colin dixon - delivering network innovation with sdn
TRANSCRIPT
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC.
Colin DixonTechnical Steering Committee Chair, OpenDaylightPrincipal Engineer, BrocadeSome content from: David Meyer, Neela Jaques, and Kevin Woods
Delivering Network Innovation with SDN
Networks have not adapted to demands
• Last 20 years à radically shifting network demands‒massively increased scale (# of endpoints, switches, bytes, flows, etc.)‒ static endpoints (weeks–months) à dynamic endpoints (hours–days)‒mostly north-south traffic à mostly east-west traffic
• By contrast, networks haven’t changed much‒ Link speeds have gone up, but…‒ Still largely manage networks device-by-device via the CLI‒ If you’re lucky, orchestration at the granularity of a few devices
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 2
Things need to change
• Device-by-device à Network-wide• Open Standards à Open Standards + Open Source• Proprietary Software à Open Source• Networking, Storage, Compute à Converged IT• Hardware à Software
• To a large extent, this is the rise of open source networking
HTTP://WWW.THENEWIP.NET/DOCUMENT.ASP?DOC_ID=711461 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 3
control
mgmt
control
mgmt
control
mgmt
Solution: disaggregation and open software
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 4
Vendor A Vendor B Vendor C
LogicallyCentralized
SDN Controller
Northbound API
Industry StandardControl/Management
ProtocolsStandardModelingLanguage
Vendor A
control
mgmt
• Network-wide operation• Open control, management and orchestration
using open control protocols/modeling langs• Independent innovation at each layer of the stack
control
mgmt
Vendor B Vendor C
control
mgmt
• Device-by-device operation• Proprietary, vendor-specific vertical stacks for
control, management and orchestration• Limited innovation in individual silos
What a Controller Does
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 5
CONTROLLERPLATFORM
Applications and ServicesAllows software developers to innovate applications that get information from the
network and control the network
Network – Switches and Routers
Allows network equipment suppliers to create plugins and information models for
their equipment that improve manageability and lowers costs
Service Abstraction LayerCommon Services
Standardized REST API
Standard Interfaces and Plugins
BGP-LSPCE-P
Customer Developed Applications
Vendor Developed Applications
NETCONF
YANGOVSDBSNMPOpenFlow
1.0 / 1.3
NeutronPlugin
Vendor-Specific Plugins
Why Open Source?
HTTPS://18F.GSA.GOV/2014/11/26/HOW-TO-USE-MORE-OPEN-SOURCE/ © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 6
• Avoid vendor lock-in
• Have a seat at the table
• Faster innovation
• Easier integration “It's important that every Federal CIO, CTO, Architect, and Program Manager seeking to build or procure new IT projects understand that open source exists, that it can be of high quality and highly reusable, and how to use it securely.”
Open Source SDN Projects of Note
• Open vSwitch: programmable s/w in the Linux kernel [data plane]• OpenDaylight: industry-wide SDN controller [control/mgmt plane]• OpenStack: IT-wide orch. (Neutron for networks) [orchestration]
• Many, many others: Open Network Linux, ONOS, CloudRouter, Quagga, OVN, ONIE, Open Compute, Prescriptive Topology Manager, SocketPlane, Weave, Akanda, MidoNet, OpenContrail
HTTP://WWW.JEDELMAN.COM/HOME/OPEN-SOURCE-NETWORKING © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 7
Open Source vs. Open Standards
• define interfaces well‒ in human-readable documents
• define behavior with some ambiguity• usually move slowly• leave interoperability testing to
others, e.g., users, integrators• sometimes provide open
source implementations
• define interfaces well‒ in code
• define behavior in code so it can be tested and understood• move and adapt quickly• can do interoperability testing as
part of development• often implement open standards
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 8
Open Standards Open Source Projects
Is open source secure?
• In general, open source is considered to bemore secure that closed source software‒ “given enough eyeballs, all bugs are shallow” –Linus
• Very strong security response process‒ Fixed critical vulnerabilities and shipped a new release in <4 days
• Device/user interfaces can be secured‒OF over SSL, NETCONF over SSH, RESTCONF over HTTPS w/auth
• Starting with Lithium, releases will be cryptographically signed
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 9
Defining “Open” in Open Source
• Who can contribute?• Who does contribute?• How are decisions made? who
can comment? who can vote?• What license does it use?
• Does it integrate with other solutions from other vendors?• Does it have an API?• Does it follow open standards?• Is it based on open source
components?• Does it upstream to open source
projects?
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 10HTTP://WWW.NETWORKCOMPUTING.COM/50-SHADES-OF-OPEN-SDN/A/D-ID/1234771
HTTP://WWW.OPENDAYLIGHT.ORG/BLOGS/2014/03/DEGREES-OPEN
Ask about projects Ask about products
“Simply stated, OpenDaylight is as open as open gets.”
What is OpenDaylight?OpenDaylight is an Open Source Software project under the Linux Foundationwith the goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common industry supported platform.
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 11
To create a robust, extensible, open source code base that covers the major common components required to build an SDN solution
Code
To get broad industry acceptance amongst vendors and users:• Using it directly or through
vendor products• Vendors using OpenDaylight
in commercial products
Acceptance
To have a thriving and growing technical community contributing to the code base, using the code in commercial products, and adding value above, below and around.
