embracing sdn in next generation networks

1 Cisco Public

Embracing SDN in Next Generation Networks Introduction and Use Cases Moving SDN Beyond the Hype

Craig Hill Distinguished Systems Engineer U.S. Federal, CCIE #1628 [email protected]

Day at the Movies

February 25, 2015

Eric Voit Principal Engineer Core Software Group (CSG) [email protected]

2 Cisco Public

•  Introduction…Evolution, Why and What is SDN, Control Plane Architecture Models

• SDN Controller and Open Daylight Deep Dive

• SDN in the WAN – Overview and Use Cases

• What is YANG? Overview and Direction…

• Network Function Virtualization (NFV) Overview and Use Case

• Data Center Fabric Overlay Solutions – Intro to ACI

• Summary

© 2013 Cisco Systems, Inc. All rights reserved. Cisco and Customer NDA Only

“A platform for developing new control planes” “An open solution for VM

mobility in the Data-Center”

“An open solution for customized flow forwarding control in and between Data Centers”

“A means to do traffic engineering

without MPLS”

“A way to scale my

firewalls and load

balancers”

“A solution to build a very large scale layer-2 network”

“A way to build my own security/encryption solution”

“A way to reduce the CAPEX of my network

and leverage commodity switches”

“A way to optimize broadcast TV delivery by optimizing cache placement and

cache selection”

“A means to scale my fixed/mobile gateways and optimize

their placement”

“A solution to build virtual topologies with optimum

multicast forwarding behavior”

“A way to optimize link utilization in my network enhanced, application driven routing”

“A means to get assured quality of experience for

my cloud service offerings”

“A way to distribute policy/intent, e.g. for DDoS prevention, in the

network”

“A way to configure my entire network as a whole rather than individual

devices”

“A solution to get a global view of the network – topology and state”

“Develop solutions at software speeds: I don’t want to work with my network vendor or go

through lengthy standardization.”

Key Drivers: Device/Network Virtualization, Automation, Open Programmability, Simplified Operations , Central orchestration

“A solution to automated network configuration and control”

4 Cisco Public

in·flec·tion point Noun 1. MATHEMATICS a point of a curve at which a change in the direction of curvature occurs

2. BUSINESS a time of significant change in a situation; a turning point

5 Cisco Public

#1

August 3, 2006


#2 – STANFORD “CLEAN SLATE PROJECT” - OPENFLOW •  Original Motivation

Driven out of Stanford’s Clean Slate Project

Research community’s desire to be able to experiment with new control paradigms

•  Base Assumption

Providing reasonable abstractions for control requires the control system topology to be decoupled from the physical network topology (as in the top-down approach)

•  OpenFlow was designed to facilitate separation of control and data planes in a standardized way

•  Current spec is both a device model and a protocol OpenFlow Device Model: An abstraction of a network element (switch/router); currently (versions <= 1.3) focused on Forwarding Plane Abstraction.

OpenFlow Protocol: A communications protocol that provides access to the forwarding plane of an OpenFlow Device

7 Cisco Public

Software defined networking (SDN) is an approach to building computer networks that separates and abstracts elements of these

systems

What is SDN? (per Wikipedia definition)

8 Cisco Public

In other words…

In the SDN paradigm, not all processing happens inside the

same device

Software defined networking (SDN) is an approach to building computer networks that separates and abstracts elements of these

systems

9 Cisco Public

Why SDN? What is the focus and target for SDN?

Cisco Confidential 10 © 2014 Cisco and/or its affiliates. All rights reserved.

INFRASTRUCTURE AND OPERATIONS IS EVOLVING

Orchestrated (Programmatic API)

Tight App Linkage to Network

Hybrid Cloud

Automated, “IT-less”

Open & Interoperable

Configurable (CLI)

Apps Independent of Network

Private vs Public Cloud

Managed

Proprietary

11 Cisco Public

Virtualization = explosion in Objects

Cost per Object must Agility must Operations must Adapt

Evolving choices in abstraction

Easy Button GUI CLI API

50%+ of outages from mis-config

Speed to activation too slow

Mechanization of logic in CCIE brains

Peering of Controller & Network Element Intelligence

12 Cisco Public

…to “Automate” and “Simplify” the centralized provisioning

administration of the network…

13 Cisco Public

…and for the network to have greater awareness of “Application” needs

14 Cisco Public

Research/Academia

§  Experimental OpenFlow/SDN components for production networks

Massively Scalable Data Center

§  Customize with Programmatic APIs to provide deep insight into network traffic

Service Providers

§  Broad service offering, Policy-based control, analytics, optimized to monetize service delivery

Enterprise §  Virtualization of

workloads, Hybrid cloud, specific functions, security and user focused

CUSTOMER TARGET AREAS AND USES TO LEVERAGE SDN

Ø  Network “Slicing”, experimentation with network programming

Ø  Network flow management, Rapid provisioning and rich set of services

Ø  NFV, Agile service delivery (XaaS), network wide service orchestration, cross domain

Ø  Private Cloud Automation, WAN optimizing, TE, simpler mgmt and provisioning for QoS, policies…

Cloud (Ent/SP/H)

§  Automated provisioning and programmable overlay

Ø  Scalable “Multi- tenancy” XaaS, Automated and rapid provisioning, multi functions, elastic up/down services, scale

Not a single “one size fits all”. Diverse functionality, outcomes, required across segments

Cisco Confidential 15

“…In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications…”

Opensource software for building public and private Clouds; includes Compute (Nova), Networking (Neutron) and Storage (Swift) services.

