application centric infrastructure (aci)cloudday.momart.hu/assets/cisco_boross_adam_az...open...
TRANSCRIPT
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1
Application Centric Infrastructure (ACI)
Boross Ádám
VMware Cloud Day
2013. November 19.
Mérnök Tanácsadó
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Automation Scale and
Performance Security Simplicity Open
Agility and Visibility
APIC
Agenda
1. Emerging Data Center Requirements
2. Application Centric Infrastructure (ACI) Introduction
3. ACI Fabric
4. Nexus 9000 Hardware
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Business Models
Service Models
Operational Models
Management Models
Consumption Models
AIl About the Application Shifts that are re-defining IT - at all levels
WEB ECONOMY APP ECONOMY
ON PREMISE /
TRADITIONAL IT
SERVICES
INFRASTRUCTURE
AS A SERVICE
DEVELOPMENT
VS. OPERATIONS
BOX-
CENTRIC
CLOUD BASED
SERVICES
APPLICATION
AS A SERVICE
DEV OPS
INTEGRATION
APPLICATION-
CENTRIC
TODAY FUTURE
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Evolution to Application Centric Infrastructure
IP
CONVERGENCE
DATA
VOICE
VIDEO
NETWORK
VIRTUALIZATION
COMPUTE
NETWORK
STORAGE
2010 2005 TODAY – APP ECONOMY
APPLICATION CENTRIC
INFRASTUCTURE
APPLICATIONS,
NETWORKING, AND
SCALE WITH SECURITY
CHANGE
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Requirements Requirements Requirements
Layer 2-7 Data Center Challenges … Business demand
for a new Web App
Web Developer App Developer DBA
Requirements Requirements Requirements
Compute Team Storage Team Network Team
Infrastructure
Team
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Compute
Team
Storage
Team Network
Team Infrastructure
Team
Compute
Team
Storage
Team
Network
Team
Web
Server App
Server
DB
Server
Web
Storage App
Storage
DB
Storage
Layer 2-7 Data Center Challenges – timing perspective
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Compute
Team
Storage
Team
Network
Team
Web
Server App
Server
DB
Server
Web
Storage App
Storage
DB
Storage
Layer 2-7 Data Center Challenges – timing perspective
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Expanding to multiple network services …
Web VLAN App VLAN DB VLAN
Web Subnet App Subnet DB
Subnet
Security Services Routing
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Automation Scale and
Performance Security Simplicity Open
Agility and Visibility
APIC
Agenda
1. Emerging Data Center Requirements
2. Application Centric Infrastructure (ACI) Introduction
3. ACI Fabric
4. Nexus 9000 Hardware
OPEN RESTFUL APIS
CENTRALIZED POLICY MODEL
OPEN SOURCE
CONTROLLER
APIC
ACI Building Blocks Next Generation Nexus — Traditional Networks
POLICY MODEL
ACI
BUILT-IN LINE RATE
END POINT DIRECTORY
INTEGRATED OVERLAY
40G NON-BLOCKING FABRIC
SIMPLE, SECURE
>_ >_
50% SIMPLER CODE BASE
FUTURE PROOF UPGRADABLE
TO ACI
PROGRAMMABILITY AND AUTOMATION
NETWORK VIRTUALIZATION
SUPPORT
RESILIENCY: IN SERVICE PATCHING,
UPGRADE, FAST RESTART
ACI Building Blocks Future Proof — Software Upgradable To ACI
NEXUS 9500 and 9300 INNOVATIONS IN SOFTWARE HARDWARE AND SYSTEM DESIGN
PRICE POWER EFFICIENCY PROGRAM MABILITY PORT DENSITY PERFORM ANCE
OPTIMIZED NX-OS SCALE OUT WITHOUT COMPROMISE
COMMON BUILDING BLOCKS - ACCESS AND CORE
APIC
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
ACI policy model brings the concept of End-Point Group (EPG)
HTTPS
Service
HTTPS
Service
HTTPS
Service
HTTPS
Service
HTTP
Service
HTTP
Service
HTTP
Service
HTTP
Service
EPG - Web
EPGs are a grouping of end-points representing application or
application components independent of other network constructs.
POLICY MODEL
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Application Network Profiles (ANP)
Inbound/Outbound
Policies Inbound/Outbound
Policies
Application Network Profile
Application Network profiles are a group of EPGs and the policies that define the
communication between them.
