is sdn necessary?
TRANSCRIPT
![Page 1: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/1.jpg)
© 2014 VMware Inc. All rights reserved.
Is SDN Necessary?
Bruce DavieCTO, NetworkingMarch, 2016
![Page 2: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/2.jpg)
With apologies to James Thurber and E.B. White
![Page 3: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/3.jpg)
3
Agenda
1 SDN success stories
2 So much for OpenFlow
3 Innovation in Networking
4 Summary and Q&A
![Page 4: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/4.jpg)
4
2011
![Page 5: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/5.jpg)
CONFIDENTIAL5
2013
![Page 6: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/6.jpg)
SDN != Network Virtualization
SDN
control control
Network Virtualization
!=Virtualization layer
control
SDN alone doesn’t abstract away details of physical networkSDN not required for network virtualization, but useful
![Page 7: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/7.jpg)
7
2005
![Page 8: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/8.jpg)
8
2009
![Page 9: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/9.jpg)
Network Virtualization – An Analogy
Physical Compute & Memory
HypervisorRequirement: x86
Virtual Machine
Virtual Machine
Virtual Machine
Application Application Application
x86 Environment
Physical Network
Network Virtualization PlatformRequirement: IP Transport
Virtual Network
Virtual Network
Virtual Network
Workload Workload Workload
L2, L3, L4-7 Network Services
Decoupled
![Page 10: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/10.jpg)
10
Survey Question• What percentage of server workloads are virtualized?
– A. Greater than 50%– B. Less than 50%
• Source: Cisco Global Cloud Index (GCI)– Globally 94% of data center workloads will be virtualized by 2019, compared to 81% of data
center workloads in 2014.
– Globally 80% of traditional data center workloads will be virtualized by 2019, compared to 60% traditional data center workloads in 2014.
![Page 11: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/11.jpg)
11
2012
![Page 12: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/12.jpg)
12
Network Virtualization Today – Expanding Use Cases
Intra-Datacenter Micro-Segmentation
DMZ Anywhere
Secure User Environments
SecurityIT Automating IT
Developer Clouds
Multi-tenant Infrastructure
AutomationDisaster Recovery
Metro Pooling
Hybrid Cloud Networking
Application Continuity
![Page 13: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/13.jpg)
CONFIDENTIAL13
Self-Service Portal
![Page 14: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/14.jpg)
The Problem: Data Center Network SecurityPerimeter-centric network security has proven insufficient
Internet
VM
VM
VM
VM
Today’s security model focuses on perimeter defense
IT Spend Security Spend Security Breaches
But continued security breaches show this model is not enough
![Page 15: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/15.jpg)
Modern Attack: targeted, interactive & stealthy
Intrusion ExfiltrationPropagation Extraction
• Attack Vector / Malware• Delivery Mechanism• Entry Point Compromise
• Escalate Privileges• Install C2* Infrastructure• Lateral Movement
• Break Into Data Stores• Network Eavesdropping• App Level Extraction
• Parcel & Obfuscate• Exfiltration• Cleanup
shift from…• Perimeter-centric• Managing compliance
• Application & user-centric• Managing riskshift to…
Block Infiltration(80% of Investment)
The Solution: Move security controls inside the datacenter and focus on the app/dataThe Obstacle: Managing controls inside has been enormously complex
*C2: Command and control infrastructure
Lack Visibility and Control to Stop Exfiltration(20% of Investment)
![Page 16: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/16.jpg)
App VLAN
Logical segmentation around application boundaries
DMZ VLAN
Services VLAN
DB VLAN
Perimeterfirewall
Insidefirewall
Finance
VM VM
Finance
VM VM
Finance
VM VM
VM VM
HR
VM VM
HR
VM VM
HR
IT
VM VM
IT
VM VM
IT
VM VM
AD
VM VM
NTP
VM
DHCP
VM
DNS
VM
CERT
![Page 17: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/17.jpg)
17
B4
![Page 18: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/18.jpg)
18
Agenda
1 SDN success stories
2 So much for OpenFlow
3 Innovation in Networking
4 Summary and Q&A
![Page 19: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/19.jpg)
19
OpenFlow has failed• Failed at what?
