Beruflich Dokumente
Kultur Dokumente
BRKRST-2051
Frank Brockners
Backup: For your reference
Abstract
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
What is SDN for you?
A way to optimize link utilization in my network
enhanced, application driven routing An open solution for customized flow forwarding
A platform for developing new control in and between Data Centers
An open solution for VM control planes
mobility in the Data-Center Develop solutions at software speeds: I dont
A solution to automated network want to work with my network vendor or go
A way to reduce the configuration and control through lengthy standardization.
CAPEX of my network A means to get assured
and leverage commodity quality of experience for A solution to build a very large scale A means to do
switches my cloud service offerings layer-2 network traffic engineering
A solution to build virtual without MPLS
topologies with optimum
multicast forwarding behavior
A way to
A means to scale my fixed/mobile scale my
gateways and optimize firewalls and
their placement A way to optimize broadcast TV delivery
by optimizing cache placement and A way to build my own load
cache selection security/encryption solution balancers
A way to distribute policy/intent, e.g.
for DDoS prevention, in the network A way to configure my entire network A solution to get a global view of the
as a whole rather than individual network topology and state
devices
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
SDN The Origin
6
In the SDN architecture, the control and data planes are
decoupled, network intelligence and state are logically
centralized, and the underlying network infrastructure is
abstracted from the applications
https://www.opennetworking.org/images/stories/downloads/white-papers/wp-sdn-newnorm.pdf
Controller / Network OS
OpenFlow
Forwarding Model
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
SDN The Journey
9
Classes of Use-Cases
Cross-Domain Relationships & Automation Drive Network Architecture Evolution
Fast IT:
Consistent Network Policy,
Security, Threat Mitigation Automation of
Network Control
and Configuration
Custom Routing Network Virtualization,
(Fulfillment and Assurance
Online Traffic Engineering Service Chaining
Virtual & Physical)
Custom Traffic Processing Network Function
(Analytics, Encryption) Virtualization (NfV)
SDN origin
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Different Audiences For Different Drivers
Federating different Network Control Points
(DC-WAN-LAN, Virtual-Physical, Layer-1-3, IaaS+VPN)
Fast IT:
Consistent Network Policy, Automation of
Security, Threat Mitigation Network Control
Custom Routing Network Virtualization, and Configuration
Online Traffic Engineering Service Chaining (Fulfillment and Assurance
Virtual & Physical)
Custom Traffic Processing Network Function
(Analytics, Encryption) Virtualization (NfV)
Network OS / Service
Application Developer, System Administrator, Network Operator
Developer
Extend, modify, customize the Leverage the functionality of the network and
functionality of the network integrate into new / existing software systems (applications & operations)
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Relationship Evolution
Combining Organizations, Functions, Layers
Evolve what started with Dev+Ops = DevOps
Combined technologies Development Quality
Java, C, Python, REST, Chef, Puppet, OpenStack, Software Assurance
onePK, APIC, Controllers, NetConf/Yang, OpenFlow Engineering -
Combined use cases, deployment models and Application &
processes Network
Automated DC provisioning, dynamic traffic engineering,
integrated with routers and switches and continuous
integration .
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Architecture Evolution
Concepts and Realities
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Evolve the Control- and Management Plane Architecture
Application
Software
Infrastructure
Software
Embedded
Software
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Evolving The Network Software Stack
Applications Application
(End-User and System Applications) Software
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Enable Cross-Layer Relations:
Distributed Systems Control Theory
The set of agents and promises between them allow Agent A promises
for a creation of reasoning networks (graphs) based agent B to
on voluntary commitments fulfill C
Close association with bargaining games / game theory
See also: http://markburgess.org/BookOfPromises.pdf
Applicable beyond pure systems management
E.g. model BGP behavior (difficult with pure control theory), swarms*
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 *Promise theory - a model of autonomous objects for pervasive computing and swarms, ICNS 2006
Applying Promise Theory
Identify agents of intent (the key players) Obligation Promise
Agents promise things independently
Anything/Anyone can document intent Manager Manager
Get your model right
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Backup: For your reference
Obligations
Command and Control
The source of any obligation is external to the agent that is being obliged.
If the agent is unable (or unwilling) to cooperate (it might have never received
the message), the problem cannot be resolved without solving another
distributed cooperation problem to figure out what went wrong and so on.
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Imperative programming is a programming paradigm that describes computation in terms
of statements that change a program state. In much the same way that imperative mood in
natural languages expresses commands to take action, imperative programs define
sequences of commands for the computer to perform.
