vyatta cloud expo-sjc_2012-share
DESCRIPTION
Scott Sneddon of Vyatta - Cloud Expo 2012 Presentation. The SDN (R)evolution and How it Enables a DevOps for NetOps MovementTRANSCRIPT
Cloud Expo Santa Clara - 2012
Scott Sneddon Chief Solutions Architect
@ssneddon
EMPOWERING SDN
SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA
Leader in software-based networking Founded in 2006 on the belief that the
future of networking will be in software
Who is Vyatta?
Vyatta is…
VPN
IPSec, SSL
Router
OSPF, BGP
Firewall
Stateful, NAT
Vyatta is…
CLI, A
PI, G
UI
Software-based Networking
Vyatta is…
CLI, A
PI, G
UI
Software-based Networking
Remote Access API • Programmable • RESTful • Full Control
Flexible Deployment
CLI, A
PI, G
UI
Hypervisor
CLI, A
PI, G
UI
x86 Server
OR
Many Uses
Data Center
Multi-tenancy Traffic Optimization
Cloud
Security Remote access Multi-tenancy
Remote Office
Consolidation Cost Reduction
Let’s talk about SDN
What is SDN?
“…programmable networks (or more precisely, network elements that can be configured through a reasonable and documented API)…”
– Ivan Pepelnjak, ipSpace.net “Software Defined Networking (SDN) is an emerging network architecture where network control is decoupled from forwarding and is directly programmable…”
– Open Networking Foundation
What SDN isn’t…
We s0ll need smart network design. Maybe smarter then we did before.
There’s more to it then just OpenFlow.
So, SDN is all about…
• Network Programmability – API interaction with network elements
• Separation of Control Plane and Forwarding Plane – Infrastructure Agnostic
– Forwarding Plane can be Software or Hardware
• Integration with higher-order Orchestration platforms – OpenStack, CloudStack, vCloud Director
Traditional Network
Control Forwarding
Control Forwarding
Control Forwarding
Control Forwarding
Control Forwarding
Control Forwarding
Basic SDN
Forwarding
Forwarding
Forwarding
Forwarding
Forwarding
Forwarding
Control
Ecosystem is complex and still emerging
vCenter
VXLAN NVGRE OpenFlow
Router Control Security Control
“NORTHBOUND API”
VM VM VM VM VM VM VM VM VM VM
Systems view
Network control
Switching
Compute and storage
Servers
SNMP
How is SDN used today?
• Carrier-grade OpenFlow – WAN Programmability/OpenFlow “paths”
• Datacenter Network Virtualization – Overlay networks
• Tunnels – VXLAN, STT, GRE • Solves VLAN exhaustion & L2 extensibility
– Programmability of L2 segments – OpenFlow – Cloud infrastructure
• Per-tenant network segments & security
SDN Target Use Cases For Brocade
© 2012 Brocade Communica0ons Systems, Inc. Proprietary Informa0on
VM VM VM
PHY PHY
VM VM VM
PHY PHY
L2/L3VPN WAN
Data Center
SDN Orchestra0on & SDN Controller
SDN Cloud Gateway WAN Network Virtualiza0on WAN Virtualiza0on
App & SDN Controller
DC 1 DC 2 10/100G WAN
Customer 1
Customer 2
Services Crea0on & Inser0on Services Inser0on
App & SDN Controller
ADC FW Cache
AAA
WAN
Data Center
Customer 1 Customer 2
Customer 3
ADC
ADP APP & SDN Controller
Applica0on Delivery DC Network Virtualiza0on
DC Network Fabric
VM VM VM
PHY PHY
VM VM VM
PHY PHY
VM VM VM
PHY PHY
DC Virtualiza0on App & SDN Controller
DC 1 DC 2 Optical
Packet-‐Op0cal Integra0on APP & SDN Controller
Packet-‐Op0cal Integra0on
MPLS/IP
DC1 SDN
Cloud Orchestra0on
DC2 SDN OTN
Network Analy0cs App & SDN Controller
Production 10/100G WAN
Analytics Network Tool 1 Tool 2 Tool 3
Network Analy0cs
?
Why are SDNs important?
• Datacenter network topologies are changing (or they need to change) – Server Density – Changes in traffic flows – Capital cost of infrastructure needs to decrease – NetOps needs to keep pace with DevOps
• It’s about the apps… – DevOps movement and application development velocity
We haven’t removed the need for segmentation and security
We haven’t removed the need for network engineering
DevOps?
