Software Defined Networking (SDN) is reshaping the networking industry by enabling organizations to better align their IT investments with business requirements.
Extreme Networks high performance Ethernet switch portfolio supports industry standard OpenFlow 1.0 and the OpenStack Folsom Quantum network virtualization model. OpenFlow enables SDN controllers to access and control the forwarding plane of ExtremeXOS-based switches to provide application control of the network. ExtremeXOS-based switches also offer a programming interface through OpenFlow to enable high degrees of automation in provisioning network services for upper layer business critical applications that run on the OpenFlow based SDN controller.
ExtremeXOS-based switches also allow for integration with the OpenStack open source cloud computing platform for public and private clouds through its Extreme Quantum plugin. The plugin provides a scalable, automated, rich API-driven system that enables networking-as-a-service model for managing data center interconnect solutions and large multi-tenant networks.
Mapping the Extreme Networks SDN portfolio into the Open Fabric architecture highlights our broad product set, features, and innovations within ExtremeXOS and Extreme Networks strategic partnerships at both the Centralized Management and Application Layers.
OpenFlow Controller Solution with NEC
ProgrammableFlow leverages the OpenFlow protocol to abstract the network into a multi-tenant virtualization layer called the VTN, or Virtual Tenant Network. This abstraction enables simplified network management, network isolation, the decoupling of network requirements from physical implementation, network slicing and high availability of network resources.
The VTN is deployed at the ProgrammableFlow Controller (PFC) as a policy layer over a logic engine. Specifically, the logic engine encompasses the set of automated controller functions that manage network state, flow state, host state, network fault tolerance, path calculations, end-to-end reliability, flow load balancing and network orchestration.
The VTN Translator maps the VTN or logical topology to the physical implementation, ensuring maximized utilization of network resources. The logic engine then ensures the implemented logical topology described by the VTN is maintained by dynamic and automated network resource orchestration.
Specifically, if a physical link goes down, the PFC can re-route traffic over a new set of links which remain agnostic to the logical topology described by the VTN. By this mechanism, connectivity is maintained to satisfy the requirements implemented by the logical policy, which remains decoupled from the physical state of the network.
Additional logic and orchestration capability resides in the PFC Northbound API. The PFC Northbound API is a RESTful interface that exposes complete control of the network to applications, systems and appliances. In this context ProgrammableFlow is:
Automated – The VTN, VTN Translator and dynamic flow management capabilities enable automated network orchestration to ensure high availability of network resources and optimized performance.
Scalable – The ProgrammableFlow ecosystem supports hundreds of switches in a hierarchical design and hundreds of thousands of flow entries.
High Performance – The ProgrammableFlow Controller is optimized to efficiently orchestrate end-to-end flows in data center, big data deployments, and high performance applications.
Customizable – The VTN provides the mechanism to describe robust logical topologies that are decoupled from physical network deployments. Each logical deployment can be altered in an on-demand manner through automated applications or GUI manipulation.
Open – The ProgrammableFlow Controller is interoperable with OpenFlow 1.0-enabled switches and will support future versions of the OpenFlow protocol with expanded feature sets.
Manageable – The ProgrammableFlow Controller centralizes control of the network, simplifies topology design and eliminates the need for distributed protocols such as Spanning Tree.
The OpenFlow controller resides at the Centralized Management Layer and manages and distributes the flow-based forwarding logic to the OpenFlow endpoints (switches) via OpenFlow specification 1.0.
NEC’s ProgrammableFlow network suite provides an open architecture to build the network fabric. In this architecture, all switches are programmed, leveraging the OpenFlow interface and protocol. The ProgrammableFlow controller also has a unique virtualization ability to create a fabric over heterogeneous switches supporting different port densities and speeds.
OpenFlow Support Across the High Performance Network Infrastructure
The OpenFlow 1.0 and OpenStack feature set is currently available on the Extreme Summit X440, X460, X480, and X670 products running ExtremeXOS 15.3.1, covering 1-40GbE across a diversity of Access and Top of Rack switches. Additionally, support on the BlackDiamond X8 and 8800 chassis platforms for high density Aggregation is scheduled for 2H 2013.
