Diapositiva 1
Download
Report
Transcript Diapositiva 1
Data Center
Virtualização e Programabilidade
Roger Oliveira
Engenheiro de Sistemas
Setor Público
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
• Redes Virtuais
• Serviços de redes Virtuais
• SDN e Redes Programáveis
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
2
© 2010 Cisco and/or its affiliates. All rights reserved.
App
App
App
OS App
OS
OS
OS
Hypervisor
App
App
App
OS App
OS
OS
OS
Hypervisor
Hypervisor
App
App
App
OS App
OS
OS
OS
Cisco Confidential
3
© 2010 Cisco and/or its affiliates. All rights reserved.
vSwitch
App
App
App
OS App
OS
OS
OS
Hypervisor
vSwitch
App
App
App
OS App
OS
OS
OS
Hypervisor
Hypervisor
App
App
App
OS App
OS
OS
OS
vSwitch
Cisco Confidential
4
App
OS
OS
OS
Def. Rede
Def. Rede
Def. Rede
vSwitch
© 2010 Cisco and/or its affiliates. All rights reserved.
vSwitch
Hypervisor
App
Hypervisor
Hypervisor
App
vSwitch
Cisco Confidential
5
App
OS
OS
OS
Def. Rede
Def. Rede
Def. Rede
vSwitch
© 2010 Cisco and/or its affiliates. All rights reserved.
Hypervisor
App
Hypervisor
Hypervisor
App
vNetwork Distributed
Switch
vSwitch
NexusvSwitch
1000V
Cisco Confidential
6
Virtual Ethernet Modules (VEM)
Até
128 VEMs*
ooo
VEM
VEM
Administrador de
Rede
Administrador de
Virtualização
vCenter
VSM
Virtual Supervisor Module (VSM)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
Supervisor
Supervisor
Line Card
VSMs
Backplane
Line Card
ooo
ooo
Line Card
Até128
VEMs
Nexus 7000
© 2010 Cisco and/or its affiliates. All rights reserved.
Nexus 1000V
Cisco Confidential
8
• Pode ser aplicado para múltiplas portas
• Pode incluir:
VLANs
ACLs
NetFlow
QoS
Private VLANs
port-profile WEB
switchport mode access
switchport access vlan 105
ip port access-group myacl in
no shut
vmware port-group
state enabled
...
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
9
port-profile WEB
switchport mode access
switchport access vlan 105
ip port access-group myacl in
no shut
vmware port-group
state enabled
Port Group
vCenter Server
© 2010 Cisco and/or its affiliates. All rights reserved.
Port-group WEB
Cisco Confidential
10
• Redes Virtuais
• Serviços de redes Virtuais
• SDN e Redes Programáveis
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
11
“Appliance”
Módulo
Nexus 1000v
Hypervisor
Serviço
Integrado
© 2010 Cisco and/or its affiliates. All rights reserved.
Virtualizado
Cisco Confidential
12
Infraestrutura Virtual
Infraestrutura Física
WAN Switches
Router
Servers
Imperva
SecureSphere
Cloud
WAF
Services
Citrix
Router
1000V
NetScaler
1000V
Network
Analysis
Module
(vNAM)
ASA
1000V
Cloud
Firewall
Cisco
Virtual
Security
Gateway
Zone A
vWAAS
Zone B
vPath
VXLAN
Nexus 1000V
Multi-Hypervisor (VMware, Microsoft, RedHat*, Citrix*)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
13
Virtual Security Gateway
Intelligent Traffic Steering with vPath
VM
VM
VM
VM
VM
VM
VM
VM
VM
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
Distributed Virtual Switch
VSG
1
© 2010 Cisco and/or its affiliates. All rights reserved.
Initial Packet
Flow
Log/Audit
Cisco Confidential
14
Virtual Security Gateway
Intelligent Traffic Steering with vPath
VM
VM
VM
VM
VM
VM
VM
VM
VM
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
Distributed Virtual Switch
VSG
1
© 2010 Cisco and/or its affiliates. All rights reserved.
Initial Packet
Flow
2
Flow Access Control
(policy evaluation)
Log/Audit
Cisco Confidential
15
Virtual Security Gateway
Intelligent Traffic Steering with vPath
VM
VM
VM
VM
VM
VM
VM
VM
VM
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
Distributed Virtual Switch
Decision
Caching
1
© 2010 Cisco and/or its affiliates. All rights reserved.
Initial Packet
Flow
22
VSG
3
3
Flow Access Control
(policy evaluation)
Log/Audit
Cisco Confidential
16
Virtual Security Gateway
Intelligent Traffic Steering with vPath
VM
VM
VM
VM
VM
VM
VM
VM
VM
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
4
Nexus 1000V
vPath
Distributed Virtual Switch
Decision
Caching
1
© 2010 Cisco and/or its affiliates. All rights reserved.
