Software Defined Networks By: Thierry Couture, Consulting Systems Architect There is currently a lot of buzz around OpenFlow and Software Defined Networks (SDN) in the industry. It would be a mistake to think that these are one and the same. The reality is that the current market conversation has loose semantics mixed in with hyperbole and hearsay that hide the simplicity of SDN behind terms like Openstack, Virtual Overlays, Network Function Virtualization, Orchestration, etc. This session will explain the origins of SDN, establish a basic terminology for SDN concepts, and offer a framework to both understand these trends and distill the applicability of SDN through a use case lens.

1. Introduction to
Cisco SDN & Open Network Environment"
Thierry Couture
Consulting Systems Architect
dax@cisco.com
GTEC 2013 Government Technology Show

2. SDN in ONE Picture…

3. SDN$101$
Cisco$One$
Use$Cases$
Summary$
Agenda

4. Network Opportunities & Demands
Exponential
TRAFFIC
Growth BILLIONS of People
and Things+ +
BIG
DATA
+ Virtualization CLOUD+ +
SERVICES + Collaboration +
Optimized( )EXPERIENCES
+
PRODUCTIVITY + New $$$
Revenue$

5. The NEW Networking
Configurable Networks
Apps Aware Networks
Network Interfaces
Managed Networks
Orchestrated Networks
Network Aware Apps
Programmatic Interfaces
Self Optimizing Networks
Connecting Nodes Connecting People

6. SDN$101$
Cisco$One$
Use$Cases$
Summary$

7. SDN - Evolving Definition

8. SDN 1-2-3
...
aaa authentication login default group tacacs+
local
aaa accounting update newinfo
aaa default-taskgroup root-system
cdp
vrf CGN1
address-family ipv4 unicast
import route-policy vrf-import-CGNx
import route-target
42610:65000
!
!
!
vrf CGN2
address-family ipv4 unicast
import route-policy vrf-import-CGNx
import route-target
...
Topology and Network
Function Virtualization
(Overlays and NFV)
Control Plane and Data
Plane Separation
(API & Controllers)
Management Plane
Unification and Feedback
(Orchestration & SON)

