Sei sulla pagina 1di 697

CreatingHPESoftware-definedNetworkseBook

(ExamHPE2-Z38)

CreatingHPESoftware-definedNetworks

(ExamHPE2-Z38)

©2015HewlettPackardEnterpriseDevelopmentLP

Publishedby:

HewlettPackardEnterprisePress

6604thStreet,#802

SanFrancisco,CA94107

Allrightsreserved.Nopartofthisbookmaybereproducedortransmittedinanyformorbyanymeans,

electronicormechanical,includingphotocopying,recording,orbyanyinformationstorageandretrieval

system,withoutwrittenpermissionfromthepublisher,exceptfortheinclusionofbriefquotationsina

review.

ISBN:978-1-942741-22-0

WARNINGANDDISCLAIMER

ThisbookprovidesinformationaboutthetopicscoveredinthecoveredintheCreatingHPSoftware-

definedNetworkseBook(ExamHPE2-Z38)certificationexam.Everyefforthasbeenmadetomakethis

bookascompleteandasaccurateaspossible,butnowarrantyorfitnessisimplied.

Theinformationisprovidedonan“asis”basis.Theauthor,andHewlettPackardEnterprisePress,shall

haveneitherliabilitynorresponsibilitytoanypersonorentitywithrespecttoanylossordamagesarising

fromtheinformationcontainedinthisbookorfromtheuseofthediscsorprogramsthatmayaccompany

it.

TheopinionsexpressedinthisbookbelongtotheauthorandarenotnecessarilythoseofHewlettPackard

EnterprisePress.

Note:BooksandcoursesdevelopedpriortotheHewlett-PackardCompanyseparationcontainbranding,

logos,webpagelinks,andotherelements/informationthathasnotbeenupdatedforeachHPInc.and

HewlettPackardEnterprise.ThegeneralknowledgeandskillsarestillconsideredofvaluetoHPInc.

andHewlettPackardEnterpriseemployees(partners/customers)respectively,sotheselegacymaterials

arebeingmadeavailablehere.Plansareinplaceforupdatingthemosthighly-usedcontentforeachHP

Inc.andHewlettPackardEnterprise.

TRADEMARKACKNOWLEDGEMENTS

Allthird-partytrademarkscontainedhereinarethepropertyoftheirrespectiveowner(s).

GOVERNMENTANDEDUCATIONSALES

Thispublisheroffersdiscountsonthisbookwhenorderedinquantityforbulkpurchases,whichmay includeelectronicversions.Formoreinformation,pleasecontactU.S.GovernmentandEducationSales

1-855-447-2665oremailsales@hpepressbooks.com.

FeedbackInformation

AtHPEPress,ourgoalistocreatein-depthreferencebooksofthebestqualityandvalue.Eachbookis

craftedwithcareandprecision,undergoingrigorousdevelopmentthatinvolvestheexpertiseofmembers

fromtheprofessionaltechnicalcommunity.

Readers’feedbackisacontinuationoftheprocess.Ifyouhaveanycommentsregardinghow

wecouldimprovethequalityofthisbook,orotherwisealterittobettersuityourneeds,youcancontact

usthroughemailathpepress@epac.com.PleasemakesuretoincludethebooktitleandISBNinyour

message.

Weappreciateyourfeedback.

Publisher:HewlettPackardEnterprisePress

HPEContributors:WimGroeneveld,GerhardRoets,AntonioMingrone,PeterKilgour

HPEPressProgramManager:MichaelBishop

Introduction

ThisstudyguidehelpsyoupreparefortheCreatingHPESoftware-definedNetworksexam(HPE2-Z38).

TheexamisforcandidateswhowanttoacquiretheHPEASE-FlexNetworkArchitectV2ortheHPE

ASE-FlexNetworkIntegratorV1certifications.Inaddition,thisstudyguidehelpsyouprepareforthe

SDN-relatedportionoftheMasterASE–FlexNetworkSolutionsV2certificationexam(HPE0-Y53).

ThebookexplainshowtoarchitectandimplementHPESoftware-definedNetworks.Topicsinclude

OpenFlow,Software-definedNetwork(SDN)usecases,installingandconfiguringtheSDNcontroller,

anddesigningSDNsolutionswithHPEapplicationssuchastheHPENetworkProtectorSDN

Application.

CertificationandLearning

HewlettPackardEnterprisePartnerReadyCertificationandLearningprovidesend-to-endcontinuous

learningprogramsandprofessionalcertificationsthatcanhelpyouopendoorsandsucceedintheNew

StyleofBusiness.Weprovidecontinuouslearningactivitiesandjob-rolebasedlearningplanstohelp

youkeeppacewiththedemandsofthedynamic,fastpacedITindustry;professionalsalesandtechnical

trainingandcertificationstogiveyouthecriticalskillsneededtodesign,manageandimplementthemost

sought-afterITdisciplines;andtrainingtohelpyounavigateandseizeopportunitieswithinthetopIT

transformationareasthatenablebusinessadvantagetoday.

AsaPartnerReadyCertificationandLearningcertifiedmember,yourskills,knowledge,andreal-world

experiencearerecognizedandvaluedinthemarketplace.Tocontinueyourprofessionalandcareer

growth,youhaveaccesstoourlargeHPEcommunityofworld-classITprofessionals,trend-makersand

decision-makers.Shareideas,bestpractices,businessinsights,andchallengesasyougainprofessional

connectionsglobally.

TolearnmoreaboutHPEPartnerReadyCertificationandLearningcertificationsandcontinuouslearning

programs,pleasevisit

Audience

ThisstudyguideisdesignedfornetworkingandITprofessionalswhowanttobuildontheirexperience implementingnetworkingprotocolsandlearnhowtodesignHPESDNsolutionsbasedoncustomer

needs.IthelpsqualifiedcandidatespreparetotaketheHPE2-Z38exam,whichteststheirabilityto

architectandimplementSDNsolutions.

AssumedKnowledge

Thecertificationexamisdesignedforcandidateswith“(onthejob)”experience.Theassociatedtraining

course,whichincludesnumerousdesignandhands-onlabactivities,providesafoundation,butyouare

expectedtohaveexperienceintherealworldaswell.

RelevantCertifications

Afteryoupasstheseexams,yourachievementmaybeapplicabletowardmorethanonecertification.To

determinewhichcertificationscanbecreditedwiththisachievement,logintoTheLearningCenterand

viewthecertificationslistedontheexam’sMoreDetailstab.Youmightbeonyourwaytoachieving

additionalHPEcertifications.

PreparingforExamHPE2-Z38

Thisself-studyguidedoesnotguaranteethatyouwillhavealltheknowledgeyouneedtopasstheexam.

Itisexpectedthatyouwillalsodrawonreal-worldexperienceandwouldbenefitfromcompletingthe

hands-onlabactivitiesprovidedintheinstructor-ledtraining.

RecommendedHPETraining

Recommendedtrainingtoprepareforeachexamisaccessiblefromtheexam’spageinTheLearning

Center.Seetheexamattachment,“(Supportingcourses,)”toviewandregisterforthecourses.

ObtainHands-onExperience

Youarenotrequiredtotaketherecommendedsupportedcoursesandcompletionoftrainingdoesnot

guaranteethatyouwillpasstheexams.HPEstronglyrecommendsacombinationoftraining,thorough

reviewofcoursewareandadditionalstudyreferences,andsufficienton-the-jobexperiencepriorto

takinganexam.

ExamRegistration

StudyGuideIntroduction

StudyGuideOverview

ThisguidehelpsyoupreparefortakingtheCreatingHPSoftware-definedNetworks(HPE2-Z38)exam.

Theguideintroducesyouto:

• HPVANSDNController

• OpenFlow

• HPSDNApplications

Throughacombinationofdescriptiveandinstructionalcontent,youwilllearnhowtoinstalland

configuretheHPSDNVANControllerandHPSDNApplications.Furthermore,youwillobtain

knowledgeonhowOpenFlowenablesthecommunicationbetweentheHPswitchesandtheHPVANSDN

Controller.Youcanalsotakethefour-dayHPtrainingcourse,CreatingHPSoftware-DefinedNetworks,

whichincludesnumeroushands-onlabs.

StudyGuidedesign

ThisguidefocusesonSDNsolutionsandthestepsyoumusttaketoinstallandconfigurethem.We

recommendthatyoudownloadthetrialversionsofHPVANSDNControllerandMininetthatare

availabletoyousothatyoucanpracticecompletingthestepsyoufindinthisguide.

HPExpertOne

TheHPExpertOneprogramoffersafullrangeofnetworkingcurricula,frombeginning-levelcoursesall

thewayuptoMasterASEclasses.Youwillalsofindfast-trackprogramsthatletyouleverageyour

currentindustrycertificationsfromCiscoandothercompanies,buildingontheinvestmentyouhave

alreadymadeinnetworkingeducation.

AsaparticipantintheHPExpertOnenetworkingtrainingandcertificationprogram,youwillgain:

• Provenpracticesfornetworkinginteroperability

• Differentiationinthejobmarket

• Rapidprofessionalcross-certification

BeforetakingtheCreatingHPSoftware-definedNetworksclass,youshouldmeettheprerequisites.

Theseinclude:

• HPATP—FlexNetworkSolutionsV3certificationbycompletingtheHPNetworkFundamentals,Rev

15.21courseandtheassociatedexamHP0-Y52

WerecommendcompletingeitherofthefollowingtwocoursesbeforetakingCreatingHPESoftware-

definedNetworks:

• ArchitectingHPFlexNetworkSolutions,Rev14.21(ExamHP0-Y50)

• DeployingHPFlexNetworkCoreTechnologies,Rev14.31(ExamHP0-Y47)

AfteryoucompletetheCreatingHPESoftware-definedNetworkscourseandeitherofthetwocourses

mentionedaboveandpassthecorrespondingexams(HPE2-Z38andHP0-Y50orHP0-Y47),youwill

obtaintheHPASE–FlexNetworkArchitectV2orHPASE–FlexNetworkIntegratorV1certification.

HPExpertOneisnowknownas‘HPEPartnerReadyCertificationandLearning’.Formoreinformation

abouttheprogramandotherHPEcertifications,visit:http://certification-learning.hpe.com/TR/Index.html

AugmentedReality…what’sinitforyou?

AugmentedReality…what’sinitforyou? Figureintro-1:HPExpertOneAugmentedRealityApp

Figureintro-1:HPExpertOneAugmentedRealityApp

Continuingtodriveinnovationacrossourportfoliooftechnologies,HPExpertOneandHPAurasmahave

cometogethertoenhancethewayyoulearn,bringingembeddeddigitalcontenttoyourprintedmaterial.

AllyouhavetodoisdownloadtheHPExpertOneApppoweredbyAurasma,opentheapp,andpointthe

viewfinderattheicondisplayedinFigureintro-1tolaunchyourextracontent.

Whatdoyouneedtodo?

1.DownloadtheHPExpertOneAppforyouriPhoneorAndroiddevice(smartphoneandtablet).

2.Installtheapp

3.OpentheappandscantheimagewiththeHPExpertOneiconuntilyoucanseethevideostarting.

4.Youcanwatchthevideoonyoursmartphoneortabletevenwhenyoudonothaveyourdeviceclose

totheimage.

Chapter1

IntroductiontoSoftware-definedNetworking

EXAMOBJECTIVES

Inthischapter,youlearnto:

• ExplainwhatisdrivingtheneedforSoftware-definedNetworking(SDN)

• ExplainthefundamentalsofSDNandOpenFlow

• ExplainhowSDNabstractsthenetworkinfrastructure

• DiscussthedifferencesbetweenviewsofSDN

• ExplaintheadvantagesofusingOpenFlowandSDN

Assumedknowledge

• HPProVisionandHPComwareswitchcommandlineinterface(CLI)

• IPaddressing

Introduction

SDNhasbecomeapopulartopicinnetworking-relatedwebsitesandmagazines.Youcannotbrowsesuch

publicationswithoutfindingmultiplearticlesaboutSDN.Likewise,networkingvendorsarehosting

webinarsthatfocusonSDNandtheadvantagesitmightofferinthefuture.

Asitoftenhappenswithemergingtechnologies,commentatorsandvendorsdonotalwaysagreeonwhat

SDNis.SomefocusononlyoneaspectofSDNbutmaynotprovidethecomplete“bigpicture”ofSDN.

ThischapterintroducesyoutoSDN,explainingwhyitisneededandoutlininghowitfundamentally

changesnetworking.YouwilllearnhowSDNenablesorganizationstoreacttochangesandtoprovision

thenetworkmorequickly.Youwillalsoseehowitenablesdeveloperstoinnovatenewapplications.

InthechaptersthatfollowyouwilllearnabouttheSDNsolutionsHPhasreleased.

Note

Note

SDNisarapidlychangingtechnologyarea.ItisgoodpracticetorefertotheHPwebsiteforthe

latestinformation.

exceptionalservice.Employeeswantaccesstoinformationandapplicationsfromanydevice.Delivering

ontheseexpectationsrequiresdatacentersthataremorepowerful,agile,andautomatedthaneverbefore,

andacampusenvironmentthatrespondstoadynamicandchangingworkforce.

Serverandstoragearchitectureshavemodernizedtokeeppacewiththeever-growingexpectationsofan

always-onworld,buttheunderlyingnetworkhasnot.Thedatacenternetworkitself,whilecertainly

biggerandfaster,haslargelybeenbuiltthesamewayfortwodecades.Evolutionofcampusnetworkshas

beenslow,despitethemobilityrevolution.

Whetherinthedatacenteroronthecampus,whenlegacynetworksarepushedtothelimit,theybecome

fragile,difficulttomanage,vulnerable,andexpensivetooperate.Manualconfigurationandoperation

simplywouldnotscaletothedemandsoftoday’sapplications,users,andbusinessrequirements.

Businesseswhosenetworksareatthisbreakingpointriskmissingthenextwaveofopportunity.

Problem

Legacynetworkscannotkeepupwithdemandsfromcloud,security,mobility,andbigdata.Figure1-1

highlightssomeoftheproblemscompaniesface.

SDNgivesyouanintelligent,responsive,programmable,andcentrallycontrollednetworkdesign.

Figure1-1:Legacynetworks Software-definednetworking

Figure1-1:Legacynetworks

Software-definednetworking

SDNiseasiertomanage,anditkeepspacewithtoday’sdiverse,growingworkloads.HPSDNprovides

aprogrammablenetworkthatisalignedtobusinessapplicationsandbasedonopenstandards.Andour

industry-firstSDNAppStoreprovidesamarketplaceforSDNapplicationsandaplatformtoshare

innovations.

Servervirtualizationandinnovation

Beforeyoudelveintothetechnicaldetailsoffside,youshouldunderstandindustrytrendsthataredriving

themovetoSDN,whicharehighlightedinFigure1-2.

Figure1-2:Servervirtualizationandinnovation

Figure1-2:Servervirtualizationandinnovation

Networksareincreasinglycomplexandthatdoesnotimplyjustbiggernetworks,fasternetworks,and

longeruptime.Throughvirtualizationandotherindustrytrends,silosarecomingdownbetween

networking,storage,software,andcompute.ThisplaystoHPstrengthsasHPworksinalltheseareasand

hasthescaletomeetthenewchallenges.

Cannetworksadapttothechangestakingplace?Theissuethatisoftenencounteredisnetwork

complexity.Otherindustrysegments(compute,storage,andsoftware)havebeentacklingtheir

complexity.Theyhavebeenaddressingsomeoftheirmanagementissuesandtheiroperatingexpense

(OPEX)issues,butnetworkinghaslaggedbehind.Networkstodayarestillcomplex.Theyhavestayed

expensiveandtheOPEXseemstobeincreasingratherthandecreasing.

expensiveandtheOPEXseemstobeincreasingratherthandecreasing. Note

Note

Inthischapter,youwillreviewcasestudiesofhowGoogleandUSANationalSecurityAgency

(NSA)facedtheseissues.Google’snetworkingunitcostswereincreasingratherthandecreasing,

unlikeitscomputeandstorageunitswherescaleprovidedperunitcostreductions.Googlethen

usedOpenFlowandSDNtoreducenetworkOPEX.TheNSAisalsousingOpenFlowandSDNto

reducecostsandbettercontrolitsnetwork.

Serverchanges

Incontrast,intheserverarena,virtualizationtechnologiessuchasVMwarehaverevolutionizedserver

deploymentandsetup.Nolongerdoserveradministratorshavetospenddaysorweekssourcinga

physicalserver,usingCDsorDVDstoinstalloperatingsystems,downloadingpatches,andinstalling

varioussoftwarecomponentssuchasExchangeorSQLserver.Theycansimplyprovisionaserverin

minutesorsecondsusingVMwarevirtualmachines.

Thiskindofrapidinnovationandquickdeploymentisstilllackinginnetworkingtoday.Network

administratorsoftenstillconfigurenetworksinalaboriousandtime-consumingmannerviatheCLI.The

CLIisusedtoconfigureVLANs,routing,IPaddresses,andtoimplementhowpoliciesaredeployed

(thinkaboutaccesscontrollists[ACLs],forexample).ManagementoptionssuchasSimpleNetwork

ManagementProtocol(SNMP)havehelpedwithnetworkmanagement,butthisisjustanothermethodof

configuringthelocalizedcontrolplaneoneachdeviceratherthanchangingthewaynetworksoperate.

Abstraction

Lookingbackatthechangesinservers,onecanseeadefiniteevolutiontowardabstraction.

Tenorfifteenyearsago,serverswerewherewearetodayinnetworking.Thesewerethedaysbeforex86

basedsystemsrunningvirtualization.Typicallyserverswereproprietaryandhadtheirownchipsetssuch

asSparcfromSun,AlphafromDEC,PowerfromIBM,andthePARISCarchitecturefromHP.Millions

ofdollarswentintothesechipdesigns.Fromasoftwarepointofview,UNIXhadarangeofproprietary

operatingsystems—SolarisfromSun,UXfromHP,AIXfromIBM,andsoon.Compoundingtheissue,

theapplicationsweregenerallyproprietaryandtheytookadvantageofproprietarymiddlewarethatthe

operatingsystemssupported.

So,fromaserverpointofview,ifyouhadaSunMicrosystemsenvironmentandyouhadanOracle

databaseoraSAPdatabaseorsomeotherapplication,andanHPaccountmanagerofferedyouagreat

dealonHPUXandPARISCarchitecture,wouldmovingtotheHPproductsbeeasyandpainless?The

answerisofcourse,no.Itwasverydifficulttomovefromonevendortoanother,givenallthepropriety

technologyusedandthecostandexpensesassociatedwithpurchasingthatproprietaryequipment.

However,thingshavechangedtoday.Businessesnolongerhostamajorityoftheirserverenvironments

onproprietaryplatforms.Businessestodayrunstandards-basedIntelorAMDx86systems.Theservers

usestandardinterfacesformemory,forstorage,forBIOS,andsoforth.Therearealsofairlystandard

operatingsystemssuchasLinuxorMicrosoftWindows.Therearealsostandardsetsofapplication

programminginterfaces(APIs)thatyoucandevelopapplicationstouse.Thisisonceagain,an

abstractionlayer.

