embracing sdn in next generation networks
Post on 14-Jul-2015
716 Views
Preview:
TRANSCRIPT
1 Cisco Public
Embracing SDN in Next Generation Networks Introduction and Use Cases Moving SDN Beyond the Hype
Craig Hill Distinguished Systems Engineer U.S. Federal, CCIE #1628 crhill@cisco.com
Day at the Movies
February 25, 2015
Eric Voit Principal Engineer Core Software Group (CSG) evoit@cisco.com
2 Cisco Public
• Introduction…Evolution, Why and What is SDN, Control Plane Architecture Models
• SDN Controller and Open Daylight Deep Dive
• SDN in the WAN – Overview and Use Cases
• What is YANG? Overview and Direction…
• Network Function Virtualization (NFV) Overview and Use Case
• Data Center Fabric Overlay Solutions – Intro to ACI
• Summary
© 2013 Cisco Systems, Inc. All rights reserved. Cisco and Customer NDA Only
“A platform for developing new control planes” “An open solution for VM
mobility in the Data-Center”
“An open solution for customized flow forwarding control in and between Data Centers”
“A means to do traffic engineering
without MPLS”
“A way to scale my
firewalls and load
balancers”
“A solution to build a very large scale layer-2 network”
“A way to build my own security/encryption solution”
“A way to reduce the CAPEX of my network
and leverage commodity switches”
“A way to optimize broadcast TV delivery by optimizing cache placement and
cache selection”
“A means to scale my fixed/mobile gateways and optimize
their placement”
“A solution to build virtual topologies with optimum
multicast forwarding behavior”
“A way to optimize link utilization in my network enhanced, application driven routing”
“A means to get assured quality of experience for
my cloud service offerings”
“A way to distribute policy/intent, e.g. for DDoS prevention, in the
network”
“A way to configure my entire network as a whole rather than individual
devices”
“A solution to get a global view of the network – topology and state”
“Develop solutions at software speeds: I don’t want to work with my network vendor or go
through lengthy standardization.”
Key Drivers: Device/Network Virtualization, Automation, Open Programmability, Simplified Operations , Central orchestration
“A solution to automated network configuration and control”
4 Cisco Public
in·flec·tion point Noun 1. MATHEMATICS a point of a curve at which a change in the direction of curvature occurs
2. BUSINESS a time of significant change in a situation; a turning point
5 Cisco Public
#1
August 3, 2006
© 2013 Cisco Systems, Inc. All rights reserved. Cisco and Customer NDA Only
#2 – STANFORD “CLEAN SLATE PROJECT” - OPENFLOW • Original Motivation
Driven out of Stanford’s Clean Slate Project
Research community’s desire to be able to experiment with new control paradigms
• Base Assumption
Providing reasonable abstractions for control requires the control system topology to be decoupled from the physical network topology (as in the top-down approach)
• OpenFlow was designed to facilitate separation of control and data planes in a standardized way
• Current spec is both a device model and a protocol OpenFlow Device Model: An abstraction of a network element (switch/router); currently (versions <= 1.3) focused on Forwarding Plane Abstraction.
OpenFlow Protocol: A communications protocol that provides access to the forwarding plane of an OpenFlow Device
7 Cisco Public
Software defined networking (SDN) is an approach to building computer networks that separates and abstracts elements of these
systems
What is SDN? (per Wikipedia definition)
8 Cisco Public
In other words…
In the SDN paradigm, not all processing happens inside the
same device
Software defined networking (SDN) is an approach to building computer networks that separates and abstracts elements of these
systems
9 Cisco Public
Why SDN? What is the focus and target for SDN?
Cisco Confidential 10 © 2014 Cisco and/or its affiliates. All rights reserved.
INFRASTRUCTURE AND OPERATIONS IS EVOLVING
Orchestrated (Programmatic API)
Tight App Linkage to Network
Hybrid Cloud
Automated, “IT-less”
Open & Interoperable
Configurable (CLI)
Apps Independent of Network
Private vs Public Cloud
Managed
Proprietary
11 Cisco Public
Virtualization = explosion in Objects
Cost per Object must Agility must Operations must Adapt
Evolving choices in abstraction
Easy Button GUI CLI API
50%+ of outages from mis-config
Speed to activation too slow
Mechanization of logic in CCIE brains
Peering of Controller & Network Element Intelligence
12 Cisco Public
…to “Automate” and “Simplify” the centralized provisioning
administration of the network…
13 Cisco Public
…and for the network to have greater awareness of “Application” needs
14 Cisco Public
Research/Academia
§ Experimental OpenFlow/SDN components for production networks
Massively Scalable Data Center
§ Customize with Programmatic APIs to provide deep insight into network traffic
Service Providers
§ Broad service offering, Policy-based control, analytics, optimized to monetize service delivery
Enterprise § Virtualization of
workloads, Hybrid cloud, specific functions, security and user focused
CUSTOMER TARGET AREAS AND USES TO LEVERAGE SDN
Ø Network “Slicing”, experimentation with network programming
Ø Network flow management, Rapid provisioning and rich set of services
Ø NFV, Agile service delivery (XaaS), network wide service orchestration, cross domain
Ø Private Cloud Automation, WAN optimizing, TE, simpler mgmt and provisioning for QoS, policies…
Cloud (Ent/SP/H)
§ Automated provisioning and programmable overlay
Ø Scalable “Multi- tenancy” XaaS, Automated and rapid provisioning, multi functions, elastic up/down services, scale
Not a single “one size fits all”. Diverse functionality, outcomes, required across segments
Cisco Confidential 15
“…In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications…”
Opensource software for building public and private Clouds; includes Compute (Nova), Networking (Neutron) and Storage (Swift) services.
