Next-generation Data Center Solution Big Switch Monitoring Fabric

Transcript

1. Next-generation Data Center Solution
   Big Switch Monitoring Fabric
   Phil Huang
   SDN Solution Engineer, Open Networking Division
   

   View Slide

2. About Me
   © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
   Phil Huang
   § Edgecore SDN Solution Engineer
   § Big Switch Networks
   § Cumulus Linux
   § Pica8
   § OF-DPA & Open Network Linux
   § ONOS/CORD Ambassador
   § blog.pichuang.com.tw
   

   View Slide

3. Agenda
   © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
   § Why Big Switch Networks?
   § Why Big Monitoring Fabric (BMF)?
   § Overview
   § Out-of-Band && Inline
   § Architecture
   § Use Cases
   § Big Secure Architecture
   § Big Switch Networks Labs
   

   View Slide

4. Why Big Switch Networks?
   The Next-Generation Data Center Networking Company
   © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
   

   View Slide

5. About Big Switch Networks
   © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
   Delivery Hyperscale-style Networking/Monitoring To Any Datacenter
   Big Cloud Fabric
   Integrate with
   • VMWare
   • OpenStack
   DC Switching Solution DC Security and Monitoring Solution
   Big Monitoring Fabric
   • Pervasive Visibility
   • DMZ Security
   

   View Slide

6. Shared ”One Big Switch” Architecture
   © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
   • Traditional Netframe Design
   • Single point of management
   • Proprietary, Vendor Lock-in, Fixed slots
   BIG CLOUD
   FABRIC
   CONTROLLER
   Hierarchical
   Control Plane
   1 3
   SPINE SWITCHES
   2
   10G/40G
   Backplane
   4
   1 3
   2 4
   COMPUTE WORKLOAD
   SERVICES & CONNECTIVITY
   RACKS
   COMPUTE WORKLOAD
   LEAF SWITCHES
   Physical
   &
   Virtual
   Workloads
   1G/ 10G/40G
   Workloads
   • Disaggregated Netframe – One “Big Swich”
   • Open, Centralized management, Vendor choice
   Easy for scale-out your network
   

   View Slide

7. Why Big Monitoring Fabric?
   SDN Enabled, Ultra Low Cost Network Visibility
   © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
   

   View Slide

8. Application Performance Monitoring
   Network Performance Monitoring
   Security Monitoring
   Customer Experience Monitoring
   Traffic Analytics / Recorders
   Network Monitoring Solution Landscape
   © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
   

   View Slide

9. Legacy NPB Challenge
   © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
   PRODUCTION NETWORK
   Non-optimal Monitoring
   Monitoring at Core due to
   High NPB costs
   Want to Monitor deeper?
   Buy more NPBs (& tools)
   NPB
   VISIBILITY TOOLS
   NPB
   VISIBILITY TOOLS
   Growing your network?
   Buy even more NPBs
   NPB
   VISIBILITY TOOLS
   Box-by-box config,
   troubleshooting
   (Complex & Expensive)
   Limited, siloed network
   visibility
   (Suboptimal tool usage)
   Siloed access to your high-priced tools
   (Suboptimal tool usage)
   TAPS / SPAN Ports
   NPB: Network Packet Breaker
   

   View Slide

10. BMF Inline Architecture
    © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    Trusted Zone
    DC / Enterprise /
    Campus Network
    Untrusted Zone
    Internet / ISP
    10/40/100G
    Big Monitoring
    Fabric Controller
    Web Proxy
    IPS
    SSL
    Decryption
    Inline Tool Chains
    Traffic Distribution / Load Sharing
    CABS APT
    Protection
    DMZ
    Firewall
    Perimeter
    Firewall
    

    View Slide

11. Use Case – DMZ / Inline Security
    © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    Untrusted Zone
    Internet / ISP
    10/40/100G
    Big Monitoring
    Fabric Controller
    Trusted Zone
    Switch B
    Trusted Zone
    Switch A
    Trusted Zone
    Switch C
    A
    B
    C
    Firewall Pool
    IPS Pool
    