Wehaveabstractedthehardwarefromtheactualoperatingsystemandsoftwaresothattheapplications donotneedtobeawareoftheactualhardwarebeingused.Itdoesnotmatterifthephysicalhardwareisa

HPDL380,oraHPBL660cGen8Bladeserver,oravirtualmachine,oraphysicalorbladeserverfrom

anothervendor.

AnapplicationprogrammerdevelopingsoftwareforanoperatingsystemsuchasWindowsdoesnotneed

tobeawareofhardware(harddrives,networkinterfacecards,monitor,mousemodel,andsoforth)as

theunderlyinghardwareisabstracted.

Ifabusinessintoday’senvironmentisrunningOracleonWindowsoronLinux,andthehardwareisDell

andaHPaccountmanagernowoffersagreatdealonx86bladeservers,wouldthecustomerbeinterested

inmoving?Howdifficultisthemigrationfromonevendortoanothertoday?Theansweristhatitisa

straightforwardmigration.Thereisverylittleinvolvementfromtheapplicationpointofview.Everything

justworksseamlessly,anditisveryhardwareindependent.

Thisisbecausetheindustryhasdoneagoodjobofmigratingtoanopenarchitecture.

Virtualization

Theserverenvironmenthasbeenfurtherabstractedwithvirtualservers.Movingtovirtualserversallows

systemsadministratorstodeployserversinminutesorinseconds.Inaddition,theycaneasilymove

virtualserversfromonephysicalhosttoanotherusingtechnologiessuchasVMwarevMotion.Avirtual

servercanalsobemoveddynamically,basedonresourceuse.Thatis,ifavirtualserverneedsmore

resourcesortheresourcesonaparticularserverbecomeoverloaded,thevirtualserverisautomatically

movedtoserverhardwarethathasavailableresources.

Storagehashadasimilarevolution:storagenolongerreliesonphysicaldisksineachindividualserver.

Storageisabstractedwithlogicalstorageandphysicalstoragecomponents.Toprovidefastandreliable

storageforcomputinganddataprocessing,disksarenowhousedinstoragearrays.Systems

administratorsaccesslogicalstoragewithoutregardtothephysicalstoragestructure.

Forbothserversandstorage,abstractionhasprovidedflexibilityandagilityandopenedthedoorfor

innovation.

Anew(virtualized)styleofnetworkcontrol

Serverproprietarystacks

Youwouldneedtolookinamuseumtodaytofindserverarchitecturesbuiltonproprietaryhardware,

proprietaryoperatingsystems(OSs),andproprietaryapplicationsallbundledasasingleproduct.

Customersdonotpurchasethehardware,OS,andapplicationasasinglebundleanymore.

Customersareabletobuytheapplicationsandinstallthemoncertifiedoperatingsystems.Thisis

installedonoftenprice-shoppedhardwarepurchasedbasedonneeds,volumepricing,andotherfactors.

Figure1-3showshowcustomershavemigratedfromproprietaryhardwaretovirtualizedsystems.

Figure1-3:Anew(virtualized)styleofnetworkcontrol

Figure1-3:Anew(virtualized)styleofnetworkcontrol

Networkproprietarystacks

Butifyoulookatnetworking,networkinghasnotenjoyedthesamesortofvirtualized

compartmentalizationofproductcomponentsasservershave.Networksareoftenpurchasedtodayinthe

identicalwaythatserverswerepurchasedinthepast.

Customersdeterminewhatnetworkapplicationsandfeaturestheyneed—forexample,multicast,VLANs,

Layer3services,andsoforth.Customersthenputtheserequirementsintoarequestforinformation(RFI),

orrequestforproposal(RFP),andaskvendorstosubmitaccordingly.Thecustomerthenchoosesa

vendorwhosupportsthemostfeaturesandfunctionalityforwhatthecustomerdeterminesisthebest

price.

Vendorsthendeliveradevicelikearouteroraswitch(hardwaredevice),bundledwithanoperating

system(ProVision,Comware,andIOS)thatincludesoperating-system-specificfeatures.Thefeaturesthe

customergetsaredeterminedbyboththehardwareandthesoftwarebundledinthissinglepackage.

Historyrepeatingitself?

Whenthinkingaboutnetworkingtoday,rememberwhathashappenedinboththeserverandstorage

markets.Wearestartingtoseethesesamesortsofpressuresandinnovationscometothenetworking

market.

When?

ThereisoftenthediscussionofhowquicklyorhowslowlySDNwillarrive.Rememberthattheindustry

hasseenvirtualizationacoupleoftimesalready—oncewithserversandagainwithstorage.Thisisnot

anunfamiliarconcept.

anunfamiliarconcept. Note

Note

HPNetworkingalreadyhasSDNproductsandapplicationsthatcanbedeployedtodayinboth

enterpriseanddatacenternetworks.Youwilllearnmoreabouttheseinthisstudyguide.

Example1

HereisanextremeexampleofvirtualizednetworkingthatillustratesthevisionofSDN:

Assumethatyouwenttoanelectronicsstoreandpurchasedfourlow-endswitchesforUS$60each.You

thenaddedtheseswitchestoyourcompany’sexistingnetwork.Aslongastheswitchessupport

OpenFlow,whichisastandardprotocolbetweenthecontrolplaneandtheswitches,youcanprogramthe

switchestoforwardtrafficastheexternalapplicationdictates.

TheapplicationcouldprogramtheswitchviatheSDNcontrollertoconfigureaswitchtoroutepackets

fromport1toport2.Theswitchmaynothavetheintelligencetounderstandrouting,butahigherlevel

applicationwiththeintelligencehasprogrammedtheswitchtoroutebasedonpacketheadersreceived.

Theapplication,ratherthantheswitches,hastheroutingcapabilityinthisexample.Alltheswitchdoesis

matchpacketscontainingspecificheadersandchangethemaccordingtotheinstructionsprovidedviathe

OpenFlowprotocol.TheseforwardingsettingsarewrittentoanOpenFlowtableviaOpenFlowentries.

Inthisexample,fourlow-endswitcheswithoutroutingcapabilityareabletoroutebasedonthe

intelligenceofanexternalapplication.Thecontrolplane(networkintelligenceornetworkbrain)is

runningonanexternaldevice,whiletheforwardingplane(dataplane/switchingplane)withless

intelligenceisfollowinginstructionsgiventoit.

Thisexamplemaynotbeimplementedinyournetworktoday,butisoneofthevisionsofSDNmanyare

pursuing.

Example2

Anotherexamplethatmaybeimplementedinyournetworktodayisextendingthefunctionalityofbasic

edgeswitches.EdgeswitchesgenerallydonotcontainDNSinterceptioncapabilitiesanddatabasesof

maliciouswebsites.

However,aflowentrycouldbeprogrammedonaswitchtoforwardallDNStraffictoanexternal

controllerrunninganapplicationthatdoeshavethisintelligence.ThisiswhattheHPNetworkProtector

SDNApplicationprovides.Switchesstillswitchorrouteasusual,buttheirfunctionalityisextendedby

leveragingOpenFlow,externalcontrollers,andexternalapplications.

Inthisstudyguide,virtualizednetworkingorSDNreferstotheabilitytotakenetworkfeaturesand

functions,installthemsomewhereinthenetworkandthenapplythemtoboxes(switches,routers,and

others)thataregeneral-purposeprocessingengines.

Softwarecentricsolutions

RatherthanconcentratingonoperatingsystemslikeComware,ProVision,orIOSandthencomparingthe featuresandfunctionalityofeachoperatingsystem,SDNde-emphasizestheoperatingsystemandfocuses

onextendingthecapabilityofnetworkdevicesusingsoftware.Thissoftwaremayberunningonanx86

platform,writteninJava,Python,oramultitudeofotherlanguages.Featurescanbeaddedtothe

networkingdeviceprogrammaticallyviaopenAPIslikeOpenFlowandothers.

SDNchangestheparadigm:

• Do notbundle as manyfeatures as possible into anoperatingsystemthatonlyruns onspecific hardware(ASICSs)andhastheaddedriskthattheoperatingsystemandhardwarewillbecome obsoleteinafewyears.

• Rather, enhance networkfeatures byaddingthese to external servers and thenprogrammatically extendingthefeaturesetsofnetworkdeviceswithoutthedeviceshavingtounderstandallfeatures.

Notallhardwareisequal

Thedifferentiationbetweenthenetworkdevicesisnownotsomuchthefeaturesthatanindividual

operatingsystemsupports,buthowquicklyadevicecanprocesstrafficandcommands.Thehardware

willstilldeterminethroughputandspeedofsetupandteardown.Thehardwarewillalsodeterminethe

priceofthefeatures.

Thereareadvantagesanddisadvantagestousingmerchantsilicon(off-the-shelfcomponentsandASICs).

TheadvantagetousingmerchantsiliconsuchasBroadcom,Marvell,andFulcrumisthatitprovidesa

baseplatformthatmultiplevendorsuse.Thedisadvantageofmerchantsiliconisthattheflexibilityto

implementenhancedhardwarefeaturesisverylimited.

TheadvantageofcreatingacustomASICisthatanorganizationcanprovideenhancementsinhardware

fasterthantherestoftheindustry.ThedisadvantageofcustomASICsisthattheorganizationmustpaya

premiumtodevelopandmanufacturethese.

Thatsaid,however,thereisatrendtodayformultiplemanufacturerstousethesameoff-the-shelf

merchantsilicon.

HPusesmerchantsiliconinsomeswitches(HP5900AF)andcustomASICsinotherswitches(HP3800).

Networkfunctionvirtualization

Networkfunctionvirtualization(NFV)takesvirtualizationastepfurtherbyvirtualizingdevicehardware

inasimilarwaytohowservershavebeenvirtualized.Ratherthandeployingphysicalserverseach

servicingafunction,todayvirtualmachinesaremostoftenhostedbyhypervisors.Asinglephysical

servermayrunmultiplevirtualserversofferingdifferentfeaturessuchase-mailservices,database

services,webservices,andothers.

NFVoffersanewwaytodesign,deploy,andmanagenetworkingservicesbydecouplingnetwork functionsfromproprietaryhardwareappliances.Ratherthandedicatedroutingdevicesorfirewall

appliances,virtualmachinesrunningonx86serversprovidethesefeatures.ExamplesincludetheHP

VirtualServicesRouter(VSR),whichprovidesbothswitchingandroutingfunctionalitywithoutbeing

constrainedtoaphysicalhardwaredevice.

MultipleSDNviews

ItisimportanttodefinewhatSDNactuallyisbecausetherearecompetingviewpoints,asFigure1-4

shows.

Inthepast,therewerecompetingtechnologiesandstandardsforhighdefinitionreplacementsofDVDs:

Blu-rayversusHD-VD.Beforethat,ifyouareoldenoughtoremember,therewasabattlebetween

competingtechnologiesandformatsforvideocassettes:VHSversusBetamax.

Withboththeseexamples,youhadtomakeyourchoicebasedonwhateveryourcriteriawas—cost,

quality,companyreputation,andsoforth.Youthenhadtogettheplayerthatsupportedtheformatofyour

choiceandthenyouhadtomakesurethateverydiscyoupurchasedsupportedtheformatyouselected

(Blu-rayorHD-VD).

SomethingsimilarishappeningwithSDN.Therearecompetingviewpointsanddefinitions—someof

whichareopenstandardsbased,andsomewhichareproprietary.Figure1-4displaysthesestandards.

Figure1-4 displaysthesestandards. Figure1-4:MultipleSDNviews

Figure1-4:MultipleSDNviews

Thisisnotjustahistorylesson,buthasimplicationsonwhichversionofSDNyouchoseandwhatyou

willbeabletodowithit.

HPandOpenFlow

TheCleanSlateprogramaskedthequestion:ifweweretobeginbuildingnetworksanew—withoutany

existingtraditionalmethods—howwouldwebuildthem?Wouldnetworkingtechnologylooklikeitdoes

today,orwoulditlookdifferent?

TheanswerarrivedatbyCleanSlate,aswithothertechnologies,isthatthereshouldbeacontroland

managementsystem“runningtheshow.”Thenetworkitselfshouldbedrivenbynetwork-levelobjectives

(ratherthandistributeddeviceconfigurations).Andfurthermore,thatthiscentralizedsystemwouldbe

abletolookattheentirenetworkandmakeoptimal,intelligent,andpredictabledecisionsabouthow

trafficshouldbeforwardedandroutedthroughoutthenetwork.

Thiscentralcontrolsystem—called‘Ethane’—usedpolicyinformationandadatabaseofvarious

information(topology,registration,andbindings)toadministerrulesregardingnetworkaccessby

individualdevices.

Inthisway,Ethaneisasortofanetworkaccesscontrol(NAC)solution.TypicalNACsystemsrequire

controlfunctionalityonthedevice(forexample,RADIUSorcaptiveportal),orelsefunctionalityina

specialin-lineappliance,toachievetheirdesiredfunctionality.Thissolutionwasachievedwithno

specialsoftwareonthedeviceortheappliance—itwasalldonewithsimpledevicesthatexposedtheir

‘flowtables’tothecentralcontroller.

‘flowtables’tothecentralcontroller. Note If you are interested in reading

Note

If

you

are

interested

in

reading

more

about

Ethane,

please

visit:

In2006HPandStanfordcollaboratedontheEthaneproject.StanfordandHParerightnexttoeachother.

TherewascrosspollinationofideasbetweenStanfordresearchersandHPaboutmakingnetworksmore

programmable.EthanewastheprecursortoOpenFlow,whichallowsadevelopertoaccessthe

forwardinglogicofaswitchandthenprogrammaticallychangetheswitch’sforwardingbehavior.

OneoftheproblemsfacingtheStanfordresearcherswasthatitisdifficulttodeploynewconceptsand

operatingextensionslikeOpenFlowonhardwareswitches.Thisisespeciallytruewiththeclosed,

proprietaryoperatingsystemsusedbynetworkingvendorsatthetime.Theyalsodidnothaveaccessto

manufacturingfacilitiesandotherresourcestosimplygooutandcreatenewproductiongrade,scalable,

hardwareswitches.

However,theconceptofreplacingtheoperatingsystemofaswitchwithsoftwareisapowerfulconcept. Thus,someoftheresearchersatStanfordstartedacompanycalledNicira.Thepremiseoftheircompany wastocreateaprogrammableswitchthatwassoftwareonlyandthatcouldbedeployedonvarious

hardwareplatformslikethex86platform.

Inthemeantime,PothersatStanfordandothernetworkingvendorswereworkingonOpenFlowandan industryorganizationwasformedtofurtherOpenFlow.ThisiscalledtheOpenNetworkingFoundation

(ONF)andin2011,OpenFlow1.0wasreleased.

NiciraandVMware

Thisshiftinthemarketwasobservedbymultiplevendorswithgreatinterest.Therewasalotofbuzzin

themarketplaceatthetime.VMware(alsoasoftwarecompany)offered$1.26billionforNicira.The

NiciratechnologyhasnowbeenrebrandedVMwareNSX.

NSXimplementsaversionofSDNwhereavirtualnetworkisoverlaid(overlaynetwork)onthe traditionalphysicalnetwork(underlaynetwork)usingVirtualExtensibleLAN(VXLAN)tunnels.This allowsaserveradministratortodynamicallycreatevirtualnetworksbetweenESXiserverswithout

havingtoasknetworkadministratorstoconfigureandpermitVLANs.VXLANsalsosupport16million

VLANscomparedto4096supportedby802.1Q.

Note TheHPVANSDNController andVMwareNSXcontroller federate.ThefederatedSDNand networkvirtualizationsolutionprovides a

Note TheHPVANSDNController andVMwareNSXcontroller federate.ThefederatedSDNand networkvirtualizationsolutionprovides a commoninfrastructure and operations model across physicalandvirtualnetworks.

Formoreinformationvisit:http://bit.ly/1S0WPFH.

InsiemeandCisco

AstartupfundedbyCisco,InsiemewasaseparatecompanyfullyfundedbyCisco.Thecompanywas

subsequentlypurchasedbyCiscoin2013.

InsiemeemployeeshadalotofexperienceandexpertisearoundASICsandprogrammablearrays.

Insiemechosetodosoftware-definedprogramminginASICs.

ThisversionofSDN—ApplicationCentricInfrastructure(ACI)—islargelyhardware-based,relyingon

ASICstoimplementSDN.ThishasbecometheNexus9000productline.Itusesaproprietaryprotocol

(OpFlex)insteadofOpenFlow.

Standards

TheONFusesOpenFlowasaprotocol.VMwareusesVXLANandCiscousesOpFlex.

ThepromiseofOpenFlowandtheONFversionofSDNisinteroperabilityandopenness.Youarenot

lockedintoasinglevendor.ThisistheoriginalvisionofSDN.

Asananalogy,auniversalremoteinyourlivingroomshouldbeabletoprogramBlu-rayorDVDplayers

frommultiplevendors.IfyourBlu-rayplayerfails,youshouldbeabletoreplaceitwithanotherplayer

fromadifferentvendor.Withsomeminorreprogrammingonyouruniversalremote,youshouldbeableto

controlthenewplayerinthesamewayasthepreviousunit.Thisispossiblebecauseofanopenstandard

interface.

Asdiscussed,incompute,youareabletoreplaceafailedserverfromonevendorwithadifferent

vendor’shardware.Applicationscanbemigratedfromonephysicalservertoanotherwithoutgreat

concernastheoperatingsystem(Windows/Linux)issupportedbythehardwaremanufacturers.

Inhardware,anetworkinterfacecardoraharddiskdrivecaneasilybereplacedwithanotherbecause

hardwarevendorshaveagreedonstandards.USBtechnologyallowsyoutomovedataeasilyfromone

computertoanotherwithoutmuchregardtowhomanufacturedtheUSBdriveorfromwhichortowhich

computerthedatawillbemoved.Becauseofstandards,thesearenotofmuchconcerntoday.

UnfortunatelywithSDN,somevendorshavechosentoimplementproprietaryversionsofSDN.With

SDN,youneedtobeawareofvendorsupport,openstandardssupport,andinteroperability—andyou

mustbecarefulofvendorlockinbecauseofproprietaryimplementations.

WhatthismeansforyouisthatifyouselectoneofthesetypesofSDN,youmustlimitthetypesof

productsyoucanputinyournetworkbasedonsupportforthatversionofSDN.Youarealsolimitedto

therelationshipsthateachvendorhascreated.

Atthetimeofthiswriting,VMwarehasabout19vendorsthattheyhavepartneredwith.Ifyoudecideto

useNSX,youarelimitingyourselftoabout19vendors’products.

WithCisco,youhaveabout40vendors(atthetimeofthiswriting)thatCiscohassignedastrategic

relationshipwith.

IfyougowiththeONFversionofSDN,yougetwellover150vendors.

ItdoesbecomeimportantastowhichSDNyouwanttoputinyournetwork.Ifyourgoalistoavoid

vendorlockinandtouseopenstandards,youneedtochoosecarefully.

Softwareversushardware

ItisalsoimportanttonotethattheONFandVMwareversionsofSDNaresoftwarebased.Itistherefore possiblethatthesetwoversionscanbeconnectedandworktogether.HPandVMwarehavedonethis—

theircontrollersfederatewitheachother.Theresultofthisisthatyouhaveover170vendorstochoose

from.

