defining sdn - clnchina.com.cnicon.clnchina.com.cn/images/sdn_overview.pdf · onepk api openflow...
TRANSCRIPT
© 2013 Cisco and/or its affiliates. All rights reserved. 2
Defining SDN Overview of SDN Terminology & Concepts
Presented by:
Shangxin Du, Cisco TAC
Panelist:
Pix Xu
Jan 2014
3 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 4
1.1.1.1/24 2.2.2.2/24
SVI 1.1.1.2/24 SVI 2.2.2.1/24
vlan 11 vlan 22 trunk
© 2013 Cisco and/or its affiliates. All rights reserved. 5
1.1.1.1/24 2.2.2.2/24
Src Dest In Out
1.1.1.1 2.2.2.2 Port1 Port2
2.2.2.2 2.2.2.2 Port2 Port1
Src Dest In Out
2.2.2.2 1.1.1.1 Port1 Port2
1.1.1.1 1.1.1.1 Port2 Port1
© 2013 Cisco and/or its affiliates. All rights reserved. 6
“A platform for developing new
control planes” “An open solution for VM
mobility in the Data-Center”
“An open solution for customized flow forwarding
control in and between Data Centers”
“A means to do
traffic engineering
without MPLS”
“A way to
scale my
firewalls and
load
balancers”
“A solution to build a very large scale
layer-2 network”
“A way to build my own
security/encryption solution”
“A way to reduce the
CAPEX of my network
and leverage commodity
switches”
“A way to optimize broadcast TV delivery
by optimizing cache placement and
cache selection”
“A means to scale my fixed/mobile
gateways and optimize
their placement”
“A solution to build virtual
topologies with optimum
multicast forwarding behavior”
“A way to optimize link utilization in my network
enhanced, application driven routing”
“A means to get assured
quality of experience for
my cloud service offerings”
“A way to distribute policy/intent, e.g.
for DDoS prevention, in the network” “A way to configure my entire network
as a whole rather than individual
devices”
“A solution to get a global view of the
network – topology and state”
“Develop solutions at software speeds: I don’t
want to work with my network vendor or go
through lengthy standardization.”
“A solution to automated network
configuration and control”
6
© 2013 Cisco and/or its affiliates. All rights reserved. 7
“ … In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications … “
“ … open standard that enables researchers to run experimental protocols in campus networks. Provides standard hook for researchers to run experiments, without exposing internal working on vendor devices … “
https://www.opennetworking.org/images/stories/downloads/white-papers/wp-sdn-newnorm.pdf
http://www.openflow.org/wp/learnmore/
© 2013 Cisco and/or its affiliates. All rights reserved. 8
“ … In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications … “
“ … open standard that enables researchers to run experimental protocols in campus networks. Provides standard hook for researchers to run experiments, without exposing internal working on vendor devices … “
https://www.opennetworking.org/images/stories/downloads/white-papers/wp-sdn-newnorm.pdf
http://www.openflow.org/wp/learnmore/
© 2013 Cisco and/or its affiliates. All rights reserved. 9
• Control plane and data plane components are typically* co-located on the same device
I/O Module (Line Card)
Supervisor
I/O Module (Line Card)
I/O Module (Line Card)
Control Plane:
Routing protocols (i.e. OSPF, IS-IS, BGP),
Spanning Tree, SYSLOG, AAA (Authentication
Authorization Accounting), CLI, SNMP
Data Plane:
L2/L3 switching, MPLS forwarding, VRF
forwarding, QoS, Marking, Classification,
Policing, ACLs
* Plenty of exceptions exist
© 2013 Cisco and/or its affiliates. All rights reserved. 10
I/O Module (Line Card)
Supervisor
I/O Module (Line Card)
I/O Module (Line Card)
Control Plane:
Routing protocols (i.e. OSPF, IS-IS, BGP),
Spanning Tree, SYSLOG, AAA (Authentication
Authorization Accounting), CLI, SNMP
Data Plane:
L2/L3 switching, MPLS forwarding, VRF
forwarding, QoS, Marking, Classification,
Policing, ACLs
“Intelligence & State”
(Controller)
I/O Module (Line Card)
I/O Module (Line Card)
I/O Module (Line Card)
I/O Module (Line Card)
I/O Module (Line Card)
I/O Module (Line Card)
Network Element Network Element
© 2013 Cisco and/or its affiliates. All rights reserved. 11
Controller
Agent
Applications
Vendor-
specific APIs
OpenFlow,
PCEP,
I2RS
Traditional SDN
Vendor
Specific
(e.g. onePK)
Control Plane
Data Plane
© 2013 Cisco and/or its affiliates. All rights reserved. 12
• Some network delivered functionality benefits from logically centralized coordination across multiple network devices
Functionality typically domain, task or customer specific
Typically multiple Controller/Agent pairs are combined for a network solution
• Controller
Process on a device interacting with a set of devices using a set of APIs or protocols
Offer a control interface/API
• Agent
Process on a device that delivers a task/domain specific function
Controller Agent
APIs
Agent APIs
Agent APIs
Agent APIs
APIs
Analyze
Act
Observe Notify
Gather
Controller
Agent
© 2013 Cisco and/or its affiliates. All rights reserved. 13
1
3
Application Frameworks, Management Systems, Controllers, ...
