9th sdn expert group seminar - session1
TRANSCRIPT
Modern SDN Solutions for
Data Centers
ROB SHERWOOD, CHIEF TECHNOLOGY OFFICER
JULY 2015
OUTLINE
• Technology Philosophy
– Open SDN Fabrics
• Company Overview
• Two SDN Products
– Big Tap Monitoring Fabric
– Big Cloud Fabric
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Technology Philosophy
OPEN SDN FABRICS
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Do you ?
We take network designs proven in hyperscale data centers and
adapt them as products for enterprise and service provider use
HYPERSCALE DATA CENTER R&D LEADERSHIPThey Are Leading the Charge
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
ALIGNMENT WITH GOOGLE DC NETWORKINGBig Switch Architecture: Open SDN Fabric
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Project Jupiter
Ref: https://www.youtube.com/watch?v=FaAZAII2x0w
Google DC Networking Principle
Big Switch Architecture(Open SDN Fabric)
Merchant Silicon✓
(Merchant silicon based
Open networking HW)
Centralized Control ✓(SDN Controller)
Clos Topology ✓(Clos Fabric)
BIG SWITCH PORTFOLIO – OPEN SDN FABRICS
BIG TAP
CONTROLLER
SWITCH LIGHT™ OS
ONIE BOOT LOADER
BIG CLOUD
FABRIC
CONTROLLER
• ONIE: Open Network Install Environment• See HCL for HW Support Details
10G/40G
(Trident-II)1G/10G/40G
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
EVOLUTION OF SDN ARCHITECTURESErector Set Fit for Purpose
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
SDN in 2010 SDN in 2015
“ONE BIG SWITCH”Disaggregation of the “MainFrame”
Traditional Chassis Pair
FABRIC CARD
SUPERVISOR(S
)
LINE CARD(S)
LINE CARD
LINE CARD
LINE CARD
LINE CARD
LINE CARD
SUPERVISOR
2
FA
BR
IC
CA
RD
FA
BR
IC
CA
RD
LINE CARD
LINE CARD
LINE CARD
LINE CARD
LINE CARD
SUPERVISOR
1
FA
BR
IC
CA
RD
FA
BR
IC
CA
RD
LINE CARD
LINE CARD
LINE CARD
LINE CARD
LINE CARD
SUPERVISOR
2
FA
BR
IC
CA
RD
FA
BR
IC
CA
RD
LINE CARD
LINE CARD
LINE CARD
LINE CARD
LINE CARD
SUPERVISOR
1
FA
BR
IC
CA
RD
FA
BR
IC
CA
RD
BIG CLOUD
FABRIC
CONTROLLER
HierarchicalControl Plane
1 3
SPINE SWITCHES
2
10G/40G
Backplane
41 32 4
COMPUTE
WORKLOAD
SERVICES &
CONNECTIVITY
RACKS
COMPUTE WORKLOAD
LEAF SWITCHES
Physical&
VirtualWorkloads
1G/ 10G/40G
Workloads
• Disaggregated frame – One “Big Switch”
• Open, Simple, Economical, Vendor Choice, Scale-out
• Traditional frame design
• Single point of management
• Proprietary, Expensive, Lock-in, Fixed Slots
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
NET
NET
NET
SDN & Clos Fabric Necessary for NetFrame Disaggregation
BIG SWITCH PORTFOLIO – OPEN SDN FABRICSReplaces Network Packet Broker or Data Center Switch
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
VISIBILITY TOOLS
NETWORK PERF MONITORING
APPLICATION PERF MONITORING
SECURITY TOOLS
VOIP MONITORING
PR
OD
UC
TIO
N
NETW
OR
K
TAP
& S
PA
N P
OR
TS
WORKLOADS1/10/40G ETHERNET SWITCH FABRIC
FIL
TER
P
OR
TS
SERVICE PORTS
DELI
VER
Y P
OR
TS
OptionalNPBNPB
1 32
1G/ 10G/40G
Workloads
10G/40G
Backplane
Big CloudFabric
Big TapMonitoring
Fabric
Company Overview
INVESTORS AND BOARDKey industry thought leaders
13
Bill Meehan (Board) • Lecturer, Stanford GSB• Former Head of McKinsey High-Tech, Venture Practices;
Board of Juniper Networks
Michelangelo Volpi (Board)• Partner, Index Ventures• Former SVP, Cisco; Board Member, Ericsson
Mark Leslie (Board) • Former CEO Veritas, Lecturer Stanford GSB• Former Board Member of VMware, NetApp, Avaya
Tony Bates (Board)• President, GoPro• Former SVP, Cisco; EVP Business Development,
Microsoft; CEO, Skype
Michael Dell (Angel Investor)• CEO, Dell
Douglas Murray, CEO (Board) • Former SVP, Asia-Pacific, Japan & GC; SVP & GM at
Juniper Networks Security BU; • Former Exec at Extreme, Sun and AT&T• Former Board, FireEye, Altor
Kyle Forster, Founder (Board)• Founder, Big Switch• Former Cisco Product Management and Strategy
Satish Dharmaraj• Partner, Redpoint• Former CEO, Zimbra
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
BIG SWITCH NETWORKSMarket Momentum
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Customer/Revenue Traction:
• 5 quarters of 30-40% sequential growth, $1M+ BCF & BT customers
• 1st ELA on both BCF & Big Tap products
• Top customers expanding footprints (additional $1M deals in 2015)
• Customers in North America, EMEA, Expansion to Japan, Korea. Dell partnership.
