1

CISCO’S SDN STRATEGY

Robert Feng

TSA

robfeng@cisco.com

Agenda

SDN Recap

Landing SDN Solutions

ACI Vision

ACI Building Block

ACI Innovations

Hardware Platform – Nexus 9000

Key in Cisco’s SDN Approach: Openness

Q&A

2

3

SDN RECAP

Basic Definitions

What Is Software Defined Network (SDN)?

“…In the SDN architecture, the control and data

planes are decoupled, network intelligence and state

are logically centralized, and the underlying network

infrastructure is abstracted from the applications…”

Source: www.opennetworking.org

What is OpenStack?

Opensource software for building public

and private Clouds; includes Compute (Nova),

Networking (Quantum) and Storage (Swift)

services.

Source: www.openstack.org

What is Overlay Network?

Overlay network is created on existing network

infrastructure (physical and/or virtual) using a network

protocol. Examples of overlay network protocol are:

GRE, VPLS, OTV, LISP and VXLAN

What Is OpenFlow?

Open protocol that specifies interactions between

de-coupled control and data planes

Note: OF is not mandatory for SDN

Note: North-bound Controller APIs are vendor-specific

Note: Applicable to SDN and non-SDN networks Note: Applicable to SDN and non-SDN networks

Note: SDN is not mandatory for network programmability

nor automation

a

Cisco Open Network Environment: Announced in June 2012

Industry’s Most Comprehensive Networking Portfolio

Hardware + Software Physical + Virtual Network + Compute

Network

Platform

APIs

Controllers and

Agents

Virtual

Overlays

Applications

www.cisco.com/go/one

6

WHAT HAVE WE LEARNED? SDN SHOULD BE USE CASE DRIVEN / SDN IS “PIN” SPECIFIC

7 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Orchestration Automation, provisioning and interworking of

physical and virtual resources

Service Provider SDN Trend

Service Orchestration

NFV SDN

HYPE IS EVERYWHERE

LOOK FOR PROVEN EXPERIENCE

SDN Separation of control and data plane

NFV Network functions and software running on

any open standards-based hardware

© 2013 Cisco and/or its affiliates. All rights reserved. 8

REDUCED VISIBILITY

DIFFICULT TO TROUBLESHOOT

SECURITY CHALLENGES AND LACK OF COMPLIANCE

Overlay

Wow, this new

technology will

totally make

driver’s licenses

useless…

I see smoke

but there’s

no warning

lights on my

dashboard!?!

Network Visibility of

Your Apps Today

Network Visibility of Your

Apps on an Software

Overlay

Perspective of an Overlay Startup Vendor

PHYSICAL

OVERLAY

OVERLA

Y

PHYSICAL

9

“LANDING” SDN SOLUTIONS?

10

ACI VISION (APPLICATION CENTRIC INFRASTRUCTURE)

11

ACI VISION: RAPID DEPLOYMENT OF APPLICATIONS ONTO NETWORKS WITH SCALE, SECURITY AND FULL VISIBILITY

Physical Networking

Compute L4–L7 Services

Multi DC WAN and Cloud

APPLICATION

AGILITY

AUTOMATION

/

REALTIME

IMPROVED

TCO

AVAILABLE

/

VISIBLE

SECURE /

SCALE

ANY

EDGE

Physical Networking

Compute L4–L7 Services

Multi DC WAN and Cloud

Storage Storage Hypervisors and Virtual Networking

Hypervisors and Virtual Networking

12

ACI BUILDING BLOCKS

13

CUSTOMER CHOICES FOR SMOOTH TRANSITION TO ACI TWO OPERATIONAL MODELS FOR NEXT GENERATION NEXUS

APPLICATION CENTRIC INFRASTRUCTURE

Q2 2014

TRADITIONAL NETWORKS OPTIMIZED NX-OS

Q4 2013

PROGRAMABILITY— 1/10/40 GE, 100 GE READY PRICE/PERFORMANCE

APIC Software

Upgradable

to ACI

Performance

and Scale Security Simplicity Open Agility

Automation

and Visibility

14

OPEN RESTFUL APIS

CENTRALIZED POLICY MODEL

OPEN SOURCE

CONTROLLER

APIC

ACI BUILDING BLOCKS NEXT GENERATION NEXUS—TRADITIONAL NETWORKS

POLICY MODEL

ACI

BUILT-IN LINE RATE

END POINT DIRECTORY

INTEGRATED OVERLAY

40G NON-BLOCKING FABRIC

SIMPLE, SECURE

>_ >_

50% SIMPLER CODE BASE

FUTURE PROOF UPGRADABLE

TO ACI

PROGRAMMABILITY AND AUTOMATION

NETWORK VIRTUALIZATION

SUPPORT

RESILIENCY: IN SERVICE PATCHING,

UPGRADE, FAST RESTART

ACI BUILDING BLOCKS FUTURE PROOF—SOFTWARE UPGRADABLE TO ACI

NEXUS 9500 and 9300 INNOVATIONS IN SOFTWARE HARDWARE AND SYSTEM DESIGN

PRICE POWER EFFICIENCY PROGRAMMABILITY PORT DENSITY PERFORMANCE

OPTIMIZED NX-OS SCALE OUT WITHOUT COMPROMISE

COMMON BUILDING BLOCKS - ACCESS AND CORE

APIC

15

ACI INNOVATIONS

16

APPLICATION CENTRIC INFRASTRUCTURE (ACI)

