It goes without saying that cloud computing has dramatically reshaped the information technology services landscape. Virtualization is unleashing the power of commodity-based technology and open source communities are building new applications and services at an astonishing rate, but networking has lagged behind compute and storage in virtualization and automation. We’ve become accustomed to specialized networking silicon, complex operating systems and highly distributed control planes. For the most part, we’ve accepted the model along with its high costs.
All that is changing! New protocols such as OpenFlow are freeing the network control plane from proprietary operating systems and hardware platforms. We are entering a new era where customers control the features – and release schedules – of new, open networking applications that address the needs of the mega-scale world.
A lot of work is required to realize the potential of Software-Defined Networking (SDN), where we can enjoy the benefits derived from “software automating software.” This talk will examine some of the history that led us to the point where current networking architectures are no longer viable for cloud computing at mega-scale. We’ll take a look at the basics of SDN and some of its key elements – OpenFlow, network virtualization, and orchestration – along with some of the initiatives and companies that are setting the stage for the next generation of networking.
2. Agenda
SDN
Trends, Drivers, Models, Use Cases
OpenFlow
Network Virtualization
Essential things to know
2 SummaLogic LLC/CPlane 10/16/2012
3. The Next (R)evolution?
• What is it?
• When will it be here?
• Who will use it?
• Why will they use it?
• Where will they use it?
How big is this thing?
3 SummaLogic LLC/CPlane 10/16/2012
5. Looking Back – Networking 2007
Access
Routing Mgmt
Control
VPNs … • Millions of lines of code
• 5,400 RFCs
Operating Systems & Middleware • High barrier to entry
• Billions of gates
Specialized Packet Handling/Forwarding Hardware • Huge complexity
• Power/people intensive
• Many complex functions embedded into the infrastructure
• OSPF, BGP, Multicast, NAT, TE, MPLS, Firewalls, …
• Redundant layers/services
• Unique “differentiation”
• Mainframe mentality industry
• Functionality standards hardware nodes
Source: Adapted from ONS12 presentation by Brandon Heller, et al
5 SummaLogic LLC/CPlane 10/16/2012
6. Compounding the problem…
WAN • Evolved campus Ethernet
model into tree structure
• Core
Campus
• Aggregation
Core
• Access
• Most (95%) of traffic is
95% “north-south”
Aggregation • Segregated campus networks
Access at Access to avoid spanning
tree problems
5%
6 SummaLogic LLC/CPlane 10/16/2012
7. Compounding it further…
WAN • Applied same model to the
data center
• Different traffic patterns
Data Center
• Majority “east-west”
Core
• Different performance needs
• Lossless storage traffic
20% • Low latency, high bandwidth
Aggregation • Different service needs to
Access support virtual compute model
• Static to dynamic
• Multi-tenancy
• Workload management
80% by 2014(1)
Source: (1) Gartner Synergy Report
7 SummaLogic LLC/CPlane 10/16/2012
8. And even further…
• Significant gap exists
• Architectural
• Operational
• Organizational
• Assumption that physical fabric
is “up and running”
• YoYo mindset
• Extends to intra- and inter-data
center deployments
• Metro
• WAN
• Carrier
8 SummaLogic LLC/CPlane 10/16/2012
9. Additional market drivers
Video and Mobility are transforming business communications
Up to At least More than
10X 50 Billion 25%
Increase in network Devices will connect to Of all daily business
capacity to support new wireless networks by communications will be
wave of business video the year 2020 video or multi-media
applications communications by
UNIFIED WIRED
2013
INCREASE IN AND WIRELESS
CAMPUS COLLABORATION, T
BANDWIDTH
NETWORKS, IT RAINING, PRODUCT
REQUIREMENTS
CONSUMERIZATION IVITY
Source: Gartner – G00207476 Key Technology Analysis
Gartner – G00175764 Key Issues For Communications Strategies, 2010
ONS12
9 SummaLogic LLC/CPlane 10/16/2012
10. General shift in networking
FROM TO
Hardware/Appliances (Open) Software
Custom ASICs/FPGAs Merchant Silicon
(Logically) Centralized Control
Distributed Control Plane Plane
Protocols APIs
Policy-based Apps and
Function-Specific Features Services
Vendor-controlled Releases Rapid Innovation Cycles
Source: Adapted from ONS12 Presentation by Dan Pitt
10 SummaLogic LLC/CPlane 10/16/2012
11. Which leads us to SDN
ONF
In the SDN architecture, the
control and data planes are
SDN Model
decoupled, network
intelligence and state are
logically centralized, and the
underlying network
infrastructure is abstracted
from the applications.
Wikipedia
A network architecture in
which the network control
plane is decoupled from the
physical topology.