• “Devops is a sobware development method that stresses communica0on, collabora0on and integra0on between sobware developers and informa0on technology (IT) professionals”
-‐ hep://en.wikipedia.org/wiki/DevOps
• “…these opera5onally aware engineering teams and engineering-‐aware opera5onal teams must have buy in at the top because people who code generally cost more, so hiring opera0onal team members who code require a bigger budget.”
– Pedro Canahua0, Facebook (hep://gigaom.com/cloud/how-‐facebook-‐solves-‐the-‐it-‐culture-‐wars-‐and-‐scales-‐its-‐site/)
“Data center networks are in my way” - 2009, James Hamilton, VP/DE Amazon Web Services
DevOps for NetOps
interfaces { ge-‐0/0/9 { descrip0on ”customer a"; unit 0 { family ethernet-‐switching { port-‐mode access; vlan { members vlan4; } } } } vlan { unit 4 { family inet { address 10.160.0.9/16; } } } vlans { vlan4 { l3-‐interface vlan.4; } }
vlan 4 name customer_a untagged ethe 1/4 router-‐interface ve 4 interface ve 4 ip address 10.160.0.10/16
Build a VLAN and subnet on a Juniper… Build a VLAN and subnet on a Brocade…
Not bad, but it could be beeer
DevOps for NetOps
quantum net-‐create net1 quantum subnet-‐create net1 10.0.0.0/24
Build a network (VLAN and subnet) in OpenStack Quantum
How does NetOps get there?
• Knock down organizational boundaries • Expand our knowledge base as network engineers
– Augment that CCIE with a little Python • Look beyond plumbing
– Think “Network as a Service” • Better operational models for repetitive tasks
– API’s to present auto-provisioned services (with constraints) to your customers
The SDN (R)evolution
“It’s hard to make predictions, especially about the future.” - Yogi Berra
Cost / Time To Recover
Price of Overcommitting
1,000 100 10 1 10 100 1,000
Degree of Network Virtualization (Order of Magnitude)
Early Overcommit
1,000 100 10 1 10 100 1,000
Degree of Network Virtualization (Order of Magnitude)
Long View, Shorter Steps
Early SDN Deployment
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch VM VM
VM
Network 1 Network 2 Network 3
VM VM VM
VM VM VM
VM VM VM VM VM
VM VM VM VM
VM VM
VM
Empowering SDN - Services
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch VM VM
VM
Network 1 Network 2 Network 3
VM VM VM
VM VM VM
VM VM VM VM VM
VM VM VM VM
VM VM
VM
Enterprise Network Internet
Testing Dates: October 10th – 30th 2012 Report Generated: November 1st 2012 Report Author: Steven Noble
Vyatta Subscription Edition 6.5 R1
TEST SYSTEM CONFIGURATION: HARDWARE: SUPERMICRO X9SAE-V INTEL I7-3770 / 32G ECC RAM FOUR INTEL I340-T2 NICS INTEL 520 SERIES 240GB SSD COST: ~$1600 US VM CONFIGURATION: VMWARE 5.1.0 HYPERVISOR 2 OR 4VCPUS, 4GB OF RAM DIRECT ACCESS TO UPLINK PORTS VIA VMDIRECTPATH
1900
3620
7552
Throughput (Mbps)
Deployment Scenarios VM 2vCPU VM 4vCPU Bare Metal
Key Points Vyatta is able to forward 100% line-rate IMIX traffic across all Interfaces in our test system Performance degrades gracefully as features are added. Vyatta handles QoS with no issues, protecting traffic even when the destination interface is more than 200% oversubscribed. Vyatta can be run directly on commodity hardware or in a virtual machine
Vyatta in Amazon Web Services
• Scalable VPN services – Office to AWS VPC
– User to AWS VPC
– AWS VPC to VPC connectivity
• Advanced routing – Full mesh topologies
– High availability architectures
– Traffic management
• IPSEC and SSL
Available in Amazon Marketplace
VM VM
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)
Customer Data Center
Why Vyatta?
• Routing & security to connect Layer 2 islands – Software for flexibility – REST API for programmability – Much more to come…
Remember When You Used to Get Excited about Networking?
It’s that time again