Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
•Download as PPTX, PDF•
3 likes•2,176 views
This session provides an overview of HPE's Software Defined Networking (SDN) feature set and will review the benefits of following SDN apps for network operations and IT security teams: HPE Network Protector, HP Network Optimizer, and HP Visualizer.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
Similar to Simplifying Wired Network Deployments with Software-Defined Networking (SDN) (20)
More from Aruba, a Hewlett Packard Enterprise company
More from Aruba, a Hewlett Packard Enterprise company (20)
Recently uploaded
Recently uploaded (20)
Simplifying Wired Network Deployments with Software-Defined Networking (SDN)
- 1. #ATM16 Enhanced network security, visibility and optimization with SDN Craig Mills, March 2016
- 2. 2#ATM16 Agenda • SDN in a mobile first campus • Visibility • Security • Optimization
- 3. 3#ATM16 Aruba mobile-first campus product line-up AirWave and IMCSDN and Mobility Controllers ClearPass 802.11ac Wave 1 & 2 Wired Edge, Distribution and Core BLE Beacons Cloud-Based Central Network Optimizer SDN App Network Protector SDN App Network Visualizer SDN App
- 4. 4#ATM16 Mobile-first campus building block
- 5. 5#ATM16 What is the challenge you are facing? “How do I get a better experience from a unified communication device?” “How do I limit what students are viewing during school hours?” “How can I resolve network issues faster?”
- 6. 6#ATM16 Legacy networks are holding back the full-potential “My network is complex and it takes months to deploy applications.” Too Complex “ I have to manually configure each and every switch for this new application .” Too Manual “Network is too static to respond to my applications .” Too Static
- 7. 7#ATM16 Networks operating at the speed of business SDN vision and strategy Creating programmable networks to align with business applications Data center, campus & branch automation Open Standards ecosystem Reignite innovation Easily accessible marketplace Simple Agile Automated
- 8. 8#ATM16 SDNArchitecture Application Control Infrastructure Separate control and data plane; abstract control plane of many devices to one Deliver open programmable interfaces to orchestrate network service automation Open standard-based programmatic access to infrastructureNetwork Device Network Device Network Device Controller Cloud Orchestration SDN Applications Open Programmable Interface Open Programmable APIs SDN framework
- 9. 9#ATM16 Enhance your existing network with SDN HPE Hybrid SDN Solution Ease of adoption in multi vendor environment Turn on/off SDN without impacting the network Enhance performance and scale
- 10. 10#ATM16 Hybrid SDN network architecture Maintain the protocols that work, add value on top Network Device Network Device Virtual Device Controller SDN Applications CLI SDNArchitecture Management Control Infrastructure Traditional (OSPF, NETCONF) CLI
- 11. 11#ATM16 Aruba SDN Solution Portfolio Aruba 5400R VAN SDN Controller Protector VisualizerOptimizer iMC VAN SDN Manager OptimizationSecurity Visibility and Orchestration Aruba 3810 Aruba 2920
- 12. 12#ATM16 ONCE YOU MOVE TO BYOD…
- 13. 13#ATM16 Real time threat protection across enterprise networks HPE Network Protector SDN application − Simple security for BYOD − Malware/Botnet/ Spyware protection − Zero threat protection at the edge with IPS as a service − Online testing assurance Protection from 1.5M daily threats <1 hr deployment1 1/4 cost vs. hardware security1 1. South Washington County schools case study
- 14. 14#ATM16 HPE Network Protector Bringing security to the edge of the network Core Distribution Edge TippingPoint Reputation DV data base (1.5M Known bad hosts) HPE Virtual Application Networks Controller with Network Protector SDN Application
- 15. 15#ATM16 South Washington County Network Protector SDN App • Maintain 31-site wired and wireless network serving over 30,000 users with 1 staff member • Deploy in less than 1 hour • Fraction of the cost, $200K vs $2million of hardware
- 16. 16 COLLABORATION IN THE DIGITAL WORKPLACE
- 17. 17#ATM16 SOFTWARE CONTROLS FOR UNIFIED COMMUNICATIONS 1000s of 802.11ac access points 100s of OpenFlow capable wired access and core switches Mobility Controller with AppRF technology SDN Controller with Network Optimizer app
- 18. 18#ATM16 Automating policy for enterprise networks • Enhanced user experience • Simplified policy deployment • Dynamic traffic prioritization based on user/device •Application integration ready HPE Network Optimizer SDN application 1. Internal calculations 2. Deltion college case study 80% reduction in complexity1 270% improvement in call quality1 40% improvement in S4B quality 2
