Embed Size (px)
DESCRIPTION
This slides is used in I2 Tech Exchange 2014’s showcase demo. In this demo, Rice University described its network use case and Cisco provided a simple and agile solution for this use case. This solution is deploying flexible traffic steering on MPLS network via OpenDaylight using OpenFlow extension – VRF and Next-hop-address.
Citation preview
Community ShowcaseFLEXIBLE TRAFFIC STEERING via OPENDAYLIGHT
Director, Networking, Telecom, Data Centers Principal EngineerRice University Cisco System
WILLIAM DEIGAARD EDDIE RUAN
[ 2 ]
Rice University
Size:• 3,920 undergraduate and 2,567 graduate degree-seeking students
Selectivity:• 16 applicants for each place in the freshman class
Endowment:• $772,147 per full-time equivalent student
Faculty:• 643 full-time and 136 part-time instructional faculty• 97% of our full-time faculty have a doctorate or terminal degree in field
A Focus on Teaching:• An undergraduate student-to-faculty ratio of 6 to 1• A median undergraduate class size of 15
Research Excellence:• Approximately $94 million in annual research expenditures• Rice encourages engagement of undergraduate and graduate students in the creation of new
knowledge and technology • 67% of our undergraduates participate in research during time at Rice
Residential College System:• 11 close-knit and diverse communities• 71% of our undergraduate body and 98% of our freshmen on campus
[ 3 ]
Network Generations at Rice
• RiceNet1 (1992-2004)• Typical campus-wide, first Internet network
• RiceNet2 (2004-present)• Completely architected, fully routed, MPLS-based• Core, Distribution, Access• 100% campus wireless coverage• Centralized firewalls• Network Segmentation via MPLS VPNs (affinity groups)• Identity ended up being based mostly on MAC address
• RiceNet3 (present-2024?)…
[ 4 ]
RiceNet3 (present-2024?)Major drivers for change
• EoL of major RiceNet2 components (after 10 years)• Wireless expansion• Software Defined Networking• Improved Management and Operations (think automation)• Application Performance Monitoring• Optimized for Cloud and Data Center virtualization• IPv6 (dual-stack)• 100G Ethernet to Internet2 and Data Center• Desire to significantly improve security (granular automation)
[ 5 ]
RiceNet3 Topology/Architecture
[ 6 ]
Affinity Groups Relationships (aka MPLS VPNs)
SRC \ Destination
Open Closed Staff Student Research DMZ Quarantine Visitor
Infrastructure HATRC PCI Internet
Open Yes Some holes
Yes Yes Yes Yes Limited No No Public No Yes
Closed Some holes
Yes Limited No No No No No No No No No
Staff Yes Limited Yes No Yes Yes No No Limited No No Yes
Student Yes No Public Yes Public Yes No No No No No Yes
Research Yes No Public No Yes Yes No No No No No Yes
DMZ Public No No No No Yes No No No No No Yes
Quarantine Some holes
No No No No No Yes No No No No Some holes
Visitor Yes No No No Public Yes No Yes No No No No
Infrastructure Limited No Limited No No No No No Yes No No No
HATRC Public No Public No Public Yes No No No Yes No Yes
PCI No No No No No No No No No No Yes No
Internet Public No Public No Public Yes No No No Yes No
[ 7 ]
RiceNet3 Identity Based Networking
• Key component of better security policies• Fundamentally allows for more freedom while still supporting
improved detection and resolution of threats• Supported by a number of technologies we’re developing
• MPLS• Cisco ISE• SGT, SXP• Splunk• Identity-capable firewalls• Open Daylight and related SDN
[ 8 ]
MPLS VPN1.1.1.1 1.1.1.2
132.1.x.x
132.2.x.x
111.1.x.x
111.2.x.x
Staff Endpoint
Student Endpoint
Staff Applications
Student Applications
Cisco Open SDN Controller
StaffNetwork
Default State
111.x.x.x
StudentNetwork
…
Other Applications
[ 9 ]
MPLS VPN1.1.1.1 1.1.1.2
132.1.x.x
132.2.x.x
111.1.x.x
111.2.x.x
Staff Endpoint
Student Endpoint
Staff Applications
Student Applications
Cisco Open SDN Controller
StaffNetwork
Temporary Staff Access
111.x.x.x
StudentNetwork
…
Other Applications
[ 10 ]
Goal: Use SDN Hybrid mode to provide a simple, easy and agile solution. Cisco’s contributions: Allow matching on inner IP fields with outer MPLS fields. Add two new actions “set nexthop” and “set vrf” to enrich flow
actions on L3 packets.
