SDN is an approach that decouples the control plane from the data plane in a network, allowing for centralized control and programmability. This document introduces SDN and network programmability, covering what SDN is and is not, the genesis of SDN, use cases solved by SDN, an overview of OpenFlow, Cisco's SDN solutions including ACI, network overlays, and network controllers. It also discusses the impact of SDN on IT service management.

1. Introduction to
Software-Defined Networking (SDN)
and Network Programmability

2. Abstract
SDN is an exciting new approach to network IT Service
Management. You may have questions about SDN, Controllers,
APIs, Overlays, OpenFlow and ACI. You may also be wondering
what products and services are SDN-enabled and how you can solve
your unique business challenges and enhance your differentiated
services by leveraging network programmability.
In this introductory session we will cover the genesis of SDN, what it
is, what it is not, and Cisco's involvement in this space. Cisco's SDN-
enabled Products and Services will be explained enabling you to
consider your own implementations. Since SDN extends network
flexibility and functionality which impacts Network Engineering and
Operations teams, we'll also cover the IT Service Management
impact.
Network engineers, network operation staff, IT Service Managers, IT
personnel managers, and application/compute SMEs will benefit from
this session.
B
R
K
S
D
N
-
1
0
1
4
2

3. Agenda
• What is SDN & Network Programmability
• What are the Use Cases and Problems Solved with SDN?
• An Overview of OpenFlow
• What Are Cisco's solutions?
• An Overview of Network Overlays
• An Overview of Network Controllers
• An Overview of ACI
• The Impact to IT Service Management
• How to Get Ready

4. What is Software-Defined Networking (SDN)?
• An approach and architecture in networking where control and data planes
are decoupled and intelligence and state are logically centralized
• Enablement where underlying network infrastructure is abstracted from the
applications [network virtualization]
• A concept that leverages programmatic interfaces to enable external
systems to influence network provisioning, control and operations

5. SDN is…
…a new approach at network transformation*
…empowering external influencers to network design and operations
…impacting the networking industry - challenging the way we think about
engineering, implementing and managing networks
…providing new methods to interact with equipment/services via controllers, APIs
…normalizing the interface with equipment/services
…enabling high-scale, rapid network and service provisioning/management
…generating a LOT of ‘buzz’ and attention
…providing a catalyst for traditional Route/Switch engineers to branch-out
* […not the first attempt!]

6. SDN is not…
I Wants
SDN
…a new attempt at network evolution…
…an easy button… [but is intending to make things easier for all!]
…a panacea or end-state
…narrowly defined
…meaning the death of network engineers
…a mandate for all network engineers to become C and Java programmers
…a new ISDN service from Apple called iSDN 

7. Have We Seen This Before?
SS7
ATM LANE
Wireless LAN Controller
GMPLS
Overlays / Encapsulations
MPLS
VPLS
VPN
GRE Tunnels
LISP
Control Plane / Data Plane
Separation –
Centralized Control
Management and
Programmatic Interfaces
SNMP
NETCONF
EEM

8. http://cleanslate.stanford.edu/
Where Did SDN Come From?
2008
Have you tried rebooting
the Internet yet?

9. Control plane learns/computes forwarding decisions
Data plane acts on the forwarding decisions
The Traditional Network…
CP DP CP DP
CP DP CP DP
CP DP CP DP CP DP CP DP
Control Plane (CP)
Data Plane (DP)
Control and Data
Plane resides
within Physical
Device

10. Control plane becomes centralized
Physical device retains Data plane functions only
The Network As It Could Be…to an SDN ‘Purist’
CP DP CP DP
CP DP CP DP
CP DP CP DP CP DP CP DP
CP

11. The Network As It Could Be…In a ‘Hybrid SDN’
CP DP CP DP
CP DP CP DP
CP DP CP DP CP DP CP DP
Controller
A Controller is centralized and separated from the Physical Device,
but devices still retain a localized Control plane intelligence
CP
Cisco Public

12. What are the Use Cases and Problems
Solved with SDN?

13. Why Change?
• Familiar Manual, CLI-driven, device-by-device approach is inefficient
• Increased need for programmatic interfaces which allow faster and automated execution
of processes and workflows with reduced errors
• Need for a ‘central source of truth’ and touch-point
Cisco Public

