how enterprises will benefit from sdn
TRANSCRIPT
© 2014 Open Networking Foundation
How Enterprises will Benefit from SDN
Shashi Kiran, Cisco / October 8, 2014
Revision #.#
© 2014 Open Networking Foundation
Pace of Change – Internet of Everything
3
Bookstore Taxi Music Print Advertising
Point-of-Sale
Technology Is Enabling Innovation and Disruption
Revision #.#
© 2014 Open Networking Foundation
Mobility & IoE Impacts Data Center
Edge-Scale Computing
Faster Decisions Connecting to Opportunity
Computing Infrastructure
Bare Metal Cloud Virtualized
Revision #.#
© 2014 Open Networking Foundation
…Requiring Application Architectures to Change
Edge-Scale Computing Core Data Center Workloads
Faster Decisions
Cloud-Scale Computing
Deeper Insight
Recommendation Engines
Fraud Detection
Real-Time Price Optimization
Trend Analysis
Big Data Cloud
Online Gaming
Distributed Analytics
Cloud Services
Cloud Content Delivery
Scale-Out Apps
Connecting to Opportunity
Revision #.#
© 2014 Open Networking Foundation
Today’s IT Model – High on Network Operations
6
80–90% 10–20% Network Operations Enabling Innovation
1,000s 100s 10s 0s IoE Scale 10,000s
Complex and Tedious
Difficult to Provision Applications
Difficult to Troubleshoot
Slow Deployment of Services
Revision #.#
© 2014 Open Networking Foundation
Data Center Trends Causing Disruptions
7
Application Trends
Big Data
25% CAGR—Big Data1
10G LoM3
75% Bare-Metal2
Web 2.0 / DevOps
45% Multi-Hypervisor4
Linux Containers
Cloud
2/3rd of all Workloads in
Cloud by 2017
InterCloud
Impact on IT Infrastructure 2 IDC Worldwide Virtual Machine 2013-2017 Forecast
4 Information week 2013 Virtualization Management Survey 3 HP
1 Cisco Global Cloud Index
Design and Scale Operations Model Consumption Model
Revision #.#
© 2014 Open Networking Foundation
Main Concern
IT Complexity & Security
BYOD, Cloud, Mobility, Big Data
What is of Value?
Visibility & Control, End-to-End,
Real-time
How Can SDN Help?
Automation, Agility, Efficiency
0% 100% LEVEL OF IMPORTANCE 0% 100% LEVEL OF IMPORTANCE 0% 100% LEVEL OF IMPORTANCE
IT Challenges: Cisco SDN Survey, Dec 2014
Revision #.#
© 2014 Open Networking Foundation
Legacy Network Model - Challenges
9
DB APP ADC
WEB F/W
ADC
MGMT
Data Applications Infrastructure
Applications Management
Applications
Challenges with Automation & Realizing OPEX Benefits
• Provisioning models are built around the device – ripped out with every refresh.
• Build separate networks for the apps for policy, visibility, and security
• Legacy network model limits our ability to implement policy with mobility & cloud
VMOTION
DNS
DNCP
A New Software Defined Application Centric Infrastructure is Required
Revision #.#
© 2014 Open Networking Foundation
A User Wants to Deploy This…
10
Internet Web/App
Server DB
Client Tier Web/App Tier DB Tier
Revision #.#
© 2014 Open Networking Foundation
..But Sees This..
11
Q
Network/ subnet
Network/ subnet
Network/ subnet
Router
External Network
Q
Revision #.#
© 2014 Open Networking Foundation
REQUIRED:
ABSTRACT LANGUAGE
FOR POLICY
Solution – Capture and Preserve User Intent
CLOUD MANAGEMENT
SYSTEM Operational
Requirements “Reality” / State of the Infrastructure
User Intent
Governance Requirements
Revision #.#
© 2014 Open Networking Foundation
IP NETWORK
COMMON POLICY
Bring Application Language to Networks
DECOUPLE APPLICATION &
POLICY FROM IP INFRASTRUCTURE
Application Language
• Application tier policy and
dependencies
• Security requirements
• Service level agreement
• Application performance
• Compliance
• Geo dependencies
• VLAN
• IP address
• Subnets
• Firewalls
• Quality of service
• Load balancer
• Access lists
Network Language
Revision #.#
© 2014 Open Networking Foundation
Application Centric Policy Model -
At the Heart of Cisco’s Open SDN approach
DB APP ADC
WEB F/W
ADC
Physical Networking
L4–L7 Services
Multi DC WAN and Cloud
Compute Storage Hypervisors and Virtual Networking
APIC
Revision #.#
© 2014 Open Networking Foundation
Cisco’s Application Centric SDN Approach
Subject Matter Expert Define Policies 1
SYSTEMS APPROACH:
Rapid Deployment of Applications with Scale, Security and Full Visibility
Network SME
Security SME
Application SME
APIC
2
Policies Used To Create Application Network Profile Templates
3 Automated policy configuration across the infrastructure
Life cycle management for day 1, day 2 operations
4
Physical Networking
Compute L4–L7 Services
Storage Hypervisors and Virtual Networking
Multi DC WAN and Cloud
Nexus 2K
Nexus 7K
Integrated
WAN Edge
Revision #.#
© 2014 Open Networking Foundation
Benefit: Deep Telemetry - Application and Tenant
APIC
AP
P
TE
NA
NT
Tenant Tenant 1 Tenant 2
Tenant 3 Tenant 4
Revision #.#
© 2014 Open Networking Foundation
ARCHITECT DESIGN COMPUTE Service
