Networking Field Day 11 Presentation

Big Switch Networks Welcomes NFD11

AGENDA

2

15 min NFD 11 – Welcome to Big Switch Kyle Forster

30 min

15 min

Big Monitoring Fabric

Demo: BMF Intro & Analytics

Rob Sherwood

Syed Ghayur

15 min

15 min

Big Monitoring Fabric (Inline)

Demo: BMF Intro & Analytics

Rob Sherwood

Syed Ghayur

30 minBig Cloud Fabric 3.5 Updates

Demo: Big Switch LabsRob Sherwood

(c) 2016, BIG SWITCH NETWORKS, INC.

Introduction

Do you ?


Hyperscale data center designs for enterprise and service provider use

4

WHAT ARE HYPERSCALE PRINCIPLES?


Bare MetalSwitch Hardware

SDN Software

Modern Architectures (e.g. Core-and-Pod Design)

5

HYPERSCALE DATA CENTER R&D LEADERSHIPSDN data center fabrics, advanced pod design

6 (c) 2016, BIG SWITCH NETWORKS, INC.

BIG SWITCH PRODUCTSSDN software for bare metal switch hardware


BIG MONITORING FABRICJointly developed with Microsoft as Project DeMON

BIG CLOUD FABRICInspired by Google’s Project Andromeda

BIG MONITORING FABRIC - INLINEJointly developed for Fortune 10 co as their NG DMZ

WHY ARE WE SO EXCITED?

8

Averaged almost 40% QoQ growth through ’14 and ‘15

$0.0m

$1.0m

$2.0m

$3.0m

$4.0m

$5.0m

$6.0m

$7.0m

$8.0m

Q114 Q214 Q314 Q414 Q115 Q215 Q315 Q415 FY16

Current Board Plan

2014/15 Actual

168%

47%31%

40%

24%

55%

• 5 out of 10 largest SPs• 3 out of 10 largest Tech• 2 out of 10 largest Fin Svcs• $48.5M C Round


BCF: “ONE BIG SWITCH” METAPHORIntuitive for networking professionals to build scale-out CLOS fabrics

9

Traditional Chassis Pair

BACKPLANE

SUPERVISOR(S)

LINE CARD(S)LINE CARD

LINE CARD

LINE CARD

LINE CARD

LINE CARD

SUPERVISOR 1

LINE CARD

LINE CARD

LINE CARD

LINE CARD

LINE CARD

SUPERVISOR

BIG CLOUD FABRIC

CONTROLLER

1 3

SPINE SWITCHES

2 41 32 4

COMPUTE WORKLOAD

SERVICES & CONNECTIVITY

COMPUTE WORKLOAD

LEAF SWITCHESLINE CARD

LINE CARD

LINE CARD

LINE CARD

LINE CARD

SUPERVISOR

LINE CARD

LINE CARD

LINE CARD

LINE CARD

LINE CARD

SUPERVISOR

BAC

KPLA

NE

BAC

KPLA

NE


BIG MONITORINGFABRIC

CONTROLLER

BMF: “ONE BIG SWITCH” METAPHORIntuitive for networking professionals to build scale-out monitoring fabrics

10

Network Packet Broker

LINE CARD

LINE CARD

LINE CARD

LINE CARD

SUPERVISOR 1

LINE CARD

LINE CARD

LINE CARD

LINE CARD

SUPERVISOR

LINE CARD

LINE CARD

LINE CARD

SVC CARD

SUPERVISOR

LINE CARD

LINE CARD

LINE CARD

SVC CARD

BAC

KPLA

NE

BAC

KPLA

NE


1

CORE

21 2

PRODUCTION TAP AND SPAN PORTS

TOOL FARM SERVICE NODES

ACG RESEARCH STUDY OF BIG CLOUD FABRIC

Workflow 8 Rack OpenStack Pod 16 Rack VMware Pod

Current BCF Current BCF

5 yr CapEx (HW/SW) $938k $492k $1,537k $805k

Segmented Application Deployment 16x Faster 16x Faster

Initial Set-Up 8x Faster 8x Faster

LAG/Fabric Formation 12x Faster 18x Faster

Software Upgrade 20x Faster 30x Faster

Connectivity Troubleshooting Time 12x Faster 12x Faster

Pod Expansion 12x Faster n/a

“Simply More Efficient”

11 (c) 2016, BIG SWITCH NETWORKS, INC. Detailed whitepaper available.

