Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
ESTRATÉGIAS DE SDN PARA DESAFIOS REAIS DE CLOUD COMPUTING
Marcelo Molinari [email protected]
SE Manager – Brasil and SSA
CLOUD ORCHESTRATION
Software-defined Networking in the Data Center ENABLING NEW LEVELS OF INNOVATION
5/23/2013 © 2012 Brocade Communications Systems, Inc. Proprietary Information 2
NETWORK VIRTUALIZATION PROGRAMMATIC CONTROL
Brocade Network Platform Will Enable Rich Network Services
3 Open Source Consortium for Software-
defined Networking
OpenFlow I2RS BGP-LS other std.
interfaces
overlay /
virtual SW
service abstraction layer (plug-in mgr., capability abstractions, …)
core network service functions
base OSS platform
Northbound Interfaces / Service s APIs (REST)
additional
contributed /
proprietary services
Southbound Interfaces and Protocols
Fed
era
tio
n
Pe
rsis
ten
t S
tore
Physical and Virtual Infrastructure
topology
mgr.
event
mgr.
virtual overlay
mgr. forwarding
device
mgr.
service
abstract.
vRoute
r mgr.
VTN
mgr.
FOUNDING MEMBER OF OPENDAYLIGHT OPEN SOURCE SDN CONSORTIUM
Network Virtualization—Logical Networks
Logical networks eliminate physical network
limitations (e.g., MAC address and VLAN limits)
to facilitate any-to-any connectivity and
workload mobility
Overlay/tunnel technologies: VXLAN
Brocade VCS Ethernet fabric is a superior transport
for network virtualization—leading automation,
efficiency and simplicity
Brocade VDX data center switch ASICs are VXLAN-
ready with software support in 2013; Brocade ADX
VXLAN gateway demo now
Non-Virtualized Environment
Internet
Virtualized VXLAN Environment
Brocade VXLAN Gateway VLAN Segment
VLAN Segment
VLAN Segment
VLAN Segment
VXLAN Segment
VXLAN Segment
VXLAN Segment
VXLAN Segment
5/23/2013 4 © 2012 Brocade Communications Systems, Inc. Proprietary Information
Limitations of Current Network Virtualization
5/23/2013 © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only 5
• POD1 servers are running at full capacity
while POD2 has ample idle capacity.
• A new VM has to be instantiated. Due to
limitations of the network virtualization, the
new VM can be instantiated only in POD1.
• This may be due to reasons such as: • VMnew is being spun-up due to increased
demand in a vApp. The vApp resides in
POD1 and this requires that VMnew also be
spun-up in POD1.
• VMnew has an IP address in one of subnets
(say C1) for which the router directs the
traffic to POD1.
Overcoming the limitations with VXLAN
VXLAN overcomes the limitations of VLAN based network virtualization through
the use of tunneling technology.
Tunneling technology has been well proven in the WAN environment as a means
to stretch Layer 2 Networks (VPLS) and Layer 3 Networks (GRE) across data
centers.
VXLAN uses a VXLAN/UDP/IP header to encapsulate the original unchanged
Ethernet packet.
5/23/2013 © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only 6
VXLAN Tunnels
The VXLAN encapsulation/de-capsulation, also referred to as VLAN tunnel termination, is
performed by an entity in the Hypervisor known as the VXLAN Tunnel End-Point.
This slide shows two tenants, the green tenant and the blue tenant, with VMs on the two
Hypervisors.
VXLAN provides complete isolation between the two tenants, enabling them to have
overlapping MAC and IP addresses, and even overlapping VLAN tags.
5/23/2013 © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only 7
Brocade acquired Vyatta, who pioneered the Virtual
Router category and a software networking platform
1M plus downloads globally and 250,000 Active User
Community
vRouting technology to address east-west traffic in a
highly virtualized and scale-out, multi-tenant
environment
An enterprise branch router platform for managed
services
Network Virtualization—vRouting BROCADE VYATTA TECHNOLOGY
5/23/2013 8 © 2012 Brocade Communications Systems, Inc. Proprietary Information
Vyatta Delivers L3 Routing with Integrated Security
VPN
IPSec, SSL
Router
OSPF, BGP
Firewall
Stateful, NAT
5/23/2013 9 © 2012 Brocade Communications Systems, Inc. Proprietary Information
RUN AS A VM OR STANDALONE SOFTWARE
Data Center : Software Template Model
INTERNET
OpenFlow—Programmatic Network Control A NEW POINT OF INNOVATION FOR NETWORK FUNCTIONALITY
5/23/2013 11 © 2012-2013 Brocade Communications Systems, Inc. Proprietary Information
Traditional Network
Applications
OS
Hardware
Applications
OS
Hardware Applications
OS
Hardware
Features
Device OS
Hardware
OpenFlow 1.0 shipping on Brocade MLXe router up to 100 GbE
OpenFlow overlay runs in “hybrid mode” - concurrently with traditional IP/MPLS routing
Benefits • Seamless interoperability with
traditional networking
• Separate slice of network for OpenFlow innovation
• Isolation enforced in hardware OpenFlow-enable Network
Protection Layer
Traditional IP/MPLS Routing
OpenFlow Overlay
Customer/Vendor/Partner
Applications
Network Controller
OpenFlow Protocol Building Blocks
Explicitly defined by OF Standard
Flow(s) - how network traffic is defined
Flow Table(s) - list of Flows used for processing network traffic
Open Flow Channel - communication protocol used between controller and
network element.
