Embed Size (px)
Citation preview
The New IP
What is the New IP? It’s the old IP reimagined for our modern world, and designed to meet the needs of cloud, mobile, social and big data.
The new IP is both hardware and software….and it has both business and technology benefits.
Let’s compare where we are today, to the promise of the New IP, and then talk about the advantages and implications of this transformation.
The old IP is based on closed, proprietary systems, innovation cycles are constrained by custom hardware, and provisioning network resource is difficult and manual. Security is bolted on, interoperation is achieved through standards, vendors are at the center of the ecosystem, costs are high, and innovation is slow.
The New IP is based on open source, riding on commodity hardware and merchant silicon, and provisioning network resource is automated and self service. Security is built in from the start, interoperation is achieved through open APIs, the customer is at the center of the ecosystem, capex and opex costs are lower and innovation happens at the speed of business.
And some surprising things become possible with the New IP.
Your data center goes from the back office to the front door….from a cost center to a revenue engine.
The data center is without walls, you can scale out as easily as you can scale up or down.
The network IS the data center, and the data center is the network. Your applications, where appropriate, are network aware, and your network is aware of the application and its needs. Network services, security and QoS can be attached to, and move with, each application.
There is no edge to the New IP network, not as we know it today.
And instead of having to buy everything up front from your vendors, and bear all the risk of gaining the value of your investment. In the New IP you pay for what you use, as you use it. No contract term, cancel when you want, upgrade at any time without penalty, in fact….never buy another piece of physical equipment if that’s your preference.
The New IP is a modern network, built on your time, and your terms.
Getting Started in the Data Center
To meet the escalating expectation of users and close the relevance gap, you’ll be using private clouds, public clouds or a hybrid solution, and you’ll need to move data and workloads among them. You need something programmable to support rapid innovation. And costs need to come down, ideally paying as you use technology and get real value.
So what’s the architecture of a New IP network and how do you get there?
Let’s start with NFV (network functions virtualization)…basically replacing the routers, switches, firewalls, load balancers, application delivery controllers, and other physical equipment you already have with software. Reduce capex, in some cases by 90%, and opex, and increase your ability to spin up and down resources as you need them. Your services become mobile. You can take all the network services an a virtualized application needs, and put them right next to the VM on the same server. The application doesn’t need to leave the server, and as a result you reduce your north/south traffic, and your costs. You also increase security you provide a virtual firewall security layer attached right to each application, and it moves with the application as it moves around your infrastructure.
You also need SDN, which provide the tools to manage and control the network services and infrastructure, whether its been virtualized or not. Open Day Light is an opensource SDN solution that provides granular visibility and control over network functions. It allows you to visualize, control, provision, and manage your resources. And it does it in an automated fashion. Any service in the network that you’ve created, physically or virtually, can be controlled by one SDN controller in a fully programmable way. You can standardize data modules using YANG and NetConf, and use REST APIs to mix and match vendors in your network.
But the network is only one important part of your infrastructure. You have compute and storage too. And that’s where orchestration comes in. OpenStack, an opensource protocol for the orchestration layer, can provide the same benefits of ODL at the network layer across compute, data and network. In addition, because you are likely to have a multi-cloud environment (private and public) you have to make the clouds work together in a predictable, scalable and manageable way. And openstack orchestration provides that ability, allowing your orchestration to stretch across your full environment.
This is all the cool stuff. It’s what’s called the ‘overlay’. But if you have an overlay, you need an ‘underlay’ to go with it.
You have to be able to forward the packets. Fabrics are the most often-recommended underlay architecture, specified by companies like VMWare, Cisco
and Brocade to name a few. Today’s rigid architecture in most data center networks…hierarchical and topologically dependent….won’t allow you to take advantage of the agility of the virtual constructs of NFV and SDN. That’s why fabrics are so critical, and why so many analysts recommend them too.
Why use a fabric underlay? You need an infrastructure that is flexible, scales up and out, and adapts to handle instantaneous changes in traffic flows, flow sizes, packet sizes and protocols. In fact, you probably want this even before you move to the rest of the New IP architecture.
Fabrics deliver New IP value today, into your current network, by creating a giant sandbox in which your virtual applications are optimized for virtual deployment. Because applications are now modular and distributed, its important for the network to be aware of where these modules live and how they relate to each other. The network fabric is virtual-machine-aware, and this increases capacity of traffic flow dramatically, along with the speed and performance of the network. Why? Because the traffic automatically takes the shortest or best path. It can move ‘east-west’ saving money and time compared with traffic flow that’s limited to ‘north-south’ directions because of rigid topologies.
