Embed Size (px)
DESCRIPTION
Le Software-Defined Networking (SDN) est certainement le sujet qui bouscule le plus les habitudes sur les réseaux. Dans cette présentation nous aborderons la stratégie SDN de Cisco pour le réseau de l'entreprise. Aussi, nous verrons comment APIC-EM, le contrôleur du réseau de l'entreprise, permettra de simplifier la mise en place de politiques/configurations sur le réseau (QoS, sécurité etc…) tout en garantissant protection des investissements, scalabilité et performance.
Citation preview
SDN sur le réseau de l’entreprise Webinar client – 3 juillet 2014
Jérôme Durand Consulting Systems Engineer, Routing & Switching
Gauthier Mille Enterprise Networking
http://reseauxblog.cisco.fr
Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
§ Introduction au Software Defined Networking § Stratégie SDN Cisco sur les réseaux d’entreprise
§ Programmabilité des équipements
§ Contrôleur APIC-EM
§ Virtualisation du réseau
§ Conclusion
Agenda
Cisco Confidential 3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Introduction au Software Defined Networking
Cisco Confidential 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
SDN classique – sortir le control plane de l’équipement
Approche traditionnelle
Approche SDN basique
Cisco Confidential 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
5
Définition SDN Définition ‘Open Networking Foundation
The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices.
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
6
Définition OpenFlow ? Définition Open Networking Foundation
First standard communications interface defined between the control and forwarding layers of an SDN architecture
Cisco Confidential 7 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
OpenFlow est une composante de SDN
SDN est plus vaste
SDN n’est pas OpenFlow
Cisco Confidential 8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
One Size does not fit ALL
NETCONF YANG
Driven by SP customers Standardized in IETF
REST Driven by DC customers Also, standardized in IETF
onePK
Driven by Cisco SDK type of access Suitable for packet processing applications
Puppet Driven by DC customers Open source tool chain
Chef
Driven by DC customers Open source tool chain
OMI
Driven by DC customers (mainly Microsoft) Open source tool chain
Open Flow
Research and Academia, Federal and state govt.
Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Vendor-specific APIs
Applications
Programmable APIs
Control Plane
Data Plane
Vendor Specific (e.g. onePK)
1
Modèles de programmabilité SDN
Applications
Virtual Control Plane
Virtual Data Plane
Overlay Protocols (e.g. VXLAN)
Vendor- specific APIs
3 Network Virtualization/ Virtual Overlays
Control Plane
Data Plane
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
2a Classic SDN
Vendor Specific (e.g. onePK)
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
Control Plane
2b Hybrid “SDN”
Vendor Specific (e.g. onePK)
Control Plane
Data Plane
CLI, SNMP, …
Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Contrôler ? Mais comment ?
Air traffic control tells where to take off from, but not how to fly the plane
Baggage handlers follow sequences of simple, basic instructions
CONTRÔLE “IMPERATIF” CONTRÔLE “DECLARATIF”
Cisco Confidential 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Strategy SDN Cisco ACI - Application Centric Infrastructure
Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Le réseau ne cesse de se complexifier
Quelle: ZK Research 2013
Origine des incidents Le challenge
IoT BYOD
WLAN
Cloud computing
Ressources
Complexité
Virtualisation / UC Mobilité
Cisco Confidential 13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
SDN pour résoudre les challenges principaux sur les réseaux d’entretprise
Réduction des coûts
Mieux manager le réseau
Utiliser les fonctionnalités du réseau
Ajouter simplement des services
Cisco Confidential 14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Le rôle du contrôleur: abstraction de l’élément réseau Passer du temps sur le quoi, pas sur le comment
Cisco Confidential 15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
SDN pour simplifier
Cisco Confidential 16 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Vendor-specific APIs
Applications
Programmable APIs
Control Plane
Data Plane
Vendor Specific (e.g. onePK)
