主題：博科資料中心與New IP發展與解決方案

公司名稱：Brocade

主講人：陳弘治（技術顧問）

2

94 19

16 million Internet Users

3

94 19 16 million Internet Users 2700

websites

4

94 19 16 million Internet Users 2700

websites

<100 million mobile devices

5

1998 Google founded

6

2005 YouTube founded

7

2007 First iPhone

8

2014 3 billion searches a day

3 million Years to watch all

video stored on IP

networks

2 billion Internet Users

1 billion websites

7 billion mobile devices

9

Everything has

changed…

10

But the Network Hasn’t…

static proprietary hardware-centric

vendor-driven high capex and opex

11 © 2014 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION

SDN

NFV “THE NEW IP” THE NETWORK FOR THE THIRD PLATFORM

THE NEW IP: SHIFTING THE CONVERSATION

“The NEW IP” = NETWORK FOR

THE 3RD PLATFORM

ARCH COMPUTE NETWORK

Open Virtualized SW-driven

Mobile Cloud-based

SCALE

Billions/ Trillions

IP, LAN/WAN Proprietary

Stds influenced HW- driven

Client/Server PCs

Millions

Systems Network Architecture (SNA)

Closed Highly proprietary

Mainframe Systems

Thousands

Social

Sources: IDC,

12

THE NEW IP: DEFINITION

Open and Open-Sourced

Ecosystem Centric

Network-Level Intelligence

Innovation Platform

Dynamic and Automated

THE

NEW IP = Value moves from hardware system to software system Datacenter moves from back office to front door The data center is distributed and without walls. It is the network, and the network is the data center. The network is applications aware, applications ask for the network they need

14

The Enabling Technologies for

The New IP Brocade Strategy: Optimized to Lead the Transformation

Physical Infrastructure

Ethernet Fabric, L3 Router, Fibre Channel SAN

Virtualization

NV: OpenFlow,

Applications

Control OpenDaylight

OpenStack

Management and Orchestration

Service Chaining, Network Analytics, Traffic Engineering, etc.

Vyatta vADC

MLXe

VxLAN/NVGRE/STT

NFV: vRouting, vADX

Management and Orchestration Platform

Application

Network Controller Server Controller Storage Controller

Network Function Virtualization Server

Virtualization Storage

Virtualization Network Function Virtualization

Network Compute Storage

Brocade Vyatta

Controller

• Price/performance leader in IP networks

• Powering 90% of Internet Exchange Points

• 15,000+ customers worldwide

15

Acquired Foundry 2008

• Data center networking experts

• Storage networking pioneer and leader

• 70% SAN market share

Why Brocade • 過去

– 技術領先 No. 1 IP & SAN

• 現在 – 持續每年約20% 利潤續投 R&D

– DCB/FCoE Product Readiness

– VCS Technology

• Future – SDN Readiness

OTHERS

$920M

BROCADE

INDUSTRY ANALYST VALIDATION

Brocade is #2 in Data Center Networking

–IDC, 2013

CISCO

$1.4B

$5.6B

17

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 18

Brocade Product Portfolio

Brocade Network Advisor

Lay

er 2

–3

Serv

ice

Pro

vid

er

Software Networking

Cam

pu

s LA

N

Brocade ICX 6430/6450

Brocade FastIron SX Series

Brocade MLXe Series

Dat

a C

ente

r SA

N

Fibre Channel

Brocade Blade Server Switches

Brocade 7840 Switch

Brocade 7800 Extension Switch

Brocade 6510 Switch

FCOE10-24 Blade

FX8–24 Extension Blade

Laye

r 2

–3

Laye

r 4

–7

Dat

a C

ente

r LA

N

Ethernet/IP

Brocade ICX 7450

Brocade 300 Switch

FC16–32, –48, –64 Switch Blades

Brocade VDX 6740

Brocade DCX 8510 Backbones

Ch

assi

s

Fix

ed

Brocade ICX 6610

Brocade VDX Series

Brocade 6910 Ethernet Access Switch

Brocade NetIron CES/CER Series

Brocade ADX Series

Brocade ADX 1000 Brocade ADX 4000 Brocade ADX 10000

Brocade 6505 Switch

Brocade VDX 8770 Brocade MLXe Series

Traditional Ethernet Ethernet Fabric

Brocade ICX 7250

Brocade ICX 6650

Brocade Blade Server Switches

Brocade 6520 Switch

Brocade ICX 7750

Brocade ICX 7750

Brocade vADC

Brocade Vyatta

vRouter

Brocade Vyatta

Controller

End

-to

-En

d N

etw

ork

Man

agem

ent

Brocade ICX 7450

Brocade VDX 6940-36Q

Brocade ICX 7250

Brocade NFV Solution

Firewall

Network Functions Virtualization (NFV)