OpenStack Secure Cloud Services

Monitor TurboTax traffic for Tax Year 2014

OpenStack + VMware + Campus Monitoring

Pervasive Monitoring across 22 Data Centers

Industry’s Largest NFV Deployment To DateTier-1 US Carrier

Large Scale (Very) Private OpenStack CloudUS Federal Gov’t

Monitoring 4G/LTE Networks5 APAC Telcos

VMware Desktop-as-a-Service Pod

(c) 2016, BIG SWITCH NETWORKS, INC. 12

HEARD ON SITE

13

”Why Big Switch over Cisco? Ease of installing and managing the fabric.” –Chief Network Architect, Fortune 500 Insurance Company

“Fast, Flexible.” -VP DC Infrastructure, Large Credit Card Company

“When we began evaluating the various approaches to SDN, we evaluated Big Switch and Cumulus Networks. The cost savings inherent in the white-box model were attractive… Big Switch ultimately won the deal…due to its architecture; [this] takes the guesswork out of how to order and implement SDN.” - CEO, European Cloud Hosting Company

“Why Big Switch vs Cisco? Very easy, we don’t need specialists to operate Big Switch. Cisco ACI does not reduce complexity; we still need specialists..” – Architect, Fortune 50 Bank

“I was able to showcase the dashboard and analytics to the ops directors… The software is extremely intuitive and versatile which made the design implementation team happy… The system design is definitely one of the strongest options we have seen to date.” -Principal Engineer, Tier-1 US Carrier


Big Monitoring FabricEnabling Pervasive Security


ROB SHERWOOD

CTO

BIG SWITCH NETWORKS

EVERY ORGANIZATION NEEDS PACKET MONITORING...

15

Application Performance

Monitoring

Network Performance

Monitoring

Security Monitoring

Traffic Analytics / Recorders

Customer Experience Monitoring

TOO

LS

Lawful Intercept

Billing Verification

But where do you attach the tools?

“Everywhere” is too expensive.


NETWORK MONITORING EVOLUTIONCurrent Generation à Modern SDN-based Approach


SECOND GENERATION ARCHIITECTURE

SPAN

SPAN

TAP 1/10G

TAP 1/10G

NPB

NPB

NPB

THIRD GENERATION – SDN ARCHITECTURE

Control Network

BSN NPB

Whi

te-b

oxBa

sed

Scal

able

Fab

ric

1/10/40/100 GE Tool Farm

Packet Services

Big Mon Controller

SPAN

SPAN

TAP 10/40G

TAP 1/10G

Monitored Traffic

16

USE CASE 1: PERVASIVE SECURITY / TAP EVERY RACK

CentralizedTool Farm


Tier-1 US Financial Services Institution• Centralized tool farm for 120 racks• Mix of 1GE, 10GE and 40GE taps and tools• Re-used legacy NPBs as ‘service nodes’

17

CentralizedTool Farm

USE CASE 1: PERVASIVE SECURITY/TAP EVERY RACK


(actual customer diagram)

Tier-1 US Financial Services Institution

USE CASE 2: MOBILE / LTE NETWORK MONITORINGEnabling Advanced Monitoring for Mobile Core Networks


SPAN SPAN

4G(eNode B)

