Building The Right Network
-
Upload
cisco-canada -
Category
Technology
-
view
145 -
download
3
Transcript of Building The Right Network
Understand Different Overlay Approaches Building the right Network Joe Onisick – Principal Engineer – Cisco ACI/Nexus 9000 [email protected] May 2015 @jonisick
2 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Challenges and Opportunities
Open Visibility Investment Protection
Automation Lowering Opex
and TCO
Security
3 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Data Center Transitions Road to ACI/Nexus 9K
Lower TCO | Workload Flexibility | Agility | Compliance/Security
1. Morgan Stanley CIO Survey, 2013 2. HP 3. Information Week 2013 Virtualization Mgmt Survey, 2013 4. Cisco Global Cloud Index Forecast (2013-2017)
75% physical servers1
“BARE METAL”
10G LAN on motherboard2
VM DENSITY AND SERVER I/0
~45% of data center Multi-hypervisor3
MULTI-CLOUD
IP traffic 25% CAGR4
BIG DATA
4 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Don’t Take Our Word For it!
https://www.vmware.com/files/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf
5 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Networks are complex! They are the next silo to experience major
shift
1st Gen SDN solutions look to meet the new technical challenges.
Why SDN, Why Now?
6 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Automation & Programmability
Centralized Provisioning & Visibility
Simplification/ Abstraction
App Agility
Deliver New Revenue Streams Faster
Risk and OpEx Reduction
Lowered OpEx
Reduced Risk
Reduced CapEx
APIC
The Future of Networking
7 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick © 2015 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public 7
Programmable Network
Third Party Controllers
Cisco ACI
8 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Foundational Switching Platforms for the Next Decade Industry Leading Price/Performance, Port Density: Fastest 10G/40G /100G Platform with Merchant+
Programmability/ Open APIs: Linux Containers, Python, Power Shell, Puppet, Chef… Ideal for DevOps!!
15% Better Power & Cooling–2.8X Better Reliability
Innovation Object Model, No Backplane, No Midplane, Health scores
$ Multi-million Savings 40/100G on Existing Cables using BiDi Optics. Non disruptive migration to 40G
Nexus 9000 1/10/40/100G
Standalone / ACI Ready
1011 0010
9 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Road to SDN for Our Customers
Programmable Network
Third Party Controllers
Cisco ACI
“DO-IT-YOURSELF”/SCRIPTERS
DEVOPS METHODOLOGY
NETWORK VIRTUALIZATION HETEROGENEOUS
SCALE - BGP WORKLOAD ANYWHERE
POLICY = AUTOMATION PRIVATE/HYBRID CLOUD
BROAD ECOSYSTEM
All Start with the Nexus Portfolio and 10/40G
10 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Programmable Network
Optimized Mobility
POAP
DevOps Tooling
Interoperable
Development
Operations
NETWORK
SECURITY STORAGE
COMPUTE
DEV OPS
ARCHITECT
DEVELOPER
QA
Open APIs
Foundation: Nexus or ACI
PXE ONIE Linux/Python Daemon
NXAPI
11 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Third Party Controllers Multi-Tenancy & Seamless Host Mobility at Cloud Scale
Heterogeneous Increased Scale
Optimized Mobility
Operational Flexibility
Any Workload, Anywhere.
12 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
The Most Complete Solution for Our Customers
Physical, Virtual & Containers
Open, Standards & Secure
Automation via Common Policy
Application Centric Infrastructure
13 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Cisco ACI Complements, Enhances and/or Replaces Any Other SDN Offering
Bare Metal Applications
Virtualized Applications
Optional Software Overlay
Foundation: Nexus or ACI
14 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
APPLICATION LANGUAGE
?
NETWORK LANGUAGE
• VLAN • IP Address • Subnets • Firewalls • Quality of Service • Load Balancer • Access Lists
• Application Tier Policy and Dependencies
• Security Requirements • Service Level Agreement • Application Performance • Compliance • Geo Dependencies • Tenants
Application vs. Network: Two languages
15 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Logical Provisioning of Stateless Hardware SIM Card
Identity for a Phone Service Profile
Identity for a Server
UCS Service Profile Unified Device Management
Network Policy
Storage Policy
Server Policy
Application Profile Identity for the Network
16 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Solving Today’s Problems on a Platform for Tomorrow
Step 2: Automate physical/virtual L4-7 service provisioning. Only virtual services supported with network virtualization
Step 3: Deploy new applications with full app visibility ACI is the only solution that offers app level visibility
Step 1: Automate basic network configuration. Not handled by network virtualization/Software only overlays
VLANs
ACLs Routes
QoS
17 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
WAN
Firewall
LB to Group 2
Connect to EPG 3
Connect to Group 2
High Priority
Group Policy Model Topology/ Service Graph
GROUP 1 GROUP 2 GROUP 3
PRODUCTION POD DMZ
SHARED SERVICES
1 Profile
VLAN 1 VXLAN 2
VLAN 3
100s of Profiles
DEV TEST
PROD
10s of Profiles
WEB APP
DB
1000s of Profiles
Level of Segmentation/ Isolation/ Visibility
Flexibility – Mapping to Business Needs
18 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
ACI Delivers Secure Multi-Tenancy at Scale
CENTRALIZED AUTOMATION
Audit, Detect, Mitigate
EMBEDDED IN ACI INVESTMENT PROTECTION
FirePOWER Now Integrated with ACI Validated for Deployment in PCI Compliant Networks
POLICY DRIVEN
Physical & Virtual
Automated Protection to Cover the Attack Continuum
19 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
DB APP ADC
WEB F/W ADC
ESX
MGMT VMOTION
Bare Metal
Linux Container
ACI Integrated Security - Open, Flexible, Policy Driven
Consistent Audit, Logging, & Visibility – FIPS / CC / PCI / RBAC
ACI Policy Model – Security & Micro-Segmentation
20 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick
Preparing Your Network for ACI
VLAN 10
Existing Infrastructure (7K/5K/2K, 3rd party, etc.)
VLAN 20
Entry level N9K ACI Ready bundle attached to existing
aggregation tier
New Server Group APIC Cluster
Add ACI Spines and Controllers. Convert
redundant ToRs to ACI one by one.