Network Virtualization
* C progarmming language is often used to program the firmware that accesses the hardware.
* C progarmming language is often used to program the firmware that accesses the hardware.
* The use of virtualization normally includes redundancy to protect from a single point of failure.
* The use of virtualization normally includes redundancy to protect from a single point of failure.
* difference between the operation of localized control on a layer 3 switch and a centralized controller is the end follows.
* difference between the operation of localized control on a layer 3 switch and a centralized controller is the end follows.
* hypervisors are free however some hypervisors offer more advanced features for a fee.
* hypervisors are free however some hypervisors offer more advanced features for a fee.
SDN controller
defines the data flows between the centralized control plane and the data planes on individual routers and switches.
API
is a standardized definition of the proper way for an application to request services from another application. -is a set of standard request
OpenFlow
is a widely implemented southbound API.
Layer 3 Switch and CEF: CEF (cisco express forwarding)
is an advanced layer 3 IP switching technology that enables forwarding of packets to occur at the data plane without consulting the control plane.
Application Policy Infrastructure Controller (APIC)
is considered as the brains of the ACI architecture
APIC
is positioned between the APN and ACI-enabled network infrastructure.
Control Plane and Data Plane: Management plane
is responsible for managing a device through its connection to the network
SDN controller
it orchestrates or mediates and facilitates communication between application and the network elements
SDN
management of the control is moved to a centralized SDN controller.
Other Components
other components includes Interface to the Routing System (I2RS), Transparent Interconnection of Lots of Links (TRILL), Cisco FabricPath (FP), and IEEE 802.1 aq Shortest Path Bridging (SPB).
Cisco ACI
simplifies the way data center networks are created.
Traditional and SDN Architectures
the control plane and data plane functions occurs in the same device.
Cisco Nexus 9000 Series switches
these switches provide an applicable -aware switching fabric and work with an APIC to manage the virtual and physical network infrastructure.
OpenStack
this approach is a virtualization and orchestration platform designed to build scalable cloud environments and provide an IAAS
OpenFlow
this protocol is a basic element in building SDN solutions.
Flow Table
this table matches incoming packets to a particular flow and specifies the functions that are to be performed on the packets. -there may be multiple flow tables that operate in a pipeline fashion.
Meter Table
this table triggers a variety of performance-related actions on a flow including the ability to rate-limit the traffic.
APIC
translates the applicable requirements into a network configuration to meet those needs.
Controller-based SDN
uses a centralized controller that has knowledge of all devices in network.
SDN controller
uses northbound APIs to communicate with the upstream applications, helping network administrators shape and deploy services.
SDN controller
uses southbound APIs to define the behavior of the data planes on downstream switches and routers.
Cisco ACI
very few organizations actually have the desire or skill to program the network using sdn tools.
OpenFlow
was developed at the stanfordv university to manage traffic between routers, switches, wireless access points and the controller.
*how is the network virtualized? the answer is found on how a networking device operates using a data plane and control pane.
*how is the network virtualized? the answer is found on how a networking device operates using a data plane and control pane.
Software-Defined Network (SDN)
- a network architecture that virtualizes the network, offering new approach to network administration and management that seeks to simplify and streamline the administration process.
Cisco Application Centric Infrastructure (ACI)
- a purpose-built hardware solution for integrating cloud computing and data center management.
Data plane
- also called the forwarding plane this plane is typically in the switch fabric connecting the various network ports on a device. - the data plane of each device is used to forward traffic flows
The Complexity of Network Virtualization
- another problem is that traffic flows differ substantially from the traditional client server model so typically a data center has a considerable amount of traffic being exchanged between virtual servers such as the UCL servers. -dynamic ever-changing traffic requires a flexible approach on network resource management okay so existing network infrastructure can respond to changing requirements related to the management of traffic flows by using the quality of service or QOS, and security level configurations for individual flaws.
Private clouds
- are intended for specific organization or entity, such as the government. - your private cloud can set up using the organization's private network so through this can be expensive to build and maintain. - private cloud can also be managed by an outside organization with strict access security
Public clouds
- cloud-based applications and services offered in public cloud that are made available to the general population so services may be free or are offered on a pay-per-use model such as paying for online storage - uses the internet to provide services
Type 1 Hypervisor
- improves scalability, performance and robustness. - type 1 hypervisors require a management console to manage the hypervisor so management software is used to manage multiple servers using the same hypervisor so the management console can automatically consolidate servers and power on and off servers as required.
