CHANGING THE ECONOMICS OF THE DATA...
56
1 CHANGING THE ECONOMICS OF THE DATA CENTER Kristof Heuninck Data Center Group
Transcript of CHANGING THE ECONOMICS OF THE DATA...
1
CHANGING THE ECONOMICS OF THE DATA CENTER
Kristof Heuninck Data Center Group
2
Video Enterprise Networking &
Security
Collaboration Data Center/ Virtualization
and Cloud
Architectures for Business
Transformation
OVERVIEW OF CISCO’S ARCHITECTURAL APPROACH CISCO’S FY-14 TOP 5 COMPANY PRIORITIES
3
Cloud
Physical
Virtual
CISCO UNIFIED DATA CENTER HOLISTIC FABRIC-BASED APPROACH
Unified Data
Center
Compute
Network
Security Storage
Mgm’t
IT Simplicity
Financial Efficiency
Business Agility
O P E N R E S I L I E N T S E C U R E S C A L A B L E
4
CISCO UCS LEADERSHIP & MOMENTUM FASTEST GROWING PRODUCT IN THE MARKET
30,000+ UNIQUE UCS CUSTOMERS 2
Top 5 Server Vendor 1
88 world record performance benchmarks to date
3,850+ UCS CHANNEL PARTNERS
#2 WW market share in x86 blades 1
Source: 1 IDC Worldwide Quarterly Server Tracker, Q2 2013, Aug 2013, Revenue Share
Source: 2 As of Cisco Q4FY13 earnings results
More than 75% of all
customers have invested in UCS
Fortune 500
$2B+ UCS Annualized Revenue Run Rate 2
Update: March 2014
5
Best of Breed Components to Build Your Own
Reference Architecture to Integrate Building Blocks
Total Solutions that Accelerate Time to Production
CISCO UNIFIED DATA CENTER INNOVATION TAILORED TO YOUR ENVIRONMENT
VXI RISC Migration
Vblock
NAS
UNIFIED
COMPUTING
UNIFIED FABRIC
UNIFIED MANAGEMENT
Si Si
FlexPod / VSPEX
6
UCS INNOVATIONS FOR CONVERGED SOLUTIONS
Infrastructure Management
UCS Director for Infrastructure Management
UCS “All-in-One” Solution
Fabric Interconnect integration in chassis
C-Series Rack Integration
Single Wire Management
Next-Gen Servers
Ivy Bridge, Brickland & Grantley
Cisco Nexus 9000 APIC*
Application Centric Infrastructure
UCS Storage Innovations with
WHIPTAIL acquisition Flash storage next to the application
7
GILLES CHEKROUN DISTINGUISHED SYSTEM ENGINEER “ACI”
Gilles joined Cisco 19 years ago. His background is linked to IBM Mainframe
networking technologies and he started at Cisco as a Network Design Engineer. Later on, Gilles joined the EMEA
Consulting group in the IBM team and
led many projects in the financial sector.For the last 12 years, Gilles focus was Storage, SAN extension
technologies for designing and implementing Disaster Recovery Centers.He is now dedicated to Data Center
Technologies like Unified Fabric, FCoE and Unified Computing System and most importantly around Application
Centric Infrastructure fabrics. Member of the Cisco European Data Center and Virtualization Team.
In the Board of Directors of SNIA Europe (Storage Networking Industry Association) as Technical Chair.He is
SNIA Fibre Channel certified Practitioner and also VMware Certified Professional.
8
Application Centric Infrastructure (ACI)
Gilles Chekroun
Distinguished System Engineer, EMEAR DCV May, 2014
9
DATA CENTER
What is your Data Center here for ?
To run your Business Critical
Applications
10
Business Models
Service Models
Operational Models
Management Models
Consumption Models
IT’S ALL ABOUT THE APPLICATION
APP ECONOMY
CLOUD BASED SERVICES
APPLICATIONS DELIVERED
AS A SERVICE
DEV OPS INTEGRATION
APPLICATION-CENTRIC
FUTURE
Any application anywhere
Velocity and Visibility
Virtual, Physical, Cloud
Common Policy
Scale with Security
Open, Automation
Systems Approach
WEB ECONOMY
ON PREMISE IT SERVICES
IT DELIVERED AS A SERVICE
DEVELOPMENT VS.
