Application Centric Infrastructure René Raeber, Distinguished Engineer IEEE-802.1 DCB Architect, Datacenter Patent Reviewer Agenda Introduction Application Centric Infrastructure 1. Policy Model & Controller 2. The Fabric 3. The Data Plane 4. The Control Plane 5. Overlay’s ? Questions & Summary Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 3 Agenda Introduction Application Centric Infrastructure 1. Policy Model & Controller 2. The Fabric 3. The Data Plane 4. The Control Plane 5. Overlay’s ? Questions & Summary Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Cloud SOA=> SOI =>XaaS Client Server Minicomputer/PC Mainframe 1960 1970 Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 1980 1990 2000 Data Center Demands Business Process Agility Regulatory Compliance Security Threats Budget Constraints Business Challenges Technology Trends Cloud Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Data Deluge Energy Efficiency Proliferation of Devices What is Security ? The conscious or unconscious acceptance of a risk in Therelation conscious or unconscious of a in a certain of the probability of acceptance this becoming torisk be reality … time and relation of the probability of this becoming to be reality … Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Focus on IT Economics Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Cisco’s Phased Datacenter Approaches Unified Datacenter Datacenter Business Advantage Datacenter-3.0 Nuova Cisco-Fusion Andiamo Cisco-Blue Crescendo Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Insieme Traditional Datacenter Center Architectures Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Data Centers Need to Evolve Distributed Fabric Based Application Driven Cloud Monitoring Apps Cloud Provisioning Apps Networking Apps EndUser Apps Provisionable Programmable Fabric L2, Compute L3 Compute Storage Storage Services Services L2, L3 Compute Compute Storage Storage Services Services Integrated Fabric and Cloud World of Many Clouds • Manual Provisioning • Policy-based Provisioning • Service-centric Provisioning • Limited scaling • Scale Physical and Virtual/Cloud • Flexible – Anywhere, Anytime • Rack-wide VM mobility • DC-wide/Cross-DC VM Mobility • Cross-cloud VM Mobility Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Agenda Introduction Application Centric Infrastructure 1. Policy Model & Controller 2. The Fabric 3. The Data Plane 4. The Control Plane 5. Overlay’s ? Questions & Summary Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 A NEW OPERATING MODEL IS REQUIRED TRADITIONAL NETWORKING MODEL TODAY’S SDN MODEL FUTURE MODEL Software-Based Network Virtualization Application Centric Infrastructure Proven and Reliable Does not remove Complexity Radical Simplification Existing Infrastructure Model Existing Application Model Disjoint Overlay and Underlay Centralized Automation with Application Profiles Many Data Center today Multiple Management Points SW Flexibility with HW Performance Network of Devices Applications will drive the network behavior and NOT the opposite Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Application Centric Infrastructure Rapid Deployment of Applications onto Networks with Scale, Security and Full Visibility The ACI Building Blocks CONTROLLER Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 POLICY MODEL NEXUS 9500 and 9300 SPINE – LEAF ARCHITECTURE SINGLE POINT OF CONTROL APIC SCALABLE ARCHITECTURE PHYSICAL AND VIRTUAL HYPERVISOR Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 HYPERVISOR HYPERVISOR Any Application, Anywhere, Any Time — Physical and Virtual Common Application Network Profile WEB F/W L/B APP L/B SLAAPIC CONNECTIVIT Y POLICY SECURITY QoS POLICIES QOS Security Load Balancing APP PROFILE HYPERVISOR Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 HYPERVISOR HYPERVISOR DB APPLICATION L4..7 SERVICES STORAGE AND COMPUTE COMMON POLICY AND OPERATIONS FRAMEWORK Cloud Cloud Admin Web Tier App Tier DB Tier APPLICATION Application Admin External Zone DMZ Security Admin Trusted Zone SECURITY Network Admin Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 INFRASTRUCTURE DB Tier COMMON