Cisco Controller Strategy

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1Cisco Confidential 1C97-708996-00 © 2012 Cisco and/or its affiliates. All rights reserved.

Cisco Controller Strategy

Tae Hwang, CCIE #5135 (RS and Voice), CISSP

Customer Solutions Architect


SDN Introduction and Hybrid Mode

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Basic Definitions

What Is Software Defined Network (SDN)?

“…In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications…”

Source: www.opennetworking.org

What is OpenStack?

Opensource software for building public and private Clouds; includes Compute (Nova), Networking (Quantum) and Storage (Swift) services.

Source: www.openstack.org

What is Overlay Network?

Overlay network is created on existing network infrastructure (physical and/or virtual) using a network protocol. Examples of overlay network protocol are: MPLS, LISP, OTV and VXLAN

What Is OpenFlow?

“…open standard that enables researchers to run experimental protocols in campus networks. Provides standard hook for researchers to run experiments, without exposing internal working of vendor devices…”

Source: www.opennetworking.org


Industry Landscape: Sample Vendor DeploymentsHow to program across any device, any layer, any service?

Apps

Controller

OpenFlowDevice

Device w/OpenFlow

Device

Apps Apps

APIs

Network Network

Cisco Approach : Flexibility to choose - The Power of “AND”

Physical and Virtual

Virtual Overlay

OtherAgents

Vendor A Vendor B Vendor C


a

Announcing : Cisco Open Network EnvironmentProgrammabe, Flexible, and Application Aware

OPEN NETWORK ENVIRONMENT

Industry’s Most Comprehensive Networking Portfolio

Hardware + Software Physical + Virtual Network + Compute

Network

PlatformAPIs

Controllers and Agents

Virtual Overlays

Applications

onePKXNC, APIC, APIC EMOpenFlow, ACI

N1KV Enhancements


Innovation Manageability

onePK – “Deep Programmability”

App

CJava

IOS

Events

AppEEM (TCL)Actions

Routing

Data Plane

Policy

Interface

Monitoring

Discovery

CLI

AAA

SNMP

HTML

XML

Syslog

Span

Netflow

CDP

Routing Protocols An

yth

ing

yo

u c

an

th

ink

of

Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 7

App=QoS

Simple Packet Forwarding Hardware



App=DDoS App=BGP_LS

Simple Packet Forwarding Hardware Simple Packet

Forwarding Hardware

Network Operating System = OpenFlow Controller

1. OpenFlow

Understanding Controller Approach – SDN “Re-factoring” McKeon’s View

7

FlowTable

FlowTable

FlowTable

FlowTable

FlowTable


OpenFlow Basics Flow Table Entries – Beyond Destination MAC or IP

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

L4sport

L4dport

Rule Action Stats

1. Forward packet to zero or more ports2. Encapsulate and forward to controller3. Send to normal processing pipeline4. Modify Fields5. Any extensions you add!

+ mask what fields to match

Packet + byte counters

8

VLANpcp

IPToS

[OpenFlow is just a forwarding table management protocol]You have to have an app to tell OpenFlow what to program on the table


OpenFlow Controller Provides Topology (Map) to NB Applications


Emerging Hybrid Model

Controller


Cisco eXtensible Network Controller (XNC) &OpenDaylight


Cisco Extensible Network Controller (XNC)Industry’s Most Extensible Controller Architecture based on OpenDaylight

REST

Core Functionality

Cisco Advanced Functions

Cisco Apps Customer Apps ISV Apps

Network Infrastructure

JAVAMore

Coming

onePKOpenFlow MoreComing

Open Src Apps

Extensible, Modular Architecture

Core developed on OpenDaylight

Advanced Functionality for Production Deployments::

Applications

Extensibility allows the Controller to support a wide variety of use cases with topology-specific Apps and south-bound plug-ins

Monitor Manager

Transit Selection

Network Slicing

• Advanced Flow Management

• Flow Based Troubleshooting

• Role Based Authentication

• onePK Support

• Scalabilty

• Advanced GUI

• Cisco TAC support

Service Abstraction Layer (SAL)


Southbound APIs

Physical and Logical Topology Manager

Device Manager

Host Tracker ARP Handler

Forwarding Rules Manager

Dijkstra SPF L3 Interface

Advanced Infrastructure

Java B

un

dle

H/A

NETWORK DEVICES

OF 1.xOnePK*

Troubleshooting

Comprehensive Production Network

SupportIntegrated Slicing and

Custom Forwarding

Advanced GUI with Extended Features

Cisco eXtensible Network Controller ArchitectureBased on Java OpenDaylight

Service Abstraction Layer (SAL)

