Juniper Networks' Shaowen Ma: The best SDN controller for cloud computing

[51CTO.com original article] The interview with Ma Shaowen was at the Global Network Technology Conference. There were many listeners at the SDN special session. The seats were full, and many listeners stood to listen. When they heard something exciting, they raised their mobile phones to take pictures. The flashes went off one after another, which was quite like fans chasing stars. At that time, he was the senior product director of Juniper Networks Asia Pacific, and he had just finished his speech "What kind of SDN controller does cloud computing need" at the SDN special session. The reporter also interviewed him afterwards to listen to his talk about the development of SDN in Juniper Networks' eyes.

Ma Shaowen's speech at the Global Network Technology Conference

SDN: Subverting traditions and bringing more innovative possibilities

Ma Shaowen told reporters that in people's traditional minds, starting a business not only requires a lot of manpower and material resources, but also means that it must stand the test of time. For a startup company, three to five years is still just the start-up stage. However, the emergence of cloud computing has overturned all this.

More and more companies are quickly accumulating wealth with the help of cloud platforms. A Japanese company released a Pokemon game built on a cloud platform. In a very short period of time, it was downloaded by 100 million users worldwide, and the company's revenue skyrocketed. This was simply unimaginable in the era without cloud platforms.

Ma Shaowen pointed out that such disruptions also occur in the traditional telecom operator market. Under the traditional Ops operation model, operators purchase routers, switches, and firewalls, and after configuring them once, they may not change them for up to a year. But in the era of cloud operation models, the entire network needs to switch to the DevOps model to adapt to cloud computing. DevOps can help customers create a virtualized network on top of the physical network. How to maintain and manage this virtualized network is inseparable from the help of the SDN controller.

What kind of SDN controller does cloud computing need?

He roughly divides the common SDN controllers in the industry into three categories:

The first category is the controller that focuses on the router WAN. This type of controller controls about 100+ router nodes and uses standard routing protocols such as BGP/PCEP/Segment Routing etc.

The second category is the controller that focuses on data center switches. This type of controller controls about 1000+ router nodes and usually creates a VTEP tunnel between two TOR switches using methods such as Openflow;

The third category is the controller that focuses on the Cloud. This type of controller controls more than 10,000 virtual routers/virtual switches. The most prominent feature is that it no longer mainly manages routers/switches, but controls them at the hypervisor level (vRouter/OVS), uses BGP/XMPP/OVSDB, and creates vPE EVPN/L3VPN networks.

Ma Shaowen focused on the most important cloud-focused SDN controller. Google uses the Andromeda controller for network virtualization and management of virtual machines and Docker. "Juniper Networks' Contrail controller also implements similar functions."

He said that the basic design concept of Contrail is to virtualize a vRouter in the Hypervisor of each data center server. Multiple VMs/Dockers will be connected to different Tenent VRFs of this vRouter. At the same time, GRE/UDP/VXLAN is used as the outer tunnel between vRouters, and inner labels are used to identify different VRFs. vRouter is equivalent to a vPE function of traditional L3VPN and EVPN. The vPE user side no longer connects to the CE device, but provides connectivity for VM/Docker.

Simply put, if a customer has 10,000 servers, after deploying Juniper Networks' Contrail, the vRouters of the 10,000 servers become a large virtualized router, providing multi-tenant isolated connectivity similar to a VPN network for tens of thousands of VMs/Dockers. With this data center network under the Contrail Cloud SDN controller. The IP address, RT/RD information, and network VRF information of the VM/Docker created by the customer through the Openstack/Kubernets GUI are transmitted back to the Contrail controller by the vRouter and distributed to all other vRouters to achieve interconnection within the data center. In addition, Contrail can send updates to the MX DC GW router through the BGP protocol, and the newly created VM/Docker will be immediately accessed by the customer from the outside Internet, thus achieving cloud deployment of large-scale data centers.

Ma Shaowen also mentioned that many enterprise users have small network scales and simple business models, and do not want to use complex network SDN controllers, but still have demand for cloud platforms. For such customers, Juniper Networks provides another simplified version of controller-free cloud deployment. "This new Openstack EVPN/VXLAN plug-in has been supported since September 2016, and we also provide the corresponding Neutron plug-in for Security GW. Some of our customers have already adopted this method to deploy lightweight cloud applications."

