9th SDN Expert Group Seminar - Session3

1. Conﬁden'al Netvisor - “The” Network Hypervisor Pluribus Networks NetvisorOS Open Fabrics, Analytics, and Virtualizations Robert Drost, Ph.D. Founder and COO

2. Pluribus Networks – What Do We Do? A Network (Hypervisor) OS: Netvisor ! Designed to build the easiest to use networks Leaf and Spine Switches Turn-‐key HW+SW ! SW on ODM switches!

3. Is The Life of Netops GeIng Any Easier? !  complex

5. manage…⋯too

6. many

7. protocols,

8. too

9. many

10. boxes

12. !  Complex

13. to

14. troubleshoot…⋯box-by- box

16. !  Expensive

17. to

18. monitor

19. and

20. secure…⋯ no

21. visibility

22. into

23. application

24. flows

25. and

26. behavior

27. of

28. end

29. points

31. Network Monitoring and Security Challenges

32. !  N-S

33. perimeter:

34. protected

35. by

36. security

37. tools

38. and

39. packet

40. brokers

41. !  E-W

42. fabric:

43. Expensive

44. infrastructure

45. to

46. tap

50. …⋯leads

51. to

52. E-W

53. fabric

54. blind

55. spots

56. !  E-W

57. fabric:

58. lack

59. of

60. global

61. visibility

62. of

63. end

64. points

65. connected

66. to

67. the

68. fabric

69. !  E-W:

70. lack

71. of

72. any

73. visibility

74. of

75. application

76. flows

77. Internet

78. router DDOS Firewall IPS WAF

79. (port

80. 80/443) Packet

81. brokers

82. Malware/Email/DNS…⋯

83. Open,

84. interoperable

85. networking

86. Agility

87. w/o

88. exploding

89. cost

91. for

92. physical

94. virtual

95. network

96. End-to-end

97. visibility

98. to

99. enhance

100. security,

101. application

102. performance,

103. troubleshooting..

105. The Promise Of Netvisor

106. Netvisor Architecture Layers At-‐a-‐Glance Integrated Analytics For Security and Monitoring PlugPlay Fabric Orchestration Network Virtualization Orchestration Netvisor® - L2/L3/MLAG/VXLAN Open Networking hardware CLI, Python Ansible Puppet/Chef OpenStack RESTful API Common orchestration, tools and automation C, Java Open,

107. interoperable

108. Networking

110. Simplify

111. automation

113. (physical

115. virtual)

116. Simplify

117. end-to-end

118. visibility

119. (ports,

120. VMs,

121. app

122. flows)

124. Netvisor

125. plugplay

127. Fabric

128. orchestration

130. Netvisor Control Plane Fabric Single

131. point

132. of

133. mgmt

134. Single

135. fabric

136. CLI/API

138. Open,

139. interoperable

141. Network

142. L2/L3

144. Controller

145. cluster

146. over

147. TCP/IP

148. Distributed

149. Controller

150. Integrated

151. In

152. the

153. Switch

155. Netvisor Server-‐Style Distributed Architecture “A computer cluster consists of a set of loosely or 'ghtly connected computers that work together so that, in many respects, they can be viewed as a single system” Servers

156. relied

157. on

158. scalable

159. and

160. highly

161. available

162. cluster

163. technologies…⋯

164. Single

165. point

166. of

167. mgmt

168. ! !!

174. …⋯then

175. someone

176. invented

177. centralized

178. controllers

183. Netvisor

184. leverages

185. scalable

186. and

187. highly

188. available

189. server

190. cluster

191. technologies

193. Netvisor Server-‐Style Control Plane Architecture vSwitch ovsdb openflow controller

194. Orchestration

196. …⋯then

197. the

198. “controller”

199. folks

201. Invented

202. new

203. southbound

204. i/f

205. Server

206. relied

207. on

208. PCIe

209. southbound

210. control

211. i/f…⋯

212. PCIe Secure

213. High-perf PCIe PCIe

214. is

215. in

216. every

217. switch!

