Practial Path to Automating Networks

4
Software Defined Networking (SDN) has been heralded as the long-term solution for dynamically provisioning and automatically configuring network resources as applications are deployed. SDN, though, has moved beyond theory to practical reality, as open standards and growing interoper- ability among vendors are driving rollouts of new capabilities. The ongoing virtualization of data center infrastructure and integration of cloud computing resources make it imperative to be able to dynamically shift and monitor workloads across those environments. As data center networks have grown to encompass thousands of devices, existing architectures have proven inadequate for rapid deployment of applications and unable to keep up with the agility requirements of today’s business environment. This paper reviews the state of SDN today, including key factors in its evolution. It also reviews the development of standards such as OpenFlow and the more recent OpFlex open policy protocol that complements it. We will then look at how the Application Centric Networking model from Cisco has developed to create a more complete solution for SDN that combines L4 — 7 services from Citrix using the NetScaler ADC. SDN moves into the realm of the practical, as standards and interoperability ease efforts to automate networks A PRACTICAL PATH TO AUTOMATING APPLICATION NETWORKS

description

Software Defined Networking (SDN) has been heralded as the long-term solution for dynamically provisioning and automatically configuring network resources as applications are deployed. SDN, though, has moved beyond theory to practical reality, as open standards and growing interoperability among vendors are driving rollouts of new capabilities.

Transcript of Practial Path to Automating Networks

  • Software Defined Networking (SDN) has been heralded as the long-term solution for dynamically

    provisioning and automatically configuring network resources as applications are deployed. SDN,

    though, has moved beyond theory to practical reality, as open standards and growing interoper-

    ability among vendors are driving rollouts of new capabilities.

    The ongoing virtualization of data center infrastructure and integration of cloud computing

    resources make it imperative to be able to dynamically shift and monitor workloads across those

    environments. As data center networks have grown to encompass thousands of devices, existing

    architectures have proven inadequate for rapid deployment of applications and unable to keep

    up with the agility requirements of todays business environment.

    This paper reviews the state of SDN today, including key factors in its evolution. It also reviews

    the development of standards such as OpenFlow and the more recent OpFlex open policy

    protocol that complements it. We will then look at how the Application Centric Networking

    model from Cisco has developed to create a more complete solution for SDN that combines

    L4 7 services from Citrix using the NetScaler ADC.

    SDN moves into the realm of the practical, as standards and interoperability ease efforts to automate networks

    A PRACTICAL PATH TO AUTOMATING APPLICATION NETWORKS

  • SDN TODAYWhile virtualization of compute and storage have made those infra-structures more efficient, the network has not kept pace, leaving data centers struggling to leverage such advances. Proprietary legacy networking solutions make it difficult for organizations to adapt new technologies needed to create innovative services and are barriers to achieving the full potential of enterprise cloud computing.

    Computer networks are complex and difficult to manage, say the authors of an ACM SIGCOMM Computer Communication Review paper tracing the history and evolution of SDN. These networks have many kinds of equipment, from routers and switches to middleboxes such as firewalls, network address translators, server load balancers, and intrusion detection systems. Routers and switches run complex, distributed control software that is typically closed and proprietary.1

    In a legacy network, adding new functions typically requires installing new equipment or contracting a vendor to reprogram old equipment for new use. In an SDN, the network control and forwarding functions are decoupled from hardware. Those functions are then directly programmable so that network architects can dynamically manage and control the network devices. Thus the network can be virtual-ized and delivered as a service much as data centers are doing with compute and storage resources.

    Much of the appeal of SDN is that it provides substantial benefits both for service providers and the customers they serve. For carrier and service providers, SDN offers bandwidth on demand, which gives controls on carrier links to request additional bandwidth when necessary, as well as WAN optimization and bandwidth calendaring. For cloud and data centers, network virtualization for multi-tenants is an important use case as it offers better utilization of resources and faster turnaround times for creating a segregated network. Enter-prise campuses experience network access control and network monitoring when using SDN policies, says SDxCentral in identifying common use cases.2

    Many believe SDN will accelerate the merging of software develop-ment and IT operations into a modern enterprise DevOps function that can more quickly create, refine and fix applications. With an SDN infrastructure enabling dynamic provisioning, developers can rapidly prototype, build and migrate applications to production mode. This is why SDN is seen as the key to an automated, application-centric infrastructure.

    SDN allows AT&T and its customers to create products and services quicker than before, with more control and the ability to add services on-demand and in near real-time, says AT&T. SDN was a key element in AT&Ts 2014 rollout of its self service network solution for businesses.

    Services providers such as AT&T represent one class of SDN adopters, according to a Network World reality check. Hyperscale operations such as Google are another. Large financial firms such as JPMorgan and Goldman Sachs represent a third class of potential SDN consumer,3 writes Jim Metzler in a Sept. 9, 2014 Network World article.

    2A PRACTICAL PATH TO AUTOMATING APPLICATION NETWORKS

    Noting that many large enterprises have conducted trials of SDN and related technologies, Metzler predicts the likelihood that these very large enterprise shops will drive the adoption of SDN in the short- to mid-term. In fact, given the amount of attention some of these financial firms have paid to SDN, it is a safe bet that some will start to deploy SDN in production networks sometime in 2015.

    STANDARDS DRIVEN MOMENTUMThe roots of SDN traced back more than 20 years to research efforts on active networking and evolved into an industry-wide effort to build a more open, programmatic approach to network architecture. But the proprietary locks that network equipment vendors asserted over their system software stymied researchers attempting to move in that direction. A group of computer scientists at the University of Stanford in 2008 proposed the catalyst that would push vendors in a more open direction.

    Frustrated by [the] inability to fiddle with Internet routing in the real world, Stanford computer scientist Nick McKeown and colleagues developed a standard called OpenFlow that essentially opens up the Internet to researchers, allowing them to define data flows using soft-ware--a sort of software defined networking, observes Kate Greene, in the MIT Technology Review the following year.

    Installing a small piece of OpenFlow firmware (software embedded in hardware) gives engineers access to flow tables, rules that tell switches and routers how to direct network traffic. Yet it protects the proprietary routing instructions that differentiate one companys hardware from another, the Technology Review article explains.

    OpenFlow and other SDN-related open networking initiatives make it compelling for network equipment vendors to proactively respond to data center demands for more flexibility to leverage the potential of cloud computing. It is only with the advent of SDN that the idea of a fully scalable, end-to-end, software-based infrastructure can be real-ized, says Arthur Cole in an article4 in Enterprise Networking Planet. And now that that flexible networking technology is here, the race is afoot to deliver on its promise for cloud-based compute environments.

  • While it spurred more aggressive SDN development, doubts about the scalability and performance limitations of the OpenFlow model persisted.

    Traditional SDN models today function on the basis of an imperative control model with a centralized controller and distributed network entities that support the lowest common denominator feature set across vendors such as bridges, ports and tunnels, writes Shashi Kiran, senior director, Market Management for Data Center, Cloud and Open Networking at Cisco, in a blog. As the network scales, the controller becomes a bottleneck due to the need to maintain increased state, and starts to impact performance and resiliency.

    Cisco envisions a more distributed, policy driven approach that relies on the concept of declarative control. Declarative control dictates that each object is asked to achieve a desired state and makes a promise to reach this state, without being told precisely how to do so,5 according to Cisco. As a result, underlying objects handle their own configuration state changes and are responsible only for passing exceptions or faults back to the control system. This approach reduces the burden and complexity of the control system and allows greater scale.

    To enable this new policy driven approach, Cisco, along with Citrix, led the effort to create the OpFlex open policy protocol, which has been submitted as an Internet Engineering Task Force draft and was co-authored with IBM and Microsoft.

    Some observers have viewed OpFlex as a competitor to OpenFlow, but thats an oversimplified and somewhat misleading characterization, as OpenFlow focuses on managing Layers 2 and 3 of the network while OpFlex controls Layers 4 7. While OpenFlow centralizes the network control plane on an SDN Controller and can push commands down to OpenFlow enabled network devices, OpFlex centralizes policy control and relies on traditional and distributed network control protocols to push commands down,6 according to an SDxCentral analysis.

