Last week, I wrote about Cisco’s SDN Strategy for the Data Center. I’d like to follow that up with 2 comments today.
- A reminder of the fact that we’ll be doing a webinar tomorrow on this topic, and
- A general observation regarding SDN making the world a better place (don’t roll your eyes yet. There’s beer involved. Well, kind of. Read on…)
The webinar is called “How To Simplify and Automate Your Data Center With Cisco’s SDN Strategy” and its tomorrow, September 15, 2015 at 10am PST. You can register here. We’ll spend a few minutes talking about ACI, then much of the time on Programmable Fabric and Programmable Networks. As the webinar name would imply, we’ll cover some cool tools that help make your life easier, if you have something to do with deploying and operating networks in a data center. We’ll have at least one demo and relate the technology back to some use cases, showing how SDN can be applied in practical ways.
As you consider the evolution of SDN over the past few years, its more or less gone from this thing with a limited definition (separation of control plane from data plane, etc.) that was kind of a solution looking for a problem, to a more loosely defined set of capabilities that are having real impact. There are still folks who define as SDN as “Still Does Nothing”, but I think that – even if you wipe away the hype from the media, analysts, vendors, etc. – SDN is making business more effective and helping make peoples lives better. I’m not talking like feeding the hungry, creating global peace type “make peoples lives better”.
I’m talking about the fact that most jobs have a certain amount of stuff that is cool/interesting/challenging/fun and another part that, well, just has to get done. The part that can be boring/laborious/mind numbing. A long time ago, I used to run a network. I would copy and paste configs from one box, make a few changes to IP addresses, or interface numbers, or ACLs, or maybe route redistribution metrics, or whatever – and paste them to another box. Rinse, repeat. Many times. This was tedious stuff. And for the most part, not very interesting. Any activity with a lot of copy and pasting is probably better done by a machine than a human. But a lot of people are still running their networks in pretty much the same way.
There is a better way. SDN can help you minimize the ‘just have to get it done’ part of your job, so you can spend more time on stuff that is impactful and engaging. We will dig into this more tomorrow. So, maybe you won’t be displacing Mother Theresa, but you can make your world a better, more cool/interesting/challenging/fun place. And have more time to drink beer. Or do whatever it is you like to do. In any case, I hope you can be there.
Tags: ACI, automation, beer, cloud, data center, SDN
Fast IT – It started in our Data Center, and now it’s everywhere
“Fast IT” started for Cisco as “Easy IT”. It was our data center infrastructure engineers who saw that they could automate a 3-week job (building virtual server infrastructure in the data center) in under 15 minutes, and of course they jumped at the chance. They built a set of scripts to automate these processes and saved themselves a LOT of work.
Read More »
Tags: ACI, Easy IT, Fast IT, IaaS, paas, Rich Gore, UCS
Cisco Intelligent Traffic Director (ITD) is an innovative solution to bridge the performance gap between a multi-terabit switch and gigabit servers and appliances. It is a hardware based multi-terabit layer 4 load-balancing, traffic steering and clustering solution on the Nexus 5k/6k/7k/9k series of switches.
It allows customers to deploy servers and appliances from any vendor with no network or topology changes. With a few simple configuration steps on a Cisco Nexus switch, customers can create an appliance or server cluster and deploy multiple devices to scale service capacity with ease. The servers or appliances do not have to be directly connected to the Cisco Nexus switch.
ITD won the Best of Interop 2015 in Data Center Category.
With our patent pending innovative algorithms, ITD (Intelligent Traffic Director) supports IP-stickiness, resiliency, consistent hash, exclude access-list, NAT (EFT), VIP, health monitoring, sophisticated failure handling policies, N+M redundancy, IPv4, IPv6, VRF, weighted load-balancing, bi-directional flow-coherency, and IPSLA probes including DNS. There is no service module or external appliance needed. ITD provides order of magnitude CAPEX and OPEX savings for the customers. ITD is much superior than legacy solutions like PBR, WCCP, ECMP, port-channel, layer-4 load-balancer appliances.
ITD provides :
- Hardware based multi-terabit/s L3/L4 load-balancing at wire-speed.
- Zero latency load-balancing.
- CAPEX savings : No service module or external L3/L4 load-balancer needed. Every Nexus port can be used as load-balancer.
- Redirect line-rate traffic to any devices, for example web cache engines, Web Accelerator Engines (WAE), video-caches, etc.
- Capability to create clusters of devices, for example, Firewalls, Intrusion Prevention System (IPS), or Web Application Firewall (WAF), Hadoop cluster
- Resilient (like resilient ECMP), Consistent hash
- VIP based L4 load-balancing
- NAT (available for EFT/PoC). Allows non-DSR deployments.
- Weighted load-balancing
- Load-balances to large number of devices/servers
- ACL along with redirection and load balancing simultaneously.
- Bi-directional flow-coherency. Traffic from A–>B and B–>A goes to same node.
