Data Centers & Clouds Network Plumbing with Palo Alto
Size: px
Start display at page:

Download "Data Centers & Clouds Network Plumbing with Palo Alto"

Transcription

1 Data Centers & Clouds Network Plumbing with Palo Alto

2 Topics Day Two: Public Cloud - Routing in hybrid cloud environments: Amazon, Azure, vcloud Air. - L2 connectivity from private DC to public DC. - Load balancing solutions in AWS and Azure, vs. traditional HA. - How to respond to questions about VM throughput concerns. - Responses to questions around other topics: - Google Cloud - Containers - Orchestration Systems

3 Panorama: Central management of all PAN s The Data Center Security Ecosystem Wildfire Cloud-Based Threat Intelligence Aperture SaaS DropBox, Box.com Public Cloud Network, WAN Hardware Firewalls HA Cisco ACI Virtual Firewalls Data Center Network Orchestration - REST API - OpenStack - UCS Director - Cisco ACI - NUAGE Hardware Firewalls REST API Virtualized Servers / Private Cloud ESXi, KVM, Hyper-V Physical Servers

4 SDN One question, with several answers: - How do I automate the Network? Data Centers have 3 basic resources: C, S, N VMware is good at virtualizing Compute and Storage, but not Network resources. Common themes in all SDN solutions today: - Overlay Tunnels, for instant network topologies. - API, for programmability via centralized Controller. - Metadata / Tagging, for tracking independent of IP s.

5 Security Policy based on Metadata, not on Port/IP Traditional firewall policy: Source IP subnet Destination IP subnet TCP Port 80 Policy based on Metadata, context-aware tags: Sharepoint Servers New York DC

6 VM tagging and API s Firewall API IP s and MetaData Orchestration System Hypervisor

7 Define Security Policy against Metadata An empty bucket, into which IP addresses are dumped.

8 Dynamic Address Groups VMware, AWS, OpenStack Name IP Guest OS Container web-sjc Ubuntu Web sp-sjc Win 2008 R2 SharePoint web-sjc Ubuntu Web exch-mia Win 2008 R2 Exchange exch-dfw Win 2008 R2 Exchange PAN-OS Dynamic Address Groups Name Tags Addresses SharePoint Servers MySQL Servers Miami DC SharePoint Win 2008 R2 sp MySQL Ubuntu db mia sp-mia Win 2008 R2 SharePoint db-mia Ubuntu MySQL API San San Jose Jose Linux Linux Web Web Servers Servers sjc web Ubuntu db-dfw Ubuntu MySQL db-mia Ubuntu MySQL PAN-OS Security Policy Hardware or VM Firewalls Source Destination Action SharePoint Servers MySQL Servers San Jose Linux Web Servers Miami DC

9 Each VM associated with a lot of Metadata Tags Tag Name Format Tag Name Format UUID for VM instance uuid.<uuid sring> VLAN ID vlanid.<vlan ID> VM Instance Name vmname.<name string> VM Info Source vm-info-source.<name string> Guest OS guestos.<guset OS name> Datacenter Object Name VM State state.<vm power state> Resource Pool Name datacenter.<datacenter object name> resource-pool.<resourcepool object name> Annotation annotation.<annotation string> Cluster Object Name cluster.<cluster object name> VM Version version.<version string> Hostname hostname.<host name> Virtual Switch Name vswitch.<virtual switch name> Host IP Address host-ip.<host IP address> Port Group Name portgroup.<network name>

10 Centralized : Hardware + Virtual Consistent Policy across entire Data Center Firewall Hypervisor Hypervisor Hypervisor

11 Virtual Firewalls vs. Virtual Instances VSYS VSYS VSYS Virtual Firewall #1 Virtual Firewall #2 Virtual Instances Virtual Firewall #3 Virtual Firewall

12 2 Types of Virtual Firewalls 2 types of network visibility Gateway VM-Firewall (4 Capacities) VM-100 VM-200 VM-300 VM-1000-HV VM-1000-HV VM-Firewall (for NSX)

13 Model Sessions Rules Security Zones Address Objects IPSec VPN Tunnels SSL VPN Tunnels Routing Table Size VM , , ,000 VM ,000 2, , ,250 VM ,000 5, ,000 1, ,000 VM-1000-HV ( Gateway & NSX ) 250,000 10,000 1 or 40 10,000 2, ,000 PA Million 40, ,000 8,000 Over 1 Mil 64,000 Half = IPv4 Half = IPv6

14 VMware NSX

15 #1: Virtualized equivalent of physical topology Gateway Virtual Firewall Server Chassis PAN Forwarding Plane vshield VMware s Virtual Switch Hypervisor ESX & ESXi VLAN 1 Physical Firewall VLAN 2

16 Virtual Firewall for VMware vsphere Host 1 Host 2 Distributed Port Group 1 Palo Alto VM-300 Distributed Port Group 2 Palo Alto VM-300 Distributed Port Group 3 ToR Uplink ToR Uplink Data Center Network VLAN s

17 Micro-segmentation Every VM a dedicated segment Web DB App App Web DB Redirect Filter Virtual Switch Forwarding Plane NSX Distributed Firewall Hypervisor

18 NSX Service Composer

19 NSX Service Composer

20 Micro-segmentation Every VM a dedicated segment Web DB App App Web DB Virtual Switch Forwarding Plane NSX Distributed Firewall Hypervisor