Device
Forwarding
Control
Network Services
Orchestration
Management
“Protocols”
onePK API & Agent Infrastructure
…
…
I2RS PCEP Neutron* OpenFlow
OpenFlow Agent
OMI Chef
Chef Agent
Puppet BGP-LS onePK
Operating Systems – IOS / IOS XE / NX-OS / IOS XR
BGP Diameter
Radius …
Puppet Agent
OMI Agent
Neutron* Agent
BGP-LS Agent
PCEP Agent
I2RS Agent
*a.k.a. Quantum
© 2013 Cisco and/or its affiliates. All rights reserved. 14
• Networking already leverages a number of different Controllers and Agents
Controller/Agent pairs always serve a specific task (or set of tasks) in a specific domain
• System design tradeoff between Controller/Agent and fully distributed control
Control loop requirements differ per function/service and deployment domain
Session Border Control
Wireless LAN Control
Path Computation
SIP-proxy/
SBC WLC
AP AP AP PCC PCC PCC
PCE
H.248 CAPWAP PCEP
SBC B2BUA
SBC B2BUA
SBC B2BUA
© 2013 Cisco and/or its affiliates. All rights reserved. 15
Controller
Data Plane
Applications
Vendor-
specific APIs
OpenFlow,
PCEP,
I2RS
Traditional SDN
Vendor
Specific
(e.g. onePK)
Controller
Data Plane
Applications
Vendor-
specific APIs
OpenFlow,
PCEP,
I2RS
Control Plane
Hybrid SDN
Vendor
Specific
(e.g. onePK)
© 2013 Cisco and/or its affiliates. All rights reserved. 16
Application Software
Infrastructure Software
Embedded Software
Hybrid Control plane:
Distributed control combined with
logically centralized control for
optimized behavior
(e.g. reliability and performance)
Fully Distributed Control Plane:
Optimized for reliability
17 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 18
• OpenDaylight is an open source project under the Linux Foundation with the mutual goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common industry supported framework.
• For more information:
www.opendaylight.org
https://wiki.opendaylight.org/view/Main_Page
© 2013 Cisco and/or its affiliates. All rights reserved. 19
OpenFlow 1.x Protocol onePK API
Flow Management Forwarding Logic Device Management
Network Slicing
Applications (Cisco) Applications (Customer) Applications (3rd party)
Northbound API
Controller built-in Applications
Built-
in G
UI fo
r M
anagem
ent
Apps/Applications
Network Troubleshooting
Controller Core Infrastructure
Southbound APIs (onePK, OneFlow,…)
Custom Routing
onePK onePK OpenFlow OpenFlow
…
• Platform for generic control functions – state consolidation across multiple entities
• Current Showcase Examples
Flexible Network Partitioning and Provisioning (“Slicing”)
Network Troubleshooting
Custom Routing
• Java-based
20 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 21
• Original Motivation
Research community’s desire to be able to experiment with new control paradigms
• Base Assumption
Providing reasonable abstractions for control requires the control system topology to be decoupled from the physical network topology
• OpenFlow was designed to facilitate separation of control and data planes in a standardized way
• Current OpenFlow specification defines an abstract flow-based switch model (OpenFlow switch) and a standardized interface (OpenFlow protocol)
OpenFlow switch: An abstraction of an Ethernet switch; currently focused on Forwarding abstraction
OpenFlow protocol: A communication protocol that provides access to the forwarding plane of an OpenFlow switch
© 2013 Cisco and/or its affiliates. All rights reserved. 22
Data Path Policy Element Route
Utility Others Discovery Developer
Java Python C REST
IOS NX-OS IOS XR
DEVELOPER ENVIRONMENT • Language of choice
• Programmatic interfaces
• Rich data delivery via APIs
COMPREHENSIVE SERVICE SETS • Better apps
• New services
• Monetization opportunity
CONSISTENT PLATFORM SUPPORT • IOS
• NX-OS
• IOS XR
DEPLOY • On a server blade
• On an external server
• Directly on the device
© 2013 Cisco and/or its affiliates. All rights reserved. 23
Applications
API
Management
Orchestration
Infrastructure Services
Virtual Devices
Physical Devices
Peering Model
Virtual and Physical Devices
Controller
Applications, Control Programs
API
API
Hierarchical Model
(followed by traditional SDN)
© 2013 Cisco and/or its affiliates. All rights reserved. 24
Resource Orchestration, Management
Applications (End-User and System Applications)
Virtual and Physical Infrastructure
Programmatic Interfaces
© 2013 Cisco and/or its affiliates. All rights reserved. 25
Resource Orchestration, Management
Applications (End-User and System Applications)
Virtual and Physical Infrastructure
Programmatic Interfaces
Controllers and Agents
Platform
APIs
26 © 2013 Cisco and/or its affiliates. All rights reserved.
