Datacenter Networking

Joy ABOIM
Consulting System Engineer

Typical journey to a new Target Operating Model

Standardise
Vendors, architectures, devices (network, compute, storage) & their configurations

Consolidate

Applications, network, servers, storage and operational silos

Virtualise

Abstraction of physical resources unified data center comprising network, compute and storage Orchestration and automated provisioning of virtualised (and where appropriate physical) infrastructure A new Target Operating Model (TOM) which is market driven (private or public cloud), outsourced, out-tasked or delivered internally as appropriate.

Automate

Market
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Evolution of Data Center Networking

Distributed Fabric Based
Cloud

Application Driven

Cloud

Monitoring Apps

Provisioning Apps

Networking End-User Apps Apps

Programmable

Provisionable

Fabric
L2,
Compute Compute Storage Storage Services Services

L3

L2,
Compute Compute Storage Storage Services Services

L3

Integrated Fabric & Cloud World of Many Clouds

Manual Provisioning Limited scaling Rack-wide VM mobility

Cisco Confidential

Policy-based Provisioning Scale Physical & Virtual/Cloud DC-wide/Cross-DC VM Mobility

Service-centric Provisioning Flexible Anywhere, Anytime Cross-cloud VM Mobility

3

2012 Cisco and/or its affiliates. All rights reserved.

Expose Network Value

Automation, Monitoring, Programmability

POLICY

Orchestration

ANALYTICS

Program for Optimized Experience

Harvest Network Intelligence

Network
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Customer Insights: Network Programmability

Research/ Academia Experimental OpenFlow/SDN components for production networks

Network Slicing

Massively Scalable Data Center Customize with Programmatic APIs to provide deep insight into network traffic
Network Flow Management

Cloud Automated provisioning and programmable overlay, OpenStack

Scalable Multi-Tenancy

Service Providers Policy-based control and analytics to optimize and monetize service delivery
Agile Service Delivery

Enterprise Virtual workloads, VDI, Orchestration of security profiles

Private Cloud Automation

Diverse Network Programmability Requirements Across Segments: Automation, Monitoring & Flow Programmability
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

and what about Open Dayight

Basic Definitions
What Is Software Defined Network (SDN)?
In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications
Note: SDN is not mandatory for network programmability nor automation Source: www.opennetworking.org

What Is OpenFlow?
Open protocol that specifies interactions between decoupled control and data planes

Note: OF is not mandatory for SDN Note: North-bound Controller APIs are vendor-specific

What is OpenStack?
Opensource software for building public and private Clouds; includes Compute (Nova), Networking (Quantum) and Storage (Swift) services.
Note: Applicable to SDN and non-SDN networks Source: www.openstack.org
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

What is Overlay Network?

Overlay network is created on existing network infrastructure (physical and/or virtual) using a network protocol. Examples of overlay network protocol are: GRE, VPLS, OTV, LISP and VXLAN
Note: Applicable to SDN and non-SDN networks
6

Network Programmability Models

1

Programmable APIs
Applications

2a

Classic SDN
Applications

2b

Hybrid SDN
Applications

Network Virtualization/ Virtual Overlays

Applications

Vendor-specific APIs

Vendor-specific APIs

Vendor-specific APIs

Vendor-specific APIs

Virtual Control Plane Controller Controller Virtual Data Plane

Vendor Specific (e.g. onePK) CLI, SNMP, Netflow, OpenFlow Vendor Specific (e.g. onePK)

OpenFlow

Vendor Specific (e.g. onePK)

Overlay Protocols (e.g. VXLAN)

Control Plane

Control Plane
Control Plane

Control Plane

Data Plane

Data Plane

Data Plane

Data Plane

Data Plane

2012 Cisco and/or its affiliates. All rights reserved.

Openstack and Network Overlays Apply to All Models (Physical/Virtual) Custom Features Can Be Built
Cisco Confidential

Announcing : Cisco Open Network Environment

The Industrys Most Comprehensive Networking Portfolio Hardware + Software Physical + Virtual Network + Compute Applications

1.
Platform APIs
Network

3.
Virtual Overlays

2. a
Controllers And Agents SDN:
- Controller SW (OpenFlow, onePK) - OpenFlow 1.x support

One Platform Kit (onePK)

- Programmatic APIs for Network HW (IOS, IOS-XR, NX-OS)