Open source project formed by industry leaders and others under the Linux Foundation. “…OpenDaylight's mission is to facilitate a community-led, industry-supported open source framework, including code and architecture, to accelerate and advance a common, robust Software-Defined Networking platform…”
“NfV- Network function Virtualisation is an ETSI ISG (Industry Specification Group). NfV is the transition of network infrastructure services to run on virtualised compute platforms – typically x86
16 Cisco Public
Traditional Control Plane Architecture (Distributed)
• Control plane is tightly coupled to the network device • Minimal application programmability of network devices (CLI, SNMP,
NETCONF) • EX: Cisco router, Catalyst or Nexus switches
Application
Distributed Control Plane
Data Plane
Centralized Control Plane
APIs
17 Cisco Public
• Control plane is centralized
• Control plane abstracted from the forwarding HW
• Communications channel exists between control plane and forwarding HW (OpenFlow agent on device)
• EX: OpenFlow Model (controller, agent on HW)
Application
Distributed Control Plane
Data Plane
Centralized Control Plane
APIs
SDN Control Plane Architecture (Centralized)
Control channel
© 2013 Cisco Systems, Inc. All rights reserved. Cisco and Customer NDA Only
CENTRALIZED CONTROL PLANE CONCEPTS Implementation Perspective: Evolve Control-Plane and Network Programmability
“South Bound” control and API
Packet Forwarding Hardware Packet
Forwarding Hardware
Packet Forwarding Hardware
Hardware controlled through Southbound API
Controller Operating System controlling entire network
“North Bound” control and API
App App App App Applications layered on top
SDN Control Plane Architecture (Centralized)
Communication Channel To Network element
19 Cisco Public
Application Frameworks, Management Systems, Controllers, ...
Device
Forwarding
Control
Network Services
Orchestra8on
Management
…
…
OpenFlow
OpenFlow
Opera8ng Systems – IOS / NX-‐OS / IOS-‐XR API (OnePK) and Data Models (YANG)
OpenStack Puppet OnePK C/Java
Puppet
Neutron
Protocols
“Protocols” BGP, PCEP,...
Python NETCONF REST ACI Fabric
OpFlex
onePK Plug-‐Ins
RESTful
YANG XML/JSON
20 Cisco Public
THERE ARE MANY OPTIONS FOR PROGRAMMABILITY
• PCEP • BGP-LS • OpenFlow • Netconf • Yang • I2RS • BGP-FlowSpec • ReST • onePK
• Puppet • Chef • Ansible • SNMP • NetFlow • CLI • Syslog • Others...
Yellow – directly to device Blue – either direct to device or controller (NB)
21 Cisco Public
OpenFlow is a Layer 2 communications protocol that gives access to the forwarding plane of a
network switch or router over the network
What is Openflow? (per Wikipedia definition)
22 Cisco Public
1. Openflow Controller 2. Controller + NB API 3. Openflow Device agent 4. Openflow Protocol
4 Components to Openflow
23 Cisco Public
Ope
nflo
w v
1.0
Basic Flow Table and 12 Tuple example…
FLOW TABLE HEADER FIELDS COUNTERS ACTIONS
…
…
… …
… …
Ingress Port
Source MAC
Dest MAC
Ether Type
VLAN ID
VLAN Priority
IP SRC
IP DEST
IP Protocol
IP TOS
TCP/UDP SRC
TCP/UDP DEST
HEADER FIELDS
This is the “Famous” Openflow 12 Tuple
1 2 3 4 5 6 7 8 9 10 11 12
24 Cisco Public
Ope
nflo
w v
1.0
Sw
itch
FLOW TABLE
SWITCH FORWARDING ENGINE
OPENFLOW CONTROLLER
Required Actions Supported by “Openflow 1.0” Switch
6
2
7
CPU
1
34
5
Required Actions 1 Forward out all ports
except input port
2 Redirect to Openflow Controller
3 Forward to local
Forwarding Stack (CPU)
4 Perform action in flow table
5 Forward to input port
6 Forward to destination port
7 Drop Packet
25 Cisco Public
HYBRID CONTROL PLANE MODELS
• Offers the best of both models
• Utilizes existing distributed and central control plane
• Central controller for optimized Behavior and performance
• Leverage current routing innovations and services (IP/MPLS, TE, L2 VPN, convergence, OAM…) with benefits of central programmable orchestration
Application
Distributed Control Plane
Data Plane
Centralized Control Plane
APIs
Applications
Network Middleware
Network Devices: On-Box Control Plane
Centralize When Needed, Default Distributed Control Plane for All Else
Source: ONF Hybrid WG
© 2013 Cisco Systems, Inc. All rights reserved. Cisco and Customer NDA Only
• Open Innovation, Open Source, Open API’s to offer programmability and granular control from from applications beyond CLI
• Centralized Programmability, Automation, and orchestration of network-wide functions
Automate and orchestrate behavior to many devices… WAN BW, NFV, service chains, and XaaS
• Virtualization (NFV) capabilities of physical network elements
Leverage service-chaining of Phy/Virt – routers, FW, LB, all elements
• Ability to orchestrate, provision, insert L4-L7 in real-time
• Leverage the abstraction of SDN to solve real problems, not add more technology to the network
KEY TARGET AREAS AND COMPONENTS FOR A SDN
Mask Complexity, Virtualizing Network Functions, Central Orchestration, Open API’s
• Utilizes existing control/data plane model + abstracted control plane and API’s to leverage application programmability
