More Related Content Similar to Building The Right Network (20) More from Cisco Canada (18) Building The Right Network1. Understand Different Overlay Approaches
Building the right Network
Joe Onisick – Principal Engineer – Cisco ACI/Nexus 9000
jonisick@cisco.com
May 2015 @jonisick
2. 2© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Challenges
and Opportunities
Open VisibilityInvestment
Protection
Automation Lowering
Opex
and TCO
Security
3. 3© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Data Center Transitions
Road to ACI/Nexus 9K
Lower TCO | Workload Flexibility | Agility | Compliance/Security
1. Morgan Stanley CIO Survey, 2013
2. HP
3. Information Week 2013 Virtualization Mgmt Survey, 2013
4. Cisco Global Cloud Index Forecast (2013-2017)
75% physical servers1
“BARE METAL”
10G LAN on
motherboard2
VM DENSITY
AND SERVER I/0
~45% of data center
Multi-hypervisor3
MULTI-CLOUD
IP traffic 25% CAGR4
BIG DATA
4. 4© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Don’t Take Our Word For it!
https://www.vmware.com/files/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf
5. 5© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Networks are complex!
They are the next silo to experience major
shift
1st Gen SDN solutions look to meet
the new technical challenges.
Why SDN, Why Now?
6. 6© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Automation & Programmability
Centralized Provisioning &
Visibility
Simplification/
Abstraction
App
Agility
Deliver New
Revenue Streams
Faster
Risk and OpEx
Reduction
Lowered OpEx
Reduced
Risk
Reduced CapEx
APIC
The Future of Networking
7. 7© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
© 2015 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public7
Programmable
Network
Third Party
Controllers
Cisco
ACI
8. 8© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Foundational Switching Platforms for the Next Decade
Industry Leading Price/Performance, Port Density:
Fastest 10G/40G /100G Platform with Merchant+
Programmability/ Open APIs: Linux Containers, Python,
Power Shell, Puppet, Chef… Ideal for DevOps!!
15% Better Power & Cooling–2.8X Better Reliability
Innovation Object Model, No Backplane,
No Midplane, Health scores
$ Multi-million Savings 40/100G on Existing Cables
using BiDi Optics. Non disruptive migration to 40G
Nexus 9000
1/10/40/100G
Standalone / ACI Ready
1011
0010
9. 9© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Road to SDN for Our Customers
Programmable
Network
Third Party
Controllers
Cisco
ACI
“DO-IT-YOURSELF”/
SCRIPTERS
DEVOPS METHODOLOGY
NETWORK VIRTUALIZATION
HETEROGENEOUS
SCALE - BGP
WORKLOAD ANYWHERE
POLICY = AUTOMATION
PRIVATE/HYBRID CLOUD
BROAD ECOSYSTEM
All Start with the Nexus Portfolio and 10/40G
10. 10© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Programmable Network
Optimized
Mobility
POAP
DevOps Tooling
Interoperable
Development
Operations
NETWORK
SECURITY STORAGE
COMPUTE
DEV OPS
ARCHITECT
DEVELOPER
QA
Open APIs
Foundation:
Nexus or ACI
PXE ONIELinux/Python
Daemon
NXAPI
11. 11© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Third Party Controllers
Multi-Tenancy & Seamless Host Mobility at Cloud Scale
Heterogeneous
Increased
Scale
Optimized
Mobility
Operational
Flexibility
Any Workload, Anywhere.
12. 12© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
The Most Complete Solution for Our
Customers
Physical, Virtual &
Containers
Open, Standards &
Secure
Automation via
Common Policy
Application Centric
Infrastructure
13. 13© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Cisco ACI Complements, Enhances and/or
Replaces Any Other SDN Offering
Bare Metal Applications
Virtualized Applications
Optional Software Overlay
Foundation:
Nexus or ACI
14. 14© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
APPLICATION LANGUAGE
?
NETWORK LANGUAGE
• VLAN
• IP Address
• Subnets
• Firewalls
• Quality of Service
• Load Balancer
• Access Lists
• Application Tier Policy and
Dependencies
• Security Requirements
• Service Level Agreement
• Application Performance
• Compliance
• Geo Dependencies
• Tenants
Application vs. Network: Two languages
15. 15© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Logical Provisioning of Stateless Hardware
SIM Card
Identity for a Phone
Service Profile
Identity for a Server
UCS Service Profile
Unified Device Management
Network Policy
Storage Policy
Server Policy
Application Profile
Identity for the Network
16. 16© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Solving Today’s Problems on a Platform for
Tomorrow
Step 2: Automate physical/virtual L4-7 service provisioning.
Only virtual services supported with network virtualization
Step 3: Deploy new applications with full app visibility
ACI is the only solution that offers app level visibility
Step 1: Automate basic network configuration.
Not handled by network virtualization/Software only overlays
VLANs
ACLsRoutes
QoS
17. 17© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
WAN
Firewall
LB to Group 2
Connect to EPG 3
Connect to Group 2
High Priority
Group Policy Model
Topology/ Service Graph
GROUP 1 GROUP 2 GROUP 3
PRODUCTIO
N POD
DMZ
SHARED
SERVICES
1 Profile
VLAN 1 VXLAN 2
VLAN 3
100s of Profiles
DEV TEST
PROD
10s of Profiles
WEB APP
DB
1000s of Profiles
Level of Segmentation/ Isolation/ Visibility
Flexibility – Mapping to Business Needs
18. 18© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
ACI Delivers Secure Multi-Tenancy at Scale
CENTRALIZED
AUTOMATION
Audit, Detect, Mitigate
EMBEDDED IN ACI INVESTMENT PROTECTION
FirePOWER Now Integrated with ACI
Validated for Deployment in PCI Compliant Networks
POLICY DRIVEN
Physical & Virtual
Automated Protection to Cover the Attack Continuum
19. 19© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
DBAPP
ADC
WEB
F/W
ADC
ESX
MGMT VMOTION
Bare
Metal
Linux
Container
ACI Integrated Security - Open, Flexible, Policy Driven
Consistent Audit, Logging, & Visibility – FIPS / CC / PCI / RBAC
ACI Policy Model – Security & Micro-
Segmentation
20. 20© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential@jonisick
Preparing Your Network for ACI
VLAN 10
Existing Infrastructure
(7K/5K/2K, 3rd party, etc.)
VLAN 20
Entry level N9K ACI Ready
bundle attached to existing
aggregation tier
New Server Group APIC Cluster
Add ACI Spines and
Controllers. Convert
redundant ToRs to ACI
one by one.