2nd sdn interest group session1 (121218)

©2012 – Big Switch Networks Inc. – Confiden;al and Proprietary

December 2012

Transforming Networking with Open SDN


Company and Vision


Architectural Disrup;ons Open architectures bring waves of innova;on

Disrup'on

Closed, Proprietary

Systems

Open Architectures

X86 Architecture

Compute Mobile Networking

Linux OS

3


Big Switch History Working on SDN since its incep;on

4

2007: OpenFlow v0.4 published at Stanford by

Stanford Clean Slate Lab (Guido)

2008: First physical and vSwitch betas appear at Stanford

2009: FlowVisor (Network

Virtualiza;on) Paper Published

(Rob)

2010: OpenFlow v1.0 Standard Published. Big Switch Networks

Founded.

1Q11: Beta pla[orm goes to first produc;on network with

first app

1Q12: Network virtualiza;on app goes in to

first beta

2Q12: Network monitoring

app goes in to first beta

Nov 2012: Company launches controller

pla>orm and first two SDN apps


Execu;ve Team Team Exper;se in Networking, Virtualiza;on & OpenFlow

Mansour Karam, VP Business Development •  Head of business development at Arista Networks

•  Principal Architect at Route Science •  Ph.D. Stanford University

Howie Xu, VP Engineering •  Head of VMware’s Networking Products •  Led network virtualiza;on disrup;on with innova;on of vSwitch, DVS, VMsafe, VXLAN

•  Led VMware network partnership including collabora;on with Cisco Nexus 1000V / UCS

Kyle Forster, President and co-‐founder •  PM for $100m Wireless Enterprise por[olio at Cisco

•  VP Product Management at Joost •  M.S. in CS and MBA Stanford University

Guido Appenzeller, CEO and co-‐founder •  Serial Entrepreneur, Founder and CTO at Voltage Security ($40m/year, profitable)

•  Faculty at Stanford University, led team that created the OpenFlow Standard

•  PhD in CS Stanford, Named to MIT TR100, World Economic Forum Technology Pioneer

Dave Butler, VP Sales •  VP, WW Sales and BD at Aruba •  VP, Sales at Fireeye, Inktomi •  VP, Interna;onal Sales at FORE Systems •  BS in Computer Science from Purdue Univ. •  MS in Computer Science from Univ. of Virginia

Jason Matlof, VP Marke;ng •  Mgr. PLM, Cisco – Catalyst switches •  VP, Marke;ng & Bus Dev at Neoteris •  VP, Remote Access Products, NetScreen &Juniper •  Partner, Bafery Ventures •  MBA Harvard University, BA UCLA

5


Board & Investors – $40M Raised Michelangelo Volpi •  Partner, Index Ventures •  Former head of the Router and Service Provider BU, Cisco

Shirish Sathaye •  Partner, Khosla Ventures. Led Seed and Series A in Aruba

•  Former VP Engineering Alteon Systems

Mark Leslie •  Former CEO Veritas, Lecturer Stanford GSB

•  Former Board Member of VMware, NetApp, Avaya

Bill Meehan •  Former Head of McKinsey High-‐Tech, Venture Prac;ces

•  Board of Juniper Networks, Lecturer Stanford GSB

Charlie Giancarlo •  Partner Silver Lake Partners •  Former EVP and Chief Development Officer, Cisco

Plus seed investments from a number of key industry execu'ves

Sa'sh Dharmaraj •  Partner, Redpoint Ventures •  Founder/CEO of Zimbra •  Investor in Cloud.com, Purestorage, StorSimple

6


vSwitch Switch

Switch

vSwitch

vSwitch vSwitch

vSwitch

vSwitch

Control Plane

Tier

Data Plane

Tier

Vision: 3-‐Tier SDN Architecture Next Genera;on Approach to Building Networks

7

SDN Controller Pla[orm

SDN Applica'ons

SDN Controller

SDN Data Plane

SD

N

Applica;

on

SD

N

Applica;

on

Applica'

on

Tie

r SD

N

Applica;

on


vSwitch Switch

Switch

vSwitch

SD

N

Applica;

on

SD

N

Applica;

on

vSwitch vSwitch

vSwitch

vSwitch

Applica'

on

Tie

r Co

ntrol Plane

Tier

Data Plane

Tier

Big Switch Open SDN Architecture Focusing on Open APIs, Open Core, Open Standards

8

�  Open APIs Northbound �  2 BSN applica;ons launched �  5 partner applica;ons in development

�  7 BSN applica;ons on the roadmap

�  Open Source Core �  More than 10K Floodlight downloads

since Jan 2012

�  Partner Driven Southbound �  Support for Physical & Virtual Devices �  12 physical and virtual switch products in

our interoperability regression tests

SD

N

Applica;

on

Floodlight"

