1 / 25

Vblock & Cisco ACI update

Vblock & Cisco ACI update. Trey Layton VP, CTO VCE. SDN Use case definitions. Network Virtualization – Multi-Tenant. Logical segregated topology-equivalent networks across a data center, scaling beyond the typical limits today (4K VLANS).

eze
Download Presentation

Vblock & Cisco ACI update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Vblock & Cisco ACI update Trey LaytonVP, CTOVCE

  2. SDN Use case definitions Network Virtualization– Multi-Tenant Logical segregated topology-equivalent networks across a data center, scaling beyond the typical limits today (4K VLANS) Create location agnostic networks, across racks or across data centers, with VM mobility and dynamic reallocation of resources Network Virtualization– Stretched Networks Service Chaining Automation Create dynamic chains of L4-7 services (QoS, Security, Load-balancing) on a per tenant basis to accommodate self-service L4-7 service selection or policy based L4-7 services (example: turning on DDoS protection in response to detected threat) Provide operational visibility and troubleshooting capabilities on any port in a multi-switch deployment without use of distributed packet analysis devices Tap Aggregation Dynamic Reroute Provide dynamic authenticated programmable access to flow-level bypass using APIs to network switches and routers Create dynamic connections at internet interchanges between SP provided enterprise links or between SPs Dynamic Interconnect Virtual Edge– Residential & Business In combination with network feature virtualization initiatives, replace existing customer premise equipment (CPE) at residencesand businesses with lightweight devices moving complex traffic handling to point-of-presence or SP data center

  3. SDN Use case & segment alignment • Enterprise and Service Provider • Data Center and DMZ • Network Virtualization – Multi-Tenant • Network Virtualization – Stretched Networks • Service Chaining Automation • Tap Aggregation • Enterprise Campus • Enterprise Edge • Tap Aggregation, Operations Automation • Dynamic Reroute • Service Provider • Service Provider Core • Service Provider Edge • Service Chaining • Dynamic Reroute, Dynamic Interconnect,Bandwidth on Demand • Virtual Edge – Residential and Business SP

  4. Current Vblock system deployments L3 NETWORK CORE L3 L2 NETWORK DISTRIBUTION NX10G NETWORK ACCESS NEXUS 5000/5500 L2 VIRTUAL NETWORK ACCESS NEXUS 1000V SPECIALIZED SYSTEM DB SYSTEM 700 SYSTEM 300 SYSTEM 300

  5. Current Vblock system deployments L3 NETWORK CORE L3 L2 NETWORK DISTRIBUTION NX10G NETWORK ACCESS NEXUS 5000/5500 L2 VIRTUAL NETWORK ACCESS NEXUS 1000V SPECIALIZED SYSTEM DB SYSTEM 700 SYSTEM 300 SYSTEM 300

  6. Cisco Nexus 9000 Series Switches NEXUS® 9300 NEXUS® 9500 • High-Performance 10 Gbps/40 Gbps/100 Gbps Switch Family FCS Q1 2014 ACI-ready leaf line card 48 1/10G-T & 4 QSFP+ FCS Q4 2013 FCS Q4 2013 Aggregation line card 36 40G QSFP+ 481/10G SFP+ & 12 QSFP+ FCS Q1 2014 ACI-ready leaf line card 481/10G SFP+ & 4 QSFP+ FCS Q1 2014 961/10G-T & 8 QSFP+ SCALABLE1 GE/10 Gbps/40 Gbps/100 GE performance FCS Q1 2014 FCS Q4 2013 12-port QSFP+ GEM C9500 8-Slot • FLEXIBLE FORM FACTORS CAN ENABLE VARIABLE DATA CENTER DESIGN AND SCALING PERFORMANCE PORTS PRICE POWER PROGRAMABILITY

  7. Common Hardware Platform, Two Operational Models • Application Centric Infrastructure • NX-OS AGILITY ANDVISIBILITY SIMPLICITY AUTOMATION SCALE ANDPERFORMANCE SECURITY OPEN APIC PROGRAMMABILITY – 40 GigE – PRICE/PERFORMANCE Existing Network Model Q4 2013 Q2 2014