The automation of fabrics reduces opex, increases performance and availability, and sets you up for your NFV and SDN migration.
And what about security? Security must be pervasive and behavioral-based. You need a programmable network to take advantage of the state of the art security capabilities available in the new IP ecosystem. For example, you may need to create virtual DMZs when the network, or the security layer, perceives inappropriate action. Since Fabrics minimize the number of hops and automate otherwise manual functions, they increase the inherent security in a network.
NFV and SDN make services mobile, and allow firewalls and other services to be deployed with and tied to the application. This delivers fine grained security that’s ubiquitous and mobile. The result is a network that can adapt to security requirements in real time. Hyper optimized, by individual session.
There are 5 must have’s with any fabric.
1. True Democracy: This means every switch is equal t to every other switch. The architecture is flat, without hierarchy, so that there is no single point of failure. This result of a flat layer 2 or 3 surface that a self forming and self healing network. All paths are equal and available, and devices of different capacity and design can be mixed together. You can mix and match chassis and fixed configuration (ie: pizza boxes)…meaning the religious wars around architecture are rendered meaningless. Use both.
2. Distributed Intelligence. Every port is aware of every other port. This means you can move workloads with their associated characteristics (called automatic migration of port profiles, AMPP). These characteristics access control, QOS and other port-oriented application characteristics. A fabric should abstract this information and thus give you the ability to move workloads at will. And if a port is lost, the workload is moved to an available port, so you don’t degrade availability.
3. Native Automation: Fabrics should be built from the ground up for automation, making them five to ten times faster to deploy than individual elements and providing a range of additional capabilities such as AMPP self configuration and self healing. Native automation delivers near perfect load balancing throughout the mesh, at layer one. You don’t need additional devices or manual configuration. Native automation is critical to get New IP benefits from your network underlay, for scale, availability and performance without human intervention and lost time.
4. Absolute persistence. This means when you form a fabric it will, to the very last port on the very last switch, optimize and maximize the flow of traffic through the fabric. You can lose a port, or a whole switch, and the fabric will react in real time and balance. You get transparent interconnection of lots and lots of links. It works like the Internet itself. In a classic or hierarchical architecture, the network can shut down until human intervention fixes the problem.
5. Fast! This means no compromise between scale and latency. Fabrics take the most efficient path, automatically. They should combine hardware performance with software programmability. Since a fabric by definition means you have more than one node, you can’t be forced to compromise scale or latency because you add nodes. You need to be able to be really big, and really fast. That’s what a fabric does.
Your data is your most precious asset, and applications are only as effective as the data they source. But today we consume an unprecedented variety of data through a unprecedented number of applications. And the best way to hook them together in an efficient, scalable and reliable way is through the mediation of a fabric. It’s the foundation of the New IP, and it unlocks value and creates freedom even in your current network, with our without the additional benefits of NFV or SDN.
What About the Edge?
The edge isn’t always a physical place anymore as much as a set of activities….it’s where the user interfaces and interacts with an application. The application lives in the cloud or in the data center. The user can be anywhere they want to be, and the edge moves with the user.
So instead of thinking about the edge in physical terms, lets first think about what we need to do at this interface? As a user interacts with data or an application, you need to apply the services and policies that control the interaction. And the actions
will vary based on who you are, where you are, and what rights you have. Based on the answers, we can apply policies that are expressed through network services, like routing, firewall, QOS, and so forth.
You can virtualize just about any service, so where this wrapper of policy occurs can be anyplace, just like the application. The edge is wherever this is happening. We might push policies to any device with compute capability, or with access to it. So for mobile devices, you don’t need a physical edge. And this is where virtual edge software and services fit into the picture, often called vCE (virtual consumer edge). A first step in this direction doesn’t require a full vCE architecture. You can start with vCPE. For example, replace your stack of equipment, such as physical routers, firewalls, and/or load balancers, with a suite of software that includes routing, VPN, firewall, NAT and other services. You can load it onto an existing server at any site and manage it remotely.
But you still have places in your network that are the classic edge, with a physical router or switch that embodies and delivers these network services. And there will always be places where there is value in having a physical expression of the edge. Can you get the value of virtualization, but in the physical network edge?
