the changing data center landscape
TRANSCRIPT
The Changing Data Centre Landscape
Patrick LeMaistre, CCIE
Consulting Systems Engineer
Cisco Confidential 3 © 2014 Cisco and/or its affiliates. All rights reserved.
New Cloud Principals Here to Stay
Agility Scale
Security Workload Mobility
Cisco Confidential 4 © 2014 Cisco and/or its affiliates. All rights reserved.
Business and IT Undergoing Significant Change
Security And
Compliance
CLOUD DEVOPS
Integration
Mobility Big Data And
Analytics
Shifting to an ITaaS Model
Cloud DEVOPS Big Data and
Analytics
Security and
Compliance Mobility
Cisco Confidential 5 © 2014 Cisco and/or its affiliates. All rights reserved.
Connectivity Virtualization Simplification Agility Federation
Big Data IoT Applications
Web 2.0 Applications
Mobile—Cloud Applications
Mission Critical Applications
Application Demands Are Driving Data Center Architectures
TIERED NETWORKS
FABRIC ARCHITECTURES
APP-CENTRIC INFRASTRUCTURE
FEDERATED CLOUDS
FABRIC AUTOMATION
Cisco Confidential 6 © 2014 Cisco and/or its affiliates. All rights reserved.
The Promise of SDN
Logical Network/Overlay Protocol
Physical Network
10001101000110101
Control & Data Plane
Decoupled
Network
Virtualization
Direct
Programmability
Centralized Management
Simplification
Agility Programmatically Configured
Dynamically
Automated
Cisco Confidential 7 © 2014 Cisco and/or its affiliates. All rights reserved.
VIRTUAL
PHYSICAL CLOUD
Rapid deployment of applications onto networks with scale, security and full visibility
Applications—Physical, Virtual and Cloud
Physical
Networking
Hypervisors and
Virtual Networking Compute L4-L7 Services
Multi-DC WAN
and Cloud Storage
Cisco Confidential 8 © 2014 Cisco and/or its affiliates. All rights reserved.
Typical Three Tier Application
Web Tier
ADC
App Tier Database Tier
• Network Connectivity
• Security Policies
• Quality of Service
• Layer 4 – 7 Application Services
• Storage Policies
• Compute Policies
• Hypervisor Policies
Firewall Firewall
Firewall ADC
Cisco Confidential 9 © 2014 Cisco and/or its affiliates. All rights reserved.
Policy-Based Data Center
IP Fabric
Web Tier
App Tier
DB Tier
• Controller with end-to-end
application awareness
• IP fabric connecting all physical
and virtual workloads and
services
• Application Network Profile
(ANP) pushed to all components
Controller Profile
Application Centric Infrastructure (ACI)
Cisco Confidential 11 © 2014 Cisco and/or its affiliates. All rights reserved.
Application Centric Infrastructure Components
IP Fabric
Policy Management
Controller
APIC
Application
Network Profiles
End Points
Physical & Virtual
Physical Networking
Nexus 2K
Nexus 7K
Hypervisors and Virtual Networking
Compute L4–L7 Services
Storage Multi DC WAN and Cloud
Integrated
WAN Edge
Cisco Confidential 12 © 2014 Cisco and/or its affiliates. All rights reserved.
Subject Matter Experts Define Policies
1
Application Network Profiles Transformation to Stateless Networking
Network SME
Security SME
Application SME
APIC
2
Policies Used To Create Application Network Profile Templates
3 Automated policy configuration across the infrastructure
Life cycle management for day 1, day 2 operations
4
Physical Networking
Compute L4–L7 Services
Storage Hypervisors and Virtual Networking
Multi DC WAN and Cloud
Nexus 2K
Nexus 7K
Integrated
WAN Edge
Cisco Confidential 13 © 2014 Cisco and/or its affiliates. All rights reserved.
Application Network Profiles Deeper Look
Stateless definition of application needs
Contained within a multi-tenant model
Application tiering
Connectivity policies
Layer 4 – 7 services
XML/JSON schema
Fully abstracted
Removes dependencies of the infrastructure
Portable across different data center fabrics
## Network Profile: Defines Application Level Metadata
(Pseudo Code Example)
<Network-Profile = Production_Web>
<App-Tier = Web>
<Connected-To = Application_Client>
<Connection-Policy = Secure_Firewall_External>
<Connected-To = Application_Tier>
<Connection-Policy = Secure_Firewall_Internal &
High_Priority>
. . .
