Cisco Controller Strategy
-
date post
21-Oct-2014 -
Category
Technology
-
view
745 -
download
2
description
Transcript of Cisco Controller Strategy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1Cisco Confidential 1C97-708996-00 © 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Controller Strategy
Tae Hwang, CCIE #5135 (RS and Voice), CISSP
Customer Solutions Architect
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2Cisco Confidential 2C97-708996-00 © 2012 Cisco and/or its affiliates. All rights reserved.
SDN Introduction and Hybrid Mode
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Basic Definitions
What Is Software Defined Network (SDN)?
“…In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications…”
Source: www.opennetworking.org
What is OpenStack?
Opensource software for building public and private Clouds; includes Compute (Nova), Networking (Quantum) and Storage (Swift) services.
Source: www.openstack.org
What is Overlay Network?
Overlay network is created on existing network infrastructure (physical and/or virtual) using a network protocol. Examples of overlay network protocol are: MPLS, LISP, OTV and VXLAN
What Is OpenFlow?
“…open standard that enables researchers to run experimental protocols in campus networks. Provides standard hook for researchers to run experiments, without exposing internal working of vendor devices…”
Source: www.opennetworking.org
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Industry Landscape: Sample Vendor DeploymentsHow to program across any device, any layer, any service?
Apps
Controller
OpenFlowDevice
Device w/OpenFlow
Device
Apps Apps
APIs
Network Network
Cisco Approach : Flexibility to choose - The Power of “AND”
Physical and Virtual
Virtual Overlay
OtherAgents
Vendor A Vendor B Vendor C
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
a
Announcing : Cisco Open Network EnvironmentProgrammabe, Flexible, and Application Aware
OPEN NETWORK ENVIRONMENT
Industry’s Most Comprehensive Networking Portfolio
Hardware + Software Physical + Virtual Network + Compute
Network
PlatformAPIs
Controllers and Agents
Virtual Overlays
Applications
onePKXNC, APIC, APIC EMOpenFlow, ACI
N1KV Enhancements
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Innovation Manageability
onePK – “Deep Programmability”
App
CJava
IOS
Events
AppEEM (TCL)Actions
Routing
Data Plane
Policy
Interface
Monitoring
Discovery
CLI
AAA
SNMP
HTML
XML
Syslog
Span
Netflow
CDP
Routing Protocols An
yth
ing
yo
u c
an
th
ink
of
Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 7
App=QoS
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
App=DDoS App=BGP_LS
Simple Packet Forwarding Hardware Simple Packet
Forwarding Hardware
Network Operating System = OpenFlow Controller
1. OpenFlow
Understanding Controller Approach – SDN “Re-factoring” McKeon’s View
7
FlowTable
FlowTable
FlowTable
FlowTable
FlowTable
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
OpenFlow Basics Flow Table Entries – Beyond Destination MAC or IP
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
L4sport
L4dport
Rule Action Stats
1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Send to normal processing pipeline4. Modify Fields5. Any extensions you add!
+ mask what fields to match
Packet + byte counters
8
VLANpcp
IPToS
[OpenFlow is just a forwarding table management protocol]You have to have an app to tell OpenFlow what to program on the table
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
OpenFlow Controller Provides Topology (Map) to NB Applications
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Emerging Hybrid Model
Controller
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11Cisco Confidential 11C97-708996-00 © 2012 Cisco and/or its affiliates. All rights reserved.
