Apr 18, 2013 ... What is Software Defined Networking. (SDN)? ... of the network – topology and
state”. “Develop ..... onePK API Presentation. onePK API ...
Belgium & Luxembourg April 18th, 2013
Introduction to
Software Defined Networks (SDN) and its relevance in the DC Bjørn R. Martinussen DC Solutions Architect
[email protected]
© 2013 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
1
What is Software Defined Networking (SDN)? Many Definitions • Openflow • Controller • Openstack • Overlays • Network virtualization • Automation • APIs • Application oriented • Virtual Services • Open vSwitch • …
At the conclusion of this session you
Session ObjectivesUnderstand what SDN Means to will:
Cisco Cisco ONE Strategy
SDN Definition
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
4
“ SDN Is…
“A way to optimize link utilization in my network enhanced, application driven routing”
“An open solution for VM mobility in the “A way Data-Center” to reduce the
“An open solution for customized flow forwarding control in and between Data Centers”
Simplified Operations “A platform for developing “Develop solutions at software speeds: new control planes”
“A means to get CAPEX of my network assured and leverage commodity quality of experience switches” for my cloud service “A solution to build virtual topologies with optimum offerings”
I don’t want to work with my network vendor or go through lengthy standardization.”
“A solution to build a very large scale layer-2 network” “A means to do
traffic engineering without MPLS”
multicast forwarding behavior”
“A way to “A means to scale my fixed/mobile scale my gateways and optimize firewalls “A way to optimize broadcast TV their placement” “A way to build my own and load delivery by optimizing cache security/encryption solution”balancers placement and “A way to distribute policy/ ” cache selection” intent, e.g. for DDoS “A solution to get a global view “A way to configure my entire prevention, in the network” of the network – topology and network as a whole rather state” than individual devices”
Enhanced Agility
© 2013 2011 Cisco and/or its affiliates. All rights reserved.
New Business Opportunities
Cisco Cisco Confidential Connect
5
Real Business Values of SDN • Flexibility: IT groups can become more agile; deployment backlogs are less problematic Departments are more easily able to self-select services – including internal, 3rd party and external cloud services • Automation: Easily add features (protect, segment, provision, add policies) to new workloads, groups, branches, employee devices and cloud resources • Visibility drives speed: Holistic view of application connectivity and external needs (branch, device) Applications can ask for resources, routes, and access instantaneously Heat maps (by application) of traffic across the campus and data center • Revenue generation (for SPs): Service providers can provide more value-added services to customers Innovation in software can accelerate service delivery and create stickiness
What is SDN? (per Wikipedia definition)
Software defined networking (SDN) is an approach to building computer networks that separates and abstracts elements of these systems © 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
7
In other words… In the SDN paradigm, not all processing happens inside the same device
© 2013 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Cisco Confidential Connect
8
Processi ng Plane
Where it runs
How fast these processes run
Control Plane
Switch CPU
In the order of thousands of packets per second
Routing protocols (i.e. OSPF, IS-IS, BGP), Spanning Tree, SYSLOG, AAA (Authentication Authorization Accounting), NDE (Netflow Data Export), CLI (Command Line interface), SNMP
Data Plane
Dedicated Hardware ASIC’s
Millions or Billions of packets per second
Layer 2 switching, Layer 3 (IPv4 | IPv6) switching, MPLS forwarding, VRF Forwarding, QOS (Quality of Service) Marking, Classification, Policing, Netflow flow collection, Security Access Control Lists
Type of processes performed
Control Plane and Data Plane Two fundamental terms to begin understanding the concepts around SDN
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
9
Over the years… this network paradigm has remained mostly intact…
© 2013 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Cisco Confidential Connect
10
Where did this SDN “thing” come from?
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
11
Stanford University – Clean Slate Project “…explore what kind of Internet we would design if we were to start with a clean slate and 20-30 years of hindsight.” http://cleanslate.stanford.edu/ © 2013 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Cisco Confidential Connect
12
Clean Slate led to the development of…
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
13
What is Openflow? (per Wikipedia definition)
OpenFlow is a Layer 2 communications protocol that gives access to the forwarding plane of a network switch or router over the network © 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
14
First statement for today…
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
15
Openflow does not equal SDN
Openfl ow
Software Defined Networking
Openflow is one flavor, or a subset, of SDN © 2013 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Cisco Confidential Connect
16
“…In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications…”
https://www.opennetworking.org/images/stories/downloads/white-papers/wp-sdn-newn
“…open standard that enables researchers to run experimental protocols in campus networks. Provides standard hook for researchers to run experiments, without exposing internal working of vendor devices……” http://www.openflow.org/wp/learnmore/
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
17
“I wish we had done [the separation] in the Internet design, but we didn’t” “In a very interesting way you have an opportunity to reinvent this whole notion of networking” “Just because it says software-defined networking doesn’t mean they’re the same thing. That’s like ‘cloud…They’re not the same thing, and similarly you can invest in an arbitrarily large number of software-defined networks.”