9. CONTROL PLANE AND DATA PLANE SEPARATION
(API & CONTROLLERS)

10. Control$Plane$and$Data$Plane$
Two$fundamental$terms$to$begin$understanding$the$concepts$around$SDN$

11. Router# show run
...
ip cef
!
interface FastEthernet0/0
ip address 10.0.0.13 255.255.255.252
!
interface FastEthernet0/1
ip address 10.0.9.1 255.255.255.252
!
interface FastEthernet1/0
ip address 10.0.9.5 255.255.255.252
!
interface Loopback0
ip address 10.0.0.1 255.255.255.255
!
router ospf 100
network 0.0.0.0 0.0.0.0 area 0
maximum-paths 2
!
...
Router# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static rout
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.0.9.0/30 is directly connected, FastEthernet0/1
C 10.0.9.4/30 is directly connected, FastEthernet1/0
O 10.0.0.2/32 [110/11] via 10.0.9.2, 00:01:30, FastEthernet0/1
O 10.0.0.3/32 [110/2] via 10.0.9.6, 00:01:20, FastEthernet1/0
O 10.0.9.8/30 [110/11] via 10.0.9.2, 00:01:20, FastEthernet0/1
C 10.0.0.1/32 is directly connected, Loopback0
O 10.0.0.4/32 [110/12] via 10.0.9.2, 00:01:20, FastEthernet0/1
C 10.0.9.12/30 is directly connected, FastEthernet0/0
O 10.0.0.5/32 [110/11] via 10.0.9.13, 00:01:20, FastEthernet0/0
O 10.0.9.16/30 [110/20] via 10.0.9.13, 00:01:20, FastEthernet0/0
[110/20] via 10.0.9.2, 00:01:20, FastEthernet0/1
Router# show ip cef
Prefix Next Hop Interface
0.0.0.0/0 drop Null0 (default route handle
0.0.0.0/32 receive
10.0.0.1/32 receive
10.0.0.2/32 10.0.9.2 FastEthernet0/1
10.0.0.3/32 10.0.9.6 FastEthernet1/0
10.0.0.4/32 10.0.9.2 FastEthernet0/1
10.0.0.5/32 10.0.9.13 FastEthernet0/0
10.0.9.0/30 attached FastEthernet0/1
10.0.9.0/32 receive
10.0.9.1/32 receive
10.0.9.2/32 10.0.9.2 FastEthernet0/1
10.0.9.3/32 receive
10.0.9.4/30 attached FastEthernet1/0
10.0.9.4/32 receive
10.0.9.5/32 receive
10.0.9.6/32 10.0.9.6 FastEthernet1/0
10.0.9.7/32 receive
10.0.9.8/30 10.0.9.2 FastEthernet0/1
10.0.9.12/30 attached FastEthernet0/0
10.0.9.12/32 receive
10.0.9.13/32 10.0.9.13 FastEthernet0/0
10.0.9.14/32 receive
10.0.9.15/32 receive
10.0.9.16/30 10.0.9.13 FastEthernet0/0
10.0.9.2 FastEthernet0/1
224.0.0.0/4 drop
224.0.0.0/24 receive
255.255.255.255/32 receive
c2960-02#sh mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
100 0001.e69c.b6c9 DYNAMIC Gi0/1
100 000e.5881.9266 DYNAMIC Gi0/1
100 0018.0a34.06f0 DYNAMIC Gi0/1
100 0018.0a34.08da DYNAMIC Fa0/1
100 0018.0a42.c507 DYNAMIC Gi0/1
100 0018.0a53.9ba3 DYNAMIC Gi0/1
100 0018.0a53.9baf DYNAMIC Gi0/1
100 0019.df60.4e9a DYNAMIC Gi0/1
100 0025.4bc5.d08a DYNAMIC Fa0/8
100 0027.0e06.3ac8 DYNAMIC Gi0/1
100 98b8.e3a9.cc7a DYNAMIC Gi0/1
100 b817.c2b1.a6a9 DYNAMIC Gi0/1
100 b83e.5914.f9f5 DYNAMIC Fa0/1
100 c42c.030c.c25c DYNAMIC Gi0/1
100 c86f.1dc8.3e21 DYNAMIC Gi0/1
100 dc7b.94de.1089 DYNAMIC Gi0/1
c2960-02#

12. 4 Nodes 160,000 Nodes
1 Website
12B+ Devices
20127,671 8,438
But Why Did We Get Here?
Defense Funded
$$$$$/Device
Crowd Sourced
$0/Device
51B/2020$

13. 232 < 2128
2556$
44$

14. Where$did$this$SDN$“thing”$come$from?$

15. Stanford$University$–$Clean$Slate$Project$
$
“…explore$what$kind$of$Internet$we$would$design$if$we$were$to$start$with$a$clean$
slate$and$20@30$years$of$hindsight.”$
hIp://cleanslate.stanford.edu/$

16. You$might$have$noNced$the$Cisco$Logo$on$the$web$page$
$
Cisco$provided$some$equipment$early$in$the$cycle$to$the$research$team$
Namely$a$Catalyst$6500$and$3750$upon$which$some$of$the$early$work$was$done…$

17. …$Clean$Slate$led$to$the$development$of…$

18. IMPORTANT:$Openflow$does$not$equal$SDN$
Openflow$
SoZware$
Defined$
Networking$
Openflow$is$a$part$of$SDN$

19. What is OpenFlow?
OpenFlow$is$a$Layer$2$
communicaNons$protocol$that$gives$
access$to$the$forwarding$plane$of$a$
network$switch$or$router$over$the$
network$
$
Four$Parts$to$OpenFlow:$
API$+$Controller$+$Protocol$+$Agent$

20. How does it work?

21. Openflow$v1.0$
Data$ Data$ Data$
Switch$
FLOW$
TABLE$
SWITCH$FORWARDING$
ENGINE$
OPENFLOW$CONTROLLER$
Incoming$packet$arrive$at$Switch$
**$ CPU$
**Openflow$1.0$supports$a$lookup$into$a$single$flow$table$

22. Openflow$v1.0$
Data$ Data$ Data$
FLOW$
TABLE$
SWITCH$FORWARDING$
ENGINE$
Fields$from$packet$header$used$for$lookup$key$
**$ CPU$
**Openflow$1.0$supports$a$lookup$into$a$single$flow$table$
Lookup$Key$
Header$fields$used$to$build$lookup$key$
Switch$

