Cisco Open Network Environment Webinar Series An Introduction
Cisco Open Network Environment Webinar Series An Introduction to Open. Flow: February 2013 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Industry’s Most Comprehensive Networking Portfolio Hardware + Software Physical + Virtual Network + Compute Applications Platform APIs OPEN NETWORK ENVIRONMENT Network Overlays a Controllers and Agents “Open. Flow” www. cisco. com/go/one © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
An Introduction to Open. Flow Early Perspectives: Indiana University & NTT communications Open. Flow @Cisco Q&A © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
David Ward CTO, Cisco Engineering and Chief Architect Chair, Technology Advisory Group – Open Networking Foundation © 2011 Cisco and/or its affiliates. All rights reserved. Matt Davy (Former) Executive Director, In. CNTRE and Chief Network Architect, Indiana University Yuichi Ikejiri Director, Technology Department, Network Services Division NTT Communications Corporation Cisco Confidential 4
Board of Directors Chairs Council of Chairs Technical Working Group Technical Advisory Group Technical Working Group Market Education Activities Executive Director Regional Activities Source: www. opennetworking. org – January 2013 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Architecture and Framework Extensibility Configuration and Management Security Forwarding Abstractions Migration Market and Education Hybrid © 2011 Cisco and/or its affiliates. All rights reserved. Testing and Interoperability Transport Cisco Confidential 6
802. 1 Overlay Networking Projects SDN WG Open Network Research Center at Stanford University Technical Advisory Group, Working Groups: Config, Extensibility, Futures/FPMOD/OF 2. 0 Initiatives: Quantum (Folsom release) Donabe Open Source Cloud Computing project ETSI SGI on “Network Function Virtualization” © 2011 Cisco and/or its affiliates. All rights reserved. Overlay Working Groups: NVO 3, L 2 VPN, TRILL, L 3 VPN, LISP, PWE 3 API Working Groups/BOFs NETCONF, ALTO, CDNI, XMPP, SDNP, I 2 AEX Controller Working Groups: PCE, FORCES Protocol Working Groups: IDR, IS-IS, OSPF, MPLS, CCAMP, BFD New working group: I 2 RS – Interface to the Routing System Cisco Confidential 7
Open. Flow Approach Applications “Northbound Interface” APIs Controller Open. Flow Configuration Protocol Open. Flow Protocol “Southbound Interface” Data Plane Simpler Provisioning, Topology Abstraction © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Basics • Open. Flow Components Application Layer Protocol: OF-Protocol Device Model: OF-Device Model (abstraction of a device with Ethernet interfaces and a set of forwarding capabilities) Transport Protocol: Connection between OF-Controller and OF-Device* • Observation Open. Flow Controller Open. Flow Config. Point Open. Flow Protocol OF-CONFIG Data Plane Group Table OF-Controller and OF-Device need pre-established IP-connectivity Flow Table * TLS, TCP – OF 1. 3. 0 introduces auxiliary connections, which can use TCP, TLS, DTLS, or UDP Flow Table Pipeline Open. Flow Switch Source: Open. Flow 1. 3. 0 specification, figure 1 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 9
Open. Flow Configuration Point(s) Open. Flow Controller(s) OF-Config Open. Flow Capable Switch OF Logical Switch OF Resources (e. g. Port) Figure 2: Relationship between components defined is this specification, the OF-CONFIG protocol and the Open. Flow protocol © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
• Single table • L 2, IPv 4 focused matching DEC 2009 OF 1. 0 FEB 2011 OF 1. 1 • • • IPv 6 • Flexible TLV matching • Multiple controllers • Bug fixes DEC 2011 JUN 2012 OF 1. 2 Multiple Tables MPLS, VLAN matching Groups: {Any-, Multi-}cast ECMP APR 2012 OF 1. 3. 0 OF 1. 0. 1 • 802. 1 ah PBB • Multiple parallel channels between switch and controller SEP 2012 OF 1. 3. 1 • Bug fixes “Working code before new standards” “ONF should not anoint a single reference implementation but instead encourage open-source implementations”; ONF board encourages multiple reference implementations Open. Flow 1. 0. X : no work planned Open. Flow 1. 3. X: long term support Open. Flow 1. 4: extensibility, incremental improvements © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
