© 2012 Cisco and/or its affiliates. All rights reserved. 1

Cisco Open Network Environment Software Defined Networking and beyond Cisco Open Network Environment SDN Concepts and onePK Network Operating Systems Group, Cisco Systems Inc.

© 2012 Cisco and/or its affiliates. All rights reserved. 2

SDN, OpenFlow, Openstack and Overlays – Important to Align on Semantics

What Is Software Defined Network (SDN)?

“…In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications…”

Source: www.opennetworking.org

What is OpenStack?

Opensource software for building public and private Clouds; includes Compute (Nova), Networking (Quantum) and Storage (Swift) services.

Source: www.openstack.org

What is an Overlay Network?

Overlay network is created on existing network infrastructure (physical and/or virtual) using a network protocol. Examples of overlay network protocol are: GRE, VPLS, OTV, LISP and VXLAN

What Is OpenFlow?

“…open standard that enables researchers to run experimental protocols in campus networks. Provides standard hook for researchers to run experiments, without exposing internal working of vendor devices…”

Source: www.opennetworking.org

Note: OF is not mandatory for SDN

Note: Applicable to SDN and non-SDN networks Note: Applicable to SDN and non-SDN networks

Note: SDN is not mandatory for network programmability nor automation

© 2012 Cisco and/or its affiliates. All rights reserved. 3

Private Cloud Automation

Research/ Academia

 Experimental OpenFlow/SDN components for production networks

Massively Scalable Data Center

 Customize with Programmatic APIs to provide deep insight into network traffic

Service Providers

  Policy-based control and analytics to optimize and monetize service delivery

Enterprise

  Virtual workloads, VDI, Orchestration of security profiles

Customers Want to Solve for Different Pain-Points via SDN…Common Theme Programmability/Automation

Cloud

  Automated provisioning and programmable overlay, OpenStack

Diverse Programmability Requirements Across Segments Most Requirements are for Automation & Programmability

Scalable Multi-Tenancy

Network Flow Management

Network “Slicing”

Agile Service Delivery

© 2012 Cisco and/or its affiliates. All rights reserved. 4

Networking Standards are Critical

Technical Advisory Group Chair,

Working Groups: Config, Hybrid,

Extensibility, Futures/FPMOD/OF2.0

802.1 Overlay Networking Projects, Cisco Innovations:

FEX Architecture

Overlay Working Groups: NVO3, L2VPN, TRILL, L3VPN, LISP, PWE3 API Working Groups: NETCONF, ALTO, CDNI, XMPP, SDNP, I2AEX Controller Working Groups: PCE, FORCES

Open Source Cloud Computing project

Open Network Research Center at Stanford University

Working Groups: Quantum API Donabe Cisco Innovations: OpenStack API for Nexus OpenStack Extensions

Note: Very little standardization in hypervisor technologies (e.g. live migration, config, APIs)

© 2012 Cisco and/or its affiliates. All rights reserved. 5

Industry Standards

Technical Advisory Group Chair,

Working Groups: Config, Hybrid,

Extensibility, Futures/FPMOD/OF2.0

802.1 Overlay Networking Projects, Cisco Innovations:

FEX Architecture

Overlay Working Groups: NVO3, L2VPN, TRILL, L3VPN, LISP, PWE3 API Working Groups: NETCONF, ALTO, CDNI, XMPP, SDNP, I2AEX Controller Working Groups: PCE, FORCES

Open Source Cloud Computing project

Open Network Research Center at Stanford University

Working Groups: Quantum API Donabe Cisco Innovations: OpenStack API for Nexus OpenStack Extensions

Org Cisco Leadership/Contributions for Open & Programmable Networking

ONF •  Harden OpenFlow spec •  Technical Advisory Group Chair •  Hybrid Group Chair

Openstack Major contributions to Quantum networking APIs

IETF Overlay protocols •  LISP, OTV, VXLAN, …

© 2012 Cisco and/or its affiliates. All rights reserved. 6

a

Cisco Open Network Environment – Integrate and Complement

Industry’s Most Comprehensive Networking Portfolio Hardware + Software Physical + Virtual Network + Compute

Network

Platform APIs

Controllers and Agents

Virtual Overlays

Applications

www.cisco.com/go/one

onePK SDN: Controller SW OpenFlow Agents

N1KV Enhancements for Open Clouds

© 2012 Cisco and/or its affiliates. All rights reserved. 7

onePK

© 2012 Cisco and/or its affiliates. All rights reserved. 8

Evolution Traditional Approach

Evolving How We Interact With The Network Operating System

App C

Java …

IOS

Events

App EEM (TCL) Actions

Routing

Data Plane

Policy

Interface

Monitoring

Discovery

CLI

AAA

SNMP

HTML

XML

Syslog

Span

Netflow

CDP

Routing Protocols Any

thin

g yo

u ca

n th

ink

of

© 2012 Cisco and/or its affiliates. All rights reserved. 9

onePK Architecture

C, JAVA Program

onePK API Presentation

onePK API Infrastructure

IOS / XE (Catalyst, ISR, ASR1K)

