Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Cisco Confidential 1 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
“If you don’t like change, you’re going to like irrelevance even less.” - General Eric Shinseki
SDN for the Network Engineer!
Dana Burch Cisco Systems Systems Engineer Demo - Brandon Beck
ACI
Cisco Confidential 3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Vision for End to End Service Architecture
Service Catalog
Routing / VPN Mobility Video/ Content Security Virtual Private Cloud
Managed Services Transport
Cross Domain Orchestration
SP Controller
APIC Enterprise Controller
APIC DC Controller
End2End Service Management and SLA Guarantees
SP WAN / VPN SP Core Regional DC SP DC
Admit Bandwidth Optimize WAN
Activate & Place NFV services
Provision CPE, WAN/VPN Services & SLA
Program Network Topologies
Cisco Confidential 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
SDN originated as ‘Project Clean Slate’
SDN Controller
1) Off-box Control Planes
VxLAN, BGP
‘UNDERLAY’(physical Network)
2) Overlay + Underlay Networks
‘OVERLAY’ (logical Networks)
OpFLEX
Open API
… +
Open API
Cisco Confidential 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
APIC
OpFlex: An OPEN, Extensible Policy Protocol
OPFLEX WAS DESIGNED TO OFFER:
Policies: • Who can talk to whom • What about • Ops requirements
Abstract policies rather than device-specific configuration 1. Flexible, extensible definition of using XML / JSON 2.
Support for any device including virtual switches, physical switches, network services with strong interoperability across vendors
3.
Open, standardized API with an open source reference implementation 4.
OPFLEX PROXY
OPFLEX AGENT
OPFLEX AGENT
OPFLEX AGENT
HYPERVISOR SWITCH FIREWALL ADC
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
?
Reboot on ACI
ACI Operating Modes 1. Network-Centric ACI (KISS) 2. Network Automation with ACI 3. Policy-based management
Why network engineers (now) love ACI
Cisco Confidential 8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
In reality ACI is all about networking and how you deploy applications onto the network!
Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Distributed, Centralized Management
APIC APIC APIC
Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI for the Network Engineer
=
ACI acts like a giant non-stop L2/L3 switch
1. Is this a proprietary system? What can’t you plug into this? 2. How can you build a better network? Or melt down an ACI network? 3. How can you manage an ACI network?
ECMP based IP routed backbone connecting independent nodes & control planes with no SPOF
Cisco Confidential 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI Logical Model Tenants, Private Networks, Bridge Domains, EPGs, etc.
EPG Web
EPG App
EPG DB Policy “HTTP”
Policy “SQL”
EPG App
EPG Web
EPG DB
Policy “HTTP”
Policy “SQL” App
s
Distributed VDC
Distributed VRFs
Distributed VLAN w/ SVIs.
Tenant “University”
PN “Engineering” PN “HR”
Subnet 172.1.1.0/24 Subnet 172.1.2.0/24
… Subnet 172.20.1.0/24
Subnet 10.1.1.0/24 Subnet 10.1.1.0/24 Subnet 10.1.2.0/24
…
Infra
stru
ctur
e
Bridge Domain A Bridge Domain B Bridge Domain C
à
à
à
Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Co-existence of ACI hosted applications with existing application components
• Layer 2 and Layer 3 interoperate well b/w ACI Fabric and Existing Data Center builds
Subnet ‘A’
Subnet ‘B’
Subnet ‘C’ Subnet ‘D’
Classical L2/L3 ACI - VXLAN
Cisco Confidential 13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Configure ACI ‘Bridge Domain’ settings
Tenant “Red”
Private Net “VRF1”
Bridge Domain “10”
Subnet 10 EPG-10
Demo: 1) New simplified ACI GUI 2) New CLI enhancements
Cisco Confidential 15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
vCenter [DRS, HA, FT, ..]
x86 Intel-VT
ESX
Think about it … vSphere was the most impactful data center platform of the last 5 years
Specific Hardware
Hardware OS
Management
vSphere
Enterprise-class “Overlay” VM1 VM ’n’ …
Tightly coupled Tightly coupled
APIC
N9k
NXOS
ACI
Net 1 Net ‘n’ …
vAdmins can run ACI thru vCenter or vRealize and many other tools!
Similar approach Similar value
Cisco Confidential 16 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Tightly coupled
vCenter
x86 Intel-VT
ESX
Think about it … vSphere was the most impactful data center platform of the last 5 years
APIC
N9k
NXOS
Specific Hardware
Hardware OS
Management
vSphere ACI
Enterprise-class “Overlay” VM1 VM ’n’ … Net 1 Net ‘n’ …
Tightly coupled
?
?
?
NSX NSX Manager
Unmanaged Hardware
NSX Controller
NSX vSwitch
Net 1 Net ‘n’ …
NSX has no means to manage hardware & corresponding service levels (unlike vSphere or ACI which can control and understand hardware capacity and status).
When is buying and operating 2 networks better than 1?
vAdmins can run ACI thru vCenter or vRealize and many other tools!
Cisco Confidential 17 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
VMware Implementation ‘Mic-no-segmentation’ VM VM VM
vDS
NSX Segmented
No NSX Security
MGMT
vMotion
IP Storage
VMware Hypervisor
Any Other Hypervisor
Bare-Metal Workloads
VM Traffic
75% of Servers
Cisco Confidential 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
As a Last Resort…Run ACI & NSX Together
ACI is the best fabric. Full SDN: enable full network automation.
If you run NSX on top of ACI your life will be simpler, you’ll have
better visibility, lower costs, lower risk …
If all you want is the NSX DFW, the best is to run ACI, NSX is just
another application
Wrap Up
Cisco Confidential 20 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI messaging corrected
ü ACI makes VMware better … ü Gives you choice and control ü No need to call network ops.
ü ACI = Non-stop Simple Networks!
ü Networking as a Career path!
ü ACI optimizes the new storage architectures.
ü FCoE available soon.
ü Whitelist ü Open ecosystem. ü Compliance, Audit!! ü Tetration and nano-
segmentation
ü A = Application ü ACI enables rapid prototype-to-
production app devDevOps with application SLAs.
ü Open Source, Open Standards ü Project Shipped
ACI de-risks IT. ACI enables business
innovation thru rapid prototype-to-prod app dev.
ACI delivers solutions with the price/ROI of public cloud & security/SLAs of on-prem.
ACI is an innovative and open architecture for data center networking and security that delivers significant value through increased security, agility, automation, workload mobility and lower (TCO).
Cisco Confidential 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Next Steps
Join DevNet (developer.cisco.com)
Check out the Learning Labs and Sandbox!
Try out dCloud (dcloud.cisco.com)
Scheduled labs for learning or demos!
Cisco Confidential 22 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
http://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/sdnfordummies.pdf
23 C97-733661-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Q&A
23 C97-733661-00 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential