how enterprises will benefit from sdn

© 2014 Open Networking Foundation

How Enterprises will Benefit from SDN

Shashi Kiran, Cisco / October 8, 2014

Revision #.#


Pace of Change – Internet of Everything

3

Bookstore Taxi Music Print Advertising

Point-of-Sale

Technology Is Enabling Innovation and Disruption

Revision #.#


Mobility & IoE Impacts Data Center

Edge-Scale Computing

Faster Decisions Connecting to Opportunity

Computing Infrastructure

Bare Metal Cloud Virtualized

Revision #.#


…Requiring Application Architectures to Change

Edge-Scale Computing Core Data Center Workloads

Faster Decisions

Cloud-Scale Computing

Deeper Insight

Recommendation Engines

Fraud Detection

Real-Time Price Optimization

Trend Analysis

Big Data Cloud

Online Gaming

Distributed Analytics

Cloud Services

Cloud Content Delivery

Scale-Out Apps

Connecting to Opportunity

Revision #.#


Today’s IT Model – High on Network Operations

6

80–90% 10–20% Network Operations Enabling Innovation

1,000s 100s 10s 0s IoE Scale 10,000s

Complex and Tedious

Difficult to Provision Applications

Difficult to Troubleshoot

Slow Deployment of Services

Revision #.#


Data Center Trends Causing Disruptions

7

Application Trends

Big Data

25% CAGR—Big Data1

10G LoM3

75% Bare-Metal2

Web 2.0 / DevOps

45% Multi-Hypervisor4

Linux Containers

Cloud

2/3rd of all Workloads in

Cloud by 2017

InterCloud

Impact on IT Infrastructure 2 IDC Worldwide Virtual Machine 2013-2017 Forecast

4 Information week 2013 Virtualization Management Survey 3 HP

1 Cisco Global Cloud Index

Design and Scale Operations Model Consumption Model

Revision #.#


Main Concern

IT Complexity & Security

BYOD, Cloud, Mobility, Big Data

What is of Value?

Visibility & Control, End-to-End,

Real-time

How Can SDN Help?

Automation, Agility, Efficiency

0% 100% LEVEL OF IMPORTANCE 0% 100% LEVEL OF IMPORTANCE 0% 100% LEVEL OF IMPORTANCE

IT Challenges: Cisco SDN Survey, Dec 2014

Revision #.#


Legacy Network Model - Challenges

9

DB APP ADC

WEB F/W

ADC

MGMT

Data Applications Infrastructure

Applications Management

Applications

Challenges with Automation & Realizing OPEX Benefits

• Provisioning models are built around the device – ripped out with every refresh.

• Build separate networks for the apps for policy, visibility, and security

• Legacy network model limits our ability to implement policy with mobility & cloud

VMOTION

DNS

DNCP

A New Software Defined Application Centric Infrastructure is Required

Revision #.#


A User Wants to Deploy This…

10

Internet Web/App

Server DB

Client Tier Web/App Tier DB Tier

Revision #.#


..But Sees This..

11

Q

Network/ subnet

Network/ subnet

Network/ subnet

Router

External Network

Q

Revision #.#


REQUIRED:

ABSTRACT LANGUAGE

FOR POLICY

Solution – Capture and Preserve User Intent

CLOUD MANAGEMENT

SYSTEM Operational

Requirements “Reality” / State of the Infrastructure

User Intent

Governance Requirements

Revision #.#


IP NETWORK

COMMON POLICY

Bring Application Language to Networks

DECOUPLE APPLICATION &

POLICY FROM IP INFRASTRUCTURE

Application Language

• Application tier policy and

dependencies

• Security requirements

• Service level agreement

• Application performance

• Compliance

• Geo dependencies

• VLAN

• IP address

• Subnets

• Firewalls

• Quality of service

• Load balancer

• Access lists

Network Language

Revision #.#


Application Centric Policy Model -

At the Heart of Cisco’s Open SDN approach

DB APP ADC

WEB F/W

ADC

Physical Networking

L4–L7 Services

Multi DC WAN and Cloud

Compute Storage Hypervisors and Virtual Networking

APIC

Revision #.#


Cisco’s Application Centric SDN Approach

Subject Matter Expert Define Policies 1

SYSTEMS APPROACH:

