SOLUTION GUIDE FOR ENTERPRISE MULTICLOUD - kratna888/Contrail_Command GitHub Wiki

Document Conventions

EMC - Enterprise MultiCloud

Problem Statement

Enterprises Business Entities deploy networking devices in large scale in their data centers. In a typical deployment , a manual process is followed to load the devices with software and to add baseline configuration via cli so that the devices can start communicating with the rest of the network. This manual process is human-error-prone, costly and could very well be time-consuming. Enterprise customers would prefer a faster , simpler, secure and scalable solution to this complex issue.

Solution Overview

Juniper EMC is a turnkey solution for enterprise customers bring up a new data center ( GreenField) using ZeroTouchProvisioning or to ease the provisioning updates in an existing ( BrownField ) network devices in data centers and workflow automation in virtualized environment and BareMetal Server . The Juniper EMC solution provides a unified approach to configure enterprise networking devices comprised of Juniper routers and switches with near zero touch deployment experience. In addition, it combines the most common operational tasks into a dashboard view decoupled from underlying physical hardware.

The Juniper EMC Solution solves the strain on enterprise businesses by securely automating the deployment processes of a scaled, complex environment. The key benefit of using Juniper EMC Solution is automation of tasks, workflow visibility, initial and ongoing network provisioning across DataCenter Fabric.

In addition Juniper EMC Solution also provides a web-based portal interface for SDN controller solutions that orchestrates virtual network overlays. This web-based portal is called Contrail-Command.

Consistent - using templates Customizable - using templates Faster - parallel threads configuring multiple devices simultaneously

Juniper EMC Solution Future Vision

In the future, Juniper EMC Solution can provision enterprise networking devices comprised of non-Juniper routers and switches. In addition, zero touch provision ( day 0) is also planned for the future release of EMC Solution. The zero touch provisioning includes automatic discovery of the devices and automatic push of baseline configuration and images as the devices come online. Organize devices in a logical hierarchy - categorization by role, type or other specification ConfigLet manager

Below are the highlights of Juniper Enterprise MultiCloud Solution

  • Discovery of networking devices in the datacenter
  • Automatic provisioning of the discovered networking devices - simplified and consistent , Centrally Managed .
  • Dashboard for launching and maintaining overlay workloads
  • Role based privileges
  • Software upgrades
  • Configlets Manager

Juniper EMC Solution Components

  • OnPrem Cloud Orchestrator ( VMs, BMS, Containers ) - OpenStack coupled with Contrail Networking Plugin
  • DataCenter Fabric Management ( Currently Juniper devices are supported; Cisco and Arista will be supported for DC Fabric )
  • VMs, BareMetal Server Manager and Containers
  • Predictive Analytics and Proactive Monitoring

Juniper EMC Solution UseCases

Currently below listed UseCases are supported

  • OnPrem Cluster Deployment
  • Discovery of DC fabric
  • Orchestration of VM, BMS workloads
  • Predictive Analytics and Proactive Monitoring

OnPrem Cluster Deployment

The steps in the following link summarizes how to use Contrail-Command to deploy a OpenStack Controller coupled with Contrail Networking Plugin

https://github.com/kratna888/Contrail_Command/wiki/Contrail-Command

Bringup a new DataCenter Cluster ( Greenfield - ZTP )

GreenField solution automates the configuration of underlay network devices in DataCenter IP Fabric. In this solution, there two elements introduced : a ZTP server and ZTP switch. A VLAN is configured in the ZTP switch. The em0 interfaces from the leaf and spine devices need to be connected to the ZTP switch and are part of this vlan. ZTP server is also connected to this ZTP switch. The leaf & spine devices are racked and set to factory default. When these devices are at factory default, they do DHCP broadcast request , this request is received by the ZTP server. The ZTP server offers IP to these devices from the subnet that is configured by the user. User needs to provide the management subnet that will be used by ZTP server. The ZTP server offers IPs to the network device from this subnet.

