Kurumsal Ağlarda SDN Uygulamaları - Cisco Connect TR '14

Kurumsal Ağlarda SDN Uygulamaları (SDN Applications for Enterprise Networks) .

Kubilay Akgül Systems Engineer, CCIE #29500

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Cisco Confidential 3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

One Platform

CISCO ONE PLATFORM Consistent Policy-Based Management and Security

DC

Cisco Application Policy Infrastructure Controller (APIC)

Northbound APIs (ONE DevKit)

WAN

Southbound APIs (OpenFlow, onePK, CLI)

NEW

NEW

ACCESS

DC Module Enterprise Module NEW

3


OPEN RESTFUL APIS CENTRALISED POLICY MODEL

OPEN SOURCE

CONTROLLER

APIC

POLICY MODEL

ACI

What is APIC-DC?

NEXUS 9500 and 9300

4

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public 5

What is SDN Architecture?

5

An SDN architecture must be able to manipulate frame and packet flows through the network at large scale in a programmable fashion.

APIC: Application Policy Infrastructure Controller

APIC-EM: APIC – Enterprise Module


What is our long term strategy with SDN?

6

“Make it as simple as possible until customers complain that it is too simple!”

Avoid box-to-box configuration (CLI, SNMP, scripting, wizards, templates)

Change the way the world works, lives, play and learns.

Don’t configure features, Create Solutions which are POLICY driven. - Not PfR of AVC Config à Implement iWAN solution


Cisco APIC - Enterprise Module

Reducing IT Operations Time, Creating More Time for IT Innovation

CURRENT IT* FAST IT

28% Troubleshooting

19% Security

18% Configuration

14% Equipment Upgrade

14% Traffic Optimisation

7% Other

14% Troubleshooting

10% Security 8% Configuration

14% Equipment Upgrade

10% Traffic Optimisation

43% Other

*Source: Forrester Commissioned Study

Total Network Operations Time Savings

More Time Available for Business Innovation

Average Time Spent by Network Administrator

7


What is APIC Enterprise Module?

8

Masking Network Complexity, Exposing Network Intelligence

Software or Appliance Based

Open Daylight, RESTful, OpenFlow, CLI, OnePK

Existing & New Installations Catalyst, ISR, ASR

Agile Integration Model

Network Abstraction and Automation

Cisco APIC -

Enterprise Module

8


Cisco APIC - Enterprise Module Architecture

Abstracts Network Devices to Mask Complexity Treat Network as a System

Exposes Network Intelligence For Business Innovation

Cisco APIC - Enterprise Module

Cisco and Third Party Applications

Network Devices Catalyst, ASR, ISR

Network Info Database

Policy Infrastructure Automation

REST API

CLI, OpenFlow, OnePK API

Security QoS Mobility

9


NB REST API

Inventory

Network Discovery

NETWORK MODEL

DEVICE MODEL

DEVICE INTERFACE

APIC

-EM

Ser

vice

s A

PIC-

EM A

pps

Network

App 1 App 2 App 3

Policy Control

Policy Programmer

Network Tapping

Policy Preparer

Easy QoS Policy Manager Identity

Manager-Pxgrid

Radius Proxy

Identity Management

Network Events

API -EM: Layered View

Path Trace ACL Trace

ACL Analysis

QoS Analysis

Network Programmer CLI SNMP OnePK

Policy Analysis

Topology Statistics Manager

Segmentation Manager

DAS NIB

REpresentational State Transfer


Grapevine Root

Grapevine Client

Service Manager

Load Monitor

Capacity Manager

Service Catalog

Service Monitor

Download Manager

Starts, stops, monitors service instances across Grapevine…

Provides on-demand capacity to run services…

Monitors load / health of services across Grapevine…

Repository of service bundles that can be deployed on Grapevine nodes…

Starts, stops, monitors service instances running on a single Grapevine node…

Downloads and deploys service bundle on Grapevine node…

Grapevine – An Elastic Platform for APIC-EM


Service Catalog

Service C Service

B Service A

Cisco developer stores SDN service bundles in Service Catalog…



Virtual Machine Grapevine

Client Service

A

“load exceeding threshold”

Load Monitor

Service Catalog Service

A Service

B Service

C


Client Service

A

Service load on Grapevine node starts to exceed specified threshold…




Client Servic

e

“need another instance of A”

Load Monitor Service Catalog

Service A

Service B

Service C

Service A


Client

Service Manager

“plant”

Service A

“download”

Load monitor detects load increase and requests another instance of

service to be started…




Client Servic

e

“need another instance of A”


Service A

Service B

Service C

Service A


Client

Service Manager

“plant A”

Service A


Client Service

A

Capacity Manager

“need more capacity”

“grow”

Service Manager requests more capacity when required to run additional service instances…




Client Servic

e

“need another instance of B”


Service A

Service B

Service C

Service A


Client

Service Manager

“harvest A, plant B”

Service A


Client Service

A

Capacity Manager

Service B

In case of insufficient capacity, Grapevine can stop lower priority services to make room for

higher priority services…



Controller Deployment

ldap

radius server ISE

17

DEMO

APIC-EM Applications


PATH Visualization

20

APIC EM Returns A Path Based on a 5 Tuple Input


QoS Application

21


APIC-EM

Boston (Branch) Boulder (Branch)

San Jose (Campus)

CUCM

WAN – Metro-E Jabber

Dx650 Dx650

Jabber

1) Boston Dx650 places call to Boulder Dx650 2) UCM creates new flow in APIC-EM w/ flow 4-tuple and policy/bandwidth

3) APIC-EM provisions policy and reserves bandwidth from network elements in path

4) APIC-EM replies w/ 200 OK to UCM

5) UCM Admits call

6) Boston Jabber places call to Boulder Jabber

7) UCM creates new flow in APIC-EM w/ flow 4-tuple and policy/bandwidth

8) APIC-EM returns “insufficient bandwidth” to CUCM 9) UCM Admits call - audio only

10) Boston DX650 hangs up

11) CUCM Deletes flow

12) CUCM queries for bandwidth

APIC

Audio Call

Audio + Video Call

13) CUCM reinvites Jabber with video

CUCM Integration


iWAN Application – 1/3

23



24

The focus will be on interacting with the network based on intent based policies; network configuration is by itself prescriptive and completely

abstracts out the complexity



25

DEMO


APIC-EM: Home

27


APIC-EM: Discovery

28


APIC-EM: Device Inventory

29


APIC-EM: Host Inventory

30


APIC-EM: Topology

31


APIC-EM: Policy

32


APIC-EM: QoS

33


APIC-EM: Policy Analysis - ACL Analysis

34


APIC-EM: Policy Analysis - ACL Trace

35

Internet

Kurumsal Ağlarda SDN Uygulamaları - Cisco Connect TR '14