6Cisco Public
Virtualization = explosion in Objects
Cost per Object must Agility must Operations mustAdapt
Evolving choices in abstraction
Easy ButtonGUICLI API
50%+ of outages from mis-config
Speed to activation too slow
Mechanization of logic in CCIE brains
Peering of Controller
& Network Element
Intelligence

7Cisco Public
The target of SDN?
…to “Automate” and “Simplify”
the centralized provisioning
administration of the
network…

8Cisco Public
…and for the network to have
greater awareness of
“Application” needs

9Cisco Public
Traditional Control Plane
Architecture
(Distributed)
•  Control plane is tightly coupled to the network device
•  Minimal application programmability of network devices (CLI, SNMP,
NETCONF)
•  EX: Cisco Routers, Catalyst L2/L3 switches, Nexus switches, etc…
Application
Distributed Control Plane
Data Plane
Centralized Control Plane
APIs

10Cisco Public
•  Control plane is centralized
•  Control plane abstracted from the forwarding HW
•  Communications channel exists between control plane and forwarding
HW (OpenFlow agent on device)
•  EX: OpenFlow Model (controller, agent on network element)
Application
Data Plane
APIs
SDN Control Plane Architecture
(Centralized)
OpenFlow

12Cisco Public
Hybrid Control Plane Models
Application
Data Plane
APIs
Applications
Network Devices:
On-Box Control Plane
Centralize When Needed, Default
Distributed Control Plane for All Else
Source: ONF Hybrid WG

© 2013 Cisco Systems, Inc. All rights reserved.
Hybrid SDN Model
Distributed and Centralized (via controller) Control Plane + Standards Data Plane
“South Bound”
control and API
Packet
Forwarding
Hardware + CP
Packet
Forwarding
Hardware + CP
Packet
Forwarding
Hardware + CP
Network Element (Phy,
Virt), with Distributed
CP + programming
capabilities through
Southbound API
Controller
Operating System controlling
specific functions of the
network
“North Bound”
control and API
App App App App Applications layered on top
SDN Control Plane Architecture
(Hybrid)
Communication
Channel
To
Network
Element
NETCONF, BGPLS, PCEP,
OpenFlow, OVSDB, CLI
(AAA – Auth)
RESTNB API’s
IP/MPLS
BGP/OSPF

14Cisco Public
Hybrid Control Plane Models
•  Utilizes existing distributed and central control plane
•  Leverage existing routing innovations and services (IP/MPLS, TE,
convergence, LISP…) with benefits of a “controller” for tighter
applications integration to the network
•  DC may leverage overlay’s (VXLAN) while still leveraging an
intelligent underlay (analytics, fast convergence, dynamic LB, etc…)
Application
Data Plane
APIs
Applications
Network Middleware
Network Devices:
On-Box Control Plane
Centralize When Needed, Default
Distributed Control Plane for All Else
Source: ONF Hybrid WG
•  Campus, Branch Controller (APIC-EM)
•  WAN Orchestration Controller
•  NFV Orchestration Engine
•  Policy Controller (APIC) for ACI

15Cisco Public
ACI (N9K,UCS,FW,LB,IPS)
Data Center
APIC
EM
ISR/ASR1K Router, Catalyst
Switch
Enterprise Network
ASR9K,CRS, NCS6k/4k/2k
WAE
on
ODL

APIs

Deployer
Collector

SP WAN
VNF VM, Orchestration
(vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS
Customer Business Oriented Applications
•  Focus is on specific
campus applications on
Cisco HW
•  SSH into platform
•  Focus is on self-
deployed IP/MPLS
WAN
•  ODL, open standard
protocols
•  Focus is providing NFV
orchestration (vMS)
•  Targeting SP like
agencies
•  Streamlined use cases
•  Focus is on private DC
and cloud deployments
•  Lead DC solution,
integration with UCS,
eco-system

17Cisco Public
•  Target all areas of customer functions and networks
•  Data Center (Enterprise & SP), Enterprise (WAN, Campus), SP and/or large Enterprise WAN, SP Cloud offerings
•  Programmability and open API’s, orchestration, virtualization, rapid provisioning and automation
Data Center
APIC
EM
Switch
Ent Network
WAE

