Upload
serge-stasov
View
132
Download
4
Tags:
Embed Size (px)
Citation preview
Information Technologies Group (ITG)Enterprise Technologies Unit
NEC Corporation
ProgrammableFlowIntroduction
Page 1
Motivation for Network Virtualization
Page 2
現在のシステム構成
Firewall LoadBalancer
L3SW
L2SW
AP
WEB
AP
WEB
AP
WEB
AP
WEB
DBDB DB DB
Server
Firewall
L2SW
L3SW
IP NW
AP
WEB
APWEB
AP
WEB
AP
WEBDBDB
DB DB
生産系 販売系 サービス系 情報系
IP NW
ITとNWをあわせて仮想化・統合
Server
LoadBalancer
生産系 販売系 サービス系 情報系
現在のシステム構成
Firewall LoadBalancer
L3SW
L2SW
AP
WEB
AP
WEB
AP
WEB
AP
WEB
DBDB DB DB
Server
Firewall
L2SW
L3SW
IP NW
AP
WEB
APWEB
AP
WEB
AP
WEBDBDB
DB DB
生産系 販売系 サービス系 情報系
IP NW
ITとNWをあわせて仮想化・統合
Server
LoadBalancer
生産系 販売系 サービス系 情報系
Performance
Scaling
More Protocols
ECMP, Trill, IS-IS, LAG, MSPT
More design and configuration
Complexity
Difficult to Automate,
Self-service
Routers, switches and ports
are tightly coupled
Too many complex protocols
requiring end-to-end consistency
No aggregate network resource view
Difficult to create network-as-a-service:
automated create/delete
Can we simplify theNetwork?
Challenges in Automating the Network
Page 3
Deutsche TelekomFacebookGoogleMicrosoftVerizonYahoo!
Big Switch NetworksBroadcomBrocadeCienaCiscoCitrixDellEricssonExtreme NetworksForce10
HPIBMIntelIP InfusionJuniper NetworksMarvellNECNetgearNokia Siemens NetworksNTTRiverbed TechnologyVMware
Board Members Members
Prototype Switches
Blade Networks (IBM)HPBrocadeNetgearDellExtreme…
Production Switch
Switch (PFS)
Introducing ProgrammableFlow
The Simple Solution for Complex Networks Deploy, control, monitor, and manage multi-tenant network
infrastructure Unlock the power of OpenFlow switching through open
interfacesSeamless Integration with VMware Environments
Page 5
ProgrammableFlow Controller (PFC)
PF series
ProgrammableFlow Switch Family (PFS)
Real World Feedback on ProgrammableFlow
▐ What Customers are Saying:“Network complexity has grown to a point beyond reasonable. ProgrammableFlow provides an automated means of network self-repair, and gives us the single pane of management and control we have long sought.”Eric Miller, CEO of Genesis Hosting Solutions
“By adopting ProgrammableFlow, we have significantly reduced our network operational costs.”
Yuji Noguchi, General Manager, Information Technology
▐ What Analyst Are Saying:“ESG Lab found ProgrammableFlow to be easy to configure and use, while able to dynamically adapt to changing physical topology and logical requirements. Traffic was not able to cross VTNs, making the solution a truly multi-tenant network on top of the same physical network topology.”
Page 6
▐ Network Virtualization reduces complexity and increases flexibility.
Use Case 1: Multi-Tenant Cloud Services
VTN2
VTN1
PFC
Physical configuration
Secure Virtual Tenant
Network (VTN)
Control
Page 7
Network switch pool
control
PFC
Use Case 2: Appliance Pooling
▐ Build cloud networks that scale from single racks to multiple datacenters▐ Scale network capacity non-disruptively by simply adding more OpenFlow
Enabled Switches
NW appliance pool
Server pool
ProgrammableFlow NetworkExisting Network
PFS
Network Scale out without network reconfiguration Pools of Capacity
Page 8
Rule Action StatisticsRule Action Statistics
Page 9
How OpenFlow Works
▐ Packet transferring and routing control functions are separated by the flow control protocol.
▐ By controlling traffic on a per-flow basis, advancement in routing control, network virtualization, and visualization can be realized.
OpenFlow Controller
Server
OpenFlow
Protocol
Flow Setup modes:
Proactive – Controller pre-populates flow table
entries.
Reactive - If a switch receives a flow which is
not shown in the flow table, the switch inquires
of the controller about the flow.
