Brent Salisbury CCIE#11972 Network Architect University of Kentucky 9/22/2012
description
Transcript of Brent Salisbury CCIE#11972 Network Architect University of Kentucky 9/22/2012
Brent Salisbury CCIE#11972Network ArchitectUniversity of Kentucky 9/22/2012https://twitter.com/#!/networkstatic
OpenStack & OpenFlow Demo
Network is the Substrate• Cloud computing refers to the delivery of computing and storage capacity
as a service to a heterogeneous community of end-recipients. The name comes from the use of clouds as an abstraction for the complex infrastructure it contains in system diagrams. Cloud computing entrusts services with a user's data, software and computation over a network.
• Cloud computing relies on sharing of resources to achieve coherence and economies of scale similar to a utility (like the electricity grid) over a network. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services over networks.
“I need a different VM placement policy”
“I’ll build in a way to share revenue with my customer’s”
“I want to report on my customers SLAs”“My UI will be easier to
use”
“I have a much better way to snapshot machine images”
“I let my customers span multiple clouds”
OpenStack
Example of the Future: Open Source Cloud Framework
Good Parents 170+ companies
Typical Provisioning Workflow-Paperwork-Storage-Systems-Network-Security-Licensing-Scheduling-Reporting-Billing-Repeat-Efficiency?
Demo Components• OpenStack - Orchestration• OpenvSwitch - Network Virtualization• Kernel Virtualization Module (KVM) –
Hypervisor• Bare Metal x86 Server Dell r910 & r720
10 minute demo the following As Provider
• Provision new customer/tenant and UIDs.• Modify policy for quotas including usage in storage, VCPU,
memory, images OS and capacity, network addressing based on customer need.
As Customer• Login as user and self-provision SSL keys and apply 5-tuple
security policy to each host we spin up.• Launch Windows 2008 R2 and Linux hosts with varying
levels of memory, CPU and ephemeral storage.• Assign networks to these hosts based on purposing.
As Provider and Customer• Review usage data for capacity planning, SLA fulfillment,
usage analytics and billing.
Nerd WarningBPDUGuard good
Demo Topology
Software Defined Networking
Warning: Contains optimism (Plug to http://PacketPushers.net for Unicorn Humor!)
PE
P
PE
P
MPLS Core
Customer ACustomer B
Customer ACustomer B
FlowVisorFlowVisor
Control Plane SDN Controller
• It should be the next x86 market. Have we admitted that yet? • The value in abstraction is proven.
Can I not be a cheaperMerchant silicon chip?
Control Plane SDN Controller
Old slide but still valid imo
Change is Bad
• We are operating far to close to the hardware. o Do systems administrators configure their services in x86 Bios? Well, we do.
• Generic components decomposed into resources to consume anywhere, anytime.
• Abstraction of Forwarding, State and Management.o Forwarding: Networking gear with flow tables and firmware.o State: Bag of protocols destruction.o Management: Orchestration, CMDB etc. Join the rest of the data center (and world)
GENI FlowVisorOpenflow Controller
Physical Network Infrastructure
Router, Switches, RIB, LIB, TCAM, Memory, CPU, ASIC.
Virtualization
HyperVisors, Vmware, Hyper-V, KVM, Xen, X86
Instruction Set
Physical Server Infrastructure
Servers, CPU, Memory, Disk, NIC, Bus.
Physical HW
Slices
SDN NetworkVM Farms Today
WindowSlice
Windows
SlicesWindow
Slice
Windows
SlicesWindow
Slice
Windows
SlicesWindow
Slice
GeneralPurpose
SliceWindow
Slice
ResearchSlices Window
Slice
SecureNetwor
kSlice
Not New Ideas
Planes Trains and Fabrics..
SDN Controller Framework Generic Switch Architecture
Data Path (Hardware)
Control Path OpenFlow
OpenFlow Controller
OpenFlow Protocol (SSL/TCP)
Next Few slides are from presentation from Srini Seetharaman Deutsche Telekom
Controller
PC
HardwareLayer
SoftwareLayer
Flow Table
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport Action
OpenFlow Client
**5.6.7.8*** port 1
port 4port 3port 2port 1
1.2.3.45.6.7.8
OpenFlow Example
OpenFlow Basics Flow Table Entries
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
L4sport
L4dport
Rule Action Stats
1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Send to normal processing pipeline4. Modify Fields5. Any extensions you add!
+ mask what fields to match
Packet + byte counters
VLANpcp
IPToS
ExamplesSwitching
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* 00:1f:.. * * * * * * * port6
Flow Switching
port3
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6
Firewall
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * * * * 22 drop
ExamplesRouting
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * 5.6.7.8 * * * port6
VLAN Switching
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * vlan1 * * * * *port6, port7,port9
00:1f..
Multi-Tenant Slicing
>Doh!
Jumbled Protocol Picture source: Nick McKeown