– Creating an ecosystem of independent controllers and switches– Breaking the stranglehold of HW vendors on switching– Enabling faster innovation in networking
• Data points– Broadcom switching dominance– SDN deployments either don’t use OF, or both ends of the OF connection are implemented by
same vendor – SDN implementation complexity is huge– Need better abstractions for scalable controller->switch communication
![Page 20: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/20.jpg)
20
Changing role of OpenFlow for NSX
Controller
OVS OVS OVS
Openflow
Controller
LocalControl
LocalControl
LocalControl
Logical Flow
OVS OVS OVS
Openflow
LocalControl
OthervSwitch
IPC
![Page 21: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/21.jpg)
Hardware VTEPs for NSX
21
Controller
LocalDB
LocalDB
LocalDB
OVSDB (Logical Flows)
ASIC ASIC ASIC
![Page 22: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/22.jpg)
22
2015
![Page 23: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/23.jpg)
23
![Page 24: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/24.jpg)
OVN: Native Virtual Networking for Open vSwitch
ovs-vswitchd
ovn-controller
ovsdb-server
Hypervisor N
ovs-vswitchd
ovn-controller
ovsdb-server
Hypervisor 1 Physical Network
ovn-northd
OVN Neutron Plugin
Neutron API
Horizon UI
Geneve Tunnel
Northbound DB
Southbound DB
![Page 25: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/25.jpg)
25
Agenda
1 SDN success stories
2 So much for OpenFlow
3 Innovation in Networking
4 Summary and Q&A
![Page 26: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/26.jpg)
Evolution of network provisioning: 1996-2013
Terminal Protocol: Telnet Terminal Protocol: SSH
1996 2013
![Page 27: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/27.jpg)
27
NETWORKINGEVOLUTION
SSH
COMPUTEEVOLUTION
![Page 28: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/28.jpg)
Evolution of server provisioning
Setting up a server 1994
• Insert CD Rom
• Connect serial cable
• Install Windows/Linux
Setting up a server 2014
• PXE boot
• ESX Hypervisor + vCenter
• Puppet, Chef, OpenStack etc.
28
![Page 29: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/29.jpg)
Vertically integratedClosed, proprietary
Slow innovation
AppAppAppAppAppAppAppAppAppAppApp
HorizontalOpen interfacesRapid innovation
ControlPlane
ControlPlane
ControlPlane or or
Open Interface
SpecializedControlPlane
SpecializedHardware
SpecializedFeatures
MerchantSwitching Chips
Open Interface
![Page 30: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/30.jpg)
30
Megascale data centers have spoken
Custom Application
Google / Facebook /Amazon Data Centers
Custom Platform
Any x86
Any Storage
Any IP network
Software / Hardware Abstraction
Software / Hardware Abstraction
![Page 31: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/31.jpg)
31
Software Defined DC – Megascale for the rest of us
Software DefinedData Center (SDDC)
Any Application
SDDC Platform
Any x86
Any Storage
Any IP network
Custom Application
Google / Facebook /Amazon Data Centers
Custom Platform
Any x86
Any Storage
Any IP network
Software / Hardware Abstraction
Software / Hardware Abstraction
![Page 32: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/32.jpg)
32
Closing Thoughts
![Page 33: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/33.jpg)
33
“Software is eating the world” – Marc Andreesen
“Alice, Let’s Eat” – Calvin Trillin
![Page 34: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/34.jpg)
34
Protocols Features
System
Silicon
Network OS
Network Virtualization Overlays
White Box/Brite Box
ProgrammableSwitch Silicon
Open Source Networking
![Page 35: Is SDN Necessary?](https://reader035.vdocument.in/reader035/viewer/2022081711/58adf9821a28abf0628b57db/html5/thumbnails/35.jpg)
35
Summary
Think beyond “standard” SDN
SDN has proven useful at least once
It is a Software World