dave chandler presents sdn at world wide technology's tecday - st. louis
DESCRIPTION
Dave Chandler Presents SDN at World Wide Technology's TECday - St. LouisTRANSCRIPT
Test as a ServiceHardware CertificationSoftware CertificationPerformance VerificationConfiguration change managementBest practice consulting
Solution Demonstrations
Architecture Sandboxes
Customer Proof of Concepts
Laboratory Automation
Product Development
Campus Core Routing & SwitchingInternet Access
Wide Area Network
Branch Enablement
WAN Acceleration
iWAN
IPv6
Enterprise Wireless
MobileApplicationDevelopmentMobileEndpoints
MobileManagementSolutionsConsulting &Lifecycle Services
Controller-Based SDN
Network Overlays
Programmatic Network Control
Network Monitoring Applications
Device APIs
Northbound API integration
Datacenter Fabrics
Virtual Switching Platforms
Application-Driven Networking
Load Balancing
Data Center Interconnect
Data Center Automation
MPLS Core
Service Provider Core
Optical Transport
Service Provider and Enterprise Edge
Mobile solutions backhaul
IPv6
Data Center Networking & App Delivery
Campus and Branch
Networking
Enterprise Mobility
High End Routing and
Optical
Software Defined
Networking
Lab as a Service
Enterprise Networking Solutions Overview
ATC Solutions Engineering
Our Mission: Deliver value through the assessment of networking solutions and provide clarity for business relevant technology decisions.
Data Center Networking & App Delivery
Campus and Branch
Networking
Dave ChandlerENS Practice Lead
Brandi HutchinsonBusiness Development
Manager
High End Routing and
Optical
Joel King
Software Defined
Networking
Laks Vijayarajan Todd Eichler
Lab as a Service
Enterprise Networking Solutions Practice
Kathi Bomar
Christine Corbett
HERO TSA
ATC Solutions
Engineering
Bill ThompsonATC TSA
Joe WeberATC TSA
Enterprise Mobility
Bruce Clounie
TBD DC TSA
TBD DC TSA Mobility TSA Mobility TSA
Alex OlerAndy Denny Jennifer Huber
Bart Robinson
Mobility TSA
Software Defined Networking
What is SDN?
More Tech Soup!
OpenFlowControllerOpenStackOverlays
Network Virtualization
SDK
APIs
Application Oriented
ACI
NSX
NFVAPIC
Open Networking Network
Programmability Active Networking
Let’s take a step back..
Why do we need SDN?
Are there Business Drivers?
SDN Drivers
Clou
d
Vide
oYo
ttab
ytes
of
Dat
a
Mob
ility
> Half of the traffic on the Internet
Mobile apps driving new opportunity
Workload Mobility
How much is a Yottabtye?
Requirements for Next Generation Networks
Agility Simplicity
Rapid Service Enablement
Ability to Adopt New Market Transitions
Automation
Reduce Operational Complexity
Decrease TCO
Business Value
Differentiate Business Services
Enabler of Business
Monetize Networks
is not simple
Fixed, Stable and Rock Solid
We have been building..
Compute and Storage evolution
Bare-Metal Virtualization Automation Orchestration Cloud 2005 2008 2010 2012 2014
Evolution??
Network and Services evolution
CLI CLI CLI CLI Encrypted CLI 1992 2008 2010 2012 2014
Hard Fact
Despite advances in hardware, the evolution of how we
manage and deploy networks is significantly behind cloud and compute in what matters in today’s economy.