- 19. 19#ATM16 HPE Network Optimizer SDN Application - Microsoft Lync User: LindaUser: James Network Optimizer HPE VAN SDN Controller Active Directory, Exchange & SharePoint . Lync SDN API HPE Server HPE Server Aruba 5400R Aruba 3810 Aruba 2920 Ringing… Dialog Start OpenFlow Modify QoS DSCP Rules
- 20. 20#ATM16 Deltion College Network Optimizer & Kemp Load balancing • 15,000 students and 1,200 staff • Enhanced user experience by 40% • Latency issues with added bandwidth demands for video and desktop sharing eliminated • Enabled to expand its video-based instruction and be responsive to changing business needs
- 21. 21#ATM16 INVESTIGATING ISSUES ARE DISRUPTIVE, TIME CONSUMING AND MANUAL
- 22. 22#ATM16 Instant troubleshooting • Solve help desk issues in a matter of seconds vs minutes • Real-time visibility and diagnosis • Simple & automated troubleshooting requiring low level network detail • Proactively monitor the network to reduce the number of help desk issues 40X Cost saving for network diagnostics1 HPE Network Visualizer SDN application 1. Internal calculations
- 23. 23#ATM16 HPE Network Visualizer SDN Application Dynamic traffic capture Core Distribution Edge HPE Network Visualizer SDN App HPE VAN SDN Controller Traffic capture Traffic Repository
- 24. 24#ATM16 HPE Network Visualizer Roadmap Features Visualizer 1.1 release – Connection path determination – SDN Topology View – Host location – DNS (in place of IP) driven traffic capture – Path Performance: Link Packet loss – Packet Capture RESTful API – ClearPass User-ID integration – AD User-ID integration
- 26. 26#ATM16 HPE SDN App Store 90% 1 60% 1 Shorter time to Service 100%Standards-based and open Lower costs … and enterprise ready 50Switches SDN- enabled 1 Based on internal Study
- 27. 27#ATM16 – SDK Kit: 5000+ downloads – 5 Developer events globally – Ecosystem Partners: 30+ – Over 30 million SDN-ready ports – 50 SDN-enabled network devices – SDN Controller – 7500+ downloads – Customers and development partners – Number of available APIs: 100+ – JAVA/ REST/ PYTHON – Curated Apps: – 3 HPE and 19 Partner – BlueCat, F5, Riverbed, … – Protector, Optimizer, Visualizer We’ve accelerated our innovation over the last year
- 28. 28#ATM16 Accelerate Innovation with Partners OptimizationSecurity Visibility and Orchestration 89 SDN Members Select SDN Customers 21 SDN Apps
- 29. 29#ATM16 Bama Foods Network Optimizer & Blue Cat DNS & Real Status Hyperglance • Enhanced user experience • Lower overall IT infrastructure cost • Enables a real-time, 360-degree view of the entire network through Real Status Hyperglance SDN App and BlueCat DNS Director SDN App
- 30. 30#ATM16 Get more information Attend these sessions: Visit these demos: Contact us: – www.hpe.com/networking/sdn – www.arubanetworks.com – www.hpe.com/networking/sdnappstore Your feedback is important to us. Please take a few minutes to complete the session survey. DWS8 - Software-Defined Networking (SDN) deep dive: 3rd-party ecosystem apps and the app store PD10 - LIVE DEMO: HPE SDN applications Tech Playground
- 31. 31#ATM16
- 33. 33CONFIDENTIAL © Copyright 2015. Aruba Networks, an HP company. All rights reserved. Hybrid SDN Flowchart Enable new solutions* without Major Disruption Hybrid SDN enabled by optional OpenFlow Pipeline OpenFlow decisions inserted into Forwarding Pipeline May be enabled/disabled at will Enabled on Per VLAN Basis OpenFlow actions typically before Forwarding Output Port: Normal Port Ingress Forwarding Logic ACL Logic Port Egress Port Ingress OpenFlow Pipeline Forwarding Logic ACL Logic Port Egress Traditional Forwarding SDN Hybrid Forwarding Enable OpenFlow *Network Optimizer, Network Protector and Network Visualizer enabled by Hybrid SDN
- 34. 34CONFIDENTIAL © Copyright 2015. Aruba Networks, an HP company. All rights reserved. Network Optimizer leveraging Hybrid SDN Flow 9 Match Incoming Port : Any Ethernet Type : IP Source MAC : Any Destination MAC : Any Source MAC Mask : 000000-000000 Destination MAC Mask : 000000-000000 VLAN ID : Any VLAN priority : Any Source IP Address : 192.168.10.100/32 Destination IP Address : 192.168.50.34/32 IP Protocol : UDP IP ECN : Any IP DSCP : Any Source Port : 46772 Destination Port : 19924 Attributes Priority : 35010 Duration : 1000 seconds Hard Timeout : 0 seconds Idle Timeout : 60 seconds Byte Count : NA Packet Count : 72495 Flow Table ID : 100 Controller ID : 1 Cookie : 0x9999 Hardware Index: 19 Instructions Apply Actions Modify IP DSCP : 46 Modify VLAN PCP : 5 Normal Skype4B Call Details Set DSCP & L2 QoS Normal
- 35. 35#ATM16 Join Aruba’s Titans of Tomorrow force in the fight against network mayhem. Find out what your IT superpower is. Share your results with friends and receive a free superpower t-shirt. www.arubatitans.com
Editor's Notes
- Networking has been too hard for too long.
