Dubai, UAE

20th March 2013

Software Defined Networking

and Use Cases

Quinton Coelho
Consulting Systems Architect

© 2012
2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1
Perception
All things to all
people
A better way to build a network

Hardware doesn’t matter

The answer to every network issue

Simplified troubleshooting

Unlimited bandwidth

Unlimited resources

Whatever you want it to be

 SDN Is… “A way to optimize link utilization in my network
enhanced, application driven routing” “An open solution for customized flow forwarding
“A platform for developing new control in and between Data Centers”
“An open solution for VM control planes”
mobility in the Data-Center” “Develop solutions at software speeds: I don’t
“A solution to automated network want to work with my network vendor or go
“A way to reduce the configuration and control” through lengthy standardization.”

CAPEX of my network “A means to get assured

and leverage commodity
switches”
“A solution to build virtual
topologies with optimum
multicast forwarding behavior”
quality of experience for “A solution to build a very large “A means to do
my cloud service offerings” scale layer-2 network” traffic engineering
without MPLS”

“A way to
“A means to scale my fixed/mobile scale my
gateways and optimize firewalls and
their placement” “A way to optimize broadcast TV delivery
by optimizing cache placement and “A way to build my own load
cache selection” security/encryption solution” balancers”
“A way to distribute policy/intent, e.g.
for DDoS prevention, in the network” “A way to configure my entire network “A solution to get a global view of the
as a whole rather than individual network – topology and state”
devices”

Simplified Operations – Enhanced Agility – New Business Opportunities

Perception Reality
Evolving way of centralizing network control.

Specialized hardware is still beneficial

Lowest common denominator features

A process of defining network requirements

Ability to automate QoS deployments

Ability to enforce policy for an entire network

Centralized control providing in a repeatable

automated fashon what you can already
do today.

The latest buzz word

―…In the SDN architecture, the control and data planes are
decoupled, network intelligence and state are logically
centralized, and the underlying network infrastructure is
abstracted from the applications…‖

https://www.opennetworking.org/images/stories/downloads/white-papers/wp-sdn-newnorm.pdf

“…open standard that enables researchers

to run experimental protocols in campus networks. Provides
standard hook for researchers to run experiments, without
exposing internal working of vendor devices……”
http://www.openflow.org/wp/learnmore/

5
Customer Insights: Network Programmability

Research/ Massively Scalable

Cloud Service Providers Enterprise
Academia Data Center
 Experimental  Customize with  Automated  Policy-based  Virtual workloads,
OpenFlow/SDN Programmatic provisioning and control and VDI, Orchestration
components for APIs to provide programmable analytics to of security profiles
production deep insight into overlay, optimize and
networks network traffic OpenStack monetize
service delivery
Network Network Flow Scalable Agile Service Private Cloud
“Slicing” Management Multi-Tenancy Delivery Automation

Diverse Network Programmability Requirements Across Segments:

Automation, Monitoring & Flow Programmability
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 6
Classes of Use-Cases
―Leveraging APIs and logically centralized control plane components‖

Custom Routing (incl. business logic)

Online Traffic Engineering

Custom Traffic Processing

(Analytics, Encryption)

Consistent Network Policy,

Security, Thread Mitigation Automation of
Network Control
Virtualization and Domain Isolation and Configuration
(Device/Appliance/Network) (Fulfillment and Assurance)
Virtual & Physical
Federating different Network Control Points
(LAN-WAN, DC-WAN, Virtual-Physical, Layer-1-3)

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 7
 Network Programmability Models
Implementation Perspective: Evolve the Control-Plane Architecture
Network Virtualization/
1 Programmable APIs 2a Classic SDN 2b Hybrid ―SDN‖ 3 Virtual Overlays
Applications Applications Applications Applications

Vendor-
Vendor- Vendor- specific APIs
Vendor-
specific APIs specific APIs specific APIs
Virtual Control Plane
Controller Controller
Virtual Data Plane

Overlay
Vendor Protocols
Specific Vendor (e.g. VXLAN)
OpenFlow
(e.g. onePK) Specific
OpenFlow Vendor
CLI, SNMP, Netflow, … Specific (e.g. onePK)
(e.g. onePK)

Control Plane Control Plane Control Plane

Control Plane

Data Plane Data Plane Data Plane Data Plane Data Plane

Openstack and Network Overlays Apply to All Models (Physical/Virtual)

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 8
Custom Features Can Be Built
 Implementing Customer Use Cases
Approach 1 Approach 2 Approach 3