Open source project formed by industry leaders and others under the Linux Foundation. “…OpenDaylight's mission is to facilitate a community-led, industry-supported open source framework, including code and architecture, to accelerate and advance a common, robust Software-Defined Networking platform…”

“NfV- Network function Virtualisation is an ETSI ISG (Industry Specification Group). NfV is the transition of network infrastructure services to run on virtualised compute platforms – typically x86

16 Cisco Public

Traditional Control Plane Architecture (Distributed)

•  Control plane is tightly coupled to the network device •  Minimal application programmability of network devices (CLI, SNMP,

NETCONF) •  EX: Cisco router, Catalyst or Nexus switches

Application

Distributed Control Plane

Data Plane

Centralized Control Plane

APIs

17 Cisco Public

•  Control plane is centralized

•  Control plane abstracted from the forwarding HW

•  Communications channel exists between control plane and forwarding HW (OpenFlow agent on device)

•  EX: OpenFlow Model (controller, agent on HW)

Application


Data Plane


APIs

SDN Control Plane Architecture (Centralized)

Control channel


CENTRALIZED CONTROL PLANE CONCEPTS Implementation Perspective: Evolve Control-Plane and Network Programmability

“South Bound” control and API

Packet Forwarding Hardware Packet

Forwarding Hardware

Packet Forwarding Hardware

Hardware controlled through Southbound API

Controller Operating System controlling entire network

“North Bound” control and API

App App App App Applications layered on top

SDN Control Plane Architecture (Centralized)

Communication Channel To Network element

19 Cisco Public

Application Frameworks, Management Systems, Controllers, ...

Device

Forwarding

Control

Network Services

Orchestra8on

Management

…

…

OpenFlow

OpenFlow

Opera8ng Systems – IOS / NX-‐OS / IOS-‐XR API (OnePK) and Data Models (YANG)

OpenStack Puppet OnePK C/Java

Puppet

Neutron

Protocols

“Protocols” BGP, PCEP,...

Python NETCONF REST ACI Fabric

OpFlex

onePK Plug-‐Ins

RESTful

YANG XML/JSON

20 Cisco Public

THERE ARE MANY OPTIONS FOR PROGRAMMABILITY

• PCEP • BGP-LS • OpenFlow • Netconf • Yang •  I2RS • BGP-FlowSpec • ReST • onePK

• Puppet • Chef • Ansible • SNMP • NetFlow • CLI • Syslog • Others...

Yellow – directly to device Blue – either direct to device or controller (NB)

21 Cisco Public

OpenFlow is a Layer 2 communications protocol that gives access to the forwarding plane of a

network switch or router over the network

What is Openflow? (per Wikipedia definition)

22 Cisco Public

1.  Openflow Controller 2.  Controller + NB API 3.  Openflow Device agent 4.  Openflow Protocol

4 Components to Openflow

23 Cisco Public

Ope

nflo

w v

1.0

Basic Flow Table and 12 Tuple example…

FLOW TABLE HEADER FIELDS COUNTERS ACTIONS

…

…

… …

… …

Ingress Port

Source MAC

Dest MAC

Ether Type

VLAN ID

VLAN Priority

IP SRC

IP DEST

IP Protocol

IP TOS

TCP/UDP SRC

TCP/UDP DEST

HEADER FIELDS

This is the “Famous” Openflow 12 Tuple

1 2 3 4 5 6 7 8 9 10 11 12

24 Cisco Public

Ope

nflo

w v

1.0

Sw

itch

FLOW TABLE

SWITCH FORWARDING ENGINE

OPENFLOW CONTROLLER

Required Actions Supported by “Openflow 1.0” Switch

6

2

7

CPU

1

34

5

Required Actions 1 Forward out all ports

except input port

2 Redirect to Openflow Controller

3 Forward to local

Forwarding Stack (CPU)

4 Perform action in flow table

5 Forward to input port

6 Forward to destination port

7 Drop Packet

25 Cisco Public

HYBRID CONTROL PLANE MODELS

•  Offers the best of both models

•  Utilizes existing distributed and central control plane

•  Central controller for optimized Behavior and performance

•  Leverage current routing innovations and services (IP/MPLS, TE, L2 VPN, convergence, OAM…) with benefits of central programmable orchestration

Application


Data Plane


APIs

Applications

Network Middleware

Network Devices: On-Box Control Plane

Centralize When Needed, Default Distributed Control Plane for All Else

Source: ONF Hybrid WG


•  Open Innovation, Open Source, Open API’s to offer programmability and granular control from from applications beyond CLI

•  Centralized Programmability, Automation, and orchestration of network-wide functions

Automate and orchestrate behavior to many devices… WAN BW, NFV, service chains, and XaaS

•  Virtualization (NFV) capabilities of physical network elements

Leverage service-chaining of Phy/Virt – routers, FW, LB, all elements

•  Ability to orchestrate, provision, insert L4-L7 in real-time

•  Leverage the abstraction of SDN to solve real problems, not add more technology to the network