RAN MOBILE CORE / DATA CENTER

3G

S5/S8S1-U

S12

SGi

TA

P

TA

P

TA

P

TA

P

SPAN

TA

P

TA

PSPAN

S-GW P-GW

NPB

MONITORING FABRIC

NPB

Big Tap Controller

Tier-1 Mobile Service Providers in Japan• Scale-out Deployment: 1K+ Taps, growing to 5K+ • Support for matching multiple 3G/4G/LTE protocols• Load Balance traffic to multiple tools (3rd party/Internal)

19

USE CASE 2: MOBILE / LTE NETWORK MONITORINGEnabling Advanced Monitoring for Mobile Core Networks


SPAN SPAN

4G(eNode B)

RAN MOBILE CORE / DATA CENTER

3G

S5/S8S1-U

S12

SGi

TA

P

TA

P

TA

P

TA

P

SPAN

TA

P

TA

PSPAN

S-GW P-GW

NPB

MONITORING FABRIC

NPB

Big Mon Controller

Flexible & Deeper Packet Matching§ Policies based on Tunnel

End-point ID (TEID), GTP version, SCTP port number, etc.

§ Match inner headers of encapsulated packets like VXLAN, MPLS... (up to 128 bytes)

§ Replicate and load balance traffic to any tool

20

USE CASE 3: REMOTE DATA CENTER MONITORINGExtending a tool farm to taps in remote locations


NPB

FILT

ER

PORT

S

DEL

IVER

Y P

ORT

S

SERVICE PORTS

MONITORING FABRIC VISIBILITY TOOLS

NETWORK PERF MONITORING

APPLICATION PERF MONITORING

SECURITY TOOLS

VOIP MONITORING

NPB

PRIMARY DATA CENTER

CENTRALIZED

Big Mon CONTROLLERSREMOTE DATA CENTER(S)

L2-GRE Tunnels

REM

OTE

FP

TUN

NEL

PO

RTS

REM

OTE

FP

REM

OTE

FP

Packet

1

Packet

3

Packet

2

“…We have a number of packet analysis tools and we were using Gigamon to gatherpackets, but when you want to gather packets from everywhere that price point gets toohigh…

So we decided to go with a white box solution and Big Tap from Big Switch to gatherpackets and forward them to the tools as needed. We’re using software-definednetworking first in non-production, in our monitoring space, and evaluating where we wantto go next. It’s done well for us. We used it through our first peak of tax year 2014, whichwas in early February…

-Ted Turner, Sr. Network Engineer

CUSTOMER VALIDATIONS


“The issue the customer was facing plagued them for overa month. We rushed the [...] deployment to get access...Once in place took 5 mins to isolate the problem. Veryimpressive...”

-Network AdministratorFortune 50 Company

Big Monitoring FabricArchitecture and Deep Dive


ROB SHERWOOD

CTO

BIG SWITCH NETWORKS

BIG MONITORING FABRICArchitecture

FILT

ER P

ORT

S

DEL

IVER

Y P

ORT

S

SERVICE PORTS

VISIBILITY TOOLSNETWORK PERF MONITORING


SECURITY TOOLS

VOIP MONITORING

PRO

DUC

TION

NETW

ORK

TAP

& S

PAN

PO

RTS

1/10/40/100G* ETHERNET SWITCH FABRIC

OptionalBSN NPB

DC / CAMPUS NETWORK

ETHERNET SWITCHING FABRIC WITH SERVICE NODES


CENTRALIZED TOOL FARM

BIG MONITORINGFABRIC CONTROLLER

24


FILT

ER P

ORT

S

DEL

IVER

Y P

ORT

S

SERVICE PORTS



SECURITY TOOLS

VOIP MONITORING

PRO

DUC

TION

NETW

ORK

TAP

& S

PAN

PO

RTS


OptionalBSN NPB

DC / CAMPUS NETWORK





§ Simple: Single Pane of Glass Management (No box-by-box)