POLICY AND OPERATIONS FRAMEWORK Cloud Cloud Admin Application Admin APPLICATION External Zone DMZ Trusted Zone Security Admin SECURITY COMMON POOL OF RESOURCES Network Admin Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 DB Tier FABRIC INITIALIZATION & MAINTENANCE 6 Fabric will self assemble starting from multiple IFC sources 3 Spine switch discovers attached Leaf via LLDP, requests TEP address and boot file via DHCP 5 Fabric can be discovered and initialized from multiple sources concurrently 2 Leaf switch discovers attached IFC via LLDP, requests TEP address and boot file via DHCP 7 APIC IFC bootstrap configuration 1 1) 2) 3) 4) IFC Cluster Configuration Fabric Name TEP Address space (Infra-VRF) … Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 IFC Cluster APIC 4 All nodes in the same APIC cluster should contain same bootstrap information if they are intended to form a cluster APIC IFC Cluster will form when members discovery each other via Appliance Vector (AV) Agenda Introduction Application Centric Infrastructure 1. Policy Model & Controller 2. The Fabric 3. The Data Plane 4. The Control Plane 5. Overlay’s ? Questions & Summary Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 The Data and Policy Model Controller Policy Manage the entire Data Center (network and network security) End Points Group End Points Identity Application Network Profiles - Easier Infrastructure Changes - Security decoupled from IP Location ACI Fabric (and attached SLB and FWs) Decoupling ‘Identity’ from ‘Location’ Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 - Policy: virtual or physical servers - Elasticity Application Policy Infrastructure Controller “APIC” Unified point of fabric automation and management including application policies Distributed clustered software running on x86 appliance Central management of Fabric: End point policies Firmware Spine / Leaf Imaging Inventory Topology Monitoring / Troubleshooting Compute Integration 3rd party integration GUI, CLI and RESTful APIs Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Application Policies APIC APIC Distributed Cluster Massive Scale-Out and N+2 Redundancy END-POINTS Things that connect to the fabric and use it to interface with other things A compute, storage or service instance attaching to a fabric NIC vNIC . . . iFabric Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 end-points [ EP ] END-POINTS Things that connect to the fabric and use it to interface with other things A compute, storage or service instance attaching to a fabric EP EP EP . . . Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 A collection of end-points with identical network behavior form a … … end-point group [ EPG ] All EPs share common properties Connectivity Security/Access control QoS Services … END-POINT GROUPS EPGS EPG APP SERVER policies EPG WEB EP EP EP . . . Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Allows to specify rules and policies on groups of physical or virtual end-points without understanding of specific identifiers and regardless of physical location. Can flexibly map into application tier of multi-tier app segmentation construct (ala VLAN) a security construct ESX port group … Connectivity Security/Access control QoS Services … … end-point group [ EPG ] All EPs share common properties END POINT GROUP CONTRACTS EPG APP SERVER provider … contract End points in group WEB can access end-points in group APP SERVER according to rules specified in the contract consumer … EPG WEB Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 filter identifies subject to which actions filterwill be applied … EP EP EP . . . Allows to specify rules and policies on groups of physical or virtual end-points without understanding of specific identifiers and regardless of physical location. filter action L4 port ranges TCP options … filter action identifies actions applied to the subject action QoS Log Redirect into SVC graph … action defined bi-directionally in the “provider” centric way EXAMPLE : CISCO IT SOFTWARE SERVICES DEPLOYMENT Tenant: Storage Services EPG DMZ NAS EPG Internal NAS C Tenant: Software Services EPG Software DB Tenant: Middleware Services EPG Portal DB C C C EPG: Softw Distr C EPG OCM C EPG Softw Portal C EPG Internal Login C EPG Finance DB EPG DSX C Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 EPG Upload C EPG Download C EPG Software C EPG Tools C EPG Login C EPG Internet C C EPG Cisco Internal APIC Screen shot’s Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Mapping to SDN Today Imperative Control SDN Controller OpenFlow + OVSDB Data Plane Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Admin Elements Control System Policy Mgr + Control Plane Declarative Control Policy Mgr APIC No standard protocol exists Control + Data Plane IETF-Opflex – A flexible, extensible policy protocol OPFLEX is a new extensible policy resolution protocol designed for declarative control of any datacenter infrastructure. OPFLEX was designed to offer: Policies Who can talk to whom What about Topology control Ops stuff APIC 1. Abstract policies rather than devicespecific configuration 2. Flexible, extensible definition of using XML / JSON Opflex Agent Opflex Agent Opflex Agent Opflex Agent 3. Support for any device – vswitch, physical switch, network services, servers, etc. Opflex Proxy Opflex Agent Opflex Agent Hypervisor Switch Opflex Agent Firewall Legacy API http://tools.ietf.org/html/draft-smith-opflex-00 Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 ADC Open Ecosystem, Open APIS Automation Tools Hypervisor Management Orchestration Frameworks System Management READ / WRITE ALL FABRIC INFO TENANT AND APPLICATION AWARE Security APIC ASA PUBLISHED DATA MODEL OPEN SOURCE A Platform approach to Data Centre infrastructure Industry Standard Compliant Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Agenda Introduction Application Centric Infrastructure 1. Policy Model & Controller 2. The Fabric 3. The Data Plane 4. The Control Plane 5. Overlay’s ? Questions & Summary Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 INNOVATIONS MERCHANT+ ASIC APPROACH Innovation in Cisco ASICs PRICE PERFORMANCE PROGRAMMABILITY PORT POWER DENSITY EFFICIENCY JSON/XML STATEHIGHER OF THEAPI ART 20% INDUSTRY COST STRUCTURE LEADING PRICE / for 1G to 1/10GT LINE CARD BANDWITH and 10G 1.92 Tbpstoper 40G slot migration 100G ready Linux Container for BACKPLANE FREE 36 Port 40 Gig Noncustomer apps DESIGN Density blocking 15% greater power and cooling efficiency NEXUS 9000 P RICE P ERFORMANCE Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 P ORT DENSITY P ROGRAMMABILITY P OWER EFFICIENCY Common Hardware Nexus: 951 6 Standalone Two Software Modes Topology No change Forwarding No change Enhancements Code adjustments Mode Standalone Mode ‘devices’ controlled separately Topology Change Forwarding (Enhancements) Change Major Change Data Model Policy Model Mode Fabric Mode Central Controller 9508 Migration from Standalone to Fabric Mode is possible 9504 40 Gig (100Gig future) Fabric 93xx Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 ACI (Application Centric Infrastructure) + “Merchant+” strategy – combination of merchant and custom silicon. Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 “Merchant +” Strategy Merchant Broadcom Trident 2 Used in Standalone & Fabric Modes Used in Fabric Mode only Custom Cisco “Northstar” Cisco “Alpine” “Merchant+” strategy – combination of merchant and custom silicon. Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 SCALABLE 1 GE/10 Gbps/40 Gbps/100 GE PERFORMANCE Nexus 9000 switch family Nexus® 9300 FCS Q1 2014 FCS Q1 2014 FCS Q1 2014 Nexus 9500 FCS Q4 2013 Aggregation line card 36 40G QSFP+ FCS Q1 2014 ACI Ready Leaf Line Card 48 1/10G-T & 4 QSFP+ FCS Q1 2014 ACI-ready Leaf line card 48 1/10G SFP+ & 4 QSFP+ 48 1/10G SFP+ & 12 QSFP+ 96 1/10G-T & 8 QSFP+ 12-port QSFP+ GEM FCS Q4 2013 C9500 8-Slot FLEXIBLE FORM FACTORS CAN ENABLE VARIABLE DATA CENTER DESIGN AND SCALING PERFORMANCE PORTS Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 PRICE POWER PROGRAMMABILITY Switching Portfolio Industry leading density and price / performance 48/96 port 4 slot (Mar’14) 8 slot 16 slot (Mar’14) Height 2/3 RU 6-7 RU 13 RU 21 RU I/O Module Slots 1 GEM 4 8 16 Fabric Capacity per System (Tbps) NA 15 Tbps 30 Tbps 60 Tbps Max Wire Rate 10G ports 48 576 1152 Future Max Wire Rate 40G ports 12 144 288 576 Top of Rack Access Small Aggregation, EoR Access or High Small Aggregation Co-location Density Aggregation/Spine ✔ ✔ ✔ Application Upgradeable to Fabric Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 High Density Spine ✔ FULL Application visibility A Single View of your Application in a distributed environment HEALTH SCORE 96% LATENCY 5 Microsecond(s) DROP COUNT 25 Packets Dropped VISIBILITY 7 VMs 3 Physical Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Cisco Confidential Application Delivery Controller Firewall 39 QSFP BIDI Overview Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 40 40G BIDI OPTICS PRESERVE EXISTING 10G CABLING SIGNIFICANT TRANSCEIVER SAVINGS 10G Optical Link Jumper Cable Patch panel Trunk Cabling (100m) Patch panel Jumper Cable +$6,259* Traditional 40G Optical Link—Complete Replacement $4,059 SAVINGS (LIST) PER 40G LINK +$2,200* 40G BiDi Optical Link—Reuse all 10G Cabling/Patch Panels Source: Corning OM3 Cable & Patch Panel list prices, Cisco 40G BiDi list price, Competitors 40G SR4 list price Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Normalized Bandwidth Cost vs. Port Speed – Fixed & Modular Switches 1G 10G 40G 100G 6.0 4.0 3.3 2.5 2013 Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 10 Gbps 1.0 1.0 40 Gbps 1.3 1 Gbps 1.0 2015 Normalized Bandwidth Cost vs. Port Speed – Modular Switches 1G 10G 40G 100G 2.0 1.4 1.4 1.2 1.0 1.0 0.7 2013 Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 40 Gbps 10 Gbps 1 Gbps 0.6 2015 Agenda Introduction Application Centric Infrastructure 1. Policy Model & Controller 2. The Fabric 3. The Data Plane 4. The Control Plane 5. Overlay’s ? Questions & Summary Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 CLOS Fabric Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 ARRAY’S Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 ARRAY’S Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Agenda Introduction Application Centric Infrastructure 1. Policy Model & Controller 2. The Fabric 3. The Data Plane 4. The Control Plane 5. Overlay’s ? Questions & Summary Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Let’s Analyze a Tree Structure The Leaves The Branches The Root Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Branch Size Decreases Spanning Tree Takes a Perfectly good Meshed Network and reduces it to a Tree ! Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Spanning Tree is NOT anymore Adequate ! Solutions that Keep All Link Forwarding Are More Desirable Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Agenda Introduction Application Centric Infrastructure 1. Policy Model & Controller 2. The Fabric 3. The Data Plane 4. The Control Plane 5. Overlay’s ? Questions & Summary Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Why Overlay’s ? Physical Network Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Overlay Comparison Layer 2 Layer 3 Extra Bits Overhead (Bytes) Legacy Network Multipath Merchant silicon Vendors Standard VxLAN ✔ ✔ ✔ 70 ✔ ✔ Insieme, VMWare, Cisco Likely NvGRE ✔ ✔ ✖ 62 ✖ ✔ Insieme, MSFT Likely LISP ✖ ✔ ? 70 (56) ✔ ✖ Cisco Likely STT ✔ ✔ ✔ 74 - 92 ✔ ✖ Nicira (VMWare) Unlikely Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Agenda Introduction Application Centric Infrastructure 1. Policy Model & Controller 2. The Fabric 3. The Data Plane 4. The Control Plane 5. Overlay’s ? Questions & Summary Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 ACI Launch NYC MAKING NETWORKS SIMPLE IS NOT TRIVIAL APPLICATIONS ARE TIGHTLY COUPLED TO THE NETWORK APPLICATION CENTRIC INFRASTRCUTURE 10,000s ACLs Integrated Security Policies and Mobility Separate for Physical and VMs Centralized Visibility and Automation APIC STORAGE STORAGE Optimized Forwarding Inefficient Forwarding F/W WEB F/W APP F/W DB No Flooding Application Profile and Policy F/ W DB DB Decouple Application from Infrastructure Default Gateway Default Gateway FHRP VPC STP Excessive Protocols Multicast Limitations Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Multicast Multi-Pathing and Fast Reroute