Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)
-
Upload
pivotal -
Category
Technology
-
view
105 -
download
2
description
Transcript of Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)
Cloud = Application Enablement + Innovation ≠ IaaS
Ken Owens, CTO, Cisco Cloud Services
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud ≠ IaaS
•Complexity•Commodity•Focus
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why Compromise?
•Would you fly in this?
• Scale• Reliability• Security
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Platform for Enablement & Agility
•Leverage ready built components
•Applications are not VM Templates
• Configuration Management tools are Complex & Brittle
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud = Application Enablement + Innovation
• Service-oriented architectures and APIs aren’t new ideasArt to building platforms comprised of loosely coupled services
• Its all about the Data, Data Virtualization, & Data MobilityBuilding multi-tiered data architectures that assume scale and unstructured data
• Data Centers and cloud providers become an interconnected and federated platform of deployable services and containers that are distributed and loosely coupled
• Open-Source is mainstream, driving innovation, and now is its 4th generation of tools to tackle scalability, performance, and diagnostics
• Devops is no longer shadow IT, it is the way for application development, integration, and deployment - Period
Cisco Use Cases
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Guiding Principles
• Open standard foundational cloud platform
• Services building blocks at all layers of the stack to enable developers
• Everything available “as a Service” through both APIs and UI
• Single platform across all Data Centers– Continuous deployment model– Any app deployable to any DC globally
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Collaboration
• All Development on Openstack, Cloud Foundry, and Openshift
• Model– Application Independent– Application Integrated– Application Containerized
• Cloud Foundry– Abstracting application deployment,
health checking, application routing, and monitoring
– Partnerships and Ecosystem are key to enabling innovation
– Flexibility• Test, try, fail, pivot
• BOSH– Does not work in all providers– CF is just another app
9
ACI - GROUP-BASED POLICY ACROSS OPENSTACK
Any existing network plugin
ACI Fabric
Compute Networking Storage
Dashboard Automation
Group-Based Policy Model Extensions
Neutron Subgroup Members
GROUP POLICY MODEL
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 10
Controller
Datastore
Deny 10.0.0.0/8
Network .Element 2
Datastore
Inter-Object Consistency RulesVerifying the Domain in Real Time
• Small consistency applications to verify status and values of specific objects
• Built on OpenDaylight MD-SAL• Object change invoked → NOT polling based
• Can cover multiple types of misconfiguration• CLI/programmatic errors• Multiple controllers thrashing on a shared
object
RulesEngine
Deny 10.0.0.0/8
Datastore ACL
Allow 10.1.0.0/16
Node
Deny 10.0.0.0/8
Change made here
Datastore
Allow 10.1.0.0/16
Deny 10.0.0.0/8
NE 2
Running Config
Domain Policy
No Private Subnets
Network
ACL
NE 1
Running Config ACL
Deny 10.0.0.0/8(Mounted)
Mount Client
Mount Server
• Can support customer specific consistency rules
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 11
Controller
DatastoreDatastore
Network .Element 2
Datastore
Inter-Object Consistency RulesAutomated Domain Reconciliation in Real Time
• Which rule has precedence?
RulesEngine
ACL Allow 10.1.0.0/16
Node
Deny 10.0.0.0/8
Deny 10.0.0.0/8
NE 2
Running Config
Domain Policy
No Private Subnets
Network
ACL
NE 1
Running Config ACL
Deny 10.0.0.0/8 Allow 10.1.0.0/16(Mounted)
Mount Client
Mount Server
With a Rules Engine, the self repair is possible.
• Open Source Rules Engines & Tools can be applied for Domain or Device
Existing DevOps Applicable from Web 3.0
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 12
Inter-Object Consistency RulesVerifying & Reconciling Network Elements in Real Time
• Auto-discovery of link, group, or area misconfigurations. No controller necessary.
Network .Element 2
Network .Element 1
RulesEngine
Datastore
1500
Datastore
1500
Datastore
CLI Change made
DatastoreNE 1
Running Config Ethernet 1
Frame Size 1500 Frame Size
NE 2
Running Config Ethernet 2
Frame Size
NE 2
Running Config Ethernet 2
Ethernet 1 Ethernet 2
JumboJumbo
• Options• Automated error correction• Automated change propagation• Custom resolution
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 13
Data CenterController
Datastore
Deny 210.51.109.0/24
Domain Rules
Engine
Datastore
Network Wide RulesNetwork
NE (South Korea)
Allow from China Netcom
Asserted ConfigAllow 210.51.0.0/16
SP WANController
DatastoreNetworkElement(South Korea)
Deny 210.51.109.0/24
Datastore
Datastore
Deny 210.51.109.0/24
Network Wide RulesNetwork
NE (South Korea)
Drop any North Korean traffic in South Korea
Asserted ConfigDeny 210.51.109.0/24
Domain Rules
Engine
Datastore
Communicating Rules SystemInterplay of Centralized and Distributed Conflict Resolution Logic
Data CenterPolicy Domain
SP WANPolicy Domain
Allow 210.51.0.0/16
Allow 210.52.0.0/16
Deny 210.52.190.0/24
Asserted Config
Running Config
Device Rules
Engine
Running ConfigAllow 210.51.0.0/16
Running ConfigAllow 210.51.0.0/16
• Device logic can mediate between controllers with conflicting Intent
• Pushing the reconciliation to the right place
• Overlapping controller domains will need reconciliation logic
Click to see above implemented with Web 3.0 tools
© 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 14
NetworkElement
(USA)
Device Rules
Engine
Communicating Rules SystemInterplay of Centralized and Distributed Conflict Resolution Logic
Data CenterPolicy Domain
SP WANPolicy Domain
• All Intents may be met automatically even when some config fails
• Domain logic can react to Device logic, finding alternative ways to meet intent
Data CenterController
Datastore
Domain Rules
Engine
Network
NE (South Korea)
Allow from China Netcom
AssertedAllow 210.51.0.0/16
SP WANController
DatastoreNetworkElement(South Korea)
Deny 210.51.109.0/24
Datastore
Deny 210.51.109.0/24
Network Wide RulesNetwork
NE (South Korea)
Drop any North Korean traffic in South Korea
Asserted ConfigDeny 210.51.109.0/24
Domain Rules
Engine
Deny 210.52.190.0/24
Asserted Config
Running Config
Device Rules
Engine
Running
Running Config
Deny 210.51.0.0/16
Click to see above implemented with Web 3.0 tools
Datastore
Allow 210.51.0.0/16
Allow 210.52.0.0/16
Asserted Config
Running ConfigAsserted
Allow 210.51.0.0/16 Running
Allow 210.51.0.0/16
Allow 210.52.0.0/16NE (USA)
• Zero Touch Reconciliation
Thank you.