    View Slide

12. Use Case – Active Defense System
    © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    10/40/100G
    Big Monitoring
    Fabric Controllers
    (HA-enabled)
    Trusted Zone
    Campus Network
    Untrusted Zone
    Internet / ISP
    Firewall
    Log Analysis
    IDS
    IPS
    Non-whitelisted Data Traffic
    Whitelisted Data Traffic
    SPAN
    Control Plane Alerts
    Alerts
    1. Whitelisted
    Traffic
    Notification
    2. Invoke BMF Controller REST API
    3. Auto-program whitelist rules
    Research Institute
    • Easy to use
    • Simplified deployment for handing high
    performance data transfers
    

    View Slide

13. BMF Out-of-Band Architecture
    © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    TAP / SPAN
    DC / Enterprise /
    Campus Network
    Visibility Tools
    1. Network Performance
    Monitoring
    2. Application Performance
    Monitoring
    3. Security Tools
    4. VoIP Monitoring
    5. Flow-based Monitoring
    Centralized Tool Farm
    Scale-up/out Network
    1/10/40/100G Open Network Switch
    Service Ports
    Filter Ports
    Delivery Ports
    Service Nodes / NPB
    Switch Fabric with Service Nodes
    Big Monitoring
    Fabric Controller
    

    View Slide

14. Use Case – Centralized Tools and Management
    © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    Remote Location Monitoring
    Troubleshoot network problems in remote
    locations via centralize tools
    Building A
    US Advanced Technology Provider
    L2 GRE Tunnels
    Big Monitoring
    Fabric Controllers
    Service Ports
    Tunnel Ports
    Delivery Ports
    Service Nodes / NPB
    Visibility Tools
    Primary Data Center / NOC
    10/40G Open Network Switch
    Building X
    

    View Slide

15. Use Case – Pervasive Security
    Centralized
    Tool Farm
    Tier-1 US Financial Services Institution
    • Centralized tool farm for 120 racks
    • Mix of 1/10/40G TAPs, SPANs and Tools
    • NPB costs were reduced by more than 60%
    • Increasing monitoring network capacity
    

    View Slide

16. © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    • Dynamic, Terabit-scale Cyber-defense
    Programmability
    Traffic path
    Attack Detection
    &
    Scale-out Mitigation
    Internet-based
    Applications/Services BigSecure Architecture
    Big Mon
    Controller(s)
    2.
    High-BW
    Attack
    Signatures
    API
    L2 – L4
    Mitigation
    3rd party
    Security
    Tool Chain
    1.
    Attack
    Detection,
    Mitigation
    INTERNET
    DMZ
    NFV Nodes for
    Tool VNFs
    3.
    Elastic
    Mitigation
    (Terabit-
    scale)
    L4 – L7
    Mitigation
    Big Mon
    Service Nodes
    BigSecure Architecture
    • Security tools detect & mitigate attack
    • For high-BW attacks, security tool
    communicates attack signature(s) to BMF
    Controller
    • Programs switch fabric to mitigate L2-L4
    attacks
    • Programs service node(s) to mitigate L4-
    L7 attacks
    • Load balances tool VNFs on NFV node(s)
    • Re-orders service chain to front-end
    elastic mitigation
    

    View Slide

17. Big Mon Service Node
    © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    § Accton DPDK Advanced Packet Services Appliance
    § 40G Service Node
    § 160G Service Node
    § Advanced Packet Services
    § De-duplication
    § Packet Slicing
    § Regex/DPI Filtering
    § Netflow Generation
    § Header Decapsulation
    § Packet Masking
    § Software-based Timestamping
    BigSecure Architecture
    Big Mon
    Controller(s)
    L4 – L7
    Mitigation
    Big Mon
    Service Nodes
    

    View Slide

18. Big Switch Networks Lab
    Hands-On Experience with SDN Products
    © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    

    View Slide

19. Big Switch Labs Link
    © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    http://labs.bigswitch.com/edgecore
    

    View Slide

20. Try Different BSN Use Cases
    © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    Big Monitoring Fabric
    § Inline
    § Out-of-Band
    § Analytics
    Big Cloud Fabric
    § P / P+V Edition
    § OpenStack Integration
    § VMWare vCenter
    § Programmability and Automation
    

    View Slide

21. Cumulus®
    Linux®
    Network OS
    

    View Slide

22. We are READY to work with you!
    

    View Slide

23. © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    Open Networking
    from
    Freedom
    Control
    Innovation
    

    View Slide

24. © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
    

    View Slide