Download Pdf Presentation Here
Total Page:16
File Type:pdf, Size:1020Kb
Brocade SDN/OpenFlow Update Legal Disclaimer All or some of the products detailed in this presentation may still be under development and certain specifications, including but not limited to, release dates, prices, and product features, may change. The products may not function as intended and a production version of the products may never be released. Even if a production version is released, it may be materially different from the pre-release version discussed in this presentation. NOTHING IN THIS PRESENTATION SHALL BE DEEMED TO CREATE A WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT OF THIRD-PARTY RIGHTS WITH RESPECT TO ANY PRODUCTS AND SERVICES REFERENCED HEREIN. ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and The Effortless Network and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of others. © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 2 Agenda • Brocade Flow Optimizer Application • Brocade SDN Controller • New Brocade OpenFlow router features • Presenter’s latest research work © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 3 Brocade Flow Optimizer Application REST API Internet • Integrated sFlow Data Collector SDN Apps Flow Optimizer . App N • User-defined traffic policies and actions Campus ‒ Custom L2-L4 fields (with wildcards) Controller OpenFlow ‒ Actions: Drop; Redirect; Rate Limit; Mirror; Data QoS Re-Mark sFlow MLXe Center • 7 built-in DDoS attack detection profiles Policies ‒ DNS Reflection, ICMP Flood, UDP Flood MLXe MLXe ‒ Metrics CharGEN, QOTD , SSDP (new with R1.1*) (flow parameters, bandwidth) • REST interface for integration with other systems VDX VDX Conditions • Browser based User Interface (UI) (e.g., bandwidth above x Mb/s) ‒ Dashboard ‒ Real-time and Historical Charts Actions (Drop, remark, redirect, …) (*) Roadmap items subject to change © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 4 7 Built-in Policy Profiles • DDoS mitigation ‒ UDP/ICMP Ping Flood ‒ NTP/DNS Reflection • CharGen, QOTD, and SSDP (R1.1*) (*) Roadmap items subject to change © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 5 Historical Data Charts Chart scale (R1.1*) • Last 30 days 30 min, 1hr 1s granularity (up to 30 min R1.0) 1 day 1min granularity 1 week 5min granularity • Top 5 flows in selected duration 30 Days 1 day granularity (*) Roadmap items subject to change © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 6 Traffic Flow Reporting • Option to display MPLS and VxLAN attributes (R1.1*) ‒ VxLAN • VxLAN ID (VNI) • Inner UDP Headers ‒ MPLS • Label • TTL • Label Stack • Traffic Class (*) Roadmap items subject to change © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 7 Traffic Wiretap Wiretap on the traffic matching this profile … (R1.1*) WAN/Internet/ Campus Flow Optimizer . App N OpenFlow Policy-Based Application Traffic sFlow MLXe Wiretap Data Center Analytics Appliance Network (*) Roadmap items subject to change © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 8 Internal Traffic Control Network access control and security Control Application X Flow Optimizer . App N traffic … OpenFlow App X traffic OF 1.3 Normal Forward IPsec Tunnel (R1.1*) Matching for Compliant Resources Re-direct ANALYZER Drop • Access based on MAC / IP addresses • Suitable for user access, service and application • Redirect or Drop Traffic entitlement level policies (*) Roadmap items subject to change © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 9 External Traffic Control Limit traffic from specific addresses (by name/IP) WAN/Internet A B C . Flow Optimizer App N Policy-Based Application Traffic Control (e.g., rate OpenFlow limit, drop, QoS re-mark) Limit Drop QoS sFlow MLXe re-mark Campus Network © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 10 High Bandwidth Traffic Firewall Bypass “Science