Upload
lammien
View
227
Download
0
Embed Size (px)
Citation preview
主題:博科資料中心與New IP發展與解決方案
公司名稱:Brocade
主講人:陳弘治(技術顧問)
2
94 19
16 million Internet Users
3
94 19 16 million Internet Users 2700
websites
4
94 19 16 million Internet Users 2700
websites
<100 million mobile devices
5
1998 Google founded
6
2005 YouTube founded
7
2007 First iPhone
8
2014 3 billion searches a day
3 million Years to watch all
video stored on IP
networks
2 billion Internet Users
1 billion websites
7 billion mobile devices
9
Everything has
changed…
10
But the Network Hasn’t…
static proprietary hardware-centric
vendor-driven high capex and opex
11 © 2014 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION
SDN
NFV “THE NEW IP” THE NETWORK FOR THE THIRD PLATFORM
THE NEW IP: SHIFTING THE CONVERSATION
“The NEW IP” = NETWORK FOR
THE 3RD PLATFORM
ARCH COMPUTE NETWORK
Open Virtualized SW-driven
Mobile Cloud-based
SCALE
Billions/ Trillions
IP, LAN/WAN Proprietary
Stds influenced HW- driven
Client/Server PCs
Millions
Systems Network Architecture (SNA)
Closed Highly proprietary
Mainframe Systems
Thousands
Social
Sources: IDC,
12
THE NEW IP: DEFINITION
Open and Open-Sourced
Ecosystem Centric
Network-Level Intelligence
Innovation Platform
Dynamic and Automated
THE
NEW IP = Value moves from hardware system to software system Datacenter moves from back office to front door The data center is distributed and without walls. It is the network, and the network is the data center. The network is applications aware, applications ask for the network they need
14
The Enabling Technologies for
The New IP Brocade Strategy: Optimized to Lead the Transformation
Physical Infrastructure
Ethernet Fabric, L3 Router, Fibre Channel SAN
Virtualization
NV: OpenFlow,
Applications
Control OpenDaylight
OpenStack
Management and Orchestration
Service Chaining, Network Analytics, Traffic Engineering, etc.
Vyatta vADC
MLXe
VxLAN/NVGRE/STT
NFV: vRouting, vADX
Management and Orchestration Platform
Application
Network Controller Server Controller Storage Controller
Network Function Virtualization Server
Virtualization Storage
Virtualization Network Function Virtualization
Network Compute Storage
Brocade Vyatta
Controller
• Price/performance leader in IP networks
• Powering 90% of Internet Exchange Points
• 15,000+ customers worldwide
15
Acquired Foundry 2008
• Data center networking experts
• Storage networking pioneer and leader
• 70% SAN market share
Why Brocade • 過去
– 技術領先 No. 1 IP & SAN
• 現在 – 持續每年約20% 利潤續投 R&D
– DCB/FCoE Product Readiness
– VCS Technology
• Future – SDN Readiness
OTHERS
$920M
BROCADE
INDUSTRY ANALYST VALIDATION
Brocade is #2 in Data Center Networking
–IDC, 2013
CISCO
$1.4B
$5.6B
17
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 18
Brocade Product Portfolio
Brocade Network Advisor
Lay
er 2
–3
Serv
ice
Pro
vid
er
Software Networking
Cam
pu
s LA
N
Brocade ICX 6430/6450
Brocade FastIron SX Series
Brocade MLXe Series
Dat
a C
ente
r SA
N
Fibre Channel
Brocade Blade Server Switches
Brocade 7840 Switch
Brocade 7800 Extension Switch
Brocade 6510 Switch
FCOE10-24 Blade
FX8–24 Extension Blade
Laye
r 2
–3
Laye
r 4
–7
Dat
a C
ente
r LA
N
Ethernet/IP
Brocade ICX 7450
Brocade 300 Switch
FC16–32, –48, –64 Switch Blades
Brocade VDX 6740
Brocade DCX 8510 Backbones
Ch
assi
s
Fix
ed
Brocade ICX 6610
Brocade VDX Series
Brocade 6910 Ethernet Access Switch
Brocade NetIron CES/CER Series
Brocade ADX Series
Brocade ADX 1000 Brocade ADX 4000 Brocade ADX 10000
Brocade 6505 Switch
Brocade VDX 8770 Brocade MLXe Series
Traditional Ethernet Ethernet Fabric
Brocade ICX 7250
Brocade ICX 6650
Brocade Blade Server Switches
Brocade 6520 Switch
Brocade ICX 7750
Brocade ICX 7750
Brocade vADC
Brocade Vyatta
vRouter
Brocade Vyatta
Controller
End
-to
-En
d N
etw
ork
Man
agem
ent
Brocade ICX 7450
Brocade VDX 6940-36Q
Brocade ICX 7250
Brocade NFV Solution
Firewall
Network Functions Virtualization (NFV)
20 © 2014 Brocade Communications Systems, Inc. CONFIDENTIAL
SERVER VIRTUALIZATION
LAYER 2–7 NETWORK PLATFORMS
NETWORK FUNCTIONS
VPN Routing L4–7 ADC
Networking with the flexibility and economics of software
STANDARD x86 SERVER
HYPERVISOR
Firewall VPN
Brocade Networking Software Portfolio
21 © 2014 Brocade Communications Systems, Inc. CONFIDENTIAL
Comprehensive Layer 2–7 Services
Routing Layer 4–7 ADC
Brocade Vyatta vRouter Brocade vADC
Industry-Standard x86 Server