Request STORAGE SECURITY NETWORK
Application
Available
TIME
AP
P F/W L/B
WE
B L/B DB APP
F/W ADC
WEB ADC DB
Policy Automation Application Policy Language Common Policy Framework and
Platform for All IT Teams
APPLICATION
COMPUTE NETWORK
CLOUD
STORAGE SECURITY
Benefit: Delivering Time to Application Agility
Revision #.#
© 2014 Open Networking Foundation
Centralized
Compliance and
Auditing
Import / Export Policy via API
(Support for External Policy Engines)
Automated
Services Chaining
Engineering Legal Sales HR Finance Marketing
Benefit: Secure Multi-tenancy at Scale
Complete Isolation with
Full Scalability and
Security
Policy Separated from
Network Forwarding
Policy
Engine
Enabling a Dynamic Enterprise Without Compromise
Encrypted Controller
Communication
Advanced Role Based
Access Control APIC
Revision #.#
© 2014 Open Networking Foundation
Open (and Secure) Networking is Important
OPEN SOURCE
OPEN STANDARDS
OPEN INTERFACES
OpFlex NSH VXLAN
JSON XML
WITH ADVANCED
SECURITY
Auditing
Policy
RBAC
Encryption
Tenant
Isolation
+
OpFlex REST
Revision #.#
© 2014 Open Networking Foundation
Example: Opflex – Driving Multi-vendor Innovation
OPFLEX PROTOCOL + ECOSYSTEM
APIC
OPFLEX
OPEN SOURCE Implementation available to anyone
OPEN ECOSYSTEM Broad, growing support including from
hypervisor, network, and L4-7 vendors
OPEN STANDARD
P/V SWITCH
Group Policy Model Contributors
ROUTERS L4-7 SERVICES
Co-authors for IETF submission
Revision #.#
© 2014 Open Networking Foundation
Example: Group Based Policy
21
SECURITY
GROUP
L2 /L3
SEGMENT
Neutron Today
L4-7
SERVICES
FUTURE
EXTENSIONS
• Policy changes affect multiple places
• Changes must be made in order
SECURITY
Group Based Policy
L4-7
SERVICES
FUTURE
EXTENSIONS
• Single place to update – the group
• Declarative language
L2 /L3
Web of inter-related components Group fully describes policy
• Speed to deploy
• Secure and
consistent
• Easy to automate
• Easy to use Group
Revision #.#
© 2014 Open Networking Foundation
Group-Based Policy Exposed Through OSS
Network Controller
Cloud Orchestration • Group Policy Extensions for OpenStack
• Future extensions to Heat / Nova
Enables OpenStack to dynamically provision infrastructure based on Application Policies
• Group Policy Northbound and Southbound API
GROUP BASED
POLICY MODEL
Better security Consistency
Extensible model
Easy to use
Speed to deploy Simpler to manage Easy to automate
Revision #.#
© 2014 Open Networking Foundation
TCO and ROI Savings with SDN
PRE-ACI POST-ACI
Network Operations
PROCESS SIMPLIFICATION
Network and Policy Instantiate
Translate Setup and Policy
Weeks Minutes
OPEX
CAPEX
PRE-ACI
41% Cost Savings
COST SAVINGS
POST-ACI
*Projected Based on Cisco IT model
Revision #.#
© 2014 Open Networking Foundation
Extending SDN beyond the Data Center: Sample Use-Cases
Easy QoS
Follow Me QoS
Compliance Assurance
Network-Wide Rapid Threat Detection and Mitigation (Sourcefire)
ACL Management Automation
Security Automation
IWAN: Path Optimization
QoS Provisioning
Automated Performance Routing (PfR) Configuration
Automated WAN Policy Compliance Assurance
QoS
Revision #.#
© 2014 Open Networking Foundation
Cisco APIC Enterprise Module: Follow-Me ACLs ACLs Management Automation
Cisco Identity
Services Engine (ISE)
UPDATE
Option 2
Cisco APIC Enterprise Module
Revision #.#
© 2014 Open Networking Foundation
“Easy QoS” – Automation and Compliance
Cisco Validated
Design Based
Templates Config.
Revision #.#
© 2014 Open Networking Foundation
Automated WAN Path Optimization Performance Routing Configuration and Compliance Assurance
Internet
Business
Internet
Enterprise HQ
PfR
MPLS
SDN Controller
Revision #.#
© 2014 Open Networking Foundation
Architect & Design
Networks
Mentor
Others
Advise Line of
Business
Evaluate New
Technology
Make Technology
Decisions
Spend Less Time on Configuration & Troubleshooting Innovate
Cisco Confidential 29 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
“ If you care about the software, you should care about the hardware. […and the data center, …and the network, …and the back office…] ”
~ Steve Jobs
“ If I look back with 20-20 hindsight, the thing I regret is that we didn’t put the hardware and software together soon enough,” he said. “It was almost magical the way the PC came about with an operating system from us and hardware from IBM...”
~ Steve Balmer, Forbes, 3/4/14
Revision #.#
© 2014 Open Networking Foundation
Final Thoughts
Applications Drive
Network and IT
requirements.
Consider
Architectures that
deliver this
Consider Software
Defined Vs. Software
Only. Policy is Integral
to making This
happen.
Educate your IT
teams on aspects of
open networking.
Start with small pilots
Revision #.#
© 2014 Open Networking Foundation
Thank you!
31