NXOS (Nexus Platforms)

IOS XR (ASR 9K, CRS)

© 2012 Cisco and/or its affiliates. All rights reserved. 10

Container

Network OS

onePK Apps

Process Hosting

Container

onePK Apps

Network OS

Bla

de

Blade Hosting

onePK Apps E

xter

nal

Ser

ver

Network OS

End-Point Hosting

Write Once, Run Anywhere

onePK Application Hosting Options

© 2012 Cisco and/or its affiliates. All rights reserved. 11

Yes, it is secure Security Five Ways

App Security

Admin Security

Container Security

Runtime Security

Code Security

Digital Signing Certification Process

CLI Control Resource Allocation

Isolation Resource Consumption

Code Isolation Strong Typing

AAA (PKI) Encryption (TLS)

© 2012 Cisco and/or its affiliates. All rights reserved. 12

Languages and Service Sets

Network Element

Network Element

Network Element

Network Element

Network Element

Network Element

Network Element

Network Element

Network Element

Element • Element Capabilities • Configuration Management •  Interface/Ports Events • Location Information

Utilities • Syslog Events and Queries • AAA Interface • Path Trace

Discovery • Network Element Discovery • Service Discovery • Topology Discovery

Developer • Debug Capabilities • Tracing Interfaces • Management Extensions

Data Path • Packet/Flow Classifiers • Copy/Punt/Inject • Statistics

Policy •  Interface Policy •  Interface Feature Policy • Forwarding Policy • Flow Action Policy

Routing •  Read RIB Routes •  Add/Delete Application Routes •  RIB Events (Route up/down)

Cloud Connectors •  Identity •  QoS • Provisioning

© 2012 Cisco and/or its affiliates. All rights reserved. 13

Example onePK Applications

© 2012 Cisco and/or its affiliates. All rights reserved. 14

Example: Simplified Management

NX3K

CRS

9K

1K

ISR

1.  Network begins with mismatched parameters on either side of link (e.g. MTU)

2.  Application checks parameters on either side and identifies mismatches (red lines)

3.  Application sets parameters to match (lines turn green)

4.  Application registers for events related to parameters change.

5.  Users logs into console and manually changes parameter. Topology indicates change.

1 2 MTU 1500

MTU 1518

MTU 1518

MTU 1600

MTU 1600

MTU 1500

MTU 1500

MTU 1000

4

5

3

Problem: Misconfigurations cause network outages, degrade performance, impact SLAs. Value proposition: Get, set, and detect configuration changes via cross-platform API

© 2012 Cisco and/or its affiliates. All rights reserved. 15

Example: Custom Encryption Problem: Customers want custom encryption on specific traffic types Value proposition: Punt traffic of interest, encrypt, and re-inject.

onePK application

onePK application

telnet

encrypt

encrypt

decrypt

telnet telnet

1 1.  Policy APIs on ingress router are set to punt telnet and syslog to app

2.  App encrypts punted traffic and re-injects into data path.

3.  Policy APIs on egress router punt telnet and syslog to app

4.  App decrypts punted traffic and re-injects into data path.

5.  Traffic that does not match policy passes through unencrypted.

2

3

4

http

http

Unsecure Network 5

© 2012 Cisco and/or its affiliates. All rights reserved. 16

Example: Custom Routing Data Center Traffic Forwarding Based on a Custom Algorithm

onePK Custom Routing Application

Unique Data Forwarding Algorithm Highly Optimized for the Network Operator’s Application

Business Data & Logic

© 2012 Cisco and/or its affiliates. All rights reserved. 17

Summary

© 2012 Cisco and/or its affiliates. All rights reserved. 18

•  Evolutionary step for networking Integrate with and complement the Network Control Plane

•  Centered around delivering open, programmable environment for real-world use cases No one-size-fits-all APIs, Agents/Controllers, Network Virtualization Joint evolution with industry and academia

•  Technology-agnostic Not predicated on a particular technology or standard Draw from existing technologies and industry standards

•  Delivered as incremental functionality Many customers will use hybrid implementations Build upon existing infrastructure with investment protection

www.cisco.com/go/onepk; www.cisco.com/go/getyourbuildon

Summary: Open Network Environment The Industry’s Broadest Approach to Programmatic Access to the Network

www.cisco.com/go/one Open Network Environment onePK

© 2012 Cisco and/or its affiliates. All rights reserved. 19

Some References • Open Network Environment

www.cisco.com/go/one

• onePK www.cisco.com/go/onepk www.cisco.com/go/getyourbuildon developer.cisco.com/web/getyourbuildon

• Blogs blogs.cisco.com/getyourbuildon/ blogs.cisco.com/tag/onepk/ blogs.cisco.com/tag/openflow/ blogs.cisco.com/tag/sdn/

© 2012 Cisco and/or its affiliates. All rights reserved. 20

Thank you. Thank you.