chris swan's cloudexpo europe presentation "keeping control when moving applications to...

copyright 2014 1

Keeping Control

Chris Swan, CTO

@cpswan

the original cloud networking company

When moving applications to the

cloud

copyright 2014 2

Agenda

The lonely application

NFV to extend control to cloud

Security

Topology

Addressing

Protocols

Summary

copyright 2014 3

The lonely application

copyright 2014

When moving from data center

to the public cloud…

4

copyright 2014 5

NFV to extend control to cloud

copyright 2014

Providers and Customers

have different concerns

Layer

0

Layer

4

Layer

3

Layer

2

Layer

1

Layer

5

Layer

7

Layer

6

Virtualization

Layer

Hardware

Ownership

Layer

Limits of access, control, & visibility

User

Contr

ol

Use

r C

on

tro

l

Service Provider SDN starts at the

bottom of the network with the

"device" and network flows.

Application SDN (using NFV)

begins at the top of the network

with the enterprise application, its

owner and their collective technical

and organizational demands.

6

copyright 2014 7

Extend enterprise network to the cloud

Customer Data Center Customer Remote Office

NFV

Overlay Network Subnet: 172.31.0.0/22

Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21 Cloud Server A Cloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F

Active IPsec

Tunnel Active IPsec Tunnel

Failover IPsec

Tunnel

192.168.4.0/24 -

172.31.1.0/24 192.168.3.0/24 -

172.31.1.0/24 Firewall / IPsec

Cisco 5505

Firewall / IPsec

Cisco 5585

Data Center

Server Data Center

Server LAN IP:

192.168.4.50

LAN IP:

192.168.4.100

User Workstation

LAN IP:

192.168.3.100

User Workstation

LAN IP:

192.168.3.50

Chicago, IL USA

Remote Subnet:

192.168.3.0/24

London, UK

Remote Subnet:

192.168.4.0/24

Public IP:

184.73.174.250

Overlay IP:

172.31.1.250 Public IP:

54.246.224.156

Overlay IP:

172.31.1.246

Public IP:

192.158.29.143

Overlay IP:

172.31.1.242

Peered Peered

US EMEA

NFV NFV

APAC

copyright 2014 8

Using a networking Swiss Army knife

Firewall

Dynamic &

Scriptable

SDN

Protocol

Redistributor

IPsec/SSL VPN

concentrator

Router Switch

NFV

Hybrid

virtual

device

able to

extend to

multiple

sites

Application SDN (Software Defined Network) Appliances

• Allow control, mobility & agility by separating network location

and network identity

• Control over end to end encryption, IP addressing and network

topology

copyright 2014 9

Security

copyright 2014 10



NFV



Active IPsec


Failover IPsec

Tunnel

192.168.4.0/24 -

172.31.1.0/24 192.168.3.0/24 -


Cisco 5505

Firewall / IPsec

Cisco 5585

Data Center

Server Data Center

Server LAN IP:

192.168.4.50

LAN IP:

192.168.4.100

User Workstation

LAN IP:

192.168.3.100

User Workstation

LAN IP:

192.168.3.50

Chicago, IL USA

Remote Subnet:

192.168.3.0/24

London, UK

Remote Subnet:

192.168.4.0/24

Public IP:

184.73.174.250

Overlay IP:

172.31.1.250 Public IP:

54.246.224.156

Overlay IP:

172.31.1.246

Public IP:

192.158.29.143

Overlay IP:

172.31.1.242

Peered Peered

US EMEA

NFV NFV

APAC

copyright 2014 11

Topology

copyright 2014 12



NFV



Active IPsec


Failover IPsec

Tunnel

192.168.4.0/24 -

172.31.1.0/24 192.168.3.0/24 -


Cisco 5505

Firewall / IPsec

Cisco 5585

Data Center

Server Data Center

Server LAN IP:

192.168.4.50

LAN IP:

192.168.4.100

User Workstation

LAN IP:

192.168.3.100

User Workstation

LAN IP:

192.168.3.50

Chicago, IL USA

Remote Subnet:

192.168.3.0/24

London, UK

Remote Subnet:

192.168.4.0/24

Public IP:

184.73.174.250

Overlay IP:

172.31.1.250 Public IP:

54.246.224.156

Overlay IP:

172.31.1.246

Public IP:

192.158.29.143

Overlay IP:

172.31.1.242

Peered Peered

US EMEA

NFV NFV

APAC

copyright 2014 13

Addressing

copyright 2014 14



NFV



Active IPsec


Failover IPsec

Tunnel

192.168.4.0/24 -

172.31.1.0/24 192.168.3.0/24 -


Cisco 5505

Firewall / IPsec

Cisco 5585

Data Center

Server Data Center

Server LAN IP:

192.168.4.50

LAN IP:

192.168.4.100

User Workstation

LAN IP:

192.168.3.100

User Workstation

LAN IP:

192.168.3.50

Chicago, IL USA

Remote Subnet:

192.168.3.0/24

London, UK

Remote Subnet:

192.168.4.0/24

Public IP:

184.73.174.250

Overlay IP:

172.31.1.250 Public IP:

54.246.224.156

Overlay IP:

172.31.1.246

Public IP:

192.158.29.143

Overlay IP:

172.31.1.242

Peered Peered

US EMEA

NFV NFV

APAC

copyright 2014 16



NFV



Active IPsec


Failover IPsec

Tunnel

192.168.4.0/24 -

172.31.1.0/24 192.168.3.0/24 -


Cisco 5505

Firewall / IPsec

Cisco 5585

Data Center

Server Data Center

Server LAN IP:

192.168.4.50

LAN IP:

192.168.4.100

User Workstation

LAN IP:

192.168.3.100

User Workstation

LAN IP:

192.168.3.50

Chicago, IL USA

Remote Subnet:

192.168.3.0/24

London, UK

Remote Subnet:

192.168.4.0/24

Public IP:

184.73.174.250

Overlay IP:

172.31.1.250 Public IP:

54.246.224.156

Overlay IP:

172.31.1.246

Public IP:

192.158.29.143

Overlay IP:

172.31.1.242

Peered Peered

US EMEA

NFV NFV

APAC

copyright 2014 18

Applications can lose context when moved to the

cloud and separated from enterprise security,

management and monitoring

Extend the enterprise network to the cloud using

NFV to get control over: Security

Topology

Addressing

Protocols

Summary

copyright 2013 19

The CloudCamp Team 'Fireside

Chat' - why is it still called cloud?

19

12:45 - 13:10 in Management, Services and

Applications Stream

copyright 2014 20

Paddington, London, UK

[email protected]

+44 20 8144 0156

Questions?

chris swan's cloudexpo europe presentation "keeping control when moving applications to...

Technology

overlay ip

public ip

public cloud

user workstation lan

enterprise network

network topology

firewall ipsec cisco

network identity control