cisco one - the big deal

Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 1© 2012 Cisco and/or its affiliates. All rights reserved. 1

Cisco Open Network Environment Webinar Series

An Introduction to OpenFlow:

February 2013

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

a

Industry’s Most Comprehensive Networking Portfolio

Hardware + SoftwareHardware + Software Physical + VirtualPhysical + Virtual Network + ComputeNetwork + Compute

PlatformPlatformAPIsAPIs

Controllers Controllers and Agentsand Agents

Network Network OverlaysOverlays

ApplicationsApplications

www.cisco.com/go/one

“OpenFlow”


Q&AQ&A

OpenFlow @CiscoOpenFlow @Cisco

Early Perspectives: Indiana University & NTT communicationsEarly Perspectives: Indiana University & NTT communications

An Introduction to OpenFlowAn Introduction to OpenFlow


CTO, Cisco Engineering and Chief Architect

Chair, Technology Advisory Group – Open Networking Foundation

(Former) Executive Director, InCNTRE and Chief Network Architect, Indiana University

Director, Technology Department, Network Services Division

NTT Communications Corporation

David Ward Matt Davy Yuichi Ikejiri


Technical Working Group


Source: www.opennetworking.org – January 2013



Council of ChairsCouncil of Chairs

Market Education Activities

Market Education Activities

Regional ActivitiesRegional Activities

Chairs Council of Chairs

Technical Advisory Group

Technical Advisory Group

Board of DirectorsBoard of Directors

Executive Director

Executive Director


ExtensibilityExtensibility

HybridHybrid

Forwarding AbstractionsForwarding

Abstractions

Architecture and

Framework

Architecture and

FrameworkConfiguration

and Management

Configuration and

Management

Testing and Interoperability

Testing and Interoperability

Security

Transport

Migration

Market and EducationMarket and Education


Initiatives: Quantum (Folsom release)

Donabe

Overlay Working Groups: NVO3, L2VPN, TRILL, L3VPN, LISP, PWE3API Working Groups/BOFsNETCONF, ALTO, CDNI, XMPP, SDNP, I2AEXController Working Groups: PCE, FORCESProtocol Working Groups:IDR, IS-IS, OSPF, MPLS, CCAMP, BFDNew working group: I2RS – Interface to the Routing System

Technical Advisory Group, Working Groups:

Config, Extensibility,Futures/FPMOD/OF2.0

ETSI SGI on “Network Function Virtualization”

Open Source Cloud Computing project

802.1 Overlay Networking ProjectsSDN WG

Open Network Research Center at Stanford University


OpenFlow ApproachOpenFlow ApproachOpenFlow ApproachOpenFlow Approach

Applications

APIs

ControllerController

Simpler Provisioning, Topology Abstraction

OpenFlow Protocol

Data PlaneData Plane

OpenFlowConfiguration Protocol

“Northbound Interface”

“Southbound Interface”


• OpenFlow ComponentsApplication Layer Protocol: OF-Protocol

Device Model: OF-Device Model (abstraction of a device with Ethernet interfaces and a set of forwarding capabilities)

Transport Protocol: Connection between OF-Controller and OF-Device*

• ObservationOF-Controller and OF-Device need pre-established IP-connectivity

* TLS, TCP – OF 1.3.0 introduces auxiliary connections, which can use TCP, TLS, DTLS, or UDP

10

OpenFlowControllerOpenFlowController

Data PlaneData PlaneGroup TableGroup Table

Flow TableFlow Table

Pipeline

OpenFlow Switch

OpenFlow Protocol

Flow TableFlow Table

Source: OpenFlow 1.3.0 specification, figure 1

OpenFlow Config.Point

OpenFlow Config.Point

OF-CONFIG


OpenFlow Capable SwitchOpenFlow Capable Switch

Figure 2: Relationship between components defined is this specification, the OF-CONFIG protocol and the OpenFlow protocol

OF-Config OpenFlow OpenFlow

OpenFlowConfiguration Point(s)

OpenFlowConfiguration Point(s)

OpenFlowController(s)




OF Logical SwitchOF Logical Switch

OF Resources (e.g. Port)




OF Logical SwitchOF Logical Switch






• Single table • L2, IPv4 focused

matching

• Multiple Tables• MPLS, VLAN matching• Groups: {Any-,Multi-}cast• ECMP

• IPv6• Flexible TLV matching• Multiple controllers

• 802.1ah PBB • Multiple parallel channels

between switch and controller

• Bug fixes

• Bug fixes

“Working code before new standards”“ONF should not anoint a single reference implementation but instead encourage open-source implementations”; ONF board encourages multiple reference implementationsOpenFlow 1.0.X : no work plannedOpenFlow 1.3.X: long term supportOpenFlow 1.4: extensibility, incremental improvements

DEC 2009OF 1.0 OF 1.1 OF 1.2 OF 1.3.0 OF 1.0.1 OF 1.3.1

FEB 2011 DEC 2011 APR 2012 JUN 2012 SEP 2012


Discussions led by the ONF Configuration and

Management Working Group

• Configuration and management protocol for OpenFlow switches

JAN 2012OF Config v1.0 OF Config v1.1

MAY 2012OF Config v1.1.1

JAN 2013OF Config v1.2

PROPOSED

• Capability discovery• Tunnel configuration• Error handling

• Consolidation of ver 1.1• Fixing small inconsistencies

Under discussion, candidates include:•Assigning resources to logical switches•Simple topology detection•Event notification


Figure 3: Flowchart detailing packet flow through an OpenFlow switch

Yes

Update Counters Execute Instructions:•Updated action set•Updated packet/match set fields•Update metadata

Update Counters Execute Instructions:•Updated action set•Updated packet/match set fields•Update metadata

Packet inStart at Table 0

Packet inStart at Table 0

Main in Table n?Main in

Table n?