14. Your Challenges
• Pace of Change – Technology & Competition
• Globalization of the Marketplace
• Proliferation of Social Networking
• IT Budgets, Staffing and Resources
• Accelerated Pace of Consumerization, Virtualization and XaaS Options
• Consumption Economics

15. Private Cloud
Automation
Research/
Academia
 Experimental
OpenFlow/SDN
components for
production
networks
Massively Scalable
Data Center
 Customize with
ProgrammaticAPIs
to provide deep
insight into network
traffic
Service
Providers
 Policy-based
control and
analytics to
optimize and
monetize
service delivery
Enterprise
 Virtual workloads,
VDI, Orchestration
of security profiles
Customer Needs: Network Programmability
Cloud
 Automated
provisioning and
programmable
overlay,
OpenStack
Diverse Programmability Requirements Across Segments
(Automation & Programmability)
Network Flow
Management
Network
“Slicing”
Scalable
Multi-Tenancy Agile Service Delivery

16. SDN Addresses Needs for…
• Centralized configuration, management/control, monitoring of network devices
(physical or virtual)
• Ability to override traditional forwarding algorithms to suite unique business or
technical needs
• Allowing external applications or systems to influence network provisioning and
operation
• Rapid and scalable deployment of network services with life-cycle management

17. An Overview of OpenFlow

18. OF
AGENT
What is OpenFlow?
OF Controller
API
Application
…a Layer 2 communications protocol that gives access to the
forwarding plane of a network device,
…a specification for building switches conforming to the protocol

19. Ingres
s Port
Source
MAC
Dest
MAC
Ether
Type
VLAN
ID
VLAN
Priorit
y
IP
SRC
IP
DEST
IP
Protoco
l
IP
TOS
TCP/U TCP/U
DP DP
SRC DEST
Action Priority Counter
* * * * * * * * Fwd Port
10
100
* * * * * * * * * * * Fwd Port
12
100
Port 1
* * * * * * * * * * * Fwd Port
14…24
100
* * * * * * * * * * * 25 Drop 100
* * * * 0x0800
* * * Controller 100
*
* *
* * Vlan10
* * * * * * 80 Fwd Port 8 200
* * * * * * * * * 80 Rewrite
10.1.2.3;
Fwd port 9
200
* * * * * * * 10.*
* * * * Local 200
192.168.1.*
192.168.1.*
Switching *
Replication/SPAN
Firewall/Security
Inspection * *
Combinations
* Multi-action ; NAT
Local handling
What Makes OpenFlow Different?
Flow Table
00:01:E7:*
3c:07:54:*
* *
Routing
OF v1.0
Example
Cisco Public

20. FLOW
TABLE
OPENFLOW CONTROLLER
6
2
7
CPU
1
4 3
SWITCH FORWARDING
ENGINE5
1
RequiredActions
Forward out all ports
except inputport
2
Redirect toOpenFlow
Controller
3
Forward to local
Forwarding Stack (CPU)
4
Perform action inflow
table
5 Forward to inputport
6
Forward to destination
port
7 Drop Packet
What Makes OpenFlow Different?
Actions
OF v1.0
Example
Cisco Public

21. FLOW TABLE
HEADER FIELDS COUNTERS ACTIONS
…
…
… …
… …
FLOW ENTRY
What Makes OpenFlow Different?
Counters
OF v1.0
Example
Cisco Public

22. An Overview of Network Overlays

23. Overlays
Overlay / Virtual Network
• Mobile
• Scalable
• Supports Segmentation / multi-tenancy
• Programmable & Manageable
Underlay / Fabric
• High Capacity
• Resilient
• Intelligent Traffic Handling
• Programmable & Manageable

24. Layer-2 Overlays
+ Emulate L2 LAN Segment
+ Transport Ethernet Frames (IP andnon-IP)
+ Can emulate physical topologies
- Single Subnet Mobility (L2 domain)
- Exposure to L2 Flooding