ACIishoweverASICbased.YoumayneedtopayroyaltypaymentsandpurchaselicensestouseACI.

ThisgoesagainsttheoriginalvisionofSDN,whichenvisionedgeneralpurposehardwarebeing

controlledbyopenstandardinterfacesandinteroperabilitybetweenmultiplevendors.

OpenFlowversions

Asdiscussed,in2006,StanfordPhDstudentMartinCasadoandothersdevelopedEthane.Thisusedthe

ideaandapproachofcentrallymanagingglobalnetworkpolicy.Ethaneusedaflow-basednetworkand

centralcontrollerwithafocusonnetworksecurity.EthanelaterinspiredtheconceptofOpenFlow.

Theimplementationwasaidedbyanumberofvendors,includingHP,whichimplementedspecifications

initsdevicesthatallowedittomakeitsforwardingfunctionalityavailabletoacentralcontrolsystem.

OpenFlowismanagedbytheONF.Itisastandards-basedprotocolallowingforacentralized-control

planeinaseparatedevice(thecontroller).OpenFlowprovideshardwareabstraction,providingthe

controlleramethodtocommunicatewithmultiple-vendordevicesandmultiple-hardwaretypes(routers,

switches,loadbalancers,andsoforth),andusesastandardinterface.Thistakesthecontrollogicon

performingpacketforwardingandpacketrulesandputstheserulesdownintoahardwareabstraction

wheretheycanbefollowedbytheindividualnetworkdevice.

Figure1-5summarizesthereleaseofOpenFlowversions,startingwith2006.

Figure1-5 summarizesthereleaseofOpenFlowversions,startingwith2006. Figure1-5:OpenFlowversions

Figure1-5:OpenFlowversions

NoteWewillbediscussingOpenFlowindetaillaterinthisstudyguide.Ifyouwanttoreadthedetailsof

WewillbediscussingOpenFlowindetaillaterinthisstudyguide.Ifyouwanttoreadthedetailsof

OpenFlownow,pleasevisittheONFtechnicallibrary:

NoteTheHPVANSDNControllersupportsOpenFlowversions1.0and1.3.

TheHPVANSDNControllersupportsOpenFlowversions1.0and1.3.

Traditionalswitching

Figure1-6showsatraditionalswitchingenvironmentusingtraditionalswitchmechanisms.

Figure1-6:Traditionalswitching

Figure1-6:Traditionalswitching

Inatraditionallayer2switchingenvironment,switchingisperformedbasedondestinationMAC

address.EachswitchhasitsownMACaddresstableandlearnswheredevicesarelocated.

1. Thebasicprocessingofframesthroughthenetworkisasfollows:FramearrivesatSwitch1fromPC

A(MAC=AAAA-AAAA-AAAA)toPCB(MAC=BBBB-BBBB-BBBB).

2. MACaddresstableischeckedforlocationofPCB.

3. Entryisfoundinforwardingtable.

4. Frameistransmittedoutofport2.

Thisprocessisrepeatedateveryswitchinthenetwork.

Flow-basedswitching

InapureOpenFlowenvironment,flowtablesareusedbydevicesratherthanroutingorMACaddress tables.Inotherwords,aswitchhasanOpenFlowpipelineforprocessingpackets,ratherthana

traditionalpipelineusingtraditionalswitchingmechanisms.Figure1-7illustrateshowthisprocessworks

conceptually.

Figure1-7:Flow-basedswitching Important HPswitchessupportbothanOpenFlowpipelineandatraditionalpipeline.Thisisreferredtoasa

Figure1-7:Flow-basedswitching

Figure1-7:Flow-basedswitching Important HPswitchessupportbothanOpenFlowpipelineandatraditionalpipeline.Thisisreferredtoasa

Important

HPswitchessupportbothanOpenFlowpipelineandatraditionalpipeline.Thisisreferredtoasa

hybridswitchintheOpenFlowspecification.

Inaddition,HPswitchessupporthybridmode.Inhybridmode,aswitchusesbothanOpenFlow

pipelineandtraditionalpipelineforframeorpacketprocessing.

Inhybridmode,ahybridswitchprocessesmosttrafficviatraditionalmechanisms,butOpenFlow

canusetooverridetraditionalforwarding.Specificactionslikedroppingtrafficorforwardingit

differentlycanbeimplementedinadditiontotraditionalprocessing.

OpenFlowentries

AnentryinabasicOpenFlowtablehasthreefields:

• Apacketheaderthatdefinestheflow—forexample,TransportControlProtocol(TCP)port80.This

flowismatchedbasedonthedefinedmatchcriteria.

• Theactionthatdefineshowthepacketsshouldbeprocessed(forwardout-of-portG1/0/1).

• Statisticsthatkeeptrackofthenumberofpacketsandbytesforeachflow(e.g.,100packets,8000

bytes).Thetimesincethelastpacketmatchedtheflowisrecordedtoremoveinactiveflows.Thiscan

beconfiguredwithintheHPVANSDNController.

Actionsandinstructions

Eachflowentryhasanactionassociatedwithit.ThethreeactionsthatalldedicatedOpenFlowswitches

mustsupportarethefollowing:

Forward:Thefirstoptionistoforwardthepacketsofaflowtoagivenport(orasetofports).This

allowsthepacketstobeswitchedthroughthenetwork.Inmostswitches,thistakesplaceatline-rate

speeds.

Redirect: The second optionis to encapsulate the packetand forward the packets to the SDN controller.ThepacketisdeliveredviaaTCPchannelorsecurechannelusingTLS.Thecontroller makesadecisionandforwardsthepacketbacktotheswitch.Typically,thismethodisonlyusedfor thefirstpacketinanewflow,soacontrollercandecideiftheflowshouldbeaddedtotheflowtable. Onthe other hand, itcould be used to forward all packets to a controller for processingifan applicationrequiresthatfunctionality.

Drop:Thethirdoptionistodroptheflowspackets.Thiscanbeusedforsecurityreasons,whichare

toblockunauthorizedtraffic,stopdenialofserviceattacks,orreducespuriousbroadcasttrafficfrom

end-hosts.TheHPNetworkProtectorapplicationcanbeusedforthispurpose.

Note

Note

Youwilllearnthedifferencebetweenactionsandinstructionslaterinthisstudyguide.

SDNarchitecture

OpenFlowisastandardsbasedprotocolallowingforacentralizedcontrolplaneinaseparatedevice

(thecontroller).OpenFlowprovideshardwareabstractionwheredetailsofindividualASICsor

individualhardwarearehiddenfromthecontrollerusingastandardAPI(OpenFlow).Thisgivesthe

controlleramethodtocommunicatewithmultiplevendordevicesandmultiplehardwaretypes(routers,

switches,loadbalancers,andothers)usingastandardinterface.

AsshowninFigure1-8,SDNdecouplesthecontrollogicfromnetworkdevices.Packetforwardinglogic

andpacketrulesaremovedtoaseparatedevice(thecontroller).Switchesandotherdevicesimplement

theforwardingoftrafficasinstructedbythecontroller.

theforwardingoftrafficasinstructedbythecontroller. Figure1-8:SDNarchitecture

Figure1-8:SDNarchitecture

MostinitialSDNdevicesareroutersandswitches.However,OpenFlowandSDNmakeprovisionfor

manydevicetypesandarenotrestrictedtoonlyroutersorswitches.Otherdevicessuchasload

balancers,firewalls,andWANoptimizationdevicesmayalsosupportSDNinfuture.Anynetwork

forwardingdevicethatcanbeprogrammedtoperformavarietyofactivitiesmaybepartofSDNand

OpenFlowinthefuture.

TheOpenFlowprotocolisaspecificationthatdefineswhattheAPIusedbyindividualnetworkdevices

lookslike.ThisAPIcanbeusedtodefinewhattrafficshouldbematched(basedonasetofrules)and

onceamatchismade,whatactionsshouldbetaken.

OpenFlowswitch

AsFigure1-9shows,anOpenFlowswitchconsistsofoneormoreflowtablesandagrouptable,which

performpacketlookupsandforwarding,andanOpenFlowchanneltoanexternalcontroller.Theswitch

communicateswiththecontrollerandthecontrollermanagestheswitchviatheOpenFlowprotocol.

Figure1-9:OpenFlowswitch

Figure1-9:OpenFlowswitch

TheOpenFlowprotocolcanbesecuredusingTransportLayerSecurity(TLS)whichisthesuccessorto

SecureSocketsLayer(SSL).

UsingtheOpenFlowprotocol,thecontrollercanadd,update,anddeleteflowentriesinflowtables,both

reactively(inresponsetopackets)andproactively.Eachflowtableintheswitchcontainsasetofflow

entries;eachflowentryconsistsofmatchfields,counters,andasetofinstructionstoapplytomatching

packets.

Matchingstartsatthefirstflowtableandmaycontinuetoadditionalflowtables(OpenFlowVersion1.1

andlater).Flowentriesmatchpacketsinpriorityorder,withthefirstmatchingentryineachtablebeing

used.Ifamatchingentryisfound,thentheinstructionsassociatedwiththespecificflowentryare

executed.Ifnomatchisfoundinaflowtable,thentheoutcomedependsonconfigurationofthetable-miss

flowentry;forexample,thepacketmaybeforwardedtothecontrollerovertheOpenFlowchannel,

dropped,ormaycontinuetothenextflowtable.

Instructionsassociatedwitheachflowentryeithercontainactionsormodifypipelineprocessing.Actions

includedininstructionsdescribepacketforwarding,packetmodification,andgrouptableprocessing.

Pipelineprocessinginstructionsallowthepacketstobesenttosubsequenttablesforfurtherprocessing

andallowinformation,intheformofmetadata,tobecommunicatedbetweentables.Tablepipeline

processingstopswhentheinstructionsetassociatedwithamatchingflowentrydoesnotspecifyanext

table.Atthispoint,thepacketisusuallymodifiedandforwarded.

Proactiveversusreactiveflows

Whathappenstothepacketflowaftertherulesaredefined?Doeseverypacketneedtogotoacontroller

forprocessing?Canapacketbeforwardeddirectlybyaswitch?

AsillustratedinFigure1-10,OpenFlowsupportstwomethodsofflowinsertion:proactiveandreactive.

Figure1-10:Proactiveversusreactiveflows

Figure1-10:Proactiveversusreactiveflows

ReactiveflowinsertionoccurswhenapacketreachesanOpenFlowswitchwithoutamatchingflow.The

packetissenttothecontroller,whichevaluatesit,addstheappropriateflows,andletstheswitch

continueitsforwarding.

Alternatively,flowscanbeinsertedproactivelybythecontrollerinswitchesbeforepacketsarrive.

Important

Important

DonotforgetthattheHPVANSDNControllerandHPswitchessupporthybridmode.

Thehybridmodesettingdetermineswhichpacket-forwardingdecisionsaremadebycontrolled

OpenFlowswitchesandwhichofthesedecisionsaremadebythecontrolleritself.

• If hybrid mode is enabled (the default setting), the controller delegates normal packet

forwardingtothecontrolledswitches,butoverridestheseswitchesfornonstandardpacket-

forwardingdecisionsrequiredbyinstalledapplicationsforspecificpackettypes.Inthismode,

thecontrollerreliesonthecontrolledswitchestoresolveloopsanddetermineforwardingpaths

byusingtraditionalnetworkingmechanisms(suchasSpanningTreeProtocol[STP]orOpen

ShortestPathFirst[OSPF]Protocol).

• Ifhybridmodeisdisabled,thecontrollermakestheforwardingdecisionsforallpacketsinthe OpenFlow-controlled network. In this state, the controller resolves network loops and determinesforwardingpaths.

mobility,andmore,learnhowHPandourpartnersarebringingtechnologysolutionsandgame-changing

innovationsthataretransformingthewayyoudobusiness.

innovationsthataretransformingthewayyoudobusiness. Figure1-11:HPNetworkingisempoweringtheenterprise[1]

Figure1-11:HPNetworkingisempoweringtheenterprise[1]

HPnetworkingdeliverstransformationaltechnologieswiththebroadestSDN-enablednetwork

infrastructureportfolio.HPNetworkingdeliverswiredandwirelessunificationtosoftware-defined

networkingandvirtualmanagement.

Figure1-11highlightsHP’saccomplishments:todateHPhasshippedmorethan30millionSDN-enabled

portsandhasgrownactiveconnections53%.

HPnetworkannouncementsincludethefollowing:

• HPhascompletedtheacquisitionofArubaNetworks,aleadingproviderofnext-generationnetwork

accesssolutionsforthemobileenterprise,for$24.67pershareincash.Theequityvalueofthis

acquisitionisapproximately$3.0billion,andthevaluenetofcashanddebtisapproximately$2.7

billion.

• CombiningAruba and HPcreates a leader inenterprise mobility, positioningHPto enable and acceleratetheenterprisetransitiontoaconvergedcampusnetwork.Together,HPandArubawill delivernext-generationconvergedcampussolutions,leveragingthestrongArubabrand.

Thebestcustomerexperience:

“ThebiggestcomplimentaroundtheHPNetworkinggearthatwepurchasedwasonimproved

performanceandperceptionfromourusersthatthenetworkwasperformingbetter.”

KaramuFord,AmericanAirlines

“ThebiggestbenefitreceivedfromchoosingHPNetworkingwasthestandardizednetworkdesign

topology,whichmadethenetworkconsistentfromthedatacenter,throughthecampus,totheenduser.”

AlexMunro,PacificLifeInsurance

EnterprisesaremovingtoanewstyleofIT

SimplifyandtransformwithSDN

AtHPNetworking,wehavebeenleadingthewayinsimplifyingandtransformingthenetworktomeet yourorganization’sneedsformobility,virtualization,high-definitionvideo,rich-mediacollaboration

tools,andcloudcomputing(seeFigure1-12).WiththeHPFlexNetworkarchitecture,yourbusinessgains

anopenandstandards-basednetworksolutiondesignedtoscaleonthreedimensions—security,agility,

andconsistency.

Figure1-12:EnterprisesaremovingtoaNewStyleofIT

Figure1-12:EnterprisesaremovingtoaNewStyleofIT

Byembracingasoftware-definednetwork,youwillbeabletoreapthefullvalueofyournetwork

investment.SDN,deliveredthroughourmarket-leadingsolutions,willhelpyourusersandorganization

experienceapplicationsasneverbefore.ItwillfreeyourITadministratorsfromthedrudgeryofmanual

networkconfigurationandreconfigurationbecausethenetworkwillbeautomaticallytunedtoapplication

andbusinessneeds.YourITstaffcanfocusmoreonthequalityofthebusinessexperienceandspendless

timemanagingthedetailsoftheunderlyingnetworkinginfrastructure.

OurSDNstrategyisbuiltonthefoundationofouropenandscalableHPFlexNetworkarchitecture,which

coverstheentirepathfromtheendusertothedatacenter,aswellasthetechnologystackfrom

infrastructuretomanagement.

HPVirtualApplicationNetworks(VANs)areatthecoreofourSDNstrategy.WithHPVirtual ApplicationNetworks,youcanmovetoservice-centricmanagementandorchestrationandgainbusiness

agility.TohelpeaseyourmovetoanSDNarchitecture,wehaveenabledOpenFlowinmorethan50of

ourswitchmodels.AndweplantoextendsupportacrosstheFlexNetworkarchitecture.Wearealso

buildingavibrantthird-partySDNdeveloperecosystemtofurtherdrivetheopenandextensiblenatureof

theHPVirtualApplicationNetworksSDNController.

JourneytoSDN

HPprovidesend-to-endSDNsolutionstoautomatethenetworkfromdatacentertocampusandbranch.

ExpandingtheinnovationofSDN,HPSDNecosystemdeliversresourcestodevelopandcreateamarket

placeforSDNapplications.

TheHPSDNecosystemdeliversthefollowingbenefits:

• Simple:ExtendingsimplicityofprogrammabilityacrossthenetworkwithOpenFlow-enableddevices.

• Open:RaisingthevalueofSDNwithanopenenvironmentdeliveredbySDNSoftwareDevelopment

Kit(SDK).

• Enterpriseready:Fosteringinnovationswithindustry’sfirstSDNAppStoremarketplaceforSDN

applications.

History

Figure1-13summarizessomeofthemajormilestonesHPhasachievedindevelopingSDNsolutions.In

2005,HPhadprogrammableASICs.Tobroadentheflexibilityofthechipatthattime,aprogrammable

functionwasincludedinsomeareasofitspacketprocessing.Thisprogrammabilityprovidednetwork

processor-likecapability,givingtheHPswitchdesignerstheopportunitytomakesomefuturechangesor

additionsinthepacketprocessingfeaturesoftheASICbydownloadingnewsoftwareintoit.Thus,new

featuresneedinghigh-performanceASICprocessingcouldbeaccommodated,extendingtheusefullifeof

theswitchwithouttheneedtoupgradeorreplacethehardware.

theswitchwithouttheneedtoupgradeorreplacethehardware. Figure1-13:JourneytoSDN

Figure1-13:JourneytoSDN

HPhasbeenaleaderinSDNsinceitsinception.Asdiscussed,datingbacktothe2007,HPNetworking

startedworkingwithStanfordtodeliverEthane—theprecursortoOpenFlow.In2008,HPdeliveredthe

industry’sfirstOpenFlowdemosoftwareforourswitches.Thisisatleast6yearsbeforeanyother

vendorevenstartedtalkingaboutOpenFlow—letalonedeliverworkingswitchcode.

In2009,HPNetworkingwasabletoscaleR&Dlighthousecustomersto10.By2010,HPhad60R&D

lighthousecustomers.

In2011,HPdeliveredindustry’sfirstenterprise-classcommercialsoftware.HPwasthefirsttier-1

networkingvendortodeliverthiscapability.

In2012,HPannouncedtheindustry’sfirstcompleteSDNsolutionspanningallthreearchitecturallayers

—infrastructure,controlandapplications—andleadtheindustryinOpenFlow-enabledswitcheswith

morethan40and10routers.Andtheindustry’sfirstcloudnetworktechnologythatenablesthe

deploymentofcloudapplicationsinminutesratherthanmonthswithVirtualApplicationNetworks.

HPdeliveredtomarkettheHPVANSDNControllerinSeptember2013anddeliveredenterpriseready

applicationsliketheHPNetworkProtectorSDNApplicationandtheHPNetworkOptimizerSDN

ApplicationforMicrosoftLyncin2014.

Figure1-14:ThehistoryofHP’sinvolvementwithSDN

Figure1-14:ThehistoryofHP’sinvolvementwithSDN

TheHPSDNAppStorewasalsolaunchedin2014providingHPecosystempartnersago-to-market

platformtogetherwithconsultingandsupportservicesthatwillenablecustomerstorealizethebusiness

valueofSDN.

In2015,HPreleasedHPNetworkVisualizerSDNApplicationandnewversionsoftheHPVANSDN

Controllerincludingversion2.5discussedinthiscourse.