APIs

Deployer
Collector

SP WAN
VNF VM
(vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS

21Cisco Public
Cisco APIC Enterprise Module Architecture
Cisco APIC Enterprise Module
Cisco and Third Party Applications
Network Devices
Catalyst, ASR, ISR
Network Info
Database
Policy
Infrastructure
Automation
REST API
Southbound Interface: CLI
Security QoS IWAN Network PnP
Masking Network Complexity, Exposing Network Intelligence
.
1.  Cisco Visualization Application a.k.a UI
2.  Cisco Applications for specific solutions:
•  IWAN
•  Network PnP
•  Collaboration
•  Security (integration w/ ISE)
•  QoS, etc…
3.  DevNet Community
4.  Customer developed (internal to org)
Application Eco System for APIC-EM

22Cisco Public
APIC-EM (Enterprise Module)
QoS | ACLs | Topology | Inventory | ZTD

23Cisco Public
Data Center
APIC
EM
Switch
Ent Network
WAE

APIs

Deployer
Collector

SP WAN
VNF VM
(vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS

25Cisco Public
“ 
Vijay Gill – GM, Global Network Services, Microsoft
https://twitter.com/vgill/status/227539039979446272

•  WAN is a critical conduit between customers, content, NFV
-  User access to NFV resources and business applications
-  DC – to – DC
•  Must support legacy infrastructure
•  WAN bandwidth is costly and limited… maximize %util
•  Capacity planning is challenging!!! Targeted at maximizing
WAN optimization, orchestration, and automation for
customers who own their own WAN elements (Federal)
•  Must re-think how the WAN Engineering Cycles Evolve as the
needs are On-Demand versus Days or Weeks
SDN in the WAN Delivers Critical Solutions
Maximizing BW, Link Utilization, and Optimizing Engineering Cycles
Federal Owned
WAN
Data
Center
#1
Business
Data Center #2
Multi-Vendor,
Multi-Environment
Flexible Infrastructure;
New Classes of
Applications
Open & Interoperable
Solutions; Standards &
Open Source
Modular & Reusable
Components

27Cisco Public
Tightening the Engineering Cycle
Years/Months Weeks/Days Minutes/Seconds
Must Increase Service Velocity provisioning, Increase Link utilization, Limit Time to Deploy

28Cisco Public
SDN WAN Orchestration Platform
•  Application platform for placing traffic demands and
paths across an IP/MPLS WAN
•  North-Bound API: Java/REST
•  South-Bound (Bi-Directional): BGP-LS (update
link-state TO controller), stateful PCEP (programs
network elements FROM controller), NC/YANG
•  Intelligent collector, planner, and optimizer engine
and can leverage “what if” exercises for load
placement
•  Multi-vendor enabled & extensible
•  Leverages OpenDaylight Infrastructure with “WAN
Orchestration” applications (uses REST to
controller)
Collector Programming
Application
Engine
WAN
Databases
MATE
Apps
Client
Apps
Cross Domain
Orchestration
APIs
IP/MPLS
Segment
RoutingMulti-
Layer
SDN WAN
BGP-LS
PCEP
configlet

29Cisco Public
1 - Can I place this requested BW load
on my network?
2 - If I do, which link(s) is outside my
network capacity threshold?
WAN
IP/MPLS
Segment
RoutingMulti-
Layer
… In Real-Time!!!

30Cisco Public
WAN Orchestration Framework
Example: Bandwidth Calendaring
WAN App
Program
NB API
WAN
R1
R2
R3
1
Data Center #1 Data Center #2
1.  Network conditions reported to
collector consistently
2.  WAN Orch pulls latest Plan File every 20
min from existing MATE Collector
3. Customer App requests DC #1 – DC #2
bandwidth at Future Date/Time (in app)
4. Demand admission response:
<R1-R3, B/W, Future Date/time>
5. Customer App confirms booking
6.  Two hours prior to activation placement
APP applies config in Traffic Mgr (app)
7.  Traffic Mgr programs the LSP on devices
8.  LSP setup for traffic
3
4
8
30
Collector
2
6
Customer App
Congested
BGP-LS PCEP
5
7

