SDN Getting Started Guide

(1)

SDN Getting Started Guide

Early Access February 2015 Release

(2)

Extreme Networks, Inc., on behalf of or through its wholly-owned subsidiary, Enterasys Networks, Inc., reserves the right to make changes in specifications and other information contained in this document and its website without prior notice. The reader should in all cases consult

representatives of Extreme Networks to determine whether any such changes have been made. The hardware, firmware, software or any specifications described or referred to in this document are subject to change without notice.

Trademarks

Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of Extreme Networks, Inc. in the United States and/or other countries.

All other names (including any product names) mentioned in this document are the property of their respective owners and may be trademarks or registered trademarks of their respective companies/owners.

For additional information on Extreme Networks trademarks, please see:

www.extremenetworks.com/company/legal/trademarks/

Support

For product support, including documentation, visit: www.extremenetworks.com/ documentation/

For information, contact: Extreme Networks, Inc. 145 Rio Robles

San Jose, California 95134 USA

(3)

Extreme Networks Publications

General

Documentation for BlackDiamond Series, E4G, ExtremeXOS, Summit Series, and Ridgeline is available at: www.extremenetworks.com/documentation

Documentation for IdentiFi, NetSight, S/K/7100-Series, SecureStack, Purview, and IPS/SIEM is available at: https://extranet.extremenetworks.com/downloads/

Open Source Declaration

Some ExtremeXOS software files have been licensed under certain open source licenses. Information is available at: www.extremenetworks.com/services/osl-exos.aspx

(5)

Preface

Conventions

This section discusses the conventions used in this guide.

Text Conventions

The following tables list text conventions that are used throughout this guide.

Table 1: Notice Icons

Icon Notice Type Alerts you to...

Note Important features or instructions.

Caution Risk of personal injury, system damage, or loss of data. Warning Risk of severe personal injury.

New This command or section is new for this release.

Table 2: Text Conventions

Convention Description

Screen displays This typeface indicates command syntax, or represents information as it appears on_{the screen.} The words enter and

type When you see the word “enter” in this guide, you must type something, and then pressthe Return or Enter key. Do not press the Return or Enter key when an instruction simply says “type.”

[Key] names Key names are written with brackets, such as [Return] or [Esc]. If you must press two or more keys simultaneously, the key names are linked with a plus sign (+). Example: Press [Ctrl]+[Alt]+[Del]

Words in italicized type Italics emphasize a point or denote new terms at the place where they are defined in the text. Italics are also used when referring to publication titles.

Platform-Dependent Conventions

Unless otherwise noted, all information applies to all platforms supported by ExtremeXOS software, which are the following:

•

BlackDiamond®_{X series switch}

(6)

•

Cell Site Routers (E4G-200 and E4G-400)

•

Summit®_{family switches}

•

SummitStack™

When a feature or feature implementation applies to specific platforms, the specific platform is noted in the heading for the section describing that implementation in the ExtremeXOS command

documentation. In many cases, although the command is available on all platforms, each platform uses specific keywords. These keywords specific to each platform are shown in the Syntax Description and discussed in the Usage Guidelines.

Terminology

When features, functionality, or operation is specific to a switch family, the family name is used.

Explanations about features and operations that are the same across all product families simply refer to the product as the "switch."

Providing Feedback to Us

We are always striving to improve our documentation and help you work better, so we want to hear from you! We welcome all feedback but especially want to know about:

•

Content errors or confusing or conflicting information.

•

Ideas for improvements to our documentation so you can find the information you need faster.

•

Broken links or usability issues.

If you would like to provide feedback to the Extreme Networks Information Development team about this document, please contact us using our short online feedback form. You can also email us directly at

[email protected].

Getting Help

If you require assistance, contact Extreme Networks Global Technical Assistance Center using one of the following methods:

Web www.extremenetworks.com/support

Phone 1-800-872-8440 (toll-free in U.S. and Canada) or 1-603-952-5000 For the Extreme Networks support phone number in your country:

www.extremenetworks.com/support/contact

Email [email protected]

To expedite your message, enter the product name or model number in the subject line. Before contacting Extreme Networks for technical support, have the following information ready:

•

Your Extreme Networks service contract number

•

A description of the failure

•

A description of any action(s) already taken to resolve the problem (for example, changing mode switches or rebooting the unit)

•

The serial and revision numbers of all involved Extreme Networks products in the network

(7)

•

A description of your network environment (such as layout, cable type, other relevant environmental information)

•

Network load and frame size at the time of trouble (if known)

•

The device history (for example, if you have returned the device before, or if this is a recurring problem)

•

Any previous Return Material Authorization (RMA) numbers

Related Publications

Extreme SDN Documentation

•

OneC-A-600 Quick Reference

•

OneController Install and User Guide

•

OneController Release Notes

•

SDN Getting Started Guide

(8)

1

SDN Overview

Why SDN? What is SDN?