OpenFlow support, along with XML based APIs native to ExtremeXOS, provides the broadest and deepest product portfolio among high speed networking leaders that allow open standards network programmability. This allows users to deploy SDN and OpenFlow throughout their networks and ensures the right product, in the right place, at the right time when leveraging the broad Extreme Networks SDN product line.
Extreme Networks Slalom is a thin SDN hardware switching platform based on the open source Indigo project with Project Floodlight (www.projectfloodlight.org). Slalom provides an open source and hardware-based switching platform for easy entrance into production quality SDN. Additional details will be announced throughout 2013.
Dynamically Add OpenFlow to ExtremeXOS
ExtremeXOS has been designed as an extensible operating system with an important resiliency capability that enables dynamic loading of new features into the OS without having to reboot or disrupt network operation, helping maintain system uptime.
Hybrid Mode Supports Both OpenFlow and Classic Ethernet Networks
ExtremeXOS supports OpenFlow Hybrid switch functionality. The default behavior for packets arriving on a switch port is to process the packet using standard Ethernet switching techniques (FDB learning and forwarding, ACL and QOS processing, VLAN isolation, and L3 routing). ExtremeXOS CLI commands are used to enable OpenFlow and to assign physical ports and Link Aggregation Groups belonging to specific VLANs to the OpenFlow domain for external control by an OpenFlow Controller.
ExtremeXOS supports hybrid functionality, allowing both network programmability and flow-based forwarding with OpenFlow, as well as more commonly used and traditional CLI and NMS-based provisioning with classic Ethernet-based forwarding decisions. The SDN hybrid mode control is given to end-users based on initial provisioning of the system itself. Extreme Networks switch ports are either classic Ethernet or are specifically defined via CLI to be included into the OpenFlow SDN domain for flow-based forwarding. Extreme Networks switches support hybrid mode on a per VLAN basis. A single port can support both OpenFlow controlled VLANS and VLANS with traditional networking services.
Link Aggregation Group for Resiliency and Redundancy
ExtremeXOS OpenFlow supports Link Aggregation Groups for system redundancy and bandwidth scaling. ExtremeXOS represents an entire LAG group as a single high capacity link to an SDN controller. This enables existing SDN applications to utilize the bandwidth scaling, load balancing, and resiliency characteristics of a LAG group without being required to manage the individual member of the LAG directly.
Resiliency is a key Extreme Networks Open Fabric attribute, and our OpenFlow implementation includes hardware-based resiliency. A fast hardware-based load-balancing algorithm automatically distributes flows over multiple OpenFlow defined interfaces that are provisioned in a Link Aggregation Group (LAG). A LAG group is used to incrementally increase bandwidth between switches as needed. For example, as a 1GE port becomes oversubscribed, you can add a second 1GbE port into the LAG to increase the bandwidth between the switches, without jumping directly from 1GbE to 10GbE.
Additionally, the LAG group provides resiliency and fault tolerance between switches. If a physical switch port fails but is part of a LAG, the switch port will be removed from the hashing algorithm. Existing flows will be immediately reassigned to one of the remaining active physical links and new flows will only be hashed (assigned) to existing active physical links.
Link Hardware Queuing with ExtremeXOS
Extreme Networks OpenFlow feature set released with ExtremeXOS 15.3 includes a rich set of OpenFlow controlled QOS/Slicing capabilities based on an extensive set of existing QOS capabilities. ExtremeXOS 15.3 enables the definition of QOS profiles for OpenFlow packet egress queuing control. ExtremeXOS QOS profiles support rate limiting, and rate shaping with single and dual rate QOS policies in addition to configurable drop policies.
Using the ExtremeXOS CLI, interface queues are configured based on operator-defined service policies and then assigned to physical ports. Assuming those same physical ports are also configured as OpenFlow ports, the switch will report configured profile queues to the OpenFlow controller with the Queue_Get_Config_Reply message. This enables the controller to dynamically program the flows that are mapped to those configured queues, providing a rich set of traffic differentiated services.
Automated Flow Management for Increased Flow TableSize
ExtremeXOS OpenFlow fully supports platform underlying hardware capabilities. ExtremeXOS intelligently classifies and maps controller flow-mods to the appropriate platform hardware resource to insure maximum flow scaling. Flows requiring complex combinations of L2 and L3 match conditions are instantiated in platform TCAM ACL hardware. Simple L2-only flows are mapped to the more scalable platform L2 forwarding table. ExtremeXOS OpenFlow also fully supports OpenFlow idle_timeout and hard_timeout flow mods to evict flows from the hardware resources efficiently and effectively, allowing new flow entries as required.
