CohesiveFT SDN Summit Presentation: OpenFlow is SDN, SDN is not OpenFlow
 

CohesiveFT SDN Summit Presentation: OpenFlow is SDN, SDN is not OpenFlow

on

  • 257 views

OpenFlow is SDN, SDN is not OpenFlow

OpenFlow is SDN, SDN is not OpenFlow

Statistics

Views

Total Views
257
Views on SlideShare
256
Embed Views
1

Actions

Likes
0
Downloads
7
Comments
0

1 Embed 1

http://www.docshut.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    CohesiveFT SDN Summit Presentation: OpenFlow is SDN, SDN is not OpenFlow CohesiveFT SDN Summit Presentation: OpenFlow is SDN, SDN is not OpenFlow Presentation Transcript

    • OpenFlow is SDN, SDN is not only OpenFlow Patrick Kerpan, CEO CohesiveFT SDN Summit November 2012 Copyright CohesiveFT - Nov 12, 2012 1Wednesday, November 14, 12
    • Agenda • Company Background • SDN in the News • The Application Layer of Cloud • OpenFlow and Definitions • “Big Tent” Thinking • CohesiveFT’s Answer to SDN Needs • SDN and the Future of Networking • Contact Information Copyright CohesiveFT - Nov 12, 2012 2Wednesday, November 14, 12
    • Company Background Who We Are What We Do • Cohesive Flexible Technologies Corp. • Enable enterprises to run business (CohesiveFT) operations via the cloud • Founded in 2006 by IT and capital • Solutions help migrate, transform and markets professionals with years of extend both customer facing systems experience in operations, enterprise and internal operational platforms software and client-facing services • Only company to promote • First SDN product launched in 2007 comprehensive cloud container with followup products in 2008 and solution for migration, deployment and 2011 control • Offices in Chicago, London, Belo • First Application SDN product in IBM’s Horizonte and Palo Alto SCE and SCE+ Cloud, vendor, and standards neutral. Member of the Open Networking Foundation (ONF) Copyright CohesiveFT - Nov 12, 2012 3Wednesday, November 14, 12
    • Experience: Enterprise Use Cases Our Clients Achievements • 36M virtual device hours in public, Customers Include: private, & hybrid clouds secured by • Global Mutual Fund Company VNS3 • Global ERP provider • • Global BPMS provider Global Cloud-based Threat Detection • Over 8,000 users built, imported, transformed and delivered 33K+ • Global Fashion Brand • Global Toy Manufacturer virtual server templates with Server3 • US National Sports Association • and many more global, transnational and local • Numerous enterprises migrated customers complex applications to the cloud with Context3 References Available Upon Request • 18+ Industry and Cloud partners • 200+ Self Service Customers • 15+ SI Resellers • 15+ ISV OEM Copyright CohesiveFT - Nov 12, 2012 4Wednesday, November 14, 12
    • Recent news shines a light on the long journey to the SDN spotlight OpenFlow brought attention to the need for virtual networks ONF’ founders’ Campus Networks: "Commercial switches and routers do not typically provide an open software platform, let alone provide a means to virtualize either their hardware or software […]and, of course, open platforms lower the barrier to entry for new competitors." Recent SDN news has elevated the concepts of network virtualization to industry buzzword CohesiveFT has been driving the space forward with a production product,VNS3, since 2008 CohesiveFT is a member of the ONF Copyright CohesiveFT - Nov 12, 2012 5Wednesday, November 14, 12
    • The Application Layer Of Cloud Cloud instance 2 Cloud instance 3 Cloud instance 4 App Controlled Cloud instance 1 Application Layer App Stack App Stack App Stack App Stack OS OS OS OS Perimeter of access, control, & visibility Virtual Layer Hypervisor Multiplexed access to: Provider Controlled Compute Storage Network Physical Layer Hardware Copyright CohesiveFT - Nov 12, 2012 6Wednesday, November 14, 12
