© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 1 © 2012 Cisco and/or its affiliates. All rights reserved.
Quinton Coelho
Dubai, UAE
20th March 2013
Software Defined Networking and Use Cases
Consulting Systems Architect
Perception
All things to all people
A better way to build a network
Hardware doesn’t matter
The answer to every network issue
Simplified troubleshooting
Unlimited bandwidth
Unlimited resources
Whatever you want it to be
“A platform for developing new
control planes” “An open solution for VM
mobility in the Data-Center”
“An open solution for customized flow forwarding
control in and between Data Centers”
“A means to do
traffic engineering
without MPLS”
“A way to
scale my
firewalls and
load
balancers”
“A solution to build a very large
scale layer-2 network”
“A way to build my own
security/encryption solution”
“A way to reduce the
CAPEX of my network
and leverage commodity
switches”
“A way to optimize broadcast TV delivery
by optimizing cache placement and
cache selection”
“A means to scale my fixed/mobile
gateways and optimize
their placement”
“A solution to build virtual
topologies with optimum
multicast forwarding behavior”
“A way to optimize link utilization in my network
enhanced, application driven routing”
“A means to get assured
quality of experience for
my cloud service offerings”
“A way to distribute policy/intent, e.g.
for DDoS prevention, in the network” “A way to configure my entire network
as a whole rather than individual
devices”
“A solution to get a global view of the
network – topology and state”
“Develop solutions at software speeds: I don’t
want to work with my network vendor or go
through lengthy standardization.”
Simplified Operations – Enhanced Agility – New Business Opportunities
“A solution to automated network
configuration and control”
SDN Is…
Perception
Reality
Evolving way of centralizing network control.
Specialized hardware is still beneficial
Lowest common denominator features
A process of defining network requirements
Ability to automate QoS deployments
Ability to enforce policy for an entire network
Centralized control providing in a repeatable
automated fashon what you can already
do today.
The latest buzz word
―…In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications…‖
5
https://www.opennetworking.org/images/stories/downloads/white-papers/wp-sdn-newnorm.pdf
“…open standard that enables researchers
to run experimental protocols in campus networks. Provides
standard hook for researchers to run experiments, without
exposing internal working of vendor devices……”
http://www.openflow.org/wp/learnmore/
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 6
Private Cloud Automation
Research/ Academia
Experimental
OpenFlow/SDN
components for
production
networks
Massively Scalable Data Center
Customize with
Programmatic
APIs to provide
deep insight into
network traffic
Service Providers
Policy-based
control and
analytics to
optimize and
monetize
service delivery
Enterprise
Virtual workloads,
VDI, Orchestration
of security profiles
Customer Insights: Network Programmability
Cloud
Automated
provisioning and
programmable
overlay,
OpenStack
Diverse Network Programmability Requirements Across Segments: Automation, Monitoring & Flow Programmability
Scalable Multi-Tenancy
Network Flow Management
Network “Slicing”
Agile Service Delivery
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 7
Classes of Use-Cases ―Leveraging APIs and logically centralized control plane components‖
Custom Routing (incl. business logic)
Online Traffic Engineering
Consistent Network Policy,
Security, Thread Mitigation
Custom Traffic Processing
(Analytics, Encryption)
Virtualization and Domain Isolation
(Device/Appliance/Network)
Federating different Network Control Points
(LAN-WAN, DC-WAN, Virtual-Physical, Layer-1-3)
Automation of
Network Control
and Configuration (Fulfillment and Assurance)
Virtual & Physical
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 8
Network Programmability Models Implementation Perspective: Evolve the Control-Plane Architecture
Control Plane
Data Plane
Controller
Data Plane
Applications
Vendor-
specific APIs
OpenFlow
2a Classic SDN
Vendor
Specific
(e.g. onePK)
Controller
Data Plane
Applications
Vendor-
specific APIs
OpenFlow
Control Plane
2b Hybrid ―SDN‖
Applications
Virtual Control Plane
Virtual Data Plane
Overlay
Protocols
(e.g. VXLAN)
Vendor-
specific APIs
3 Network Virtualization/
Virtual Overlays
Control Plane
Data Plane
Vendor-
specific APIs
Applications
1 Programmable APIs
Control Plane
Data Plane
Vendor
Specific
(e.g. onePK) Vendor
Specific
(e.g. onePK)
Openstack and Network Overlays Apply to All Models (Physical/Virtual) Custom Features Can Be Built
CLI, SNMP, Netflow, …
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 9
Apps
Controller
OpenFlow
Device
Device w/
OpenFlow
Device
Apps Apps
APIs
Network Network
Cisco Approach: Flexibility to Choose—The Power of “AND”
Physical
and
Virtual
Virtual Overlays
Other
Agents
Approach 1 Approach 2 Approach 3
Implementing Customer Use Cases
9
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 10 10 © 2012 Cisco and/or its affiliates. All rights reserved.
