SDN Controllers - A Use the...
83
Transcript of SDN Controllers - A Use the...
SDN Controllers - A Use Case Driven Approach to
the OptionsPaul Cernick and Chad Peterson
• Lukas Krattiger
• Victor Moreno
• Yves Louis
• Brenden Buresh
• Jason Gmitter
• Chad Hintz
• Errol Roberts
• Cesar Obediente
Contributors and Acknowledgements
• Leo Boulton
• Vaughn Suazo
• Dave Malik
• Lilian Quan
• Mike Herbert
• Juan Lage
• Jason Pfiefer
• Lilian Quan
• David Jansen
• Kevin Corbin
• Babi Seal
• James Christopher
• Jim Pisano
• Matt Smorto
• Giles Heron
• Brendan Kelly
• Why SDN Controllers
• Foundational Technical Requirements
• Use Cases and Cisco’s Solutions
• Conclusion and Questions
Agenda
Paul Cernick Chad Peterson
• Technical Solutions Architect
• Global Service Provider Architecture
• CCIE 5383 – R&S + SP
• Data Centre Consulting Systems Engineer
• US Commercial - Central
• CCIE 23213 – R&S + DC
Why Did we Create this Session?
?
Vast amount of technologies
Not everything will be relevant to you…today
Warning!
Evolution of Network Configuration
hq>enable
hq# config terminal
hq(config)# interface fastethernet 1/1
hq(config-if)# ip address
1.1.1.1 255.255.255.0
hq(config-if)# no shutdown
hq(config-if)# exit
hq(config)# router eigrp
hq(config-router)# network 1.1.1.0
hq(config-router)# exit
hq(config)# exit
hq# copy run start
1990s
NEXUS>enable
NEXUS# config terminal
NEXUS(config)# interface
ethernet 1/1
NEXUS(config-if)# no switchport
NEXUS(config-if)# ip address
1.1.1.1 255.255.255.0
NEXUS(config-if)# no shutdown
NEXUS(config-if)# exit
NEXUS(config)# feature eigrp
NEXUS(config)# router eigrp Test1
NEXUS(config)# interface
ethernet 1/1
NEXUS(config-if)# ip router
eigrp Test1
NEXUS(config-if)# no shutdown
NEXUS(config-if)# end
NEXUS# copy run start
Today
Need More than Centralised Management
Relationships
Need More than Centralised Management
SDN Use Cases
Network Function
Virtualization
Network
Abstraction
Traffic
Engineering
SDN Use Cases
Virtual Topology System
VTSApplication Centric
Infrastructure
ACI
Open SDN Controller
OSC
Foundational Technologies
VXLAN
DC Fabric JourneySpanning Tree
Protocol
Virtual Port-Channel
FabricPath
Layer 2
DC Fabric JourneyVirtual Extensible LAN
Virtual Switch
Spanning Tree Protocol
Virtual Port-Channel
FabricPath
Layer 3
VXLAN
Virtual
Switch
Virtual
SwitchLocal LAN Segment
VXLAN 32145
VTEP VTEP VTEP
VXLAN 44517
VTEPVTEP
VXLAN Tunnel Encapsulation
FCSOuter
Mac Header
Outer
IP HeaderUDP Header
VXLAN
HeaderOriginal L2 Frame
FCS
8 Bytes20 Bytes
IP H
ea
de
r
Mis
cD
ata
Pro
toco
l
0x1
1
Hea
de
r
Che
cksu
m
Ou
ter
Src
. IP
Ou
ter
Dst.
IP
72 8 16 32 32
8 Bytes
UD
P
Src
. P
ort
UD
P
DstP
ort
UD
P L
en
gth
Checksum
0x0
00
0
16 16 16 16
VX
LA
N
RR
RR
1R
RR
Rese
rve
d
VN
ID
Rese
rve
d
8 24 24 8
10 or 14 Bytes
Dst.
MA
C A
dd
r.
Src
.
MA
C A
dd
r.