Derived from latin word imperare means to command
Source: http://en.wikipedia.org/wiki/Imperative_programming
21
Backup: For your reference
doubled.push(newNumber) })
Source: http://latentflip.com/imperative-vs-declarative/
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Imperative and Declarative
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Imperative and Declarative
Closed and Open Worlds
The declarative approach requires that Imperative (procedural) approach:
users specify the end state of the The imperative/procedural approach
infrastructure they want, and then the takes action to configure systems in a
software system makes it happen. series of actions.
Example: Puppet, CFEngine 3 Example: Chef, Ansible
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
We are taught that machines just do what we tell them after
all, we are smart and they are dumb. Unfortunately, its often
the other way around.
Virtualization
Towards Programmatic Interfaces to the Network
Approaching Todays Application Developer Dilemma
Slow
New
Service
Edge Appliance
Service
CLI(s)
CPE
Service Service
Core Mobile
BRKRST-2051
A New Programming Paradigm Is Needed
2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
The Need for Abstractions
Abstractions in Networking
Data-plane Abstractions ISO/OSI Layering
Examples
Local best effort delivery (e.g., Ethernet)
Global best effort delivery (e.g., IP)
Reliable byte-stream (e.g., TCP) Modularity based on
Data plane abstractions are key to Internets success abstraction is the way
Abstractions for the other planes (control, things get done
services, management, orchestration,..)
are missing Barbara Liskov
Turing Award Winner
Consequences include:
Notorious difficulty of e.g. network management solutions
Difficulty of evolving software for these planes
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Full-Duplex, Multi-Layer/Multi-Plane APIs
Workflow Management
Management Network Configuration & Device Models, ..
Harvest L2-Segments, L3-Segments, Service-Chains
Orchestration Network
Intelligence Multi-Domain (WAN, LAN, DC)
Topology, Positioning, Analytics
Network Services Multi-Layer Path Control, Demand Eng.
Routing, Policy, Discovery, VPN, Subscriber,
Control AAA/Logging, Switching, Addressing , ..
Program for L2/L3 Forwarding Control, Interfaces,
Optimized
Experience
Forwarding Tunnels, enhanced QoS, ..
Device configuration, Life-Cycle
Device/Transport Management, Monitoring, HA, ..
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Full-Duplex, Multi-Layer/Multi-Plane APIs
Industry Examples
Workflow Management
Management Network Models - Interfaces (OMI)
Network Configuration & Device Models, ..
Routing, Policy, Discovery, VPN, Subscriber, Interface to the Routing System (I2RS),
Control AAA/Logging, Switching, Addressing , .. OpFlex,
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 *a.k.a. Quantum
Backup: For your reference
BI Collaboration ERM
Business
Applications Analytics Infrastructure S/W Service Management
IT Software Infra Orchestration Management Policy & Compliance
abstract
Controller
Network Device Plug-Ins
Device detail
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Programmatic Network Access
Plug-ins/Agents as Flexible Integration Vehicles
Application Frameworks, Management Systems, Controllers, ...
onePK SDK
C/Java Python NETCONF REST OpenFlow ACI Fabric OpenStack Puppet Protocols
Management Puppet
Orchestration Neutron
Protocols
Network Services BGP, PCEP,...
Control OpFlex
Forwarding OpenFlow
Plug-In Infrastructure
Device API and Data Models
Operating Systems IOS / NX-OS / IOS-XR
Extend Operate, Configure, Integrate
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
onePK SDK for Rapid Application Development
DEVELOPER ENVIRONMENT
Language of choice Python Java C
Programmatic interfaces
Rich data delivery via APIs
DEPLOY
On a server blade
On an external server
Directly on the device
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
SDK Offers onePK APIs Grouped Into Service Sets
Base Service Set Description
Data Path Provides packet delivery service to application: Copy, Punt, Inject
Get element properties, CPU/memory statistics, network interfaces, element and interface
Element events
Utility Syslog events and queries, AAA, NTP, DHCP, DNS, VTY
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
SDK Offers onePK APIs Grouped Into Service Sets
Extension
Service Set Description
Diagnostics Probe services using IPSLA, Pong
MediaTrace Enables applications to direct a request at multiple systems along a path without needing to
address those systems individually. Provides statistics about each link and node along a
path.
Identity Enables applications to add, update, delete and query a network session based on a
combination of query attributes such as username, MAC address, and/or IP address among
others.
Location Stores information related to physical location, including network device, network interface,
and end user session. Physical location types include geo-location and street address.
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
What can you do with onePK SDK?