Pieces need to make an OF solution operate.
Application(s) - Software that determines network forwarding behavior
Controller(s) - Software that communications with network element and
application
Network Element(s) - Switches/routers (physical or virtual)
© 2012 Brocade Communications Systems, Inc. Company Proprietary Information 12
OpenFlow Building Blocks
Basic building block in OpenFlow is the Flow.
A Flow represents the matching fields, actions and corresponding
statistics.
Matching Fields (OF v1.0) include ingress port and L2/L3 packet header.
Actions include drop, forward to port(s), forward to controller, modify fields (and
then forward).
The Flow also includes statistical information (counters).
The Flow
© 2012 Brocade Communications Systems, Inc. Company Proprietary Information 13
Matching Fields Actions Stats
OF Flow
OpenFlow Building Blocks Flow – OpenFlow v1.0
Each flow table entry contains a set of rules to match (e.g., IP src) and an action list to be executed in case of a match (e.g., forward to port list).
• Forward packet to a port list
• Add/remove/modify VLAN Tag
• Drop packet
• Send packet to the controller
Packet counters, byte counters,
and etc
Matching Fields Actions Stats
Flow Entry
Ingress
Port
MAC
DA
MAC
SA EtherType
VLAN
ID
IP
Src
IP
Dst
IP
Protocol
TCP/UDP
src port
TCP/UDP
dst port P-bits
IP
DSCP
Layer 2 Layer 3
14 © 2012 Brocade Communications Systems, Inc. Company Proprietary Information
While the OF specification may
support a particular match field (or
combinations) and action (s), the
underlying hardware many not.
Always check hardware support for
the spec.
OpenFlow Building Blocks
A flow table is the “blue print” that a switch uses to process packets through the
data plane
At a high level it operates very much like an access control list. The table
contains flow entries and is used by the switch to process packets.
Flow entries are ordered by priority
Flow Table
© 2012 Brocade Communications Systems, Inc. Company Proprietary Information 15
Matching Fields Actions Stats
Flow Table
1
Matching Fields Actions Stats 2
Matching Fields Actions Stats N
Matching Fields Actions Stats 3
Flow
Table
OpenFlow Building Blocks
Packet Ingress to switch.
By priority (order of entries in table), compare Packet Header to flow table.
When match found, perform action (drop, forward out port(s), forward to controller) and update stats.
If no entry is found, default behavior is to drop packet.
The Flow Table in action
© 2012 Brocade Communications Systems, Inc. Company Proprietary Information 16
Matching Fields Actions Stats
Flow Table
1
Matching Fields Actions Stats 2
Matching Fields Actions Stats N
Matching Fields Actions Stats 3
Header Payload
Ethernet Flow
Table
17
OpenFlow Architecture Switch, Controller, Application
• Communicates with
Controller via the
OpenFlow Channel
(to/from)
• Forwards packets
based on Flow Table*
• Note – can also operate in Hybrid Mode
etc.
• Provides mechanism
for application to push
flow information
to/from switches.
• Typically Server Based
• May include tool kit to
write scripts (simple
apps)
• Determines packet
forwarding behavior
and pushes the
information (flow table)
through controller to
switch.
• Custom network
behavior
Network Element (Switch)
Controller Application
© 2012 Brocade Communications Systems, Inc. Company Proprietary Information
© 2012 Brocade Communications Systems, Inc. Company Proprietary Information 18
OpenFlow Architecture
Flow
Table
Flow
Table
Controller
Application
Flow Table
Highest Priority
Lowest Priority
Flow Entries
……..
TABLEINIT();//Forward all to flows to controller
FOR(){
FLOW = LISTENTOCONTROLLER();//Listen for new flows
ADDFLOW(FLOW);//add source mac rule with port.
