Phil O'Reilly - Framework for the New IP

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION

Phil O’Reilly, CTO US FederalBrocade Federal ForumJune 17, 2015

Framework for the New IP

The Task at Hand

• As networks consolidate across Federal, how to centralize and scale configurations, situational awareness, policy enforcement and control?• How can Federal networks respond rapidly to

changing conditions such as cyber attacks, geo political events, etc.?• How do Federal networks become flexible and

dynamic enough to accommodate mobility, machine-to-machine communications, virtualized apps, and continually changing traffic patterns?• How can the OMA and OPA (CapEx and OpEx)

costs of running Federal networks be lowered?

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 2

The New IP Framework

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 3

ORCHESTRATION

CONTROL

ORCHESTRATION

SERVICES

CONTROL

HARDWARE

Network Functions

Virtualization

Software Defined

NetworkingAPI

API

API

Portals Catalogueand ServiceManagement

Line of Business

Applications

System &Application

Development

Business Systems & Analytics

IT

The New IP Architecture

4© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION

• Virtualized Network Functions– Router, FW, VPN, ADC

• Open Daylight SDN Controller• Comprehensive monitoring &

troubleshooting tools

vEPC

MobileBackhaulNetwork

SP or Cloud Data Center

vCE

• Mobile Carrier NFV Solutions

– LTE Analytics– vEPC Service Orchestration

Enterprise Campus

SP/CarrierBackbone

vCPE

Orchestration

Virtual Analytics Platform

Network Packet Broker Network Services

MLXe

X86 COTS

Hypervisor

Subscriber Analytics

Application Analytics Network

AnalyticsDevice

Analytics SDNEngine

Vyatta

NVA

LTE RAN

YANG Tools

5© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION

BrocadeVyatta Controller

Model-Driven Service Abstraction LayerFunctional Abstraction Layer

Common NetworkServices

Standard Control Protocols and Vendor-Specific Plugins

SNMP4 SDN OVSDB OpenFlow

1.0 / 1.3NETCONF /

YANGBGP-LS /

PCEP

Legacy Switch/Router

OpenFlow Switch or Whitebox

Non-BrocadeSwitch/Router

Non-BrocadeVNF

OVS / vswitch

Brocade

Third-Party

API

API

API

API

API

API

API

API

API

API

API

API

API

API

API

APINormalized REST API

Brocade Analytics

Application

OSS / BSSService Provider

Integration

BrocadeOther Future Applications

BrocadeARB

(Application Resource Broker)

Policy and Rules Engine

OpenStackand / orNFVI

Orchestrator

Brocade VyattaVirtual Router

Brocade ICXEdge Switch

Brocade VDXData Center

Switch

Brocade vADCVirtual Application Delivery Controller

Brocade MLXCore/Edge

Router

YANG Models

YANG Models

YANG Models

Auto-Generated

Code

Network Hardware UnderlaySupporting SDN-enabled architectures

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 6SUPPORTING SDN ENABLED ARCHITECTURES

• High performance, low cost • Shift to “stackables on

steroids”• Flexible non-blocking

building blocks for high bandwidth networks

• Scale out architecture: 10G, 25G/50G, 50G and 100G

• Virtual distributed chassis simplifies and automates

Network Processor-based Switches

• Ethernet and Fiber channel Fabrics

• Built-in intelligence, automation and performance

• Custom ASICs

Fabric Switches

• Intel or Merchant Silicon platforms

• Optimized for Virtualized Network Functions

White Box Switches

Network Functions Virtualization (NFV)On-Demand Network Function Deployment

Economics• Reduces CAPEX by shifting L3-7

requirements to commodity x86 HW• Reduces OPEX by automating

provisioning and configuration

Range of services• Routing, application delivery control,

VPN, security, load balancing, call manager, evolved packet core, etc.

ON-DEMAND NETWORK FUNCTION DEPLOYMENT © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 7

X86 COMPUTE

HYPERVISOR

NETWORK FUNCTIONS

X86 COMPUTE

NETWORK FUNCTIONS

Virtualized NetworkAppliance

Virtual Machine

2008 2010 2012 2014

10X

1X

100X

1,000X

Pack

et T

hrou

ghpu

t

NehalemWestmere

Sandy Bridge

Cave Creek

Single Socket Performance

Virtualized Network FunctionsBrocade Vyatta 5600 vRouter

• New Architecture– vPlane architecture – Up to 10Gbps per Core

on bare metal– 10Gbps+ on VM with SRIOV

or PCI pass-through• Target Use Case: NFV

– High Performance Routing, Firewall, NAT, etc.

• VMware, KVM, Hyper-V, Bare Metal


Feature Highlights

Routing IPv4, IPv6, Static, PBR, OSPF, RIP, BGP, Multicast

Security IPv4, IPv6, StatefulFirewall, NAT

VPN IPSec, SSL, Route-based, L2-bridging, DMVPN

System Management CLI, RESTful API, GUI

IP Services SSH, DHCP, DNS, SNMP

HighAvailability

VRRP, Stateful Failover, Config Sync

Platforms VMware, KVM, XEN, Hyper-V, x86

The OpenDaylight ProjectFoundation for the Brocade Vyatta Controller

• Linux Foundation initiative• The leading open-source SDN

controller– More than 200 developers from

41 member companies AND individuals from user organizations

– 1.7+ million lines of code

• Open industry forum: most networking providers, many SDN ecosystem firms

• Addresses service provider and enterprise needs

• Platform-independent “narrow waist”—standardization point that allows for optimization and innovation above and below

