Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities...
Transcript of Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities...
![Page 1: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/1.jpg)
ImplementationJuniperNetworksvMX atA2BInternetBy ErikBais– A2BInternet
![Page 2: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/2.jpg)
|MORE-IP2017presentation 2016Page|2
Whatisourbusiness??
oRegistrationofIPaddressesandASnumbers
o IPTransitinvariousDutchdatacenters
o Internet(Fiber)Access&DatacenterNetworkServices
o24*7MonitoringandmanagementofBGPinfrastructure.
o SpecializedconsultancyforISPrelatedtopicslikevendorselections,networkdesign&implementation.
![Page 3: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/3.jpg)
|MORE-IP2017presentation 2016Page|3
Currently inthe following Dutchdatacenters
![Page 4: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/4.jpg)
|MORE-IP2017presentation 2016Page|4
Shortintro
oA2BInternetisaDutchnetworkprovider.§ Providingdatacenterconnectivityandinternetaccessonfiber.
oWeimplementedtheJuniperNetworksvMX solutionrecently§ http://newsroom.juniper.net/press-releases/a2b-internet-deploys-juniper-networks-vmx-as-the-first-virtual-network-function--nyse-jnpr-11g134000-001
oButthe realquestioniswhy govirtual??…
![Page 5: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/5.jpg)
|MORE-IP2017presentation 2016Page|5
Casestudy online
![Page 6: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/6.jpg)
|MORE-IP2017presentation 2016Page|6
Previoussetup
oA2BInternethasalways beenan ExtremeNetworksshop…
oWenoticed that the BGPconverge took too longwith the current DFZsize
o Some updates(especially onthe AMS-IXpeering switch)took waytoo long..§ Slowupdatesofannouncing some prefixes..§ Orevensloweraccepting certain routes..§ Droppingpeers under highBGPload....(AARGGHHH!!)§ And properfiltering,madethings evenworse …
o Limitation wasinasinglethreaded BGPprocess onadual-core CPU
![Page 7: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/7.jpg)
|MORE-IP2017presentation 2016Page|7
Let’shavealookatthevMX
![Page 8: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/8.jpg)
|MORE-IP2017presentation 2016Page|8
![Page 9: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/9.jpg)
|MORE-IP2017presentation 2016Page|9
vMX ProductOverview
VCPVFP
Physical NICs Management traffic
Guest VM (Linux) Guest VM (FreeBSD)
Hypervisor: KVM, ESXi
Cores Memory
Bridge / vSwitch
Physical layerPCI P
ass
thro
ugh
SR-IO
V
Virt
IO
Virtual Control Plane (VCP)• JUNOS hosted in a VM. Offers all the capabilities
available in JUNOS• Management remains the same as physical MX• SMP capable
Virtual Forwarding Plane (VFP)• Virtualized Trio software forwarding plane. Feature
parity with physical MX. Utilizes Intel DPDK libraries• Multi-threaded SMP implementation allows for
elasticity• SR-IOV capable for high throughput • Can be hosted in VM or bare-metal
Orchestration• vMX instance can be orchestrated through OpenStack
Kilo HEAT templates• Package comes with scripts to launch vMX instance
![Page 10: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/10.jpg)
|MORE-IP2017presentation 2016Page|10
Architectural Difference with Shipping NFX250-S2
RIOT VMXT
SwitchingHardware(CrossconnectNIC) NIC RAM SSD
12x1GE 2x10GE 1GE2x10GE(internal)
...
External
X86CPU
LinuxHostOSVFP(PFE) KVMHypervisor
L2_TVPBSDJunos(JCP)
VirtualMachine
JunosDeviceManager (JDM)Container
LinuxBridge
SwitchingHardware(PFE) NIC RAM SSD
12x1GE 2x10GE 1GE
...
External
LinuxHostOS
X86CPU
VirtualControlPlane(VCP)
VirtualMachine
vMX on NFX Native NFX
SameHW
DifferentSW
ApproachvMX
DCPFE LCMD
BCMD
LCMD
KVMHypervisor
LinuxBridge
VNF#2
VNF#3
VNF#N
…vSRX2.0
VNF#1
2x10GE(internal)
![Page 11: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/11.jpg)
|MORE-IP2017presentation 2016Page|11
OurUsedHWkitlist
oWeselectedHPasourvendorforthevMX setup.
oTheusedkitperbox:§ 1*HPProliant DL360gen92xE5-2650v4,64GB,2xPSU§ 2*HP560SFP+10GbePCIe Intelbased82599§ 2*HP240GBSSDHotplug 2.5inchSFF
o InShort..Enoughcore’s,enoughmemory,stickwiththe‘tested/recommendedNIC’s‘andsomeSSD’sforquickerbootingifneeded..
![Page 12: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/12.jpg)
|MORE-IP2017presentation 2016Page|12
VMXlicenses…
oThevMX licensesthatweusearetheAdvanceversion..10G
oThereare1Gband5Gbversionsaswell..
oWedidn’tneedL3VPNor4Mil.routes..(yet)
![Page 13: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/13.jpg)
|MORE-IP2017presentation 2016Page|13
Implementation
oYouneedtofollowtheJuniperimplementationguide..
oYes..RTFM!!..§ http://forums.juniper.net/t5/Day-One-Books/Day-One-vMX-Up-and-Running/ba-p/289129
oTheimplementationisquitepickyinkernelandlibraryversions.
o StartwiththerecommendedUbuntuversion..(notthelatest)
o Skipany idea ofrunningthis onVmWare ..Use Ubuntu+KVM… <period>
![Page 14: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/14.jpg)
|MORE-IP2017presentation 2016Page|14
/home/vmx/vmxlite/config/vmx.conf
o SelecttherightimagestouseinKVMforVMX..