• Configuration and management protocol for Open. Flow switches JAN 2012 OF Config v 1. 0 • Consolidation of ver 1. 1 • Fixing small inconsistencies MAY 2012 OF Config v 1. 1 JAN 2013 OF Config v 1. 1. 1 PROPOSED OF Config v 1. 2 • Capability discovery • Tunnel configuration • Error handling Under discussion, candidates include: • Assigning resources to logical switches • Simple topology detection • Event notification Discussions led by the ONF Configuration and Management Working Group © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Packet in Start at Table 0 Yes Main in Table n? Yes Update Counters Execute Instructions: • • • No Table-miss Flow Entry Exits? Updated action set Updated packet/match set fields Update metadata Yes Goto-Table n? No Execute Action Set No Drop Packet Figure 3: Flowchart detailing packet flow through an Open. Flow switch © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Open. Flow Capable Switch Packet In Ingress Port Action Set = {} Table 0 Packet + Ingress Port + Metadata Action Set Table 1 Table n Packet Action Set Execute Action Set Packet Out (a) Packets Are Matched Against Multiple Tables in the Pipeline {Any, Multi}cast (1. 1) ECMP (1. 1) MPLS (1. 1, note push/pop, . 1 q) IPv 6 (1. 2) © 2011 Cisco and/or its affiliates. All rights reserved. • • (1. 3. X) introduces per flow meters, IPv 6 extension header handling, flexible table miss support, enhanced/refactored capability negotiation, multipart requests, MPLS Bo. S matching, push/pop for PBB, tunnel-ID meta-data, cookies for packet_in messages, augmented flow table entry (adds cookie), among others Configuration Protocol under co-development Cisco Confidential 14
Making of OF Functionality Complete Examples of Ongoing Work • Hardware friendly switch model negotiations (“typed tables”) (→ Forwarding Abstractions WG) • Configuration Management (→ OF Config WG) • Security model (granular access control) (→ Architecture and Framework WG) • HA-model for device and controller (state re-sync etc. ), Controller peering (→ Architecture & Framework WG) • Integration with Existing Networks; Integrate SDN Controllers and SDN Control Plane capabilities in Network Devices (formerly covered by “Hybrid WG”) (→ Architecture and Framework WG) • OF Protocol Extensibility (→ Extensibility WG) • … © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Early Perspectives: Indiana University & NTT communications © 2011 Cisco and/or its affiliates. All rights reserved. 16
Indiana University © 2011 Cisco and/or its affiliates. All rights reserved. 17
Interoperability Testing
Dynamic Control via SDN Scalable, Flexible L 4 – 7 Service Insertion Layer-3 Fabric Virtualized, Unified Access Layer Building A Building B Network Slicing Use Case Internet
NTT © 2011 Cisco and/or its affiliates. All rights reserved. 20
NTT Communications Whole picture of the Cloud Vision <Partners> <NTT Communications Group> Consulting/Individual Applications Security Managed Security Services Saa. S Mail, Desktop, Vo. IP etc. Paa. S / Iaa. S Private Cloud Provide Hybrid Cloud Partnering Hybrid Cloud Public Cloud Network Controller Virtualized Network Data Center Arcstar Universal One Multi network/ Direct Access to Cloud Data Center Physical Network Access Network/ Terminals Saa. S Vendor Portal Cloud Controller Direct Access to Cloud Virtualized Network Integrated Control /Visualization Partnering Hybrid Cloud Other Cloud Hybrid Cloud Customer’s System PC, Global Total Management OSS Consulting firm/ Application Vendor Partnering Consulting and others One-Stop Operation Smartphone, Tablet PC, etc. Global ICT Partner Innovative. Reliable. Seamless. Copyright © 2012 NTT Communications Corporation and/or its affiliates. All right reserved. 21
Expected expansion of application of Open. Flow/SDN technology Data Center Expand Network Virtualization DC-VPN Interconnection OAM Function Network Edge Global ICT Partner Innovative. Reliable. Seamless. 22 Copyright © 2012 NTT Communications Corporation and/or its affiliates. All right reserved.
