© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION Phil O’Reilly, CTO US Federal Brocade Federal Forum June 17, 2015 Framework for the New IP
Jul 29, 2015
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION
Phil O’Reilly, CTO US FederalBrocade Federal ForumJune 17, 2015
Framework for the New IP
The Task at Hand
• As networks consolidate across Federal, how to centralize and scale configurations, situational awareness, policy enforcement and control?• How can Federal networks respond rapidly to
changing conditions such as cyber attacks, geo political events, etc.?• How do Federal networks become flexible and
dynamic enough to accommodate mobility, machine-to-machine communications, virtualized apps, and continually changing traffic patterns?• How can the OMA and OPA (CapEx and OpEx)
costs of running Federal networks be lowered?
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 2
The New IP Framework
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 3
ORCHESTRATION
CONTROL
ORCHESTRATION
SERVICES
CONTROL
HARDWARE
Network Functions
Virtualization
Software Defined
NetworkingAPI
API
API
Portals Catalogueand ServiceManagement
Line of Business
Applications
System &Application
Development
Business Systems & Analytics
IT
The New IP Architecture
4© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION
• Virtualized Network Functions– Router, FW, VPN, ADC
• Open Daylight SDN Controller• Comprehensive monitoring &
troubleshooting tools
vEPC
MobileBackhaulNetwork
SP or Cloud Data Center
vCE
• Mobile Carrier NFV Solutions
– LTE Analytics– vEPC Service Orchestration
Enterprise Campus
SP/CarrierBackbone
vCPE
Orchestration
Virtual Analytics Platform
Network Packet Broker Network Services
MLXe
X86 COTS
Hypervisor
Subscriber Analytics
Application Analytics Network
AnalyticsDevice
Analytics SDNEngine
Vyatta
NVA
LTE RAN
YANG Tools
5© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION
BrocadeVyatta Controller
Model-Driven Service Abstraction LayerFunctional Abstraction Layer
Common NetworkServices
Standard Control Protocols and Vendor-Specific Plugins
SNMP4 SDN OVSDB OpenFlow
1.0 / 1.3NETCONF /
YANGBGP-LS /
PCEP
Legacy Switch/Router
OpenFlow Switch or Whitebox
Non-BrocadeSwitch/Router
Non-BrocadeVNF
OVS / vswitch
Brocade
Third-Party
API
API
API
API
API
API
API
API
API
API
API
API
API
API
API
APINormalized REST API
Brocade Analytics
Application
OSS / BSSService Provider
Integration
BrocadeOther Future Applications
BrocadeARB
(Application Resource Broker)
Policy and Rules Engine
OpenStackand / orNFVI
Orchestrator
Brocade VyattaVirtual Router
Brocade ICXEdge Switch
Brocade VDXData Center
Switch
Brocade vADCVirtual Application Delivery Controller
Brocade MLXCore/Edge
Router
YANG Models
YANG Models
YANG Models
Auto-Generated
Code
Network Hardware UnderlaySupporting SDN-enabled architectures
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 6SUPPORTING SDN ENABLED ARCHITECTURES
• High performance, low cost • Shift to “stackables on
steroids”• Flexible non-blocking
building blocks for high bandwidth networks
• Scale out architecture: 10G, 25G/50G, 50G and 100G
• Virtual distributed chassis simplifies and automates
Network Processor-based Switches
• Ethernet and Fiber channel Fabrics
• Built-in intelligence, automation and performance
• Custom ASICs
Fabric Switches
• Intel or Merchant Silicon platforms
• Optimized for Virtualized Network Functions
White Box Switches
Network Functions Virtualization (NFV)On-Demand Network Function Deployment
Economics• Reduces CAPEX by shifting L3-7
requirements to commodity x86 HW• Reduces OPEX by automating
provisioning and configuration
Range of services• Routing, application delivery control,
VPN, security, load balancing, call manager, evolved packet core, etc.
ON-DEMAND NETWORK FUNCTION DEPLOYMENT © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 7
X86 COMPUTE
HYPERVISOR
NETWORK FUNCTIONS
X86 COMPUTE
NETWORK FUNCTIONS
Virtualized NetworkAppliance
Virtual Machine
2008 2010 2012 2014
10X
1X
100X
1,000X
Pack
et T
hrou
ghpu
t
NehalemWestmere
Sandy Bridge
Cave Creek
Single Socket Performance
Virtualized Network FunctionsBrocade Vyatta 5600 vRouter
• New Architecture– vPlane architecture – Up to 10Gbps per Core
on bare metal– 10Gbps+ on VM with SRIOV
or PCI pass-through• Target Use Case: NFV
– High Performance Routing, Firewall, NAT, etc.