OPERATIONS
DEVICE-
CENTRIC
TODAY
11
MARKET TRENDS
APPLICATIONS
PHYSICAL + VIRTUAL
60–80% OF WORKLOADS VIRTUALIZED
~21% OF PHYSICAL SERVERS VIRTUALIZED BY 2016
HYPERVISOR
FRAGMENTATION
Hypervisor
42% OF BUSINESSES USE MULTIPLE HYPERVISORS
PRIVATE/PUBLIC
CLOUD
Private
Cloud
Enterprise IT
Organizations
Public
Cloud
Service
Provider Cloud
CLOUD WILL ACCOUNT FOR 2/3 OF GLOBAL DC TRAFFIC BY 2016
INTEGRATED DEVELOPMENT AND OPERATIONS
OPEN RESTFUL APIS, OPEN SOURCE
Gartner survey 2013 Information Week survey 2013 IDC predictions 2013
12
A NEW OPERATING MODEL IS REQUIRED
TRADITIONAL
NETWORKING
MODEL
TODAY’S
SDN MODEL
FUTURE
MODEL
Proven and Reliable
Existing Infrastructure Model
Existing Application Model
Many Data Center today
Does not remove Complexity
Disjoint Overlay and Underlay
Multiple Management Points
Radical Simplification
Centralized Automation with Application Profiles
SW Flexibility with HW Performance
Software-Based Network Virtualization
Application Centric Infrastructure
Network of Devices
Applications will drive the network behavior and NOT the opposite
13
BUILDING BLOCKS
APPLICATION-CENTRIC INFRASTRUCTURE
APPLICATION POLICY INFRASTRUCTURE
CONTROLLER
APIC
OPEN STANDARDS OPEN SOURCE
NEXUS 9000 SERIES
INDUSTRY LEADING ECOSYSTEM
CHANGE
14
COMMON HARDWARE PLATFORM, TWO OPERATIONAL MODELS
NX-OS
Q4 2013
Existing Network Model
PROGRAMABILITY—40 GigE—PRICE/PERFORMANCE
APPLICATION CENTRIC INFRASTRUCTURE
APIC
Q2 2014
15
What is Application Centric Infrastructure ?
16
SPINE – LEAF ARCHITECTURE
APIC
PHYSICAL AND VIRTUAL
SCALABLE ARCHITECTURE
SINGLE POINT OF CONTROL
HYPERVISOR HYPERVISOR HYPERVISOR
17
APPLICATION
SECURITY
INFRASTRUCTURE
Web
Tier App
Tier
DB
Tier
Trusted
Zone DB
Tier
DMZ
External
Zone
Cloud
Application Admin
Security Admin
Network Admin
Cloud Admin
COMMON POLICY AND OPERATIONS FRAMEWORK
18
Application Admin
Security Admin
Network Admin
SECURITY
Trusted
Zone DB
Tier
DMZ
External Zone
APPLICATION
COMMON POOL OF RESOURCES
Cloud Admin
Cloud
COMMON POLICY AND OPERATIONS FRAMEWORK
19
TENANT AND APPLICATION AWARE
READ / WRITE ALL FABRIC INFO
PUBLISHED DATA MODEL OPEN SOURCE
APIC
Hypervisor Management
Automation Tools
Orchestration Frameworks
System Management
Security
ASA
OPEN ECOSYSTEM, OPEN APIS COMPREHENSIVE ACCESS TO UNDERLYING INFORMATION MODEL
Industry Standard Compliant
A Platform approach to Data Centre infrastructure
20
ACI IS EXTENDING THE INNOVATION OF UCS
Unified Management
Storage SME
Server SME
Network SME
1
Server Policy…
Storage Policy…
Network Policy…
Virtualization Policy…
Etc…
Subject Matter Experts Define Policies
2
Server Name
UUID, MAC, WWN
Boot Information
LAN, SAN Config
Firmware Policy
Policies Used to Create Service Profile Templates
Server Name
UUID, MAC, WWN
Boot Information
LAN, SAN Config
Firmware Policy
Server Name
UUID, MAC, WWN
Boot Information
LAN, SAN Config
Firmware Policy
Server Name
UUID, MAC, WWN
Boot Information
LAN, SAN Config
Firmware Policy
Server Name
UUID, MAC, WWN
Boot Information
LAN, SAN Config
Firmware Policy
3 Service Profile Templates Create Service Profiles
Associates Service Profiles with Hardware Configures Servers Automatically
4
21
DEPLOYING APPLICATIONS - THE ACI BENEFIT
Invest Time here:
Define the application communication flow
using the new language in the policy model. All IT teams have a role.