Cisco eXtensible Network Controller (XNC) &OpenDaylight
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Cisco Extensible Network Controller (XNC)Industry’s Most Extensible Controller Architecture based on OpenDaylight
REST
Core Functionality
Cisco Advanced Functions
Cisco Apps Customer Apps ISV Apps
Network Infrastructure
JAVAMore
Coming
onePKOpenFlow MoreComing
Open Src Apps
Extensible, Modular Architecture
Core developed on OpenDaylight
Advanced Functionality for Production Deployments::
Applications
Extensibility allows the Controller to support a wide variety of use cases with topology-specific Apps and south-bound plug-ins
Monitor Manager
Transit Selection
Network Slicing
• Advanced Flow Management
• Flow Based Troubleshooting
• Role Based Authentication
• onePK Support
• Scalabilty
• Advanced GUI
• Cisco TAC support
Service Abstraction Layer (SAL)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Southbound APIs
Physical and Logical Topology Manager
Device Manager
Host Tracker ARP Handler
Forwarding Rules Manager
Dijkstra SPF L3 Interface
Advanced Infrastructure
Java B
un
dle
H/A
NETWORK DEVICES
OF 1.xOnePK*
Troubleshooting
Comprehensive Production Network
SupportIntegrated Slicing and
Custom Forwarding
Advanced GUI with Extended Features
Cisco eXtensible Network Controller ArchitectureBased on Java OpenDaylight
Service Abstraction Layer (SAL)
Dynamic Protocol Plugins
Advanced Analytics and Services via Cisco Intelligence
Authentication Monitor Manager
Topology Independent Forwarding (TIF)
Controller Applications
Slice Manager
Advanced Components
Cisco GUICisco XNCNorthbound APIsOSGI RESTful
Cisco Sourced Customers 3rd Parties
Network Applications
Expansion of Services from OD
Code Base
*onePK Plugin will be available post XNC 1.0 GA
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Controller Use Cases
Network Segmentation(a.k.a. Slicing)
Network Partitioning at higher levels of granularity
Topology Independent Forwarding(Traffic Steering)
Per Flow Control Static or dynamic creation of
business rules using a variety of parameters
Policy based approach of mirroring production traffic to
analysis tools with off-the-shelf switches
Network Tapping( Matrix switch use case)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Implementing Basic Transit SelectionUtilizing Topology Independent Forwarding
Next Migration Step After Monitor Manager
Simple Forwarding Rules for efficient WAN link Utilization
SITE 1 SITE 2
HTTP Request HTTP Request
PUBLIC
EdgeRouters
CAMPUS / INTERNAL
OpenflowOpenflow
Cisco XNC
Transit Selection
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Co
ntr
oll
er
Ap
pli
cati
on
sC
on
tro
ller
In
fra
Su
pp
ort
ed D
evic
es
Monitor Manager Topology Independent Forwarding Network Slicing
Cisco XNC Roadmap
OpenDaylight Components• Modular architecture based on OSGi• Northbound API
RESTful API JAVA OSGi
Cisco Extensions• Advanced Troubleshooting• Integrate with external AAA system for RBAC• Secure communication using HTTPS and TLS• High Availability using Active-Active
clustering• User Interface
• Web based GUI
Protocol Plugins OpenFlow 1.0
Devices supported Nexus 3000 Catalyst 6500 (EFT/POC) Catalyst 3850 (EFT/POC) ASR 9000 (EFT/POC) Nexus 7000 (EFT/POC)
XNC 1.0 (Available Now) XNC 2.0 (In Planning) XNC 1.5 (Targeted Jan 2014)
• Monitor Manager Enhancements Q-in-Q support GUI/Usability Enhancements Slice aware
• Hosting support in Nexus 3000/3100 LXC container
• Virtual Patch Panel• Inter-DC traffic load balancing
• Improved scalability and Performance• Topology visualization enhancements• TLS Support for onePK plugin• GUI Enhancements for scaling• Usability enhancments
Protocol Plugins added Cisco onePK OpenFlow 1.3 plugin (EFT/POC)
Added Device Support Nexus 3100
• High Resolution – Latency Based Forwarding• Physical + Virtual + Service Chaining• Integration with SP Controller• BigData/Hadoop related use cases• Integration with Openstack• Coordinated Threat Control
OpenDaylight Components• Migrate to Hydrogen release code base• Model Driven SAL
Cisco Extensions• New UI framework• GUI Enhancements• Usability enhancments
Protocol Plugins added OpenFlow 1.3 , PCEP/BGP-LS, OVS-DB, NetConf,
SNMP CLI
Added Device Support Nexus 3548, 5000, 6000, 7000 Nexus 9000 (Investigating) ASR 9000 Catalyst 6500 Catalyst 3850
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Cisco XNC: Web Interface LayoutTabs based on functionality and/or
applications
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Network Slicing Screenshot Slice specific NetworkView
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Topology Independent Forwarding: custom property policy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
What is Project Daylight?Daylight is an open source project formed by industry leaders and others under the Linux Foundation with the mutual goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common vendor supported framework.
Platinum Gold Silver
10 full-time DevelopersCisco – 20 Developers!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
OpenDaylight Controller: OpenSource Approach
Pre-Hydrogen Release
Beyond OF – i.e. Openstack Plugin using OVSDB
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22Cisco Confidential 22C97-708996-00 © 2012 Cisco and/or its affiliates. All rights reserved.
Application Policy Infrastructure Controller (APIC)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Industry Trends
New operational models are driving the need for infrastructure change.