• Offers the best of current routing (IP/MPLS, convergence, OAM) with benefits of programmable API’s, while leveraging network analytics
Hybrid Model - Collaborative Control Plane Architecture
27 Cisco Public
Policy (Application + Network + Security)
EXPOSE NETWORK INTELLIGENCE – BI-DIRECTIONALLY
Services Orchestration Analytics
Applications
Network
Workflow and Intent
Programmability
Network Intelligence, Guidance
Statistics, States, Objects and Events
Harvest Network Intelligence and Security
Program for Optimized Experience
28
“BUY” “MAKE/BUILD”
More interested in Integrated Solution Sets
Open Source and Component
Technologies
29
“Buy Solution” Customer Set
“Make/Build” Customer Set
APIC | APIC-EM | WAE OpenDayLight Open Tool Sets
Cisco SDN Strategy
30
SDN CONTROLLER APPLICATIONS TARGETING CUSTOMER BUSINESS PROBLEMS
31
ACI (N9K,UCS,FW,LB,IPS)
Data Center
APIC EM
ISR/ASR1K Router, Catalyst Switch
Enterprise Network
ASR9K,CRS, NCS6k/4k/2k
WAE on ODL APIs
Deployer Collector
SP WAN
VNF VM, Orchestration (vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS
Customer Business Oriented Applications
• Focus is on specific Ent campus and Branch applications on Cisco HW
• SSH into platform
• Focus is on self-deployed IP/MPLS WAN
• ODL, open standard protocols
• Focus is providing NFV orchestration (vMS)
• Targeting SP like agencies
• Streamlined use cases
• Focus is on private DC and cloud deployments
• Lead DC solution, integration with UCS, eco-system
32
• Target all areas of customer network domains • Data Center, Enterprise (WAN, Campus), SP and/or large Enterprise WAN, SP Cloud offerings • Programmability, applications, open API’s, orchestration, virtualization, and automation
ACI (N9K,UCS,FW,LB,IPS)
Data Center
APIC EM
ISR/ASR1K Router, Catalyst Switch
Ent Network
ASR9K,CRS, NCS6k/4k/2k
ODL Controller APIs
Deployer Collector
SP WAN
VNF VM (vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS
Customer Business Oriented Applications
33
ACI (N9K,UCS,FW,LB,IPS)
Data Center
APIC EM
ISR/ASR1K Router, Catalyst Switch
Ent Network
ASR9K,CRS, NCS6k/4k/2k
ODL Controller APIs
Deployer Collector
SP WAN
VNF VM (vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS
Customer Business Oriented Applications
34
APIC-EM (Enterprise Module) QoS | ACLs | Topology | Inventory | ZTD
35
APIC-EM: QOS CLASSIFICATION APPLICATION (EXAMPLE)
36
ACI (N9K,UCS,FW,LB,IPS)
Data Center
APIC EM
ISR/ASR1K Router, Catalyst Switch
Ent Network
ASR9K,CRS, NCS6k/4k/2k
ODL Controller APIs
Deployer Collector
SP WAN
VNF VM (vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS
Customer Business Oriented Applications
37 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Open Daylight
Project OpenDaylight
“Daylight is an open source project formed by industry leaders and others under the Linux Foundation with the mutual goal of furthering the adoption
and innovation of Software Defined Networking (SDN) through the creation of a common vendor supported framework.”
OpenDaylight by the Numbers
https://www.openhub.net/p/opendaylight Statistics per 24-Feb-2015
OpenDaylight by the Numbers
https://spectrometer.opendaylight.org Statistics per 24-Feb-2015
OpenDaylight Architecture
Model Driven Controller Architecture Controller naturally exposes all APIs: Devices and Network APIs
User
Controller
Device
Device Models
Device, Network Service Models
API Network Policy
API Inventory
API Topology
API Rou7ng
API Device-‐ACL
API Device-‐QoS …
Automatically generated APIs based on models
Device models loaded into Controller
Northbound API = SUM (Device APIs) + Controller-Services APIs
APIs – Device, Network, Services
Device-‐ACL Model
Device-‐QoS Model
Network Policy Model
Inventory Model
Topology Model
Network Rou8ng Model
…
Device Inventory Model
Device Topology Model
Rou8ng Model
Device-‐ACL Model
Device-‐QoS Model …
OpenDaylight Architecture Model Driven SAL
43
Network Elements
Abstraction Layer
SB Protocol PCEP OF x.y …
Network Topology
Links Nodes
Paths
NE … NE
System Flows
Table … Table
Table …
Flow Flow Flow
Config Stats
Tunnels …
NE
BGP-LS OF-Config/OVSDB
Config Stats … Table
Table
… Flow Flow Flow
Applications
Network Service Plugin
Platform Service Plugin
Transformer/ Adapter
Java & REST SAL APIs (Generated)
Northbound APIs (Generated & Handcrafted)
Java SAL APIs (Generated)
Internal Plugin
44
CISCO OPEN SDN CONTROLLER AKA “CISCO DAYLIGHT” (CDL 1.0)
45
OPEN SDN CONTROLLER
OpenFlow
REST APIs
MODEL DRIVEN SERVICE ABSTRACTION LAYER
3rd PARTY NETWORK SERVICE FUNCTIONS
BASE NETWORK SERVICE FUNCTIONS
Other Industry Standard Interfaces
• OpenDaylight Helium MD-SAL services
• High availablity • Clustering • Data replication and persitance • Distributed datastore
• Serviceablity enhancements (logs, metrics, monitoring & management)
• OVA distrubtion & 1-click service addition
• Karaf container support
• Developer tools & samples apps
• OpenFlow, NetConf/Yang, BGPLS, PCEP, OVSDB, etc
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 46
.