FOUNDATION FOR THE BROCADE VYATTA CONTROLLER© 2015 Brocade Communications Systems, Inc. Company Proprietary Information

Service Abstraction LayerCommon Services

Standardized REST API

Standard Interfaces and Plugins

BGP-LSPCE-P

Customer Developed

ApplicationsVendor Developed

Applications

NETCONF

YANGOVSDBSNMPOpenFlow

1.0 / 1.3

NeutronPlugin

Vendor-Specific Plugins

Applications Services OSS/BSSOrchestration

Physical Switches and Routers

Virtual Switch and Routers Network Policy

Brocade Networking and OpenStackSelf-Service, On-Demand Fabric Provisioning

• OpenStack orchestration decreases time-to-deploy data center resources• All Brocade product lines

supported• Brocade leading industry

efforts to champion:– OpenStack support of Fibre

Channel SAN Zoning• Partnering with Red Hat,

Rackspace and Piston Cloud for commercial distros

© 2015 Brocade Communications Systems, Inc. Company Proprietary Information 10

BROCADE ZERO-TOUCH SCALE-OUT INFRASTRUCTURE

Brocade Plugins• VCS• vADX• Vyatta vRouter• MLX

Scalable & Open Cloud APIs

BrocadeVyatta

vRouterADX

vADC MLX FC SANVDX

Brocade Extensions• Fibre Channel

Service Provider Use Case: vCPE, vCE, vPE


SDN Benefits:§ Network and traffic

flow visibility§ Centralized Advanced

Policy management§ Common controller for

legacy to NFV transitionNFV benefits:

§ Agility: Click of button provisioning for new services rather than truck rolls

§ Flexibility: Easy to scale out or repurpose

§ Lower cost: Lower CAPEX running VNF on COTS versus dedicated appliances; lower OPEX from automated provisioning and typically pay as you use

vRouter

Customer Premises Access / Aggregation Core / Peering / Internet

Edge

CPE

L2-CPE

VyattaController

NFV Infra

Orchestration

LAN

L2-CPE

LAN

LAN

CPECompute

VyattavCPE

LAN

MLX

MLX

MLX

VyattavCE

VyattavPE

NFV Infra

SDN/NFV in Tactical NetworksPossible Insertion Points

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 12NIE 14.2 HIGH LEVEL ROUTING ARCHITECTURE

NFV replacement of LAN Router

Utilize SDN to perform QoS normalization

NFV WAN Router —NETCONF/YANG programmability

Compact Server Class platforms for high VM/NFV density

DiffServ PHBNetwork ControllerVoiceUDP DataTCP Data

User TCP Proxy LANR QED INE

Multicast OGPFTCPUDP

PEP

PEP

SECRET

UNCLASS

QED

QED

INE

INE

WANR

Cipher Text

NCW

MAR

MPM 1000

TCP Acceleration, Delta Based Caching

and Compression

Classify / Mark All Traffic Based on Application Type

Encapsulate Packets and Preserve DSCP from Inner to Outer

Header

Admit/Block/Preempt FlowsCongestive Severity Derived from Measurement Based Admission Control (MBAC)

Algorithm

Juniper J6350 -> MPM1000Queuing = Juniper Queuing

MPM1000 -> NCWQueuing = Internal QoS

INEBoundary

Juniper J6350 -> MARQueuing = None

MAR -> HNWQueuing = Cisco QueuingRadio to Router = PPPOE

GRE (24)

QED (2O)INE (73)

HNW

Dense Virtualization at Tactical EdgeBrocade Concept Platform

• Existing tactical server platforms are Intel Core i5/i7

– Limited to 2 cores/4 threads (few VMs)

– Multiple units required to support application workloads

– Not optimized for virtualized network functions

• Alternative compact server platform– Xeon class server (10+ core)– Capable of hosting multiple high

performance applications• UC, MC applications, NFV, VDI, etc…• Commodity HW building blocks

– Integrated compact switch provides 1 GbE user access


Network Visibility and Analytics (NVA)


Radio Access Network (RAN) Mobile Operator’s Data Center (MPC/EPC)

Backbone/ Internet

Radius/Diameter

RNC/MME

IP/MPLS Router

GGSN/P-GW

SGSN/S-GW

Orchestration

Virtual Analytics Platform

Network Packet Broker Network Services

MLXe

X86 COTS

Hypervisor

Subscriber Analytics

Application Analytics

Network Analytics

DeviceAnalytics

SDNEngine

Vyatta

NVAArchitecture• Virtual• Programmable• Open

Components• Network Packet Broker:

MLXe• Virtual Analytics Platform• NFV-based Architecture• Intelligent SDN Engine

• Orchestration EngineODL and Openstack

Software Defined Intelligence (SDI)SDN + Machine Learning

• SDI foundations: Data Science and Machine Learning

• First applications will be in “Network Learning”

– More generally: “Predictive” Security

– Predict eminent DDOS rather than reacting to an existing DDOS• “The probability you will experience

a DDOS is 0.05”

– Detecting spam prefixes in the Internet routing table based on various data sources

• Larger goal: Uncover new relationships and structure in network data

• Trivial example: “Better Data Centers Through Machine Learning”

– Google PUE example



Thank you

Phil O'Reilly - Framework for the New IP

Government & Nonprofit

brocade communications

federal networks

network sp

machine communications

network hardware underlay

yang tools

supporting sdn

sdnenabled architectures