PUSHFLOW(FLOWTABLE);//push flow to controller
……
Application Determine Network Forwarding
Behavior Based on inputs from
users, other software packages and
information received from
networking hardware
Controller and Switch Communicate flow entry information
to/from switch via OpenFlow
Channel (Protocol)
Switch Forward Traffic based on entries
in flow table (to controller, drop,
out port etc).
NOT REAL Code. Simply illustrating that network configuration is now “programmatic”
Hybrid Switch Mode – What all vendors do
19
100G WAN Link
100G OpenFlow Port
Science DMZ
Customer 2
Campus network
Customer C
VLAN 400
VE 4
172.17.3.1
Science DMZ
Customer 1
MLXe
Match same VLAN
700 for customer A
VLAN 300
VE 3
172.17.2.1
Campus network
Customer A
© 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— For Internal Use Only
Campus network
Customer D
Campus network
Customer B
Dec 2012
OpenFlow port
Normal Routing port
loopback cable
2 3 L2
Switching
IPv4/IPv6
routing
IPv4/IPv6
routing
VLAN 500
VE 5
172.17.4.1
VLAN 700
Match the uplink
VLAN with different IP
payloads for
customer B & C
Match the uplink
VLAN for
customer D
Best Practice for using “Single OpenFlow Uplink” port
Single OpenFlow Uplink
Hybrid Port Mode – What Brocade does Best Practice for using “Single Hybrid Uplink” port
20
100G WAN Link
100G port
OpenFlow Hybrid Port
1
OpenFlow-enabled port
Normal routing port
(Not OpenFlow-enabled)
OpenFlow Traffic
IP Routed traffic
Hybrid Port
VLAN 16
VE 16
10.10.1.1
IP Routed traffic
OpenFlow Traffic
1
Normal routing port
(Not OpenFlow-enabled)
OpenFlow Traffic
IP Routed traffic
IP Routed traffic
OpenFlow Traffic
MLXe MLXe
VLAN 400
VE 4
172.17.1.1 IPv4
routing
VLAN 300
VE 3
172.17.2.1
IP Routed traffic
IPv4
routing
Hybrid Port
VLAN 16
VE 16
10.1.1.2
VLAN 700
VE 7
172.16.25.2
VLAN 600
VE 6
172.16..26.2
OpenFlow port
Normal Routing port
OpenFlow Hybrid port
© 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— For Internal Use Only Dec 2012
Single Hybrid Uplink
Brocade MLXe High-Performance Core Router INTERCONNECTING BROCADE VCS FABRICS IN THE DATA CENTER CORE
5/23/2013 © 2012 Brocade Communications Systems, Inc. Proprietary Information 21
Massive scalability: Industry-leading 10G and 100G router density Supports up to 15.36 Tbps fabric capacity, 768 10G ports, and 32 100G ports in single chassis
On-demand capacity increase using high-capacity link aggregation
Advanced, scalable software features Hardware support for up to 1M MPLS labels
Routing over VPLS enables VM mobility and service flexibility between data centers
Multi-tenancy at scale with VRFs, VLANs, and QinQ
Compelling economics Dramatically consolidates network devices
Efficient, green design enables power and space savings
Seamless migration to SDN: Industry’s first true Hybrid mode OpenFlow
High availability: Resilient Multi-Chassis Trunking with active-active links
Cloud Orchestration—OpenStack
Open source cloud management framework for private and public clouds
Created by Rackspace and NASA in July 2010
Capturing the hearts and minds of the industry
Rapidly becoming the de facto open source standard for cloud computing
~200 participants and 6,000+ developers
Allows any organization to create and offer cloud computing capabilities using open source software, rapidly and at a low cost
5/23/2013 22 © 2012-2013 Brocade Communications Systems, Inc. Proprietary Information
OpenStack Shared Services
Physical Infrastructure
Storage Networking Compute
Your Applications
OpenStack
Dashboard
Brocade VCS fabric automation and OpenStack
orchestration dramatically decrease time-to-deploy
network capacity
Brocade VCS plug-in contributed to OpenStack
“Grizzly” release
Brocade leading industry efforts to champion
OpenStack support of Fibre Channel SANs
Partnering with Red Hat and Piston Cloud for
commercial versions of OpenStack that include
Brocade VCS and FC fabrics by 2H13
SELF-SERVICE, ON-DEMAND FABRIC PROVISIONING
Brocade Fabrics and OpenStack
VCS APIs
Brocade Plug-in
5/23/2013 23 © 2012 Brocade Communications Systems, Inc. Proprietary Information