Action Statistics
Rule
Flow Table
Packet
Packet
Packet Forwarding
OpenFlow Switch
Network Control
Page 9
OpenFlow Flow Switching Definition
Page 10
Legacy L2/L3 switching and routing
Layer 2 (MAC) Switching Layer 3 (IP) Routing
Ingress Port Ether Dest Ether Src Ether type VLAN id IP Src IP Dst IP proto TCP/UDP
src portTCP/UDP dst port
VLAN PCP (*6)
Flow Switching with any combinations of tuples as a key
▐ Exact Matching▐ Wild Card Matching
▐ Aggregated MAC-subnet: MAC-src: A.*, MAC-dst: B.*
▐ Aggregated IP-subnet: IP-src: 205.16.*/24, IP-dst: 206.12.*/24
IP ToS
Any interconnection topology
OpenFlow Control
OpenFlow Enabled Switch
Virtual Network
Creates Network Map
Allocates Flows based on Policy
Programmable Flow Network Fabric
Page 11
Path Control
Virtual Networks
Network Logic
Topology Discovery
Manages Flow Table Entry
ProgrammableFlow Controller
▐ ProgrammableFlow Controller Overview Multitenant Networks on same physical network Network virtualization – zero switch
configuration, add capacity without changing logical network
Location Free Networking – place VMs or Network devices anywhere in the network
Any topology – more throughput, more resilience, more use of network resources
Waypoint routing for network appliance integration
Flow switching for policy based security and compliance
End to End Performance Monitoring and troubleshooting
OpenFlow Network Control• Topology Discovery• Fault Detection• Self Repair
Fully Redundant Configuration
Page 12
PF6800ProgrammableFlow Controller
Appliance
ProgrammableFlow Management Console
▐ PFC automatically discovers, controls and monitors networks of OpenFlow enabled devices
▐ Administrators can create and deploy virtual networks centrally
Virtual Network
Page 13
Physical Network
Univerge PF5240 – ProgrammableFlow Switch
▐ NEC ProgrammableFlow PF5240 Switch-the first GA OpenFlow switch-provides reliable, high capacity, line-rate Layer 2/3/4 switching, enabling the creation of scalable, feature-rich virtualized Cloud and Enterprise networks.
Page 14
PF5240-48T4XW
▐ Features• Enterprise class L2/L3 edge switches with 48 10/100/1000 ports + 4 1000/10000 ports in
compact 1U form factor• NEC OpenFlow capability delivers enterprise class performance with dramatic reductions in
network complexity and configuration• Best in class OpenFlow capacity - Flow Entries capabilities of 64,000-160,000• ProgrammableFlow OpenFlow technology delivers chassis like capabilities with fixed ports
economics• High-availability location free networks with hitless fail-over and hot insertion/removal of units• L3 capabilities include OSPF,BGP, RIP,VRRP, PIM, MLD• L2 capabilities include STP, RSTP, MSTP, PVST, IGMP, Rate limiting, bandwidth control• Modular design with internal redundant hot–swappable
power supplies and fan• 176Gbps fully non blocking switching• Virtual switch instance for running OpenFlow and
distributed protocols on the same equipment• 4 sfp+ ports supporting cost effective SFP+ SR
NEC ConfidentialPage 15
Univerge PF5820 - ProgrammableFlow Switch
UNIVERGE PF5820(Oct 2011)
- OpenFlow based flow handling with hardware at full wire rate(1.28Tbps)
-10GbE(SFP/SFP+) x 48 ports + 40GbE(QSFP) x 4 ports-Support Layer 2 (MAC) forwarding table manipulated through OpenFlow
- Layer 2 (MAC) Table max 128K flow entries- 12 tuple flow table max 1000 flow entries
- Power redundancy supported
Forwarding Delay less than 1us1.28Tbps/960Mpps
Number of ports 48 x 1 Gb/10 Gb SFP+ ports, 4 x 40 Gb QSFP+ portsUp to 64 x 1Gb/10 Gb SFP+ ports with optional breakout cables
Model Airflow type Rear to FrontAirflow type Front to Rear
Dimensions 17.3" wide, 19.0" deep, 1U high
Weight 9.98 kg
Power/Consumption 50 - 60 Hz, 100 - 240 V / 330 wats
Temperature 0-40 C degree
Humidity 10-90%, non-condensing
Altitude 3,050 m (10,000feet)
MTBF 165,990 hours @ 40@ C
Optical module QSFP+ 40GBASE-SR, 1M/3M/5M QSFP+ DAC Breakout Cable, 1M QSFP+ to QSFP+ CableSFP+, 0.5M/1M/3M/7M DAC SFP+ Cable, 1000BASE-T (RJ-45) SFP, 1000BASE-SX SFP,
OpenFlow Protocol Version
OpenFlow1.0.0
Number of OpenFlow table entries
80K ~ 128K (Layer 2 table for OpneFlow) 500 (12 tupple table)
Number of instances 1
Protocols No-legacy protocols runs with OpenFlow
Management telnet, ssh, SNMP, sflow
Note: Specification might be changed without any notice.