218. Netvisor

219. just

220. uses

221. it

223. exactly

224. like

225. a

226. server

227. OS!

228. Secure

229. High-perf

230. One

231. CLI/API

232. to

233. orchestrate

235. the

236. fabric

237. from

238. any

239. switch…⋯

240. Scalable

241. (distributed)

242. Highly-available

243. (peer-to-peer)

244. Transaction

245. based

246. (easy

247. to

248. automate)

249. Secure

250. control

251. plane

252. (PCIe

253. like

254. a

255. server!)

258. One

259. CLI/GUI

260. to

261. orchestrate

263. the

264. fabric

265. from

266. any

267. switch…⋯

268. Netops

269. Fabric API For Netops and Devops Netvisor API …⋯or

270. from

271. any

273. Linux

274. server!!

275. devops

276. 1,000s

277. concurrent

278. API

279. calls

280. For

281. visibility

283. mgmt!

284. Restful,

285. C,

286. java,

288. cli,

289. python

290. CLI (network-‐admin@Leaf2) vrouter-‐routes-‐show network 101.101.19.0 vrouter-‐name network type interface next-‐hop distance metric -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐ leaf2 101.101.19.0/24 bgp eth0.21 99.99.3.1 200 1 leaf3 101.101.19.0/24 bgp eth0.19 99.99.5.1 200 1 leaf4 101.101.19.0/24 bgp eth0.17 99.99.7.1 200 1 leaf5 101.101.19.0/24 bgp eth0.15 99.99.15.1 200 1 leaf6 101.101.19.0/24 bgp eth0.5 99.99.16.1 200 1 leaf1 101.101.19.0/24 connected eth0.2220 CLI (network-‐admin@Leaf2) vrouter-‐routes-‐show network 108.108.108.108 vrouter-‐name network type interface next-‐hop distance metric -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐ leaf2 108.108.108.108/32 connected lo0 leaf1 108.108.108.108/32 bgp eth0.38 99.99.17.1 200 1 leaf3 108.108.108.108/32 bgp eth0.36 99.99.19.1 200 1 leaf4 108.108.108.108/32 bgp eth0.40 99.99.21.1 200 1 leaf5 108.108.108.108/32 bgp eth0.22 99.99.117.1 200 1 leaf6 108.108.108.108/32 bgp eth0.8 99.99.119.1 200 1 CLI (network-‐admin@BGP-‐Leaf2) ONE “FABRIC CLI” -‐ example troubleshoot

291. if

292. routes

293. are

294. learned

295. across

296. all

297. routers

298. in

299. the

300. fabric

301. ssh

302. into

303. one

304. switch!

306. ONE “FABRIC CLI” -‐ example admin@Leaf3:~# cli -‐-‐quiet vlan-‐show switch id scope name active stats ports untagged-‐ports active-‐edge-‐ports -‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐ -‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ Leaf3 1 local default-‐1 yes yes 1-‐6,9-‐104,254 1-‐6,9-‐104,254 29,101 Leaf3 4091 local vlan-‐4091 yes yes 8,89-‐104,254 8 8,101 Leaf3 4092 local vlan-‐4092 yes yes 7,89-‐104,254 7 7,101 admin@Leaf3:~# ./vlancreate.sh 500 510 Vlan 500 created Vlan 501 created Vlan 502 created Vlan 503 created Vlan 504 created Vlan 505 created Vlan 506 created Vlan 507 created Vlan 508 created Vlan 509 created Vlan 510 created switch id scope name active stats ports untagged-‐ports active-‐edge-‐ports -‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ Leaf3 1 local default-‐1 yes yes 1-‐6,9-‐104,254 1-‐6,9-‐104,254 29,101 Leaf3 500 fabric vlan-‐500 yes yes 89-‐104,254 none none Leaf3 501 fabric vlan-‐501 yes yes 89-‐104,254 none none Leaf3 502 fabric vlan-‐502 yes yes 89-‐104,254 none none Leaf3 503 fabric vlan-‐503 yes yes 89-‐104,254 none none Leaf3 504 fabric vlan-‐504 yes yes 89-‐104,254 none none Leaf3 505 fabric vlan-‐505 yes yes 89-‐104,254 none none Leaf3 506 fabric vlan-‐506 yes yes 89-‐104,254 none none Leaf3 507 fabric vlan-‐507 yes yes 89-‐104,254 none none Leaf3 508 fabric vlan-‐508 yes yes 89-‐104,254 none none Leaf3 509 fabric vlan-‐509 yes yes 89-‐104,254 none none Leaf3 510 fabric vlan-‐510 yes yes 89-‐104,254 none none Leaf3 4091 local vlan-‐4091 yes yes 8,89-‐104,254 8 8,101 Leaf3 4092 local vlan-‐4092 yes yes 7,89-‐104,254 7 7,101 admin@Leaf3:~# Create

307. vlans

308. in

309. seconds

310. across

311. the

312. fabric

313. ssh

314. into

315. one

316. switch!