Link OpenFlow NEC Use Cases Over Extreme Networks Open Fabric Architecture
At the top layer of the Open Fabric Architecture are the Applications themselves. SDN is useful in reducing OPEX but also delivers value from new software-based applications that leverage standards-based system-wide visibility into the network logic itself. Extreme Networks Open Fabric solution provides open standards XML APIs for applications to take direct advantage of the ExtremeXOS network visibility while also providing OpenFlow version 1.0 visibility to SDN controller-based environments.
In Extreme Networks Open Fabric approach, the ProgrammableFlow controller resides at the Centralized Management OpenFlow controller layer and drives the distribution of the flow rules and conditions to the OpenFlow agents running on Extreme Networks switches. NEC has similarly developed mechanisms essential for network orchestration and in promotion of an SDN ecosystem, such as NEC’s Virtual Tenant Network (VTN), which has proven essential to managing complex SDN deployments.
VIRTUAL TENANT NETWORKS
The VTN mechanism enables a unified physical network infrastructure to be sliced into multiple logical network infrastructures. Each logical network infrastructure (VTN) is isolated and decoupled from other logical network tenants residing on the same physical network. In this fashion, each VTN and all associated flows are isolated from each other.
This is accomplished by treating each VTN as a namespace and subsequent flows as properties of the namespace. VTNs and associated flows are orchestrated at the PFC, which retains visibility of network flows for the entire physical network and per VTN, allowing for intelligent orchestration decisions.
To map physical endpoints to VTN topologies several mapping technologies are used: the first is port mapping, which associates a physical port on a switch to a vExternal. A vExternal is a logical component that represents an external entity to the switching fabric. This entity can be a server, a virtual machine, appliance or another switch port.
The second mapping technology is called VLAN Map, which enables the dynamic association of VLAN tagged traffic to a VTN. This mapping is agnostic to the physical location of the origin of the tagged traffic, and subsequently dynamically detects physical port information as to the origin of the host. The connectivity between vExternals is accomplished through other logical components of the VTN. Specifically, L2 is handled by the logical entity vBridge, L3 is handled by the vRouter and interconnects or virtual cables are created using vLinks.
By these mechanisms logical topologies can be created that provide end-to-end connectivity and reliability while remaining agnostic to the underlying switch fabric. The VTN also provides traffic steering capability using the flow-list and flow-filter mechanisms. These mechanisms enable traffic steering capabilities by enabling modification of packet header information and redirection to logical entities within the VTN layer.
These mechanisms in turn enable intelligent traffic orchestration including but not limited to load balancing, service chaining and path selection. The flow-filter/flow-list mechanisms support traffic matching on the flows 12-tuple. This traffic steering capability is in addition to ProgrammableFlow’s support for 8-way ECMP and Path Policy mechanisms. The 8-way ECMP mechanism allows for traffic to be equally distributed across up to 8 paths between two entities for improved utilization and reduced network congestion.
The Path Policy mechanism enables weights to be delegated to links within the physical topology that can subsequently be used for traffic prioritization. Traffic can then be assigned to these pre-calculated paths based on a 12-tuple match. These mechanisms, among others, simplify network orchestration and management while exposing a sophisticated set of functionality that enables fine-grain control over network resources if required. The diagram below illustrates how multiple L2 VTNs can be overlaid on the same physical topology.
In addition to the core SDN orchestration technologies, NEC has also developed a variety of controller applications and mechanisms that take advantage of OpenFlow to solve existing and real business problems. One such application is the Traffic Monitor.
TRAFFIC MONITOR – BANDWIDTH MANAGEMENT
Traffic Monitor is functionally based on defined bandwidth thresholds which can aid with capacity planning, management and operations in an environment where bandwidth fluctuations are essential.
As traffic levels increase on for a flow between two endpoints in the same Virtual Tenancy Network (VTN), the NEC PFC continuously receives flow statistics updates. Once the user defined threshold is met or has been exceeded, the PFC Graphical User Interface highlights a visual indicator, as well as PFC CLI warning messages.