Community
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 12
Base Network Service Functions
VTN Coordinator
DDoS Protection
SDNIWrapper
DLUX Web-based GUI
Custom Basic AuthN Filter AAA AuthN Filter Neutron AuthN
AD-SAL REST APIs MD-SAL RESTCONF (REST) APIs Neutron APIs
Topology Manager
Stats Manager
Switch Manager
Host Tracker
OpenStack(via Neutron)
OpenStack Neutron Service
OVSDB VTN Plugin2OC
Model-Driven Service Abstraction Layer (MD-SAL)API-Driven Service Abstraction Layer (AD-SAL) Clustering
Fwdng Rules Mgr
DOCSIS Service
LISPService
SDNI Aggregator
GBPService
Service Flow Chaining
L2Switch
SNBIOVSDB SNMP BGP PCEP NETCONF Plugin2OCOpenFlowPCMM/COPS LISP 1.0 1.3 TTP
OpenFlow1.0
Shared Data Models
RPCs and Notifications
AAA: Authentication, Authorization & AccountingAuthN: AuthenticationBGP: Border Gateway ProtocolCOPS: Common Open Policy ServiceDLUX: OpenDaylight User ExperienceDDoS: Distributed Denial Of Service
DOCSIS: Data Over Cable Service Interface SpecificationGBP: Group Based PolicyLISP: Locator/Identifier Separation ProtocolOVSDB: Open vSwitch DataBase ProtocolPCEP: Path Computation Element Communication ProtocolPCMM: Packet Cable MultiMedia
Plugin2OC: Plugin To OpenContrailSDNI: SDN Interface (Cross-Controller Federation)SNBI: Secure Network Bootstrapping InfrastructureSNMP: Simple Network Management ProtocolTTP: Table Type PatternsVTN: Virtual Tenant Network“Helium”
Core service wiring and dependencies
App/service-specific wiring and dependencies
Abstraction Layers
Controller Platform and Services
Southbound Interfaces and Protocol Plugins
Northbound/RESTAPIs
Authentication
Applications and Orchestration
ServicesLegend
Who is OpenDaylight
HTTPS://WWW.OPENHUB.NET/P/OPENDAYLIGHT © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 13
• ~300 code commits/week over last 12 months from 324 devs‒ 150 developers in last 30 days‒ 15,000+ commits in 12 months
OpenDaylight as the Common Platform
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 14
Companies that have announced products based on OpenDaylight
Analysts See Momentum
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 15
“OpenDaylight is quickly evolving into something formidable with good potential for mainstream relevancy.” – Andrew Lerner, Gartner
“OpenDaylight may be the third center of gravity”– Andrew Lerner, Gartner
An open source approach to software-‐defined networking (SDN) moved several steps closer this week to becoming a de facto standard. – Mike Vizard, IT Business Edge
“OpenDaylight is making steady progress cultivating a growing community of developers and users interested in adopting an open, common SDN controller platform.” – Brad Casemore, IDC Research Director for Datacenter Networks
Network VirtualizationSecurity
QoS and Traffic
Management
SDN Use Cases
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 16
Custom Analytics and Compliance
Big Data
WAN Optimization
Fault and Disaster
RecoveryResearch and New Protocols
Service Configuration
and Policy
SecurityNetwork-wide policy monitoring and enforcement
• Historically, policy is mostly‒ Rigidly enforced by the physical topology, e.g., firewall at the gateway‒ Configured “dynamically” via box-by-box Access Control Lists (ACLs)
• New policy efforts are changing this‒ Network Function Virtualization (NFV) and Service Function Chaining (SFC)‒ Automatically generated ACLs based on network-wide policy
• OpenDaylight is a proving ground for at least 3 policy-oriented projects‒ Service Function Chaining, Group-Based Policy, and Network Intent Composition
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 17
Network VirtualizationOpenDaylight integration with OpenStack Neutron
• OpenDaylight has a common Neutron “northbound” provider‒ 3 implementations in Helium‒ 4+ planned in Lithium
• Supports network virt. and‒ Distributed L3 forwarding‒ Security Groups‒ {LB,VPN}aaS
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 18
OpenDaylight
OpenContrail Provider
VTN Provider
Neutron Service
OpenStack Neutron
OVSDBProvider
Neutron ML2 MechanismDriver
OpenDaylight APIs (REST)
SDN is critical to IT-wide innovation
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 19
DevOps Tools
PythonLevel of Programm
ability
Scope of DomainNetwork Element Network IT Infrastructure
PythonR
ESTC
LIScripting
OpenDaylight
Classic
Network Management
Tools
Neutron
OpenStack
SDN is here, it’s time to use it
• SDN is the key to modernizing today’s networks‒ Enables flexibility and choice‒ Unlocks self-service innovation
• Open source is the force multiplier that makes SDN possible‒ Community leverage accomplishes more than any single supplier‒ Open philosophy shifts control from the suppliers to the consumer
• Commercial versions of open source controllers are production-ready with support‒ e.g., the Brocade Vyatta Controller based on unmodified OpenDaylight‒ Brocade upstreams all changes to to OpenDayilght
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 20
• Figure out what infrastructure you have that is SDN-ready‒ Some key protocols: NETCONF, OpenFlow, OVSDB‒ Make current/future acquisitions call for this
• Ask your suppliers hard questions about software, agility, and openness—it’s not just open standards anymore
• Download the code and start testing/deploying it‒ http://www.opendaylight.org/software/downloads‒ http://www.brocade.com/products/all/software-defined-networking/brocade-vyatta-controller/index.page
What to do next
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 21