Network
© 2013 Cisco and/or its affiliates. All rights reserved. 27
• NfV initiative announced at SDN and OpenFlow World Congress, October 2012
Industry Specification Group (ISG) with ETSI
• Leveraging cloud technology to support virtualizing specific network functions
vSwitch (Nexus 1000v)
vRouter (CSR1000v) vISE
vFW (ASA 1000v)
vWAAS vESA vWLC
vRouteReflector vNAM vVideoCache
VSG
vWSA
Nexus/Catalyst ASR/ISR/CRS Identity/Policy - ISE Firewall - ASA
WAAS Email Security - ESA Wireless LAN Controller
IOS/XR RR Video Cache Web Security - WSA Network Analysis -
NAM
Security Gateway
27
© 2013 Cisco and/or its affiliates. All rights reserved. 28
Controller
Data Plane
Applications
Vendor-
specific APIs
OpenFlow,
PCEP,
I2RS
Traditional SDN
Vendor
Specific
(e.g. onePK)
Controller
Data Plane
Applications
Vendor-
specific APIs
OpenFlow,
PCEP,
I2RS
Control Plane
Hybrid SDN
Applications
Virtual Switch Overlays
Overlay
Protocols
(e.g. VXLAN)
Vendor-
specific APIs
Overlays Networks
Control Plane
Data Plane
Overlays
Vendor-
specific APIs
Applications
Programmable APIs
Control Plane
Data Plane
Vendor
Specific
(e.g. onePK) Vendor
Specific
(e.g. onePK)
© 2013 Cisco and/or its affiliates. All rights reserved. 29
You start with a
Physical Switch
Network
Physical Devices and
Physical Connections
© 2013 Cisco and/or its affiliates. All rights reserved. 30
Then you add an
overlay
Overlay provides
base for logical
network
© 2013 Cisco and/or its affiliates. All rights reserved. 31
Logical “switch”
devices overlay the
physical network
Underlying physical
network carries data
traffic for overlay network
They define their own
topology
© 2013 Cisco and/or its affiliates. All rights reserved. 32
Multiple “overlay”
networks can co-exist
at the same time
Overlays provides logical
network constructs for
different tenants (customers)
© 2013 Cisco and/or its affiliates. All rights reserved. 33
• Virtual Overlays in the SDN context usually refers to host-based encapsulation and forwarding
Extended L2 connectivity and scalability
Secure Segmentation (Multi-tenant environments, etc.)
• Stateless Tunneling Mechanisms
No static tunnel setup required
Frame formats recognized by hosts and treated as tunneled frame
• Ethernet frames encapsulated in IP packet
Physical network uses outer IP header to forward tunneled traffic
• 3 popular hypervisor-based overlay technologies:
Virtual Extensible Local Area Network (VXLAN)
Network Virtualization using Generic Routing Encapsulation (NVGRE)
Stateless Transport Tunneling (STT)
34 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 35
Compute (Nova)
Self-service provisioning of virtual machines through a software API
Object Storage (Swift)
Massively scalable, distributed object store
Network Service (Quantum)
For tenant created, virtual isolated networks and subnets, and services
Your Application
© 2013 Cisco and/or its affiliates. All rights reserved. 36
Apps
APIs
Network
Apps
Controller
OpenFlow
Device
Device w/
OpenFlow
Device
Other
Agents
Apps
Network
Physical
and
Virtual
Integrated Network Overlays
© 2013 Cisco and/or its affiliates. All rights reserved. 37
• Cisco Open Network Environments
www.cisco.com/go/one/
• Cisco Developer Network (CDN)
developer.cisco.com/web/onepk-developer/
• OpenDaylight
www.opendaylight.org
Thank you.