A few examples by Cisco and Partners
Routing for Dollars, Routing for Latency (Java)
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device Programmability
Approach Follows Developer Audience
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
onePK SDK Focus Tune And Extend The Engine
onePK
SDK NMS/CLI
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
API Infrastructure Approach
Extend Operate
bgp-cfg
Common Cisco Data Models
Feature Implementation
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
A data model is a wayfinding tool for both business and IT
professionals, which uses a set of symbols and text to
precisely explain a subset of real information to improve
communication within the organization and thereby lead to a
more flexible and stable application environment
"Data Modeling Made Simple 2nd Edition", Steve
Hoberman, Technics Publications, LLC 2009
Backup: For your reference
Map Generate
Platform Independent Model (PIM) Platform Specific Model (PSM) Code
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Data Models
module: network-topology
+--rw network-topology
Models are a representation, i.e. a good +--rw topology [topology-id]
+--rw topology-id topology-id
enough story or more formally a suitably +--rw topology-types
+--rw underlay-topology [topology-ref]
idealized approximation to something | +--rw topology-ref topology-ref
+--rw node [node-id]
Focus on the desired/required | +--rw node-id node-id
| +--rw supporting-node [node-ref]
capabilities/state for a specific purpose | | +--rw node-ref node-ref
| +--rw termination-point [tp-id]
Data models are to support the development |
|
+--rw tp-id
+--ro tp-ref*
tp-id
tp-ref
of information systems by providing the +--rw link [link-id]
+--rw link-id link-id
definition and format of data +--rw source
| +--rw source-node node-ref
If done consistently across systems, | +--rw source-tp? tp-ref
+--rw destination
compatibility can be achieved | +--rw dest-node node-ref
| +--rw dest-tp? tp-ref
Data models correspond to the solution +--rw supporting-link [link-ref]
+--rw link-ref link-ref
context they are built for
Different levels of abstractions
Example: Data-Model for network topology;
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
See also draft-clemm-netmod-yang-network-topo
What is YANG?
Yet Another Next Generation
Data modeling language YANG provides:
Can be used to model both configuration Human readable, and easy to learn
and operational data of network elements. representation
Can be used to define the format of event (Java/C-like syntax)
notifications emitted by network elements Hierarchical configuration data models
Originally designed to write data models Reusable types and groupings (structured
for NETCONF protocol; response to types) Extensibility through augmentation
SNMP/SMI shortcomings, mainly mechanisms.
Lack of support for simple things like backup-and- Supports definition of operations (RPCs)
restore of element configuration
No concept of transactions (single- or multi-box)
Formal constraints for configuration validation
Many inherent limitations in SMI (e.g. label length) Data modularity through modules and sub-
modules
RFC 6020 (October 2010) Well defined versioning rules
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
YANG Features Overview
Organization
Leaf, leaf-list, container, lists, grouping, choice
Constraints
Must, unique, min-elements, max-elements, mandatory
Data types
Many built-in types, sub-typing, restrictions
Reusable groupings
Grouping, uses
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Example YANG module:
BGP Neighbor configuration
container bgp-neighbors { leaf default-action {
description A container has notypevalue,
actions-enum; }
"The top level container for the list container
holds related children, hasaf-specific-config
one instance {
of neighbours of the BGP router."; [] }
list bgp-neighbor { container bgp-neighbor-state {
key "as-number"; A list has no value,description
holds related children,
leaf as-number { "Thehas
has multiple instances, operational
a key parameters describing
property
type uint32; } the neighbour state.;
choice peer-address-type { leaf adminStatus {
case ip-address { A choice allows one type
alternative of the choice} to exist. The
bgp-peer-admin-status;
leaf ip-address { leaf in-lastupdatetime {
type inet:ip-address; choice mechanism can typebe used to provide
yang:timestamp; } } extensibility hooks
mandatory true; } } container bgp-neighbor-statistics {
case prefix { that can be exploited using augments.
