is sdn necessary?
TRANSCRIPT
© 2014 VMware Inc. All rights reserved.
Is SDN Necessary?
Bruce DavieCTO, NetworkingMarch, 2016
With apologies to James Thurber and E.B. White
3
Agenda
1 SDN success stories
2 So much for OpenFlow
3 Innovation in Networking
4 Summary and Q&A
4
2011
CONFIDENTIAL5
2013
SDN != Network Virtualization
SDN
control control
Network Virtualization
!=Virtualization layer
control
SDN alone doesn’t abstract away details of physical networkSDN not required for network virtualization, but useful
7
2005
8
2009
Network Virtualization – An Analogy
Physical Compute & Memory
HypervisorRequirement: x86
Virtual Machine
Virtual Machine
Virtual Machine
Application Application Application
x86 Environment
Physical Network
Network Virtualization PlatformRequirement: IP Transport
Virtual Network
Virtual Network
Virtual Network
Workload Workload Workload
L2, L3, L4-7 Network Services
Decoupled
10
Survey Question• What percentage of server workloads are virtualized?
– A. Greater than 50%– B. Less than 50%
• Source: Cisco Global Cloud Index (GCI)– Globally 94% of data center workloads will be virtualized by 2019, compared to 81% of data
center workloads in 2014.
– Globally 80% of traditional data center workloads will be virtualized by 2019, compared to 60% traditional data center workloads in 2014.
11
2012
12
Network Virtualization Today – Expanding Use Cases
Intra-Datacenter Micro-Segmentation
DMZ Anywhere
Secure User Environments
SecurityIT Automating IT
Developer Clouds
Multi-tenant Infrastructure
AutomationDisaster Recovery
Metro Pooling
Hybrid Cloud Networking
Application Continuity
CONFIDENTIAL13
Self-Service Portal
The Problem: Data Center Network SecurityPerimeter-centric network security has proven insufficient
Internet
VM
VM
VM
VM
Today’s security model focuses on perimeter defense
IT Spend Security Spend Security Breaches
But continued security breaches show this model is not enough
Modern Attack: targeted, interactive & stealthy
Intrusion ExfiltrationPropagation Extraction
• Attack Vector / Malware• Delivery Mechanism• Entry Point Compromise
• Escalate Privileges• Install C2* Infrastructure• Lateral Movement
• Break Into Data Stores• Network Eavesdropping• App Level Extraction
• Parcel & Obfuscate• Exfiltration• Cleanup
shift from…• Perimeter-centric• Managing compliance
• Application & user-centric• Managing riskshift to…
Block Infiltration(80% of Investment)
The Solution: Move security controls inside the datacenter and focus on the app/dataThe Obstacle: Managing controls inside has been enormously complex
*C2: Command and control infrastructure
Lack Visibility and Control to Stop Exfiltration(20% of Investment)
App VLAN
Logical segmentation around application boundaries
DMZ VLAN
Services VLAN
DB VLAN
Perimeterfirewall
Insidefirewall
Finance
VM VM
Finance
VM VM
Finance
VM VM
VM VM
HR
VM VM
HR
VM VM
HR
IT
VM VM
IT
VM VM
IT
VM VM
AD
VM VM
NTP
VM
DHCP
VM
DNS
VM
CERT
17
B4
18
Agenda
1 SDN success stories
2 So much for OpenFlow
3 Innovation in Networking
4 Summary and Q&A
19
OpenFlow has failed• Failed at what?
– Creating an ecosystem of independent controllers and switches– Breaking the stranglehold of HW vendors on switching– Enabling faster innovation in networking
• Data points– Broadcom switching dominance– SDN deployments either don’t use OF, or both ends of the OF connection are implemented by
same vendor – SDN implementation complexity is huge– Need better abstractions for scalable controller->switch communication
20
Changing role of OpenFlow for NSX
Controller
OVS OVS OVS
Openflow
Controller
LocalControl
LocalControl
LocalControl
Logical Flow
OVS OVS OVS
Openflow
LocalControl
OthervSwitch
IPC
Hardware VTEPs for NSX
21
Controller
LocalDB
LocalDB
LocalDB
OVSDB (Logical Flows)
ASIC ASIC ASIC
22
2015
23
OVN: Native Virtual Networking for Open vSwitch
ovs-vswitchd
ovn-controller
ovsdb-server
Hypervisor N
ovs-vswitchd
ovn-controller
ovsdb-server
Hypervisor 1 Physical Network
ovn-northd
OVN Neutron Plugin
Neutron API
Horizon UI
Geneve Tunnel
Northbound DB
Southbound DB
25
Agenda
1 SDN success stories
2 So much for OpenFlow
3 Innovation in Networking
4 Summary and Q&A
Evolution of network provisioning: 1996-2013
Terminal Protocol: Telnet Terminal Protocol: SSH
1996 2013
27
NETWORKINGEVOLUTION
SSH
COMPUTEEVOLUTION
Evolution of server provisioning
Setting up a server 1994
• Insert CD Rom
• Connect serial cable
• Install Windows/Linux
Setting up a server 2014
• PXE boot
• ESX Hypervisor + vCenter
• Puppet, Chef, OpenStack etc.
28
Vertically integratedClosed, proprietary
Slow innovation
AppAppAppAppAppAppAppAppAppAppApp
HorizontalOpen interfacesRapid innovation
ControlPlane
ControlPlane
ControlPlane or or
Open Interface
SpecializedControlPlane
SpecializedHardware
SpecializedFeatures
MerchantSwitching Chips
Open Interface
30
Megascale data centers have spoken
Custom Application
Google / Facebook /Amazon Data Centers
Custom Platform
Any x86
Any Storage
Any IP network
Software / Hardware Abstraction
Software / Hardware Abstraction
31
Software Defined DC – Megascale for the rest of us
Software DefinedData Center (SDDC)
Any Application
SDDC Platform
Any x86
Any Storage
Any IP network
Custom Application
Google / Facebook /Amazon Data Centers
Custom Platform
Any x86
Any Storage
Any IP network
Software / Hardware Abstraction
Software / Hardware Abstraction
32
Closing Thoughts
33
“Software is eating the world” – Marc Andreesen
“Alice, Let’s Eat” – Calvin Trillin
34
Protocols Features
System
Silicon
Network OS
Network Virtualization Overlays
White Box/Brite Box
ProgrammableSwitch Silicon
Open Source Networking
35
Summary
Think beyond “standard” SDN
SDN has proven useful at least once
It is a Software World