Open. Flow@Cisco © 2011 Cisco and/or its affiliates. All rights reserved. 23
2 Q 13 Enabling Application Ecosystem through an Extensible Architecture Cisco Apps Customer Apps REST ISV Apps JAVA Open Src Apps More Coming Cisco Advanced Functions Open. Flow for Popular Languages and Software (Eg: Open. Stack) Modular Architecture Core Functionality one. PK Published APIs More Coming Allows Rapid Adoption of Evolving Controller Functionality While Minimizing Operational Disruption Extensible Protocol Support Network Infrastructure © 2011 Cisco and/or its affiliates. All rights reserved. Ensures Continuous Adoption of Emerging Standards Cisco Confidential 24
Extending and Customizing with Cisco ONE Portfolio Previously Announced Phase 2 Apps Network Slicing Network Tapping Custom Forwarding Dynamic network partitioning of the network using logical associations provided by ONE Controllers centralized view Ability to monitor, analyze, and debug network flows using conventional network switches Using unique parameters such as low latency to program specific forwarding rules across the network All Controller Apps Are in Customer Po. C © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Expanded Platform Support Platform APIs Controller/Agents one. PK Platforms ONE Controller • • • Open. Flow Agents 1 H 13 ISR G 2 ASR 1000 1 H 13 ASR 9000* Nexus 3000 1 H 13 Nexus 7000* 1 H 13 • Catalyst 3000* • Catalyst 6500* • Nexus 3000 1 H 13 • Nexus 7000* • ASR 9000* Overlay Networks CSR 1000 V 1 Q 13 Nexus 1000 V Updates • N 1 KV Hyper-V 1 H 13 • N 1 KV KVM* • VXLAN Gateway 1 H 13 • Service Chaining (w/ v. Path) Cisco Edition of Open. Stack N 1 KV Inter. Cloud 2 Q 13 Virtual NAM (v. NAM)* © 2011 Cisco and/or its affiliates. All rights reserved. *Customer Po. C: on-going or in 1 H 13 Cisco Confidential 26
Enabling Specific Solutions/Protocols (Open. Flow, IRS, …) on Top of one. PK Application Framework / Controller Agent Communication Component Solution Defined Protocol (e. g. Open. Flow) Agent Implementation (e. g. Open. Flow) one. PK APIs Presentation Agent Framework one. PK API Infrastructure IOS / XE © 2011 Cisco and/or its affiliates. All rights reserved. NX-OS IOS-XR Cisco Confidential 27
“Ships-in-the-night” “Integrated” (aka “Vertical Partitioning”*) (aka “Horizontal Partitioning”) Control Plane Open. Flow Router • A subset of ports controlled by OF, another subset controlled by router’s native CP – physical resources are partitioned • Some level of integration: “OF_NORMAL”: Implementer free to define what “normal” is Control Plane Open. Flow Router • Use OF for feature definition – augment the native control plane • No longer partitioning of resources • Can operate at different abstraction levels (low-level like OF 1. 0 or higher level) May or may not be what router normally does © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
• Installing ephemeral routes in the RIB Install routes in RIB subject to admin distance or … Moral equivalent of static routes, but dynamic May require changes to the OF protocol/model • Edge classification Basically use the OF as an API used to install ephemeral classifiers at the edge Moral equivalent of … ‘ip set next-hop <addr>’ (PBR) Use case: Service Engineered Paths/Service Wires Program switch edge classifiers to select set of {MPLS, GRE, …} tunnels Core remains the same • Programmable Service Chaining © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
• VIRL is a multi-purpose network virtualization platform • Brings virtual machines running Cisco Network Operating Systems to the customer The same operating systems as used on physical Cisco products • Virtual Machine orchestration capabilities enables: Creation of highly-accurate models of real-world or future networks – scales to thousands of virtual network devices SP / Enterprise VIRL Virtual Internet Routing Lab © 2011 Cisco and/or its affiliates. All rights reserved. Production Network Modeling ‘What-if’ Analysis Test Lab Virtualization Partner Community Training and Education Cisco Onepk Virtual Testbed Test Lab Virtualization University and Education Networking Research Rapid Prototyping Network Education Cisco Confidential 30
IOS XR VM-based tool: XR VR IOS XE VM-based tool: CSR 1000 v © 2011 Cisco and/or its affiliates. All rights reserved. NXOS VM-based tool: v. NXOS IOS VIRL VM-based tool: v. IOS Cisco Confidential 31
• VIRL virtual networks enable building, testing, learning and experimenting with Cisco open networking technologies • E, g. One. PK-enabled virtual Openflow switches and routers in a mixed Openflow and MPLS-TE topology • Virtual-machine based Cisco ONE and PCE controllers drive traffic through the network • One. PK developers are able to test and validate applications against virtual devices before deploying to the real network © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Demo: © 2011 Cisco and/or its affiliates. All rights reserved. 33
App App Cisco ONE Controller Open. Flow Support on the Industry’s Most Extensible Controller one. PK Open. Flow Cisco Network Device © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Cisco Open Network Environment www. cisco. com/go/one Questions? ask-one@cisco. com Open Network Foundation www. opennetworking. org © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
• An Introduction to one. PK • An Introduction to Overlay Networks • An Introduction to the Cisco ONE controller architecture • Security in Open Network Environments • And more! www. cisco. com/go/onewebcasts © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
- Slides: 36