Extreme Networks Open Fabric – The Foundation Framework for SDN
The Extreme Networks Open Fabric architecture is built from a four-layer modular framework that allows for growth and innovations as new technologies arise.
HIGH PERFORMANCE NETWORK INFRASTRUCTURE
With Extreme Networks Open Fabric Edge, network fabric attributes traditionally characteristic of the data center – such as high speeds, low latency, lossless connectivity, multiple paths for resiliency, low power use, automation capabilities, and open standards – are now extended to the campus, enterprise, and other mission critical networks that requires high performance, high scale and resiliency.
Server and IT service requirements are driving increased demand for 10GbE ports at the server or service edge layer while increasing networking fabric requirements for 10GbE and 40GbE interconnectivity at the traditional aggregation layer. Additionally, 1GbE Server or Service Edge ports remain important for legacy or lower bandwidth requirements. In the context of the Open Fabric Edge, enterprises benefit from high density 1GbE ports and 10GbE uplinks, and 10GbE ports with 40GbE uplinks, from the Summit X4xx series to the Summit X6xx series.
Low latency is a growing requirement for intensive, time-critical applications. In support of the Open Fabric Edge, Extreme Networks Summit X670 Top of Rack switch achieves latency of 800-900 µsec, while the Extreme Networks BlackDiamond X8 chassis-based solution can switch frames in as little as 2.3 µsec.
Lossless requirements are derived from converging Fiber Channel networks onto Ethernet, with the goal of achieving the same stringent requirements for maintaining data integrity in an Ethernet-based storage environment. To support a lossless environment, Extreme Networks supports open standards Data Center Bridging (DCB) and Data Center Bridging Exchange (DCBX).
Multiple Path link support is another requirement in networking fabrics. Supporting multiple links in a fabric has traditionally been supported with the Spanning Tree Protocol (STP). However, STP is limited in that one link will be forwarding and one link will not, due to its own algorithm. Today’s multi-path must go beyond STP and not only support multiple paths, but also support multiple paths at the same time. Link Aggregation (LAG) is an open standards 802.3ad solution to bundle ports together for multi-path support. Multi chassis LAG (MLAG) is an evolution of 802.3ad that allows the bundled ports to be distributed to two chassis uplinks for chassis level redundancy.
One new multi-path offering is TRILL, Transparent Interconnections of Lots of Links. TRILL combines the flexibility and cost benefits of Layer 2 Ethernet switching with the scalability and rapid convergence capability of link state routing algorithms. TRILL enables full link and bandwidth utilization, a clear benefit over STP, while finding the “best” path through the fabric using well-known routing technologies.
Low Power Consumption
As the networking fabric moves to higher speeds and higher speed densities, power and cooling requirements are critical to ensure the proper thermal operating conditions and increasingly important to the IT cost structure as energy costs fluctuate.
As networking fabrics increase in size, scale and services, being able to meet changing needs on-demand becomes increasingly critical. In this context, automation plays an increasingly important role that supports many key areas, including device detection, provisioning and configuration, server automation for workload mobility and business continuity, and to automate user and device identity management across a wired and wireless fabric.
Open standards are central to Extreme Networks Open Fabric Edge. With open standards, enterprises are assured that products within the Extreme portfolio interoperate and that 3rd party integration is based on cost-effective compliance with industry standards. Open standards insure enterprises that products within the Extreme portfolio seamlessly interoperate with third party applications and hardware. Vendor lock-in is minimized and risk is lowered as the open standards approach allows multiple vendors to develop towards a common goal that ultimately benefits the enterprise customer.
SINGLE POWERFUL NETWORK OPERATING SYSTEM – EXTREMEXOS
Leveraged across all Extreme switching platforms, ExtremeXOS is the single operating system that powers the Open Fabric Edge. Several key advantages characterize the benefits of ExtremeXOS: with a single OS running on the network, deployments, management overhead, maintenance updates and most importantly, synchronized and aligned feature sets remain consistent throughout your network.
ExtremeXOS is engineered to support the increasing demands placed on converged networking, cloud and enterprise data centers while providing a single OS from core to edge. Among the key highlights are Modularity, Extensibility, Integrated Security, Identity Management, PoE/PoE+, and Connected Device Automation.
ExtremeXOS is a modern modular, memory protected operating system that allows feature applications to run as individual processes with isolation. This allows individual process restart and recovery increasing system resiliency and system integrity.