25. Layer-3 Overlays
+ Abstract IP-based connectivity
+ Transport IP Packets
+ Can emulate physical topologies
+ Full Mobility regardless of subnet
+ Contain Network Failures/Flooding
+ Useful in abstracting connectivity and policy

26. VM VM VM VM
The Edges of Overlays
Network Overlays Host Overlays Integrated Overlays
Physical Physical Physical
VM VM
Virtual Virtual Virtual
Router/Switch end-points
Protocols for Resiliency & Loops
Traditional VPNs
OTV, VXLAN, VPLS, LISP
Virtual end-points only
Single administrative domain
VXLAN, NVGRE, STT
Physical and virtual end-points
Resiliency & Scale
Cross-org & Federation
Open Standards
Tunnel End-Point

27. Cisco’s Solutions in Overlays
• VXLAN
• MPLS
• OTV
• VPLS
• LISP
• Nexus 1000V
• ACI
BRKDCT-1301 VXLAN Deployment – Use Cases and Best Practices
BRKDCT-2328 Evolution of Network Overlays in Data Center Clouds
BRKDCT-2049 Overlay Transport Virtualization
BRKDCT-3103 Advanced OTV - Configure, Verify and Troubleshoot OTV in Your
Network
BRKDCT-2131 Mobility and Virtualization in the Data Center with LISP and OTV

28. An Overview of Network Controllers

29. What Is OpenDaylight?
• …an open source project formed by industry leaders and others under the Linux
Foundation with the mutual goal of furthering the adoption and innovation of
Software Defined Networking (SDN) through the creation of a common vendor
supported framework.
• Focus: Customers with some programming resources that desire a free,
community-supported SDN controller, especially if focus is on OpenFlow
Platinum Gold Silver

30. Southbound APIs
Device ManagerForwarding Rules Manager
Dijkstra SPF
JavaBundle
OpenFlow (1.0 or 1.3)
Service Abstraction Layer (SAL)
Web UIOpenDaylight Controller
NorthboundAPIsOSGI RESTful
NetworkApplications
ARP Handler
Cisco Sourced Customers 3rd Parties
H/A
NETWORK DEVICES
Cisco or Other OpenFlow-enabled Devices
OpenDaylight (ODL)
Basic Operation Infrastructure
Stats Manager HostTracker
Physical and Logical
TopologyManager
NETCONF OVSDB

31. OpenFlow-enabled
devices that are
configured to this
controller
automatically show
up in the topology

32. Hosts can be added
or learned
Flow-specifications
can be defined or
reviewed

33. What Is APIC-EM?
• A purpose-built, easy to use SDN controller
• Does NOT require programming experience [but does have REST NBI]
• Does NOT require HW/SW upgrades to take advantage of controller model
• Has specific applications built-in to address common network needs:
Policy Management, QoS Management, Zero-Touch Deployment and iWAN
• Available to SmartNet customers without charge
• Focus: Enterprise Customers with Few to No Programming Resources
that desires a Commercially-supported solution that preserves existing
investment and doesn’t require HW/SW upgrades

34. Southbound APIs
NETWORK DEVICES
Web UICisco APIC-EM Controller
NorthboundAPIs RESTful
NetworkApplications Cisco Sourced Customers 3rd Parties
H/A
Controller Applications & Features
Zero-Touch
Deployment (ZTD)
VTY
Investment
protection w/o
HW/SWupgrades
Cisco Application Policy Infrastructure Controller –
Enterprise Module (APIC-EM)
Clustering
Host Tracker
Network Discovery
Topology Manager
Device Manager
Policy Manager
QoS Manager
iWAN
Cisco Devices
onePK / OpenFlow / OpFlex (Future)

35. SDN Innovation:
Network Information Base Provides “One Source of Truth”

36. Topology View

37. APIC-EM @ Cisco Live (San Francisco 2014)

38. Application:
QoS Classification Management

39. Application:
Policy Analysis (ACL Trace Example)

40. What Is APIC?
• The Data Center SDN Controller for the next-generation Fabric-enabled
Nexus 9k family
• Offers services for managing System, Tenant(s), Fabric, VM(s), L4-7
Services
• Focus: Data Center Customers that desire a Commercially-supported
solution that leverages a centralized controller for the Nexus 9k product
family
• NBI: REST, Python
• SBI: OpFlex ACI, REST, L4-7 Scripting API/VTY

