+ All Categories
Home > Technology > Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow

Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow

Date post: 18-Jul-2015
Category:
Upload: cohesive-networks
View: 141 times
Download: 1 times
Share this document with a friend
Popular Tags:
29
Copyright CohesiveFT - 1/20/15 OpenFlow is SDN, SDN is not only OpenFlow CloudExpo East - SDN & Networking Innovations Track June 10 2013 Patrick Kerpan, CEO CohesiveFT 1 Tweet it live: @cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Transcript

Copyright CohesiveFT - 1/20/15

OpenFlow is SDN, SDN is not only OpenFlow CloudExpo East - SDN & Networking Innovations TrackJune 10 2013

Patrick Kerpan, CEO CohesiveFT

1

Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

Agenda

•Company Background•SDN in the News•The Application Layer of Cloud•OpenFlow and Definitions• “Big Tent” Thinking•CohesiveFT’s Answer to SDN Needs • SDN and the Future of Networking•Contact Information

2

Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

What We DoWho We Are

Company Background

• Cohesive Flexible Technologies Corp. (CohesiveFT)

• Founded in 2006 by IT and capital markets professionals with experience in operations, enterprise software and client-facing services

• First SDN product launched in 2007, followup products in 2008 and 2011

• Cloud, vendor, and standards neutral for greater customization and control

• Enable enterprises to run business operations via the cloud

• Customers have 50M virtual device hours in public, private, & hybrid clouds secured by VNS3

• Only company to promote comprehensive cloud container solution for migration, deployment and control

• First Application SDN product in IBM’s SCE and SCE+

3

Copyright CohesiveFT - 1/20/15

Experience: Customers & Verticals

4

ISV SaaS Integrators Self Service Enterprise

Copyright CohesiveFT - 1/20/15

• 36M virtual device hours in public, private, & hybrid clouds secured by VNS3

• Over 8,000 users built, imported, transformed and delivered 33K+ virtual server templates with Server3

• Numerous enterprises migrated complex applications to the cloud with Context3

• 18+ Industry and Cloud partners

Customers Include:• Global Mutual Fund Company• Global ERP provider• Global BPMS provider• Global Cloud-based Threat

Detection• Global Fashion Brand• Global Toy Manufacturer• US National Sports Association• and many more global, transnational

and local customers

AchievementsOur Clients

EMAIL VERSION

5

Copyright CohesiveFT - 1/20/15

Use

r C

ontr

olPr

ovid

er C

ontr

ol

Compute Storage Network

Virtualization Layer

Web Server Runtime

IaaS

PaaS

Layer 0

Layer 4

Layer 3

Layer 2

Layer 1

Layer 5

Layer 7

Layer 6

Limits of access, control, & visibility

Developer Tools

The Application Layer Of Cloud

6

Application Layer

Hardware Ownership

Layer

Copyright CohesiveFT - 1/20/15

Separte Provider and App Layer Concerns

7

Hardware@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Phys

ical

Lay

er

SDN Market can be divided into 2 segments1. Application Controlled• CohesiveFT VNS3• Cisco Cloud Service Router• Citrix CloudBridge

2. Provider Controlled• Nicira/VMware• Open vSwitch• Cisco Nexus 1000v

• IBM• Cisco• Juniper

Vir

tual

Lay

erA

pplic

atio

n La

yerCloud Instance

OS

App Stack

Prov

ider

Con

trol

led

Hypervisor

Hardware

ComputeStorage

Network

Multiplexed access to:

App

Con

trol

led

} OpenFlow

Layer 0

Layer 4

Layer 3

Layer 2

Layer 1

Layer 5

Layer 7

Layer 6

Perimeter of access, control, & visibility

Copyright CohesiveFT - 1/20/15 8

Hardware

Separte Provider and App Layer Concerns

Phys

ical

Lay

er

SDN Market can be divided into 2 segments1. Application Controlled• CohesiveFT VNS3• Cisco Cloud Service Router• Citrix CloudBridge

