Software Defined Networks

3,754 views

Published on

Software Defined Networks

By: Thierry Couture, Consulting Systems Architect

There is currently a lot of buzz around OpenFlow and Software Defined Networks (SDN) in the industry. It would be a mistake to think that these are one and the same. The reality is that the current market conversation has loose semantics mixed in with hyperbole and hearsay that hide the simplicity of SDN behind terms like Openstack, Virtual Overlays, Network Function Virtualization, Orchestration, etc. This session will explain the origins of SDN, establish a basic terminology for SDN concepts, and offer a framework to both understand these trends and distill the applicability of SDN through a use case lens.

Published in: Technology
0 Comments
15 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,754
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
398
Comments
0
Likes
15
Embeds 0
No embeds

No notes for slide

Software Defined Networks

  1. 1. Introduction to
 Cisco SDN & Open Network Environment" Thierry Couture Consulting Systems Architect dax@cisco.com GTEC 2013 Government Technology Show
  2. 2. SDN in ONE Picture…
  3. 3. SDN$101$ Cisco$One$ Use$Cases$ Summary$ Agenda
  4. 4. Network Opportunities & Demands Exponential TRAFFIC Growth BILLIONS of People and Things+ + BIG DATA + Virtualization CLOUD+ + SERVICES + Collaboration + Optimized( )EXPERIENCES + PRODUCTIVITY + New $$$ Revenue$
  5. 5. The NEW Networking Configurable Networks Apps Aware Networks Network Interfaces Managed Networks Orchestrated Networks Network Aware Apps Programmatic Interfaces Self Optimizing Networks Connecting Nodes Connecting People
  6. 6. SDN$101$ Cisco$One$ Use$Cases$ Summary$
  7. 7. SDN - Evolving Definition
  8. 8. SDN 1-2-3 ... aaa authentication login default group tacacs+ local aaa accounting update newinfo aaa default-taskgroup root-system cdp vrf CGN1 address-family ipv4 unicast import route-policy vrf-import-CGNx import route-target 42610:65000 ! ! ! vrf CGN2 address-family ipv4 unicast import route-policy vrf-import-CGNx import route-target ... Topology and Network Function Virtualization (Overlays and NFV) Control Plane and Data Plane Separation (API & Controllers) Management Plane Unification and Feedback (Orchestration & SON)
  9. 9. CONTROL PLANE AND DATA PLANE SEPARATION (API & CONTROLLERS)
  10. 10. Control$Plane$and$Data$Plane$ Two$fundamental$terms$to$begin$understanding$the$concepts$around$SDN$
  11. 11. Router# show run ... ip cef ! interface FastEthernet0/0 ip address 10.0.0.13 255.255.255.252 ! interface FastEthernet0/1 ip address 10.0.9.1 255.255.255.252 ! interface FastEthernet1/0 ip address 10.0.9.5 255.255.255.252 ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! router ospf 100 network 0.0.0.0 0.0.0.0 area 0 maximum-paths 2 ! ... Router# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static rout o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks C 10.0.9.0/30 is directly connected, FastEthernet0/1 C 10.0.9.4/30 is directly connected, FastEthernet1/0 O 