Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

N9K / Application Centric Infrastructure

420 views

Published on

Presentation on Nexus 9K and ACI at Cisco Tech Day.

Published in: Technology
  • Be the first to comment

N9K / Application Centric Infrastructure

  1. 1. N9K / Application Centric Infrastructure Anand Louis Product Management – N9K/ACI May 2016
  2. 2. 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved. DATA CENTER TRANSITIONS – ROAD TO ACI/NEXUS 9K VM Density and Server I/0 10G/25G LAN on Motherboard2 Big Data IP Traffic 25% CAGR4 “Bare Metal” 30-40% physical servers1 Multi-Cloud ~45% of DC Multi-Hypervisor3 1. Morgan Stanley CIO Survey, 2013 2. HP 3. Information Week 2013 Virtualization Mgmt Survey, 2013 4. Cisco Global Cloud Index Forecast (2013-2017) Lower TCO | Workload Flexibility | Agility | Compliance/Security
  3. 3. Cisco’s Approach to SDN Providing Choice with Automation and Programmability Cisco ACI Programmable NetworkProgrammable Fabric VxLAN-BGP EVPN standard- based Segment Routing with BGP 3rd party controller support Cisco’s VTS / Nexus Fabric Manager for overlay provisioning Turnkey integrated solution Embedded security, centralized management, and scale Automated application centric-policy model Broad and deep ecosystem Modern NX-OS with enhanced NX-APIs Automation Ecosystem (Puppet, Chef, Ansible, etc.) Common NX-API across N2K- N9K DB DB Web Web App Web App
  4. 4. Momentum Continues to Grow 6,000+ 501400+ Nexus 9K and ACI Customers Globally Ecosystem Partners ACI Customers NEW ECOSYSTEM
  5. 5. ACI Overview
  6. 6. Cisco Confidential 7
  7. 7. 8 © 2013-2014 Cisco and/or its affiliates. All rights reserved. DATA CENTER TRANSFORMATION RESPONSE: BECOME APPLICATION CENTRIC • • • • • • • • •
  8. 8. 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved. DBAPPADC WEBf/w ADC Physical Networking L4–L7 Services Multi DC WAN and Cloud ComputeStorageHypervisors and Virtual Networking APIC APPLICATION CENTRIC POLICY MODEL Network Automation
  9. 9. 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Subject Matter Expert Define Policies 1 SYSTEMS APPROACH: Rapid Deployment of Applications with Scale, Security and Full Visibility Network SME Security SME Application SME APIC 2 Policies Used To Create Application Network Profile Templates 3 Automated policy configuration across the infrastructure Life cycle management for day 1, day 2 operations 4 Physical Networking Compute L4–L7 Services StorageHypervisors and Virtual Networking Multi DC WAN and Cloud Nexus 2K Nexus 7K Integrated WAN Edge APPLICATION CENTRIC POLICY MODEL: BUILDING ON TRANSFORMATIVE APPROACH OF UCS
  10. 10. 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved. DBAPP ADC WEBF/W ADC ESX MGMT VMOTION Bare Metal Linux Container ACI integrated security - open, flexible, policy-driven VLAN = EPG Application granularity APPLICATION CENTRIC POLICY MODEL: SECURITY & MICRO- SEGMENTATION
  11. 11. 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved. PHYSICAL & VIRTUAL AGILITY APP MOBILITYAPP VISIBILITY Latency Health Score Isolation Systems Telemetry 25 Packets dropped Latency Health Score Isolation Systems Telemetry 0 Packets dropped Tenant Application
  12. 12. Cisco Confidential 13 CentralizedCompliance andAuditing Import / Export Policy via API (Support for External Policy Engines) AutomatedServices Chaining Engineering LegalSales HR Finance Marketing ACI SECURITY WITH MULTITENANCY Complete Isolation with Full Scalability and Security PolicySeparatedfrom Network Forwarding Policy Engine ENABLING A DYNAMIC ENTERPRISE WITHOUT COMPROMISE APIC Encrypted Controller Communication AdvancedRoleBased AccessControl