Cloud
VM VM
Data Access rate to/from the Cloud
VM VM
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 47
Dynamically adjust policers as traffic moves about the cloud
Data Center 1
VM
VM
VM
VM
VM
VM
Data Center n
VM
VM
VM
VM
VM Policer
Forward to DDoS Appliance if Bandwidth Threshold hit
The Simplest Use Cases
Conceivable
Use cases described in draft-voit-netmod-peer-mount-requirements
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 48
Controller based Fast Feedback Loop
• Synchronization between SDN controller and routers/switches enables data plane counters to be used in domain wide services
Data Center 1
Data Center n
• Effectively a Cloud Counter: many thresholds, custom actions
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 49
Data Center / Cloud
DC2
DC1
WAN PE 2
PE 1
Traffic Spike
PE 3
VM Move
P
P
P
Continuous rebalancing of policers
Policer values modified across Domain
Bandwidth threshold recognition
DC
Synchronized Counter Delivery
(YANG)
Out of Profile Traffic Policed Traffic
P Policer
In Profile Traffic
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 50
Network
PE3
56.0.0.0/8 = 2 MB/s
PE1
PE2
Offered Downstream Traffic: 4 MB/s
56.0.0.0/8 = 1 MB/s Ingress interface stats
Interface E0
56.0.0.0/8 = 1 MB/s Ingress interface stats
Interface E0
Network Element
Police 56.0.0.0/8 to 7 MB/s*
Police 56.0.0.0/8 to 7 MB/s*
Police 56.0.0.0/8 to 8 MB/s*
Ingress interface stats
Interface E0
DC2
DC1
WAN PE 2
PE 1
Global Rule: Police ∑ traffic to 10 MBs Subnet: 56.0.0.0/8
18
8
9
Domain Wide Calculation
Policy continually updated
Traffic Spike
4.4
0.6
5.0
PE 3
VM Move
0.6
4.7
4.7
8.5
8.5
1
10MB/s Max Cloud Usage
Statistics from the PE
Minimal config
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 51
Device policers dynamically updated against Cloud SLA of 100Mb/s
A9K: 30 Second updates (Hardware limit) CSR : 2 Second updates (also A1K/ISR)
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 52
DC
Data Center / Cloud
DC Edge
WAN
Apply Action across Domain
Sustained out of Profile Traffic Normal Traffic Pattern
Network based Threshold Trigger
Identification of suspect traffic spike
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 53
DC
DC Edge
“Bridge In” Scrubber when Threshold Trigger hit Data Center / Cloud
WAN
Sustained out of Profile Traffic Scrubbed flows
Policy can be automatically removed several ways: • Strict timeout (if DDoS is still underway, filters will reinstall) • Sum of ingress router flows falls below less than threshold • DDoS scrubber notifies end of attack (or there is no attack)
VM bound traffic thru existing DDoS Solutions
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 54
DC
DC Edge
Loose Coupling with 3rd party scrubbing solutions Data Center / Cloud
WAN
(b) Instruct edge to cut through safe sources
(a) Instruct edge to discard DDoS sources
(c) Extract scrubber when DDoS effectively mitigated (very efficient usage of DDoS Apps and CPU)
(d) retire ACLs when attack is over
55
PLANNED APPLICATIONS (PRELIMINARY VIEW)
OpenFlow Manager • Openflow Topology Visualization • Advanced Flow Management • Flow based Troubleshooting • Cisco supported extensions
Path Manager • Enables PCEP based programming of
tunnels across the network
BGP-LS Topology Viewer • Provides BGP-LS network topology
visualization
NETCONF ACL Editor • Provides ACL view/edit capability to
NETCONF enabled devices
HyperGlance • Visualizes, monitors and manages entire
SDN network in a single view
WAN Automation Engine • Optimizes WAN bandwidth utilization via
design and planning
Cable Operator Apps • Video Quality of Experience optimization • Maintenance & operations automation
56
SDN IN THE WAN
57
“
Vijay Gill – GM, Global Network Services, Microsoft
https://twitter.com/vgill/status/227539039979446272
© 2013 Cisco Systems, Inc. All rights reserved. Cisco and Customer NDA Only
• WAN is a critical conduit between customers, content, NFV - User access to NFV resources and business applications
- DC – to – DC
• Must support legacy infrastructure
• WAN bandwidth is costly and limited… maximize %util
• Capacity planning is challenging!!! Targeted at maximizing WAN optimization, orchestration, and automation for customers who own their own WAN elements (Federal)
• Must re-think how the WAN Engineering Cycles Evolve as the needs are On-Demand versus Days or Weeks
SDN in the WAN Delivers Critical Solutions Maximizing BW, Link Utilization, and Optimizing Engineering Cycles
Federal Owned WAN
Data Center
#1
Business
Data Center #2
Multi-Vendor, Multi-Environment
Flexible Infrastructure; New Classes of
Applications
Open & Interoperable Solutions; Standards &
Open Source Modular & Reusable
Components
59
TIGHTENING THE ENGINEERING CYCLE
Years/Months Weeks/Days Minutes/Seconds
Must Increase Service Velocity provisioning, Increase Link utilization, Limit Time to Deploy
60
SDN WAN ORCHESTRATION PLATFORM • Application platform for placing traffic demands and
paths across an IP/MPLS WAN
• North-Bound API: Java/REST
• South-Bound (Bi-Directional): BGP-LS (update link-state TO controller), stateful PCEP (programs network elements FROM controller), Netc/YANG
• Intelligent collector, planner, and optimizer engine and can leverage “what if” exercises for load placement
• Multi-vendor enabled & extensible
• Leverages OpenDaylight Infrastructure with “WAN Orchestration” applications (uses REST to controller)
Collector Programming
Application Engine
WAN
Databases
MATE Apps
Client Apps
Cross Domain Orchestration
APIs
IP/MPLS Segment Routing Multi-
Layer
SDN WAN
BGP-LS PCEP configlet
61
1 - Can I place this requested BW load on my network?