Control plane
- information sent to the control plane is processed by the cpu.
Cloud Computing
- involves large numbers of computers connected to a network that can be physically accessed anywhere. - can reduce operational costs by using resources efficiently.
Hypervisor
- is a program or, firmware, or hardware that adds an abstraction layer on top of the physical hardware
SDN and Central Controller: SDN
- is basically the separation of the control plane and data plane. -the control plane function is removed from each device and is performed by a centralized controller
Community clouds
- is created for exclusive use by a specific community - the differences between public clouds and community clouds are the functional needs that have been customized for the community for example healthcare organization must remain compliant with policies and laws example the HIPAA (that requires special authentication and confidentiality.
Type 1 Hypervisor (bare metal)
- is installed directly on the server or network hardware then instances of an operating systems are installed on the hypervisor. - more efficient than hosted architectures (type 2 hypervisor)
Hybrid clouds
- is made up of two or more clouds example part private and part public, where each part remains a separate object but both are connected using a single architecture - individuals on a hybrid cloud would be able to decree or to have degrees of access okay so to vary services based on the user access rights
Type-2 hypervisors
- is software that creates and runs virtual machine instances so the computer on which a hypervisor is supporting one or more VMs, is a host machine. - are also called "hosted hypervisors", this is because the hypervisor is installed on top of the existing operating systems such as mac os, windows or linux then one or more additional os instances are installed on top of the hypervisor.
Virtualization
- is the foundation of cloud computing without it cloud computing as it is most widely implemented would not be possible so virtualization separates the operating systems or os from the hardware
Abstraction layer
- is used to create a virtual machines which have access to all the hardware of the physical machines such as cpus, memory disk controllers and network interface cards.
Abstraction layer
- it helps to use layers of obstruction in computer architecture.
Software as a Service (SaaS)
- responsible for access to application and services such as email, communication and office 365 that are delivered over the internet so the user does not manage any aspect of the cloud service except for limited user specific application settings so the user only needs to provide their data
Infrastructure as a Service (Iaas)
- responsible for giving IT managers access to network equipment virtualized network services and supporting network infructure. So using this service allows IT managers to deploy and run software code which can include operating systems and application.
Platform as a Service (PaaS)
- responsible for providing user access to the development tools and services used to deliver the applications the users are typically programmers and may have control over the configuration settings of the cloud provider's application hosting environment.
Data plane
- routers and switches use information from the control plane to forward incoming traffic out of the appropriate egress interfaces -information in the data plane is typically processed by special data plane processor without the cpu getting involved.
server Virtualization
- takes advantage of idle resources and consolidates the number of required servers so this also allows for multiple operating systems to exist on a single hardware platform.
Server sprawl
- this servers wasted energy and took up more space than was warranted by the amount of service provided.
Data center
- typically an off premise or a data storage and processing facility run by an in-house id department or list offsite. - are the physical facilities that provide the computer network and storage needs of cloud computing services
Control plane
- typically the brains of a device. - it is used to make forwarding decisions the control plane contains layer 2 and layer 3 route mechanisms such as routing protocol neighbor tables and topology tables, ipb4 and ipv6 routing tables, stp and the arp table.
Cloud computing
- typically this is an off-premise service that offers an on-demand access to a shared pool of configurable computing resources so these resources can be rapidly provisioned and released with minimal management effort. - use data centers to host their cloud services and cloud-based resources.
Virtualization
- various providers offer virtual cloud services that can dynamically provision servers as required for example amazon web services or AWS provides a simple way for customers to dynamically provision the computer resources they need. -these virtualized instances of servers are created on demand.
Type 2 hypervisor
- very popular with consumers for organizations, experimenting with virtualization. - common type to hypervisor includes virtual pc or the vmware workstation.
Management plane
-Network administrators and systems administrators use the application such as secure shell (SSH), Trivial File Transfer Protocol (TFTP), Secure Hypertext Transfer Protocol (HTTPS) to access the management plane configure a device.
Cisco ACI
-is a hardware solution for integrating cloud computing and data center management. -at a high level, the policy element of the network is removed from the data plane.
The Complexity of Network Virtualization
-server virtualization hides server resources such as the number and identity of physical servers processors and OSS from server users. So this practice can create problems if the data center is using traditional network architectures. - VMs are movable and the network administrator must be able to add drop or change network resources and profiles so this process would be manual and time consuming with additional network switches.