    • Provider and App Layer Concerns Separated by Limited Access, Control and Visibility SDN Market can be divided into 2 segments 1. Application Layer App Controlled Cloud Instance Application Layer • CohesiveFT VNS3 • Cisco Cloud Service Router App Stack • Citrix CloudBridge OS Perimeter of access, control, & visibility 2. Provider Layer Hypervisor Virtual Layer • Nicira/VMware Provider Controlled • Open vSwitch Multiplexed access to: • Cisco Nexus 1000v • IBM Compute Network Physical Layer • Cisco Storage • Juniper Hardware Copyright CohesiveFT - Nov 12, 2012 7Wednesday, November 14, 12
    • Provider and App Layer Concerns Separated by Limited Access, Control and Visibility SDN Market can be divided into 2 segments 1. Application Layer App Controlled Cloud Instance Application Layer • CohesiveFT VNS3 • Cisco Cloud Service Router App Stack • Citrix CloudBridge OS CURRENT VISION - OpenFlow Stops Here 2. Provider Layer Hypervisor Virtual Layer • Nicira/VMware Provider Controlled • Open vSwitch Multiplexed access to: • Cisco Nexus 1000v • IBM Compute Network Physical Layer • Cisco Storage • Juniper Hardware Copyright CohesiveFT - Nov 12, 2012 8Wednesday, November 14, 12
    • OpenFlow - Early SDN definition The authors of the original ONF paper outlined 5 dimensions that need to be considered for a virtualized network: • Bandwidth • Topology • Device CPU • Traffic • Forwarding Tables It is only the last of these, forwarding tables, that begins to imply a specific implementation for the solution to these challenges. Copyright CohesiveFT - Nov 12, 2012 9Wednesday, November 14, 12
    • Nicira Defined SDN Broadly Later, the Nicira founders defined the 7 Properties of network virtualization: 1. Independence from network hardware 2. Faithful reproduction of the physical network service model 3. Follow operational model of compute virtualization 4. Compatible with any hypervisor platform 5. Secure isolation between virtual networks, the physical network, and the control plane 6. Cloud performance and scale 7. Programmatic networking provisioning and control Copyright CohesiveFT - Nov 12, 2012 10Wednesday, November 14, 12
    • “Big Tent” Thinking within the SDN Conversation Two distinct Cloud Constituencies Remain: • Cloud Service Providers • Cloud Applications The SDN conversation must address concerns of both Providers and Applications to answer the future concerns of: • Who “owns” and “controls” each aspect of the application? • How can you move L2 / L3 networking among data centers driven by the customer, without provider interaction? • How do you use OpenFlow in existing implementations? • How do you improve tunneling approaches? • How do you do encryption throughout? Copyright CohesiveFT - Nov 12, 2012 11Wednesday, November 14, 12
    • CohesiveFT’s Answer to SDN Needs: VNS3 CohesiveFT founders believed Virtual Networking and the ONF definition can benefit from additional application-centric focus on: • Self-service • Mass Customization for enterprise • Journeyman Experience for end users The difference is service providers start at the bottom with the "device" and network flows. We begin at the top with the enterprise application, its owner and their collective technical and organizational demands. Provider Owned/Provider Controlled Provider Owned/User Controlled VNS3 - User Owned/User Controlled User Owned/User Controlled Copyright CohesiveFT - Nov 12, 2012 12Wednesday, November 14, 12
    • CohesiveFT’s Answer to SDN Needs: VNS3 Insights revealed the need for integration, governance and security in the application layer. Enterprises need to control addressing, protocol, topology and security across federated clouds. Cloud Providers must meet the Enterprise Application needs to Bring Your Own Network (BYON) • Federate across cloud targets • Reuse existing IT resources and skills • Customize with compatibility with any vendor, OS, cloud BYON Deployment Example As we put our own systems into the cloud, we were uncomfortable with the implied trust, and explicit loss of control of our network. Copyright CohesiveFT - Nov 12, 2012 13Wednesday, November 14, 12