317. Fabric

318. operations

319. are

320. atomic

321. transactions

323. ! ! Netvisor Fabric-Cluster For Simplified Mgmt! ! ! L2! L3! HA block! Distributed peer-to-peer HA cluster. No single point of failure. Node hot-plug.! Classic database ! 3-phase commit for config changes! One logical switch to manage! –! Every Node shares the same view of the Fabric: MAC, IP, connections and app flows! A distributed architecture based on a collection of compute clustering techniques to present ! an open, standard-based Ethernet fabric as ! one logical switch.! Fabric-wide ARP Suppression!

324. Customer Example: US Manufacturing Company Fabric VirtualizaWon For Private Cloud Pluribus Architectural Value: !  Leaf-‐Spine Fabric simpliﬁcaWon !  Virtual network with HW vRouters !  Analy'cs w/ forensic recording !  Enable inser'on of new services w/o HW sprawl (e.g. For'net FW) Requirements: !  Consolida'on of legacy mul'-‐layer design to leaf-‐spine !  Segmenta'on/mul'-‐tenancy w/o dedicated HW (routers, services) !  E-‐W ﬂow visibility, compliance, audi'ng

325. Netvisor

326. plugplay

328. Real-time

329. Analytics:

331. Inline

332. Forensic

333. (Time

334. Machine)

335. Packet

336. Broker

337. and

338. Packet

339. Capture

341. any

342. end-point,

343. any

344. port,

345. any

346. flow,

347. any

348. time

349. Netvisor Global Fabric Visibility from

350. any

351. switch!

353. The Technology Behind it: A Smarter TAP! PCIe

354. NO

355. BLIND

356. SPOTS:

358. every

359. connection,

360. every

361. VM,

362. every

363. port

366. NO

367. EXTERNAL

368. TAPS

369. Dynamic

370. threat

371. response

372. Time

373. machine

375. Netvisor

376. Flow

377. Visibility

378. At-a-Glance

380. admin@F64LSpine1:~# cli client-‐server-‐stats-‐show | egrep 'syn|HDFS|MR|Cassandra’ switch vlan vxlan client-‐ip server-‐ip server-‐port syn est fin obytes ibytes total-‐bytes avg-‐dur avg-‐lat last-‐seen-‐ago Leaf2 103 0 103.103.103.10 103.103.103.20 HDFS-‐Namenode-‐WebUI 0 0 198 442G 198 442G 10.01s 157us 1m39s Leaf2 103 0 103.103.103.20 103.103.103.10 HDFS-‐Namenode-‐WebUI 0 0 198 445G 198 445G 10.01s 354us 1m39s Leaf2 103 0 103.103.103.20 103.103.103.10 HDFS-‐DataNode-‐Metadata 0 0 198 465G 198 465G 10.01s 229us 28s Leaf2 103 0 103.103.103.20 103.103.103.10 HDFS-‐Metadata-‐operations-‐8020 0 0 198 469G 198 469G 10.01s 207us 1m8s Leaf2 103 0 103.103.103.20 103.103.103.10 Cassandra-‐Client-‐Thrift 0 0 197 473G 197 473G 10.01s 277us 10m38s Leaf2 103 0 103.103.103.20 103.103.103.10 MR-‐History-‐WebUI 0 0 197 474G 197 474G 10.01s 199us 14m39s Leaf2 103 0 103.103.103.20 103.103.103.10 Cassandra-‐JMX-‐Monitoring 0 0 197 475G 197 475G 10.01s 253us 10m58s Leaf2 103 0 103.103.103.20 103.103.103.10 Cassandra-‐OpsCenter-‐Agent 0 0 197 476G 197 476G 10.01s 256us 10m18s Leaf2 103 0 103.103.103.20 103.103.103.10 MR-‐JobTracker 0 1 197 477G 197 477G 10.01s 258us 8s Leaf2 103 0 103.103.103.10 103.103.103.20 Cassandra-‐OpsCenter-‐Agent 0 0 197 477G 197 477G 10.01s 892us 10m18s Leaf2 103 0 103.103.103.20 103.103.103.10 MR-‐Tasktracket-‐WebUI 0 0 197 478G 197 478G 10.01s 222us 14m49s Leaf2 103 0 103.103.103.10 103.103.103.20 HDFS-‐Secondary-‐NameNode 0 0 198 480G 198 480G 10.01s 898us 19s Leaf2 103 0 103.103.103.20 103.103.103.10 Cassandra-‐InterNode-‐Cluster 0 0 197 482G 197 482G 10.01s 195us 11m18s Applica'on Names Total Bytes in 198 Flows On Avg how long the TCP Connec'ons lasted Avg-‐Latency For 198 flows When the flow was ac've Last Seen TCP Packet(FLAG) Indicates for 1 TCP flow TCP Syn SYN/ACK complete and session ongoing ApplicaWon Flow AnalyWcs