Benefits Seen by Customers:
• Operational Efficiencies – single mgmt. point & scale-out fabric, not box-by-box complexity.
• 50%+ CapEx savings, ongoing OpEx benefits including via Analytics
Industry Recognition:
• Gartner Cool Vendor 2015 (Enterprise Networking)
• Best of Interop SDN Finalist
(VMware NSX, Cisco ACI, Big Switch BCF)
FREE PRODUCT TRIAL ONLINE WITH BSN LABS
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Both
Products
Create free
account now at
http://labs.bigswitc
h.com
OUTLINE
• Technology Philosophy
– Open SDN Fabrics
• Company Overview
• Two SDN Products
– Big Tap Monitoring Fabric
– Big Cloud Fabric
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Big Tap Monitoring Fabric
EVERY ORGANIZATION NEEDS TO MONITOR...
© 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL18
Application
Performance
Monitoring
Network
Performance
Monitoring
Security
Monitoring
Traffic
Analytics /
Recorders
Customer
Experience
Monitoring
TOO
LSTR
AD
ITIO
NA
L
NPB
s B
ASED
MO
NIT
OR
ING VISIBILITY TOOLS
NETWORK PERF
MONITORING
APPLICATION PERF
MONITORING
SECURITY TOOLS
VOIP MONITORINGPR
OD
UC
TIO
N N
ETW
OR
K
TAP
& S
PA
N P
OR
TS
WORKLOADS NETWORK PACKET BROKERS
ISSU
ES
Complex (Box-by-Box)
Proprietary
Expensive
NETWORK MONITORING INFRASTRUCTURE TRENDSHow do you enable Pervasive Visibility?
19 (c) 2015, BIG SWITCH NETWORKS, INC.
• Complex • Proprietary • Expensive
• Monitor Everywhere
• Share Tools Across
Teams (security, ops, …)
• Scale-out Monitoring
Infrastructure
NETWORK MONITORING EVOLUTION2nd Generation 3rd Generation SDN-based Approach
20 (c) 2015, BIG SWITCH NETWORKS, INC.
SECOND GENERATION ARCHIITECTURE
TAP AND TOOL SILOS WITH NETWORK PACKET BROKERS
SPAN
SPAN
TAP 1/10G
TAP 1/10G
NPB
NPB
NPB
THIRD GENERATION ARCHIITECTURE
MULTI-TENTANT SDN MONITORING FABRICS FOR TAP SHARING
Control
Network
NPB NPB
Ba
re M
eta
l Ba
sed
Sc
ala
ble
Fa
bric
1/10/40 GETool
Farm
NPB
Services
Big Tap Controller
SPAN
SPAN
TAP 10/40G
TAP 1/10G
Monitored Traffic
BIG TAP MONITORING FABRICSimple, Scalable, Economical
21 (c) 2015, BIG SWITCH NETWORKS, INC.
