Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cisco ACI® and SDN: Move beyond first generation SDN with Application Centric Infrastructure

2,782 views

Published on

Cisco ACI® and SDN: Move beyond first generation SDN with Application Centric Infrastructure – Ryan Kido

Published in: Technology
  • Be the first to comment

Cisco ACI® and SDN: Move beyond first generation SDN with Application Centric Infrastructure

  1. 1. Move beyond 1st generation SDN with Application Centric Infrastructure Ryan Kido Systems Engineer SDN & ACI rkido@cisco.com CCIE #8558
  2. 2. Cisco Confidential© 2014 Cisco and/or its affiliates. All rights reserved. Session Goals 2 ▪  What is SDN? ▪  SDN Challenges ▪  What Cisco is doing in SDN ▪  ACI and what’s different about it
  3. 3. Cisco Confidential© 2014 Cisco and/or its affiliates. All rights reserved. 3 SDN? Scale NSX OpenFlow ONF Controllers Overlay Orchestration DevOps API REST Python Puppet Chef Centralized Control Plane Cloud OpenDaylightonePK VXLAN Gateway Applications NFV Commodity Agility Programmable OpenStandards ACI OpenStack Open
  4. 4. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. What is SDN?"
  5. 5. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What SDN is becoming… 5 SDN mmmm… I’ll put that on ANYTHING!
  6. 6. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. This  is  the  promise  of  SDN  
  7. 7. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. …to  “Simplify”  the  administra8on   of  the  network…  
  8. 8. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. …and  for  the  network  to  have   greater  awareness  of   Applica8on  needs  
  9. 9. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved.
  10. 10. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Controller Network Elements
  11. 11. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. 𝜷 𝞪 𝞪 𝜷 ! E 𝞪 𝜷 ! C 𝞪 𝜷 A B C D E
  12. 12. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. WLC APs SBC / SIP Proxy SBC / B2BUAs
  13. 13. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Four parts to Openflow
  14. 14. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Central Administration and Operations point for Network Elements Openflow Controller
  15. 15. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Openflow Controller | Northbound API Northbound API Integral part of Controller “Network enabled” application can make use of Northbound API to request services from the network…
  16. 16. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Openflow Device Agent Agent runs on the network device Agent receives instructions from Controller Agent programs device tables
  17. 17. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Openflow Protocol Openflow Protocol is… “A mechanism for the Openflow Controller to communicate with Openflow Agents…”
  18. 18. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. V M 1 V M 2 V M 3 Virtual Switch Hypervisor" V M 4 V M 5 V M 6 Virtual Switch Hypervisor" IP Network" CGH! SDU! Air Traffic Control System" Ethernet Frames" IP/UDP Packets" IP Addr" 1.1.1.1" IP Addr" 2.2.2.2"
  19. 19. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Logical “switch” devices overlay the physical network Underlying physical network carries data traffic for overlay network They define their own topology
  20. 20. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Multiple “overlay” networks can co-exist at the same time Overlays provides logical network constructs for different tenants (customers)
  21. 21. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Apps Data Plane APIs OnePK Control Plane
  22. 22. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Configure/Operate   Device  Extension   DevOps  Plug-­‐ins   §  Evolve  programmability   architecture  to  common   Cisco  data  models   §  NETCONF  YANG,  REST  and   Python  API   §  PCEP  &  BGP  family  protocols   for  SP  networks   §  Deliver  onePK  GA  on  all   plaRorms   §  Targeted  addi8onal  APIs   development   §  Targeted  focus  on  Open  Flow   1.3  for  SLED   §  Puppet/Chef  plug-­‐in  –   target  DevOps  customers   §  Open  architecture  –  Allow   partners/customers/open   source  developers  to  add   new  plug-­‐ins  and  extensions   Network  Programmability   Strategy  
  23. 23. Cisco Confidential© 2014 Cisco and/or its affiliates. All rights reserved. SDN Challenges 23
  24. 24. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Centralized Controller Challenges 24 EDIT: More complete Dealing with Failures Managing Bursts Achieving Optimal Efficiency Managing Scale
  25. 25. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. I see smoke, but nothing’s on the dashboard? Physical Overlay Overlay Physical 25 Overlay-Only Challenges Reduced Visibility Difficult to Troubleshoot Security/Compliance Challenges Ne of Ne of So Why can’t I go faster? Wow, this totally makes drivers’ licenses useless! •  Initial deployment is slower. Must configure and deploy 2 different networks. •  Benefits are primarily for virtual machines •  Requires a separate, independent, stable, high bandwidth, and fully redundant fabric.