10.0.0.2/32 [110/11] via 10.0.9.2, 00:01:30, FastEthernet0/1 O 10.0.0.3/32 [110/2] via 10.0.9.6, 00:01:20, FastEthernet1/0 O 10.0.9.8/30 [110/11] via 10.0.9.2, 00:01:20, FastEthernet0/1 C 10.0.0.1/32 is directly connected, Loopback0 O 10.0.0.4/32 [110/12] via 10.0.9.2, 00:01:20, FastEthernet0/1 C 10.0.9.12/30 is directly connected, FastEthernet0/0 O 10.0.0.5/32 [110/11] via 10.0.9.13, 00:01:20, FastEthernet0/0 O 10.0.9.16/30 [110/20] via 10.0.9.13, 00:01:20, FastEthernet0/0 [110/20] via 10.0.9.2, 00:01:20, FastEthernet0/1 Router# show ip cef Prefix Next Hop Interface 0.0.0.0/0 drop Null0 (default route handle 0.0.0.0/32 receive 10.0.0.1/32 receive 10.0.0.2/32 10.0.9.2 FastEthernet0/1 10.0.0.3/32 10.0.9.6 FastEthernet1/0 10.0.0.4/32 10.0.9.2 FastEthernet0/1 10.0.0.5/32 10.0.9.13 FastEthernet0/0 10.0.9.0/30 attached FastEthernet0/1 10.0.9.0/32 receive 10.0.9.1/32 receive 10.0.9.2/32 10.0.9.2 FastEthernet0/1 10.0.9.3/32 receive 10.0.9.4/30 attached FastEthernet1/0 10.0.9.4/32 receive 10.0.9.5/32 receive 10.0.9.6/32 10.0.9.6 FastEthernet1/0 10.0.9.7/32 receive 10.0.9.8/30 10.0.9.2 FastEthernet0/1 10.0.9.12/30 attached FastEthernet0/0 10.0.9.12/32 receive 10.0.9.13/32 10.0.9.13 FastEthernet0/0 10.0.9.14/32 receive 10.0.9.15/32 receive 10.0.9.16/30 10.0.9.13 FastEthernet0/0 10.0.9.2 FastEthernet0/1 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive c2960-02#sh mac address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 100 0001.e69c.b6c9 DYNAMIC Gi0/1 100 000e.5881.9266 DYNAMIC Gi0/1 100 0018.0a34.06f0 DYNAMIC Gi0/1 100 0018.0a34.08da DYNAMIC Fa0/1 100 0018.0a42.c507 DYNAMIC Gi0/1 100 0018.0a53.9ba3 DYNAMIC Gi0/1 100 0018.0a53.9baf DYNAMIC Gi0/1 100 0019.df60.4e9a DYNAMIC Gi0/1 100 0025.4bc5.d08a DYNAMIC Fa0/8 100 0027.0e06.3ac8 DYNAMIC Gi0/1 100 98b8.e3a9.cc7a DYNAMIC Gi0/1 100 b817.c2b1.a6a9 DYNAMIC Gi0/1 100 b83e.5914.f9f5 DYNAMIC Fa0/1 100 c42c.030c.c25c DYNAMIC Gi0/1 100 c86f.1dc8.3e21 DYNAMIC Gi0/1 100 dc7b.94de.1089 DYNAMIC Gi0/1 c2960-02#
  12. 12. 4 Nodes 160,000 Nodes 1 Website 12B+ Devices 20127,671 8,438 But Why Did We Get Here? Defense Funded $$$$$/Device Crowd Sourced $0/Device 51B/2020$
  13. 13. 232 < 2128 2556$ 44$
  14. 14. Where$did$this$SDN$“thing”$come$from?$
  15. 15. Stanford$University$–$Clean$Slate$Project$ $ “…explore$what$kind$of$Internet$we$would$design$if$we$were$to$start$with$a$clean$ slate$and$20@30$years$of$hindsight.”$ hIp://cleanslate.stanford.edu/$
  16. 16. You$might$have$noNced$the$Cisco$Logo$on$the$web$page$ $ Cisco$provided$some$equipment$early$in$the$cycle$to$the$research$team$ Namely$a$Catalyst$6500$and$3750$upon$which$some$of$the$early$work$was$done…$
  17. 17. …$Clean$Slate$led$to$the$development$of…$
  18. 18. IMPORTANT:$Openflow$does$not$equal$SDN$ Openflow$ SoZware$ Defined$ Networking$ Openflow$is$a$part$of$SDN$
  19. 19. What is OpenFlow? OpenFlow$is$a$Layer$2$ communicaNons$protocol$that$gives$ access$to$the$forwarding$plane$of$a$ network$switch$or$router$over$the$ network$ $ Four$Parts$to$OpenFlow:$ API$+$Controller$+$Protocol$+$Agent$
  20. 20. How does it work?