Performance

and Scale Security

Services

Automation Open

Agility &

Simplicity

Visibility &

Troubleshootin

g

INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN

17

APPLICATION CENTRIC INFRASTRUCTURE (ACI)

Agility &

Simplicity

INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN

18

IP NETWORK

COMMON POLICY

SIMPLIFICATION

DECOUPLE APPLICATION &

POLICY FROM IP INFRASTRUCTURE

10,000S ACLS

COMPLEX QOS

MULTIPLE MANAGEMENT POINTS

EXCESSIVE PROTOCOLS

FLOODING

CENTRALIZED SECURITY AND QOS POLICY

NO FLOODING

ROUTED NETWORK

FULL HOST MOBILITY

19

AGILITY: ANY APPLICATION, ANYWHERE—PHYSICAL AND VIRTUAL ACI POLICY MODEL WITH COMMON APPLICATION NETWORK PROFILE (ANP)

ADC APP DB F/W

ADC WEB

APIC

HYPERVISOR HYPERVISOR HYPERVISOR

CONNECTIVITY

POLICY

SECURITY

POLICIES

QOS

BANDWIDTH

RESERVATION

AVAILABILITY

STORAGE

AND

COMPUTE

APPLICATION

L4-L7

SERVICES

SLA

QoS

Security

Load

Balancing

APPLICATION

NETWORK PROFILE

Extensible Scripting Model

20

APPLICATION CENTRIC INFRASTRUCTURE (ACI)

f

Services

Automation

INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN

21

APP F/W L/B WEB L/B DB APP F/W ADC WEB ADC DB

Extensible Scripting Model

NETWORK SERVICE AUTOMATION

AND STITCHING

ACI NETWORK SERVICE AUTOMATION

• Open Model

• Audit and Compliance

• No Excess Configuration State

22

ACI SERVICE REDIRECTION POLICY

Begin End Stage

1

FW

_A

DC

1

EPG 2 EPG 1

Application

Admin

Service

Admin

ASA

5585

Netscaler

VPX

Chain

“FW_ADC 1”

Policy-based

Redirection

Stage

2

• Automated and scalable L4-L7 service insertion

• Packet match on a redirection rule sends the packet into a services graph.

• Service Graph can be one or more service nodes pre-defined in a series.

• Service graph simplifies and scales service operations

23

APPLICATION CENTRIC INFRASTRUCTURE (ACI)

Visibility &

Troubleshootin

g

INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN

24

FULL APPLICATION VISIBILITYA Single View of your Application in a distributed environment

Cisco Confidential

HEALTH SCORE

LATENCY

DROP COUNT

VISIBILITY

VMs

Physical

Application Delivery Controller

Firewall

24

96%

Microsecond(s)

Packets Dropped

5

25

7

3

25

ACI SERVICES HEALTH SCORE

REPORTED BY THE SERVICES APPLIANCE TO THE APIC

SYSTEMS TELEMETRY

SERVICE HEALTH SCORE

LATENCY

VISIBILITY

VMs

Physical

Citrix Netscaler VPX

Citrix Netscaler MPX

Microsecond(s) 5

2

2

CPU 85 RAM 62

26

APPLICATION CENTRIC INFRASTRUCTURE (ACI)

Performance

and Scale

INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN

27

ELASTICITY AT SCALE BUILT FOR THE GROWING COMMERCIAL ENTERPRISE TO THE LARGEST SERVICE PROVIDERS

1 MILLION IPV4 / IPV6 END POINTS

64,000 TENANTS

PORTS

APIC

100K+ 44652 35860 27648 22584 18632 13824 11592 8598 6912 5260 4854 3456 2268 1286 288

8K MULTICAST GROUPS (PER LEAF)

60 TBPS CAPACITY (PER SPINE)

576 40G PORTS WIRE-RATE (PER SPINE)

28

100 150 200 250 300

ACI

Traditional Network

Time (s)

Case Study – Big Data Analytics

Based on common network load and link failure scenarios

INNOVATION DRIVING APPLICATION PERFORMANCE

Congestion Management

60% 60%

90%

Network Innovations

Dynamic Load Balancing

Dynamic Packet Prioritization

30% reduction

in application

completion time

Network Utilization

29

APPLICATION CENTRIC INFRASTRUCTURE (ACI)