§ Resilient: HA with Headless Mode

§ Programmable: Event Triggered Monitoring§ Advanced Telemetry & Analytics

25


FILT

ER P

ORT

S

DEL

IVER

Y P

ORT

S

SERVICE PORTS



SECURITY TOOLS

VOIP MONITORING

PRO

DUC

TION

NETW

ORK

TAP

& S

PAN

PO

RTS


OptionalBSN NPB

DC / CAMPUS NETWORK





26


FILT

ER P

ORT

S

DEL

IVER

Y P

ORT

S

SERVICE PORTS



SECURITY TOOLS

VOIP MONITORING

PRO

DUC

TION

NETW

ORK

TAP

& S

PAN

PO

RTS


OptionalBSN NPB

DC / CAMPUS NETWORK





§ High Density 1RU White-box Switches(HCL: Dell-ON / Accton / Quanta)

§ Scalable: Up to 1000s of Ports

27


FILT

ER P

ORT

S

DEL

IVER

Y P

ORT

S

SERVICE PORTS



SECURITY TOOLS

VOIP MONITORING

PRO

DUC

TION

NETW

ORK

TAP

& S

PAN

PO

RTS


OptionalBSN NPB

DC / CAMPUS NETWORK





§ Advanced Packet Services with Big Switch x86 Service Appliance(Packet De-dup / Slicing / Regex Match)

§ Reuse Current NPB Investment

28

BIG MON SERVICE NODE

29

• 1RU Appliance

• “DPDK Inside”

• Full line rate 4 x 10G ports, bi-directional

• More Appliances for More Scale

• Efficient, redundant hot swap 1100W power supplies

• Current Serviceso De-duplication o Packet Slicingo Regex Pattern Match/Drop

• Extensible Software Architecture• NEBS Level 3 and ETSI Compliant


MONITORING AS A SERVICE: MULTI-TENANCY WITH RBACAccess Control per User / Group Definition


• Self-service monitoring foreach group

• Role-based authorizationand privileges

• Local and/or remoteauthentication

• Tenant-Aware GUI, CLIand REST API

TACACS+

VISIBILITY TOOLS



SECURITY TOOLS

VOIP MONITORING

PRO

DUC

TIO

N NE

TWO

RK

TAP

& S

PAN

PORT

S

WORKLOADS

1/10/40G ETHERNET SWITCH FABRIC

FILTE

R P

ORT

S

SERVICE PORTS

DELIV

ERY

PO

RTS

OptionalNPBNPB

BIG MONITORING FABRIC CONTROLLERS

(HA PAIR)

Big MonSERVICE NODE

OVERLAPPING POLICIESSimplifying Complex multi-tenant solutions


SPAN

SPAN

TAP

TAP

PRODUCTION NETWORK

Policy P1: • Filter Port: F1• Delivery port:D1• Match Flows from 10.1.1.x/24

Policy P2: • Filter Port: F1• Delivery port:D2• Match Flows to 20.1.1.y/24

Now, what if we had a packet from10.1.1.x and going to 20.1.1.yWhere would the packet go?

Control Network

NPB

1G/10G/40G Tool Farm

Big Monitoring Fabric Controller

F1

D1

D2

Packet from 10.1.1.x

Packet to 20.1.1.y

Big MonSERVICE NODE

OVERLAPPING POLICIESSimplifying Complex multi-tenant solutions


SPAN

SPAN

TAP

TAP

PRODUCTION NETWORK

Overlapping Policies Feature:

When overlapping policies are detected, by default Big Mon:

• Dynamically creates new higher priority policy

Policy _P1_o_P2_• Filter Ports: F1• Delivery ports:D1, D2• Match Flows from

10.1.1.x/24 and to 20.1.1.y/24

Control Network

NPB

1G/10G/40G Tool Farm

Big Monitoring Fabric Controller

F1

D1

D2

Packet from 10.1.1.x And to 20.1.1.y

Big MonSERVICE NODE

EVENT-TRIGGERED MONITORINGREST API driven programmatic policy creation


Normal packet

Intruder Packet

• Invoke REST API of theBig Monitoring Fabric

• Dynamically provision /activate / update thepolicy

• The Intruder Traffic isnow replicated to thecapture tool too.


