Introduction of Introduction of ProgrammableFlowProgrammableFlow

December 2011NEC Corporation

NEC Confidential

CONTENTSCONTENTS

2. The new paradigm shift 2. The new paradigm shift ““OpenFlowOpenFlow””

3. What is 3. What is ProgrammableFlowProgrammableFlow??

4. Solution models realized by 4. Solution models realized by ProgrammableFlowProgrammableFlow

5. Actual case5. Actual case

6. Product information and distributions6. Product information and distributions

1. Current issues of data center network and the solutions1. Current issues of data center network and the solutions

NEC Confidential

Current issues of data center network and the solutions

Page 3

NEC Confidential

Existing network configuration

Bandwidth controller

Bandwidth controller

Bandwidth controller

BandwidthcontrolFirewall

Virus checkInvasion detection

User authentication

Load balancer

Current issues in the data center and network

Various applications

インターネット／ＶＰＮ

Increase in network device cost (silo type)- All devices are overdesigned, allowing for the possibility of future load increase.- Appliances are required in each tenant.

Various networkappliance devices

CacheCache server

Cache

ＶＭＶＭ ＶＭ ＶＭ ＶＭ ＶＭ ＶＭ ＶＭ ＶＭ ＶＭ ＶＭ ＶＭ

・・・・

Increase in operational cost due to network complication- Enormous configuration design/settings/control are required foreach device.- Network control for each tenant needs laborious operation.

It takes time for the network to recover from failures.- It is difficult to locate the failure point.- The operator has to gather all the logs involved for analysis.

Network can’t keep up with server virtualization-There are so much restriction on VM migration (it has to stay within VLAN)- It’s a lot of work to change network when adding/changing VM

Data centers have a vertically divided network device configuration on a company, division, or system basis (silo approach), which causes huge device and operational costs.

Internet etc

Page 4

Bandwidthcontroller

Router Router・・・

RouterRouter

FWFW

L2SW

LB

L2SW

LB

L3SWL3SW

L2SW L2SW L2SW

L2SWL2SW

NEC Confidential

Example of ProgrammableFlow network configuration

Solutions using ProgrammableFlow

CentralcontrolProgrammableFlow

Switches

ProgrammableFlow ProgrammableFlow ControllerController

Virtual servers

ＶＭ ＶＭ ＶＭ ＶＭ

Internet etc

Various networkappliance devices

Reduction in device cost by network virtualization- Start small and scale to the optimal size.- Sharing and scale out of various appliance devices.

Reduction in operational cost by network simplification-Configuration design/settings/control for each device are not required anymore.- It is easy to manage by using the virtual tenant network.

Rapid failure recovery by network visualization- The data flow and static information are shown visually on GUI.- It is possible to control SLA by setting the source as a key.

Best suitable network for server virtualization- Network is changed automatically without any constraint on VM migration. - The operation for changing network is simplified when adding/changing VM.

Central control of communication traffic and network virtualization enables drastic reduction in device and operational costs, and flexible operation of virtual servers.

ＶＭ ＶＭ

FirewallVirus check

Invasion detection

User authentication

BandwidthcontrolLoad

balancer

Cache server

Page 5

Router Router・・・

RouterRouter

NEC Confidential

The new paradigm shift “OpenFlow”

Page 6

NEC Confidential

▐ Standard spec. is defined in OpenFlow Consortium. http://www.OpenFlowswitch.org/ Proposed by Prof. Nick McKeown at Stanford University. OpenFlow protocol standard spec “OpenFlow Switch Specification” is defined.

Ver. 1.0 was released in Dec. 2009. Member:

• NEC, HP, Juniper, Cisco, Arista, Nicira, Ericsson, Broadcom, DellGoogle, DT Lab, NTT DoCoMo lab and others.

NEC leads the specification definition and trial development of OpenFlow.

Page 7

Development of the next-generation network technology (OpenFlow) and its standardization trend

▐ Background The limitation of one fits all IP- based network.

• The network system itself is overcomplicated due to the diversification of NW usage.