21 Micro-segmentation Every VM a dedicated segment Web DB App App Web DB Virtual Switch Forwarding Plane NSX Distributed Firewall Hypervisor

22 Micro-segmentation Every VM a dedicated segment Web DB App App Web DB Virtual Switch Forwarding Plane NSX Distributed Firewall Hypervisor

23 Micro-segmentation Every VM a dedicated segment Web DB App App Web DB Virtual Switch Forwarding Plane NSX Distributed Firewall Hypervisor

24 NSX Distributed Firewall DFW Performs Port-Based firewalling Application = TCP/UDP port number Distributed Port Groups NSX Distributed Firewall Hypervisor A Hypervisor B

25 NSX Distributed Firewall DFW Performs Port-Based firewalling Application = TCP/UDP port number Distributed Port Groups NSX Distributed Firewall Hypervisor A Hypervisor B

26 -7 firewall augments the DFW Performs -7, Deep-Packet firewalling Application = Data Payload Signatures Distributed Port Groups NSX Distributed Firewall VM Firewall Hypervisor A Hypervisor B VM Firewall

27 NSX Composer steers traffic Some flows to VM-firewall, some to DFW, some to external hardware LAN appliances Distributed Port Groups NSX Distributed Firewall VM Firewall Hypervisor A Hypervisor B VM Firewall Hardware Firewall

28 L1 VMware NSX - Micro-Segmentation, packets inspected above the Forwarding Plane. - Full -7 packet inspection. Spine Switches Leaf Switches VXLAN Tunnel

29 Overly Tunnels - VXLAN VM VM VM VM Firewall VXLAN Distributed Switch VM Firewall VM Firewall VTEP VTEP VTEP VXLAN Overlay Tunnel VXLAN Overlay Tunnel Data Center Network

30 Separation of Access, between Firewalls & Systems SysAdmin/Storage Teams Network/Security Teams Switch Firewall Router

31 Automated, transparent insertion with dynamic VM-context Virtual Infrastructure Admin Register VM-1000-HV as an available service Security Admin VMware NSX Update with real-time context of VM deployment Panorama Automatically deploy VM-1000-HV on all hosts Hypervisor rules for firewall service insertion Dynamically update firewalls with VM context for use in policy Create and install security policy on VM-1000-HV

32 How it works: Components , Palo Alto Networks. Confidential and Proprietary.

33 How it works: Registration , Palo Alto Networks. Confidential and Proprietary.

34 NSX GUI

35 How it works: Deployment , Palo Alto Networks. Confidential and Proprietary.

36 How it works: Licensing and Configuration , Palo Alto Networks. Confidential and Proprietary.

37 How it works: Traffic Re-direction Rules , Palo Alto Networks. Confidential and Proprietary.

38 NSX GUI

39 How it works: Real-time updates , Palo Alto Networks. Confidential and Proprietary.

40 NSX GUI

41 NSX GUI

42 How it works: Dynamic Address Groups: Address Updates , Palo Alto Networks. Confidential and Proprietary.

43 How it works: Complete Picture , Palo Alto Networks. Confidential and Proprietary.

44 Cisco ACI

45 L1 VMware NSX - Micro-Segmentation, packets inspected above the Forwarding Plane. - Full -7 packet inspection. Spine Switches Leaf Switches VXLAN Tunnel

46 Cisco ACI EPG #1 EPG #2 Spine Switches Leaf Switches Service Graph L4 L7 Service Block Virtual or Hardware

47 Network Tenant Virtual Domain Bridge-domain 1 Bridge-domain 2 Application VMware vcenter EPG1 EPG2 Contract Subject Service Graph Function (NGFW) Device Selection Profile Cluster Device1 Device2 Physical Domain Physical Firewall Function Profile , Palo Alto Networks. Confidential and Proprietary.

48

49

50 UCS Director: Compute/Storage Controller (equivalent to VMware vcenter) ACI APIC: Network Controller (equivalent to VMware NSX Controller) Hypervisor PAN Firewall PAN APIC ACI Controller

51 Palo Alto Networks ACI APIC

52 Cisco ACI configuration flow 2. Create Application Networking and assign NGFW Service 1. Create Security Policy for Application Panorama Cisco APIC 4. Assign security policy to firewall Network Admin Security Admin 3. Network Configuration Hostname IP Address VLAN Security Zone 5. Security Configuration Security Policies Profiles Address Objects Next Generation Firewall

53 API s from Palo Alto back into ACI APIC Palo Alto Firewall EPG #1 EPG #2 ACI Service Graph Logs ACI Contract API e.g. Quarantine IP ACI APIC Controller

54

55 OpenStack

56 OpenStack, Neutron plugin Nova Swift Neutron Compute Storage Networking Plugin L3 FW L2 L3 FWaaS LBaaS VPNaaS

57 Orchestration: OpenStack Network Private Network 1 Private Network 2 VM VM VM VM VM Tenant 1 Tenant 2

58 OpenStack Model #1 L3 Neutron Plugin Network Network Node Compute Node Controller neutron l2-plugin neutron l2-plugin neutron controller vmseries l3-agent nova-compute L3 plugin ML2 VM-Series VM-Series WEBServer nova controller DAG Notifier Network Data Network

