GigaOM Structure 2013: The True Potential of Network Virtualization, Dimitri Stiliadis, Co-Founder and Chief Architect
Post on 15-Jan-2015
80 Views
Preview:
DESCRIPTION
Transcript
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
True Potential of Network Virtualization Dimitri Stiliadis (@dstiliadis) JUNE 14th, 2013
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
SDN: THE ACRONYM
•Open Networking Foundation (ONF):
Software Defined Networking
• Internet Engineering Task Force (IETF):
Software Driven Networking
MEF, ATIS, OMG, ETSI, …
Still Don’t kNow
• Industry cognoscenti:
Seemingly Different Network, Somewhat Debatable Notion, Spawning Dedicated Networks, Self Defined Networking,
Still Doing Nothing…
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
And then, Network Virtualization
6/21/2013
3
L2 Service Virtualization
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
And then, Network Virtualization
6/21/2013
4
Promise of Nirvana
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
And then, Network Virtualization
6/21/2013
5
The devil is in the details
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
And then, Network Virtualization
6/21/2013
6
What is Network Virtualization Network Virtualization =? Server Virtualization
What isn’t Network Virtualization
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
A Matter of Perspective
6/21/2013
7
APPLICATION-CENTRIC VIEW
“BLACK BOX”
Application attributes User Expectations
Application performance
AP
PLI
CA
TIO
NS
NET
WO
RK
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
A Matter of Perspective
6/21/2013
8
APPLICATION-CENTRIC VIEW
“BLACK BOX”
Application attributes User Expectations
Application performance
AP
PLI
CA
TIO
NS
NET
WO
RK
• Network is on the way
• No APIs
• Manual provisioning
• Must depend on network admin
• Network as Code
Application Developer View
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
A Matter of Perspective
6/21/2013
9
NETWORK-CENTRIC VIEW
“BLACK BOX”
Network Topology Protocols
Service stability
AP
PLI
CA
TIO
NS
NET
WO
RK
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
A Matter of Perspective
6/21/2013
10
NETWORK-CENTRIC VIEW
“BLACK BOX”
Network Topology Protocols
Service stability
AP
PLI
CA
TIO
NS
NET
WO
RK
• What do applications want?
• Can’t trust users
• Security
• Network stability
• Operations, tools ?
Network Admin View
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
A Matter of Perspective for the Solution
6/21/2013
11
Application Driven Solution Network/Protocol Solution
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
But the problem is different
6/21/2013
12
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
We Started with VLANs
6/21/2013
13
Server & Storage Arrays
Service Appliances DC Core Network
SERVER & STORAGE INFRASTRUCTURE
10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.4 10.1.1.3
10.1.1.2
• VLAN scalability • L2 core scaling issues • Management complexity • Network stability
ISSUES & LIMITATIONS
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Network Guy: Didn’t We Solve This Problem Before?
6/21/2013
14
MPLS L2/L3 VPNs
Edge
MPLS VPNs operational for 15 years with 1000s of end points Rich experience and toolsets But: • Not optimized for automatic provisioning • Not scaling to data center sizes • Perception of complexity
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Network Guy: Didn’t We Solve This Problem Before?
6/21/2013
15
MPLS L2/L3 VPNs
Edge
MPLS VPNs operational for 15 years with 1000s of end points Rich experience and toolsets But: • Not optimized for automatic provisioning • Not scaling to data center sizes • Perception of complexity
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Number of endpoints
Networking for ISPs Networking for the Cloud
Nature of connections
Connection longevity
Service Requirements Simple Dynamic
Networking for Applications
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
App Guy: Bringing Network Virtualization to the DC
6/21/2013
17
Service Request
L2-Segment
VM VM VM
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
IP Network Fabric
Router VM
Confined in single administrative domains
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
App Guy: Bringing Network Virtualization to the DC
6/21/2013
18
Service Request
L2-Segment
VM VM VM
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
IP Network Fabric
Router VM
Confined in single administrative domains
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Applications Requirements
6/21/2013
19
Source: http://docs.oracle.com/cd/E12839_01/core.1111/e12037/overview.htm
REALITY SIMPLE VIRTUALIZATION VIEW
Storage
L2-Segment
VM VM
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Hybrid Clouds and Existing Services ?