description
leaf prefix { "The operational parameters describing
type inet:ip-prefix; the neighbour statistics.;
mandatory true; } } staistical parameters.";
case host { leaf nr-in-updates {
leaf ip-host-address { type uint32; }
type inet:host; leaf nr-out-updates {
mandatory true; } } } type uint32; } } } }
leaf prefix-list {
type prefix-list-ref; } A leaf has one value, nodraft-zhdankin-netmod-bgp-cfg-00
Source: children, one instance
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Applications
(End-User and System Applications)
Infrastructure
Orchestration Management
Deployment Reality: Service
Functions
Functions Functions
Plugins
API
On An External Server
Plentiful memory/compute
App Higher latency and delay
Supported on by all platforms
On A Hardware Blade
Dedicated memory/compute
Low latency and delay
Blade
Requires modular hardware blade
App
On the Router
Shared memory/compute
App Very low latency and delay
Available on select platforms
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Be Nimble
The Plugin Model
Centralized
Application coordination
Centralized Management /
Time Scale (seconds) Orchestration Application
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Open Application Container Enabling Plugins
Virtualized environment to host
applications on a Cisco device. Customer ISV Cisco
Apps Apps Apps
Wide range of applications shell, virtual
services, plugins
Applications can be developed and release
independent from Network OS release cycles
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Integration With DevOps Tools
Puppet Master
REST
Puppet Agent
Plugin
Container Switch Compute Switch Compute
Node Node
onePK API
Puppet agent hosted as a onePK plugin
Network OS Chef plugin works in a similar way
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Guestshell Application
Linux Shell Environment On Your Switch
Maintain NX-OS system integrity
Isolated User Space
Fault Isolation
Linux
Resource Isolation applications
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
A Glimpse At Guestshell
Linux Container with Guestshell
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Applications
(End-User and System Applications)
Infrastructure
Orchestration Management
Protocol Reality Service
Functions
Functions Functions
OpenFlow Protocol
API
Base Assumption
Providing reasonable abstractions for control requires the control system topology to be decoupled
from the physical network topology (as in the top-down approach)
Starting point: Data-Plane abstraction: Separate control plane from the devices that implement data plane
* TLS, TCP OF 1.3.0 introduced auxiliary connections, which can use TCP, TLS, DTLS, or UDP.
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
OF Processing Pipeline
OF 1.0 model OF 1.1 and beyond model
(single lookup) (multiple lookups)
Packet DROP
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
OpenFlow Actions
Output
Set-Queue* (for QoS)
Drop
Group
Push-Tag/Pop-Tag*
Set-Field* (e.g. VLAN)
Change-TTL*
*Optional
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Backup: For your reference
OpenFlow Ports
Physical Ports, Logical Ports, Reserved Ports
Physical Ports == Ethernet Hardware Interfaces
Logical Ports == ports which are not directly associated with hardware interfaces (tunnels,
loopback interfaces, link-aggregation groups)
Can include packet encapsulation. Logical ports can have metadata called Tunnel-ID associated
with them
Reserved Ports
ALL (all ports of the switch)
CONTROLLER (represents the control channel with the OF-controller)
TABLE (start of the OF-pipeline)
IN_PORT (packet ingress port)
ANY (wildcard port)
LOCAL* (local networking or management stack of the switch)
NORMAL* (forward to the non-OF part of the switch)
FLOOD*
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
* Optional
OpenFlow Ports
Simplified View
CONTROLLER port
Physical Port
Logical Port (representing a VLAN)
Logical Port (representing a VLAN)
OF-Switch
part Logical Port
(representing link aggregation group)
TABLE
IN_PORT LOCAL Port
Classic Switch
NORMAL Port part
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Backup: For your reference
OpenFlow Ports
CONTROLLER port and NORMAL port
CONTROLLER NORMAL
Forward packets to Controller More of a concept than a real port: Hand
For reactive mode of operation packets to classic part of the switch
Considerations Forwarding operation in the classic part is
Latency for decision making TBD
Bandwidth between OF-switch and OF- Xconnect?
controller L2-Bridge (use Dest-MAC to forward
Speed at which rules can be packet to o/if)?
installed/removed L3-Route (requires L3-next hop info as meta-
data from OF, or rely on classic routing
protocol)?
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Backup: For your reference
Service Chaining
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Backup: For your reference
Hybrid Switch:
Ships in the Night vs. Integrated
Ships-in-the-Night Integrated
(aka vertical partitioning*) (aka horizontal partitioning)
Control Plane
Control
OpenFlow OpenFlow
Plane
Router Router
A subset of ports controlled by OF, another subset Use OF for feature definition
controlled by routers native CP physical resources augment the native control plane
are partitioned No longer partitioning of resources
Some level of integration: OF_NORMAL: Can operate at different abstraction levels (low-level
Implementer free to define what normal is like OF1.0 or higher level)
May or may not be what router normally does
OF 1.0 OF 1.1 OF 1.2 OF 1.3.0 OF 1.0.1 OF 1.3.1 OF 1.3.2 OF 1.4.0 OF 1.3.3 OF 1.3.4
Single Table Multiple Tables IPv6 802.1ah PBB Bug fixes Bug fixes Bug fixes Flexible ports Bug fixes Bug fixes
L2, IPv4 focused MPLS, VLAN Flexible TLV Multiple parallel Synch across
matching matching matching channels between flow tables
Groups: Multiple Switch and Controller Enhanced
{Any-,Multi-}cast Controllers Clustering
ECMP Flow-Monitoring
Evolution of the specification: Mature and Evolve
Working code before new standards
ONF should not anoint a single reference implementation but instead encourage open-source
implementations; ONF board encourages multiple reference implementations
OpenFlow 1.3.X: long term support
OpenFlow 1.4: extensibility, incremental improvements