Rapid Deployment of Applications with Scale, Security and Full Visibility

Network SME

Security SME

Application SME

APIC

2

Policies Used To Create Application Network Profile Templates

3 Automated policy configuration across the infrastructure

Life cycle management for day 1, day 2 operations

4

Physical Networking

Compute L4–L7 Services

Storage Hypervisors and Virtual Networking

Multi DC WAN and Cloud

Nexus 2K

Nexus 7K

Integrated

WAN Edge

Revision #.#


Benefit: Deep Telemetry - Application and Tenant

APIC

AP

P

TE

NA

NT

Tenant Tenant 1 Tenant 2

Tenant 3 Tenant 4

Revision #.#


ARCHITECT DESIGN COMPUTE Service

Request STORAGE SECURITY NETWORK

Application

Available

TIME

AP

P F/W L/B

WE

B L/B DB APP

F/W ADC

WEB ADC DB

Policy Automation Application Policy Language Common Policy Framework and

Platform for All IT Teams

APPLICATION

COMPUTE NETWORK

CLOUD

STORAGE SECURITY

Benefit: Delivering Time to Application Agility

Revision #.#


Centralized

Compliance and

Auditing

Import / Export Policy via API

(Support for External Policy Engines)

Automated

Services Chaining

Engineering Legal Sales HR Finance Marketing

Benefit: Secure Multi-tenancy at Scale

Complete Isolation with

Full Scalability and

Security

Policy Separated from

Network Forwarding

Policy

Engine

Enabling a Dynamic Enterprise Without Compromise

Encrypted Controller

Communication

Advanced Role Based

Access Control APIC

Revision #.#


Open (and Secure) Networking is Important

OPEN SOURCE

OPEN STANDARDS

OPEN INTERFACES

OpFlex NSH VXLAN

JSON XML

WITH ADVANCED

SECURITY

Auditing

Policy

RBAC

Encryption

Tenant

Isolation

+

OpFlex REST

Revision #.#


Example: Opflex – Driving Multi-vendor Innovation

OPFLEX PROTOCOL + ECOSYSTEM

APIC

OPFLEX

OPEN SOURCE Implementation available to anyone

OPEN ECOSYSTEM Broad, growing support including from

hypervisor, network, and L4-7 vendors

OPEN STANDARD

P/V SWITCH

Group Policy Model Contributors

ROUTERS L4-7 SERVICES

Co-authors for IETF submission

Revision #.#


Example: Group Based Policy

21

SECURITY

GROUP

L2 /L3

SEGMENT

Neutron Today

L4-7

SERVICES

FUTURE

EXTENSIONS

• Policy changes affect multiple places

• Changes must be made in order

SECURITY

Group Based Policy

L4-7

SERVICES

FUTURE

EXTENSIONS

• Single place to update – the group

• Declarative language

L2 /L3

Web of inter-related components Group fully describes policy

• Speed to deploy

• Secure and

consistent

• Easy to automate

• Easy to use Group

Revision #.#


Group-Based Policy Exposed Through OSS

Network Controller

Cloud Orchestration • Group Policy Extensions for OpenStack

• Future extensions to Heat / Nova

Enables OpenStack to dynamically provision infrastructure based on Application Policies