Customer Case Study
Page 16
Reduction in operational cost(1) Changing the culture of network operation.(2) Reducing the operational/maintenance cost caused by migration.
Reduction in operational cost(1) Changing the culture of network operation.(2) Reducing the operational/maintenance cost caused by migration.
▐ Networking Challenges Nippon Express built a common datacenter in order to gain efficiency and
improve IT governance Large numbers of virtual servers were created after server consolidation. The
network had to be redesigned and reconfigured after each migration, driving operational costs and complexity
Customer Goals
Significantly reduce the load of operation by simplifying network through
centralized control. Realize the multi-tenant network virtualization environment easily without
physical restriction. The cause of failures in communication path and quality deterioration are visually
found instantly through network visualization.
Significantly reduce the load of operation by simplifying network through
centralized control. Realize the multi-tenant network virtualization environment easily without
physical restriction. The cause of failures in communication path and quality deterioration are visually
found instantly through network visualization.
Benefits RealizedBenefits Realized
Nippon Express Data Center Network
Server PoolLoad
Balancer Pool
Case Study: Nippon Express
-Systems such as a transportation operation history management system will be migrated to the private cloud. -A new system has been introduced in which a usage fee is charged to each dept. according to the usage amount.
Results
Benefits
- Reduced Operational cost reduction of $70,000/year
- Shortened network configuration lead time from 2 months to 10 days.- The server-related costs including the operation is expected to drop by 30 %
Page 17
Page 18
(1) Create Strategy for Mass Scale without increasing network complexity(2) Add new services without hardware upgrades(3) Maintain and improve network SLAs
(1) Create Strategy for Mass Scale without increasing network complexity(2) Add new services without hardware upgrades(3) Maintain and improve network SLAs
▐ Genesis Hosting Solutions provides one of the most flexible hosted computing service available today. Genesis ‘build-your-own cloud environments' enables customers to build and provision customized, highly available virtual machine clusters.
▐ Networking Challenges Time to implement and complexity of network reconfigurations Inconsistent protocol support across network gear
Customer Goals
Interoperability with existing Infrastructure Independent IP Range and IP Gateway address assignments Scalable, robust network without need to change existing network design Ability to create new per tenant network services
Interoperability with existing Infrastructure Independent IP Range and IP Gateway address assignments Scalable, robust network without need to change existing network design Ability to create new per tenant network services
Decision FactorsDecision Factors
Customer Case Study
Page 18
ProgrammableFlow Summary
Key Benefits▐ Reduce operating expenses and maintenance ▐ Reduced network equipment investment▐ Increase server and network utilization▐ Agile delivery new services and applications
▐ Simple Deploy Multi-Tenant Virtual Networks as easily as deploying VMs Integrate network and application policy Centralized network management and control Eliminates need for spanning tree or other distributed protocols
▐ Open Create multivendor OpenFlow enabled switches, virtual switches and
NICs
▐ Scalable Scales from single switch to entire data center fabric Policy based appliance integration
▐ Fast Hardware forwarding Quick convergence times Network load balancing
Page 19
ProgrammableFlow Controller (PFC)
ProgrammableFlow Switch (PFS)
APPENDIX
Page 20
Cloud Infrastructure from NEC
▐ Fibre Channel & Ethernet (iSCSI)
▐ Archiving▐ Feature Rich
Servers Software▐ LAN/Wan
Clustering▐ Disaster
Recovery▐ Capacity Planning
▐ Highly Scalable▐ Highly Available▐ Intel Based
GX
Express ClusterD/M-Series
Storage Network▐ Network
Virtualization▐ High Availability▐ High Throughput
Page 21
Cloud Deployment Services
Page 22
ProgrammableFlow Benefits
Key Benefits▐ Reduce operating expenses and maintenance ▐ Reduced network equipment investment▐ Increase server and network utilization▐ Agile delivery new services and applications
