GigaOM Structure 2013: The True Potential of Network Virtualization, Dimitri Stiliadis, Co-Founder...

Copyright 2013 Alcatel-Lucent. All rights reserved.

CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION

True Potential of Network Virtualization Dimitri Stiliadis (@dstiliadis) JUNE 14th, 2013



SDN: THE ACRONYM

•Open Networking Foundation (ONF):

Software Defined Networking

• Internet Engineering Task Force (IETF):

Software Driven Networking

MEF, ATIS, OMG, ETSI, …

Still Don’t kNow

• Industry cognoscenti:

Seemingly Different Network, Somewhat Debatable Notion, Spawning Dedicated Networks, Self Defined Networking,

Still Doing Nothing…



And then, Network Virtualization

6/21/2013

3

L2 Service Virtualization




6/21/2013

4

Promise of Nirvana




6/21/2013

5

The devil is in the details




6/21/2013

6

What is Network Virtualization Network Virtualization =? Server Virtualization

What isn’t Network Virtualization



A Matter of Perspective

6/21/2013

7

APPLICATION-CENTRIC VIEW

“BLACK BOX”

Application attributes User Expectations

Application performance

AP

PLI

CA

TIO

NS

NET

WO

RK




6/21/2013

8

APPLICATION-CENTRIC VIEW

“BLACK BOX”

Application attributes User Expectations

Application performance

AP

PLI

CA

TIO

NS

NET

WO

RK

• Network is on the way

• No APIs

• Manual provisioning

• Must depend on network admin

• Network as Code

Application Developer View




6/21/2013

9

NETWORK-CENTRIC VIEW

“BLACK BOX”

Network Topology Protocols

Service stability

AP

PLI

CA

TIO

NS

NET

WO

RK




6/21/2013

10

NETWORK-CENTRIC VIEW

“BLACK BOX”

Network Topology Protocols

Service stability

AP

PLI

CA

TIO

NS

NET

WO

RK

• What do applications want?

• Can’t trust users

• Security

• Network stability

• Operations, tools ?

Network Admin View



A Matter of Perspective for the Solution

6/21/2013

11

Application Driven Solution Network/Protocol Solution



But the problem is different

6/21/2013

12



We Started with VLANs

6/21/2013

13

Server & Storage Arrays

Service Appliances DC Core Network

SERVER & STORAGE INFRASTRUCTURE

10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.4 10.1.1.3

10.1.1.2

• VLAN scalability • L2 core scaling issues • Management complexity • Network stability

ISSUES & LIMITATIONS



Network Guy: Didn’t We Solve This Problem Before?

6/21/2013

14

MPLS L2/L3 VPNs

Edge

MPLS VPNs operational for 15 years with 1000s of end points Rich experience and toolsets But: • Not optimized for automatic provisioning • Not scaling to data center sizes • Perception of complexity



Network Guy: Didn’t We Solve This Problem Before?

6/21/2013

15

MPLS L2/L3 VPNs

Edge

MPLS VPNs operational for 15 years with 1000s of end points Rich experience and toolsets But: • Not optimized for automatic provisioning • Not scaling to data center sizes • Perception of complexity



Number of endpoints

Networking for ISPs Networking for the Cloud

Nature of connections

Connection longevity

Service Requirements Simple Dynamic

Networking for Applications



App Guy: Bringing Network Virtualization to the DC

6/21/2013

17

Service Request

L2-Segment

VM VM VM

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

IP Network Fabric

Router VM

Confined in single administrative domains



App Guy: Bringing Network Virtualization to the DC

6/21/2013

18

Service Request

L2-Segment

VM VM VM

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

IP Network Fabric

Router VM

Confined in single administrative domains



Applications Requirements

6/21/2013

19

Source: http://docs.oracle.com/cd/E12839_01/core.1111/e12037/overview.htm

REALITY SIMPLE VIRTUALIZATION VIEW

Storage

L2-Segment

VM VM



Hybrid Clouds and Existing Services ?

6/21/2013

21

L3 VPN Service

Multi-DC & Hybrid Clouds

Net 1 Net 2

VM VM VM VM

Router

Enterprise

Site A

DC Zone 1 DC Zone 2

Enterprise

Site A

L2/L3 VPN Service

Disaster Recovery & L2 VPNs

Subnet 1 Subnet 2

VM VM VM VM

Router

Availability Zone

VM VM

Enterprise Site 1 Enterprise Site 2

Availability Zone



State of the Art – Amazon VPC

6/21/2013

23

http://aws.amazon.com/articles/0639686206802544

Do it yourself Complex router configurations IP addresses, IPSec tunnels Configuration in both sites Manual complex steps



State of the Art – Amazon VPC

6/21/2013

24

http://aws.amazon.com/articles/0639686206802544

Do it yourself Complex router configurations IP addresses, IPSec tunnels Configuration in both sites Manual complex steps



AWS VPC & Managed VPNs

6/21/2013

25

http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

“Step 3: Work with a partner in the AWS Partner Network (APN) to help you establish network circuits between an AWS Direct Connect location and your data center, office, or colocation environment, or to provide colocation space within the same facility as the AWS Direct Connect location. For the list of AWS Direct Connect partners who belong to the AWS Partner Network (APN), go to http://aws.amazon.com/directconnect/partners.?