MobilityAgility
DEFINITIONS
Fundamental network architectures have been impacted by the introduction and growth of virtual machine environments. Often these terms are used interchangeably
Network Virtualization
Virtualized Networks
Network Abstraction
Software Defined Networking
DEFINITIONS
Network Virtualization Virtualized Networks Network Abstraction Software Defined Networking
NETWORK VIRTUALIZATION
Network Virtualization can be defined as using network resources through a logical segmentation of a single physical network
• VLANs – Virtual Local Area Networks
• VRF – Virtual Routing and Forwarding
• MPLS – Multi-protocol Label Switching
• VPN – Virtual Private Networks
• MEC - Multi-Chassis EtherChannels
• VDC - Virtual Device Contexts
• VSANs – Virtual Storage Area Networks
DEFINITIONS
Network Virtualization Virtualized Networks Network Abstraction Software Defined Networking
VIRTUALIZED NETWORK SWITCHES
Server virtualization has led to the development of Virtual switches within the hypervisors. Allows for communication between virtual machines, and between virtual machines and the physical network
• VMware - vSwitch
• VMware – Distributed Virtual Switch (DVS)
• Cisco Nexus 1000v
• Citrix Distributed Virtual Switch (Openswitch)
• KVM – Linux bridging, Open virtual switch
Vmware vSwitch Networking Components
Per ESX-server configurationVMNICS = uplinksvSwitchVMs
vmnic0
vmnic1
vNIC
vNIC
Virtual Ports
VM_LUN_0007
VM_LUN_0005
vSwitch0
A Distributed Virtual Switch Architecture
ControllervCenter
VirtualSwitch
VirtualSwitch
VirtualSwitch
Physical NICs Physical NICs Physical NICs
VM VM VM VM VM VM VM VM VM VM VM VM
Hypervisor Hypervisor Hypervisor
DEFINITIONS
Network Virtualization Virtualized Networks Network Abstraction Software Defined Networking
NETWORK ABSTRACTION
Traditional network constructs were not designed or intended to support dynamic workloads in highly virtualized or cloud environments
Overlay technologies allow for independent logical networks (Overlay Networks)to be built on top of existing IP infrastructure (Underlay Network)
Abstraction presents the logical networks as a simplified view
NETWORK ABSTRACTION
Generic Router Encapsulation (GRE) Stateless Transport Tunneling (STT) Overlay Transport Virtualization, (OTV) Locator ID Separation Protocol (LISP) Network Virtualization using GRE (NvGRE) Virtual Extensible LAN (VxLAN)
Overlay Networks and Encapsulation
• Overlay Networking is achieved by using encapsulation of the original network frame in a IP packet.
• In the Data Center, VxLAN is a new overlay protocol specifically designed to allow the creation of more flexible and extensible virtual networks on top of a hardware underlay.
Underlay Network
IP Subnet A IP Subnet B
IP Subnet D
IP Subnet C
This is an example of a Layer 3 IP routed network in a Data
Center
The physical network is the underlay network and uses
“traditional” network protocolsOSPF
Network Segments are isolated by Layer 3
Underlay Network
Virtual Switches and Guests
Virtual Switches are contained within the Hypervisor hosts and provide connectivity for
the Virtual Machines (Guests)
Control Plane
Controller
A Controller connects to the virtual switches and
becomes the control plane for the entire virtual switch
group
Overlay Network
Controller
Virtual Path
Actual Path
Encapsulation De-Encapsulation
Overlay Network – Transparent Underlay
Controller
Virtual Path
Actual Path
Encapsulation De-Encapsulation
Very limited visibility into the Underlay Network routing or performance
Overlay Network – Detailed Underlay Metrics
Controller
Virtual Path
Actual Path
Encapsulation De-Encapsulation
SDN and Controllers
• A Controller in a SDN is the “brains” of the network.
• It relays information to the switches/routers ‘below’ (via southbound APIs)
• and the applications and business logic ‘above’ (via northbound APIs).
• Example:
• For VMware, the controller is called the NSX Controller. It resides as software on a virtual machine within the vSphere environment.
• For Cisco, APIC (Application Policy Infrastructure Controller) is the controller and resides as software on “bare-metal” compute platforms
DEFINITIONS
Network Virtualization Virtualized Networks Network abstraction Software Defined Networking
Today’s Networks are Defined by the “Box”
• Hardware, Operating System, and Applications built into a single hardware device
• Separate Policies• Distributed algorithms between devices • Federated Systems• Derived from ARPANET
So let’s reset…..
• Networks today are rooted in packet switching concepts developed during 1960 to 1970’s.
• Core functions• Packet switching• Path selection• Configuration / Management• Services
• Path selection, the control plane, is distributed on each network element.
• Distributed control planes eliminates single pointsof failure disrupting the entire network.
Traditional Networking, before SDN
cp
cpcp
cpcp
cp
cp
cp
What is SDN?