2 - If I do, which link(s) is outside my network capacity threshold?
WAN IP/MPLS
Segment Routing Multi-
Layer
… In Real-Time!!!
62
WAN ORCHESTRATION FRAMEWORK EXAMPLE: BANDWIDTH CALENDARING
WAN App
Program
NB API
WAN
R1
R2
R3
1
Data Center #1 Data Center #2
1. Network conditions reported to collector consistently
2. WAN Orch pulls latest Plan File every 20 min from existing MATE Collector
3. Customer App requests DC #1 – DC #2 bandwidth at Future Date/Time (in app)
4. Demand admission response: <R1-R3, B/W, Future Date/time>
5. Customer App confirms booking 6. Two hours prior to activation placement
APP applies config in Traffic Mgr (app) 7. Traffic Mgr programs the LSP on devices 8. LSP setup for traffic
3
4
8
62
Collector 2
6
Customer App
Congested
BGP-LS PCEP
5
7
63
64
WAN AUTOMATION ENGINE (WAE) CUSTOMER USE CASES AND DEPLOYMENTS
65
WAN Application RESTful APIs
Programming Collection
USE CASE: DEMAND ADMISSION & PLACEMENT Problem: Demand placement requirement must take in account LOCATION as well as network impact (link over-subscription)
Solution: Application places demand on the suggested path/location and the network remains healthy leveraging under-subscribed links
BW Demand App
WAN
R1 R2
R3 Cloud Consumer Customer Site
Content Sites
Simple REST API Hides Complexity;
Utilizes Infrastructure Intelligence
66
WAN Application RESTful APIs
Programming Collection
Use Case: Bandwidth Scheduling (Calendaring) Problem: Provider’s customer has an “on demand” need for nightly DC backup or to move workloads
Solution: After determining a best path, Platform programs an LSP via PCEP.
WAN
R1
R2
R3 Data Center #1 Data Center #2
Congested!!
Simple REST API Enables Faster Solution without
Complexity
BW Calendar App
PCEP
67
WAN Application RESTful APIs
Programming Collection
Use-Case: TE Load Balancing Problem: A customer needs to efficiently use expensive BW links (EX: high cost links, perhaps trans-oceanic) and must optimize usage.
Solution: The most expensive network resources are fully optimized by calculation assigning best load share metrics using PCEP (extensions).
AS Foo
WAN R1
TE Tunnel Builder
App REST API Enables Solution;
Hides Complexity
PCEP
68
INTEGRATING OPENFLOW CLASSIFICATION WITH WAN SDN
69
Controlling Path BW Per flow with WAN SDN and OpenFlow
Cisco Confidential
PE1 Data Center #1
SiSi
WAN Application REST
API
Open Source Controller
PE2 Data Center #2
SiSi
PE3 Data Center #3
SiSi
Campus/DC Application
PCEP
BGP-LS
PCEP BGP-LS
OpenFlow 1.3
DC Edge
Router
Open Standard
SDN Switch
OF 1.3 Leveraging OF for packet-match traffic steering into TE tunnels setup by WAE
Congested Link
Congested Link
P2
P4
P1
P3
TE 1
TE 2
50 Mb
75 Mb
Flow 1
Flow 2
70
WAN Application
REST API
Open Source Controller DC
Application
PCEP
BGP-LS
PCEP BGP-LS
OpenFlow 1.3
OF 1.3
Leveraging OF “set FCID” action for packet-match traffic steering into TE tunnels setup by WAE
TE 1
TE 2
50 Mb
PE1 Data Center #1
SiSi
DC Edge
Router
Open Standard
SDN Switch
Flow 1
Flow 2
OPENFLOW - FLOW TABLE HEADER FIELDS COUNTERS ACTIONS
Flow 1
Flow 2
… Set FCID 1
… Set FCID 2
75 Mb
FCID 1 = Tunnel 1 FCID 2 = Tunnel 2
Signaled
FCID Group 1 = Tunnel 1
FCID Group 2 = Tunnel 2
Egress Forwarding Match
Controlling Path BW Per flow with WAN SDN and OpenFlow
71
YANG AND PUBLISH/SUBSCRIBE
72
Relational
others… Hierarchical
Object Oriented Distributed
Networks and network elements are constructed upon a variety of distributed data management mechanisms.