Hypervisor and Cloud Agnostic
On-Demand Resources at Scale
Brocade Virtual Router
22
FLEXIBLE DEPLOYMENT OPTIONS
RESTful JSON interface provides full control and programmability of the Virtual Router (router, Firewall, VPN) and software networking services VPN
IPSec, SSL
Router
OSPF, BGP
Firewall
Stateful, NAT Routing
Security
VPN
System Management
IP Services
Platforms
High Availability
IPv4, IPv6, Static, PBR, OSPF, RIP, BGP
IPv4, IPv6, Stateful Firewall, NAT
IPSec, SSL, Route-based, L2-bridging
CLI, RESTful API, GUI
SSH, DHCP, DNS, SNMP
VRRP, Stateful Failover, Config Sync
VMware, Xen, KVM, Hyper-V, x86
OR
Hypervisor x86 Server
Feature Highlights
Network 1 Network 2 Network 3
Early Virtualized DC deployments
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
VM VM
VM
VM VM VM VM VM VM
VM VM VM
VM VM VM VM VM
VM VM VM VM
VM VM
VM
Network 1 Network 2 Network 3
Empowering Virtualized DC
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
vSwitch
VM VM
VM
VM VM VM
VM VM VM
VM VM VM VM VM
VM VM VM VM
VM VM
VM
Vyatta Software Routers keep traffic local
Deploy additional routers under orchestration control
Use Case: Expedite Hybrid Cloud Adoption
25
• Scalable VPN services – Office to VPC or VPC to VPC
– User access
– IPSEC or SSL
• Stateful Firewall with NAT
• Advanced routing – BGP, OSPF – Full mesh topologies
– High availability architectures
– Compatible with legacy networks
• Available in Amazon Marketplace, Rackspace, SoftLayer
SoftLayer Virtual
Private Cloud (VPC)
Rackspace Private
Cloud (VPC)
Amazon Virtual Private
Cloud (VPC)
Customer Data Center
Use Case : Expedite Hybrid Cloud Adoption
© 2014 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 26
• Simple and secure VPN services between data centers and cloud providers
• Enables Cloud expansion
• Cloud Bursting with vADC
Virtual Environment
Physical Environment
VPC Internet Gateway
On-Premise Data Center Cloud Environment
Private or Public
Cloud Bridging VPN
Internet
HYPERVISOR
Internet
Internet
Internet
Internet
Internet
The SteelApp Portfolio Delivering ADC-as-a-Service
A Comprehensive Approach To Application Delivery – Software/Virtual Appliance/Cloud/Micro Instance
Traffic Manager
• Load Balancer / Traffic Manager / ADC
• Provides reliability, availability, security, and more
Web App Firewall
• Application Aware Firewall
• Defends your applications against threats
Services Controller
• Elastic and adaptive services controller
• Automates the deployment, licensing, provisioning & metering of ADC services
Web Accelerator
• Website Acceleration
• Reduces page load time and cuts bandwidth
Scale-out Scale-out
Application Acceleration Reduce costs, improve application performance (vADC + Ethernet Fabrics)
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 28
vADC
Deploy VDX/VCS SDN-ready switches to create
flatter network architecture
Replace appliance-based application load balancers with Brocade SteelApp
Enable SteelApp Features: • Traffic Manager • Web Accelerator • Web Application FW • Services Controller
Revolutionary Results • Increase application
performance • Increase WAN efficiency • Reduce OpEx cost • Customer results:
• Cut server usage up to 50% • Cut response time up to 50%
vADC vADC vADC
Use Case : Global Load Balancing
Backup site
Wide-area - Global load balancing (traffic directed across multiple locations)
Support Center
• Direct traffic to nearest data center • Redirect to recover from service outages • Service Assurance even across cloud boundaries
INTERNET
Datacenter-In-A-Box
With NFV you can add, change or remove network
devices in software or virtualize an entire DC
Leader in software networking Founded in 2006 on the belief that the
future of networking is software
© 2013 Brocade Communications Systems, Inc. Company Proprietary Information 31
Ethernet Fabrics:
Brocade VCS Technology
Brocade Virtual Cluster Switching (VCS)
• First data center Ethernet fabric
• No Spanning Tree Protocol
• Multi-path, deterministic
• Auto-healing, non-disruptive
• Lossless, low latency
• Built for convergence
NAS iSCSI FCoE
ETHERNET FABRIC
DISTRIBUTED INTELLIGENCE LOGICAL CHASSIS
Adding Capacity with Ethernet Fabrics Automatic Fabric Creation and Expansion
Automatic Trunk Creation
30GbE DCB Trunk (3x10GbE)
10GbE DCB Link
20GbE DCB Trunk (2x10GbE)
© 2012 Brocade Communications Systems, Inc. Proprietary Information: NDA Required.
