Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014
Size: px
Start display at page:

Download "Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014"

Transcription

1 Simplify IT With Cisco Application Centric Infrastructure Barry Huang Nov 13, 2014

2 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow sequences of simple, basic instructions Air traffic control tells where to take off from, but not how to fly the plane Cisco Confidential 2 2

3 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow sequences of simple, basic instructions Air traffic control tells where to take off from, but not how to fly the plane Cisco Confidential 3 3

4 AGENDA Challenges and Opportunities Application Centric Infrastructure and Business Benefits What problem are we trying to solve and how do we solve it Open, Open and Open Summary and Q&A Cisco Confidential 4

5 IT Challenges and Opportunities Better alignment of IT with rapidly changing business needs requires dynamic and automated policy-based control of DC and Cloud infrastructure. Technology Transitions CIOs need a model that balances agility & risk. Public Cloud Offerings Brings new and different security and operational challenges/opportunities. IT Processes Policy semantics impede alignment of IT with business Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

6 Introducing: Application Centric Infrastructure Apps + Infrastructure Open + Secure Physical + Virtual On-Premises + Cloud Application Oriented Policy = Operational Simplicity 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

7 Application Centric Infrastructure Customer Business Benefits Deploy applications faster Workload mobility Higher application availability Compliant and secure CapEx reduction Single open API for entire system Network Service Appliances H Y P E R V I S O R X86 Multi-Hypervisor H Y P E R V I S O R H Y P E R V I S O R Customer Operational Benefits Application Centric Infrastructure East-West optimized for all workloads Risk mitigation Better utilization of resources Operational efficient / zero touch deployment and de-commissioning Self documenting network Simplified day-2 troubleshooting OpEx reduction X86-Virtual Machines & Virtual Appliances X86 Servers Unix Systems P and Z systems IP Storage 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

8 Challenges in the Network Cisco Confidential 8

9 VLAN Design Broadcast Boundaries Application Tier Separation IP Address Management ARP Load Storm Control Traffic Steering Service Insertion Security Enforcement Cisco Confidential 9

10 Spanning Tree Design Loop Prevention, and sometimes Self-DoS Half the ports are blocked Root function on the Aggregation Layer Root is protected through lockdown Convergence may be 30 seconds or more STP is protected by hosts through lockdown Cisco Confidential 10

11 Layer 3 and Gateway Services Active/Standby with FHRP Active/Active with vpc SVI at the Aggregation Layer Inter-VLAN Routing at the Aggregation Layer Cisco Confidential 11

12 Security and QoS Design ACLs are QoS are static Tied to interfaces, switches Enforced based on IP or MAC addresses Traffic has to be bridged through Firewalls and Load Balancers Policy remains after applications are deprecated Cisco Confidential 12

13 Virtual Network Infrastructure and Overlays Managed in Silos Blind to physical topology and bandwidth capacity Unaware of hot spots and congestion Creates two discrete policy domains Complicates troubleshooting Gateways complicate transport between physical and virtual resources Backbone Virtual View Network Engineer Network Access Policy Physical View vswitch vswitch vswitch vswitch Systems Engineer Cisco Confidential 13

14 Network Policy Management Challenges Programmable API Tcl Python JSON/XML Bash/Broadcom Shell Configuration Management Orchestration Management OpenStack CloudStack UCS Director Cisco Confidential 14

15 Two Types of Languages Infrastructure Language App Language VLAN IP Address Subnets Firewalls Quality of Service Load Balancer Access Lists Human Translator Application Tier Policy and Dependencies Security Requirements Service Level Agreement Application Performance Compliance Geo Dependencies Cisco Confidential 15

16 Data Center Automation Manual versus Policy Driven Architect it Design it Procure it Install it Configure it Secure it QA it Is it ready? Architect it Design it ACI Policy Driven Is procured Is installed Is configured Is secured Is QA d It is ready Service Request 2014 Cisco and/or its affiliates. All rights reserved. ARCHITECT DESIGN COMPUTE Application SERVICES SECURITY NETWORK Available Application Available Cisco Confidential 16

17 Data Center Automation and IT Collaboration Today: Serialized Configuration and Management MANUAL PROCESS LEADS TO INCREASED DEPLOYMENT TIMES Application Requirements COMPUTE SERVICES NETWORK SECURITY Successful Deployment Deployment Trigger Configuration Mismatch Policy Violation Service Request 2014 Cisco and/or its affiliates. All rights reserved. ARCHITECT DESIGN COMPUTE SERVICES SECURITY NETWORK Application Available Cisco Confidential 17