SDN Controller Pla[orm


vSwitch Switch

Switch

vSwitch

Big Tap

Big Virtual

Switch

vSwitch vSwitch

vSwitch

vSwitch

Applica'

on

Tie

r Da

ta Plane

Tier

Three Products Available Today Big Switch Products Generally Available

9

1. Big Virtual Switch for network virtualiza;on

2. Big Tap for network monitoring

3. Big Network Controller as the Open SDN network applica;on pla[orm

All products interoperable with wide

range of OpenFlow physical switches and hypervisor vSwitches

Floodlight"

Big Network Controller

Control Plane

Tier


Open SDN Accelerates Partner Ecosystem Southbound Partnerships

Southbound APIs

Hypervisors / Virtual Switches

Northbound APIs


Formal Partnerships

Interoperability Tested

XenServer

BVS Big Tap

10

Physical switches and routers

Interoperability Tested

Formal Partnerships


Cloud Orchestra'on

Monitoring

ADC & Security

Northbound APIs

Switch

vSwitch

Switch

Southbound APIs


Open SDN Accelerates Partner Ecosystem Northbound Technology Partnerships

11

Floodlight"


Products


Big Virtual Switch – Network Virtualiza'on Applica'on L2/L3 Virtualiza;on enables 50% more VMs per rack.

Big Tap – Unified Network Monitoring Applica'on Cost-‐effec;ve network-‐wide visibility

Big Switch Product Suite

Big Network Controller – Network Applica'on Pla>orm Open SDN applica;on pla[orm

13

…currently


Big Network Controller Open SDN Network Applica;on Pla[orm

Selec;ve Broadcast


Enterprise Pla[orm Services

Open Source Core

Sta;s;cs, Analysis, Tracing, and Troubleshoo;ng

Topology Management

Enterprise Integra;on

High Availability & Performance

Scalability

Northbound API

Control Plane / Data Plane Interface

14


A Bit Of Tech CLI output…It is all RESTful

ctrl-‐mv-‐a> debug rest ***** Enabled display rest mode ***** beta-‐controller-‐mv-‐a> show link REST-‐SIMPLE: GET http://127.0.0.1:8000/rest/v1/model/feature/ REST-‐SIMPLE: GET http://127.0.0.1:8000/rest/v1/links REST-‐SIMPLE: GET http://127.0.0.1:8000/rest/v1/model/switch-‐alias/ REST-‐SIMPLE: GET http://127.0.0.1:8000/rest/v1/switches # Src SW DPID SrcPort SrcPort State Dst SW DPID Dst Port Dst Port State -‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ 1 SW-‐1 51 link-‐up SW-‐2 50 link-‐up 2 SW-‐1 52 link-‐up SW-‐3 50 link-‐up 3 SW-‐2 50 link-‐up SW-‐1 51 link-‐up 4 SW-‐2 51 link-‐up SW-‐3 51 link-‐up 5 SW-‐2 52 link-‐up SW-‐4 52 link-‐up 6 SW-‐3 50 link-‐up SW-‐1 52 link-‐up 7 SW-‐3 51 link-‐up SW-‐2 51 link-‐up 8 SW-‐3 53 link-‐up SW-‐4 53 link-‐up 9 SW-‐4 52 link-‐up SW-‐2 52 link-‐up 10 SW-‐4 53 link-‐up SW-‐3 53 link-‐up


ctrl1-‐mv-‐a> show host # MAC Address Address Space VLAN IP Address Switch/OF Port (Physical Port) Last Seen -‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐|-‐-‐-‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐|-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ 10 00:04:f2:f1:16:5b phones 8 10.192.8.74 SW-‐1/33 (Ethernet33) 0 minute 11 00:04:f2:f1:16:cb phones 8 10.192.8.75 SW-‐1/33 (Ethernet34) 0 minute 13 00:30:48:f9:cc:f7 phones 8 10.192.8.1+(1) SW-‐1/16 (Ethernet16) 0 minute 14 00:a0:48:a9:bc:e4 office 16 10.192.16.2+(2) SW-‐1/16 (Ethernet16) 0 minute 16 00:80:f0:bb:8e:19 phones 8 10.192.8.78 SW-‐1/33 (Ethernet33) 0 minute 17 00:80:f0:bb:8f:cd phones 8 10.192.8.76 SW-‐1/33 (Ethernet35) 0 minute 22 c8:2a:14:30:da:06 office 16 10.192.20.185+(1) SW-‐3/24 (Ethernet24) 1 minute 23 c8:2a:14:42:ee:b3 office 16 10.192.20.152 SW-‐4/31 (Ethernet31) 0 minute 24 dc:9f:db:1a:47:e4 office 16 10.192.20.66 SW-‐1/46 (Ethernet46) 0 minute

