More Related Content Similar to Software Defined Networking/Openflow: A path to Programmable Networks (20) Software Defined Networking/Openflow: A path to Programmable Networks2. Outline
• OpenFlow Introduction
• Software Defined Networking (SDN) Use Case
• A SDN Architecture
• Internet2 - Case Study
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
2
3. From Past to Future
Bringing modularity to network infrastructure
Features
Features (Applications)
Device OS
Network Controller
Hardware
Features
OpenFlow Client
OS
OS
Features
Features
Hardware
Features
Hardware
OS
OS
OpenFlow Client
OS
Hardware
Features
OS
Hardware
Hardware
OpenFlow Client
OS
Hardware
OS
Hardware
Hardware
Physical Infrastructure Today
With Software Defined Networking (SDN)
• Network Controller abstracts physical network
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
3
4. Why Are We Talking About This?
Because the network has become the problem!
“We are allowing the network to constrain optimization of the most valuable assets”
- James Hamilton, VP of Cloud Architecture, Amazon
• Innovation is limited by the capability of the networking vendors
• This approach is decades behind compared to Web 2.0 and SP Cloud
provider requirements:
• Scale
• Operational Efficiency
• Service Velocity
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
4
5. Who is behind Software Defined Networking?
Open Networking Foundation (ONF)
Orchestration
• ONF launched publicly in March, 2011
App
• Support from more than 50 major
companies
• The ONF defines OpenFlow and API
specifications
App
App
App
Virtualization
Network OS
OpenFlow
Features
Physical
Network
OS
Hardware
Features
Features
OS
OS
Hardware
Features
Hardware
OS
Features
Hardware
OS
• Founding members of ONF:
Hardware
ONF SDN Model
(simplified)
x
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
5
7. OpenFlow Introduction
• In a classical router, the data plane (hardware) and
control plane (software) are on the same device
• Part of the control plane functionality supported
outside the router
• “Flow table” in a router manipulated by controller
• Router and controller communicate via OpenFlow protocol
• Originally developed by the OpenFlow Consortium
• http://www.openflow.org
• OpenFlow is now being developed at the ONF
• http://www.opennetworkingfoundation.org/
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
(A)
Classical Router
Control Plane
(software)
Data Plane
(hardware)
(B)
OpenFlow-Enabled Router
Control Plane
OpenFlow
Client
Data Plane
Flow Table
OpenFlow
Controller
OpenFlow
protocol
7
8. OpenFlow Introduction
• OpenFlow-enabled router supports an
OpenFlow Client (control plane software)
• OpenFlow Client communicates with an
OpenFlow Controller using the OpenFlow
protocol
• OpenFlow Controller runs on a server
• OpenFlow-enabled routers support the
abstraction of a Flow Table, which is
manipulated by the OpenFlow Controller
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
OpenFlow Controller
Server
OpenFlow
protocol
Control Plane
OpenFlow
Client
Data Plane
Flow Table
OpenFlow-Enabled Router
8
9. OpenFlow-Enabled Router Operation
• Flow Table contains Flow Entries
• Each Flow Entry represents a Flow, e.g., packets with a given
destination IP address
• The flow table is sorted by flow priority, which is defined
by the controller
Flow Table
Highest Priority
Lowest Priority
• Highest priority flows are at the top of the Flow Table
• Incoming packets are matched against the flow entries
(in order)
Matching
search
Flow Entries
• Matching means: Does the packet belong to this Flow?
• If there is match, flow matching stops, and the set of
actions for that flow entry are performed
• Packets that don’t match any flow entry are typically
dropped
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
9
10. Flow Table Entry
OpenFlow 1.0
OpenFlow-Enabled
Router
Flow Entry
Matching Fields Actions
Control Plane
OpenFlow
Client
OpenFlow
Data Plane protocol
Flow Table
Stats
Packet counters, byte counters,
and etc
•
•
•
•
Forward packet to a port list
Add/remove/modify VLAN Tag
Drop packet
Send packet to the controller
Layer 3
Layer 2
Ingress
Port
•
MAC
DA
OpenFlow
Controller
MAC
SA
EtherType
VLAN
ID
P-bits
IP
Src
IP
Dst
IP
IP
TCP/UDP TCP/UDP
Protocol DSCP src port dst port
Each flow table entry contains a set of rules to match (e.g., IP src) and an action list to be executed in case of a
match (e.g., forward to port list)
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
10
11. OpenFlow Applications
What can we do with OpenFlow?