Cisco ONE - Open Network Environment
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11
POLICY ANALYTICS Orchestration
NETWORK
Harvest Network
Intelligence
Program for Optimized Experience
Harnessing Network Value
11
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 12
z Forwarding Plane
Control Plane
Network Services
Management and Orchestration
Transport
Network Elements and Abstraction
Analysis and Monitoring, Performance and Security
OpenFlow/ SDN
Application Developer Environment
Harvest
Network
Intelligence
Program for Optimized Experience
Open
Network
Environment
Cisco’s Differentiation: Multi-layered Programmability Flexibility in Deriving Abstractions
12
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 13
a
Cisco Open Network Environment – Announced June 2012 Industry’s Most Comprehensive Networking Portfolio
Hardware + Software Physical + Virtual Network + Compute
Network
Platform
APIs
Controllers and
Agents
Virtual
Overlays
Applications
One Platform Kit
(onePK) • Programmatic APIs for Network
• HW (IOS, IOS-XR, NX-OS)
SDN • Controller SW (OpenFlow, onePK)
• OpenFlow 1.x support
Open Clouds with Nexus
1000V • Multi-hypervisor
• Multi-service
• Multi-cloud
• Openstack support
Multi-layer API Virtual Overlay (w/ Controller)
Controller
Device
13
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 14
Cisco Open Network Environment Building Blocks
Comprehensive Developer Kit IOS, IOS-XR and NX-OS
onePK
Platform APIs
OpenFlow Agent
SDN Controller Software
Controllers & Agents
OpenStack REST API
Nexus 1000V
Multi-Hypervisors VXLAN Gateway
Overlay Virtual
Networks
Services Chaining
Industry’s Broadest Approach for Network Programmability
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 15
C, JAVA, REST, Python
onePK API Presentation – Service Sets
onePK API Infrastructure
IOS / XE (Catalyst, ISR, ASR1K)
NXOS (Nexus Platforms)
IOS XR (ASR 9K, CRS)
Data Path Policy Element Route Utility
Others… Discovery LISP Developer
•
•
•
•
•
•
•
•
•
Cisco onePK (one Platform Kit) Rapid Application Development
15
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 16
Container
Network OS
onePK Apps
Process Hosting
Container
onePK Apps
Network OS
Bla
de
Blade Hosting
onePK
Apps
Exte
rnal
Serv
er
Network OS
End-Point Hosting
Write Once, Run Anywhere
onePK Application Hosting Options
onePK APIs are Grouped in Service Sets
Base Service Set Description
Data Path Provides packet delivery service to application: Copy, Punt, Inject
Policy Provides filtering (NBAR, ACL), classification (Class-maps, Policy-maps), actions (Marking,
Policing, Queuing, Copy, Punt) and applying policies to interfaces on network elements
Routing Read RIB routes, add/remove routes, receive RIB notifications
Element Get element properties, CPU/memory statistics, network interfaces, element and interface
events
Discovery L3 topology and local service discovery
Utility Syslog events notification, Path tracing capabilities (ingress/egress and interface stats,
next-hop info, etc.)
Developer Debug capability, CLI extension which allows application to extend/integrate application’s
CLIs with network element
17
Cisco ONE Software Controller A JAVA/OSGI Application Industry’s Most Extensible Controller Architecture
REST
Core Functionality
Cisco Advanced Functions
Cisco Apps Customer Apps ISV Apps
Network
Infrastructure
JAVA More
Coming
onePK OpenFlow More
Coming
Open Src Apps
Multiple published APIs for popular
languages and software (Eg: OpenStack)
Extensible protocol support ensures
continuous adoption of emerging standards
Modular architecture allows rapid adoption
of evolving controller functionality while
minimizing operational disruption
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 19 19 © 2012 Cisco and/or its affiliates. All rights reserved.