ExtremeXOS enables features to be added to your network on demand, without the disruption of rebooting your switches. ExtremeXOS modular design supports loadable feature packages (Extreme Module Software Packages – XMODs) that can be installed in a live, running system without downtime. Scripting and Universal Port Manager (UPM) provide custom automation capabilities.
Additionally, UPM can detect a user-defined action on a port, such as the addition of a newly connected device, and trigger a custom script. For example, if an IP Camera or a UC IP Handset is plugged into a switch port, UPM can detect this device via standards-based LLDP (802.1ab) and execute a set of actions that might include applying a Quality of Service Profile and activating Power over Ethernet+.
Hardening a network against unwanted exploitation of system resources involves protecting the switch platform from unauthorized control or Denial of Service (DOS) attack, and also securing the integrity of users or connected devices onto the network. Embedded into ExtremeXOS are security features such as Access Control Lists (ACL) for policy based packet filtering, and Clear-Flow, a unique capability that monitor counters from ACLs or those that are defined in the XOS and has a set of actions available based on crossing thresholds or meeting conditions.
For example, Clear-Flow actions can be triggered by increasing ACL hits on an unknown source IP address leading to port-mirroring and traffic analysis. In addition, support for Wide Key ACLs improves security by progressing beyond source/ destination IP address and MAC address as identification criteria and examining the IP address and VLAN of the user as well.
Centralized Management Platform
Ridgeline is Extreme Networks scalable, full-featured network and service management tool that simplifies configuration, provisioning, troubleshooting, and status monitoring of IP-based networks. It offers a comprehensive set of network management applications for the network and its elements while adding valuable and intuitive features that help save time by streamlining common tasks.
Ridgeline configures and maintains networks that are undergoing rapid change due to convergence, offering intuitive
user interfaces and reducing the complexity of managing converged networking environments. Ridgeline offers an open architecture to accommodate a multi-vendor, service rich environment that enables voice-class availability and the enforcement of robust security policies.
Additionally, Ridgeline’s targeted Feature Packs allow network managers to customize their Ridgeline installation for their environment. The powerful service management features of the Ridgeline Service Advisor Feature Pack enable carriers to monetize their networks by shifting from reactive circuit monitoring to proactive service management. Ridgeline unifies service fulfillment, service assurance, and service engineering so carriers can effectively manage next-generation residential triple play, business Ethernet, wholesale Ethernet, and mobile backhaul services.
ExtremeXOS supports open standards and can integrate with 3rd party management tools using all SNMP versions, Extreme Networks specific MIB extensions for additional insight, ExtremeXOS Chalet™ for web based management, and XML based APIs over Telnet and SSH or HTTP and HTTPS.
Besides Ridgeline and existing 3rd party management systems, the Open Fabric Edge framework also supports programmable networking with XML based APIs and OpenFlow and OpenStack.
At the top layer of the Open Fabric Framework, are the applications themselves. Traditional client-server applications, virtualized applications from a cloud service provider, or workforce mobility applications running on smartphones or tablets, all optimized running on top of the Open Fabric architecture. In fact, the Open Fabric architecture increased the efficiency of these applications because of the economical and logical grouping of technologies and the predictable and consistent single Operating System, ExtremeXOS, running across all product platforms.
SOFTWARE DEFINED NETWORKING APPLICATIONS
SDN applications are also at the top of the Open Fabric architecture when using SDN as the centralized management platform. The value of SDN extends beyond OpenFlow and OpenStack; SDN also includes network programmability via XML standards based APIs. With Extreme Networks, you can leverage OpenFlow, OpenStack, and XML for direct programming of the network infrastructure. Applications that use these network programmability methods directly manage the ExtremeXOS abstraction layer that remains the same across any part of Extreme Networks infrastructure.
Extreme Networks switches provide high performance 1GbE, 10GbE, and 40GbE Ethernet hardware data planes that provide interoperability and multi-site capabilities with the NEC ProgrammableFlow Controller. Together we enable organizations to create large physical and virtual networks, and flexible and agile network visibility solutions. With an ever-increasing list of capabilities that comply with current OpenFlow standards, Extreme Networks is dedicated to providing the optimal hardware data plane for Software Defined Networks and supporting the most cost effective network application delivery platform.