cisco’s sdn strategyaci built-in line rate end point directory integrated overlay 40g non-blocking...
TRANSCRIPT
Agenda
SDN Recap
Landing SDN Solutions
ACI Vision
ACI Building Block
ACI Innovations
Hardware Platform – Nexus 9000
Key in Cisco’s SDN Approach: Openness
Q&A
2
3
SDN RECAP
Basic Definitions
What Is Software Defined Network (SDN)?
“…In the SDN architecture, the control and data
planes are decoupled, network intelligence and state
are logically centralized, and the underlying network
infrastructure is abstracted from the applications…”
Source: www.opennetworking.org
What is OpenStack?
Opensource software for building public
and private Clouds; includes Compute (Nova),
Networking (Quantum) and Storage (Swift)
services.
Source: www.openstack.org
What is Overlay Network?
Overlay network is created on existing network
infrastructure (physical and/or virtual) using a network
protocol. Examples of overlay network protocol are:
GRE, VPLS, OTV, LISP and VXLAN
What Is OpenFlow?
Open protocol that specifies interactions between
de-coupled control and data planes
Note: OF is not mandatory for SDN
Note: North-bound Controller APIs are vendor-specific
Note: Applicable to SDN and non-SDN networks Note: Applicable to SDN and non-SDN networks
Note: SDN is not mandatory for network programmability
nor automation
a
Cisco Open Network Environment: Announced in June 2012
Industry’s Most Comprehensive Networking Portfolio
Hardware + Software Physical + Virtual Network + Compute
Network
Platform
APIs
Controllers and
Agents
Virtual
Overlays
Applications
www.cisco.com/go/one
6
WHAT HAVE WE LEARNED? SDN SHOULD BE USE CASE DRIVEN / SDN IS “PIN” SPECIFIC
7 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Orchestration Automation, provisioning and interworking of
physical and virtual resources
Service Provider SDN Trend
Service Orchestration
NFV SDN
HYPE IS EVERYWHERE
LOOK FOR PROVEN EXPERIENCE
SDN Separation of control and data plane
NFV Network functions and software running on
any open standards-based hardware
© 2013 Cisco and/or its affiliates. All rights reserved. 8
REDUCED VISIBILITY
DIFFICULT TO TROUBLESHOOT
SECURITY CHALLENGES AND LACK OF COMPLIANCE
Overlay
Wow, this new
technology will
totally make
driver’s licenses
useless…
I see smoke
but there’s
no warning
lights on my
dashboard!?!
Network Visibility of
Your Apps Today
Network Visibility of Your
Apps on an Software
Overlay
Perspective of an Overlay Startup Vendor
PHYSICAL
OVERLAY
OVERLA
Y
PHYSICAL
9
“LANDING” SDN SOLUTIONS?
10
ACI VISION (APPLICATION CENTRIC INFRASTRUCTURE)
11
ACI VISION: RAPID DEPLOYMENT OF APPLICATIONS ONTO NETWORKS WITH SCALE, SECURITY AND FULL VISIBILITY
Physical Networking
Compute L4–L7 Services
Multi DC WAN and Cloud
APPLICATION
AGILITY
AUTOMATION
/
REALTIME
IMPROVED
TCO
AVAILABLE
/
VISIBLE
SECURE /
SCALE
ANY
EDGE
Physical Networking
Compute L4–L7 Services
Multi DC WAN and Cloud
Storage Storage Hypervisors and Virtual Networking
Hypervisors and Virtual Networking
12
ACI BUILDING BLOCKS
13
CUSTOMER CHOICES FOR SMOOTH TRANSITION TO ACI TWO OPERATIONAL MODELS FOR NEXT GENERATION NEXUS
APPLICATION CENTRIC INFRASTRUCTURE
Q2 2014
TRADITIONAL NETWORKS OPTIMIZED NX-OS
Q4 2013
PROGRAMABILITY— 1/10/40 GE, 100 GE READY PRICE/PERFORMANCE
APIC Software
Upgradable
to ACI
Performance
and Scale Security Simplicity Open Agility
Automation
and Visibility
14
OPEN RESTFUL APIS
CENTRALIZED POLICY MODEL
OPEN SOURCE
CONTROLLER
APIC
ACI BUILDING BLOCKS NEXT GENERATION NEXUS—TRADITIONAL NETWORKS
POLICY MODEL
ACI
BUILT-IN LINE RATE
END POINT DIRECTORY
INTEGRATED OVERLAY
40G NON-BLOCKING FABRIC
SIMPLE, SECURE
>_ >_
50% SIMPLER CODE BASE
FUTURE PROOF UPGRADABLE
TO ACI
PROGRAMMABILITY AND AUTOMATION
NETWORK VIRTUALIZATION
SUPPORT
RESILIENCY: IN SERVICE PATCHING,
UPGRADE, FAST RESTART