23. Openflow$v1.0$
Switch$
FLOW$
TABLE$
SWITCH$FORWARDING$
ENGINE$
OPENFLOW$CONTROLLER$
If$no$match,$Controller$programs$switch$flow$table$
CPU$
Data$ Data$ Data$

24. Openflow$v1.0$
Data$ Data$
Switch$
FLOW$
TABLE$
SWITCH$FORWARDING$
ENGINE$
OPENFLOW$CONTROLLER$
Forwarding$Engine$forwards$packets$
**$ CPU$
**Openflow$1.0$supports$a$lookup$into$a$single$flow$table$

25. Openflow$v1.0$
Flow$Table$in$more$detail…$$
FLOW$TABLE$
HEADER$FIELDS$ COUNTERS$ ACTIONS$
…$
…$
…$ …$
…$ …$
FLOW$ENTRY$
Flow$“Entry”$consists$of$one$row$in$the$Flow$Table$

26. Openflow$v1.0$
Flow$Table$in$more$detail…$$
FLOW$TABLE$
HEADER$FIELDS$ COUNTERS$ ACTIONS$
…$
…$
…$ …$
…$ …$
Ingress$
Port$
Source$
MAC$
Dest$
MAC$
Ether$
Type$
VLAN$
ID$
VLAN$
Priority$
IP$
SRC$
IP$
DEST$
IP$
Protocol$
IP$
TOS$
TCP/UDP$
SRC$
TCP/UDP$
DEST$
HEADER$FIELDS$
This$is$the$“Famous”$Openflow$12$Tuple$
1$ 2$ 3$ 4$ 5$ 6$ 7$ 8$ 9$ 10$ 11$ 12$

27. Openflow$v1.0$
Flow$Table$in$more$detail…$$
FLOW$TABLE$
HEADER$FIELDS$ COUNTERS$ ACTIONS$
…$
…$
…$ …$
…$ …$
Per$Table$
AcNve$Entries$ 32$Bits$
Packet$Lookups$ 64$Bits$
Packet$Matches$ 64$Bits$
Per$Flow$
Received$Packets$ 64$Bits$
Received$Bytes$ 64$Bits$
DuraNon$(seconds)$ 32$Bits$
DuraNon$(nanoseconds)$ 32$Bits$
Per$Queue$
Transmit$Packets$ 64$Bits$
Transmit$Bytes$ 64$Bits$
TX$Overrun$Errors$ 64$Bits$
Per$Port$
Received$Packets$ 32$Bits$
Transmit$Packets$ 64$Bits$
Received$Bytes$ 64$Bits$
Transmit$Bytes$
Received$Drops$
Transmit$Drops$
Received$Errors$
Transmit$Errors$
Received$Frame$
Alignment$Errors$
RX$Overrun$Errors$
RX$CRC$Errors$
Collisions$
64$Bits$
64$Bits$
64$Bits$
64$Bits$
64$Bits$
64$Bits$
64$Bits$
64$Bits$
64$Bits$

28. Openflow$v1.0$
Flow$Table$in$more$detail…$$
FLOW$TABLE$
HEADER$FIELDS$ COUNTERS$ ACTIONS$
…$
…$
…$ …$
…$ …$
MulNple$AcNons$available$to$be$programmed$
Let$us$explore$those$in$more$detail…$

29. Openflow$v1.0$
Switch$
FLOW$
TABLE$
SWITCH$FORWARDING$
ENGINE$
OPENFLOW$CONTROLLER$
Required$AcNons$Supported$by$“Openflow$1.0”$Switch$
6
2
7
CPU$
1
34
5
Required$AcNons$
1$
Forward$out$all$ports$
except$input$port$
2$
Redirect$to$Openflow$
Controller$
3$
Forward$to$local$
Forwarding$Stack$(CPU)$
4$
Perform$acNon$in$flow$
table$
5$ Forward$to$input$port$
6$
Forward$to$desNnaNon$
port$
7$ Drop$Packet$

30. Data$ Data$ Data$
Switch$
FLOW$
TABLE$1$
SWITCH$FORWARDING$
ENGINE$
OPENFLOW$CONTROLLER$
CPU$
GROUP$
TABLE$
FLOW$
TABLE$2$
FLOW$
TABLE$n$
FLOW$METER$
TABLE$
Openflow$v1.3$

