Cohesive SDN Summit Presentation: OpenFlow is SDN, SDN is not OpenFlow

Copyright CohesiveFT - Nov 12, 2012
OpenFlow is SDN,
SDN is not only OpenFlow
Patrick Kerpan, CEO
CohesiveFT
1
SDN Summit
November 2012
Wednesday, November 14, 12

Agenda
•Company Background
•SDN in the News
•The Application Layer of Cloud
•OpenFlow and Deﬁnitions
•“BigTent”Thinking
•CohesiveFT’s Answer to SDN Needs
•SDN and the Future of Networking
•Contact Information
2

What We DoWho We Are
Company Background
• Cohesive FlexibleTechnologies Corp.
(CohesiveFT)
• Founded in 2006 by IT and capital
markets professionals with years of
experience in operations, enterprise
software and client-facing services
• First SDN product launched in 2007
with followup products in 2008 and
2011
• Ofﬁces in Chicago, London, Belo
Horizonte and Palo Alto
• Enable enterprises to run business
operations via the cloud
• Solutions help migrate, transform and
extend both customer facing systems
and internal operational platforms
• Only company to promote
comprehensive cloud container
solution for migration, deployment and
control
• First Application SDN product in IBM’s
SCE and SCE+
3
Cloud, vendor, and standards neutral. Member of the Open
Networking Foundation (ONF)

• 36M virtual device hours in public,
private, & hybrid clouds secured by
VNS3
• Over 8,000 users built, imported,
transformed and delivered 33K+
virtual server templates with Server3
• Numerous enterprises migrated
complex applications to the cloud
with Context3
• 18+ Industry and Cloud partners
References Available Upon Request
• 200+ Self Service Customers
• 15+ SI Resellers
• 15+ ISV OEM
Customers Include:
• Global Mutual Fund Company
• Global ERP provider
• Global BPMS provider
• Global Cloud-basedThreat Detection
• Global Fashion Brand
• GlobalToy Manufacturer
• US National Sports Association
• and many more global, transnational and local
customers
AchievementsOur Clients
Experience: Enterprise Use Cases
4

OpenFlow brought attention to
the need for virtual networks
ONF’ founders’ Campus Networks: "Commercial
switches and routers do not typically provide
an open software platform, let alone provide
a means to virtualize either their hardware or
software […]and, of course, open platforms
lower the barrier to entry for new competitors."
Recent SDN news has elevated the
concepts of network virtualization to
industry buzzword
CohesiveFT has been driving the space
forward with a production product,VNS3,
since 2008
CohesiveFT is a member of the ONF
Recent news shines a light on the long journey to
the SDN spotlight
5

The Application Layer Of Cloud
6
AppControlled
Cloud instance 1 Cloud instance 2 Cloud instance 3
PhysicalLayerVirtualLayerApplicationLayer
Perimeter of access, control, & visibility
App Stack
OS
App Stack
OS
App Stack
OS
Cloud instance 4
OS
App Stack
ProviderControlled
Hypervisor
Hardware
Compute Storage Network
Multiplexed access to:

SDN Market can be divided into 2 segments
1. Application Layer
• CohesiveFTVNS3
• Cisco Cloud Service Router
• Citrix CloudBridge
2. Provider Layer
• Nicira/VMware
• Open vSwitch
• Cisco Nexus 1000v
• IBM
• Cisco
• Juniper
Provider and App Layer Concerns Separated by
Limited Access, Control andVisibility
7
Cloud Instance
OS
App Stack
ProviderControlled
Hypervisor
Hardware
Compute
Storage
Network
AppControlled

SDN Market can be divided into 2 segments
1. Application Layer
• CohesiveFTVNS3
• Cisco Cloud Service Router
• Citrix CloudBridge
2. Provider Layer
• Nicira/VMware
• Open vSwitch
• Cisco Nexus 1000v
• IBM
• Cisco
• Juniper
Provider and App Layer Concerns Separated by
Limited Access, Control andVisibility
8
CURRENT VISION - OpenFlow Stops Here
Cloud Instance
OS
App Stack
ProviderControlled
Hypervisor
Hardware
Compute
Storage
Network
AppControlled