381. CLI (network-‐admin@ursa-‐perf) client-‐server-‐stats-‐show start-‐time 2015-‐06-‐01T16:29:00 end-‐time 2015-‐06-‐01T17:59:00 switch time vlan vxlan client-‐ip server-‐ip server-‐port syn est fin obytes ibytes total-‐bytes avg-‐dur avg-‐lat last-‐seen-‐ago -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐ -‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐ -‐-‐-‐ -‐-‐-‐ -‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ ursa-‐perf 06-‐01,16:29:54 1 0 1.1.4.1 1.1.4.2 http 0 0 1 2.96G 1 2.96G 10.01s 81.3us 18h40m33s ursa-‐perf 06-‐01,16:30:54 1 0 1.1.4.1 1.1.4.2 50010 0 0 1 2.96G 1 2.96G 10.00s 80.8us 18h39m18s ursa-‐perf 06-‐01,16:32:54 1 0 1.1.4.1 1.1.4.2 50010 0 0 10 11.0G 10 11.0G 10.02s 77.3us 18h37m27s ursa-‐perf 06-‐01,16:34:54 1 0 1.1.4.1 1.1.4.2 50010 0 0 10 11.0G 10 11.0G 10.02s 61.6us 18h35m3s ursa-‐perf 06-‐01,16:35:54 1 0 1.1.4.1 1.1.4.2 ssh 0 0 10 11.0G 10 11.0G 10.02s 63.3us 18h34m35s ursa-‐perf 06-‐01,16:36:54 1 0 1.1.4.1 1.1.4.2 50010 0 10 0 18h33m46s ursa-‐perf 06-‐01,16:38:54 1 0 1.1.4.1 1.1.4.2 50010 0 0 20 32.7G 20 32.7G 1.10m 50.8us 18h31m22s ursa-‐perf 06-‐01,16:40:54 1 0 1.1.4.1 1.1.4.2 50010 0 90 10 23.5G 10 23.5G 2.00m 6.64us 18h29m7s ursa-‐perf 06-‐01,16:42:54 1 0 1.1.4.1 1.1.4.2 nfs 0 0 100 131G 100 131G 2.00m 45.2us 18h27m7s ursa-‐perf 06-‐01,16:45:54 1 0 1.1.4.1 1.1.4.2 50010 0 1 0 18h24m20s ursa-‐perf 06-‐01,16:47:54 1 0 1.1.4.1 1.1.4.2 50010 0 0 1 3.99G 1 3.99G 2.00m 77.0us 18h22m20s ursa-‐perf 06-‐01,16:48:54 1 0 1.1.4.10 1.1.4.2 5001 1 0 0 18h21m33s ursa-‐perf 06-‐01,16:48:54 1 0 1.1.4.10 1.1.4.2 50010 0 1 0 18h21m10s ursa-‐perf 06-‐01,16:49:54 1 0 1.1.4.1 1.1.4.2 50010 0 1 0 18h21m ursa-‐perf 06-‐01,16:49:54 1 0 1.1.4.10 1.1.4.2 50010 0 4 1 2.96G 1 2.96G 10.00s 15.0us 18h20m18s ursa-‐perf 06-‐01,16:50:54 1 0 1.1.4.10 1.1.4.2 50010 0 0 5 10.8G 5 10.8G 30.01s 138us 18h19m27s ursa-‐perf 06-‐01,16:51:54 1 0 1.1.4.1 1.1.4.2 50010 0 0 1 1.64G 1 1.64G 2.00m 38.4us 18h19m ursa-‐perf 06-‐01,16:51:54 1 0 1.1.4.10 1.1.4.2 50010 0 0 5 13.7G 5 13.7G 30.01s 59.4us 18h18m57s Applica'on Port Total Output Bytes per ﬂow How long the TCP Connec'on lasted Avg-‐Latency When the ﬂow was ac've Last Seen TCP Packet(FLAG) Client-‐Server AnalyWcs w/ Time Machine