- Bullets: Our vision for SDN is to create a programmable network that delivers business applications quickly To offer agility for the network As well as alignment for the network It has to include consistent architecture across the enterprise: DC, campus and branch It must be built on open standards that enable an open ecosystem, so that everybody can participate – partners, customers and developers And that open ecosystem will reignite innovation for the networking industry (new apps) And those innovations need to be easily accessible to customers in a new marketplace that enables new business models
- Bullets: Review of what is SDN architecture – separation of the control plan, data plan and the application plan South Band API (Open Standard Openflow) – North Band API (fully programmable) Architecture we created from the beginning. Consistency in our approach.
- I have to rip and replace all my switches to transition to SDN Once I move to SDN, I can’t use traditional networking anymore To install an application I need all my switches to be SDN enabled
- HP uses Openflow to add an additional control plane to your existing network. This additional control plane is used selectively perform useful tasks on specific flows. The existing control plane of your network functions pretty well today, we don’t need to reinvent the wheel. Instead we focus on integrating with your existing control plane and in so doing add value to your network without major redesign.
- And for security, this is the honest-to-God truth: Once we understood how to install HP Net Protector with SDN we created a simple script in IMC and pushed it out to 400 switches. It probably took less than 15 minutes, and we had our entire district up and running for just a fraction of the cost of what that same type of security solution would have cost years ago.”
- Network Protector 1.0 was the first product we shipped on this journey… It involves leveraging TPT’s DNS reputation security intelligence feeds to identify malware, spyware, and botnets. By using SDN, we are able to intercept all DNS requests at the access port level network wide to provide distributed coverage that is updated every few hours from the TippingPoint RepDV cloud feed. Protector takes all DNS req and filters that against a database of over 1million known bad DNS sites updated by TippingPoint multiple times a day
- Read: HTM Case Study - KPMG and American Fidelity Assurance.pdf Watch: HTM Case Study - American Fidelity Assurance Company.mp4
- 40X : Eg: A domain with 200 switches we can cover with Network Visualizer for $5K. Fluke Networks Atap can only tap a single 1Gig port at $1K. So we would need $200K to cover 200 switches $5K vs $200K = 40X of cost saving http://www.testequipmentdepot.com/products.htm?item=ATAP100&ref=gbase&gclid=CjwKEAiAmuCnBRCLj4D7nMWqp1USJABcT4dfB3ViWWBH4AsJj22Pmiw6Mk_s4D4cN1rOpBlo5DJk2RoCL3vw_wcB
- Flexibility of SDN architecture, streamlined management open standards
- 40X : Eg: A domain with 200 switches we can cover with Network Visualizer for $5K. Fluke Networks Atap can only tap a single 1Gig port at $1K. So we would need $200K to cover 200 switches $5K vs $200K = 40X of cost saving http://www.testequipmentdepot.com/products.htm?item=ATAP100&ref=gbase&gclid=CjwKEAiAmuCnBRCLj4D7nMWqp1USJABcT4dfB3ViWWBH4AsJj22Pmiw6Mk_s4D4cN1rOpBlo5DJk2RoCL3vw_wcB
- Bullets: Today we are announcing the Go Live of the HP SDN App Store. Accelerated time to ROI Validated solutions for customer to realize the benefits of cloud, big data, mobility and security with enterprise ready solutions Agility Seamless deployments of solutions. Example F5 app: Before the app store, solutions were tested and purchased separately, slowing customers ability to innovate and focus on business outcomes. After the app store, the solutions are integrated seamlessly with a simple click, download and install. Standards-based Lowers barrier for innovations to all
- Bullets: We have been very busy over the past year building out an entire ecosystem: Over 30 Million SDN-ready ports in production providing customers a rapid path to the new style of IT while providing developers a large market. 5000+ downloads of our SDN controller, compared to Cisco’s 30 APIC customers 100+ APIS, but not only the APIs, but full developer community, support, services and a sales model 5K man hours in certification of SDN apps 5 developer events globally providing support to our growing community 5K downloads of our developer kit and 30+ ecosystem partners…we are just getting started