Dynamic Protocol Plugins

Advanced Analytics and Services via Cisco Intelligence

Authentication Monitor Manager

Topology Independent Forwarding (TIF)

Controller Applications

Slice Manager

Advanced Components

Cisco GUICisco XNCNorthbound APIsOSGI RESTful

Cisco Sourced Customers 3rd Parties

Network Applications

Expansion of Services from OD

Code Base

*onePK Plugin will be available post XNC 1.0 GA


Controller Use Cases

Network Segmentation(a.k.a. Slicing)

Network Partitioning at higher levels of granularity

Topology Independent Forwarding(Traffic Steering)

Per Flow Control Static or dynamic creation of

business rules using a variety of parameters

Policy based approach of mirroring production traffic to

analysis tools with off-the-shelf switches

Network Tapping( Matrix switch use case)


Implementing Basic Transit SelectionUtilizing Topology Independent Forwarding

Next Migration Step After Monitor Manager

Simple Forwarding Rules for efficient WAN link Utilization

SITE 1 SITE 2

HTTP Request HTTP Request

PUBLIC

EdgeRouters

CAMPUS / INTERNAL

OpenflowOpenflow

Cisco XNC

Transit Selection


Co

ntr

oll

er

Ap

pli

cati

on

sC

on

tro

ller

In

fra

Su

pp

ort

ed D

evic

es

Monitor Manager Topology Independent Forwarding Network Slicing

Cisco XNC Roadmap

OpenDaylight Components• Modular architecture based on OSGi• Northbound API

RESTful API JAVA OSGi

Cisco Extensions• Advanced Troubleshooting• Integrate with external AAA system for RBAC• Secure communication using HTTPS and TLS• High Availability using Active-Active

clustering• User Interface

• Web based GUI

Protocol Plugins OpenFlow 1.0

Devices supported Nexus 3000 Catalyst 6500 (EFT/POC) Catalyst 3850 (EFT/POC) ASR 9000 (EFT/POC) Nexus 7000 (EFT/POC)

XNC 1.0 (Available Now) XNC 2.0 (In Planning) XNC 1.5 (Targeted Jan 2014)

• Monitor Manager Enhancements Q-in-Q support GUI/Usability Enhancements Slice aware

• Hosting support in Nexus 3000/3100 LXC container

• Virtual Patch Panel• Inter-DC traffic load balancing

• Improved scalability and Performance• Topology visualization enhancements• TLS Support for onePK plugin• GUI Enhancements for scaling• Usability enhancments

Protocol Plugins added Cisco onePK OpenFlow 1.3 plugin (EFT/POC)

Added Device Support Nexus 3100

• High Resolution – Latency Based Forwarding• Physical + Virtual + Service Chaining• Integration with SP Controller• BigData/Hadoop related use cases• Integration with Openstack• Coordinated Threat Control

OpenDaylight Components• Migrate to Hydrogen release code base• Model Driven SAL

Cisco Extensions• New UI framework• GUI Enhancements• Usability enhancments

Protocol Plugins added OpenFlow 1.3 , PCEP/BGP-LS, OVS-DB, NetConf,

SNMP CLI

Added Device Support Nexus 3548, 5000, 6000, 7000 Nexus 9000 (Investigating) ASR 9000 Catalyst 6500 Catalyst 3850


Cisco XNC: Web Interface LayoutTabs based on functionality and/or

applications


Network Slicing Screenshot Slice specific NetworkView


Topology Independent Forwarding: custom property policy


What is Project Daylight?Daylight is an open source project formed by industry leaders and others under the Linux Foundation with the mutual goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common vendor supported framework.

Platinum Gold Silver

10 full-time DevelopersCisco – 20 Developers!

http://www.linuxfoundation.org/


OpenDaylight Controller: OpenSource Approach

Pre-Hydrogen Release

Beyond OF – i.e. Openstack Plugin using OVSDB


Application Policy Infrastructure Controller (APIC)


Industry Trends

New operational models are driving the need for infrastructure change.