  26. 26. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Programmability Challenges CLI SNMP SYSLOG Higher Level Services Serial Ethernet PoS FC DS3 No good options in traditional APIs
  27. 27. Cisco Confidential© 2014 Cisco and/or its affiliates. All rights reserved. How is Cisco approaching SDN? 27
  28. 28. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Sophisticated DIY DevOps Teams Traditional Enterprise IT Application Providers ▪  Robust APIs ▪  Open Standards ▪  Data Models ▪  Orchestration Integration ▪  Improve Visibility ▪  Reduce Risk ▪  Speed Deployment ▪  Simplify Operations ▪  Reduce CapEx ▪  Deep Data Plane Access ▪  Well Documented APIs ▪  Linux Containers ▪  Shell Access ▪  Software Development Kits 28 Unique Customer Demands
  29. 29. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Unique Network Domain Restrictions 29 Data Center and/or Cloud WAN Campus Un-Constrained Bandwidth Regular Topology Constrained Bandwidth Un-Constrained Topology Un-Constrained Bandwidth Semi Un-Constrained Topology L2/L3 Overlay Network
  30. 30. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Approach to Software Defined Networking Evolving the Network to Meet Emerging Requirements… Preserve What’s Working Evolve for Emerging Requirements • Resiliency • Scale • Rich Feature-Set • Operational Simplicity • Programmability • Application Awareness 30 Evolve the Network for the Next Wave of Application Requirements
  31. 31. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. 31 a OPEN NETWORK ENVIRONMENT Industry’s Most Comprehensive Networking Portfolio Hardware + Software Physical + Virtual Network + Compute Platform APIs Controllers & Agents Virtual Overlays Applications www.cisco.com/go/one Cisco’s Strategy Open Network Environment (ONE)…
  32. 32. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential SDN Projects at Cisco 32 Network Function Virtualization OpenStack (Neutron) onePK REST/JSON APIs Virtual Network Services OpenDaylight Application Centric Infrastructure OPFLEX APIC-EM Monitor Manager (Network Apps) OpenFlow Puppet/Chef Agents NSH - Service Chaining LISP iWAN Sample project list, not exclusive EDIT: Others? Categorize? Controllers - API/P
  33. 33. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. SDN Controller – Overview OK that looks really ugly but wait a minute… … all cars •  Four wheels •  Steering wheel •  Gas pedal •  Brake pedal But complete different use- cases
  34. 34. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. What is Project Open Daylight? Open Daylight is an open source project formed by industry leaders and others under the Linux Foundation with the mutual goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common vendor supported framework. Platinum Gold Silver Controllers
  35. 35. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco APIC Enterprise Module Architecture Abstracts Network Devices to Mask Complexity Treat Network as a System Exposes Network Intelligence For Business Innovation Cisco APIC Enterprise Module Cisco and Third Party Applications Network Devices Catalyst, ASR, ISR Network Info Database Policy Infrastructure Automation REST API CLI, OpenFlow, OnePK API Security QoS Mobility Masking Network Complexity, Exposing Network Intelligence" ." Controllers
  36. 36. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. APIC-EM APIC EM Elastic Services SAL REST APIs APIC EM Services Inventory and Topology Identity and Location Application Awareness Policy Translation QoS Visualizer Policy Management ZTD Visualizer ACL Visualizer Controller Infrastructure CLI Advanced Topology Visualizer Automated Provisioning APIC EM Applications Analysis and Compliance Network Infrastructure Management IWAN APIC-EM Controller Controllers
  37. 37. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Simplifying Access Control List Management Flow-Based ACL Trace and Troubleshooting ACL Switch 1 Router 1Router 2Router 3 Switch 1 Router 1 Router 2
  38. 38. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. CAMPUS Granular Control: Per User Per Application Access Policy Enforcement SiSiSiSi APIC-EM Controller Block Bit-Torrent BRANCH Authentication ISE Block Bit-Torrent AD/Radius Server §  Admin configures business policy to block application traffic on a per user/user_group basis. " §  Controller uses identity information to install user specific access policy at the edge. " §  If the user moves, the controller dynamically moves the user policy along with it, providing near real time granular control" User moves to a branch site. Policy moves with it