Container cloud is the trend

Ma Shaowen also expressed his attitude towards some new IT technologies. Ma Shaowen said that Dockers must be a trend, and now many large Web customers have adopted Docker. As Kubernetes and Openshift gradually mature, small and medium-sized customers in Europe and the United States have begun to use Kubernetes and Juniper's Contrail to deploy some container clouds, such as TCP Cloud and LITHIUM, in 2015/2016. "Domestic customers will probably support more and more in 2017."

He also gave the reporter an example. TCPCloud, a customer of Juniper Networks, has done a lot of smart city projects in Europe. It connects many street lights, charging stations in parking lots, and sensors in substations. Because there are so many sensors, for IoT applications, if virtual machines are used, the CPU/memory capacity of the server is very high. In this case, the use of lightweight container clouds can provide better optimization capabilities.

Regarding the security of container cloud, Ma Shaowen said that the main concern is that when doing micro segmentation, container cloud will have some security issues, or the security protection between different Dockers is not so good. In response to this, Juniper Networks uses Contrail and Kubernetes together to manage it through virtual routers between containers, and string business rules (rules), firewalls, and deep packet inspection (DPI) functions into the service chain to improve the security of containers.

"Customers choose Docker because they can get a lightweight solution. In the past, customers may only be able to start 10 virtual machines on the same server, but if Docker is used, with the same capacity and the same CPU memory, I can make at least 100 Dockers." Ma Shaowen gave an example. For example, if a Dockers application is assigned to an autonomous driving car, if it is based on an existing virtual machine, the customer clicks a button and it may take about 10 minutes for the virtual machine to start. But if it is Dockers, it is basically what you see is what you get, which greatly improves the customer experience.

A leader in automation and machine learning

As for IT operation and maintenance, which everyone is paying close attention to, Juniper Networks has also done a lot of work to improve automation. Ma Shaowen introduced that five of the six major OTT customers in the United States are Juniper Networks customers, such as Google, Facebook, Twitter, Amazon, and Apple. The reason why Juniper Networks has won their recognition is that in addition to its excellent hardware performance, the biggest advantage is its strong automated operation and maintenance capabilities. He told reporters that because OTT customers think that Juniper Networks' automation tools are well built, they open up some of Juniper Networks' common practices and require other manufacturers to implement basic functions such as open configuration protocols (open config) and NETCONF. These automation tools have long been embedded in Juniper Networks' Junos OS.

He gave an example, in a large data center with tens of thousands of switches, Juniper Networks provides a graphical interface Network Director GUI that does not require any command line configuration. In the GUI, a three-level or five-level CLOS architecture can be built to implement automatic IP address configuration, BGP configuration, EVPN, VXLAN configuration, and can monitor the operation of the Border Gateway Protocol (BGP).

Not only that, Juniper Networks' machine learning is also ahead of the market. While others are still talking about machine learning, Juniper Networks has already embedded machine learning into two SDN controllers. "Open Contrail integrates a big data analysis engine to handle network anomalies. The other is our NorthStar, which is a WAN traffic design. The version that will be launched soon will also have a big data analysis." Ma Shaowen also revealed that one of the focuses of Juniper Networks' security product line is also big data analysis. It can send user traffic to Amazon AWS or Alibaba Cloud for special processing, cleaning, and analysis. After the analysis, it will know the problems in the topology of the customer's network and may block a certain interface. This is the software-defined secure network (SDSN).

During the interview, the reporter found that Juniper Networks' research on many technologies is ahead of the market. Juniper Networks' market layout is often completed quietly. When a certain technology hotspot becomes a hot topic in the industry, Juniper Networks has already begun to reap the technological fruits. What impressed the reporter was their persistence in technology. They could calm down and work quietly in such an impetuous environment. Their ingenuity is rare and the future is promising.

[51CTO original article, please indicate the original author and source as 51CTO.com when reprinting on partner sites]