VM

R2V用戶新建VMG3VM

G1VM

G3VM

R1VM

R2VContrail在物理服務(wù)器之間再搭建兩條隧道VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2CreateVMG3

AttachtoVNGVM

G3XMPP:

ExchangeroutesCreatetunnelsContrail在物理服務(wù)器之間再搭建兩條隧道VM

G1VMContrail在物理服務(wù)器之間再搭建兩條隧道VM

G1VM用戶的最終狀態(tài)VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2VM

G3用戶的最終狀態(tài)VM

G1VM

G3VM

R1VM

R2VM

用戶的最終狀態(tài)VM

G1VM

G3VM

R1VM

R2VM

兩個不同用戶均新建了VM以后VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2VM

G3VM

R1VM

R3VM

R2兩個不同用戶均新建了VM以后VM

G1VM

G3VM

R1V兩個不同用戶均新建了VM以后VM

G1VM

G3VM

R1V虛擬vrouter和出口路由器之間建立隧道VM

G1VM

G3VM

R1VM

R2VM

R3VNROpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2VM

G3VM

R1VM

R3VM

R2VM

FWVM

FWL3VPNApplyPolicyVNR?L3VPNNetconf:

Configure

routing-instance虛擬vrouter和出口路由器之間建立隧道VM

G1VM

G虛擬vrouter和出口路由器之間建立隧道VM

G1VM

GVM

G1VM

G3VM

R1VM

R2VM

R3VNROpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2VM

G3VM

R1VM

R3VM

R2VM

FWVM

FWL3VPNApplyPolicyVNR?L3VPNBGP:

ExchangeroutesCreatetunnels虛擬vrouter和出口路由器之間建立隧道VM

G1VM

G3VM

R1VM

R2VM

R3VNROVM

G1VM

G3VM

R1VM

R2VM

R3VNROVM

G1VM

G3VM

R1VM

R2VM

R3VNROpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2VM

G3VM

R1VM

R3VM

R2VM

FWVM

FWL3VPNApplyPolicyVNR?L3VPNXMPP:

ExchangeroutesCreatetunnels虛擬vrouter和出口路由器之間建立隧道VM

G1VM

G3VM

R1VM

R2VM

R3VNROVM

G1VM

G3VM

R1VM

R2VM

R3VNRO所有的工作都是通過API界面在調(diào)用openstack的API所有的工作都是通過API完成系統(tǒng)使用通過的編程語言Python和Javalibraries(otherscanbesupportedasthereisinterest)也可以是curl數(shù)據(jù)模型是公開的，有對應(yīng)的文檔可編程接口API’s調(diào)用系統(tǒng)所有的工作都是通過API可編程接口API’s調(diào)用系統(tǒng)所有的工作都是通過API可編程接口API’s調(diào)用系統(tǒng)所有的總結(jié):Contrail是SDN解決方案的創(chuàng)新者開發(fā)那個的平臺所有的Hypervisors上運行的協(xié)議都是標(biāo)準的可以云平臺可以完好的結(jié)合開放可以與現(xiàn)有網(wǎng)絡(luò)結(jié)合，節(jié)省升級和更換設(shè)備的成本

SDN的物理層面的架構(gòu)簡單化簡化網(wǎng)絡(luò)中的組件，通過虛擬化實現(xiàn)簡單自動更新云平臺虛擬網(wǎng)絡(luò)的結(jié)構(gòu)可以與云平臺進行結(jié)合使用自帶的分析系統(tǒng)可以分析流量智能化總結(jié):Contrail是SDN解決方案的創(chuàng)新者開發(fā)那個的平總結(jié):Contrail是SDN解決方案的創(chuàng)新者開發(fā)那個的平CONTRAIL的發(fā)展計劃JV-CNTR-(#CPUsockets)$1000/socket/yr(incl.J-support)$1700/socket+22%J-supportCNTR-O-(#CPUsockets)Persocketpricing(SWonly)HardwaresolutionvalidationCNTR-CBLKHW+SW(persocketpricing)+supportProfessionalServicesengagementContrailOpenstackNetworkingComponentJuniperOpenstackFullOpenstackSWincludingContrailJuniperCloudBlocksFullSoftwareStack+HardwareTodayDec2013Q22014CloudPlatform+ContrailCloudstack+Contrail(forNetworkingPilotinaBoxFullSW+HWinaStarterKitIBM+ContrailIBMSmartCloudOrchestrator+Contrail(forNetworking)HostedContrail+JunosphereContrailHW+SW+NetworkTroubleshootingsoftware(JunosphereResident)FutureCONTRAIL的發(fā)展計劃JV-CNTR-(#CPUsoCONTRAIL的發(fā)展計劃JV-CNTR-(#CPUso33Thankyou!33Thankyou!33Thankyou!33Thankyou!Contrail介紹