2. Provider Controlled• Nicira/VMware• Open vSwitch• Cisco Nexus 1000v

• IBM• Cisco• Juniper

Vir

tual

Lay

erA

pplic

atio

n La

yerCloud Instance

OS

App Stack

Prov

ider

Con

trol

led

Hypervisor

Hardware

ComputeStorage

Network

Multiplexed access to:

App

Con

trol

led

} OpenFlow

Layer 0

Layer 4

Layer 3

Layer 2

Layer 1

Layer 5

Layer 7

Layer 6

CURRENT VISION - OpenFlow Stops Here

@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

OpenFlow - Early SDN definition

The authors of the original ONF paper outlined 5 dimensions that need to be considered for a virtualized network:

It is only the last of these, forwarding tables, that begins to imply a solution to thesechallenges.

9

Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

...

Bandwidth

Topology Device CPU

TrafficForwarding

Tables

Copyright CohesiveFT - 1/20/15

Stepping though Nicira’s Definition of SDN

10

Nicira founders defined the 7 Properties of network virtualization as:

1. Independence from network hardware

2. Faithful reproduction of the physical network service model

3. Follow operational model of compute virtualization

4. Compatible with any hypervisor platform

5. Secure isolation between virtual networks, the physical network, and the control plane

6. Cloud performance and scale

7. Programmatic networking provisioning and control

@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

Independence from network hardware

11

1. Independence from network hardware

Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

Reproduction of physical network model

12

2. Faithful reproduction of the physical network service model

Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

Follow op. model of compute virtualization

13

3. Follow operational model of compute virtualization

@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

4. Compatible with any hypervisor platform

14

4. Compatible with any hypervisor platform

@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

Secure isolation

15

5. Secure isolation between virtual networks, the physical network, and the control plane

@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

ONF

Copyright CohesiveFT - 1/20/15

Cloud performance and scale

16

6. Cloud performance and scale

@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

Programmatic networking provisioning & control

17

7. Programmatic networking provisioning and control

@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

“Big Tent” Thinking within SDN Conversation

18

Two distinct Cloud Constituencies Remain:

• Cloud Service Providers

• Cloud Applications

The SDN conversation must address concerns of both Providers and Applications to answer the future concerns of:• Who “owns” and “controls” each aspect of the application?• How can you move L2 / L3 networking among data centers

driven by the customer, without provider interaction?• How do you use OpenFlow in existing implementations?• How do you improve tunneling approaches?• How do you do encryption throughout?

Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

Overlay networks solve common pain points:

19

Attest to data in motion encryption

Capacity expansion into public cloud

Cloud WAN / connect to customer & partner networks

Federate common, shared infrastructure

Control in 3rd party infrastructure

Disaster recovery / readiness

@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC

Copyright CohesiveFT - 1/20/15

CohesiveFT founders believed Virtual Networking and the ONF definition can benefit from additional application-centric focus on:• Self-service • Mass Customization for enterprise• Journeyman Experience for end users

The difference is service providers start at the bottom with the "device" and network flows. We begin at the top with the enterprise application, its owner and their collective technical and organizational demands.

CohesiveFT’s Answer to SDN Needs: VNS3

20

Provider Owned/Provider ControlledProvider Owned/User ControlledVNS3 - User Owned/User ControlledUser Owned/User Controlled

Copyright CohesiveFT - 1/20/15

Insights revealed the need for integration, governance and security in the app layer.

Enterprises need to control addressing, protocol, topology and security across federated clouds.

Cloud Providers must meet the enterprise app needs to extend networks to the cloud.• Federate across cloud targets• Reuse existing IT resources and skills• Compatibility with any vendor, OS, cloud

CohesiveFT’s Answer to SDN Needs: VNS3

21

As we put our own systems into the cloud, we were uncomfortable with the implied trust, and explicit loss of control of our network.