20 © 2014 Brocade Communications Systems, Inc. CONFIDENTIAL

SERVER VIRTUALIZATION

LAYER 2–7 NETWORK PLATFORMS

NETWORK FUNCTIONS

VPN Routing L4–7 ADC

Networking with the flexibility and economics of software

STANDARD x86 SERVER

HYPERVISOR

Firewall VPN

Brocade Networking Software Portfolio

21 © 2014 Brocade Communications Systems, Inc. CONFIDENTIAL

Comprehensive Layer 2–7 Services

Routing Layer 4–7 ADC

Brocade Vyatta vRouter Brocade vADC

Industry-Standard x86 Server

Hypervisor and Cloud Agnostic

On-Demand Resources at Scale

Brocade Virtual Router

22

FLEXIBLE DEPLOYMENT OPTIONS

RESTful JSON interface provides full control and programmability of the Virtual Router (router, Firewall, VPN) and software networking services VPN

IPSec, SSL

Router

OSPF, BGP

Firewall

Stateful, NAT Routing

Security

VPN

System Management

IP Services

Platforms

High Availability

IPv4, IPv6, Static, PBR, OSPF, RIP, BGP

IPv4, IPv6, Stateful Firewall, NAT

IPSec, SSL, Route-based, L2-bridging

CLI, RESTful API, GUI

SSH, DHCP, DNS, SNMP

VRRP, Stateful Failover, Config Sync

VMware, Xen, KVM, Hyper-V, x86

OR

Hypervisor x86 Server

Feature Highlights

Network 1 Network 2 Network 3

Early Virtualized DC deployments

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

VM VM

VM

VM VM VM VM VM VM

VM VM VM

VM VM VM VM VM

VM VM VM VM

VM VM

VM

Network 1 Network 2 Network 3

Empowering Virtualized DC

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

VM VM

VM

VM VM VM

VM VM VM

VM VM VM VM VM

VM VM VM VM

VM VM

VM

Vyatta Software Routers keep traffic local

Deploy additional routers under orchestration control

Use Case: Expedite Hybrid Cloud Adoption

25

• Scalable VPN services – Office to VPC or VPC to VPC

– User access

– IPSEC or SSL

• Stateful Firewall with NAT

• Advanced routing – BGP, OSPF – Full mesh topologies

– High availability architectures

– Compatible with legacy networks

• Available in Amazon Marketplace, Rackspace, SoftLayer

SoftLayer Virtual

Private Cloud (VPC)

Rackspace Private

Cloud (VPC)

Amazon Virtual Private

Cloud (VPC)

Customer Data Center

Use Case : Expedite Hybrid Cloud Adoption

© 2014 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 26

• Simple and secure VPN services between data centers and cloud providers

• Enables Cloud expansion

• Cloud Bursting with vADC

Virtual Environment

Physical Environment

VPC Internet Gateway

On-Premise Data Center Cloud Environment

Private or Public

Cloud Bridging VPN

Internet

HYPERVISOR

Internet

Internet

Internet

Internet

Internet

The SteelApp Portfolio Delivering ADC-as-a-Service

A Comprehensive Approach To Application Delivery – Software/Virtual Appliance/Cloud/Micro Instance

Traffic Manager

• Load Balancer / Traffic Manager / ADC

• Provides reliability, availability, security, and more

Web App Firewall

• Application Aware Firewall

• Defends your applications against threats

Services Controller

• Elastic and adaptive services controller

• Automates the deployment, licensing, provisioning & metering of ADC services

Web Accelerator

• Website Acceleration

• Reduces page load time and cuts bandwidth

Scale-out Scale-out

Application Acceleration Reduce costs, improve application performance (vADC + Ethernet Fabrics)

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 28

vADC

Deploy VDX/VCS SDN-ready switches to create

flatter network architecture

Replace appliance-based application load balancers with Brocade SteelApp

Enable SteelApp Features: • Traffic Manager • Web Accelerator • Web Application FW • Services Controller

Revolutionary Results • Increase application

performance • Increase WAN efficiency • Reduce OpEx cost • Customer results:

• Cut server usage up to 50% • Cut response time up to 50%

vADC vADC vADC

Use Case : Global Load Balancing

Backup site

Wide-area - Global load balancing (traffic directed across multiple locations)

Support Center

• Direct traffic to nearest data center • Redirect to recover from service outages • Service Assurance even across cloud boundaries

INTERNET

Datacenter-In-A-Box

With NFV you can add, change or remove network

devices in software or virtualize an entire DC

Leader in software networking Founded in 2006 on the belief that the

future of networking is software

© 2013 Brocade Communications Systems, Inc. Company Proprietary Information 31

Ethernet Fabrics:

Brocade VCS Technology

Brocade Virtual Cluster Switching (VCS)

• First data center Ethernet fabric

• No Spanning Tree Protocol

• Multi-path, deterministic

• Auto-healing, non-disruptive

• Lossless, low latency

• Built for convergence

NAS iSCSI FCoE

ETHERNET FABRIC

DISTRIBUTED INTELLIGENCE LOGICAL CHASSIS

Adding Capacity with Ethernet Fabrics Automatic Fabric Creation and Expansion

Automatic Trunk Creation

30GbE DCB Trunk (3x10GbE)

10GbE DCB Link

20GbE DCB Trunk (2x10GbE)

© 2012 Brocade Communications Systems, Inc. Proprietary Information: NDA Required.