  21. 21. Openflow$v1.0$ Data$ Data$ Data$ Switch$ FLOW$ TABLE$ SWITCH$FORWARDING$ ENGINE$ OPENFLOW$CONTROLLER$ Incoming$packet$arrive$at$Switch$ **$ CPU$ **Openflow$1.0$supports$a$lookup$into$a$single$flow$table$
  22. 22. Openflow$v1.0$ Data$ Data$ Data$ FLOW$ TABLE$ SWITCH$FORWARDING$ ENGINE$ Fields$from$packet$header$used$for$lookup$key$ **$ CPU$ **Openflow$1.0$supports$a$lookup$into$a$single$flow$table$ Lookup$Key$ Header$fields$used$to$build$lookup$key$ Switch$
  23. 23. Openflow$v1.0$ Switch$ FLOW$ TABLE$ SWITCH$FORWARDING$ ENGINE$ OPENFLOW$CONTROLLER$ If$no$match,$Controller$programs$switch$flow$table$ CPU$ Data$ Data$ Data$
  24. 24. Openflow$v1.0$ Data$ Data$ Switch$ FLOW$ TABLE$ SWITCH$FORWARDING$ ENGINE$ OPENFLOW$CONTROLLER$ Forwarding$Engine$forwards$packets$ **$ CPU$ **Openflow$1.0$supports$a$lookup$into$a$single$flow$table$
  25. 25. Openflow$v1.0$ Flow$Table$in$more$detail…$$ FLOW$TABLE$ HEADER$FIELDS$ COUNTERS$ ACTIONS$ …$ …$ …$ …$ …$ …$ FLOW$ENTRY$ Flow$“Entry”$consists$of$one$row$in$the$Flow$Table$
  26. 26. Openflow$v1.0$ Flow$Table$in$more$detail…$$ FLOW$TABLE$ HEADER$FIELDS$ COUNTERS$ ACTIONS$ …$ …$ …$ …$ …$ …$ Ingress$ Port$ Source$ MAC$ Dest$ MAC$ Ether$ Type$ VLAN$ ID$ VLAN$ Priority$ IP$ SRC$ IP$ DEST$ IP$ Protocol$ IP$ TOS$ TCP/UDP$ SRC$ TCP/UDP$ DEST$ HEADER$FIELDS$ This$is$the$“Famous”$Openflow$12$Tuple$ 1$ 2$ 3$ 4$ 5$ 6$ 7$ 8$ 9$ 10$ 11$ 12$
  27. 27. Openflow$v1.0$ Flow$Table$in$more$detail…$$ FLOW$TABLE$ HEADER$FIELDS$ COUNTERS$ ACTIONS$ …$ …$ …$ …$ …$ …$ Per$Table$ AcNve$Entries$ 32$Bits$ Packet$Lookups$ 64$Bits$ Packet$Matches$ 64$Bits$ Per$Flow$ Received$Packets$ 64$Bits$ Received$Bytes$ 64$Bits$ DuraNon$(seconds)$ 32$Bits$ DuraNon$(nanoseconds)$ 32$Bits$ Per$Queue$ Transmit$Packets$ 64$Bits$ Transmit$Bytes$ 64$Bits$ TX$Overrun$Errors$ 64$Bits$ Per$Port$ Received$Packets$ 32$Bits$ Transmit$Packets$ 64$Bits$ Received$Bytes$ 64$Bits$ Transmit$Bytes$ Received$Drops$ Transmit$Drops$ Received$Errors$ Transmit$Errors$ Received$Frame$ Alignment$Errors$ RX$Overrun$Errors$ RX$CRC$Errors$ Collisions$ 64$Bits$ 64$Bits$ 64$Bits$ 64$Bits$ 64$Bits$ 64$Bits$ 64$Bits$ 64$Bits$ 64$Bits$
  28. 28. Openflow$v1.0$ Flow$Table$in$more$detail…$$ FLOW$TABLE$ HEADER$FIELDS$ COUNTERS$ ACTIONS$ …$ …$ …$ …$ …$ …$ MulNple$AcNons$available$to$be$programmed$ Let$us$explore$those$in$more$detail…$
  29. 29. Openflow$v1.0$ Switch$ FLOW$ TABLE$ SWITCH$FORWARDING$ ENGINE$ OPENFLOW$CONTROLLER$ Required$AcNons$Supported$by$“Openflow$1.0”$Switch$ 6 2 7 CPU$ 1 34 5 Required$AcNons$ 1$ Forward$out$all$ports$ except$input$port$ 2$ Redirect$to$Openflow$ Controller$ 3$ Forward$to$local$ Forwarding$Stack$(CPU)$ 4$ Perform$acNon$in$flow$ table$ 5$ Forward$to$input$port$ 6$ Forward$to$desNnaNon$ port$ 7$ Drop$Packet$
  30. 30. Data$ Data$ Data$ Switch$ FLOW$ TABLE$1$ SWITCH$FORWARDING$ ENGINE$ OPENFLOW$CONTROLLER$ CPU$ GROUP$ TABLE$ FLOW$ TABLE$2$ FLOW$ TABLE$n$ FLOW$METER$ TABLE$ Openflow$v1.3$
  31. 31. Example: Monetize / Simplify / Optimize S Client Site A Site B $$$ 1ms $ 10ms $ 10ms Daytime = Transactions = Optimize for Latency and Responsiveness = $9@3ms Nighttime = Inventory Updates = Optimize for high BW and lower cost = $4@40ms A P WAN
  32. 32. TOPOLOGY AND NETWORK FUNCTION VIRTUALIZATION (OVERLAYS AND NFV)
  33. 33. You$start$with$a$ Physical$Network$ Physical$Devices$and$ Physical$ConnecNons$