1
La stratégie Cisco
Applications
Virtual Control Plane
Virtual Data Plane
Overlay Protocols (e.g. VXLAN)
Vendor- specific APIs
3 Network Virtualization/ Virtual Overlays
Control Plane
Data Plane
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
2a Classic SDN
Vendor Specific (e.g. onePK)
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
Control Plane
2b Hybrid “SDN”
Vendor Specific (e.g. onePK)
Control Plane
Data Plane
CLI, SNMP, …
Cisco Confidential 17 Cisco Confidential 17 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
DATA CENTER ACCESS WAN
Application Network Profile User/Things Network Profile
APIC EM APIC EM
Consistent Policy Across Cloud, DC, WAN and Access
CLOUD
APPLICATION PROFILE
USER PROFILE
Stratégie uniforme sur toutes les composantes du réseau
Cisco Confidential 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Vendor-specific APIs
Applications
Programmable APIs
Control Plane
Data Plane
Vendor Specific (e.g. onePK)
1
Programmabilité des équipements
Applications
Virtual Control Plane
Virtual Data Plane
Overlay Protocols (e.g. VXLAN)
Vendor- specific APIs
3 Network Virtualization/ Virtual Overlays
Control Plane
Data Plane
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
2a Classic SDN
Vendor Specific (e.g. onePK)
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
Control Plane
2b Hybrid “SDN”
Vendor Specific (e.g. onePK)
Control Plane
Data Plane
CLI, SNMP, …
Cisco Confidential 19 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Pourquoi des API ? Configurer
Opérer Rajouter des
fonctionnalités Déploiement de
services
Cisco Confidential 20 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Plusieurs API pour plusieurs besoins Configurer
Opérer Rajouter des
fonctionnalités Déploiement de
services
NETCONF YANG
BGP-LS PCEP OpFlex
Cisco Python API BGP
Flowspec
Cisco Confidential 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
BUILD, AUTOMATE, IMPROVE
SPEED & FASTER ADAPTABILITY
EXTEND TO NEW BUSINESS PLATFORMS
REVENUE & COST SAVINGS
SIMPLICITY, INTEGRATION & THE POWER OF CHOICE
onePK: One Platform Kit Disponible depuis Avril 2014 sur ASR et ISR
C, JAVA, REST, Python Development
API Presentation
API Infrastructure
(IOS) (NX-OS) (IOS-XR)
OnePK
Write Once, Run Anywhere
Cisco Confidential 22 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Custom Routing App
onePK
Data Center
onePK
Select Packets Take a Custom Policy-Based
Route
Data Center
An example of OnePK application Traffic Steering / Custom Routing
Custom routing application hosted on a server, communicates securely with onePK infrastructure to route specific packets according to a custom policy
Example policies: • Bandwidth utilization (network) • Latency (network) • Time of the day (external) • Cost (external)
Cisco Confidential 23 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Où héberger les applications OnePK ? Plusieurs modèles selon les besoins
App
App
External Server
Hardware Blade
Device (process) IOx
App
Cisco Confidential 24 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Vendor-specific APIs
Applications
Programmable APIs
Control Plane
Data Plane
Vendor Specific (e.g. onePK)
1
Contrôleur SDN – APIC-EM
Applications
Virtual Control Plane
Virtual Data Plane
Overlay Protocols (e.g. VXLAN)
Vendor- specific APIs
3 Network Virtualization/ Virtual Overlays
Control Plane
Data Plane
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
2a Classic SDN
Vendor Specific (e.g. onePK)
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
Control Plane
2b Hybrid “SDN”
Vendor Specific (e.g. onePK)
Control Plane
Data Plane
CLI, SNMP, …
Cisco Confidential 25 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Architecture Cisco APIC Enterprise Module
Abstracts Network Devices to Mask Complexity Treat Network as a System
Exposes Network Intelligence For Business Innovation
Cisco APIC Enterprise Module
Cisco and Third Party Applications
Network Devices Catalyst, ASR, ISR
Network Info Database
Policy Infrastructure Automation
REST API
CLI, OpenFlow, OnePK API
Security QoS Mobility
Cisco Confidential 26 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco APIC Enterprise Module Scénarios de déploiement initiaux
Easy QoS
Follow Me QoS
Compliance Assurance
Network-Wide Rapid Threat Detection and Mitigation (Sourcefire)