    • Application Use Case: Look like a Telco • Customer: African mobile application technology company • Challenge: Mobile users need to connect to SMS with users on other networks in a market with a patchwork of carriers • What do you need to do this (in Lagos, Nigeria) • Telcos require me to have a “data center” of public IP addresses used in my private LAN • Also, of course require me to have real public IP endpoint addresses • Any form of connectivity like IPsec, BGP Peering, GRE, etc.. • Of course redundant servers on reliable raised floor • Cloud handles the raised floor, but how do you do the network piece without virtualized network looking like the network the telco wants. • This would have cost hundreds of thousands of dollars pre-cloud, tens of hundreds worst case with the cloud combined with network virtualization. Copyright CohesiveFT - Nov 12, 2012 14Wednesday, November 14, 12
    • Application Use Case: Network Reproducibility • Service provider with innovative mobile management solution. • Like other “born in the cloud” companies - the software gains tremendous leverage out of the cloud for the compute and storage elements. How to get the same leverage from networking? • Each customer requires an almost identical, secure, encrypted network that not only keeps others out, but keeps the information in. • Just use VLANS? • VLANS don’t span datacenters in the cloud • VLANS don’t span vendors; doesn’t allow use of clouds as “points of presence” • VLANS aren’t encrypted throughout the cloud • VLANS usually don’t allow UDP multicast • VLANS don’t separate network location from identity • Customer is running 125+ dynamic network bubbles (and adding more weekly) that can be moved from cloud to cloud as necessary. Copyright CohesiveFT - Nov 12, 2012 15Wednesday, November 14, 12
    • COHESIVE Application Use Case: Network Zones FLEXIBLE TECHNOLOGIES Customer 1 - Topology 1 Customer 2 - Topology 1 Customer 1 - Topology 2 Cloud instance 1 Cloud instance 2 Cloud instance 3 Cloud instance 1 Cloud instance 2 Cloud instance 3 Cloud instance 1 Cloud instance 2 Cloud instance 3 App Stack App Stack App Stack App Stack App Stack App Stack App Stack App Stack App Stack OS OS OS OS OS OS OS OS OS Perimeter of access, control, & visibility Virtual Layer Series of Hypervisors Provider Controlled Multiplexed access to: 16 Physical Layer Compute Storage Network Confidential - CohesiveFT 2012Wednesday, November 14, 12
    • COHESIVE Application Use Case: Network Zones FLEXIBLE TECHNOLOGIES Green Cloud instance 1 Customer 1 - Topology 2 Cloud instance 2 Cloud instance 3 Zone App Stack App Stack App Stack OS OS OS Virtual Layer Series of Hypervisors Red Multiplexed access to: 5 Customer 1 - Topology 1 Physical Layer Cloud instance 1 Cloud instance 2 Cloud instance 3 App Stack App Stack App Stack Zone Compute Storage Network OS OS OS Virtual Layer Series of Hypervisors Yellow Multiplexed access to: 5 Customer 2 - Topology 1 Physical Layer Cloud instance 1 Cloud instance 2 Cloud instance 3 App Stack App Stack App Stack Zone Compute Storage Network OS OS OS Virtual Layer Series of Hypervisors Multiplexed access to: Physical Layer 5 Compute Storage Network Confidential - CohesiveFT 2012 17Wednesday, November 14, 12