KEY TARGET AREAS AND COMPONENTS FOR A SDN

Mask Complexity, Virtualizing Network Functions, Central Orchestration, Open API’s

•  Utilizes existing control/data plane model + abstracted control plane and API’s to leverage application programmability

•  Offers the best of current routing (IP/MPLS, convergence, OAM) with benefits of programmable API’s, while leveraging network analytics

Hybrid Model - Collaborative Control Plane Architecture

27 Cisco Public

Policy (Application + Network + Security)

EXPOSE NETWORK INTELLIGENCE – BI-DIRECTIONALLY

Services Orchestration Analytics

Applications

Network

Workflow and Intent

Programmability

Network Intelligence, Guidance

Statistics, States, Objects and Events

Harvest Network Intelligence and Security

Program for Optimized Experience

28

“BUY” “MAKE/BUILD”

More interested in Integrated Solution Sets

Open Source and Component

Technologies

29

“Buy Solution” Customer Set

“Make/Build” Customer Set

APIC | APIC-EM | WAE OpenDayLight Open Tool Sets

Cisco SDN Strategy

30

SDN CONTROLLER APPLICATIONS TARGETING CUSTOMER BUSINESS PROBLEMS

31

ACI (N9K,UCS,FW,LB,IPS)

Data Center

APIC EM

ISR/ASR1K Router, Catalyst Switch

Enterprise Network

ASR9K,CRS, NCS6k/4k/2k

WAE on ODL APIs

Deployer Collector

SP WAN

VNF VM, Orchestration (vCPE,vPE,vFW,vIPS)

NFV

vCPE vFW vIPS

Customer Business Oriented Applications

•  Focus is on specific Ent campus and Branch applications on Cisco HW

•  SSH into platform

•  Focus is on self-deployed IP/MPLS WAN

•  ODL, open standard protocols

•  Focus is providing NFV orchestration (vMS)

•  Targeting SP like agencies

•  Streamlined use cases

•  Focus is on private DC and cloud deployments

•  Lead DC solution, integration with UCS, eco-system

32

•  Target all areas of customer network domains •  Data Center, Enterprise (WAN, Campus), SP and/or large Enterprise WAN, SP Cloud offerings •  Programmability, applications, open API’s, orchestration, virtualization, and automation


Data Center

APIC EM


Ent Network


ODL Controller APIs

Deployer Collector

SP WAN

VNF VM (vCPE,vPE,vFW,vIPS)

NFV

vCPE vFW vIPS


33


Data Center

APIC EM


Ent Network


ODL Controller APIs

Deployer Collector

SP WAN


NFV

vCPE vFW vIPS


34

APIC-EM (Enterprise Module) QoS | ACLs | Topology | Inventory | ZTD

35

APIC-EM: QOS CLASSIFICATION APPLICATION (EXAMPLE)

36


Data Center

APIC EM


Ent Network


ODL Controller APIs

Deployer Collector

SP WAN


NFV

vCPE vFW vIPS


37 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Open Daylight

Project OpenDaylight

“Daylight is an open source project formed by industry leaders and others under the Linux Foundation with the mutual goal of furthering the adoption

and innovation of Software Defined Networking (SDN) through the creation of a common vendor supported framework.”

OpenDaylight by the Numbers

https://www.openhub.net/p/opendaylight Statistics per 24-Feb-2015

OpenDaylight by the Numbers

https://spectrometer.opendaylight.org Statistics per 24-Feb-2015

OpenDaylight Architecture

Model Driven Controller Architecture Controller naturally exposes all APIs: Devices and Network APIs

User

Controller

Device

Device Models

Device, Network Service Models

API Network Policy

API Inventory

API Topology

API Rou7ng

API Device-‐ACL

API Device-‐QoS …

Automatically generated APIs based on models

Device models loaded into Controller

Northbound API = SUM (Device APIs) + Controller-Services APIs

APIs – Device, Network, Services

Device-‐ACL Model

Device-‐QoS Model

Network Policy Model

Inventory Model

Topology Model

Network Rou8ng Model

…

Device Inventory Model

Device Topology Model

Rou8ng Model

Device-‐ACL Model

Device-‐QoS Model …

OpenDaylight Architecture Model Driven SAL

43

Network Elements

Abstraction Layer

SB Protocol PCEP OF x.y …

Network Topology

Links Nodes

Paths

NE … NE

System Flows

Table … Table

Table …

Flow Flow Flow

Config Stats

Tunnels …

NE

BGP-LS OF-Config/OVSDB

Config Stats … Table

Table

… Flow Flow Flow

Applications

Network Service Plugin

Platform Service Plugin

Transformer/ Adapter

Java & REST SAL APIs (Generated)

Northbound APIs (Generated & Handcrafted)

Java SAL APIs (Generated)

Internal Plugin

44

CISCO OPEN SDN CONTROLLER AKA “CISCO DAYLIGHT” (CDL 1.0)

45

OPEN SDN CONTROLLER

OpenFlow

REST APIs

MODEL DRIVEN SERVICE ABSTRACTION LAYER

3rd PARTY NETWORK SERVICE FUNCTIONS

BASE NETWORK SERVICE FUNCTIONS

Other Industry Standard Interfaces

•  OpenDaylight Helium MD-SAL services

•  High availablity •  Clustering •  Data replication and persitance •  Distributed datastore

•  Serviceablity enhancements (logs, metrics, monitoring & management)

•  OVA distrubtion & 1-click service addition

•  Karaf container support

•  Developer tools & samples apps

•  OpenFlow, NetConf/Yang, BGPLS, PCEP, OVSDB, etc

© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 46

.