ctrl1-‐mv-‐a> show flow-‐cache SrcMAC DesMAC SrcIP DesIP Proto SrcP DesP SrcSW Port 00:30:48:f9:cc:f7 00:04:f2:31:88:cd 10.192.3.1 10.192.8.16 udp(17) 67 68 SW-‐1 16 60:c5:47:3b:94:5a 40:6c:8f:23:81:02 10.192.20.105 10.192.20.21 tcp(6) 62078 57377 SW-‐1 46 b8:8d:12:26:61:56 40:6c:8f:23:81:02 10.192.20.134 10.192.20.21 udp(17) 5353 5353 SW-‐1 45 18:a8:6d:4e:1b:ce 30:8c:fb:48:93:5d 10.192.20.68 10.192.20.205 icmp(1) echo-‐req -‐ SW-‐1 46 40:6c:8f:13:35:21 14:10:9f:d2:b4:51 10.192.20.150 10.192.20.84 udp(17) 5353 5353 SW-‐4 34 3c:07:54:33:ca:79 00:30:48:f9:cc:f7 10.192.20.35 74.125.224.118 tcp(6) 49174 https(443) SW-‐3 31 40:6c:8f:1c:ff:3f 00:30:48:f9:cc:f7 10.192.20.120 67.228.168.216 tcp(6) 64202 http(80) SW-‐4 26 c8:2a:14:59:fc:c0 00:30:48:f9:cc:f7 10.192.20.80 74.125.224.117 tcp(6) 52856 https(443) SW-‐3 7

A Bit Of Tech Debugging Made Easy






17


Classic Datacenter Design Applica;on View vs. Physical Deployment

18

DB

(vlan 30

0)

Classic Applica;on Design

Classic Network Design

App

(vlan 20

0)

Web

(vlan 10

0)

Rack 1 (10.0.1.0)

Rack 2 (10.0.2.0)

Rack 3 (10.0.3.0)

+ =

Rack 1 Rack 2

Low U;liza;on, Incomplete Isola;on,

No Automa;on


Classic Datacenter Design Workload View vs. Physical View

19

Workload View Physical View Rack 1 Rack 2 Rack 3

db

app

web

Tenant-‐1

Tenant-‐3

Tenant-‐2


Classic Datacenter Design Workload View vs. Physical View

20

Workload View Physical View

db

app

web

Tenant-‐1

Tenant-‐3

Tenant-‐2

FW rule app2->db2

FW rule allow web7

ACL port 22 allow tcp 80

vlan 105-108

vlan 225-318

allow tcp 22

Rack 1 (10.0.0.1)

Rack 2 (10.0.0.2)

Rack 3 (10.0.0.3)


Classic Datacenter Design Low U;liza;on, Poor Isola;on, No Automa;on

21

+ =

What does this all mean?

Rack 1 Rack 2

FW rule allow web2

FW rule allow web7


vlan 105-108

vlan 225-318

…complexity that makes workload-‐level isola;on and automa;on of L2-‐L7 provisioning nearly impossible!


The Cost Of Classic Network Design Calendar Days, Trouble Tickets, Stranded Capacity, Stalled Projects

22 Source: team estimates based on interviews across 8 network architects in planning, pilots or production with IaaS architectures of 10 racks or more

5

20

40

Simple Prod Critical

40+ Networking Trouble Tickets To Deploy New

Workloads

Update VLAN and IP addr design docs

Wait for rack maintenance window

Provision ToR VLAN and ACLs

Wait for row maintenace window

Provision Agg VLAN and Subnet Route

Provision ADC VIP, Cert and Pool

Provision firewall rules

15+ Calendar Days To Deploy New Workloads

Stranded 40%

Compute Capacity

40%+ Stranded Compute Capacity Due

to VLAN/Subnet/Workload misalignment

FW rule app2->db2

FW rule allow web7


vlan 105-108

vlan 225-31

8

allow tcp 22

Stalled Automa;on / IaaS Projects


BVS For Network Virtualiza;on Using OpenFlow and Overlays

23

db

app

web

Tenant-‐1

Tenant-‐3

Tenant-‐2

1. Uses virtual network segments instead of VLANs for unlimited VM mobility, no physical placement constraints, no 4k limits

2. Exposes (and automates*) L4-‐L7 devices as shared services for mul;-‐tenant opera;onal model

3. Centralizes intra-‐tenant and inter-‐tenant configura'on and control APIs to ease automa;on and reduce opera;onal complexity without sacrificing performance

4. Connects to cloud orchestra'on for automated / self service provisioning

shared

vns t-‐1

vns t-‐2

vns t-‐3

vns web-‐4

vns app-‐4

vns db-‐4

Address S

pace t-‐4

*See 2013 partner roadmap.