  8. WHAT IS VTEP? • Cto.vmware.com/network-virtualization-gets-physical/ • Switches from several vendors are now coming available with the ability to terminate VXLAN tunnels. • VXLAN tunnel end points or Hardware VTEPs • VXLAN tunnel termination addresses the data plane aspects of mapping traffic from the physical to the virtual world. • NSX controllers tell VTEPs what they need to know to connect the physical world to the virtual “at scale”

  9. Nexus 9500 System Scalabilities • In Standalone Mode (NX-OS) * Shared withIP hosts

  10. Nexus 9300 System Scalabilities • In Standalone Mode (NX-OS) * Shared with IP hosts

  11. Vblock Aggregation L3 NETWORK CORE Network Virtualization – Multi-Tenant Network Virtualization – Stretched Networks Service Chaining Automation Tap Aggregation VSPINE “CY14” L2-7 NETWORK SPINE NEXUS 9500 APIC NX40G ACI FABRIC INFRASTRUCTURE CONTROLLERS NETWORK LEAF NEXUS 9300 L2-7 CISCO AVS or VMWARE VDS VIRTUAL NETWORK ACCESS VBLOCK 1 VBLOCK 2 VBLOCK 3 VBLOCK 4 SPECIALIZED SYSTEM DB SYSTEM 700 SYSTEM 300 SYSTEM 300

  12. Going beyond sdn use cases

  13. How networks are programed • APPLICATION CLIENT APPLICATION DEPLOYEDDepicts the application’s service chain Storage Storage DB Tier App Tier Web Tier

  14. How networks are programed • APPLICATION CLIENT APPLICATION DEPLOYEDDepicts the application’s service chain Storage Storage DB Tier NETWORK PROVISIONEDEach network device is programed with static address and VLAN segmentation parameters App Tier Web Tier 10.10.1.0 = vlan 11 10.10.2.0 = vlan 12 10.10.3.0 = vlan 13 10.10.4.0 = vlan 14 10.10.5.0 = vlan 15 10.10.6.0 = vlan 16 10.10.7.0 = vlan 17 10.10.8.0 = vlan 18 VM BM BM BM VM VM VM VM VM VM VM

  15. Application Policy Model and Instantiation • APPLICATION CLIENT APPLICATION POLICY MODELDefines the application requirements (application network profile) Storage Storage DB Tier APIC POLICY INSTANTIATIONEach device dynamically instantiates the required changes based on the policies App Tier Web Tier VM VM • 10.9.3.37 • 10.32.3.7 • 10.2.4.7 • All forwarding in the fabric is managed through the application network profile • IP addresses are fully portable anywhere within the fabric • Security and forwarding are fully decoupled from any physical or virtual network attributes • Devices autonomously update the state of the network based on configured policy requirements VM VM VM VM VM

  16. ACI Introduces Logical Network Provisioning of Stateless Hardware APPLICATION SERVICE CHAIN WEB APP DB QoS QoS QoS Outside (Tenant VRF) Service Filter Filter APIC ACI Fabric APPLICATION POLICY INFRASTRUCTURE CONTROLLER NX40Gbps Fabric APPLICATION SERVICE CHAIN = END POINT GROUP (EPG) IN ACI TERMINOLOGY

  17. Policy Coordination with VM Managers • Virtual Integration • Network policy coordination with virtualization managers • Automatic virtual endpoint detectionand policy placement • Policies consistently implemented in virtual and physical • Network policy stays sticky with VM HYPERVISOR MANAGEMENT NETWORK POLICY COORDINATION APIC Web App DB APP SERVICE CHAIN Web App DB VMATTACH/DETACH NOTIFICATION VM MOBILITY NOTIFICATION PortGroup PortGroups VM Networks

  18. EPG WILL SpaN Across VMM Domains The Fabric normalizes VLAN’swhich allows re-use and efficient communication across VMM Domains VMM DOMAIN 1 VMM DOMAIN 2 vCenter vCenter vShield vShield Hosts Hosts An EPG can be spread across multiple VMM Domains (common policy across Domains) VMM Domain 1 VMM Domain 1 4000 EPGs DB EPG App EPG Web EPG App EPG VM VM VM VM VM VM VM VM VM