---JuniperoverlaySDN解決方案Contrail介紹---JuniperoverlayContrail介紹---Juniperoverlay網(wǎng)絡(luò)虛擬化演進方向VirtualNetworkOverlaysReactiveEnd-to-EndVLANconfiguredonphysicalswitchesRequiresprogrammingofflowsNoimpact

tophysical

networkManualEnd-to-EndPROACTIVE

SOFTWAREOVERLAYOPENFLOWREACTIVEAPPOACHVLANAPPROACH網(wǎng)絡(luò)虛擬化演進方向VirtualNetworkOverl網(wǎng)絡(luò)虛擬化演進方向VirtualNetworkOverl需要手動在每臺配置每隔VLAN的信息插入服務(wù)相對比較復(fù)雜

VLANID一共只有4096個，支持的用戶數(shù)量也是4096

用戶的流量在物理網(wǎng)絡(luò)直接傳輸網(wǎng)絡(luò)虛擬化---VLAN手工控制.低效率.擴展性低.需要手動在每臺配置每隔VLAN的信息插入服務(wù)相對比較復(fù)雜V需要手動在每臺配置每隔VLAN的信息插入服務(wù)相對比較復(fù)雜V網(wǎng)絡(luò)虛擬化----OpenflowOpenFlow需要底層交換機的支持OpenFlow需要編程每個用戶的流量都要經(jīng)過物理網(wǎng)絡(luò)轉(zhuǎn)發(fā)延遲較高.擴展性低.增加故障的考慮點.可升級.Openflow控制器每個流量的首個數(shù)據(jù)包都要去到控制器進行分析網(wǎng)絡(luò)虛擬化----OpenflowOpenFlow需要底層交網(wǎng)絡(luò)虛擬化----OpenflowOpenFlow需要底層交數(shù)據(jù)包不用經(jīng)過控制器，僅通過隧道進行轉(zhuǎn)發(fā)通過已存在的網(wǎng)絡(luò)轉(zhuǎn)發(fā)數(shù)據(jù)用戶的信息通過隧道轉(zhuǎn)發(fā)，對現(xiàn)網(wǎng)沒有感知，即使現(xiàn)網(wǎng)的結(jié)構(gòu)在發(fā)生改變控制器運用編程手段控制虛擬的vswitch和虛擬網(wǎng)關(guān)網(wǎng)絡(luò)虛擬化----OVerlay低延遲.高擴展性.自動恢復(fù)能力.可以在任何網(wǎng)絡(luò)上實現(xiàn).數(shù)據(jù)包不用經(jīng)過控制器，僅通過隧道進行轉(zhuǎn)發(fā)通過已存在的網(wǎng)絡(luò)轉(zhuǎn)發(fā)數(shù)據(jù)包不用經(jīng)過控制器，僅通過隧道進行轉(zhuǎn)發(fā)通過已存在的網(wǎng)絡(luò)轉(zhuǎn)發(fā)JuniperCONTRAIL的角色與作用ServiceNodesInternetVPNDCIWANGatewayRouter

JunosVContrailOrchestratorComputeAPIsStorageAPIsNetworkAPIsServerVirtualMachinevRouterPhysicalSwitchesvSRX,F5…Juniper的contrail以openstack為基礎(chǔ)，通過API調(diào)用openstack的組件JuniperCONTRAIL的角色與作用ServiceJuniperCONTRAIL的角色與作用ServiceContrail組件PhysicalNetwork

(nochanges)AnalyticsOPENCONTRAILCONTROLLERControlConfigurationPhysicalHostwithHypervisorvRouterVMVMVMVMPhysicalHostwithHypervisorvRouterVMVMVMVMWAN,InternetGateway通過API戒口接收VM的狀態(tài)信息，包括遷移，新建等可以實時分析數(shù)據(jù)和流量通過openstack的API控制其他的節(jié)點信息vRouter:虛擬化的vswitch，為虛擬機接入提供虛擬化戒口Gateway:可以采用juniper的MX或者EX9200TODAY2014Juniper目前完成openstack的集成，后續(xù)還會支持Vmware等更多的云平臺系統(tǒng)contrail控制器Contrail節(jié)點Contrail節(jié)點Contrail組件PhysicalNetwork