Use Cases
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 20
Ele
ment System
Interfaces
Discovery
Routing
QoS
Security
CPU, Memory, Platform, Serial #, Versions, Uptime,
Location, OIR, CLI Changes
Port, Slot, BW, MTU, TX/RX, BPS, PPS, Errors, Other Stats,
Config, Link Changes
CDP, Topology Graph, Edges, Nodes, Topology Changes
Ap
plic
atio
n
Getting Properties and Statistics
20
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 21
Ele
ment System
Interfaces
Discovery
Ap
plic
atio
n
Location
IP address, MTU, Clear Stats, Shut/No Shut
Filters
Setting Properties and Statistics
21
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 22
Solution
• OpenFlow experimental
support (v1.0)
• Experimental controller
software
• Integrated slicing
management
• Programmatic Interfaces
(Eg. REST)
Cisco purpose-built Controller for
Network Slicing
management
Slice # 3
Slice # 2
Slice # 1
Consistent Policy Management for Maximum Flexibility and Innovation
Use Case: Campus Network ―Slicing‖ Partition network for multiple user-communities—―Sandbox‖ R&D dept.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 23
Adaptive Architecture Optimizes Resource Utilization
Business Center Content and Application
Provider
onePK
Request for
Telepresence Session
HD video
POLICY
Service Provider
Network
Adapt to Meet SLA
ANALYTICS
Use Case: Agile Service Delivery for Service Providers Monetize Via Real-time Network Adaptation and Maintain SLA
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 25
NX3K
CRS
9K
1K
ISR
1. Network begins with mismatched
parameters on either side of link (e.g.
MTU)
2. Application checks parameters on either
side and identifies mismatches (red lines)
3. Application sets parameters to match
(lines turn green)
4. Application registers for events related to
parameters change.
5. Users logs into console and manually
changes parameter. Topology indicates
change.
1 2
MTU 1500
MTU 1518
MTU 1518
MTU 1600
MTU 1600
MTU 1500
MTU 1500
MTU 1000
4
5
3
Problem: Misconfigurations cause network outages, degrade performance, impact SLAs.
Value proposition: Get, set, and detect configuration changes via cross-platform API
Example: Simplified Management
25
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 26
Example: Dynamic Bandwidth/QoS Allocation
Ingress PE Egress PE
CPE
Cloud Service
Customer
ASR 9K with OnePK
SP Network
ASR 9K with OnePK
SP Policy Server
1. Customer requests premium access to cloud service
2. Policy server pushes customer policy to OnePK on 9k
3. SP Policy Server uses OnePK API to program higher bandwidth QoS policy for specific flow [Customer IP <---> Cloud Service IP]
4. Customer traffic matching the policy is given premium QoS treatment
1
2 2
3
4
Using OnePK API, SPs can build such custom apps to create differentiated, revenue generating services
26
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 27
onePK application
onePK application
telnet
encrypt
encry
pt
decrypt
telnet telnet
1 1. Policy APIs on ingress router are set to
punt telnet and syslog to app
2. App encrypts punted traffic and re-injects
into data path.
3. Policy APIs on egress router punt telnet
and syslog to app
4. App decrypts punted traffic and re-injects
into data path.
5. Traffic that does not match policy passes
through unencrypted.
2
3
4
http
http
Unsecure
Network 5
Example: Customer Encryption Problem: Customers want custom encryption on specific traffic types Value proposition: Punt traffic of interest, encrypt, and re-inject.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 28
Use Case: Custom Forwarding - Transit SelectionUtilizing Topology Independent Forwarding
MPLS
Internet2/Other Service L2/L3/Label/Lambda…
Public Internet
Edge Router Edge Router
Site-2
Cisco ONE Controller
Business Application Driven Requests Flow Based Traffic Steering with Flowspec
Granularity
HTTP Request
Openflow Openflow
HTTP Request
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 29 29 © 2012 Cisco and/or its affiliates. All rights reserved.
Summary
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 30
Application Developer
Environment
Analysis and
Monitoring,
Performance and
Security
Network
Elements and
Abstraction
SD
N
CIS
CO
Harvest Network
Intelligence
Program Policies for
Optimized Experience Any Object
Any Service
Any Layer
• Switch/Router • ASIC • Network Fabric • Compute
• Cloud • Collaboration • Video • Security • Mobility
• L1-7 • Control/Data Plane • Hardware/Software • ASICs/OS
Cisco Vision: Exposing The Entire Network Value Programmatic Control across Multiple Network Planes
30
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 31
www.cisco.com/go/onepk
www.cisco.com/go/getyourbuildon
• Evolutionary step for networking: Complement/evolve the Network Control Plane where needed
• Centered around delivering open, programmable environment for real-world use cases
• No one-size-fits-all
• Cisco will support Network Virtualization, APIs and Agents/Controllers
• Joint evolution with industry and academia
• Technology-agnostic
Not predicated on a particular technology or standard
Draw from Cisco technologies and industry standards
• Delivered as incremental functionality
Many customers will use hybrid implementations
Build upon existing infrastructure with investment protection
www.cisco.com/go/one Open Network Environment
onePK
Open Network Environment – Summary The Industry’s Broadest Approach to Programmatic Access to the Network
31
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 32
Thank you.