Open Clouds with Nexus 1000V

Multi-hypervisor Multi-service Multi-cloud Openstack support
8

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

onePK & OpenFlow

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

OpenFlow is Built on onePK

NETCONF Agent CIM Agent

OpenFlow Agent

Puppet Agent

Prime agent

Custom Agent

onePK Mgmt Apps

Agents

ONE Agent Framework (proposed agents)

onePK Presentation APIs (C, Java, Python, ...) Comm libraries

onePK Client
Process boundary

Comm libraries onePK Abstraction APIs

Element Interface Developer Utilities Discovery Policy Routing Datapath Ext

onePK Server

Cisco Network Operating System (IOS, IOS-XE, IOS-XR, NX-OS) (Platform PI Code) Cisco Network Operating System (IOS, IOS-XE, IOS-XR, NX-OS) (Platform PD Code)

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

10

ONE Controller

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

11

Controllers & Agents: ONE Controller

Overview
Platform for generic

Built-in GUI for Management

control functions state consolidation across multiple entities

Current Showcase

Applications (Cisco)

Applications (Customer)

Applications (3rd party) Apps/Applications Northbound API (REST, WebSockets, OSGi)

Network Slicing

Network Troubleshooting

Custom Routing Controller built-in Applications

Examples
Flexible Network Partitioning and Provisioning (Slicing) Network Troubleshooting Custom Routing

Flow Management

Forwarding Logic

Device Management Controller Core Infrastructure

onePK API

OpenFlow 1.x Protocol

Southbound APIs (onePK, OneFlow,)

SW product (Java-based) FCS planning underway

(Beta target: 1Q CY13; FCS target: 3Q CY13)
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

onePK

onePK

OF

OF

12

Virtual Overlays

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

Cisco Virtual Networking Vision

Powered by Nexus 1000V

Multi-Hypervisor

Multi-Services

Multi-Cloud Key component of Cisco Open Networking Environment (Cisco ONE) Build / Partner / Buy strategy Partnership with Citrix announced Acquired 2 startups for tech & talent: Virtuata and vCider
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

Cisco Virtual Networking and Cloud Network Services

Cloud Network Services

Virtualized/Cloud Data Center

WAN Router Servers Switches

Imperva SecureSphere WAF Citrix NetScaler VPX

ASA 1000V Cloud Firewall vWAAS

Cisco Virtual Security Gateway

Tenant A
Cloud Services Router 1000V

Zone A Zone B

Physical Infrastructure

vPath

VXLAN

Nexus 1000V

Multi-Hypervisor (VMware, Microsoft*, RedHat*, Citrix*)

Nexus 1000V VSG ASA 1000V vWAAS CSR 1000V Ecosystem

(Cloud Router)
WAN L3 gateway
Routing and VPN

Services
Citrix NetScaler VPX

Distributed switch NX-OS consistency

VM-level controls Zone-based FW

Edge firewall, VPN Protocol Inspection

WAN optimization Application traffic

virtual ADC
Imperva Web App.

Full Availability: CQ113 6000+ Customers

2012 Cisco and/or its affiliates. All rights reserved.

Firewall 2013
15

Shipping
Cisco Confidential

Shipping

Shipping

Cisco-Citrix Alliance Webinar: - Oct 22, 2012 (Webinar, PPT) Imperva WAF update: June 5th, 2012 (Email Annoucement, Imperva FAQ)

Virtual Overlay Networks

Example: Virtual Overlay Networks and Services with Nexus 1000V
Scalable Multi-tenancy

Tens of thousands of virtual ports, L2 networks Hundreds of Servers Scalable segmentation: VXLAN
Common APIs

OpenStack Quantum API

REST API

Nexus 1000V
VXLAN Gateway
ASA 1KV VSG

Incl. OpenStack Quantum APIs for cloud automation/orchestration

Virtual Services

Physical (VLAN) Network

Any Hypervisor
vWAAS

ASA 55xx

vPath for traffic steering / service chaining Virtual Services VSG, ASA 1000V (cloud-ready security), vWAAS (application acceleration) CSR 1000V (cloud router)
Multi-hypervisor

Tenant 1

Tenant 2

Tenant 3

Virtual Workloads

Physical Workloads

ESX, Hyper-V, OpenSource Hypervisors (KVM/Xen)

Hybrid Use Cases (Physical and Virtual)

Tenant 1: virtual workloads protected by virtual firewall Tenant 2: virtual workloads protected by physical firewall (via VXLAN GW) Tenant 3: virtual & physical workloads in same L2 domain (via VXLAN GW
16

VXLAN to VLAN GW
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Ciscos Vision for Hybrid Cloud - InterCloud

N1KV Switching ASA Firewall IOS Routing Crypto Secure

Tenant B

Private Cloud Virtual Private Cloud

Secure Hybrid Cloud = Securely Connect Enterprise Private Cloud and Provider Public Cloud

Use Cases
Bursting Disaster recovery/avoidance Upgrade/migration Dev/QA

Workloads

Requirements
Network consistency Security consistency Policy consistency

Intern/Partner VDI Training Apps Initially low-value workloads

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

17

Thank You!