32Cisco Public
WAN Automation Engine (WAE)
Customer use cases and deployments

33Cisco Public
WAN Application
RESTful APIs
ProgrammingCollection
Use Case: Demand Admission & Placement
Problem:
Demand placement requirement must take
in account LOCATION as well as network
impact (link over-subscription)
Solution:
Application places demand on the suggested
path/location and the network remains healthy
leveraging under-subscribed links
BW
Demand
App
WAN
R1
R2
R3
Cloud Consumer
Customer Site
Content
Sites
Simple REST API
Hides Complexity;
Utilizes Infrastructure Intelligence

35Cisco Public
WAN Application
RESTful APIs
Use Case: Bandwidth Scheduling (Calendaring)
Problem:
Provider’s customer has an “on demand”
need for nightly DC backup or to move
workloads
Solution:
After determining a best path, Platform
programs an LSP via PCEP.
WAN
R1
R2
R3Data Center #1 Data Center #2
Congested!!
Simple REST API
Enables Faster Solution without
Complexity
BW
Calendar
App
PCEP

37Cisco Public
WAN Application
RESTful APIs
Use-Case: TE Load Balancing
Problem:
A customer needs to efficiently use expensive
BW links (EX: high cost links, perhaps trans-
oceanic) and must optimize usage.
Solution:
The most expensive network resources are
fully optimized by calculation assigning best
load share metrics using PCEP (extensions).
AS Foo
WAN
R1
TE Tunnel
Builder
App
REST API Enables Solution;
Hides Complexity
PCEP

42Cisco Public
Data Center
APIC
EM
Switch
Ent Network
WAE

APIs

Deployer
Collector

SP WAN
VNF VM
(vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS

43Cisco Public
NFV extends the ”VIRTUAL” to
L4-7 Services
NFV - Network Functions Virtualization

44Cisco Public
Creating Virtual versions of Services that
traditionally ran on standalone appliances…
NFV - Network Functions Virtualization

45Cisco Public
Some NFV Examples…
Network Address Translation (NAT)
Firewall
Intrusion Detection (IDS/IPS)
Domain Name Service (DNS)
WAN Acceleration
Load Balancing
Deep Packet Inspection (DPI)
Content Delivery (CDN)
Broadband Remote Access (BRAS)
Provider Edge (PE Router)
NFV

Cisco Confidential 46© 2013-2014 Cisco and/or its affiliates. All rights reserved.
NAT
VM
Firewall
VM
SBC
VM
dDOS
VM
Virus Scan
VM
IPS
VM
DPI
VM
CGN
VM
Portal
VM
PCRF
VM
DNS
VM
DHCP
VM
BRAS
VM
SDN
Ctrl.
VM
RaaS
VM
WLC
VM
WAAS
VM
CDN
VM
Cachin
g
VM
NMS
VM
Network Function Virtualization (NFV)
Enablers, benefits and applications
•  Enablers
Hypervisor and cloud computing technology
Improving x86 h/w performance
Optimised packet processing and coding techniques
Network industry standardising on Ethernet
SDN based orchestration
•  Value Proposition
Shorter innovation cycle
Improved service agility
Reduction in CAPEX and OPEX
•  ETSI and OPNFV based standardization
Network infrastructure/Service Functions run on
Virtualized x86 compute platforms

47Cisco Public
Cisco NFV Orchestration Solution Architecture
Service Catalog
Network Service Orchestrator
VNF ManagerVirtual Topology System
RT-OSS or
Upper layer Orchestrator
REST API
Service Lifecycle
management
Service
Provisioning
DCI
Routing
Service
Routing
Address
Mgmt.
Openstack / Jcloud API
SystemManagement,HighAvailability
ServiceAssuranceFramework
Tenant 1
VNF1
Tenant 2
VNF1
VTF
VRF1 VRF2
Tenant 1
VNF2
Tenant 2
VNF2
VTF
VRF1 VRF2
Tenant 2
VNF3
Tenant 1
VM1
Tenant 2
VM1
VTF
VRF1 VRF2
DC gateway
VRF1
VRF2
SW Overlay
MPLSoGRE, L2TPv3, VXLAN
VM Orchestrator
Servers
RESTCONF/
YANG
MP-
BGP
EPN
SP WAN
VRF1
VRF2
End-User
CE2
CE1
Open Standards Based