59 OpenStack Model #2 Nova Deployment Network Security Controller DAG LM VM running VM Monitoring Network Node Compute Node Controller neutron l2-plugin neutron l2-plugin neutron controller nova-compute L3 plugin ML2 WEB Server WEB Server VM- Series VM- Series Data Network nova controller Network

60 Service Chaining Virtual Firewall Virtual Load-Balancer Virtual WAN Accelerator Tenant 1 Tenant 2 Service Chain-2 Service Chain-1 vswitch vswitch vswitch

61 NUAGE Panorama OpenStack Controller Nova Compute Node Neutron VRS Nuage Neutron Plugin nova-compute-agent VSC VSD

62 Example: SDN Controller leveraging API Either API calls or Arista-like passing of initial packets

63 Nuage

64 Arista Cloud Vision

65 Big Switch: Big Cloud Fabric TENANT FW For North-South Traffic FW For East-West Traffic WEB-Tier APP-Tier DB-Tier FW FW FW

66 Service Providers

67 SDN REST API & OpenStack Virtual Firewalls Virtual Switch Virtual Switch Virtual Routers AP I SDN Controller

68 SDN: Controllers Virtual Firewalls Virtual Switch Virtual Switch Virtual Routers Hardware Firewalls??? SDN Controller Controllers: - Juniper Contrail - Open Daylight - Nuage - Cumulus Protocols: - OpenFlow - NetConf - XMPP - I2RS

69 SDN: Controllers Hardware firewalls don t participate in SDN signaling They should just let it pass via vwire. Virtual Firewalls Virtual Switch Virtual Switch Virtual Routers vwire SDN Controller

70 SDN & NFV Controllers utilize our API & Orchestration integration Virtual Firewalls Virtual Switch Virtual Switch Virtual Routers AP I SDN Controller

71 SDN: 2 Parallel Threat Vectors

72 Orchestration

73 AT&T Orchestration with NEC NetCracker OSS/BSS Service Ordering/Service NEC System Orchestrator DNS SV RestAPI WebAPI vfirewall #1 vfirewall #2 vfirewall #3 vfirewall #4 vfirewall #5 Enterprise A VTN: APN1 Malware Injected Enterprise B Enterprise C AT&T Mobile S1-U S1-MME NEC vepc Server Rack SGi P F S VTN: APN2 VTN: APN3 SDN Control Internet

74 Load-Balancing large flows Virtual Network Functions (VNF) Large incoming flow Virtual Load Balancer Virtual Load Balancer

75 Same idea as the Firewall Sandwich with Arista Switches

76 CGNAT PAN-OS CGNAT with DIPP & oversubscription scales to the limit of hardware platform WHAT PA-7080 PA-7050 PA-5060 PA-5050 PA-5020 PA-3060 PA-3050 PA-3020 DIPP Max Translated IP Number DIPP Pool Oversubscription Max # of NAT Sessions per Translated IP with DIPP 4,000 4,000 4,000 2, , , , , , , , ,022 Max # of NAT System-wide Sessions with DIPP 40,000,000 24,000,000 4,194,304 2,000,002 1,048, , , ,144

77 SDN Lite: Arista DirectFlow Assist Point to Arista Switch as a Syslog server Arista Switch Firewall Physical or Virtual Forward initial packets to us, for decision. 10 Gig 10 Gig 10 Gig

78 Orchestration / Automation Virtual Firewall Orchestration System REST API Hardware Firewall

79 Orchestration / Automation PAN Firewall Full PAN-OS CLI command-set exposed as XML-formatted REST API libraries Orchestration System Palo Alto developed: - PAN-Python modules - API libraries in PERL - OpenStack Neutron plugin - CloudStack integration - Ansible modules - Commercial: - Tail-f - CA Technologies - NEC Netcracker - BMC

80 Example of an XML-formatted API call QT09=&action=set&vsys=vsys1&cmd=<uidmessage><version>1.0</version><type>update</type><payload><register><entry identifier= mapservers" ip=" "/></register></payload></uid-message> IP: Palo Alto Networks Firewall Hardware or Virtual

81 Hardware Firewalls

82 Model Sessions Rules Security Zones Address Objects IPSec VPN Tunnels SSL VPN Tunnels Routing Table Size VM , , ,000 VM ,000 2, , ,250 VM ,000 5, ,000 1, ,000 VM-1000-HV ( Gateway & NSX ) 250,000 10,000 1 or 40 10,000 2, ,000 PA Million 40, ,000 8,000 Over 1 Mil 64,000 Half = IPv4 Half = IPv6

83 Small Data Center examples

84 Data Center examples Small Medium

85 Data Center examples Small Medium Large Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

86 Small Corporate Data Center 3 Tiers Firewall Firewall Firewall Firewall

87 Small Corporate Data Center 3 Tiers - Often, no routing protocol is running in the Data Center. OSPF Area 0 Static Routes Firewall Firewall

88 Mid-sized Corporate Data Center Enterprise Network

89 Mid-sized Corporate Data Center - Routing Enterprise Network ABR ABR OSPF Area 0 OSPF Stub Area or RIP

90 Large Data Center or Service Provider Network Architecture Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

91 FrontEnd firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

92 FrontEnd firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

93 FrontEnd firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

94 Large Data Center or Service Provider Network Architecture Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

95 BackEnd firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

96 BackEnd firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

97 BackEnd firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

98 Large Data Center or Service Provider Network Architecture Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

99 firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

100 firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

101 firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

102 firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

103 firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

104 Large Data Center or Service Provider Network Architecture Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

105 firewall traffic flow Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

106 Large Data Center or Service Provider Network Architecture Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

107 Routing: BGP usually only at Perimeter routing Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 BGP PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