Brocade Virtual Cluster Switching (VCS)
• Fully distributed control plane
• Arbitrary topology, self-forming
• Network-wide knowledge of all members, devices, VMs
• Automatic Migration of Port Profiles (AMPP)
ETHERNET FABRIC
DISTRIBUTED INTELLIGENCE LOGICAL CHASSIS
NAS iSCSI FCoE
Simplified Virtual Machine Migration Automatic Migration of Port Profiles
36
ESX 2
ESX 1
MAC ID MAC ID
MAC ID
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL
MAC ID MAC ID MAC ID MAC ID MAC ID
MAC ID
Distributed
Intelligence
February 2012
Brocade Virtual Cluster Switching (VCS)
• Managed as a single switch
• Logically collapses network layers
• Auto-configuration for new devices
• Centralized or distributed management
• Radically reduces managed elements
ETHERNET FABRIC
DISTRIBUTED INTELLIGENCE LOGICAL CHASSIS
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 38
Yahoo! Japan Joint Openstack Project with Brocade
Router L2 Network Firewall Load Balancer
Virtual Routing Interface (SVI/VE)
Gateway ACL (FWaaS)
Subnet management (VLAN) Load Balancing
(LBaaS)
Stage 1. CLI configuration • IP ACLs for 8770
Stage 2. FWaaS
External Gateway info is optional for router. If it is not specified, value will be null.
Multi-tenant OpenStack Network abstraction
Open vSwitch VDX Plug-in
ML2 Mechanism Driver for VDX
Open vSwitch
SDN-Based 自適應自動 QoS 偵測語音與視訊延遲, 動態更動優先權
ICX ICX ICX ICX
Brocade SDN Controller
MLXe MLXe
ICX ICX ICX ICX
ICX ICX ICX ICX OpenFlow 1.3
優點 • 全自動接入控制
• 單一QoS管理
• 不需在端口設定QoS標籤
• 動態建立Qos路徑不須手動
Lync Plug-in
• 使用者經由call manager建立呼叫 • Call manage與UC SDN協議QoS 需求 • UC SDN 應用確認進入點建立 flow • SDN 控制器針對特定flow提高優先級 • 呼叫結束, 移除流表
App App App
Brocade Flow Optimizer
MLXe
WAN or DC network
Flow Metering Improve network utilization and reliability
• Per-flow “In-line” analytics • Built-in sFlow Collector • Real-time control and visualization
• OF Metering before normal routing forwarding. No impact to original routing
Normal L2/L3
Forwarding
Per-app Statistics
OF rule to Rate Limit
WAN / Cloud
sFlow Collector
Flow parameters of interesting traffic
sFlow samples
ISP, DC, Campus
OF based Metering
Campus / DC
Flow Control Analytic
Flow Optimizer Shipping Shipping Release 1.0
Internet
DNS Alert
Endpoint Alert
AV Alert
SMTP Alert
AV Alert
Web Alert
Web Alert
SMTP Alert
DNS Alert
AV Alert
DNS Alert
Web Alert
Endpoint Alert
過往的安全服務鏈架構
WA
F——
HT
TP
網路
流量分析——特定鏡像
郵件
安全服務——
SMTP
DD
oS—
—特
定流
量清洗
防A
PT—
—特定協議
防病
毒——
FTP、
SMB等
VP
N——
SSL
網管——
SNM
P
UR
L Filtering—
—H
TTP
SOC——
syslog
企業網路環境
多台設備串接,可靠性?
流量經過多次轉發,延遲長
故障排查複雜 應急回應變慢
新產品、新功能測試困難
設備故障後,更換困難
有限的視覺化程度
性能疊加困難,往往面臨性能瓶頸
內網或VM之間交互流量難以處理
Internet
企業網路環境
DNS Alert
Endpoint Alert
AV Alert
SMTP Alert
AV Alert
Web Alert
Web Alert
SMTP Alert
DNS Alert
AV Alert
DNS Alert
Web Alert
Endpoint Alert
SDN的安全服務池架構
WAF——HTTP 網路流量分析——特定鏡像
郵件安全服務——SMTP DDoS——特定流量清洗
網管——SNMP
URL Filtering——HTTP(500M)
SDN Controller
SOC——syslog
防病毒——FTP、SMB等
防APT——特定協議
VPN——SSL
URL Filtering——HTTP(500M)
SDN交换机
001 101
Service policy