Realization of the infrastructure having programmability and virtualization at the same time

http://www.OpenFlowswitch.org/

NEC Confidential

▐ Open Networking Foundation (ONF): 2011/3/21 http://www.opennetworkingfoundation.org/

▐ Purpose: Standardization and promotion of Software-Defined Networking

(SDN) (OpenFlow)

▐ Members (As of May. 2011) Board of Directors:

• Deutsche Telekom, Verizon, Google, Facebook, Yahoo, Microsoft Member:

• Big Switch Networks、Brocade、Ciena、Cisco、Dell、Ericsson、Extreme Networks、 Force10 Networks、HP、IBM、IP Infusion、 Juniper Networks、NEC、Netgear、Netronome、Nicira、Nokia Siemens、Plexxi、Riverbed、Vello System

OpenFlow Standardization

Page 8 Copyright (c) NEC Corporation 2011. All rights reserved

http://www.opennetworkingfoundation.org/

NEC Confidential

Rule Action StatisticsRule Action Statistics

Page 9

Central control by OpenFlow technology

▐ Packet transferring and routing control functions are separated by the flow control protocol.

▐ By controlling traffic on a per-flow basis, advancement in routing control, network virtualization, and visualization can be realized.

OpenFlow Controller

Server

OpenFlow

Protocol

■If a switch receives a flow which is not shown in the flow table, the switch inquires of the controller about the flow.■The controller calculates the optimal path

to the address and registers the flow table based on the calculation result in each switch involved.

ActionStatistic

s

Rule

Flow Table

PacketPac

ket

Per-flow packet transfer function

OpenFlow Switch

Routing control function(fault recovery, load distribution,

optimization)

NEC ConfidentialPage 10

“Flow”= Switching/routing are performed by identifying a specific communication traffic based on the combination of arbitrary addresses/identifications in the layers L1 (physical port, etc.) , L2 (MAC), L3 (IP) and L4 (port No.) and selecting the optimum route according to the handling policy of the traffic.

【What is flow switching?】

What is flow switching?

In flow switching, data is transferred based on the “flow”, unlike the existing network devices.

L1 L2 L3 L4

DataSrcMACVLAN

PrioritySrcIP

TCP/UDPSrc Port

TCP/UDPDst Port

DstMAC

DstIP

IngressPort

EtherType

VLANid

IPToS

IPProto

【Existing network devices】

L2 (MAC) switching L3 (IP) routing

Switching/routing according to destination addresses in L2/L3 layers.

(Firewall etc)

NEC Confidential

Definition of flexible flow filteringPort, VLAN ID,

(i.e.)L2, L3, L4, …

Actions for flow(i.e.)

Unicast and Multicast

Flow statistic information(i.e.)The number of packet and

byte, connection time

Example of actions using OpenFlow

Definition of flow and flexible processDefinition of the flow

Page 11

Example of extend actions using NEC ProgrammableFlow

1.

Unicast

2.

Multicast

4.

Waypoints

3.

Multipath

Flow 1.

Flow N.

Rule(exact & wildcard) Action Statistics

Rule(exact & wildcard) Default Action Statistics

Example of actions

NEC Confidential

FirewallLoad balancer

(3)

Advancement in the route control using flow switching

Server

Flow 1Flow 2

Application 1 Application 2

Switch

Controller

Application 1Application 2(2) One sided flow

(1)

(1)

(2) Capable of maintenance

Page 12

■ Route control by OpenFlow(1) Efficient use of the network band by the route control on a per-flow basis.(2) Improvement in the ease of maintenance of network devices by one-sided flow.

■ The function that becomes available through the use of ProgrammableFlow(3) It is possible to specify which device (such as LB and FW) the packet go through.

FW LB

NEC Confidential

What is ProgrammableFlow?

Page 13

NEC ConfidentialPage 14

Goals of ProgrammableFlow

ProgrammableFlow controller

Virtualization can simply build a structure in which a group of physical network devices is shared by multiple systems. It is becoming almost impossible to configure complicated settings (such as settings in existing routing and VLAN) to all devices.

1. Network virtualization

The existing IP network cannot follow the dynamic behavior of the virtual machines flexibly.

To use the best of virtual machines, it is necessary to fundamentally change the network design concept.

2. Dealing with server virtualization

▐ ProgrammableFlow provides a new network solution by using the next-generation network technology “OpenFlow”.

ProgrammableFlow = OpenFlow + NW simplification + NW virtualization+ NW visualization

“ProgrammableFlow” Keywords are two “virtualization”

Network resourceComputer resource Sensor resource

Virtual machine

Dynamically changeablenetworkDynamically movable

virtual computer

Virtual Infrastructure A

Virtual Infrastructure B

Open Interface (OpenFlow)

Infrastructure virtualization/optimization of each user and service

ProgrammableFlow switch

NEC Confidential

Easy to define virtual networks (segments) independent of physical topology.Network can be free from VLAN complexity and simplified!

▐ Management of tenants by VLAN on each NW equipment (segmentation) is getting more and more complicated.

