APPLICATION CENTRIC INFRASTRUCTURE
Brenden Buresh
DC Technical Solutions Architect
Allen Kluender
DC Technical Solutions Architect
© 2014 Cisco and/or its affiliates. All rights reserved.
THE NETWORK - INFORMATION BROKER FOR ALL APPLICATIONS
Applications
Are Changing
 Type
 Big Data, Distributed, Mobile
 Consumption
 Cloud – Public, Private, Hybrid
 Delivery
 Any where, Any Time, Any Device
%
78
Cisco Confidential
Network is even more critical to
delivering applications than a
year ago*
* Cisco Global IT Impact Survey
2
APPLICATION CENTRIC INFRASTRUCTURE – SUMMARY
ACI Vision: Rapid Deployment of Applications onto
Networks with Scale, Security and Full Visibility
• OPEN RESTFUL APIs
• CENTRALIZED POLICY MODEL
• OPEN SOURCE
CONTROLLER
Cisco Confidential
APPLICATION CENTRIC
NETWORK
ABSTRACTION
NEXUS 9500 and 9300
3
ACI BUILDING BLOCKS
FUTURE
PROOF—SOFTWARE
UPGRADABLENETWORKS
TO ACI
NEXT
GENERATION
NEXUS—TRADITIONAL
OPEN RESTFUL APIS
CENTRALIZED POLICY MODEL
OPEN SOURCE
SHIPPING NOW
APIC
CONTROLLER
PRICE
POLICY
MODEL
NEXUS
9500
and 9300
INNOVATIONS IN SOFTWARE HARDWARE AND SYSTEM DESIGN
PERFORMANCE
PORT DENSITY
PROGRAMMABILITY
POWER EFFICIENCY
OPTIMIZED NX-OS
>_
>_
RESILIENCY:
IN SERVICE PATCHING,
UPGRADE, FAST RESTART
Cisco Confidential
50% SIMPLER
CODE BASE
ACI
FUTURE PROOF
UPGRADABLE
TO ACI
NETWORK
VIRTUALIZATION
SUPPORT
PROGRAMMABILITY
AND AUTOMATION
4
APPLICATION CENTRIC INFRASTRUCTURE
PROGRESS AND MOMENTUM
New Nexus 9K Platforms
Nexus 9000 Momentum
ACI Ecosystem Update
NEW PARTNERS
PIPELINE >500 CUSTOMERS
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
20%
Other
13%
APJC
EMEAR
19%
US Commercial
26%
7%
US SP
US Enterprise
15%
CUSTOMERS ACROSS DIFFERENT
SEGMENTS
RAPID CHANNEL PARTNER SCALE
Early Design Wins in all Major Geographies and Segments:
Enterprise, Cloud, Service Providers, Public Sectors, Commercial
Cisco Confidential
5
CISCO SYSTEMS ACI, NEXUS PHYSICAL AND VIRTUAL
ENTERPRISE & SERVICE PROVIDER
Existing 3-TIER DESIGNS
PROGRAMMABLE SDN OVERLAY MODEL
APPLICATION CENTRIC INFRASTRUCTURE
DC Core
DC
PODs
Existing 2-Tier & 3-Tier Designs
Overlay Networks
(Full Bridging and Routing)
Open API - Programmability
Integrated Network Virtualization
No VM Tax – Any Hypervisor
Modernized Operating System
OpenFlow Support
Physical & Virtual
Nexus OS
Cisco Confidential
Application Centric Infrastructure
Open API’s & Controller
6
APPLICATION AND TENANT BEST PRACTICES
PRIVATE AND HYBRID CLOUD
Health
Score
82%
Systems
Telemetry
25
Packets
dropped
Latency
Isolation
APP
APP VISIBILITY
MOBILITY
Cisco Confidential
BOTH Physical and Virtual Applications
7
ACI EVOLVING IT SILO’S – CLOUD-BASED POLICY & AUTOMATION
Compute /
Virtualization
Security
Network
100%
Automated
CONNECTIVIT
Y POLICY
Migration
SECURITY
POLICIES
QOS
BANDWIDTH
RESERVATION
AVAILABILITY
Storage
Centralized
Operations
APPLICATIO
N L4-L7
SERVICES
STORAGE
AND
COMPUTE
Application Network Profile
Cisco Confidential
8
ELASTICITY AT SCALE / PAY AS YOU GROW
$100K
STARTING
STARTING
AT
200 PORTS
SCALING
TO
8K
MULTICAST
GROUPS
(PER LEAF)
1M
IPV4 / IPV6
END
POINTS
64K
TENANTS
576
60 TBPS
40G PORTS
CAPACITY
WIRE-RATE (PER SPINE)
(PER SPINE)
100K+
PORTS
BUILT FOR THE GROWING COMMERCIAL ENTERPRISE
TO THE LARGEST SERVICE PROVIDERS
Cisco Confidential
9
ACI SECURITY WITH MULTITENANCY
APIC
