思科SP-SDN解决方案

©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential1©2012Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential1思科SDN解决方案介绍–EvolvedServicePlatform（演进云服务平台）©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential2传统电信运营商遇到的挑战流量增长迅速运营复杂/成本增加业务不灵活上线时间慢竞争压力加大缺乏创新赶不上市场节奏云计算、虚拟化改变IT产业思维，但是。。。。。X86计算性能大幅提高虚拟化OS技术逐渐成熟服务器虚拟化数据中心网络虚拟化网络功能虚拟化NfV©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential3安全管控控（VLAN,Firewall,IPS,ACL,…)IPAddress,VLAN,VRF网络实现互联ApplicationRequirementsIP/MACAddress应用需求-不断增加•传统网络手段在解决用户互联时需要将多个服务控制层手工拼接起来，繁琐，复杂而且不灵活，容易出错•思科SDN解决方案借助overlay以及服务抽象化概念实现应用需求与底层传送架构的分离，方便用户业务策略化自动调度部署流量重定向、负载均衡、内容转换PBR,WCCP,VRFRouteLeak“SDN就是网络编译器”PublicInternetL3VPNServerVLANSFirewallOutsideVLANFirewallInside,ACEoutsideVLANAS65522RPRPAS109ASA-VPNFront-endVRFBack-endVRFShared/publicVLANASA-FWWANEdge(NGNPE)AggregationService-CoreAggregationComputeASA-VPNASA-FWeMBGPVRFVRFeBGP+staticredist.VRF**********TennantL3Edge(VRF-CE)L3VPNEdge(DC-PE)L3VPNEdge(NGN-PE)ApplicationSpecificConnectivity网络互联DynamicprovisioningofconnectivityexplicitlydefinedfortheapplicationServiceAbstractionLayer业务及网络抽象层ApplicationRequirements业务需求Layer1Layer2Layer3Layer4-7©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential4底层物理传送网络DCInterconnect(e.g.:ASR9000)©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential5底层物理传送网络上层逻辑业务网络底层物理传送网络变成可随时创建的业务网络资源池©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential6PhysicalNetwork底层物理传送网络变成可随时创建的业务网络资源池©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential7PhysicalNetwork底层物理传送网络变成可随时创建的业务网络资源池©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential8应用调度管理（Application/WorkloadOrchestrationandScheduler）抽象化、统一信息数据模型（UnifiedInformationDataModelandAPI）PolicyControllerComputePolicyControllerStoragePolicyControllerNetworkFabricEndpointGroup(EPG)ApplicationZoneGraphedgeContract可扩展的多租户管理针对NfV和VPC(虚拟私有云）路由优化网络功能虚拟化NfV与运营商广域网无缝对接端到端服务质量保障SLA自服务，基于策略的自动化流程管理©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential9可扩展的多租户管理针对NfV和VPC(虚拟私有云）路由优化网络功能虚拟化NfV与运营商广域网无缝对接端到端服务质量保障SLA自服务，基于策略的自动化流程管理应用调度管理（Application/WorkloadOrchestrationandScheduler）抽象化、统一信息数据模型（UnifiedInformationDataModelandAPI）PolicyControllerComputePolicyControllerStoragePolicyControllerNetworkFabricEndpointGroup(EPG)ApplicationZoneGraphedgeContract©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential10vSOC虚拟系统运营中心vPE-F虚拟路由转发NfV虚拟化服务DCIGateway数据中心广域互联网关WAN/VPNCore运营商数据中心vSoCvPE-FNfVVM数据中心软件Overlay网络运营商NGN网络DCWANGateway广域网调度控制器WANOrchestrationController广域网调度控制器©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential11Server1服务器3Multi-TenantDataCenterTenant1VM1Tenant2VM1vPEFVRF2VRF1数据中心Overlay网络IPNGNMPLS-VPNVRF1VRF2VRF3DCgatewayASR9K/1K服务器1服务器2Tenant1VNF1VMTenant2VNF1VMvPEFTenant1VNF2VMTenant2VNF3VMvPEFVRF2VRF1VRF2VRF1MPLSoGRE,VXLAN,L2TPv3BGPCLI,XML,NetConf/YANGElasticnetworkservices弹性网络服务ElastictenantWorkloads/VMsRESTAPIsNetConfig/Yang/I2RSSystemMgmt(Install/AdminHAControl)OrchestrationNetworkControlComputeControlStorageControlNetconf(YANG)RESTAPIsRESTAPIsVirtualSystemsOperationsCenter(vSOC)©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential12Server-1Server-3Server-4Server-2SPWAN(L3VPN,L2VPN,IPv4/v6,Internet)DCIServer-2Server-3VMWALMARTVM1GE-WEBvPE-fL2/L3VRFFIBVMWALMARTVM1GE-DBvPE-fL2/L3VRFFIBL3L3VMWALMARTVM1GE-FWvPE-fL2/L3VRFFIBL3L3VMWALMARTVM1GE-NATvPE-fL2/L3VRFFIBL3ServiceRoutingDCIRouting虚拟系统运营管理中心(vSOC)DHCPDNS虚机弹性管理(ESC)域名和地址管理路由控制策略数据库AdminInterface网络监控BSS/OSSIntegration服务配置管理VMOrchestratorvSOC-ClusterControllervSOCInfrastructure(Orchestration,EventNotification/Messaging)网络服务模板定义(多租户)Restful-APIInterfaces12ServiceVMmanagement3DHCPDiscover/Offer4ServiceConfiguration6ServiceRouteProvisioning5BGPRouting7©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential13DCIPEvPE-FVRF“A”VRF“B”VRF“A”VRF“B”DCIPE数据中心底层物理连接网络vPE-FvSOC(vPE-C)CentralizedControlPlaneIP/MPLSBackboneMP-BGPSessionsvPE-FControlMPLSoGRE/VXLAN/NVGREOverlayMPLSoGRE/VXLAN/NVGREOverlayDCIPEMPLSoGREorVXLAN运行在单独的VM，无需驻留在OSKernel，增强系统可移植性、可靠性，容错性，支持HA/ISSU二三层转发表由控制器集中管理(使用RESTConf/Yang标准协议语言)多种网络封装协议：MPLSoGRE，VXLAN，L2tpv3L2cross-connect©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential14ThreeTierFatTreeSingleTierAccessAggregationTypeSingleTierFull-MeshComputerClusterFoldedClos•底层网络依应用需求可采用多种拓扑结构•提供高可靠大容量网络连接•网络支持点到点、点到多点传送能力•采用适合应用需求的高性价比设备Server-1Server-3Server-4Server-2SPWAN(L3VPN,L2VPN,IPv4/v6,Internet)数据中心DCI©2010Ciscoand/oritsaffiliates.Allrightsreserved.CiscoConfidential15Server-1Server-3Server-4Server-2SPWAN(L3VPN,L2VPN,IPv4/v6,Internet)DCIServer-2Server-3•每个用户在各个vPE-f上拥有独立的二层转发表•vPE-fpopulatedwithMACentries•VMsseeeachotherinanL2segment•MTtrafficencapsulatedinsingletransporttunnel•通常只有很少一部分应用需要严格的二层网络ThreeTierFatTreeSingleTierAccessAggregationTypeSingleTierFull-MeshComputerClusterFoldedClosVMWALMARTVM1GE-WEBvPE-fL2/L3VRFFIBVMWALMARTVM1GE-DBvPE-fL2/L3VRFFIBVM1GE-DBVM2GE-WEBVirtualTopologyL2L2MPLS-over-GRE(or)VXLAN(or)L2TPv3TunnelsDataCenter©2