OpenFlow 1.0.X : no work planned
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Backup: For your reference
Applications
(End-User and System Applications)
Infrastructure
Orchestration Management
Programmatic APIs Service
Functions
Functions Functions
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Backup: For your reference
I2RS Framework
I2RS Client
I2RS Agent
Application
See also:
draft-ward-irs-framework, draft-atlas-irs-problem-statement,
draft-amante-irs-topology-use-cases, draft-keyupate-bgp-services,
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Backup: For your reference
Infrastructure
Orchestration Management
Protocol Reality Service
Functions
Functions Functions
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Applications
(End-User and System Applications)
Infrastructure
Orchestration Management
Protocol Reality Service
Functions
Functions Functions
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
OpFlex Architecture Key Components
Endpoint Registry
Store operational state of Endpoints Endpoint
Policy
Observer Registry
Observer Repository
(EPR)
Monitoring subsystem, system performance
Policy Repository
Source of all policies within a domain OpFlex Protocol
Policy Element
Logical functional abstractions of member Policy Policy Policy
elements (physical or virtual devices) Element Element Element
Renders policy to configuration of the
underlying subsystem
Continuous health and performance monitoring EndPoint EndPoint EndPoint
Administrative Domain
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
How OpFlex Works
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
OpFlex Control Protocol
RPC Methods
Identity: Identify the participant; Must be sent as the first protocol method "method": "resolve_policy"
"params": [
Policy Resolution: Retrieve policy associated with a given policy name
"subject": <string>
Policy Update: Communicate changed policy to elements that have "context": <string>
requested a particular policy before. prr parameter describes policy "policy_name": <string>
refresh rate. "on_behalf_of": <URI>
"data": <string> ]
Echo: Keep-alive "id": <nonnull-json-value>
Policy Resolution Request
Policy Trigger: Sent from PE to PE: Trigger policy resolution in target PE
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
OpFlex In The Context Of Open Source Community
Plugin
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Distributing Control
Tradeoffs
Control loop requirements differ per Logically centralized
(using Controller-Agent pairs)
function/service and deployment domain
As loose as possible, as tight as needed
Latency, Scalability, Robustness, Consistency,
Availability Deal with uncertainty Services-Plane
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Subsidiarity is an organizing principle that matters ought to be
handled by the smallest, lowest or least centralized competent
authority.
http://en.wikipedia.org/wiki/Subsidiarity
87
Backup: For your reference
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Evolving the Control Plane Environment
Deployment Considerations Applying Subsidiarity to Networking
fully distributed logically centralized
(on-box) (servers)
Algorithms which require coordination between instances, benefit from a global view
Dynamic environments with fast changes (differing views of state between observers)
Large scale design with scale across multiple dimensions (number, time, location..)
* Past experience (e.g. PSTN AIN, Softswitches/IMS, SBC): CP/DP split requires complex protocols between CP and DP.
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
System Relationship Graph And Hierarchies
Hierarchy is just a specific spanning tree for a specific task/problem
Applications,
Applications Control Programs
Physical Controller
Device API
Controller
API
Virtual
Controller API
Device
Physical Virtual and Physical Devices
Device
Infrastructure
Orchestration Management
Service
Functions Functions
Controllers Functions
API
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Backup: For your reference
API
Elementary Infrastructure Functions Controller Layer
Device/Forwarding Device Mgmt/ Data/Event Network
Security
Programming Discovery Collection Database
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Multi-Domain Resource & Service Orchestration
Data Center and/or Cloud WAN Campus
PE
Service PE
PE
Overlay
Network
(L2 or L3) PE
Un-Constrained
Un-Constrained
Constrained Bandwidth Bandwidth
Bandwidth
Un-Constrained Topology Partially Un-Constrained
Regular Topology
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Topology
Multi-Domain Resource & Service Orchestration
Data Center and/or Cloud WAN Campus
PE
Service
Overlay PE
Network PE
(L2 or L3)
Infrastructure
Orchestration Management
Controller Base-Layer Service
Functions
Functions
API
Functions
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
OpenDaylight by the Numbers
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Backup: For your reference
YANG Tools Java-based NETCONF and YANG tooling for OpenDaylight projects Cisco
OpenFlow Protocol Library OF 1.3 protocol library implementation Pantheon
(IBM, Cisco, Ericsson)
OpenFlow Plugin Integration of OpenFlow protocol library in controller SAL Ericsson, IBM, Cisco
Affinity Metadata Service APIs to express workload relationships and service levels Plexxi
Open DOVE Multi-tenant network virtualization based on overlays, including ctrl plane and IBM 102
OVS-based data plane
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Model Driven Controller Architecture
Controller naturally exposes all APIs: Devices and Network APIs
Northbound API = SUM (Device APIs) + Controller-Services APIs
Controller
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
OpenDaylight Architecture
Model Driven SAL
Applications
Tunnels
System Flows
Nodes Links
Stats Config
Table
Table
Stats
Config
Table
Table
Table
Paths
Flow Flow Flow Flow Flow Flow
Java SAL APIs (Generated)
SB Protocol OF-Config/OVSDB OF x.y PCEP BGP-LS
Network Elements
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Policy Approach
Group policy for generic end points
Application-focused policy expressions:
Policies mirror application semantics. Capture policy
requirements without detailed knowledge of
networking.