Import / Export Policy via API
Advanced Role Based
Access Control
Policy
Engine
Policy Separated from
Network Forwarding
(Support for External Policy Engines)
Encrypted Controller
Communication
Automated Services
Chaining
Complete Isolation with
Full Scalability and
Security
Centralized Compliance
and Auditing
Engineering
Sales
HR Finance
Legal
Marketing
ENABLING A DYNAMIC ENTERPRISE WITHOUT COMPROMISE
Cisco Confidential
10
INNOVATION DRIVING APPLICATION PERFORMANCE
Fabric Innovations
Case Study –
Big Data Analytics
Dynamic Load Balancing
Traditional Network
Dynamic Packet Prioritization
30% reduction in
completion time
ACI
Congestion Management
90%
60%
60%
Network Utilization
Cisco Confidential
100
150
200
250
Time (s)
300
Based on common network load and link failure scenarios
11
40G BIDI OPTICS PRESERVE EXISTING 10G CABLING
SIGNIFICANT TRANSCEIVER SAVINGS
10G Optical Link
Jumper
Cable
Patch
panel
Trunk Cabling
(100m)
Patch
panel
Jumper
Cable
+$6,259*
Traditional 40G Optical Link—Complete Replacement
$4,059
SAVINGS (LIST)
PER 40G LINK
+$2,200*
40G BiDi Optical Link—Reuse all 10G Cabling/Patch Panels
Source: Corning OM3 Cable & Patch Panel list prices, Cisco 40G BiDi list price, Competitors 40G SR4 list price
Cisco Confidential
12
IMPLICATIONS: CAPEX AND OPEX
CISCO DRIVING INDUSTRY LEADING TCO
CAPEX SWITCH
CAPEX OVERLAY
NETWORK OPEX **
TCO
NO WHITEBOX
ADVANTAGE
VM TAX FOR OVERLAY
SIGNIFICANT HIGHER
THAN A WHOLE
NEW NETWORK
35% OPEX SAVINGS
WITH ACI
75% TOTAL COST
OF OWNERSHIP
SAVINGS
+37.5%
$5,500*
$4,000*
Branded
Switch w/
integrated
HW/SW
Cumulus
SW $1,000
per year
Whitebox
$2,500
3 YEAR CAPEX
ToR EXAMPLE
$154
10 VM/10G
SWITCH PORT
x
$10 PER VM
PER MONTHS
=
$100 PER VM
PER MONTH
$40 OPEX*
CAPEX
27%
OPEX
73%
BEFORE ACI
$100
VM TAX
$40
$25 OPEX
$14 NETWORK $15 NETWORK
NETWORK
VIRTUALIZATION +
MERCHANT SWITCHES
APP
CENTRIC
CISCO
Source: * Deutsche Bank 9/27/2013: “Whitebox Switches Are Not Exactly a Bargain”; ASP for 64 port 10GE switch ** Cisco IT
Cisco Confidential
13
APPLICATION CENTRIC INFRASTRUCTURE
MOVING BEYOND VMWARE NSX – SDN LAN EMULATION (LANE)
Nexus 9000
NXOS
Fabric OS
NSX for vSphere
No 3rd Party
Controllers
APIC
OPEN Controllers
& OPEN API’s
No Open
Flow
Cisco Systems
Advantage
Open API’s & Data Model
APIC – Policy Controller Not SDN LANE > scale
Secure Open Device
Packages for L4-L7
No VM Tax
3rd Party
Hardware
Hypervisor &
Southbound
Device Integration
Cisco Confidential
Widest device support
Broad Partner Ecosystem
Nexus 1000v
DC, Campus & WAN
Bare
Metal
WAN
Open
& MPLS Layer 4-7
Layer 4-7 Closed
Virtual OVSDB
Published Model for Any
Device
14
OPFLEX – A FLEXIBLE, EXTENSIBLE POLICY PROTOCOL
OPFLEX is a new extensible policy resolution
protocol designed for declarative management of
any datacenter infrastructure. Unlike legacy
protocols such as OVSDB, OPFLEX was
designed to offer:
•
Declarative resolution – Push + Pull API support
•
Abstract policies rather than device-specific
configuration
•
•
APIC
Policies
 Who can talk to whom
 What about
 Topology control
 Ops stuff
Opflex Agent
Opflex Agent
Opflex Agent
Opflex Agent
Opflex Proxy
Opflex
Agent
Opflex Agent
Opflex
Agent
Firewall
Hypervisor
Switch
ADC
Flexible, extensible definition of using XML / JSON
Support for any device – vswitch, physical switch,
network services, servers, etc.
