Scott Sneddon of Vyatta - Cloud Expo 2012 Presentation. The SDN (R)evolution and How it Enables a DevOps for NetOps Movement

1. EMPOWERING SDN
SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA
Cloud Expo Santa Clara - 2012
Scott Sneddon
Chief Solutions Architect
@ssneddon

2. Who is Vyatta?
Leader in software-based networking
Founded in 2006 on the belief that the
future of networking will be in software

3. Vyatta is…
Router Firewall VPN
OSPF, BGP Stateful, NAT IPSec, SSL

4. Vyatta is…
Software-based Networking
CLI, API, GUI

5. Vyatta is…
Software-based Networking
CLI, API, GUI
Remote Access API
• Programmable
• RESTful
• Full Control

6. Flexible Deployment
CLI, API, GUI
CLI, API, GUI
OR
Hypervisor
x86
Server

7. Many Uses
Data Center Cloud Remote Office
Security
Multi-tenancy Consolidation
Remote access
Traffic Optimization Cost Reduction
Multi-tenancy

8. Let’s talk about SDN

9. What is SDN?
“…programmable networks (or more precisely,
network elements that can be configured through
a reasonable and documented API)…”
– Ivan Pepelnjak, ipSpace.net
“Software Defined Networking (SDN) is an
emerging network architecture where network
control is decoupled from forwarding and is
directly programmable…”
– Open Networking Foundation

10. What SDN isn’t…
We
s0ll
need
smart
network
design.
Maybe
smarter
then
we
did
before.
There’s
more
to
it
then
just
OpenFlow.

11. So, SDN is all about…
• Network Programmability
– API interaction with network elements
• Separation of Control Plane and Forwarding Plane
– Infrastructure Agnostic
– Forwarding Plane can be Software or Hardware
• Integration with higher-order Orchestration platforms
– OpenStack, CloudStack, vCloud Director

12. Traditional Network
Control
Control
Forwarding
Forwarding
Control
Control
Forwarding
Forwarding
Control
Control
Forwarding
Forwarding

13. Basic SDN
Control
Forwarding
Forwarding
Forwarding
Forwarding
Forwarding
Forwarding

14. Ecosystem is complex and still emerging
vCenter
Systems
view
“NORTHBOUND
API”
Router
Control
Security
Control
Network
control
VXLAN
NVGRE
OpenFlow
SNMP
Switching
Compute
VM
VM
VM
VM
Servers
and
storage
VM
VM
VM
VM
VM
VM

15. How is SDN used today?
• Carrier-grade OpenFlow
– WAN Programmability/OpenFlow “paths”
• Datacenter Network Virtualization
– Overlay networks
• Tunnels – VXLAN, STT, GRE
• Solves VLAN exhaustion & L2 extensibility
– Programmability of L2 segments – OpenFlow
– Cloud infrastructure
• Per-tenant network segments & security

16. SDN Target Use Cases For Brocade
DC
Network
Virtualiza0on
WAN
Network
Virtualiza0on
Applica0on
Delivery
SDN
Cloud
Gateway
DC
Virtualiza0on
WAN
Virtualiza0on
SDN
Orchestra0on
&
ADP
APP
&
SDN
Controller
App
&
SDN
Controller
App
&
SDN
Controller
SDN
Controller
WAN
VM
VM
VM
VM
VM
VM
VM VM VM
PHY PHY
Customer 1 PHY
PHY
PHY
PHY
VM VM VM
ADC
VM VM VM
Customer 2
PHY PHY
PHY PHY L2/L3VPN WAN
DC 1 10/100G WAN DC 2 Customer 3
Customer 2
DC Network Fabric Customer 1
Data Center Data Center
Network
Analy0cs
Services
Crea0on
&
Inser0on
Packet-­‐Op0cal
Integra0on
Services
Inser0on
Packet-­‐Op0cal
Integra0on
Network
Analy0cs
?
App
&
SDN
Controller
APP
&
SDN
Controller
App
&
SDN
Controller
Cloud
Orchestra0on
Production DC1
SDN
OTN
DC2
SDN
10/100G WAN ADC
FW
Cache
DC 1 Optical DC 2
Analytics
Tool
1
Network
AAA
MPLS/IP
Tool
2
Tool
3
©
2012
Brocade
Communica0ons
Systems,
Inc.
Proprietary
Informa0on

17. Why are SDNs important?
• Datacenter network topologies are changing (or they need to
change)
– Server Density
– Changes in traffic flows
– Capital cost of infrastructure needs to decrease
– NetOps needs to keep pace with DevOps
• It’s about the apps…
– DevOps movement and application development velocity
We haven’t removed the need for segmentation and security
We haven’t removed the need for network engineering