108 Routing: OSPF usually between Perimeter & Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 BGP PE Routers PE Routers PE Routers CE Router 1 CE Router 2 OSPF Service Switches Access Access Switches

109 Routing: OSPF usually between Perimeter & Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 BGP PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service OSPF Switches STP Access Access Switches

110 Spanning Tree should be as close to edge as possible Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 BGP PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service OSPF Switches STP Access Switches Access

111 Spanning Tree should be as close to edge as possible Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 BGP PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches

112 BGP can extent into to enforce Policy deeper Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 BGP Service Switches Access Access Switches

113 BGP can extend down to enforce Routing & Policy isolation Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers BGP AS 1 BGP AS 2 CE Router 1 CE Router 2 Service Switches Access Access Switches

114 BGP can extend up to enforce Customer Routing & Policy isolation Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches BGP Access Access Switches

115 BGP can extend up to enforce Customer Routing & Policy isolation Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches Customer MPLS circuits

116 BGP can extend up to enforce Customer Routing & Policy isolation Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service Switches Access Access Switches BGP AS 1, 2, & 3 Customer MPLS circuits

117 BGP can extend up to enforce Customer Routing & Policy isolation Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 OSPF Service Switches Access Access Switches BGP AS 1, 2, & 3 Customer MPLS circuits

118 BGP can extend up to enforce Customer Routing & Policy isolation Perimiter ebgp Other Data Centers Internet Peer 1 PE Routers PE Routers PE Routers Internet Peer 2 CE Router 1 CE Router 2 OSPF Service Switches Access Access Switches BGP AS 1, 2, & 3 Customer MPLS circuits

119 OSPF Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service One big Area 0 Backbone Switches Access Access Switches

120 OSPF Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Service OSPFv2 = IPv4 OSPFv3 = IPv6 Switches Access Access Switches

121 OSPF Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 Smaller Backbone Service Switches Access Access Switches

122 OSPF OSPF Stub Areas Other Data Centers Internet Peer 1 PE Routers PE Routers PE Routers Internet Peer 2 Perimiter CE Router 1 CE Router 2 Smaller Backbone Service Switches OSPF Stub Areas Access Switches Access

123 OSPF OSPF Stub Areas Other Data Centers Internet Peer 1 PE Routers PE Routers PE Routers Internet Peer 2 BGP Perimiter CE Router 1 CE Router 2 Smaller Backbone Service Switches OSPF Stub Areas Access Switches Access

124 Very Large-Scale Routing: IS-IS (thousands of nodes) Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 IS-IS L1/L2 Service Switches Access Access Switches

125 Very Large-Scale Routing: IS-IS (thousands of nodes) Use vwire Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 IS-IS L1/L2 Service Switches Access Access Switches

126 Very Large-Scale Routing: IS-IS (thousands of nodes) Use vwire Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 IS-IS L1/L2 Service Switches OSPF Access Access Switches

127 Very Large-Scale Routing: IS-IS (thousands of nodes) Use vwire Perimiter BGP Other Data Centers Internet Peer 1 PE Routers PE Routers PE Routers Internet Peer 2 CE Router 1 CE Router 2 IS-IS L1/L2 Service Switches OSPF Access Access Switches

128 PAN-OS does routing, but not full Internet routing Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 PAN-OS 64K Routes Service Switches Access Access Switches

129 PAN-OS does routing, but not full Internet routing Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 PAN-OS 64K Routes 32K IPv4 32K IPv6 Switches Service Access Access Switches

130 PAN-OS does routing, but not full Internet routing Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 PAN-OS 64K Routes 32K IPv4 32K IPv6 225 VR s 225 VSYS Switches Service Access Access Switches

131 PAN-OS does routing, but not full Internet routing Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 PAN-OS 64K Routes 32K IPv4 32K IPv6 225 VR s 225 VSYS Switches Service VM-Series 1,000 Routes All IPv4 or All IPv6 Access Switches Access

132 PAN-OS does routing, but not full Internet routing Perimiter Other Data Centers Internet Peer 1 Internet Peer 2 PE Routers PE Routers PE Routers CE Router 1 CE Router 2 PAN-OS 64K Routes 32K IPv4 32K IPv6 225 VR s 225 VSYS Switches Service VM-Series 1,000 Routes All IPv4 or All IPv6 3 VR s, no VSYS Access Switches Access

133 & Access s: Logical Topology - Leaf & Spine topology. Also called Clos Fabric. Spine () Leaf (ToR) Racks

134 Clos Fabric - Requires Equal Cost MultiPath Routing (ECMP) - Avoids problem of blocked ports with Spanning Tree. - All links available. Spine () Leaf (ToR) Racks

135 Clos Fabric - No end-points more than 3 hops away from each other. Spine () Leaf (ToR) 1 2 Racks

136 Clos Fabric - No end-points more than 3 hops away from each other. Spine () 2 Leaf (ToR) 1 3 Racks

137 VM-to-VM flows never traverse ToR switches - VM-to-VM s exist in abstracted topology, within servers. - VMware, OpenStack, Citrix XenServer, etc. Spine () Leaf (ToR) Racks VM-to-VM traffic within a Hypervisor never traverses the ToR