31. Example: Monetize / Simplify / Optimize
S
Client
Site A Site B
$$$
1ms
$
10ms
$
10ms
Daytime = Transactions = Optimize for Latency and Responsiveness = $9@3ms
Nighttime = Inventory Updates = Optimize for high BW and lower cost = $4@40ms
A
P
WAN

32. TOPOLOGY AND NETWORK FUNCTION VIRTUALIZATION
(OVERLAYS AND NFV)

33. You$start$with$a$
Physical$Network$
Physical$Devices$and$
Physical$ConnecNons$

34. Then$you$add$an$
overlay$
Overlay$provides$the$
base$for$the$logical$
network$

35. Logical$“switch”$devices$
overlay$the$physical$
network$
Underlying$physical$
network$carries$data$traffic$
for$overlay$network$
They$define$their$own$
topology$

36. MulNple$“overlay”$
networks$can$copexist$
at$the$same$Nme$
Overlays$provides$logical$network$
constructs$for$different$tenants$
(customers$and/or$applicaNons)$

37. Main$Benefit$of$Overlays?$
$
Overlay$Network$can$be$created$and$torn$down$without$changing$
underlying$physical$network$
$
BTW,$you$have$been$doing$this$with$servers$too!$

38. NFV & Server Virtualization

39. MANAGEMENT PLANE UNIFICATION AND FEEDBACK
(ORCHESTRATION & SON)

40. Openstack$is$an$IAAS$(Infrastructure$As$A$Service)$
cloud$compuNng$project$
It$is$also$referred$to$as$a$Cloud$OperaLng$System$
“…provides$a$means$to$control$(administer)$compute,$storage,$
network$and$virtualizaNon$technologies…”$

41. To$understand$IAAS,$let$us$$
first,$let$us$define$Cloud$CompuNng…$

42. Network$
Storage$
Compute$
Users$
Cloud$CompuLng$provides$a$set$of$private$or$public$remote$
resources$and$services$through$a$network$

43. What$are$these$resources?$

44. At$a$more$detailed$level,$there$are$many$resources$inside$
the$cloud$
ApplicaNons$
RunNmes$
Databases$
Servers$
Security$
VirtualizaNon$ Storage$
Networking$

45. Private$
Cloud$
What$resources$you$manage$inside$the$cloud$defines$the$following…$
Infrastructure$
as$a$Service$
(IAAS)$
Platorm$as$a$
Service$(PAAS)$
SoZware$as$a$
Service$(SAAS)$
How$do$these$differ$from$one$another?$

46. ApplicaNons$
RunNmes$
Databases$
Servers$
Security$
VirtualizaNon$
Storage$
Networking$
Private$
Cloud$
Infrastructure$
as$a$Service$
(IAAS)$
Platorm$as$a$
Service$
(PAAS)$
SoZware$as$a$
Service$
(SAAS)$
ApplicaNons$
RunNmes$
Databases$
Servers$
Security$
VirtualizaNon$
Storage$
Networking$
ApplicaNons$
RunNmes$
Databases$
Servers$
Security$
VirtualizaNon$
Storage$
Networking$
ApplicaNons$
RunNmes$
Databases$
Servers$
Security$
VirtualizaNon$
Storage$
Networking$
Managed$by$You$
Managed$by$Vendor$

47. ApplicaNons$
With$IAAS,$compute,$storage,$networking$and$
virtualizaLon$resources$are$managed$by$the$Vendor$(this$
defines$them$as$an$IAAS$provider)$
RunNmes$
Databases$
Servers$
Security$
VirtualizaNon$ Storage$
Networking$
Managed$by$You$
Managed$by$Vendor$

48. Openstack$lets$the$provider$manage$these$resources$
Servers$
VirtualizaNon$ Storage$
Networking$

49. Openstack$provides$a$nice$web$based$front$end$to$manage$
those$cloud$resources…$

50. Openstack$consists$of$a$number$of$components$$
Openstack$
Compute$
(NOVA)$
Openstack$
Object$
Store$
(SWIFT)$
Openstack$
Image$
Service$
(GLANCE)$
Openstack$
Quantum$
Service$

51. Openstack$Compute$(NOVA)$
Openstack$
Compute$
(NOVA)$
Openstack$
Object$
Store$
(SWIFT)$
Openstack$
Image$
Service$
(GLANCE)$
Openstack$
Quantum$
Service$
Allows$the$administrator$to$create$and$manage$Virtual$Machines$(VM’s)$using$
various$(stored)$machine$images$