No Legacy Layer 2 Operations Evolution to Application Centric Infrastructure Application Owner Without ACI With ACI Orchestration Partial Automated Provisioning Compute Compute E2E Automated Provisioning Networking Security Platform as a Service Platform as a Service Networking Storage Storage Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 *Application Policy Infrastructure Controller 58 Defining and Applying Network Setup and Policy Today vs. ACI Define Setup And Policy Translate Setup and Policy Today App Sec App Net Sec Define Setup and Policy Net Controller Translate Policy Net Weeks Network and Policy Instantiate ACI Minutes Instantiate Policy Net Security Configuration Network Switch Configuration permit tcp host 72.163.6.116 host 10.102.14.116 eq www permit tcp host 72.163.6.116 host 10.102.14.116 eq 443 permit tcp host 72.163.6.116 host 10.102.14.116 eq 50124 permit tcp host 72.163.6.117 host 10.102.14.116 eq www permit tcp host 72.163.6.117 host 10.102.14.116 eq 443 permit tcp host 72.163.6.117 host 10.102.14.116 eq 50124 permit tcp 173.37.144.164 0.0.0.31 host 10.103.14.116 eq www permit tcp 173.37.144.164 0.0.0.31 host 10.103.14.116 eq 443 permit tcp 173.37.144.164 0.0.0.31 host 10.103.14.116 eq 50124 Vlan Routing Trunking Load balancer Configuration VIP Listing port Forwarding port http SLB protocol Servers to forward to Multiple Devices: Switches, Load-Balancers, Firewalls Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Tenant Application Network Profile EPG: DB C EPG: App C EPG: Web Faster Instantiation Portability Better Visibility Re-Usability 59 Application Centric Infrastructure (ACI) Summary Value Case Network Operations & Management Network Provisioning Automation Savings 58% Cost Savings Data Center Access Service Management Provisioning SLA Improvement Data Center Access 38 % Access Control List (ACL) Access Control List (ACL) 43 % Local/Global Server Load Balancing Local/Global Server Load Balancing 41 % Data Center Network Type of Saving % CAPEX Savings 25% Power Savings 45% Space Savings 19% 4x Increase in Bandwidth (10Gbs > 40Gbs) Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Incident Management 21% Cost Savings Problem Management Event Management Compute Storage Compute Optimization Storage (NAS) Optimization 12 % Optimization * Single Fabric 20 % Optimization * Single Fabric Organization Implications Cisco Infrastructure Team Journey COMPUTE STORAGE SECURITY NETWORK ARCHITECTURE DESIGN IMPLEMENTATION OPERATIONS UC/Video Virtual Teams Network Infrastructure as a Service Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 61 Normative ACI Application Centric Infrastructure APIC Application Policy Infrastructure Controller DFA Distributed Fabric Automation VDP Virtual Station Interface Discovery Protocol VXLAN - Virtual eXtensible Local Area Network VXLAN Segment - VXLAN Layer 2 overlay network over which VM’s communicate VXLAN Overlay Network - another term for VXLAN Segment VXLAN Gateway - an entity which forwards traffic between VXLAN and non-VXLAN environments VTEP - VXLAN Tunnel End Point - an entity which originates and/or terminates VXLAN tunnels VLAN - Virtual Local Area Network VM - Virtual Machine VNI - VXLAN Network Identifier (or VXLAN Segment ID) ACL - Access Control List ECMP - Equal Cost Multipath IGMP - Internet Group Management Protocol PIM - Protocol Independent Multicast SPB - Shortest Path Bridging ToR - Top of Rack TRILL - Transparent Interconnection of Lots of Links http://www.cisco.com/go/aci Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Complete Your Online Session Evaluation Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Passport points for each session evaluation you complete. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center. Note: This slide is now a Layout choice Cisco Connect, Riyadh, Saudi Arabia, April 29-30, 2014 Don’t forget to activate your Cisco Live Virtual account for access to all session material, communities, and on-demand and live activities throughout the year. Activate your account at the Cisco booth in the World of Solutions or visit www.ciscolive.com. 63
© Copyright 2026 Paperzz