Why SDN?

The desire to move to the SDN model is being driven by several factors that are currently limiting conventional networking solutions from meeting today's needs:

•

Complexity—Currently, to add or move devices, IT must touch multiple switches, routers, firewalls, Web authentication portals, etc. and update ACLs, VLANs, Quality of Services (QoS), and other protocol-based mechanisms using device-level management tools. Due to this complexity, today's networks are relatively static as IT seeks to minimize the risk of service disruption.

•

Lack of centralized orchestration—Current networks rely on device-level management tools and manual processes. To implement a network-wide policy, IT may have to configure thousands of devices and mechanisms.

•

Inability to scale—Conventional networks deal with increased demand by increasing physical infrastructure. As long as the increased demand is static, this solution works. However, increasingly, traffic patterns are incredibly dynamic and therefore unpredictable due to an increased mobility of users, more types of devices (smartphones, tablets), more online content, more cloud-based computing, and more users in a globally connected world.

SDN is purporting to address these issues by being dynamic, manageable, cost-effective, and

adaptable, seeking to be suitable for the high-bandwidth, dynamic nature of today's applications. SDN architectures decouple network control and forwarding functions, enabling network control to become directly programmable and the underlying infrastructure to be abstracted from applications and network services.

What is SDN?

Software-defined networking (SDN) is a new architectural approach that delivers network-wide objectives and capabilities through automation. SDN is an approach to computer networking that seeks to manage network services by decoupling the system that makes decisions about where traffic is sent (control plane) from the underlying systems that forward traffic to the selected destination (data plane).

Key features include:

•

Network abstraction—underlying infrastructure is abstracted from applications and network services.

•

Separation of control and data planes—decoupling the system that makes decisions about where traffic is sent (control plane) from the underlying systems that forward traffic to the destination (data plane).

(9)

•

Programmable data plane—ideally, virtual networks should forward packets at rates that are comparable to native, hardware-based approaches.

•

Virtualization of the network—virtualization can occur in two ways: (1) Use of virtual compute (VMs), virtual switches, and virtual storage to produce elastic, adaptable resource allocation. (2)

Abstracting the network such that you provide each user with a virtualized network as an

independent network container with its own features and characteristics, independent of the view of other users.

•

Automation and orchestration—network control is directly programmable, allowing the ability to implement network-wide policies, etc., rather than implementing individually and manually, at the device level.

Key benefits include:

•

Greater flexibility, agility—flexibility and agility are improved due to dynamic scaling and centralized control. Setting up networks in SDN can be as easy as creating VM instances. Flexibility and agility are also increased by the availability of APIs (application program interface), which allow you to add new features to the network.

•

Lower operating expenses and optimized capital expenditure—upfront and ongoing expenses are reduced by not having to over provision a static network with excess capacity to deal with variable usage.

•

Better and more granular security—VMs can make network security problematic. SDN can provide fine-grained security for application, endpoints, and BYOD devices situations that a conventional, hard-wired network cannot.

Figure 1: SDN Infrastructure

(10)

2

Extreme Networks SDN Offering

SDN Ecosystem SDN Platform OneController

Other Extreme Networks SDN Products

Extreme Networks SDN heritage started in the mid 1990s as a industry leader in flow-based networking, and providing such products as ExtremeXOS, a Linux-based operating system that is common across the whole product line for consistent provisioning, programmability, and heterogeneity across platforms. SDN development continued with other products, such as the award-winning, revolutionary OneFabric Connect, providing centralized management and control of both network and third-party systems; also, NetSight and Policy Manager with their APIs, for programmatic archestration of network-wide policy.

The Extreme Networks SDN evolution continues to this day and consists of a multi-level solution offering that includes:

•

SDN Ecosystem—complete environment for developing and acquiring SDN applications (see SDN Ecosystem on page 10).

•

SDN Platform—aggregation of supported APIs from various components that is hardened, proven, and supported by Extreme Networks (see SDN Platform on page 11).

•

OneController—OpenDaylight-based controller available as a virtual or physical appliance (see

OneController on page 13).

•

Additional Extreme Networks SDN products— see Other Extreme Networks SDN Products on page 14.

•

Third-party/open source products and tools—integration with third-party and open source SDN resources (see Integration Partners on page 12).

SDN Ecosystem

For users, the SDN ecosystem provides an App Store for acquiring and deploying SDN applications created by both Extreme Networks, and a select community of third-party developers.

