Simplifying Wired Network Deployments with Software-Defined Networking (SDN)

Editor's Notes

• #7: Networking has been too hard for too long.
• #8: Bullets: Our vision for SDN is to create a programmable network that delivers business applications quickly To offer agility for the network As well as alignment for the network It has to include consistent architecture across the enterprise: DC, campus and branch It must be built on open standards that enable an open ecosystem, so that everybody can participate – partners, customers and developers And that open ecosystem will reignite innovation for the networking industry (new apps) And those innovations need to be easily accessible to customers in a new marketplace that enables new business models
• #9: Bullets: Review of what is SDN architecture – separation of the control plan, data plan and the application plan South Band API (Open Standard Openflow) – North Band API (fully programmable) Architecture we created from the beginning. Consistency in our approach.
• #10: I have to rip and replace all my switches to transition to SDN Once I move to SDN, I can’t use traditional networking anymore To install an application I need all my switches to be SDN enabled
• #11: HP uses Openflow to add an additional control plane to your existing network. This additional control plane is used selectively perform useful tasks on specific flows. The existing control plane of your network functions pretty well today, we don’t need to reinvent the wheel. Instead we focus on integrating with your existing control plane and in so doing add value to your network without major redesign.
• #14: And for security, this is the honest-to-God truth: Once we understood how to install HP Net Protector with SDN we created a simple script in IMC and pushed it out to 400 switches. It probably took less than 15 minutes, and we had our entire district up and running for just a fraction of the cost of what that same type of security solution would have cost years ago.”
• #15: Network Protector 1.0 was the first product we shipped on this journey… It involves leveraging TPT’s DNS reputation security intelligence feeds to identify malware, spyware, and botnets. By using SDN, we are able to intercept all DNS requests at the access port level network wide to provide distributed coverage that is updated every few hours from the TippingPoint RepDV cloud feed. Protector takes all DNS req and filters that against a database of over 1million known bad DNS sites updated by TippingPoint multiple times a day
• #17: Read: HTM Case Study - KPMG and American Fidelity Assurance.pdf Watch: HTM Case Study - American Fidelity Assurance Company.mp4
• #19: 40X :  Eg: A domain with 200 switches we can cover with Network Visualizer for $5K. Fluke Networks Atap can only tap a single 1Gig port at $1K. So we would need $200K to cover 200 switches  $5K vs $200K = 40X of cost saving http://www.testequipmentdepot.com/products.htm?item=ATAP100&ref=gbase&gclid=CjwKEAiAmuCnBRCLj4D7nMWqp1USJABcT4dfB3ViWWBH4AsJj22Pmiw6Mk_s4D4cN1rOpBlo5DJk2RoCL3vw_wcB
• #21: Flexibility of SDN architecture, streamlined management open standards
• #23: 40X :  Eg: A domain with 200 switches we can cover with Network Visualizer for $5K. Fluke Networks Atap can only tap a single 1Gig port at $1K. So we would need $200K to cover 200 switches  $5K vs $200K = 40X of cost saving http://www.testequipmentdepot.com/products.htm?item=ATAP100&ref=gbase&gclid=CjwKEAiAmuCnBRCLj4D7nMWqp1USJABcT4dfB3ViWWBH4AsJj22Pmiw6Mk_s4D4cN1rOpBlo5DJk2RoCL3vw_wcB
• #27: Bullets: Today we are announcing the Go Live of the HP SDN App Store. Accelerated time to ROI Validated solutions for customer to realize the benefits of cloud, big data, mobility and security with enterprise ready solutions Agility Seamless deployments of solutions. Example F5 app: Before the app store, solutions were tested and purchased separately, slowing customers ability to innovate and focus on business outcomes. After the app store, the solutions are integrated seamlessly with a simple click, download and install. Standards-based Lowers barrier for innovations to all
• #28: Bullets: We have been very busy over the past year building out an entire ecosystem: Over 30 Million SDN-ready ports in production providing customers a rapid path to the new style of IT while providing developers a large market. 5000+ downloads of our SDN controller, compared to Cisco’s 30 APIC customers 100+ APIS, but not only the APIs, but full developer community, support, services and a sales model 5K man hours in certification of SDN apps 5 developer events globally providing support to our growing community 5K downloads of our developer kit and 30+ ecosystem partners…we are just getting started