ACI BUILDING BLOCKS FUTURE PROOF—SOFTWARE UPGRADABLE TO ACI
NEXUS 9500 and 9300 INNOVATIONS IN SOFTWARE HARDWARE AND SYSTEM DESIGN
PRICE POWER EFFICIENCY PROGRAMMABILITY PORT DENSITY PERFORMANCE
OPTIMIZED NX-OS SCALE OUT WITHOUT COMPROMISE
COMMON BUILDING BLOCKS - ACCESS AND CORE
APIC
15
ACI INNOVATIONS
16
APPLICATION CENTRIC INFRASTRUCTURE (ACI)
Performance
and Scale Security
Services
Automation Open
Agility &
Simplicity
Visibility &
Troubleshootin
g
INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN
17
APPLICATION CENTRIC INFRASTRUCTURE (ACI)
Agility &
Simplicity
INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN
18
IP NETWORK
COMMON POLICY
SIMPLIFICATION
DECOUPLE APPLICATION &
POLICY FROM IP INFRASTRUCTURE
10,000S ACLS
COMPLEX QOS
MULTIPLE MANAGEMENT POINTS
EXCESSIVE PROTOCOLS
FLOODING
CENTRALIZED SECURITY AND QOS POLICY
NO FLOODING
ROUTED NETWORK
FULL HOST MOBILITY
19
AGILITY: ANY APPLICATION, ANYWHERE—PHYSICAL AND VIRTUAL ACI POLICY MODEL WITH COMMON APPLICATION NETWORK PROFILE (ANP)
ADC APP DB F/W
ADC WEB
APIC
HYPERVISOR HYPERVISOR HYPERVISOR
CONNECTIVITY
POLICY
SECURITY
POLICIES
QOS
BANDWIDTH
RESERVATION
AVAILABILITY
STORAGE
AND
COMPUTE
APPLICATION
L4-L7
SERVICES
SLA
QoS
Security
Load
Balancing
APPLICATION
NETWORK PROFILE
Extensible Scripting Model
20
APPLICATION CENTRIC INFRASTRUCTURE (ACI)
f
Services
Automation
INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN
21
APP F/W L/B WEB L/B DB APP F/W ADC WEB ADC DB
Extensible Scripting Model
NETWORK SERVICE AUTOMATION
AND STITCHING
ACI NETWORK SERVICE AUTOMATION
• Open Model
• Audit and Compliance
• No Excess Configuration State
22
ACI SERVICE REDIRECTION POLICY
Begin End Stage
1
FW
_A
DC
1
EPG 2 EPG 1
Application
Admin
Service
Admin
ASA
5585
Netscaler
VPX
Chain
“FW_ADC 1”
Policy-based
Redirection
Stage
2
• Automated and scalable L4-L7 service insertion
• Packet match on a redirection rule sends the packet into a services graph.
• Service Graph can be one or more service nodes pre-defined in a series.
• Service graph simplifies and scales service operations
23
APPLICATION CENTRIC INFRASTRUCTURE (ACI)
Visibility &
Troubleshootin
g
INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN
24
FULL APPLICATION VISIBILITYA Single View of your Application in a distributed environment
Cisco Confidential
HEALTH SCORE
LATENCY
DROP COUNT
VISIBILITY
VMs
Physical
Application Delivery Controller
Firewall
24
96%
Microsecond(s)
Packets Dropped
5
25
7
3
25
ACI SERVICES HEALTH SCORE
REPORTED BY THE SERVICES APPLIANCE TO THE APIC
SYSTEMS TELEMETRY
SERVICE HEALTH SCORE
LATENCY
VISIBILITY
VMs
Physical
Citrix Netscaler VPX
Citrix Netscaler MPX
Microsecond(s) 5
2
2
CPU 85 RAM 62
26
APPLICATION CENTRIC INFRASTRUCTURE (ACI)
Performance
and Scale
INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN
27
ELASTICITY AT SCALE BUILT FOR THE GROWING COMMERCIAL ENTERPRISE TO THE LARGEST SERVICE PROVIDERS
1 MILLION IPV4 / IPV6 END POINTS
64,000 TENANTS
PORTS
APIC
100K+ 44652 35860 27648 22584 18632 13824 11592 8598 6912 5260 4854 3456 2268 1286 288
8K MULTICAST GROUPS (PER LEAF)
60 TBPS CAPACITY (PER SPINE)
576 40G PORTS WIRE-RATE (PER SPINE)
28
100 150 200 250 300
ACI
Traditional Network
Time (s)
Case Study – Big Data Analytics
Based on common network load and link failure scenarios
INNOVATION DRIVING APPLICATION PERFORMANCE
Congestion Management
60% 60%
90%
Network Innovations
Dynamic Load Balancing
Dynamic Packet Prioritization
30% reduction
in application
completion time
Network Utilization
29
APPLICATION CENTRIC INFRASTRUCTURE (ACI)
Security
INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN
30
Centralized Compliance and Auditing
Import / Export Policy via API
(Support for External Policy Engines)
Services Chaining Automated
Engineering Legal Sales H
R
Financ
e
Marketing