▐ ”Virtual Tenant Network” can segment network virtually, namely, network virtualization.

1. Network virtualization

ProgrammableFlow network

VLAN VLAN VLAN VLAN

Legacy network structure

VLAN: considering physical topology VTN: independent from physical topology

AccessSW

CoreSW

Distribution SW

Page 15

VTN2

controlManaging multipleswitches as if onevirtual big switch

VTN1

Server pool

ProgrammableFlowController

Virtual Tenant Network

Mapping physicalentities

ProgrammableFlow Switches

© NEC Corporation 2011

NEC Confidential

▐ Since ProgrammableFlow is a location-free network, it is easy to change settings when VM is migrated or added. It’s also easy to migrate VM from one VLAN to another (such as V-Motion).

It is necessary to consider the VLAN design of whole NW network according to the network VM has been migrated to. Thus settings must be made on each switch affected.

Since the virtual network cancels the effect of VM migration, the whole network setting change is not necessary. User-friendliness is also improved as a user can handle the operation by only using the controller.

ProgrammableFlow switchProgrammableFlow switch(physical NW)(physical NW)

No need to change v network

Existing VLAN network ProgrammableFlow network

Segment migration

VLAN 1 VLAN 2

affected area

VLAN 1

Change fromVLAN 2 to1

VM

*affected areaCorrespondence between the physical port of PFS connected to VM host and the virtual network is set. If it is already registered in the virtual network VM has been migrated to, it is possible to set up automatically without additional operation.

NW 2NW 1VM

affected area※

NW 1

2. Dealing with server virtualization it is easy to change network accordingto VM migration.

Page 16

L2 SW

Virtual NW

NW 1

vRouter

NW 2

VMVM

ProgrammableFlowProgrammableFlowcontrollercontroller

Router

L2SWVLAN 1invalidation

L2SW

L2SWL2SWL2SWL2SW

NEC Confidential

L2SW

L2SW

Router

Router

■■ Existing network Existing network

P-Flow physical network

Virtual tenant network (VTN)

ProgrammableFlow network configuration techniqueAn user only defines the logical connection configuration of the network and set it to the controller. The controller generates the flow table which realizes the configuration of the virtual logical network and develops it on the physical network automatically.

The controller automatically develops thelogical network configuration to the physicalnetwork. The controller also automatically controls the detour of traffic when a failure occurs and distribution of traffic when a switch is added.

Addition

Logical NWdesign only

Existing network design configuration techniqueIP address and VLAN connection are designedconsidering the physical network.The configuration of each physical switch is designed based on the NW configuration info. and then set it to each switch.

1. IP address design

2. VLANdesign

3. Logical config.is designed considering the physical config.

ProgrammableFlow makes network configuration easier!

Page 17

ConfigSw3

ConfigSw2

ConfigSw1

NEC Confidential

Existing technology ProgrammableFlow

The form of network

Autonomous, distribution control Central control

Logical separation IP address/MAC address/VLAN Flow basis (from L1 to L4)

Network configuration

(Logical)

IP address centered network configuration

(The physical network and logical network have the same

configuration)

Network can be configured as you wish without considering the

physical configuration.

Configuration Configuration needs to be made on each device (each switch)

Central control by a controller(auto settings)

Dealing with live migration

VLAN setting/design is set on eachdevice manually

The server is registered on the physical plane of the controller.

Automatically followed.

Comparison between existing technology and ProgrammableFlow

Page 18

ProgrammableFlow is best suited for virtual network

NEC Confidential

Solution models achieved by ProgrammableFlow

Page 19

NEC Confidential

NW visualization

The flow-based traffic volume investigation detects the failure/quality deterioration of the communication route.

Detection of quality deterioration

Visualization of route

NW virtualization Network is virtualized and ease the constraint on physical

configurationReduction in the initial cost due to scale-out Virtual tenant environment is easily realized

without any physical constraints.

ProgrammableFlow enables simplification, virtualization, and visualization of network

Features of ProgrammableFlow

Operational cost can be reduced by centrally control switches from the controller.

Simplification

ProgrammableFlowProgrammableFlowController(PFC)Controller(PFC)

ProgrammableFlowProgrammableFlowSwitch(PFS)Switch(PFS)

Centralcontrol

Page 20

ＰＦＳＰＦＳ

ＰＦＣＰＦＣ

VTN4VTN3VTN2VTN1

The virtual network hides physical configuration.

Centralcontrol

NEC Confidential

Load Balancer Fire Wall

The complicated data center configuration is simplified by the combination of virtual servers (VM), virtual switches (VS) and virtual NW appliances. Also dynamic resource operation can be possible.