Flat file
YANG Model It is possible to represent network objects via hierarchical namespace, fully decoupled from the underlying database technologies. YANG is the modeling language being used by both the IETF and OpenDaylight for this.
Network Element
Link A-B
Peers
Topology
Interfaces
Router A Router B
Rule 1
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 73
RFC 6022: YANG Module for NETCONF Monitoring
RFC 6991: Common YANG Data Types
RFC 6087: Guidelines for Authors and Reviewers of YANG …
RFC 6095: Extending YANG with Language Abstractions
RFC 6110: Mapping YANG to Document Schema Definition…
RFC 6241: Network Configuration Protocol (NETCONF)
RFC 6243: With-defaults Capability for NETCONF
RFC 6470: Network Configuration Protocol (NETCONF) …
RFC 6536: NETCONF Access Control Model…
RFC 6643: Translation MIB Modules to YANG Modules
RFC 7223: A YANG Data Model for Interface Management
RFC 7224: IANA Interface Type YANG Module
RFC 7277: A YANG Data Model for IP Management
RFC 7317: A YANG Data Model for System Management
RFC 7407: A YANG Data Model for SNMP Configuration
Dozens of Models currently under development
Requirements for Subscription to YANG Datastores draft-i2rs-pub-sub-requirements Subscribing to datastore push updates draft-netmod-clemm-datastore-push
Publish/Subscribe
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 74
Taking YANG beyond being a programmatic replacement for SNMP /CLI
Applications have access to up-to-date network objects without Polling or Redundant Fetching
• Application performance benefits • Processing reductions
Traditional Device Subscribed Device
Application
YANG Datastore
Application
Anything different?
No. NO!
Yeah.
new stuff
fetch push
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 75
On Demand: ask for Object every time
On Change: Push on Object change
Application
Network Element
Datastore Node
object 1 (Subscribed) object 2
Publisher
Subscriber
Application
Network Element
Datastore Node
object 1 object 2
Periodic: Push Object every ‘X’ seconds
Application
Network Element
Datastore Node
object 1 (Subscribed) object 2
Publisher
Subscriber
What we have today: What YANG Publish/Subscribe enables:
regular stream random notification
fetch
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 76
Controller
Datastore
Application
Node object 1 object 2
Subscriber
Application
NMS
Subscriber
Network Element
Datastore Node (Subscribed) object 1
object 2
Publisher
Application
Subscriber
Peer Network Element
Subscriber
Transport Point-to-point & point-to-multipoint options e.g., Netconf, ZeroMQ, HTTP
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 77
Network Element Publisher
Push if
Orange or Yellow
Network Element
Datastore
Application
Node object 1 object 2
Publisher
Subscriber
Push if Orange or Yellow
state change
Datastore
Application
Node object 1 object 2
Subscriber
Filtering Events Maintaining Filtered Remote State
X X
knows something happened
can maintain subset of datastore
Stateless Filter Stateful Filter
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 78
Intermittent Reporting
n/a
if Object A currently has property then run process Distributed Analytics
Send Update if…
if Object A currently has property or Simple query
Object A exists
Filter Type
if Object A currently has property and different property Complex query if Object A currently has property and Object B has property Multi-object query
Complexity
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 79
Send Update if…
Object A property just changed Object A has been created/deleted
Filter Type
if Object A property just changed/deleted away from simple if Object A property just changed from to complex if Object A property just changed from and Object B has property multi-object if Object A property just changed/deleted away from , run process distributed analytics
Stateful
Object A has been created with property or simple if Object A property just changed to simple if Object A property just changed to and has different property complex if Object A property just changed and Object B has property multi-object if Object A property just changed, run process distributed analytics
Stateless
n/a
Filtering Events
Maintaining filtered
remote state
Complexity
Cisco Confidential 80 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
NETWORK FUNCTION VIRTUALIZATION & CLOUD VPNS
81
• Target all areas of customer functions and networks • Data Center (Enterprise & SP), Enterprise (WAN, Campus), SP and/or large Enterprise WAN, SP Cloud offerings
• Programmability and open API’s, orchestration, virtualization, rapid provisioning and automation
ACI (N9K,UCS,FW,LB,IPS)
Data Center
APIC EM
ISR/ASR1K Router, Catalyst Switch
Ent Network
ASR9K,CRS, NCS6k/4k/2k
WAE APIs
Deployer Collector
SP WAN
VNF VM (vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS
Customer Business Oriented Applications
82
NFV extends the ”VIRTUAL” to L4-7 Services
NFV - Network Functions Virtualization
83
Creating Virtual versions of Services that traditionally ran on standalone appliances…
NFV
84
Some NFV Examples… Network Address Translation (NAT) Firewall Intrusion Detection (IDS/IPS) Domain Name Service (DNS) WAN Acceleration Load Balancing Deep Packet Inspection (DPI) Content Delivery (CDN) Broadband Remote Access (BRAS) Provider Edge (PE Router)
NFV
Cisco Confidential 85 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
CISCO DYNAMIC SERVICES COMPOSER - INTRODUCTION
Dynamic Services Composer … an open, standards-based, modular architecture and platform for services orchestration … manages the physical & virtual network, as well as the compute & storage infrastructure to deliver carrier-class services … which range from VPC to NFV services
86
DYNAMIC SERVICES COMPOSER – OVERALL ARCHITECTURE Service Catalog
Network Service Orchestrator
VNF Manager
Virtual Topology System
RT-OSS or Upper layer Orchestrator
REST API
Service Lifecycle management
Service Provisioning
DCI Routing
Service Routing
Address Mgmt.