Copyright CohesiveFT - 1/20/15

Application Use Case: Look like a Telco

• Customer: African mobile application technology company

• Challenge: Mobile users need to connect to SMS with users on other networks in a market with a patchwork of carriers

• What do you need to do this (in Lagos, Nigeria)• Telcos require me to have a “data center” of public IP addresses used in my private LAN• Also, of course require me to have real public IP endpoint addresses• Any form of connectivity like IPsec, BGP Peering, GRE, etc..• Of course redundant servers on reliable raised floor

• Cloud handles the raised floor, but how do you do the network piece without virtualized network looking like the network the telco wants.

• This would have cost hundreds of thousands of dollars pre-cloud, tens of hundreds worst case with the cloud combined with network virtualization.

22

Copyright CohesiveFT - 1/20/15

• Service provider with innovative mobile management solution.

• Like other “born in the cloud” companies - the software gains tremendous leverage out of the cloud for the compute and storage elements. How to get the same leverage from networking?

• Each customer requires an almost identical, secure, encrypted network that not only keeps others out, but keeps the information in.

• Just use VLANS?• VLANS don’t span datacenters in the cloud• VLANS don’t span vendors; doesn’t allow use of clouds as “points of presence”• VLANS aren’t encrypted throughout the cloud• VLANS usually don’t allow UDP multicast• VLANS don’t separate network location from identity

• Customer is running 125+ dynamic network bubbles (and adding more weekly) that can be moved from cloud to cloud as necessary.

Application Use Case: Network Reproducibility

23

COHE S I V EFLEXIBLE TECHNOLOGIES

Confidential - CohesiveFT 2012

Application Use Case: Network Zones

24

Phys

ical

Lay

erV

irtu

al

Laye

r

Perimeter of access, control, & visibility

Prov

ider

Con

trol

led

Series of Hypervisors

Compute Storage Network

Multiplexed access to:

Customer 1 - Topology 2

Cloud instance 1

App Stack

OS

Cloud instance 2

App Stack

OS

Cloud instance 3

App Stack

OS

Customer 1 - Topology 1

Cloud instance 1

App Stack

OS

Cloud instance 2

App Stack

OS

Cloud instance 3

App Stack

OS

Customer 2 - Topology 1

Cloud instance 1

App Stack

OS

Cloud instance 2

App Stack

OS

Cloud instance 3

App Stack

OS

COHE S I V EFLEXIBLE TECHNOLOGIES

Confidential - CohesiveFT 2012

Application Use Case: Network Zones

25

5

Phys

ical

Lay

erV

irtu

al

Laye

r

Series of Hypervisors

Compute Storage Network

Multiplexed access to: Customer 1 - Topology 1

Cloud instance 1

App Stack

OS

Cloud instance 2

App Stack

OS

Cloud instance 3

App Stack

OS

Customer 2 - Topology 1

Cloud instance 1

App Stack

OS

Cloud instance 2

App Stack

OS

Cloud instance 3

App Stack

OS

Customer 1 - Topology 2

Cloud instance 1

App Stack

OS

Cloud instance 2

App Stack

OS

Cloud instance 3

App Stack

OS

Green Zone

5Ph

ysic

al L

ayer

Vir

tual

La

yer

Series of Hypervisors

Compute Storage Network

Multiplexed access to:

Yellow Zone

5

Phys

ical

Lay

erV

irtu

al

Laye

r

Series of Hypervisors

Compute Storage Network

Multiplexed access to:

Red Zone

COHE S I V EFLEXIBLE TECHNOLOGIES

Confidential - CohesiveFT 2012

Application Use Case: Virtual Network Zones

26

5

Phys

ical

Lay

erV

irtu

al

Laye

r

Series of Hypervisors

Compute Storage Network

Multiplexed access to:

Customer 1 - Topology 1

Cloud instance 1

App Stack

OS

Cloud instance 2

App Stack

OS

Cloud instance 3

App Stack

OS

Customer 2 - Topology 1

Cloud instance 1

App Stack

OS

Cloud instance 2

App Stack

OS

Cloud instance 3

App Stack

OS

Customer 1 - Topology 2

Cloud instance 1

App Stack

OS

Cloud instance 2

App Stack

OS

Cloud instance 3

App Stack

OS

One “flat” infrastructure with network connectivity throughout. Virtual networks are created with “green”, “yellow” and “red” properties

• Green Properties• Connections allowed from netmask representing internal ingress/egress• Connections from virtual network clients• Connections allowed from cryptographically recognized virtual network managers• Security lattice incorporating host firewall and hypervisor firewall• No IPsec connectivity

• Yellow Properties• Connections allowed from netmask representing internal ingress/egress• Connections from virtual network clients• Connections allowed from cryptographically recognized virtual network managers• Security lattice incorporating host firewall and hypervisor firewall• IPsec connectivity allowed to virtual net

• Red Properties• No Connections allowed from netmask representing internal ingress/egress• Connections from virtual network clients• Connections allowed from cryptographically recognized virtual network managers• Security lattice incorporating host firewall and hypervisor firewall• IPsec connectivity allowed to virtual net (MAYBE)

Copyright CohesiveFT - 1/20/15

OpenFlow TodayApplication Virtual Network

Application Use Case: Creating the Virtual Net

• Must and does span datacenters

• Must and does span vendors

• Virtual network controllers get explicitly defined local and public IP addresses via automation

• Virtual network controllers connect and peer via cryptographic identity and checksums

• Application (and its executive owners) are in control of addressing, protocol, topology, security

• Application owner can make attestation of control

• Talking about NOW not what is possible in the future.

• Mostly within a datacenter

• Does not cross the Internet or Vendors

• Proposed “How does controller get its address?” - make DHCP call

• Proposed “How do controllers find each other?” - do Bonjour broadcasts

• Vendor is in control of addressing, protocol, topology, security.

• Vendor can make attestation of control

27

Copyright CohesiveFT - 1/20/15

Demo Use Case: Come take a look

28

AWS VPC US-West-2VPC Subnet: 10.0.0.0/23

Client #2Public IP: 50.112.160.110

VPC IP: 10.0.1.36

Client #1Public IP: 50.112.160.109Overlay IP: 172.31.1.1

VNS3 Manager #1Public IP: 50.112.160.108Overlay IP: 172.31.1.250

IPsec DeviceMake: CiscoModel: ASA

Public IP: 63.250.226.147

CohesiveFT Network LabChicago, IL

Remote Subnet: 192.168.3.0/24

Remote ServerLAN IP: 192.168.3.3

IPsec Tunnel192.168.3.0/24 - 172.31.1.0/24192.168.3.0/24 - 10.0.1.0/24

VNS3 OverlayNetwork

Subnet: 172.31.1.0/24

Client #3Public IP: 54.251.136.83Overlay IP: 172.31.1.2

Client ExtraPublic IP: 54.251.136.84

VPC IP: 10.0.3.238

AWS VPC SingaporeVPC Subnet: 10.0.2.0/23

IBM SCEBoulder, CO

TerremarkvCloud Express

Client #4Public IP: 170.225.97.160Overlay IP: 172.31.1.3

Client #5Public IP: 204.51.114.245Overlay IP: 172.31.1.4

VNS3 Manager #2Public IP: 54.251.136.82Overlay IP: 172.31.1.249

VNS3 Manager #3Public IP: 170.225.96.174Overlay IP: 172.31.1.248

VNS3 Manager #3Public IP: 204.51.124.79Overlay IP: 172.31.1.248

Peered Peered Peered

Copyright CohesiveFT - 1/20/15

Thank YouPatrick Kerpan, CEO

CohesiveFT Americas200 S. Wacker Dr. Suite 1500Chicago, IL 60606

Chris Purrington, Global Sales Director

CohesiveFT Europe134 EastbourneTerrace Paddington London W2 1BA

29

Public Relations

Heidi Groshelle

groshelle communicationsTel: +1 [email protected]


Recommended