382. admin@F64LSpine1:~# cli client-‐server-‐stats-‐show | egrep 'syn|HDFS|MR|Cassandra|Nutanix’ switch vlan vxlan client-‐ip server-‐ip server-‐port syn est fin obytes ibytes total-‐bytes avg-‐dur avg-‐lat last-‐seen-‐ago Leaf2 103 0 103.103.103.10 103.103.103.20 HDFS-‐Namenode-‐WebUI 0 0 197 441G 197 441G 10.01s 158us 1m58s Leaf2 103 0 103.103.103.20 103.103.103.10 HDFS-‐Namenode-‐WebUI 0 0 197 444G 197 444G 10.01s 351us 1m58s Leaf2 103 0 103.103.103.20 103.103.103.10 Nutanix-‐Stats Aggregator-‐Monitor 0 0 196 463G 196 463G 10.01s 258us 8m56s Leaf2 103 0 103.103.103.20 103.103.103.10 HDFS-‐DataNode-‐Metadata 0 0 197 464G 197 464G 10.01s 230us 48s Leaf2 103 0 103.103.103.20 103.103.103.10 Nutanix-‐Transfer-‐Manager 0 0 196 465G 196 465G 10.01s 240us 9m37s Leaf2 103 0 103.103.103.20 103.103.103.10 Nutanix-‐Chronos-‐Node 0 0 196 466G 196 466G 10.01s 248us 9m47s snip…. Leaf2 103 0 103.103.103.20 103.103.103.10 HDFS-‐Secondary-‐NameNode 0 0 197 487G 197 487G 10.01s 247us 38s Leaf2 103 0 103.103.103.20 103.103.103.10 HDFS-‐DataNode-‐WebUI 0 0 197 487G 197 487G 10.01s 255us 1m18s 0 200 400 600 800 1000 avg-‐latency avg-‐lat cli client-‐server-‐stats-‐show no-‐show-‐headers parsable-‐delim , | egrep 'syn|HDFS|MR|Cassandra|Nutanix' bigdata1.csv Excel ReporWng using CSV format export

383. Tracing CongesWon Along The Path Of A Flow ./ﬂowtrace_new.py -‐n aquila02 -‐c 10.9.18.249 -‐s 10.9.9.73 ==================================vport info=============================== The packet enters fabric through pn-‐dev01 port 15 The packet leaves pn-‐dev01 through port 63 and enters aquila02 through port 10 The packet leaves aquila02 through port 129(36,40) and enters spine02 through ports 4,5 The packet leaves fabric through spine02 port 17 pn-‐dev01 aquila02 spine02 15 63 Visibility into conges'on sta's'cs on each port along the path of the applica'on ﬂows 36,40 4,5 17 10