• #34: Critical to HP Networking’s SDN Strategy is the enablement of Hybrid SDN. At a very high level, we insert OpenFlow decisions into a standard switching pipeline. The traditional switch still works like it always has, but we’ve added a new set of instructions, powered by OpenFlow, into how the switch forwards traffic. By architecting the switch and asic in this way we can design SDN solutions that are incredibly easy to implement in a customer’s network. No major network architecture changes are required and we can turn SDN on and off at will. Critical to our Hybrid SDN architecture is the OpenFlow output port Normal. OpenFlow port Normal is an output port that simply ejects the network frame from the OpenFlow pipeline and places it back to the switch to continue the standard switch forwarding. This means, that when processing OpenFlow rules, we always default to sending the frames out OpenFlow unless there is an over-riding alternate Output port, i.e. DROP This architecture allows for many SDN operations to occur in the OpenFlow pipeline (Write DSCP, Copy DNS to controller, etc) and then put the packets back to the switch to forward like “normal.” All of HP’s three SDN applications are enabled by this Hybrid SDN technology.  Hybrid OpenFlow deployments will used by many of us as a place to start with SDN with fairly low risk and flxible enough to integrate into existing architectures.  If you compare a hybrid OpenFlow edge to the overlay data center architectures, not much is different. What the normal action translates to, is the ability to redirect “interesting traffic” that you want to push into an OpenFlow application, if there is not a match by the OpenFlow flow rules, it matches the normal action for typical packet forwarding. In summary, hybrid techniques allow for early explorations of the new found freedoms that open systems present, by cherry picking traffic for particular applications, while still performing traditional functionality in packet forwarding for routine operations.
• #35: As referenced, all three HP SDN Applications require Hybrid SDN This is a example of how network optimizer interacts with Hybrid SDN When a packet passes through the switch, it flows through the openflow pipeline. When there is a match, that rule is processed in the OpenFlow pipeline. Every rule has a match, action and output. With Network Optimizer, you can see the information that is used for match, underlined in Red. The details are supplied to the controller from Microsoft and the controller sends the complete openflow rule to the switch. Upon matching a frame, the switch now applies the rule that originated from Network Optimizer. This means that the switch now re-writes the IP DSCP value and sets the L2 Priority. And, finally the switch forwards the frame to the Normal port, fully exemplifying Hybrid SDN. Lync SDN API Sends information to Controller Controller Sends Information to Switch Switch Implements Action per Controllers Instructions Only the Actions Optimizer Cares about are Touched OpenFlow Pipeline ignores all non-lync traffic OpenFlow Rule: Match : Lync Source IP … (etc) Set DSCP : 46 Output Forward Norma
• #36: Contest Overview - Aruba is running a marketing campaign where we ask “What is your IT superpower?” - Go to arubatitans.com to take a quick quiz to discover your superpower. - Share your results with friends and encourage others to play the game - Once you share, go to the Social and Community Hub, Gracia Commons, 3rd fl to pick up your free superpower shirt. FAQ 1. What do I have to do to get a shirt? Share your IT superpower results with friends and encourage them to play the game. Then come to the Social & Community Hub, 3rd Floor Gracia Commons to pick up your shirt. We just need your name and badge for verification. 2. Where do I get my shirt? Come to the #ATM16 Social & Community hub located at Gracia Commons on the 3rd Floor 3. Do I have to be at the event to get the shirt? Yes. You have to be at #ATM16 to get a shirt. 4. Can I get my colleague a shirt? He/she is in a session right now. Unfortunately not. We encourage your colleague to participate so that they can win a shirt for themselves. 5. Can I bring a shirt home for my colleague? Unfortunately not. You have to be at #ATM16 to get a shirt. 6. You don’t have a shirt in my size, can you ship the right size to me later? Unfortunately not. Please select the best size from our inventory on site.