Colin Dixon - Delivering Network Innovation with SDN

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC.

Colin DixonTechnical Steering Committee Chair, OpenDaylightPrincipal Engineer, BrocadeSome content from: David Meyer, Neela Jaques, and Kevin Woods

Delivering Network Innovation with SDN

Networks have not adapted to demands

• Last 20 years à radically shifting network demands‒massively increased scale (# of endpoints, switches, bytes, flows, etc.)‒ static endpoints (weeks–months) à dynamic endpoints (hours–days)‒mostly north-south traffic à mostly east-west traffic

• By contrast, networks haven’t changed much‒ Link speeds have gone up, but…‒ Still largely manage networks device-by-device via the CLI‒ If you’re lucky, orchestration at the granularity of a few devices

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 2

Things need to change

• Device-by-device à Network-wide• Open Standards à Open Standards + Open Source• Proprietary Software à Open Source• Networking, Storage, Compute à Converged IT• Hardware à Software

• To a large extent, this is the rise of open source networking

HTTP://WWW.THENEWIP.NET/DOCUMENT.ASP?DOC_ID=711461 © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 3

control

mgmt

control

mgmt

control

mgmt

Solution: disaggregation and open software


Vendor A Vendor B Vendor C

LogicallyCentralized

SDN Controller

Northbound API

Industry StandardControl/Management

ProtocolsStandardModelingLanguage

Vendor A

control

mgmt

• Network-wide operation• Open control, management and orchestration

using open control protocols/modeling langs• Independent innovation at each layer of the stack

control

mgmt

Vendor B Vendor C

control

mgmt

• Device-by-device operation• Proprietary, vendor-specific vertical stacks for

control, management and orchestration• Limited innovation in individual silos

What a Controller Does


CONTROLLERPLATFORM

Applications and ServicesAllows software developers to innovate applications that get information from the

network and control the network

Network – Switches and Routers

Allows network equipment suppliers to create plugins and information models for

their equipment that improve manageability and lowers costs

Service Abstraction LayerCommon Services

Standardized REST API

Standard Interfaces and Plugins

BGP-LSPCE-P

Customer Developed Applications

Vendor Developed Applications

NETCONF

YANGOVSDBSNMPOpenFlow

1.0 / 1.3

NeutronPlugin

Vendor-Specific Plugins

Why Open Source?

HTTPS://18F.GSA.GOV/2014/11/26/HOW-TO-USE-MORE-OPEN-SOURCE/ © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 6

• Avoid vendor lock-in

• Have a seat at the table

• Faster innovation

• Easier integration “It's important that every Federal CIO, CTO, Architect, and Program Manager seeking to build or procure new IT projects understand that open source exists, that it can be of high quality and highly reusable, and how to use it securely.”

Open Source SDN Projects of Note

• Open vSwitch: programmable s/w in the Linux kernel [data plane]• OpenDaylight: industry-wide SDN controller [control/mgmt plane]• OpenStack: IT-wide orch. (Neutron for networks) [orchestration]

• Many, many others: Open Network Linux, ONOS, CloudRouter, Quagga, OVN, ONIE, Open Compute, Prescriptive Topology Manager, SocketPlane, Weave, Akanda, MidoNet, OpenContrail

HTTP://WWW.JEDELMAN.COM/HOME/OPEN-SOURCE-NETWORKING © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 7

Open Source vs. Open Standards

• define interfaces well‒ in human-readable documents

• define behavior with some ambiguity• usually move slowly• leave interoperability testing to

others, e.g., users, integrators• sometimes provide open

source implementations

• define interfaces well‒ in code

• define behavior in code so it can be tested and understood• move and adapt quickly• can do interoperability testing as

part of development• often implement open standards


Open Standards Open Source Projects

Is open source secure?

• In general, open source is considered to bemore secure that closed source software‒ “given enough eyeballs, all bugs are shallow” –Linus

• Very strong security response process‒ Fixed critical vulnerabilities and shipped a new release in <4 days

• Device/user interfaces can be secured‒OF over SSL, NETCONF over SSH, RESTCONF over HTTPS w/auth

• Starting with Lithium, releases will be cryptographically signed


Defining “Open” in Open Source

• Who can contribute?• Who does contribute?• How are decisions made? who

can comment? who can vote?• What license does it use?

• Does it integrate with other solutions from other vendors?• Does it have an API?• Does it follow open standards?• Is it based on open source

components?• Does it upstream to open source

projects?

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 10HTTP://WWW.NETWORKCOMPUTING.COM/50-SHADES-OF-OPEN-SDN/A/D-ID/1234771

HTTP://WWW.OPENDAYLIGHT.ORG/BLOGS/2014/03/DEGREES-OPEN

Ask about projects Ask about products

“Simply stated, OpenDaylight is as open as open gets.”

What is OpenDaylight?OpenDaylight is an Open Source Software project under the Linux Foundationwith the goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common industry supported platform.


To create a robust, extensible, open source code base that covers the major common components required to build an SDN solution

Code

To get broad industry acceptance amongst vendors and users:• Using it directly or through

vendor products• Vendors using OpenDaylight

in commercial products

Acceptance

To have a thriving and growing technical community contributing to the code base, using the code in commercial products, and adding value above, below and around.