<App-Tier = DataBase>
<Connected-To = Storage>
<Connection-Policy = NFS_TCP &
High_BW_Low_Latency> . . .
Application Connectivity Requirements
Cisco Confidential 14 © 2014 Cisco and/or its affiliates. All rights reserved.
Application Policy Infrastructure Controller Centralized Automation and Fabric Management
Layer 4..7 System
Management
Storage
Management
Orchestration
Management
Storage SME Server SME Network SME
Security SME App. SME OS SME
Open RESTful API
Policy-Based
Provisioning
APIC
Declarative data model based
Application monitoring, & troubleshooting
3rd party services integration
Image management (spine / leaf)
Fabric inventory
Single cluster supports 1M+ end points,
200K+ ports, 64K+ tenants
Centralized access to ALL fabric
information - GUI, CLI and RESTful API’s
Extensible to compute and storage
management
Cisco Confidential 15 © 2014 Cisco and/or its affiliates. All rights reserved.
ACI Lead Networking Platform
1011
0010
Industry Leading Price/Performance, Port Density: Fastest 10G/40G /100G Platform with Merchant+
Programmability/ Open APIs: Linux Containers, Python, Power Shell, Puppet, Chef… Ideal for DevOps!!
15% Better Power & Cooling–2.8X Better Reliability
Innovation Object Model, No Backplane, No Midplane, Health scores
$ Multi-million Savings 40/100G on Existing Cables using BiDi Optics. Non disruptive migration to 40G
Nexus 9000 1/10/40/100G
Cisco Confidential 16 © 2014 Cisco and/or its affiliates. All rights reserved.
MORE APPS
IMPROVE
PERFORMANCE
OPTIMIZE
UTILIZATION
Improve Application Performance with ASIC Innovation
Grow Capacity
Quality of Service
Lower cost &
No overbuild
SCALE CAPACITY
WITH FLOWLET
SWITCHING
QUALITY OF SERVICE VIA
DYNAMIC LOAD BALACING
LOWER COST AND
NO OVERBUILD WITH
CONGESTION MANAGEMENT
4x..16x
Increase Flow Bandwidth
80%
Improved Application Flow Completion
60%
Increase Fabric Utilization
60%
90%
Cisco Confidential 17 © 2014 Cisco and/or its affiliates. All rights reserved.
Centralized
Compliance and
Auditing
Import / Export Policy via API
(Support for External Policy Engines)
Engineering Legal Sales HR Finance Marketing
ACI Benefit: Secure Multi-tenancy at Scale
Complete Isolation with
Full Scalability and
Security
Policy Separated from
Network Forwarding
Policy
Engine
Enabling a Dynamic Enterprise without Compromise
Encrypted Controller
Communication
Advanced Role Based
Access Control APIC
Cisco Confidential 18 © 2014 Cisco and/or its affiliates. All rights reserved.
ACI Benefit: Deep Telemetry — Application and Tenant
APIC
AP
P
TE
NA
NT
Tenant Tenant 1 Tenant 2
Tenant 3 Tenant 4
Cisco Confidential 19 © 2014 Cisco and/or its affiliates. All rights reserved.
OPERATIONAL MODELS
RESTful APIs, Python etc.
OpFlex
1. Scripting/Languages
2. IT Automation
3. OpenSource
4. Integrated ACI Approach
(GUI/CLI)
RICH ECOSYSTEM
Hypervisors
L4-L7 Services
Management
Security
Storage
CLOUD
SECURITY NETWORK
APPLICATION
Automate
ACI Benefit: Delivering on Operational Choice
Operational Choice—Service Provider, Enterprise, Commercial
Cisco Confidential 20 © 2014 Cisco and/or its affiliates. All rights reserved.
UCS Director: Unified Infrastructure Management
UCS Director Application Catalog includes compute, network and storage requirements
UCS Manager/Central
APIC
Single tool to provision and manage existing Nexus fabric & ACI fabric
Automated provisioning of Network, Compute, Storage, L4-7 Services, Virtualization
Support for FlexPod, Vblock, VSPEX
NETWORK STORAGE
Web Tier App Tier DB Tier
Storage Storage
COMPUTE
APP DB WEB
Cisco Confidential 21 © 2014 Cisco and/or its affiliates. All rights reserved.