OpenStack Taxonomy Five Major Components
5/6/2011 © 2010 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only 24
OpenStack core services:
• Virtual Machines (compute)
• Object Store (object, data blurb)
• Block Storage aka Virtual Block
Devices (hard drives, volume)
• Virtual Networks (networking)
• Dashboard (user portal)
There are two other components that
serve “middleware” functionality:
• The disk image registry (Glance)
• The authorization and authentication
framework (Keystone)
Source: http://www.pistoncloud.com/cloud-technology/what-is-openstack/
Cloud Core
Services
OpenStack
Project
Amazon Web
Services
Equivalent
Rackspace
Equivalent
Virtual
Machines
Nova EC2 Cloud Servers
Object Store Swift S3 Cloud Files
Block Storage Cinder EBS Cloud Block
Storage
Virtual
Networks
Quantum,
Melange
VPC Cloud
Networks
Dashboard Horizon AWS Mgmt
Console
Cloud Control
Panel
© 2010 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only 25
Phase 1 (Essex Release) Phase 2 (Grizzly Release) Phase n (Ultimate State)
POC delivered H2 2013 TBD
Brocade Infrastructure
OpenStack Ecosystem
Brocade Plugins (Network & Block Storage)
VCS Technology
VDX 67xx
VCS Plugin
App OS
App OS
Rackspace Private Cloud
Piston Cloud
Red Hat RHOS
VCS + ADX + FC SAN Plugins
VCS Technology
VDX 6700/8770
App OS
App OS
ADX
OpenStack Dashboard
OpenStack Integration Roadmap Execution Plan (Roadmap)
SDN Use Cases
26
SDN Will Evolve Through Value-Added Applications
© 2013 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
27
Brocade SDN Target Use Cases
WAN Network Virtualization
WAN Virtualization
App & SDN Controller
DC 1 DC 2 10/100G WAN
Customer 1
Customer 2
1
DC Network Virtualization
DC Network Fabric
VM VM VM
PHY PHY
VM VM VM
PHY PHY
VM VM VM
PHY PHY
DC Virtualization
App & SDN Controller
4
DC 1 DC 2 Optical
Packet-Optical Integration
APP & SDN Controller
SDN Packet-Optical Integration
MPLS/IP
DC1 SDN
Cloud Orchestration
DC2 SDN OTN
7 8
Network Analytics
App & SDN Controller
Production
10/100G WAN
Analytics
Network Tool 1
Tool 2 Tool 3
3
Network Analytics Services Creation & Insertion
Services Insertion
App & SDN Controller
ADC FW Cache
AAA
2
Existing Infrastructure
Network (Physical)
Brocade ADX VxLAN
Gateway
Internet Virtualized VXLAN
Environment (Logical)
VXLAN Segment VNI 5001
VXLAN Segment VNI 6001
ADP APP & SDN Controller
Application Delivery
5
SDN Orchestration &
SDN Controller
SDN Cloud Gateway
6
VM VM VM
PHY PHY
VM VM VM
PHY PHY
L2/L3VPN WAN
Data
Center Tunnels or VLANs
© 2013 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
WAN Network Virtualization
OpenFlow as an overlay to existing network
Allows for new revenue-generating features on top of existing production network
Enabled by Brocade’s “Hybrid port mode”
OpenFlow and traditional features enabled concurrently on same router ports
Protected Hybrid Port Mode
OpenFlow does not affect Traditional traffic
Protection in hardware
Allows for initial OpenFlow overlay service development without risk
Traditional L2/L3VPN-IP Network with OpenFlow Overlay
WAN Physical Infrastructure
Traditional L2/L3VPN, IP
Protection
Layer
DC 1 DC 2
1 SDN Use Case
28 © 2013 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
WAN SDN Controller Traditional WAN
Management
OpenFlow Overlay
Internet2 BROCADE OPENFLOW ENABLED 100G NATIONWIDE BACKBONE
Exchange Point
Internet 2
• 49 Custom Location Facilities
• 15,500 miles of dark Fiber
• 8.8 Tbps of Optical Capacity
• Hybrid Mode with protected OpenFlow traffic
Seattle
Kansas City
Chicago (3)
Salt Lake City
Los Angeles
Houston (2)
Atlanta
Washington DC
Cleveland New York (2)
Boston
Albany
Philadelphia Pittsburgh
Buffalo
Detroit
Raleigh
Charlotte
Jacksonville
Baton Rouge
Jackson
Chattanooga
Nashville
Louisville
Cincinnati
Ashburn Indianapolis
St. Louis
Memphis Tulsa
Dallas
Madison
Minneapolis
San Antonio
El Paso
Albuquerque
Denver
Bismarck
Fargo Dickinson
Miles City
Billings
Bozeman
Missoula
Spokane
Boise
Las Vegas
Phoenix
Tucson San Diego
IP router node
Optical add/drop facility