138 Very Large & Access Topology - With 64 switches, you can have 512 ToR switches.

139 Very Large & Access Topology - Firewalls in fabric add a 3 or 2 hop.

140 Very Large & Access Topology - -3 mode = 5 hops

141 Very Large & Access Topology - vwire mode = 3 hops vwire = Transparent 2 1 3

142 Very Large & Access Topology

143 Very Large & Access Topology - Adding 10Gig ports reduces hops, but increases cost.

144 Panorama The Data Center Security Ecosystem Wildfire Cloud-Based Threat Intelligence Aperture SaaS DropBox, Box.com Public Cloud Network, WAN Data Center Network Virtualized Servers / Private Cloud ESXi, KVM, Hyper-V Physical Servers

Similar documents

Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung. Alexei Agueev, Systems Engineer

Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung. Alexei Agueev, Systems Engineer Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung Alexei Agueev, Systems Engineer ETHERNET MIGRATION 10G/40G à 25G/50G/100G Interface Parallelism Parallelism increases

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme NET1949BU Seamless Network Connectivity for Virtual and Bare-metal s with NSX Suresh Thiru Sridhar Subramanian VMworld 2017 Content: Not for publication VMworld 2017 - NET1949BU Disclaimer This presentation

More information

1V0-642.exam.30q.

1V0-642.exam.30q. 1V0-642.exam.30q Number: 1V0-642 Passing Score: 800 Time Limit: 120 min 1V0-642 VMware Certified Associate 6 Network Visualization Fundamentals Exam Exam A QUESTION 1 Which is NOT a benefit of virtualized

More information

Nexus 1000V in Context of SDN. Martin Divis, CSE,

Nexus 1000V in Context of SDN. Martin Divis, CSE, Nexus 1000V in Context of SDN Martin Divis, CSE, mdivis@cisco.com Why Cisco Nexus 1000V Losing the Edge Server Admin Host Host Host Host Server Admin manages virtual switching! vswitch vswitch vswitch

More information

Exam Name: VMware Certified Associate Network Virtualization

Exam Name: VMware Certified Associate Network Virtualization Vendor: VMware Exam Code: VCAN610 Exam Name: VMware Certified Associate Network Virtualization Version: DEMO QUESTION 1 What is determined when an NSX Administrator creates a Segment ID Pool? A. The range

More information

Quick Start Guide (SDN)

Quick Start Guide (SDN) NetBrain Integrated Edition 7.1 Quick Start Guide (SDN) Version 7.1a Last Updated 2018-09-03 Copyright 2004-2018 NetBrain Technologies, Inc. All rights reserved. Contents 1. Discovering and Visualizing

More information

Design Guide: Deploying NSX for vsphere with Cisco ACI as Underlay

Design Guide: Deploying NSX for vsphere with Cisco ACI as Underlay Design Guide: Deploying NSX for vsphere with Cisco ACI as Underlay Table of Contents Executive Summary... 2 Benefits of NSX Architecture... 4 2.1 NSX Primary Use Cases... 4 2.2 Logical Layer Connectivity...

More information

Building NFV Solutions with OpenStack and Cisco ACI

Building NFV Solutions with OpenStack and Cisco ACI Building NFV Solutions with OpenStack and Cisco ACI Domenico Dastoli @domdastoli INSBU Technical Marketing Engineer Iftikhar Rathore - INSBU Technical Marketing Engineer Agenda Brief Introduction to Cisco

More information

JN0-210.juniper. Number: JN0-210 Passing Score: 800 Time Limit: 120 min.

JN0-210.juniper. Number: JN0-210 Passing Score: 800 Time Limit: 120 min. JN0-210.juniper Number: JN0-210 Passing Score: 800 Time Limit: 120 min Exam A QUESTION 1 Which protocol does Juniper Networks recommend to provide real-time updates of the network topology to the NorthStar

More information

Ethernet Fabrics- the logical step to Software Defined Networking (SDN) Frank Koelmel, Brocade

Ethernet Fabrics- the logical step to Software Defined Networking (SDN) Frank Koelmel, Brocade Ethernet Fabrics- the logical step to Software Defined Networking (SDN) Frank Koelmel, Brocade fkoelmel@broc 10/28/2013 2 2012 Brocade Communications Systems, Inc. Proprietary Information ETHERNET FABRICS

More information

OpenStack Networking Services and Orchestration 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION

OpenStack Networking Services and Orchestration 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION OpenStack Networking Services and Orchestration 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION A Brief History of Networking Intelligent Industry Solutions Scale Architecture

More information

Best Practice Deployment of F5 App Services in Private Clouds. Henry Tam, Senior Product Marketing Manager John Gruber, Sr. PM Solutions Architect

Best Practice Deployment of F5 App Services in Private Clouds. Henry Tam, Senior Product Marketing Manager John Gruber, Sr. PM Solutions Architect Best Practice Deployment of F5 App Services in Private Clouds Henry Tam, Senior Product Marketing Manager John Gruber, Sr. PM Solutions Architect Agenda 1 2 3 4 5 The trend of data center, private cloud