Cloud

VM VM

Data Access rate to/from the Cloud

VM VM


Dynamically adjust policers as traffic moves about the cloud

Data Center 1

VM

VM

VM

VM

VM

VM

Data Center n

VM

VM

VM

VM

VM Policer

Forward to DDoS Appliance if Bandwidth Threshold hit

The Simplest Use Cases

Conceivable

Use cases described in draft-voit-netmod-peer-mount-requirements


Controller based Fast Feedback Loop

•  Synchronization between SDN controller and routers/switches enables data plane counters to be used in domain wide services

Data Center 1

Data Center n

•  Effectively a Cloud Counter: many thresholds, custom actions


Data Center / Cloud

DC2

DC1

WAN PE 2

PE 1

Traffic Spike

PE 3

VM Move

P

P

P

Continuous rebalancing of policers

Policer values modified across Domain

Bandwidth threshold recognition

DC

Synchronized Counter Delivery

(YANG)

Out of Profile Traffic Policed Traffic

P Policer

In Profile Traffic


Network

PE3

56.0.0.0/8 = 2 MB/s

PE1

PE2

Offered Downstream Traffic: 4 MB/s

56.0.0.0/8 = 1 MB/s Ingress interface stats

Interface E0

56.0.0.0/8 = 1 MB/s Ingress interface stats

Interface E0

Network Element

Police 56.0.0.0/8 to 7 MB/s*

Police 56.0.0.0/8 to 7 MB/s*

Police 56.0.0.0/8 to 8 MB/s*

Ingress interface stats

Interface E0

DC2

DC1

WAN PE 2

PE 1

Global Rule: Police ∑ traffic to 10 MBs Subnet: 56.0.0.0/8

18

8

9

Domain Wide Calculation

Policy continually updated

Traffic Spike

4.4

0.6

5.0

PE 3

VM Move

0.6

4.7

4.7

8.5

8.5

1

10MB/s Max Cloud Usage

Statistics from the PE

Minimal config


Device policers dynamically updated against Cloud SLA of 100Mb/s

A9K: 30 Second updates (Hardware limit) CSR : 2 Second updates (also A1K/ISR)


DC

Data Center / Cloud

DC Edge

WAN

Apply Action across Domain

Sustained out of Profile Traffic Normal Traffic Pattern

Network based Threshold Trigger

Identification of suspect traffic spike


DC

DC Edge

“Bridge In” Scrubber when Threshold Trigger hit Data Center / Cloud

WAN

Sustained out of Profile Traffic Scrubbed flows

Policy can be automatically removed several ways: •  Strict timeout (if DDoS is still underway, filters will reinstall) •  Sum of ingress router flows falls below less than threshold •  DDoS scrubber notifies end of attack (or there is no attack)

VM bound traffic thru existing DDoS Solutions


DC

DC Edge

Loose Coupling with 3rd party scrubbing solutions Data Center / Cloud

WAN

(b) Instruct edge to cut through safe sources

(a) Instruct edge to discard DDoS sources

(c) Extract scrubber when DDoS effectively mitigated (very efficient usage of DDoS Apps and CPU)

(d) retire ACLs when attack is over

55

PLANNED APPLICATIONS (PRELIMINARY VIEW)

OpenFlow Manager •  Openflow Topology Visualization •  Advanced Flow Management •  Flow based Troubleshooting •  Cisco supported extensions

Path Manager •  Enables PCEP based programming of

tunnels across the network

BGP-LS Topology Viewer •  Provides BGP-LS network topology

visualization

NETCONF ACL Editor •  Provides ACL view/edit capability to

NETCONF enabled devices

HyperGlance •  Visualizes, monitors and manages entire

SDN network in a single view

WAN Automation Engine •  Optimizes WAN bandwidth utilization via

design and planning

Cable Operator Apps •  Video Quality of Experience optimization •  Maintenance & operations automation

56

SDN IN THE WAN

57

“ 

Vijay Gill – GM, Global Network Services, Microsoft

https://twitter.com/vgill/status/227539039979446272


•  WAN is a critical conduit between customers, content, NFV -  User access to NFV resources and business applications

-  DC – to – DC

•  Must support legacy infrastructure

•  WAN bandwidth is costly and limited… maximize %util

•  Capacity planning is challenging!!! Targeted at maximizing WAN optimization, orchestration, and automation for customers who own their own WAN elements (Federal)

•  Must re-think how the WAN Engineering Cycles Evolve as the needs are On-Demand versus Days or Weeks

SDN in the WAN Delivers Critical Solutions Maximizing BW, Link Utilization, and Optimizing Engineering Cycles