DevOps
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Expanding to multiple network services …Complex
Web VLAN App VLAN DB VLAN
Web Subnet App SubnetDB
Subnet
Security Services Routing
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Architecture for a Better Infrastructure
Start with Better infrastructure
Open Policy Driven Infrastructure
EfficiencyScaleTelemetry
Policy Based Forwarding
Service InsertionOptimizationApp Awareness
Build a Fabric (Nexus 9000)
Unified API – Unified Information Model (RESTful XML/JSON API)
Hypervisor Network Services
ASA
Network Management, Automation, Orchestration
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
ACI Introduces Logical Network Provisioning of Stateless Hardware with Application Network Profile (ANP)
ACI FabricNexus 9000 based
Non-Blocking Penalty Free Overlay - eVXLAN
App DBWeb
Outside(Tenant VRF)
QoS
Filter
QoS
Service
QoS
Filter
Application Policy Infrastructure Controller
APIC
Common Policy, Management, and Operations Framework
High Level Policy Driven rather than programming (JAVA, C, Python..).APIs are also provided integrating OpenStack and so on
Policy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27Cisco Confidential 27C97-708996-00 © 2012 Cisco and/or its affiliates. All rights reserved.
Application Policy Infrastructure Controller (APIC) Enterprise Module
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
EnterpriseApplications
APIC Enterprise Module 1.0 – Formerly known as “ENG” Controller
SAL
REST APIs
EnterpriseServices
Inventory andState
Identity andLocation
ApplicationAwareness
PolicyManagement
QoS
ReservedZTD
ACL
Elastic Infrastructure
CLIOpenflow
Advanced Topology ManagementENG ControllerServices for Day0/1
ApplicationsDay0/1
Applications
AddressesLow Programming
Tolerance
Addresses Brownfield
Support
AddressesScale Out
Requirements
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Enterprise ApplicationsRelease 1.0QoS Manager
Utilizes QoS policy templates as inputs to provide network view for interrogation, analysis, compliance, and policy change management
ACL ManagerEnables inspection, interrogation and analysis, and ACL change management including
identification of conflicts and shadow ACLs.
ZTDEnables any network device located anywhere in the network that with a recognizable IP
address to be configured remotely
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32Cisco Confidential 32C97-708996-00 © 2012 Cisco and/or its affiliates. All rights reserved.
Other Controllers
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Control Plane – The Progression in the WAN• Simplest Form – Control Planes (CP) leverages signaling to automate what is done manually
today.
• Independent IP/MPLS CP• Independent Optical CP – WSON• Wall separating layers• No real information sharing
PMO
• Remove the Wall• Leverage Layered CP• Insert ML Signaling via UNI• Share Relevant Layered Info
Multi Layer CP (nLight)
• Centralize CP• Leverage Layered CP• Application Driven rather
then human driven• Global View
SDN
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Virtual Overlay Networks – ”Simple Programmability”Scalable Multi-tenant Cloud Infrastructures – foundation for Secure Hybrid cloud
Nexus 1000V
OpenStack Quantum API REST API
Any Hypervisor
Tenant 1
Virtual Services
vWAAS
VSGASA 1KV
Tenant 3
ASA 55xx
Physical Workloads
Physical (VLAN) Network
VXLAN Gateway
Secure Consistent Experience Across Physical and Virtual Environments
Virtual Workloads
Tenant 2
Nexus 1000V enhancements
• Multi-hypervisor: VMware, Microsoft,
Citrix, RedHat
• OpenStack/REST API
• VXLAN Gateway
VXLAN, vPath
vRouter, Intercloud
*N1K VSM – Controller?
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
FABRIC
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Summary• Cisco continually supports Hybrid OpenFlow architecture through XNC and
OpenDaylight (OpenSource) Controllers.
• Cisco onePK API is supported through XNC and APIC EM (future).
• Insieme Application Policy Infrastructure Controller (APIC) provides “high level policy” driven architecture where “high level policies” are applied to the Fabric seamlessly through APIC. APIC provides various North and Southboud APIs for rich programmability. OpenFlow is on the roadmap for a Southbound API
• APIC EM provides easy applications on the network such as QoS, ACL configuration and management throughout the network.
• Controller technology is evolving throughout the whole Cisco. Network/Fabric will provide network information in order for controllers to make intelligent decisions.
• Question – Can you describe the difference between SNMP and Controller approach?
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37Cisco Confidential 37C97-708996-00 © 2012 Cisco and/or its affiliates. All rights reserved.
Thank You