Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

The Path to Programmable Networks

Truman Boyes on Software Defined Networks, Traditional Protocols, and the convergence point.
by

Truman Boyes

on 17 September 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of The Path to Programmable Networks

Truman Boyes / Bloomberg LP
The Path to Programmable Networks
Overview
Scalable Data Centers
Overlays and Simplicity
Adoption of SDN in the Enterprise
Service Provider Network: IP/MPLS, Data Centers, Multicast, 20k+ CEs, presence in over 100 countries.
Content: Market Data, Video, Mobile/Internet, Applications, Radio, Communications, multi-tenancy.
Cloud and Networking are forging ahead, to accommodate natural pooling of resources.
Rapid service creation is essential; autonomic and automatic.
2500+ Developers writing apps and code.
New Thoughts
Natural Pooling is essential.
Why are we thinking in /24s and VLANs?
Why are we grouping security postures in subnets?
What about L2 Attacks?
IP DC removes the baggage: no STP, no VTP/VDP, etc. Just IP routing with ECMP for transport. Add membership on overlay.
NFV functions should be as distributed as possible versus path steered. Topic for discussion...
Video object serving and grouping across all geographies. Virtual machines able to be moved, cloned, etc.
Service Addresses and VM addresses are decoupled.
Things can fail! Support ChaosMonkeys!
Ships in the Night Cause Fright!
Onboarding/Offboarding with MP-BGP or good mux model.
Well Defined Networking
Clearly Articulated, Understood, and Taught
The Catalysts
Lot's of new things happening as once.
Important to understand your team's current capabilities and what you will ask of everyone across the organization. Beyond the product comes the troubleshooting and management.
Find niche places where products can be introduced without affecting all production traffic.
Enable new technologies and solve problems.
Bloomberg and Data
Make it simple.
Open Protocols. (there are still bugs in most stacks, need simple flexible protocols)
Connect hybrid clouds to physical big iron equipment connected to virtual networks. Multi-linguistic.
OpenStack: nova-networking and neutron as a starting point.
Distributed firewalls.
Virtual FW's are *no* different than real FWs
We need to distribute the function to scale.
Less bottlenecks and unnatural flows.
Support grouping of compute resources in any location: cross DC, cross site, etc
Deterministic forwarding in special purpose networks and functions.
Do one thing very well; when regular protocols are not cut for the job.
Simplify the network and automate tasks.
Increase capabilities in security in virtual environments, allow for self provisioning and best of all: RAPID PROTOTYPING.
Time to Market
Less people involved, less errors, and full visibility of service across domains.
Published specifications; APIs, multiple languages can allow for a new "Lingua-Franca" in networking. It's good to speak more [languages,protocols].
Be wary of black boxes; they bring mystery.
We can find "mechanics" that understand today's problems; but we need to invest in new "engineers" to build the new network. (ie. Overlays vs Transport)
The life of a packet should be explained in a paragraph; no more, no less.
Beyond VLANs; properly built networks that support high change, low touch.
MVRP to start without controllers; orchestration of VM membership is simple.
IP DC, IP reachability between hypervisors.
Interested in VXLAN termination in ToR to facilitate hw performance, onboard and offboard of traffic cloud.
Scale: Software and networking level.
OCP 3.0 (roll in a rack with networking)
Zero Touch Provision (PXE boot or chef/puppet/Ansible config underlay)
IP Storage: Integrated Network Storage as part of compute. CEPH / CINDER with OpenStack.
10GE to start. 40GE when we can.
Dedicated Storage nodes as well with 40GE LAN.
Development
The Next Steps
We want flexible topologies, automation, performance efficiency, and understandable.
DCI and onboarding/offboarding.
Multi Platform, Multi Architecture.
ARM/x86/PPC64
VMX/LXC/user space networking
Will ToRs play a role in underlay for gateway?
In Service Chaining multiple services, how do we route around service failure in chain?
1:1 NAT NFv function in OpenStack, need a better tool than security groups
How much of the solution in Overlay do we want to consume from a single source?
We want best of breed components.
Efficiencies
High compute loads
High memory processes
Client Software can route users to applications
Currently we live in an Active/Active database model, but in the future we need to support more actives.
Localize network and ancillary services (ie. DNS)
Need better pooling of jobs across infrastructure.
At Least 3 Clouds
Public Internet Cloud
Bloomberg.Com, Businessweek, Mobile Apps
Production (BLP applications)
Development
Self-serve IaaS
Also trying PaaS for some frameworks
Intention is security posture and able to fit within the organization structure.
Services to Consume
Firewall, NAT, DPI at edge.
No Handbags in Networking
Are virtual firewalls really routers?
Yikes! I will keep my TTL thanks!
DNS in POD, then anycast'd out to other PODs
Linux has issues in more than 2 servers in /etc/resolv.conf
Simple load balancing is worth exploring.
Topology of PODs
Today: Using fabric technologies
Already looking for more open underlay
Each ToR has uplinks to routing layer
Folded-CLOS for core. DCI multihomed to aggregation layer.
DCI: L3VPN today for transport. Will consider VXLAN overlay across DCI, or VPNoGRE.
Virtual CE
Today we bolt CE's to appliances -- *LITERALLY*
We want to package up new virtual routers with new features, and copy to appliances.
Challenges with virtual CEs; how to manage underlay-OS via vRouter?
Good routing stack and NFV (policy NAT, firewall, and other stuff we dream up)
View Over and Under
Assume .05% packet loss on ECMP member link. How do I know which link?
You can't just put focus on cheap IP transport, you need good visibility.
Overlay would never show you this.
IP Storage
Forget RAID. Entire RAID array or POD can fail.
I want network level resiliency to mirror data resiliency.
CEPH for object and block device storage.
Developers to start using object storage
Copy on write for rapid booting of block device. (ie. clone 50 machines, and start now)
Dedicated 10GE, but might LAG
Mobility of VMs
Non-scalable apps caused our pain.
Long lived machines vs. Short Lived.
Long lived require:
ARP Proxy/RA/ND tweaking.
ARP localization
OTV, VPLS, etc.
Or just de-aggregate routing. /32's and /128s are not that bad inside.
Floating-IPs already help mobility. Do you really care about the IP of a machine?
How we build networks
Home-built multi-vendor CLI/NETCONF parsing and configurations.
The Network IS the Database
Security teams manage mostly L1/L2 firewalls. Bump in wire.
Cloud Fabric are simple. Will be easy to move to IP DC.
Just need hypervisor and POD BR (DCI) to be automated.
How to Consume
Licensing Models for NfV and Overlay
Development needs to be almost unbounded, and site licensed.
Consumption model, pay as you go, makes sense to prevent issues in pooling.
Don't want blocks of 1000 VNDs, sessions, or NAT entries. Needs to be fluid.
Each component needs clear demarcation
Can replace virtual switches, virtual routers, and OSS systems.
More Steps
NM Cloud
Virtualization that needs to reach all networks.
Each machine has simple networking
Network can provide vector reachability
VPNoGRE or MP-BGP native is required to get into our VPNs and manage them.
Video optimization functions
Network TAP'ing any vNIC and send traffic to analyzers around the world.
Full transcript