Improved automation: Grouping constructs allow
higher level automation tools to easily manipulate
groups of network endpoints simultaneously.
Consistent policy by grouping end points and applying
policy to groups
Extensible because of implementation independence,
hence applicable to policy for connectivity, security,
L4-7, QoS, etc.
OpenDaylight Project
RESTCONF
Model Model Model Model Model
Forwarding
Endpoint Contract Affinity Inventory Rules
Registry Composer Service Manager
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Backup: For your reference
Policy Primitives
Groups: Groups include sets of network
endpoints (potentially but not limited to
virtual machines) with the same policies
and requirements.
Policies: Policies consist of sets of rules
that govern how groups interact.
Policy rules: Rules capture specific
requirements about how groups interact.
For example, a policy rule may allow HTTP
traffic to a group of web servers for
example. While rules capture a specific
requirement, they must remain abstract
and not tied to a specific hardware or
software implementation.
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Group-Based Policy in OpenStack Neutron
Objective: Extend OpenStack Neutrons networking model with new policy APIs (evolve from Layer 2
and Layer 3 behavior to a flexible and intuitive mechanism for describing networking requirements using
a language of groups and contracts
Openstack Sister-project to group based policy in OpenDaylight: Active participants include Big Switch
Networks, Cisco IBM, Juniper, Midokura, Nuage, One Convergence, Red Hat.
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Backup: For your reference
Applications
Infrastructure
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
OpenDaylight Controller - Enhanced
Commercial version of OpenDaylight Controller
Focused Apps Applications and Frameworks
Monitor Manager Resource Orchestration & Management
API API API
Transit Selection Infrastructure Services Orchestration Management
(Custom Routing)
Flexible Network Partitioning Transit Monitoring Slicing Trouble-
Shooting
and Provisioning (Slicing) Selection Manager Manager Manager
APIs
Controller Base:
https://developer.cisco.com/ OpenDaylight Controller +
Enhancements
site/networking/one/xnc/get-
started/index.gsp
onePK OpenFlow PCEP
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Backup: For your reference
NEW CUSTOM
TOOLS
Optical
Taps
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Applications
(End-User and System Applications)
Infrastructure
Orchestration Management
Domain Specific Modules Service
Functions
Functions
API
Functions
Application Policy
Infrastructure
Controller
ACI Fabric
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Policy Infrastructure Controller (APIC)
Group-based Policy:Logically centralized
definition of application-centric network policies
(physical, virtual, cloud)
Fabric image management and inventory
Troubleshooting - Detailed visibility, telemetry,
and health scores by application and by tenant
Control of multi-tenant security, quality of
service (QoS), and high availability
Integration with management systems such as
VMware, Microsoft, and OpenStack
Extend the principle of Cisco UCS Manager
service profiles to the entire fabric
Control application only: No interaction with the
data-path on the switches. Fabric can still
forward traffic even when communication with
the Cisco APIC is lost.
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Backup: For your reference
Extend the principle of Cisco UCS Manager The network profile fully describes the application connectivity
service profiles to the entire fabric requirements
## Network Profile: Defines Application Level Metadata (Pseudo Code Example)
Network profile: stateless definition of
<Network-Profile = Production_Web>
application requirements <App-Tier = Web>
<Connected-To = Application_Client>
Application tiers, Connectivity policies, Layer 4 7 services <Connection-Policy = Secure_Firewall_External>
<Connected-To = Application_Tier>
XML/JSON schema
<Connection-Policy = Secure_Firewall_Internal & High_Priority>
...
Fully abstracted from the infrastructure <App-Tier = DataBase>
<Connected-To = Storage>
implementation <Connection-Policy = NFS_TCP & High_BW_Low_Latency>
...
