cisco confidential 1 © 2013 cisco and/or its affiliates. all rights reserved. data center...
TRANSCRIPT
![Page 1: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/1.jpg)
Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved.
Data Center Virtualização e Programabilidade
Roger Oliveira
Engenheiro de Sistemas
Setor Público
![Page 2: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/2.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Agenda
• Redes Virtuais
• Serviços de redes Virtuais
• SDN e Redes Programáveis
![Page 3: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/3.jpg)
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 3
Hyp
ervi
sor
Hyp
ervi
sor
Hyp
ervi
sor
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
Problema: Como Conectar VMs?
![Page 4: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/4.jpg)
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 4
Hyp
ervi
sor
Hyp
ervi
sor
Hyp
ervi
sor
App
OS
App
OS
App
OS
vSwitch vSwitchvSwitch
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
Solução: vSwitch (2003)
![Page 5: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/5.jpg)
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 5
Hyp
ervi
sor
Hyp
ervi
sor
Hyp
ervi
sor
App
OS
App
OS
vSwitchvSwitch
App
OS
vSwitch
Def. Rede Def. RedeDef. Rede
Problema: Como Mover VMs em Escala?
![Page 6: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/6.jpg)
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 6
Hyp
ervi
sor
Hyp
ervi
sor
Hyp
ervi
sor
vSwitch vSwitch
App
OS
vSwitch
App
OS
Def. Rede Def. RedeDef. Rede
App
OS
vNetwork Distributed SwitchNexus 1000V
Solução: Distributed Virtual Switch (2008)
![Page 7: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/7.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Componentes do Nexus 1000V
o o o
VEMVEM
vCenter
VSM
Até128 VEMs*
Virtual Supervisor Module (VSM)
Administrador de Virtualização
Administrador de Rede
Virtual Ethernet Modules (VEM)
![Page 8: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/8.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Switches Modulares
Supervisor
Supervisor
Line Card
Line Card
Line Card
Nexus 7000 Nexus 1000V
Backplane
o o o
o o o
Até128 VEMs
VSMs
![Page 9: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/9.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Port Profiles no Nexus 1000V…
• Pode ser aplicado para múltiplas portas
• Pode incluir:
VLANs
ACLs
NetFlow
QoS
Private VLANs
...
port-profile WEB switchport mode access switchport access vlan 105 ip port access-group myacl in no shut vmware port-group state enabled
![Page 10: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/10.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
port-profile WEB switchport mode access switchport access vlan 105 ip port access-group myacl in no shut vmware port-group state enabled
…Port Groups no vCenter
vCenter Server Port-group WEB
Port Group
![Page 11: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/11.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Agenda
• Redes Virtuais
• Serviços de redes Virtuais
• SDN e Redes Programáveis
![Page 12: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/12.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Formatos de Serviços de Rede
“Appliance”Módulo
Serviço Integrado
Nexus 1000vHypervisor
Virtualizado
![Page 13: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/13.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Nexus 1000V e Serviços Virtuais
WAN Router
Servers
Infraestrutura VirtualASA
1000VCloud
Firewall
Nexus 1000V
Infraestrutura Física
vWAAS
Cisco Virtual
Security Gateway
Switches
Citrix NetScaler
1000V
ImpervaSecureSphere
WAFCloud
Services Router 1000V
Zone A
Zone B
vPath VXLAN
Multi-Hypervisor (VMware, Microsoft, RedHat*, Citrix*)
Network Analysis Module (vNAM)
![Page 14: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/14.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
11
![Page 15: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/15.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
21
2
![Page 16: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/16.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
2
DecisionCaching 3
12
3
![Page 17: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/17.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
2
DecisionCaching 3
4
12
3
4
![Page 18: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/18.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Virtual Security GatewayPerformance Acceleration with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
Remaining packets from flow
ACL offloaded to Nexus 1000V
(policy enforcement)
VNMC
Log/Audit
VSG
![Page 19: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/19.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
11
![Page 20: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/20.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
21
2
![Page 21: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/21.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
2
DecisionCaching 3
12
3
![Page 22: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/22.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Virtual Security GatewayIntelligent Traffic Steering with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/AuditInitial Packet Flow
VSG
1Flow Access Control(policy evaluation)
2
DecisionCaching 3
4
12
3
4
![Page 23: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/23.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Virtual Security GatewayPerformance Acceleration with vPath
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
Remaining packets from flow
ACL offloaded to Nexus 1000V
(policy enforcement)
VNMC
Log/Audit
VSG
![Page 24: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/24.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Agenda
• Redes Virtuais
• Serviços de redes Virtuais
• SDN e Redes Programáveis
![Page 25: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/25.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Conceitos de SDN:
Inteligência Centralizada (“Modêlo 1”)
![Page 26: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/26.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Dispositivo de Rede Atual
(router, switch, ...)
Plano de Controle
(IOS)
Plano de Dados(ASIC)
![Page 27: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/27.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
SDN Controller (software)
Programação(ex.: OpenFlow)
Aplicações
Exemplos atuais: Wireless controllers, PfR, Nexus 1000V,
etc.
![Page 28: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/28.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Conceitos de SDN:
Overlays Virtuais (“Modêlo 2”)
![Page 29: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/29.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Rede IP
CGHSDU
Controle de Tráfego Aéreo
Pacotes
Exemplos atuais: MPLS, IPSec, OTV, e muitos outros
![Page 30: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/30.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Overlays Virtuais
Servidor Virtualizado (hypervisor)
Servidor Virtualizado (hypervisor)
Servidor Virtualizado (hypervisor)
Software
Software
SoftwareVM
VM
VM
VM
VM
VM
VM
VM
VM
![Page 31: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/31.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
O que SDN pode trazer de diferencial HOJE?
COMO fazer uma implementação não-disruptiva?
E como fica o suporte
(dias 2, 3, e assim por diante)?
Perguntas Válidas
![Page 32: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/32.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Overlays Multi-hypervisor
(VXLAN e NVGRE)
onePK(API padronizada)
eXtensible Network Controller
(XNC)
Components do Cisco ONE
![Page 33: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/33.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
XNC: Roteamento Baseado em Latência
![Page 34: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/34.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
ACI – Application Centric Infrastructure
Draw a software boundary around collection of switches to make a system
Policies Who can talk to whom What about Topology control Ops stuff
API
Distributed policy enforcement Just in-time resolution
Performed by embedded policy enforcement agents (PEs)
Application Policy
Infrastructure Controller
![Page 35: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/35.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Projeto "open source" formado por líderes da indústria sob a Linux Foundation com o objetivo de avançar a adoção de Software Defined Networking (SDN) através da criação de um framework suportado por vários fabricantes
Platinum Gold Silver
Open Daylight
![Page 36: Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de](https://reader034.vdocuments.mx/reader034/viewer/2022042714/551a9559550346b52d8b6018/html5/thumbnails/36.jpg)
Obrigado.