SDN
-the centralized controller communicates control plane functions to each device. - each device can now focus on forwarding data while the centralized controller manages data flow, increases security and provides other services.
The Complexity of Network Virtualization
-the network infrastructure can also benefit from virtualization. Network functions can be virtualized each network device can be segmented into multiple virtual devices that operate as independent devices examples includes sub-interfaces virtual interfaces vlans and routing tables. Virtualized routing is called "virtual routing" and "forwarding (VRF)."
Abstraction layers: CPU, Memory, NIC Disk Firmware (ROM) Os Services like web mail and file services
Abstraction layers: CPU, Memory, NIC Disk Firmware (ROM) Os Services like web mail and file services
Additional benefits of Virtualization -easier prototyping - faster server provisioning - increased server uptime - improved disaster recovery - legacy support
Additional benefits of Virtualization -easier prototyping - faster server provisioning - increased server uptime - improved disaster recovery - legacy support
Advantages of Virtualization: -reduced cost -less equipment is required (virtualization enables server consolidation which requires fewer physical servers, fewer networking devices and less supporting infrastructure so it means lower maintenance cost) -less energy is consumed (consolidating servers lowers the monthly power and cooling costs so reduced consumption helps enterprises to achieve a smaller carbon footprint) - less space is required (server consolidation with virtualization reduces the overall footprint of the data center so fewer servers network devices and racks reduce the amount of the required floor spaces)
Advantages of Virtualization: -reduced cost -less equipment is required (virtualization enables server consolidation which requires fewer physical servers, fewer networking devices and less supporting infrastructure so it means lower maintenance cost) -less energy is consumed (consolidating servers lowers the monthly power and cooling costs so reduced consumption helps enterprises to achieve a smaller carbon footprint) - less space is required (server consolidation with virtualization reduces the overall footprint of the data center so fewer servers network devices and racks reduce the amount of the required floor spaces)
Cloud Computing addressed many data management issues: - it enables access to organizational data anywhere at any time. - Streamlines the organization's IT operations by subscribing only to needed services. - eliminates or reduces the need for onsite IT equipment, maintenance, and management. -reduces cost for equipment, energy, physical plant requirements, and personnel training needs. - enables rapid responses to increasing data volume requirements.
Cloud Computing addressed many data management issues: - it enables access to organizational data anywhere at any time. - Streamlines the organization's IT operations by subscribing only to needed services. - eliminates or reduces the need for onsite IT equipment, maintenance, and management. -reduces cost for equipment, energy, physical plant requirements, and personnel training needs. - enables rapid responses to increasing data volume requirements.
Cloud Models : Public clouds Private clouds Hybrid clouds Community clouds
Cloud Models : Public clouds Private clouds Hybrid clouds Community clouds
Cloud computing with its pay as you go model allows organization to trip computing and storage expenses more as utility rather than investing in the infrastructure so capital expenditures are transformed into operating expenditure.
Cloud computing with its pay as you go model allows organization to trip computing and storage expenses more as utility rather than investing in the infrastructure so capital expenditures are transformed into operating expenditure.
Cloud services (Cloud provider) : -Software as a Service (SaaS) -Platform as a Service (PaaS) -Infrastructure as a Service (Iaas)
Cloud services (Cloud provider) : -Software as a Service (SaaS) -Platform as a Service (PaaS) -Infrastructure as a Service (Iaas)
Cloude service providers have extended this model to also provide IT support for each of the cloud computing service (ITaaS). For businesses, ITaaS can extend the capability of the network without requiring investment in new infrastructure, training new personnel, or licensing new software.
Cloude service providers have extended this model to also provide IT support for each of the cloud computing service (ITaaS). For businesses, ITaaS can extend the capability of the network without requiring investment in new infrastructure, training new personnel, or licensing new software.
Components of the sdn: OpenFlow OpenStack Other components
Components of the sdn: OpenFlow OpenStack Other components
Dedicated Servers: Server sprawl server Virtualization Hypervisor Abstraction layer
Dedicated Servers: Server sprawl server Virtualization Hypervisor Abstraction layer
OpenStack
IS OFTEN USED WITH Cisco ACI -Orchestration in networking is the process of automating the provision of network components such as servers, storage, switches, routers, and applications.
