More Related Content Similar to The Changing Data Center Landscape (20) More from Cisco Canada (20) The Changing Data Center Landscape2. The Changing Data Centre
Landscape
Patrick LeMaistre, CCIE
Consulting Systems Engineer
plemaist@cisco.com
3. Cisco Confidential 3© 2014 Cisco and/or its affiliates. All rights reserved.
New Cloud Principals Here to Stay
Agility Scale
SecurityWorkload Mobility
4. Cisco Confidential 4© 2014 Cisco and/or its affiliates. All rights reserved.
Business and IT Undergoing Significant Change
Security And
Compliance
CLOUDDEVOPS
Integration
MobilityBig Data And
Analytics
Shifting to an ITaaS Model
CloudDEVOPS
Big Data and
Analytics
Security and
Compliance
Mobility
5. Cisco Confidential 5© 2014 Cisco and/or its affiliates. All rights reserved.
Connectivity Virtualization Simplification Agility Federation
Big Data IoT Applications
Web 2.0 Applications
Mobile—Cloud Applications
Mission Critical Applications
Application Demands Are Driving Data Center Architectures
TIERED
NETWORKS
FABRIC
ARCHITECTURES
APP-CENTRIC
INFRASTRUCTURE
FEDERATED
CLOUDS
FABRIC
AUTOMATION
6. Cisco Confidential 6© 2014 Cisco and/or its affiliates. All rights reserved.
The Promise of SDN
Logical Network/Overlay Protocol
Physical Network
10001101000110101
Control & Data Plane
Decoupled
Network
Virtualization
Direct
Programmability
Centralized Management
Simplification
Agility Programmatically Configured
Dynamically
Automated
7. Cisco Confidential 7© 2014 Cisco and/or its affiliates. All rights reserved.
VIRTUAL
PHYSICAL CLOUD
Rapid deployment of applications onto networks with scale, security and full visibility
Applications—Physical, Virtual and Cloud
Physical
Networking
Hypervisors and
Virtual Networking Compute L4-L7 Services
Multi-DC WAN
and CloudStorage
8. Cisco Confidential 8© 2014 Cisco and/or its affiliates. All rights reserved.
Typical Three Tier Application
Web Tier
ADC
App Tier Database Tier
• Network Connectivity
• Security Policies
• Quality of Service
• Layer 4 – 7 Application Services
• Storage Policies
• Compute Policies
• Hypervisor Policies
Firewall Firewall
Firewall
ADC
9. Cisco Confidential 9© 2014 Cisco and/or its affiliates. All rights reserved.
Policy-Based Data Center
IP Fabric
Web Tier
App Tier
DB Tier
• Controller with end-to-end
application awareness
• IP fabric connecting all physical
and virtual workloads and
services
• Application Network Profile
(ANP) pushed to all components
Controller
Profile
11. Cisco Confidential 11© 2014 Cisco and/or its affiliates. All rights reserved.
Application Centric Infrastructure Components
IP Fabric
Policy Management
Controller
APIC
Application
Network Profiles
End Points
Physical &
Virtual
Physical
Networking
Nexus 2K
Nexus 7K
Hypervisors and
Virtual Networking
Compute L4–L7
Services
Storage Multi DC
WAN and Cloud
Integrated
WAN Edge
12. Cisco Confidential 12© 2014 Cisco and/or its affiliates. All rights reserved.
Subject Matter
Experts Define
Policies
1
Application Network Profiles
Transformation to Stateless Networking
Network
SME
Security
SME
Application
SME
APIC
2
Policies Used To
Create Application
Network Profile
Templates
3
Automated policy
configuration across the
infrastructure
Life cycle management
for day 1, day 2
operations
4
Physical
Networking
Compute L4–L7
Services
StorageHypervisors
and Virtual
Networking
Multi DC
WAN and
Cloud
Nexus 2K
Nexus 7K
Integrated
WAN Edge
13. Cisco Confidential 13© 2014 Cisco and/or its affiliates. All rights reserved.
Application Network Profiles
Deeper Look
Stateless definition of application needs
̶ Contained within a multi-tenant model
̶ Application tiering
̶ Connectivity policies
̶ Layer 4 – 7 services
̶ XML/JSON schema
Fully abstracted
̶ Removes dependencies of the infrastructure
̶ Portable across different data center fabrics
## Network Profile: Defines Application Level Metadata
(Pseudo Code Example)
<Network-Profile = Production_Web>
<App-Tier = Web>
<Connected-To = Application_Client>
<Connection-Policy = Secure_Firewall_External>
<Connected-To = Application_Tier>
<Connection-Policy = Secure_Firewall_Internal &
High_Priority>
. . .