HPcommitmenttoOpenSDN

HPiscommittedtoleadingandcontributingtotheSDNstandardsandstandardbodies,someofwhich

areshowninFigure1-15:

OpenNetworkingFoundation(ONF):

• Foundingmember

• Extensibilityworkgroupchair

• TechnicalAdvisoryGroupmember

OPNFV:

• Platinummember—highestlevel

• Currentchair

OpenDaylight

• Platinummember—highestlevel

• Boardmember

Figure1-15:HPcommitmenttoOpenSDN AlargenumberofHPdevicessupportOpenFlow • Over30millionSDN-enabledports •

Figure1-15:HPcommitmenttoOpenSDN

AlargenumberofHPdevicessupportOpenFlow

• Over30millionSDN-enabledports

• Over50OpenFlow-enableddevices

EuropeanTelecomStandardsInstitute(ETSI)memberdrivingNFVstandard

• 400GlobalSPcustomers

• HPisnumberoneinSPnetworkmediation,availability

OpenStack

• PlatinumOpenStackmember

• HPisaTop5codecommitter

• HPisthenumberonecontributorbyemployee

InCNTRE:

• InCNTREfoundingmember.

• InCNTRE’s SDNInteroperabilityLab atIndiana Universityis a neutral, third-partyfacilitythat encouragesthedevelopmentandadoptionofstandards-basedSDNtechnologiessuchasOpenFlow. InCNTREworksincollaborationwithIndianaUniversity’sGlobalResearchNetworkOperations Center.

Makingiteasyforcustomers

Figure1-16showstheSDNarchitectureandthesolutionsHPisproviding,basedonthatarchitecture.

ThecoreofHP’sSDNstrategyistheVirtualApplicationNetworks(VAN),aframeworkforautomating

networkoperationsusingSDNtechnology.HPVANisdesignedtoprovideservice-centricmanagement

andorchestrationandmakethenetworkmoreagile.

Figure1-16:Makingiteasyforcustomers Infrastructurelayer

Figure1-16:Makingiteasyforcustomers

Infrastructurelayer

Attheinfrastructurelayer,HPhaseasedthemovetoanSDNarchitecturebyprovidingOpenFlow

supportinmorethan50existingswitchmodels.OpenFlow,asmentionedearlier,isoneofthekey

enablersforSDN.TheHPVANSDNControllerusesOpenFlowtoprogramtheinfrastructurecontrol

plane.

BecauseHPisaddingOpenFlowsupporttotheswitchsoftwareofexistingswitches,youdonothaveto

waitasHProllsoutnewhardwareandthenreplacesyourentireexistingnetworkinfrastructure.Ifyour

networkalreadyincludestheseswitches,youcansimplyupgradetheswitchsoftware.BecausetheSDN

Controllerisbuiltonopenstandards,itwillworkwithothervendordevicesthatimplementthe

OpenFlowspecification(OpenvSwitch,forexample).

YoucanalsomigratetoSDNasslowlyorasquicklyasyouwant.HPSDNsolutionssupporthybrid

switchesthatrunhybridmode.ThisallowsyoutomanageyourmigrationtoSDNwithoutdisrupting

existingnetworkoperations.

HPalsohasacoupleofwirelessAPsthatsupportOpenFlow.

HPalsohasacoupleofwirelessAPsthatsupportOpenFlow. Note

Note

PleaserefertotheHPwebsiteforthelatestdevelopmentswithregardstoHP’sacquisitionof

ArubaandArubawirelessOpenFlowandSDNsupport.

HPVirtualServicesRouters(VSR)andHPMulti-ServiceRouters(MSR)alsosupportOpenFlow.There

areover10modelsincludingtheHPMSR2000,3000,and4000seriesrouters.

Controllayer

Atthecontrollayer,HPprovidestheHPVANSDNController,whichisthecentralizedcontrolplatform

forthesoftware-definednetwork.Itinterfaceswiththenetworkinfrastructureusingopen-standard

interfacesandcontrolprotocols,suchasOpenFlow,NetConf,SNMP,andOVSDB.Networkdevicesare

exposedasanabstractedandcentralizedcontrolplanetonetworkapplicationsallowingforeasier

applicationdevelopment.

TheHPVANSDNControlleralsoprovidesaplatformforSDNapplications,whichhavebeenbuiltand

integratedintothecontrollertoprovidenetworkservicessuchasnetworkvirtualization,security,QoS,

trafficengineering,andothers.

TheHPVANSDNControllermediatesbetweentheseapplications(whichcollectinformationandmake

decisions)andtheinfrastructuredevices(whichexecutedecisions).HPprovidesprogrammable

interfacestothecontrolplane(theHPVANSDNController),allowingthird-partydeveloperstocreate

theirownapplicationsforinstallationasinternalapplicationsonthecontroller.Ortheycanintegrate

externalapplicationswiththecontrollerthroughRESTfulAPIs.Inthisway,businessesdeploy

applicationsthatrapidlyadaptthenetworktomeettheneedsofbusinesses.Youwilllearnaboutsomeof

theseapplicationsinthisstudyguideanddiscusshowSDNenhancesexistingsecurity,cloud,andunified

communicationsandcollaboration(UC&C)applications.

Applicationlayer

ApplicationsdevelopedbyHPandbythepartnerecosystemareavailablefromtheHPAppStore.We

willdiscusssomeoftheapplicationsinthenextchapter.

Management

ForSDNmanagement,HPhasaddedamoduletoHPIntelligentManagementCenter(IMC)calledSDN

Manager(SDNM).IMCprovidesconsistentpolicy-basedmanagementofbothOpenFlowandnon-

OpenFlownetworks.

IMCVANSDNManagerwillfeaturefull-fault,configuration,accounting,performance,andsecurity

managementforHP-enabledSDNdomains.

• Enabledeployment,monitoring,andmanagementofHPOpenFlow-enabledswitches

• VisualizetrafficflowandperformancemonitoringinHPSDNdomains

• BackupandrestoreconfigurationsandsoftwareofHPSDNcontrollers

• ProvidegraphicalOpenFlowtroubleshootingwithpathanalysis

TakingadvantageoftheIMCplatformfeatures,IMCSDNManagerleveragestheflowmonitoring,

topologymapping,andtroubleshootingfeaturestoprovidefullSDNmanagementcapabilitiesinthesame

interfaceasthewired,wireless,physical,andvirtualnetwork.Youwillbeabletomanagebothtypes—

SDNaswellastraditionalinterfaces—fromthesameconsole,whichlendstotheoperationalefficiencies

requiredfornetworkadministration.

SDNcustomersolution

Tohelpyoupracticeusingtheskillsandknowledgeyougainthroughthisstudyguide,youwillconsider anexamplescenarioinwhichyouwillassumetheroleofacompany’sITmanager.Interwoven throughoutthisstudyguide,thescenariowillbeusedtohelpyouunderstandhowtoimplementanSDN

solutionforaparticularcompany.AsFigure1-17shows,thescenarioisdesignedtohelpyoupreparefor

apresentationforthefictitiouscompanydescribedthroughoutthisstudyguide.

Scenario

Yourmanager(whohasaserverandstoragebackground)hasaskedyoutohelpprepareapresentation

aboutSDNtechnologiesforyourcompany’sleadership.CompanyleadershaveheardalotaboutSDN

onlineandinthepressandarelookingforguidanceonthedeploymentofSDNinthecompany’snetwork.

Figure1-17:Thescenarioforyourpresentation

Figure1-17:Thescenarioforyourpresentation

Youwillcollectthedatayouwillneedtocreatethispresentationasyougothroughthisstudyguide;the

endgoalistoacquiretheknowledgeandskillsyouwouldneedtocreatesuchapresentation.The

presentationitselfisbeyondthisstudyguide’sscope.Yourpresentationshoulddiscussthefollowing:

• SDN,OpenFlow,NFV,andotherrelatedterminology

• ExplainhowSDNandrelatedtechnologiesimpactandenhancenetworks.

• DeterminethemigrationpathfromtraditionalnetworkstoSDNbasednetworks.

• ExplainthetechnicaldetailsofhowswitchesareconfiguredtoworkwithSDNcontrollers.

• Providebothhigh-levelandin-depthtechnicalpresentations.

Inaddition,thecompanyleaderswouldliketoseeademonstrationofSDNtechnologiestohelpexplain

bothbusinessobjectivesandtechnicalsetup.YourpresentationshoulddemonstratepotentialSDNuse

casesandworkingSDNapplications.

Yourpresentationshouldbeaimedatanontechnicalaudiencethatincludesthemanagementteam.

Yourpresentationshouldalsoexplaintechnicaldetails,includingthesolution’seffectonthecurrent

network.Thetechnicalteamincludesnetwork,compute,andstoragestaffskilleduptothenetworking

MasterAccreditedSolutionsExpert(MASE)level.

Inaddition,thecompany’sCTOhasreadonlinethathemayabletoleverageyourcompany’sin-house

JavaandPythondevelopmentskillstodevelopandsellpotentialSDNapplications.Preparepartofyour

presentationtoexplainnetworkingandSDNtechnologiestothedevelopmentteam.

Thedevelopmentteamwouldlikeavirtualizednetworkenvironmentsothatitcandevelopapplications

inawaythatissimilartothewayitisusingvirtualizedmachinesforitsLinuxwebserverdevelopment

projects.

WeencourageyoutodownloadatrialcopyofHPVANSDNControllerandMininet,anetworkemulator thatallowsyoutocreatesmallorlargeOpenFlow-enablednetworksonyourlaptop.Youcanusethese resourcestofollowtheinstructionsonavirtualnetwork.Wehaveincludedinstructionsforsettingupa

testnetworkinAppendix1—TestNetworkSetup.

SDNexamplescenario:Understandtheissuescompaniesface

Thissectionpresentsaseriesofquestionsandpossibleanswersintendedtohelpyouunderstandthe

typesofchallengescompaniesfaceandthetypesofquestionstheyhaveaboutthesechallenges.Italso

helpsyoupracticediscussingthechallenges.

Yourmanager’squestion

Thedoortothedemonstrationroomopensandyourmanagerwalksintotheroom.

Heseesthatyouhaveyourcomputerconnectedtotheconsoleofaswitchinthedemonstrationroomand

aswitchcommandpromptdisplayedinyourterminalemulationprogram.

Heasks:“Whyareroutersandswitchesoftenstillconfiguredindividuallyusingthecommandline

interface(CLI)inaterminalemulationprogram?Itseemslikeverylittlehaschangedinthelast10to15

years?

“IrememberthedayswhenIwasgoodatdiskoperatingsystem(DOS).Icouldtypereallyquicklyinthe

DOScommandpromptandIhadtorememberalargenumberofcommandsinthosedays.Itseemstome

likenetworkingisstillstuckintheDOSdayswhileservershavemovedontousinggraphicaluser

interfacesandmultipleautomationtools.”

Howwouldyourespondtoyourmanager?

Possibleresponse

SomenetworkengineerstrustindividualCLIdeviceconfigurations.Thishasworkedwellinthepast—

whychangesomethingthatworks?

Yourmanager’squestion

Yourmanagerwantstoknowmoreandasksyou:“Whatarethereasonsfornetworkengineersstill

configuringdevicesindividuallyviatheCLIratherthanusinganorchestrationtoollikeintheserver

world?IsthereareasonwhyaconsolecableorTelnet/SSHisusedratherthanprogrammatically

configuringdevicesusingorchestrationtools?Intheserverworld,weusetoolslikeHPCloudSystem

whenconfiguringmanyservers.”

Howwouldyourespondtoyourmanager?

Possibleresponse

SomenetworkengineerspreferusingtheCLIratherthanscriptsornetworkmanagementapplications.

TheCLIprovidesveryfine-grainedcontrolofindividualdeviceconfigurations.

Othernetworkengineersmayalsopreferthepowerandcontroltheyhaveovertheconfigurationof

networkdevicesusingalocalCLI.Thisisalsohistoricallythewaynetworkengineershavebeentaught

innetworkingclasses—connecttotheconsoleorthetelnet/SSHtoadevice.Navigatetotherightcontext

ormodeandentercommandstoconfigureoptionssuchasACLs,qualityofservice(QoS)policies,

routingprotocols,andsoon.

OneoftheissuesoftenraisedinSDNdiscussionsisthatindividual,manualdeviceconfigurationisnot

scalableorcosteffective,andinaddition,ispronetohumanerror.UsecasesofSDNandOpenFlow

includenetworkscaling,costreduction,andenhancedfunctionality.

Note

Note

IMCisanHPenterprisemanagementsolutionthatsupportsbothtraditionalnetworksandSDN-

enablednetworks.WithHPsolutions,OpenFlowandSDNcanbeimplementedgraduallywitha

traditionalnetwork.Hybridmodewasdiscussedbrieflyinthisstudyguide,andwillbediscussed

againinmoredetaillater.

Yourmanager’squestion

Yourmanagerasks:“Howlongdoesittakeforachangetobemadeonacoreswitchorrouter?,Whatis

thelongesttimeyouhavehadtowaitforaconfigurationchangetobemade?”

Hethengrumblestohimself:“WhenIaskforanetworkchangebecausewehaveaddedextravirtual

machinesandservers,itjustseemstotakesolongtogetthingsdone—likeprovisioningVLANs.”

Then,lookingbackatyouandlookingverypuzzled,hesays:“Itseemsstrangetomethatconfiguration

changescantakedaysorweekstobeauthorized,butyouallowprogrammatic,automated,dynamic

changestoroutingtablesviaroutingprotocols.Andinaddition,youallowaswitchthatyoucalltheroot

bridgetodynamicallyshutportsdowninthenetworkwhenyouusespanningtree!”

“Therootbridgedoesn’tshuttheportsdown”:youreply,correctinghim.“Portsstoptransmittingor

receivingtrafficbasedoncoststotherootbridge.Thelocalswitchblocksitsownportsbasedona

spanningtreecalculation.”

Yourmanagerreplies:“Well,it’sallthesametome.Youblockportsdynamicallythen.”

Hethengoesontotellyouthestoryofthetimeinhispreviouscompanywhereanetworkengineeradded

aswitchtothenetworkanditbroughttheentirenetworktoahalt,somethingaboutallVLANsbeing

dynamicallyremovedbecausethisswitchhadalowerrevisionnumberofsomesort.

Hethensaysthefollowinginonelastburstoffrustration:“Ijustwishtheserverteamcoulddynamically

updatethingsonthenetworklikeQoSforLynccallsorsecurityformobiledevices.Andjustbyusinga

graphicaluserinterfaceratherthanhavingtoaskthenetworkteamtomakemanualchangestoswitch

accesslistsandthelike.

“Andinaddition,Iwishwecouldjustcreateavirtualnetworkandnotinvolvethenetworkteamatall.I

heardHPhassomethinglikethat.Imustaskthemaboutit.What’sthelongestyouhavehadtowaittogeta

configurationchangeapproved?”

Howwouldyourespondtoyourmanager?

Possibleresponse

Networkconfigurationchangesmaytakealongtimetobeauthorized.Thismaytakedaysorweeks dependingonthechangecontrolprocess,numberofpeopleinvolved,riskassessment,andotherfactors.

Itispossiblethatachangerequestcouldbepassedbackandforthover100timesbeforeagreementand

implementation.

WhenyouconfigureOSPFandSpanningTreeProtocol(STP),theywilldetermineroutingoftrafficbased

onpreconfiguredvaluessuchasbandwidth,positionoftherootswitch,andotherfactorssuchascurrent

stateofdifferentnetworkdevicesinthetopology.

Anetworkengineermay“trust”OSPForSTPtomakedynamicchangesaftertheyhavebeenconfigured.

Somenetworkengineersmayanswerthattheseprotocolshavematuredoveralongperiodoftimeandare

thereforereliable.

However,mostengineershavestoriestotellofnetworkissuescausedbySpanningTreeorother

protocols.Theseareoftencausedbytheunpredictabilityofthedecisionsmadebyvariousprotocols.STP

andOSPF,forexample,willautomaticallydeterminenewpathsorroutesbasedontheirlocal

calculationsofwhattheyperceivethenetworktolooklike.Thesecalculationsveryoftendonothavea

fullandcompleteviewoftheentirenetwork.

Areyoureallysureyouknowwhatwillhappentotrafficineverysituation?

Yourmanager’squestion

Yourmanagerhascalmeddownabitandwantstoknowevenmore.

Hesays:“WhenIinstallanapplicationlikeMicrosoftWordorabusinessapplicationofsometypeona

Windowsmachine,Icanmovethatapplicationtoanothermachinewithoutanyconcernsaboutthe

underlyinghardware."

“Icanforexamplebuyanx86HPservertoreplaceaserverfromanothervendorandsimplyinstall

MicrosoftWindowsorLinuxonthatserver.Idon’thavetheissuetodaylikeIdidmanyyearsagowhere

theapplications,operatingsystem,andhardwarewerepartofaproprietarypackage,whichmadeit

difficulttosourcehardwarefromdifferentvendors.”

HethencontinuestalkingaboutthegoodolddaysofproprietaryUNIXsystemsandserversthattookup

entirebuildings.

Butatthispoint,yourmindstartsdriftingtowhatyouaregoingtodothisweekend,whichseemsmuch

moreinterestingthanhisoldwarstories.

Fortunately,youstartlisteningagainjustasheasksthequestion:“Donetworkdeviceslikeroutersand

switcheshaveanabstractionlayerlikethis,onethathidestheunderlyinghardwarefromapplications,

allowingapplicationstodictatewheretrafficisforwarded?”

Howwouldyourespondtoyourmanager?

Possibleresponse

TraditionalnetworkdevicesdonothaveanabstractionlayerthatprovidesanopenAPIforchangingthe

forwardingoftraffic.ThisisoftenseenasoneofthereasonstoimplementanSDNcontroller-based

solution.Thecontrollerprovidesanabstractionlayertotheunderlyingnetworkdevices,allowingfor

quickerandeasierapplicationdevelopmentanddeployment.

OpenFlowistheprotocolusedbytheSDNcontrollertoprogramtheflowtablesofdevicestochange

forwardingbehavior.

Someoftheadvantagesofusingacontrollerastheabstractionlayerincludethefollowing:

• The controller provides high-level APIs, making it easier for application developers to write applicationsquickly.

• Applicationdevelopersareabletoprogrammultipledevicesfromdifferentvendorsusingthesame high-levelAPIwithoutconcernabouttheunderlyinghardware—itmaybeanOpenvSwitchvirtual switch,anHPProVisionswitch,anHPComwarerouter,anHPVSR,orevenawirelessaccesspoint, buttheyareprogrammedinthesameoraverysimilarway.

• Multiple differences betweenOpenFlow versions are hidden(1.0 versus 1.3, for example). An application developer does not need to be concerned about the low-level OpenFlow version differences(packetformat,meaningofbitsonthewire,andsoforth).

• ASIC and other hardware differences canbe abstracted bythe SDN controller. Anapplication developercansimplystatethataflowbeaddedtoaswitchwithoutconcernabouttablesavailable.

Note

Note

PleasenotethattherearesomedifferencesbetweenASICimplementationsthatadevelopermay

needtobeawareof,butalargeamountofcomplexityhasbeenabstracted.Insomecases,the

developercansimplyignoretheselectionofhardwaretablesandleaveittothecontrollerto

decidetheoptimumplacetostoreflowentries.

Yourmanager’sphoneringsandhehastoleavetheroom.Hesayshewillbebacklatertocontinuethe

conversation.