Spend NO time here:
Automatically deploy the policy, fast and consistent, with full visibility.
Define the Application Communication Policies
Provision the policy in the Fabric (fully automatic)
For virtual & Physical workloads including Network Services
DEV/App Teams
Network Teams
Security Teams
Operations Teams
Virtualization Teams
Cloud Teams
Storage Teams
22
ANY APPLICATION, ANYWHERE—PHYSICAL AND VIRTUAL COMMON APPLICATION NETWORK PROFILE
L/B APP DB F/W
L/B
WEB
APIC
HYPERVISOR HYPERVISOR HYPERVISOR
CONNECTIVITY
POLICY
SECURITY
POLICIES QOS
STORAGE
AND
COMPUTE
APPLICATION
L4..7
SERVICES
SLA
QoS
Security
Load
Balancing
APP PROFILE
23
HOW DO WE PUSH THE POLICIES?
• APIC south-band protocol called OPFLEX
• Announced at Interop Las Vegas March, 31st
• IETF Informational RFC for OPFLEX
• Open source agent supporting the protocol that can be used by any hypervisor switch, physical switch, or L4-7 device
24
OPFLEX – A FLEXIBLE, EXTENSIBLE POLICY PROTOCOL
OPFLEX is a new extensible policy resolution protocol designed for declarative control of any datacenter infrastructure. OPFLEX was designed to offer:
1. Abstract policies rather than device-specific configuration
2. Flexible, extensible definition of using XML / JSON
3. Support for any device – vswitch, physical switch, network services, servers, etc.
APIC
Opflex Agent Opflex Agent Opflex Agent Opflex Agent
Opflex Proxy
Hypervisor
Switch
Opflex Agent
Firewall
Opflex
Agent
ADC
Opflex
Agent
Legacy API
Policies
Who can talk to whom
What about
Topology control
Ops stuff
25
APPLICATION POLICY IN OPEN DAYLIGHT
Openflow, 3rd party
switches, …
ACI Fabric
App Policy REST API
Affinity Opflex OpenFlow
Goals:
• Expose policy through
ODL
• Support heterogeneous
backend environments
Note: Still very much a
work in progress!
https://wiki.opendaylight.org/view/Project_Proposals:Application_Policy_Plugin
26
FULL APPLICATION VISIBILITY A SINGLE VIEW OF YOUR APPLICATION IN A DISTRIBUTED ENVIRONMENT
Cisco Confidential
HEALTH SCORE
LATENCY
DROP COUNT
VISIBILITY
VMs
Physical
Application Delivery Controller
Firewall
26
96%
Microsecond(s)
Packets Dropped
5
25
7
3
27
APPLICATION CENTRIC
INFRASTRCUTURE
APPLICATIONS ARE TIGHTLY
COUPLED TO THE NETWORK
MAKING NETWORKS SIMPLE IS NOT SIMPLE
Multicast Multi-Pathing and Fast Reroute
No Legacy Layer 2 Operations
Integrated Security Policies and Mobility
Centralized Visibility and Automation
Optimized Forwarding
No Flooding
F/W DB DB
Decouple Application from Infrastructure
APIC
Application Profile and Policy
F/W F/W F/W
STORAGE STORAGE
WEB DB APP
10,000s ACLs
Separate for Physical and VMs
Inefficient Forwarding
Excessive Protocols
Multicast Limitations FHRP VPC STP
Default Gateway Default Gateway
28
SCALABILITY BUILT FOR THE GROWING COMMERCIAL ENTERPRISE TO THE LARGEST MSDC
1 MILLION IPV4 / IPV6 END POINTS
64,000 TENANTS
PORTS
APIC
55296 44652 35860 27648 22584 18632 13824 11592 8598 6912 5260 4854 3456 2268 1286 288
8K MULTICAST GROUPS (PER LEAF)
60 TBPS CAPACITY (PER SPINE)
576 40G PORTS WIRE-RATE (PER 16 SLOT SPINE)
29
100 150 200 250 300
ACI
Traditional Network
Time (s)
Case Study – Big Data Analytics
Based on common network load and link failure scenarios
INNOVATION DRIVING APPLICATION PERFORMANCE
Congestion Management