More information

Managing Demand Spikes in a highly flexible and agile deployment

Managing Demand Spikes in a highly flexible and agile deployment Managing Demand Spikes in a highly flexible and agile deployment Yuki Sato S2 (Akita, Japan) Jan Hilberath Midokura (Tokyo, Japan) Agenda Company Introduction Why SUSE OpenStack with MidoNet? MidoNet Introduction

More information

VM-SERIES FOR VMWARE VM VM

VM-SERIES FOR VMWARE VM VM SERIES FOR WARE Virtualization technology from ware is fueling a significant change in today s modern data centers, resulting in architectures that are commonly a mix of private, public or hybrid cloud

More information

Huawei CloudFabric and VMware Collaboration Innovation Solution in Data Centers

Huawei CloudFabric and VMware Collaboration Innovation Solution in Data Centers Huawei CloudFabric and ware Collaboration Innovation Solution in Data Centers ware Data Center and Cloud Computing Solution Components Extend virtual computing to all applications Transform storage networks

More information

Integration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit

Integration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit Integration of Hypervisors and L4-7 Services into an ACI Fabric Azeem Suleman, Principal Engineer, Insieme Business Unit Agenda Introduction to ACI Review of ACI Policy Model Hypervisor Integration Layer

More information

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing

More information

Cisco Virtual Networking Solution Nexus 1000v and Virtual Services. Abhishek Mande Engineer

Cisco Virtual Networking Solution Nexus 1000v and Virtual Services. Abhishek Mande Engineer Cisco Virtual Networking Solution Nexus 1000v and Virtual Services Abhishek Mande Engineer mailme@cisco.com Agenda Application requirements in virtualized DC The Anatomy of Nexus 1000V Virtual Services

More information

Network Configuration Example

Network Configuration Example Network Configuration Example MetaFabric Architecture 2.0: Configuring Virtual Chassis Fabric and VMware NSX Modified: 2017-04-14 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089

More information

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT sdn-and-nfv-technical---georgia-tech---sep-2013---v2 Bruno Rijsman, Distinguished Engineer 24 September 2013 Use Cases 2 Copyright 2013 Juniper Networks,

More information

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture Date: 2017-03-29 Version: 1.0 Copyright IBM Corporation 2017 Page 1 of 16 Table of Contents 1 Introduction... 4 1.1 About

More information

Cross-vCenter NSX Installation Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2

Cross-vCenter NSX Installation Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2 Cross-vCenter NSX Installation Guide Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

Cross-vCenter NSX Installation Guide. Update 6 Modified on 16 NOV 2017 VMware NSX for vsphere 6.3

Cross-vCenter NSX Installation Guide. Update 6 Modified on 16 NOV 2017 VMware NSX for vsphere 6.3 Cross-vCenter NSX Installation Guide Update 6 Modified on 16 NOV 2017 VMware NSX for vsphere 6.3 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version

Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version ACE Exam Question 1 of 50. Traffic going to a public IP address is being translated by your Palo Alto Networks firewall to your

More information

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined

More information

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?

More information

Segmentation. Threat Defense. Visibility

Segmentation. Threat Defense. Visibility Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,

More information

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018 Running RHV integrated with Cisco ACI JuanLage Principal Engineer - Cisco May 2018 Agenda Why we need SDN on the Data Center What problem are we solving? Introduction to Cisco Application Centric Infrastructure

More information

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4 NSX-T Data Center Migration Coordinator Guide 5 APR 2019 VMware NSX-T Data Center 2.4 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you

More information

VMWARE SOLUTIONS AND THE DATACENTER. Fredric Linder

VMWARE SOLUTIONS AND THE DATACENTER. Fredric Linder VMWARE SOLUTIONS AND THE DATACENTER Fredric Linder MORE THAN VSPHERE vsphere vcenter Core vcenter Operations Suite vcenter Operations Management Vmware Cloud vcloud Director Chargeback VMware IT Business

More information

Introduction to Neutron. Network as a Service

Introduction to Neutron. Network as a Service Introduction to Neutron Network as a Service Assaf Muller, Associate Software Engineer, Cloud Networking, Red Hat assafmuller.wordpress.com, amuller@redhat.com, amuller on Freenode (#openstack) The Why

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme NET1416BE NSX Logical Routing Yves Hertoghs Pooja Patel #VMworld #NET1416BE Disclaimer This presentation may contain product features that are currently under development. This overview of new technology

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme NET1863BU NSX-T Advanced Architecture, Switching and Routing François Tallet, NSBU #VMworld #NET1863BU Disclaimer This presentation may contain product features that are currently under development. This

More information

Architecting Tenant Networking with VMware NSX in VMware vcloud Director

Architecting Tenant Networking with VMware NSX in VMware vcloud Director VMware vcloud Architecture Toolkit for Service Providers Architecting Tenant Networking with VMware NSX in VMware vcloud Director Version 2.9 January 2018 Steve Dockar 2018 VMware, Inc. All rights reserved.