VL
AN
Typ
e
0x8
10
0
VL
AN
ID
Ta
g
Eth
er
Typ
e
0x0
80
0
48 48 16 16 16
16 million VNIDVTEP IPs
VXLAN Problems
Virtual Switch
VTEP
Layer 3
Virtual
Switch
Virtual
SwitchLocal LAN Segment
VXLAN 32145
VTEP VTEP VTEP
VXLAN 44517
VTEP
VTEP
No Peer-Auth
Flood & Learn
DC Fabric JourneySpanning Tree
Protocol
Virtual Port-Channel
FabricPath
Layer 3
VXLAN
VXLAN with BGP EVPN
RR RR
VXLAN 32145VXLAN 44517
SDN Journey
OpenFlow allows direct access to the forwarding plane of network switched devices.
Controller
SDN Journey
Layer 3
Virtual
Switch
Virtual
Switch
VXLAN 32145
VTEP VTEP VTEP
VXLAN 44517
VTEPVTEP
NSO
Controller
API
APIs
Application Programming Interface
APIWhy We Care
Collect list of used VLANS
RESTful API’s
Well Understood
Easy to Develop Against
Versioned
HTTP or HTTPS
GET, PUT, POST, and DELETE
Response in HTML, JSON / XML
Client Server
API – Collect InformationCollect List of Used VLANs
List VLANS
POST: http://10.10.10.10/ins/
{
"ins_api": {
“version": “1.0”,
“type": “cli_show”,
“chunk": “0”,
“sid": “1”,
“input": “show vlan”,
“output_format": “json”,
}
{
API – Collect InformationCollect List of Used VLANs
List VLANS
1 - default
101- n1k-l3
123- VLAN0123
300- 1k-vtep
999- VLAN0999
{
"ins_api": {
…
"body": {
"TABLE_vlanbrief": {
"ROW_vlanbrief": [
{
"vlanshowbr-vlanid": "16777216",
"vlanshowbr-vlanid-utf": "1",
"vlanshowbr-vlanname": "default",
… },
{
"vlanshowbr-vlanid": "1694498816",
"vlanshowbr-vlanid-utf": "101",
"vlanshowbr-vlanname": "n1k-l3",
…}
SDN Resets Business Opportunities
SDN Platform
APIs
Open Protocols
Physical Network
ApplicationsSecurity, Load Balancing,
and Other Services
Physical Network
New architecture with separate
control and data planes
Open programmable networks
and APIs
New business models and
revenue opportunities
Efficiency in both capital and
operational expenses
VTSUse Case –Network Function Virtualisation
Internet
High Level Virtual Topology System (VTS) Use Case
Customer
PremMetro and Access
SP
Core
Customer
PremMetro and Access
CPE CPE
vFW
vWAAS
vCenter
OpenStack
NFV Use Case
Nexus 9300 (ToR)
OVS dVS
MPLS VPN
Network
VPN PE
& VXLAN
Gateway
VXLAN
NSO
VTS
VTS
Plug-in
VLANsVLANs VLANsVLANs
Admin Tools Customer Portal OSS/BSS
REST API
BGP-EVPN
Orchestration & Controllers Layer
Virtual Overlay Networking Layer
Virtual Infrastructure, VNF & PNF Layer
VNF1 VNF2 VNF1 VNF2
Nexus 9300 (ToR)
PNF1 PNF2
Cisco Virtual Topology System (VTS) Overlay Provisioning and Management System
Nexus Portfolio
Nexus 2k – 9k
Cisco Virtual
Topology System
Flexible Overlays
Open and Programmable
Automated
Scalable VXLAN Mgmt.