Federal Owned WAN

Data Center

#1

Business

Data Center #2

Multi-Vendor, Multi-Environment

Flexible Infrastructure; New Classes of

Applications

Open & Interoperable Solutions; Standards &

Open Source Modular & Reusable

Components

59

TIGHTENING THE ENGINEERING CYCLE

Years/Months Weeks/Days Minutes/Seconds

Must Increase Service Velocity provisioning, Increase Link utilization, Limit Time to Deploy

60

SDN WAN ORCHESTRATION PLATFORM •  Application platform for placing traffic demands and

paths across an IP/MPLS WAN

•  North-Bound API: Java/REST

•  South-Bound (Bi-Directional): BGP-LS (update link-state TO controller), stateful PCEP (programs network elements FROM controller), Netc/YANG

•  Intelligent collector, planner, and optimizer engine and can leverage “what if” exercises for load placement

•  Multi-vendor enabled & extensible

•  Leverages OpenDaylight Infrastructure with “WAN Orchestration” applications (uses REST to controller)

Collector Programming

Application Engine

WAN

Databases

MATE Apps

Client Apps

Cross Domain Orchestration

APIs

IP/MPLS Segment Routing Multi-

Layer

SDN WAN

BGP-LS PCEP configlet

61

1 - Can I place this requested BW load on my network?

2 - If I do, which link(s) is outside my network capacity threshold?

WAN IP/MPLS

Segment Routing Multi-

Layer

… In Real-Time!!!

62

WAN ORCHESTRATION FRAMEWORK EXAMPLE: BANDWIDTH CALENDARING

WAN App

Program

NB API

WAN

R1

R2

R3

1

Data Center #1 Data Center #2

1.  Network conditions reported to collector consistently

2.  WAN Orch pulls latest Plan File every 20 min from existing MATE Collector

3. Customer App requests DC #1 – DC #2 bandwidth at Future Date/Time (in app)

4. Demand admission response: <R1-R3, B/W, Future Date/time>

5. Customer App confirms booking 6.  Two hours prior to activation placement

APP applies config in Traffic Mgr (app) 7.  Traffic Mgr programs the LSP on devices 8.  LSP setup for traffic

3

4

8

62

Collector 2

6

Customer App

Congested

BGP-LS PCEP

5

7

64

WAN AUTOMATION ENGINE (WAE) CUSTOMER USE CASES AND DEPLOYMENTS

65

WAN Application RESTful APIs

Programming Collection

USE CASE: DEMAND ADMISSION & PLACEMENT Problem: Demand placement requirement must take in account LOCATION as well as network impact (link over-subscription)

Solution: Application places demand on the suggested path/location and the network remains healthy leveraging under-subscribed links

BW Demand App

WAN

R1 R2

R3 Cloud Consumer Customer Site

Content Sites

Simple REST API Hides Complexity;

Utilizes Infrastructure Intelligence

66



Use Case: Bandwidth Scheduling (Calendaring) Problem: Provider’s customer has an “on demand” need for nightly DC backup or to move workloads

Solution: After determining a best path, Platform programs an LSP via PCEP.

WAN

R1

R2

R3 Data Center #1 Data Center #2

Congested!!

Simple REST API Enables Faster Solution without

Complexity

BW Calendar App

PCEP

67



Use-Case: TE Load Balancing Problem: A customer needs to efficiently use expensive BW links (EX: high cost links, perhaps trans-oceanic) and must optimize usage.

Solution: The most expensive network resources are fully optimized by calculation assigning best load share metrics using PCEP (extensions).

AS Foo

WAN R1

TE Tunnel Builder

App REST API Enables Solution;

Hides Complexity

PCEP

68

INTEGRATING OPENFLOW CLASSIFICATION WITH WAN SDN

69

Controlling Path BW Per flow with WAN SDN and OpenFlow

Cisco Confidential

PE1 Data Center #1

SiSi

WAN Application REST

API

Open Source Controller

PE2 Data Center #2

SiSi

PE3 Data Center #3

SiSi

Campus/DC Application

PCEP

BGP-LS

PCEP BGP-LS

OpenFlow 1.3

DC Edge

Router

Open Standard

SDN Switch

OF 1.3 Leveraging OF for packet-match traffic steering into TE tunnels setup by WAE

Congested Link

Congested Link

P2

P4

P1

P3

TE 1

TE 2

50 Mb

75 Mb

Flow 1

Flow 2

70

WAN Application

REST API

Open Source Controller DC

Application

PCEP

BGP-LS

PCEP BGP-LS

OpenFlow 1.3

OF 1.3

Leveraging OF “set FCID” action for packet-match traffic steering into TE tunnels setup by WAE

TE 1

TE 2

50 Mb

PE1 Data Center #1

SiSi

DC Edge

Router

Open Standard

SDN Switch

Flow 1

Flow 2

OPENFLOW - FLOW TABLE HEADER FIELDS COUNTERS ACTIONS

Flow 1

Flow 2

… Set FCID 1

… Set FCID 2

75 Mb

FCID 1 = Tunnel 1 FCID 2 = Tunnel 2

Signaled

FCID Group 1 = Tunnel 1

FCID Group 2 = Tunnel 2

Egress Forwarding Match

Controlling Path BW Per flow with WAN SDN and OpenFlow

71

YANG AND PUBLISH/SUBSCRIBE

72

Relational

others… Hierarchical

Object Oriented Distributed

Networks and network elements are constructed upon a variety of distributed data management mechanisms.