(noContrail組件PhysicalNetwork

(noIPAM,VirtualDNSSecurityLoad

Balancing3rdPartyNetworkServicesRichAnalyticsHigh

AvailabilityServiceChainingAPI

ServicesRoutingandSwitchingGatewayServicesContrail功能IPAM,VirtualDNSSecurityLoad

IPAM,VirtualDNSSecurityLoad

Contrail–

控制器和節(jié)點ControlNode

"BGPmodule"

ProxiesXMPPControl

NodeControl

NodeComputeNodeComputeNodeConfigurationNodeConfigurationNodeIF-MAPXMPPIBGPIF-MAPClient控制器和節(jié)點之間可以實現(xiàn)控制和轉(zhuǎn)發(fā)分離

控制器可以控制多個節(jié)點，包括路由器和computenode控制層面通過BGP協(xié)議實現(xiàn)路由控制轉(zhuǎn)發(fā)點通過動態(tài)的GRE的隧道轉(zhuǎn)發(fā)數(shù)據(jù)物理拓撲和交換機對于用戶是透明的Gateway

RoutersServiceNodesContrail–控制器和節(jié)點CContrail–控制器和節(jié)點CControlplane–路由發(fā)布方式10.1.1.110.1.1.270.10.10.1151.10.10.110.1.1.2:NH=151.10.10.1;LBL=1710.1.1.1:NH=70.10.10.1;LBL=3910.1.1.110.1.1.2PAYLOADVRFPriSrcIPPriDstIP10.1.1.110.1.1.2PAYLOADLBL=17GRE70.10.10.1151.10.10.1PubSrcIPPubDstIPVMVRFPriSrcIPPriDstIP10.1.1.110.1.1.2PAYLOADPriSrcIPPriDstIPVMIPNetworkAgentAgentXMPPXMPPControlNodeConfigurationNodeREST/API10.1.1.2:NH=151.10.10.1;LBL=1710.1.1.1:NH=70.10.10.1;LBL=39(DynamicTunnelEncapsulation)(DynamicTunnelDecapsulation)Server1Server2ControlPlane*OuterMACheaderwasleftoutintentionallytoreduceclutter10.1.1.1:NH=70.10.10.1;LBL=3910.1.1.2:NH=151.10.10.1;LBL=17ControlPlaneIF-MAP通過BGP協(xié)議VM的地址被宣告到控制器中轉(zhuǎn)發(fā)時原始數(shù)據(jù)包經(jīng)過GRE再次封裝Controlplane–路由發(fā)布方式10.1.1.1Controlplane–路由發(fā)布方式10.1.1.1應(yīng)用場景—邏輯拓撲VM

G1VM

G2VM

G3VNGVM

R1VM

R2VM

R3VNRPNVM

FW虛擬網(wǎng)絡(luò)用戶的VM虛擬防火墻物理路由器物理網(wǎng)絡(luò)應(yīng)用場景—邏輯拓撲VM

G1VM

G2VM

G3VNGVM應(yīng)用場景—邏輯拓撲VM

G1VM

G2VM

G3VNGVM應(yīng)用場景—物理拓撲OpenStackContrail

ControllerNeutronNova虛擬VM帶vrouter的Hypervisor物理交換機物理出口路由器應(yīng)用場景—物理拓撲OpenStackContrail

Con應(yīng)用場景—物理拓撲OpenStackContrail

Con邏輯與物理拓撲對應(yīng)VM

G1VM

G2VM

G3VNGVM

R1VM

R2VM

R3VNRL3VPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICAL邏輯與物理拓撲對應(yīng)VM

G1VM

G2VM

G3VNGVM邏輯與物理拓撲對應(yīng)VM

G1VM

G2VM

G3VNGVM初始化過程，網(wǎng)絡(luò)還沒有建立VM

G1VM

G2VM

G3VNGVM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICAL初始化過程，網(wǎng)絡(luò)還沒有建立VM

G1VM

G2VM

G3VN初始化過程，網(wǎng)絡(luò)還沒有建立VM

G1VM

G2VM

G3VN用戶新建虛擬網(wǎng)絡(luò)VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGCreateVNG用戶新建虛擬網(wǎng)絡(luò)VM

G1VM

G2VM

G3VM

R1VM用戶新建虛擬網(wǎng)絡(luò)VM

G1VM

G2VM

G3VM

R1VM用戶新建虛擬機VMG1VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGCreateVMG1

AttachtoVNGNova:CreateVMVM

G1用戶新建虛擬機VMG1VM

G1VM

G2VM

G3VM

用戶新建虛擬機VMG1VM

G1VM

G2VM

G3VM

VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1Neutron:

