from software defined to policy driven – evolution of...

From Software Defined to Policy Driven – Evolution of Agile Application Deployment

David Klebanov Technical Solutions Architect

November 6th, 2014

2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

§ Current Application Deployment Model

§ Software Defined Approaches

§ Application Centric Infrastructure

Agenda

3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Applications are Front and Center

§  Data Centers exist for deploying applications

§  Question: what is an Application?

§  Answer: it is all of it!

§  How do you provision application today?

CONNECTIVITY? PHYSICAL SERVERS?

VIRTUAL MACHINES? STORAGE? SECURITY/HIGH

AVAILABILITY? Application QUALITY OF SERVICE?

4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Traditional App Deployment Methodology

Infrastructure Domain Application Domain

Application Development

Network Compute

Virtualization Storage

Operations

Security Hi-Avail

Compliance

What’s wrong with this?

5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Application Language Barriers

Application Tiers

Provider / Consumer Relationships

App Developer’s View

Human Translator

Infrastructure Team’s View

VLANs

Subnets

ACLs

FW Rules

Virtual Networks

LUNs

LB Rules

Virtual Machines

Physical Machines

Zoning

§  Sequential and time consuming §  Manual and human-error prone §  Mismatched operational models

6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Network

Current SDN Approach Top-Down Control

OpenFlow

Controller

Flow #2

Flow #1

§  “Micromanagement” §  Not hardware friendly and

does not scale

§  Limited in functionality with specific deployment cases…SDN 2.0*?

§  Only focuses on connectivity semantics

It is software defined, but…

* Scott Shenker https://www.sdncentral.com/news/scott-shenker-preaches-revised-sdn-sdnv2/2014/10/

7 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Current SDN Approach Top-Down Control

§  Primarily caters to all-virtualized environment

§  Reproduces existing network principles, shifts complexity

§  Multiple networks to run §  Software performance

It is software defined, but… Hypervisor

Network Virtualization

Controller

8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Can we do better?

Focus on what’s important – Applications!

9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Application Centric Infrastructure

10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

The Easy Button

Wouldn’t it be nice if we had?

11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Physical and Virtual Infrastructure

Security and High Availability

Applications

Web App DB

Rapid Application Deployment Methodology

Common Pool of Data Center Resources

Abstract

Automation Tools

Hypervisor Management Cloud Management Platforms

Monitoring Tools Orchestration Framework

12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

## Network Profile: Defines Application Level Metadata (Pseudo Code Example) <Network-Profile = Production_Web> <App-Tier = Web> <Connected-To = Application_Client> <Connection-Policy = Secure_Firewall_External> <Connected-To = Application_Tier> <Connection-Policy = Secure_Firewall_Internal & High_Priority> . . . <App-Tier = DataBase> <Connected-To = Storage> <Connection-Policy = NFS_TCP & High_BW_Low_Latency> . . .

Application Centric Infrastructure

Application Policy

DB App Web

Decouple

Physical and Virtual Infrastructure

§  Stateless definition of application requirements

§  Abstracted from infrastructure implementation

§  Define the “What”, not the “How”

13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Promise Theory Principle Imperative and Declarative Control

1 2 3

4 5 6

“Stack  boxes  1-­‐6  in  numerical  order  from  le8  to  right,  top  to  bo=om.”  

4 5 6

2 3

1

“I  want  the  boxes  to  look  like  this.”  

ACI Promise Theory the “What”

(Intent)

Top-Down SDN Model the “How”

14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Application Policy Distribution and Resolution

Physical and Virtual Infrastructure

§  XML/JSON defined §  Policy Distribution

-  Routers, Switches, ADCs, FWs etc.. -  OpFlex Protocol

§  Policy Resolution -  Just-in-time

POLICY AGENT

Application Policy

Application Policy

Application Policy

Application Policy

Application Policy

Application Policy

15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Policy Mobility

Physical and Virtual Infrastructure

Physical and Virtual Infrastructure

Physical and Virtual Infrastructure

Physical and Virtual Infrastructure

Application Policy

Application Policy

Application Policy

Application Policy

§  Disaster Recovery §  Distributed Applications

Site 1 Site 2

Site 3

Application Location

Independence

16 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Improving Application Performance Software Defined Control, Hardware Defined Performance

§  Dynamic Loadbalancing

§  Flowlet Switching

80% Improved Application Flow Completion

4x..16x Increase Bandwidth

60%

Increase Utilization

60% 90%

§  Dynamic Flow Prioritization

§  Congestion Monitoring

17 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Telemetry and Visibility System Wide Coordination

§  Per Application §  Per Tenant §  Per Infrastructure

SYSTEMS TELEMETRY

APPLICATION HEALTH SCORE

LATENCY

VISIBILITY

VMs

Physical

Application Delivery Controller

Firewall

Microsecond(s) 5

16

8

Packet Drops 25

96%

Physical and Virtual Infrastructure

18 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

An Open Approach

Physical and Virtual Infrastructure

Open Framework for Services Nodes

Integration

Open Policy Protocol*

Controller Choice

Automation Choice

RESTful APIs

Standard Protocols

Hypervisor Choice

Platform Choice Physical, Virtual,

Containers

Group Based Policy**

* http://tools.ietf.org/html/draft-smith-opflex-00 ** https://wiki.openstack.org/wiki/GroupBasedPolicy

19 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Useful Links

§  ACI Landing Page http://cisco.com/go/aci

§  Overview: Group Based Policy with OpenStack https://www.youtube.com/watch?v=jF4aK1b383g&feature=youtu.be

§  Demo Video: Group Based Policy with OpenStack https://www.youtube.com/watch?v=a3Ur1IDyALA

§  Group Based Policy Extension for OpenStack Networking: https://www.openstack.org/summit/openstack-paris-summit-2014/session-videos/presentation/group-based-policy-extension-for-networking

§  Whitepaper: Group Based Policy with OpenStack http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-733126.html

§  OpenDaylight Group Policy https://wiki.opendaylight.org/view/Group_Policy:Main

20 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Questions? David Klebanov klebanov@cisco.com @davidklebanov

Thank you.