NETWORK ORCHESTRATION AND AUTOMATION WITH SOFTWARE DEFINED NETWORKING. Christopher Feussner Systems Engineer WHD.global 2014, 03.04.

NETWORK ORCHESTRATION AND AUTOMATION WITH SOFTWARE DEFINED NETWORKING Christopher Feussner Systems Engineer WHD.global 2014, 03.04.2014

Agenda Software Defined Networking Technologies SDN Use Cases OpenFlow Network Function Virtualization Orchestration 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 3

Software Defined Networking Technologies Functional Definitions 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 4

Software Defined Networking 3 Areas SOFTWARE NETWORKING TECHNOLOGIES OpenFlow Separation of control and data plane Control Plane agnostic to the underlying hardware Network Programmability Hardware in Software (NfV) Virtualization of networking components Commodity hardware x86 Cost, flexibility, agility Integration with higher-order Orchestration platforms OpenStack, CloudStack, vcloud Director API interaction with network elements Vendor Independence 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 5

Programmatic Control OpenFlow A NEW POINT OF INNOVATION FOR NETWORK FUNCTIONALITY Features Device OS Hardware Customer/Vendor/Partner Applications Network Controller The biggest innovation since Ethernet: OpenFlow from distributed to centralized Control Plane allows dramatic reduction in complexity due to End-to-End topology knowledge Applications OS Hardware Applications Applications OS Hardware OS Hardware OS OS Hardware OS Hardware VCS further reduces management complexity OS Hardware Hardware Traditional Network OpenFlow based Network 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 6

Network Functions Virtualization A COMPOUND DISRUPTION Virtual machine-based or Bare Metal Leverages server performance Open systems Automation (Templates) Virtualizing the networking components as a Service Routing, Firewall/Security, Load-balancer Cloud Service Provider model Motivation for Telcos (SP) to move to the CSP model 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 7

Overlay and Underlay SOFTWARE NETWORKING TECHNOLOGIES An Overlay is a virtual network built on top of an underlying network infrastructure (the Underlay) Overlays are defined by the NVO3 Working Group Guarantees traffic segregation for users (tenants) Allows dynamic placement of end stations (/Servers) and does so independently of the underlay Supports address space independent of the tenants Current Overlay Protocols VXLAN NVGRE STT 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 8

Orchestration Layer SOFTWARE NETWORKING TECHNOLOGIES Orchestration is a control layer above the available networking resources that allows for centralized control Openstack, Is aware of all networking resources. Another layer of control (e.g. DNRM) Uses overlay and control language like Openflow to manipulate, monitor and control Northbound API for higher level control Southbound control neutron Orchestration layer Openstack Cloudstack 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 9

Network Simplification Through Innovation PHYSICAL / traditional VIRTUAL / today VXLAN NVGRE SDN Neutron STT Open APPLICATIONS, CloudID TOOLS, TECHNOLOGIES OpenFlow OpenStack Programmatic Provisioning, Management, and Control Scalability Scalability The next generation Data Center Infrastructure 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 10

Network Simplification Through Innovation ETHERNET FABRIC IS THE FOUNDATION FOR SDN AND VIRTUALIZATION SDN Network Virtualization Programmatic Control Cloud Orchestration Efficient Infrastructure Virtualization-aware Flat topology Frame-based load balancing Layer 1/2/3 multipathing Scalable Control Fabric-level API for service creation OpenFlow support Single point of access Simplicity Through Automation Self-forming fabric Logical chassis Automatic discovery OpenStack plug-in 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 11

SOFTWARE ON RIGHT DEMAND CLICK, DEFINED DATACENTER X86 SERVER X86 Virtualization L2-7 NETWORK NfV GEAR ROUTING PROGRAMMATIC OpenFlow & POLICY ORCHESTRATION API AUTOMATION Openstack DAYS MINS MINS DAYS MINS MINS DAYS DAYS & Virtual ADX HYBRID MODE 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 12

