SDN-enhanced Services in Enterprises and Data Centers

Similar documents
Cloud Networking an Enterprise View

Meridian: An SDN Platform for Cloud Network Services

Virtualization, SDN and NFV

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014

Software-Defined Networks Powered by VellOS

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Software Defined Network (SDN)

A Look at the New Converged Data Center

DCB for Network Virtualization Overlays. Rakesh Sharma, IBM Austin IEEE 802 Plenary, Nov 2013, Dallas, TX

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

Building an Open, Adaptive & Responsive Data Center using OpenDaylight

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Cloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam

VMware vcloud Networking and Security

Software Defined Environments

Network Virtualization: Delivering on the Promises of SDN. Bruce Davie, Principal Engineer

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Software-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Shifting Roles for Security in the Virtualized Data Center: Who Owns What?

How To Build A Software Defined Data Center

What is SDN all about?

Group-Based Policy for OpenStack

ViSION Status Update. Dan Savu Stefan Stancu. D. Savu - CERN openlab

VMware vcloud Networking and Security Overview

SOFTWARE DEFINED NETWORKING

SDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network

How Network Virtualization can improve your Data Center Security

Pluribus Netvisor Solution Brief

Unleash the power of Cisco ACI and F5 Synthesis for Accelerated Application deployments. Ravi Balakrishnan Senior Marketing Manager, Cisco Systems

PLUMgrid Open Networking Suite Service Insertion Architecture

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

The promise of SDN. EU Future Internet Assembly March 18, Yanick Pouffary Chief Technologist HP Network Services

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

Software Defined Networks

Enterprise Data Center Networks

Analysis of Network Segmentation Techniques in Cloud Data Centers

The real SDN Power Materializes itself with Application Defined Networking

Designing Virtual Network Security Architectures Dave Shackleford

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Stanford SDN-Based Private Cloud. Johan van Reijendam Stanford University

Virtualized Network Services SDN solution for enterprises

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

SDN Solutions ~SDN for Carrier Data Center~ November, 2013 NEC Corporation

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

Network Technologies for Next-generation Data Centers

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

Technical white paper. Realizing the power of SDN with HP Virtual Application Networks

SDN Applications in Today s Data Center

Panel : Future Data Center Networks

Network Virtualization Network Admission Control Deployment Guide

The Promise and the Reality of a Software Defined Data Center

OpenFlow and Onix. OpenFlow: Enabling Innovation in Campus Networks. The Problem. We also want. How to run experiments in campus networks?

What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates

vcloud Suite Architecture Overview and Use Cases

Business Values of Network and Security Virtualization

Virtualized Network Services SDN solution for service providers

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

TECHNOLOGY WHITE PAPER. Correlating SDN overlays and the physical network with Nuage Networks Virtualized Services Assurance Platform

Leveraging SDN and NFV in the WAN

Scalable Network Monitoring with SDN-Based Ethernet Fabrics

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Boosting Business Agility through Software-defined Networking

IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery

Netzwerkvirtualisierung? Aber mit Sicherheit!

Network Virtualization for the Enterprise Data Center. Guido Appenzeller Open Networking Summit October 2011

The Path to the Cloud

Network Services in the SDN Data Center

How To Orchestrate The Clouddusing Network With Andn

Journey to the Private Cloud. Key Enabling Technologies

Network Virtualization and Software-defined Networking. Chris Wright and Thomas Graf Red Hat June 14, 2013

Lecture 02b Cloud Computing II

How To Manage A Virtualization Server

How To Understand The Power Of The Internet

Ethernet-based Software Defined Network (SDN)

Software Defined Networking A quantum leap for Devops?

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

SDN. What's Software Defined Networking? Angelo Capossele

OpenFlow/SDN for IaaS Providers

Tutorial: OpenFlow in GENI

IBM Bluemix. The Digital Innovation Platform. Simon

Software Defined Networks Virtualized networks & SDN

Evolution from the Traditional Data Center to Exalogic: An Operational Perspective

Open SDN for Network Visibility

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Huawei Enterprise A Better Way VM Aware Solution for Data Center Networks

Simplifying Private Cloud Deployments through Network Automation

Software Defined Networking What is it, how does it work, and what is it good for?

BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

Bring your virtualized networking stack to the next level

Transcription:

Anees Shaikh IBM TJ Watson Research Center SDN-enhanced Services in Enterprises and Data Centers Collaboration with Mohammad Banikazemi, Salman Baset, Jack Kouloheris, David Olshefski, John Tracey, Guohui Wang

What this talk is about State of the API / network models in SDN controllers ultimately crucial to realize the full promise of SDN Unexplored use cases for SDN in the data center is this considered SDN Research? maybe not, but it should be 2 DIMACS SDN December 2012

Does anyone care about network APIs? Network engineer view Vendors offering APIs to network engineers to help them solve their issues is akin to a an auto manufacturer handing a pile of metal and a welding torch to someone who needs a new car Some vendors believe the best approach is to hand off APIs, under the assumption that the network engineers know what they need and (apparently) have time to learn a programming language. The reality is that network engineers don t have that kind of time -- Why are network engineers sick of hearing about SDN?, Nov 2012, packetpushers.net Application developer view Application developers are primarily just users of the network Little interest or ability to understand details of network operation rely on the network guys DevOps model requires more direct ability to influence the operational network need for network APIs and tools for developers (no good blog quotes yet) 3 DIMACS SDN December 2012

A reference software-defined networking controller platform Enterprise security management Cloud provisioning IT service management multi-tenant virtualization network control applications QoS traffic control storage networking network security enforcement network integration services cloud network provisioning network DR services network control applications and integration points NETWORK ABSTRACTIONS and APIs network system calls NETWORK ORCHESTRATION global network view network runtime state logical network models and application APIs logical physical translation, arbitration, network-wide services OpenFlow controller virtual overlay controller legacy device configuration middlebox / 3 rd party mgmnt interfaces drivers for controlling network devices and capabilities 4 DIMACS SDN December 2012

Where we are multi-tenant virtualization network control applications traffic steering access control load balancing network-level applications with legacy equivalents NETWORK REPRESENTATION representation of the physical network NETWORK STATE LLDP topology counters limited network state, limited orchestration OpenFlow controller virtual overlay controller legacy device configuration middlebox / 3 rd party mgmnt interfaces OpenFlow as the primary driver (fowarding plane) 5 DIMACS SDN December 2012

Current SDN controller APIs Floodlight mostly OF protocol wrappers, with some abstractions query for switch properties, read per-switch and global flow counters insert / delete flow entries {"switch": "00:00:00:00:00:00:00:01", "name":"flow-mod-1", "cookie":"0", "priority":"32768", "ingress-port":"1","active":"true", "actions":"output=2"} ACL rules {"src-ip": "10.0.0.4/32", "nw-proto":"udp", "tp-src":"5010", "action":"deny" } Attach to virtual Quantum network {"attachment": {"id": "NetworkId1", "mac": "00:00:00:00:00:08"}} Trema, NOX/POX, Ryu similar (or fewer) abstractions Frenetic programming simplification on top of a standard OF protocol driver SQL-like queries for collecting network data simplified composition and optimization of application rules abstracted topology views (!) Need APIs that provide alternative models of the network for applications and services 6 DIMACS SDN December 2012

Example abstract network models for SDN applications Single virtual switch policy-based connectivity between physical or virtual machines use switch-level concepts to describe connectivity and policies ports, VLANs, profiles, etc. switch per tenant view or single large switch for global policies attach high-level rules or policies to logical port profiles (ACLs, in/out firewall, traffic marking/policing, etc.) VM VM attach rules to logical port profiles Annotated network graph suitable for running variety of graph algorithms b i internal nodes l i edge nodes (e.g., vnics) example edge annotations: utilization / avail bw, reserved bw, buffer occupancy stats, pkt drop stats represent full or subset of actual topology (e.g., racklevel topology) d i couple with management tooling to collect link or node metrics 7 DIMACS SDN December 2012

Example abstract network models for SDN applications Tenant connectivity model multi-tenant virtual network service service model represents tenant VMs, virtual network segments, middleboxes, connectivity policies requires labeling VMs with tenant ids, access userdefined policies, etc. insert virt middlebox in path VMs belonging to same tenant Security enforcement model provides control points for enforcing security actions model shows applications/os, VMs, hosts, and control points (not full topology) integrates varying levels of application-level visibility (e.g., from provisioning engine) host related VMs / OS types control points 8 DIMACS SDN December 2012

