Wednesday, April 2, 2014

Cisco's OpFlex Protocol Offers Distributed Policy Control for SDN

Cisco introduced OpFlex - a new networking protocol designed to open up its vision of Application Centric Infrastructure (ACI) in the data center for automated applications and interoperability with other software-defined networking (SDN) elements.


OpFlex is a southbound protocol that is co-authored by Citrix, IBM, Microsoft, and Sungard Availability Services. It provides a mechanism that enables a network controller to transfer abstract policy to a set of “smart” devices capable of directly rendering rich network policy on the device.  OpFlex will enable leading hypervisors, switches and network services (layer 4-layer 7) to self-configure driven by application policy.

Cisco is submitting to the IETF for standardization. It is also an open source Contribution that Cisco is making to OpenDaylight in partnership with IBM, Plexxi and Midokura.  Other companies that are supporting OpFlex include Microsoft, RedHat, F5, Citrix, Canonical, and Embrane.  Hypervisor and software vendors will support OpFlex-enabled virtual switches and extend the Cisco ACI policy framework in their virtual environments. Network services vendors like Avi Networks, Citrix, Embrane, and F5 Networks will be shipping an OpFlex agent with their appliances.

In addition, Cisco is working with OpenDaylight to create a 100 percent open source, ACI-compatible policy model and OpFlex reference architecture.

Compared to the current SDN model, Cisco said its Application Centric Infrastructure avoids the scalability/resiliency challenge of having a single SDN controller managing the state of the network. Its ACI approach is to distribute complexity to the edges and operate disconnected from a central policy manager.  It also would not require application developers to describe their requirements with low level constructs.

Cisco is planning to support the OpFlex Protocol on the following Cisco products:

  • Cisco Application Centric Infrastructure, Nexus 9000 Series
  • Cisco Nexus 1000V
  • Cisco ASR 9000 Series
  • Cisco Nexus 7000 Series
  • Cisco ASA
  • Cisco SourceFire

http://www.cisco.com

In January, as part of its recently launched Application Centric Infrastructure (ACI) initiative, Cisco introduced an Application Policy Infrastructure Controller (APIC) Enterprise Module for extending
high-performing applications from the data center to wide-area networks (WAN) and local access networks (LAN). The goal is to provide enterprises with complete visibility into their networks, automating network and policy configuration while managing applications across the WAN and access networks.

The Cisco APIC serves as the single point of automation and fabric element management in
both physical and virtual environments.

The Cisco APIC Enterprise Module is constructed of three elements: a consolidated network information database, policy infrastructure and automation.

To address security concerns, Cisco APIC automates network-wide rapid threat detection and mitigation by integrating and automating Cisco Sourcefire  security solutions.  For compliance management across branches and headquarters, Cisco APIC also provides network-wide Quality of Service (QoS), and accelerates Intelligent WAN (IWAN) deployments. It can also be used with third-party solutions to provide an end-to-end WAN orchestration and management.

In November 2013, Cisco unveiled its Application Centric Infrastructure for data centers and clouds. ACI is a step beyond virtualization and software-defined networks (SDN), said Chambers, because it brings agility and automation with full visibility and integrated management of both physical and virtual networked IT resources at the system, tenant, and application levels.  The architecture promises a pay-as-you-grow mode scaling to over 100,000 switch ports and capable of supporting more than one million IP end points in a data center spine with 60 Tbps capacity.  A key premise is that the network should adapt to application requirements through dynamic insertion and chaining of physical and virtual L4-7 network services including firewalls, application delivery controllers, and intrusion detection systems.  The new architecture is designed for multi-tenant cloud environments by providing real-time view of per tenant and per application health, statistics, and troubleshooting.  Real-time analytics will be used to drive intelligent application placement decisions.

The foundation for ACI is an Application Policy Infrastructure Controller (APIC), enhanced versions of the NX-OS data center switching operating system, and a new line of Nexus 9000 data center switches based on technology from Insieme Networks, the Cisco spin-in start-up that is being acquired and re-integrated into the company.

The Cisco APIC is a centralized clustered controller that is responsible for tasks ranging from fabric activation, maintenance of switch firmware, network policy configuration and instantiation. Cisco APIC is
completely removed from the data path.  The APIC exposes a northbound API through XML and JSON and provides both a command-line interface (CLI) and GUI that use this API to manage the
fabric. It will be delivered as an appliance.

The new Nexus 9000 platforms will be able to run both optimized NX-OS and an ACI-mode of NX-OS via the addition of APIC.  Cisco said this dual capability provides investment protection and a migration path to ACI though a software upgrade.

The new switches will use custom ASICs for scalable and merchant silicon for addressing time to market issues.  Cisco said its platforms will support 1/10/40G ports with support for future 100G transitions in existing and next generation data centers.  Another innovation in the Nexus 9000 portfolio is a backplane-free modular switch design that promises more efficient power and cooling.  Both the Cisco Nexus 9500 and 9300 platforms support VXLAN and NVGRE bridging and routing functions in hardware.

0 comments:

Post a Comment

Videos

Loading...