41. Southbound APIs
Web UICisco APIC-DC Controller
NorthboundAPIs RESTful
NetworkApplications
NETWORK DEVICES
Cisco Nexus 9k Family
Cisco Sourced Customers 3rd Parties
Advanced GUI
with Extended
Features
Controller Applications/Feature
OpFlex/ACI Agent
Cisco Application Policy Infrastructure Controller (APIC)
REST L4-7 Scripting API / VTY
Python
System
Manager
Tenant
Manager
Fabric
Manager
VM Manager
L4-7 Services
Manager
OpFlex
Cisco’s proposal
to IETF to
standardize a SBI
for policy
management

42. Cisco Application Policy Infrastructure Controller
Centralized Automation and Fabric Management
Storage SME Server SME Network SME
Security SME App. SME OS SME
Open RESTfulAPI
Policy-Based
Provisioning
Layer 4 - 7
Citrix
Cisco
F5 EMC
Corporation
Storage
Management
NetApp
System
Management
Puppet Labs
Python
OpsCode
CFEngine Microsoft
XenServer
OpenStack
Orchestration
Management
CloudStack
VMware Red Hat
KVM
• Unified point of data center network automation
and management:
− Application-centric network policies
− Data model-based declarative provisioning
− Application, topology monitoring, and troubleshooting
− Third-party integration (Layer 4 - 7 services, storage,
compute, WAN, etc.)
− Image management (spine andleaf)
− Fabric inventory
• Single Cisco® APIC cluster supports
one million+ endpoints, 200,000+ ports, and
64,000+ tenants
• Centralized access to all fabric information -
GUI, CLI, and RESTfulAPIs
• Extensible to computing and storage
management

43. Unified Information Model
Unified API
Object Oriented
•
•
•
Comprehensive access to underlying information model
Consistent object naming directly mapped to URL
Supports object, sub-tree and class-level queries
RESTFul over HTTP(s)
JSON + XML
Unified: automatically delegates request to corresponding
components
Transactional
Single Management Entity yet fully independent components
APIC
Cisco Public

44. APIC Architecture overview
Multithreaded, Distributed & Clustered Fabric Controllers

45. Management Access
R
E
S
T
GUI
CLI
Web
Object
Browser
Python
SDK
API Tools
AnyAPIC
https://apic.local/api/mo/uni/tn-common.xml

46. APIC

47. APIC GUI – System Topology

48. APIC-DC

49. API Inspector in GUI

50. Cisco Prime Interlock with SDN/NP
Control
Layer
Device
Layer
Operational Intelligence
Automated Service Provisioning
Dynamic Service Assurance
Visualization and Analytics
Network Intelligence
Device Layer Abstraction
Network Control
Policy Enforcement and Network
Change
Management
and
Orchestration
Layer
Cisco Devices
Data Center, Enterprise Networks
APIC Controller
Data Center Module Enterprise Module
Flow, On
Catalog/
Provisioning
Fault/ User / Data
Events Management
Performance
Monitoring
Reporting /
Analytics
CIAC
UCSD
3rd Party
Apps
PRIME INFRASTRUCTURE
& NAM
REST API (ONE DevKit)

51. DevOps

52. Traditional IT service delivery: Slow, manual, and
error prone
OPS
• Pushes updates
to productionand
manageservice
QA &BAT
• Test that
software works
Development
• Write software /
integrate
underlying
services
Architecture
• Ensureservice
updates are
aligned with
enterprise
architecture
Requirements
• Define strategy&
requiredfeatures
The more complex a project becomes, the longer the schedule, and the higher the
probability of scope and schedule surprises.