(HA PAIR)

VISIBILITY TOOLS



PRO

DUC

TIO

N NE

TWO

RK

TAP

& S

PAN

PORT

S

WORKLOADS

1/10/40G ETHERNET SWITCH FABRIC

FILTE

R P

ORT

S

SERVICE PORTS

DELIV

ERY

PO

RTS

OptionalNPB

Wireshark(Capture)

Snort (IDS)

Big MonSERVICE NODE

100G SWITCH SUPPORT


Accton AS7712-32X Others…

• Open vendor, low cost, High-density, 1RU (32 x 100G) switches

• Non-blocking, line-rate 3.2Tb switching fabric with sub usec latency

• Supports Port-side Intake/Egress airflow

• Uses BRCM Tomahawk ASIC

• HW supports 10G/25G/40G/50G/100G

• Monitoring with the following options:

• 32 ports of 100G

• 32 ports of 40G

• 128 ports of 10G

DPM FEATURE: INNER PACKET MATCHINGGaining Actionable Intelligence on packet flows


DPM matches up to 128 bytes

PROBLEM:

• How do I match on inner packet fields of an encapsulated frame?

SOLUTION:

• Supports monitoring Policies based on

DPM matches beyond 7-tuple packet header (up to 128 bytes)

Inner packets of encapsulated packets like VXLAN, MPLS...

10G INTERFACE FOR PACKET CAPTURE


• Enables 10G interface (2nd NIC interface) on the controller HW appliance to be used for packet capture.

• Useful when connecting a 40G interface (for e.g. from a Dell S6000-ON switch) via splitter to the 10G capture interface

NOTE:

• Actual packet rates would likely be less than 10G and will be determined during testing.

• Can use 1G or 10G interface but not both simultaneously

BIG MON CONTROLLERS

(HA PAIR)

VISIBILITY TOOLS



SECURITY TOOLS

VOIP MONITORINGPRO

DUC

TIO

N NE

TWO

RK

TAP

& S

PAN

PORT

S

WORKLOADS1/10/40G ETHERNET SWITCH FABRIC

FILTE

R P

ORT

S

SERVICE PORTS

DELIV

ERY

PO

RTS

OptionalNPBNPB

Supports 10G interface on the Controller HW Appliance as a capture interface

PRODUCTION NETWORK VISIBILITY / ANALYTICS


• Track hosts’ IP ownership history

• Track Host’s movement

• Track IP address spoofing

• Track dead Hosts

Last Seen

First Seen

MAC Address

IP Address

Filter InterfacesHost NameTAP

TRACKER

HOST TRACKER

SUBNET TRACKER

PACKET CAPTURE

DHCP/DNS TRACKER

sFlowGenerator

Big Monitoring Fabric (BMF)Demo: Advanced Analytics

SYED GHAYUR

BIG SWITCH NETWORKS

BIG MONITORING FABRICDEMO


Production Network Analytics• Advanced Trackers (Host, Network, …)• Historical Time Series Data• sFlow Collection & Analysis

FILTE

R P

ORT

S

DEL

IVER

Y P

ORT

S

SERVICE PORTS


OptionalBSN NPB



Big Monitoring FabricInline Mode


ROB SHERWOOD

CTO

BIG SWITCH NETWORKS


INLINE – FOR DMZ VISIBILITY & PROTECTIONLEGACY

Trusted

Untrusted

FIREWALL

IPS

INTERNET

DMZ

Complex & ExpensiveLimited Tool OptimizationOperational Challenges

✗

✗

✗

INLI

NE

TOO

LS

Simple & EconomicalEnhanced Tool OptimizationClear Role Separation between network and security admins

ü

ü

ü

BIG MON: INLINE

BIG MON INLINE Switches

(1/10/40G)FIREWALL

IPS

WEB PROXY

Untrusted

Trusted

INLINE TOOLSTRAFFIC DISTRIBUTION /

LOAD SHARING


(HA PAIR)