6/21/2013
21
L3 VPN Service
Multi-DC & Hybrid Clouds
Net 1 Net 2
VM VM VM VM
Router
Enterprise
Site A
DC Zone 1 DC Zone 2
Enterprise
Site A
L2/L3 VPN Service
Disaster Recovery & L2 VPNs
Subnet 1 Subnet 2
VM VM VM VM
Router
Availability Zone
VM VM
Enterprise Site 1 Enterprise Site 2
Availability Zone
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
State of the Art – Amazon VPC
6/21/2013
23
http://aws.amazon.com/articles/0639686206802544
Do it yourself Complex router configurations IP addresses, IPSec tunnels Configuration in both sites Manual complex steps
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
State of the Art – Amazon VPC
6/21/2013
24
http://aws.amazon.com/articles/0639686206802544
Do it yourself Complex router configurations IP addresses, IPSec tunnels Configuration in both sites Manual complex steps
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
AWS VPC & Managed VPNs
6/21/2013
25
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html
“Step 3: Work with a partner in the AWS Partner Network (APN) to help you establish network circuits between an AWS Direct Connect location and your data center, office, or colocation environment, or to provide colocation space within the same facility as the AWS Direct Connect location. For the list of AWS Direct Connect partners who belong to the AWS Partner Network (APN), go to http://aws.amazon.com/directconnect/partners.?
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
AWS VPC & Managed VPNs
6/21/2013
26
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html
“Step 3: Work with a partner in the AWS Partner Network (APN) to help you establish network circuits between an AWS Direct Connect location and your data center, office, or colocation environment, or to provide colocation space within the same facility as the AWS Direct Connect location. For the list of AWS Direct Connect partners who belong to the AWS Partner Network (APN), go to http://aws.amazon.com/directconnect/partners.?
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
The Design of the Right Tool
6/21/2013
27
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Properties of Network Virtualization
6/21/2013
28
Current (1st Gen)
Equivalency From an application perspective, virtual network provides same
services as before
Efficiency Statistically dominant fraction of
packets forwarded without physical network translations
Network Resource Control Controlled by physical network
(hypervisor), minimizing cross-talk (noisy neighbours)
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Proven Principles
6/21/2013
29
End-to-end Principle
• Simple core • Intelligent edges • Fate sharing
Network of networks
BGP
• Service Federation
Mobile
• Policy Driven • Soft Handoff • State distribution
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
The Internet Principles
6/21/2013
30
2. … the end-to-end argument, suggests that
functions placed at low levels of a system may be redundant or of little value when compared with the cost of providing them at that low level.
Steve Deering, 1998, “Watching the waist of the protocol hourglass”
1. Thin waist
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
The Network of Networks
6/21/2013
31
Picture from the “Salinas Union High School District”: http://www.salinas.k12.ca.us/
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Mobile Networks – Policy Driven Automation
6/21/2013
32
Soft handoff for fast mobility
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Network Virtualization Simple Core – Intelligent Edge
6/21/2013
33
HV
IP Transport
HV
HV
Decouple services from transport Tunneling as a means of abstraction Intelligent edge ACLs, QoS, Access Control IP underlay transport Distributed L2/L3/L4 processing
App
App
App
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
But What Control Plane?
6/21/2013
34
HV
IP Transport
HV
HV App
App
App
HV
IP Transport
HV
HV
Controller
App
App
App
Large complexity of end points
Ctrl
Ctrl
Ctrl
Scale, interoperability, reliability?
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Federated SDN Controllers
6/21/2013
35
HV
IP Transport
HV
HV
Controller
App
App
App
Controller MP-BGP
?
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
But this solves a larger problem
6/21/2013
36
Edge
IP Transport
Edge
Edge
Controller
IP Network
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Overlay and Underlay
6/21/2013
37
HV
IP Transport
HV
HV
Controller
App
App
App
Lack of visibility in underlay Can lead to service disruption No means to detect or react
?
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Overlay and Underlay Event Correlation
6/21/2013
38
HV
IP Transport
HV
HV
Controller
App
App
App
!
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Distributed Policy Based Networking
6/21/2013
39
Edge
IP/MPLS Transport
Edge
Edge
Controller
Policy System
App
• Pull model • Application requests trigger network action • Network validates requests and assigns resources • Controllers implement in a distributed manner
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Multi-DC, multi-Provider, multi-Vendor Cloud Networking
6/21/2013
40
40
Network Closed Black Box
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Multi-DC, multi-Provider, multi-Vendor Cloud Networking
6/21/2013
41
41
Hypervisor
Virtual Routing & Switching
Services Controller
OpenFlow
Decouple control & data plane
BGP federation Federate control plane across domains/vendors Old and new worlds
Virtualized Services Directory
XMPP
Decouple policy management & control plane
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Abstractions
6/21/2013
42
WAN Service
Enterprise Site
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
IP Network Fabric
Virtual Network Domain
BGP
Service Definition
My Network
Zone 2 Zone 1
App Tier 1 App Tier 2
Enterprise Site
Public Internet
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Solving the Puzzle
6/21/2013
43
L3 Services
MPLS VPN
Firewalls Hybrid Clouds
L2 Virtualization
Performance SLAs
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION 6/21/2013
45
THANK YOU
top related