• Group Policy Northbound and Southbound API

GROUP BASED

POLICY MODEL

Better security Consistency

Extensible model

Easy to use

Speed to deploy Simpler to manage Easy to automate

Revision #.#


TCO and ROI Savings with SDN

PRE-ACI POST-ACI

Network Operations

PROCESS SIMPLIFICATION

Network and Policy Instantiate

Translate Setup and Policy

Weeks Minutes

OPEX

CAPEX

PRE-ACI

41% Cost Savings

COST SAVINGS

POST-ACI

*Projected Based on Cisco IT model

Revision #.#


Extending SDN beyond the Data Center: Sample Use-Cases

Easy QoS

Follow Me QoS

Compliance Assurance

Network-Wide Rapid Threat Detection and Mitigation (Sourcefire)

ACL Management Automation

Security Automation

IWAN: Path Optimization

QoS Provisioning

Automated Performance Routing (PfR) Configuration

Automated WAN Policy Compliance Assurance

QoS

Revision #.#


Cisco APIC Enterprise Module: Follow-Me ACLs ACLs Management Automation

Cisco Identity

Services Engine (ISE)

UPDATE

Option 2

Cisco APIC Enterprise Module

Revision #.#


“Easy QoS” – Automation and Compliance

Cisco Validated

Design Based

Templates Config.

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=ln_0goqaJV_MOM&tbnid=fbpPXIoFBe-8DM:&ved=0CAUQjRw&url=http://www.engageselling.com/training/sales-mastery-home-action-kit.php&ei=A992UruEBOjSiAL1poCAAw&psig=AFQjCNGEdyJtQSH_IxOVNaDM1Ky7EL_ReQ&ust=1383608435713168

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=wD6qqBPp296joM&tbnid=3CTNtmKltT3HCM:&ved=0CAUQjRw&url=http://www.fuelinteractive.com/blog/awesome-apps-for-productivity&ei=UHt2Utm5DMGsiALSpYHoBg&bvm=bv.55819444,d.cGE&psig=AFQjCNEarkurAtJBylLEvWeupsKE5EnJuA&ust=1383582858989392

https://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=IQB-vVWPWKlTmM&tbnid=2RvAbhKnj1CFgM:&ved=0CAUQjRw&url=https://www.fccu.org/?Cabinet=Main&Drawer=Information&Folder=Mobile+Services/Mobile+Apps&SubFolder=Mobile+Services/Mobile+Apps&ei=pHp2UsenH-OgjAL7kYCQCg&bvm=bv.55819444,d.cGE&psig=AFQjCNHAYauJAiEaXHoxucx8nop8l5JvQQ&ust=1383582748233728

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=PxPbPsND6-rNhM&tbnid=z6Wg7Z7j4xgTsM:&ved=0CAUQjRw&url=http://www.clker.com/clipart-25224.html&ei=OHx2UvfwD8fxiwLKlYDgBQ&bvm=bv.55819444,d.cGE&psig=AFQjCNFjyNWxTAdABo7mqh-b_xx-8SXjOQ&ust=1383583139727504

Revision #.#


Automated WAN Path Optimization Performance Routing Configuration and Compliance Assurance

Internet

Business

Internet

Enterprise HQ

PfR

MPLS

SDN Controller

Revision #.#


Architect & Design

Networks

Mentor

Others

Advise Line of

Business

Evaluate New

Technology

Make Technology

Decisions

Spend Less Time on Configuration & Troubleshooting Innovate

Cisco Confidential 29 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

“ If you care about the software, you should care about the hardware. […and the data center, …and the network, …and the back office…] ”

~ Steve Jobs

“ If I look back with 20-20 hindsight, the thing I regret is that we didn’t put the hardware and software together soon enough,” he said. “It was almost magical the way the PC came about with an operating system from us and hardware from IBM...”

~ Steve Balmer, Forbes, 3/4/14

Revision #.#


Final Thoughts

Applications Drive

Network and IT

requirements.

Consider

Architectures that

deliver this

Consider Software

Defined Vs. Software

Only. Policy is Integral

to making This

happen.

Educate your IT

teams on aspects of

open networking.

Start with small pilots

Revision #.#


Thank you!

31