APPLICATION CENTRIC INFRASTRUCTURE SECURITY SECURITY WITH ACI
Complete Isolation with
Full Scalability and Security
Policy Separated from Network Forwarding
Open
APIs Policy
Engine
ENABLING A DYNAMIC ENTERPRISE WITHOUT COMPROMISE
APIC
Legal and
Marketing
APPLICATION
NETWORK PROFILE
31
APPLICATION CENTRIC INFRASTRUCTURE (ACI)
Open
INNOVATION IN SOFTWARE, ASICS AND SYSTEM DESIGN
32
TENANT AND APPLICATION AWARE
READ / WRITE ALL FABRIC INFO
PUBLISHED DATA MODEL OPEN SOURCE
APIC
OPEN ECOSYSTEM, OPEN APIS COMPREHENSIVE ACCESS TO UNDERLYING INFORMATION MODEL
and Certified Industry Standard Compliant
33
NEW HARDWARE PLATFORM - NEXUS 9000
34
INNOVATIONS IN SOFTWARE, HARDWARE, ASICS AND SYSTEMS
NEXUS 9500
PRICE POWER EFFICIENCY PROGRAMMABILITY PORT DENSITY PERFORMANCE
PRICE COST STRUCTURE for 1G to 1/10GT and 10G to 40G migration 50% less ASICS
PERFORMANCE INDUSTRY LEADING PRICE / LINE CARD BANDWITH 1.92 Tbps per slot 100G ready
PORT DENSITY 20% HIGHER Non-blocking Density
PROGRAMMABILITY JSON/XML API Linux Container for customer apps
POWER EFFICIENCY STATE OF THE ART BACKPLANE FREE DESIGN 15% greater power and cooling efficiency
MERCHANT+ ASIC APPROACH Innovation in Cisco ASICs
35
BIDI OPTICS PRESERVE EXISTING CABLING SIGNIFICANT TRANSCEIVER SAVINGS
$4,059
savings per
40G link
Trunk Cabling
(100m)
Patch
panel
Jumper
Cable
10G Optical Link
Patch
panel
Jumper
Cable
Traditional 40G Optical Link – complete replacement
+$6,259*
40G BiDi Optical Link – reuse all 10G cabling/ patch panels
+$2,200*
Source: Corning OM3 Cable & Patch Panel list prices, Cisco 40G BiDi list price, Competitors 40G SR4 list price
SAVES TENS OF MILLIONS OF DOLLARS WHEN UPGRADING TO 40G SWITCH INFRASTRUCTURE
36
KEY IN CISCO’S SDN APPROACH: OPENNESS
OpenDaylight - Cisco Helps form Industry SDN Consortium
37
OpenDaylight is an open source project under the Linux Foundation with the mutual goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common market-supported framework.
Platinum* Gold* Silver*
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
APIC
Cisco Confidential 39
THERE ARE TWO APPROACHES TO CONTROL SYSTEMS
Air traffic control tells where to
take off from, but not how to fly the plane
Baggage handlers follow sequences
of simple, basic instructions
IMPERATIVE CONTROL DECLARATIVE CONTROL
Cisco Confidential 40
APIC
OPFLEX: AN OPEN, EXTENSIBLE POLICY PROTOCOL
OPFLEX WAS
DESIGNED TO OFFER:
Policies:
• Who can talk to whom
• What about
• Ops requirements
Abstract policies rather than
device-specific configuration 1.
Flexible, extensible definition
of using XML / JSON 2.
Support for any device including virtual
switches, physical switches, network
services with strong interoperability
across vendors
3.
Open, standardized API with an open
source reference implementation 4.
OPFLEX
PROXY
OPFLEX
AGENT
OPFLEX
AGENT
OPFLEX
AGENT
HYPERVISOR SWITCH ADC FIREWALL
Cisco Confidential 41
OPFLEX: DRIVING MULTI-VENDOR INNOVATION FOR CUSTOMERS
How vendors innovate together
Innovation and
Differentiation Direct access to policy lets
vendors expose unique
features and capabilities
Ease of
Integration Fast, easy path to deep
platform integration with any
Opflex-enabled control system
Standardized
and Open Any vendor can participate in policy
model development, standards
process, and open source community
Cisco Confidential 42
EXTENDING POLICY ACROSS DC, WAN, AND ACCESS
Unified Policy API
Across APIC Platform
APIC APIC
EM
Data Center
OPFLEX-BASED POLICY RESOLUTION
WAN Access
43
SUMMARY
44
SUMMARY
Next Generation “Landable” SDN solution – ACI
Speed of deploying applications without compromise
Openness is key to SDN success
Cisco can provide complete end to end SDN vision across
Data Center/SP WAN/Access…
True SDN solutions leverage both software flexibility and
hardware innovations