Youbreatheasighofreliefasthisgivesyousometimetocontinueconfiguringyournetworkdevices.

Yourmanager’squestion

Yourmanageralsoasks:“Ihavebeenonlineresearchingforourcompanypresentation.IsOpenShortest

PathFirstProtocol(OSPF)anopenstandard?”

Howwouldyourespondtoyourmanager?

Possibleanswer

Yes,OSPFisanopenstandardprotocol.SeeRFC2328(IPv4)andRFC5340(IPv6)ifyouare

interestedinmoredetail.

Yourmanager’squestion

Yourmanagerasks:“HowdoesOSPFcalculateroutes?”

Howwouldyourespondtoyourmanager?

Possibleanswer

OSPFcalculatesroutesbasedoninterfacebandwidth.Ahigh-speedlinkisdeemedtobebetterthana

low-speedlink.

Note SomedevicesassignafixedcostperVLANandwillnottakethespeedofthelinkintoaccount.

Note

SomedevicesassignafixedcostperVLANandwillnottakethespeedofthelinkintoaccount.

Thiswill,therefore,affecttheOSPFpathcalculation.

Yourmanager’squestion

Yourmanagerlooksperplexedandshowsyouanetworkdiagram(seeFigure1-18).Hethenasks:“Does

thatmeanthatOSPFcannottakefactorslikecustomertraffictypesortimeofdayintoaccount,ortheload

oflinks?HowwillOSPFroutetrafficfromRouter1toRouter7andRouter8inthefollowingfigure?”

Figure1-18:Classicalfishroutingproblem

Figure1-18:Classicalfishroutingproblem

Howwouldyourespondtoyourmanager?

Possibleanswer

AsFigure1-19shows,OSPFwillroutetrafficonthepathR1-R2-R3-R6-R7orR1-R2-R3-R6-R8.OSPF

cannotmakeroutingdecisionsbasedontimeofday,load,orcustomertraffictypes.

Figure1-19:OSPFrouting Yourmanager’squestion

Figure1-19:OSPFrouting

Yourmanager’squestion

Lookingmoreperplexed,heasksmultiplequestions:“Thatmeansthatnotrafficistakingthelowerlinkin

thediagramwhensentfromR1toR7orR8,right?Doesthatnotmeanthatyouarewastingpotential

bandwidthinyournetwork?IsitpossibleusingothermethodstosendtrafficalongpathR1-R2-R4-R5-

R6-R7andR1-R2-R4-R5-R6-R8atthesametime?Andhowwouldyoudoit?Andisitascalable

solutionforalargenetwork?Andisiteasytoimplement?”

Howwouldyourespondtoyourmanager?

Possibleanswer

OSPFdoesnotsupporttrafficengineeringbasedonanythingapartfrombandwidth.Youcouldusepolicy-

basedroutingorMultipleProtocolLabelSwitching(MPLS)todirecttrafficbasedonothercriteria.

However,policy-basedroutingisaverystaticimplementationandisnotscalable.Trafficthroughputis

alsooftenveryslowwhenpolicy-basedroutingisused.

MPLStrafficengineering(MPLS-TE)iscomplexandisnotsupportedonallswitchmodels(forexample, ProVisionswitches).MPLS-TEcansupportforwardingoftrafficacrossboththeupperandlowerlinks

inFigure1-18,butitisnotsuitableforalotofenterprisenetworksduetoitscomplexityanddevice

requirements.

Yourmanager’squestion

Yourmanagerthenasks:“IsitpossibletouseanAPIontherouterstocreateourownroutingprotocol,or

sendtrafficviaadifferentpath?Arerouters’andswitches’softwareopensource?”

“Howwouldyourespondtoyourmanager?”

Possibleanswer

Vendorequipmentandoperatingsystemsaremostlyproprietary.Inthepast,therehasnotbeenanopen

APIonnetworkdevicesforcreatingnewroutingprotocols.

OneofthevisionsoftheoriginalworkonSDNandOpenFlowatStanfordUniversityandsubsequently

withintheONFwastocreateanopenAPIonvendorequipment.ThisopenstandardAPIwouldallow customerstoprogramtheirnetworkdevicesviaacentralizedcontroller.OpenFlowistheprotocolfor programmingnetworkingdevicesthatsupporttheOpenFlowAPI.Thiswouldallowaprogrammerto

directtheflowoftrafficonmultiplevendordevicesincludingtheexampletopologyinFigure1-18.

Yourmanager’squestion

Yourmanagerthensays:“IrecentlywatchedaYouTubevideopresentedbyUrsHoelszlefromGoogle

(seniorvicepresidentoftechnicalinfrastructure).Googleisgettingcloseto100%networkutilizationin

itsnetwork,whichisamazing.

“UrsexplainedGooglehasusedOpenFlowinitscorenetworksincearound2010.Hesaidthatthey

foundthatnetworkingcostsdonotgodownwhendevicesscale.Hestatesthatrunningadatacenterat

scalehasamassivesavingscomparedtosmallimplementations.

“Urssaid,however,thatthatnetworkingcostsstaylinear,orincrease,unlikeserversandstorage,where

theper-devicecostgoesdownasyouscale.Itishardtosavemoneyevenwhenyouhavealarge

implementationandmanydevicesnetworking.Whyisthat?”yourmanagerasksyou.

Ifyouwantto,watchthevideoyourmangerisreferringtoonYouTube.(Viewfrom3:30toaround7:00

ofthevideo.)

Note OpenFlow@Google OpenFlow@Google

Note Inthenextchapter,youwillrevisittheGoogleOpenFlowusecaseinmoredetail.Googleshared Inthenextchapter,youwillrevisittheGoogleOpenFlowusecaseinmoredetail.Googleshared

moredetailsofitsimplementationandexperienceina2015presentation.

Howwouldyourespondtoyourmanager?

Possibleanswer

Reasonsmentionedinthediscussionwithyourmanagershouldincludethefollowing:

1.Manageabilityissues—manyroutersneedtobesetupandconfiguredbyhand.Thisresultsinalinear

growthofcostwiththenumberofdevices.

2.Thecostofdevicesincreases—theytendtobemoreexpensiveperunitasyouscaleup.Youneedto

buyexpensiveCPUstomanagelargenetworkroutingtables.

3. Youcannot manage 10,000 routingdevices inthe same wayyoucanmanage 10,000 compute

resources.Youdonotmanage10,000virtualmachinesindividually,butyoumanagethemasapool.

Thisallowsforautomationoftasks.Thedifferencebetweenmanaging5000devicesversus10,000

computedevicesisverysimilar.Thisishowevernottrueofnetworkingdevices.Networkdevices

arestillmanuallyconfiguredinalotofcases.

ThisstudyguidewillprovideinstructionsforconfiguringthenetworkasshowninFigure1-7.Thiswill

helpdemonstratetheintegrationbetweentheOpenFlow-enableddevicesandnon-OpenFlow-enabled

devices.

Yourmanager’squestion

Yourmanagertellsyou:“Iwassoworriedthatduringourpresentationmanagementwouldaskabout

OpenFlowandSDNsecurity,butIjustfoundsomethingamazing.”

“Yes?”yousay,notquitesurewhattoexpect.

“Canyoubelieveit?TheNSAusesOpenFlowandSDNandistalkingaboutitpublicly.Ifoundavideo

onYouTube!TheNSAisopenlytalkingaboutitsnetwork!”hecontinuesexcitedly.

“Icanhardlybelieveit!”

“Icanhardlybelieveit!” Note

Note

TheNSAistheUSANationalSecurityAgency,anintelligenceorganizationoftheUSgovernment,

responsibleforglobalmonitoring,collection,andprocessingofinformationanddataforforeign

intelligenceandcounterintelligencepurposes.Website:https://www.nsa.gov

Hecontinues:“BryanLarishisthetechnicaldirectorofEnterpriseConnectivityandSpecializedIT

ServicesattheNSAandhegaveatalkaboutit.

“Hewastoldbyhisboss(whenhetookhisjob),thatNSAneededabigger,fasternetwork—tomorrow.

Buthewasalsotoldthathisbudgetwasbeingslashed,hismanpowerwasbeingslashed.Hewastoldto

goandfigureitout.That’showhestartedhisjobattheNSA.

“BryansaidthattheNSAhasthesameITchallengesasotherlargeorganizationsandtheythereforetalk

tootherorganizationsaboutsolutions.HesaidthereasonothersarelookingatandimplementingSDNare

budget,manpower,andnewcapabilities.ThesearethesamechallengeshefacesattheNSA.

“AndheasadirectorattheNSAhasadditionalchallenges—lotsofbureaucracyandaculturenotopento

change.”

Then,smilingbroadly,yourmanagersays:“BryansaidthatattheNSA,theyhavedecidedthat

centralizationviaOpenFlowiskey.

“Thereasonforthisiscontrol.Theyrequirepredictabilityandefficiencytomakethenetworksecure,and

tosupportmissioncriticalworkloadsthatrunoverthenetwork.

“Theyare‘allin’onOpenFlowasitseemedtothemthatOpenFlowwithcentralizedcontrolistheonly

viablewaytotechnicallyimplementtheirrequirements.Thisisthepaththeyarepursuing.

“Keysforthemaresimplicityandcentralizedcontrol,whichallowstheagencytoberuthlessin

simplifyingthenetwork.Thisalsoallowsittoaddnewcapabilities—especiallyintheareaofnetwork

security.

“Inasecurenetwork,youshouldknowwhereeverythingis.NSAisnowabletoimplementpolicies

whereitknowsexactlywheredeviceslikeDHCPserversareinthenetworkanddictatewheretraffic

goestogettotheservers.Thereisnodynamiclearning—thenetworkisverypredictableand

deterministic.Thuswhensomethingbreaks,itisveryeasytofindoutwhatbrokeandwhy.

“TheNSAisdeployingOpenFlowinitsdatacenters,campuses,andbranchoffices.”

Ifyouwantto,watchthevideoyourmangerisreferringtoonYouTube.(Viewfrom12:50toaround

25:30ofthevideo.)

Note25:30ofthevideo.) SDNinEnterprises:

Yourmanagerlooksathiswatchandsays:“Ihavetogo.It’salmosttimeformyroundofgolfthis

afternoonandIdon’twanttobelate.Thesunisshininganditisalovelyday.Youfinishconfiguringand

workingonourpresentation.Iexpectyoutoworklate,becausethispresentationisreallyimportant.”

Wecannotwriteherewhatyouarethinkingatthispoint,exceptthattheroomisdarkandcoldandyouare

hungry.

PerhapsthisSDNthingwillmeanshorterdays,butforwhom?

Summary

Inthischapter,youlearnedhowSDNhelpsenhanceandimprovenetworks.Youlearnedtheneeds

drivingSDNandreviewedsomeinitialusecasesofOpenFlowandSDN.

YoulearnedsomeofthefundamentalsofSDNandOpenFlowandlearnedhowSDNabstractsthe

networkinfrastructure,allowingsoftwaredeveloperstoprogrammaticallyimplementbusinesspolicies.

YoualsoreviewedsomedifferingviewpointsofwhatSDNisandthenlearnedsomeoftheadvantagesof

anopenstandardsbased,multivendorOpenFlow-enabledSDN.

For additional information, view the following video: Software-defined networking (Ananopenstandardsbased,multivendorOpenFlow-enabledSDN. introduction) http://bit.ly/1MwN0sr Learningcheck

introduction)http://bit.ly/1MwN0sr

Learningcheck

TakeamomenttothinkaboutwhatyouhavelearnedaboutSDNandOpenFlow.Answereachofthe

followingquestions.

1.WhichcompanyincreasedbandwidthutilizationdramaticallyusingOpenFlow?

2.IsitpossibletorunatraditionalnetworkandOpenFlow-enablednetworkatthesametime?

3.DoHPnetworkdevicesbecome“dumb”deviceswithnocontrolplanewhenrunningOpenFlow?

4.WhichUSAgovernmentorganizationusesOpenFlowandanSDNcontrollertobettersecureits

enterprisenetwork?

5.DoHPandVMwarehaveafederatedSDNsolution?

Learningcheckanswers

1.Google

2.Yes,HPswitchesarehybridOpenFlowswitches,whichsupportbothanOpenFlowpipelineaswell

asatraditionalpipeline.

3.No.Ifhybridmodeisenabled(thedefaultsetting),thecontrollerdelegatesnormalpacketforwarding

tothecontrolledswitches,butoverridestheseswitchesfornonstandardpacket-forwardingdecisions

requiredbyinstalledapplicationsforspecificpackettypes.Inthismode,thecontrollerreliesonthe

controlledswitchestoresolveloopsanddetermineforwardingpathsbyusingtraditionalnetworking

mechanisms(suchasSTPandOSPF).

4.NSA

5.Yes,HPandVMwarehaveafederatedSDNsolutionforboththevirtualoverlaynetworkandthe

underlaynetwork.

Chapter2

SDNCaseStudies

EXAMOBJECTIVES

Inthischapter,youlearnto:

• CompareSoftware-definedNetworking(SDN)campus,datacenter,andcloudsolutions

• DescribetheHPSDNAppStore

• DescribetheOpenDaylight(ODL)SDNcontroller

• ExplainthefeaturesofHPSDNcampusapplications:

• HPNetworkProtectorSDNApplication

• HPNetworkOptimizerSDNApplication

• HPVisualizerSDNApplication

• DescribedatacenterandcloudSDNsolutions

• HPVirtualApplicationNetworks(VAN)SDNControllerandVMwareNSXfederation

• HPVCN

• HPDCN

• HPVCN • HPDCN Note This chapter only introduces various HP SDN

Note This chapter only introduces various HP SDN applications and technologies and is not a comprehensiveguideoratechnicaldocument.

Someoftheapplications,suchasNetworkProtectorandNetworkVisualizer,arediscussedin

muchgreaterdetaillaterinthiscourse,whilethedetailsofotherscanbefoundontheHPwebsite.

Agoodplacetostartformoreinformationishttp://www.hp.com/sdn.

Introduction

TheinitialreleaseoftheHPVANSDNControllerwasinNovember2013,andmultipleSDN

applicationswerereleasedinthespringof2014.Sincethattime,theadoptionofHPNetworking(HPN),

theHPVANSDNController,andHPSDNApplicationsolutionshasresultedinseveralpublicly

availablecustomercasestudies,whichillustratereal-lifeuser,ITmanagement,andbusiness-case

justificationbenefits.

Inthischapter,wewillintroducevariousHPSDNapplicationsforthecampus,datacenter,andcloud.

YouwilllearnabouttheHPSDNAppStoreandvariousapplicationsavailableviatheAppStore.

HPSDNAppStore

CampusSDN

Inthefirstpartofthischapter,wewilldiscusscampusSDNapplicationsandsolutions.Inthelaterpart,

wewilldiscussdatacenterSDNsolutions.

Background

TheHPSDNAppStoreprovidesHP’secosystempartnersago-to-marketplatformtogetherwith

consultingandsupportservicesthatwillenablecustomerstobenefitfromthebusinessvalueofSDN.

Figure2-1:HPSDNAppStore Figure2-1

Figure2-1:HPSDNAppStore

Figure2-1displaysahandfulofthe120vendorswhoarecreatingtheproductsthatsupportOpen

NetworkingFoundation(ONF)software-definednetworking(SDN).IDCpredictsthatthemarketfor

SDNnetworkapplicationswillreach$1.1billionby2017,increasingnetworkapplicationvendors’need

forascalable,openmarketplacetomonetizetheirinnovations.Asthefirstenterprise-gradeSDN

applicationecosystemonthemarket,theHPSDNAppStoreredefinesthenetworkingbusinessmodel,

offeringthedevelopercommunityacentralizedplatformforconnectingtocustomersaroundtheworld.

Customerscannoweasilydiscover,learn,andpurchasespecificnetworkapplicationsanddownload

themtotheirenvironmentsfortestingandlivedeployment.

HPSDNAppStore

HPhostsanappstoreforthedeliveryofSDNapplications.ApplicationsfromHPAllianceONEpartners

andthecommunityatlargearemadeavailableintheHPSDNAppStore.Allappscanbepurchasedwith

acreditcard,andselectedHPandHPPartnerappscanbepurchasedthroughthetraditionalchannels

withdeliverythroughtheHPSDNAppStore.

Softwaredevelopmentkit(SDK)

HPhasmadeaSDKavailablewiththeHPVANSDNController.TheSDKgivesdevelopersallthetools

necessarytobuildSDNapplicationsfortheHPcontroller.ItincludesdocumentationforboththeJava

andtheRESTAPIsaswellasallofthejarfilesnecessaryduringcompilation.Sampleapplicationsare

alsoincluded.

AremotelabisalsoavailabletoAllianceONEpartnersfortestingSDNapplicationswithrealhardware.

HPalsohostsandmonitorsadeveloperforumwheredeveloperscancollaboratetogetanswersto

questions.Formoreinformationandhelpwithdevelopinganewapplication,pleasegoto

sdndevcenter.hp.com.

HPSDNecosystem

AsFigure2-2illustrates,HPisbuildinganentireSDNecosystem,whichatpresentincludesthe

following:

• Over30millionSDN-readyportsinproduction,providingcustomersarapidpathtothenewstyleof

businesswhileprovidingdevelopersalargemarket

• Over5000downloadsoftheHPVANSDNcontroller

• Over100APIs—andnotonlytheAPIs,butafulldevelopercommunity,support,services,andasales

model

• Over5000manhoursincertificationofSDNapps

• Fivedevelopereventsgloballyprovidingsupporttoourgrowingcommunity

• Atotalof5000downloadsoftheHPdeveloperkit

• Over30ecosystempartners

• Over30ecosystempartners Figure2-2:HPSDNecosystem AppStorecircles

Figure2-2:HPSDNecosystem

AppStorecircles

TheHPSDNAppStoreoffersindependentsoftwarevendorsaneasywaytobringcreativesolutionsto

market,enablingITmanagerswhoembracetheSDNarchitecturetosolvetheiruniquenetwork

challengesthroughthesevendors’applications.

Figure2-3:AppStorecircles TohelpcustomerseasilynavigatetheHPSDNAppStore,HPoffersthreecategoriesofapplications,

Figure2-3:AppStorecircles

TohelpcustomerseasilynavigatetheHPSDNAppStore,HPoffersthreecategoriesofapplications,

whicharedefinedbytheirsupportandtestprocesses.Figure2-3providesascreencapturethat

illustratesthefollowingHPAppStorecircles:

• TheHPCircle,withapplicationsbuiltandtestedexclusivelybyHP

• ThePartnerCircle,encompassingapplicationsthathavebeenself-testedbyHPpartnersandreviewed

byHP

• TheCommunityCircle,offeringopen-accessandcommunity-supportedapplicationstodemonstrate opensourceandconceptSDNapplications

OpenDaylight(ODL)

HPannouncedtheavailabilityofODLintheHPAppStoreinJuly2015.(SeeFigure2-4forascreen

capturethatillustratesODLavailability.)

Figure2-4:OpenDaylight(ODL) Questionsandanswers HerearesomefrequentlyaskedquestionsaboutODL: Q:Whatisbeingannounced?

Figure2-4:OpenDaylight(ODL)

Questionsandanswers

HerearesomefrequentlyaskedquestionsaboutODL:

Q:Whatisbeingannounced?