  1. Goto Fabric Menu

  1. Create a Fabric - Select New Fabric (Beta) ;Then Click on Create

  1. Now provide the necessary parameters to create the fabric

  1. Provide a name for the fabric
  2. Provide credentials for the devices
  3. Minimum Number of Devices ZTPed - ZTP will wait at least for this many number of devices to be discovered
  4. Node Profiles - Currently supported profiles are MX & QFX. ( In the future non-Juniper devices will be supported as part of node profiles)
  5. Management subnet - From this subnet, ZTP server will offer IPs to the leaf and spine devices.
  6. Fabric Subnet - used for links between the leaf & spine devices
  7. Loopback Subnet - Used for loopback of the leaf and spine devices

Once the above mentioned parameters are provided, click next, ZTP will automatically trigger the discovery of the network devices and assign mgmt IPs on em0 interfaces or vme interfaces .

Once the IPs are assigned for these devices, ZTP will ssh to the devices and onboard the devices ( ZTP will ssh to the devices and read the physical and logical interfaces )

Role assignments - There are two roles in underlay - Leaf & Spine and there are 3 roles assignments in overlay CRB Access, CRB Gateway, DC Gateway

CRB Access - Centrally Routing and Bridging CRB Gateway - Centrally Routing and Bridging Gateway DC Gateway - Data Center Gateway

The roles depends on the type of qfx device. For instance, if the qfx device is 5100 - then it can only be leaf and CRB Access.

Below is the role assignment screen

Click on the right hand side '...' to open the Role Assignment window . There are two roles in the underlay : leaf and spine

There are 3 roles for the overlay. Based on the device type , overlay role assignment is auto-selected.

Discovery of Networking Devices ( Juniper Routers and Switches ) in a DataCenter ( BrownField )

UseCase Workflows

  1. Orchestrating of VM workloads and BMS workloads in OnPrem Cluster Deployment

Contrail Cluster Deployment steps can be found in the following link :

https://github.com/kratna888/Contrail_Command/wiki/Contrail_Cluster_Deployment
  1. Topology Discovery and on-boarding of devices : Goto to Infrastructure --> Fabric . Select Existing Fabric

What is brownField - leaf and spine devices have baseline configs

This will bring up a Create-Fabric Menu

  1. Name - Provide a name of your fabric - For instance - FABRIC
  2. Two namespaces are needed - IP and ASN . In the IP namespace , provide a subnet where all the underlay leaf and spine devices are part of. ASN - This ASN number will be used for overlay iBGP peering. The Contrail SDN controller will peer with leaf and spine devices using this ASN number. Provide the device credentials ; If there are different device family, Provide different CREDs to different device family.

  1. Discovering the FABRIC : Click on the fabric icon so that discovery of the DC fabric starts. When the discovery is complete , a message will pop up on the bottom right-hand corner.

  1. Baseline configuration necessary on these devices Networking Devices: NTP server IP, Timezones are mandatory configuration.

  1. Role assignment of the devices : Spine roles and Leaf roles can be assigned accordingly to the devices.

Step 6: Add Virtual Networks VN-BLUE and VN-RED

Goto to Infrastructure --> Workloads --> VirtualNetworks

Step 7 : Create Security groups for VMs: VM-SG and Security groups for BMS: BMS-SG

Overlay workloads

Step 8: Spawn VMs and BMS instances

Goto Infrastructure --> workloads --> instances

Spawn a VM called VM-BLUE in VN-BLUE virtual network ( default IPAM and subnet 192.168.10.0/24 )

Spawn a VM called VM-RED in VN-RED virtual network ( default IPAM and subnet 192.168.20.0/24)

Spawn a BMS-BLUE in VN-BLUE virtual network

Spawn a BMS-RED IN VN-RED in virtual network

Verify connectivity between VM-BLUE and BMS-BLUE

Verify Connectivity between VM-RED and BMS-RED

Verify Connectivity between BMS-BLUE and BMS-RED

  1. BMS Manager

  2. Application Policy Manager - Security Group can be created from the Contrail-Command

Predictive Analytics and Proactive Monitoring

Juniper Appformix is a tool that provides predictive analytics and proactive warnings and alarms for the network that is being managed by EMC. Appformix will be integrated into Contrail-Command in Release 5.x. In the meantime, Appformix integration into Contrail-Command is done via CLI

To deploy Appformix , please follow the instructions in the below mentioned link

https://git.juniper.net/appformix/faq/wikis/AppFormix-Installation-for-Openstack