  34. 34. Then$you$add$an$ overlay$ Overlay$provides$the$ base$for$the$logical$ network$
  35. 35. Logical$“switch”$devices$ overlay$the$physical$ network$ Underlying$physical$ network$carries$data$traffic$ for$overlay$network$ They$define$their$own$ topology$
  36. 36. MulNple$“overlay”$ networks$can$copexist$ at$the$same$Nme$ Overlays$provides$logical$network$ constructs$for$different$tenants$ (customers$and/or$applicaNons)$
  37. 37. Main$Benefit$of$Overlays?$ $ Overlay$Network$can$be$created$and$torn$down$without$changing$ underlying$physical$network$ $ BTW,$you$have$been$doing$this$with$servers$too!$
  38. 38. NFV & Server Virtualization
  39. 39. MANAGEMENT PLANE UNIFICATION AND FEEDBACK (ORCHESTRATION & SON)
  40. 40. Openstack$is$an$IAAS$(Infrastructure$As$A$Service)$ cloud$compuNng$project$ It$is$also$referred$to$as$a$Cloud$OperaLng$System$ “…provides$a$means$to$control$(administer)$compute,$storage,$ network$and$virtualizaNon$technologies…”$
  41. 41. To$understand$IAAS,$let$us$$ first,$let$us$define$Cloud$CompuNng…$
  42. 42. Network$ Storage$ Compute$ Users$ Cloud$CompuLng$provides$a$set$of$private$or$public$remote$ resources$and$services$through$a$network$
  43. 43. What$are$these$resources?$
  44. 44. At$a$more$detailed$level,$there$are$many$resources$inside$ the$cloud$ ApplicaNons$ RunNmes$ Databases$ Servers$ Security$ VirtualizaNon$ Storage$ Networking$
  45. 45. Private$ Cloud$ What$resources$you$manage$inside$the$cloud$defines$the$following…$ Infrastructure$ as$a$Service$ (IAAS)$ Platorm$as$a$ Service$(PAAS)$ SoZware$as$a$ Service$(SAAS)$ How$do$these$differ$from$one$another?$
  46. 46. ApplicaNons$ RunNmes$ Databases$ Servers$ Security$ VirtualizaNon$ Storage$ Networking$ Private$ Cloud$ Infrastructure$ as$a$Service$ (IAAS)$ Platorm$as$a$ Service$ (PAAS)$ SoZware$as$a$ Service$ (SAAS)$ ApplicaNons$ RunNmes$ Databases$ Servers$ Security$ VirtualizaNon$ Storage$ Networking$ ApplicaNons$ RunNmes$ Databases$ Servers$ Security$ VirtualizaNon$ Storage$ Networking$ ApplicaNons$ RunNmes$ Databases$ Servers$ Security$ VirtualizaNon$ Storage$ Networking$ Managed$by$You$ Managed$by$Vendor$
  47. 47. ApplicaNons$ With$IAAS,$compute,$storage,$networking$and$ virtualizaLon$resources$are$managed$by$the$Vendor$(this$ defines$them$as$an$IAAS$provider)$ RunNmes$ Databases$ Servers$ Security$ VirtualizaNon$ Storage$ Networking$ Managed$by$You$ Managed$by$Vendor$
  48. 48. Openstack$lets$the$provider$manage$these$resources$ Servers$ VirtualizaNon$ Storage$ Networking$
  49. 49. Openstack$provides$a$nice$web$based$front$end$to$manage$ those$cloud$resources…$
  50. 50. Openstack$consists$of$a$number$of$components$$ Openstack$ Compute$ (NOVA)$ Openstack$ Object$ Store$ (SWIFT)$ Openstack$ Image$ Service$ (GLANCE)$ Openstack$ Quantum$ Service$
  51. 51. Openstack$Compute$(NOVA)$ Openstack$ Compute$ (NOVA)$ Openstack$ Object$ Store$ (SWIFT)$ Openstack$ Image$ Service$ (GLANCE)$ Openstack$ Quantum$ Service$ Allows$the$administrator$to$create$and$manage$Virtual$Machines$(VM’s)$using$ various$(stored)$machine$images$
  52. 52. Object$Store$(SWIFT)$ Openstack$ Compute$ (NOVA)$ Openstack$ Object$ Store$ (SWIFT)$ Openstack$ Image$ Service$ (GLANCE)$ Openstack$ Quantum$ Service$ Provides$the$ability$to$store$objects$–$basically$it$is$the$component$that$is$responsible$ for$managing$storage$and$reading/wriNng$objects$to$that$storage$ An$object$could$be$a$video$file,$a$document,$a$picture,$a$database…$basically$anything$that$you$would$normally$store$on$your$computer$
