the future of network overlays for virtualization
TRANSCRIPT
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 1
Evolution of Overlay NetworkingVictor MorenoDistinguished Engineer, Marketing
August 2012
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Agenda• Why Overlay Networks?
• Host & Network Overlays today
• Hybrid Overlays
• Benefits of the Overlay Control Plane
• Summary: Overlay evolution in the Data Center
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Robust Underlay Network• High Capacity Resilient Fabric
• Intelligent Packet Handling
• Programmable
Flexible Overlay Network• Mobility – Track end-point attach at edges
• Scale – Reduce core stateDistribute and partition state to network edge
• Flexibility/ProgrammabilityReduced number of touch points
Why Overlays?
Seek well integrated best in class Overlays and Underlays
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
vxlan 21
VM
VM
vxlan 22
vxlan 23
GWY
VM
web
app
db
VSG
Tenant 2
IP1
Multi-tier Virtual App = VMs + Segments + GWY
Overlays enable the creation of virtual Segments
• Small Segments
• Mobile: Can be instantiated anywhereMove along with VMs as necessary
• Very large number of segmentsDo not consume resources in the network core
• Host overlays are initiated at the hypervisor virtual switch Virtual hosts only
• GWY to connect to the non-virtualized world
• VXLAN shipping since 2011 on Cisco Nexus 1000v, other variants: NVGRE, STT
Today: Host Overlays and Virtualization
vxlan 1
VM
VM
vxlan 2
vxlan 3
GWY
VM
web
app
db
VSG
tenant 1
IP1
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
DC-eastDC-west
Today: Network Overlays and Virtualization• Enable IP mobility and Segmentation Today
• Across L3 boundaries and organizations (without LAN extensions)
• Overlay Initiated at the physical switching infrastructure
Service physical hosts (as well as virtual hosts)
• LISP host mobility shipping on Nexus 7000, ISRs, ASR1K since early 2011
POD POD POD POD
IP Network
LISP IP mobility
VM
OSVirtual Hosts
Physical Hosts
VM
OS
VM
OS
VM
OS
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
DC-eastDC-west
Today: Combine Host and Network Overlays• Move virtual Applications (vApps) to private cloud PODs
Move VMs and virtual Segments (VXLANs)
• LISP host mobility allows the vApp GWY to roam
Maintain GWY IP address, segmentation and optimal reachability
POD POD POD POD
IP Network
LISP IP mobility
vxlan 1
VM
VM
vxlan 2
vxlan 3
GWY
VM
web
app
db
VSG
tenant 1
IP1
vxlan 1
VM
VM
vxlan 2
vxlan 3
GWY
VM
web
app
db tenant 1
vxlan 1
VM
VM
vxlan 2
vxlan 3
GWY
VM
web
app
db tenant 1
vxlan 1
VM
VM
vxlan 2
vxlan 3
GWY
VM
web
app
db tenant 1
vxlan 1
VM
VM
vxlan 2
vxlan 3
GWY
VM
web
app
db tenant 1
vxlan 1
VM
VM
vxlan 2
vxlan 3
GWY
VM
web
app
db tenant 1
But … how to integrate physical and virtual into one simple solution? Must evolve to a hybrid overlay
Virtual Access
Core
Hybrid Overlays: Virtual + Physical Networking
• Hypervisors introduce an additional tier in the network: The virtual Access (virtual Switch)
• VMs connect to the virtual Access
• Physical hosts connect to the physical Access
• Host overlays start at the virtual Access
• Network overlays start at the physical Access
• A hybrid overlay allows the combination of physical and virtual resources
The control plane of host overlays must evolve in order to do this successfully
IP Backbone
Aggregation
Access
HostsVM
OS
VM
OS
Virtual Physical
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Flood/glean assumes single attached sites
• Pure virtual environments
• Rely on data plane information
Physical overlays involve network resiliency
• Data plane information not sufficient
A control plane is required to provide:
• Loop resolution
• Multi-pathing
• Broadcast de-duplication
• Loop resolution
• Multi-pathing
• Broadcast de-duplication
The importance of a smart Control Plane
Core
Core
Core
✗
✗ ✗
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
• Network Database to enable:
• Unified service chaining (virtual + physical)On physical and virtual switches, hosts, and service nodes
• DDoS traffic redirection
Overlay Control Plane - Path Engineering
DC-EastDC-West
L3 Fabric L3 Fabric L3 Fabric
IP Network
LISP Overlay
App
OS
App
OS vSG vWAAS WAAS
Virtual DC Physical DC
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Overlay Control Plane - Network Programmability
• A mapping database (e.g. LISP) enables network programmability
Traffic Engineering
Policy enforcement
Big data analytics with per-application data
e.g. geo-location
Mapping System hosts
Addressing, Routing, Traffic Engineering and Service
Chaining profilesvxlan 1
VM
VM
vxlan 2
vxlan 3
GWY
VM
web
app
db tenant 1
vxlan 1
VM
VM
vxlan 2
vxlan 3
GWY
VM
web
app
db tenant 1
vxlan 1
VM
VM
vxlan 2
vxlan 3
GWY
VM
web
app
db tenant 1
Fetch policies on demand Programmability
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Federated/Normalized Overlays Vision
Inter-DC and Intra-DC – LISP Protocol + Any encapsulationVirtual and Physical Hosts
Layer 2 and Layer 3
Internet Scale
DC-eastDC-west
POD POD POD POD
IP Network
Normalized encapsulation
App
OS
App
OS
VXLAN encapsulation
LISP IP mobility
App
OS
App
OS
NVGRE (or other) Encapsulation
Private Network DB
Federated Network DB
Normalization GWY Normalization GWY
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Overlay Evolution in the Data Center
• Virtual end-points only
• Single admin domain
• VXLAN, NVGRE, STT
Tunnel End-points
• Physical and Virtual
• Resiliency + Scale
• x-organizations/federation
• Open Standards
Network Overlays Hybrid Overlays
App
OS
App
OS
Virtual Physical
Network DB
VMOS
VMOS
Virtual Virtual
VMOS
VMOS
Host Overlays
Physical Physical
• Router/switch end-points
• Protocols for resiliency/loops
• Traditional VPNs
• OTV, VPLS, LISP
Protocols Flooding
Thank you.