384. Top Talkers App Client Server Loca'on Latency Top Talkers Server Dura'on Device Manufacturer

385. Built-‐in PCAP Capture Of Any Flow In The Fabric admin@S68-‐Leaf1:~# snoop -‐v -‐d igb0 Using device igb0 (promiscuous mode) ETHER: -‐-‐-‐-‐-‐ Ether Header -‐-‐-‐-‐-‐ ETHER: ETHER: Packet 1 arrived at 18:25:15.03827 ETHER: Packet size = 66 bytes ETHER: Destination = 64:e:94:30:2:4b, ETHER: Source = 78:da:6e:65:1d:58, ETHER: Ethertype = 0800 (IP) ETHER: IP: -‐-‐-‐-‐-‐ IP Header -‐-‐-‐-‐-‐ IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) snip IP: Header checksum = 2ba6 IP: Source address = 50.203.11.18, 50-‐203-‐11-‐18-‐ static.hfc.comcastbusiness.net IP: Destination address = 192.168.1.53, EBC-‐Leaf-‐1 IP: No options IP: TCP: -‐-‐-‐-‐-‐ TCP Header -‐-‐-‐-‐-‐ TCP: TCP: Source port = 63469 TCP: Destination port = 22 TCP: Sequence number = 3984394763 TCP: Acknowledgement number = 3169545619 TCP: Data offset = 32 bytes TCP: Flags = 0x10 TCP: 0... .... = No ECN congestion window reduced TCP: .0.. .... = No ECN echo TCP: ..0. .... = No urgent pointer TCP: ...1 .... = Acknowledgement TCP: .... 0... = No push Snip

386. !  Multi-gig

387. flow

388. capture

389. with

390. vflow

391. !  Integrated

392. wireshark

393. decoding

395. Customer Example: US Insurance Company Large Scale BGP Fabric For Big Data ApplicaWon Pluribus Architectural Value: !  Fabric management simpliﬁcaWon !  Monitoring and visibility of Hadoop cluster performance Requirements: !  BGP fabric with 144 racks !  Economics !  Interop w/ third party modular spine switch with rapid failover

396. Integrated AnalyWcs Use Cases: Financial Company Fabric AnalyWcs For AudiWng, Compliance Pluribus Architectural Value: !  Fabric management simplificaWon !  E-‐W flow analy'cs w/ forensic recording and inline PCAP capture !  Granular flow control (vflow) Requirements: !  Three Data Centers Chicago-‐New York-‐London !  Leaf-‐Spine architecture !  Audi'ng, compliance, forensic flow visibility

397. Netvisor

398. plugplay

400. Network

401. Virtualization

403. VNET

404. Microsegmentation

405. And

406. multi-user

407. control

409. VxLan

410. orchestration

411. in

412. the

413. network

415. (no

416. tunnel

417. tax)

419. ONUG (Open Networking User Group) Overlay Working Group VxLan Lab Test Setup and Results May 13-14, 2015

420. Test Conﬁgura'on VXLAN Tunnel L3 CORE Automatic tunnel provisioning (Zero Conﬁg)! On-demand, dynamic VXLAN Encap/Decap! VLAN 100 VLAN 100 VLAN 300 VLAN 300 100K VMs •  95% line rate@10Gbps •  0% packet drop •  Convergence: •  Cold: 25.54sec •  Warm: 7.35sec F64 (Intel FM6000) E28 (Broadcom Trident 2) VLAN 400 VLAN 500 VLAN 500 VLAN 400 VLAN 500 VLAN 500

421. Unified Overlay and Underlay w/ Switch VTEP Off-‐load VXLAN over BGP fabric or VXLAN for L2 POD extension !  Netvisor SDN Fabric to orchestrate and automate VXLAN tunnel offload on Leaf switches !  Keep server networking simple and eliminate VXLAN encap/decap performance tax !  ONE fabric with seamless overlay-‐ underlay (VXLAN) visibility ! VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM L3# L2#$#VLAG# L2#$#VLAG# L2#$#VLAG# L2#$#VLAG# IP/ECMP'Fabric' ! VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM L3# L2#$#VLAG# L2#$#VLAG# L2#$#VLAG# L2#$#VLAG# IP/ECMP'Fabric' VXLAN Tunnel POD #1 POD #2 L3 CORE ! VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM L3# L2#$#VLAG# L2#$#VLAG# L2#$#VLAG# L2#$#VLAG# IP/ECMP'Fabric' VXLAN Tunnel 100K VMs •  95% line rate@10Gbps •  0% packet drop •  Convergence: •  Cold: 25.54s •  Warm: 7.35s

422. L3 CORE route route route route route route route route route route route route route route route POD VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM POD POD POD TradiWonal Server Overlays Centralized Controller VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM L3 CORE

423. POD POD POD Netvisor Dynamic Switch Overlays VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM ①  Dynamic switch-‐based VXLAN encap/decap ②  Reduce # of tunnels (e.g. ~3K+!12) and remove servers encap/decap Distributed Cluster w/ Overlay OrchestraOon L3 CORE POD