Drop PacketDrop Packet

Execute Action Set

Execute Action Set

Yes

No

No No

Table-miss Flow Entry

Exits?

Table-miss Flow Entry

Exits?

Goto-Table n?

Goto-Table n?

Yes


(a) Packets Are Matched Against Multiple Tables in the Pipeline

OpenFlow Capable SwitchOpenFlow Capable Switch

Packet In Packet OutTable 0

Table 0

Table 1

Table 1

Table n

Table n

Execute Action

Set

Execute Action

Set

Ingress Port

Packet + Ingress Port +

Metadata Packet

Action Set =

{}

Action Set

Action Set

{Any,Multi}cast (1.1)ECMP (1.1)

MPLS (1.1, note push/pop, .1q)IPv6 (1.2)

• (1.3.X) introduces per flow meters, IPv6 extension header handling, flexible table miss support, enhanced/refactored capability negotiation, multipart requests, MPLS BoS matching, push/pop for PBB, tunnel-ID meta-data, cookies for packet_in messages, augmented flow table entry (adds cookie), among others

• Configuration Protocol under co-development


• Hardware friendly switch model negotiations (“typed tables”) (→ Forwarding Abstractions WG)

• Configuration Management (→ OF Config WG)

• Security model (granular access control) (→ Architecture and Framework WG)

• HA-model for device and controller (state re-sync etc.),Controller peering (→ Architecture & Framework WG)

• Integration with Existing Networks; Integrate SDN Controllers and SDN Control Plane capabilities in Network Devices (formerly covered by “Hybrid WG”) (→ Architecture and Framework WG)

• OF Protocol Extensibility (→ Extensibility WG)

• …

Examples of Ongoing Work

© 2011 Cisco and/or its affiliates. All rights reserved. 17

Early Perspectives: Indiana University & NTT communications


Indiana University

Interoperability Testing

Scalable, Flexible L4–7 Service Insertion

Layer-3 Fabric

Virtualized,UnifiedAccess Layer

DynamicControlvia SDN

Internet

Building ABuilding A Building BBuilding B

Netw

ork Slicing U

se Case


NTT

Copyright © 2012 NTT Communications Corporation and/or its affiliates. All right reserved.

Global ICT PartnerInnovative. Reliable. Seamless.

Public Cloud

22

NTT Communications Whole picture of the Cloud Vision

Customer’s System

<NTT Communications Group> <Partners>

Glo

bal T

ota

l Manag

em

ent

One-Stop Operation

Other Cloud

　

Consulting firm/Application Vendor

SaaS Vendor

HybridHybridCloudCloud

Virtualized Network

Multi network/ PC,

Smartphone, Tablet PC, etc.

Data Center

　ＡｒｃｓｔａｒＵｎｉｖｅｒｓａｌＯｎｅ　　

　

Portal

Mail, Desktop, VoIP etc.

Managed Security Services

Consulting/Individual Applications

Private Cloud ProvideProvideHybrid CloudHybrid Cloud

Cloud Controller

Dire

ct Acce

ss to C

loud

Dire

ct Acce

ss to C

loud

NetworkController

Integrated Control

/Visualization

AccessNetwork/Terminals

PhysicalNetwork

Data Center

VirtualizedNetwork

PaaS/

IaaS

OSS

SaaS

Security

Consultingand others

PartneringPartneringHybrid CloudHybrid Cloud

PartneringPartnering

PartneringPartneringHybrid CloudHybrid Cloud

Copyright © 2012 NTT Communications Corporation and/or its affiliates. All right reserved.

Global ICT PartnerInnovative. Reliable. Seamless.

23

Expected expansion of application of OpenFlow/SDN technology

Data Center

Network VirtualizationNetwork Virtualization

Network EdgeNetwork Edge

DC-VPN Interconnection

DC-VPN Interconnection

OAMFunction

OAMFunction

Expand


OpenFlow@Cisco


2Q132Q13

Network Infrastructure

REST

Core FunctionalityCore Functionality

Cisco Advanced FunctionsCisco Advanced Functions

JAVAMore

Coming

onePK OpenFlowMore

Coming

Cisco AppsCisco Apps Customer AppsCustomer Apps ISV AppsISV Apps Open Src AppsOpen Src Apps

Published APIs for Popular Languages and Software (Eg: OpenStack)

Extensible Protocol Support Ensures Continuous Adoption of Emerging Standards

Modular Architecture Allows Rapid Adoption of Evolving Controller Functionality While Minimizing Operational Disruption