OpenFlow - Early SDN definition
The authors of the original ONF paper
outlined 5 dimensions that need to be
considered for a virtualized network:
• Bandwidth
• Topology
• Device CPU
• Traffic
• ForwardingTables
It is only the last of these, forwarding tables,
that begins to imply a specific implementation
for the solution to these challenges.
9

Nicira Deﬁned SDN Broadly
10
Later, the Nicira founders deﬁned the 7 Properties of network virtualization:
1. Independence from network hardware
2. Faithful reproduction of the physical
network service model
3. Follow operational model of compute
virtualization
4. Compatible with any hypervisor platform
5. Secure isolation between virtual networks,
the physical network, and the control
plane
6. Cloud performance and scale
7. Programmatic networking provisioning and
control

“BigTent”Thinking within the SDN Conversation
11
Two distinct Cloud Constituencies Remain:
• Cloud Service Providers
• Cloud Applications
The SDN conversation must address concerns of
both Providers and Applications to answer the future
concerns of:
• Who “owns” and “controls” each aspect of the application?
• How can you move L2 / L3 networking among data centers
driven by the customer, without provider interaction?
• How do you use OpenFlow in existing implementations?
• How do you improve tunneling approaches?
• How do you do encryption throughout?

CohesiveFT founders believedVirtual Networking and the ONF definition can benefit
from additional application-centric focus on:
• Self-service
• Mass Customization for enterprise
• Journeyman Experience for end users
The difference is service providers start at the bottom
with the "device" and network flows. We begin at the
top with the enterprise application, its owner and their collective technical and
organizational demands.
CohesiveFT’s Answer to SDN Needs: VNS3
12
Provider Owned/Provider Controlled
Provider Owned/User Controlled
VNS3 - User Owned/User Controlled
User Owned/User Controlled

Insights revealed the need for integration, governance and
security in the application layer.
Enterprises need to control addressing, protocol,
topology and security across federated clouds.
Cloud Providers must meet the Enterprise Application
needs to BringYour Own Network (BYON)
• Federate across cloud targets
• Reuse existing IT resources and skills
• Customize with compatibility with any vendor, OS, cloud
CohesiveFT’s Answer to SDN Needs: VNS3
13
As we put our own systems into the cloud, we were uncomfortable
with the implied trust, and explicit loss of control of our network.
BYON Deployment Example

Application Use Case: Look like aTelco
• Customer:African mobile application technology company
• Challenge: Mobile users need to connect to SMS with users on other
networks in a market with a patchwork of carriers
• What do you need to do this (in Lagos, Nigeria)
• Telcos require me to have a “data center” of public IP addresses used in my private LAN
• Also, of course require me to have real public IP endpoint addresses
• Any form of connectivity like IPsec, BGP Peering, GRE, etc..
• Of course redundant servers on reliable raised ﬂoor
• Cloud handles the raised ﬂoor, but how do you do the network piece
without virtualized network looking like the network the telco wants.
• This would have cost hundreds of thousands of dollars pre-cloud, tens of
hundreds worst case with the cloud combined with network virtualization.
14

• Service provider with innovative mobile management solution.
• Like other “born in the cloud” companies - the software gains
tremendous leverage out of the cloud for the compute and storage
elements. How to get the same leverage from networking?
• Each customer requires an almost identical, secure, encrypted network
that not only keeps others out, but keeps the information in.
• Just useVLANS?
• VLANS don’t span datacenters in the cloud
• VLANS don’t span vendors; doesn’t allow use of clouds as “points of presence”
• VLANS aren’t encrypted throughout the cloud
• VLANS usually don’t allow UDP multicast
• VLANS don’t separate network location from identity
• Customer is running 125+ dynamic network bubbles (and adding more
weekly) that can be moved from cloud to cloud as necessary.
Application Use Case: Network Reproducibility
15

C O H E S I V E
FLEXIBLETECHNOLOGIES
Conﬁdential - CohesiveFT 2012
Application Use Case: Network Zones
16
PhysicalLayer
Virtual
Layer
ProviderControlled
Series of Hypervisors
Customer 1 -Topology 2
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS

C O H E S I V E
Application Use Case: Network Zones
17
5
PhysicalLayerVirtual
Layer
Multiplexed access to: Customer 1 -Topology 1
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Green
Zone
5PhysicalLayerVirtual
Layer
Yellow
Zone
5
Layer
Red
Zone