Initial Packet
Flow
22
VSG
3
Flow Access Control
(policy evaluation)
Log/Audit
Cisco Confidential
17
VM
VM
VM
VM
VM
VM
VM
VM
VM
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
Distributed Virtual Switch
ACL offloaded to
Nexus 1000V
(policy enforcement)
VSG
Remaining
packets from flow
Log/Audit
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
18
Virtual Security Gateway
Intelligent Traffic Steering with vPath
VM
VM
VM
VM
VM
VM
VM
VM
VM
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
Distributed Virtual Switch
VSG
1
© 2010 Cisco and/or its affiliates. All rights reserved.
Initial Packet
Flow
Log/Audit
Cisco Confidential
19
Virtual Security Gateway
Intelligent Traffic Steering with vPath
VM
VM
VM
VM
VM
VM
VM
VM
VM
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
Distributed Virtual Switch
VSG
1
© 2010 Cisco and/or its affiliates. All rights reserved.
Initial Packet
Flow
2
Flow Access Control
(policy evaluation)
Log/Audit
Cisco Confidential
20
Virtual Security Gateway
Intelligent Traffic Steering with vPath
VM
VM
VM
VM
VM
VM
VM
VM
VM
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
Distributed Virtual Switch
Decision
Caching
1
© 2010 Cisco and/or its affiliates. All rights reserved.
Initial Packet
Flow
22
VSG
3
3
Flow Access Control
(policy evaluation)
Log/Audit
Cisco Confidential
21
Virtual Security Gateway
Intelligent Traffic Steering with vPath
VM
VM
VM
VM
VM
VM
VM
VM
VM
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
4
Nexus 1000V
vPath
Distributed Virtual Switch
Decision
Caching
1
© 2010 Cisco and/or its affiliates. All rights reserved.
Initial Packet
Flow
22
VSG
3
Flow Access Control
(policy evaluation)
Log/Audit
Cisco Confidential
22
VM
VM
VM
VM
VM
VM
VM
VM
VM
VNMC
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
vPath
Distributed Virtual Switch
ACL offloaded to
Nexus 1000V
(policy enforcement)
VSG
Remaining
packets from flow
Log/Audit
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
23
• Redes Virtuais
• Serviços de redes Virtuais
• SDN e Redes Programáveis
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
24
Conceitos de SDN:
Inteligência Centralizada
(“Modêlo 1”)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
25
Plano de
Controle
(IOS)
Dispositivo de
Rede Atual
(router, switch, ...)
Plano de
Dados
(ASIC)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
26
Aplicações
SDN Controller
(software)
Programação
(ex.: OpenFlow)
Exemplos atuais: Wireless
controllers, PfR, Nexus 1000V,
etc.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
27
Conceitos de SDN:
Overlays Virtuais
(“Modêlo 2”)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
28
CGH
SDU
Controle de Tráfego Aéreo
Pacotes
Rede IP
Exemplos atuais: MPLS, IPSec, OTV, e muitos outros
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
29
Overlays Virtuais
V
M
V
M
V
M
Software
Software
V
M
V
M
Servidor
Virtualizado
(hypervisor)
Servidor
Virtualizado
(hypervisor)
Servidor
Virtualizado
(hypervisor)
Software
V
M
© 2010 Cisco and/or its affiliates. All rights reserved.
V
M
V
M
V
M
Cisco Confidential
30
O que SDN pode trazer de diferencial HOJE?
COMO fazer uma implementação não-disruptiva?
E como fica o suporte
(dias 2, 3, e assim por diante)?
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
31
Overlays Multihypervisor
(VXLAN e NVGRE)
© 2010 Cisco and/or its affiliates. All rights reserved.
onePK
(API padronizada)
eXtensible Network
Controller
(XNC)
Cisco Confidential
32
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
33
ACI – Application Centric Infrastructure
API
Policies
Who can talk to whom
What about
Topology control
Ops stuff
Application
Policy
Infrastructure
Controller
Distributed policy enforcement
Just in-time resolution
Performed by embedded policy enforcement agents
(PEs)
Draw a software boundary around collection of switches to make a system
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
34
Projeto "open source" formado por líderes da indústria sob a Linux Foundation
com o objetivo de avançar a adoção de Software Defined Networking (SDN)
através da criação de um framework suportado por vários fabricantes
Platinum
© 2010 Cisco and/or its affiliates. All rights reserved.
Gold
Silver
Cisco Confidential
35
Obrigado.