Apps Apps Apps

APIs Controller Virtual Overlays

Other
Agents Physical
and
Virtual

OpenFlow Device w/ Device

Network Device OpenFlow Network

Cisco Approach: Flexibility to Choose—The Power of “AND”

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 9
9
 Cisco ONE -
Open Network Environment

© 2012
2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 10
 Harnessing Network Value

POLICY Orchestration ANALYTICS

Program for
Optimized Harvest Network
Experience Intelligence

NETWORK
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11 11
 Cisco’s Differentiation: Multi-layered Programmability
Flexibility in Deriving Abstractions

Application Developer Environment

Management and Orchestration

Analysis and Monitoring, Performance and Security

Network Services
Harvest Program for
Network Open Optimized
Intelligence Network Control Plane Experience
Environment OpenFlow/
SDN
Forwarding Plane
z
Network Elements and Abstraction

Transport

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 12
12
Cisco Open Network Environment – Announced June 2012
Industry’s Most Comprehensive Networking Portfolio
Hardware + Software Physical + Virtual Network + Compute

Applications

Multi-layer API Controller Virtual Overlay

(w/ Controller)

Platform Virtual
APIs Overlays
Network a
Open Clouds with Nexus
One Platform Kit Controllers and
1000V
(onePK) Agents • Multi-hypervisor
• Programmatic APIs for Network SDN • Multi-service
• HW (IOS, IOS-XR, NX-OS) • Multi-cloud
Device • Controller SW (OpenFlow, onePK)
• OpenFlow 1.x support • Openstack support
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 13
13
Cisco Open Network Environment Building Blocks

Platform APIs Controllers & Agents Overlay Virtual

Networks

onePK SDN Nexus 1000V

Controller Software OpenStack
REST API
Comprehensive
Developer Kit OpenFlow Agent Multi-Hypervisors
IOS, IOS-XR VXLAN Gateway
and NX-OS
Services Chaining

Industry’s Broadest Approach for Network Programmability

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 14
 Cisco onePK (one Platform Kit)
Rapid Application Development

•
• C, JAVA, REST, Python
•

onePK API Presentation – Service Sets

• Data Path Policy Element Route Utility
•
Discovery Developer LISP Others…

•
•
•
onePK API Infrastructure

IOS / XE NXOS IOS XR

• (Catalyst, ISR, ASR1K) (Nexus Platforms) (ASR 9K, CRS)

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 15
15
 onePK Application Hosting Options
Process Hosting Blade Hosting End-Point Hosting

Network OS Network OS
Network OS

Container

External
Server
onePK
Blade
onePK Apps Container
Apps
onePK Apps

© 2012 Cisco and/or its affiliates. All rights reserved.

Write Once, Run Anywhere Cisco Connect 16
onePK APIs are Grouped in Service Sets

Base Service Set Description

Data Path Provides packet delivery service to application: Copy, Punt, Inject

Provides filtering (NBAR, ACL), classification (Class-maps, Policy-maps), actions (Marking,

Policy Policing, Queuing, Copy, Punt) and applying policies to interfaces on network elements

Routing Read RIB routes, add/remove routes, receive RIB notifications

Get element properties, CPU/memory statistics, network interfaces, element and interface
Element events

Discovery L3 topology and local service discovery

Syslog events notification, Path tracing capabilities (ingress/egress and interface stats,
Utility next-hop info, etc.)
Debug capability, CLI extension which allows application to extend/integrate application’s
Developer CLIs with network element

17
Cisco ONE Software Controller A JAVA/OSGI Application
Industry’s Most Extensible Controller Architecture

Cisco Apps Customer Apps ISV Apps Open Src Apps

More
REST JAVA Coming Multiple published APIs for popular
languages and software (Eg: OpenStack)

Cisco Advanced Functions

Modular architecture allows rapid adoption
of evolving controller functionality while
Core Functionality minimizing operational disruption

onePK OpenFlow More Extensible protocol support ensures

Coming
continuous adoption of emerging standards

Network
Infrastructure
Use Cases

© 2012
2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 19
 Getting Properties and Statistics

CPU, Memory, Platform, Serial #, Versions, Uptime,

System Routing

Application
Location, OIR, CLI Changes
Element

Port, Slot, BW, MTU, TX/RX, BPS, PPS, Errors, Other Stats,
Interfaces QoS
Config, Link Changes

Discovery CDP,Security
Topology Graph, Edges, Nodes, Topology Changes

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 20
20
 Setting Properties and Statistics

Application
System Location
Element

Interfaces IP address, MTU, Clear Stats, Shut/No Shut

Discovery Filters

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 21
21
 Use Case: Campus Network ―Slicing‖
Partition network for multiple user-communities—―Sandbox‖ R&D dept.