§ #Configurationonthehostside- managementinterface,VMimagesetc.§ HOST:§ identifier :vmx1 #Maximum6characters§ host-management-interface:em1§ routing-engine-image :"/home/vmx/vmxlite/images/junos-vmx-x86-64-16.1R3.10.qcow2"§ routing-engine-hdd :"/home/vmx/vmxlite/images/vmxhdd.img"§ forwarding-engine-image :"/home/vmx/vmxlite/images/vFPC-20161019.img"
![Page 15: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/15.jpg)
|MORE-IP2017presentation 2016Page|15
/home/vmx/vmxlite/config/vmx.confo #vREVMparameterso CONTROL_PLANE:o vcpus :2o memory-mb :4096 #<=- 4Gbisbetterthan2Gb.2Gbworks.o console_port:2211o
o interfaces :o - type :statico ipaddr :<privateIP>o macaddr :"0A:00:DD:B0:DE:0E"
![Page 16: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/16.jpg)
|MORE-IP2017presentation 2016Page|16
/home/vmx/vmxlite/config/vmx.conf
o #vPFEVMparameterso FORWARDING_PLANE:o memory-mb :24576o vcpus :22o console_port:2212o device-type:sriov #<=- YouwantandNEEDSR-IOV...o
o interfaces :o - type :statico ipaddr :<privateIP>o macaddr :"0A:00:DD:B0:DE:10” #<=- StaticMAC’s...Beware!!
![Page 17: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/17.jpg)
|MORE-IP2017presentation 2016Page|17
WhatisSR-IOV?AndwhydoIwantthis?
o Single-rootinput/outputvirtualization
oSR-IOV isa networkinterface thatallowstheisolationofthe PCIExpress resourcesformanageabilityandperformancereasons.AsinglephysicalPCIExpresscanbesharedona virtualenvironment usingtheSR-IOVspecification.
![Page 18: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/18.jpg)
|MORE-IP2017presentation 2016Page|18
SR-IOVallowsfordedicatedaccesstotheNICbytheVM
![Page 19: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/19.jpg)
|MORE-IP2017presentation 2016Page|19
SR-IOVtakeaway…
![Page 20: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/20.jpg)
|MORE-IP2017presentation 2016Page|20
WhatisSR-IOV?AndwhydoIwantthis?
o Single-rootinput/outputvirtualization
oSR-IOV isa networkinterface thatallowstheisolationofthe PCIExpress resourcesformanageabilityandperformancereasons.AsinglephysicalPCIExpresscanbesharedona virtualenvironment usingtheSR-IOVspecification.
ohttps://www.youtube.com/watch?v=hRHsk8Nycdg - IntelSR-IOVExplanation
![Page 21: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/21.jpg)
|MORE-IP2017presentation 2016Page|21
Performanceo Weusea10Gfortransitand2*10Gtoourinternalnetworkpertransitbox.
o PCIExpresscando:
§ Source:Intel- http://www.intel.com/content/www/us/en/support/network-and-i-o/ethernet-products/000005811.html
PCIExpressImplementation EncodedDataRate UnencodedDataRate
x1 5Gb/sec 4 Gb/sec(0.5GB/sec) x4 20 Gb/sec 16 Gb/sec(2GB/sec) x8 40 Gb/sec 32 Gb/sec(4GB/sec) x16 80 Gb/sec 64 Gb/sec (8GB/sec)
Theoretical Maximum Bus Throughput:•PCI Express* (PCIe*) Theoretical Bi-Directional Bus Throughput.
![Page 22: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/22.jpg)
|MORE-IP2017presentation 2016Page|22
TheIntelNIC
o Specifications:
§ HostInterface§ n PCIe BaseSpecification2.0(2.5GT/s)or(5GT/s)§ n Buswidth— x1,x2,x4,x8
oOurnetworkcardshave2*10GbSFP+..Andpercard40Gbps theoreticalthroughput..
o2NIC’sperbox..Whichleavesenoughroomforline-rateperformance…
![Page 23: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/23.jpg)
|MORE-IP2017presentation 2016Page|23
Intothenetwork…oWestartedbymigratingIPv6ontothevMX’s beforeIPv4.
o OnceIPv6wasrunningwithoutanyissues....Wescheduledav4migrationintovMX.
o Transitsmigrationwasreallysimple..§ ThevMX’s feellikeyouareworkingonanactualJuniperMX.
oMigratingallthepeersonthepeeringbox,wasabitmorework.MostlyduetolegacypeerswithMD5orspecificroute-mapsforcertainpeers.
o Afullv4BGPtableloadisdonewithin4seconds!!§ NoneedtoprogramASICS/TCAM..Allroutesareusablewhenloaded..
![Page 24: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/24.jpg)
|MORE-IP2017presentation 2016Page|24
Currentmaxbandwidthsincethemigration:
oAMS-IX10Glink:8.2GboTransit10Gblink:6.3Gb
oCPUusageAMS-IXrouter:
![Page 25: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/25.jpg)
|MORE-IP2017presentation 2016Page|25
Futurepath?
o Itisalwayspossibletopastetheexactsameconfig intoaJuniperMX240orbigger...
oYoucanstarthere… and your development(automation)can be ported into anyother Junos environment.
oNextversions ofvMX will supportQSFP’s and 100GbNIC’s …
oAnd if you don’t likeit oroutgrow the setup,the hw can be re-used for other tasks …
![Page 26: Juniper vMX A2B Internet - MORE-IP event...• JUNOS hosted in a VM. Offers all the capabilities available in JUNOS • Management remains the same as physical MX • SMP capable Virtual](https://reader035.fdocuments.us/reader035/viewer/2022081620/6101e7f0e9770b412a1d56d5/html5/thumbnails/26.jpg)
|MORE-IP2017presentation 2016Page|26
Questions?