Date post: | 18-Jul-2015 |
Category: |
Technology |
Upload: | cohesive-networks |
View: | 141 times |
Download: | 1 times |
Copyright CohesiveFT - 1/20/15
OpenFlow is SDN, SDN is not only OpenFlow CloudExpo East - SDN & Networking Innovations TrackJune 10 2013
Patrick Kerpan, CEO CohesiveFT
1
Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
Agenda
•Company Background•SDN in the News•The Application Layer of Cloud•OpenFlow and Definitions• “Big Tent” Thinking•CohesiveFT’s Answer to SDN Needs • SDN and the Future of Networking•Contact Information
2
Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
What We DoWho We Are
Company Background
• Cohesive Flexible Technologies Corp. (CohesiveFT)
• Founded in 2006 by IT and capital markets professionals with experience in operations, enterprise software and client-facing services
• First SDN product launched in 2007, followup products in 2008 and 2011
• Cloud, vendor, and standards neutral for greater customization and control
• Enable enterprises to run business operations via the cloud
• Customers have 50M virtual device hours in public, private, & hybrid clouds secured by VNS3
• Only company to promote comprehensive cloud container solution for migration, deployment and control
• First Application SDN product in IBM’s SCE and SCE+
3
Copyright CohesiveFT - 1/20/15
Experience: Customers & Verticals
4
ISV SaaS Integrators Self Service Enterprise
Copyright CohesiveFT - 1/20/15
• 36M virtual device hours in public, private, & hybrid clouds secured by VNS3
• Over 8,000 users built, imported, transformed and delivered 33K+ virtual server templates with Server3
• Numerous enterprises migrated complex applications to the cloud with Context3
• 18+ Industry and Cloud partners
Customers Include:• Global Mutual Fund Company• Global ERP provider• Global BPMS provider• Global Cloud-based Threat
Detection• Global Fashion Brand• Global Toy Manufacturer• US National Sports Association• and many more global, transnational
and local customers
AchievementsOur Clients
EMAIL VERSION
5
Copyright CohesiveFT - 1/20/15
Use
r C
ontr
olPr
ovid
er C
ontr
ol
Compute Storage Network
Virtualization Layer
Web Server Runtime
IaaS
PaaS
Layer 0
Layer 4
Layer 3
Layer 2
Layer 1
Layer 5
Layer 7
Layer 6
Limits of access, control, & visibility
Developer Tools
The Application Layer Of Cloud
6
Application Layer
Hardware Ownership
Layer
Copyright CohesiveFT - 1/20/15
Separte Provider and App Layer Concerns
7
Hardware@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Phys
ical
Lay
er
SDN Market can be divided into 2 segments1. Application Controlled• CohesiveFT VNS3• Cisco Cloud Service Router• Citrix CloudBridge
2. Provider Controlled• Nicira/VMware• Open vSwitch• Cisco Nexus 1000v
• IBM• Cisco• Juniper
Vir
tual
Lay
erA
pplic
atio
n La
yerCloud Instance
OS
App Stack
Prov
ider
Con
trol
led
Hypervisor
Hardware
ComputeStorage
Network
Multiplexed access to:
App
Con
trol
led
} OpenFlow
Layer 0
Layer 4
Layer 3
Layer 2
Layer 1
Layer 5
Layer 7
Layer 6
Perimeter of access, control, & visibility
Copyright CohesiveFT - 1/20/15 8
Hardware
Separte Provider and App Layer Concerns
Phys
ical
Lay
er
SDN Market can be divided into 2 segments1. Application Controlled• CohesiveFT VNS3• Cisco Cloud Service Router• Citrix CloudBridge
2. Provider Controlled• Nicira/VMware• Open vSwitch• Cisco Nexus 1000v
• IBM• Cisco• Juniper
Vir
tual
Lay
erA
pplic
atio
n La
yerCloud Instance
OS
App Stack
Prov
ider
Con
trol
led
Hypervisor
Hardware
ComputeStorage
Network
Multiplexed access to:
App
Con
trol
led
} OpenFlow
Layer 0
Layer 4
Layer 3
Layer 2
Layer 1
Layer 5
Layer 7
Layer 6
CURRENT VISION - OpenFlow Stops Here
@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
OpenFlow - Early SDN definition
The authors of the original ONF paper outlined 5 dimensions that need to be considered for a virtualized network:
It is only the last of these, forwarding tables, that begins to imply a solution to thesechallenges.
9
Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
...