Flat file

YANG Model It is possible to represent network objects via hierarchical namespace, fully decoupled from the underlying database technologies. YANG is the modeling language being used by both the IETF and OpenDaylight for this.

Network Element

Link A-B

Peers

Topology

Interfaces

Router A Router B

Rule 1


RFC 6022: YANG Module for NETCONF Monitoring

RFC 6991: Common YANG Data Types

RFC 6087: Guidelines for Authors and Reviewers of YANG …

RFC 6095: Extending YANG with Language Abstractions

RFC 6110: Mapping YANG to Document Schema Definition…

RFC 6241: Network Configuration Protocol (NETCONF)

RFC 6243: With-defaults Capability for NETCONF

RFC 6470: Network Configuration Protocol (NETCONF) …

RFC 6536: NETCONF Access Control Model…

RFC 6643: Translation MIB Modules to YANG Modules

RFC 7223: A YANG Data Model for Interface Management

RFC 7224: IANA Interface Type YANG Module

RFC 7277: A YANG Data Model for IP Management

RFC 7317: A YANG Data Model for System Management

RFC 7407: A YANG Data Model for SNMP Configuration

Dozens of Models currently under development

Requirements for Subscription to YANG Datastores draft-i2rs-pub-sub-requirements Subscribing to datastore push updates draft-netmod-clemm-datastore-push

Publish/Subscribe


Taking YANG beyond being a programmatic replacement for SNMP /CLI

Applications have access to up-to-date network objects without Polling or Redundant Fetching

•  Application performance benefits •  Processing reductions

Traditional Device Subscribed Device

Application

YANG Datastore

Application

Anything different?

No. NO!

Yeah.

new stuff

fetch push


On Demand: ask for Object every time

On Change: Push on Object change

Application

Network Element

Datastore Node

object 1 (Subscribed) object 2

Publisher

Subscriber

Application

Network Element

Datastore Node

object 1 object 2

Periodic: Push Object every ‘X’ seconds

Application

Network Element

Datastore Node

object 1 (Subscribed) object 2

Publisher

Subscriber

What we have today: What YANG Publish/Subscribe enables:

regular stream random notification

fetch


Controller

Datastore

Application

Node object 1 object 2

Subscriber

Application

NMS

Subscriber

Network Element

Datastore Node (Subscribed) object 1

object 2

Publisher

Application

Subscriber

Peer Network Element

Subscriber

Transport Point-to-point & point-to-multipoint options e.g., Netconf, ZeroMQ, HTTP


Network Element Publisher

Push if

Orange or Yellow

Network Element

Datastore

Application


Publisher

Subscriber

Push if Orange or Yellow

state change

Datastore

Application


Subscriber

Filtering Events Maintaining Filtered Remote State

X X

knows something happened

can maintain subset of datastore

Stateless Filter Stateful Filter


Intermittent Reporting

n/a

if Object A currently has property then run process Distributed Analytics

Send Update if…

if Object A currently has property or Simple query

Object A exists

Filter Type

if Object A currently has property and different property Complex query if Object A currently has property and Object B has property Multi-object query

Complexity


Send Update if…

Object A property just changed Object A has been created/deleted

Filter Type

if Object A property just changed/deleted away from simple if Object A property just changed from to complex if Object A property just changed from and Object B has property multi-object if Object A property just changed/deleted away from , run process distributed analytics

Stateful

Object A has been created with property or simple if Object A property just changed to simple if Object A property just changed to and has different property complex if Object A property just changed and Object B has property multi-object if Object A property just changed, run process distributed analytics

Stateless

n/a

Filtering Events

Maintaining filtered

remote state

Complexity

81

•  Target all areas of customer functions and networks •  Data Center (Enterprise & SP), Enterprise (WAN, Campus), SP and/or large Enterprise WAN, SP Cloud offerings

•  Programmability and open API’s, orchestration, virtualization, rapid provisioning and automation


Data Center

APIC EM


Ent Network


WAE APIs

Deployer Collector

SP WAN


NFV

vCPE vFW vIPS


82

NFV extends the ”VIRTUAL” to L4-7 Services

NFV - Network Functions Virtualization

83

Creating Virtual versions of Services that traditionally ran on standalone appliances…

NFV

84

Some NFV Examples… Network Address Translation (NAT) Firewall Intrusion Detection (IDS/IPS) Domain Name Service (DNS) WAN Acceleration Load Balancing Deep Packet Inspection (DPI) Content Delivery (CDN) Broadband Remote Access (BRAS) Provider Edge (PE Router)

NFV


CISCO DYNAMIC SERVICES COMPOSER - INTRODUCTION

Dynamic Services Composer … an open, standards-based, modular architecture and platform for services orchestration … manages the physical & virtual network, as well as the compute & storage infrastructure to deliver carrier-class services … which range from VPC to NFV services

86

DYNAMIC SERVICES COMPOSER – OVERALL ARCHITECTURE Service Catalog

Network Service Orchestrator

VNF Manager

Virtual Topology System

RT-OSS or Upper layer Orchestrator

REST API

Service Lifecycle management

Service Provisioning

DCI Routing

Service Routing

Address Mgmt.