Access the App Store at https://marketplace.extremenetworks.com.

For developers, the Extreme Networks SDN ecosystem provides what you need to create a rich set of applications: software developer kits (SDKs), developer forums, support, online training, testbed environment, and documentation. For more information, see the Developers Resources Guide. Access the SDN Developer Portal at https://developer.extremenetworks.com.

(11)

SDN Platform

The Extreme Networks SDN platform provides an aggregation of supported APIs from various components that is hardened, proven, and serviced by Extreme Networks (see the following figure).

Figure 2: Extreme Networks SDN Platform

The Extreme Networks SDN platform includes:

•

Management and policy—using OneFabric Connect, NetSight, or other network management systems.

•

Analytics—using Purview.

•

Orchestration—using Citrix, VMWare, OpenStack, Microsoft, and others.

•

OneController—Extreme Networks SDN controller (see OneController on page 13).

•

APIs—various APIs allow a broad portfolio of seamless integrations points at any level of the network: OneController platform API, NetSight API, and switch-level APIs that provide the ability to program ExtremeXOS using SOAP/XML, C/C++, and Python.

For more information about Extreme Networks SDN Platform, go to www.extremenetworks.com/ product/sdn.

SDN Platform Open Source Elements

Extreme Networks is committed to open source solutions and the advantages that they provide for customers: enabling you to leverage your existing investments, minimizing cost, and maximizing flexibility.

The following lists some of the key Extreme Networks SDN Platform-compatible third-party and open source solutions:

•

Open vSwitch—production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It enables large-scale network automation through programmatic extension, while still supporting standard management interfaces and protocols (for example, NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag).

•

OpenFlow—OpenFlow is a communications protocol that gives access to the forwarding plane of a network switch or router over the network. OpenFlow enables remote controllers (such as

OneController) to determine the path of network packets through the network. This separation of the control plane from the forwarding plane allows for more sophisticated traffic management than

(12)

is feasible using access control lists (ACLs) and routing protocols. Also, OpenFlow allows

OpenFlow-capable switches from different vendors, despite having their own proprietary interfaces and scripting languages, to be managed collectively and remotely using a single, open protocol.

•

OpenStack—free and open-source cloud computing software platform. Used primarily as an

infrastructure as a service (IaaS) solution, it offers to customers computers—physical, or more often, virtual machines—and other resources according to the customers’ varying requirements, providing the ability to scale services up and down. The technology consists of a series of interrelated projects that control pools of processing, storage, and networking resources throughout a data center, which users manage through a web-based dashboard, command-line tools, or a RESTful API.

•

HyperGlance—by Real Status, provides a GUI-based, 3-D cloud visibility solution to simplify managing networks by aggregating and dynamically synchronizing data for real-time, multidimensional visualization, navigation, analysis, and control at scale.

Integration Partners

Extreme Networks is partnering with leading technology providers to provide expanded solutions. The Extreme Networks Integration Partners, based on Extreme Networks SDN Platform (see SDN Platform

on page 11), provide an open and multi-vendor led, standards-based Ecosystem making it easier to introduce new capabilities with technology providers.

Figure 3: Technical Solutions Partners

(13)

OneController

OneController v1.0 leverages the OpenDaylight Helium SR1.1 version SDN Controller to provide an open, fully pluggable and scalable platform to enable SDN and NFV for networks at any size and scale. Future releases of OneController will use OpenDaylight releases as they become available and validated. Applications can use OneController to gather network intelligence, run algorithms to perform analytics, and then use OneController to orchestrate the new rules, if any, throughout the network. Additionally, OneController is based on the modular OpenDaylight platform that allows multiple Java modules to run concurrently within the Karaf framework, and lets the modules access Java APIs exposed by other modules using the OpenDaylight Service Layer Abstraction (SAL) framework.

The OneController framework contains a collection of dynamically pluggable modules to provide network services such as:

•

Host and node service

•

Flow service

•

Physical and overlay (flow-based) topology service

•

Path service to setup and manage a path based on specified constraints such as bandwidth between a given source and destination

•

Multi-tenant network virtualization service

•

Network statistics service

OneController also provides the following features:

•

Web-based GUI for configuring the OneController appliance

•

OpenFlow modules for Lync® integration (configuring only the access switches)

(14)

Figure 4: Extreme Networks OneController

For more information, go to https://extranet.extremenetworks.com/downloads/Pages/ OneController.aspx.

Other Extreme Networks SDN Products

Extreme Networks provides several products that are key building blocks of the SDN Platform (see

SDN Platform on page 11).