More information

Cross-vCenter NSX Installation Guide. Update 4 VMware NSX for vsphere 6.4 VMware NSX Data Center for vsphere 6.4

Cross-vCenter NSX Installation Guide. Update 4 VMware NSX for vsphere 6.4 VMware NSX Data Center for vsphere 6.4 Cross-vCenter NSX Installation Guide Update 4 VMware NSX for vsphere 6.4 VMware NSX Data Center for vsphere 6.4 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

Next-Generation Security Platform on VMware NSX Reference Architecture

Next-Generation Security Platform on VMware NSX Reference Architecture t n e g i l l e nt i ES UR T C E T I ARCH Next-Generation Security Platform on VMware NSX Reference Architecture Release 1 March 2018 Contents...... Introduction................................................

More information

Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13

Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q&A Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q. What is the Cisco Cloud Services Router 1000V? A. The Cisco Cloud Services Router 1000V (CSR 1000V) is a router in virtual

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme NET1350BUR Deploying NSX on a Cisco Infrastructure Jacob Rapp jrapp@vmware.com Paul A. Mancuso pmancuso@vmware.com #VMworld #NET1350BUR Disclaimer This presentation may contain product features that are

More information

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec James Edwards Product Marketing Manager Dan Watson Senior Systems Engineer Disclaimer This session may contain product

More information

Empowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA. Bruno Barba Systems Engineer Mexico & CACE

Empowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA. Bruno Barba Systems Engineer Mexico & CACE Empowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA Bruno Barba Systems Engineer Mexico & CACE bbarba@brocade.com Brocade Who is Vyatta? Leader in software-based networking Founded in 2006

More information

NEXT-GENERATION SECURITY WITH VMWARE NSX AND PALO ALTO NETWORKS VM-SERIES

NEXT-GENERATION SECURITY WITH VMWARE NSX AND PALO ALTO NETWORKS VM-SERIES NEXT-GENERATION SECURITY WITH VMWARE NSX AND PALO ALTO NETWORKS SERIES Palo Alto Networks Next-Generation Security With VMware NSX and Palo Alto Networks White Paper 1 Table of Contents Introduction 3

More information

Cisco VTS. Enabling the Software Defined Data Center. Jim Triestman CSE Datacenter USSP Cisco Virtual Topology System

Cisco VTS. Enabling the Software Defined Data Center. Jim Triestman CSE Datacenter USSP Cisco Virtual Topology System Cisco Virtual Topology System Cisco VTS Enabling the Software Defined Data Center Jim Triestman CSE Datacenter USSP jtriestm@cisco.com VXLAN Fabric: Choice of Automation and Programmability Application

More information

21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer

21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer 21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal By Adeyemi Ademola E. Cloud Engineer 1 Contents Introduction... 5 1.2 Document Purpose and Scope...5 Service Definition...

More information

ACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU

ACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU ACI Multi-Site Architecture and Deployment Max Ardica Principal Engineer - INSBU Agenda ACI Network and Policy Domain Evolution ACI Multi-Site Deep Dive Overview and Use Cases Introducing ACI Multi-Site

More information

Service Graph Design with Cisco Application Centric Infrastructure

Service Graph Design with Cisco Application Centric Infrastructure White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...

More information

Securing VMware NSX MAY 2014

Securing VMware NSX MAY 2014 Securing VMware NSX MAY 2014 Securing VMware NSX Table of Contents Executive Summary... 2 NSX Traffic [Control, Management, and Data]... 3 NSX Manager:... 5 NSX Controllers:... 8 NSX Edge Gateway:... 9

More information

NSX Administration Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2

NSX Administration Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2 NSX Administration Guide Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have

More information

Introduction to Cisco Virtual Topology System DP Ayyadevara, Product Manager, Cloud Virtualization Cisco PSOSDN-1050

Introduction to Cisco Virtual Topology System DP Ayyadevara, Product Manager, Cloud Virtualization Cisco PSOSDN-1050 Introduction to Cisco Virtual Topology System DP Ayyadevara, Product Manager, Cloud Virtualization Group @ Cisco PSOSDN-1050 Agenda Cisco Data Center SDN Strategy Programmable Fabric with VTS VTS Architecture

More information

Integration of Hypervisors and L4-7 Services into an ACI Fabric

Integration of Hypervisors and L4-7 Services into an ACI Fabric Integration of Hypervisors and L4-7 Services into an ACI Fabric Bradley Wong Principal Engineer, INSBU Technical Marketing #clmel This session provides a technical introduction to how the ACI fabric handles

More information

Extreme Networks How to Build Scalable and Resilient Fabric Networks

Extreme Networks How to Build Scalable and Resilient Fabric Networks Extreme Networks How to Build Scalable and Resilient Fabric Networks Mikael Holmberg Distinguished Systems Engineer Fabrics MLAG IETF TRILL Cisco FabricPath Extreme (Brocade) VCS Juniper QFabric IEEE Fabric

More information

Network flow automation and Visibility. Arista Networks France IX

Network flow automation and Visibility. Arista Networks France IX Network flow automation and Visibility Arista Networks France IX 2013-09-26 1 Are your workloads moving and scaling at an increased rate? Corporate Overview Are you still waiting for provisioning to happen

More information

Layer-4 to Layer-7 Services

Layer-4 to Layer-7 Services Overview, page 1 Tenant Edge-Firewall, page 1 LBaaS, page 2 FWaaS, page 4 Firewall Configuration, page 6 Overview Layer-4 through Layer-7 services support(s) end-to-end communication between a source and

More information

Xen and CloudStack. Ewan Mellor. Director, Engineering, Open-source Cloud Platforms Citrix Systems

Xen and CloudStack. Ewan Mellor. Director, Engineering, Open-source Cloud Platforms Citrix Systems Xen and CloudStack Ewan Mellor Director, Engineering, Open-source Cloud Platforms Citrix Systems Agenda What is CloudStack? Move to the Apache Foundation CloudStack architecture on Xen The future for CloudStack

More information

Disclaimer CONFIDENTIAL 2

Disclaimer CONFIDENTIAL 2 Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally

More information

Nuage Networks Product Architecture. White Paper

Nuage Networks Product Architecture. White Paper Nuage Networks Product Architecture White Paper Table of Contents Abstract... 3 Networking from the Application s Perspective... 4 Design Principles... 4 Architecture... 4 Integrating Bare Metal Resources...