  39. 39. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. CAMPUS Granular Control: Per User Per Application Access Policy Enforcement SiSiSiSi APIC-EM Controller Block Bit-Torrent BRANCH ISE AD/Radius Server User moves to a branch site. Policy moves with it §  Important to Note:! §  Network Admin sees the network as a unit" §  Network admin is applying the policy for the user “to the network” and NOT “to the port”" §  Network admin doesn’t have to know which port the user is connected toà this is the job of the controller"
  40. 40. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Easy QoS: Simplified and Centralized QoS Management - No More Individual, Box-by-Box Configuration Config. Cisco Validated Design- Based Templates Control Transacti onalData RealtimeBestEffort Cisco Validated Design {CVD}
  41. 41. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Controlled Availability Release: Path Visualization APIC EM Returns A Path Based on a 5 Tuple Input •  No efficient method to troubleshoot IP voice and video sessions traversing the network on demand •  Calls are dropped routinely and often enough to be a high problem area for many companies •  Lack of network visibility creates large OPEX to diagnose and find problem sources (eats up lots of time and money) •  Often takes days or weeks and trial and error to investigate and interrogate
  42. 42. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Simplifying Access Control List Management Flow-Based ACL Trace and Troubleshooting ACL Switch 1 Router 1Router 2Router 3 Switch 1 Router 1 Router 2
  43. 43. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. CAMPUS Granular Control: Per User Per Application Access Policy Enforcement SiSiSiSi APIC-EM Controller Block Bit-Torrent BRANCH Authentication ISE Block Bit-Torrent AD/Radius Server §  Admin configures business policy to block application traffic on a per user/user_group basis. " §  Controller uses identity information to install user specific access policy at the edge. " §  If the user moves, the controller dynamically moves the user policy along with it, providing near real time granular control" User moves to a branch site. Policy moves with it
  44. 44. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. CAMPUS Granular Control: Per User Per Application Access Policy Enforcement SiSiSiSi APIC-EM Controller Block Bit-Torrent BRANCH ISE AD/Radius Server User moves to a branch site. Policy moves with it §  Important to Note:! §  Network Admin sees the network as a unit" §  Network admin is applying the policy for the user “to the network” and NOT “to the port”" §  Network admin doesn’t have to know which port the user is connected toà this is the job of the controller"
  45. 45. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Easy QoS: Simplified and Centralized QoS Management - No More Individual, Box-by-Box Configuration Config. Cisco Validated Design- Based Templates Control Transacti onalData RealtimeBestEffort Cisco Validated Design {CVD}
  46. 46. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Controlled Availability Release: Path Visualization APIC EM Returns A Path Based on a 5 Tuple Input •  No efficient method to troubleshoot IP voice and video sessions traversing the network on demand •  Calls are dropped routinely and often enough to be a high problem area for many companies •  Lack of network visibility creates large OPEX to diagnose and find problem sources (eats up lots of time and money) •  Often takes days or weeks and trial and error to investigate and interrogate
  47. 47. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. System of record vs. system of change Prime Infrastructure APIC - EM System of Record System of Change •  Policy definition •  Historical reporting on events & performance •  Configuration archive •  Troubleshooting workflows •  Capacity Trending •  Predictive Analytics •  Policy enforcement •  Discovery (for change) •  Topology (for change) •  PnP •  Network state monitoring •  Device abstraction •  Network Control Controllers