Community


Base Network Service Functions

VTN Coordinator

DDoS Protection

SDNIWrapper

DLUX Web-based GUI

Custom Basic AuthN Filter AAA AuthN Filter Neutron AuthN

AD-SAL REST APIs MD-SAL RESTCONF (REST) APIs Neutron APIs

Topology Manager

Stats Manager

Switch Manager

Host Tracker

OpenStack(via Neutron)

OpenStack Neutron Service

OVSDB VTN Plugin2OC

Model-Driven Service Abstraction Layer (MD-SAL)API-Driven Service Abstraction Layer (AD-SAL) Clustering

Fwdng Rules Mgr

DOCSIS Service

LISPService

SDNI Aggregator

GBPService

Service Flow Chaining

L2Switch

SNBIOVSDB SNMP BGP PCEP NETCONF Plugin2OCOpenFlowPCMM/COPS LISP 1.0 1.3 TTP

OpenFlow1.0

Shared Data Models

RPCs and Notifications

AAA: Authentication, Authorization & AccountingAuthN: AuthenticationBGP: Border Gateway ProtocolCOPS: Common Open Policy ServiceDLUX: OpenDaylight User ExperienceDDoS: Distributed Denial Of Service

DOCSIS: Data Over Cable Service Interface SpecificationGBP: Group Based PolicyLISP: Locator/Identifier Separation ProtocolOVSDB: Open vSwitch DataBase ProtocolPCEP: Path Computation Element Communication ProtocolPCMM: Packet Cable MultiMedia

Plugin2OC: Plugin To OpenContrailSDNI: SDN Interface (Cross-Controller Federation)SNBI: Secure Network Bootstrapping InfrastructureSNMP: Simple Network Management ProtocolTTP: Table Type PatternsVTN: Virtual Tenant Network“Helium”

Core service wiring and dependencies

App/service-specific wiring and dependencies

Abstraction Layers

Controller Platform and Services

Southbound Interfaces and Protocol Plugins

Northbound/RESTAPIs

Authentication

Applications and Orchestration

ServicesLegend

Who is OpenDaylight

HTTPS://WWW.OPENHUB.NET/P/OPENDAYLIGHT © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 13

• ~300 code commits/week over last 12 months from 324 devs‒ 150 developers in last 30 days‒ 15,000+ commits in 12 months

OpenDaylight as the Common Platform


Companies that have announced products based on OpenDaylight

Analysts See Momentum


“OpenDaylight is quickly evolving into something formidable with good potential for mainstream relevancy.” – Andrew Lerner, Gartner

“OpenDaylight may be the third center of gravity”– Andrew Lerner, Gartner

An open source approach to software-‐defined networking (SDN) moved several steps closer this week to becoming a de facto standard. – Mike Vizard, IT Business Edge

“OpenDaylight is making steady progress cultivating a growing community of developers and users interested in adopting an open, common SDN controller platform.” – Brad Casemore, IDC Research Director for Datacenter Networks

Network VirtualizationSecurity

QoS and Traffic

Management

SDN Use Cases


Custom Analytics and Compliance

Big Data

WAN Optimization

Fault and Disaster

RecoveryResearch and New Protocols

Service Configuration

and Policy

SecurityNetwork-wide policy monitoring and enforcement

• Historically, policy is mostly‒ Rigidly enforced by the physical topology, e.g., firewall at the gateway‒ Configured “dynamically” via box-by-box Access Control Lists (ACLs)

• New policy efforts are changing this‒ Network Function Virtualization (NFV) and Service Function Chaining (SFC)‒ Automatically generated ACLs based on network-wide policy

• OpenDaylight is a proving ground for at least 3 policy-oriented projects‒ Service Function Chaining, Group-Based Policy, and Network Intent Composition


Network VirtualizationOpenDaylight integration with OpenStack Neutron

• OpenDaylight has a common Neutron “northbound” provider‒ 3 implementations in Helium‒ 4+ planned in Lithium

• Supports network virt. and‒ Distributed L3 forwarding‒ Security Groups‒ {LB,VPN}aaS


OpenDaylight

OpenContrail Provider

VTN Provider

Neutron Service

OpenStack Neutron

OVSDBProvider

Neutron ML2 MechanismDriver

OpenDaylight APIs (REST)

SDN is critical to IT-wide innovation


DevOps Tools

PythonLevel of Programm

ability

Scope of DomainNetwork Element Network IT Infrastructure

PythonR

ESTC

LIScripting

OpenDaylight

Classic

Network Management

Tools

Neutron

OpenStack

SDN is here, it’s time to use it

• SDN is the key to modernizing today’s networks‒ Enables flexibility and choice‒ Unlocks self-service innovation

• Open source is the force multiplier that makes SDN possible‒ Community leverage accomplishes more than any single supplier‒ Open philosophy shifts control from the suppliers to the consumer

• Commercial versions of open source controllers are production-ready with support‒ e.g., the Brocade Vyatta Controller based on unmodified OpenDaylight‒ Brocade upstreams all changes to to OpenDayilght


• Figure out what infrastructure you have that is SDN-ready‒ Some key protocols: NETCONF, OpenFlow, OVSDB‒ Make current/future acquisitions call for this

• Ask your suppliers hard questions about software, agility, and openness—it’s not just open standards anymore

• Download the code and start testing/deploying it‒ http://www.opendaylight.org/software/downloads‒ http://www.brocade.com/products/all/software-defined-networking/brocade-vyatta-controller/index.page

What to do next


Government & Nonprofit

Colin Dixon - Delivering Network Innovation with SDN