  13. 13. Cisco Confidential 14© 2013-2015 Cisco and/or its affiliates. All rights reserved. Attributes Based Intra-EPG BasedEPG Based Cisco ACI Delivers Flexible, Granular, Consistent Microsegmentation Attributes Based Micro-segmentation VMware VDS, Microsoft Hyper-V, KVM*, Cisco AVS, Physical ACI Benefits PROD POD DMZ SHARED SERVICES Basic DC Segmentation DEV TEST PROD Application Lifecycle Segmentation WEB APP DB Service Level Segmentation Network-Centric Segmentation VLAN 1 VXLAN 2 VLAN 3 FW OS ‘Linux’ IP ‘1.1.1.1’ FW Name ‘Video’ Intra-EPG Isolation All Workloads Can Communicate Application Tier Policy Group Isolate Workloads within Application Tier Application Tier Policy Group Quarantine Compromised Workloads Isolate VMware VDS Microsoft Hyper-V KVM* Cisco AVS Policy Driven Micro-segmentation for Any Workload Physical *Future
  14. 14. L4-7 PARTNERS ADC AND FIREWALL serviceprofile providers inst inst … Firewall inst inst … Virtual ADC Service Graph …. begin endstage 1 ….. stage N Web Serve r App Tier A App Serve r App Tier B Chain “Security 5” Service Insertion CENTRAL CONTROL POINT FOR NETWORK AND L4-7 SERVICES PHYSICAL & VIRTUAL APPLIANCES VISIBILITY, ANALYTICS, FORENSICS AUTOMATE COMPLIANCE, CENTRALIZED AUDIT L4-7 Services Partners APIC
  15. 15. Attributes Based Intra-EPG BasedEPG Based Cisco ACI Delivers Flexible, Granular, Consistent Microsegmentation Attributes Based Micro-segmentation VMware VDS, Microsoft Hyper-V, KVM*, Cisco AVS, Physical ACI Benefits PROD POD DMZ SHARED SERVICES Basic DC Segmentation DEV TEST PROD Application Lifecycle Segmentation WEB APP DB Service Level Segmentation Network-Centric Segmentation VLAN 1 VXLAN 2 VLAN 3 FW OS ‘Linux’ IP ‘1.1.1.1’ FW Name ‘Video’ Intra-EPG Isolation All Workloads Can Communicate Application Tier Policy Group Isolate Workloads within Application Tier Application Tier Policy Group Quarantine Compromised Workloads Isolate VMware VDS Microsoft Hyper-V KVM* Cisco AVS Policy Driven Micro-segmentation for Any Workload Physical *Future
  16. 16. HW Overview
  17. 17. ASIC Portfolio For Nexus 3000/9000 Merchant Merchant + Cisco 1st Gen Switches: 2013–2015 40nm 28nm Trident T2 ASE, ALE Merchant 2nd Gen Switches: 2016+ 28nm 16nm Tomahawk Trident 2+ LSE, ASE2 40nm Scale • Route/ Host tables • Encap normalization • EPG/ SGT/ NSH Telemetry • Analytics • Atomic Counters Optimization • Smart Buffers • DLB/ Flow Prioritization
  18. 18. Driving Innovation to Deliver Choice Next-Gen Nexus 9K Portfolio With Cloud Scale Technology 25G at Price of 10G; 100G at Price of 40G 2.5x Bandwidth at Same Price Cloud Scale Technology Up to 12x Scale of Competition Embedded Security, Analytics, and Telemetry at 100G Wire Rate Open Choices for SDN and Network Automation
  19. 19. Nexus 9000 Migration Flexibility SCALE PERFORMANCE INVESTMENT PROTECTION Convergence of ACI Spine and NX-OS Aggregation in one line card Flexible path from 40G to 100G Larger route tables and buffer (Cisco ASIC) Density with Choice (144Gx10G, 144x25G, 72x50G per card) Larger route tables and buffers (Cisco ASIC) Analytics/ Netflow* support (Cisco ASIC) High Density Designs Up to 72p fixed w/ Cisco ASIC 40G ACI Spine 40G NX-OS Agg. 10G Server Access 10G/40G FEX Agg. Unified 40/50/100G 10G/25G/40G/50G Server Access 10G/40G/100G FEX Agg. CY13-15 CY15/16+ * Hardware Ready, Check software roadmap for enablement timelines