  48. 48. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. VxLAN Deep Dive – Overlays Types of Overlay Edge Devices •  Virtual end-points only •  Single admin domain •  VXLAN, NVGRE, STT Tunnel End Point •  Physical and Virtual" •  Resiliency + Scale" •  Cross-organizations/ Federation" •  Open Standards" Network Overlays Integrated Overlays App OS App OS Virtual Physical Fabric DB VM OS VM OS Virtual Virtual VM OS VM OS Host Overlays Physical Physical •  Router/switch end-points" •  Protocols for resiliency/loops" •  Traditional VPNs" •  OTV, VXLAN, VPLS, LISP" Overlays
  49. 49. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. VXLAN Packet Structure ▪  Original L2 Frame Given a VXLAN Header with VNI Original  L2  FrameVXLAN  Header UDP header has a well known UDP destination port reserved for VXLAN IP header has destination and source addresses of the VTEPs Outer MAC header has source VTEP MAC and next hop MAC as destination Outer MAC frame may optionally have a VLAN tag (if needed, i.e. sent over a trunk) F  C  S UDP source port is generated using a hash of the inner /IP Ethernet header à native load-sharing by Bundle/ ECMP Overlays
  50. 50. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. 50 NX-API Linux Container Linux Container Custom App Custom App Application Hosting Options On Box Off Box UCS Director Programmability
  51. 51. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Guest Shell – What?" Guest Shell “What”" ü  Linux Container Environment" ü  Symbiotic relationship with Network OS." ü  Activated at boot time." ü  Application and programmatic interface habitat." ü  Can be resized as needed by user (via CLI)." Guest Shell Innards" ü  RPM package manager (yum)" ü  Python interpreter (pip support)" ü  onePK libraries" ü  bootflash: access" " Allows users access to embedded Linux system Linux Environmen t Modular Secure Resource Isolation Fault Isolation Integrate d Service Programmability
  52. 52. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Programmability Automation and Orchestration - Chef / Puppet •  Cross-platform IT automation software leveraging declarative language to manage IT infrastructure lifecycle •  Allows for automation of configuration or patch roll-out Puppet Master Puppet Agent Programmability
  53. 53. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. REST Follows a Familiar Model" HTTP GET HTML Describes how data should be displayed to please human viewer HTTP GET JSON/XML Describes data in a format applications can understand {"ids":[303776224, 19449911, 607032789, 86544242, 2506725913, 17631389], "next_cursor":0, "next_cursor_str":"0", "previous_cursor":0, "previous_cursor_str":"0"} Web Browsing REST API Programmability
  54. 54. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Programmability – Interfaces Python – Scripting •  Built in Python Shell •  Can be used to execute CLI commands and reference objects through Python interpreter •  Most commands can be executed to return the command output as a Python Dictionary •  Pass arguments to Python scripts from CLI •  Integration with NX-OS Embedded Event Manager (EEM) Programmability
  55. 55. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Customer TAC Engineer ping show ip route show ip arp show mac address-table show port-channel interface show interface Programmability – Interfaces Python – Reduce Time-to-Resolution Programmability
  56. 56. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Customer TAC Engineer INSIEME# detailson 192.168.208.2!  !      Details for IP Address:  192.168.208.2!  ! +---------------+-----------------------+------------------+----------------+--------+--------+-----------------+------------+! |   IP Address  |      Ping Result      |     Next Hop     |      MAC       | L3 Int | L2 Int |      Errors     | Po Members |! +---------------+-----------------------+------------------+----------------+--------+--------+-----------------+------------+! | 192.168.208.2 |   0.00% packet loss   | 10.1.1.1, ospf-1 | 30f7.0d9f.8801 |  Po1   |  Po1   |  0 input error  | Eth1/1(P), |! |               | 0.494/3.455/15.219 ms |                  |                |        |        | 0 output errors | Eth1/2(P)  |! +---------------+-----------------------+------------------+----------------+--------+--------+-----------------+------------+!  !  !      Enter Next IP to get details on (Press 0 to exit): 10.1.1.1!  !      Details for IP Address:  10.1.1.1!  ! +------------+---------------------+----------+----------------+--------+--------+-----------------+------------+! | IP Address |     Ping Result     | Next Hop |      MAC       | L3 Int | L2 Int |      Errors     | Po Members |! +------------+---------------------+----------+----------------+--------+--------+-----------------+------------+! |  10.1.1.1  |  0.00% packet loss  | attached | 30f7.0d9f.8801 |  Po1   |  Po1   |  0 input error  | Eth1/1(P), |! |            | 0.578/0.67/0.945 ms |          |                |        |        | 0 output errors | Eth1/2(P)  |! +------------+---------------------+----------+----------------+--------+--------+-----------------+------------+!  !  !      Enter Next IP to get details on (Press 0 to exit):! Programmability – Interfaces Python – Reduce Time-to-Resolution Programmability