    OpFlex is gaining acceptance. The OpenDaylight Project, a community-led and industry-supported open source platform to advance SDN and Network Functions Virtualization (NFV), has an OpFlex bootstrap project underway to define a uniform policy model that can extend across the data center, access layer, and WAN, and Cisco is also working on an open source OpFlex agent for Open vSwitch an open source virtual switch option available under the Apache 2.0 license.

    OpFlex also ties into the OpenStack development effort. A group policy blueprint from Cisco was approved for the OpenStack

    3A PRACTICAL PATH TO AUTOMATING APPLICATION NETWORKS

    Neutron networking code base. As Sean Michael Kerner of Enterprise Networking Planet explains in an article: While OpFlex is the protocol, the Group Policy API is the mechanism by which the policies are managed and enabled. By integrating the Group Policy API into OpenStack Neutron, the open source community will be building a cloud platform mechanism that supports OpFlex.7

    EVOLVING TO APPLICATION CENTRIC INFRASTRUCTURE OpFlex stems from Ciscos Application Centric Infrastructure vision and strategy. In Ciscos view, earlier efforts to implement SDN were limited because they mimic an old model of networking that focused on individual networking elements.

    Padmasree Warrior, chief technology & strategy officer at Cisco, writes in a blog that ACI delivers centralized application-driven policy automation, management and visibility of physical and virtual networks. Its built upon a fabric foundation that delivers best-in-class infrastructure by combining hardware, software and ASIC innovations into an integrated system. In the ACI realm, network, compute, and storage will operate as one high-performance resource pool that can be provisioned instantly and automatically according to the needs of the application and related IT policies with security pervasive throughout. It will provide a single point of management for the integrated needs of application, network and security administrators.

    THE ROLE OF APPLICATION DELIVERY CONTROLLERSACI is built on a network fabric designed to support management automation, programmatic policy, and dynamic workload-anywhere models. At its heart is the Cisco Application Policy Infrastructure Controller (APIC), a centralized policy management and control point for the entire infrastructure.

    As organizations roll out SDNs, they will need to implement a more efficient and effective approach to load balancing, which distributes incoming traffic among servers hosting the same application content and prevents any application server from becoming a single point of failure. As web sites moved beyond static content to application delivery, users need to be connected to application servers based on a variety of criteria using policies and advanced application-layer knowledge to support business requirements. This application-aware distribution capability is a key element in the ACI architecture.

    Citrix introduced its NetScaler line of products to provide a much more efficient and effective approach replacing the old server load balancer with a new Application Delivery Controller (ADC). The Citrix NetScaler ADC combines Layers 4 7 load balancing, high-speed data compression, content caching, SSL acceleration, application flow visibility, and a powerful application firewall into a single, easy- to-use platform.

    WORKLOADS TODAY ARE ELASTIC; AS USERS MOVE AROUND THE WORLD IN DIFFERENT TIME ZONES, FOR EXAMPLE, THEY NEED A WORKLOAD THAT IS NATURALLY STRETCHY, AND ACI BRINGS THAT NETWORK STRETCHINESS TO REALITY.

    Steve Shah, senior director of product management, Citrix

  • NetScaler leverages the Cisco APIC to programmatically automate network provisioning and control based on application requirements and policies for both datacenter and enterprise environments. This gives our customers what they have wanted, which is to be able to run load balancers and firewalls in line with their application servers and spin them up and stamp out a configuration, says Steve Shah, senior director of product management at Citrix. They dont have to worry about individually configuring thousands of load balancers or firewalls in the process because they can automate two or three configurations.

    Cisco APIC can dynamically distribute new policies to the ADC in minutes, without requiring the network be manually changed. Integration between the Cisco APIC controller and the NetScaler ADC is achieved through REST- based open APIs. A NetScaler Device Package imported by the APIC controller enables it to perform detailed feature level configuration of NetScaler ADC services. This enables consistent automation and orchestration of critical services required in bringing up applications in a fast, secure and reliable manner. Moreover, these applications can run on any device type and anywhere in the customers environment without causing disruption to the network.