• “Early” view
• The control and the data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications
• Single control plane manages multiple network devices• Singular Southbound protocol• Common Northbound protocols
• Early view of SDN has two characteristics (*)
• Control plane is separated fromdevice implementing data plane,
• Single control plane managesmultiple network devices
• SDN / OpenFlow initial deployments were network research at universities(Stanford ) providing a cost effective and ‘clean slate’ network architectures.
• SDN is a tool to enable a higher degree ofcontrol over network devices.
Early view of Software-Defined Networks
Control Plane
(*) The Road to SDN: An Intellectual History of Programmable Networks
What is SDN?
• “Current” view
• The control and the data planes can be decoupled, or the local control plane can be overridden.
• The underlying network infrastructure is abstracted from the applications
• Hybrid/Multiple control planes manage multiple network devices
• Multiple Southbound protocol
• Common Northbound protocols
• Inclusion of Overlay Networks
SDN and Controllers
Separate control and data plane; abstract control plane of many devices to one
Deliver open programmable interfaces to automate orchestration of network services
Open standard-based programmatic access to infrastructure
Deliver open programmable interfaces to automate orchestration of network services
Separate control and data plane; abstract control plane of many devices to one
Deliver open programmable interfaces to automate orchestration of network services
Open standard-based programmatic access to infrastructureNetwork Device Network DeviceNetwork Device
Control & Data Plane Programmable Interface (e.g., OpenFlow, APIs, CLI)
Southbound APIs
Network ApplicationsNetwork ApplicationsSDN Applications
Business ApplicationsBusiness ApplicationsBusiness Applications
(e.g., OpenStack, CloudStack)
Cloud Orchestration
SDN Controller
Programmable Open APIs
Infrastructure Layer
Control Layer
Application Layer
Northbound APIs
Control Plane Separation Isn’t New
IBM Mainframe
Front-endProcessor
EstablishmentController
SDLCprimary
secondary
Secondary nodes are controlled by a primary.
Network Control ProgramNCP
Systems Network Architecture (SNA) Performance Routing (PfR)
Wireless LAN Controllers
Route optimization for better application performance
CAPWAP enables a controller to manage a collection of
wireless access points. TokenRing
TokenRing
Floodlight and Open Daylight
The Floodlight Open SDN Controller is an enterprise-class, Apache-licensed, Java-based OpenFlow Controller. It is supported by a community of developers
The Open Daylight controller maintains the flexibility to deploy SDN, yet still mitigates many of the risks of adopting early stage technologies and integrating with existing infrastructure investments.
Open Daylight
Northbound Protocols
• REST (web based) API – applications which run on different machine or address space on the controller
• HTTP PUT, GET, POST, DELETE• URL• Body• Authentication• Content Type (XML or JSON)
• Web Browser• http://<controller ip>:8080/……
• OSGi framework is used for applications that will run in the same address space as the controller.
Southbound Protocols• Southbound protocols provide a communications path between the controller and network
device.• OpenFlow used by the purist SDN approach.• One design goal of the controller is to enable abstraction of the network elements.• For this reason, any number of southbound may be implemented by the controller.• Examples:
• OpenFlow• Cisco onePK API• SSH | CLI | HTTP |SNMP• XMPP• Interface to the Routing System Project (I2RS)• Open vSwitch Database Management Protocol (OVSDB)
API
controller
agent
agent
APP
Network Functions Virtualization• Network Functions Virtualization (NFV) is a network architecture concept
that proposes virtualization of entire classes of network node functions into building blocks that may be connected, or chained, together to create communication services.
• SDN is focused on the separation of the network control layer from its forwarding layer
• NFV is focused on porting network functions to virtual environments in order to enable the migration from proprietary appliance based deployments to a standard hardware and cloud based infrastructure.
• SDN is related to NFV, but they refer to different domains. • Both concepts can be complementary, although they can exist
independently.