SDN Use Cases SDN Will Evolve Through Value-Added Applications 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 13

WAN Network Virtualization Traditional L2/L3VPN-IP Network with OpenFlow Overlay Protection Layer Traditional WAN Management OpenFlow Overlay WAN SDN Controller Traditional L2/L3VPN, IP OpenFlow as an overlay to existing network Allows for new revenue-generating features on top of existing production network Enabled by Brocade s Hybrid port mode OpenFlow and traditional features enabled concurrently on same router ports DC 1 DC 2 WAN Physical Infrastructure Protected Hybrid Port Mode OpenFlow does not affect Traditional traffic Protection in hardware Allows for initial OpenFlow overlay service development without risk 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 14

Internet2 BROCADE OPENFLOW ENABLED 100G NATIONWIDE BACKBONE Olympia Portland Eugene Sacramento Sunnyvale San Luis Obispo Los Angeles San Diego Seattle Reno IP router node Spokane Bozeman Boise Las Vegas Optical add/drop facility Missoula Salt Lake City Phoenix Tucson Billings Miles City Dickinson Denver Albuquerque El Paso Bismarck Minneapolis Kansas City San Antonio Fargo Houston (2) Chicago (3) Tulsa Dallas Madison Memphis St. Louis Jackson Baton Rouge Detroit Chattanooga Nashville Buffalo Cincinnati Louisville Cleveland Indianapolis Ashburn Atlanta Pittsburgh Charlotte Albany Philadelphia Boston New York (2) Washington DC Raleigh Jacksonville Internet 2 Exchange Point 49 Custom Location Facilities 15,500 miles of dark Fiber 8.8 Tbps of Optical Capacity Hybrid Mode with protected OpenFlow traffic 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 15

Services Creation & Insertion SDN automates Traffic steering to achieve desired pipeline of services Customization of services according to customer needs Optimizes use of network resources No need to steer traffic through traffic steering appliances Services Insertion App + SDN Controller ADC FW Cache Services OpenFlow router 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 16

SDN Approach to Network Analytics Unlocking Advanced Operational Intelligence Why network analytics is important Real-time network statistics collection & alerting Summarization of normal and abnormal traffic Detect network performance issues in advance of customer complaints Use cases Internet/Mobile traffic analysis: Facebook, Youtube, Email, Big Data analysis Detection of unlawful content Network Analytics App Network Analytics App Network Analytics App 3 rd Party Analytic Tools RESTful APIs SDN/OpenFlow Controller Physical Network OpenFlow + RESTful APIs Tool 1 Tool 2 Tool 3 Tool 4 Tool 5 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 17 17

Data Center Network Virtualization Scalable Cloud Services Customer A Customer B Customer c PHY PHY PHY PHY PHY PHY Tunnels enable physical network abstraction (logical network) VxLAN, NVGRE, STT Software Switches (es) connect virtual machines server Tunnels DC Logical Networks DC Physical Infrastructure ToR server ToRs connect physical machines SDN Gateways enable scalable connectivity into the logical network PHY PHY PHY 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 18

Layer 2-4 DDoS Attack Detection/Mitigation Future Mode of Operation DDoS Attacks -- Layer 2-4 large flow! examples below a. UDP Flood (DNS, SNMP, NTP etc.) Attack - <Destination IP address>, UDP Protocol, UDP Port b. Classic Large flow (IP 5 tuple), e.g. P2P OpenFlow-hybrid QoS actions independent of forwarding Reference: IETF I2RS Working Group Draft- https://ietf.org/doc/draft-krishnan-i2rs-large-flow-use-case/ 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 19

Early SDN deployments Network 1 Network 2 Network 3 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 20

Empowering SDN Vyatta Software Routers keep traffic local Deploy additional routers under orchestration control Network 1 Network 2 Network 3 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 21

