360 likes | 453 Views
Data Center Virtualização e P rogramabilidade. Roger Oliveira Engenheiro de Sistemas Setor Público. Agenda. Redes Virtuais Serviços de redes Virtuais SDN e Redes Programáveis. App. App. App. App. App. App. App. App. App. App. App. App. OS. OS. OS. OS. OS. OS. OS. OS.
E N D
Data Center Virtualização e Programabilidade Roger Oliveira Engenheiro de Sistemas Setor Público
Agenda • Redes Virtuais • Serviços de redes Virtuais • SDN e Redes Programáveis
App App App App App App App App App App App App OS OS OS OS OS OS OS OS OS OS OS OS Problema: Como ConectarVMs? Hypervisor Hypervisor Hypervisor
App App App App App App App App App App App App OS OS OS OS OS OS OS OS OS OS OS OS vSwitch vSwitch vSwitch Solução: vSwitch (2003) Hypervisor Hypervisor Hypervisor
App App App Def. Rede Def. Rede OS OS OS Def. Rede vSwitch vSwitch vSwitch Problema: Como Mover VMs em Escala? Hypervisor Hypervisor Hypervisor
App App App Def. Rede Def. Rede OS OS OS Def. Rede vSwitch vSwitch vSwitch vNetwork Distributed Switch Solução: Distributed Virtual Switch (2008) Nexus 1000V Hypervisor Hypervisor Hypervisor
Componentes do Nexus 1000V Virtual Ethernet Modules (VEM) Até 128 VEMs* o o o VEM VEM Administrador de Rede Administrador de Virtualização VSM Virtual Supervisor Module (VSM) vCenter
Switches Modulares Supervisor Supervisor VSMs Line Card Backplane Line Card o o o o o o Line Card Até128 VEMs Nexus 7000 Nexus 1000V
Port Profiles no Nexus 1000V… • Pode ser aplicadoparamúltiplasportas • Podeincluir: • VLANs • ACLs • NetFlow • QoS • Private VLANs • ... port-profile WEB switchport mode access switchport access vlan105 ip port access-group myacl in no shut vmware port-group state enabled
…Port Groups no vCenter port-profile WEB switchport mode access switchport access vlan105 ip port access-group myacl in no shut vmware port-group state enabled Port Group Port-group WEB vCenter Server
Agenda • Redes Virtuais • Serviços de redes Virtuais • SDN e Redes Programáveis
Formatos de Serviços de Rede “Appliance” Módulo Nexus 1000v Hypervisor Serviço Integrado Virtualizado
Nexus 1000V e ServiçosVirtuais Infraestrutura Virtual InfraestruturaFísica Cisco Virtual Security Gateway ImpervaSecureSphere WAF ASA 1000V CloudFirewall Network Analysis Module (vNAM) Zone A Cloud Services Router 1000V Citrix NetScaler1000V vWAAS Switches Zone B Servers WAN Router Nexus 1000V vPath VXLAN Multi-Hypervisor (VMware, Microsoft, RedHat*, Citrix*)
Virtual Security GatewayIntelligent Traffic Steering with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V Distributed Virtual Switch vPath VSG Initial Packet Flow 1 1 Log/Audit
Virtual Security GatewayIntelligent Traffic Steering with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V Distributed Virtual Switch vPath VSG Flow Access Control (policy evaluation) 2 2 Initial Packet Flow 1 1 Log/Audit
Virtual Security GatewayIntelligent Traffic Steering with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V Distributed Virtual Switch vPath VSG DecisionCaching 3 3 Flow Access Control (policy evaluation) 2 2 Initial Packet Flow 1 1 Log/Audit
Virtual Security GatewayIntelligent Traffic Steering with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM 4 4 Nexus 1000V Distributed Virtual Switch vPath VSG DecisionCaching 3 3 Flow Access Control (policy evaluation) 2 2 Initial Packet Flow 1 1 Log/Audit
Virtual Security GatewayPerformance Acceleration with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V Distributed Virtual Switch vPath VSG ACL offloaded to Nexus 1000V (policy enforcement) Remaining packets from flow Log/Audit
Virtual Security GatewayIntelligent Traffic Steering with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V Distributed Virtual Switch vPath VSG Initial Packet Flow 1 1 Log/Audit
Virtual Security GatewayIntelligent Traffic Steering with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V Distributed Virtual Switch vPath VSG Flow Access Control (policy evaluation) 2 2 Initial Packet Flow 1 1 Log/Audit
Virtual Security GatewayIntelligent Traffic Steering with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V Distributed Virtual Switch vPath VSG DecisionCaching 3 3 Flow Access Control (policy evaluation) 2 2 Initial Packet Flow 1 1 Log/Audit
Virtual Security GatewayIntelligent Traffic Steering with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM 4 4 Nexus 1000V Distributed Virtual Switch vPath VSG DecisionCaching 3 3 Flow Access Control (policy evaluation) 2 2 Initial Packet Flow 1 1 Log/Audit
Virtual Security GatewayPerformance Acceleration with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V Distributed Virtual Switch vPath VSG ACL offloaded to Nexus 1000V (policy enforcement) Remaining packets from flow Log/Audit
Agenda • Redes Virtuais • Serviços de redes Virtuais • SDN e Redes Programáveis
Conceitos de SDN: Inteligência Centralizada (“Modêlo 1”)
Plano de Controle (IOS) Dispositivo de Rede Atual (router, switch, ...) Plano de Dados (ASIC)
Aplicações SDN Controller (software) Programação (ex.: OpenFlow) Exemplos atuais: Wireless controllers, PfR, Nexus 1000V, etc.
Conceitos de SDN: Overlays Virtuais (“Modêlo 2”)
CGH SDU Controle de TráfegoAéreo Pacotes Rede IP Exemplos atuais: MPLS, IPSec, OTV, e muitos outros
Overlays Virtuais VM VM VM VM Software Software Servidor Virtualizado (hypervisor) Servidor Virtualizado (hypervisor) VM VM Servidor Virtualizado (hypervisor) Software VM VM VM
Perguntas Válidas E como fica o suporte (dias 2, 3, e assim por diante)? COMO fazer uma implementação não-disruptiva? O que SDN pode trazer de diferencial HOJE?
Components do Cisco ONE eXtensible Network Controller (XNC) Overlays Multi-hypervisor (VXLAN e NVGRE) onePK (API padronizada)
ACI – Application Centric Infrastructure API • Policies • Who can talk to whom • What about • Topology control • Ops stuff Application Policy Infrastructure Controller • Distributed policy enforcement • Just in-time resolution Performed by embedded policy enforcement agents (PEs) Draw a software boundary around collection of switches to make a system
Open Daylight Projeto "open source" formadoporlíderes da indústria sob a Linux Foundation com o objetivo de avançar a adoção de Software Defined Networking (SDN) através da criação de um framework suportadoporváriosfabricantes Platinum Gold Silver