The Changing Data Centre Landscape

Patrick LeMaistre, CCIE

Consulting Systems Engineer

plemaist@cisco.com

Cisco Confidential 3 © 2014 Cisco and/or its affiliates. All rights reserved.

New Cloud Principals Here to Stay

Agility Scale

Security Workload Mobility

Cisco Confidential 4 © 2014 Cisco and/or its affiliates. All rights reserved.

Business and IT Undergoing Significant Change

Security And

Compliance

CLOUD DEVOPS

Integration

Mobility Big Data And

Analytics

Shifting to an ITaaS Model

Cloud DEVOPS Big Data and

Analytics

Security and

Compliance Mobility

Cisco Confidential 5 © 2014 Cisco and/or its affiliates. All rights reserved.

Connectivity Virtualization Simplification Agility Federation

Big Data IoT Applications

Web 2.0 Applications

Mobile—Cloud Applications

Mission Critical Applications

Application Demands Are Driving Data Center Architectures

TIERED NETWORKS

FABRIC ARCHITECTURES

APP-CENTRIC INFRASTRUCTURE

FEDERATED CLOUDS

FABRIC AUTOMATION

Cisco Confidential 6 © 2014 Cisco and/or its affiliates. All rights reserved.

The Promise of SDN

Logical Network/Overlay Protocol

Physical Network

10001101000110101

Control & Data Plane

Decoupled

Network

Virtualization

Direct

Programmability

Centralized Management

Simplification

Agility Programmatically Configured

Dynamically

Automated

Cisco Confidential 7 © 2014 Cisco and/or its affiliates. All rights reserved.

VIRTUAL

PHYSICAL CLOUD

Rapid deployment of applications onto networks with scale, security and full visibility

Applications—Physical, Virtual and Cloud

Physical

Networking

Hypervisors and

Virtual Networking Compute L4-L7 Services

Multi-DC WAN

and Cloud Storage

Cisco Confidential 8 © 2014 Cisco and/or its affiliates. All rights reserved.

Typical Three Tier Application

Web Tier

ADC

App Tier Database Tier

• Network Connectivity

• Security Policies

• Quality of Service

• Layer 4 – 7 Application Services

• Storage Policies

• Compute Policies

• Hypervisor Policies

Firewall Firewall

Firewall ADC

Cisco Confidential 9 © 2014 Cisco and/or its affiliates. All rights reserved.

Policy-Based Data Center

IP Fabric

Web Tier

App Tier

DB Tier

• Controller with end-to-end

application awareness

• IP fabric connecting all physical

and virtual workloads and

services

• Application Network Profile

(ANP) pushed to all components

Controller Profile

Application Centric Infrastructure (ACI)

Cisco Confidential 11 © 2014 Cisco and/or its affiliates. All rights reserved.

Application Centric Infrastructure Components

IP Fabric

Policy Management

Controller

APIC

Application

Network Profiles

End Points

Physical & Virtual

Physical Networking

Nexus 2K

Nexus 7K

Hypervisors and Virtual Networking

Compute L4–L7 Services

Storage Multi DC WAN and Cloud

Integrated

WAN Edge

Cisco Confidential 12 © 2014 Cisco and/or its affiliates. All rights reserved.

Subject Matter Experts Define Policies

1

Application Network Profiles Transformation to Stateless Networking

Network SME

Security SME

Application SME

APIC

2

Policies Used To Create Application Network Profile Templates

3 Automated policy configuration across the infrastructure

Life cycle management for day 1, day 2 operations

4

Physical Networking

Compute L4–L7 Services

Storage Hypervisors and Virtual Networking

Multi DC WAN and Cloud

Nexus 2K

Nexus 7K

Integrated

WAN Edge

Cisco Confidential 13 © 2014 Cisco and/or its affiliates. All rights reserved.

Application Network Profiles Deeper Look

Stateless definition of application needs

Contained within a multi-tenant model

Application tiering

Connectivity policies

Layer 4 – 7 services

XML/JSON schema

Fully abstracted

Removes dependencies of the infrastructure

Portable across different data center fabrics

## Network Profile: Defines Application Level Metadata

(Pseudo Code Example)

<Network-Profile = Production_Web>

<App-Tier = Web>

<Connected-To = Application_Client>

<Connection-Policy = Secure_Firewall_External>

<Connected-To = Application_Tier>

<Connection-Policy = Secure_Firewall_Internal &

High_Priority>

. . .

