Data Center Technologists
JNPRdhanks

The QFX5100 Takes Virtualization to Heart

by Recognized Expert Recognized Expert ‎02-21-2014 04:47 PM - edited ‎02-21-2014 08:22 PM

Everywhere you look there's virtualization. Hypervisors, NAS, and Containers. What about networking? Some people say VLANs. Others say MPLS. A topic of recent discussion is overlay technologies and VXLAN. But what if it went deeper than that? What would happen if you apply some of the server virtualization to networking? What would the result be?

 
Under the hood each networking switch has a control plane, which is basically full blown computer. It has a CPU, memory, and local storage. What would happen if the QFX5100 virtualized its control plane? Well, it did.
 
The QFX5100 natively boots into Linux and uses KVM as a hypervisor to create virtual machines. Junos, the network operating system, runs inside of a VM. At first glance, one might ask what's the big deal? You just added to layers of abstraction between the switch and Junos. However with abstraction comes the ability to do more than what was previously possible.
 
Traditional Switch vs Juniper QFX5100
 
One great example of Junos engineering is the ability to perform In-Service Software Upgrades (ISSU) on the M, T, and MX series. This allows you to upgrade the networking operating system without interrupting the traffic flowing through the box. However this feature requires two control planes. At a high level there is a master and backup routing engine. As one routing engine is being upgraded, the other continues to take care of the switch.
 
Traditionally on 1RU switches, there was only a single control plane. There just wasn't enough space or budget to include a second control plane. However the QFX5100 uses Linux KVM and is able to create two virtual machines running Junos. Now by simply adding two layers of abstraction, we're able to have two control planes and support ISSU on the same 1RU switch.
 
So what else is possible? Your imagination is the limit. Another possibility is to create a third virtual machine and install Linux. You could use this virtual machine to execute operational scripts and programs that monitor various aspects of the network. You could collect statistics with MRTG and display it on a web page.
 
Check out the QFX5100 today. What will you do with the power of virtualization? 

Comments
by Distinguished Expert ‎02-22-2014 08:41 AM - edited ‎02-22-2014 08:41 AM

Hi Doug,

 

what about running this on a VM:

 

- VSRX (and terminate ipsec tunnels on a switch....)

- VWLC (and terminate CAPWAP tunnel directly on the switch)

- SSL or UAC virtual appliances

 

The infrastructure as we know it will change ........

by yren on ‎02-22-2014 02:39 PM

It sounds we might not have to use overlay to achieve NFV since the switch itself is virtualized. If so, this is awesome since overlay introduces some troubleshooting problems due to lack of visibility, and extra management burden.

 

Second, virutalize the switch is great, but do we really need running a full stack for each V-switch? Can we use LXC (eg, Docker) instead of VM inside the switch? I know container is still not mature enough until it addresses security issue.

 

Last but not least, the 3rd VM could also run some user applications (ubuntu+web server, eg.). If the switch supports enough RAM+CPU, the single rack switch can act as a server and storage and switch, so that we do not need any dedicated server, or storage, or rack switch. This is what a future data center should look like.

 

Does this sound exciting?

by Distinguished Expert on ‎03-03-2014 03:33 AM

yren,

 

When LXC/Docker gets a more mature security model, then there would be no reason you couldn't just boot an underlying linux image on the Guest VM running a single instance of Docker.  It certainly opens the door to possibilites.

 

Other thoughts:

- STRM Event Collector

- Virtualised Route Server/Reflector (either Juniper or 3rd party like BIRD/Quagga)

- SFlow Collector (might hammer the SSD a bit too much though, maybe aggregate to a RAM disk and send to an upstream server)

- Super ZTP Server - have your core switch automatically build your network based on what it sees (query the switch) and knows (topology stored on the Guest VM)

- Network Infrastructure Services (DNS, NTP etc)

 

V.Cool!

by keith4(anon) on ‎04-09-2014 11:03 AM

This exciting. The one thing that I am concerned about is th eintroduction of possible bugs that can compromise the systrem, if we were to now use it for storage and web services. Heartbleed, is exactly the kind of things give me pause. Not to mention, the additional resources to serve up webpages and and process file transfer. Novel idea, but to me it is introducing another avenue of attack.

Why is that I have to keep changing the name and email address i use to comment?

About the Author
  • Amit is a Software Engineer in the Campus and Data Center Business Unit. Off late, he has been working on visualizing distributed systems and automatic anomaly detection.
  • Anil Lohiya is a Principal Engineer in the Campus and Data Center Business unit in Juniper Networks. In his current role, he is leading some of the SDN and Network Virtualization initiatives.
  • Apoorva is a Software Engineer in the Campus and Datacenter Business Unit. In his current role, he is working on the development of SDN and network virtualization features on all Juniper platforms.
  • Douglas Richard Hanks Jr. is a Sr. Data Center Architect with Juniper Networks and focuses on solution architecture. He is certified with Juniper Networks as JNCIE-ENT #213 and JNCIE-SP #875. Douglas’ interests are network engineering and architecture for enterprise and service provider technologies. He is the author of the Juniper MX Series book by O'Reilly Media and several Day One books published by Juniper Networks Books. Douglas is also the co-founder of the Bay Area Juniper Users Group (BAJUG). Douglas can be reached on Twitter @douglashanksjr.
  • I am an Engineer with expertise in Data Packet Forwarding, Software Design & Programming with major domain expertise in QoS (Quality of Services). I have worked across the domains in Data communications field. I love water and am a good swimmer too.
  • Jonathan Davidson is Senior Vice President and General Manager for the Security, Switching and Solutions Business Unit (S3BU). In this role, he is responsible for leading innovation, growth and product development in data center, campus, branch, and cloud. Davidson oversees the development of market-leading security and networking solutions and his team manages both the EX Series and QFX family of switches as well as the SRX line of security devices. Davidson joined Juniper in 2010 as Vice President, Product Line Management for the Edge and Aggregation Business Unit where he was responsible for the product lifecycle management, strategy, implementation, solutions and go-to-market activity for a range of leading edge routing product families, such as the E, M and MX Series. Prior to joining Juniper, Davidson had a 15-year career in various leadership positions at Cisco. He served as Director of Product Management at Cisco Systems where he focused on service provider solutions and led the enterprise routing product management team and service provider Layer 4 through Layer 7 services team. During his time at Cisco, he co-authored the best-selling books Voice over IP Fundamentals and Deploying Voice over IP. He also served as Director, Service Provider Solution Engineering. Davidson has spoken at leading industry events such as Interop and has held certification as Cisco Certified Internetwork Expert #2560. He is active on social media, and frequently shares his observations about the industry on his twitter account @jonathandavidsn and blogs.
  • Rakesh Dubey is the engineering head for Campus and Data Center business unit at Juniper Networks. He has been with Juniper for past six years leading multiple switching products.
  • Sriram is a Sr. Manager in the Campus and Datacenter Business Unit. He is part of the Network Director team and focuses on technologies such as VMware integration, OpenStack etc.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.