48Cisco Public
Cisco NFV Orchestration Solution - Multi-Tenant Service
Instantiation & Service Chaining
Customer 1
Wants FW, NAT
External WAN, access to
Cloud (IaaS, Storage,…)
SP Managed Service POD
SP Datacenter
Customer 2
Wants vCPE,
vFW, vWAAS
vFW NAT
vCPE vFW vWAAS
Customer service is instantiated as a virtual service in
the managed service POD. Multiple services combined
into a service chain
Multi-tenanted
service chains
Dynamic Services Composer
Service Orchestrator
DSC Services Controller DSC Network Controller
System
Management
and High
Availability
Internet/VPN
(Managed CPE)
Security
(Managed FW)
NAT WAAS
Managed Services

52Cisco Public
Service Description
Virtual Managed Services
Using CSR, vASA to deliver managed services / managed security to
enterprise customers
Virtual CPE
Cloud based or on-prem virtual CPE to augment capabilities of
physical on-premise CPE
Virtual Private Cloud
Single-tier, 2-tier, 3-tier applications with optional NFV service
chaining for enterprise customers
Routing-as-a-service Using CSR to deliver routing/BNG as a cloud service
Hosted Collaboration Service
Integrating HCS provisioning with VPN configuration for single click
customer deployment
Virtualized Video Headend Cloud DVR, CDN/streaming as a service
Virtual PE Router Fully virtualized PE router delivered as an on demand cloud service
Virtual Wireless LAN
Controller, vWAAS, vNAM,
vSCE
Other Service VNFs that may be used to offer WLAN, DPI, NAM etc
as cloud based services
NFV Customer Use Cases

53Cisco Public
SP SDN/Programmability Investment Focus
Consumer
Corporate
Aggregation Core
NAT
VM
Firewall
VM
SBC
VM
dDOS
VM
Virus Scan
VM
IPS
VM
DPI
VM
CGN
VM
Portal
VM
PCRF
VM
DNS
VM
DHCP
VM
BRAS
VM
SDN Ctrl.
VM
RaaS
VM
WLC
VM
WAAS
VM
CDN
VM
Caching
VM
NMS
VM
SP-cloudEdge
DC Core
Access
DCI
Internet
Wholesale
Business: Optimize time to qualify new IP services and reduce
TCO, plug and play services
Elements: NETCONF/YANG, Tail-F, NMS
Business: Monetize SP Core, MPLS Simplification, Maximize BW
utilisation
Elements: WAE, Open Daylight; PCEP, BGP-LS, SR
Business: DDoS Mitigation services
Elements: Scrubbers; BGP-Flowspec, Netflow
Business: NfV Managed Services, Virtual
Private Cloud
Elements: vPE/NSO; RESTCONF, YANG
Cloud Services
Orchestration
Infra/DDoS Security
EPN Agility: CarrierE/Optical Fast Provisioning
WAN Optimization
Business: Optimize DC Core and DC
Interconnect management
Elements: ACI, N9K, A9K
DCI automation
NfV

59Cisco Public
Policy
(Application + Network + Security)
Expose Network Intelligence – Bi-Directionally
Services
Orchestration
Analytics
Applications
Network
Workflow and Intent
Programmability
Network
Intelligence,
Guidance
Statistics, States,
Objects and Events
Harvest Network
Intelligence, Telemetry,
and Events
Program for Optimized
Performance and
“Application Driven”
Control

60Cisco Public
Science DMZ Reference
Implementation
Nexus 3K
Internet2/AL2S
Commodity
Internet

DMZ

Secure
Corporate

Networks

High-‐Throughput

Science
Networks

BGP
Null
Routes

Ac=ve
Blocking

DTN
Compute

Flow
No=ﬁca=on

•  Event Correlation
•  Log Storage
•  Auditing
•  Analysis
Next
Genera=on
Firewall

•  Commodity:
In-‐Line

•  Internet
2:
In-‐Line
or
OOB

w/Steering

Campus
Corporate
DC
External

Services

ASR 1K ASR 9K
Nexus 9K
ASA 5585
BGP
REST API
Open DayLight
Controller

61Cisco Public
Open platform for SDN app development
Single Northbound REST Interface
Multiple Southbound Interfaces
Cisco Open SDN Controller