VMware vCenter
REST API
Seamless Integration with
Orchestrators
Automated Overlay Provisioning
Automated DCI/WAN Integration
REST-Based Northbound APIs
Multi-protocol Support
Multi-hypervisor Support
MP-BGP EVPN Control Plane
Virtual Tenant Networks
High Performance Virtual Forwarding
GUI
Physical and Virtual Overlays
Bare-metal and Virtualized
Workloads
Service Chaining
Cisco Network Services
Orchestrator (Tail-f)
YANG CLI NX-API BGP-EVPN
VTS Architecture
VMware vCenter
Unified Information Model (REST API)
GUICisco Network Services
Orchestrator (Tail-f)
Virtual Topology System
Service and Infrastructure PolicyInventoryDatabase
Resource Management
Po
licy P
lan
eC
on
trol
Pla
ne
IOS XRvDevice Management
YANG CLI NX-API BGP-EVPN
VTFOVS DVS
Virtual Compute Environment
Cisco Nexus 2000, 3000,
5000, and 7000 SeriesCisco Nexus
9000 SeriesCisco ASR
9000 Series
WAN / Internet
3rd Party Cloud
VTS Architecture
Border
SpineRR RR
MP
-BG
P
BGP EVPN
vCenter GUI
3rd Party VM
ManagerCisco NSO
REST API
Virtual Topology System
(VTS)
DCI
RR
RESTCONF/YANG
Service Provider Oriented Architecture
IP / MPLS
WAN
Integrated Virtual
VTF
Virtual
OVS / dVS
LeafV V V V V V….
Physical
WAN / Internet
3rd Party Cloud
VTS Architecture
Border
SpineRR RR
vCenter GUI
3rd Party VM
ManagerCisco NSO
REST API
Virtual Topology System
(VTS)
DCI
RR
Service Provider Oriented Architecture
IP / MPLS
WAN
Integrated Virtual
VTF
Virtual
OVS / dVS
LeafV V V V V V….
Physical
VXLAN
Overlay ProvisioningUse Case
Border
vCenter GUI
3rd Party VM
ManagerCisco NSO
REST API
Virtual Topology System
(VTS)
Virtual
OVS / dVS
LeafV V V V V V….
Physical
• Layer-2 / Layer-3 VXLAN
Configuration using MP-BGP
EVPN control-plane
• Allocate and Manage
resources
• Support for Physical and
Virtual End-Hosts
• End-to-End Automation
• Openstack and vCenter
integration
VXLAN Overlay
VTS Architecture
Cisco VTS
ToR ToR
Spine Spine
ToR
Hypervisor
VM
x86 Server
Hypervisor
VM
x86 Server
Hypervisor
VMVM
x86 Server
REST
API
DCI
NX-API,
CLI,
YANG
VTEP
VTEP VTEP
VMware vCenter
Border Leaf VTEP
Virtual Topology System
Service and Infrastructure PolicyInventoryDatabase
Resource Management
Po
licy P
lan
eC
on
trol
Pla
ne
IOS XRvDevice Management
VTS Architecture
Cisco VTS
VMware vCenter
ToR ToR
Spine Spine
ToR
Hypervisor
VM
x86 Server
Hypervisor
VM
x86 Server
Hypervisor
VMVM
x86 Server
REST
API
DCI
NX-API,
CLI,
YANG
VTEP
VTEP VTEP
Border Leaf VTEP
VTS – OpenStack Workflow
Cisco VTS
VMware vCenter
ToR ToR
Spine Spine
ToR
Hypervisor
VM
x86 Server
Hypervisor
VM
x86 Server
Hypervisor
VMVM
x86 Server
NX-API,
CLI,
YANG
VTEP
VTEP VTEP
Create Tenant
Networks
1
VNID assigned
for each network
3
REST
API
Tenant and Tenant
Networks Created
2
Attach VM to
Network
4
VM Host info captured by VTS
and mapped to the right ToR &
ToR port using topology database
5
VTS provisions VTEP,
VLAN for each VTEP
and EVPN on ToR/VTF
6
Neutron agent
modified to
request VLAN
information
from VTS
before
programming
vSwitch
7
VLAN
VLANVLANVLAN
vlan 1,1700-711,2000
vlan 1706
vn-segment 46006
evpn
evi 46006 vni
bgp
rd auto
route-target import auto
route-target export auto
interface nve1
no shutdown
source-interface loopback0
member vni 46006
host-reachability protocol bgp
mcast-group 224.1.1.1
Create router and attach
interfaces to tenant networks
8
ACIUse Case –WordPress as a Service
• Open-source content management system
• Originally a blogging platform, now a wider scope
• 23% of the top 10million websites are powered by WordPress
What is WordPress?