Virtual MachineVirtual MachineVirtual MachineVirtual Machine

OpenFlow network configuration

ProgrammableFlowswitch

Load Balancer Fire Wall

Internet/VPN

OS

Application

OS

Application

L2,L3, L4LB&FW

LB FW

ProgrammableFlowController

Web-AP Application APL

Network pool

1. Features of ProgrammableFlow Simplification and resource optimization

Page 21

OS

Application

OS

ApplicationServer poolAppliance pool

・・・

Existing network configuration

Server additionERP ASP Custom AP

Bandwidth controller

Bandwidth controller

Bandwidth controller

インターネット／ＶＰＮInternet etc

Bandwidthcontroller

Router Router・・・

RouterRouter

FWFWL2SW

LB

L2SW

LBL3SWL3SW

L2SW L2SW

L2SWL2SWIndividual settingusing a different

tool for eachequipment type

complicationHigh administration

cost

NEC Confidential

2. Features of ProgrammableFlow Network scale out

Initial cost is reduced and scale-out can be realized.Existing network

Virtualization

High initial cost

Large network devices are introduced allowing for

future load increase.

ProgrammableFlow network

Scale-out of the network is realized

A small start can reduce the initial cost

Flex scalability dueto scale-out

Page 22

NEC Confidential

Network virtualization can solve the problem quicker

Since the data flow of overall network cannot be grasped, it takes timeto analyze logs when a failure occurs.

Existing network

Log

Log

Log

Log

ProgrammableFlow network

In autonomous and distributed network, it is necessary to gather

information for failure investigation.It takes time to locate the cause of

the problem.

Virtual and physical topologies arevisually grasped.

Data flow can be checked on GUI.Rapid failure discovery is

achieved.

3. Features of ProgrammableFlow network visualization

Page 23

NEC Confidential

Actual case

Page 24

Page 25

Request from customer: Reduction in operational cost(1) Changing the culture of network operation.(2) Reducing the operational/maintenance cost caused by

migration.

Request from customer: Reduction in operational cost(1) Changing the culture of network operation.(2) Reducing the operational/maintenance cost caused by

migration.

The World’s First Introduction to Business System: Nippon Express Co., LTD ▐ Background of the introduction

The common infrastructure of platform was prepared by gathering all the servers in order to achieve ICT resource efficiency and enhancement of governance.

Additional virtual servers are required after the server integration. In addition, network needs to be redesigned and reconfigured after each migration. Therefore, the operational cost of network has increased.

Customer’s aim of introduction

Significantly reduce the load of operation by simplifying network throughcentralized control. Realize the multi-tenant network virtualization environment easily without

physical restriction. The cause of failures in communication path and quality deterioration are visually

found instantly through network visualization.

Significantly reduce the load of operation by simplifying network throughcentralized control. Realize the multi-tenant network virtualization environment easily without

physical restriction. The cause of failures in communication path and quality deterioration are visually

found instantly through network visualization.

Suggesting new approachSuggesting new approach

NEC Confidential

System configuration for NIPPON EXPRESS CO., LTD.

Page 26

2 ProgrammableFlow controllers2 ProgrammableFlow controllers

・・・・

- Network is centrally controlled from a controller.- Cluster configuration is used to secure reliability.

About 200 IA serversAbout 200 IA servers

They can be mapped freely on the virtual network without any restraints on the accommodated location of the server ports.

8 ProgrammableFlow switches8 ProgrammableFlow switches

OpenFlow

Scalable network configurationenabled by hyper cube

NEC Confidential

Product information and distribution

Page 27

NEC Confidential

Products for Japanese Market

▐ UNIVERGE PF series (ProgrammableFlow)

UNIVERGE PF6800

Product code: BT0201-00002Shipment starting date: May 2011

Product code: BT0201-00002Shipment starting date: May 2011

Product code: B02035-xxxxxShipment starting date: May 2011

Product code: B02035-xxxxxShipment starting date: May 2011

ProgrammableFlow Controller (PFC) ProgrammableFlow Switch (PFS)

OFS Control license (+10)(Initial license)

UNIVERGE PF5240

ProgrammableFlow Switch Control license

Product code: UL4325-102 Shipment starting date: May 2011

Product code: UL4325-102 Shipment starting date: May 2011

Page 28

NEW

•Option: Either OFS control license for 1 or OFS controllicense for 10 needs to be purchased if you have a systemconsisting of 11 or more switches.

10