  57. 57. Cisco Confidential© 2014 Cisco and/or its affiliates. All rights reserved. How is Cisco’s Model Different? 57
  58. 58. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. New   Switches   (Nexus  9000)   APIC   Controller   New  Virtual   Switch   Partner   Ecosystem   (Applica1ons)   ACI
  59. 59. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. HYPERVISORHYPERVISOR HYPERVISOR APIC controller is the policy enabler for the ACI infrastructure
  60. 60. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. There are two models that can be used to build a controller architecture 1 2
  61. 61. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Legacy architecture Declarative Imperative Next-Gen architecture
  62. 62. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Openflow is an example of an implementation of the imperative model Openflow Controller S/W App #1 App #2 O/F Agent ASIC HW O/F Agent ASIC HW App #3
  63. 63. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Translation Imperative is a top down approach to managing the network Openflow Controller S/W App #1 App #2 O/F Agent ASIC HW O/F Agent ASIC HW App #3
  64. 64. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. where network state is held and managed by the controller Openflow Controller S/W App #1 App #2 O/F Agent ASIC HW O/F Agent ASIC HW App #3 and pushed down to the network elements
  65. 65. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. … but this ultimately leads to scale limitations for the controller as the network grows… Openflow Controller S/W App #1 App #2 O/F Agent ASIC HW O/F Agent ASIC HW App #3
  66. 66. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Hence the “Imperative” model is not optimal…
  67. 67. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Ok, now why is the “Declarative” model better?
  68. 68. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. The Declarative model uses a bottom up approach APIC Controller Switch Switch
  69. 69. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Where the physical switches handle the network state APIC Controller Switch Switch State State
  70. 70. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. That state is defined by the policies created by the APIC controller APIC Controller Switch Switch Policy Policy Policy Policy Policy State State
  71. 71. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. The “Declarative” model scales much better
  72. 72. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Policy Defined Networking A Declarative Approach 72 “We suffer sometimes from the hubris of believing that control is a matter of applying sufficient force, or a sufficiently detailed set of instructions.” Mark Burgess, “In Search of Certainty”, July 2013 ISBN-13: 978-1492389163 “Set indicator, pull clutch, switch to second gear, turn right, ...” Declarative What - Draw a horse. Imperative How - Pick up your pencil… ED
  73. 73. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI Fabric 
 IP Network with an Integrated Overlay" •  ACI Fabric is based on an IP fabric supporting routing to the edge with an integrated overlay for host routing ‒  All end-host (tenant) traffic within the fabric is carried through the overlay •  Why choose an integrated overlay? ‒  Mobility, scale, multi-tenancy, and integration with emerging hypervisor designs ‒  Data traffic can now carry explicit meta data that allows for distributed policy (flow-level control without requiring flow-level programming) IP fabric with integrated overlay IP (VXLAN)
  74. 74. Cisco Confidential"© 2013-2014 Cisco and/or its affiliates. All rights reserved." 74" Complex application architectures"
  75. 75. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why Network Provisioning is Slow The Language Barrier 75 Developer and infrastructure teams must translate between disparate languages.