http://slashdot.org/topic/datacenter/vint-cerf-sdn-is-amodel-for-a-better-internet/
Open Networking Summit Keynote, April 16th 2013
Vint Cerf: “SDN is a Model for a Better Internet”
Industry Standards Technical Advisory Group Chair, Working Groups: Config, Hybrid, Extensibility, Futures/FPMOD/ OF2.0
802.1 Overlay Networking Projects, Cisco Innovations: FEX Architecture
Open Source Cloud Computing project
© 2012 Cisco and/or its affiliates. All rights reserved.
Open Network Research Center at Stanford University
Working Groups: Quantum API Donabe Cisco Innovations: OpenStack API for Nexus OpenStack Extensions Overlay Working Groups: NVO3, L2VPN, TRILL, L3VPN, LISP, PWE3 API Working Groups: NETCONF, ALTO, CDNI, XMPP, SDNP, I2AEX Controller Working Groups: PCE, FORCES
Cisco Connect
19
And Data Centers Need to Evolve Fabric Based
Distributed
Application Driven
Cloud
Cloud
MonitoringProvisioning Networking Apps Apps Apps
Programmable
EndUser Apps
Provisionable
Fabric L2, Comput Comput Storage Storage Services Services e e
L3
L2, L3
Comput Comput Storage Storage Services Services e e
Integrated Fabric and Cloud World of Many Clouds •
Manual Provisioning
•
Policy-based Provisioning
•
Service-centric Provisioning
•
Limited scaling
•
•
Flexible – Anywhere, Anytime
•
Rack-wide VM mobility
Scale Physical and Virtual/ Cloud
•
Cross-cloud VM Mobility
•
DC-wide/Cross-DC VM Mobility © 2012 Cisco and/or its affiliates. All rights reserved.
Network Programmability Models 1
Programmable APIs2a Classic SDN
Hybrid “SDN”
Application s
Application s
Vendorspecific APIs
2b
Vendorspecific APIs
NX1kV VSM
Control Plane
3
Network Virtualization/ Virtual Overlays
Application s
Vendorspecific APIs*
Control Plane
Application s Vendorspecific APIs
Virtual Control Plane Virtual Data Plane
Overlay Protocols
Control Plane
Data Plane
Control Plane
Data Plane
OpenFLow and/or Vendor specific
OpenFLow and/or Vendor specific
Control Plane Control Plane
NX1kV VEM
Data Plane
Data Plane
Data Plane
Cisco ONE
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
22
SDN Delivery Options Software API Application Control
Controller
Overlays
Controller
Overlay Networks
Applications Fabric
Fabric
L2,
L2, L3
Fabric
Compute
Compute
Storage
Storage
Services
L3
Services
Compute
Compute
Storage
Storage
Services
Services
L2, L3
Compute
Compute
Storage
Storage
Services
Services
Policy-based Provisioning Multiple Tunnels (Visibility?)
•
Writing to single onePK API
•
Policy-based Provisioning
•
•
Infrastructure Controlled by Applications
•
Scale Physical & Virtual/Cloud
•
•
DC-wide/Cross-DC VM Mobility
•
•
onePK API exposes Fabric capabilities
Scaling (Overlay disjoint from Physical)
•
onePK API in Nexus 1000V (late CY13)
•
Wide-reach, beyond Data Center
Cisco Open Network Environment (Cisco ONE) Programmable, Application Centric
Industry’s Most Comprehensive Networking Portfolio Hardware + Software
Physical + Virtual
Network + Compute
Applications
1.
3.