    We dont build networks for the sake of building networks but to run applications, says Citrix Shah. Workloads today are elastic; as users move around the world in different time zones, for example, they need a workload that is naturally stretchy, and ACI brings that network stretchiness to reality.

    NetScaler and ACI integration provides several key benefits to data centers:

    NetScaler appliances and virtual appliances can be configured from one location, with less time and effort

    Changes to configurations are automatically pushed out to all appropriate NetScaler appliances

    Customers can utilize the advanced capabilities of NetScaler, and are not restricted to lowest common denominator ADC features

    4A PRACTICAL PATH TO AUTOMATING APPLICATION NETWORKS

    DEPLOYMENT-READY OPTIONSACI moves beyond SDN theory to advanced implementation, while accommodating existing infrastructure. On a practical level, virtual or physical servers on existing Cisco Nexus networks can participate in the ACI fabric using the Cisco APIC to provision policies and enable ACI forwarding mechanisms across both the new ACI (Nexus 9000-based) and existing Nexus fabrics (Nexus 3000-7000). Another possible implementation is to use Cisco Nexus 7000 Series Switches running OTV as data center interconnect (DCI) devices between the Cisco ACI fabric and an existing Cisco Nexus fabric to join the network domains and facilitate traffic between the two systems. To bring Level 4 - 7 services into the mix, Cisco Remote Integrated Services Engine (RISE) technology allows the Citrix NetScaler to be used as an extension of Cisco Nexus 5000, 6000, and 7000 Series Switches through embedded intelligent services that securely integrate the control planes of the switch and the ADC appliances. Cisco RISE provides a generic means of integration that allows a service appliance (physical or virtual) to be seen as a virtual line card within either a Cisco Nexus platform switch.

    FAILSAFE PATH TO ACIWhether ACI is in your immediate future or still a distant goal, the demand for 100% application availability, enhanced end-to-end perfor-mance, advanced application-layer attack protection, and improved server efficiency is here now. Choosing the right ADC for the network as it is used today and supporting the network of the future is key, making Citrix NetScaler the logical choice.

    Citrix NetScaler is the only application delivery controller that fully integrates into Ciscos Unified Fabric. The Citrix NetScaler 1000V is recommended by Cisco as a replacement product for the end-of-life Cisco ACE and provides a smooth migration path for Cisco ACE, GSS and CSS customers.

    NetScaler comprises tightly integrated physical and virtual appliances that provide core load-balancing capabilities and deliver the highest levels of security and performance for todays business critical Web applications, while providing a foundation for tomorrows Application Centric Infrastructures.

    For more information please go to www.citrix.com

    1 Nick Feamster, et al, The Road to SDN: An Intellectual History of Programmable Networks, April 2014. ACM SIGCOMM Computer Communication Review. www3.cs.stonybrook.edu/~phillipa/CSE534/sdnhistory.pdf2 Whats Software-Defined Networking (SDN)? SDxCentral.com.; https://www.sdxcentral.com/resources/sdn/what-the-definition-of-software-defined-networking-sdn/3 Jim Metzler, SDN and Network Virtualization: A Reality Check, Sept. 9, 2014. Network World.; www.networkworld.com/article/2604023/sdn/sdn-and-network-virtualization-a-reality-check.html4 Arthur Cole, SDN: The Key to Computing in the Cloud, April 4, 2014. Enterprise Networking Planet. www.enterprisenetworkingplanet.com/datacenter/datacenter-blog/sdn-the-key-to-computing-in-the-cloud.html5 OpFlex: An Open Policy Protocol, 2014. Cisco; www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-731302.html6 What is Cisco OpFlex? SDxCentral.com; https://www.sdxcentral.com/resources/cisco/cisco-opflex/7 Sean Michael Kerner, Cisco Opflex Protocol Moves Forward at OpenStack and OpenDaylight, May 5, 2014. Enterprise Networking Planet. www.enterprisenetworkingplanet.com/netsp/cisco-opflex-protocol-moves-forward-at-openstack-and-opendaylight.html