C O H E S I V E
Application Use Case: Virtual Network Zones
18
5
Layer
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
One “flat” infrastructure with network connectivity throughout.
Virtual networks are created with “green”,“yellow” and “red” properties
• Green Properties
• Connections allowed from netmask representing internal
ingress/egress
• Connections from virtual network clients
• Connections allowed from cryptographically recognized
virtual network managers
• Security lattice incorporating host firewall and hypervisor
firewall
• No IPsec connectivity
•Yellow Properties
• Connections allowed from netmask representing internal
ingress/egress
firewall
• IPsec connectivity allowed to virtual net
• Red Properties
• No Connections allowed from netmask representing
internal ingress/egress
firewall
• IPsec connectivity allowed to virtual net (MAYBE)

OpenFlow TodayApplicationVirtual Network
Application Use Case: Creating theVirtual Net
• Must and does span datacenters
• Must and does span vendors
• Virtual network controllers get
explicitly deﬁned local and public IP
addresses via automation
• Virtual network controllers connect
and peer via cryptographic identity
and checksums
• Application (and its executive owners)
are in control of addressing, protocol,
topology, security
• Application owner can make
attestation of control
• Talking about NOW not what is
possible in the future.
• Mostly within a datacenter
• Does not cross the Internet or
Vendors
• Proposed “How does controller get its
address?” - make DHCP call
• Proposed “How do controllers ﬁnd
each other?” - do Bonjour broadcasts
• Vendor is in control of addressing,
protocol, topology, security.
• Vendor can make attestation of
control
19

Demo Use Case: Come take a look
20
AWS VPC US-West-2
VPC Subnet: 10.0.0.0/23
Client #2
Public IP: 50.112.160.110
VPC IP: 10.0.1.36
Client #1
Public IP: 50.112.160.109
Overlay IP: 172.31.1.1
VNS3 Manager #1
Public IP: 50.112.160.108
Overlay IP: 172.31.1.250
IPsec Device
Make: Cisco
Model:ASA
Public IP: 63.250.226.147
CohesiveFT Network Lab
Chicago, IL
Remote Subnet: 192.168.3.0/24
Remote Server
LAN IP: 192.168.3.3
IPsec Tunnel
192.168.3.0/24 - 172.31.1.0/24
192.168.3.0/24 - 10.0.1.0/24
VNS3 Overlay
Network
Subnet: 172.31.1.0/24
Client #3
Public IP: 54.251.136.83
Client Extra
Public IP: 54.251.136.84
VPC IP: 10.0.3.238
AWS VPC Singapore
VPC Subnet: 10.0.2.0/23
IBM SCE
Boulder, CO
Terremark
vCloud Express
Client #4
Public IP: 170.225.97.160
Client #5
Public IP: 204.51.114.245
VNS3 Manager #2
Public IP: 54.251.136.82
Overlay IP: 172.31.1.249
VNS3 Manager #3
Public IP: 170.225.96.174
Overlay IP: 172.31.1.248
VNS3 Manager #3
Public IP: 204.51.124.79
Overlay IP: 172.31.1.248
Peered Peered Peered

ThankYou
Patrick Kerpan, CEO
CohesiveFT Americas
200 S.Wacker Dr.
Suite 1500
Chicago, IL 60606
Chris Purrington, Global Sales Director
CohesiveFT Europe
134 EastbourneTerrace
Paddington London
W2 1BA
21
Public Relations
Heidi Groshelle
groshelle communications
Tel: +1 415.821.1454
heidi@groshelle.com
Rose Ross
oMarketing
Tel: + 44 0.208.255.5225
rose@omarketing.co.uk

Cohesive SDN Summit Presentation: OpenFlow is SDN, SDN is not OpenFlow

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Cohesive SDN Summit Presentation: OpenFlow is SDN, SDN is not OpenFlow

Similar to Cohesive SDN Summit Presentation: OpenFlow is SDN, SDN is not OpenFlow (20)

More from Cohesive Networks

More from Cohesive Networks (20)

Recently uploaded

Recently uploaded (20)

Cohesive SDN Summit Presentation: OpenFlow is SDN, SDN is not OpenFlow