• Simple to Provision
• Simple to Manage
• Simple to Troubleshoot
• Centralized Programmability
Simple
• Monitor Any Rack (1000’s of Links)
• Monitor Any Location
• 1/10/40G Performance
• Elastic Infrastructure
Scalable
• Over 60% Reduction in
Total Cost of
Ownership
• Reduced CapEx
• Reduced OpEx
Economical
BIG TAP MONITORING FABRICBest Monitoring Fabric for Pervasive Security & Visibility
BIG TAP CONTROLLER
FIL
TER
P
OR
TS
DELI
VER
Y
PO
RTS
SERVICE PORTS
VISIBILITY TOOLS
NETWORK PERF MONITORING
APPLICATION PERF MONITORING
SECURITY TOOLS
VOIP MONITORING
PR
OD
UC
TIO
N
NETW
OR
K
TAP
& S
PA
N P
OR
TS
SWITCH LIGHT™ OSOPEN NETWORK LINUX
1/10/40G ETHERNET SWITCH FABRIC
OptionalNPB NPB
WORKLOADS
BROWNFIELD NETWORK ETHERNET SWITCHING FABRIC WITH NPB SERVICE NODES CENTRALIZED TOOL FARM
(c) 2015, BIG SWITCH NETWORKS, INC.22
USE CASE 1: PERVASIVE SECURITY / TAP EVERY RACK
23
CentralizedTool Farm
(c) 2015, BIG SWITCH NETWORKS, INC.
Tier-1 US Financial Services Institution
• Centralized tool farm for 120 racks
• Mix of 1GE, 10GE and 40GE taps and tools
• Re-used legacy NPBs as ‘service nodes’
USE CASE 1: PERVASIVE SECURITY / TAP EVERY RACK
24
CentralizedTool Farm
(c) 2015, BIG SWITCH NETWORKS, INC.
USE CASE 2: MOBILE / LTE NETWORK MONITORINGEnabling Advanced Monitoring for Mobile Core Networks
25 (c) 2015, BIG SWITCH NETWORKS, INC.
SPAN SPAN
4G
(eNode B)
RAN MOBILE CORE / DATA CENTER
3G
S5/S8S1-U
S12
SGi
TA
P
TA
P
TA
P
TA
P
SPAN
TA
P
TA
P
SPAN
S-GW P-GW
NPB
MONITORING FABRIC
NPB
Big Tap Controller
Tier-1 Mobile Service Providers in Japan
• Scale-out Deployment: 1K+ Taps, growing to 5K+
• Support for matching multiple 3G/4G/LTE protocols
• Load Balance traffic to multiple tools (3rd party/Internal)
USE CASE 2: MOBILE / LTE NETWORK MONITORINGEnabling Advanced Monitoring for Mobile Core Networks
26 (c) 2015, BIG SWITCH NETWORKS, INC.
SPAN SPAN
4G
(eNode B)
RAN MOBILE CORE / DATA CENTER
3G
S5/S8S1-U
S12
SGi
TA
P
TA
P
TA
P
TA
P
SPAN
TA
P
TA
P
SPAN
S-GW P-GW
NPB
MONITORING FABRIC
NPB
Big Tap Controller
Flexible & Deeper
Packet Matching
Policies based on Tunnel
End-point ID (TEID), GTP
version, SCTP port number,
etc.
Match inner headers of
encapsulated packets like
VXLAN, MPLS... (up to 128
bytes)
Replicate and load
balance traffic to any tool
CUSTOMER VALIDATIONS
27 (c) 2015, BIG SWITCH NETWORKS, INC.
“…We have a number of packet analysis tools and we were using Gigamon to gatherpackets, but when you want to gather packets from everywhere that price point gets toohigh…
So we decided to go with a white box solution and Big Tap from Big Switch to gatherpackets and forward them to the tools as needed. We’re using software-definednetworking first in non-production, in our monitoring space, and evaluating where we wantto go next. It’s done well for us. We used it through our first peak of tax year 2014, whichwas in early February…
-Ted Turner, Sr. Network Engineer
BIG TAP MONITORING FABRIC: FEATURE COMPARISONS
28 (c) 2015, BIG SWITCH NETWORKS, INC.