Reno
Olympia
Portland
Eugene
Sacramento
Sunnyvale
San Luis Obispo
29
1 SDN Use Case
© 2013 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
Services Creation & Insertion
SDN automates
Traffic steering to achieve desired
pipeline of services
Customization of services according
to customer needs
Optimizes use of network resources
No need to steer traffic through traffic
steering appliances
30
Services Insertion App +
SDN Controller
ADC FW Cache
OpenFlow router
Services
2 SDN Use Case
© 2013 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
SDN Approach to Network Analytics
Why network analytics is important
Real-time network statistics collection & alerting
Summarization of normal and abnormal traffic
Detect network performance issues in advance of customer complaints
Use cases
Internet/Mobile traffic analysis: Facebook, Youtube, Email, …
Big Data analysis
Detection of unlawful content
…
Unlocking Advanced Operational Intelligence
31
3 SDN Use Case
© 2013 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 31
3rd Party Analytic Tools
OpenFlow
+ RESTful APIs
RESTful APIs
SDN/OpenFlow Controller
Network Analytics App Network Analytics App Network Analytics App
Physical Network
Tool 1 Tool 2 Tool 3 Tool 4 Tool 5
32
Data Center Network Virtualization Scalable Cloud Services
Tunnels enable physical network
abstraction (logical network)
VxLAN, NVGRE, STT
Software Switches (vSwitches)
connect virtual machines
ToRs connect physical machines
SDN Gateways enable scalable
connectivity into the logical network
4 SDN Use Case
VM VM VM
PHY PHY
VM VM VM
PHY PHY
VM VM VM
PHY PHY
DC Physical Infrastructure
Tunnels
Customer A Customer B Customer c
vSwitch
VM VM VM VM VM VM PHY PHY PHY
ToR
server server
vSwitch
© 2013 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
DC Logical Networks
Industry’s first integrated VXLAN gateway
and application delivery controller (ADC)
Connects VXLAN environments to the
Internet
Spans VXLAN and non-VXLAN environment
Enables transparent access to both VXLAN
connected VMs and physical servers
VMware vShield Manager and vCenter
support
Demonstrated at VMWorld San
Francisco, September 2012
© 2013 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only 33
Brocade ADX VXLAN gateway solution Brocade ADX Physical to Logical Gateway Solution
VXLAN GATEWAY ON THE BROCADE ADX APPLICATION DELIVERY SWITCHES
Non-Virtualized Environment
Internet
Virtualized VXLAN Environment
Brocade ADX VXLAN Gateway VLAN Segment
Automated Orchestration
vCenter
VLAN Segment
VLAN Segment
VLAN Segment
VXLAN VNI 5001
VXLAN VNI 6001
VXLAN VNI 7001
VXLAN VNI 8001
5 SDN Use Case
SDN Cloud Gateway
Direct mapping from customers’ DC
Logical Networks to WAN L2/L3VPNs
SDN point of control between WAN and DC
network
Cloud Scale
Optimized to large DC multi-tenancy
requirements
Inter-DC connectivity
Termination of tunnels: VxLAN, NVGRE, etc
34
SDN Cloud Gateway Interconnecting DC Logical Networks to WAN L2/L3VPNs
SDN Cloud
Gateway
Data Center
Customers
L2VPN-L3VPN
WAN
VM VM VM
PHY PHY
VM VM VM
PHY PHY
VM VM PHY VM VM PHY
Tunnels
DC SDN Controller
Server Server
6 SDN Use Case
© 2013 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL— Discussed under NDA Only
5/23/2013 35
Enabling Technologies
Brocade Strategy On-Demand
Network Stack
Ethernet Fabrics Brocade VCS Fabrics Network Fabric Layer
Overlay networks Programmatic control
Virtual network services
VXLAN, OpenFlow, OpenScript
vRouting, vADC Virtualization Layer
SDN Applications Network Analytics, etc. Application Layer
Orchestration Frameworks OpenStack, VMware vCloud Director, RESTful device APIs
Cloud Management Layer
© 2012 Brocade Communications Systems, Inc. Proprietary Information
Summary: Brocade SDN in the Data Center
Leadership through
Innovation
Empowering the On-Demand Data Center
Leadership and rapid innovation in Fabrics, IP routing and Software-defined Networking
Delivering the world’s most automated, efficient and agile networks
5/23/2013 © 2012 Brocade Communications Systems, Inc. Proprietary Information 36