Openstack / Jcloud API

System

Managem

ent, High Availability

Service A

ssurance Framew

ork

Tenant 1 VNF1

Tenant 2 VNF1

VTF VRF1 VRF2

Tenant 1 VNF2

Tenant 2 VNF2

VTF VRF1 VRF2

Tenant 2 VNF3

Tenant 1 VM1

Tenant 2 VM1

VTF VRF1 VRF2

DC gateway

VRF1 VRF2

SW Overlay MPLSoGRE, L2TPv3, VXLAN

VM Orchestrator

Servers

RESTCONF/ YANG

MP-BGP

EPN SP WAN

VRF1

VRF2

End-User

CE2

CE1

Open Standards Based

87

DYNAMIC SERVICES COMPOSER (DSC) MULTI-TENANTED SERVICE INSTANTIATION & SERVICE CHAINING

Customer 1 Wants FW, NAT

External WAN, access to Cloud (IaaS, Storage,…)

SP Managed Service POD

SP Datacenter

Customer 2 Wants vCPE, vFW, vWAAS

vFW NAT

vCPE vFW vWAAS

Customer service is instantiated as a virtual service in the managed service POD. Multiple services combined

into a service chain

Multi-tenanted service chains

Dynamic Services Composer

Service Orchestrator

DSC Services Controller DSC Network Controller

System Management

and High Availability

Internet/VPN (Managed CPE)

Security (Managed FW)

NAT WAAS

Managed Services


•  Network Services can be daisy chained •  No restriction on the number of services in a chain •  Services can be dynamically inserted in the chain

SERVICES IN A CHAIN

DCI

SP WAN (L3VPN, L2VPN,

Internet)

Virtual Topology VM Foo Web VM Foo DB

FW NAT


•  Network Services can be daisy chained •  No restriction on the number of services in a chain •  Services can be dynamically inserted in the chain

SERVICES IN A CHAIN

DCI

SP WAN (L3VPN, L2VPN,

Internet)

Server 2

Virtual Topology

VM Foo DB VM Bar

vPE-F

Server 4

L3

Server-2 VM

WALMART VM1

GE-WEB

vPE-f L2/L3 VRF FIB L2

MPLS-over-GRE (or)

VXLAN Tunnels

Server 3

VM Foo Web VM Bar

vPE-F L3

L3

L3

VM Foo FW VM Bar

vPE-F L3 L3

Server 1

VM Foo Web VM Foo DB

VM Foo NAT VM Bar

vPE-F L3 L3

FW NAT


One-Stop-Shop Tenant Portal: Search by Product or Category

91

APPLICATION CENTRIC INFRASTRUCTURE (ACI)

92

•  Target all areas of customer functions and networks •  Data Center (Enterprise & SP), Enterprise (WAN, Campus), SP and/or large Enterprise WAN, SP Cloud offerings

•  Programmability and open API’s, orchestration, virtualization, rapid provisioning and automation


Data Center

APIC EM


Ent Network


WAE APIs

Deployer Collector

SP WAN


NFV

vCPE vFW vIPS


93

ACI is Cisco’s attempt to solve the most significant and important problems facing data center managers: how to more closely link the provisioning of data center networks with the applications running over those networks (i.e. “how do the apps talk to each other). … the goal is to reduce human error, shorten application deployment times, and minimize the confusion that can occur when application managers and network managers speak very different vocabularies. ” JOEL SNYDER

NETWORK WORLD

94

WHAT ARE THE KEY COMPONENTS OF ACI?

APPLICATION-CENTRIC INFRASTRUCTURE

CONTROLLER (APPLICATION POLICY

INFRASTRUCTURE CONTROLLER)

APIC

OPEN STANDARDS OPEN SOURCE

HARDWARE - FABRIC (NEXUS

9000 SERIES)

ECOSYSTEM (INDUSTRY LEADING, OPEN)

CHANGE

95

APPLICATION CENTRIC INFRASTRUCTURE MULTI-FUNCTIONAL, HYPERVISOR AGNOSTIC, VIRTUAL/PHY

Physical Networking

Multi DC WAN and Cloud

L4–L7 Services Storage

Integrated WAN Edge

Hypervisors and Virtual Networking

Nexus 2K

Nexus 7K

APIC

Compute (virtual/physical)

•  Encapsulation agnostic

•  Controller (APIC) driven with open API’s, broad Eco System

•  Simplified L4-L7 insertion, open vendor support

•  Embedded “White list” security

•  Open API’s “north” of APIC

•  Data plane “de-coupled” from the APIC controller

−  Third-party integration (Layer 4 - 7 services, storage, compute, WAN, etc.)

