from software defined to policy driven – evolution of...
TRANSCRIPT
From Software Defined to Policy Driven – Evolution of Agile Application Deployment
David Klebanov Technical Solutions Architect
November 6th, 2014
2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Current Application Deployment Model
§ Software Defined Approaches
§ Application Centric Infrastructure
Agenda
3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Applications are Front and Center
§ Data Centers exist for deploying applications
§ Question: what is an Application?
§ Answer: it is all of it!
§ How do you provision application today?
CONNECTIVITY? PHYSICAL SERVERS?
VIRTUAL MACHINES? STORAGE? SECURITY/HIGH
AVAILABILITY? Application QUALITY OF SERVICE?
4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Traditional App Deployment Methodology
Infrastructure Domain Application Domain
Application Development
Network Compute
Virtualization Storage
Operations
Security Hi-Avail
Compliance
What’s wrong with this?
5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Language Barriers
Application Tiers
Provider / Consumer Relationships
App Developer’s View
Human Translator
Infrastructure Team’s View
VLANs
Subnets
ACLs
FW Rules
Virtual Networks
LUNs
LB Rules
Virtual Machines
Physical Machines
Zoning
§ Sequential and time consuming § Manual and human-error prone § Mismatched operational models
6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Network
Current SDN Approach Top-Down Control
OpenFlow
Controller
Flow #2
Flow #1
§ “Micromanagement” § Not hardware friendly and
does not scale
§ Limited in functionality with specific deployment cases…SDN 2.0*?
§ Only focuses on connectivity semantics
It is software defined, but…
* Scott Shenker https://www.sdncentral.com/news/scott-shenker-preaches-revised-sdn-sdnv2/2014/10/
7 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Current SDN Approach Top-Down Control
§ Primarily caters to all-virtualized environment
§ Reproduces existing network principles, shifts complexity
§ Multiple networks to run § Software performance
It is software defined, but… Hypervisor
Network Virtualization
Controller
8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Can we do better?
Focus on what’s important – Applications!
9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Centric Infrastructure
10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Easy Button
Wouldn’t it be nice if we had?
11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Physical and Virtual Infrastructure
Security and High Availability
Applications
Web App DB
Rapid Application Deployment Methodology
Common Pool of Data Center Resources
Abstract
Automation Tools
Hypervisor Management Cloud Management Platforms
Monitoring Tools Orchestration Framework
12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
## Network Profile: Defines Application Level Metadata (Pseudo Code Example) <Network-Profile = Production_Web> <App-Tier = Web> <Connected-To = Application_Client> <Connection-Policy = Secure_Firewall_External> <Connected-To = Application_Tier> <Connection-Policy = Secure_Firewall_Internal & High_Priority> . . . <App-Tier = DataBase> <Connected-To = Storage> <Connection-Policy = NFS_TCP & High_BW_Low_Latency> . . .
Application Centric Infrastructure
Application Policy
DB App Web
Decouple
Physical and Virtual Infrastructure
§ Stateless definition of application requirements
§ Abstracted from infrastructure implementation
§ Define the “What”, not the “How”
13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Promise Theory Principle Imperative and Declarative Control
1 2 3
4 5 6
“Stack boxes 1-‐6 in numerical order from le8 to right, top to bo=om.”
4 5 6
2 3
1
“I want the boxes to look like this.”
ACI Promise Theory the “What”
(Intent)
Top-Down SDN Model the “How”
14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Policy Distribution and Resolution
Physical and Virtual Infrastructure
§ XML/JSON defined § Policy Distribution
- Routers, Switches, ADCs, FWs etc.. - OpFlex Protocol
§ Policy Resolution - Just-in-time
POLICY AGENT
Application Policy
Application Policy
Application Policy
Application Policy
Application Policy
Application Policy
15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Policy Mobility
Physical and Virtual Infrastructure
Physical and Virtual Infrastructure
Physical and Virtual Infrastructure
Physical and Virtual Infrastructure
Application Policy
Application Policy
Application Policy
Application Policy
§ Disaster Recovery § Distributed Applications
Site 1 Site 2
Site 3
Application Location
Independence
16 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Improving Application Performance Software Defined Control, Hardware Defined Performance
§ Dynamic Loadbalancing
§ Flowlet Switching
80% Improved Application Flow Completion
4x..16x Increase Bandwidth
60%
Increase Utilization
60% 90%
§ Dynamic Flow Prioritization
§ Congestion Monitoring
17 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Telemetry and Visibility System Wide Coordination
§ Per Application § Per Tenant § Per Infrastructure
SYSTEMS TELEMETRY
APPLICATION HEALTH SCORE
LATENCY
VISIBILITY
VMs
Physical
Application Delivery Controller
Firewall
Microsecond(s) 5
16
8
Packet Drops 25
96%
Physical and Virtual Infrastructure
18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
An Open Approach
Physical and Virtual Infrastructure
Open Framework for Services Nodes
Integration
Open Policy Protocol*
Controller Choice
Automation Choice
RESTful APIs
Standard Protocols
Hypervisor Choice
Platform Choice Physical, Virtual,
Containers
Group Based Policy**
* http://tools.ietf.org/html/draft-smith-opflex-00 ** https://wiki.openstack.org/wiki/GroupBasedPolicy
19 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Useful Links
§ ACI Landing Page http://cisco.com/go/aci
§ Overview: Group Based Policy with OpenStack https://www.youtube.com/watch?v=jF4aK1b383g&feature=youtu.be
§ Demo Video: Group Based Policy with OpenStack https://www.youtube.com/watch?v=a3Ur1IDyALA
§ Group Based Policy Extension for OpenStack Networking: https://www.openstack.org/summit/openstack-paris-summit-2014/session-videos/presentation/group-based-policy-extension-for-networking
§ Whitepaper: Group Based Policy with OpenStack http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-733126.html
§ OpenDaylight Group Policy https://wiki.opendaylight.org/view/Group_Policy:Main
20 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Questions? David Klebanov [email protected] @davidklebanov
Thank you.