Scales from single switch to entire data center fabric Policy based appliance integration
Uses standardized interface to create multivendor network consisting of OpenFlow enabled switches, virtual switches and NICs
Hardware forwarding Quick convergence times Network load balancing
Deploy Multi-Tenant Virtual Networks as easily as deploying VMs Integrate network and application policy Centralized network management and control Eliminates need for spanning tree or other distributed protocols
Page 23
SimplifiedManagement
Open Architecture
Scalability
Performance
Building a Flat Network
…
L3 Network
L2 L2 L2
Flat DC spanNetwork (L2+L3)
Broadcast DomainConstraint
VM Migration LimitedVLAN Management
+No Addressing Constraints+ VM Mobility
+ Simple Admin
Page 24
Scalability
Network Scale-Out
Scale out based on adding switching elements – ports, linksRequires no further configurations
Increase(Decrease)Capacity
vBridge
Virtual Network 1
Physical Network
AddSwitch/
Link
Page 25
Scalability
OpenFlow Ecosystem
Page 26
VM VM VM VM
Virtual Switch(Hypervisors)
TOR/AggregationSwitches
XEN (OpenVSwitch)KVM (OpenVSwitch)Windows Hyper-V*
• NEC• IBM (Blade Networks)Others to be announced
NE
C P
rog
ram
mab
leF
low
C
on
tro
ller
Open Architecture
*Future releaseMixed Legacy Environments also supported
OpenFlow Fabric for Performance
Maximizing Resource Utilization (Interconnection bandwidth)
Multiple paths – Dynamic traffic balancing
vBridge
Virtual Network 1
Physical Network
Page 27
Performance
Location-free Virtual Mapping Simplified Management
VLAN
MAC
Port
VM VM
VM VM
VirtualNetwork
VirtualNetwork
VirtualNetwork
1
2
3
Simplified Configuration Management
Configuration Manager
X switch level configK servers – K^2 ports config
PFController
Configuration Manager
One definition
Many definitions
One controller level config
Page 29
Simplified Management
ManagementSystem
Provides simplified interfaces
• P-Flow API makes it easier for the management system to control the entire network
• P-Flow API provides both command-based Command API (i.e. SSH) and WEB-API (i.e. REST)
• PFC provides simplified APIs vs. traditional networks • Network settings (i.e. VLAN) can be done by centralized control.
HTTP/HTTPSSSH
P-Flow NetworkP-Flow API
Virtual network configuration
Statistics
Alerts, Monitoring
VM information
:
Page 30
Simplified ManagementNetwork Level API
End-to-End Reliability
Switch or link failure – End-to-end path reconstructed and applied
Fast recovery and End-to-end recovery!!
Simplified Management
-No Spanning Tree- Fast Convergence
Times
Intelligent Route Control
Packets can be explicitly routed to any appliance port
Multiple Appliances can be selectively composed
Appliance pooling enabled
Simplified Management
Fire WallLoad Balancer
Flow Based Network Benefits
Switch
Controller
Per Flow Path Optimization
▐ Mesh and Per-flow QoS
Server Server
Flow 1
Flow 2
AP 1
AP 2
Power OFF
AP 1
AP 2
▐ Service Insertion (LB, FW)▐ Load Concentration
ProgrammableFlow
Page 33
OpenFlow Functions Enhance Switch Functionality
1 2 3 4 6 26252423
Non-OpenFlow VLAN(Bridge)
VLAN ID : X OF Logical Ports OF Logical Ports
SecChan
Controller ASecC
hanController B
OpenFlow enabled VLAN
(Virtual Hardware Switch)
VLAN ID : Ydatapath id : M
OpenFlow enabled VLAN(Virtual Hardware
Switch)VLAN ID : Z
datapath id : N
NEC OpenFlow Switch
Table TableSD Card
Cert
Config
※TCP/SSL SecureChannel
1 2 19 2 3 41
VID: ZVID: Y
5
VID: YVID: X
Physical Port-based and VLAN Tag-based
logical port assignment
Co-existence of multiple experimental networks
using Virtual Switch Instance (VSI)
Flow Table QuotaMaximum # of flow entries can be set to each virtual
hardware switch
OpenFlow configuration on SD
memory card
VLAN-based partitioning with
legacy L2/L3 network support
Flow entries are shown
through CLI command
Production and OpenFlow traffic
on a single physical port
Page 34 NEC Proprietary & Confidential
Rule(exact & wildcard) Action Statistics
Definition of Flow and Programmability
Flow 1.
Flow N.
Actions for Flow(ie)Switch: Unicast, Multcast, bandwidth control, Flitering, load balancing, alarm
recovery, tunneling, encryption
Definition of flow filtering(ie)
Switch: Port, VLAN ID, L2, L3, L4 …
Flow statistics(ie) Switch: Number
of packet, byte, connection time
Exampleof Actions
Multicast
Rule(exact & wildcard) Default Action Statistics
Waypoints• Middleware
• Intrusion detection
2. 4.
1.
Unicast Multipath• Load-balancing• Redundancy
3.