• 3 Types of servers – both BM and VM
• Internal management L3 network
• User L3 network
• SSH access on all servers
• All communication should be as restrictive as possible – only
allow what must be allowed
WPaaS Components and Requirements
vlan 100
name db
vlan 200
name phpMyAdmin
vlan 300
name wp
vlan 400
name internal
vlan 500
name external
Traditional Implementationinterface vlan 100
description Database L3 interface
hsrp 100
version 2
ip 192.168.100.1
ip address 192.168.100.2/24
ip access-group db-provide out
interface vlan 200
description phpMyAdmin L3 interface
hsrp 200
version 2
ip 192.168.200.1
ip address 192.168.200.2/24
ip access-group phpMyAdmin-provide out
interface vlan 250
description WordPress L3 interface
hsrp 300
version2
ip 192.168.250.1
ip address 192.168.250.2/24
ip access-group WordPress-provide out
interface vlan 400
description Internal Mgmt
hsrp 400
version 2
ip 192.168.40.1
ip address 192.168.40.1/24
interface vlan 500
description Outside
hsrp 500
version 2
ip 192.168.50.1/24
ip access-list db-provide
permit tcp 192.168.200.0 0.0.0.255
192.168.100.0 0.0.0.255 3306
permit tcp 192.168.250.0 0.0.0.255
192.168.100.0 0.0.0.255 3306
permit tcp 192.168.40.0 0.0.0.255 192.168.100.0
0.0.0.255 22
ip access-list phpMyAdmin-provide
permit tcp 192.168.40.0 0.0.0.255 192.168.200.0
0.0.0.255 80
permit tcp 192.168.40.0 0.0.0.255 192.168.200.0
0.0.0.255 22
ip access-list WordPress-provide
permit tcp 192.168.40.0 0.0.0.255 192.168.250.0
0.0.0.255 22
deny ip 192.168.100.0 0.0.0.255 192.168.250.0
0.0.0.255
deny ip 192.168.200.0 0.0.0.255 192.168.250.0
0.0.0.255
permit tcp 0.0.0.0 255.255.255.255
192.168.250.0 0.0.0.255 8000
ACI
Nexus 9000 APIC Policy Model
The Hardware
The Hardware
APICNexus9500
Nexus9300
The Fabric
Spine
Leaf
ACI – Network Abstraction
ACI – Abstraction
• Everything in ACI is represented in the Management Information Tree
• All objects have relationships between each other
• Hardware is configured based upon these relationships
Contract Contract
ACI MIT– Tenant Model
ACI – Abstraction
EPG
db
EPG
admin
EPG
wp
ContractPermit 3306
ContractPermit 8000
ContractPermit 22
ContractPermit 80
MGMT Outside
Hypervisor
AVS
Endpoint Attachment
Hypervisor
No VTEPWord
Press
phpMy
Admin
802.1q
VNID 5215VNID 8213VLAN 10 VLAN 47
No Tag
Clients
MGMT
Word
PressMySQL
Word
Press
phpMy
Admin
ACI – Endpoint Attachment
Static Path
VMM Integration
ACI – Endpoint Attachment
Static Path
VMM Integration
"fvAp": {
"attributes": {
"descr": "",
"dn": "uni\/tn-clanz16\/ap-WPaaS",
"name": "WPaaS",
"ownerKey": "",
"ownerTag": "",
"prio": "unspecified"
},
"children": [
{
"fvAEPg": {
"attributes": {
"descr": "",
"isAttrBasedEPg": "no",
"matchT": "AtleastOne",
"name": "phpMyAdmin",
"prio": "unspecified"
},
"children": [
{
"fvRsCons": {
"attributes": {
"prio": "unspecified",
"tnVzBrCPName": "mysql"
}
}
},
{
"fvRsDomAtt": {
"attributes": {
"encap": "unknown",
"instrImedcy": "lazy",
"resImedcy": "lazy",
"tDn": "uni\/phys-ucs-fi-vmm"
}
}
},
ACI – Application Policy
ACI
I want this
WordPress
phpMyAdmin
mySQLVM VM
BM
VM BM
BM
MGMT