Removes dependencies of the infrastructure
Portable across different data center fabrics
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Backup: For your reference
192.168.1.0/24 192.168.1.1
TCP/23(Telnet) Deny
EPG EPG
TCP/22 (SSH) Allow
Web DB
Redirect to
TCP/1400
Web Database
Any Deny
Service Chain
Web DB
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Applications
(End-User and System Applications)
Infrastructure
Orchestration Management
Domain Specific Modules Service
Functions
Functions
API
Functions
Infrastructure
Orchestration Management
Domain Specific Modules Service
Functions
Functions
API
Functions
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Backup: For your reference
WAN Control
Deployments typically combine Device-APIs, device delivered Network-APIs, and
controller delivered Network APIs for a particular solution
Example: Data-Center Interconnect L3 IP/MPLS Stateful PCE
across two providers with granular PCEP, OF, IRS, CLI
Demand Admission API
traffic forwarding control Device Control
Path/Demand
Placement Engine
Collector VNTM
Tunnel 1
BGP-LS, SNMP, OF, CLI, I2RS
Topology
Tunnel 2
Tunnel 1
GMPLS UNI
Optical Stateful PCE
Demand Admission API
TL1, I2RS, OF
Provider 1 Path/Demand
Datacenter 1 Datacenter 2 Device Control Placement Engine
Provider 2
Tunnel 2 VNTM
Collector
TL1, BGP-LS
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
WAN Automation Engine (a.k.a. WAN-Controller)
Apps
Application platform for MATE Bandwidth Tunnel DC-WAN
3rd Party
placing traffic demands and paths Design/Live Services Manager Orchestration
across an NGN WAN
Java/REST/Thrift NB API Java/REST/Thrift APIs
algorithms, etc.
Collector API Deployer API
Multi-vendor enabled & extensible
Collector Topo/Tunn API Deployer
BGP PCEP Netconf OF
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enable Cross-Layer Relations:
Abstractions & Models / APIs
Virtualization
Re-assessing the Network Control Architecture
Evolving Design Constraints on the Control Plane
Address Port
Scale to 1,000,000+ hosts Address_a Port_q
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Backup: For your reference
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Examples of Domain Specific Optimizations:
Efficient Equal Cost Multipath
d2
d1
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
Enable Cross-Layer Relations:
Abstractions & Models / APIs
Virtualization
Physical, Virtual, Cloud Evolution
PURPOSE COMMON VIRTUAL ELASTIC
BUILT HARDWARE MACHINES - NfV CLOUD
HYPERVISOR
Platform
Hardware Software
Deployment HA
Redundancy Resiliency
Manual Automatic
Network Analysis -
Video Cache Web Security - WSA IOS/XR RR
NAM
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
Service Provider Multi-Service Cloud
Network SLA, Cloud SLA, Service-Chaining - Combined
Multi-Service Cloud
SP OSS- Application Policy
Datacenter
Virtual Private Cloud
WAN Orchestration DC Orchestration
NfV Services
FW NAM IPS
NAT
Bob Alice
SP WAN
(L3VPN,
L2VPN,
DCI
IPv4/v6,
Internet)
Server-3
Server-3
Server-3
VM Alice VM Bob VM Alice VM Bob VM VM Bob VM VM Bob
NAT NAT FW FW Alice WEB Alice DB
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Control Plane - Details
1 Application Service Policy / Specification
2
System Orchestration VM Orchestrator
SP WAN
(L3VPN, Service Address Management;
DCI Routing;
L2VPN, 7 5 Route 4 DHCP
DCI BGP
IPv4/v6, Provisioning
Internet)
3 Service VM management
Service
6 Configuration
Server-3
Server-3
Server-3
VM Alice VM Bob VM Alice VM Bob VM VM Bob VM VM Bob
NAT NAT FW FW Alice WEB Alice DB
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Service Provider Multi-Service Cloud
Build, Deliver, And Deploy Network, Storage, Compute
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
Cisco Modeling Labs
(a.k.a. Virtual Internet Routing Lab VIRL)
Cisco Modeling Labs is a multi-purpose
network virtualization platform
Brings virtual machines running Cisco
Network Operating Systems to the
customer
The same operating systems as used on
physical Cisco products: IOS, IOS-XR, NX-
OS
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Developer Portal and Sandbox
DevNet and dCloud
developer.cisco.com dcloud.cisco.com
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
/dev/innovate: One Kit to Accelerate Innovation
Comprehensive product kit of hardware, software, use-cases and documentation,
coupled with technical support, community and business development resources
For Customers, Partners & Users;
Universities, Labs & More
Accelerates Innovation & New Solution
& Market Development at Low-Cost
(Low Risk)
New Cisco Solutions in Your Hands
Faster with support for Architecture,
Technology, Software & Business
Development
Innovation & Co-Creation with top Cisco
resources.