  20. 20. Nexus 9000 Cisco Cloud Scale Technology Scale 5x host scale (750k vs. 120k) 15x IPv6 routes (384k vs. 20k) 2x MAC address scale (512 vs. 288k) Price/ Performance 25G at the cost of 10G 100G at the cost of 40G Visibility Flow-let based congestion detection Per-flow Visibility (5x of NetFlowv9) Security Any Encap (VXLAN, MPLS) VxLAN single-pass Multi-Speed 10/25/40/50/100G w/ investment protection
  21. 21. How Do You See Your Business Benefiting from Automation of Your Network?
  22. 22. Network Automation – Zero Touch Provisioning Automated Topology Discovery Plug & Play Device Attach Automated Image Management Policy Based Upgrade Automated Fabric Configuration and Addressing 150 Nodes Deployed, < 1 Hour - Large Service Provider Network Automation
  23. 23. Enterprise Software Company L4-L7 Services Automation Automated Addition/Removal of ACL rules when an Application is Created/Deleted Automation delivers better security - Denial log will help us what type of traffic is hitting the policy Automation - Dynamic Endpoint Attachment helps identify new host detection and assignment to right EPG 16X Reduction in Access Lists Many Data Center customers use multiple firewalls and its hard for them to keep up with ACL changes
  24. 24. 25 © 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI SOLVES REAL CUSTOMER CHALLENGES Reduce Network Provisioning 58% Reduce Management Costs 21% Reduce Power and Cooling Costs 45% CAPEX Reduction 25% Compute and Storage Optimization 10 – 20% Greater Business Agility Lower Capital Expenses Reduced Costs / Complexity Lower Operating Cost Resource Optimization
  25. 25. VXLAN OVERLAYS OVERVIEW
  26. 26. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Customer Needs VXLAN Delivered Any workload anywhere – VLANs limited by L3 boundaries Any Workload anywhere- across Layer 3 boundaries VM Mobility Seamless VM Mobility Scale above 4k Segments (VLAN limitation) Scale up to 16M segments Secure Multi-tenancy Traffic & Address Isolation VTEP VTEP VTEP VTEP VTEP VXLAN Overlay
  27. 27. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public LIMITED SCALE Flood and learn (BUM)- Inefficient Bandwidth Utilization Resource Intensive – Large MAC Tables LIMITED WORKLOAD MOBILITY Centralized Gateways – Traffic Hair-pining Sub-Optimal Traffic Flow VTEP VTEP VTEP VTEP VTEP VXLAN Overlay Barrier for Scaling out Large Data Centers and Cloud Deployments
  28. 28. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public INCREASED SCALE Eliminates Flooding Conversational Learning Policy-Based Updates OPTIMIZED MOBILITY Distributed Anycast Gwy INTEROPERABLE Standards Based BGP-EVPN VXLAN VTEP VTEP VTEP VTEP VTEP Route Reflector Route Reflector BGP-EVPN VXLAN Overlay BGP Peers Breaking the VXLAN Fabric Scale Barriers OPERATIONAL FLEXIBILITY Layer 2 or Layer 3 Controller Choice VXLAN Fabric with BGP-EVPN Control Plane
  29. 29. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public VTE P Local LAN Local LAN Local LAN Local LAN IP Transport Network VTE P VTEP VTEP VXLAN VNI LAN Segment Underlay Network: • IP routing – proven, stable, scalable • ECMP – utilize all available network paths Overlay Network: • Standards-based overlay • Layer-2 extensibility and mobility • Expanded Layer-2 name space • Scalable network domain • Multi-Tenancy
  30. 30. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Overlay services – Layer-2 – Layer-3 – Layer-2 + Layer-3 Tunnel Encapsulation Underlay transport network • Peer discovery mechanism • Overlay L2/L3 Unicast traffic • Route learning and distribution mechanism – Local learning – Remote learning Control Plane • Overlay Broadcast, Unknown (Layer-2) traffic, Multicast traffic (BUM traffic) forwarding Data Plane

×