<App-Tier = DataBase>

<Connected-To = Storage>

<Connection-Policy = NFS_TCP &

High_BW_Low_Latency> . . .

Application Connectivity Requirements

Cisco Confidential 14 © 2014 Cisco and/or its affiliates. All rights reserved.

Application Policy Infrastructure Controller Centralized Automation and Fabric Management

Layer 4..7 System

Management

Storage

Management

Orchestration

Management

Storage SME Server SME Network SME

Security SME App. SME OS SME

Open RESTful API

Policy-Based

Provisioning

APIC

Declarative data model based

Application monitoring, & troubleshooting

3rd party services integration

Image management (spine / leaf)

Fabric inventory

Single cluster supports 1M+ end points,

200K+ ports, 64K+ tenants

Centralized access to ALL fabric

information - GUI, CLI and RESTful API’s

Extensible to compute and storage

management

Cisco Confidential 15 © 2014 Cisco and/or its affiliates. All rights reserved.

ACI Lead Networking Platform

1011

0010

Industry Leading Price/Performance, Port Density: Fastest 10G/40G /100G Platform with Merchant+

Programmability/ Open APIs: Linux Containers, Python, Power Shell, Puppet, Chef… Ideal for DevOps!!

15% Better Power & Cooling–2.8X Better Reliability

Innovation Object Model, No Backplane, No Midplane, Health scores

$ Multi-million Savings 40/100G on Existing Cables using BiDi Optics. Non disruptive migration to 40G

Nexus 9000 1/10/40/100G

Cisco Confidential 16 © 2014 Cisco and/or its affiliates. All rights reserved.

MORE APPS

IMPROVE

PERFORMANCE

OPTIMIZE

UTILIZATION

Improve Application Performance with ASIC Innovation

Grow Capacity

Quality of Service

Lower cost &

No overbuild

SCALE CAPACITY

WITH FLOWLET

SWITCHING

QUALITY OF SERVICE VIA

DYNAMIC LOAD BALACING

LOWER COST AND

NO OVERBUILD WITH

CONGESTION MANAGEMENT

4x..16x

Increase Flow Bandwidth

80%

Improved Application Flow Completion

60%

Increase Fabric Utilization

60%

90%

Cisco Confidential 17 © 2014 Cisco and/or its affiliates. All rights reserved.

Centralized

Compliance and

Auditing

Import / Export Policy via API

(Support for External Policy Engines)

Engineering Legal Sales HR Finance Marketing

ACI Benefit: Secure Multi-tenancy at Scale

Complete Isolation with

Full Scalability and

Security

Policy Separated from

Network Forwarding

Policy

Engine

Enabling a Dynamic Enterprise without Compromise

Encrypted Controller

Communication

Advanced Role Based

Access Control APIC

Cisco Confidential 18 © 2014 Cisco and/or its affiliates. All rights reserved.

ACI Benefit: Deep Telemetry — Application and Tenant

APIC

AP

P

TE

NA

NT

Tenant Tenant 1 Tenant 2

Tenant 3 Tenant 4

Cisco Confidential 19 © 2014 Cisco and/or its affiliates. All rights reserved.

OPERATIONAL MODELS

RESTful APIs, Python etc.

OpFlex

1. Scripting/Languages

2. IT Automation

3. OpenSource

4. Integrated ACI Approach

(GUI/CLI)

RICH ECOSYSTEM

Hypervisors

L4-L7 Services

Management

Security

Storage

CLOUD

SECURITY NETWORK

APPLICATION

Automate

ACI Benefit: Delivering on Operational Choice

Operational Choice—Service Provider, Enterprise, Commercial

Cisco Confidential 20 © 2014 Cisco and/or its affiliates. All rights reserved.

UCS Director: Unified Infrastructure Management

UCS Director Application Catalog includes compute, network and storage requirements

UCS Manager/Central

APIC

Single tool to provision and manage existing Nexus fabric & ACI fabric

Automated provisioning of Network, Compute, Storage, L4-7 Services, Virtualization

Support for FlexPod, Vblock, VSPEX

NETWORK STORAGE

Web Tier App Tier DB Tier

Storage Storage

COMPUTE

APP DB WEB

Cisco Confidential 21 © 2014 Cisco and/or its affiliates. All rights reserved.

Multi-Vendor Hypervisor Support

Network

Admin

Application

Admin

Bare Metal

Server

VLAN

VXLAN

VLAN

NVGRE

VLAN

VXLAN

VLAN

Hypervisor

Management

ACI Fabric

KVM

Cisco Confidential 22 © 2014 Cisco and/or its affiliates. All rights reserved.