60% 60%
90%
Network Innovations
Dynamic Load Balancing
Dynamic Packet Prioritization
30% reduction
in application
completion time
Network Utilization
30
VXLAN
VNID = 5789 VXLAN
VNID = 11348
NVGRE
VSID = 7456
Any to Any
802.1Q
VLAN 50
Normalized
Encapsulation
Localized
Encapsulation
IP Fabric Using
VXLAN Tagging
Payload IP VXLAN VTEP
• All traffic within the ACI Fabric is encapsulated with an extended VXLAN (eVXLAN)
header
• External VLAN, VXLAN, NVGRE tags are mapped at ingress to an internal eVXLAN tag
• Forwarding is not limited to, nor constrained within, the encapsulation type or
encapsulation ‘overlay’ network
• External identifies are localized to the Leaf or Leaf port, allowing re-use and/or translation
if required
Payload
Payload
Payload
Payload
Payload
Eth
IP VXLAN
Outer
IP
IP NVGRE Outer
IP
IP 802.1Q
Eth
IP
Eth
MAC
Normalization of Ingress
Encapsulation
ACI FABRIC – INTEGRATED OVERLAY • Multi-Hypervisor Encapsulation Normalization
31
INNOVATIONS IN HW, SW, ASICS AND SYSTEMS
NEXUS 9000
PRICE POWER EFFICIENCY PROGRAMMABILITY PORT DENSITY PERFORMANCE
PRICE COST STRUCTURE for 1G to 1/10GT and 10G to 40G migration
PERFORMANCE INDUSTRY LEADING PRICE / LINE CARD BANDWITH 1.92 Tbps per slot 100G ready
PORT DENSITY 20% HIGHER 36 Port 40 Gig Non-blocking Density
PROGRAMMABILITY JSON/XML API Linux Container for customer apps
POWER EFFICIENCY STATE OF THE ART BACKPLANE FREE DESIGN 15% greater power and cooling efficiency
MERCHANT+ ASIC APPROACH Innovation in Cisco ASICs
32
WHAT IS THE ACI POLICY MODEL? EXPLAINING THE NEW THROUGH THE EXPERIENCE OF THE PAST
POLICY AND THE NETWORK
34
POLICY AND THE NETWORK • What is network policy?
34
Permit Deny
Log
Redirect Mark
Basic Network Policy
SLA Policy
QoS Availability
L4-7 Services
SLB Firewall
IDS IPS
SSL
Offload WAF
Network policy involves all of the rules required for end-to-end application connectivity.
35
POLICY AND THE NETWORK • Application language barriers
35
Developers
Application
Tiers
Provider /
Consumer
Relationship
s
Infrastructure Teams
VLANs
Subnets
Protocols
Ports
Developer and infrastructure teams must translate between disparate languages.
36
Requirements Requirements Requirements
CURRENT NETWORK CHALLENGES
Business demand
for a new App
Web
Developer
App
Developer DBA
Requirements Requirements Requirements
Compute Team Storage Team Network Team
Infrastructure Team
37
CURRENT NETWORK CHALLENGES
Security Services Routing
Web VLAN App VLAN DB VLAN
Web Subnet App Subnet DB
Subnet
Layer
4-7
Layer
3
Layer
2
Layer
1
38
POLICY AND THE NETWORK • Simple Changes Cause Big Implications
38
192.168.10.100 10.10.10.201
Intended IP change Unintended policy change requirements
Changes at any layer of the stack have effects throughout the WHOLE stack.
DEFINING APPLICATION LOGIC THROUGH POLICY
40
DEFINING APPLICATION LOGIC THROUGH POLICY
• The Provider / Consumer Relationship
40
Users
Consumes Web Services
Web Farm
Provides Web Services
Consumes App Services
App Servers
Provides App Services
Provider consumer relationships define application connectivity in application terms. All objects can provide, consume, or both.
41
DEFINING APPLICATION LOGIC THROUGH POLICY • Contracts for Policy
41
Contracts are used to define relationships.
