Chris Swan's CloudExpo Europe presentation originally given 26 Feb in the Software Defined Data Centre and Networks Theatre.
The networking declaration of independence – how overlay networking gives you control of your networks
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Ähnlich wie Chris Swan's CloudExpo Europe presentation "The networking declaration of independence – how overlay networking gives you control of your networks"
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PROIDEA
Ähnlich wie Chris Swan's CloudExpo Europe presentation "The networking declaration of independence – how overlay networking gives you control of your networks" (20)
How to Troubleshoot Apps for the Modern Connected Worker
Chris Swan's CloudExpo Europe presentation "The networking declaration of independence – how overlay networking gives you control of your networks"
1. copyright 2014 1
The networking declaration
of independence
Chris Swan, CTO
@cpswan
the original cloud networking company
How overlay networking gives
you control of your networks
5. copyright 2014 5
NFV can be a networking Swiss Army knife
Firewall
Dynamic &
Scriptable
SDN
Protocol
Redistributor
IPsec/SSL VPN
concentrator
Router Switch
NFV
Hybrid
virtual
device
able to
extend to
multiple
sites
Application SDN (Software Defined Network) Appliances
• Allow control, mobility & agility by separating network location
and network identity
• Control over end to end encryption, IP addressing and network
topology
7. copyright 2014 7
Nicira’s “declaration of independence” from metal,
freed NFV from OpenFlow
+
http://nicira.com/sites/default/files/docs/Nicira%20-
%20The%20Seven%20Properties%20of%20Virtualization.pdf
8. copyright 2014 8
These same properties free NFV from the
“constraints” of OpenFlow (technology, timing and target)
Nicira defined the 7 Properties of network virtualization as:
1. Independence from network hardware
2. Faithful reproduction of the physical
network service model
3. Follow operational model of compute
virtualization
4. Compatible with any hypervisor
platform
5. Secure isolation between virtual
networks, the physical network, and
the control plane
6. Cloud performance and scale
7. Programmatic networking provisioning and control
9. copyright 2014 9
With VM-based network devices you can use the cloud
network as “bulk transport” and are indifferent to all else.
Independence from network hardware
Customer Data Center
NFV
Standard IPsec
Tunnel
Firewall / IPsec Device
Data Center Servers
Overlay IP: 172.31.11.xx
Public Cloud
Region 1
IP: 192.168.1.xx LAN
Cloud Server Cloud Server
Overlay Network
10. copyright 2014 10
NFV devices “look” and “feel” like the same networking
devices customers have used for ever, without boundaries
Reproduction of physical network model
Customer Data Center
Standard IPsec Tunnel
Data Center Servers
Virtual Network
Cloud Server
Public CloudRegion 1
Overlay Network
Data Center Servers
Cloud Server
NFV
11. copyright 2014 11
Follow operational model of compute virtualization
NFV NFV NFV NFV
NFV functions can be dynamically brought on-line, up to
the elastic limits of the total infrastructure available (!!)
12. copyright 2014 12
Compatible with any hypervisor platform
NFV does more than “follow” the model of compute
virtualization, it exists via compute virtualization.
Public Clouds
Private
Clouds
Virtual
Infrastructure
13. copyright 2014 13
Secure isolation
Isolation takes many forms: from underlying infra, allow my
protocols, keep my “chattiness” in, keep others out, etc..
Customer Data CenterCustomer Remote Office
NFV
Overlay Network
Subnet: 172.31.0.0/22
Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21
Cloud Server A Cloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F
Active IPsec
Tunnel
Active IPsec Tunnel
Failover IPsec
Tunnel
192.168.4.0/24 -
172.31.1.0/24
192.168.3.0/24 -
172.31.1.0/24
Firewall / IPsec
Cisco 5505
Firewall / IPsec
Cisco 5585
Data Center ServerData Center Server
LAN IP: 192.168.4.50 LAN IP: 192.168.4.100User Workstation
LAN IP: 192.168.3.100
User Workstation
LAN IP: 192.168.3.50
Chicago, IL USA
Remote Subnet:
192.168.3.0/24
London, UK
Remote Subnet:
192.168.4.0/24
Public IP:
184.73.174.250
Overlay IP: 172.31.1.250
Public IP: 54.246.224.156
Overlay IP: 172.31.1.246
Public IP:
192.158.29.143
Overlay IP: 172.31.1.242
Peered Peered
US East 1 EMEA APAC
NFV
14. copyright 2014 14
Cloud performance and scale
Where NFV really shines today: create a WAN in minutes,
use cloud as points of presence for your business
NFV
User Workstation User Workstation
Data Center Server
15. copyright 2014 15
Programmatic networking provisioning & control
+ http://maxoffsky.com/code-blog/building-restful-api-in-laravel-start-here/
Cloud Compute and Network APIs + NFV Device APIs
allow previously unimaginable flexibility and power
Public Clouds
Private Clouds
Virtual Infrastructure
17. copyright 2014 17
Waves of NFV Adoption
Customer Data Center
NFV
Standard IPsec Tunnel
Firewall / IPsec Device
Data Center Servers
Overlay IP: 172.31.11.xx
Public CloudRegion 1
IP:
192.168.1.xx
LAN
Cloud Server Cloud Server
Overlay Network
Bursting and
Containment
Standard IPsec Tunnel
Public CloudRegion 1
Cloud Server Cloud Server
NFV
Overlay Network
Customer
Site N
Multiple
IPsec Devices
Customer
Site 2
Customer
Site 1
Hubs and
Spokes
“Winning back
control”
Encrypted Overlay network in VPC
Web App 2Web App 1 Web App 3
Encrypted Connections
Tomorrow 11:25 - 11:50 in DCIM / Software
Defined Datacentres and Networks Stream