ACL-based SPAN

OUT-OF-BANDTOOL FARM

WEB PROXY


INLINE – FEATURE HIGHLIGHTSSingle Pane of Glass• Single Controller manages Big Mon Out-of-Band

as well as Inline

SPAN user-defined flows• Supports selective SPAN on ingress to Big Mon

Out-of-band

Improves Tool performance• Supports enhanced filtering (DPM) • Drop marked flows

Tool Health• Supports inline Tool Health check

Fail Open / Fail Close• Skip Tool if down

Symmetric / Asymmetric Tools• Different Tools in the chain in reverse direction


(1/10/40G)FIREWALL

IPS

WEB PROXY

Untrusted

Trusted

INLINE TOOLSTRAFFIC DISTRIBUTION /

LOAD SHARING

INTERNET

DMZ

CENTRALIZEDOUT-OF-BAND

TOOL FARM

FILTE

R

PORT

S

SERVICE PORTS

DEL

IVER

Y

PORT

S

BIG MONOUT-OF-BAND

ACL-based SPAN


(HA PAIR)

DMZ / EXTRANET / INLINE SECURITYEnabling Pervasive security for a multinational energy corporation


INTERNET

DMZ


(1/10/40G)

Untrusted

Trusted

INLINE TOOLSTRAFFIC

DISTRIBUTION / LOAD SHARING

BIG MONCONTROLLERS

(HA PAIR)

Firewall A Firewall B Firewall C

Switch A Switch B Switch C

Global Energy corporation• 10G/40G, line-rate, pervasive security monitoring• Requirement across 20+ datacenters

DMZ / EXTRANET / INLINE SECURITYEnabling Pervasive security for a multinational energy corporation


INTERNET

DMZ


(1/10/40G)

Untrusted

Trusted

INLINE TOOLSTRAFFIC

DISTRIBUTION / LOAD SHARING

BIG MONCONTROLLERS

(HA PAIR)

Firewall A Firewall B Firewall C

Switch A Switch B Switch C

Firewall A <-> Switch A Firewall B <-> Switch B Firewall C <-> Switch C

Span to QRadar

* Currently Under POC

• Aggressive Health Timers• 500/1500 ms health

intervals• Custom Health Messages

SCIENCE DMZ USE-CASE

• Adds the capability to bypass a service in the chain for specific set (whitelist) of flows.

• Allows only certain, trusted large data transfer flows to bypass the firewall.

• Improves performance and reduces load on the IT Infrastructure.

Untrusted

Trusted

INTERNET

DMZ

BIG MON INLINESWITCHES

15

1617

18

Tool 1 - FirewallByPass Src-ip 1.1.1.1

(Whitelist)

Tool 2 - IPSInterested in All Traffic

(Whitelisted Traffic)Packet with src-ip 1.1.1.1

(Non-whitelisted traffic)Packet with src-ip 2.1.1.1


Trusted

SCIENCE DMZ USE-CASE

INTERNET

DMZ

BIG MON INLINESWITCHES


Untrusted

Tool 2 - IPS

Tool 3 - IDS

REST API

2 Invoke Big Mon Controller REST API


(HA PAIR)

Tool 1 - FirewallBypass Whitelisted

Traffic

3 Auto-program whitelist rules on the switches

(Non-whitelisted traffic)(Whitelisted Traffic)

1 Whitelisted Traffic Notification

Big Monitoring FabricInline Mode Demo


SYED GHAYUR

BIG SWITCH NETWORKS

10 G10 G

Inline

BIG MONITORING FABRIC (BMF) INLINE USE CASE

BMF Controllers

Untrusted Traffic

Trusted Traffic

10 G10 G

Span Traffic

Passive Tools (e.g. IDS)