Clients
ACI
Configure for this
WordPress
phpMyAdmin
mySQLVM VM
BM
VM BM
BM
MGMT
Clients
ACI
Success / Faults
ACI
Faults and Health
ACI – Visibility
Fault Investigation
ACI – Statistics
ACI – Statistics EPG
Hypervisor
AVS
Putting it Together
Hypervisor
No VTEPWord
Press
phpMy
Admin
802.1q
VNID 5215VNID 8213VLAN 10 VLAN 47
No Tag
WordPress
phpMy
Admin
mySQLVM VM
BM
VM BM
BM
Clients
MGMT
Clients
MGMT
Word
PressMySQL
Word
Press
phpMy
Admin
• Similar use of underlying technologies
• Different hardware requirements
• Different target use cases
Comparisons and Contrasts
Open SDN ControllerUse Case –Traffic Engineering
Cisco Open SDN Controller
P1
P2
CE2CE1 PE1
PE2
OpenDaylight PlatformAAA: Authentication, Authorisation and Accounting OVSDB: Open vSwitch DataBase Protocol
AuthN: Authentication PCEP: Path Computation Element Communication Protocol
BGP: Border Gateway Protocol PCMM: Packet Cable MultiMedia
COPS: Common Open Policy Service Plugin2OC: Plugin To OpenContrail
DLUX: OpenDaylight User Experience SDNI: SDN Interface (Cross-Controller Federation)
DDoS: Distributed Denial Of Service SFC: Service Function Chaining
DOCSIS: Data Over Cable Service Interface Specification SNBI: Secure Network Bootstrapping Infrastructure
FRM: Forwarding Rules Manager SNMP: Simple Network Management Protocol
GBP: Group Based Policy TTP: Table Type Patterns
LISP: Locator/Identifier Separation Protocol VTN: Virtual Tenant Network
LEGEND
DLUXVTN
Coordinator
OpenStack
Neutron
SDNI
Wrapper
DDoS
Protection
Network Applications
Orchestrations and Services
AAA – AuthN Filter
OpenDaylight APIs (REST)
GBP Renderers
Base Network Service FunctionsOpenStack Service
GBP
ServiceSFC AAA
VTN
Manager
OVSDB
NeutronPlugin20C
LISP
Service
L2
Switch
SNBI
ServiceController Platform
DOCSIS
Abstraction
SDNI
Aggregator
Service Abstraction Layer (SAL)
(Plugin Manager, Capability Abstractions, Flow Programming, Inventory, etc.)
Topology
Manager
Stats
Manager
Switch
ManagerFRM
Host
Tracker
NETCONFPCMM/
COPSSNBI LISP BGP PCEP SNMP Plugin 20c
Southbound Interfaces
and Protocol Plugins
OpenFlow
1.0 1.3 TTP
Data Plane Elements
(Virtual Switches, Physical
Device Interfaces)
OVSDB
OpenFlow Enabled DevicesOpen
vSwitches
Additional Virtual and
Physical Devices
Helium
• Released October 2014
• 1.87 million+ lines of code
• 28 projects
• 256 contributors
Lithium
• June 2015 release planned
Hydrogen
• Released February 2014“HELIUM”
Cisco Open SDN Controller vs OpenDaylight HeliumCommunity Support
“Helium”Open SDN
Controller
Incremental
Cisco Value
Precluded
OpenDaylight
Content
SDNi
Defense4all
PacketCable
PCMM
VTN Project
OpenContrail
Plug-in
SNMP4SDN
LISP Flow
Mapping
AD-SAL
Logs
Metrics
Monitoring
Central Mgmt
and Admin
OVA Distribution
One-Click Install
Plug-in Clustering
BGP-LS
Secure Network
Bootstrap Infra
MD-SAL
Developer
Support
PCEP
Basic Clustering
AAA
Group Policy
L2 Switch
OpenFlow
Plug-in
OVSDB
Controller
DLUX
Service Function
Chaining
YANG Tools
Cisco® Support
Common Content
Cisco Open SDN Controller
Application 1 Application 2 Application 3 Application ‘n’Network
