Upload
cisco-turkey
View
172
Download
2
Tags:
Embed Size (px)
Citation preview
Kurumsal Ağlarda SDN Uygulamaları (SDN Applications for Enterprise Networks) .
Kubilay Akgül Systems Engineer, CCIE #29500
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Confidential 3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
One Platform
CISCO ONE PLATFORM Consistent Policy-Based Management and Security
DC
Cisco Application Policy Infrastructure Controller (APIC)
Northbound APIs (ONE DevKit)
WAN
Southbound APIs (OpenFlow, onePK, CLI)
NEW
NEW
ACCESS
DC Module Enterprise Module NEW
3
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
OPEN RESTFUL APIS CENTRALISED POLICY MODEL
OPEN SOURCE
CONTROLLER
APIC
POLICY MODEL
ACI
What is APIC-DC?
NEXUS 9500 and 9300
4
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public 5
What is SDN Architecture?
5
An SDN architecture must be able to manipulate frame and packet flows through the network at large scale in a programmable fashion.
APIC: Application Policy Infrastructure Controller
APIC-EM: APIC – Enterprise Module
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public 6
What is our long term strategy with SDN?
6
“Make it as simple as possible until customers complain that it is too simple!”
Avoid box-to-box configuration (CLI, SNMP, scripting, wizards, templates)
Change the way the world works, lives, play and learns.
Don’t configure features, Create Solutions which are POLICY driven. - Not PfR of AVC Config à Implement iWAN solution
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco APIC - Enterprise Module
Reducing IT Operations Time, Creating More Time for IT Innovation
CURRENT IT* FAST IT
28% Troubleshooting
19% Security
18% Configuration
14% Equipment Upgrade
14% Traffic Optimisation
7% Other
14% Troubleshooting
10% Security 8% Configuration
14% Equipment Upgrade
10% Traffic Optimisation
43% Other
*Source: Forrester Commissioned Study
Total Network Operations Time Savings
More Time Available for Business Innovation
Average Time Spent by Network Administrator
7
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public 8
What is APIC Enterprise Module?
8
Masking Network Complexity, Exposing Network Intelligence
Software or Appliance Based
Open Daylight, RESTful, OpenFlow, CLI, OnePK
Existing & New Installations Catalyst, ISR, ASR
Agile Integration Model
Network Abstraction and Automation
Cisco APIC -
Enterprise Module
8
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco APIC - Enterprise Module Architecture
Abstracts Network Devices to Mask Complexity Treat Network as a System
Exposes Network Intelligence For Business Innovation
Cisco APIC - Enterprise Module
Cisco and Third Party Applications
Network Devices Catalyst, ASR, ISR
Network Info Database
Policy Infrastructure Automation
REST API
CLI, OpenFlow, OnePK API
Security QoS Mobility
9
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
NB REST API
Inventory
Network Discovery
NETWORK MODEL
DEVICE MODEL
DEVICE INTERFACE
APIC
-EM
Ser
vice
s A
PIC-
EM A
pps
Network
App 1 App 2 App 3
Policy Control
Policy Programmer
Network Tapping
Policy Preparer
Easy QoS Policy Manager Identity
Manager-Pxgrid
Radius Proxy
Identity Management
Network Events
API -EM: Layered View
Path Trace ACL Trace
ACL Analysis
QoS Analysis
Network Programmer CLI SNMP OnePK
Policy Analysis
Topology Statistics Manager
Segmentation Manager
DAS NIB
REpresentational State Transfer
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Grapevine Root
Grapevine Client
Service Manager
Load Monitor
Capacity Manager
Service Catalog
Service Monitor
Download Manager
Starts, stops, monitors service instances across Grapevine…
Provides on-demand capacity to run services…
Monitors load / health of services across Grapevine…
Repository of service bundles that can be deployed on Grapevine nodes…
Starts, stops, monitors service instances running on a single Grapevine node…
Downloads and deploys service bundle on Grapevine node…
Grapevine – An Elastic Platform for APIC-EM
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Service Catalog
Service C Service
B Service A
Cisco developer stores SDN service bundles in Service Catalog…
Grapevine – An Elastic Platform for APIC-EM
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Virtual Machine Grapevine
Client Service
A
“load exceeding threshold”
Load Monitor
Service Catalog Service
A Service
B Service
C
Virtual Machine Grapevine
Client Service
A
Service load on Grapevine node starts to exceed specified threshold…
Grapevine – An Elastic Platform for APIC-EM
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Virtual Machine Grapevine
Client Servic
e
“need another instance of A”
Load Monitor Service Catalog
Service A
Service B
Service C
Service A
Virtual Machine Grapevine
Client
Service Manager
“plant”
Service A
“download”
Load monitor detects load increase and requests another instance of
service to be started…
Grapevine – An Elastic Platform for APIC-EM
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Virtual Machine Grapevine
Client Servic
e
“need another instance of A”
Load Monitor Service Catalog
Service A
Service B
Service C
Service A
Virtual Machine Grapevine
Client
Service Manager
“plant A”
Service A
Virtual Machine Grapevine
Client Service
A
Capacity Manager
“need more capacity”
“grow”
Service Manager requests more capacity when required to run additional service instances…
Grapevine – An Elastic Platform for APIC-EM
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Virtual Machine Grapevine
Client Servic
e
“need another instance of B”
Load Monitor Service Catalog
Service A
Service B
Service C
Service A
Virtual Machine Grapevine
Client
Service Manager
“harvest A, plant B”
Service A
Virtual Machine Grapevine
Client Service
A
Capacity Manager
Service B
In case of insufficient capacity, Grapevine can stop lower priority services to make room for
higher priority services…
Grapevine – An Elastic Platform for APIC-EM
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Controller Deployment
ldap
radius server ISE
17
DEMO
APIC-EM Applications
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
PATH Visualization
20
APIC EM Returns A Path Based on a 5 Tuple Input
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
QoS Application
21
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM
Boston (Branch) Boulder (Branch)
San Jose (Campus)
CUCM
WAN – Metro-E Jabber
Dx650 Dx650
Jabber
1) Boston Dx650 places call to Boulder Dx650 2) UCM creates new flow in APIC-EM w/ flow 4-tuple and policy/bandwidth
3) APIC-EM provisions policy and reserves bandwidth from network elements in path
4) APIC-EM replies w/ 200 OK to UCM
5) UCM Admits call
6) Boston Jabber places call to Boulder Jabber
7) UCM creates new flow in APIC-EM w/ flow 4-tuple and policy/bandwidth
8) APIC-EM returns “insufficient bandwidth” to CUCM 9) UCM Admits call - audio only
10) Boston DX650 hangs up
11) CUCM Deletes flow
12) CUCM queries for bandwidth
APIC
Audio Call
Audio + Video Call
13) CUCM reinvites Jabber with video
CUCM Integration
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
iWAN Application – 1/3
23
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
iWAN Application – 2/3
24
The focus will be on interacting with the network based on intent based policies; network configuration is by itself prescriptive and completely
abstracts out the complexity
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
iWAN Application – 3/3
25
DEMO
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM: Home
27
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM: Discovery
28
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM: Device Inventory
29
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM: Host Inventory
30
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM: Topology
31
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM: Policy
32
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM: QoS
33
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM: Policy Analysis - ACL Analysis
34
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
APIC-EM: Policy Analysis - ACL Trace
35