Page 35
Virtualized Fabric – Like a Big Switch
Scale out based on adding switching elements – ports, links
Requires no further configurations
Increase
Decrease
Capacity
Virtualized Fabric – Like a Big Switch
Automatic end-to-end routing and reliability provides Big Switch Perception
Scale out based on adding switching elements – ports, links
Increase
Decrease
Capacity
NEC PF5240 Specifications
MODEL PF5240F-48T4XW PF5240R-48T4XWMaximum Switching Capacity 176GbpsMaximum Packet Processing Performance 131Mpps
Network Interface Features
10/100/1000BASE-T 481000BASE-X SFP(SX/LX/ZX)
4*1
10GBASE-R SFP+(SR/LR)
OpenFlow Features
Version OpenFlow Version 1.0.0Switch Instance RSI(Real Switch Instance),VSI(Virtual Switch Instance)Secure Channel TLS Connection, TCP Connection
ProtocolHello, Error, Echo, Features, Get Configuration, Set Configuration, Packet In, Port
Status,Packet Out, Flow Mod, Flow Removed, Port Mod, Statistics, Barrier, Queue Get Config
Matching Fields
Ingress Port, Ethernet source address, Ethernet destination address, VLAN ID, VLAN priority, Ethernet type, IP protocol/ARP Op-code, IPv4 ToS bits,
IP source address/ARP IP source address, IP destination address/ARP IP destination address, Transport source port/ICMP Type, Transport destination port/ICMP Code
Actions Out port (Unicast), Out Multiple Port (Multicast), All, Controller, Local, In Port, Normal, Flood, Enqueue, Drop
Field-modify Actions
Ethernet source address, Ethernet destination address, VLAN ID, VLAN priority, Strip VLAN Header, IPv4 ToS Bits
IP source address, IP destination address, Transport source port, Transort destination port
Flow entries 64K - 160K(Maximum)*2
MAC Address Table 32,768 VLANs 4,094 *1: Four SFP/SFP+ slots can be used as 1000BASE-X or 10GBASE-R ports.*2: Maximum number of flow entries depends on the configured flow definitions.
Page 38
NEC PF5240 Specifications Continued MODEL PF5240F-48T4XW PF5240R-48T4XW
IPv4
Unicast Static, RIP, RIP2, OSPF, BGP4Routing Multicast IGMPv2/v3, PIM-SM, PIM-SSMProtocol
IPv6Unicast Static, RIPng, OSPFv3, BGP4+
Multicast MLDv1/v 2, PIM-SM, PIM-SSM
Layer2 Features
VLAN Port-VLAN, Tag-VLAN(IEEE802.1Q), Tag translationSpanning Tree Protocol STP(IEEE802.1D), RSTP(IEEE802.1w), MSTP(IEEE802.1s), PVST+, BPDU Filter, Root GuardLayer3 Cooperation IGMP/MLD snoopingJumbo Frame Maximum 9,234bytes (tagged), 9230 bytes (untagged)
Network Features
Security Filter (L2/IPv4/L4), Interruption of relays between ports
QoSClassifier L2/IPv4/L4, Rate Limiting, Marking(DSCP/User Priority),
Discard Control, Shaping(8class, Port Bandwidth Control, Scheduling(PQ, WPR, WFQ)), Diffserv
Reliability, Availability
ECMP(IPv4/IPv6), VRRP(IPv4/IPv6), Static Polling(IPv4/IPv6), VRRP Polling (IPv4/IPv6), Link Aggregation(IEEE802.3ad),
Strom Limiting, Graceful Restart(helper), UDLD(IEEE802.3ah*3), Ring Protocol, Local ProxyARP, L2 Loop Detection, Uplink trunk redundant, CFM(IEEE802.1ag)
L2-VPN VLAN Tunneling(Extended VLAN)
Operational & Management Features
SNMPv1/v2c/v3 , MIB II, IPv6 MIB, RMON, syslog, CLI, ping, traceroute, SSHv2, telnet, ftp, tftp, NTP,
IPv4 DHCP Server/Relay, Prefix Delegation, LLDP, OADP, Port Mirroring, RADIUS, TACACS+, sFlow
Power Saving Features Remote Power Control, Port LED Brightness Control, Power Consumption MonitorRedundancy Internal redundant power supply Hot-swappableInput Voltage AC100V, 120V, 220-230V, 240VMaximum Power Consumption 264WOperating Conditions Temperature 0 to 40ºC, Humidity 20 to 85% Non-condensingDimensions WxDxH (mm) 445×588×44(1U)Weight 15kgAir Flow Front to Rear Rear to Front*3: Supports only Information OAMPDU.
Page 39