Feature Big Tap Legacy NPBs
Filtering / Aggregation / Load Balancing
VM-to-VM Traffic monitoring
1G/10G/40G (100G on Roadmap)
Event based Policy Management / API
RBAC / TACACS+
Inter-DC Tunneling
Deeper packet Matching
Service Node chaining
Scale-out, Multi-tier Fabric
Specialized Functions (timestamp, de-dup) with NPB*
In-line Deployment Mode
Flow Generation
Inbuilt Packet Capture
Analytics (host/DNS/DHCP tracking)
NPB
MONITORING FABRIC
NPB
Big Tap Controller
PRODUCTION
NETWORK
TOOL FARM
Leverage Existing NPBs Efficiently
Optional NPB Service Nodes
ADVANCED DEPLOYMENT MODESScenario 1: Extending Tool Farm to Taps in Remote Locations
29 (c) 2015, BIG SWITCH NETWORKS, INC.
NPBFIL
TER
P
OR
TS
DELI
VER
Y
PO
RTS
SERVICE PORTS
MONITORING FABRIC VISIBILITY TOOLS
NETWORK PERF
MONITORING
APPLICATION PERF
MONITORING
SECURITY TOOLS
VOIP MONITORING
NPB
PRIMARY DATA CENTER
CENTRALIZED
BIG TAP CONTROLLER
REMOTE DATA CENTER(S)
L2-GRE Tunnels
REM
OTE
FP
TUN
NEL
PO
RTS
PRODUCTION TAP & SPAN
Remote Location Monitoring:Trouble-shoot network problems in remote locations
via centralized tools
ADVANCED DEPLOYMENT MODESScenario 2: Pervasive Security with Inline Deployment Mode
30 (c) 2015, BIG SWITCH NETWORKS, INC.
CENTRALIZED
OUT-OF-BAND
TOOL FARM
INLINE TOOL CHAINS
TRAFFIC DISTRIBUTION / LOAD SHARING
BIG TAP
CONTROLLER
PERIMETER FIREWALL
DMZ FIREWALL
1/10/40G
ETHERNET SWITCH
TRUSTED ZONE
DATA CENTER / ENTERPRISE / CAMPUS
UNTRUSTED ZONEACL BASED
SPAN
WEBPROXY
IINTRUSION PREVENTION
SSLDECRYPT
INTERNET DMZ(INLINE) (OUT OF BAND)
Big Cloud Fabric
BIG CLOUD FABRICBest Leaf-Spine Clos Fabric for Private Clouds
32
BIG CLOUD
CONTROLLER
(CLI or GUI)
SWITCH LIGHT OS SWITCH LIGHT OS SWITCH LIGHT OS
SWITCH LIGHT OS SWITCH LIGHT OS
L2 + L3 CLOS FABRIC
MANAGED BY SDN CONTROLLER
OPENSTACK & VMWARE
Single Programmatic Interface
for up to 16-Rack Fabric
SDN CONTROLLER
Full Automation for Provisioning,
HA/Resiliency & Management
L2 + L3 CLOS FABRIC
Native VM Mobility Across
640+ Servers/Nodes
SWITCH LIGHT OS
Open Network Linux (ONL) Based
OS for Dell-ON or Whitebox Switches
Whitebox
Switchesor
Other Servers & Storage
or
(c) 2015, BIG SWITCH NETWORKS, INC.32
POD-LEVEL DEPLOYMENTInter-operate with Existing PODs in Data Center
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Data Center
Core Routers
L3L2
L3L2
Example BCF PODs:• Private Cloud: Dev/Test• Analytics (Hadoop)• VDI• Server Virtualization (vSphere)• SDN Underlay (e.g. NSX)
Internet/WA
N
Big Cloud Fabric
Controller
RACK NRACK N-
1RACK 2RACK 1
INGRESS/EGRESS
40G
10G
Big Cloud Fabric
Controller
RACK NRACK N-
1RACK 2RACK 1
INGRESS/EGRESS
40G
10G
! tenant
tenant BLUE
logical-router
route 0.0.0.0/24 tenant system
interface segment web
ip address 10.1.1.254/24
segment web
member-port-group pg-bm0 vlan 20
WHY CUSTOMERS BUY: 1) SIMPLICITY
External Core
Router
WEB WEB APP APP DB DB
Segment-Web Segment-DB
MULTIPLE L2 SEGMENTS
Segment-App
Logical Router
(w/ policy)
LB
FWTENANT BLUE
Application Agility(Logical Networking,
Provisioning Templates)
Hitless FabricUpgrade
~15Minutes
Rapid Upgrade(Controller coordinated)
Zero-Touch Fabric(REST APIs, GUI, CLI)
BoxbyBox
Feature Big Cloud Fabric
Switch OS Install Automatic
LinkAggregation
Automatic
Fabric Formation
Automatic
