a survey on sdn technologies
TRANSCRIPT
A Survey on SDN TechnologiesVentura VMUGJuly 14, 2016
Anthony ChowTwitter: @vCloudernBeer
Blog: http://cloudn1n3.blogspot.com/
Basic Networking Concept OSI 7-layer model Source and Destination (MAC or IP address) Forwarding Table Layer-2 bridging Layer-3 routing Broadcast Multicast Unicast North-south vs East-West traffic Northbound and southbound Interface/API
OSI 7 Layers
Layer and Protocol
Broadcast/Multicast/Unicast
What is SDN Different people has different definition. Every vendor said they have a SDN solution “Using software to abstract the networking layer with the
ability to automate” Separation of control and data plane Not necessary a pure software solution (Hint: Cisco)
SDN terminologies The 3 pillars of networking
Management plane Control plane Data plane
Major types of SDN OpenFlow Network Overlay Vendor specific API driven network
OpenFlowIt is a protocol and a set of APIOpenFlow components:
OpenFlow Controller (e.g. OpenDayLight, Brocade, Juniper) OpenFlow switch (e.g. OpenVswitch, pure or hybrid)
Flow table with flow entries: Matching field Counter Action
VMware NSX
NSX – core components
NSX – networking functions Logical L2 Switch Logical L3 Router (distributed) Logical Firewall (distributed) Logical Load Balancer Logical VPN
VXLAN terminologies
Encapsulation VTEP (VXLAN Tunnel End Point) VNI (VXLAN Network ID) IP Multicast
Encapsulation
NSX - VXLAN
NSX - security
Isolation and multi-tenancy Segmentation Service insertion, chaining and steering
Micro-segmentionSegmentation is a security principle used to group
entities within a network into one unit and to apply rules/polices to control the traffic in and out of the segment
Traditional 5-tuple IP based ACL rules is good for perimeter protection
East-west traffic protection is limited with traditional firewall An important principle – zero trust Major components of effective Microsegmentation
Network independent policy definition Centralized policy definition repository Distributed policy enforcement
Cisco ACI
ACI - terminologies
NSX and ACI
• Some similarity• VXLAN• Micro-segmentation• Able to work with other vendors.
• Some differences• ACI need hardware support• NSX will run on any fabric that can provide a reliable IP
infrastructure
NSX and ACI Resources• Books:• Networking for VMware Administrators (VMware Press Technology)• Policy Driven Data Center with ACI, The: Architecture, Concepts, and
Methodology (Cisco Press)
• Blogs:• http://www.vmware.com/radius/evolution-vmware-nsx-timeline/• http://blog.scottlowe.org/learning-nvp-nsx/• http://
www.virtualizationadmin.com/blogs/malhoit/what-im-reading/resources-learning-cisco-aci.html
• Hands-on-Lab:• NSX hands on lab - https://www.vmware.com/products/nsx/nsx-hol
• OpenFlow lab - http://networkstatic.net/openflow-openvswitch-lab/