  53. 53. Image$Store$(GLANCE)$ Openstack$ Compute$ (NOVA)$ Openstack$ Object$ Store$ (SWIFT)$ Openstack$ Image$ Service$ (GLANCE)$ Openstack$ Quantum$ Service$ This$is$the$component$responsible$for$managing$the$different$operaNng$system$ images$(Windows,$Linux,$etc)$that$NOVA$uses$to$create$virtual$machine’s$
  54. 54. Network$Service$(QUANTUM)$ Openstack$ Compute$ (NOVA)$ Openstack$ Object$ Store$ (SWIFT)$ Openstack$ Image$ Service$ (GLANCE)$ Openstack$ Quantum$ Service$ Allows$the$administrator$to$create$and$manage$virtual$networks$ $ This$is$the$piece$that$has$relevance$to$our$SDN$story$
  55. 55. Quantum$is$used$to$help$ manage$the$overlay$(virtual)$ networks$
  56. 56. SDN$101$ Cisco$One$ Use$Cases$ Summary$
  57. 57. Cisco ONE Business Drivers Cloud Video Mobility Data Deluge How to Harness Network Value? How to Drive Business Agility? How to Drive Operational Simplicity? But is the Network Ready?
  58. 58. Cisco Open Network Environment Bringing the Network to Applications Software Defined Networks Open Flow
  59. 59. Where we started a while ago… Network Applications Services Orchestration Analytics Network Intelligence, GuidancePolicy & Intent Programmability Statistics, States, Events Program for Optimized Experience Harvest Network Intelligence
  60. 60. Cisco ONE A Comprehensive Approach SDN Open APIs Open Cloud Virtualization (NFV) Industry-Defined Bidirectional Interaction Real-time Analytics Orchestration Automation Cisco Innovative Extensions +
  61. 61. Cisco Approach: Flexibility to Choose • Match the model with the use case • Deploy hybrid for optimal business results Multiple Approaches to SDN Cisco ONE Enables All of Them Controller OpenFlow Device Device with OpenFlow Device Other Agents Apps APIs Network Apps Virtual Overlays Network Physical and Virtual Apps
  62. 62. Control Plane and Data Plane Separation Strategy Open Daylight ONE Controller Open Flow ONE PK Open Source Cisco
  63. 63. Data and Control Plane Abstraction Build on Known Mechanisms and Features RPNetFlow QoS PBR EVC ABF IP MPLS TE Route Science PfR Segment Routing CBTS PBTS
  64. 64. Network Function Virtualization (NFV) Many familiar network functions are already virtualized on UCS! LAN Switch (VEM/ Nexus1K) Security Gateway (VSG) Identity Services (vISE) Adaptive Security (vASA) WAN Acceleration (vWAAS) Mobility Services (vMSE) Wireless LAN Control (vWLC) Route Reflector (VRR) Video Cache Network Analytics (vDNA) Network Analysis (vNAM) Network Management (PRIME NCS) CSR (vCE/vPE) Load Balancers vEPC (M2M) Cisco Unified Computing System (UCS)
  65. 65. Orchestration & Management …$
  66. 66. SDN$101$ Cisco$One$ Use$Cases$ Summary$
  67. 67. SDN Progression / Evolution over Time ) ) pandp$ Business) Applica1ons) Infrastructure/IaaS) Middleware/PaaS) “My$business$app$is$deployed$on$a$IaaS/ PaaS$cloud$service.$$$ It$enables$me$to$release/deploy$faster.”$ “My$business$app$interacts$with$the$network$ and$programs$changes$to$the$network.$$$ It$improves$my$app’s$user$experience$and$ lowers$my$opex.”$ Business) Applica1ons) Infrastructure) Middleware) “My$business$app$interacts$with$the$network$ and$harvests$informaLon$from$the$network.$$$ It$improves$my$app’s$user$experience.”$ Business) Applica1ons) Infrastructure) Middleware) 1$ 2$ 3$ Programma1c)access) ApplicaNon$doesn’t$directly$program$a$change$to$the$ network,$but$benefits)from)orchestra1on.$ ApplicaNon$directly)programs)a$change$ to$the$network.$ ApplicaNon$harvests)intelligence)from$the$network$ through$direct$programmable$interface.$