  19. ACI Layer 4 – 7 Service Integration • Centralized, Automated, and Supports Existing Model • Elastic service insertion architecture for physical and virtual services • Helps enable administrative separation between application tier policy and service definition • APIC as central point of network controlwith policy coordination • Automation of service bring-up/tear-down through programmable interface • Supports existing operational model when integrated with existing services • Service enforcement guaranteed, regardless of endpoint location POLICY REDIRECTION APP TIER A APP TIER B Web Server App Server APPLICATION ADMIN Chain “Security 5” inst inst “SECURITY 5” CHAIN DEFINED Service Graph Providers … … ….. Web Server Web Server Begin Stage 1 Stage N End inst inst SERVICE ADMIN SERVICE PROFILE Firewall Load Balancer ……

  20. VM VM DB VM VM DB VM VM DB VM VM DB VBLOCK WITH ACI Fabric • 64,000+ Dedicated, One-Hop Tenant Networks QFP QFP QFP QFP APIC • 1 million+ IPv4 and IPv6 endpoints within a single fabric • 64,000+ tenants within a single fabric • 200,000+ 10 Gb ports • Any service anywhere for physical and virtual • Normalizes encapsulations for VXLAN, VLAN, and NVGRE • No need for additional software or hardware gateways to connect between physical and virtual • No latency penalty and no throughput penalty

  21. VBLOCK Application AwarenessApplication-Level Visibility • ACI Fabric provides the next generation of analytic capabilities • Per application, tenants, and infrastructure • Latency • Atomic counters • Resource consumption • Health scores • Integrate with workload placementor migration • DB TIER • WEB TIER • APP TIER APIC • PetStore Dev • Leaf 1 and 2 • Spine 1 – 3 • Atomic counters • PetStore Prod • Leaf 2 and 3 • Spine 1 – 2 • Atomic counters • PetStore QA • Leaf 3 and 4 • Spine 2 – 3 • Atomic counters VXLAN PER-HOP VISIBILITY PHYSICAL AND VIRTUAL AS ONE

  22. Example • Provider Admin User: pepsi_operations User: pepsi_admin User: admin UNIVERSE Domain: Pepsi Domain: all Domain: Pepsi Roles: ep-stats, ep-events Role: admin Role: infra-admin Network Profile Coke QoS Policy Fabric1 Port Stats Network Profile Pepsi Access Policy Switch1 Switch2 Switch3 Network Pepsi-Net Endpoint Group Pepsi-DB Named ref: QoS Policy LC1 LC2 L3 Network PepsiL3Net L2 Network PepsiL2Net PortN Port1 PortN-1 Endpoints INFRASTRUCTURE SHARED POLICIES TENANT NETWORK PROFILES, EPGS, AND EPS

  23. Application Policy Infrastructure Controller Centralized Automation and Fabric Management Unified point of data center networkautomation and management • Application-centric network policies • Data model-based declarative provisioning • Application, topology monitoring, and troubleshooting • Third-party integration (Layer 4 – 7 services, storage, compute, WAN, etc.) • Image management (Spine/Leaf) • Fabric inventory Single APIC cluster supports one million+ endpoints, 200,000+ ports, 64,000+ tenants Centralized access to all fabric information – GUI, CLI, and RESTful APIs Extensible to compute and storage management Device Management Vblock Management Storage Management Orchestration Management Layer 4..7 Open RESTfulAPI Storage SME Server SME Network SME Security SME App SME OS SME Vblcok SME APIC Policy-based Provisioning

  24. NETWORK TELEMETRY EXTENSIBLE SCRIPTING MODEL DB WEB APP HEALTHSCORE 96% F/W L/B L/B APP POLICY ACI FABRIC NETWORK SPINE 7 3 VM’s PHYSICAL APIC VISIBILITY WEB WEB WEB APP APP APP DB DB DB LOAD BALANCER 5 NX40G FIREWALL LATENCY API INTEGRATION App-Mobility App-Mobility MICROSECOND(S) APP PROFILE 25 DROPCOUNT NETWORK LEAFS PACKETS DROPPED VIRTUAL NETWORK ACCESS VBLOCK TELEMETRY VBLOCK 1 VBLOCK 2 VBLOCK 3 VBLOCK 4

More Related