POLICY MODEL
=
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
ACI Application Network Profile (ANP) Detailed Policy-Based Fabric Management
• Extend the principle of Cisco UCS® Manager
service profiles to the entire fabric
• Application Network profile: stateless
definition of application requirements
Application tiers
Connectivity policies
Layer 4 – 7 services
XML/JSON schema
• Fully abstracted from the infrastructure
implementation
Removes dependencies of the infrastructure
Portable across different data center fabrics
## App Network Profile: Defines Application Level Metadata (Pseudo Code Example) <Network-Profile = Production_Web> <App-Tier = Web> <Connected-To = Application_Client> <Connection-Policy = Secure_Firewall_External> <Connected-To = Application_Tier> <Connection-Policy = Secure_Firewall_Internal & High_Priority> . . . <App-Tier = DataBase> <Connected-To = Storage> <Connection-Policy = NFS_TCP & High_BW_Low_Latency> . . .
App Tier DB Tier
Storage Storage
Web Tier
Application
The network profile fully describes the application connectivity
requirements
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Application Policy Model and Instantiation
All forwarding in the fabric is managed through the application network profile
• IP addresses are fully portable anywhere within the fabric
• Security and forwarding are fully decoupled from any physical or virtual network attributes
• Devices autonomously update the state of the network based on configured policy requirements
DB Tier
Storage Storage
Application
Client
Web Tier App Tier
Application policy model: Defines the
application requirements (application
network profile)
Policy instantiation: Each device
dynamically instantiates the required
changes based on the policies
VM VM VM
10.2.4.7
VM
10.9.3.37
VM
10.32.3.7
VM VM
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Application Awareness Application-Level Visibility
Actions: No new hosts or VMs Evacuate hypervisors Re-balance clusters
PetStore Event
PetStore Dev • Leaf 1 and 2 • Spine 1 – 3 • Atomic counters
PetStore Prod • Leaf 2 and 3 • Spine 1 – 2 • Atomic counters
PetStore QA • Leaf 3 and 4 • Spine 2 – 3 • Atomic counters
VXLAN
Per-Hop Visibility
Physical and
Virtual as One
ACI Fabric provides the next generation
of analytic capabilities
Per application, tenants, and
infrastructure:
• Health scores
• Latency
• Atomic counters
• Resource consumption
Integrate with workload placement or
migration
Triggered Events
or Queries
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
ACI Layer 4 - 7 Service Integration Centralized, Automated, and Supports Existing Model
• Elastic service insertion architecture for
physical and virtual services
• Helps enable administrative separation
between application tier policy and service
definition
• APIC as central point of network control with
policy coordination
• Automation of service bring-up / tear-down
through programmable interface
• Supports existing operational model when
integrated with existing services
• Service enforcement guaranteed, regardless
of endpoint location
Web
Serv er
App Tier
A
Web Server
Web
Serv er
App Tier
B
App Server
Chain
―Security 5‖
Policy Redirection
Application Admin
Service Admin
Se
rvic
e
Gra
ph
begin end Stage 1 …..
Stage N
Pro
vid
ers
inst
inst
…
Firewall
inst
inst
…
Load Balancer
……..
Serv
ice P
rofil
e
―Security 5‖ Chain Defined
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Open Ecosystem Framework Full-Featured, Programmable API and Data Model
Object-Oriented
Centralized Automation
RESTful XML / JSON
Open Ecosystem
Framework
Comprehensive
Programmability and
System Access
Northbound API
• Rapid integration with existing
management frameworks
• OpenStack
• Tenant- and application-aware
Southbound API
• Publish data model
• Open source
• Enables application portability
*Only straight chains supported at FCS
System
Management
Hypervisor
Management
Automation
Tools
Orchestration
Frameworks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Automation Scale and
Performance Security Simplicity Open
Agility and Visibility
APIC
Agenda
1. Emerging Data Center Requirements
2. Application Centric Infrastructure (ACI) Introduction
3. ACI Fabric
4. Nexus 9000 Hardware
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
ACI Fabric IP Network with an Integrated Overlay
• ACI Fabric is based on an IP fabric supporting routing to the edge with an integrated overlay for host routing
‒ All end-host (tenant) traffic within the fabric is carried through the overlay
• The fabric is capable of supporting an arbitrary number of tiers and/or partial mesh if required
• Why choose an integrated overlay?