18. DevOps?
• “Devops
is
a
sobware
development
method
that
stresses
communica0on,
collabora0on
and
integra0on
between
sobware
developers
and
informa0on
technology
(IT)
professionals”
-­‐
hep://en.wikipedia.org/wiki/DevOps
• “…these
opera5onally
aware
engineering
teams
and
engineering-­‐aware
opera5onal
teams
must
have
buy
in
at
the
top
because
people
who
code
generally
cost
more,
so
hiring
opera0onal
team
members
who
code
require
a
bigger
budget.”
–
Pedro
Canahua0,
Facebook
(hep://gigaom.com/cloud/how-­‐facebook-­‐
solves-­‐the-­‐it-­‐culture-­‐wars-­‐and-­‐scales-­‐its-­‐site/)

19. “Data center networks are in my way”
- 2009, James Hamilton, VP/DE Amazon Web Services

20. DevOps for NetOps
Build
a
VLAN
and
subnet
on
a
Juniper…
Build
a
VLAN
and
subnet
on
a
Brocade…
interfaces
{
vlan
4
name
customer_a
ge-­‐0/0/9
{
untagged
ethe
1/4
descrip0on
”customer
a";
router-­‐interface
ve
4
unit
0
{
interface
ve
4
family
ethernet-­‐switching
{
ip
address
10.160.0.10/16
port-­‐mode
access;
vlan
{
members
vlan4;
}
}
}
}
vlan
{
unit
4
{
family
inet
{
address
10.160.0.9/16;
Not
bad,
but
it
could
be
beeer
}
}
}
vlans
{
vlan4
{
l3-­‐interface
vlan.4;
}
}

21. DevOps for NetOps
Build
a
network
(VLAN
and
subnet)
in
OpenStack
Quantum
quantum
net-­‐create
net1
quantum
subnet-­‐create
net1
10.0.0.0/24

22. How does NetOps get there?
• Knock down organizational boundaries
• Expand our knowledge base as network engineers
– Augment that CCIE with a little Python
• Look beyond plumbing
– Think “Network as a Service”
• Better operational models for repetitive tasks
– API’s to present auto-provisioned services
(with constraints) to your customers

23. The SDN (R)evolution

24. “It’s hard to make predictions, especially about the future.”
- Yogi Berra

25. Price of Overcommitting
Cost / Time To Recover
Early
Overcommit
1,000
100
10
1
10
100
1,000
Degree of Network Virtualization
(Order of Magnitude)

26. Long View, Shorter Steps
1,000
100
10
1
10
100
1,000
Degree of Network Virtualization
(Order of Magnitude)

27. Early SDN Deployment
Network
1
Network
2
Network
3
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
VM
VM
VM
VM
VM
VM
VM
VM
VM

28. Empowering SDN - Services
Enterprise
Internet
Network
Network
1
Network
2
Network
3
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
VM
VM
VM
VM
VM
VM
VM
VM
VM

29. Testing Dates: October 10th – 30th 2012
Report Generated: November 1st 2012
Report Author: Steven Noble
Vyatta Subscription Edition 6.5 R1
TEST SYSTEM CONFIGURATION:
Key Points
Deployment
Scenarios
Vyatta is able to forward 100%
HARDWARE:
line-rate IMIX traffic across all
SUPERMICRO X9SAE-V
VM
2vCPU
VM
4vCPU
Bare
Metal
Interfaces in our test system
INTEL I7-3770 / 32G ECC RAM
7552
FOUR INTEL I340-T2 NICS
Performance degrades gracefully
INTEL 520 SERIES 240GB SSD
as features are added.
COST: ~$1600 US
Vyatta handles QoS with no
issues, protecting traffic even 3620
VM CONFIGURATION:
when the destination interface is
VMWARE 5.1.0 HYPERVISOR
more than 200% oversubscribed.
1900
2 OR 4VCPUS, 4GB OF RAM
DIRECT ACCESS TO UPLINK PORTS VIA Vyatta can be run directly on
VMDIRECTPATH
commodity hardware or in a virtual
machine
Throughput
(Mbps)

30. Vyatta in Amazon Web Services
• Scalable VPN services
– Office to AWS VPC
– User to AWS VPC Amazon Virtual
Private Cloud (VPC)
– AWS VPC to VPC connectivity
• Advanced routing
– Full mesh topologies
– High availability architectures Amazon Virtual
Private Cloud (VPC)
Amazon Virtual
Private Cloud (VPC)
– Traffic management
• IPSEC and SSL
VM
VM
Available in Amazon Marketplace
Customer Data Center

31. Why Vyatta?
• Routing & security to connect Layer 2
islands
– Software for flexibility
– REST API for programmability
– Much more to come…

32. Remember When You Used
to Get Excited about Networking?
It’s that time again