• VMware, KVM, Hyper-V, Bare Metal
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 8
Feature Highlights
Routing IPv4, IPv6, Static, PBR, OSPF, RIP, BGP, Multicast
Security IPv4, IPv6, StatefulFirewall, NAT
VPN IPSec, SSL, Route-based, L2-bridging, DMVPN
System Management CLI, RESTful API, GUI
IP Services SSH, DHCP, DNS, SNMP
HighAvailability
VRRP, Stateful Failover, Config Sync
Platforms VMware, KVM, XEN, Hyper-V, x86
The OpenDaylight ProjectFoundation for the Brocade Vyatta Controller
• Linux Foundation initiative• The leading open-source SDN
controller– More than 200 developers from
41 member companies AND individuals from user organizations
– 1.7+ million lines of code
• Open industry forum: most networking providers, many SDN ecosystem firms
• Addresses service provider and enterprise needs
• Platform-independent “narrow waist”—standardization point that allows for optimization and innovation above and below
FOUNDATION FOR THE BROCADE VYATTA CONTROLLER© 2015 Brocade Communications Systems, Inc. Company Proprietary Information
Service Abstraction LayerCommon Services
Standardized REST API
Standard Interfaces and Plugins
BGP-LSPCE-P
Customer Developed
ApplicationsVendor Developed
Applications
NETCONF
YANGOVSDBSNMPOpenFlow
1.0 / 1.3
NeutronPlugin
Vendor-Specific Plugins
Applications Services OSS/BSSOrchestration
Physical Switches and Routers
Virtual Switch and Routers Network Policy
Brocade Networking and OpenStackSelf-Service, On-Demand Fabric Provisioning
• OpenStack orchestration decreases time-to-deploy data center resources• All Brocade product lines
supported• Brocade leading industry
efforts to champion:– OpenStack support of Fibre
Channel SAN Zoning• Partnering with Red Hat,
Rackspace and Piston Cloud for commercial distros
© 2015 Brocade Communications Systems, Inc. Company Proprietary Information 10
BROCADE ZERO-TOUCH SCALE-OUT INFRASTRUCTURE
Brocade Plugins• VCS• vADX• Vyatta vRouter• MLX
Scalable & Open Cloud APIs
BrocadeVyatta
vRouterADX
vADC MLX FC SANVDX
Brocade Extensions• Fibre Channel
Service Provider Use Case: vCPE, vCE, vPE
© 2015 Brocade Communications Systems, Inc. Company Proprietary Information 11
SDN Benefits:§ Network and traffic
flow visibility§ Centralized Advanced
Policy management§ Common controller for
legacy to NFV transitionNFV benefits:
§ Agility: Click of button provisioning for new services rather than truck rolls
§ Flexibility: Easy to scale out or repurpose
§ Lower cost: Lower CAPEX running VNF on COTS versus dedicated appliances; lower OPEX from automated provisioning and typically pay as you use
vRouter
Customer Premises Access / Aggregation Core / Peering / Internet
Edge
CPE
L2-CPE
VyattaController
NFV Infra
Orchestration
LAN
L2-CPE
LAN
LAN
CPECompute
VyattavCPE
LAN
MLX
MLX
MLX
VyattavCE
VyattavPE
NFV Infra
SDN/NFV in Tactical NetworksPossible Insertion Points
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 12NIE 14.2 HIGH LEVEL ROUTING ARCHITECTURE
NFV replacement of LAN Router
Utilize SDN to perform QoS normalization
NFV WAN Router —NETCONF/YANG programmability
Compact Server Class platforms for high VM/NFV density
DiffServ PHBNetwork ControllerVoiceUDP DataTCP Data
User TCP Proxy LANR QED INE
Multicast OGPFTCPUDP
PEP
PEP
SECRET
UNCLASS
QED
QED
INE
INE
WANR
Cipher Text
NCW
MAR
MPM 1000
TCP Acceleration, Delta Based Caching
and Compression
Classify / Mark All Traffic Based on Application Type
Encapsulate Packets and Preserve DSCP from Inner to Outer
Header
Admit/Block/Preempt FlowsCongestive Severity Derived from Measurement Based Admission Control (MBAC)
Algorithm
Juniper J6350 -> MPM1000Queuing = Juniper Queuing
MPM1000 -> NCWQueuing = Internal QoS
INEBoundary
Juniper J6350 -> MARQueuing = None
MAR -> HNWQueuing = Cisco QueuingRadio to Router = PPPOE
GRE (24)
QED (2O)INE (73)
HNW
Dense Virtualization at Tactical EdgeBrocade Concept Platform
• Existing tactical server platforms are Intel Core i5/i7
– Limited to 2 cores/4 threads (few VMs)
– Multiple units required to support application workloads
– Not optimized for virtualized network functions
• Alternative compact server platform– Xeon class server (10+ core)– Capable of hosting multiple high
performance applications• UC, MC applications, NFV, VDI, etc…• Commodity HW building blocks
– Integrated compact switch provides 1 GbE user access
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 13
Network Visibility and Analytics (NVA)
© 2015 Brocade Communications Systems, Inc. Company Proprietary Information 14
Radio Access Network (RAN) Mobile Operator’s Data Center (MPC/EPC)
Backbone/ Internet
Radius/Diameter
RNC/MME
IP/MPLS Router
GGSN/P-GW
SGSN/S-GW
Orchestration
Virtual Analytics Platform
Network Packet Broker Network Services
MLXe
X86 COTS
Hypervisor
Subscriber Analytics
Application Analytics
Network Analytics
DeviceAnalytics
SDNEngine
Vyatta
NVAArchitecture• Virtual• Programmable• Open
Components• Network Packet Broker:
MLXe• Virtual Analytics Platform• NFV-based Architecture• Intelligent SDN Engine
• Orchestration EngineODL and Openstack
Software Defined Intelligence (SDI)SDN + Machine Learning
• SDI foundations: Data Science and Machine Learning
• First applications will be in “Network Learning”
– More generally: “Predictive” Security
– Predict eminent DDOS rather than reacting to an existing DDOS• “The probability you will experience
a DDOS is 0.05”
– Detecting spam prefixes in the Internet routing table based on various data sources
• Larger goal: Uncover new relationships and structure in network data
• Trivial example: “Better Data Centers Through Machine Learning”
– Google PUE example