Written by Greg Nehib, Cisco Senior Product Marketing Manager
Network functions virtualization (NFV) and Software Defined Networking (SDN) will get a lot of interest this year at BBWF 2014 Broadband World Forum 2014 as carriers seek to make networks more agile and efficient. In talking to both service providers and large enterprises, it’s clear that we are already in another major transition in the networking industry.
I’ve spoken with many talented individuals about what NFV and SDN means to their networks. Some of these visions are very broad and long ranging and some are more narrowly focused on delivering or optimizing a single service very quickly. It’s clear that NFV has already been deployed in many different service applications while SDN has been noticeably slower to develop a focused following. Even in the case of Virtualized Network Functions (VNFs), there is an interesting combination of features focused on services delivery and features focused on infrastructure innovation. In this case “services” are typically the services that carriers sell to their end customers such as a Virtual Private Network (VPN) and “infrastructure” is the virtualization of the typical network functions such as a virtualized route reflector on an x86 based server instead of running the route reflector application in an existing (physical) router. Read More »
Tags: BBWF, Cisco, network functions virtualization, opex, router, SDN, service providers, software defined network, virtualization, VNF
Organizations are migrating to the cloud because it dramatically reduces IT costs as we make much more efficient use of resources (either ours or by leveraging some cloud provider’s resources at optimal times). When done right, cloud also increases business agility because applications and new capacity can be spun up quickly on demand (on-premises or off), network and services configurations can be updated automatically to suit the changing needs of the applications, and, with enough bacon, unicorns can fly and the IT staff can get home at a reasonable hour.
Whenever you ask a CIO-type at any of these organizations what’s holding them back from all this cloud goodness, though, more often than not the answer has something to do with security: “Don’t trust the cloud…”, “Don’t trust the other guy in the cloud…”, “Cloud’s not compliant…”. You have to be something of a control freak to be a CIO/CISO these days, and, well, isn’t “cloud” all about giving up some control, after all (in return for efficiency and agility)?
Even if you overcome your control issues and you find a cloud you can trust (even if it’s your own private cloud – we can take baby steps here…), if we are going to achieve our instant on-demand application deployment, network provisioning and cost-efficient workload placement process, it turns out all the security stuff can throw another obstacle in our way. Cloud security isn’t like old-fashioned data center security where you could just put a huge firewall in front of the data center and call it good. For secure multi-tenancy and a secure cloud overall, virtually every workload (or “every virtual workload”?) needs to be secured from every other (except for the exceptions we want to make). Some folks call this “microsegmentation”, a fancy word for an old concept, but, a fundamental requirement that cloud deployments need to address. (Spoiler alert: ACI does this very well.) Read More »
Tags: ACI, application centric infrastructure, Cisco ASA, SDN
We are excited to announce the availability of Cisco Nexus Data Broker software release 2.0. Using the Cisco Nexus Data Broker software, Cisco’s approach replaces the traditional purpose-built matrix switches used for network taps or SPAN aggregation with one or more OpenFlow-enabled Cisco Nexus switches.
Visibility into application traffic has traditionally been important for infrastructure operations to maintain security, resolve problems, and perform resource planning. Now, however, as a result of technological advances and the ubiquity of the Internet, organizations increasingly are seeking not just visibility but real-time feedback about their business systems to more effectively engage their customers. Also, with the rapid evolution of cloud-based technologies, there is a strong need for scalable and cost-effective network traffic tap/SPAN aggregation for traffic monitoring solutions. The traditional approach that uses purpose-built matrix switches for netowrk tap/SPAN aggregation to feed traffic to multiple systems for security, compliance and application performance monitoring has three primary challenges:
- This approach is too expensive to scale the visibility to meet today’s business requirements.
- The purpose-built switches are statically programmed with predetermined filtering and forwarding rules, so they cannot act in an event-based way to provide traffic visibility in real time.
- Support for interconnecting multiple switches for a scalable deployment that suits your data center architecture is limited.
With Cisco Nexus Data Broker (see Figure 1), the traffic is tapped into this bank of switches in the same manner as in a purpose-built matrix network. However, with Cisco Nexus Data Broker, you can interconnect these Cisco Nexus switches to build a scalable tap and SPAN aggregation infrastructure. You also can use a combination of network taps and SPAN sources to bring the copy of the production traffic to this infrastructure. In addition, you can distribute the network tap and SPAN sources and traffic monitoring and analysis tools across multiple Cisco Nexus switches. Cisco Nexus Data Broker also provides the flexibility to aggregate traffic from multiple tap or SPAN sources and replicate and forward traffic to multiple analysis tools for monitoring. See Table 1 for a list of important features and functions.
Features of the New Cisco Data Broker Release 2.0
|Supported topology for Cisco® Monitor Manager network
- Cisco Nexus Data Broker software discovers the Cisco Nexus switches and associated topology for Tap/SPAN aggregation.
- The software allows you to configure ports as monitoring tool ports or input Tap/SPAN ports.
- You can set end-device names for easy identification in the topology.
|Support for QinQ to tag input source Tap/SPAN port
- You can tag traffic with a VLAN for each input Tap or SPAN port.
- Q-in-Q support in edge Tap and SPAN ports allow you to uniquely identify the source of traffic and preserve production VLAN information.
|Symmetric hashing or symmetric load balancing*
- You can configure the hashing based on Layer 3 (IP address) or Layer 3 + Layer 4 (protocol ports) for load balancing the traffic across a port-channel link.