62Cisco Public
Use Case: Leverage Cisco OSC for “Event Driven”
Remote-Trigger Blackhole for DDoS Attacks in a Data
Center
1.  Sensor solutions is built OOB so as
not to disrupt traffic flow.
2.  Splunk is used for event-correlation
using events from SourceFire and
other security elements (IDS or FW
logs).
3.  Splunk blocks traffic by making a
REST API call to the OSC
4.  OSC responds for the block request
by using the NETCONF API in OSC,
applying a BGP null-route in the
ASR 9000 for those prefixes.
5.  Optional: OSC can select traffic to
monitor via OpenFlow.
ASR 9K
SourceFire
OSC
Block
Mirrored
Traffic
Splunk
Alerts
REST
N3K “Tap”
N9K Core
LAN
WAN
C-OSC – Cisco Open SDN Controller

63Cisco Public
“One-Click” install
•  VMware ESXi and Oracle
Virtual Box hypervisor ready
Cisco Open SDN Controller 1.0
Pre-Installed Apps
• BGPLS Manager - visualizes
network topology from BGP
database
• Inventory – augmented
OpenDaylight “Nodes” app
identifies all connected devices
• (YANG) Model Explorer –
exposes system models and
previews JSON API body
• OpenFlow Manager –
manages, visualizes and
troubleshoots flows + previews
JSON API body
• PCEP Manager – creates,
modifies and deletes MPLS
LSPs
Centralized OA&M
§  Robust user, application
and feature administration
§  Status monitoring; system,
cluster, node
§  Event logging
§  Real-time CPU, memory,
disk, heap size, load and
network utilization metrics

65Cisco Public
Data Center
APIC
EM
Switch
Ent Network
WAE

APIs

Deployer
Collector

SP WAN
VNF VM
(vCPE,vPE,vFW,vIPS)
NFV
vCPE vFW vIPS

66Cisco Public
ACI is Cisco’s attempt to solve the most significant and
important problems facing data center managers: how to more
closely link the provisioning of data center networks with
the applications running over those networks (i.e. “how do
the apps talk to each other).
… the goal is to reduce human error, shorten application
deployment times, and minimize the confusion that can
occur when application managers and network managers
speak very different vocabularies.
JOEL SNYDER
NETWORK WORLD

74Cisco Public
WHAT ARE THE KEY COMPONENTS OF ACI?
APPLICATION-CENTRIC INFRASTRUCTURE
CONTROLLER
(APPLICATION POLICY
INFRASTRUCTURE
CONTROLLER)
APIC
OPEN STANDARDS OPEN SOURCE
HARDWARE - FABRIC
(NEXUS
9000 SERIES)
ECOSYSTEM
(INDUSTRY LEADING, OPEN)

Cisco Confidential 75
Application
Network Profile
Systems
Management
Hypervisor
Management
OVM
Orchestration
Frameworks
Centralized Policy Management
Open APIs, Open Source,
Open StandardsAPIC
Fabric
Automation Enterprise
MonitoringACI
Ecosystem
Partners
End Points
Physical &
Virtual
Physical
Networking
Nexus 2K
Nexus 7K
Hypervisors and
Virtual Networking
Compute L4–L7
Services
Storage Multi DC
WAN and Cloud
Integrated
WAN Edge
APPLICATION CENTRIC INFRASTRUCTURE
MULTI-FUNCTIONAL, HYPERVISOR AGNOSTIC, VIRTUAL/PHY, OPEN ECO-SYSTEM

76Cisco Public
MULTI-FUNCTIONAL, HYPERVISOR AGNOSTIC, VIRTUAL/PHY
Physical
Networking
Multi DC
WAN and Cloud
L4–L7
Services Storage
Integrated
WAN Edge
Hypervisors
and Virtual
Networking
Nexus 2K
Nexus 7K
APICOpen
EcoSystem
Centralized
Management and
Automation
Compute (virtual/
physical)

Define Intent: How do apps talk to each other?
ACI: Automate the instrumentation of intent

Control & Audit Connectivity
(Security – Firewall, ACL, …)
IP Address, VLAN, VRF
Enable Connectivity
(The Network)
Application Requirements
IP Addressing
Application Requirements
•  Classical approach to connectivity requires mapping
the various connectivity service layers manually
Application Specific Connectivity
Dynamic provisioning of connectivity explicitly
defined for the application
Application RequirementsApplication Requirements
•  Defining the network for the application
•  ACI directly maps the application connectivity
requirements onto the fabric
•  Security is ‘always’ enabled
•  Fabric is aware how the applications connect
•  Services can be inserted dynamically
Redirect and Load Balance Connectivity
IP Address, VLAN, VRF
Modern Data Center Network Properties
Define the Network for the Application

