Data Center Technologists
JNPRdhanks

The QFX5100 Takes Virtualization to Heart

by Recognized Expert Recognized Expert ‎02-21-2014 04:47 PM - edited ‎02-21-2014 08:22 PM

Everywhere you look there's virtualization. Hypervisors, NAS, and Containers. What about networking? Some people say VLANs. Others say MPLS. A topic of recent discussion is overlay technologies and VXLAN. But what if it went deeper than that? What would happen if you apply some of the server virtualization to networking? What would the result be?

 
Under the hood each networking switch has a control plane, which is basically full blown computer. It has a CPU, memory, and local storage. What would happen if the QFX5100 virtualized its control plane? Well, it did.
 
The QFX5100 natively boots into Linux and uses KVM as a hypervisor to create virtual machines. Junos, the network operating system, runs inside of a VM. At first glance, one might ask what's the big deal? You just added to layers of abstraction between the switch and Junos. However with abstraction comes the ability to do more than what was previously possible.
 
Traditional Switch vs Juniper QFX5100
 
One great example of Junos engineering is the ability to perform In-Service Software Upgrades (ISSU) on the M, T, and MX series. This allows you to upgrade the networking operating system without interrupting the traffic flowing through the box. However this feature requires two control planes. At a high level there is a master and backup routing engine. As one routing engine is being upgraded, the other continues to take care of the switch.
 
Traditionally on 1RU switches, there was only a single control plane. There just wasn't enough space or budget to include a second control plane. However the QFX5100 uses Linux KVM and is able to create two virtual machines running Junos. Now by simply adding two layers of abstraction, we're able to have two control planes and support ISSU on the same 1RU switch.
 
So what else is possible? Your imagination is the limit. Another possibility is to create a third virtual machine and install Linux. You could use this virtual machine to execute operational scripts and programs that monitor various aspects of the network. You could collect statistics with MRTG and display it on a web page.
 
Check out the QFX5100 today. What will you do with the power of virtualization? 

Comments
by Distinguished Expert ‎02-22-2014 08:41 AM - edited ‎02-22-2014 08:41 AM

Hi Doug,

 

what about running this on a VM:

 

- VSRX (and terminate ipsec tunnels on a switch....)

- VWLC (and terminate CAPWAP tunnel directly on the switch)

- SSL or UAC virtual appliances

 

The infrastructure as we know it will change ........

by yren on ‎02-22-2014 02:39 PM

It sounds we might not have to use overlay to achieve NFV since the switch itself is virtualized. If so, this is awesome since overlay introduces some troubleshooting problems due to lack of visibility, and extra management burden.

 

Second, virutalize the switch is great, but do we really need running a full stack for each V-switch? Can we use LXC (eg, Docker) instead of VM inside the switch? I know container is still not mature enough until it addresses security issue.

 

Last but not least, the 3rd VM could also run some user applications (ubuntu+web server, eg.). If the switch supports enough RAM+CPU, the single rack switch can act as a server and storage and switch, so that we do not need any dedicated server, or storage, or rack switch. This is what a future data center should look like.

 

Does this sound exciting?

by Distinguished Expert on ‎03-03-2014 03:33 AM

yren,

 

When LXC/Docker gets a more mature security model, then there would be no reason you couldn't just boot an underlying linux image on the Guest VM running a single instance of Docker.  It certainly opens the door to possibilites.

 

Other thoughts:

- STRM Event Collector

- Virtualised Route Server/Reflector (either Juniper or 3rd party like BIRD/Quagga)

- SFlow Collector (might hammer the SSD a bit too much though, maybe aggregate to a RAM disk and send to an upstream server)

- Super ZTP Server - have your core switch automatically build your network based on what it sees (query the switch) and knows (topology stored on the Guest VM)

- Network Infrastructure Services (DNS, NTP etc)

 

V.Cool!

by keith4(anon) on ‎04-09-2014 11:03 AM

This exciting. The one thing that I am concerned about is th eintroduction of possible bugs that can compromise the systrem, if we were to now use it for storage and web services. Heartbleed, is exactly the kind of things give me pause. Not to mention, the additional resources to serve up webpages and and process file transfer. Novel idea, but to me it is introducing another avenue of attack.

Why is that I have to keep changing the name and email address i use to comment?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.