Platform APIs
Overlays Networks
Network
One Platform Kit (onePK) - Programmatic APIs for Network HW (IOS, IOS-XR, NX-OS) - Evolutionary, Investment Protection
2.a Controllers And Agents
Open Clouds with Nexus 1000V - Multi-hypervisor - Multi-service - Controller SW (onePK, Openflow, …) - Multi-cloud - OpenFlow 1.x support - Openstack www.cisco.com/go/one support
SDN:
Conversation is Maturing, becoming Pragmatic… • Programmable networks can be built in many ways With or without Openflow – can leverage other protocols (e.g. PCEP*) With or without controller/SDN – can leverage built-in APIs (e.g. onePK)
• Controller must program & manage flows Provisioning, Monitoring tools are NOT “controllers” – they existed before SDN
• Controller north-bound APIs remain proprietary • Network virtualization and server virtualization impact infrastructure differently Server virtualization enables server consolidation (increases efficiency) Network virtualization enables broader VM mobility, scalable multi-tenancy (drives more traffic on the network) Unlike servers, network has always been a shared resource – it has always been Efficient!
• Hybrid deployment models are critical to most customers Provides evolutionary deployment model Protects customers’ investment in network equipment, processes & operations, people skills
• Need smarter, high-performance hardware / ASICs High performance, Low latency, Non-oversubscribed, Overlay aware, Multi-protocol *PCEP: Path Computation Element Communication Protocol
onePK: One Platform Kit
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
26
onePK Architecture C, JAVA, Python, REST, Programmatic Interfaces onePK API Presentation
onePK API Infrastructure IOS / XE (Catalyst, ISR, ASR1K)
NXOS (Nexus Platforms)
IOS XR (ASR 9K, CRS)
onePK API Libraries Initial Service Sets Element
Utilities
Discovery
Developer
• Element Capabilities • Configuration Management • Interface/Ports Events • Location Information
• Syslog Events and Queries • AAA Interface • Path Trace
• Network Element Discovery • Service Discovery • Topology Discovery
• Debug Capabilities • Tracing Interfaces • Management Extensions
Data Path
Policy
Routing
• Packet/Flow Classifiers • Copy/Punt/Inject • Statistics
• Interface Policy • Interface Feature Policy • Forwarding Policy • Flow Action Policy
• Read RIB Routes • Add/Delete Application Routes • RIB Events (Route up/ down)
Open Network Environment – Flexibility to Choose Protocols, APIs and Deployment Models
Developer portal ABILITY TO SPAN LAYERS
Training & Certification Element Element Capabilities Configuration Management Interface/Ports Events Location Information
Quantum API Interface descriptions L2 network provisioning L3 and IP Addr. Mgmt. coming
© 2012 Cisco and/or its affiliates. All rights reserved.
Packet classifiers Marking Copy/Punt Inject Statistics
Utilities Syslog Events and Queries AAA Interface Netflow Events DHCP Events
Developer Debug Capabilities Tracing Interfaces Management Extensions
Discovery Network Element Discovery Service Discovery Topology Discovery Policy Interface Policy Interface Feature Policy Forwarding Policy Flow Action Policy
ISVs
Routing Protocol Change Events RIB Table Queries
RICHNESS OF FEATURES Cisco Connect
29
onePK Use Case:
Automated Network Provisioning
Network OS
DC Switch Management Server
Management agent
DC Switch IPC
onePK API Management Agent (onePK Application)
Container
• Automate network configuration • Use the same process and tools currently in use for servers
onePK Use Case:
Deep Packet Modification Business Problem: Need to modify specific fields within select data packets to achieve a desired network behavior.