Inline

OOB

Firewall 2Firewall 1

Core Switch 1 Core Switch 2

(c)2016,BIGSWITCHNETWORKS,INC.48

Big Cloud FabricV3.5 Update


ROB SHERWOOD

CTO

BIG SWITCH NETWORKS

BIG CLOUD FABRICBest Leaf-Spine Clos Fabric for Private Clouds

50

BIG CLOUD CONTROLLER(CLI or GUI)

SWITCH LIGHT OS SWITCH LIGHT OS SWITCH LIGHT OS

SWITCH LIGHT OS SWITCH LIGHT OS

L2 + L3 CLOS FABRIC MANAGED BY SDN CONTROLLER

OPENSTACK & VMWARESingle Programmatic Interface for up to 16-Rack Fabric

SDN CONTROLLERFull Automation for Provisioning, HA/Resiliency & Management

L2 + L3 CLOS FABRICNative VM Mobility Across640+ Servers/Nodes

SWITCH LIGHT OSOpen Network Linux (ONL) Based OS for Dell-ON or Whitebox Switches

Whitebox Switches

or

Other Servers & Storage

or


SWITCH LIGHT VX

SWITCH LIGHT VIRTUALUser space Agent on OVS Kernal Module

(for P+V OpenStackorContainers)

NewSWITCH LIGHT VX

POD-LEVEL DEPLOYMENTInter-operate with Existing PODs in Data Center


Data CenterCore Routers

L3L2

L3L2

Example BCF PODs:• Private Cloud: Dev/Test• Analytics (Hadoop)• VDI• Server Virtualization (vSphere)• SDN Underlay (e.g. NSX)

Internet/WAN

Big Cloud Fabric

Controller

RACK NRACK N-1

RACK 2RACK 1INGRESS/EGRESS

40G

10G

Big Cloud Fabric

Controller

RACK NRACK N-1

RACK 2RACK 1INGRESS/EGRESS

40G

10G

51

3 Data Center Fabric

Hyper-V/Xen

PhysicalWorkloads …

Most Simple, Best Visibility

P Fabric

2

Most Automated, Best Visibility

P Fabric

BIG CLOUD FABRICDeployment options & Use cases

52

1

Most Resilient,Best Visibility

P+V Fabric

Use Cases: IaaS Clouds, Big Data/HPC, VDI, NFV, SDS, …(c) 2016, BIG SWITCH NETWORKS, INC.

LOGICAL “VPODS” WITH A SINGLE PHYSICAL FABRICMulti Orchestration Support



1 32

A B A B A B

SERVICES & CONTROL RACK

LOGICAL “vPODS”

BCF’s orchestration integration allows multiple isolated vCenter instances and/or multiple OpenStack instances in parallel

• Overlapping IPs and VLAN tags across vPods

• Fully distributed Logical System Router enables Shared Services (e.g. storage nodes) across vCenters

LOGICAL “VPODS” WITH A SINGLE PHYSICAL FABRICMulti Orchestration Support



1 32

A B A B A B

SERVICES & CONTROL RACK

LOGICAL “vPODS”

“We are running over 20 vCenter instances on a unified SDN fabric. This single, centralized view into all things networking, has not only helped us

provision and manage our network in an easy, seamless manner but also provides us with the analytics required by our 24x7

services team.”

--Joe Solsona, CEOU2 Cloud

OPENSTACK LEADERSHIP


OpenStack Integration Options§ Full Neutron using Switch Light VX (P+V Edition)§ Neutron ML2 Driver § Nova Networks (legacy support)

Support Major Distributions, Installation Environments and Host OS§ Mirantis (with Fuel): Ubuntu, vSphere*§ Red Hat (with Foreman): RHEL OS Platform 7§ RDO (with PackStack): CentOS§ VMware VIO: vSphere

Horizon Extensions (being upstreamed)§ Connectivity Checks§ Heat Networking Templates

Led blueprints for service insertion, service chaining, bare metal server integration

SCALE-OUT DEPLOYMENT DETAILS (1/2)Combined Solution: Big Cloud Fabric, Mirantis Fuel, Dell Servers+Switches