APPLICATION LANGUAGE
?
NETWORK LANGUAGE
•  VLAN
•  IP Address
•  Subnets
•  Firewalls
•  Quality of Service
•  Load Balancer
•  Access Lists
•  Application Tier Policy and
Dependencies
•  Security Requirements
•  Service Level Agreement
•  Application Performance
•  Compliance
•  Geo Dependencies
•  Etc.
… the “loss in translation” between App and Network

SERVICE GRAPH FOR THE APPLICATION
Outside
Network
Web App DB

VM
VM
…
VM
VM
…
VM
VM
…
web app db
application
The
Outside
a collection of end-points
connecting to
the network… VMs, physical
compute, …
Component
Tier
End Point Group
Or VMware Port Group
a set of network requirements
specifying how application
components communicate with
each other
Policy (Contracts)
Access Control
QoS
Firewall
L4 – L7 Services
rules of how application
communicates to the
external private or public
networks

VM
VM
…
VM
VM
…
VM
VM
…
web app db
application
The
Outside
a collection of end-points
connecting to
the network… VMs, physical
compute, …
Component
Tier
End Point Group
Or VMware Port Group
a set of network requirements
specifying how application
components communicate with
each other
Policy (Contracts)
Access Control
QoS
Firewall
L4 – L7 Services
rules of how application
communicates to the
external private or public
networks
Application Profile
application-centric network policy
Application Level Metadata
Describes Application infrastructure dependencies

EPG
“Web”
Application Container “Web”
EPG
“Database”
Subnet Default Gateway
192.168.0.0/24 192.168.0.1
192.168.1.0/24 192.168.1.1
Application Container "Database”
Subnet Default Gateway
10.1.1.0/24 10.1.1.1
Policy Contract “Web → Database”
Service Actions
TCP/23 Deny
TCP/22 Allow
TCP/1400
Redirect to
“Web → Database”
Any Deny Service Chain
“Web → Database”

•  Elastic service insertion architecture for
physical and virtual services
•  Helps enable administrative separation
between application tier policy and service
definition
•  APIC as central point of network control
with policy coordination
•  Automation of service bring-up / tear-down
through programmable interface
•  Supports existing operational model when
integrated with existing services
•  Service enforcement guaranteed,
regardless of endpoint location
Web
Server
App Tier
A
Web
Server
Web
Server
App Tier
B
App
Server
Chain
“Security 5”
Policy Redirection
Application
Admin
Service
Admin
Service
Graph
begin endStage 1
…..
Stage N
Providers
……..
ServiceProfile
“Security 5” Chain Defined
ASA Netscaler VPX

ABSTRACTION FROM THE NETWORK + L4-L7 SERVICES
Outside
(Tenant VRF)
Web App DB
QoS Policy QoS Policy
FW Service
Policy
QoS Policy
Access PolicyLB Service
Policy

ABSTRACTION FROM THE NETWORK + L4-L7 SERVICES
Outside
(Tenant VRF)
Web App DB
QoS Policy QoS Policy
FW Service
Policy
QoS Policy
Access PolicyLB Service
Policy
APIC
Decouple Application
from Infrastructure
Decouple Application
from Infrastructure

DEVICE PACKAGE
•  Defines services appliances
•  Lists service functions offered by
the services appliance
•  Provides scripts for driving service
configuration
•  Plan is to open the API so that
anyone can create a device
package and have a community
similar to Puppet manifests or Chef
recipes
SERVICE AUTOMATION
ARCHITECTURE
Configuration Model
Device Interface: REST/CLI
APIC Script Interface
Device Specific Python Scripts
Script Engine
APIC – Policy Element
APIC Appliance

APIC
ANYAPPLICATION,ANYWHERE—PHYSICALANDVIRTUAL
COMMON APPLICATION NETWORK PROFILE
ADC
APP DBF/W
ADC
WEB
HYPERVISORHYPERVISOR HYPERVISOR
CONNECTIVITY
POLICY
SECURITY
POLICIES
QOS
STORAGE
AND
COMPUTE
APPLICATION
L4..7
SERVICES
SLA
QoS
Security
Load
Balancing
APP PROFILE