53. What is DevOps ?
• DevOps is the utilization of Lean and Agile
techniques to combine development and
operations into a single IT value stream
• Bridges the Gap between Agile Software
Development and Operations
• “Real-time Business” Enabler
• Guiding principles are:
– Culture
– Automation
– Metrics
– Sharing

54. - Gene Kim (author of “The Phoenix Project”)

55. How Do We Go Faster?
Gartner’s Bimodal IT Model
Traditional (Scale Up) Agile (Scale Out)
Many
Applications
Server
Single
Server
Hypervisor
Many
Servers
Distributed
Application

56. DevOps Supports Continuous Integration, Delivery,
and Deployment
• Continuous Integration: Merging of development work with code base
constantly so that automated testing can catch problems early.
• Continuous Delivery: Software package delivery mechanism for
releasing code to staging for review and inspection.
• Continuous Deployment: Relies on CI and CD to automatically release
code into production as soon as it is ready. Constant flow of new
features into production

57. Lean, Agile, and DevOps Combined
Lean Business Principles Agile Development Operations
DevOps

58. Why DevOps

59. The Wall of Confusion
Or, why can’t we all just get on together?

60. Dev: “I have this
new feature for
Bob in finance,
can we deploy it
please?”
Ops: “Have
you tested
it?”

61. “Sure, I just
went through it
on my laptop.”
“Hmm, can
you show me
the test
results?

62. “Uhm, well, if you
come over here I
can show you what
I did.” “Ah, how close do
you think your
laptop matches the
production
environment?”

63. “Quite. Well, where
are the log files, and
which new log
messages are
there?”
“Uhm, not
very, I guess?”

64. “Listen, do you really think I
should deploy this? Not tested
in anything close to production,
no log messages for monitoring
… I am the one who gets
blamed when it doesn’t work,
not you.”
“Wherever they
normally are, and I
didn’t really add any
new log messages,
maybe I should have
…”

65. “Ah, uhm, you know, I
suspect we need to
rethink how this is going
to work, I have a load
more new features in the
pipeline …”
“Yes, your right, we do.
Let’s bring in the others
and have a proper
conversation, this sure
isn’t going to work …”

66. • Everything in revision control, e.g. Git
A While Later … Trust, but Verify

67. • Everything in revision control, e.g. Git
• Fully automated build with testing in a clone of the
production environment
A While Later … Trust, but Verify

68. • Everything in revision control, e.g. Git
• Fully automated build with testing in a clone of the
production environment
• Full visibility of test coverage and results
A While Later … Trust, but Verify

69. • Everything in revision control, e.g. Git
• Fully automated build with testing in a clone of the
production environment
• Full visibility of test coverage and results
• Everything logged and monitored
A While Later … Trust, but Verify

70. • Everything in revision control, e.g. Git
• Fully automated build with testing in a clone of the
production environment
• Full visibility of test coverage and results
• Everything logged and monitored
• Ops trusts that Dev has done the right thing …
A While Later … Trust, but Verify

71. • Everything in revision control, e.g. Git
• Fully automated build with testing in a clone of the
production environment
• Full visibility of test coverage and results
• Everything logged and monitored
• Ops trusts that Dev has done the right thing …
• All automated with full visibility, traceability and reporting
A While Later … Trust, but Verify

75. Coding and
Refactoring
Source Code
Managemnet
Build
Automation
Virtual
Environments
Reporting
and Visibility
Artefact
Management
Continuous
Integration and
Deployment
in the
Development
Cycle
Aspects of DevOps – Agile Development and
CI/CD

76. logstash
Aspects of DevOps – Deployment and Monitoring

77. DevOps and the
Networking World

78. A Typical Enterprise Deployment
Database
• Basic, common, model
App. Server Web Server

79. A Typical Enterprise Deployment
Database
• Basic, common, model
• Amenable to virtualization, so scalable
App. Server Web Server

80. A Typical Enterprise Deployment
Database
• Basic, common, model
• Amenable to virtualization, so scalable
• Supports automation in a clone of the
production environment
App. Server Web Server

81. A Typical Enterprise Deployment
Database
• But what are those lines between the boxes,
what do they do?
App. Server Web Server

82. A Typical Enterprise Deployment
Database
• But what are those lines between the boxes,
what do they do?
• vLANs, ACLs, QoS, WAN connectivity, VPNs …
App. Server Web Server

83. A Typical Enterprise Deployment
Database
• But what are those lines between the boxes,
what do they do?
• vLANs, ACLs, QoS, WAN connectivity, VPNs …
• How do you automate configuration, provisioning
and testing for that?
App. Server Web Server

84. Where are we Today?
What network engineers know and love(?)

85. And What’s Wrong With That?
Well, nothing, if that is what you are in to … BUT, if you want automation …

86. Where’s my
API!?
And What’s Wrong With That?
Well, nothing, if that is what you are in to … BUT, if you want automation …

87. And What’s Wrong With That?
Where’s
myAPI!?
Well, nothing, if that is what you are in to … BUT, if you want automation …
I don’t think production looks
like this!