Virtual Data Center Vyatta as a Tenant Edge Router Tenant A Tenant B Tenant C Vyatta Vyatta Vyatta Tenant Edge Router Compute Resources Ethernet Fabric Layer Secure multi-tenant DC Core Layer Internet Site to Site VPN Site to Site VPN Site A Site C Web traffic (port 80/443) 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 22

Public Cloud Vyatta as a Secure Virtual Cloud Gateway Router Public Cloud Enterprise Data Center Site to Site VPN Vyatta Virtual Private Cloud Tenant B Private Cloud Vyatta Public Cloud IPSec & SSL VPN Advanced Routing L3 or L2 extension to VPC Site to Site VPN Vyatta Virtual Private Cloud Tenant C 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 23

Vyatta Use Cases Data Center in a Box INTERNET 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 24

Cloud Orchestration OpenStack ENABLING NEW LEVELS OF INNOVATION Open source cloud management framework for private and public clouds Your Applications Created by Rackspace and NASA in July 2010 Allows any organization to create and offer cloud computing capabilities using open source software OpenStack Dashboard Compute Networking Storage OpenStack Shared Services Standard Hardware 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 25

Cloud Orchestration - Multitenant Provisioning OpenStack and Brocade APIs Brocade s entire data center portfolio supported in OpenStack Open device APIs based on NETCONF (today) and RESTful APIs (mid-2014) Brocade VCS fabric automation and OpenStack orchestration dramatically decrease time-to-deploy network capacity OpenStack Scalable & Open Cloud APIs Vyatta vrouter MLX 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 26

Brocade VCS & ware NSX Solution Overview and Components 3 VTEP Mgmt 1 2 VCS Fabric: Efficient, resilient network foundation VXLAN Gateway: Bridges virtual and physical infrastructure (VDX 6740/6740T) INFRASTRUCTURE 1 VxLAN Tunnels VTEP 2 VTEP 3 Ware NSX: Network provisioning and automation Virtual VTEP VSwitch VSwitch Physical Server Storage Services 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 27

Load Balancing as a Service with OpenStack Applications OpenStack Dashboard SELF SERVICE NETWORK RESOURCES ON DEMAND Provision and decommission pools of load balancing resources (LBaaS) ondemand Deliver LB services and provide data mobility across private and public clouds seamlessly Compute Networking Neutron Plug-in For LBaaS ADX / Virtual ADX Storage 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 28

OpenStack Powered Cloud Solutions Ecosystem Delivering Enterprise-class Cloud Deployments Support OPENSTACK ECOSYSTEM Software Rackspace s Private Cloud Certified, Managed, Supported Stacks Enterprise-grade OpenStack Distro Hardware Raw OpenStack Open Source Brocade Plugins Brocade API Extensions System Integration Compute Brocade Networks Storage 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 29 29

Software Defined Data Center (SDDC) EVOLVING THE ON-DEMAND DATA CENTER Applications & Services BUSINESS LOGIC APPLICATIONS & SERVICES CLOUD ORCHESTRATION Programmatic Control NETWORK CONTROLLER ware NSX (Nicira) OpenDaylight SERVER AND STORAGE CONTROLLERS Storage Management Compute Management Virtual Infrastructure NETWORK Network Virtualization STT VxLAN NETWORK FUNCTIONS Layer 2-7 Functions Virtual Appliances: Security, ADC, etc. SERVER Virtual Machines ESXi HyperV Xen K STORAGE Software-defined Storage Storage- Hypervisor vappliance vvolumes Network Management OpenStack ware vcloud Suite Etc. NVGRE Physical Infrastructure NETWORK COMPUTE STORAGE Ethernet Fabric, L3 Router Fibre Channel SAN Appliances: Security, ADC, etc. Rack Skinless Blade Appliances Arrays DAS Flash Appliances 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 30

Questions? 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 31

Thank you! http://www.software-defined-network.com/ 2014 Brocade Communications Systems, Inc. - Company Proprietary Information 32