  68. 68. ) ) SDN Progression / Evolution over Time Business) Applica1ons) Infrastructure/IaaS) Middleware/PaaS) “My$business$app$is$deployed$on$a$IaaS/ PaaS$cloud$service.$$$ It$enables$me$to$release/deploy$faster.”$ “My$business$app$interacts$with$the$network$ and$programs$changes$to$the$network.$$$ It$improves$my$app’s$user$experience$and$ lowers$my$opex.”$ Business) Applica1ons) Infrastructure) Middleware) “My$business$app$interacts$with$the$network$ and$harvests$informaLon$from$the$network.$$$ It$improves$my$app’s$user$experience.”$ Business) Applica1ons) Infrastructure) Middleware) 1$ 2$ 3$ pandp$ ApplicaNon$doesn’t$directly$program$a$change$to$the$ network,$but$benefits)from)orchestra1on.$ ApplicaNon$directly)programs)a$change$ to$the$network.$ ApplicaNon$harvests)intelligence)from$the$network$ through$direct$programmable$interface.$ Programma1c)access)
  69. 69. SDN Progression / Evolution over Time ) ) pandp$ Business) Applica1ons) Infrastructure/IaaS) Middleware/PaaS) “My$business$app$is$deployed$on$a$IaaS/ PaaS$cloud$service.$$$ It$enables$me$to$release/deploy$faster.”$ “My$business$app$interacts$with$the$network$ and$programs$changes$to$the$network.$$$ It$improves$my$app’s$user$experience$and$ lowers$my$opex.”$ Business) Applica1ons) Infrastructure) Middleware) “My$business$app$interacts$with$the$network$ and$harvests$informaLon$from$the$network.$$$ It$improves$my$app’s$user$experience.”$ Business) Applica1ons) Infrastructure) Middleware) 1$ 2$ 3$ ApplicaNon$doesn’t$directly$program$a$change$to$the$ network,$but$benefits)from)orchestra1on.$ ApplicaNon$directly)programs)a$change$ to$the$network.$ ApplicaNon$harvests)intelligence)from$the$network$ through$direct$programmable$interface.$ Programma1c)access)
  70. 70. Cisco IT’s SDN Roadmap FY15FY14 Compartmentalized$SoluNons$ Systemic$SoluNons?$ Solu1on) Strategy) DC)Monitor)Manager) (aka$Network$Tap$ Aggregator)$ WAN)Traffic)Steering) Plan/Design/Test$Monitor$Manager$ Deploy$Monitor$Manager$to$RTP$/$RCDN9$/$ALLN01$$ Assess$Transit$SelecNon$ ACL)Management) Assess$ACL$ Management$ Security)Threat)Detec1on) &)Mi1ga1on) Assess$&$Prototype$ XNC)GA) Sep) Nexus)6000) Jan/Feb) Produc1on)Target)(NC)) Dependencies) In)Evalua1on) QoS)Management) Assess$QoS$Mgmt$ Enterprise)Tap) Cloud)Iden1ty)Connector) As)of)Sep)13,)2013) Nov) Plan/Design/Test$$ Selected$Use$Cases$ Nov) Pilot$Deployment$of$ Selected$Use$Case(s)$
  71. 71. MONITOR MANAGER Use Case #1 71
  72. 72. Network Monitoring – Existing Challenges •  Problem –  SPAN sessions have limited scalability and are currently not ‘sharable’ –  Many teams require insight into DC flows for analytics •  Solution –  Multi-SPAN / Packet Capture solution that uses centralized flow control –  Single Pane of Glass into Data Center traffic –  Packet capturing as a service –  Scalability: many source to many destinations –  Adjustable to changing DC Network Architectures 72