Trouble-shooting Fabric-wide
L4-7 Service Chaining
Declarative (per tenant)
Add/Remove/Update Fabric
Automatic
Fabric Visibility Controller or API
BoxbyBox
BoxbyBox
16 racks, 40 devices
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
WHY CUSTOMERS BUY: 2) RESILIENCY @ SCALEChaos Monkey Resilience proves BCF is Best in class HA at Scale
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Chaos Monkey Testing: 42k simulated
End-points/VMs of background load
and 640+ forced component failures
during the “under stress” test runs
32 leaf / 6 spine / 16 rack pod
Controller fail-over every 30 seconds
Switch fail-over every 8 seconds
Link fail-over every 4 seconds
Conclusion: 640 component failures in 30 minutes with no
impact on application performance
WHY CUSTOMERS BUY: 3) DESIGNBest in class operational support tools
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Rapid flow tracing and Trouble-shooting
Fabric Trace Fabric Analytics
Unprecedented visibility and analytics
• Physical Fabric
• Tenants
• Virtual Network
• Vmware – vSphere & NSX-v
Fabric Programmability
DevOps Automation
Controller is single point of API Interaction
• Scalable & Fast transactions
dt-controller1# debug rest
***** Enabled display rest mode *****
dt-controller1# show tenant blue
REST-POST: POST http://127.0.0.1:8080/api/v1/data/controller/core/aaa/audit-event {"attribute": [{"value": ”show tenant blue", "key": "cmd_args"}], "event-type": "cli.command", "session-cookie": "yx6pjq6cwo5YXZwHsDyw6Z_3Zm5PITwE”}
REST-POST: http://127.0.0.1:8080/api/v1/data/controller/core/aaa/audit-event done
SDN NECESSARY FOR API SCALING & RESPONSE TIME
Box-by-box Networking
Vendor 1 SW
Vendor 1 HW
Vendor 1 SW
Vendor 1 HW
Vendor 1 SW
Vendor 1 HW
Vendor 1 SW
Vendor 1 HW
Vendor 1 SW
Vendor 1 HW
• Box-by-box, NetOps complexity
• Now w/ DevOps Programmability
• Expensive, Vendor lock-in
Many API
Interfaces
Open SDN Fabric
SWITCH LIGHT OS SWITCH LIGHT OS SWITCH LIGHT OS
SWITCH LIGHT OS SWITCH LIGHT OS
L2 + L3 CLOS FABRIC
MANAGED BY SDN CONTROLLER
BIG CLOUD
CONTROLLER
(CLI, GUI, API)
• Single point of management
• NetOps + DevOps
• Lower Capex & OpEx,
Vendor Choice
Single API Interface
(Scalable, Fast)
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
BIG CLOUD FABRIC 2.6 - VCENTER INTEGRATIONL2 Network Automation
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
BCF automates the L2 network segment creation to match the vCenter port-group configuration
BIG CLOUD FABRIC – TENANT TOPOLOGY & ANALYTICS
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Tenant Logical Topology
Fabric Analytics for vCenter Integration
BCF UNDERLAY FOR NSX-vOptimal SDN Architecture across Overlay and Underlay
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
BCF Support for VMware NSX-v
vCenter
NSX
Manager
L2 + L3 CLOS FABRIC
MANAGED BY SDN CONTROLLER
BCF
Controller
NSX + BCF Advantages• Fabric Automation• Underlay Trouble-shooting• Underlay Analytics/Visibility
SDN OverlayOne Logical
vSwitch
SDN UnderlayOne Logical
pSwitch
Resources:
• Video demo
• Blog
• Webinar
FREE PRODUCT TRIAL ONLINE WITH BSN LABS
(c) 2015, BIG SWITCH NETWORKS, INC. PROPRIETARY AND CONFIDENTIAL
Both
Products
Create free
account now at
http://labs.bigswitc
h.com
Thank you