Next-generation Data Center Solution Big Switch Monitoring Fabric

Transcript

1. Next-generation Data Center Solution Big Switch Monitoring Fabric Phil Huang

   <[email protected]> SDN Solution Engineer, Open Networking Division

2. About Me © 2017 Edgecore Networks. All rights reserved |

   www.edge-core.com Phil Huang § Edgecore SDN Solution Engineer § Big Switch Networks § Cumulus Linux § Pica8 § OF-DPA & Open Network Linux § ONOS/CORD Ambassador § blog.pichuang.com.tw

3. Agenda © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

   § Why Big Switch Networks? § Why Big Monitoring Fabric (BMF)? § Overview § Out-of-Band && Inline § Architecture § Use Cases § Big Secure Architecture § Big Switch Networks Labs

4. Why Big Switch Networks? The Next-Generation Data Center Networking Company

   © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

5. About Big Switch Networks © 2017 Edgecore Networks. All rights

   reserved | www.edge-core.com Delivery Hyperscale-style Networking/Monitoring To Any Datacenter Big Cloud Fabric Integrate with • VMWare • OpenStack DC Switching Solution DC Security and Monitoring Solution Big Monitoring Fabric • Pervasive Visibility • DMZ Security

6. Shared ”One Big Switch” Architecture © 2017 Edgecore Networks. All

   rights reserved | www.edge-core.com • Traditional Netframe Design • Single point of management • Proprietary, Vendor Lock-in, Fixed slots BIG CLOUD FABRIC CONTROLLER Hierarchical Control Plane 1 3 SPINE SWITCHES 2 10G/40G Backplane 4 1 3 2 4 COMPUTE WORKLOAD SERVICES & CONNECTIVITY RACKS COMPUTE WORKLOAD LEAF SWITCHES Physical & Virtual Workloads 1G/ 10G/40G Workloads • Disaggregated Netframe – One “Big Swich” • Open, Centralized management, Vendor choice Easy for scale-out your network

7. Why Big Monitoring Fabric? SDN Enabled, Ultra Low Cost Network

   Visibility © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

8. Application Performance Monitoring Network Performance Monitoring Security Monitoring Customer Experience

   Monitoring Traffic Analytics / Recorders Network Monitoring Solution Landscape © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

9. Legacy NPB Challenge © 2017 Edgecore Networks. All rights reserved

   | www.edge-core.com PRODUCTION NETWORK Non-optimal Monitoring Monitoring at Core due to High NPB costs Want to Monitor deeper? Buy more NPBs (& tools) NPB VISIBILITY TOOLS NPB VISIBILITY TOOLS Growing your network? Buy even more NPBs NPB VISIBILITY TOOLS Box-by-box config, troubleshooting (Complex & Expensive) Limited, siloed network visibility (Suboptimal tool usage) Siloed access to your high-priced tools (Suboptimal tool usage) TAPS / SPAN Ports NPB: Network Packet Breaker

10. BMF Inline Architecture © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com Trusted Zone DC / Enterprise / Campus Network Untrusted Zone Internet / ISP 10/40/100G Big Monitoring Fabric Controller Web Proxy IPS SSL Decryption Inline Tool Chains Traffic Distribution / Load Sharing CABS APT Protection DMZ Firewall Perimeter Firewall

11. Use Case – DMZ / Inline Security © 2017 Edgecore

    Networks. All rights reserved | www.edge-core.com Untrusted Zone Internet / ISP 10/40/100G Big Monitoring Fabric Controller Trusted Zone Switch B Trusted Zone Switch A Trusted Zone Switch C A B C Firewall Pool IPS Pool

12. Use Case – Active Defense System © 2017 Edgecore Networks.

    All rights reserved | www.edge-core.com 10/40/100G Big Monitoring Fabric Controllers (HA-enabled) Trusted Zone Campus Network Untrusted Zone Internet / ISP Firewall Log Analysis IDS IPS Non-whitelisted Data Traffic Whitelisted Data Traffic SPAN Control Plane Alerts Alerts 1. Whitelisted Traffic Notification 2. Invoke BMF Controller REST API 3. Auto-program whitelist rules Research Institute • Easy to use • Simplified deployment for handing high performance data transfers

13. BMF Out-of-Band Architecture © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com TAP / SPAN DC / Enterprise / Campus Network Visibility Tools 1. Network Performance Monitoring 2. Application Performance Monitoring 3. Security Tools 4. VoIP Monitoring 5. Flow-based Monitoring Centralized Tool Farm Scale-up/out Network 1/10/40/100G Open Network Switch Service Ports Filter Ports Delivery Ports Service Nodes / NPB Switch Fabric with Service Nodes Big Monitoring Fabric Controller

14. Use Case – Centralized Tools and Management © 2017 Edgecore

    Networks. All rights reserved | www.edge-core.com Remote Location Monitoring Troubleshoot network problems in remote locations via centralize tools Building A US Advanced Technology Provider L2 GRE Tunnels Big Monitoring Fabric Controllers Service Ports Tunnel Ports Delivery Ports Service Nodes / NPB Visibility Tools Primary Data Center / NOC 10/40G Open Network Switch Building X

15. Use Case – Pervasive Security Centralized Tool Farm Tier-1 US

    Financial Services Institution • Centralized tool farm for 120 racks • Mix of 1/10/40G TAPs, SPANs and Tools • NPB costs were reduced by more than 60% • Increasing monitoring network capacity

16. © 2017 Edgecore Networks. All rights reserved | www.edge-core.com •

    Dynamic, Terabit-scale Cyber-defense Programmability Traffic path Attack Detection & Scale-out Mitigation Internet-based Applications/Services BigSecure Architecture Big Mon Controller(s) 2. High-BW Attack Signatures API L2 – L4 Mitigation 3rd party Security Tool Chain 1. Attack Detection, Mitigation INTERNET DMZ NFV Nodes for Tool VNFs 3. Elastic Mitigation (Terabit- scale) L4 – L7 Mitigation Big Mon Service Nodes BigSecure Architecture • Security tools detect & mitigate attack • For high-BW attacks, security tool communicates attack signature(s) to BMF Controller • Programs switch fabric to mitigate L2-L4 attacks • Programs service node(s) to mitigate L4- L7 attacks • Load balances tool VNFs on NFV node(s) • Re-orders service chain to front-end elastic mitigation

17. Big Mon Service Node © 2017 Edgecore Networks. All rights

    reserved | www.edge-core.com § Accton DPDK Advanced Packet Services Appliance § 40G Service Node § 160G Service Node § Advanced Packet Services § De-duplication § Packet Slicing § Regex/DPI Filtering § Netflow Generation § Header Decapsulation § Packet Masking § Software-based Timestamping BigSecure Architecture Big Mon Controller(s) L4 – L7 Mitigation Big Mon Service Nodes

18. Big Switch Networks Lab Hands-On Experience with SDN Products ©

    2017 Edgecore Networks. All rights reserved | www.edge-core.com

19. Big Switch Labs Link © 2017 Edgecore Networks. All rights

    reserved | www.edge-core.com http://labs.bigswitch.com/edgecore

20. Try Different BSN Use Cases © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com Big Monitoring Fabric § Inline § Out-of-Band § Analytics Big Cloud Fabric § P / P+V Edition § OpenStack Integration § VMWare vCenter § Programmability and Automation

21. Cumulus® Linux® Network OS

22. We are READY to work with you!

23. © 2017 Edgecore Networks. All rights reserved | www.edge-core.com Open

    Networking from Freedom Control Innovation

24. © 2017 Edgecore Networks. All rights reserved | www.edge-core.com