Source: ONF White Paper Software-Defined Networking: The New Norm for Networks – April 13, 2012
11 SummaLogic LLC/CPlane 10/16/2012
12. SDN theory and practice
The Premise… The Promise…
Commodity (merchant silicon) Centralized management and
solutions can be exploited control
Control plane can be More granular network control
distributed Improved automation and
State can be externalized management
Acceptable performance can Rapid innovation
be maintained Programmability
Standards will evolve Increased network reliability
Networking manufacturers will and security
adopt SDN-enabling protocols Better end-user experience
and features
12 SummaLogic LLC/CPlane 10/16/2012
13. Essential elements of SDN
Abstraction
Pooling OpenStack CloudStack VMware
Orchestration Nimbula et al
Automation
Service Insertion
Apps
Programmability (APIs)
13 SummaLogic LLC/CPlane 10/16/2012
14. Inside the layers
• Virtual network overlays
• Slicing
• Tenant-aware broadcast
• Application-aware path computation
• Traffic engineering
• Network services (FW, LB, Security)
• Data plane resource management
• Common services and libraries
• Topology
• Metadata
• State abstraction
• Packet forwarding
• Packet manipulation
• Statistics gathering
Source: Adapted from Dan Pitts, ONF
14 SummaLogic LLC/CPlane 10/16/2012
15. Typical use cases to date
Multi-Tenancy
Network Access Control
Load Balancing
Network Taps
Cut-Through Applications
Network Virtualization (overlays)
Campus slicing
15 SummaLogic LLC/CPlane 10/16/2012
16. OpenFlow
OpenFlow SDN
(by itself)
16 SummaLogic LLC/CPlane 10/16/2012
17. OpenFlow
A protocol specification
Open Networking Foundation
Requires OpenFlow-enabled devices
Switches
Defines controller messages
PACKET_IN, PACKET_OUT, FLOW_REMOVED, etc.
Enables construction of Flow Tables
Match/Action
17 SummaLogic LLC/CPlane 10/16/2012
18. Analogy
Data Web Virtual Load
APP APP
Base Server Overlay Balancer
OS API Network OS API
Server Network Operating System
Operating System (SDN Controller)
CPU Instruction Set OpenFlow Instruction Set
and, or, xor, add, sub, mult, load, move… Match, Add, Modify, Translate, Forward, Drop
Server Hardware OpenFlow-enabled Device
Source: Adapted from IBM ONS12 presentation by Rakesh Saha, IBM & Amit Agarwal, Google
18 SummaLogic LLC/CPlane 10/16/2012
19. Simple OpenFlow-enabled Example
(
f View ) (
f View ) (
f View )
Control Control Control
Programs Programs Programs
Abstract Network View
Network Virtualization
Global Network View
Network OS
Packet
Forwarding
Packet
Forwarding
Packet
Packet Forwarding
Packet
Forwarding Forwarding
Source: Nick McKeown – Stanford University
19 SummaLogic LLC/CPlane 10/16/2012
21. Flow Table Example
(
f View ) (
f View ) (
f View )
Control
Programs
Control
Programs
Control
Programs Flow Table
Abstract Network View
Network Virtualization
Generic primitive that sits on top
Global Network View
of (virtual) switch TCAM,
Network OS
designed to match well with
common ASICs
OpenFlow-enabled switch Example actions:
1. Switching and routing (port)
2. Firewall (drop)
3. Use with switch’s non-
OpenFlow logic (local)
4. Send to controller for
processing (controller)
Foundation network functions are
split between switch and high-
level decisions at the controller
Source: Adapted from ONS12 Presentation by Dan Pitt
21 SummaLogic LLC/CPlane 10/16/2012
22. Major OpenFlow (SDN) Controllers
Languag
Controller Platform(s) License Originator
e
Beacon Java Linux GPL Stanford University
Floodlight Java Linux GPL Big Switch (based on Beacon)
Windows, Mac, GPL (core), FOSS
Maestro Java Rice University
Linux, Android Licenses for your code
Python,
NOX Linux OpenFlow Stanford University
C++
Java,
OpenTransit Linux CPlane License CPlane (LAYERZngn)
Python
ProgrammableFlow
Ruby, C Linux (RHEL 6.1) GPL/NEC NEC (based on Trema)
Controller
Programmable Network
Ruby, C Linux (RHEL 6.1) GPL/IBM IBM (NEC OEM)
Controller
Open Network
Cisco
Environment (ONE)
Virtual Application
HP – Available 2H13
Networks SDN
(Rumored to be Big Switch)
Controller
NetScaler SDX Citrix – Early 2013
? Juniper Networks
22 SummaLogic LLC/CPlane 10/16/2012
23. OpenFlow-Enabled Switches
• Arista • IBM
• 7050 • IBM RackSwitch G8264
• Brocade • Juniper Networks
• MLX Series • MX Series
• NetIron XMR Series • Marvell
• NetIron CER 2000 Series • Prestera
• NetIron CES 2000 Series • NEC