A:Tocontinuewithourleadership,wearereleasinganexperimentalversionoftheODLcontroller

(basedonLithium)ontheHPSDNAppStore.HP’sSDNAppStorewillnowhostapplicationsthatrun

onboththeHPVANSDNControllerandtheODLcontroller.

Q:HowlonghasHPbeeninvolvedwithopensourceandopenstandardsinSDN?

A:HPhasbeenaleaderindrivingSDNinnovation.Datingbackto2007,HPNstartedworkingwith

StanfordtodeliverEthane—theprecursortoOpenFlow—anddeliveredtheindustry’sfirstOpenFlow

demosoftwareforitsswitchesin2008.In2013,HPannouncedthefirstSDNOpenEcosystem,which

includedHPVANSDNController,givingdevelopersallthetoolstoinnovateaswellastheindustry’s

firstenterprise-gradeSDNappstoreasamarketplaceforcustomersanddevelopersofSDN.

Q:WhatistheODLproject?

A:TheODLprojectisacollaborativeopensourceprojectthataimstoaccelerateadoptionofSDNand

createasolidfoundationfornetworkfunctionsvirtualization(NFV)foramoretransparentapproachthat

fosterscommunityinnovationandreducesrisk.

Q:WhathasHP’sparticipationinODLbeentodate?

A:HPisafoundingmemberofODL.Ithasbeenasilvermembersincetheproject’sinceptionandwas instrumentalinitsfounding,legalandorganizationalsetup,andinthecreationofitstechnicalgovernance

model.HPraiseditslevelofsupporttobecomeaplatinummemberinMay2014andisinvesting

substantialdevelopmentandtestresourcesinthecoreplatform.

Recently,HPalsoacquiredConteXtream,whichhasbeendevelopingsolutionsbasedonODLandalso

contributingbacktothecommunitysincethefirstODLrelease.TheConteXtreamsolutionisnotcurrently

availableontheHPSDNAppStoreandisseparateanddistinctfromtheexperimentalversionthatis

posted.

Q:Whatdoesthisannouncementmeanforcustomers?

A:WiththeexpandedecosystemthatincludesODLdevelopers,customersnowhavetheopportunityto

discoverandexploremoreSDNinnovationsatHPSDNAppStore.Theycanseeanewcategoryatthe

HPSDNAppStorehostingthecommunityversionofODLcontrollerandtheSDNAppsbasedonODL.

Q:WhatisHP’spositiononopensourcewithrespecttonetworking?

A:ThenetworkingmarketisrapidlyevolvingandHPhasbeenattheforefrontofthechangetoward

increasingopenness,standardization,andinteroperability.HPhasaprovenabilitytodrive,adopt,

productize,andplugintoopensource,asevidencedbyitsleadershipinLinux,OpenStack,andvarious

otheropensourceprojects.HPbelievesopensourcespeedsupinnovationandprovidescustomerswith

flexibilityinsolutionsandvendors.

Q:WhatisHP’sSDNstrategy?

A:HPSDNprovidesanend-to-endsolutiontosolvecompellingcustomerproblems.HP’soverallSDN

solutionstrategyistoenablethenetworktodeliverbusinessobjectivesfordatacenter,campus,and

branch,aswellasforcommunicationsserviceprovidercustomerswhorequireincreasednetworkagility

andautomationinadditiontoenhancedsecurity,optimization,visibility,andorchestrationontheir

existingnetworkinfrastructures—allwithoutsinglevendorlock-in.HP’ssolutionarchitecturesallowfor

inclusionofvariousSDNcontrollersdependingonourcustomers’needs.

ExpandingtheinnovationswithSDN,HPSDNOpenEcosystemwascreatedtodelivertheresourcesto

developandcreateamarketplaceforSDNapplications.ThisecosystemisnowexpandingtoaddODL.

Q:WillboththeHPVANSDNControllerandODLControllerbeavailableintheHPSDNApp

Store?

A:OurcustomersandecosystempartnerscannowaccessbothODLControllerandtheHPVANSDN

ControllerontheHPSDNAppStore.AddingtheODLcontrollerallowsdeveloperstoexperimentwith

thisplatformanddeliverconceptapplicationstocustomers.

TheODLControlleristheopensourcecommunityversion;hence,theODLControllerandtheODL Controller-basedapplicationsarenotvalidatedandsupportedbyHP.TheHPVANSDNControllerwas

commercialized18monthsagoandisinproductionuseatanumberofenterprisecustomers’sites

worldwide.HPwillcontinuetoenrichtheHPVANSDNControllerwithnewcapabilitiestomakeitthe

industry’sleadingplatformforSDNapplicationdevelopmentandproductiondeployment.Aspartofour

ODLcontribution,wewillbringthebestofVANSDNControllerinnovations,interfaces,practices,and

supportfromHPtothelargerSDNcommunity.

Q:WhatwillbeHP’skeycontributionareastotheHPcontrollerbasedonODL?

HPiscontributingtoanumberofprojects,includingAmigaAdvancedArchitecture(AAA),device

drivers,OpenFlow,andhybridmode,andclusteringforhighavailability(HA).Itisalsocontributingto

multiapplicationsupport,includingtheNetworkIntentComposition(NIC)API,persistence,service

functionchaining,OpenStackintegration,andfederationofcontrollers.Inaddition,HPisinvolvedin

establishingacontinuousintegration(CI)testframeworkandperformanceprofilingoftheODL

controller.

Q:WhatistherelationshipbetweenODLandOpenStack?

A:ODLinterfaceswithOpenStackusingtheNeutronnetworkingframework.Astrongandgrowing

overlapofcompaniesandindividualcontributorsareworkingonbothOpenStackNeutronandODL.In

addition,ODL,byvirtueofbeingaliberallylicensedopensourceproject,ispoisedtobecomethede

factoSDNcontrollerforOpenStacktestanddeploymentenvironments,andseveralcompaniesare

productizingfull-stacksolutionsforOpenStackthatincludeanSDNcontrollerpoweredbyODL.

Q:IamacustomerwhohasSDNapplicationsrunninginproductionontheHPVANSDN

Controller.Whatdoesthisannouncementmeantome?

A:Youareingoodshape.HPcontinuestoleadincontrollertechnologiesandSDNecosystemsandis

committedtosupportingnewandexistingVANSDNcontrollercustomerswhodeploySDNapplications

inproductionnetworks.TheHPVANSDNControlleristhepremierenterprise-gradecontrollerinthe

marketrightnow.

Q:IamadeveloperandhavewrittenorportedanapptotheHPVANSDNController.Whatdoes

thisannouncementmeantome?

A:Youareingreatshape.Withthisannouncement,youareabletoaccessanevenlargermarketwithin

thesameecosystemwhileworkingwithapartnerlikeHP—aleaderinSDNinnovation.Pleasecontact

theHPNSDNteamformoreinformationaboutyourappviaODL.

HPapplications

AsFigure2-5illustrates,atthetimeofthiswriting,HPhasthreemajorapplicationsintheHPSDNApp

Store:

• HPNetworkProtectorSDNApplication:providesprotectionagainstreal-timesecuritythreats

• HPNetworkOptimizerSDNApplication:providesapplication-drivenqualityofservice(QoS)

• HPVisualizerSDNApplication:providesnetworkvisibility

• HPVisualizerSDNApplication:providesnetworkvisibility Figure2-5:HPapplications HPNetworkProtectorSDNapplication

Figure2-5:HPapplications

HPNetworkProtectorSDNapplication

Introduction

TheNetworkProtectorSDNapplicationenablesautomatednetworkpostureassessmentandreal-time

securityacrossanSDN-enablednetwork,providingsimplesecurityforbring-your-own-device(BYOD).

Figure2-6:HPNetworkProtectorSDNapplication Figure2-6

Figure2-6:HPNetworkProtectorSDNapplication

Figure2-6illustratesanumberofotherservicestheapplicationprovides.TheNetworkProtectorSDN

ApplicationusestheHPVANSDNControllertoprogramthenetworkinfrastructurewithsecurity

intelligencefromtheTippingPointReputationDigitalVaccine(RepDV)Labsdatabase.

Thisturnsnetworkinfrastructuredevicesintosecurity-enforcementdevices,providingvisibilityand

threatprotectionagainstmorethanonemillionmaliciousbotnets,malware,andspywaresites.

TheHPNetworkProtectorSDNApplicationstopsthreatsatthenetworkaccesslayerbeforetheycan

causedamage.NetworkProtectorcanbeusedinanynetworkenvironmentwheresecurityisaconcern,

includingBYOD,datacenter,andcloudcomputingenvironments.HPenvisionsanetworkwhere

NetworkProtectorcanbeimplementedonanynetworkdevice,anywhereinthenetworkfor

unprecedentednetworkvisibility,eventcorrelationaccuracy,andsecuritycontrol.

Features

SimplesecurityforBYOD

TheNetworkProtectorSDNapplicationbringsanewlevelofthreatvisibility,automation,andcontrolto

organizationsthatsupportBYODfornetworkconnectivity.

Theapplicationscalesuptothousandsofendpoints,supportingenterpriseorganizations.

TheNetworkProtectorSDNapplicationdecreasesthetimeITspendsonsecurityproblems,fromdaysor

weekstohours.

Enablesautomatednetwork-postureassessment

TheNetworkProtectorSDNapplicationimprovesyournetworkvisibilityandaccuracy.Theapplication

prioritizesspecificDomainNameService(DNS)traffic(forexample,businesscritical)andrestricts

noncriticalDNStraffic(forexample,socialmedia).

Providesreal-timethreatdetectionacrossenterprisecampusnetworks

TheNetworkProtectorSDNapplicationprotectsfromoveronemillionmaliciousbotnet,malware,and

spywaresites.Theapplicationenablesreal-timethreatcharacterizationwiththeHPTippingPointRepDV

cloudservicedatabase.

TheNetworkProtectorSDNapplicationcanaddresscloud-basedthreatintelligence.

ProactiveITmanagementofthreats

TheHPNetworkProtectorSDNapplicationallowsflow-baseddynamicaccesscontrollists(ACL),

bringingsecuritytothenextlevel.Theapplicationallowsforperswitchanddeviceinspectionthrottling.

Theapplicationprovidesenhancedwhite/black/graylistuserpolicyrouting.

Dashboard

Figure2-7providesascreencaptureoftheHPNetworkProtectordashboard.Featuresandbenefitsofthe

HPNetworkProtectorSDNapplicationincludethefollowing:

• QuarantinethresholdscanbeconfiguredonperclientDNSrequestspersecondorontotalnumberof

uniquemaliciousconnectionsperclient,resultinginIPredirectionordroppingofallclienttraffic.

• MaliciousidentitydisplaystheIPaddressesassociatedwithquarantinedorblockedclientsorreveals

user-idwhenintegratedwithIMC.

• Customwhitelistallowsadministratorstobypassreputationcheckforconfigureddomains.

• Customblacklistallowstheadministratortoblockconfigureddomains.Thiscanbeconfiguredto

blockatspecifiedperiodsoftime.

• Thetop-infectedVLANsdisplayprovidesvisibilityintotherelativehealthofVLANclients.

• Thetop-infectedendpointsdisplayprovidesvisibilityintothesourceofmalicioustraffic.

• Inspectionthrottlingensuresthatnetworkperformanceisnotimpactedbyburstsofheavytraffic.

• Grouppolicysupportsindividualreputationlevelsforblockingorquarantiningmembersofthegroup.

• Theemail alertsfeaturenotifiestheadministrator ofquarantinedclientsor maliciousconnection attempts.

• HPArcSightintegrationallowsloggingofmaliciousactivityincommoneventformat(CEF)syslog

format(optionalcapability).

Figure2-7:Dashboard HPNetworkOptimizerSDNapplication

Figure2-7:Dashboard

HPNetworkOptimizerSDNapplication

DeployingtrustedandgranularQoScanbeextremelycomplexandrequiresimplementingtediousand

time-intensivemanualconfigurationsonadevice-by-devicebasis.Infact,itisnearlyimpossibleto

implementconsistentend-to-endtrafficpoliciesusingdeeppacketinspection(DPI)forsoftclientswith

legacynetworks.SessionInitiationProtocol(SIP)TransportLayerSecurity(TLS)encryptionand

dynamicapplicationports,usedbyunifiedcommunications(UC)applications,resultinpoorapplication

trafficvisibility.

Figure2-8:HPNetworkOptimizerSDNapplication Figure2-8

Figure2-8:HPNetworkOptimizerSDNapplication

Figure2-8illustrateshowtheHPNetworkOptimizerSDNapplicationreducescomplexityandimproves

QoS.Itautomatespolicydeploymentdynamicallyonapersessionbasisforvoice,video,andapplication

sharingtodeliverabetteruserexperienceandreduceoperationalcosts.Whenadesktopsharing,voice,

orvideosessionisinitiatedusingaMicrosoftLyncclientinthecampusorbranchoffice,theLyncServer

inthedatacenterprovidestheHPNetworkOptimizerSDNapplicationwithsessiondetails.These

includethesourceanddestinationIPaddresses,protocoltype,applicationports,andbandwidth

requirementsatthestartandendofeverycallviatheLyncSDNAPI.HPNetworkOptimizerthenuses

thesepersessionapplicationdetailstodynamicallyprovisionQoSpolicyinatrustedmannerviatheHP

VANSDNControllerusingOpenFlow.

TheHPNetworkOptimizerSDNapplicationusestheintelligencefromLyncServerandtheLyncSDN

APIalongwiththerobustcapabilitiesoftheHPVANSDNControllertodynamicallyprioritizetrafficat

theedgeofanetworkusingOpenFlow.Thisallowsthenetworkadministratortoimplementconsistent

andtrustedQoSpoliciesacrossthenetwork.Thisisdonedynamicallythroughacentralpointofcontrol,

eliminatingtheneedformanual,device-by-deviceconfigurationviatheCLI,whichgreatlysimplifies

policydeploymentandreducesthelikelihoodofhumanerrors.

Inaddition,HPNetworkOptimizerdisplaysagraphicaldashboardofLynccallqualitymetricsto

provideanintuitivewaytounderstandLynccallstatisticsinyournetwork.Thisincludesthenumberof

activesessionsandpeak-calltime,qualityofexperiencemetricsforcompletedcalls,andpoorcall

qualityanalysisdetailstoassistwithmonitoringanddiagnosingLynccall-qualityissues.

HPNetworkOptimizerSDNapplication

TheHPNetworkOptimizerSDNapplicationusesOpenFlowtodynamicallyprioritizetrafficattheedge

ofanetwork.Therearefourtraditionalwaysthatunifiedcommunicationscanbeidentifiedand

prioritizedonthenetwork:

• Thefirstmethodprioritizesalltrafficfromadevice.ThismethodisusedwithtraditionalVoIPphones byplacingthephoneinavoiceVLANandprioritizingalltrafficinthisVLAN.Thissolutionisnot possiblewithMicrosoftLyncinwholesaledeploymentsbecausethevoiceclientisusuallytheLync softwareclientrunningonaPC.

• ThesecondmethodusesapredefinedTransportControlProtocol(TCP)orUserDatagramProtocol (UDP)portnumberorrangewheretrafficmatchingtheseportscanbeprioritized.Thisisnotanideal solutionbecauseitincreasesLyncandnetworkmanagementoverheadsaswellasraisesthepotential

ofportmappingconflictsontheclientPCs.(SeeFigure2-9foragraphicillustrationofMicrosoft

Lynccommunicationsonanetwork.)

• ThethirdmethodusesaDPIenginetoanalyzeanddeterminethepacket’snature.However,inthecase

ofLync,thisisnotfeasiblebecauseallLynccontroltrafficisencryptedinTLSsessions.Thismakes

DPIanalysisimpossibleorunreliableinitsabilitytoisolatebusinessLynctrafficfromnonbusiness

voiceorvideocommunications.

• Finally,theclientcanmarktrafficasimportantandconfigurethenetworktotrustthetags.Whilethis will workandLyncdoessupportit,itrequiresalevel oftrustfromnetworkclientsthatisnot recommended.Assoonasthenetworktrustsaclient,therewillbeuserswhoabusethetrustand attempttoprioritizealloftheirtraffic.Inotherwords,ausercoulduseacompany’snetworktowatch moviesordownloadBitTorrentfilesathighpriority.

moviesordownloadBitTorrentfilesathighpriority. Figure2-9:HPNetworkOptimizerSDNApplication

Figure2-9:HPNetworkOptimizerSDNApplication

TheabovesolutionsledHPandMicrosofttodevelopabettermethodtoprioritizeimportantLynctraffic.

TheLyncServerhaddetailedknowledgeofUCsessioninformationhappeninginanenvironmentandHP

SDNcontrollershaddetailedknowledgeofphysicaltopology.Microsoft,incollaborationwithHP,

developedanAPIthatinstallsontheLyncServerandcanmakeRESTfulAPIcallstotheHPNetwork

OptimizerSDNapplicationwithallofthecalldetails,includingusers,typeofcall,andbandwidth

requirements.HPNetworkOptimizercanthenuseOpenFlowtodynamicallyprioritizetrafficonthe

networkforthedurationofthecall.

TheHPNetworkOptimizerSDNapplicationusesOpenFlow-hybridmodeandonlytheedge,oraccess

devicesneedtobeOpenFlowenabled.Inthiscase,theHPNetworkOptimizerSDNsolutiondoes

DifferentiatedServicesCodePoint(DSCP)remarkingattheedgeofthenetworkandtherestofthe

networkisconfiguredtohonorthemarkingssuppliedbytheaccesslayerdevice.Previously,trustingend

userQoSvalueswasabadideabutwiththeaccess-layerdevicesdoingtheQoSmarking,itisthe

networkcorethathonorsQoSmarkingsreceivedfromthenetworkedge.WhentheHPNetwork

Optimizerapplicationboots,adefaultflowispushedtoallaccessdevices.Thisremarksalltrafficto

normalpriorityinthespecifiedVLANs.ItisthenpossibleforHPNetworkOptimizertodynamically

prioritizetheLynctraffictoanadministrativelyassignedpriority.

Out-of-the-box,thissolutionwillworkwithoutanyadditionalconfigurationrequiredonclientsthatare

attachedtoOpenFlow-enableddevices.IfaclientisnotdirectlyconnectedtoanOpenFlow-enabled

device,itispossibleforanetworkadministratortoconfigureagatewayforaknowngroupofdevices.

Thisenablesprioritizationtobedynamicallyassignedforthenetworkunderanadministrator’scontrol.

HPNetworkOptimizer—dashboard

Valueproposition

HPNetworkOptimizerprovidesanenhancedEnterpriseVoiceuserexperiencewithMicrosoftLyncsoft

clientsthatusershavecometoexpectwithtraditionalPBXvoiceconnectionsandVoIP-basedonhard

phones.ThisallowsanenterprisetosupportthemobilitydemandedbyusersandofferedbyMicrosoft

LyncEnterpriseVoiceandstillgettheexperiencetheywant.Callsaredynamicallyprovisionedwithout

administrativeinvolvement.

administrativeinvolvement. Figure2-10:HPNetworkOptimizer—dashboard

Figure2-10:HPNetworkOptimizer—dashboard

HPNetworkOptimizeralsoenablestheITadministratortorapidlydefineandadjusttheprioritiesof

LynctrafficonthenetworkwithgranularcontrolofbothDSCPmarkingsand802.1ppriorities.Nolonger

doesthenetworkadministratorneedtotoucheveryswitchtodeployaunifiedcommunicationsQoS

adjustment.(SeeFigure2-10forascreencaptureoftheHPNetworkOptimizerapplicationdashboard

andaquicklistofothersalientfeatures.)