Brocade Virtual Cluster Switching (VCS)

• Fully distributed control plane

• Arbitrary topology, self-forming

• Network-wide knowledge of all members, devices, VMs

• Automatic Migration of Port Profiles (AMPP)

ETHERNET FABRIC

DISTRIBUTED INTELLIGENCE LOGICAL CHASSIS

NAS iSCSI FCoE

Simplified Virtual Machine Migration Automatic Migration of Port Profiles

36

ESX 2

ESX 1

MAC ID MAC ID

MAC ID

© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL

MAC ID MAC ID MAC ID MAC ID MAC ID

MAC ID

Distributed

Intelligence

February 2012

Brocade Virtual Cluster Switching (VCS)

• Managed as a single switch

• Logically collapses network layers

• Auto-configuration for new devices

• Centralized or distributed management

• Radically reduces managed elements

ETHERNET FABRIC

DISTRIBUTED INTELLIGENCE LOGICAL CHASSIS

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 38

Yahoo! Japan Joint Openstack Project with Brocade

Router L2 Network Firewall Load Balancer

Virtual Routing Interface (SVI/VE)

Gateway ACL (FWaaS)

Subnet management (VLAN) Load Balancing

(LBaaS)

Stage 1. CLI configuration • IP ACLs for 8770

Stage 2. FWaaS

External Gateway info is optional for router. If it is not specified, value will be null.

Multi-tenant OpenStack Network abstraction

Open vSwitch VDX Plug-in

ML2 Mechanism Driver for VDX

Open vSwitch

SDN-Based 自適應自動 QoS 偵測語音與視訊延遲, 動態更動優先權

ICX ICX ICX ICX

Brocade SDN Controller

MLXe MLXe

ICX ICX ICX ICX

ICX ICX ICX ICX OpenFlow 1.3

優點 • 全自動接入控制

• 單一QoS管理

• 不需在端口設定QoS標籤

• 動態建立Qos路徑不須手動

Lync Plug-in

• 使用者經由call manager建立呼叫 • Call manage與UC SDN協議QoS 需求 • UC SDN 應用確認進入點建立 flow • SDN 控制器針對特定flow提高優先級 • 呼叫結束, 移除流表

App App App

Brocade Flow Optimizer

MLXe

WAN or DC network

Flow Metering Improve network utilization and reliability

• Per-flow “In-line” analytics • Built-in sFlow Collector • Real-time control and visualization

• OF Metering before normal routing forwarding. No impact to original routing

Normal L2/L3

Forwarding

Per-app Statistics

OF rule to Rate Limit

WAN / Cloud

sFlow Collector

Flow parameters of interesting traffic

sFlow samples

ISP, DC, Campus

OF based Metering

Campus / DC

Flow Control Analytic

Flow Optimizer Shipping Shipping Release 1.0

Internet

DNS Alert

Endpoint Alert

AV Alert

SMTP Alert

AV Alert

Web Alert

Web Alert

SMTP Alert

DNS Alert

AV Alert

DNS Alert

Web Alert

Endpoint Alert

過往的安全服務鏈架構

WA

F——

HT

TP

網路

流量分析——特定鏡像

郵件

安全服務——

SMTP

DD

oS—

—特

定流

量清洗

防A

PT—

—特定協議

防病

毒——

FTP、

SMB等

VP

N——

SSL

網管——

SNM

P

UR

L Filtering—

—H

TTP

SOC——

syslog

企業網路環境

多台設備串接，可靠性？

流量經過多次轉發，延遲長

故障排查複雜 應急回應變慢

新產品、新功能測試困難

設備故障後，更換困難

有限的視覺化程度

性能疊加困難，往往面臨性能瓶頸

內網或VM之間交互流量難以處理

Internet

企業網路環境

DNS Alert

Endpoint Alert

AV Alert

SMTP Alert

AV Alert

Web Alert

Web Alert

SMTP Alert

DNS Alert

AV Alert

DNS Alert

Web Alert

Endpoint Alert

SDN的安全服務池架構

WAF——HTTP 網路流量分析——特定鏡像

郵件安全服務——SMTP DDoS——特定流量清洗

網管——SNMP

URL Filtering——HTTP（500M）

SDN Controller

SOC——syslog

防病毒——FTP、SMB等

防APT——特定協議

VPN——SSL

URL Filtering——HTTP（500M）

SDN交换机

001 101

Service policy