ACL Management Automation
Résoudre les problèmes principaux de nos clients EN GARANTISSANT LA PROTECTION DES INVESTISSEMENTS
Automated Performance Routing (PfR) Configuration
Automated WAN Policy Compliance Assurance
QoS
Cisco Confidential 27 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Enterprise Applications
APIC Enterprise Module Release 1.0 Software VM
SAL
REST APIs
Enterprise Services
Inventory and State
Identity and Location
Application Awareness
Policy Enforcement
QoS Policy Management ACL
Elastic Infrastructure
CLI
Advanced Network Visualizer
APIC EM
CLI Enables Immediate Use of Installed Base
Cisco Confidential 28 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
APIC-EM Démo du contrôleur du réseau de l’entreprise
Cisco Confidential 29 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Autre exemple: QOS Classification for Jabber
Enterprise Network
3945/ISRG2 3945/ISRG2
EN Controller
3945/ISRG2
Cat 3750 Cat 3750
QoS Changes
Collaboration App
Session Policy
AP
Pre-QOS change – Default Classification Post QoS change - Video
Cisco Confidential 30 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Vendor-specific APIs
Applications
Programmable APIs
Control Plane
Data Plane
Vendor Specific (e.g. onePK)
1
Virtualisation des fonctions réseau / overlay
Applications
Virtual Control Plane
Virtual Data Plane
Overlay Protocols (e.g. VXLAN)
Vendor- specific APIs
3 Network Virtualization/ Virtual Overlays
Control Plane
Data Plane
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
2a Classic SDN
Vendor Specific (e.g. onePK)
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
Control Plane
2b Hybrid “SDN”
Vendor Specific (e.g. onePK)
Control Plane
Data Plane
CLI, SNMP, …
Cisco Confidential 31 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Consistence opérationnelle pour les réseaux physiques et virtuels Virtualisation des solutions Cisco pour le réseau
Server
Hypervisor Nexus 1000v
OS
App
CSR 1000V ASAv vNAM vWAAS
…
Cisco Confidential 32 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Vendor-specific APIs
Applications
Programmable APIs
Control Plane
Data Plane
Vendor Specific (e.g. onePK)
1
Et sur les applications ?
Applications
Virtual Control Plane
Virtual Data Plane
Overlay Protocols (e.g. VXLAN)
Vendor- specific APIs
3 Network Virtualization/ Virtual Overlays
Control Plane
Data Plane
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
2a Classic SDN
Vendor Specific (e.g. onePK)
Controller
Data Plane
Applications
Vendor-specific APIs
OpenFlow
Control Plane
2b Hybrid “SDN”
Vendor Specific (e.g. onePK)
Control Plane
Data Plane
CLI, SNMP, …
Cisco Confidential 33 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Introduction à DevNet
Creating a Community of Software Developers who Leverage Cisco Technology in Their Work
Enabling a Robust Developer Ecosystem
Engineering Platform APIs
SDKs and Tools
Developer Support
Community Management
To Build Compelling and Innovative Apps
Cisco Confidential 34 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Conclusion
Cisco Confidential 35 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Masking Network Complexity, Exposing Network Intelligence Base Software & Base Apps Included in SmartNet, Premium & Partner Apps Priced.
Cisco APIC Enterprise Module
Software or Appliance Based
Open Daylight, RESTful, OpenFlow, CLI, OnePK
Existing & New Installations Catalyst, ISR, ASR
Agile Integration Model
Network Abstraction and Automation
APIC EM
Cisco Confidential 36 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Le réseau au service de l’innovation avec ACI 36% de temps économisé sur le WAN et l’accès
Average Time Spent by Network Administrator
Current IT* Fast IT
28% Troubleshooting
19% Security
18% Configuration
14% Equipment Upgrade
14% Traffic Optimization
7% Other
14% Troubleshooting
10% Security 8% Configuration
14% Equipment Upgrade
10% Traffic Optimization
43% Other
Total Network Operations Time Savings
More Time Available for Business Innovation
Cisco Confidential 37 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco SDN pour les réseaux d’entreprise
Agilité Simplicité Protection des investissements
Policy and Administration
Sur tout le réseau (DC, WAN, Accès)
Utilisation de toute la capacité du réseau
Pour anciens et nouveaux déploiements
Thank you.