Openstack / Jcloud API
System
Managem
ent, High Availability
Service A
ssurance Framew
ork
Tenant 1 VNF1
Tenant 2 VNF1
VTF VRF1 VRF2
Tenant 1 VNF2
Tenant 2 VNF2
VTF VRF1 VRF2
Tenant 2 VNF3
Tenant 1 VM1
Tenant 2 VM1
VTF VRF1 VRF2
DC gateway
VRF1 VRF2
SW Overlay MPLSoGRE, L2TPv3, VXLAN
VM Orchestrator
Servers
RESTCONF/ YANG
MP-BGP
EPN SP WAN
VRF1
VRF2
End-User
CE2
CE1
Open Standards Based
87
DYNAMIC SERVICES COMPOSER (DSC) MULTI-TENANTED SERVICE INSTANTIATION & SERVICE CHAINING
Customer 1 Wants FW, NAT
External WAN, access to Cloud (IaaS, Storage,…)
SP Managed Service POD
SP Datacenter
Customer 2 Wants vCPE, vFW, vWAAS
vFW NAT
vCPE vFW vWAAS
Customer service is instantiated as a virtual service in the managed service POD. Multiple services combined
into a service chain
Multi-tenanted service chains
Dynamic Services Composer
Service Orchestrator
DSC Services Controller DSC Network Controller
System Management
and High Availability
Internet/VPN (Managed CPE)
Security (Managed FW)
NAT WAAS
Managed Services
Cisco Confidential 88 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
• Network Services can be daisy chained • No restriction on the number of services in a chain • Services can be dynamically inserted in the chain
SERVICES IN A CHAIN
DCI
SP WAN (L3VPN, L2VPN,
Internet)
Virtual Topology VM Foo Web VM Foo DB
FW NAT
Cisco Confidential 89 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
• Network Services can be daisy chained • No restriction on the number of services in a chain • Services can be dynamically inserted in the chain
SERVICES IN A CHAIN
DCI
SP WAN (L3VPN, L2VPN,
Internet)
Server 2
Virtual Topology
VM Foo DB VM Bar
vPE-F
Server 4
L3
Server-2 VM
WALMART VM1
GE-WEB
vPE-f L2/L3 VRF FIB L2
MPLS-over-GRE (or)
VXLAN Tunnels
Server 3
VM Foo Web VM Bar
vPE-F L3
L3
L3
VM Foo FW VM Bar
vPE-F L3 L3
Server 1
VM Foo Web VM Foo DB
VM Foo NAT VM Bar
vPE-F L3 L3
FW NAT
Cisco Confidential 90 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
One-Stop-Shop Tenant Portal: Search by Product or Category
91
APPLICATION CENTRIC INFRASTRUCTURE (ACI)
92
• Target all areas of customer functions and networks • Data Center (Enterprise & SP), Enterprise (WAN, Campus), SP and/or large Enterprise WAN, SP Cloud offerings
• Programmability and open API’s, orchestration, virtualization, rapid provisioning and automation
ACI (N9K,UCS,FW,LB,IPS)
Data Center
APIC EM
ISR/ASR1K Router, Catalyst Switch
Ent Network
ASR9K,CRS, NCS6k/4k/2k
WAE APIs
Deployer Collector
SP WAN
VNF VM (vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS
Customer Business Oriented Applications
93
ACI is Cisco’s attempt to solve the most significant and important problems facing data center managers: how to more closely link the provisioning of data center networks with the applications running over those networks (i.e. “how do the apps talk to each other). … the goal is to reduce human error, shorten application deployment times, and minimize the confusion that can occur when application managers and network managers speak very different vocabularies. ” JOEL SNYDER
NETWORK WORLD
94
WHAT ARE THE KEY COMPONENTS OF ACI?
APPLICATION-CENTRIC INFRASTRUCTURE
CONTROLLER (APPLICATION POLICY
INFRASTRUCTURE CONTROLLER)
APIC
OPEN STANDARDS OPEN SOURCE
HARDWARE - FABRIC (NEXUS
9000 SERIES)
ECOSYSTEM (INDUSTRY LEADING, OPEN)
CHANGE
95
APPLICATION CENTRIC INFRASTRUCTURE MULTI-FUNCTIONAL, HYPERVISOR AGNOSTIC, VIRTUAL/PHY
Physical Networking
Multi DC WAN and Cloud
L4–L7 Services Storage
Integrated WAN Edge
Hypervisors and Virtual Networking
Nexus 2K
Nexus 7K
APIC
Compute (virtual/physical)
• Encapsulation agnostic
• Controller (APIC) driven with open API’s, broad Eco System
• Simplified L4-L7 insertion, open vendor support
• Embedded “White list” security
• Open API’s “north” of APIC
• Data plane “de-coupled” from the APIC controller
− Third-party integration (Layer 4 - 7 services, storage, compute, WAN, etc.)
