is sdn necessary?

© 2014 VMware Inc. All rights reserved.

Is SDN Necessary?

Bruce DavieCTO, NetworkingMarch, 2016

With apologies to James Thurber and E.B. White

3

Agenda

1 SDN success stories

2 So much for OpenFlow

3 Innovation in Networking

4 Summary and Q&A

4

2011

CONFIDENTIAL5

2013

SDN != Network Virtualization

SDN

control control

Network Virtualization

!=Virtualization layer

control

SDN alone doesn’t abstract away details of physical networkSDN not required for network virtualization, but useful

7

2005

8

2009

Network Virtualization – An Analogy

Physical Compute & Memory

HypervisorRequirement: x86

Virtual Machine

Virtual Machine

Virtual Machine

Application Application Application

x86 Environment

Physical Network

Network Virtualization PlatformRequirement: IP Transport

Virtual Network

Virtual Network

Virtual Network

Workload Workload Workload

L2, L3, L4-7 Network Services

Decoupled

10

Survey Question• What percentage of server workloads are virtualized?

– A. Greater than 50%– B. Less than 50%

• Source: Cisco Global Cloud Index (GCI)– Globally 94% of data center workloads will be virtualized by 2019, compared to 81% of data

center workloads in 2014.

– Globally 80% of traditional data center workloads will be virtualized by 2019, compared to 60% traditional data center workloads in 2014.

11

2012

12

Network Virtualization Today – Expanding Use Cases

Intra-Datacenter Micro-Segmentation

DMZ Anywhere

Secure User Environments

SecurityIT Automating IT

Developer Clouds

Multi-tenant Infrastructure

AutomationDisaster Recovery

Metro Pooling

Hybrid Cloud Networking

Application Continuity

CONFIDENTIAL13

Self-Service Portal

The Problem: Data Center Network SecurityPerimeter-centric network security has proven insufficient

Internet

VM

VM

VM

VM

Today’s security model focuses on perimeter defense

IT Spend Security Spend Security Breaches

But continued security breaches show this model is not enough

Modern Attack: targeted, interactive & stealthy

Intrusion ExfiltrationPropagation Extraction

• Attack Vector / Malware• Delivery Mechanism• Entry Point Compromise

• Escalate Privileges• Install C2* Infrastructure• Lateral Movement

• Break Into Data Stores• Network Eavesdropping• App Level Extraction

• Parcel & Obfuscate• Exfiltration• Cleanup

shift from…• Perimeter-centric• Managing compliance

• Application & user-centric• Managing riskshift to…

Block Infiltration(80% of Investment)

The Solution: Move security controls inside the datacenter and focus on the app/dataThe Obstacle: Managing controls inside has been enormously complex

*C2: Command and control infrastructure

Lack Visibility and Control to Stop Exfiltration(20% of Investment)

App VLAN

Logical segmentation around application boundaries

DMZ VLAN

Services VLAN

DB VLAN

Perimeterfirewall

Insidefirewall

Finance

VM VM

Finance

VM VM

Finance

VM VM

VM VM

HR

VM VM

HR

VM VM

HR

IT

VM VM

IT

VM VM

IT

VM VM

AD

VM VM

NTP

VM

DHCP

VM

DNS

VM

CERT

17

B4

18

Agenda




4 Summary and Q&A

19

OpenFlow has failed• Failed at what?

– Creating an ecosystem of independent controllers and switches– Breaking the stranglehold of HW vendors on switching– Enabling faster innovation in networking

• Data points– Broadcom switching dominance– SDN deployments either don’t use OF, or both ends of the OF connection are implemented by

same vendor – SDN implementation complexity is huge– Need better abstractions for scalable controller->switch communication

20

Changing role of OpenFlow for NSX

Controller

OVS OVS OVS

Openflow

Controller

LocalControl

LocalControl

LocalControl

Logical Flow

OVS OVS OVS

Openflow

LocalControl

OthervSwitch

IPC

Hardware VTEPs for NSX

21

Controller

LocalDB

LocalDB

LocalDB

OVSDB (Logical Flows)

ASIC ASIC ASIC

22

2015

OVN: Native Virtual Networking for Open vSwitch

ovs-vswitchd

ovn-controller

ovsdb-server

Hypervisor N

ovs-vswitchd

ovn-controller

ovsdb-server

Hypervisor 1 Physical Network

ovn-northd

OVN Neutron Plugin

Neutron API

Horizon UI

Geneve Tunnel

Northbound DB

Southbound DB

25

Agenda




4 Summary and Q&A

Evolution of network provisioning: 1996-2013

Terminal Protocol: Telnet Terminal Protocol: SSH

1996 2013

27

NETWORKINGEVOLUTION

SSH

COMPUTEEVOLUTION

Evolution of server provisioning

Setting up a server 1994

• Insert CD Rom

• Connect serial cable

• Install Windows/Linux

Setting up a server 2014

• PXE boot

• ESX Hypervisor + vCenter

• Puppet, Chef, OpenStack etc.

28

Vertically integratedClosed, proprietary

Slow innovation

AppAppAppAppAppAppAppAppAppAppApp

HorizontalOpen interfacesRapid innovation

ControlPlane

ControlPlane

ControlPlane or or

Open Interface

SpecializedControlPlane

SpecializedHardware

SpecializedFeatures

MerchantSwitching Chips

Open Interface

30

Megascale data centers have spoken

Custom Application

Google / Facebook /Amazon Data Centers

Custom Platform

Any x86

Any Storage

Any IP network

Software / Hardware Abstraction


31

Software Defined DC – Megascale for the rest of us

Software DefinedData Center (SDDC)

Any Application

SDDC Platform

Any x86

Any Storage

Any IP network

Custom Application

Google / Facebook /Amazon Data Centers

Custom Platform

Any x86

Any Storage

Any IP network



32

Closing Thoughts

33

“Software is eating the world” – Marc Andreesen

“Alice, Let’s Eat” – Calvin Trillin

34

Protocols Features

System

Silicon

Network OS

Network Virtualization Overlays

White Box/Brite Box

ProgrammableSwitch Silicon

Open Source Networking

35

Summary

Think beyond “standard” SDN

SDN has proven useful at least once

It is a Software World

is sdn necessary?

Technology