• OpenFlow itself does not define or mandate any specific application
• OpenFlow is a key “enabler” for SDN. OpenFlow is *not* SDN.
• OpenFlow enables a large set of applications due to its flexibility
• Supported applications should increase over time as new functionality
is added to the OpenFlow specification
• E.g., flow policing/rate limiting
• Ideal for automating common operations
• E.g. security via ACLs, isolation via VLANs or VRFs etc.
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
11
12. SDN USE CASE
Network Virtualization
For Hyper-Scale Data Centers
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
12
13. Network Virtualization
A SDN Application
VM
PHY
VM
VM
PHY
VM
PHY
VM
VM
VM
PHY
PHY
VM
VM
A SDN application that enables
the creation of logical networks
(multi-tenancy) over a common
physical network
PHY
Logical networks contain VMs and
physical workloads (e.g., physical
servers, firewalls, etc)
Enables seamless control of
network resources regardless of
location
SP Physical Infrastructure
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
Logical networks can be used to
bridge private and public clouds
13
14. Network Virtualization Using L2 over L3 Tunnels
TUNNEL TECHNOLOGY: RECENT INDUSTRY PROPOSALS
• VxLAN (IETF draft, August 2011)
• Author: VMware
• NVGRE (IETF draft, September 2011)
L2 over L3 tunnel
L2
L2
L3
L2
• Author: Microsoft
• STT (IETF draft, March 2012
Payload
Tunnel header
• Author: Nicira
BROCADE SOLUTIONS WILL BE TUNNEL AGNOSTIC
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
14
15. VXLAN (Virtual eXtensible LAN)
Optimizing Data Center Networking
ETH HDR
VXLAN HDR
Ethernet
IP+UDP
Original Ether Frame
UDP Payload
VXLAN
VXLAN
Enhanced Scalability
•
•
Offer 16 million VXLAN L2 segments
Conceal VM MACs from L2 backbone
Enhanced Efficiency
• Extend L2 across or within data centers
enabling infrastructure elasticity
IP Network
With Multicast
Enhanced Flexibility
•
•
Preserve simplicity of L2 characteristics
Spanning Tree Protocol is not needed
Layer 2 Network Overlay Over IP Networks
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL
October 18, 2012
15
16. VXLAN Tunnel Discovery and IP Multicast
ARP for 10.1.1.2?
vShield*
Manager
IP Multicast Group
5001
223.1.1.1
5002
223.1.1.2
Outer L3
VXLAN
10.1.1.1
VM 1
VM 2
20.1.1.1
60.1.1.1
VM 4
Dynamic Learning
ESX 1
Dynamic Learning
ESX 2
MAC Address
50.1.1.1
VTEP performs (*, G) join via IGMP
10.1.1.2
Payload
VTEP 1 MAC: MCAST MAC : VTEP 1 IP :223.1.1.1: VXLAN HDR : ARP 10.1.1.2
5001
Provisioning
VNI
Outer L2
IP Network
VTEP
VM1
50.1.1.1 (ESX1)
with Multicast
10.1.1.3
VM 3
MAC Address
60.1.1.1 (ESX2)
VM 5
VTEP
VM2
20.1.1.2
70.1.1.1
ESX 3
*vSphere 5.1 supports VXLAN
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL
October 18, 2012
16
17. Network Virtualization using L2 over L3 Tunnels
Hyper-Scale Data Centers
The network “edge” has moved!