•  Integrated Overlay
•  Encapsulation Normalization
•  Scale
•  Host Based Forwarding
•  Distributed GW & Spine Proxy
•  ARP/GARP Forwarding
•  Efficiency
•  Flowlet Switching
•  Flowlet Prioritization
•  Dynamic Load Balancing
•  Telemetry
•  Atomic Counters
•  Latency Measurements
•  Distributed Systems Approach to
Infrastructure Management
SCALABLE FABRIC DESIGN
LEVERAGES STANDARD PROTOCOLS TO FABRIC
•  2-tier CLOS fabric design (beyond 2 in future), all 40Gb links
•  Standard ingress encapsulation: 802.1Q VLAN, VXLAN, NVGRE
•  Fabric uses IS-IS non-loops, VTEP advertisement
•  Removal of flooding requirements for IP control plane (ARP, GARP)
•  L2 and IP Host routing fabric, including Distributed L3 gateway
•  Highly resilient APIC Cluster configuration (not part of data plane)
APIC
Ethernet NVGRE VXLAN 802.1Q 802.1Q
Tertiary (3) Redundancy for
APIC cluster

FULL APPLICATION VISIBILITY
A SINGLE VIEW OF YOUR APPLICATION IN A DISTRIBUTED ENVIRONMENT
Cisco Confidential
HEALTH SCORE
LATENCY
DROP COUNT
VISIBILITY
VMs
Physical
Application Delivery Controller
Firewall
108
96%
Microsecond(s)
Packets Dropped
5
25
7
3

HEALTH SCORE - DASHBOARD

INNOVATIONS IN THE SDN SPACE TO
WATCH…

HTTPS://DEVELOPER.CISCO.COM

A.K.A SEGMENT ROUTING
Path expressed in the packet Data
Dynamic path
Explicit path
Paths options
Dynamic
(STP computation)
Explicit
(expressed in the packet)
Control Plane
Routing protocols with
extensions
(IS-IS,OSPF, BGP)
SDN controller
Data Plane
MPLS
(segment labels)
IPv6
(+SR header)

APPLICATION ENGINEERED ROUTING (A.K.A. SEGMENT
ROUTING)
•  Source Routing
the source chooses a path and encodes it in the packet header as an ordered list of segments
the rest of the network executes the encoded instructions without any further per-flow state
•  Segment: an identifier for any type of instruction
forwarding or service
•  Segment Routing Resources
draft-previdi-filsfils-isis-segment-routing-02
www.segment-routing.net

122Cisco Public
Innovations to Watch
•  Tail-f - Cisco Network Services Orchestration
•  Virtual Topology System (VTS)
Standards-based, open software-overlay management and provisioning system for DC
•  Software Defined WAN (SD-WAN)
Cisco IWAN targets this space
•  Virtual Branch Evolution
Router + x86/LXC/VM, Standalone x86/LXC/VM
•  Virtual Managed Services (vMS) – SP offered and consumption models
•  Distributed Analytics
Leveraging distributed compute, NFV, and applications for intelligent analytics behavior
•  Evolving NFV Use Cases – analytics, security, IoE/IoT

•  Open Innovation, Open Source, Open API’s to offer
programmability and granular control from from applications
beyond CLI
•  Centralized Programmability, Automation, and orchestration
of network-wide functions
Automate and orchestrate behavior to many devices… WAN BW,
NFV, service chains, and XaaS
•  Virtualization (NFV) capabilities of physical network elements
Leverage service-chaining of Phy/Virt – routers, FW, LB, all
elements
•  Ability to orchestrate, provision, insert L4-L7 in real-time
•  Leverage the abstraction of SDN to solve real problems, not
add more technology to the network
Key Target Areas and Components for a SDN
Mask Complexity, Virtualizing Network Functions, Central Orchestration, Open API’s

THANK YOU

Embracing SDN in the Next Gen Network

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (7)

Ähnlich wie Embracing SDN in the Next Gen Network

Ähnlich wie Embracing SDN in the Next Gen Network (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Embracing SDN in the Next Gen Network