Cisco’s Approach
[ 11 ]
MPLS VPN1.1.1.1 1.1.1.2
132.1.x.x
132.2.x.x
111.1.x.x
111.2.x.x
Staff Endpoint
Student Endpoint
Staff Applications
Student Applications
Cisco Open SDN Controller
StaffNetwork
Temporary Staff Access
111.x.x.x
StudentNetwork
…
Other Applications
Staff to Student policy at vrf facing interfaceMatch : source IP = 132.1.x.x, dest IP = 111.2.x.x
Action : set vrf = student, nexthop = 1.1.1.2
[ 12 ]
MPLS VPN1.1.1.1 1.1.1.2
132.1.x.x
132.2.x.x
111.1.x.x
111.2.x.x
Staff Endpoint
Student Endpoint
Staff Applications
Student Applications
Cisco Open SDN Controller
StaffNetwork
Temporary Staff Access
111.x.x.x
StudentNetwork
…
Other Applications
Student to Staff policy at core facing interface:Match : Ethertype = MPLS, source IP = 111.2.x.x, dest IP = 132.1.x.xAction : set vrf = staff
[ 13 ]
Initial State
[ 14 ]
Configure a Flow at VRF Staff facing interface
[ 15 ]
Display Flows at VRF Staff facing interface
[ 16 ]
Configure a Flow at Core facing interface
[ 17 ]
Display Flows at Core facing interface
XR Configurationsopenflow switch 12 pipeline 132 interface GigabitEthernet0/7/0/3.3 controller ipv4 100.3.0.1 port 6633 security none ! switch 13 pipeline 132 vrf staff controller ipv4 100.3.0.1 port 6633 security none !!
RP/0/RSP0/CPU0:CGN-Router#sh run interface g0/7/0/3.1Sun Oct 19 22:42:05.927 UTCinterface GigabitEthernet0/7/0/3.1 vrf staff ipv4 address 132.1.0.1 255.255.0.0 encapsulation dot1q 1!
RP/0/RSP0/CPU0:CGN-Router#sh run interface g0/7/0/3.3Sun Oct 19 22:42:08.804 UTCinterface GigabitEthernet0/7/0/3.3 ipv4 address 113.22.22.1 255.255.255.0 encapsulation dot1q 3!
RP/0/RSP0/CPU0:CGN-Router#sh run mpls ldpSun Oct 19 22:42:14.913 UTCmpls ldp interface GigabitEthernet0/7/0/3.3
XR Display
Logical Switch Id: 13
Total flows: 2
Flow: 1 Match: ip,nw_src=132.1.0.0/16,nw_dst=111.2.0.0/16 Actions: vrf:student Priority: 2 Table: 0 Cookie: 0xa Duration: 1137.791s Number of packets: 49509426 Number of bytes: 49707463704
Logical Switch Id: 12
Total flows: 2
Flow: 1 Match: dl_type=0x8847,nw_src=111.2.0.0/16,nw_dst=132.1.0.0/16 Actions: vrf:staff Priority: 2 Table: 0 Cookie: 0xa Duration: 819.904s Number of packets: 82145098 Number of bytes: 82473678392
Community ShowcaseFLEXIBLE TRAFFIC STEERING via OPENDAYLIGHT
Thank You
Eddie Ruan, Principal EngineerCisco System
William Deigaard, Director, Networking, Telecom, Data CentersRice University
![Immersed boundary method halo exchange in a …4 I2 1+ 2I 2I 2 + C 4 I2 2 (5) for strain invariants I 1, I 2, and for shear and dilational elastic modul Gand C, respectively [14]](https://img.pdfslide.net/doc/110x75/5e368fb81aff814d8a6b6185/immersed-boundary-method-halo-exchange-in-a-4-i2-1-2i-2i-2-c-4-i2-2-5-for-strain.jpg)
![T-76.4115 Iteration Demo Group name [PP|I1|I2] Iteration 27.7.2010](https://img.pdfslide.net/doc/110x75/5a4d1b0a7f8b9ab05998a906/t-764115-iteration-demo-group-name-ppi1i2-iteration-2772010.jpg)