52. Object$Store$(SWIFT)$
Openstack$
Compute$
(NOVA)$
Openstack$
Object$
Store$
(SWIFT)$
Openstack$
Image$
Service$
(GLANCE)$
Openstack$
Quantum$
Service$
Provides$the$ability$to$store$objects$–$basically$it$is$the$component$that$is$responsible$
for$managing$storage$and$reading/wriNng$objects$to$that$storage$
An$object$could$be$a$video$file,$a$document,$a$picture,$a$database…$basically$anything$that$you$would$normally$store$on$your$computer$

53. Image$Store$(GLANCE)$
Openstack$
Compute$
(NOVA)$
Openstack$
Object$
Store$
(SWIFT)$
Openstack$
Image$
Service$
(GLANCE)$
Openstack$
Quantum$
Service$
This$is$the$component$responsible$for$managing$the$different$operaNng$system$
images$(Windows,$Linux,$etc)$that$NOVA$uses$to$create$virtual$machine’s$

54. Network$Service$(QUANTUM)$
Openstack$
Compute$
(NOVA)$
Openstack$
Object$
Store$
(SWIFT)$
Openstack$
Image$
Service$
(GLANCE)$
Openstack$
Quantum$
Service$
Allows$the$administrator$to$create$and$manage$virtual$networks$
$
This$is$the$piece$that$has$relevance$to$our$SDN$story$

55. Quantum$is$used$to$help$
manage$the$overlay$(virtual)$
networks$

56. SDN$101$
Cisco$One$
Use$Cases$
Summary$

57. Cisco ONE Business Drivers
Cloud Video Mobility Data Deluge
How to
Harness
Network
Value?
How to Drive
Business
Agility?
How to Drive
Operational
Simplicity?
But is the Network Ready?

58. Cisco Open Network Environment
Bringing the Network to Applications
Software
Defined
Networks
Open
Flow

59. Where we started a while ago…
Network
Applications
Services
Orchestration
Analytics
Network Intelligence,
GuidancePolicy & Intent
Programmability Statistics, States,
Events
Program for Optimized Experience
Harvest Network Intelligence

60. Cisco ONE
A Comprehensive Approach
SDN
Open APIs
Open Cloud
Virtualization (NFV)
Industry-Defined
Bidirectional Interaction
Real-time Analytics
Orchestration
Automation
Cisco Innovative Extensions
+

61. Cisco Approach: Flexibility to Choose
• Match the model with the use case
• Deploy hybrid for optimal business results
Multiple Approaches to SDN
Cisco ONE Enables All of Them
Controller
OpenFlow
Device
Device with
OpenFlow
Device
Other
Agents
Apps
APIs
Network
Apps
Virtual Overlays
Network
Physical
and
Virtual
Apps

62. Control Plane and Data Plane Separation Strategy
Open Daylight ONE Controller
Open Flow ONE PK
Open Source Cisco

63. Data and Control Plane Abstraction Build on
Known Mechanisms and Features
RPNetFlow
QoS
PBR
EVC
ABF
IP
MPLS
TE
Route
Science
PfR
Segment
Routing
CBTS
PBTS

64. Network Function Virtualization (NFV)
Many familiar network functions are already virtualized on UCS!
LAN Switch
(VEM/
Nexus1K)
Security
Gateway
(VSG)
Identity
Services
(vISE)
Adaptive
Security
(vASA)
WAN
Acceleration
(vWAAS)
Mobility
Services
(vMSE)
Wireless LAN
Control
(vWLC)
Route
Reflector
(VRR)
Video
Cache
Network
Analytics
(vDNA)
Network
Analysis
(vNAM)
Network
Management
(PRIME NCS)
CSR
(vCE/vPE)
Load
Balancers
vEPC
(M2M)
Cisco Unified Computing System (UCS)