88. Crossing The Chasm
There is a lot we could learn from each other, if we can cross the chasm
• Code
• Agility
• Automation
• Testing
• Advanced
Tools
• CLI config
• Scalability
• Resiliency
• Stability
• Availability

89. How to Get Ready

90. Controller Deployment
Data Center
CampusBranch
Teleworker
Start by asking/acknowledging the
business problem/opportunity you’re
trying to address with SDN/NP
Carefully track the device support you
have or need for onePK / OpenFlow /
ACI (OpFlex) support as it will dictate
what you can/can’t do
Gauge the programming/development
effort needed to achieve your goals

91. SDN/Network Programmability Impact to ITSM
• External Programs (and App Developers) have access to traditional network
devices – You Good with that!?
• Change Control – Now more Real-Time – Programs/Apps need to participate
• You MUST have Focused, Intentional monitoring of the controllers – they are
the brains!
• You MUST have a Robust backup/redundancy plan for controllers
• You MUST implement Good RBAC, security and accounting – lock-down the
controllers and APIs!
• The Uncle Ben Principle - “With Great Power Comes Great Responsibility”

92. Remember This Inflection Point?
Telephony in 1998
• IP Telephony struggled until we got ‘hybrid engineers’ to translate between the
Circuit Switch ‘Tip & Ring’ and Packet Switch ‘Bits & Bytes’ camps
• Likewise, now, we need the next generation of ‘hybrid engineers’ to translate between
traditional network domain engineers and software/application developers

93. So What Skills Should I Increase On?
• Python
• REST / Web Services
• Regular Expression
• Basic Programming constructs
(conditionals, loops, functions/procedures)

94. Cisco Services
SMART
SERVICE
CAPABILITIES
Services from Cisco Together with Cisco Certified Partners

95. Catalyst Environments
VSS
Driving Catalyst 6500 Migration To Nexus 9000
• Automate Nexus
9000 deployment
and configuration
• Migrate any
Cat6500 topologyto
any Nexus 9000
topology
• Advanced Services
best practices
• Catalyst IOS to
NX-OS config
conversion
Migration
Tools
Nexus 9000 Deployment

96. Cisco Quick Start Service For Nexus 9000
Overview Deliverables Outcomes
• Share best practices and
knowledge
• Increase competency and
speed to optimize ACI in
your environment
• Gain valuable expertise by
having direct access to
Cisco consultants
• N/A
Cisco Public
• Technical advice and
guidance for smooth
integration of Nexus
9000
• Technical consultant 3-
day on-site
• High-level use
case/design discussion

97. Cisco Accelerated Deployment Services For Nexus 9000
Overview Deliverables Outcomes
• Define business and
technical objectives, use
case alignment, currentand
future state
• Assess data center
ecosystem (server, network,
storage, and virtualization)
• Functional specs, design,
test plan, acceptance
criteria
• Support customer team
during validation
• Knowledge transfer
• Blueprint forACI
• Accelerate time-to-value
attainment and production
• Design document
• Configuration migration
• Operations guideline
• Custom script development
• Knowledge transfer

98. Technical Assistance From Cisco TAC
Resolve Issues Quickly
• Computer science/electrical engineering degrees
• Engineering staff averages 5 years' industry experience
• CCIE professionals
• 24x7 global access by phone, web, or email
24x7
• Direct Access to Cisco TechnicalExperts
• Highly trained network and application software engineers worldwide
• Expertise and best practices across data center technologies

99. https://developer.cisco.com
DevNet

100. Questions ?
175

101. Gracias por tu atención
Esperamos verte pronto