ApplicationsApplication 4
REST APIs
DLux User Interface
OpenFlow
Interface
OVSDB
Interface
NETCONF
Interface
BGPLS
Interface
PCEP
Interface
Open
vSwitches
OpenFlow Enabled
Devices
Cisco and 3rd Virtual
and Physical Devices
Data Plane
Elements
L2 SwitchAAA
Service
GBP
Service
Topology
Manager
Statistics
ManagerFRM
Host
Tracker
Network
Service 1
Network
Service 2
Network
Service 3
Model Driven Service Abstraction Layer
(Plugin Manager, Capacity Abstraction, Flow Programming, Inventory, etc)
Network
Service ‘n’
Network
Service 4
Cisco Open
SDN Controller
Platform
3rd Party Network Service FunctionsBase Network Service Functions
REST APIs
DLux User Interface
OpenFlow
Interface
OVSDB
Interface
NETCONF
Interface
BGPLS
Interface
PCEP
Interface
Carrier-Class User Experience
Preinstalled Apps
• BGPLS Manager - Visualises
network topology from BGP
database
• Inventory – Augmented
OpenDaylight “nodes” app
identifies all connected
devices
• (YANG) Model Explorer –
Exposes system models and
previews JSON API body
• OpenFlow Manager –
Manages, visualises, and
troubleshoots flows + previews
JSON API body
• PCEP Manager – Creates,
modifies, and deletes MPLS
LSPs
Centralized OA&M
• Robust user, application, and
feature administration
• Status monitoring; system,
cluster, node
• Event logging
• Real-time CPU, memory, disk,
heap size, load, and network
utilisation metrics
“One-Click” Install
• VMware ESXi and Oracle
Virtual Box hypervisor ready
BGPLS Manager Application
Visualises
network topology
based on
Boarder Gateway
Protocol (BGP)
Inventory Manager
• Augmented
OpenDaylight
“nodes”
• Device vendor
• Platform IDs
• Series numbers
OpenFlow Manager
• OpenFlow
topology
visualisation
• Flow
management
• Flow-based
troubleshooting
• JSON body
preview
PCEP Manager
• Autocreate
label-switched
paths (LSPs)
• Manually create
LSPs
• Delete LSPs
Path Based LSP Creation
P1
PE1
P2
PE2CE1
CE2
MPLS LSP Use Case
OSCWAE
PCEP BGP-LS
REST APIs
IS-IS Routing
IP / MPLS Network BGP-LS = BGP Link State
PCEP = Path Computation Element Protocol
MPLS LSP Use CaseCongestion Aware
Cisco® Open SDN
Controller
Data Centre #1
DC Edge
Router
Data Centre #2
Data Centre #3
PE 1
P2
TE 2
P3
P1
PE2
PE3
P4TE 1
Congested
Link
API
REST
BGP-LS
PCEP
Congested
Link
50 Mb
75 Mb
Cisco WAN
Automation Engine
• Not All SDN Controllers are created equal…
…nor are the SDN use cases
• No particular SDN controller is “best”
• There’s more SDN controllers coming
Where Have We Come
?
Q & A
Complete Your Online Session Evaluation
Learn online with Cisco Live!
Visit us online after the conference
for full access to session videos and
presentations.
www.CiscoLiveAPAC.com
Give us your feedback and receive a
Cisco 2016 T-Shirt by completing the
Overall Event Survey and 5 Session
Evaluations.– Directly from your mobile device on the Cisco Live
Mobile App
– By visiting the Cisco Live Mobile Site http://showcase.genie-connect.com/ciscolivemelbourne2016/
– Visit any Cisco Live Internet Station located
throughout the venue
T-Shirts can be collected Friday 11 March
at Registration
Thank you