DevOps

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=nHdp2m4SyBlSpM&tbnid=xvW5OgLShMn41M:&ved=0CAUQjRw&url=http://www.userlogos.org/node/8164&ei=ylr1UdizOqauiAKDvYG4BA&psig=AFQjCNE6A98UvYpPg1_xxTgSQ2tM32E63A&ust=1375120421879310

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=SBfe-UvLO-7nyM&tbnid=uJqveg0DgweY5M:&ved=0CAUQjRw&url=http://www.cloudave.com/11886/some-lessons-from-aws-outage/&ei=_lr1UfrrEcipiAKrhYCwAw&psig=AFQjCNH3Ucqp6P-jx_lt_wIv35eGIF-X0Q&ust=1375120506599774

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=rPQXmcOJPahETM&tbnid=3XlfcUWXiUNP3M:&ved=0CAUQjRw&url=http://blog.vizzeco.com/bid/172222/Go-Cloud-Go-Green&ei=MFv1Uaf1PM6ajAKB14GICQ&psig=AFQjCNHk2_XFaV1_W3brAaO-Et_HNBTLQg&ust=1375120544833464

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=aIwIQbCeGKDJ8M&tbnid=1bfEibCVSzDrmM:&ved=0CAUQjRw&url=http://blog.pluralsight.com/2012/03/20/the-transparent-cloud-microsofts-windows-azure-outage-explained/&ei=R1v1UYjcO-q0iwKQioGoAg&psig=AFQjCNFRbZWf2slSj33w4-LLmvbXA6lSHg&ust=1375120580270392

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=cPctdDzdASRheM&tbnid=--BYnDhV_hlkMM:&ved=0CAUQjRw&url=http://www.cloudave.com/16074/paas-is-the-future-of-cloud-services-cloudfoundry-is-ramping-up-big-time/&ei=nFv1UZGBAaPfiAK5qoGYDg&psig=AFQjCNHbEvC7WBmvhMpM6lukFqSjtFbKUg&ust=1375120664176799

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=zftiSDZiCIWQVM&tbnid=XwNgex86Ih8DXM:&ved=0CAUQjRw&url=http://www.userlogos.org/node/5452&ei=Glz1UZTnJ6j7igL8nICYCQ&psig=AFQjCNGH-MY4OoB_w5n-apI4EzIIZOdHXw&ust=1375120781856950

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=HmAFS0ny4lGxiM&tbnid=OSkyaIerV8jaIM:&ved=0CAUQjRw&url=http://www.enplusadvisors.com/&ei=4131UZbPIYOoiQK8rYCACA&psig=AFQjCNHzNJukbzIDbNwhBVwn-oXgR8lVmw&ust=1375121224689944

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=Wb0pTDLLxi-FFM&tbnid=RU3VaeJOrZLe-M:&ved=0CAUQjRw&url=http://www.hadoop-university.com/&ei=Ql_1UaPULOeYiQKlxYH4Bg&psig=AFQjCNFjZQAXLz63fHLhgJkmzHcf5RQLdw&ust=1375121594541486

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=0xhs7wYKNvGODM&tbnid=yFWH4lAjafV3YM:&ved=0CAUQjRw&url=http://www.markus-gattol.name/ws/mongodb.html&ei=d2D1UfbHMqroiwKW9oCgCg&bvm=bv.49784469,d.cGE&psig=AFQjCNHmXtQ4GZYDhsKo1ai6nPZdYnQCgQ&ust=1375121909618908

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=cYmd6thmsM-FyM&tbnid=KJJAMk9-MiMU_M:&ved=0CAUQjRw&url=http://thinkbiganalytics.com/about/big_data_vendors/&ei=mmD1UaXbMeeYiQKlxYH4Bg&bvm=bv.49784469,d.cGE&psig=AFQjCNFRKpTkv7ozt79aLaLjV0oxhQc08w&ust=1375121943327048

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=GICeH8hMhpLJQM&tbnid=vfm4p3oRrlrQFM:&ved=0CAUQjRw&url=http://www.ndm.net/datawarehouse/Greenplum/greenplum-mr&ei=tGD1UZqSKKStigLBuYHgAg&bvm=bv.49784469,d.cGE&psig=AFQjCNEAAXS0YgGCQQS1UagGVIDe050Jbw&ust=1375121968556097

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=5vZpAHpzIp3WGM&tbnid=UrfIWFLWIYLouM:&ved=0CAUQjRw&url=http://www.interclypse.com/partners/&ei=eLcJUtzBBcmSiAKchYDIBA&bvm=bv.50500085,d.cGE&psig=AFQjCNEaF2h7brvDa-rFaKpkn0UigBSPFg&ust=1376454901943150