424. Netvisor OFV Architecture Unify Overlay Underlay ! ! ! L3! VXLAN ! Tunnel endpoint! VXLAN! Eliminate host perf. penalty! (as high as 65% drop) by off-loading tunneling to switch ASIC @ line rate! 0! 1! 2! 3! 4! 5! 6! 7! 8! 9! 10! 64Bytes! 512Bytes! 1450Bytes! Gbps! OVS to OVS performance! Baseline! Switch Overlays! Server Overlays! Fabric-based Overlay tunnel orchestration and segmentation one fabric for physical and virtual! Uncompromised physical/virtual visibility!

425. Netvisor Fabric MulW-‐tenancy And SegmentaWon !  Rapid provisioning of secure virtual networks (aka VNETs) with management, control and data plane isola'on !  Provision in minutes per tenant virtual routers with management, control, data plane isola'on !  Per tenant virtual services: vSLB, vFW, vCLI, DNS, DHCP, Pixie, NTP… !  Per tenant visibility of ﬂows, services, VMs… VLAN%10(12% VLAN%20(22% VLAN%30(32%

426. App 1 App 100 Customer Example: US Financial Company Fabric VirtualizaWon For Cloud App. Delivery PN Arch. Value: !  Consolidate 100 vRouters under netops control on 2 devices !  VNET for app developers control !  Analy'cs to monitor applicaWon performance Requirements: !  Per tenant/app virtual routers for BGP peering with AWS vRouters !  Visibility and ease of troubleshoo'ng cloud connec'on !  Allow each tenant to manage and monitor its own router/virtual network App 2

427. Netvisor

428. has

430. Mature

431. Enterprise

432. HA

434. Adds

435. value

436. to

437. rest

438. of

440. your

441. IaaS

442. and

443. PaaS

445. High-‐Availability !  Peer-‐to-‐peer highly available cluster technology for the fabric !  Distributed, no central controller, single point of failure !  Most fabric opera'ons as atomic transac'ons, either they succeed or fail across the en're fabric cluster !  Networking: !  Mul'-‐chassis LAG with sub 200 ms failover !  Ac've-‐Ac've VRRP with sub 200 ms failover (no VRRP 'mer dependency) !  BFD for BGP for sub-‐second failover !  ISSU across the en're fabric of switches (rolling upgrade)

446. !  Netvisor drivers support ML2 based neutron plugin qualified for Juno/Icehouse. The plugin repo is publicly available at hkps://github.com/PluribusNetworks/pluribus_neutron/tree/master/neutron-‐plugin-‐pluribus !  The ML2 plugin supports: !  Na've neutron APIs for logical networks/subnets/port management !  L3 agent APIs for logical router management !  NAT capability on the switches !  Loadbalancer API support !  In addi'on the ML2 plugin supports Netvisor specific advanced extensions: !  HW based rouWng !  High availability (VRRP) for logical routers !  NFS backed store for glance to deliver sta'c image content !  Host analyWcs /visibility into tenant traffic !  Flow programming (vflow) across the fabric (vflow) !  Full PCAP vflow packet capture !  Per-‐tenant QOS/SLA !  Tracking VM lifecycle using virtual ports concept on Netvisor Netvisor OpenStack Highlights

447. Summary – Pluribus Netvisor Differentiation Fabric-wide ! Multi-box! management! Simple to Manage! Simple to Monitor! Fabric-wide! Application and VM Visibility/Analytics! w/ Time Machine! Fabric-wide! Programmability,! NFV, Flow ! Programmability! Simple to Program! And Secure! Simple to Virtualize! Fabric-wide! Uniﬁed Overlay/ Underlay +! Penalty-free VXLAN Tunnel Orchestration!! Netvisor Server-Style Distributed Cluster ! ONE “Touch Point” For The Entire Fabric!

448. Thank

449. you

450. www.pluribusnetworks.com

9th SDN Expert Group Seminar - Session3

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (7)

Ähnlich wie 9th SDN Expert Group Seminar - Session3

Ähnlich wie 9th SDN Expert Group Seminar - Session3 (20)

Mehr von NAIM Networks, Inc.

Mehr von NAIM Networks, Inc. (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

9th SDN Expert Group Seminar - Session3