AttachVMtoVNCreateVMG1

AttachtoVNGXMPP:

Createrouting-instance用戶新建虛擬機VMG1VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3用戶新建VMG2VM

G1VM

G2VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGCreateVMG2

AttachtoVNGVM

G1Nova:CreateVMVM

G2用戶新建VMG2VM

G1VM

G2VM

G3VM

R1V用戶新建VMG2VM

G1VM

G2VM

G3VM

R1V用戶新建VMG2VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1Neutron:

AttachVMtoVNCreateVMG2

AttachtoVNGVM

G2XMPP:

Createrouting-instanceVM

G2用戶新建VMG2VM

G1VM

G3VM

R1VM

R2V用戶新建VMG2VM

G1VM

G3VM

R1VM

R2VContrail通過指令在兩個服務(wù)器之間建立隧道VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1CreateVMG2

AttachtoVNGVM

G2XMPP:

ExchangeroutesCreatetunnelsVM

G2Contrail通過指令在兩個服務(wù)器之間建立隧道VM

G1VContrail通過指令在兩個服務(wù)器之間建立隧道VM

G1V用戶的數(shù)據(jù)包在隧道中轉(zhuǎn)發(fā)的情況VM

G1VM

G2IPprefixNexthopVMG1Virtualethernetport

toVMG1Greenrouting-instanceIPFIBVMG2PushlabelL2+

GREencapstoserverS2MPLSlabelNexthopL1Pop+Greenrouting-instanceGlobalMPLSFIBIPprefixNexthopServerS2PhysicalethernetportGlobalIPFIBIPprefixNexthopVMG1PushlabelL1

GREencapstoserverS1Greenrouting-instanceIPFIBVMG2VirtualethernetporttoVMG2MPLSlabelNexthopL2Pop+Greenrouting-instanceGlobalMPLSFIBIPprefixNexthopServerS1PhysicalethernetportGlobalIPFIBInnerIPheaderPayloadVMG1SourceIPVMG2DestIP...MPLSL2LabelGRE...OuterIPheaderServerS1SourceIPServerS2DestIPEthernetServerS1SourceMACServerS2DestMACPacketS1S2用戶的數(shù)據(jù)包在隧道中轉(zhuǎn)發(fā)的情況VM

G1VM

G2IPpr用戶的數(shù)據(jù)包在隧道中轉(zhuǎn)發(fā)的情況VM

G1VM

G2IPpr用戶新建VMG3VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2CreateVMG3

AttachtoVNGNova:CreateVMVM

G3用戶新建VMG3VM

G1VM

G3VM

R1VM

R2V用戶新建VMG3VM

G1VM

G3VM

R1VM

R2V用戶新建VMG3VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2CreateVMG3

AttachtoVNGVM

G3Neutron:

AttachVMtoVNXMPP:

Createrouting-instance用戶新建VMG3VM

G1VM

G3VM

R1VM

R2V用戶新建VMG3VM

G1VM

G3VM

R1VM

R2VContrail在物理服務(wù)器之間再搭建兩條隧道VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2CreateVMG3

AttachtoVNGVM

G3XMPP:

ExchangeroutesCreatetunnelsContrail在物理服務(wù)器之間再搭建兩條隧道VM

G1VMContrail在物理服務(wù)器之間再搭建兩條隧道VM

G1VM用戶的最終狀態(tài)VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2VM

G3用戶的最終狀態(tài)VM

G1VM

G3VM

R1VM

R2VM

用戶的最終狀態(tài)VM

G1VM

G3VM

R1VM

R2VM

兩個不同用戶均新建了VM以后VM

G1VM

G3VM

R1VM

R2VM

R3VNRPNVM

FWOpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2VM

G3VM

R1VM

R3VM

R2兩個不同用戶均新建了VM以后VM

G1VM

G3VM

R1V兩個不同用戶均新建了VM以后VM

G1VM

G3VM

R1V虛擬vrouter和出口路由器之間建立隧道VM

G1VM

G3VM

R1VM

R2VM

R3VNROpenStackContrail

ControllerNeutronNovaPHYSICALLOGICALVNGVM

G1VM

G2VM

G2VM

G3VM

R1VM

R3VM

R2VM

FWVM

FWL3VPNApplyPolicyVNR?L3VPNNetconf:

Configure

routing-instance虛擬vrouter和出口路由器之間建立隧道VM

G1VM

G