Bandwidth
Topology Device CPU
TrafficForwarding
Tables
Copyright CohesiveFT - 1/20/15
Stepping though Nicira’s Definition of SDN
10
Nicira founders defined the 7 Properties of network virtualization as:
1. Independence from network hardware
2. Faithful reproduction of the physical network service model
3. Follow operational model of compute virtualization
4. Compatible with any hypervisor platform
5. Secure isolation between virtual networks, the physical network, and the control plane
6. Cloud performance and scale
7. Programmatic networking provisioning and control
@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
Independence from network hardware
11
1. Independence from network hardware
Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
Reproduction of physical network model
12
2. Faithful reproduction of the physical network service model
Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
Follow op. model of compute virtualization
13
3. Follow operational model of compute virtualization
@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
4. Compatible with any hypervisor platform
14
4. Compatible with any hypervisor platform
@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
Secure isolation
15
5. Secure isolation between virtual networks, the physical network, and the control plane
@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
ONF
Copyright CohesiveFT - 1/20/15
Cloud performance and scale
16
6. Cloud performance and scale
@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
Programmatic networking provisioning & control
17
7. Programmatic networking provisioning and control
@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
“Big Tent” Thinking within SDN Conversation
18
Two distinct Cloud Constituencies Remain:
• Cloud Service Providers
• Cloud Applications
The SDN conversation must address concerns of both Providers and Applications to answer the future concerns of:• Who “owns” and “controls” each aspect of the application?• How can you move L2 / L3 networking among data centers
driven by the customer, without provider interaction?• How do you use OpenFlow in existing implementations?• How do you improve tunneling approaches?• How do you do encryption throughout?
Tweet it live:@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
Overlay networks solve common pain points:
19
Attest to data in motion encryption
Capacity expansion into public cloud
Cloud WAN / connect to customer & partner networks
Federate common, shared infrastructure
Control in 3rd party infrastructure
Disaster recovery / readiness
@cohesiveFT #SDN talk at @CloudExpo #cloudExpoNYC
Copyright CohesiveFT - 1/20/15
CohesiveFT founders believed Virtual Networking and the ONF definition can benefit from additional application-centric focus on:• Self-service • Mass Customization for enterprise• Journeyman Experience for end users
The difference is service providers start at the bottom with the "device" and network flows. We begin at the top with the enterprise application, its owner and their collective technical and organizational demands.
CohesiveFT’s Answer to SDN Needs: VNS3
20
Provider Owned/Provider ControlledProvider Owned/User ControlledVNS3 - User Owned/User ControlledUser Owned/User Controlled
Copyright CohesiveFT - 1/20/15
Insights revealed the need for integration, governance and security in the app layer.
Enterprises need to control addressing, protocol, topology and security across federated clouds.
Cloud Providers must meet the enterprise app needs to extend networks to the cloud.• Federate across cloud targets• Reuse existing IT resources and skills• Compatibility with any vendor, OS, cloud
CohesiveFT’s Answer to SDN Needs: VNS3
21
As we put our own systems into the cloud, we were uncomfortable with the implied trust, and explicit loss of control of our network.
Copyright CohesiveFT - 1/20/15
Application Use Case: Look like a Telco
• Customer: African mobile application technology company
• Challenge: Mobile users need to connect to SMS with users on other networks in a market with a patchwork of carriers
• What do you need to do this (in Lagos, Nigeria)• Telcos require me to have a “data center” of public IP addresses used in my private LAN• Also, of course require me to have real public IP endpoint addresses• Any form of connectivity like IPsec, BGP Peering, GRE, etc..• Of course redundant servers on reliable raised floor
• Cloud handles the raised floor, but how do you do the network piece without virtualized network looking like the network the telco wants.
• This would have cost hundreds of thousands of dollars pre-cloud, tens of hundreds worst case with the cloud combined with network virtualization.
22
Copyright CohesiveFT - 1/20/15
• Service provider with innovative mobile management solution.
• Like other “born in the cloud” companies - the software gains tremendous leverage out of the cloud for the compute and storage elements. How to get the same leverage from networking?
• Each customer requires an almost identical, secure, encrypted network that not only keeps others out, but keeps the information in.
• Just use VLANS?• VLANS don’t span datacenters in the cloud• VLANS don’t span vendors; doesn’t allow use of clouds as “points of presence”• VLANS aren’t encrypted throughout the cloud• VLANS usually don’t allow UDP multicast• VLANS don’t separate network location from identity
• Customer is running 125+ dynamic network bubbles (and adding more weekly) that can be moved from cloud to cloud as necessary.