65. Orchestration & Management
…$

66. SDN$101$
Cisco$One$
Use$Cases$
Summary$

67. SDN Progression / Evolution over Time
)
)
pandp$
Business)
Applica1ons)
Infrastructure/IaaS)
Middleware/PaaS)
“My$business$app$is$deployed$on$a$IaaS/
PaaS$cloud$service.$$$
It$enables$me$to$release/deploy$faster.”$
“My$business$app$interacts$with$the$network$
and$programs$changes$to$the$network.$$$
It$improves$my$app’s$user$experience$and$
lowers$my$opex.”$
Business)
Applica1ons)
Infrastructure)
Middleware)
“My$business$app$interacts$with$the$network$
and$harvests$informaLon$from$the$network.$$$
It$improves$my$app’s$user$experience.”$
Business)
Applica1ons)
Infrastructure)
Middleware)
1$ 2$ 3$
Programma1c)access)
ApplicaNon$doesn’t$directly$program$a$change$to$the$
network,$but$benefits)from)orchestra1on.$
ApplicaNon$directly)programs)a$change$
to$the$network.$
ApplicaNon$harvests)intelligence)from$the$network$
through$direct$programmable$interface.$

68. )
)
SDN Progression / Evolution over Time
Business)
Applica1ons)
Infrastructure/IaaS)
Middleware/PaaS)
“My$business$app$is$deployed$on$a$IaaS/
PaaS$cloud$service.$$$
It$enables$me$to$release/deploy$faster.”$
“My$business$app$interacts$with$the$network$
and$programs$changes$to$the$network.$$$
It$improves$my$app’s$user$experience$and$
lowers$my$opex.”$
Business)
Applica1ons)
Infrastructure)
Middleware)
“My$business$app$interacts$with$the$network$
and$harvests$informaLon$from$the$network.$$$
It$improves$my$app’s$user$experience.”$
Business)
Applica1ons)
Infrastructure)
Middleware)
1$ 2$ 3$
pandp$
ApplicaNon$doesn’t$directly$program$a$change$to$the$
network,$but$benefits)from)orchestra1on.$
ApplicaNon$directly)programs)a$change$
to$the$network.$
ApplicaNon$harvests)intelligence)from$the$network$
through$direct$programmable$interface.$
Programma1c)access)

69. SDN Progression / Evolution over Time
)
)
pandp$
Business)
Applica1ons)
Infrastructure/IaaS)
Middleware/PaaS)
“My$business$app$is$deployed$on$a$IaaS/
PaaS$cloud$service.$$$
It$enables$me$to$release/deploy$faster.”$
“My$business$app$interacts$with$the$network$
and$programs$changes$to$the$network.$$$
It$improves$my$app’s$user$experience$and$
lowers$my$opex.”$
Business)
Applica1ons)
Infrastructure)
Middleware)
“My$business$app$interacts$with$the$network$
and$harvests$informaLon$from$the$network.$$$
It$improves$my$app’s$user$experience.”$
Business)
Applica1ons)
Infrastructure)
Middleware)
1$ 2$ 3$
ApplicaNon$doesn’t$directly$program$a$change$to$the$
network,$but$benefits)from)orchestra1on.$
ApplicaNon$directly)programs)a$change$
to$the$network.$
ApplicaNon$harvests)intelligence)from$the$network$
through$direct$programmable$interface.$
Programma1c)access)

70. Cisco IT’s SDN Roadmap
FY15FY14
Compartmentalized$SoluNons$ Systemic$SoluNons?$
Solu1on)
Strategy)
DC)Monitor)Manager)
(aka$Network$Tap$
Aggregator)$
WAN)Traffic)Steering)
Plan/Design/Test$Monitor$Manager$ Deploy$Monitor$Manager$to$RTP$/$RCDN9$/$ALLN01$$
Assess$Transit$SelecNon$
ACL)Management)
Assess$ACL$
Management$
Security)Threat)Detec1on)
&)Mi1ga1on)
Assess$&$Prototype$
XNC)GA)
Sep)
Nexus)6000)
Jan/Feb)
Produc1on)Target)(NC))
Dependencies)
In)Evalua1on)
QoS)Management) Assess$QoS$Mgmt$
Enterprise)Tap)
Cloud)Iden1ty)Connector)
As)of)Sep)13,)2013)
Nov) Plan/Design/Test$$
Selected$Use$Cases$
Nov)
Pilot$Deployment$of$
Selected$Use$Case(s)$

71. MONITOR MANAGER
Use Case #1
71

72. Network Monitoring – Existing Challenges
• Problem
– SPAN sessions have limited scalability and are currently not ‘sharable’
– Many teams require insight into DC flows for analytics
• Solution
– Multi-SPAN / Packet Capture solution that uses centralized flow control
– Single Pane of Glass into Data Center traffic
– Packet capturing as a service
– Scalability: many source to many destinations
– Adjustable to changing DC Network Architectures
72