Performance

AninstanceofHPNetworkOptimizercansupportaninfrastructurewithupto2000OpenFlow-enabled

networkdevicesandupto10,000users.Thesenumbersassumeminimumsystemrequirementsofaquad-

coreprocessor,8GBofRAM,and64GBofavailablediskspace.AdditionalinstancesofHPNetwork

OptimizercanbedeployedtosupportalargernumberofOpenFlow-enablednetworkdevicesandusers.

Redundancy

InthecurrentreleaseofHPNetworkOptimizer,HAisnotsupported.Tohelpmaximizenetwork

availability,theOpenFlow-enableddevicesinanetworkshouldbeconfiguredtofailopeninthecaseof

controllerunavailability.HPNetworkOptimizerisdesignedtooperateinahybridSDNmode.This

meanstrafficisforwardedusingtraditionalnetworkingmethodsbasedondestinationMACaddressor

destinationIPaddress.Whenaswitchfailsopen,thesesametraditionalforwardingmechanismswill

continuetoforwardtrafficasexpected.

Security

Networksecurityhasbeenacriticalconcernforaverylongtimeanddoesnotchangewiththeadventof

SDN.Themethodsofsecuringanetworkrequireanevaluation.Thereareseveralmechanismsthataidin

securinganSDNenvironment.First,theconnectionbetweenaswitchandacontrollershouldbepassed

ontoadedicatedmanagementVLANor,foradditionalsecurity,behandledonacompletelyout-of-band

network.Anout-of-bandnetworkislikelynotpossibleinacampusLANbutmaybepossibleinadata

center.Second,thecommunicationbetweenanOpenFlowdeviceandthecontrollershouldbe

authenticatedandencrypted.TheHPVANSDNControllerandHPswitchessupportmutualauthentication

usingcertificatesandTLS.AccesstothecontrollerformanagementpurposesisalsoencryptedusingTLS

andauthenticatedusingOpenStackKeystone.

Frequentlyaskedquestions

Q.WhatisrequiredtoimplementHPNetworkOptimizer?

Answer:HPNetworkOptimizerrequiresOpenFlow-enabledswitchesatorneartheaccesslayerofthe

network.ItisinstalledasanapplicationontheHPVANSDNController,whichcanbedeployedasa

virtualmachineoronabaremetalserver.However,highernetworkthroughputcanbesupportedwhen

installedonabare-metalserver.ItisalsonecessarytoconfigureQoSonthedistributionandcore

devicesinanetworktotrusttheDSCPmarkingsthataresetattheedgeofthenetwork.Thissolutionalso

requirestheMicrosoftSDNAPIandSDNManagertobeinstalledintheLyncenvironment.

Q.HowdoesHPNetworkOptimizerworkwithLyncOptimizedIPphones?

Answer:ItmaintainsaninstalledandconfiguredvoiceVLANforhardphones.IncollaborationwithHP

NetworkOptimizer,thiswilldecreasetheaccesscontrollist(ACL)resourceimpactofthesolution

whereLyncOptimizedIPphonesareused.HPNetworkOptimizerwillautomaticallyprovidedynamic

provisioningforLyncOptimizedIPphonesinadditiontosoftphones,unlessexcluded.

Q.HowdoesHPNetworkOptimizerscale?

Answer:AninstanceofHPNetworkOptimizercansupportaninfrastructureupto2000OpenFlow-

enablednetworkdevicesandupto10,000users.

Q.WhereshouldHPNetworkOptimizerbedeployed?

Answer:HPNetworkOptimizershouldbedeployedlocaltotheLANitisconfiguredtoprovision.Any

additionallatencyintroducedbydeployingtheSDNapplicationremotelycoulddelayQoSprovisioning

andaffecttheuserexperienceatthestartofanewsession.

Currenttroubleshootingtoolschallenges

Currenttroubleshootingtoolschallengesincludethefollowing:

• Increasingnetworkcomplexity,hardertotroubleshoot

• Manualandcostlynetworktoolsfornetworkmonitoringandtroubleshooting

• Time-consumingprocessesthatrequirelow-leveldetailsasinputs

Figure2-11providesagraphicalrepresentationofthislist.

Figure2-11 providesagraphicalrepresentationofthislist. Figure2-11:Currenttroubleshootingtoolschallenges

Figure2-11:Currenttroubleshootingtoolschallenges

HPNetworkVisualizerbenefits

AsFigure2-12explains,theHPNetworkVisualizerApplicationprovidesvisibilityofnetworktraffic

andoffersaflexiblesolutionforobtainingcopiesofnetworkpacketsforauditing,verification,and

dynamictroubleshootingpurposes.

dynamictroubleshootingpurposes. Figure2-12:HPNetworkVisualizerbenefits

Figure2-12:HPNetworkVisualizerbenefits

Youcangetcopiesofnetworkpacketsfrommultiplesourcedevicesandforwardcapturedpacketstoa

collectiondevicelocatedalmostanywhereinthenetworkusingagenericroutingencapsulation(GRE)

tunnel.

TheNetworkVisualizerdynamicallyinstallsOpenFlowrulestomonitorthenetworktrafficusingthe

filtercriteriaspecifiedbyanetworkadministratorviathegraphicuserinterface(GUI).Filtercriteriaare

specifiedwithSDNpolicyattributesbuiltonACLnetworkingmatchattributesandlegacyactions.

Figure2-13:HPNetworkVisualizerbenefits As Figure2-13

Figure2-13:HPNetworkVisualizerbenefits

AsFigure2-13illustrates,theNetworkVisualizerdashboardprovidesagraphicrepresentationofcurrent

capturesessionconfiguration,capturesessionfailures,anddiscovereddevicesbytypeandoperating

system(OS).

ThedashboarddisplaysthefollowingchartsalongwithalinkbelowSessionsandCaptureSessions.

Failurechartsprovideadditionaldetails:

• Sessions

• CaptureSessionsFailure

• DiscoveredDevicesbyOS

• DiscoveredDevicesbyType

BluecatDNSdirector

DomainNameSystem(DNS)isahighlycriticalnetworkservicethatenablesdevice-to-app,app-to-app,

anddevice-to-devicecommunication.DNSisbuiltontrustandassumesthatboththeDNSserverandits

responsecanbetrusted,makingDNSawidelyusedattackvectorandapowerfultoolfordata

exfiltration.

Figure2-14:BluecatDNSdirector Traditionalnetworkinfrastructuresnotonlyperpetuatethistrustmodel,butalsoaremostlydesignedfor

Figure2-14:BluecatDNSdirector

Traditionalnetworkinfrastructuresnotonlyperpetuatethistrustmodel,butalsoaremostlydesignedfor

knownandtrustedcorporate-issueddevices.Ongoingtransformations,suchasBYOD,arebreakingthis

chainoftrust,allowinguserstoconnectanydevicetothenetworkregardlessofbehaviorornetwork

access.

Thiscombinationoftrust-as-a-foundationandtraditionalnetworkinfrastructureintroducessignificant

securityrisksforbothBYODandnon-BYODnetworksandrepresentsanidealenvironmentforDNSto

beusedasanattackvector.

Bluecat’sDNSDirectorandtheHPSDNarchitectureprovideyouwithprogrammaticcontrolofyour DNSservicestopreventDNStunnelingandensuresecureapplicationaccessacrossalldevices,through

automatedandcentrallydeployedDNSpolicies.Figure2-14illustratesanSDNarchitecturethatincludes

BluecatandHPVANSDNController.

Thesolution’scentralizednetworkviewanddynamicallyprogrammableDNScapabilities,combined

withBluecat’sDNSThreatProtection,delivertheaddedagility,security,andscalabilityrequiredto

supportthebusinessdemandsofyourmobile-cloudenvironment.

KempLoadMaster

Networktrafficdensitiesareincreasing—constantly.TheadoptionofSDNtechnologyisontherisefor

thepowerfulcontrolovernetworkinfrastructureitoffers.

Figure2-15:KempLoadMaster TherewillbeatransitionalperiodinwhichtheelementsofSDNareusedalongsidetraditional

Figure2-15:KempLoadMaster

TherewillbeatransitionalperiodinwhichtheelementsofSDNareusedalongsidetraditional

networkingtechnologiesandneweroverlaysolutions.AsSDNadoptioncontinues,applicationdelivery

controllers(ADCs)orloadbalancerswillplayacriticalroleinprovidingtherequiredintelligencefor

flexibleandincreasinglyeffectivenetworkdeployments.

Intraditionalnetworks,thereisnoend-to-endvisibilityofnetworkpaths,andapplicationsarenotalways routedoptimally.TheKEMPAdaptiveLoadBalancerApp,integratedwiththeHPVirtualApplication Network(VAN)SDNControllersolution,solvesthisproblembymakingavailablecriticalflowpattern data.Thisway,applicationscanberouteddynamicallyacrossthemostoptimalserverandswitching

infrastructure.(Figure2-15providesaSDNarchitecturethatincludesKempLoadMasterandHPVAN

SDNController.)

TheKEMP-HPcombinedSDNsolutionenables:

• Applicationvisibilitytonetwork

• Networkdatabeing“pulled”byADC

• AdaptiveHAloadbalancing

• Dynamicapplicationdelivery

TheprinciplesofSDNarefocusedonthelowerlayersofthenetwork,andloadbalancersoperatechiefly

atL4–L7.Thisputsloadbalancersinaprimelocationtobridgethegapthatexistsbetweenthe

applicationandthenetworktoinfluencetheSDNcontroller.Upper-layerintelligencecanbe“pushed”to

theSDNcontrollerfromtheKEMPADC,helpingthecontrollertomakebetterdecisions.

Inversely,circuitinformationcanbe“pulled”fromtheSDNcontrolleracrossthenorthboundinterface.

ThisallowstheADCtomakebetterapplicationload-balancingdecisionsbyaggregatingitsnative

applicationintelligencewiththeinformationprovidedbytheSDNcontroller.Thesolutionfocusesonthe

latterasafirststeptoSDNadaptiveloadbalancing.

AnimportantaugmentationbenefitoftheKEMP-HPcombinedSDNsolutionistoimproveperformance

ofanewapplicationacrossexistinginfrastructure.TheKEMPadaptiveloadbalancerapplication’s

RESTfulAPIallowsforthird-partyinnovationwithintheHPVANtopologysothatcustomizedsolutions

canbetailoredtospecificenterprisenetworkneeds.

HPSDNcasestudies

HPhasmultiplecasestudiesavailable,includingthecasestudiesyouseeinFigure2-16.

Figure2-16 . Figure2-16:HPSDNcasestudies

Figure2-16:HPSDNcasestudies

SDNexamplesolution:Casestudiesandrequestforinformation

Thefollowingscenarioprovidesreal-worldusecasesandcasestudiesthatillustrateSDN

implementationsinproductionenvironments.

Scenario:Requestforinformation

Yourmanagerphonesyoufromthegolfcourseandsays:“Iforgottomention,weneedsomegood

documentationtohelpwithourSDNpresentation.ThecompanyleadershipisaskingforanSDNrequest

forinformation(RFI)documentandIdon’tknowwheretostart.Putsomethingtogetherthatwecanuse.”

Fortunately,youhavefoundthisdocumentontheHPwebsitetohelp:

Fortunately,youhavefoundthisdocumentontheHPwebsitetohelp: Note MockRFIforEnterpriseSDNSolutions Direct

Note

MockRFIforEnterpriseSDNSolutions

HP

ThemockRFIincludesthediagramyouseeinFigure2-17,whichillustratestheONF’sSDN

architecture:

architecture: Figure2-17:ONFSDNarchitecture FromthediagramandthemockSDNRFI,youlearnseveralimportantthings. NorthboundAPI:

Figure2-17:ONFSDNarchitecture

FromthediagramandthemockSDNRFI,youlearnseveralimportantthings.

NorthboundAPI:Youlearnthat,relativetoFigure2-17,thenorthboundAPIistheAPIthatenables

communicationsbetweenthecontrollayerandtheapplicationlayer.

SouthboundAPI:AlsorelativetoFigure2-17,youlearnthesouthboundAPIistheAPIthatenables

communicationsbetweenthecontrollayerandtheinfrastructurelayer.

UpgradestosupportOpenFlow:HPoffersafreeupgradeofswitchsoftwaretoHP’sOpenFlow-

enabledsoftware(onspecificsupportedswitches).Costsothervendorschargemayvary.

Virtualandphysicalswitchsupport:TheHPsolutionsupportsanystandards-basedinfrastructure.

HPVANSDNControllerprice:TheHPVANSDNCtrlSWBaseSWw/50-nodeE-LTUcosts$495

USD(pricemaychange).Ademolicenseisalsoavailable.

Management:IntelligentManagementCenter(IMC)canbeusedtomanagebothaHPSoftware-defined

Networkandatraditionalnon-OpenFlow-enablednetwork.

Scenario:casestudies

Thenextdaybackintheoffice,yourmanagerapproachesyouandsays:“Weneedsomepractical

examplesofSDNintherealworld.Getsomecasestudieswecanuseasreferencesinourpresentation.”

YourecallthatyouandyourmanagerhavealreadybrieflydiscussedGoogle’sSDNimplementation.

GooglehasbeenimplementingOpenFlowandSDNsince2010.

BothGoogleandMicrosoftpresentedattheOpenNetworkingSummit2015anddiscussedhowtheyare

usingSDNtobettermanagetheirnetworks:

Googlewantedtomanagenetworks,servers,andstorageassingleblockunitsratherthanasthousandsof

individualdevices.IthasbuiltitsowncontrolplanefornetworkdevicesratherthanusingOpenShortest

PathFirst(OSPF)andotherexistingprotocols.Googlethereforeusesacentralcontrolplanefordevice

management.

Youcanwatchthefollowingvideo:

management. Youcanwatchthefollowingvideo: Note Google(ONS2015—AminVahdat) YouTube:

Note

Google(ONS2015—AminVahdat)

YouTube: https://www.youtube.com/watch?v=FaAZAII2x0w Unified Wired-WLAN APs only operateincontrolledmode.

Youcanalsorecallfromyourandyourmanager’spreviousdiscussionthatMicrosofthasturnedtoSDN

tomanageitsnetworkbecauseofthemassivegrowthandscaleitisexperiencingwithitsAzurecloud

offering.Microsoft,inasimilarwaytowhatwearediscussing,usesapplicationstoprogramrulesviaa

controllerintoswitchesatthedataplane.

YoumightalsowanttowatchavideoaboutMicrosoft’simplementation:

NoteMicrosoftAzure(ONS2015—MarkRussinovich) YouTube:

MicrosoftAzure(ONS2015—MarkRussinovich)

Yourmanagersays:“Buttheseexamplesarecloud-basedsolutions.Ineedsomeenterpriseexamplesin

additiontotheNSAexampleIfound.Keeplooking.”

YoucanusetheHPEnterpriseInformationLibrarytolookatsomeoftheHPcasestudies:

Note

Note

HPEnterpriseInformationLibrary:http://www.hp.com/go/sdn/infolib

Important

Important

TheHPEnterpriseInformationLibraryisanimportantURLtobookmarkasitcontainsthelatestHP

SDNrelateddocumentation:AnotherimportantURLtobookmarkishttp://www.hp.com/sdn

Youcanjotdownafewofthecasestudiesyoufind:

HPNetworkingInteropNetArchitecture

BallaratGrammar(NetworkProtector)

DeltionCollege(NetworkOptimizer,KEMPloadbalancer)

SouthWashingtonCountrySchools(NetworkProtector)

ViaGroup(NetworkOptimizer,IMC)

BamaCompanies(NetworkOptimizer,Bluecat,Hyperglance)

IstanbulKulturUniversity(NetworkOptimizer,IMC)

RMITUniversity

RMITUniversity YouTube: http://bit.ly/1CGePi0 Note The white paper section of HP Enterprise Information

Note The white paper section of HP Enterprise Information Library contains technical product informationwhichyoumayfinduseful.

Asyoureadthecasestudiesyoufind,youcancollectthefollowingcustomerquotes:

Customerquotes

“Indeliveringfrozendoughproductstosomeofthelargestretailchainsintheworld,it’simportantto

ensurethatourcommunicationapplicationsarereliable.WearecurrentlydeployingMicrosoftLyncwith

HP’sSDNoptimizer,whichprovidesahigherperformanceintermsofuserexperienceandlowersour

overallITinfrastructurecost.”

EricSpille,ManagerofTechnicalServices,TheBamaCompanies

“HPNetworkProtectorSDNApplicationtakesawayalotofthemanuallaborthatweusedtodoby

ensuringstudentdevicesareprotected.We’venowaddedtheKempapplicationtointelligentlymanage

networktrafficforourSharePointinfrastructure,improvingaccessforallmembersofourschool

community.”

GregoryBell,HeadofTechnicalServices,BallaratGrammar

“Asthesolepersonresponsibleformanagingthesprawlingdistrictnetworkinfrastructure,Icanattest

thatHPandSDNarethewayforwardintherapidlychangingandgrowingmobileenvironment.”

JeffDietsche,SystemsandInfrastructureManager,SouthWashingtonCountySchools

“OncewelearnedaboutHPSDN,wedecidedtostartwithanentirelynewandmoreinnovativenetwork

concept.Wenowseeournetworknotasaburdenthatwehavetomaintain,butasanewrealmof

possibility.”

EnderEkici,HeadofIT,IstanbulKulturUniversity

WhatisNFV?

NFVoffersanewwayforcommunicationsserviceproviders(CSPs)todesign,deploy,andmanage

networkingservices.

Overview

Bydecouplingthenetworkfunctionsfromproprietaryhardwareappliances,asillustratedinFigure2-18,

CSPscanacceleratetheintroductionofnew,compellingservicesquicklyandcost-effectively.NFV

enablesCSPstoresetthecostbaseoftheirnetworkoperationsandcreatetheflexibleservicedelivery

environmentstheyneedtodriverevenueandreducecosts.

environmentstheyneedtodriverevenueandreducecosts. Figure2-18:Networkfunctionsvirtualization

Figure2-18:Networkfunctionsvirtualization

TheHPOpenNFVProgramprovidesCSPsandtheirsuppliers—suchasnetworkequipmentproviders

(NEPs),independentsoftwarevendors(ISVs),andsystemintegrators(SIs)—thefoundationuponwhich

tobuildadynamicserviceandnetworkenvironment.HP’sOpenNFVplatformacceleratesthedesign,

proof-of-concept,trial,anddeploymentofnewcloud-enablednetworkservicesandinnovationswhile

loweringcapitalexpenditures,operatingexpenditures,andrisk.