42
DEFINING APPLICATION LOGIC THROUGH POLICY • Defining Provider Consumer Relationships
42
DB Farm
43
DEFINING APPLICATION LOGIC THROUGH POLICY
• Defining Provider Consumer Relationships
43
DB Farm
44
DEFINING APPLICATION LOGIC THROUGH POLICY
• Defining Provider / Consumer Relationships
44
DB Farm
45
DEFINING APPLICATION LOGIC THROUGH POLICY
• Simple Changes Remain Simple
45
192.168.10.100 10.10.10.201
Intended IP change
Policy remains the same independent of
end-point change
Changes at any layer of the stack are independent of one another.
ACI FABRIC LOGICAL CONSTRUCTS
47
VM
VM
…
VM
VM
…
SR
V
SR
V
…
web app db
applic
ation
The
Outside
a collection of end-
points connecting to
the network… VMs, NIC
cards, …
Component Tier
End Point Group
a set of network requirements
specifying how application
components communicate with
each other
Contract Access Control
QoS
Network Services
rules of how application
communicates to the
external private or public
networks
App Network Profile application-centric network policy network Virtual Patch Panel
48
EXAMPLE: THREE-TIER APP
EPG WEB EPG APP EPG DB
NW Public
NW Private
subnet
subnet
pro
vid
e
pro
vid
e
pro
vid
e
provide provide provide
infra shared services (DNS-AD…)
consume consume consume
L3 context bd bd bd
web b
und
le
java b
und
le
sql b
und
le
mgmt bundle
Outside consume consume
consume
consume
49
ACI LAYER 4 - 7 SERVICE INSERTION CENTRALIZED, AUTOMATED, AND SUPPORTS EXISTING MODEL
• Elastic service insertion architecture for
physical and virtual services
• APIC as central point of network control
with policy coordination
• Automation of service bring-up / tear-down
through programmable interface
• Service enforcement guaranteed,
regardless of endpoint location
Web
Server
App Tier
A
Web
Server
Web
Server
App Tier
B
App
Server
Chain
“Security 5”
Policy Redirection
Application
Admin
Service
Admin
Serv
ice
Gra
ph
begin end Stage 1 …..
Stage N
Pro
vid
ers
inst
inst
…
Firewall
inst
inst
…
Load Balancer
……..
Se
rvic
e P
rofile
“Security 5” Chain Defined
50
APPLYING LOGICAL MODEL TO PHYSICAL MODEL TODAY
• Configure VLANs on each switch
• Configure VRF on both Aggregation switches
• Create an IP address on each, configure HSRP
• Configure VLANs on each link
• Put ACLs on each switch
• Maintain VLAN Server / Tenant Mapping
50
Physical Network Logical Configuration
VLAN segments
VRFs
Entities that need to be configured and maintained
consistent
51
MAINTAIN THE LOGICAL CONFIGURATION ON A LARGE INFRASTRUCTURE IS COMPLEX
• The number of configuration points increases
• Maintaining VLAN trunking / VRF mappings on a large infrastructure is error prone
• Time to deploy and maintain the logical topology?
• What if you want to remove this configuration?
52
CONFIGURING THE SAME CONNECTIVITY WITH ACI
[…]
<fvCtx name="customer1"/>
<fvBD name="customer1-BD1">
<fvRsCtx tnFvCtxName="customer1" />
<fvSubnet ip="10.1.1.1/24" scope="private"/>
<fvSubnet ip="20.1.1.1/24" scope="private"/>
[…]
<fvAEPg name="FrontEndNetwork”>
</fvAEPg>
<fvAEPg name=”BackEndNetwork”>
</fvAEPg>
Push it to APIC
Done
53
TIME TO DEPLOY THE TOPOLOGY? COUPLE OF SECONDS
• Where is my VLAN?
It’s a name:
<fvAEPg name="FrontEndNetwork”>
No need to maintain VLAN numbering
• Where are my subnets?
They are just a list, no need to create multiple interfaces:
<fvSubnet ip="10.1.1.1/24" scope="private"/>
<fvSubnet ip="20.1.1.1/24" scope="private"/>
• Where is HSRP and VRRP?
Not needed
• How do I map this configuration to all the switches?
Not needed, just send it to one of the APIC servers
• How do I send it?
With REST calls via a script that you can run on your PC
53
54
END RESULT
54
End point Groups
Subnets
It doesn’t matter where workloads are, the “policy” stays the same
Border Leafs
55
APIC DEMO
55