73. Solution Architecture – Overview
• A Software Defined Networking (SDN) solution
• SPAN sessions are aggregated on Nexus 6000 & 3000
switches, via a combination of network taps and SPAN
sessions
• Nexus switches are managed by an Cisco ONE Openflow
Controller
• Controller directs the flow of SPAN traffic from ingress ports to
egress ports to reach their target traffic analysis collectors
• End result is a consolidation of traffic analysis collectors,
freeing up space in the data center pods, and a centralized
management of SPAN sessions
73

74. Analysis)tools)
NAM module
Infinistream
CSPO: IDS
NAM
Collectors)for)
applica1ons)
Data)Center)1) Data)Center)2)
SSWs$
DC$GWs$
UCS$
SSWs$
DC$GWs$
UCS$
N6K$
N3048$
N3048$
N6004$
Controller)
SPAN$edge$pod2$
SPAN$edge$pod1$
SPAN$AggregaNon$
Optical TAP
SPAN
‘Monitor Manager’ - Solution Architecture
PROBLEM$

75. WAN TRAFFIC STEERING
Use Case #2
75

76. Traffic Steering Use Case
Secondary$Path$
Private/Internet$
Today) !)Tomorrow)
Ac1veXStandby)Rou1ng)Policy) Ac1veXAc1ve)Rou1ng)Policy)
Branch)Office)
One)Sta1c)Policy)
Command)Line)Controlled)
Applied)to)all)Branch)Offices)
Dynamic)Intelligent)Policy)
Applica1on)Controlled)using)ONEpk)
Intelligently)apply)policy)
Benefits:)Cost$Avoidance$&$Improved$User$Experience$
Branch)Office)
Primary$Path$
Private$WAN$

77. Use Case: Traffic Steering for Branch Offices
Scenario 0: Default Network Behavior - only primary path utilized
Route Policy Engine Secondary PathPrimary Path
Policy$
p Secondary$Path$only$uNlized$if$primary$
path$fails$
WAN GW 2
Voice/Video/Data Clients
Presentation Engine
Connected
Backup
WAN GW 1
OnePK Application
Structure
Enterprise Network
Data Center

78. Use Case: Traffic Steering for Branch Offices
Scenario 1: Non-Business critical traffic routed via backup circuits
Route Policy Engine
Policy$
Presentation Engine
OnePK Application
Structure
Connected
Backup
Enterprise Network
Data Center
Secondary PathPrimary Path
WAN GW 2
Voice/Video/Data Clients
WAN GW 1
Benefits)
More$effecNve$use$of$branch$site$
WAN$bandwidth$across$large$
enterprise$network$
p Cost$Savings$
p User$Experience$
p Manageability$
$
1. Populate$Route$policy$into$Engine$
2. Route$Policy$pushed$to$Routers$
3. PC$backup$traffic$routed$via$backup$ckt$
$$

79. Use Case: Traffic Steering for Branch Offices
Scenario 2: Primary Path Failure – Deny Connected Backup on Secondary Path
Route Policy Engine
Policy$
Presentation Engine
OnePK Application
Structure
Connected
Backup
Enterprise Network
Data Center
Secondary PathPrimary Path
WAN GW 2
Voice/Video/Data Clients
WAN GW 1
Benefits)
User$experience$for$criNcal$business$
services$is$preserved$following$a$
circuit$failure$

80. SDN$101$
Cisco$One$
Use$Cases$
Summary$

81. Why Cisco ONE?
Monetize
• Launch services
quicker
• Customize
services per
tenant
• Extrapolate
business
intelligence
from Network
Data
Simplify
• Dynamic Network/
Device
Configuration
• Fewer Tools and
Interfaces
• Shift Resources
from operations
to services
creation
Optimize
• Use Real-Time
data to improve
application
performance
• Dynamically
shift workload
between
resources
• Improve Resource
Utilization

82. Multiple Approaches to SDN
Cisco ONE Enables All of Them
Platform API.s
[+]
Controller & Agents
[+]
Network Overlays

83. Open Programmable
Application
Aware
[ + +
]
Cisco ONE

84. Thank You.