− Image management (spine and leaf)
− Fabric inventory
40G FABRIC
INTEGRATED LINE-RATE HOST DIRECTORY
TERTIARY APIC CLUSTER
96
Define Intent: How do apps talk to each other? ACI Goal: Automate the instrumentation of intent
97
APPLICATION CENTRIC INFRASTRUCTURE SERVICE GRAPH FOR THE APPLICATION
Outside Network
Web App DB
98
VM
VM
…
VM
VM
…
VM
VM
…
web app db
appl
icat
ion
The Outside
a collection of end-points connecting to the network… VMs, physical compute, …
Component Tier End Point Group Or VMware Port Group
a set of network requirements specifying how application components communicate with each other
Policy (Contracts) Access Control QoS Firewall L4 – L7 Services
rules of how application communicates to the external private or public networks
Application Profile application-centric network policy
Application Level Metadata Describes Application infrastructure dependencies
99
APPLICATION CENTRIC INFRASTRUCTURE SERVICE GRAPH ABSTRACTION FROM THE NETWORK
Outside (Tenant VRF)
Web App DB QoS Policy QoS Policy
FW Service Policy
QoS Policy
Access Policy LB Service Policy
APIC Decouple Application
from Infrastructure Decouple Application
from Infrastructure
100
External IP/MPLS WAN
Intranet
Extranet WAN Standard Routing
Protocol
Border Leaf
APIC APIC APIC
Web App DB
FW LB
101
• Elastic service insertion architecture for physical and virtual services
• Helps enable administrative separation between application tier policy and service definition
• APIC as central point of network control with policy coordination
• Automation of service bring-up / tear-down through programmable interface
• Supports existing operational model when integrated with existing services
• Service enforcement guaranteed, regardless of endpoint location
Web Server
App Tier A
Web Server
Web Server
App Tier B
App Server
Chain “Security 5”
Policy Redirection
Application Admin
Service Admin
Ser
vice
G
raph
begin end Stage 1 …..
Stage N
Pro
vide
rs
……..
Ser
vice
Pro
file
“Security 5” Chain Defined
ASA Netscaler VPX
102
FULL APPLICATION VISIBILITY A SINGLE VIEW OF YOUR APPLICATION IN A DISTRIBUTED ENVIRONMENT
Cisco Confidential
HEALTH SCORE
LATENCY
DROP COUNT
VISIBILITY
VMs Physical
Application Delivery Controller Firewall
102
96%
Microsecond(s)
Packets Dropped
5
25
7 3
103
OVERLAY TAXONOMY
Overlay Control Plane
Encapsulation
Service = Virtual Network Instance (VNI) Identifier = VN Identifier (VNID) NVE = Network Virtualization Edge VTEP = VXLAN Tunnel End-Point
Underlay Control Plane
Underlay Network Hosts
(end-points)
Edge Devices (NVE) Edge Device (NVE)
VTEPs
104
VXLAN IS AN OVERLAY ENCAPSULATION
Overlay Control Plane
Encapsulation
VXLAN
Data Plane Learning Flood and Learn over a multidestination
distribution tree joined by all edge devices
Protocol Learning Advertise hosts in a protocol
amongst edge devices
t
105
VXLAN PACKET STRUCTURE Ethernet in IP with a shim for scalable segmentation
Outer MAC Header Outer IP Header Outer UDP Header FCS
Allows for 16M possible segments UDP 4789
Hash of the inner L2/L3/L4 headers of the original frame.
Enables entropy for ECMP Load balancing in the Network.
Src and Dst addresses of the VTEPs
Src VTEP MAC Address
Next-‐Hop MAC Address
50 (54) Bytes of overhead
Reserved
VNI
Reserved
VXLAN Flags
RRRR
IRRR
8 Bytes
8 24 24 8
Checksum
0x0000
UDP
Len
gth
VXLAN Port
Source
Port
8 Bytes
16 16 16 16
Dest. IP
Source IP
Header
Checksum
Protocol
0x11 (U
DP)
20 Bytes
IP Heade
r Misc
. Data
32 32 16 8 72
Ethe
r Type
0x0800
VLAN
ID
Tag
VLAN
Type
0x8100
Src. M
AC
Address
14 Bytes (4 Bytes Op8onal)
Dest. M
AC
Address
16 16 16 48 48
Original Layer 2 Frame VXLAN Header
Large scale segmentation
Tunnel Entropy
Ethernet Payload
106
VXLAN EVOLUTION BGP EVPN CONTROL PLANE
• Uses Multi-Protocol BGP w EVPN Address Family for Dynamic Tunnel Discovery and Host reachability
• Supported across the product line: All Nexus and ASR
VTEP
Route Reflector
BGP Route Reflector
VXLAN Overlay
BGP Peers on VTEPs
VTEP
VTEP VTEP VTEP VTEP
VTEP
Route Reflector
https://tools.ietf.org/html/draft-ietf-l2vpn-evpn-11
107
HTTPS://DEVELOPER.CISCO.COM
108
“ .. In order to implement an SDN solution, it will be imperative for enterprises to firstly make themselves familiar with the technology and its components, create cross functional IT teams that include applications, security, systems and network to (1) get an understanding what they wish to achieve and, (2) investigate best-of-breed vendor solutions that can deliver innovative and reliable SDN solutions which leverage existing investments without the need to overhaul longstanding technologies… ”
Ben Rossi – InformationAge.com
January 16, 2015
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 109
Trivia Question
What are the names, of the two IETF protocols used on the OpenDaylight Controller, supporting the WAN Application Engine (WAE) app, to PULL link-state information, and PUSH MPLS-TE configuration and attributes?
110
THANK YOU
top related