building the right network

Understand Different Overlay Approaches Building the right Network Joe Onisick – Principal Engineer – Cisco ACI/Nexus 9000 [email protected] May 2015 @jonisick

2 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

Challenges and Opportunities

Open Visibility Investment Protection

Automation Lowering Opex

and TCO

Security

3 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick

Data Center Transitions Road to ACI/Nexus 9K

Lower TCO | Workload Flexibility | Agility | Compliance/Security

1.  Morgan Stanley CIO Survey, 2013 2.  HP 3.  Information Week 2013 Virtualization Mgmt Survey, 2013 4.  Cisco Global Cloud Index Forecast (2013-2017)

75% physical servers1

“BARE METAL”

10G LAN on motherboard2

VM DENSITY AND SERVER I/0

~45% of data center Multi-hypervisor3

MULTI-CLOUD

IP traffic 25% CAGR4

BIG DATA


Don’t Take Our Word For it!

https://www.vmware.com/files/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf


Networks are complex! They are the next silo to experience major

shift

1st Gen SDN solutions look to meet the new technical challenges.

Why SDN, Why Now?


Automation & Programmability

Centralized Provisioning & Visibility

Simplification/ Abstraction

App Agility

Deliver New Revenue Streams Faster

Risk and OpEx Reduction

Lowered OpEx

Reduced Risk

Reduced CapEx

APIC

The Future of Networking

7 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential @jonisick © 2015 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public 7

Programmable Network

Third Party Controllers

Cisco ACI


Foundational Switching Platforms for the Next Decade Industry Leading Price/Performance, Port Density: Fastest 10G/40G /100G Platform with Merchant+

Programmability/ Open APIs: Linux Containers, Python, Power Shell, Puppet, Chef… Ideal for DevOps!!

15% Better Power & Cooling–2.8X Better Reliability

Innovation Object Model, No Backplane, No Midplane, Health scores

$ Multi-million Savings 40/100G on Existing Cables using BiDi Optics. Non disruptive migration to 40G

Nexus 9000 1/10/40/100G

Standalone / ACI Ready

1011 0010


Road to SDN for Our Customers


Third Party Controllers

Cisco ACI

“DO-IT-YOURSELF”/SCRIPTERS

DEVOPS METHODOLOGY

NETWORK VIRTUALIZATION HETEROGENEOUS

SCALE - BGP WORKLOAD ANYWHERE

POLICY = AUTOMATION PRIVATE/HYBRID CLOUD

BROAD ECOSYSTEM

All Start with the Nexus Portfolio and 10/40G



Optimized Mobility

POAP

DevOps Tooling

Interoperable

Development

Operations

NETWORK

SECURITY STORAGE

COMPUTE

DEV OPS

ARCHITECT

DEVELOPER

QA

Open APIs

Foundation: Nexus or ACI

PXE ONIE Linux/Python Daemon

NXAPI


Third Party Controllers Multi-Tenancy & Seamless Host Mobility at Cloud Scale

Heterogeneous Increased Scale

Optimized Mobility

Operational Flexibility

Any Workload, Anywhere.


The Most Complete Solution for Our Customers

Physical, Virtual & Containers

Open, Standards & Secure

Automation via Common Policy

Application Centric Infrastructure


Cisco ACI Complements, Enhances and/or Replaces Any Other SDN Offering

Bare Metal Applications

Virtualized Applications

Optional Software Overlay

Foundation: Nexus or ACI


APPLICATION LANGUAGE

?

NETWORK LANGUAGE

•  VLAN •  IP Address •  Subnets •  Firewalls •  Quality of Service •  Load Balancer •  Access Lists

•  Application Tier Policy and Dependencies

•  Security Requirements •  Service Level Agreement •  Application Performance •  Compliance •  Geo Dependencies •  Tenants

Application vs. Network: Two languages


Logical Provisioning of Stateless Hardware SIM Card

Identity for a Phone Service Profile

Identity for a Server

UCS Service Profile Unified Device Management

Network Policy

Storage Policy

Server Policy

Application Profile Identity for the Network


Solving Today’s Problems on a Platform for Tomorrow

Step 2: Automate physical/virtual L4-7 service provisioning. Only virtual services supported with network virtualization

Step 3: Deploy new applications with full app visibility ACI is the only solution that offers app level visibility

Step 1: Automate basic network configuration. Not handled by network virtualization/Software only overlays

VLANs

ACLs Routes

QoS


WAN

Firewall

LB to Group 2

Connect to EPG 3

Connect to Group 2

High Priority

Group Policy Model Topology/ Service Graph

GROUP 1 GROUP 2 GROUP 3

PRODUCTION POD DMZ

SHARED SERVICES

1 Profile

VLAN 1 VXLAN 2

VLAN 3

100s of Profiles

DEV TEST

PROD

10s of Profiles

WEB APP

DB

1000s of Profiles

Level of Segmentation/ Isolation/ Visibility

Flexibility – Mapping to Business Needs


ACI Delivers Secure Multi-Tenancy at Scale

CENTRALIZED AUTOMATION

Audit, Detect, Mitigate

EMBEDDED IN ACI INVESTMENT PROTECTION

FirePOWER Now Integrated with ACI Validated for Deployment in PCI Compliant Networks

POLICY DRIVEN

Physical & Virtual

Automated Protection to Cover the Attack Continuum


DB APP ADC

WEB F/W ADC

ESX

MGMT VMOTION

Bare Metal

Linux Container

ACI Integrated Security - Open, Flexible, Policy Driven

Consistent Audit, Logging, & Visibility – FIPS / CC / PCI / RBAC

ACI Policy Model – Security & Micro-Segmentation


Preparing Your Network for ACI

VLAN 10

Existing Infrastructure (7K/5K/2K, 3rd party, etc.)

VLAN 20

Entry level N9K ACI Ready bundle attached to existing

aggregation tier

New Server Group APIC Cluster

Add ACI Spines and Controllers. Convert

redundant ToRs to ACI one by one.

building the right network

Technology