Sunday, February 8, 2015

SDN and Juniper Contrail system
This blog, I am writing with my understanding about SDN. All positive comments are most welcome.
                SDN allows network administrators to manage network services through abstraction of lower-level functionality. This is done by separating control plane and data plane of a system. For communicating between data plane and control plane multiple methods are used, one of the method is open flow.
SDN architecture is defined in such a way that it can be programmed directly. It is agile, centrally manageable, and based on open standard and vendor neutral.
SDN architecture can be defined by following components (Figure 1):
1.    SDN application
2.       SDN controller
3.       SDN Datapath
4.       SDN Control to Data-Plane Interface (CDPI)
5.       SDN northbound interfaces (NBI)

Figure1: SDN Architecture
SDN application:  SDN Applications are programs that explicitly, directly, and programmatically communicate their network requirements and desired network behavior to the SDN Controller via a northbound interface (NBI). In addition they may consume an abstracted view of the network for their internal decision making purposes. An SDN Application consists of one SDN Application Logic and one or more NBI Drivers. SDN Applications may themselves expose another layer of abstracted network control, thus offering one or more higher-level NBIs through respective NBI agents.
SDN controller: SDN controller do multiple functions. It translates the requirement from SDN application layer to SDN data path. It provides SDN application with an abstract view of network. An SDN Controller consists of one or more NBI Agents, the SDN Control Logic, and the Control to Data-Plane Interface (CDPI) driver.
SDN Data path: An SDN Data path comprises a CDPI agent and a set of one or more traffic forwarding engines and zero or more traffic processing functions. These engines and functions may include simple forwarding between the data path’s external interfaces or internal traffic processing or termination functions. SDN datapath can consist multiple vrouter and vswitches. One or more SDN Datapaths may be contained in a single (physical) network element—an integrated physical combination of communications resources, managed as a unit. An SDN Datapath may also be defined across multiple physical network elements. This logical definition neither prescribes nor precludes implementation details such as the logical to physical mapping, management of shared physical resources, virtualization or slicing of the SDN Datapath, interoperability with non-SDN networking, nor the data processing functionality, which can include L4-7 functions.
SDN Control to Data-Plane Interface (CDPI):
The SDN CDPI is the interface defined between an SDN Controller and an SDN Datapath, which provides at least (i) programmatic control of all forwarding operations, (ii) capabilities advertisement, (iii) statistics reporting, and (iv) event notification. One value of SDN lies in the expectation that the CDPI is implemented in in an open, vendor-neutral and interoperable way.
SDN Northbound Interfaces (NBI):
SDN NBIs are interfaces between SDN Applications and SDN Controllers and typically provide abstract network views and enable direct expression of network behavior and requirements. This may occur at any level of abstraction (latitude) and across different sets of functionality (longitude). One value of SDN lies in the expectation that these interfaces are implemented in an open, vendor-neutral and interoperable way.

I have studied Contrail architecture to understand more about SDN details about architecture. Juniper has defined this architecture beautifully.
Contrail system basically consists of two parts -  a logically centralized but physically distributed Contrail SDN controller and a set of Contrail vRouters that serve as software forwarding elements implemented in the hypervisors of general purpose virtualized servers.
Contrail system provides three interfaces: 1. Northbound interfaces which talks with orchestration system and applications 2. Southbound interfaces, which talks with vrouter and physical network (gateway router and switches 3. East-west interfaces, which is used to peer with other controller.
Internally, Contrail SDN controller has three main components:
1.    Configuration nodes: it is responsible for translation high-level data model into low level form suitable for interacting with network elements.
2.    Control nodes: it is used for propagating this low-level states to and from network elements and peer systems in an eventually consistent way.
3.    Analytical nodes: This responsible for capturing real time data from network element, abstracting it and presenting it in a form suitable for application to consume.


Figure 2: Contrail Architecture

 Contrail vRouter are responsible for forwarding packets from one virtual machines to other virtual machines via a set of server-server to tunnels. The tunnels forms an overlay network sitting on top of a physical IP-over-Ethernet network. Each Contrail vRouter consists of two parts: a user space agent that implements the control plane and a kernel module that implements the forwarding engine.
The contrail system implements three basic block: 1. Multi-tenancy is the ability to create virtual networks that provide closed user groups to sets of VMs
2. Gateway functions refers to the ability to connect virtual networks to physical networks via a gateway router and the ability to attach a non-virtualized server or networking service to virtual network via a gateway.
3. Service chaining is the ability to steer flows of through a sequence of physical or virtual network services such as firewalls, DPI or load balancers.



Continued ......


Posted by at No comments:
Subscribe to: Posts (Atom)