    • COHESIVE Application Use Case: Virtual Network Zones FLEXIBLE TECHNOLOGIES One “flat” infrastructure with network connectivity throughout. Virtual networks are created with “green”, “yellow” and “red” properties • Green Properties • Yellow Properties • Red Properties • Connections allowed from netmask representing internal • Connections allowed from netmask representing internal • No Connections allowed from netmask representing ingress/egress ingress/egress internal ingress/egress • Connections from virtual network clients • Connections from virtual network clients • Connections from virtual network clients • Connections allowed from cryptographically recognized • Connections allowed from cryptographically recognized • Connections allowed from cryptographically recognized virtual network managers virtual network managers virtual network managers • Security lattice incorporating host firewall and hypervisor • Security lattice incorporating host firewall and hypervisor • Security lattice incorporating host firewall and hypervisor firewall firewall firewall • No IPsec connectivity • IPsec connectivity allowed to virtual net • IPsec connectivity allowed to virtual net (MAYBE) Customer 1 - Topology 1 Customer 1 - Topology 2 Customer 2 - Topology 1 Cloud instance 1 Cloud instance 2 Cloud instance 3 Cloud instance 1 Cloud instance 2 Cloud instance 3 Cloud instance 1 Cloud instance 2 Cloud instance 3 App Stack App Stack App Stack App Stack App Stack App Stack App Stack App Stack App Stack OS OS OS OS OS OS OS OS OS Virtual Layer Series of Hypervisors Multiplexed access to: 5 Physical Layer Compute Storage Network Confidential - CohesiveFT 2012 18Wednesday, November 14, 12
    • Application Use Case: Creating the Virtual Net Application Virtual Network OpenFlow Today • Must and does span datacenters • Talking about NOW not what is possible in the future. • Must and does span vendors • Mostly within a datacenter • Virtual network controllers get explicitly defined local and public IP • Does not cross the Internet or addresses via automation Vendors • Virtual network controllers connect • Proposed “How does controller get its and peer via cryptographic identity address?” - make DHCP call and checksums • Proposed “How do controllers find • Application (and its executive owners) each other?” - do Bonjour broadcasts are in control of addressing, protocol, topology, security • Vendor is in control of addressing, protocol, topology, security. • Application owner can make attestation of control • Vendor can make attestation of control Copyright CohesiveFT - Nov 12, 2012 19Wednesday, November 14, 12
    • Demo Use Case: Come take a look VNS3 Overlay Network Subnet: 172.31.1.0/24 AWS VPC US-West-2 IBM SCE Terremark AWS VPC Singapore VPC Subnet: 10.0.0.0/23 Boulder, CO vCloud Express VPC Subnet: 10.0.2.0/23 Client #2 Client #1 Client #4 Client #5 Client #3 Client Extra Public IP: 50.112.160.110 Public IP: 50.112.160.109 Public IP: 170.225.97.160 Public IP: 204.51.114.245 Public IP: 54.251.136.83 Public IP: 54.251.136.84 VPC IP: 10.0.1.36 Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.3 Overlay IP: 172.31.1.4 Overlay IP: 172.31.1.2 VPC IP: 10.0.3.238 Peered Peered Peered VNS3 Manager #1 VNS3 Manager #3 VNS3 Manager #3 VNS3 Manager #2 Public IP: 50.112.160.108 Public IP: 170.225.96.174 Public IP: 204.51.124.79 Public IP: 54.251.136.82 Overlay IP: 172.31.1.250 Overlay IP: 172.31.1.248 Overlay IP: 172.31.1.248 Overlay IP: 172.31.1.249 IPsec Tunnel 192.168.3.0/24 - 172.31.1.0/24 192.168.3.0/24 - 10.0.1.0/24 IPsec Device Make: Cisco Model: ASA Public IP: 63.250.226.147 CohesiveFT Network Lab Remote Server Chicago, IL LAN IP: 192.168.3.3 Remote Subnet: 192.168.3.0/24 Copyright CohesiveFT - Nov 12, 2012 20Wednesday, November 14, 12
    • Thank You Patrick Kerpan, CEO Chris Purrington, Global Sales Director CohesiveFT Americas CohesiveFT Europe 200 S. Wacker Dr. 134 EastbourneTerrace Suite 1500 Paddington London Chicago, IL 60606 W2 1BA Public Relations Heidi Groshelle Rose Ross groshelle communications oMarketing Tel: +1 415.821.1454 Tel: + 44 0.208.255.5225 heidi@groshelle.com rose@omarketing.co.uk Copyright CohesiveFT - Nov 12, 2012 21Wednesday, November 14, 12