OnelenswecanlookthroughtounderstandthefutureofNFVisaviewonwhathashappenedin

enterpriseIT.NFVusestraditionalITvirtualizationtechniquesoncommodityhardware(compute,

storage,andnetworking)toconsolidatenetworkapplicationsontoindustryhigh-volumeserversand

storage,whichallowstheindustrytogainfrombothcostandinnovationdynamicsoftraditionalIT.Itis

possibletodaytousecommercial-off-the-shelfITinfrastructuretodocomplextasksthathave

traditionallyrequiredcustomhardwarebuildsonspecializedapplication-specificintegratedcircuit

(ASIC)ordigitalsignalprocessing(DSP)devices(thankstorecenttechnologiessuchasthepacket

processingcapabilitiesfoundinthelatestCPUs).

WithinenterpriseITapplications,serverandstoragesprawlandcomplexitycausemostorganizationsto

spendmorethan70%oftheirbudgetsandresourcesonmaintenanceandoperations—andlessthan30%

oftheirtimeandmoneyoninnovation,thethingsthathelpthebusinessbemorecompetitive.Asaresult,

mostITorganizationshaveseenawideninggapbetweenwhatthebusinessdemandsandwhatITcan

deliver.Theylacktheagilitytorespondtobusinessrequestsinatimelymanner.

AtHP,webelievethattheonlywayforenterpriseITandnetworkstoshiftresourcesfromoperationsto

innovationisthroughinfrastructureconvergence.Therefore,wearedevelopingtheblueprintforthedata

centerofthefuture,whichacceleratestheprovisioningofITservicesandapplicationsbyintegrating

servers,storage,networking,security,power,cooling,andfacilitiesintosharedpoolsofinteroperable

resources,allmanagedthroughacommonmanagementplatform.

resources,allmanagedthroughacommonmanagementplatform. Figure2-19:HPconvergedinfrastructure Figure2-19

Figure2-19:HPconvergedinfrastructure

Figure2-19illustratesthestepsorganizationsmusttaketoachieveinfrastructureconvergence.Thefirst

stepformostorganizationshasbeenoneofstandardization—toincreasethequalityandspeedofIT

servicedeliverywithlowercostofoperationsandbetter,moreefficientmanagement.Thiscouldinclude

movingtoasmallnumberofapprovedstandardconfigurationsthatarebasedonindustrystandardswith

reusablecomponentsandimplementedinaconsistentfashionwithconsistentmanagementtools.Theend

resultofthisstepisamorestandards-based,modular,andreusableinfrastructure.

ThesecondstepforIThasbeenoneofvirtualization,movingfromphysicalserver,storage,and

networkingenvironmentstovirtualizingtheentiredatacenter,increasingtheQoSdelivered,andmaking

ITmoreresponsiveandalignedtotheneedsofthebusiness.

WhatvirtualizationandautomationhaveachievedinthedatacenteriswhatNFVaimstoachieveforthe

revenue-generatingapplicationsrunbyCSPs.Thus,NFVwillbuildonthejourneythatenterpriseIThas

undertaken.Virtualizationisasteponthejourneytocloud,andintheworldofenterpriseIT,applications

areevolvingtoservices,andtheroleoftheCIOisevolvingtobecomethatofaservicebroker.

NFVversusSDN

NFViscomplementarytoSDN,althoughNFVcanbeimplementedwithoutSDN.SDNallowsITand

networkoperationstoapplybusinesslogicdirectlytoemergingsoftware-basednetworksand

dynamicallyintroducenewservicesfasterwithlowermanagementcostsandwithlesscomplexity.SDN

unlocksoverprovisioned,underutilized,andconstrainednetworkstogainvaluefromthem.Itenables

networksimplificationbyabstractingawaycomplexity.

NFVandSDNcanbecombinedtocreategreatervalueasSDNextendstothenetworkinfrastructurethe

agilitythatservervirtualizationbringstothecomputeinfrastructure.HPforeseesthatfunctionsbeing

virtualizedtodayeventuallybecomevirtualizednetworkserviceswithinaSDNarchitecture.

Demonstratingin-depthintegrationofthetwoisakeyrequirementfulfilledwithintheHParchitecture.

Table2-1providesanNFVandSDNcomparison:

Table2-1:NFVandSDNcomparison

Networkfunctionsvirtualization(NFV)

Software-definednetworking(SDN)

ByleveragingstandardITvirtualizationtechnology

SDNenablestheemergingsoftware-based

toconsolidatemanynetworkequipmenttypesonto

networksthatallowITandnetworkoperationsto

industry-standardhigh-volumeservers,switches,

applybusinesslogicdirectlyanddynamicallyto

andstorage,NFVprovidesamodeltomeetCSP

introducenewservicesfaster,lowermanagement

challengesaroundreducingcapitalexpenditures

costswithlesscomplexity,andcommoditizemany

(CapEx),improvingmanageability,decreasing

networkfunctions,reducingCapEx.SDNisan

time-to-market,andencouragingawiderecosystem.

enablingtechnologythatchallengescurrent

practicesbydecouplingthecontrolplanefromthe

data-forwardingmechanisms.

data-forwardingmechanisms. Note FormoreinformationaboutNFV,visit:

Note

FormoreinformationaboutNFV,visit:http://www8.hp.com/us/en/cloud/nfv-overview.html

SDNintheDataCenterandCloud

Overview

Fromenterprisetoserviceproviders,ITcustomersrequiretailorednetworkvirtualizationsolutionsthat

fitspecificbusinessoutcomes.Tomeetthisuniquerequirement,HPprovidesathree-partofferingthat

freesyoufromlegacynetworks,improvesyourservicevelocity,andlowerscost.

Figure2-20:SDNinthedatacenterandthecloud

Figure2-20:SDNinthedatacenterandthecloud

Builtontheindustry’smostcomprehensivenetworkvirtualizationportfolioandbackedbyworld-class

serviceandsupport,HPisuniquelypositionedtonavigateyousafelythroughthistechnologyand

businesstransformation.

EachofthesolutionsyouseeinFigure2-20providesanopen,standards-basedfoundationforcustomers

to(optionally)movetowardbroaderSDNapplicationdeployment.HP’sopenSDNecosystemandHP

SDNAppStorehelpcustomerstoquicklydrivebottom-linevalueandimproveend-userapplication

experience.

experience. Note

Note Ifyouwouldpreferwatchingvideos,thefollowingvideosprovideagreatoverviewoftheSDN

solutionsdiscussedinChapters1and2ofthisstudyguide.Videos19to33coverdatacenterand

cloudSDNsolutions:SDN(Anintroduction)http://bit.ly/1MwN0sr

VirtualCloudNetworking(VCN)

InJune2014,HPannouncedtheVirtualCloudNetworking(VCN)SDNapplicationanditsintegration

intoHP’sHelionOpenStack®distribution.VCNoffersanOpenStackNeutrondistributionwithunique

enhancementssuchasmultihypervisorsupport,distributedvirtualrouting,HA,VirtualExtensibleLAN

(VXLAN)gateway,VPNasaservice(VPNaaS),andsecuritygroupenhancements.Italsoprovides

improvedscalability.Manyoftheseenhancementshavebeencontributedbacktotheopensource

community.

HPisnowatopcontributortoOpenStackNeutron,withongoingworkplannedtosupportadditional

hypervisors,baremetalfunctions,servicechaining,andSDNapplicationintegrationtosupportnetwork

andsecurityoperations.

HP-VMwarenetworkingsolution(NSXFederation)

TheHP-VMwarenetworkingsolutiondeliversaninteroperableSDNandnetworkvirtualizationsolution

thatprovidescustomersunifiedautomationandvisibilityintovirtualandphysicalnetworksinVMware

centricdatacenters.ThesolutioncombinestheHPVANSDNControllerandVMwareNSXnetwork

virtualizationplatformthroughfederationAPIstodeliverSDNautomationacrossphysicalandvirtual

datacenternetworks.

Note HPNetworkingChief Technologist, MarkPearson, and VMware EngineeringArchitect, Scott Lowe, recently discussed this HPNetworkingChief Technologist, MarkPearson, and VMware EngineeringArchitect, Scott Lowe, recently discussed this codeveloped solution at VMworld SFO 2014

HPDistributedCloudNetworking(DCN)

WithHPDCN,largeenterprisesandserviceproviderscanunifyprivate,public,andhybriddatacenters

throughSDN.DCNhelpscommunicationserviceproviders(CSPs)acceleratetheirjourneystoNFVby

optimizingnetworkresources,increasingagility,andspeedingtime-to-marketthroughdynamic,service-

drivenconfiguration.

Note For more information about HP SDN network virtualization, visit the following: For more information about HP SDN network virtualization, visit the following:

HP-VMwarenetworkingsolution

Overview

HPandVMwarearecollaboratingtoprovidetheindustry’sfirstinteroperableSDNsolution.As

illustratedinFigure2-21,thesolutionfederatestheHPVANSDNControllerwiththeVMwareNSX

networkvirtualizationplatformtoprovidecustomerswithanintegratedapproachforautomatingtheir

physicalandvirtualnetworkinfrastructures.

Figure2-21:TheHP-VMwarenetworkingsolution Networkvirtualization

Figure2-21:TheHP-VMwarenetworkingsolution

Networkvirtualization

SDN,asdefinedbytheONF,isthephysicalseparationofthenetworkcontrolplanefromtheforwarding

planeandwherethecontrolplanecontrolsseveraldevices.Whenitcomestonetworkvirtualization,the

SDNapproachallowsthenetworkprovidertointegratephysicalandvirtualenvironments;and,ifdone

correctly,italsounlocksnever-beforerealizedcapabilities,intelligence,andvisibility.Network

providershaveachoiceinhowthisintegrationisaccomplished—achoicethathasdirectimplicationson

whethertheywillmerelysolvetheirnetworkvirtualizationproblemsorwhethertheywillplace

themselvesonapathtounlockthefullpotentialofanintelligent,SDN-enabledconvergedinfrastructure.

Thereisnostandardthatdefinesnetworkvirtualization.OneofthebetterdefinitionsisGartner’s

definition:

Networkvirtualizationistheprocessofcombininghardwareandsoftwarenetworkresourcesandfunctionalityintoasinglevirtualnetwork.

Thisoffersaccesstoroutingfeaturesanddatastreamsthatcanprovidenewer,service-aware,resilientsolutions;newersecurityservicesthat

arenativewithinnetworkelements;supportforsubscriber-awarepolicycontrolforpeer-to-peertrafficmanagement;andapplication-aware,

real-timesessioncontrolforconvergedvoiceandvideoapplicationswithguaranteedon-demandbandwidth.

VMware

VMwareledtheindustryintoanewvirtualcomputingerainthedatacenter.Virtualmachines(VMs),

services,andworkloadsarenowbeingbroughtupanddowncontinually,whichhasledtoanewlevelof

automationnotseenbefore.Asvirtualizeddatacentersgrew,virtualizedworkloadsbegantospan

multipleserverracksthatwerespanningacrossalargenetworkingdomain.Thesevirtualizedworkloads

alsoneededvirtualdomainstoexisttoprovidelogicaltrafficseparation.Theyexpandedpasttheserver

intothenetworkintheformofVLANs.TheneedforalargenumberofVLANsbegantogrowalongwith

thegrowthinworkloadsmovingtovirtualizedenvironments,andthisstartedtoexpandpastthelimit

allowedonthenetwork.Also,theriseinmovingVMsfromoneservertoanother,VMmobility,createda

requirementonthenetworkinginfrastructuretosupportthemovementofIP/MACaddressesacrossthe

networkinfrastructure.Further,leavingeverythingtohardwareslowstherapidpaceofinnovation

allowedinsoftware.

Toaddresstherequirementsforautomation,largenumbersofvirtualdomains,andVMmobility,there

wereseveraldecisionstobemade.Newnetworkingtechnologies,suchasTransparentInterconnectionof

LotsofLinks(TRILL),createdoneflatlayer-2domainacrossthenetworkandalleviatedtheVM

mobilityproblem.ThislefttheissuesofautomationandVLANscale.PBBoriginallystartedtoaddress

thescaleissuewithMAC-in-MACencapsulation.However,itaddressedonlypartoftheproblemand

alongwithTRILLdidnotaddresstherealneedtomovetoasoftware-definedstrategytounlockfaster

innovationthatthenetworkhaslacked.

Overlayandunderlaynetworks

ToaddresstheVLANscalewithinthetimeframesandflexibilityrequiredbyrapidlyscalingpublic

clouds,VirtualExtensibleLAN(VXLAN)wascreatedtoprovideestablishedtunnelsbetweenendpoints

withalargescaleofvirtualdomains.VXLANcreatedanewheadertothepacketsformingtunnels

betweenphysicalandvirtualendpoints.Theoverlaywasmanagedthroughacommunicationandcontrol

protocolonthephysicalnetwork,andithappenedlargelyindependentlyoftheactualvirtualenvironment.

HPandVMware

WithVANSDNandNSXfederation,HPandVMwareareenablingorganizationsto:

• Unifyvirtualandphysicaldevices

• Bridgevirtualandphysicalnetworks

• Simplifynetworklifecyclemanagement

• Deployadditionalbandwidthrapidly

• Provideend-to-endvisibilityintoavailabilityandperformance

• Rapidlyidentifynetworkproblems,analyzethem,andtroubleshoottoresolvethem

AsshowninFigure2-21,keycomponentsofthesolutioninclude:

• VMwareNSXnetworkvirtualizationplatform

• FederationAPIs

• HPVirtualApplicationNetworks(VAN)SDNController

• HPIMCSDNManager

• HPIMCwithvCenterplug-in

• HPConvergedControlSDNapplication

• HPFlexFabric5930Top-of-RackSwitch

HPIMCwithSDNManagerandintegratedVMwarevCenterplug-inprovideasinglepane-of-glass

managementforbothvirtualandphysicalnetworks.Thesolutionsalloworganizationstocontrolthe

entiredatacenternetwork.

VMwareNSX

AsFigure2-22illustrates,theVMwareNSXnetworkvirtualizationplatformallowsyoutocreatea

networkcompletelyinsoftware,andthisvirtualnetworkoverlaysyourphysicalnetwork.

Figure2-22:VMwareNSX Youcreateavirtualnetworkbydefiningalogicalswitch,whichprovidesLayer2servicesonthevirtual

Figure2-22:VMwareNSX

Youcreateavirtualnetworkbydefiningalogicalswitch,whichprovidesLayer2servicesonthevirtual

network.YoucanattachVMstothelogicalswitchandconfigureadditionalnetworkservices,suchas

• Logicalrouters

• Logicalfirewalls

• Logicalloadbalancers

• Logicalvirtualprivatenetworks(VPNs)

WhenaVMthatisattachedtoalogicalswitchsendstraffic,theNSXswitchcheckstheingressrulesand

determineshowthetrafficshouldbehandled.Ifthetrafficisallowed,theNSXswitchencapsulatesitand

sendsitacrossthephysicalnetworktothedestination—whichisanotherNSXswitch.Thedestination

NSXswitchchecksitsegressrulestoensurethetrafficisallowed.Ifthetrafficisallowed,itis

forwardedorroutedtotheappropriateVM.

LikeotherVMwareproducts,VMwareNSXallowsyoutoeasilymovetheVMs.IfyoumoveaVMfrom

onephysicalhosttoanother,thenetworkservicesthatyouhavedefinedfortheVMmovewithit.

VMwareNSXispolicybased:thatis,youcancreatepoliciesandapplythemtoVMs.Thisallowsyouto

easilyprovisionVMsastheyareaddedtothelogicalnetworkenvironment.

Integrationandcommunication

ThefederationAPIsprovidetheframeworkforintegratingtheHPVANSDNControllerandtheVMware

NSXnetworkvirtualizationplatform.ThroughthefederationAPIs,theHPVANSDNController

integrateswithVMwareNSXtodeliverSDNapplicationsacrossvirtualnetworks.Applicationscan

querythefederationAPIsandreceiveinformationfromtheapplicableapplicationwithinthesolution.

VMwareNSXusestheOpenvSwitchDatabase(OVSDB)managementprotocoltocommunicatewiththe

HPVANSDNController,whichsupportsOVSDB.AcomponentofOpenvSwitch,theOVSDB

managementprotocolenablesmanagementofopensourcevirtualswitches.Essentially,theOVSDB

managementprotocolmanipulatesasetoftablescontainingswitchconfigurationdata.(Designedfor

virtualizedserverenvironments,OpenvSwitchforwardstrafficbetweenVMsonthesameserver hardware,eliminatingtheneedtosendthetraffictothephysicalnetworkforhandling.IfVMssendtraffic tootherdestinations—notontheserverhardware—OpenvSwitchforwardsthattraffictothephysical

network,typicallyaswitch.OpenvSwitchislicensedunderopensourceApache2.0.)

UsingOVSDB,VMwareNSXsharesvirtualtunnelstateinformationwiththeHPVANSDNController’s centralizedcontrolplane.VMwareNSXalsousesOVSDBtosetupvirtualnetworktunnelendpointson

physicalnetworkdevicessuchastheHPFlexFabric5930SwitchwithVirtualExtensibleLAN

(VXLAN).VXLANisanencapsulationprotocolthatsupportsvirtualnetworksacrossLayer3networks.

VXLANaddsa24-bitsegmentIDtotheEthernetframe.VXLANenablesyoutosetupasmanyas16

millionvirtualnetworksacrossaLayer3network.

millionvirtualnetworksacrossaLayer3network. Note For more information about the

Note

For

more

information about

the

HP-VMware

networking solution,

visit:

HPVirtualCloudNetworking

Cloudcomputingisincreasinglyattractivetobusinessesbecauseoftheagility,costsavings,and

efficiencyitprovides.However,thesesamebusinessesarefindingthemselveslimitedbythecomplexity

anddisjointedarchitecturesoflegacynetworks:notonlyarelegacynetworkscomplex,theyarealso

slowtoprovisionnewservicesandarelaborintensive.Theydonothavetheagilitytomeetthe

challengesof“TheNewStyleofBusiness,”characterizedbytheinterrelatedtrendsofcloud,security,

mobility,andbigdata.

mobility,andbigdata. Figure2-23:HPVirtualCloudNetworking(VCN)

Figure2-23:HPVirtualCloudNetworking(VCN)

Tomeettheconstantlyevolvingneedsofyourcustomers,youneedanetworkinfrastructurethatworks

withyou,notagainstyou—onethatnotonlyisagileenoughtodeliverrobustandscalableservicesbut

alsosimpleenoughtolowercostsandlimitcomplexity.

TheHPVCNSDNapplicationcanhelpyoudojustthat.TheHPVCNSDNapplicationistheenhanced

networkingmoduleofHPHelionOpenStack(seeFigure2-23),deliveringnetworkvirtualizationenabled

bySDNandorchestratingtheentiredatacenterinfrastructure.

TheVCNSDNapplicationhelpscloudprovidersandenterprisesbuildarobustmultitenantnetworking

infrastructurethatisabletodeliverready-to-usecompute,storage,andnetworking.Itprovides:

• Scalable,secure,andhardenedenterprisecloudnetworking

• CompleteaccesstoanopenSDNecosystemthatincludesHPandthird-partySDNapplications

TheHPVCNSDNapplicationintegrateswiththeHPVANSDNControllerandleveragesOpenFlowto

createaunifiedcontrolforthedeploymentofdynamicpolicyonboththevirtual(OpenvSwitch)and