−  Image management (spine and leaf)

−  Fabric inventory

40G FABRIC

INTEGRATED LINE-RATE HOST DIRECTORY

TERTIARY APIC CLUSTER

96

Define Intent: How do apps talk to each other? ACI Goal: Automate the instrumentation of intent

97

APPLICATION CENTRIC INFRASTRUCTURE SERVICE GRAPH FOR THE APPLICATION

Outside Network

Web App DB

98

VM

VM

…

VM

VM

…

VM

VM

…

web app db

appl

icat

ion

The Outside

a collection of end-points connecting to the network… VMs, physical compute, …

Component Tier End Point Group Or VMware Port Group

a set of network requirements specifying how application components communicate with each other

Policy (Contracts) Access Control QoS Firewall L4 – L7 Services

rules of how application communicates to the external private or public networks

Application Profile application-centric network policy

Application Level Metadata Describes Application infrastructure dependencies

99

APPLICATION CENTRIC INFRASTRUCTURE SERVICE GRAPH ABSTRACTION FROM THE NETWORK

Outside (Tenant VRF)

Web App DB QoS Policy QoS Policy

FW Service Policy

QoS Policy

Access Policy LB Service Policy

APIC Decouple Application

from Infrastructure Decouple Application

from Infrastructure

100

External IP/MPLS WAN

Intranet

Extranet WAN Standard Routing

Protocol

Border Leaf

APIC APIC APIC

Web App DB

FW LB

101

•  Elastic service insertion architecture for physical and virtual services

•  Helps enable administrative separation between application tier policy and service definition

•  APIC as central point of network control with policy coordination

•  Automation of service bring-up / tear-down through programmable interface

•  Supports existing operational model when integrated with existing services

•  Service enforcement guaranteed, regardless of endpoint location

Web Server

App Tier A

Web Server

Web Server

App Tier B

App Server

Chain “Security 5”

Policy Redirection

Application Admin

Service Admin

Ser

vice

G

raph

begin end Stage 1 …..

Stage N

Pro

vide

rs

……..

Ser

vice

Pro

file

“Security 5” Chain Defined

ASA Netscaler VPX

102

FULL APPLICATION VISIBILITY A SINGLE VIEW OF YOUR APPLICATION IN A DISTRIBUTED ENVIRONMENT

Cisco Confidential

HEALTH SCORE

LATENCY

DROP COUNT

VISIBILITY

VMs Physical

Application Delivery Controller Firewall

102

96%

Microsecond(s)

Packets Dropped

5

25

7 3

103

OVERLAY TAXONOMY

Overlay Control Plane

Encapsulation

Service = Virtual Network Instance (VNI) Identifier = VN Identifier (VNID) NVE = Network Virtualization Edge VTEP = VXLAN Tunnel End-Point

Underlay Control Plane

Underlay Network Hosts

(end-points)

Edge Devices (NVE) Edge Device (NVE)

VTEPs

104

VXLAN IS AN OVERLAY ENCAPSULATION

Overlay Control Plane

Encapsulation

VXLAN

Data Plane Learning Flood and Learn over a multidestination

distribution tree joined by all edge devices

Protocol Learning Advertise hosts in a protocol

amongst edge devices

t

105

VXLAN PACKET STRUCTURE Ethernet in IP with a shim for scalable segmentation

Outer MAC Header Outer IP Header Outer UDP Header FCS

Allows for 16M possible segments UDP 4789

Hash of the inner L2/L3/L4 headers of the original frame.

Enables entropy for ECMP Load balancing in the Network.

Src and Dst addresses of the VTEPs

Src VTEP MAC Address

Next-‐Hop MAC Address

50 (54) Bytes of overhead

Reserved

VNI

Reserved

VXLAN Flags

RRRR

IRRR

8 Bytes

8 24 24 8

Checksum

0x0000

UDP

Len

gth

VXLAN Port

Source

Port

8 Bytes

16 16 16 16

Dest. IP

Source IP

Header

Checksum

Protocol

0x11 (U

DP)

20 Bytes

IP Heade

r Misc

. Data

32 32 16 8 72

Ethe

r Type

0x0800

VLAN

ID

Tag

VLAN

Type

0x8100

Src. M

AC

Address

14 Bytes (4 Bytes Op8onal)

Dest. M

AC

Address

16 16 16 48 48

Original Layer 2 Frame VXLAN Header

Large scale segmentation

Tunnel Entropy

Ethernet Payload

106

VXLAN EVOLUTION BGP EVPN CONTROL PLANE

•  Uses Multi-Protocol BGP w EVPN Address Family for Dynamic Tunnel Discovery and Host reachability

•  Supported across the product line: All Nexus and ASR

VTEP

Route Reflector

BGP Route Reflector

VXLAN Overlay

BGP Peers on VTEPs

VTEP

VTEP VTEP VTEP VTEP

VTEP

Route Reflector

https://tools.ietf.org/html/draft-ietf-l2vpn-evpn-11

107

HTTPS://DEVELOPER.CISCO.COM

108

“  .. In order to implement an SDN solution, it will be imperative for enterprises to firstly make themselves familiar with the technology and its components, create cross functional IT teams that include applications, security, systems and network to (1) get an understanding what they wish to achieve and, (2) investigate best-of-breed vendor solutions that can deliver innovative and reliable SDN solutions which leverage existing investments without the need to overhaul longstanding technologies… ”

Ben Rossi – InformationAge.com

January 16, 2015


Trivia Question

What are the names, of the two IETF protocols used on the OpenDaylight Controller, supporting the WAN Application Engine (WAE) app, to PULL link-state information, and PUSH MPLS-TE configuration and attributes?

110

THANK YOU

embracing sdn in next generation networks

Technology

cisco systems

cisco public embracing

network vendor

entire network

open solution

physical network topology

separation of control

network element switchrouter