•

NetSight—Extreme Networks network management system (NMS) that provides wired/wireless, centralized visibility and automated control of your network with inventory, policy, identity, and security management.

•

ExtremeXOS—Extreme Networks switch operating system with a robust set of Layer 2 and Layer 3

control protocols, flexible architecture, high availability for carrier-grade voice and video services over IP and for supporting mission-critical business applications. Extreme Network switches that run ExtremeXOS with the Extreme OpenFlow solution can operate in OpenFlow mode (see "OpenFlow" below).

•

OpenFlow—the ExtremeXOS OpenFlow implementation enables OneController (see OneController

on page 13) to manipulate data flows within an Extreme switch using a standard protocol to

(15)

dynamically configure a flow table abstraction. Flow table entries consist of a set of packet matching criteria (L2, L3, and L4 packet headers), a set of actions associated with a flow (flood, modify, forward, divert to controller, etc.), and a set of per flow packet and byte counters. Flow table entries are implemented using hardware ACLs and FDB entries.

•

OneFabric Connect—through NetSight (see previous), OneFabric Connect provides centralized management and control of both network and third-party systems, through programmability of virtualization and application integration via an XML/SOAP-based API. With the OneFabric Connect API, you can integrate a variety of systems and applications. Extreme Networks provides several predefined integrations that allow programmatic control of VM, MDM, web filtering, and firewall systems. You can also develop your own integrations through the XML/SOAP-based API.

•

Purview—Extreme Networks application analytics and optimization solution that captures network data and aggregates, analyzes, correlates, and reports on it to enable better decision-making and improved business performance. Purview provides a centralized command control center that combines network management with business analytics that permits you to optimize the network for applications, enhance security for those applications, and provide data for business analytics.

(16)

3

Solving Problems with SDN

Traffic Engineering

Service Function Chaining Network Virtualization

Traffic Engineering

SDN-based traffic engineering involves identifying and altering the behavior or pattern of specific types of traffic on-demand. This requires the ability to, in real time, distinguish certain types of traffic, and then dynamically classify it based on host, OS, application, or end-user. Two common methods for engineering traffic are QoS modifications and traffic steering.

Figure 5: Traffic Engineering Microsoft Lync

Use cases:

•

Optimize traffic path (choose non-shortest path, load distribute) for various applications, such as:

• Microsoft® Lync

• Mice/elephant flows

• Custom traffic management applications

• Collaboration solutions

• Backup and recovery

•

Conditional traffic engineering Benefits:

•

Maximize network resource utilization

•

Optimize application performance

(17)

•

Provision new services efficiently on the network

Service Function Chaining

Service function chaining consists of “stitching” together an ordered list of network services (for example, firewalls or load balancers) in the network to create a service chain. This requires the ability to register the services and chain provisioning.

Figure 6: Service Function Chaining

Use cases:

•

Firewall upgrades

•

Consolidation of workloads into a single cloud from traditional non-virtualized data centers

•

IaaS (Infrastructure As a Service)

•

Chain services, such as ADC, DPI, IDS, VPN in the data center

•

Mechanism to register services and chain provisioning

•

Policy-driven service chaining

Benefits:

•

Cost optimization for services virtualized on x86

•

More agile insertion of new services possible

•

Automated traffic steering and chaining reduces deployment complexity and cost Requirements:

•

Ability to define an ordered list of a network services (for example, firewalls, load balancers, etc.)

•

A mechanism to register services and chain provisioning

Network Virtualization

Network virtualization creates logical segments in an existing physical network by logically dividing the network at the flow level similar to an overlay or a tunnel. Many choices are available, each with its own strengths and weaknesses. OpenFlow-based network virtualization allows for the most flexibility, as it

(18)

can work in conjunction with existing mature network virtualization techniques like VLANs, IP, and MPLS. The other notable network virtualization technology is VXLAN.

Use cases:

•

Multi-tenant data centers (see Multi-tenant Data Centers Solution with OpenStack/OneController on page 18)

•

DDoS mitigation

•

VM migration

Multi-tenant Data Centers Solution with OpenStack/OneController

The following solution implements a multi-tenant data center using OpenStack and Extreme Networks OneController:

•

OpenStack orchestrator that manages and orchestrates the data center compute, storage and networking infrastructure.

•

OpenStack offloads all network configuration, management, and orchestration to OneController.

•

OneController specifically uses the Virtual Tenant Network (VTN) application to provide

multi-tenancy and to stretch the tenant network across geographically dispersed data centers.

Figure 7: Multi-tenant Data Centers: Orchestration with OpenStack

SDN Getting Started Guide