Multi-Vendor Hypervisor Support
Network
Admin
Application
Admin
Bare Metal
Server
VLAN
VXLAN
VLAN
NVGRE
VLAN
VXLAN
VLAN
Hypervisor
Management
ACI Fabric
KVM
Cisco Confidential 22 © 2014 Cisco and/or its affiliates. All rights reserved.
Policy Coordination with Hypervisor Management
Network policy coordination
Automatic virtual end point detection and policy placement
Policies consistently implemented in virtual and physical
Network policy stays sticky with VM
Hypervisor Management
Controller
Web App DB
Application Profile
Network Policy Coordination
PortGroups VM networks
VM Attach / Detach
notification
VM mobility notification
Cisco Confidential 23 © 2014 Cisco and/or its affiliates. All rights reserved.
Layer 4 - 7 Service Integration Centralized, Automated, and Supports Existing Model
• Administrative separation
• Dynamic service insertion
• Fully Automated
• Integrates with existing services
• Endpoint location independence and
mobility
Chain: “Security 5”
Application
Admin
Service
Admin
Serv
ice
Gra
ph
begin end Stage 1 ….. Stage N
Pro
vid
ers
inst
inst
…
Firewall
inst
inst
…
Load Balancer
…….. Se
rvic
e P
rofile
“Security 5”
ADC
Web Tier App Tier
ACI Fabric
Cisco Confidential 25 © 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric Based on a Simpler Network
Spine switches
Leaf switches
Fabric is a multistage switching fabric with zero touch startup
Cisco Confidential 26 © 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric – Mobility Decoupled Identity, Location & Policy
VTEP VTEP VTEP VTEP VTEP VTEP
Decouples tenant end-point address (MAC or IP) from location
Forwarding within Fabric is between VXLAN Tunnel Endpoints (VTEPs)
Mapping of tenant end-point address to location performed by VTEP (distributed
mapping database)
Payload IP VXLAN VTEP
Cisco Confidential 27 © 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric – Flexibility Encapsulation Normalization
Forwarding is ‘not’ limited to nor constrained by the encapsulation type or
encapsulation specific ‘overlay’ network
802.1Q
VLAN 10 VXLAN
VNID = 5789 VXLAN
VNID = 11348
NVGRE
VSID = 7456
Any to Any
802.1Q
VLAN 50
Normalized
Encapsulation
Localized
Encapsulation
Cisco Confidential 28 © 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric – All Routed Host Routing at Layer 2 and Layer 3
IP Forwarding
Forwarded using dest IP
address, HW learning of IP
address
10.1.3.11 10.6.3.2 10.1.3.35 10.6.3.17
MAC Forwarding
Forwarded using DMAC
address, HW learning of
MAC address
Cisco Confidential 29 © 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric – Load Balancing Flowlet Switching
H1 H2
TCP flow
• State-of-the-art ECMP hashes
flows (5-tuples)
• Flowlet switching routes bursts
from same flow independently
• No packet re-ordering
Gap ≥ |d1 – d2|
d1 d2
Cisco Confidential 30 © 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric – QOS Dynamic Flow Prioritization
Real traffic is a mix of large (elephant) and small (mice) flows.
F1
F2
F3
Standard (single priority):
Large flows severely impact
performance (latency & loss).
for small flows
High
Priority
Dynamic Flow Prioritization:
Fabric automatically gives a
higher priority to small flows.
Standard
Priority Key Idea:
Fabric detects initial few
flowlets of each flow and
assigns them to a high
priority class.
Cisco Confidential 31 © 2014 Cisco and/or its affiliates. All rights reserved.
ACI Key Takeaways
Application-focused Architecture • End-to-end application requirements • Network, Compute, Storage, Security, L4-L7 Services
• Any workload, anywhere, full mobility • Ubiquitous connectivity
• Non-blocking penalty free Overlay • Decoupled Identity, Location and Policy
• Rapid flexible provisioning without overhead • Hardware acceleration and feature enablement
• Open Programmable API and Data model • System, Hypervisor Management, Automation Tools
and Orchestration Framework
Consistency for Virtual, Physical and Cloud resource integration
Efficient High-Performance Scalable Fabric
Software flexibility with Hardware Performance
Open Ecosystem Framework