- You can spread the traffic across multiple tool instances to meet the high-traffic-volume scale.
|Rules for matching monitored traffic
- You can match traffic based on Layer 1 through Layer 4 criteria.
- You can configure the software to send only the required traffic to the monitoring tools without flooding the tools with unnecessary traffic.
- You can configure action to set the VLAN ID for the matched traffic.
|Replicate and forward traffic
- You can configure the software to aggregate traffic from multiple input Tap/SPAN ports that could be spread across multiple Cisco Nexus switches.
- You can replicate and forward traffic to multiple monitoring tools that can be connected across multiple Cisco Nexus switches.
- This solution is the only one that supports any:many forwarding across a topology.
- You can time-stamp a packet at ingress using the Precision Time Protocol (PTP; IEEE 1588), thereby providing nanosecond accuracy. You can use this capability for critical transaction monitoring and archiving data for regulatory compliance and advance troubleshooting.
- You can configure the software to truncate a packet beyond specified bytes.
- The minimum is 64 bytes.
- You can retain a header for only analysis and troubleshooting.
- You can configure the software to discard the payload for security or compliance reasons.
|End-to-end path visibility
- For each traffic forwarding rule, the solution provides a complete end-to-end path visibility all the way from source ports to the monitoring tools, including the path through the network.
|React to changes in the Tap/SPAN aggregation network states
- You can monitor and keep track of network condition changes.
- You can configure the software to react to link or node failures by automatically reprogramming the flows through an alternative path.
|Management for multiple disjointed Cisco Monitor Manager networks
- You can manage multiple independent traffic monitoring networks, which may be disjointed, using the same Cisco Nexus Data Broker instance. For example, if you have five data centers and you want to deploy an independent Cisco Monitor Manager solution for each data center, you can manage all of these five independent deployments using a single Cisco Nexus Data Broker instance by creating a logical partition (network slice) for each monitoring network.
|Role Based Access Control (RBAC)
- Application access can be integrated with corporate AAA server for both authentication and authorization
- You can create port groups and associate the port groups with specific user roles
- Capability to assign users to specific roles and port groups; users can manage only those ports
*Feature supported only on Cisco Nexus 3500.
**Feature supported only on Cisco Nexus 3100.
Please visit the Cisco NDB website for more information. If you are going to be in NYC at Interop Sep 29 – Oct 2, please visit us to hear Jothi Prakash Prabakaran talk about Nexus Data Broker as a scalable network traffic monitoring solution in the Cisco booth (#611) theater.
Tags: Cisco Nexus Data Broker, Data Center Visibility, NDB, Nexus 3000, Nexus 7000, SDN, Tap/SPAN aggregation
By John Chapman, Cisco Fellow, CTO, Cable Access BU
This week, we and 10,000 or so hard-core engineering colleagues within the cable industry descend upon the city once known as the cable capital of the world — Denver, Colorado — and, like it’s been since the earliest days of the Society of Cable Telecommunications Engineers’ annual Cable-Tec Expo, a trending topic, now and forever, is bandwidth.
The reasons why are obvious, but indulge me a brief recap: Consumer usage of broadband grows at an compound annual rate of 50% or more, ever since about 2009, when Netflix began streaming video, in addition to mailing DVDs. Add to that the sheer number of video-capable, IP-connected screens we all use, and the fact that video itself is only scheduled to get bigger (we’re looking at you 4K), and it’s easy to envision why it’s a considerable challenge to keep the cable infrastructure updated, and capable of ever-increasing carrying capacities.
Here in Denver, we are focused on this challenge. Big picture, we are “transforming” cable access from a DOCSIS focus, to integrate DOCSIS with service provider WiFi, PON & FTTx, and MetroE into a single, easily- managed portfolio, which only Cisco can deliver. Doubleclicking on the DOCSIS pillar alone, we are taking the CMTS architecture and redefining it to deliver far more bandwidth, for far less cost. We see two technologies that stand out: Read More »
Tags: ccap, Cisco, network function virtualization, scte, SDN, service providers, virtualization, wi-fi
The last several months have been a roll with several customers, channel partner and technology partner engagements. With the ACI starter kits and lab bundles shipping, customers can bring this solution into their labs and subsequently into their production Pods with the Application Policy Infrastructure Controller (APIC) and the Nexus switching platforms. We see a healthy interest in these kits with customers as they explore its SDN capabilities. Several ecosystem partners like F5 and Citrix have started to ship device packages. We just came off a company wide sales conference at Las Vegas a couple of weeks ago that was hugely energizing. Policy as a means to drive automation, security and scale is now the major focus area for SDN as outlined originally by Cisco as more industry vendors now endorse the vision as evidenced by initiatives like OpenStack Congress. Investment protection continues to be a major Overall the new fiscal year promises to be an exciting one.
Soni Jiandani on SDN Central – Click for Q&A
Following up on the Unleashing IT magazine (ACI special edition) released last month, I wanted to share the momentum we’re experiencing with customers and partners as the acceleration continues. As John Chambers had outlined during the last earnings call, the adoption rate has been off to a tremendous start with some of the customers and partners featured in the video above.
We also continue to take the opportunity to answer questions as the vision around ACI continues to crystallize and rapidly evolves from concept to hard reality. This week we took the opportunity to have a Q&A session with SDN central. Soni Jiandani, SVP of Insieme Networks Business Unit at Cisco led the conversation. The featured interview can be accessed here. Soni crisply articulates the ACI value proposition while addressing some of the top of mind questions that come from the media.
Read More »
Tags: ACI, OpenStack, policy, SDN, Soni Jiandani