2. “The traveler who crosses a mountain in
the direction of a star runs the risk of
forgetting which is his guiding star if he
concentrates too exclusively on the
climbing problems. If he only acts for
action's sake, he will get nowhere.”
Antoine de Saint-Exupéry
3. Micromanagement
Automation has
been an attempt at
industrialization of
micromanagement
practices
do do do do do do do do do do
do do do do
Do this sequence of things
4. App intent
this is how I expose
myself to other apps/
components/services
This is how
I need to
consume
infra
This is my application
component
some other app
some other app
storage
requirements
compute
requirements
placement
requirements
scaling
rules
booting/init
rules
image
rules
vm vm …. vm
some app/
component/
service
What apps/components/
services do I depend on?
a real application consists of many of these
Network and netsec
are implicit
! Abstraction
! Portability
! Self-containment
! No leakage of unnecessary knowledge across apps
5. What is Network Control?
A B
YES You can
talk about this:
{ subject*, L4 Ports, … }
! End point A can talk to end point B
C D
NO You can’t
! End point C can’t talk to end point D
! the rest is path optimization
SDN, HDN, …
Traditional Networking, …
Overlays, ….
Quantum Entanglement, ….
6. … In French
I like to talk
about bees..
Vous me rappelez des
abeilles! (let’s talk about
bees… in French…)
Blah blah blah.…
PROViDER CONSUMER
Policy is like control of the subjects that
people can talk about. Provider specifies the
subjects and rules and consumer can only
communicate on specified subjects, subjected
to rules associated with the subjects.
….endpoints talking to each other
14. contractsurface
a logical
projection of an
“API” onto a
“wire” from the
vantage point of
the provider
subject
subject
taboo
taboo
subject
subject
subject
subject
taboo
taboo
subject
subjectsubject
subject
taboo
taboo
subject
subject
subject
subject
subject
taboo
taboo
subject
subject
Ooo la la…
I feel very safe.
Consume me!
protective membrane
consisting of multiple
contracts
receptor
15. contractsurface
a self contained
service definition
with any number of
symmetrically
behaving “end-
points”
subject
subject
taboo
taboo
subject
subject
subject
subject
taboo
taboo
subject
subjectsubject
subject
taboo
taboo
subject
subject
subject
subject
subject
taboo
taboo
subject
subject
Contact D
ContractB
Contract C
ContractA
Protective Membrane
contracts express
how this service can
be talked to, what
about, and what
happens to the
conversations
group
group
17. What would a three-tier app look like?
EPG WEB EPG APP EPG DB
provide
provide
provide
provide provide provide
infra shared services
consume consume consume
L3 context
bd bd bd
webcontract
javacontract
sqlcontract
mgmt contract
Outside
consume consume
consumeNW Public
NW Private
subnet
subnet
18. What would a three-tier app look like?
EPG WEB EPG APP EPG DB
provide
provide
provide
provide provide provide
infra shared services
consume consume consume
L3 context
bd bd bd
webcontract
javacontract
sqlcontract
mgmt contract
Outside
consume consume
consumeNW Public
NW Private
subnet
subnet
access
control
self-documenting
expressionofintent
isolation
19. Division of Labor: separation of responsibilities
infrastructure policies
! How infrastructure is used
! How fabric is used
Tenant intent
EPG WEB EPG APP EPG DB
NW Public
NW Private
subnet
subnet
provide
provide
provide
provide provide provide
infra shared services
consume consume consume
L3 context
bd bd bd
webcontract
javacontract
sqlcontract
mgmt contract
Outside
consume consume
consume
isolation
access control
Operational Policies
! Exceptions
! Faults
! Stats
! Health
! Logs
! …
tenant/
app owner
networking guy
ops guy
29. interconnected components, with dependencies and requirements
cont
cont
…
web
VM
VM
…
app
phys
phys
…
db
internet
External
Private
Network
Intent-defined networking
30. Define Intent: What app is. What app Needs.
How do apps talk to each other
Automate instrumentation of intent