  73. 73. Solution Architecture – Overview •  A Software Defined Networking (SDN) solution •  SPAN sessions are aggregated on Nexus 6000 & 3000 switches, via a combination of network taps and SPAN sessions •  Nexus switches are managed by an Cisco ONE Openflow Controller •  Controller directs the flow of SPAN traffic from ingress ports to egress ports to reach their target traffic analysis collectors •  End result is a consolidation of traffic analysis collectors, freeing up space in the data center pods, and a centralized management of SPAN sessions 73
  74. 74. Analysis)tools) NAM module Infinistream CSPO: IDS NAM Collectors)for) applica1ons) Data)Center)1) Data)Center)2) SSWs$ DC$GWs$ UCS$ SSWs$ DC$GWs$ UCS$ N6K$ N3048$ N3048$ N6004$ Controller) SPAN$edge$pod2$ SPAN$edge$pod1$ SPAN$AggregaNon$ Optical TAP SPAN ‘Monitor Manager’ - Solution Architecture PROBLEM$
  75. 75. WAN TRAFFIC STEERING Use Case #2 75
  76. 76. Traffic Steering Use Case Secondary$Path$ Private/Internet$ Today) !)Tomorrow) Ac1veXStandby)Rou1ng)Policy) Ac1veXAc1ve)Rou1ng)Policy) Branch)Office) One)Sta1c)Policy) Command)Line)Controlled) Applied)to)all)Branch)Offices) Dynamic)Intelligent)Policy) Applica1on)Controlled)using)ONEpk) Intelligently)apply)policy) Benefits:)Cost$Avoidance$&$Improved$User$Experience$ Branch)Office) Primary$Path$ Private$WAN$
  77. 77. Use Case: Traffic Steering for Branch Offices Scenario 0: Default Network Behavior - only primary path utilized Route Policy Engine Secondary PathPrimary Path Policy$ p  Secondary$Path$only$uNlized$if$primary$ path$fails$ WAN GW 2 Voice/Video/Data Clients Presentation Engine Connected Backup WAN GW 1 OnePK Application Structure Enterprise Network Data Center
  78. 78. Use Case: Traffic Steering for Branch Offices Scenario 1: Non-Business critical traffic routed via backup circuits Route Policy Engine Policy$ Presentation Engine OnePK Application Structure Connected Backup Enterprise Network Data Center Secondary PathPrimary Path WAN GW 2 Voice/Video/Data Clients WAN GW 1 Benefits) More$effecNve$use$of$branch$site$ WAN$bandwidth$across$large$ enterprise$network$ p  Cost$Savings$ p  User$Experience$ p  Manageability$ $ 1.  Populate$Route$policy$into$Engine$ 2.  Route$Policy$pushed$to$Routers$ 3.  PC$backup$traffic$routed$via$backup$ckt$ $$
  79. 79. Use Case: Traffic Steering for Branch Offices Scenario 2: Primary Path Failure – Deny Connected Backup on Secondary Path Route Policy Engine Policy$ Presentation Engine OnePK Application Structure Connected Backup Enterprise Network Data Center Secondary PathPrimary Path WAN GW 2 Voice/Video/Data Clients WAN GW 1 Benefits) User$experience$for$criNcal$business$ services$is$preserved$following$a$ circuit$failure$
  80. 80. SDN$101$ Cisco$One$ Use$Cases$ Summary$
  81. 81. Why Cisco ONE? Monetize • Launch services quicker • Customize services per tenant • Extrapolate business intelligence from Network Data Simplify • Dynamic Network/ Device Configuration • Fewer Tools and Interfaces • Shift Resources from operations to services creation Optimize • Use Real-Time data to improve application performance • Dynamically shift workload between resources • Improve Resource Utilization
  82. 82. Multiple Approaches to SDN Cisco ONE Enables All of Them Platform API.s [+] Controller & Agents [+] Network Overlays
  83. 83. Open Programmable Application Aware [ + + ] Cisco ONE
  84. 84. Thank You.

×