Cisco Confidential
Legacy API
15
APPLICATION CENTRIC INFRASTRUCTURE
INVESTMENT PROTECTION
Nexus 9500
APIC
Nexus 9300 and 9500
Physical
Networking
Hypervisors
and Virtual
Networking
Compute
L4–L7
Services
Storage
Multi DC
WAN and Cloud
Nexus 7K
Nexus 2K
Cisco Confidential
Integrated
WAN Edge
16
Nexus 9000 Stand Alone Use Cases
NEXUS 9000 CUSTOMERS
STATUS: MARCH 2014
Customer
Industry
Customer
Segment
Data Center System
Integrator
Enterprise
Data Center Aggregation / Access
Mobile Media /
Advertising
Commercial
Data Center Core/Aggregation
Leading Web 2.0
Provider
MSDC
Data Center Core/Aggregation
County Government
Public Sector
Data Center Aggregation
Leading Hosting
Provider
SP
Data Center Access/Aggregation
Print Media
Commercial
Server Access
Technology –
Enterprise Software /
Hardware
Enterprise
Data Center Aggregation/Access
Technology –
Enterprise Software
Commercial
Data Center Aggregation/Access
Real Estate
Commercial
Data Center Core
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Modular
Fixed
Use Case
Cisco Confidential
18
USE CASE – TRADITIONAL ENTERPRISE – L2, L3
LEADING STORAGE VENDOR
Enterprise – L2, L3
Layer 2 & Layer 3
Large Engineering Data Center (2,000 racks)
Nexus OS / Stand Alone configuration
Nexus 9500& Nexus 9300
Workload mobility
Simplify the physical topology – move to Layer 3
Scale: 90k MAC, 60k v4 ARP, 30k v6 ND, 250
VPC
3 PODs @ 650 racks each -> moving to 2-tier
spine ACI over time
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
19
USE CASE – ENTERPRISE – L2, L3, & VXLAN
TECHNOLOGY ENTERPRISE SW/ HW
Layer 2 & Layer 3 / VXLAN
Enterprise – L2, L3, & VXLAN
Nexus OS / Stand Alone configuration
Nexus 9300
Workload mobility
Simplify the physical topology – move to Layer 3
Scaling over existing VLAN model
VLAN’s mapped to VXLAN VNID’s
Layer 2 tunnels moving to Layer 3
Multicast-based
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
20
USE CASE – MSDC – BROWNFIELD 9K / 3K
MSDC Use Case
2Tier & Existing 3-TIER DESIGNS
Nexus OS / Stand Alone configuration
Nexus 9300 and Nexus 3000
Code alignment
Patching / Programmability / BGP
DC Core
9508
40G Wire Speed
DC PODs
Nexus 3000
 40G and 1/10G Leaf and Server Access
OSPF
 Layer 3 ECMP
1000’s of Leaf nodes (40G & 1/10G)
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
21
USE CASE – CLOUD & MANAGED HOSTING
Cloud & Managed Hosting
NXOS Configuration
Nexus 9508
Nexus 9300
APPLICATION CENTRIC INFRASTRUCTURE
APIC
Cloud VM’s and Managed Hosting
OpenStack Orchestration to NX API
Physical Servers and VM’s on same tenant
VXLAN Gateway Support
Xen Servers
Tenant
Hosting
Physical
Servers
Xen Servers
Xen OVS on Hypervisor
VLAN’s on 9300 – ACI / VXLAN to VLAN
Large Multi-tenant hosting – 1000’s of tenants
Varied tenant sizes – Few to hundreds of VM’s
ACL’s / Services mapped to policy model
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
22
USE CASE – ACI CLOUD HOSTING
May 2014
Production Target
Nexus
9500
leaf 1
N93128
leaf 2
N93128
leaf 3
N93128
leaf 5
N9396
leaf 4
N93128
leaf 6
N9396
Cloud Use Case:
Cloud Stack
Xen Servers
Xen OVS
EPG as a VLAN
 1000 EPG’s & BD’s – Tenants
15 vPC
N5596T-1
15 vPC
APIC
APIC
APIC
XEN Servers
Orchestration
Servers
XEN Servers
N5596T-2
IXIA
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
UCS
VM’s &
Servers
IXIA
Nexus 5k – Downstream switch
 VPC pairs
 Each VPC trunked >75 VLAN’s
IXIA
Simulated MAC’s for end points
Script enabled CloudStack : APIC
Align VM placement & EPG
Cisco Confidential
23
NEXUS 9000 MOMENTUM
CISCO’S FASTEST 40G
SWITCH/ ROUTER
ACI ECOSYSTEM UPDATE
NEW PARTNERS
CERTIFICATIONS/
SOLUTIONS
April’14
April’14
Cisco VMDC
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
24
TOMORROW STARTS HERE
© 2014 Cisco and/or its affiliates. All rights reserved.