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=ijD3E3Ryv7q36M&tbnid=iobenYrlBMLbPM:&ved=0CAUQjRw&url=http://docs.opscode.com/chef_overview_server.html&ei=pbcJUtP9L4fJiQK4hYGwCQ&bvm=bv.50500085,d.cGE&psig=AFQjCNFHs72D9_2ioMp_ZuHUj3IOR6-E2w&ust=1376454945436606


Expanding to multiple network services …Complex

Web VLAN App VLAN DB VLAN

Web Subnet App SubnetDB

Subnet

Security Services Routing


Architecture for a Better Infrastructure

Start with Better infrastructure

Open Policy Driven Infrastructure

EfficiencyScaleTelemetry

Policy Based Forwarding

Service InsertionOptimizationApp Awareness

Build a Fabric (Nexus 9000)

Unified API – Unified Information Model (RESTful XML/JSON API)

Hypervisor Network Services

ASA

Network Management, Automation, Orchestration


ACI Introduces Logical Network Provisioning of Stateless Hardware with Application Network Profile (ANP)

ACI FabricNexus 9000 based

Non-Blocking Penalty Free Overlay - eVXLAN

App DBWeb

Outside(Tenant VRF)

QoS

Filter

QoS

Service

QoS

Filter

Application Policy Infrastructure Controller

APIC

Common Policy, Management, and Operations Framework

High Level Policy Driven rather than programming (JAVA, C, Python..).APIs are also provided integrating OpenStack and so on

Policy


Application Policy Infrastructure Controller (APIC) Enterprise Module


EnterpriseApplications

APIC Enterprise Module 1.0 – Formerly known as “ENG” Controller

SAL

REST APIs

EnterpriseServices

Inventory andState

Identity andLocation

ApplicationAwareness

PolicyManagement

QoS

ReservedZTD

ACL

Elastic Infrastructure

CLIOpenflow

Advanced Topology ManagementENG ControllerServices for Day0/1

ApplicationsDay0/1

Applications

AddressesLow Programming

Tolerance

Addresses Brownfield

Support

AddressesScale Out

Requirements


Enterprise ApplicationsRelease 1.0QoS Manager

Utilizes QoS policy templates as inputs to provide network view for interrogation, analysis, compliance, and policy change management

ACL ManagerEnables inspection, interrogation and analysis, and ACL change management including

identification of conflicts and shadow ACLs.

ZTDEnables any network device located anywhere in the network that with a recognizable IP

address to be configured remotely




Other Controllers


Control Plane – The Progression in the WAN• Simplest Form – Control Planes (CP) leverages signaling to automate what is done manually

today.

• Independent IP/MPLS CP• Independent Optical CP – WSON• Wall separating layers• No real information sharing

PMO

• Remove the Wall• Leverage Layered CP• Insert ML Signaling via UNI• Share Relevant Layered Info

Multi Layer CP (nLight)

• Centralize CP• Leverage Layered CP• Application Driven rather

then human driven• Global View

SDN


Virtual Overlay Networks – ”Simple Programmability”Scalable Multi-tenant Cloud Infrastructures – foundation for Secure Hybrid cloud

Nexus 1000V

OpenStack Quantum API REST API

Any Hypervisor

Tenant 1

Virtual Services

vWAAS

VSGASA 1KV

Tenant 3

ASA 55xx

Physical Workloads

Physical (VLAN) Network

VXLAN Gateway

Secure Consistent Experience Across Physical and Virtual Environments

Virtual Workloads

Tenant 2

Nexus 1000V enhancements

• Multi-hypervisor: VMware, Microsoft,

Citrix, RedHat

• OpenStack/REST API

• VXLAN Gateway

VXLAN, vPath

vRouter, Intercloud

*N1K VSM – Controller?


FABRIC


Summary• Cisco continually supports Hybrid OpenFlow architecture through XNC and

OpenDaylight (OpenSource) Controllers.

• Cisco onePK API is supported through XNC and APIC EM (future).

• Insieme Application Policy Infrastructure Controller (APIC) provides “high level policy” driven architecture where “high level policies” are applied to the Fabric seamlessly through APIC. APIC provides various North and Southboud APIs for rich programmability. OpenFlow is on the roadmap for a Southbound API

• APIC EM provides easy applications on the network such as QoS, ACL configuration and management throughout the network.

• Controller technology is evolving throughout the whole Cisco. Network/Fabric will provide network information in order for controllers to make intelligent decisions.

• Question – Can you describe the difference between SNMP and Controller approach?


Thank You

Technology

Cisco Controller Strategy