All Controller Apps Are in Customer PoCAll Controller Apps Are in Customer PoC

Phase 2 AppsPhase 2 AppsPhase 2 AppsPhase 2 AppsPreviously AnnouncedPreviously AnnouncedPreviously AnnouncedPreviously Announced

Dynamic network partitioning of the network using logical

associations provided by ONE Controllers

centralized view

Network Slicing

Ability to monitor, analyze, and debug network flows

using conventional network switches

Network Tapping

Using unique parameters such as low latency to

program specific forwarding rules across the network

Custom Forwarding


Overlay NetworksOverlay Networks

CSR 1000V

Controller/AgentsController/Agents

ONE Controller

Platform APIsPlatform APIs

onePK Platforms

•ISR G2•ASR 1000•ASR 9000*•Nexus 3000•Nexus 7000*

OpenFlow Agents

•Catalyst 3000*

•Catalyst 6500*

•Nexus 3000

•Nexus 7000*

•ASR 9000*

Nexus 1000V Updates•N1KV Hyper-V•N1KV KVM*•VXLAN Gateway•Service Chaining (w/ vPath)

Cisco Edition of OpenStack

1H131H131H131H13

1H131H131H131H13

1Q131Q131Q131Q13

1H131H131H131H13

1H131H131H131H13

1H131H131H131H13

1H131H131H131H13

1H131H131H131H13

N1KV InterCloud

Virtual NAM (vNAM)*

2Q132Q132Q132Q13

*Customer PoC: on-going or in 1H13


IOS / XEIOS / XE NX-OSNX-OS IOS-XRIOS-XR

onePK APIs PresentationonePK APIs Presentation

onePK API InfrastructureonePK API Infrastructure

Agent FrameworkAgent Framework

Agent Implementation (e.g. OpenFlow)Agent Implementation (e.g. OpenFlow)

Application Framework / ControllerApplication Framework / Controller

Agent Communication ComponentAgent Communication Component

Solution Defined Protocol(e.g. OpenFlow)


• A subset of ports controlled by OF, another subset controlled by router’s native CP – physical resources are partitioned

• Some level of integration: “OF_NORMAL”:Implementer free to define what “normal” is

May or may not be what router normally does

“Ships-in-the-night”(aka “Vertical Partitioning”*)

RouterRouter

OpenFlowOpenFlowControlPlane

ControlPlane

• Use OF for feature definition – augment the native control plane

• No longer partitioning of resources

• Can operate at different abstraction levels (low-level like OF1.0 or higher level)

“Integrated”(aka “Horizontal Partitioning”)

RouterRouter

Control PlaneControl Plane

OpenFlowOpenFlow


• Installing ephemeral routes in the RIBInstall routes in RIB subject to admin distance or …

Moral equivalent of static routes, but dynamic

May require changes to the OF protocol/model

• Edge classificationBasically use the OF as an API used to install ephemeral classifiers at the edge

Moral equivalent of … ‘ip set next-hop <addr>’ (PBR)

Use case: Service Engineered Paths/Service Wires

Program switch edge classifiers to select set of {MPLS, GRE, …} tunnels

Core remains the same

• Programmable Service Chaining


• VIRL is a multi-purpose network virtualization platform

• Brings virtual machines running Cisco Network Operating Systems to the customer The same operating systems as used on physical Cisco products

• Virtual Machine orchestration capabilities enables:Creation of highly-accurate models of real-world or future networks – scales to thousands of virtual network devices

SP / Enterprise

Partner Community

University and Education

Production Network Modeling

Training and Education

NetworkingResearch

‘What-if’ Analysis

Cisco Onepk Virtual Testbed

Rapid Prototyping

Test Lab Virtualization

Test Lab Virtualization

Network Education

VIRLVIRLVirtual Internet Routing LabVirtual Internet Routing Lab


VIRL

IOS XR

VM-based tool: XR VR

IOS XE

VM-based tool: CSR1000v

VM-based tool: vIOS

IOS

NXOS

VM-based tool: vNXOS


• VIRL virtual networks enable building, testing, learning and experimenting with Cisco open networking technologies

• E,g. OnePK-enabled virtual Openflow switches and routers in a mixed Openflow and MPLS-TE topology

• Virtual-machine based Cisco ONE and PCE controllers drive traffic through the network

• OnePK developers are able to test and validate applications against virtual devices before deploying to the real network


Demo:


AppApp AppApp AppApp

Cisco ONE ControllerCisco ONE Controller

Cisco Network DeviceCisco Network Device

onePKonePK OpenFlowOpenFlow

OpenFlow Support on the Industry’s Most

Extensible Controller


Cisco Open Network EnvironmentCisco Open Network Environmentwww.cisco.com/go/one

Open Network FoundationOpen Network Foundationwww.opennetworking.org

[email protected]


• An Introduction to onePK

• An Introduction to Overlay Networks

• An Introduction to the Cisco ONE controller architecture

• Security in Open Network Environments

• And more!

www.cisco.com/go/onewebcastswww.cisco.com/go/onewebcasts