Application Use Case: Network Reproducibility
23
COHE S I V EFLEXIBLE TECHNOLOGIES
Confidential - CohesiveFT 2012
Application Use Case: Network Zones
24
Phys
ical
Lay
erV
irtu
al
Laye
r
Perimeter of access, control, & visibility
Prov
ider
Con
trol
led
Series of Hypervisors
Compute Storage Network
Multiplexed access to:
Customer 1 - Topology 2
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Customer 1 - Topology 1
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Customer 2 - Topology 1
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
COHE S I V EFLEXIBLE TECHNOLOGIES
Confidential - CohesiveFT 2012
Application Use Case: Network Zones
25
5
Phys
ical
Lay
erV
irtu
al
Laye
r
Series of Hypervisors
Compute Storage Network
Multiplexed access to: Customer 1 - Topology 1
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Customer 2 - Topology 1
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Customer 1 - Topology 2
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Green Zone
5Ph
ysic
al L
ayer
Vir
tual
La
yer
Series of Hypervisors
Compute Storage Network
Multiplexed access to:
Yellow Zone
5
Phys
ical
Lay
erV
irtu
al
Laye
r
Series of Hypervisors
Compute Storage Network
Multiplexed access to:
Red Zone
COHE S I V EFLEXIBLE TECHNOLOGIES
Confidential - CohesiveFT 2012
Application Use Case: Virtual Network Zones
26
5
Phys
ical
Lay
erV
irtu
al
Laye
r
Series of Hypervisors
Compute Storage Network
Multiplexed access to:
Customer 1 - Topology 1
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Customer 2 - Topology 1
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
Customer 1 - Topology 2
Cloud instance 1
App Stack
OS
Cloud instance 2
App Stack
OS
Cloud instance 3
App Stack
OS
One “flat” infrastructure with network connectivity throughout. Virtual networks are created with “green”, “yellow” and “red” properties
• Green Properties• Connections allowed from netmask representing internal ingress/egress• Connections from virtual network clients• Connections allowed from cryptographically recognized virtual network managers• Security lattice incorporating host firewall and hypervisor firewall• No IPsec connectivity
• Yellow Properties• Connections allowed from netmask representing internal ingress/egress• Connections from virtual network clients• Connections allowed from cryptographically recognized virtual network managers• Security lattice incorporating host firewall and hypervisor firewall• IPsec connectivity allowed to virtual net
• Red Properties• No Connections allowed from netmask representing internal ingress/egress• Connections from virtual network clients• Connections allowed from cryptographically recognized virtual network managers• Security lattice incorporating host firewall and hypervisor firewall• IPsec connectivity allowed to virtual net (MAYBE)
Copyright CohesiveFT - 1/20/15
OpenFlow TodayApplication Virtual Network
Application Use Case: Creating the Virtual Net
• Must and does span datacenters
• Must and does span vendors
• Virtual network controllers get explicitly defined local and public IP addresses via automation
• Virtual network controllers connect and peer via cryptographic identity and checksums
• Application (and its executive owners) are in control of addressing, protocol, topology, security
• Application owner can make attestation of control
• Talking about NOW not what is possible in the future.
• Mostly within a datacenter
• Does not cross the Internet or Vendors
• Proposed “How does controller get its address?” - make DHCP call
• Proposed “How do controllers find each other?” - do Bonjour broadcasts
• Vendor is in control of addressing, protocol, topology, security.
• Vendor can make attestation of control
27
Copyright CohesiveFT - 1/20/15
Demo Use Case: Come take a look
28
AWS VPC US-West-2VPC Subnet: 10.0.0.0/23
Client #2Public IP: 50.112.160.110
VPC IP: 10.0.1.36
Client #1Public IP: 50.112.160.109Overlay IP: 172.31.1.1
VNS3 Manager #1Public IP: 50.112.160.108Overlay IP: 172.31.1.250
IPsec DeviceMake: CiscoModel: ASA
Public IP: 63.250.226.147
CohesiveFT Network LabChicago, IL
Remote Subnet: 192.168.3.0/24
Remote ServerLAN IP: 192.168.3.3
IPsec Tunnel192.168.3.0/24 - 172.31.1.0/24192.168.3.0/24 - 10.0.1.0/24
VNS3 OverlayNetwork
Subnet: 172.31.1.0/24
Client #3Public IP: 54.251.136.83Overlay IP: 172.31.1.2
Client ExtraPublic IP: 54.251.136.84
VPC IP: 10.0.3.238
AWS VPC SingaporeVPC Subnet: 10.0.2.0/23
IBM SCEBoulder, CO
TerremarkvCloud Express
Client #4Public IP: 170.225.97.160Overlay IP: 172.31.1.3
Client #5Public IP: 204.51.114.245Overlay IP: 172.31.1.4
VNS3 Manager #2Public IP: 54.251.136.82Overlay IP: 172.31.1.249
VNS3 Manager #3Public IP: 170.225.96.174Overlay IP: 172.31.1.248
VNS3 Manager #3Public IP: 204.51.124.79Overlay IP: 172.31.1.248
Peered Peered Peered
Copyright CohesiveFT - 1/20/15
Thank YouPatrick Kerpan, CEO
CohesiveFT Americas200 S. Wacker Dr. Suite 1500Chicago, IL 60606
Chris Purrington, Global Sales Director
CohesiveFT Europe134 EastbourneTerrace Paddington London W2 1BA
29
Public Relations
Heidi Groshelle
groshelle communicationsTel: +1 [email protected]