• Used Dell R220• 1 Fuel Installer Node• 5 OpenStack control nodes• 2 Big Cloud Fabric controllers

56

SCALE-OUT DEPLOYMENT DETAILS (2/2)Combined Solution: Big Cloud Fabric, Mirantis Fuel, Dell Servers+Switches


BCF VMWARE INTEGRATIONDeployment Options

58

NSX Network Virtualization

§ Physical Network Automation§ Auto ESXi host detection and

LAG formation

§ Auto transport network creation & VTEP discovery

§ Underlay Troubleshooting & Visibility§ VTEP to VTEP Connectivity

§ Network Analytics

VMware Integrated OpenStack

§ VMware private/public clouds with OpenStack Orchestration

§ BCF integration via vCenter§ Fully automated, zero-touch

physical networking fabric

§ vSphere & NSX Visibility, fabric-wide trouble-shooting

vCenter Server Virtualization

§ Zero Touch Networking§ Auto ESXi host detection, L2

network creation, vMotion§ L3 configuration via vCenter

plug-in for BCF

§ Deep Visibility & Trouble-shooting (VM-level)

§ Multi-vCenters per BCF Pod§ Overlapping IP/VLAN with

Shared Tenants


BCF VMWARE INTEGRATIONDeployment Options

59

NSX Network Virtualization

§ Physical Network Automation§ Auto ESXi host detection and

LAG formation

§ Auto transport network creation & VTEP discovery

§ Underlay Troubleshooting & Visibility§ VTEP to VTEP Connectivity

§ Network Analytics

VMware Integrated OpenStack

§ VMware private/public clouds with OpenStack Orchestration

§ BCF integration via vCenter§ Fully automated, zero-touch

physical networking fabric

§ vSphere & NSX Visibility, fabric-wide trouble-shooting

vCenter Server Virtualization

§ Zero Touch Networking§ Auto ESXi host detection, L2

network creation, vMotion§ L3 configuration via vCenter

plug-in for BCF

§ Deep Visibility & Trouble-shooting (VM-level)

§ Multi-vCenters per BCF Pod§ Overlapping IP/VLAN with

Shared Tenants

Most Automated, Best Visibility for VMware SDDCBCF SDN Controller ßàvCenter Integration


BIG CLOUD FABRIC - VCENTER INTEGRATION

• BCF dynamically learns the endpoint and provisions the VLAN on the Host interface, if the VM is the first VM on that host for the given port-group

Dynamic End-Point Learning & VLAN Provisioning on the Host Interface


VMWARE VCENTER GUI PLUGINSimplified Configuration & Enhanced Visibility


• Configure L2 and L3 networks from vCenter§ Enables shared services (e.g. storage) configuration§ Role-based access / permissions

• Physical Fabric visibility from vCenter§ ESXi host to BCF Fabric connectivity (consistent view

across infrastructure teams)

DEPLOYING BCF VCENTER PLUG-IN

1. Deploy: “deploy vcenter gui-plugin <vcenter-name> <vcenter-username>”

2. Verify on vCenter:

3. Verify on BCF:

Easy Steps


LAYER 3 GATEWAY CONFIGURATION• Create L3 gateway on BCF for routing across port-groups in

default tenant:


ENHANCED VISIBILITY FOR VI ADMINMore information than BCF or vCenter alone can provide:


VREALIZE LOG INSIGHTContent Pack for Remote Monitoring & Troubleshooting


Big Switch Networks – BCFVersion: 1.0Author: Big Switch Networks

Preconfigured Dashboards & Alerts(with options for customization)

Big Switch LabsFree Online Product Trial


ROB SHERWOOD

CTO

BIG SWITCH NETWORKS

Labs

.Big

Switc

h.co

m


Labs

.Big

Switc

h.co

m


http://labs.bigswitch.com

Thank You


Networking Field Day 11 Presentation

Technology

Transcript of Networking Field Day 11 Presentation