18 Data Center Automation and IT Collaboration ACI: Common Policy Framework and Operational Model POLICY-BASED AUTOMATION Deployment Trigger STORAGE SECURITY Application Requirements COMPUTE Application Policy NETWORK Defined set of application requirements APPLICATION CLOUD Team builds application policy and template Operations team deploys with minimal risk and maximum speed Service Request ARCHITECT 2014 Cisco and/or its affiliates. All rights reserved. DESIGN Application Available Cisco Confidential 18

19 A new common language to describe desired state is needed Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

20 An Innovative Approach to Policy Provided Contract Provided Contract Provided Contract OUTSIDE F/W ADC WEB ADC APP DB What is an application policy? Group: A set of virtual or physical workloads with the same policy Contracts: A set of rules governing communication between groups Service Chains: A set of network services between groups Cisco Confidential 20

21 Policy is Business Relevant Application Centric Infrastructure (ACI) allows the entire infrastructure to take commands in a business-relevant language. ACI Policy Aligned with Applications Traditional Policy Aligned with.? Let my app servers talk to my web servers. 1. Figure out where app lives in physical net 2. Trunk VLAN 112 to switch Add route. 4. Plumb ports Configure ACL 6. Apply QoS 7. Repeat every time app moves or needs more capacity Cisco Confidential 21

22 The Benefits of an Application Centric Policy Application Workload Mobility TENANT APPLICATION Health Score Health Score Systems Telemetry 0 Packets dropped 25 Packets dropped Systems Telemetry Latency Latency Isolation Isolation CONSISTENT VISIBILITY ACROSS CLOUD AND DC Cisco Confidential 22

23 Simplify IT Combining Public and Private Cloud Enterprise Cloud APIC Provider Cloud F/W WE AP ADC L/B WEB ADC L/B APP DB B P InterCloud Secure Connection WE F/W ADC L/B WEB ADC L/B F/W BWE ADC L/B WEB ADC L/B F/W BWE ADC L/B WEB ADC L/B B AP APP P AP APP P AP APP P Consistent ACI Policy Across Public and Private Clouds Cisco Confidential 23

24 Open Open Source, Open Standards, Open Interfaces 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

25 Opening the ACI Policy with OpFlex OPFLEX PROTOCOL + ECOSYSTEM APIC OPEN SOURCE Open source implementation available to anyone OPFLEX STANDARD Upcoming OpFlex standard through IETF L4-7 DEVICE HYPERVISOR SWITCH ECOSYSTEM Broad, growing vendor support including hypervisor, network, and L4-7 DELIVERING INVESTMENT PROTECTION BY ALLOWING ANY DEVICE TO INTEGRATE WITH CISCO ACI Cisco Confidential 25

26 Open: APIC Programming Interfaces Automation Hypervisor Management OVM Enterprise Monitoring Systems Manageme nt Orchestration Frameworks Open REST APIs Support Integration With Any Software Applications NORTHBOUND PROGRAMMABILITY LAYER APIC OpFlex: Open Fabric Attached Device API Supports Integration with Any Network Device SOUTHBOUND PROGRAMMABILITY LAYER Cisco Confidential 26

27 The ACI Fabric HYPERVISOR HYPERVISOR HYPERVISOR Cisco Confidential 27

28 Zero Touch Provisioning Topology Discovery via LLDP using ACI specific TLV s (ACI OUI) Loopback and VTEP IP Addresses allocated from Infra VRF via DHCP from APIC VTEP VTEP VTEP VTEP APIC Zero Touch Provisioning Fabric Discovery and Addressing Image Management Topology validation through wiring diagram and systems checks Cisco Confidential 28 28

29 Summary: Our Direction Data centers and cloud network infrastructures, both physical and virtual, will no longer be configured, will not be software defined (or programmed), but instead will be Policy Driven and Application Centric. Cisco Confidential 29

30 Thank you.

31 End Point Scale Nexus 5500 Nexus 5600 APIC ACI Fabric Nexus 9300 Nexus 6004 Nexus 7k + F2 Nexus 7k + F3 Nexus 7k + M2 16,000 32,000 64, ,000 MAC Address Table Size 256,000 1,000,000+ Scalability Cisco Confidential 31

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information