Network Virtualiza;on: Big Virtual Switch Ul;mate Deployment Flexibility

24

Single subnet per tenant (aka single VLAN)

IP Address Range per tenant (aka EC2 Security Group)

Public IP and private subnets per tenant* (aka tenant w/ floa;ng IP)

L2 Fabric ✔ ✔ ✔

L3 Fabric ✔ ✔ ✔

OpenFlow Fabric ✔ ✔ ✔

Tenant IP Address Design

Provider IP

Add

ress Design

*See 2013 roadmap.


Network Virtualiza;on: Big Virtual Switch Ul;mate Deployment Flexibility

PURE OPENFLOW

Na;ve OpenFlow in Physical Switches Everywhere!

OF pSwitches

OF vSwitches

PURE OVERLAY

Overlay on top of a non-‐OF Physical Network

Non-‐OF pSwitches and Routers

OF vSwitches

HYBRID NETWORK VIRTUALIZATION

Combina;on of Physical Switch OpenFlow and Overlay

Non-‐OF ToR Switch

OF vSwitches

OF ToR Switch

Physical & Virtual Network Virtualiza;on without a forkliu upgrade

25


IaaS Workload Deployment In a world of IaaS, network virtualiza;on is required!

OpenStack

26

CloudStack*

vCenter (1GE and 10GE*)

*Under investigation with partners. See 2013 roadmap.

�  DevTest workloads (basic): automate provisioning of an L2 domain for mul;ple VMs

�  Enterprise 3-‐'er produc'on workloads (intermediate): automate provisioning of workloads with mul;ple L2 domains, firewalls and load balancers

�  Mission cri'cal workloads (advanced): automate provisioning of workloads spanning mul;ple racks (resiliency) and mul;ple datacenters (disaster recovery) with firewall, load balancing, capacity burs;ng, monitoring, etc.


Big Virtual Switch SDN Applica;on The economics of recovering stranded compute capacity.

References: Cappuccio, David J.; Use a TCO Model to Estimate the Costs of Your Data Center, 2012. Patel, Chandrakant D; Cost Model for Planning, Development and Operation of a Data Center, Internet Systems and Storage Laboratory HP Laboratories Palo Alto, 2005. 2012: Gartner IT Key Metrics data, Gartner, 2012.

$330,400

$165,200.0

$253,960

$126,980.0

$194,960

$97,480.0

$150,000

$75,000.0

$191,520

$95,760.0

$0

$200,000

$400,000

$600,000

$800,000

$1,000,000

$1,200,000

1 2

Server OS Instance Storage Networking Operations

Open SDN ROI

Up to 50% more VMs per rack:

•  At 200 VMs per rack, saves $1.2k per VM in CapEx and $300 per VM in non-‐HC OpEx

•  At 1000 VMs per rack, saves $260 per VM in CapEx and $60 per VM in non-‐HC OpEx






28


Mul;-‐Tenant Network Monitoring: Big Tap Connect any tap to any tool at any ;me!

Produc;on Network with Span Ports or Passive Op;cal Taps

NPB Tools

�  Connect taps to tools on a case-‐by-‐case / team-‐by-‐team basis

�  Each tap-‐to-‐tool connec;on is budgeted, designed and then deployed.


Mul;-‐Tenant Network Monitoring: Big Tap

�  Makes it cost effec;ve to provision a full monitoring network up front, then control tap-‐to-‐tool connec;ons in souware

�  Scale to thousands of tap/span-‐facing monitoring ports capable of 5-‐tuple filtering

�  Scale to hundreds of tool-‐facing ports

�  REST APIs with a mul;-‐tenant opera;onal model to direct any tap with any filter to any tool

Connect any tap to any tool at any ;me!

Produc;on Network with Span Ports or Passive Op;cal Taps

NPB

SDN Monitoring Network

Tool Farm

Monitoring Ports

Tool Ports


The Technical View Scale Out Network Visibility without Breaking the Budget

Start with a single switch or build out a complete network…

(1)  Configure SPAN & TAP ports on pSwitches and vSwitches.

(2)  Configure delivery ports for tools or services node or service node+ tool.

(3)  Define FlowFilter policies to match and forward from “filter” to “delivery” interfaces.

FlowFilter Defined

Filter Switches

Delivery Switch

(1)

(2)

(3)

A First SDN Applica;on for your network

NPB

Produc;on Network

Monitoring Network

Visibility Systems

NPB


Futures

?


Thank You

2nd sdn interest group session1 (121218)

Technology

Transcript of 2nd sdn interest group session1 (121218)