DMZ” SDN-enabled high bandwidth REST API trusted traffic firewall bypass “Science traffic” allowed to bypass the firewall … WAN/Internet Flow Optimizer . App N • Routing trusted science traffic OpenFlow Firewall directly to the Science Network (bypassing the Firewall) sFlow MLXe Reference: “The Science DMZ: A Network Design Pattern for Data-Intensive Science”, Eli Dart, Lauren Rotman, “Science Traffic” Brian Tierney, Mary Hester (Energy Sciences Network (policy action = “redirect”) Lawrence Berkeley National Laboratory), Jason Zurawski (Internet2), SC13, November, 2013 Campus Network Science Network © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 11 The Brocade SDN Controller • Quality-assured controller built continuously from the OpenDaylight project Developer Training and Developer Professional Tools Support Partners Services • All Brocade enhancements contributed back to the community - minimizes vendor lock-in Developer Interfaces RESCONF JAVA OpenStack • NEUTRON ML2 Technical assistance center with SLA-based support and defect resolution Services and Abstraction Engine YANG Models Topology Host Akka Stats • Support for Brocade MLX, VDX, ICX and Mapper Tracker Clustering Manager vRouter families • Support for popular 3rd-party switches/routers Southbound Plugins • Comprehensive developer support program for OpenFlow NETCONF OVSDB PCEP SNMP BGP training, application testing, and repo access • Professional services offers for app 3rd-Party development and integration Virtual Physical © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 12 Brocade OpenFlow-Enabled Products Campus and Data Center Networks Campus ICX 6610 • MLXe MLXe • CES/CER • ICX 6610, 7250, 7450, 7750 ICX 7250 CES/CER ICX 7450 ICX 7750 © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 13 New OpenFlow Features MLXe/CES/CER Highlights (SW Rel. 5.9) ICX highlights (SW Rel. 8.0.40) • Layer 2 support with Hybrid Port Mode* (MLXe) • Flow timeout ‒ L2 VLAN switching, MAC learning, MSTP, RSTP, ERP, LLDP, LACP, L2 MCT, and VPLS MCT ‒ Idle and hard timeouts • VRF Lite (IPv4/v6) support with Hybrid Port • Flood and All actions Mode* (MLXe) ‒ VLAN-VE, VPLS-VE • Normal mode with output port, metering, and priority • MPLS Label support (MLXe) ‒ Push one or two labels, set EXP • Support for OpenFlow on a stack of ‒ Modify outer label, modify outer label and push label ICX units ‒ Match outer label and BoS bit ‒ etc. • Flow timeout (MLXe and CES/CER) ‒ Idle and hard timeouts (*) In addition to L3 routing with Hybrid Port Mode, which was already supported prior to SW Rel. 5.9 © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 14 Presenter’s Latest Research Work • “Policy Architecture and Framework for • “SDN Multi-Domain Orchestration NFV Infrastructures” and Control: Challenges and https://datatracker.ietf.org/doc/draft-irtf-nfvrg-nfv-policy-arch/ Innovative Future Directions”, IEEE ICNC 2015, Feb 2015 To Main Domain Multi-Domain Multi-Domain SDN Policy Architecture Region 1 Global Policy Engine Architecture Main Domain Region 1 Whatever Whatever Domain Subsystem Subsystem Local Policy Engine Local Policy Engine Region 1 Region 3 Region 2 Domain Domain Domain WAN 1 WAN1 WAN3 WAN2 Domain Domain Domain DC 1 Domain WAN 1 Global Policy Engine DC 2 Domain DC 1 Global Policy Engine DC N Global Policy Engine Policy Pub/Sub Bus WAN4 Policy Pub/Sub Bus Policy Pub/Sub Bus DC1 DC2 Domain DC3 DC4 Network Whatever Domain Domain Domain Domain Subsystem Subsystem Compute Network Storage Whatever Compute Network Storage Whatever Subsystem Subsystem Subsystem Subsystem Local Policy Engine Local Policy Engine Subsystem Subsystem Subsystem Subsystem Local Policy Engine Local Policy Engine Local Policy Engine Local Policy Engine Local Policy Engine Local Policy Engine Local Policy Engine Local Policy Engine © 2015 Brocade Communications Systems, Inc. All Rights Reserved. 15 Thank you.