What this talk is about State of the API / network models in SDN controllers ultimately crucial to realize the full promise of SDN Services use cases for SDN in the enterprise data center IT service management processes application connectivity services 9 DIMACS SDN December 2012

SDN progression in the data center SDN enablers SDN applications OpenFlow and centralized control multi-tenant network virtualization network services and network integration industry standard protocol for SDN hardware and software enablement quickly becoming a standard feature on switches more OF controller options 10 DIMACS SDN December 2012 first production use case for SDN solutions with and without OpenFlow ultimately, a universal feature network-level automation application-level network services services on converged networks integration with security, provisioning, disaster recovery, etc.

Migration and workload consolidation Firewall rule: allow 7.6.*.* 7.1.3.8 DNS 7.9.3.4 7.2.3.4 7.2.3.5 Web Server Web Server LDAP 7.8.3.4 Firewall rule: allow 7.2.3.4, 7.2.3.5 7.3.3.4 network configuration capture deploy configuration onto target App Svr App Svr 7.3.2.4 7.3.2.5 7.3.5.4 Firewall rule: allow 7.3.2.4, 7.3.2.5 7.5.2.3 DB2 11 DIMACS SDN December 2012

Migration and consolidation IT process view (service transition) SDN-enhanced process application component discovery testing and cutover sandbox creation traffic mirroring access control re-integration in prod prepare / virtualize application standardize application for cloud image remediation and fixups register app components in cloud network renumbering overlap checking VLAN recreation middlebox traversal firewall rules network installation connectivity testing ext service reachability 12 DIMACS SDN December 2012

Security: Closed-loop network reconfiguration Determine optimal security policies in response to anomalies detected or workload observed abstract model shows applications/os, VMs, hosts, and control points (not full topology) Security Analytics Events from VM / host firewalls (iptables, ebtables) Events from VPN, IPS/IDS appliances Integrity management information from hosts and guests reconfiguration actions event data from network devices additional events, scan results, patch releases Network Security Manager collaboration with IBM CRL, Security Research Dept. at Watson host related VMs / app control points 13 DIMACS SDN December 2012

Security management IT process view (service operations) monitor and detect security violations SDN-enhanced process document security violation security event detected event management (qualify event) incident diagnosis / escalation incident resolution (e.g., network support) redirect flows for further analysis deploy additional analysis tools (e.g., honeypots) tighten access control quarantine to VLAN notify patch system 14 DIMACS SDN December 2012

Application connectivity patterns IPS Web FW App FW DB broadcast LB disjoint storage array cluster 15 Princeton / CS November 2012

Connectivity services for enterprises Enterprises often have organizational silos between application and network teams information / requirements exchanged through tickets, email, etc. iterative process for complex applications Traditional application teams have little understanding of connectivity, security, or network performance requirements for their applications SDN-based connectivity service should not place burden of specifying network details on application deployers contrast to self-service cloud model SDN connectivity service interface should mimic the application network team information exchange SDN controller and apps assist network team through automation and consistent operations SDN connectivity application must be populated with semantics and policy information to perform correct configurations Q: What is the interface for populating this knowledge? Who provides it? 16 DIMACS SDN December 2012

Example: enterprise connectivity service abstractions app pattern type: 3-tier webapp endpoint MAC, IP, other props inherited from group app-layer connection group properties: inet-facing, load-balanced org: cust service tier: 1 group properties: load-balanced org: cust service tier: 2 group properties: HADR org: cust service storevol: volumeid tier: 3 17 DIMACS SDN December 2012

Summary: SDN consumption models SDN promises more seamless integration of the network with IT processes but, SDN APIs and abstractions are primarily geared for low-level network control more work needed to develop the application interface of the SDN stack discussed some examples in various states of experimentation SDN use cases that matter to non-network experts maybe more important than solving problems of correctness, reliability, scalability in SDN protocols and devices needs research (this isn t a marketing problem) 18 DIMACS SDN December 2012

Thank you 19 DIMACS SDN December 2012

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information