• L2 over L3 tunnels used to create Logical Networks
(multi-tenancy) over physical network
Customer A
Customer B
• Supports virtual (VM) and physical workloads (PHY)
L3 VPN or Internet
Customer A
(Logical Network)
SP DC
VM1
VM2
SDN Controller
PHY
1
Customer B
L2 over L3 tunnels
(Logical Network)
Customer DC
SP DC
VM3
VM4
PHY
2
PHY
VM
VM
Server
vSwitch
VM3
VM
PHY2
Server
vSwitch
VM1
VM
VM4
VM
Virtual workloads
vSwitch: software switch
PHY1
VM2
VM
Physical workloads
Service Provider Data Center
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
17
18. VXLAN Gateway
VXLAN G/W and L4-7 Application Delivery Service
L2 Bridging
VLAN
VXLAN G/W
Tenant 1
VXLAN
L3 Routing
Internet
Internet
Tenant 2
VXLAN
Load Balancing
VXLAN Tunnel Termination
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL
18
October 18, 2012
19. SDN USE CASE
Flow Management with OpenFlow
for Metro/WAN
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
19
20. Flow Management in the Metro/WAN
A SDN Application using OpenFlow
Features (Applications)
• OpenFlow is well suited for flow
management in the metro/WAN
Network Controller
• Facilitates deployment of
innovative new applications, e.g.,
• Global network optimizations
• Solving complex traffic engineering
challenges
• Support traffic engineering incorporating
business rules
OpenFlow
OpenFlow Client
OS
Features
Hardware
OpenFlow Client
OS
OS
Hardware
OpenFlow Client
Hardware
OS
Hardware
Physical Networking Infrastructure
• Applicable to Layer 2, Layer 3, and
MPLS networks
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
20
21. Flow Management in the Metro/WAN
http://www.ietf.org/id/draft-pan-sdn-dc-problem-statement-and-use-cases-02.txt
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
21
22. OpenFlow for WAN Flow Management: Example
Network Operation
Center
Service Provider OpenFlow Controller used
to setup a traffic tunnel between
customer sites A and B
2 OpenFlow Controller pushes the
tunnel configuration to the required
LERs and LSRs
1
3
Customer
Site A
Congestion sets in on network node.
Service is enabled and traffic flows
Customer flow needs to use an
between customer sites
alternate path.
4
Chicago
Customer
Site B
New York
San
Francisco
5
Dallas
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
OpenFlow Controller is used to set up
alternate path and to tear down old
path.
23. SDN USE CASE
Service Insertion with OpenFlow
for Metro/WAN
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
23
24. Use Case:
Flexible Value Added Service Creation
Programmable Logical forwarding path for different Virtual Machine
A
B
C
D
FW
Analytics
DPI
A
A
B
B
C
C
D
D
Caching
Application
Optimization
Data Centre Router
OpenFlow
Controller
Flow Table Entry
Rule
Action
Stats
24
25. SDN USE CASE
Real Time Big Data Analytics
For Hyper-Scale Data Centers
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
25
26. Handling BIG Data in Real Time
Stream Computing
Traditional Computing
Stream Computing
Historical fact finding
Current fact finding
Find and analyze information stored on disk
Analyze data in motion – before it is stored
Batch paradigm, pull model
Low latency paradigm, push model
Query-driven: submits queries to static data
Data driven – bring data to the analytics
Real-time
Analytics
© 2012 Brocade Communications Systems, Inc.
12/7/20
12
27. Network Analytics: Solution Components
Telemetry-enabled Brocade MLX Series performs three key
Analytics Tool Farm
functions
Openflow Controller
Aggregation
Brocade
MLX
SPAN Ports
Telemetry
Enabled
Filtering
TAP Ports
Existing Network
Brocade or Non-Brocade
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL — For Internal Use Only
HTTP
Analyzer
VoIP
Analyzer
Intrusion
Detection
Replication
Custom
Application
(Billing)