SDN Key Players / Startups• Cisco – Tail-f - Open Network Environment (ONE) is a solution to help networks become more
open, programmable, and application-aware. Netconf• Juniper - Contrail – an SDN controller is available as both open source and a proprietary offering. • Brocade – SDN and NFV plays in the data center / cloud.• VMware - VMware NSX™ is the network virtualization / overlay.• PLUMgrid - Network Function Virtualization• Jeda Networks - Fabric Network Controller (FNC) storage network overlay” on top of an Ethernet.• Embrane - Focuses at network services at layers 4-7.• MetaCloud - Metacloud’s Carbon|OS is a OpenStack-based private cloud solution.• Big Switch Networks - Develop OpenFlow-based SDN switches, controllers and monitoring tools.• Affirmed Networks - Provide virtualized subscriber and content management tools for mobile
operators.• Plexxi – Offers a line of data center switches which are implemented as federated co-controllers.
A flexible, programmatic framework to optimize the delivery and
management of network services
What’s SDN?
Driven by:
Increased operational cost and complexity
Hyper scale growth in Data
Center Use
Dynamic consumption and delivery models
(agility)
Software-Defined Networking Use Cases
“Would you tell me, please, which way I ought to go from here?“
"That depends a good deal on where you want to get to.“
"I don't much care where –“
"Then it doesn't matter which way you go.”
― Lewis Carroll, Alice in Wonderland (from The 2013 Guide to Network Virtualization and SDN)
The Cheshire Cat
Software-Defined Networking is a tool that only provides business relevance when a function can be done cheaper, better or faster than using traditional networking hardware and software.
Planned SDN deployment
Data Center Branch/Campus WAN Service Provider SDN No Plans! Don’t Know Other
59
Technology Trigger
Peak of Inflated Expectations
Trough of Disillusionment
Slope of Enlightenment
Plateau of ProductivityDeception Zone
SDN Hype Curve
Time
Visi
bilit
y
• SDN / Open Networking is still being defined.
• Network Engineers will need to develop programming skills.
• Identify business relevant use cases to deploy SDN technology.
• SDN technology will mature in 2014 and become more viable in 2015.
State of SDN• “Something you Buy”
• Vendor Developed SDN systems• ACI/APIC, NSX, Big Switch, Plexi, Tail-f…• “out of the box” applications
• “Something you Build”• Programmability of Network Operating Systems• Scripting • Vendor specific APIs• “build from scratch” or add on to Vendor Systems
WWT and SDN• Over 65 SDN workshops in
2013/2014• SDN labs and demos are available in
the ATC
NX-APIRPC / REST API
OpenFlow | XNC
Orchestration
APIC
REST API
Software-DefinedNetworking at WWT
Software-Defined Networking Use Cases
• Implementing Network- ‐wide Policy
• Implementing Black-hole Shunts
• Device Authentication (802.1x)• Temporary Firewall Rules
(OAuth 2.0 Authorization Framework)
• Device Templates (MTU checking for Jumbo frames)
• Dynamic policy push for incident response
• Simplified Operations• Shelly’s Wiring App• Dynamic Network Taps• Network Migrations (flow-by-
flow basis)• Traffic Engineering
• Load sharing / balancing• Bypassing Intrusion Detection
devices for ‘clean’ traffic
Monitor Manager - Topology
SPAN
Production NetworkMonitoring Network
Cisco XNC Controller
Nexus 3048
SDN-controllerhttp://10.255.40.78:8080/monitor
N3K-210.255.40.88
SDN-Monitor-210.255.40.199
SDN-Monitor-110.255.40.198
SDN-Webserver
SDN-Webclient10.255.40.124
SiSiSiSiSiSi
SiSiSiSiSiSi
http://192.0.2.1/train.html
REST API
• “Off-the-shelf" SDN application for the data center.
• Turns an Ethernet switch into a matrix switch
• Implements filters and rules to steer network traffic to one or more monitor servers.
• Programmed the network using a sample Python REST API program.
• Modified the same rules both programmatically and with the GUI.
v
Programming WorkshopsWorkshop: Nexus Python APIThe Python scripting capability on the Cisco Nexus 3000 Series …
Workshop: Python REST API / SDN ControllerDevelop a Python program which connects to the SDN controller …
Hands-on Tutorial: Python for Network Engineers• Obtaining Python for Your Computer• Editing and Running a Python Program
A flexible, programmatic framework to optimize the delivery and
management of network services
What’s SDN?
Driven by:
Increased operational cost and complexity
Hyper scale growth in Data
Center Use
Dynamic consumption and delivery models
(agility)