Faster Time-to-Market & Revenue
www.dev-innovate.com
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
Backup: For your reference
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
Backup: For your reference
Example: Segment Routing
Evolving Forwarding Technology
Nodal Segment (NS) to C:
Application Enabled Forwarding Globally significant top
label defines destination NS to C
Scalable per-flow resource reservation
Efficient use of resources A B C D
C
F
B
E
A
BRKRST-2051
D
2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Backup: For your reference
C
F
B
E
A
BRKRST-2051
D
2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Backup: For your reference
1 C 2
2
2
1
F
1 B
2
3
2
1
E
1
A3 2
1
BRKRST-2051
D
2014 Cisco and/or its affiliates. All rights reserved. Cisco Public See also: http://www.segment-routing.net/home/ietf
Applications
(End-User and System Applications)
Infrastructure
Orchestration Management
Summary Service
Functions
Functions
API
Functions
OpenStack:
Neutron (a.k.a. Quantum)
Open Source Cloud
Computing project
Overlay Working Groups:
NVO3, L2VPN, TRILL, L3VPN, LISP, PWE3
API Working Groups/BOFs
NETCONF, ALTO, CDNI, XMPP, SDNP, I2AEX
Controller Working Groups:
PCE, FORCES
New working group:
ETSI SGI on I2RS Interface to the Routing System
Network Function
Virtualization
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
The Customer Journey
Always On Demand
Seamless On Services Anywhere
Application
Experience Interaction
NAS
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
A Few References
Cisco Application Centric Infrastructure www.cisco.com/go/aci
onePK - http://www.onepkdeveloper.com
EEM - https://supportforums.cisco.com/community/netpro/network-infrastructure/eem
ONE Forums - https://developer.cisco.com/site/devnet/forums/index.gsp#L2CiscoONE
XNC -
http://software.cisco.com/download/release.html?mdfid=285963706&softwareid=285978967&release=1.0.0&relind=AVAILABLE&re
llifecycle=&reltype=latest
APIC-EM - https://developer.cisco.com/site/networking/one/apic/enterprise-module/
APIC-DC
APIs - https://developer.cisco.com/site/networking/routers-switches/nexus9000/documents/
GitHub - https://github.com/datacenter/nexus9000
OpenDayLight
www.opendaylight.org
DevNet
developer.cisco.com
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Related Sessions
May 19, 8:00-9:30 - BRKOPT-2102 - Software Innovations and Control Plane Evolution in the new SDN Transport Architectures
May 19, 10:00-12:00 - BRKRST-2117 - The Hitchhiker's Guide to onePK
May 19, 10:00-12:00 - BRKCRS-3011 - APIC-EM - SDN in the Enterprise
May 19, 13:00-15:00 - BRKSDN-1014 - Introduction to Software-Defined Networking (SDN) and Network Programmability
May 19, 13:00-15::00 - BRKNMS-3021 - Advanced Cisco IOS Device Instrumentation
May 20, 8:00-9:30 - BRKSDN-2777 - Open Network Environment (ONE) Software Development Lifecycle (SDLC)
May 20, 12:30-14:30 BRKPCS-2048 - Software-Defined Networking: People, Process, and Evolution
May 20, 12:30-14:30 - BRKRST-2051 - SDN From Concepts To Reality
May 21, 8:00-17:00 - LTRNMS-3601 Advanced Network Programming and Automation
May 22, 8:00-10:00 - BRKSPG-2722 - SDN deployment in ASR9000
May 22, 12:30-14:00 - BRKCRS-3090 - Implementing Network Programming and Automation
May 22, 14:30-16::00 - BRKCDN-2303 - DevOps in Programmable Network Environment
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Participate in the My Favorite Speaker Contest
Promote Your Favorite Speaker and You Could be a Winner
Promote your favorite speaker through Twitter and you could win $200 of Cisco
Press products (@CiscoPress)
Send a tweet and include
Your favorite speakers Twitter handle @brockners
Two hashtags: #CLUS #MyFavoriteSpeaker
You can submit an entry for more than one of your favorite speakers
Dont forget to follow @CiscoLive and @CiscoPress
View the official rules at http://bit.ly/CLUSwin
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 152
Complete Your Online Session Evaluation
Give us your feedback and you
could win fabulous prizes. Winners
announced daily.
Complete your session evaluation
through the Cisco Live mobile app
or visit one of the interactive kiosks
located throughout the convention
center.
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 153
Continue Your Education
Demos in the Cisco Campus
Walk-in Self-Paced Labs
Table Topics
Meet the Engineer 1:1 meetings
BRKRST-2051 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 154