Solution

• OpenFlow experimental
support (v1.0)
Slice • Experimental controller
Slice #2 software
#1
• Integrated slicing
Cisco management
purpose-built Slice • Programmatic Interfaces
Controller for #3 (Eg. REST)
Network
Slicing
management

Consistent Policy Management for Maximum Flexibility and Innovation 22

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect
 Use Case: Agile Service Delivery for Service Providers
Monetize Via Real-time Network Adaptation and Maintain SLA

Request for
Telepresence Session POLICY ANALYTICS

HD video
Adapt to Meet SLA

onePK

Service Provider
Business Center Network Content and Application
Provider

Adaptive Architecture Optimizes Resource Utilization 23

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect
 Example: Simplified Management
Problem: Misconfigurations cause network outages, degrade performance, impact SLAs.
Value proposition: Get, set, and detect configuration changes via cross-platform API

NX3K 1
2
1. Network begins with mismatched MTU 1500
parameters on either side of link (e.g.
MTU) MTU 1518

2. Application checks parameters on either CRS

side and identifies mismatches (red lines) 3

3. Application sets parameters to match MTU 1518

4
(lines turn green)
MTU 1600
4. Application registers for events related to 9K
parameters change.
5. Users logs into console and manually 5 MTU 1600
changes parameter. Topology indicates
MTU 1500
change. 1K
MTU 1500
ISR MTU 1000

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 25
25
Example: Dynamic Bandwidth/QoS Allocation
SP Policy Server
1
2 2

Ingress PE Egress PE
4

SP Network
CPE
3 ASR 9K with OnePK
ASR 9K with OnePK Cloud Service
Customer

1. Customer requests premium access to cloud service

2. Policy server pushes customer policy to OnePK on 9k

3. SP Policy Server uses OnePK API to program higher bandwidth QoS policy for specific flow [Customer IP <---> Cloud Service IP]

4. Customer traffic matching the policy is given premium QoS treatment

Using OnePK API, SPs can build such custom apps to create differentiated, revenue generating services
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 26
26
 Example: Customer Encryption
Problem: Customers want custom encryption on specific traffic types
Value proposition: Punt traffic of interest, encrypt, and re-inject.

1. Policy APIs on ingress router are set to 1

telnet
punt telnet and syslog to app
onePK application
2. App encrypts punted traffic and re-injects encrypt
http
into data path.
2

encrypt
3. Policy APIs on egress router punt telnet
and syslog to app Unsecure
5 Network
4. App decrypts punted traffic and re-injects 3
into data path.
decrypt
5. Traffic that does not match policy passes http
through unencrypted. onePK application
telnet telnet
4

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 27
Use Case: Custom Forwarding - Transit Selection
Utilizing Topology Independent Forwarding

Cisco ONE Controller

HTTP Request HTTP Request

Openflow
Openflow
MPLS

Public Internet Site-2

Edge Router Edge Router

Internet2/Other Service
L2/L3/Label/Lambda…

Business Application Driven Requests Flow Based Traffic Steering with Flowspec
Granularity
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 28
Summary

© 2012
2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 29
 Cisco Vision: Exposing The Entire Network Value
Programmatic Control across Multiple Network Planes

Program Policies for

Optimized Experience Any Object
• Switch/Router
Application Developer • ASIC
Environment • Network Fabric
• Compute

Analysis and Any Service

Monitoring,
• Cloud
Performance and
• Collaboration
Security • Video

CISCO
• Security
• Mobility

SDN
Network
Elements and Any Layer
Abstraction • L1-7
• Control/Data Plane
• Hardware/Software
• ASICs/OS
Harvest Network
Intelligence

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 30
30
 Open Network Environment – Summary
The Industry’s Broadest Approach to Programmatic Access to the Network

• Evolutionary step for networking:

Complement/evolve the Network Control Plane where needed
• Centered around delivering open, programmable environment for real-world use cases
• No one-size-fits-all
• Cisco will support Network Virtualization, APIs and Agents/Controllers
• Joint evolution with industry and academia

• Technology-agnostic
Open Network Environment
Not predicated on a particular technology or standard www.cisco.com/go/one
Draw from Cisco technologies and industry standards

• Delivered as incremental functionality onePK

www.cisco.com/go/onepk
Many customers will use hybrid implementations www.cisco.com/go/getyourbuildon
Build upon existing infrastructure with investment protection
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 31
31
 Thank you.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 32