SDN im Data Center. Ciscos Antwort auf neue Anforderungen im Data Center. SI Fachgruppe Networks and Cloud Services

Transcription

1 SDN im Data Center SI Fachgruppe Networks and Cloud Services Ciscos Antwort auf neue Anforderungen im Data Center Rolf Schaerer, CCIE / CCDE Consulting Systems Engineer roschaer@cisco.com Mai 2015

2 Agenda Past and Future DC in networks SDN - Software Defined Networking Cisco Application Centric Infrastructure 2

3 Cisco Data Center Strategy & Vision Defined by Applications. Driven by Policy. Delivered as a Service / Solution BUSINESS REQUIREMENTS Policy Policy Network Policy Compute Cloud BUSINESS OUTCOMES Business Agility New Business Models Lower TCO 3

4 Past and Future Network Designs 4

5 Past Network Designs 2-Tier (collapsed) or 3-Tier Network Design Routing on Access or Aggregation Loop-Free Topology with vpc (MLAG) Spanning Tree as a loop prevention 5

6 Data Center and Cloud Top Challenges Business Expectations in the new era Manage IT Change Cloud Strategy New Application Architectures Security and Compliance Cloud Mobile Social Shadow IT Cloud DevOps Flat IT budgets Deliver IT-as-a- Service Consistently Across Public and Private Clouds Big Data /Analytics Cloud-Scale Apps Securing Data Within DC and Across Clouds Bi-Modal IT Hybrid Clouds Data Insights Pervasive Security 6

7 What s Bi-Modal IT? Think Marathon Runner Think Sprinter 7

8 How Datacenter Networks need to evolve Distributed Fabric Based Application Driven Cloud Cloud Monitoring Apps Programmable Provisioning Apps Networking End- Apps User Apps Provisionable Fabric L2, L3 Compute Compute Storage Storage Services Services L2, L3 Compute Compute Storage Storage Services Services Integrated Fabric and Cloud World of Many Clouds Manual Provisioning Policy-based Provisioning Service-centric Provisioning Limited scaling Scale Physical and Virtual/Cloud Flexible Anywhere, Anytime Rack-wide VM mobility DC-wide/Cross-DC VM Mobility Cross-cloud VM Mobility 8

9 SDN Software Defined Networking 9

10 Openflow!= SDN Openflow Software Defined Networking Openflow is just one flavor of SDN 10

11 Cisco ONE: Open Network Environment Leverage Network Value Software Defined Networking Policy & Intent Applica-ons Network Intelligence, Guidance Harvest Network Intelligence Services Orchestra-on Analy-cs Programmability Network Stats, State & Events 11

12 Network Programmability Models 1 Programmable APIs Applications 2 Classic SDN Applications 3 Network Virtualization/ Virtual Overlays Applications 4 Policy Intent Control Applications Vendorspecific APIs Control Plane Vendorspecific APIs Virtual Control Plane Virtual Data Plane Policy Controller Vendorspecific APIs OpenFlow and/or Vendor specific Overlay Protocols Vendorspecific APIs Policy Plane Control Plane Data Plane Data Plane Control Plane Data Plane Control Plane Data Plane 12

13 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow sequences of simple, basic instructions Air traffic control tells where to take off from, but not how to fly the plane 13

14 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow sequences of simple, basic instructions Air traffic control tells where to take off from, but not how to fly the plane 14

15 15

16 Application Policy Model & Instantiation Application Client Application Policy Model: Defines the application requirements (Application Network Profile) Web Tier App Tier Storage DB Tier Storage Policy Instantiation: Each device dynamically instantiates the required changes based on the policies VM VM VM VM VM VM VM APIC All forwarding in the fabric is managed via the Application Network Profile IP addresses are fully portable anywhere within the fabric Security & Forwarding are fully decoupled from any physical or virtual network attributes Devices autonomously update the state of the network based on configured policy requirements 16

17 What s really different? Agility Network configuration is dynamically instantiated on devices System Level management no more box by box configuration Day 1 readiness for orchestration integration Visibility Real-time application visibility Continuous latency measurement of all path within the fabric Simplicity Security & Forwarding are fully decoupled from IP address IP addresses are fully portable anywhere within the fabric Consistent policy for virtual and physical workloads Easy & flexible integration of Layer 4-7 elements 17

18 Cisco Application Centric Infrastructure 18

19 ACI Fabric Fabric Spine Nodes 16 Slot Modular* 8 Slot Modular 4 Slot Modular (Modular ACI Spine LC is X p 40G QSFP+ ) Fixed Spine (36 ports) APIC APIC APIC APIC Appliances Fabric Leaf Nodes 4, 8 & 16 slot Modular* 48 x 1/ x 40G 96 x 1/ x 40G Variety of 1 & 2 RU form factors* 19 * Not all form factors are supported yet, please consult the release notes