Security

INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN

30

Centralized Compliance and Auditing

Import / Export Policy via API

(Support for External Policy Engines)

Services Chaining Automated

Engineering Legal Sales H

R

Financ

e

Marketing

APPLICATION CENTRIC INFRASTRUCTURE SECURITY SECURITY WITH ACI

Complete Isolation with

Full Scalability and Security

Policy Separated from Network Forwarding

Open

APIs Policy

Engine

ENABLING A DYNAMIC ENTERPRISE WITHOUT COMPROMISE

APIC

Legal and

Marketing

APPLICATION

NETWORK PROFILE

31

APPLICATION CENTRIC INFRASTRUCTURE (ACI)

Open

INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN

32

TENANT AND APPLICATION AWARE

READ / WRITE ALL FABRIC INFO

PUBLISHED DATA MODEL OPEN SOURCE

APIC

OPEN ECOSYSTEM, OPEN APIS COMPREHENSIVE ACCESS TO UNDERLYING INFORMATION MODEL

and Certified Industry Standard Compliant

33

NEW HARDWARE PLATFORM - NEXUS 9000

34

INNOVATIONS IN SOFTWARE, HARDWARE, ASICS AND SYSTEMS

NEXUS 9500

PRICE POWER EFFICIENCY PROGRAMMABILITY PORT DENSITY PERFORMANCE

PRICE COST STRUCTURE for 1G to 1/10GT and 10G to 40G migration 50% less ASICS

PERFORMANCE INDUSTRY LEADING PRICE / LINE CARD BANDWITH 1.92 Tbps per slot 100G ready

PORT DENSITY 20% HIGHER Non-blocking Density

PROGRAMMABILITY JSON/XML API Linux Container for customer apps

POWER EFFICIENCY STATE OF THE ART BACKPLANE FREE DESIGN 15% greater power and cooling efficiency

MERCHANT+ ASIC APPROACH Innovation in Cisco ASICs

35

BIDI OPTICS PRESERVE EXISTING CABLING SIGNIFICANT TRANSCEIVER SAVINGS

$4,059

savings per

40G link

Trunk Cabling

(100m)

Patch

panel

Jumper

Cable

10G Optical Link

Patch

panel

Jumper

Cable

Traditional 40G Optical Link – complete replacement

+$6,259*

40G BiDi Optical Link – reuse all 10G cabling/ patch panels

+$2,200*

Source: Corning OM3 Cable & Patch Panel list prices, Cisco 40G BiDi list price, Competitors 40G SR4 list price

SAVES TENS OF MILLIONS OF DOLLARS WHEN UPGRADING TO 40G SWITCH INFRASTRUCTURE

36

KEY IN CISCO’S SDN APPROACH: OPENNESS

OpenDaylight - Cisco Helps form Industry SDN Consortium

37

OpenDaylight is an open source project under the Linux Foundation with the mutual goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common market-supported framework.

Platinum* Gold* Silver*

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38

APIC

Cisco Confidential 39

THERE ARE TWO APPROACHES TO CONTROL SYSTEMS

Air traffic control tells where to

take off from, but not how to fly the plane

Baggage handlers follow sequences

of simple, basic instructions

IMPERATIVE CONTROL DECLARATIVE CONTROL

Cisco Confidential 40

APIC

OPFLEX: AN OPEN, EXTENSIBLE POLICY PROTOCOL

OPFLEX WAS

DESIGNED TO OFFER:

Policies:

• Who can talk to whom

• What about

• Ops requirements

Abstract policies rather than

device-specific configuration 1.

Flexible, extensible definition

of using XML / JSON 2.

Support for any device including virtual

switches, physical switches, network

services with strong interoperability

across vendors

3.

Open, standardized API with an open

source reference implementation 4.

OPFLEX

PROXY

OPFLEX

AGENT

OPFLEX

AGENT

OPFLEX

AGENT

HYPERVISOR SWITCH ADC FIREWALL

Cisco Confidential 41

OPFLEX: DRIVING MULTI-VENDOR INNOVATION FOR CUSTOMERS

How vendors innovate together

Innovation and

Differentiation Direct access to policy lets

vendors expose unique

features and capabilities

Ease of

Integration Fast, easy path to deep

platform integration with any

Opflex-enabled control system

Standardized

and Open Any vendor can participate in policy

model development, standards

process, and open source community

Cisco Confidential 42

EXTENDING POLICY ACROSS DC, WAN, AND ACCESS

Unified Policy API

Across APIC Platform

APIC APIC

EM

Data Center

OPFLEX-BASED POLICY RESOLUTION

WAN Access

43

SUMMARY

44

SUMMARY

Next Generation “Landable” SDN solution – ACI

Speed of deploying applications without compromise

Openness is key to SDN success

Cisco can provide complete end to end SDN vision across

Data Center/SP WAN/Access…

True SDN solutions leverage both software flexibility and

hardware innovations