• Cisco • PF5240
• Nexus 7000 Series • PF5280
• Dell • NoviFlow
• Force10 MXL 10/40GbE • NoviKit 100
• Extreme Networks • NETGEAR
• Black Diamond X Series • ProSafe Plus Series
• HP • Pica8
• 3500 Series • 3290, 3295, 3780, 3920
• 3800 Series • Pluribus Networks
• 5400 Series • F64 Series
• 8200 Series
23 SummaLogic LLC/CPlane 10/16/2012
24. Real-world “G-scale” OF example
Source: Google ONS12 presentation
24 SummaLogic LLC/CPlane 10/16/2012
25. Data Center/Cloud Networking Issues
VLAN limits (4,094)
Spanning Tree Protocol disabled links
Reconfiguration to extend VLANs
MAC address contention
MAC address table size in ToR switches
Layer 3 address contention
Security “choke points”
…
25 SummaLogic LLC/CPlane 10/16/2012
26. Virtual Overlays Using IP-encapsulation
Data Center A Data Center B
Hypervisor Hypervisor Hypervisor Hypervisor
VM VM VM VM VM VM VM VM
VIRTUAL OVERLAY
VIRTUAL OVERLAY
Overlay-enabled Overlay-enabled Overlay-enabled Overlay-enabled
Virtual Switch Virtual Switch Virtual Switch Virtual Switch
Physical Physical
Network Network
• “Similar” to other tunneling methods (L2TPV3, AToM, VPLS, LISP)
• Encapsulation via tunnel “endpoints”
• Not dependent on specific transports
• Layer 2 over Layer 3 (e.g., ECMP/OSPF)
• VMs see only Layer 2
• “Customer-edge” easier to set up
26 SummaLogic LLC/CPlane 10/16/2012
27. Common IP-based Encapsulation Methods
Method Full Name Sponsors Approach
Distributed Overlay
DOVE Virtual Ethernet IBM Leverages OTV and VXLAN
Arista Networks,
Network Virtualization
Broadcom, Dell, 24-bit Virtual Subnet Identifier
NVGRE using Generic Routing
Emulex, HP, Intel, (VSI) in GRE header
Encapsulation
Microsoft
24-bit Overlay ID in OTV header
Overlay Transport
OTV Virtualization
Cisco inside UDP VLAN extension via
GRE/MPLS (Nexus 7000)
64-bit Context ID in STT header,
Stateless Transport
STT Nicira (VMware) “TCP-like” header, leverages
Tunneling
TSO/LRO
Arista Networks,
24-bit VXLAN Network Identifier
Virtual Extensible Local Broadcom, Cisco,
VXLAN (VNI) in VXLAN header inside
Area Network to destination endpoint identification
Citrix, Red Hat,
• Different approaches UDP packet
VMware
• Different approaches to load balancing for efficiency
• Can be negatively impacted by “middle boxes” (firewalls, intrusion protection, etc.)
• Some increased exposure to MAC-over-IP security threats
27 SummaLogic LLC/CPlane 10/16/2012
28. Encapsulation Headers
VXLAN NVGRE STT OTV*
Outer Ethernet Outer Ethernet Outer Ethernet Outer Ethernet
Header Header Header Header
Outer IP Header Outer IP Header Outer IP Header Outer IP Header
GRE Header TCP-Like Header UDP Header
UDP Header
Contains VSID (ACK/SEQ Fields) Contains OVERLAY ID
VXLAN Header Inner Ethernet STT Header Inner Ethernet
Contains VNI Header Contains Context ID Header
Inner Ethernet
Inner IP Header Payload Payload
Header
Payload Payload TCP-Like Header
Payload
TCP-Like Header
Payload
*As described in IETF Draft
28 SummaLogic LLC/CPlane 10/16/2012
29. But wait…
Service/ SDN needs to enable this
Application …and needs more than OpenFlow
and virtual overlays
FC Switch FC Switch
SAN SAN
Fiber
Ethernet Optical Optical Ethernet
V V V V Switch V V V V
Switch
M M M M M M M M
Hypervisor Hypervisor
Workload Migration
29 SummaLogic LLC/CPlane 10/16/2012
30. Still work to be done…
Data Plane Control Plane
State of specifications Scalability
Maturity
Changes across releases Centralized vs distributed
Silicon Concerns State coherence between
Specifications outpace silicon control and data plane
development
Merchant silicon not optimized Interoperability
for OF SDN to non-SDN
Performance
Inter-Controller
Scalability of Flow-Matches
(limited by TCAM size) Multi-orchestrator conflicts
Cost driver excludes rich multi- Virtual overlays
core xPU ecosystem
Source: Adapted from ONS12 Presentation by Geng Lin - Dell
30 SummaLogic LLC/CPlane 10/16/2012
31. IEEE
Learning network… IETF
Clean Slate Standards ONF
ONRC Research
Big Switch
Networks
ON.LAB
CPlane
SDNCentral
Scott ConteXtream
ipSpace Shenker
Contrail Systems
Emerging
Nick SDN
Blogs
Martin McKeown Players Embrane
Casado
Midokura
Brad Cloud
Hedlund EtherealMind
Stuff Vyatta Nicira
(VMware)
Twilight in the Pluribus
Valley of the Networks NEC
OpenStack
Nerds
CloudStack Nimbula PLUMgrid
Routing-Bits
VMware
31 SummaLogic LLC/CPlane 10/16/2012