20 Application-Centric Networks What is an Application as seen by the network? More than just a VM or Server It s the End Points of the Application + The Application s L2 L7 Network Policies + The Relationship between these End Points and their Policies Application Web Tier Network App Tier Profile DB Tier End Points End Points End Points QoS QoS QoS External Network Service Service Service Filter Filter Filter application-centric network policy 20

21 Defining Application Logic Through Policy Application Communication Application communication can be defined as who is allowed to talk to whom. Provides Web Services Users Web Farm App Servers DB Farm Consumes Web Services Consumes App Services 21

22 Defining Application Logic Through policy Contracts for Policy Contracts are used to define relationships. 22

23 Defining Application Logic Through policy Policy Model Comparison Current Policy Definition Policy Based on Contracts Rules SLAs Actions L4-7 Security QoS 23

24 Defining Application Logic Through policy Defining Provider Consumer Relationships DB Farm 24

25 Defining Application Logic Through policy Defining Provider Consumer Relationships DB Farm 25

26 ACI and Today s 3-Tier applications Web App Network Profile The Application App DB Outside Client(s) QoS QoS P P P QoS Filter Service Filter P = Defined Policy Could be many VMs Could be mix of physical/virtual machines Mostly physical resources 26 26

27 Application Policy Infrastructure Controller Centralized Automation and Fabric Management Data Model based declarative provisioning Application, Topology Monitoring, & Troubleshooting 3rd party Integration (L4-L7 Services, Storage, Compute, WAN, ) Layer 4-7 Open RESTful API Policy-Based Provisioning System Management APIC Storage Management Storage SME Orchestration Management Server SME Network SME Security SME App. SME OS SME APIC is not in the data path 27

28 Ex. 1: Applications & Software development Monolithic Apps versus Cloud App with Distributed Data Core Enterprise Workloads Cloud-Scale 3-Tier Network B-Series IaaS (if any) ACI / SDN C & M-Series PaaS SCM ERP/Financial Legac y CRM Emai l Online Content Gaming Mobile IoT ecommerce Single Server Server Single Server Single Application Hypervisor Many Applications Many Servers Many Applications Many Servers 28

29 Ex. 2: Applications & Network ACI is the foundation for any application type and Complements, Enhances and/or Replaces Any Other SDN Offering Bare Metal Applications AND / OR Virtualized Applications Software Overlay Solution Optional (yet not needed) Software Overlay ACI Fabric Just another application! 29

30 Ex.3: Security - FirePOWER & ACI Automated Security with Advanced Protection ATTACK CONTINUUM Consistent Protection for ANY Workload, 24 x 7 BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Group Policy based Segmentation, Isolation Granular Application Visibility & Control Automated Security Service Insertion (NGIPS, NGFW) Superior Visibility & Threat Detection Micro-Segmentation for Quarantine Advanced Malware Protection & Remediation Perimeter Security VM Security Secure Cloud Access Application Security 30

31 The Road to ACI (I) Operations Evolution APIC Policy Evolution Policy Zone A Policy Zone C Policy Zone B App App Element App Element App Element App Element App Element App Element App Element App Element App Element App Element App Element App Element App Element Element Component Evolution vpc vpc vpc 31

32 The Road to ACI (II) Investment Protection with vpc Standalone VXLAN Fabric ACI Fabric Network Mode ACI Fabric Application Mode L3 VNID1001 VNID1002 VNID1003 Application Policy Application Policy VLAN10 VLAN11 VLAN12 VLAN10 VLAN11 VLAN12 VLAN10 VLAN11 VLAN12 WEB APP DB Investment in Nexus 9000 Platform Prepared to be ready to switch to ACI Modern L3 routed Fabric with VXLAN Use Device-Specific API s Centralized Management through APIC Still use your existing Zone-Based Security Design Start to migrate single Applications into separated Application Network Policies Full ACI Benefits 32

33 Summary & Outlook 33

34 ACI & UCS are unique as the foundation for the App market transition ACI supports physical, virtual and container based workloads as well as API and code / library based consumption. Allows business to change app models at their speed. Traditional Monolithic Multi-tier App Cloud-Aware App ACI & UCS 34

35 What We re Doing - Expanding Our Cloud Portfolio Native Cloud Applications Big Data & Analytics IaaS PaaS Microsoft Suite aas HCS DRaaS Enterprise Workloads Partner Clouds APIs Enterprise Private Clouds Portal InterCloud Fabric Public Clouds Collaboration & Video Cisco Cloud Services APIs WebEx Meraki HCS Security Analytics HANA aas vdesktop aas IOE aas 35

36 Application Centric Infrastructure Embracing SDN and Going Beyond Centralized Point of Management POLICY: Centralized Application-Level Policy VISIBILITY: System-Wide Visibility, Telemetry, Health OPENESS: Open Source / APIs / Standards Physical/ Virtual SECURE: Security and Scale EXTENSIBLE: Hypervisors, L4-7, Storage, Compute 36

37

38 Resources 38

39 Additional resources Cisco Application Centric Infrastructure Cisco ACI Ecosystem SDN for dummies (ebook) 39