onePK Custom Packet Action
Data Flow
Packet Modifier
Packet Removal
Packet Match
Packet Inject
onePK Data Path Services
Data Plane
Data Flow
Packet Modification Algorithm Built Using onePK Modifies Selected Packets
Solution: Developer uses onePK to extract, modify and re-insert specific packets using match, modify and forward techniques. Benefits: Quickly and efficiently modify network behavior or traffic flows based on needs. Examples: • Special off-box “secret” Crypto • Packet/flow visibility
Cisco ONE Controller
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
32
Cisco ONE Controller
Cisco ONE Controller
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
33
Controller to Node Interactions Reactive
Proactive
Unknown Flow
Flow programmed Into FIB Table
Application Flow Communication over SSL/TLS
Profile Forwarder src 10.0.10.20 If srcIP=10.0.10.20 Then forward Ethernet 3/1
Controller
Controller to Node Interactions Flow programmed Into FIB Table
Aggrega te Flow
Flow programmed Into FIB Table
Application Flow Communication over SSL/TLS
Profile Forwarder src 10.0.10.20 If srcIP=10.0.10.20 Then forward Ethernet 3/1
Controller
Application Flow
Micro Flow
The SDN reaches beyond the Data Center
onePK onePK
ASR
CSR
ISRG2
Data Center
Campus / Branch
Policy
onePK API presentation layer
Custom Routing Application
Unique Data Forwarding Algorithm Highly Optimized for the Network Operator’s Application
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
36
Use case Campus “Slicing”
Common Deployment in Higher-Ed today – Partition network for multiple usercommunities
Solution • Topology Independent Forwarding
Slice #2 Slice #1
Cisco Purpose-built Controller for Network Slice #3 Slicing
• Integrated slicing management • Programmatic Interfaces (Eg. REST) • OpenFlow experimental support (v1.0) • Controller experimental SW
Consistent policy management for maximum flexibility and Innovation
Cloud technology stacks
Multi-Hypervisor and Multi-Orchestration Strategy Cloud Portal and Orchestration
Virtual Network Infrastructure
Hypervisor Computing Platform Physical Network
vCloud Director/ DynamicOps
System Center
Open Source
CIAC/ OpenStack/ Partners
NSM
NSM
NSM
NSM
ASA 1KV vWAAS CSR 1KV
ASA 1KV vWAAS CSR 1KV
ASA 1KV vWAAS CSR 1KV
ASA 1KV vWAAS CSR 1KV
vPath
vPath
vPath
vPath
Nexus 1KV
Nexus 1KV
Nexus 1KV
Nexus 1KV
vSphere
Hyper-V
Open Source (Xen, KVM)
vSphere, Hyper-V, Xen, KVM
UCS Central
ONE Controller
UCS
UCSM
Nexus 2K-7K + ASR 9K (Edge)
onePK
Storage Platform
Solutions: Vblock, FlexPOD, VMDC, VXI/VDI, HCS, Cross-DC Mobility © 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
38
Cisco Open Network Environment (ONE) Industry’s Most Comprehensive Portfolio Hardware + Software
Physical + Virtual
Apps
Applications
Multi-layer API
Virtual Overlay
Controller
(w/ Controller)
Virtual Overlays Device
One Platform Kit (onePK) - Programmatic APIs for Network HW (IOS, IOS-XR, NX-OS)
Apps
Apps
Programmatic APIs Network
Network + Compute
Device
a
Controllers and Agents
Device
Open Clouds with Nexus 1000V - Multi-hypervisor - Multi-service SDN: - Controller SW (OpenFlow, onePK) - Multi-cloud - Openstack support - OpenFlow Agents
Key Takeaways: Cisco ONE for Virtual Networks Network Programmability Enabled Via Cisco Position of Strength
1
Multi-hypervisor, Multi protocol, Multi-services + Open Standards across all interface
2
No compromise security, robustness and resiliency – battle tested
3
Consistency across Physical, Virtual and Cloud environments
4
Troubleshooting, Visibility, Support
5
Investment protection – Consistent OSes, Tools, Processes, Partners, Separation of Du
Logical Progression for Customers Nexus 1000V
Cisco ONE Controller Controller
Fabric
ESXi
Overlay Network Hyper-V Per Hypervisor
L2, L3
Compute
Compute
Storage
Storage
Services
Services
…
Fabric
ESXi Hyper-V
Overlay Network Per Hypervisor
L2, L3
Compute
Compute
Storage
Storage
Services
Services
…
• Available Today • Available end of CY13 • Multi-Hypervisor • Separate Control and Data Plane • Separate Control and Data Plane of Physical and Virtual
We can propose you • >> To attend the Cloupia deep dive event on the 7th of May. Registration via http://bit.ly/cloupiabelgium/
• >> To test UCS Manager, Nexus 1000v, Nexus 7000, OTV, VXLAN,… Request your CLOUDLAB account http://cloudlab.cisco.com Use
[email protected] as sponsor
• >> To check our DC Belux public references case:
Rossel, Barco, NRB, SMALS, Subaru, Nova Natie http://www.scoop.it/t/cisco-data-center-belux-references/
• >> And to visit our DC booth to get a private demo: Orchestration
in the Data Center with Cloupia Unified Computing with UCS Extend you UCS domain to multiple DC's with UCS Central Simplify a virtual deployment with Nexus-1000v, Adapter-Fex and VM-Fex Build a Unified Fabric with FCOE Extend Applications across two physical Data Centers with OTV
Thank you.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Connect
43
