A Survey on SDN TechnologiesVentura VMUGJuly 14, 2016

Anthony ChowTwitter: @vCloudernBeer

Blog: http://cloudn1n3.blogspot.com/

Basic Networking Concept OSI 7-layer model Source and Destination (MAC or IP address) Forwarding Table Layer-2 bridging Layer-3 routing Broadcast Multicast Unicast North-south vs East-West traffic Northbound and southbound Interface/API

OSI 7 Layers

Layer and Protocol

Broadcast/Multicast/Unicast

What is SDN Different people has different definition. Every vendor said they have a SDN solution “Using software to abstract the networking layer with the

ability to automate” Separation of control and data plane Not necessary a pure software solution (Hint: Cisco)

SDN terminologies The 3 pillars of networking

Management plane Control plane Data plane

Major types of SDN OpenFlow Network Overlay Vendor specific API driven network

OpenFlowIt is a protocol and a set of APIOpenFlow components:

OpenFlow Controller (e.g. OpenDayLight, Brocade, Juniper) OpenFlow switch (e.g. OpenVswitch, pure or hybrid)

Flow table with flow entries: Matching field Counter Action

VMware NSX

NSX – core components

NSX – networking functions Logical L2 Switch Logical L3 Router (distributed) Logical Firewall (distributed) Logical Load Balancer Logical VPN

VXLAN terminologies

Encapsulation VTEP (VXLAN Tunnel End Point) VNI (VXLAN Network ID) IP Multicast

Encapsulation

NSX - VXLAN

NSX - security

Isolation and multi-tenancy Segmentation Service insertion, chaining and steering

Micro-segmentionSegmentation is a security principle used to group

entities within a network into one unit and to apply rules/polices to control the traffic in and out of the segment

Traditional 5-tuple IP based ACL rules is good for perimeter protection

East-west traffic protection is limited with traditional firewall An important principle – zero trust Major components of effective Microsegmentation

Network independent policy definition Centralized policy definition repository Distributed policy enforcement

Cisco ACI

ACI - terminologies

NSX and ACI

• Some similarity• VXLAN• Micro-segmentation• Able to work with other vendors.

• Some differences• ACI need hardware support• NSX will run on any fabric that can provide a reliable IP

infrastructure

NSX and ACI Resources• Books:• Networking for VMware Administrators (VMware Press Technology)• Policy Driven Data Center with ACI, The: Architecture, Concepts, and

Methodology (Cisco Press)

• Blogs:• http://www.vmware.com/radius/evolution-vmware-nsx-timeline/• http://blog.scottlowe.org/learning-nvp-nsx/• http://

www.virtualizationadmin.com/blogs/malhoit/what-im-reading/resources-learning-cisco-aci.html

• Hands-on-Lab:• NSX hands on lab - https://www.vmware.com/products/nsx/nsx-hol

• OpenFlow lab - http://networkstatic.net/openflow-openvswitch-lab/