27
28. SDN Architecture
For Hyper-Scale Data Centers and WAN Networks
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
28
29. What if you could …
Build your next
data center
optimized for
highest demands
in flexibility,
reliability, and
scale
Virtualize your
network starting
now for greater
responsiveness
and increased
asset utilization
Create and
deliver
customized
services and new
offerings at the
speed of
customer need
Unlock the
intelligence from
your network for
real-time
orchestration
and analytics
30. Why Can’t You Do These Things Today?
The Network Is the Constraint
VLANs
ACLs
QoS
PVLANs
Service
Routing
VM
Hierarchical
VM
VM
VM
VM
VM
Pod
VM
VM
VM
VM
VM
Isolation
Security
SLAs
Shared Services
Service Interposition
VM
Pod
Monolithic
Pod
Closed
© 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA
Pod
North/South-optimized
Inflexible
30
31. Cloud-Optimized Networks via SDN are the
Solution
Brocade delivers a clear path to Software Defined Networking
Cloud
Management
System
VM
VM
PHY
VM
VM
• Network changes are quick
and easy
Network
Controller
PHY
VM
VM
PHY
PHY
VM
PHY
VM
VM
PHY
• Rapid deployment of new
services
Network Fabric
Automated
Open
Flexible
• Flexible, on demand networks
• Highly automated
environments
Personalized
More Resilient
31
32. Cloud-Optimized Networking
Architecture for building the software-defined network
Cloud-Optimized
Network Stack
Enabling
Technologies
Key
Benefits
Cloud Management Layer
Cloud APIs: OpenStack, VMware,
Microsoft, CloudStack, etc.
Automation and
orchestration
Services Layer
Programmatic Control:
OpenFlow; OpenScript
Personalization and
monetization
Network Virtualization Layer
Overlay Networking:
VXLAN, NVGRE, STT; MPLS
Flexibility and efficient
asset utilization
Network Fabric Layer
Any-to-any connectivity:
Ethernet Fabrics; TRILL; IP routing
Reliability and
simplicity
32
33. The Path to Software-Defined Networking
Value added
services
Value added
capabilities
Software-Defined
Network
SDN-ready
network
SDN-enabled
network
SDN-ready
SDN-Enabled
Software-Defined
Simpler & automated
Open
High performance
Programmable
Hybrid-mode
Non-disruptive
Predictive
Flexible
Intelligent
Start now with no risk
Layer in value-added
services
Transform your
infrastructure
34. Internet2 Case Study
Software Defined Networking (SDN) in the Wide Area Network (WAN)
© 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA
34
35. SDN WAN USE CASE
Internet2
OpenFlow Enabled 100GbE Nationwide Backbone
Seattle
Spokane
Olympia
Missoula
Dickinson
Fargo
Albany
Billings
Portland
Bozeman
Eugene
Miles
City
Boise
Bismarck
Minneapolis
Detroit
Madison
Indianapolis
Sacramento
Salt Lake
City
Sunnyvale
Denver
Kansas
City
Las Vegas
San Luis Obispo
Tulsa
Albuquerque
Los Angeles
San Diego
Nashville
Memphis
Chattanooga
Phoenix
Tucson
Dallas
El Paso
IP router node
Optical add/drop facility
Louisville
San
Antonio
Philadelphia
Washington
DC
Ashburn
Cincinnati
St. Louis
New
York (2)
Cleveland
Pittsburgh
Chicago (3)
Reno
Boston
Buffalo
Raleigh
Charlotte
© 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA
•
49 Custom Location
Facilities
•
Jacksonville
Houston (2)
Internet 2
15,500 miles of dark Fiber
•
8.8 Tbps of Optical Capacity
•
Hybrid Mode with protected
OpenFlow traffic
Atlanta
Jackson
Baton Rouge
Exchange Point
35
36. Internet2 NDDI Initiative
Network Development and Deployment Initiative
• Platform for network innovation
• Collaboration between Internet2, Indiana University and the Clean Slate
Program at Stanford University
• Goal: Provide a radically new platform upon which researchers and
students will be able to innovate
• OpenFlow provides an API that allows researchers to control the
network directly
• New Internet2 service called “Open Science, Scholarship and Services
Exchange (OS3E)” on top of the NDDI infrastructure
37. Internet2 Innovation Platform
• Massive bandwidth through a
100GbE Layer 2 connection
• Address traditional bottleneck
and aggregation points to pass
high-bandwidth traffic and
provide performance
monitoring/verification thru
implementation and support
of a Science DMZ
• Introduce SDN capabilities to
support the development and
deployment of new
applications
© 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA
37
38. Thank You
© 2011-2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA
Only
38