- Critical to HP Networking’s SDN Strategy is the enablement of Hybrid SDN. At a very high level, we insert OpenFlow decisions into a standard switching pipeline. The traditional switch still works like it always has, but we’ve added a new set of instructions, powered by OpenFlow, into how the switch forwards traffic. By architecting the switch and asic in this way we can design SDN solutions that are incredibly easy to implement in a customer’s network. No major network architecture changes are required and we can turn SDN on and off at will. Critical to our Hybrid SDN architecture is the OpenFlow output port Normal. OpenFlow port Normal is an output port that simply ejects the network frame from the OpenFlow pipeline and places it back to the switch to continue the standard switch forwarding. This means, that when processing OpenFlow rules, we always default to sending the frames out OpenFlow unless there is an over-riding alternate Output port, i.e. DROP This architecture allows for many SDN operations to occur in the OpenFlow pipeline (Write DSCP, Copy DNS to controller, etc) and then put the packets back to the switch to forward like “normal.” All of HP’s three SDN applications are enabled by this Hybrid SDN technology. Hybrid OpenFlow deployments will used by many of us as a place to start with SDN with fairly low risk and flxible enough to integrate into existing architectures. If you compare a hybrid OpenFlow edge to the overlay data center architectures, not much is different. What the normal action translates to, is the ability to redirect “interesting traffic” that you want to push into an OpenFlow application, if there is not a match by the OpenFlow flow rules, it matches the normal action for typical packet forwarding. In summary, hybrid techniques allow for early explorations of the new found freedoms that open systems present, by cherry picking traffic for particular applications, while still performing traditional functionality in packet forwarding for routine operations.
- As referenced, all three HP SDN Applications require Hybrid SDN This is a example of how network optimizer interacts with Hybrid SDN When a packet passes through the switch, it flows through the openflow pipeline. When there is a match, that rule is processed in the OpenFlow pipeline. Every rule has a match, action and output. With Network Optimizer, you can see the information that is used for match, underlined in Red. The details are supplied to the controller from Microsoft and the controller sends the complete openflow rule to the switch. Upon matching a frame, the switch now applies the rule that originated from Network Optimizer. This means that the switch now re-writes the IP DSCP value and sets the L2 Priority. And, finally the switch forwards the frame to the Normal port, fully exemplifying Hybrid SDN. Lync SDN API Sends information to Controller Controller Sends Information to Switch Switch Implements Action per Controllers Instructions Only the Actions Optimizer Cares about are Touched OpenFlow Pipeline ignores all non-lync traffic OpenFlow Rule: Match : Lync Source IP … (etc) Set DSCP : 46 Output Forward Norma
- Contest Overview - Aruba is running a marketing campaign where we ask “What is your IT superpower?” - Go to arubatitans.com to take a quick quiz to discover your superpower. - Share your results with friends and encourage others to play the game - Once you share, go to the Social and Community Hub, Gracia Commons, 3rd fl to pick up your free superpower shirt. FAQ 1. What do I have to do to get a shirt? Share your IT superpower results with friends and encourage them to play the game. Then come to the Social & Community Hub, 3rd Floor Gracia Commons to pick up your shirt. We just need your name and badge for verification. 2. Where do I get my shirt? Come to the #ATM16 Social & Community hub located at Gracia Commons on the 3rd Floor 3. Do I have to be at the event to get the shirt? Yes. You have to be at #ATM16 to get a shirt. 4. Can I get my colleague a shirt? He/she is in a session right now. Unfortunately not. We encourage your colleague to participate so that they can win a shirt for themselves. 5. Can I bring a shirt home for my colleague? Unfortunately not. You have to be at #ATM16 to get a shirt. 6. You don’t have a shirt in my size, can you ship the right size to me later? Unfortunately not. Please select the best size from our inventory on site.