AWS VPC & Managed VPNs

6/21/2013

26

http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

“Step 3: Work with a partner in the AWS Partner Network (APN) to help you establish network circuits between an AWS Direct Connect location and your data center, office, or colocation environment, or to provide colocation space within the same facility as the AWS Direct Connect location. For the list of AWS Direct Connect partners who belong to the AWS Partner Network (APN), go to http://aws.amazon.com/directconnect/partners.?



The Design of the Right Tool

6/21/2013

27



Properties of Network Virtualization

6/21/2013

28

Current (1st Gen)

Equivalency From an application perspective, virtual network provides same

services as before

Efficiency Statistically dominant fraction of

packets forwarded without physical network translations

Network Resource Control Controlled by physical network

(hypervisor), minimizing cross-talk (noisy neighbours)



Proven Principles

6/21/2013

29

End-to-end Principle

• Simple core • Intelligent edges • Fate sharing

Network of networks

BGP

• Service Federation

Mobile

• Policy Driven • Soft Handoff • State distribution



The Internet Principles

6/21/2013

30

2. … the end-to-end argument, suggests that

functions placed at low levels of a system may be redundant or of little value when compared with the cost of providing them at that low level.

Steve Deering, 1998, “Watching the waist of the protocol hourglass”

1. Thin waist



The Network of Networks

6/21/2013

31

Picture from the “Salinas Union High School District”: http://www.salinas.k12.ca.us/



Mobile Networks – Policy Driven Automation

6/21/2013

32

Soft handoff for fast mobility



Network Virtualization Simple Core – Intelligent Edge

6/21/2013

33

HV

IP Transport

HV

HV

Decouple services from transport Tunneling as a means of abstraction Intelligent edge ACLs, QoS, Access Control IP underlay transport Distributed L2/L3/L4 processing

App

App

App



But What Control Plane?

6/21/2013

34

HV

IP Transport

HV

HV App

App

App

HV

IP Transport

HV

HV

Controller

App

App

App

Large complexity of end points

Ctrl

Ctrl

Ctrl

Scale, interoperability, reliability?



Federated SDN Controllers

6/21/2013

35

HV

IP Transport

HV

HV

Controller

App

App

App

Controller MP-BGP

?



But this solves a larger problem

6/21/2013

36

Edge

IP Transport

Edge

Edge

Controller

IP Network



Overlay and Underlay

6/21/2013

37

HV

IP Transport

HV

HV

Controller

App

App

App

Lack of visibility in underlay Can lead to service disruption No means to detect or react

?



Overlay and Underlay Event Correlation

6/21/2013

38

HV

IP Transport

HV

HV

Controller

App

App

App

!



Distributed Policy Based Networking

6/21/2013

39

Edge

IP/MPLS Transport

Edge

Edge

Controller

Policy System

App

• Pull model • Application requests trigger network action • Network validates requests and assigns resources • Controllers implement in a distributed manner



Multi-DC, multi-Provider, multi-Vendor Cloud Networking

6/21/2013

40

40

Network Closed Black Box



Multi-DC, multi-Provider, multi-Vendor Cloud Networking

6/21/2013

41

41

Hypervisor

Virtual Routing & Switching

Services Controller

OpenFlow

Decouple control & data plane

BGP federation Federate control plane across domains/vendors Old and new worlds

Virtualized Services Directory

XMPP

Decouple policy management & control plane



Abstractions

6/21/2013

42

WAN Service

Enterprise Site

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

IP Network Fabric

Virtual Network Domain

BGP

Service Definition

My Network

Zone 2 Zone 1

App Tier 1 App Tier 2

Enterprise Site

Public Internet



Solving the Puzzle

6/21/2013

43

L3 Services

MPLS VPN

Firewalls Hybrid Clouds

L2 Virtualization

Performance SLAs


CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION 6/21/2013

45

THANK YOU

GigaOM Structure 2013: The True Potential of Network Virtualization, Dimitri Stiliadis, Co-Founder...

Technology

Transcript of GigaOM Structure 2013: The True Potential of Network Virtualization, Dimitri Stiliadis, Co-Founder...