SDN Controller and Operations if the controller allows a flow it computes a route for the flow to take and add an entry for that flow in each of the switches along the path so all complex functions are performed by the controller
SDN Controller and Operations if the controller allows a flow it computes a route for the flow to take and add an entry for that flow in each of the switches along the path so all complex functions are performed by the controller
SDN Controller and Operations within each switch, a series of tables implemented in hardware and firmware are used to manage the flow of packets through the switch.
SDN Controller and Operations within each switch, a series of tables implemented in hardware and firmware are used to manage the flow of packets through the switch.
SDN Types: Device-based SDN Controller-based SDN Policy-based SDN
SDN Types: Device-based SDN Controller-based SDN Policy-based SDN
Network Virtualization Technologies Two major network architectures have been developed to support network virtualization: -Software-Defined Network (SDN) -Cisco Application Centric Infrastructure (ACI)
Network Virtualization Technologies Two major network architectures have been developed to support network virtualization: -Software-Defined Network (SDN) -Cisco Application Centric Infrastructure (ACI)
Traditional and SDN Architectures
Routing decisions and packet forwarding are the responsibility of the device in the operating system.
SDN Controller and Operations -the controller populates flow tables -switches manage the flow tables
SDN Controller and Operations -the controller populates flow tables -switches manage the flow tables
SDN Controller and Operations OpenFlow protocols uses Transport Layer Security (TLS) to securely send control plane communications over the network so each open flow switch connects to other open flow switches they can also connect to the end user devices.
SDN Controller and Operations OpenFlow protocols uses Transport Layer Security (TLS) to securely send control plane communications over the network so each open flow switch connects to other open flow switches they can also connect to the end user devices.
SDN Controller and Operations each flow traveling through the network must first get permission from the sdn controller, which verifies that the communication is permissible according to the network policy.
SDN Controller and Operations each flow traveling through the network must first get permission from the sdn controller, which verifies that the communication is permissible according to the network policy.
Device-based SDN
are programmable applications running on the device itself or on a server in the network.
Type 2 hypervisor
called "hosted hypervisors"
Software-Defined Networking A network device contains the following planes: -Control plane -Data plane
Software-Defined Networking A network device contains the following planes: -Control plane -Data plane
Spine-Leaf Topology compared to SDN, the APIC controller does not manipulate the data path directly. And instead the APIC centralizes the policy definition and programs the leaf switches to forward traffic based on the defined policy.
Spine-Leaf Topology compared to SDN, the APIC controller does not manipulate the data path directly. And instead the APIC centralizes the policy definition and programs the leaf switches to forward traffic based on the defined policy.
The Complexity of Network Virtualization
called "virtual routing" and "forwarding (VRF)."
Controller-based SDN
The application can interface with the controller responsible for managing devices and manipulating traffic flows throughout the network.
Network administrator
can deploy a variety of services from the AWS management console including virtual machines web applications, virtual servers and connections to IOT devices.
SDN controller
communicates and OpenFlow compatible switches using the openFlow protocols
These services are available on demand and delivered ecenomically to any device anywhere in th world without compromising security or function.
These services are available on demand and delivered ecenomically to any device anywhere in th world without compromising security or function.
Three core components of ACI architecture: -Application Network Profile (ANP) -Application Policy Infrastructure Controller (APIC) -Cisco Nexus 9000 Series switches
Three core components of ACI architecture: -Application Network Profile (ANP) -Application Policy Infrastructure Controller (APIC) -Cisco Nexus 9000 Series switches
Three table types shown in the previous figure are as follows: -Flow Table -Group Table -Mater Table
Three table types shown in the previous figure are as follows: -Flow Table -Group Table -Mater Table
Application Policy Infrastructure Controller (APIC)
a centralized software controller that manages and operates a scalable ACI clustered fabric. It is designed for programmability and centralized management. It translates application policies into network programming. -is often much more complex
Application Network Profile (ANP)
a collection of end-group(EPG), their connections, and the policies that defines those connections.
Switch
a flow is a sequence of packets that matches a specific entry in a flow table.
Group Table
a flow table may direct a flow to a Group Table, which may trigger a variety of actions that affect one or more flows.
SDN controller
a logical entity that enables network administrators to manage and dictate how the data plane of switches and routers should handle network traffic.
cisco application policy infrastructure controller - enterprise module (APIC-EM)
aimed at enterprise and campus deployments
Virtual Network Infrastructure: Type 1 Hypervisor
also called as "bare metal"
Type 1 Hypervisor
also called as "bare metal" approach because the hypervisor is installed directly on the hardware so type 1 hypervisors are usually used on enterprise servers and data center networking devices