Policy Coordination with Hypervisor Management

Network policy coordination

Automatic virtual end point detection and policy placement

Policies consistently implemented in virtual and physical

Network policy stays sticky with VM

Hypervisor Management

Controller

Web App DB

Application Profile

Network Policy Coordination

PortGroups VM networks

VM Attach / Detach

notification

VM mobility notification

Cisco Confidential 23 © 2014 Cisco and/or its affiliates. All rights reserved.

Layer 4 - 7 Service Integration Centralized, Automated, and Supports Existing Model

• Administrative separation

• Dynamic service insertion

• Fully Automated

• Integrates with existing services

• Endpoint location independence and

mobility

Chain: “Security 5”

Application

Admin

Service

Admin

Serv

ice

Gra

ph

begin end Stage 1 ….. Stage N

Pro

vid

ers

inst

inst

…

Firewall

inst

inst

…

Load Balancer

…….. Se

rvic

e P

rofile

“Security 5”

ADC

Web Tier App Tier

ACI Fabric

Cisco Confidential 25 © 2014 Cisco and/or its affiliates. All rights reserved.

ACI Fabric Based on a Simpler Network

Spine switches

Leaf switches

Fabric is a multistage switching fabric with zero touch startup

Cisco Confidential 26 © 2014 Cisco and/or its affiliates. All rights reserved.

ACI Fabric – Mobility Decoupled Identity, Location & Policy

VTEP VTEP VTEP VTEP VTEP VTEP

Decouples tenant end-point address (MAC or IP) from location

Forwarding within Fabric is between VXLAN Tunnel Endpoints (VTEPs)

Mapping of tenant end-point address to location performed by VTEP (distributed

mapping database)

Payload IP VXLAN VTEP

Cisco Confidential 27 © 2014 Cisco and/or its affiliates. All rights reserved.

ACI Fabric – Flexibility Encapsulation Normalization

Forwarding is ‘not’ limited to nor constrained by the encapsulation type or

encapsulation specific ‘overlay’ network

802.1Q

VLAN 10 VXLAN

VNID = 5789 VXLAN

VNID = 11348

NVGRE

VSID = 7456

Any to Any

802.1Q

VLAN 50

Normalized

Encapsulation

Localized

Encapsulation

Cisco Confidential 28 © 2014 Cisco and/or its affiliates. All rights reserved.

ACI Fabric – All Routed Host Routing at Layer 2 and Layer 3

IP Forwarding

Forwarded using dest IP

address, HW learning of IP

address

10.1.3.11 10.6.3.2 10.1.3.35 10.6.3.17

MAC Forwarding

Forwarded using DMAC

address, HW learning of

MAC address

Cisco Confidential 29 © 2014 Cisco and/or its affiliates. All rights reserved.

ACI Fabric – Load Balancing Flowlet Switching

H1 H2

TCP flow

• State-of-the-art ECMP hashes

flows (5-tuples)

• Flowlet switching routes bursts

from same flow independently

• No packet re-ordering

Gap ≥ |d1 – d2|

d1 d2

Cisco Confidential 30 © 2014 Cisco and/or its affiliates. All rights reserved.

ACI Fabric – QOS Dynamic Flow Prioritization

Real traffic is a mix of large (elephant) and small (mice) flows.

F1

F2

F3

Standard (single priority):

Large flows severely impact

performance (latency & loss).

for small flows

High

Priority

Dynamic Flow Prioritization:

Fabric automatically gives a

higher priority to small flows.

Standard

Priority Key Idea:

Fabric detects initial few

flowlets of each flow and

assigns them to a high

priority class.

Cisco Confidential 31 © 2014 Cisco and/or its affiliates. All rights reserved.

ACI Key Takeaways

Application-focused Architecture • End-to-end application requirements • Network, Compute, Storage, Security, L4-L7 Services

• Any workload, anywhere, full mobility • Ubiquitous connectivity

• Non-blocking penalty free Overlay • Decoupled Identity, Location and Policy

• Rapid flexible provisioning without overhead • Hardware acceleration and feature enablement

• Open Programmable API and Data model • System, Hypervisor Management, Automation Tools

and Orchestration Framework

Consistency for Virtual, Physical and Cloud resource integration

Efficient High-Performance Scalable Fabric

Software flexibility with Hardware Performance

Open Ecosystem Framework