‒ Mobility, scale, multi-tenancy, and integration with emerging hypervisor designs
‒ Data traffic can now carry explicit meta data that allows for distributed policy (flow-level control without requiring flow-level
programming)
IP fabric with
integrated overlay Each node will be assigned loopback IP
address(es) advertised through IS-IS
IP un-numbered
40 Gb links
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
802.1Q VLAN 55
NVGRE VSID 5165
VXLAN VNID 8765
Port 1/4
10.10.11.12 VRF Retail Bank
10.10.11.12 VRF Shared
192.168.11.3 VRF Storage
Port 8/2
• Forwarding is fully decoupled, flattened IP address space
• You can define a Bridge Domain forwarding policy to ‗create‘ standard VLAN behavior where required
True ‘Any to Any’ Connectivity
Forwarding within the Fabric is defined by forwarding policy
defined by the Application Network Profile (EPG) policy, ‘not’ by the VLAN,
VXLAN, Subnet, VRF, …
All single port can support all
encapsulations simultaneously
Forwarding is defined by Policy EPG ‘Web’
can talk to EPG ‘DB’ independent of IP
subnet, VLAN/VXLAN, VRF is Policy says
it should
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Policy Coordination with VM Managers
Network policy coordination with virtualization managers
Automatic virtual end point detection and policy placement
Policies consistently implemented in virtual and physical
Network policy stays sticky with VM
Hypervisor Management
Web App DB
Application Profile
Network Policy Coordination
Web App DB
PortGroups VM networks
VM Attach / Detach
notification PortGroup
VM mobility notification
APIC
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
VMware Integration – App Instantiation
Instantiate VMs
VI / Server Administrator
Fabric
Policy
Download
Create
Application Profile
Web
App
DB
Web
App
DB
Creation of PortGroups
APIC Administrator
vCenter
Map to
PortGroups
2013
APIC
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Nexus 1000V Integration Overview
ACI-focused Control protocol
Control channel in Port Channel, VPC modes
VM attach/detach, link states notifications via control channel
vMotion
VEM extension to the fabric
vSphere 5.0 and above (4.1 under consideration)
BPDU Filter/BPDU Guard
SPAN/ERSPAN
Port level stats collection
ACI Fabric Controller
Southbound
API
VM VM VM VM
Cisco Nexus 1000V
vSphere
Hypervisor Manager
APIC
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Automation Scale and
Performance Security Simplicity Open
Agility and Visibility
APIC
Agenda
1. Emerging Data Center Requirements
2. Application Centric Infrastructure (ACI) Introduction
3. ACI Fabric
4. Nexus 9000 Hardware
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Merchant+ ASIC Foundation
State of the Art Mechanical
Design
Object Oriented Programmable
OS
Next Gen Development and
Verification Methodology
Two Modes of Operation
Standalone (NX-OS)
Fabric Mode
Built with a Better Switch – Nexus 9000
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Modular Switch Platform – Nexus 9500
Nexus 9508 • 13 RU high
• 30Tbps fabric today
• Up to 288p 40G &
1,152p 10G
• Headroom for 100G
densities
(connectors, power)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Fixed Switch Platform – Nexus 9300
Nexus 9396PQ
• 48 port 10G SFP+ & 12 port 40G QSFP+
• 2 RU
ACI Ready Access Uplink Module
Nexus 93128TX
• 96 port 1/10G-T & 8 port 40G QSFP+
• 3 RU
Nexus 9300 - Common
• Redundant FAN and Power Supply
• Front-to-back and Back-to-Front airflow
• 12 port 40G QSFP+
• Additional 40MB buffer • Full VxLAN Bridging & Routing Capability
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Problem • 40G Optics are significant portion of network CAPEX
• 40G Optics require new cabling
Solution • Re-use existing 10G MMF cabling infrastructure
• Re-use patch cables (same LC connector)
Cisco Optical Innovation Removing 40G Optics and Cabling Barriers
Cisco 40G SR-BiDi QSFP • QSFP pluggable, MSA compliant
• Dual LC Connector • Support for 100m on OM3 and 125m+ on OM4
• TX/RX on 2 wavelength @ 20G each
Available end of CY 13
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Open, Flexible, & Choice
of Programmability Modes
Per-Box
Programmability Centralized Fabric
Programmability
Enhanced
NXOS
Policy Controller
iNXOS
1/10/40/100GE
Common Platform
Network Ops Driven,
Switch Automation
User Driven, Policy Based
Fabric Automation
Q4CY13 Q2CY14
Common Platform & Investment Protection Complete Architecture
APIC