Embed Size (px)
Citation preview
Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved.
Data Center Virtualização e Programabilidade
Roger Oliveira
Engenheiro de Sistemas
Setor Público
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Agenda
• Redes Virtuais
• Serviços de redes Virtuais
• SDN e Redes Programáveis
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 3
Hyp
ervi
sor
Hyp
ervi
sor
Hyp
ervi
sor
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
Problema: Como Conectar VMs?
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 4
Hyp
ervi
sor
Hyp
ervi
sor
Hyp
ervi
sor
App
OS
App
OS
App
OS
vSwitch vSwitchvSwitch
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
Solução: vSwitch (2003)
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 5
Hyp
ervi
sor
Hyp
ervi
sor
Hyp
ervi
sor
App
OS
App
OS
vSwitchvSwitch
App
OS
vSwitch
Def. Rede Def. RedeDef. Rede
Problema: Como Mover VMs em Escala?
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 6
Hyp
ervi
sor
Hyp
ervi
sor
Hyp
ervi
sor
vSwitch vSwitch
App
OS
vSwitch
App
OS
Def. Rede Def. RedeDef. Rede
App
OS
vNetwork Distributed SwitchNexus 1000V
Solução: Distributed Virtual Switch (2008)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Componentes do Nexus 1000V
o o o
VEMVEM
vCenter
VSM
Até128 VEMs*
Virtual Supervisor Module (VSM)
Administrador de Virtualização
Administrador de Rede
Virtual Ethernet Modules (VEM)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Switches Modulares
Supervisor
Supervisor
Line Card
Line Card
Line Card
Nexus 7000 Nexus 1000V
Backplane
o o o
o o o
Até128 VEMs
VSMs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Port Profiles no Nexus 1000V…
• Pode ser aplicado para múltiplas portas
• Pode incluir:
VLANs
ACLs
NetFlow
QoS
Private VLANs
...
port-profile WEB switchport mode access switchport access vlan 105 ip port access-group myacl in no shut vmware port-group state enabled
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
port-profile WEB switchport mode access switchport access vlan 105 ip port access-group myacl in no shut vmware port-group state enabled
…Port Groups no vCenter
vCenter Server Port-group WEB
Port Group
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Agenda
• Redes Virtuais
• Serviços de redes Virtuais
• SDN e Redes Programáveis
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Formatos de Serviços de Rede
“Appliance”Módulo
Serviço Integrado
Nexus 1000vHypervisor
Virtualizado
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Nexus 1000V e Serviços Virtuais
WAN Router
Servers
Infraestrutura VirtualASA
1000VCloud
Firewall
Nexus 1000V
Infraestrutura Física
vWAAS
Cisco Virtual
Security Gateway
Switches
Citrix NetScaler
1000V
ImpervaSecureSphere
WAFCloud
Services Router 1000V
Zone A
Zone B
vPath VXLAN
Multi-Hypervisor (VMware, Microsoft, RedHat*, Citrix*)
Network Analysis Module (vNAM)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
11
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
21
2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
2
DecisionCaching 3
12
3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
2
DecisionCaching 3
4
12
3
4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Virtual Security GatewayPerformance Acceleration with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
Remaining packets from flow
ACL offloaded to Nexus 1000V
(policy enforcement)
VNMC
Log/Audit
VSG
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
11
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
21
2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
2
DecisionCaching 3
12
3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
2
DecisionCaching 3
4
12
3
4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Virtual Security GatewayPerformance Acceleration with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
Remaining packets from flow
ACL offloaded to Nexus 1000V
(policy enforcement)
VNMC
Log/Audit
VSG
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Agenda
• Redes Virtuais
• Serviços de redes Virtuais
• SDN e Redes Programáveis
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Conceitos de SDN:
Inteligência Centralizada (“Modêlo 1”)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Dispositivo de Rede Atual
(router, switch, ...)
Plano de Controle
(IOS)
Plano de Dados(ASIC)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
SDN Controller (software)
Programação(ex.: OpenFlow)
Aplicações
Exemplos atuais: Wireless controllers, PfR, Nexus 1000V,
etc.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Conceitos de SDN:
Overlays Virtuais (“Modêlo 2”)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Rede IP
CGHSDU
Controle de Tráfego Aéreo
Pacotes
Exemplos atuais: MPLS, IPSec, OTV, e muitos outros
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Overlays Virtuais
Servidor Virtualizado (hypervisor)
Servidor Virtualizado (hypervisor)
Servidor Virtualizado (hypervisor)
Software
Software
SoftwareVM
VM
VM
VM
VM
VM
VM
VM
VM
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
O que SDN pode trazer de diferencial HOJE?
COMO fazer uma implementação não-disruptiva?
E como fica o suporte
(dias 2, 3, e assim por diante)?
Perguntas Válidas
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Overlays Multi-hypervisor
(VXLAN e NVGRE)
onePK(API padronizada)
eXtensible Network Controller
(XNC)
Components do Cisco ONE
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
XNC: Roteamento Baseado em Latência
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
ACI – Application Centric Infrastructure
Draw a software boundary around collection of switches to make a system
Policies Who can talk to whom What about Topology control Ops stuff
API
Distributed policy enforcement Just in-time resolution
Performed by embedded policy enforcement agents (PEs)
Application Policy
Infrastructure Controller
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Projeto "open source" formado por líderes da indústria sob a Linux Foundation com o objetivo de avançar a adoção de Software Defined Networking (SDN) através da criação de um framework suportado por vários fabricantes
Platinum Gold Silver
Open Daylight
Obrigado.