<App-Tier = DataBase>
<Connected-To = Storage>
<Connection-Policy = NFS_TCP &
High_BW_Low_Latency> . . .
Application Connectivity Requirements
14. Cisco Confidential 14© 2014 Cisco and/or its affiliates. All rights reserved.
Application Policy Infrastructure Controller
Centralized Automation and Fabric Management
Layer 4..7 System
Management
Storage
Management
Orchestration
Management
Storage SME Server SME Network SME
Security SME App. SME OS SME
Open RESTful API
Policy-Based
Provisioning
APIC
Declarative data model based
Application monitoring, & troubleshooting
3rd party services integration
Image management (spine / leaf)
Fabric inventory
Single cluster supports 1M+ end points,
200K+ ports, 64K+ tenants
Centralized access to ALL fabric
information - GUI, CLI and RESTful API’s
Extensible to compute and storage
management
15. Cisco Confidential 15© 2014 Cisco and/or its affiliates. All rights reserved.
ACI Lead Networking Platform
1011
0010
Industry Leading Price/Performance, Port Density:
Fastest 10G/40G /100G Platform with Merchant+
Programmability/ Open APIs: Linux Containers,
Python, Power Shell, Puppet, Chef…
Ideal for DevOps!!
15% Better Power & Cooling–2.8X Better Reliability
Innovation Object Model, No Backplane,
No Midplane, Health scores
$ Multi-million Savings 40/100G on Existing
Cables using BiDi Optics. Non disruptive
migration to 40G
Nexus 9000
1/10/40/100G
16. Cisco Confidential 16© 2014 Cisco and/or its affiliates. All rights reserved.
MORE APPS
IMPROVE
PERFORMANCE
OPTIMIZE
UTILIZATION
Improve Application Performance
with ASIC Innovation
SCALE CAPACITY
WITH FLOWLET
SWITCHING
QUALITY OF SERVICE VIA
DYNAMIC LOAD BALACING
LOWER COST AND
NO OVERBUILD WITH
CONGESTION MANAGEMENT
4x..16x
Increase Flow Bandwidth
80%
Improved Application Flow Completion
60%
Increase Fabric Utilization
60%
90%
17. Cisco Confidential 17© 2014 Cisco and/or its affiliates. All rights reserved.
Centralized
Compliance and
Auditing
Import / Export Policy via API
(Support for External Policy Engines)
Engineering LegalSales HR Finance Marketing
ACI Benefit: Secure Multi-tenancy at Scale
Complete Isolation with
Full Scalability and
Security
Policy Separated from
Network Forwarding
Policy
Engine
Enabling a Dynamic Enterprise without Compromise
Encrypted Controller
Communication
AdvancedRoleBased
AccessControl
APIC
18. Cisco Confidential 18© 2014 Cisco and/or its affiliates. All rights reserved.
ACI Benefit: Deep Telemetry — Application and Tenant
APIC
APP
TENANT
Tenant
Tenant 1 Tenant 2
Tenant 3 Tenant 4
19. Cisco Confidential 19© 2014 Cisco and/or its affiliates. All rights reserved.
OPERATIONAL MODELS
RESTful APIs, Python etc.
OpFlex
1. Scripting/Languages
2. IT Automation
3. OpenSource
4. Integrated ACI Approach
(GUI/CLI)
RICH ECOSYSTEM
Hypervisors
L4-L7 Services
Management
Security
Storage
CLOUD
SECURITYNETWORK
APPLICATION
Automate
ACI Benefit: Delivering on Operational Choice
Operational Choice—Service Provider, Enterprise, Commercial
20. Cisco Confidential 20© 2014 Cisco and/or its affiliates. All rights reserved.
UCS Director: Unified Infrastructure Management
UCS Director Application Catalog includes compute, network and storage requirements
UCS Manager/Central
APIC
Single tool to provision and manage existing Nexus fabric & ACI fabric
Automated provisioning of Network, Compute, Storage, L4-7 Services, Virtualization
Support for FlexPod, Vblock, VSPEX
NETWORK STORAGE
Web Tier App Tier DB Tier
Storage Storage
COMPUTE
APP DBWEB
21. Cisco Confidential 21© 2014 Cisco and/or its affiliates. All rights reserved.
Multi-Vendor Hypervisor Support
Network
Admin
Application
Admin
Bare Metal
Server
VLAN
VXLAN
VLAN
NVGRE
VLAN
VXLAN
VLAN
Hypervisor
Management
ACI Fabric
KVM
22. Cisco Confidential 22© 2014 Cisco and/or its affiliates. All rights reserved.
Policy Coordination with Hypervisor Management
Network policy coordination
Automatic virtual end point
detection and policy
placement
Policies consistently
implemented in virtual and
physical
Network policy stays sticky
with VM
Hypervisor
Management
Controller
Web App DB
Application Profile
NetworkPolicy
Coordination
PortGroups VM networks
VM
Attach/ Detach
notification
VMmobility
notification
23. Cisco Confidential 23© 2014 Cisco and/or its affiliates. All rights reserved.
Layer 4 - 7 Service Integration
Centralized, Automated, and Supports Existing Model
• Administrative separation
• Dynamic service insertion
• Fully Automated
• Integrates with existing services
• Endpoint location independence and
mobility
Chain: “Security 5”
Application
Admin
Service
Admin
Service
Graph
begin endStage 1 ….. Stage N
Providers
inst
inst
…
Firewall
inst
inst
…
Load Balancer
……..
ServiceProfile
“Security 5”
ADC
Web Tier
App Tier
25. Cisco Confidential 25© 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric
Based on a Simpler Network
Spine switches
Leaf switches
Fabric is a multistage switching fabric with zero touch startup
26. Cisco Confidential 26© 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric – Mobility
Decoupled Identity, Location & Policy
VTEPVTEPVTEP VTEP VTEP VTEP
Decouples tenant end-point address (MAC or IP) from location
Forwarding within Fabric is between VXLAN Tunnel Endpoints (VTEPs)
Mapping of tenant end-point address to location performed by VTEP (distributed
mapping database)
PayloadIPVXLANVTEP
27. Cisco Confidential 27© 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric – Flexibility
Encapsulation Normalization
Forwarding is ‘not’ limited to nor constrained by the encapsulation type or
encapsulation specific ‘overlay’ network
802.1Q
VLAN 10
VXLAN
VNID = 5789
VXLAN
VNID = 11348
NVGRE
VSID = 7456
Any to Any
802.1Q
VLAN 50
Normalized
Encapsulation
Localized
Encapsulation
28. Cisco Confidential 28© 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric – All Routed
Host Routing at Layer 2 and Layer 3
IP Forwarding
Forwarded using dest IP
address, HW learning of IP
address
10.1.3.11 10.6.3.210.1.3.35 10.6.3.17
MAC Forwarding
Forwarded using DMAC
address, HW learning of
MAC address
29. Cisco Confidential 29© 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric – Load Balancing
Flowlet Switching
H1 H2
TCP flow
• State-of-the-art ECMP hashes
flows (5-tuples)
• Flowlet switching routes bursts
from same flow independently
• No packet re-ordering
Gap ≥ |d1 – d2|
d1 d2
30. Cisco Confidential 30© 2014 Cisco and/or its affiliates. All rights reserved.
ACI Fabric – QOS
Dynamic Flow Prioritization
Real traffic is a mix of large (elephant) and small (mice) flows.
F1
F2
F3
Standard (single priority):
Large flows severely impact
performance (latency & loss).
for small flows
High
Priority
Dynamic Flow Prioritization:
Fabric automatically gives a
higher priority to small flows.
Standard
Priority
Key Idea:
Fabric detects initial few
flowlets of each flow and
assigns them to a high
priority class.
31. Cisco Confidential 31© 2014 Cisco and/or its affiliates. All rights reserved.
ACI Key Takeaways
Application-focused Architecture
• End-to-end application requirements
• Network, Compute, Storage, Security, L4-L7 Services
• Any workload, anywhere, full mobility
• Ubiquitous connectivity
• Non-blocking penalty free Overlay
• Decoupled Identity, Location and Policy
• Rapid flexible provisioning without overhead
• Hardware acceleration and feature enablement
• Open Programmable API and Data model
• System, Hypervisor Management, Automation Tools
and Orchestration Framework
Consistency for Virtual, Physical and
Cloud resource integration
Efficient High-Performance Scalable
Fabric
Software flexibility with Hardware
Performance
Open Ecosystem Framework