  76. 76. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI Policy Model: End Point Groups (EPG) HTTP Service HTTPS Service EPG - Web EPGs are a grouping of end-points representing application or application components independent of other network constructs. POLICY MODEL
  77. 77. Cisco Confidential© 2014 Cisco and/or its affiliates. All rights reserved. ▪  Relationships between objects/ groups are defined by providing or consuming contracts ▪  Connectivity is ‘turned on’ by creating relationships ▪  Objects/groups can provide, consume or both Object Relationships in Policy Defined Networking 77 Consumer provider relationships define which objects or groups can communicate and the policy requirements for that connectivity Policy Contract Policy Contract Policy Contract Users Web Farm App Servers DB Farm
  78. 78. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI Layer 4 - 7 Service Chaining" •  Elastic service insertion architecture for physical and virtual services •  Automation of service bring-up / tear- down through programmable interface Web Server EPG A Web Server Web Server EPG B App Server Chain “Security 5” Policy Redirection Application Admin Service Admin Service Graph begin end Stage 1 ….. Stage N Providers inst inst … Firewall inst inst … Load Balancer …….. ServiceProfile “Security 5” Chain Defined
  79. 79. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. L/B APP DBF/W L/B WEB APIC HYPERVISORHYPERVISOR HYPERVISOR CONNECTIVITY POLICY SECURITY POLICIES QOS STORAGE AND COMPUTE APPLICATION L4..7 SERVICES SLA QoS Security Load BalancingAPP PROFILE Application Network Profiles"
  80. 80. Cisco Confidential© 2014 Cisco and/or its affiliates. All rights reserved. Integrated Analytics 80 ▪  Current Health of EVERYTHING ▪  Traffic analysis per application ▪  Identify problems early ▪  Unified Physical and Virtual Management EDIT: recolor
  81. 81. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Physical Networking Compute L4–L7 Services StorageHypervisors and Virtual Networking Multi DC WAN and Cloud The application-aware network"
  82. 82. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Openness and Security Built In 82 Northbound Open REST APIs Support Integration With Any Software Southbound OpFlex: API Supports Integration with Any Network Device APIC Automation Enterprise Monitoring Systems Management Orchestration Frameworks OV M Hypervisor Management Applications Open Source Open Standards OpFlexNSH VXLAN Open Interfaces JSON XML OpFlex REST Advanced Security "   Policy "   RBAC "   Encryption "   Auditing "   Tenant Isolation Robust Partner Ecosystem
  83. 83. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ACI – Policy Defined Networking Logical network provisioning of stateless hardware 83 ACI Fabric App DBWeb Outside (Tenant VRF) QoS Filter QoS Service QoS Filter APIC
  84. 84. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Services and Our Partners We Accelerate, Optimize and Sustain Success What now? Optimization Services Allow you to Optimize andSustain your Advanced Technologies Workshops Give you the FRAMEWORK to Accelerate the Adoption of Advanced Technologies Maximize ROI Faster! Advanced Services Provides subject matter expertise to Design andDeploy Advanced Technologies
  85. 85. Cisco Confidential© 2014 Cisco and/or its affiliates. All rights reserved. In summary… 85
  86. 86. Cisco Confidential© 2014 Cisco and/or its affiliates. All rights reserved. Why ACI? 86 ▪  Agility ▪  ACI Policy enables mobility of Virtual and Physical workloads in the Data Center. This includes Hosts and Network Services including effective service chaining on a secure, stateless fabric. ▪  Cost ▪  No VM Tax, truly multi-hypervisor ready ▪  Simple Licensing for Leaf Ports and Controller only ▪  Minimal Components to achieve Agility and Openness (Spine, Leaf, APIC) ▪  Open ▪  Published API’s enable a large Ecosystem of Orchestrators, Systems Management, and L4-7 Services ▪  Designed with published standards and driving OpFlex as a standard to further drive Openness across the industry
  87. 87. Cisco Confidential© 2013-2014 Cisco and/or its affiliates. All rights reserved. 87 Cisco SDN Strategy Three Game Changing Differentiators 1. Policy Model 2. Physical + Virtual 3. Open and Secure • Operationally Simple • Lowest TCO • Zero-touch provisioning • Health Metrics • Visibility / Telemetry • Troubleshooting • Open APIs / Open Source • Advanced Security • 3rd Party Integration
  88. 88. Thank you.

×