The classic edge is changing. Traditionally, to provide services at the physical edge, we would stack up edge switches, and each one needed to have all the services you needed at that location. The need for homogeneity among the switches means you spend a lot more money than you should, which may make your vendor happy but isn’t delivering value to your users.
So a step towards the new edge is a hyper edge architecture, which allows you to mix and match low cost, low performance switches with higher cost feature reach switches. You can get the benefits of virtualization, in that you can imbue the whole bundle with the full set of capabilities, just by having that capability on one of the devices. Instead of the stack being defined by its least common denominator, it’s now defined by its most feature-rich member.
Or as a really easy first step, just make sure your edge device is SDN ready and able to be managed by openflow and your SDN controller. Even if you don’t use the programmability today, it will be there for you in the future. You need an edge device that supports SDN protocols alike OpenFlow and WXLan, and management protocols like sFlow. You can use this capability to programmatically control your physical edge. It’s like SDN on training wheels. You can experiment with SDN protocols without having to change your entire network configuration.
The point is, there are many ways to get started on your journey to the New IP, and to start getting value today.
Why Brocade?
Brocade was born in 1995….at the start of the last big transition.
Today we’re a $2.3B company with #1 market share position in the SAN switching market and #2 overall in the data center. 70% of our revenue comes data center storage networking, where we are the undisputed leaders in Ethernet Fabrics and we have 70% share of the SAN switching market (Cisco has the other 30%), We’re the undisputed leaders here because no one is better at Brocade in helping companies connect heterogeneous data storage environments and move their data among these different devices and protocols. Our partners include EMC, HP, IBM, Dell, HDS and others. Partnering is at Brocade’s core.
Nearly every Fortune 500 company and major organization around the world relies on Brocade technology in the data center to support their most businesses, the ones that require high performance and high availability.
But now the market is in transition again. The pressures cloud, mobile applications, the drive to be a digital business, and security concerns have strained the old IP networks technically and constrained business innovation, forcing companies to rethink their infrastructure strategy. And Brocade may an early bet on open technologies to meet these new business needs.
Brocade’s strategy is built around the New IP.
Our virtual services platform includes a virtual router, stateful firewall, VNP and NAT in a single software suite. We also offer virtual loadbalancing and application delivery control. We just launched the industry’s first multivendor ODL controller. Download them for free off our website and start gaining experience and immediate value. More than 1.5 million routers have been downloaded so far, with an estimated 100 million hours of production time.
And Brocade has the only vRouter and network software suite built from the ground up to run on the Intel chip, not ported to it after original design. Which is why it has the industry’s best performance, independently verified to do 80Gbps line rate on a single server using 3 Intel cores.
Brocade has the only ODL controller that can manage our own equipment as well as other vendors. We use open APIs as the northbound interface to ensure your orchestration layer can translate business needs into machine language.
Our VDX data center switch, and our ICX campus router, are open flow enabled and ready for your move to SDN. Among many thing, the VDX family offers a new high density, 40G switch that will soon scale to 100G, in a one RU configuration. We can translate to and from VXLAn protocols to allow you to integrate and mix and match your installed environments and connect them to your controller, which is
particularly useful in NSX environments. (This is called VTEP, and Brocade does it better than any other vendor). That’s a powerful pizza box with remarkable density. A big difference between us and other vendors is our commitment to line rate performance, where others focus on over-subscription. This is why you find Brocade in data centers that demand highest performance and reliability.
In virtualized environments, extensible vLAN tunnels disappear from the network’s vision…you can see the packet on each end, but you can’t track it through the tunnel. Which, from a security perspective, isn’t great. Brocade’s VDX can do this with half the number of steps (using RIOT) where other vendors require twice as many steps. This is particularly helpful in VMWare NSX environments, as is our integration with vRealize.
And of course, we have the leading fabric in the industry. The software used in this fabric (called VCS) is in its fifth generation, with rich support for SDN and virtualized environments at both layer 2 and layer 3. It scales out and up better than any fabric in the industry, there is no trade off between scale and latency.
When you purchase Brocade products, we offer the option of Brocade Network Subscription, which lets you pay as you use without a term commitment and with the ability to upgrade at any time. In fact, for most companies, the monthly opex on your existing maintenance contract for your old data center or campus IP network will get you a brand new network, one that provides the familiarity of the old IP and the benefits of the New IP.
Only Brocade is conflict free in its commitment to the New IP. We have the leading virtual routing platform, the best ODL controller, and the leading fabric. We want to help you move to the New IP, in your time and on your terms.
The only question now is where you want to start the journey.