- Order of magnitude OPEX savings : reduction in configuration, and ease of deployment
- Order of magnitude CAPEX savings : Wiring, Power, Rackspace and Cost savings
- The servers/appliances don’t have to be directly connected to Nexus switch
- Monitoring the health of servers/appliances.
- N + M redundancy.
- Automatic failure handling of servers/appliances.
- VRF support, vPC support, VDC support
- Supported on all linecards of Nexus 9k/7k/6k/5k series.
- Supports both IPv4 and IPv6
- Cisco Prime DCNM Support
- exclude access-list
- No certification, integration, or qualification needed between the devices and the Cisco NX-OS switch.
- The feature does not add any load to the supervisor CPU.
- ITD uses orders of magnitude less hardware TCAM resources than WCCP.
- Handles unlimited number of flows.
- Load-balance traffic to 256 servers of 10Gbps each.
- Load-balance to cluster of Firewalls. ITD is much superior than PBR.
- Scale IPS, IDS and WAF by load-balancing to standalone devices.
- Scale the NFV solution by load-balancing to low cost VM/container based NFV.
- Scale the WAAS / WAE solution.
- Scale the VDS-TC (video-caching) solution.
- Scale the Layer-7 load-balancer, by distributing traffic to L7 LBs.
- ECMP/Port-channel cause re-hashing of flows. ITD is resilient, and doesn’t cause re-hashing on node add/delete/failure.
Documentation, slides, videos:
Email Query or feedback:firstname.lastname@example.org
Please note that ITD is not a replacement for Layer-7 load-balancer (URL, cookies, SSL, etc). Please email: email@example.com for further questions.
Connect on twitter: @samar4
Tags: #BestofInterop, #CiscoITD, #CiscoLive2015, #CLUS, ACE, ACI, ASA, ASA 1000V Cloud Firewall, best of interop, Best of Interop 2015, Best of Interop Finalist, Big Data, cache engines, Cisco, Cisco Nexus, Cisco Nexus 5600, Cisco Nexus 7000, Cisco Nexus 9000, Cisco Nexus Switches, Cisco Prime NAM, Cisco WAAS, ciscolive, citrix, cloud, Cloud Computing, container, data center, Data Center container, F5, FirePOWER, Imperva, Imperva SecureSphere WAF, innovation, interop, IPS, ITD, load balancer, Load Balancing, nexus, Nexus 7000, NFV, SDN, security, server load balancer, Service Provider, Sourcefire, video, Web Application Firewall
Cisco has a broad spectrum of customers across a wide range of markets and geographies. These customers have a diverse set of requirements, operational models and use cases, meaning that a one size fits all SDN strategy does not fit all our customers. As a result, we made a series of announcements earlier this summer (at Cisco Live San Diego) that continued to showcase how our SDN strategy provides customers with a high degree of choice and flexibility. This blog will review key elements of the strategy, as well as provide a bit of background and context around them.
Cisco’s SDN strategy for the Data Center is built on 3 key pillars:
- Application Centric Infrastructure (ACI)
- Programmable Fabric
- Programmable Network
This approach enables our customers to choose the implementation option that best meets their IT and business goals by extending the benefits of programmability and automation across the entire Nexus switching portfolio. Let’s consider each of these pillars.
A lot has been said and written about ACI already, so I’ll keep this section on ACI brief. ACI is Cisco’s flagship SDN offering. It offers the most comprehensive SDN solution in the industry. Based on an application centric policy model, ACI provides automated, integrated provisioning of both underlay and overlay networks, L4-7 services provisioning across a broad set of ecosystem partners, and extensive telemetry for application level health monitoring. These comprehensive capabilities deliver a solution that is agile, open, and secure, offering customers benefits no other SDN solution can.
I know the paragraph above was a bit of a mouthful. For a quick snapshot of what that all translates to in terms of actually helping a customer, check out this report from IDC. If you want to learn more about ACI, go here.
This pillar is all about providing scale and simplicity to VXLAN Overlays. Beyond that, it provides a clear path forward for the overall Nexus portfolio to participate in and derive the benefits of SDN.
VXLAN has gained huge momentum across the industry for a wide variety of reasons that, in many cases, involve improvements over traditional technologies such as VLANs and Spanning Tree. These involve attributes such as more efficient bandwidth use via Equal Cost Multi Pathing (ECMP), higher theoretical scalability with 16 million segments, and more flexibility through use of an overlay model upon which multi tenant cloud networks can be built. As momentum for VXLAN networks grows, so does the demand for 2 key things:
- A standards based approach to scale out VXLANs, and
- Simplified provisioning and management of them.
Regarding a standards based approach to scale out VXLANs, Cisco is now supporting “Multipoint BGP EVPN Control Plane” on Nexus switches. Why does this matter? Well, the original VXLAN spec (RFC 7348) relied on a multicast based flood-and-learn mechanism without a control plane for certain key functions (e.g. VTEP peer discovery and remote end host reachability). This is a suboptimal approach. To overcome the limitations inherent with this approach, the IETF developed MP BGP EVPN Control Plane as a standards-based control plane for VXLAN overlays. This reduces traffic flooding on the overlay network, yielding a more efficient and more scalable approach.
As far as the second item, simplified provisioning and management, Cisco announced an overlay management and provisioning system. This new solution, called Virtual Topology System (VTS), automates provisioning of the overlay network, so as to enhance the deployment of cloud based services. Through an automated overlay provisioning model and tight integration with 3rd party orchestration tools such as OpenStack and VMWare VCenter, VTS simplifies overlay provisioning and management for both physical and virtual workloads by eliminating manually intensive network configuration tasks. These whiteboard sessions provide an overview and also a bit more technical detail, if you’re interested.
Infrastructure programmability is a big deal because it drives automation, which drives speed, which is an obvious prerequisite for the success of just about any business dealing with digital disruption. As programmability evolves, Cisco continues to roll out more and more capabilities across the Nexus portfolio. We have a broad range of features in this space including things such as Programmable Open APIs, integration with 3rd party DevOps and Automation tools, Custom App Development, and Bash shell commands. This set of capabilities within NX-OS facilitates the concept of the Programmable Network pillar. Let’s consider how this may be useful for you.
A while ago, a small number of customers with very large networks started shifting the way they operated. Their networks were growing very large because (not too surprisingly) the number of users, thus servers, was growing very large. As the number of servers grew larger and faster, they realized they had a choice:
- Hire a zillion new sys admins, or
- Brutally overwork their existing sys admins, or
- Deploy and manage servers in new and different ways.
The last option won out (in many cases, anyhow), and the revelation was automation. That is, tools that automated server deployment and management helped these sys admins and their employer’s scale the business. In the process, they paid close attention to metrics like the number of servers a given admin was managing. These “device to admin” ratios went up a lot…like in some cases orders of magnitude. With automation tools and other changes (to culture, process, etc.), some companies saw admins managing not 10’s or 100’s of servers, but 1000’s of servers. They also started experimenting with and employing DevOps – a term that at this point has a multitude of meanings, but is defined here in simple English.
As these elements have converged, people across different silos have started to collaborate a bit more, and as a result, tips, tricks and tools have started to spill across the silos. So, for example, as sys admins saw efficiency gains from using tools like Puppet and Chef to automate tasks on their servers, there was a desire to use the same tools on networks. In other cases, someone who was comfortable with Linux and wanted to work from a Bash shell wanted to use those commands for configuration and troubleshooting on the network as well as servers. Others wanted APIs that would allow extraction of all sorts of arcane box info to be massaged and acted upon by scripts and other tools.
Essentially, there was a need for more elements of the box to be more accessible and programmable in a wide variety of ways. It’s worth noting that although these trends started with a small subset of customers, many of the elements are working their way out to a much broader, more diverse cross section of customers. As this evolution has occurred, Cisco has been adding more programmability to the Nexus switches. This paper provides a more detailed view of various use cases and the functionality Nexus provides.
In summary, these 3 pillars of ACI, Programmable Fabric and Programmable Network provide a wide range of capabilities to help our customers across the broad spectrum of challenges they have. In the coming weeks and months, we’ll provide more information – here, as well as other venues – to help you better understand the strategy and its components. If this blog was too geeky and you’re looking for upleveled info, we’ll have that. If this was too fluffy, and you want more technical depth, we’ll have that as well. To punctuate this point, I’ll be hosting a webinar on September 15 that will cover the above in more detail. You can register here.
Tags: ACI, automation, Cisco Nexus, cloud, data center, Nexus switching, Programmable, VXLAN
Modern demands in virtualization, cloud, and the Internet of Things are shifting the network landscape and require advanced solutions to manage critical network services across physical, virtual, and cloud environments.
Recently, I had the opportunity to speak with InfoBlox’s Chief Technology Officer, Alan Conley, about automating core network services – DNS, DHCP, and IP Address Management (DDI) – with Cisco Application Centric Infrastructure (ACI). In this video interview, Alan spoke about the common challenges InfoBlox and Cisco customers face in security and automation in their data centers.
Alan eloquently explains how ACI micro segmentation to enhance security for East-West traffic in the data center complements InfoBlox’s secure DNS server that detects and mitigates malware and botnets trying to attack customer networks.
He also shared how a number of InfoBlox customers are looking for the integration of InfoBlox DDI and Cisco ACI to deliver highly secured solutions but also ones that are operationally agile.
I really encourage you to listen to Alan Conley’s enlightening interview.
For more information:
InfoBlox Enterprise-grade DNS, DHCP, and IP Address Management (DDI) datasheet
InfoBlox Demonstrates a New Approach to DNS Security blog
Tags: ACI, Alan Conley, Cisco ACI, DDI, DHCP, dns, Harry Petty, InfoBlox, IPAM, SDN