More information

Cloud Networking From Theory to Practice. Ivan Pepelnjak NIL Data Communications

Cloud Networking From Theory to Practice. Ivan Pepelnjak NIL Data Communications Cloud Networking From Theory to Practice Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications Who is Ivan Pepelnjak... in 30 Seconds Networking engineer since 1985 (DECnet, Netware, X.25, OSI, IP...)

More information

Using Network Virtualization in DevOps environments Yves Fauser, 22. March 2016 (Technical Product Manager VMware NSBU)

Using Network Virtualization in DevOps environments Yves Fauser, 22. March 2016 (Technical Product Manager VMware NSBU) Using Network Virtualization in DevOps environments Yves Fauser, 22. March 2016 (Technical Product Manager VMware NSBU) 2014 VMware Inc. All rights reserved. Who is standing in front of you? Yves Fauser

More information

Layer 4 to Layer 7 Design

Layer 4 to Layer 7 Design Service Graphs and Layer 4 to Layer 7 Services Integration, page 1 Firewall Service Graphs, page 5 Service Node Failover, page 10 Service Graphs with Multiple Consumers and Providers, page 12 Reusing a

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme SAI2803BU The Road to Micro- Segmentation with VMware NSX #VMworld #SAI2803BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology

More information

DELL EMC VSCALE FABRIC

DELL EMC VSCALE FABRIC NETWORK DATA SHEET DELL EMC VSCALE FABRIC FIELD-PROVEN BENEFITS Increased utilization and ROI Create shared resource pools (compute, storage, and data protection) that connect to a common, automated network

More information

VM-SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES

VM-SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES Organizations are adopting Google Cloud Platform to take advantage of the same technologies that drive common Google services. Many business initiatives, such

More information

Virtualization Design

Virtualization Design VMM Integration with UCS-B, on page 1 VMM Integration with AVS or VDS, on page 3 VMM Domain Resolution Immediacy, on page 6 OpenStack and Cisco ACI, on page 8 VMM Integration with UCS-B About VMM Integration

More information

NET1846. Introduction to NSX. Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc

NET1846. Introduction to NSX. Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc NET1846 Introduction to NSX Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc Disclaimer This presentation may contain product features that are currently under development. This overview of new technology

More information

Cisco Application Centric Infrastructure (ACI) Simulator

Cisco Application Centric Infrastructure (ACI) Simulator Data Sheet Cisco Application Centric Infrastructure (ACI) Simulator Cisco Application Centric Infrastructure Overview Cisco Application Centric Infrastructure (ACI) is an innovative architecture that radically

More information

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV. 2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are

More information

IPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX. Jeremy Duncan Tachyon Dynamics

IPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX. Jeremy Duncan Tachyon Dynamics IPv6 Best Operational Practices of Network Functions Virtualization (NFV) With Vmware NSX Jeremy Duncan Tachyon Dynamics Overview NSX as it pertains to NFV How NSX works NSX IPv6 Capabilities & Limitations

More information

2V VMware Certified Professional 6 - Network Virtualization. Exam Summary Syllabus Questions

2V VMware Certified Professional 6 - Network Virtualization. Exam Summary Syllabus Questions 2V0-642 VMware Certified Professional 6 - Network Virtualization Exam Summary Syllabus Questions Table of Contents Introduction to 2V0-642 Exam on VMware Certified Professional 6 - Network Virtualization...

More information

Quantum, network services for Openstack. Salvatore Orlando Openstack Quantum core developer

Quantum, network services for Openstack. Salvatore Orlando Openstack Quantum core developer Quantum, network services for Openstack Salvatore Orlando sorlando@nicira.com Openstack Quantum core developer Twitter- @taturiello Caveats Quantum is in its teenage years: there are lots of things that

More information

Integrating Juniper Networks QFX5100 Switches and Junos Space into VMware NSX Environments

Integrating Juniper Networks QFX5100 Switches and Junos Space into VMware NSX Environments Integrating Juniper Networks QFX5100 Switches and Junos Space into VMware NSX Environments Implementing an NSX vsphere Version 6.3 Overlay with a QFX5100 Underlay Implementation Guide July 2017 Juniper

More information

ONBOARDING GUIDE GLOBALPROTECT CLOUD SERVICE FOR REMOTE NETWORKS

ONBOARDING GUIDE GLOBALPROTECT CLOUD SERVICE FOR REMOTE NETWORKS ONBOARDING GUIDE GLOBALPROTECT CLOUD SERVICE FOR REMOTE NETWORKS GlobalProtect cloud service extends Palo Alto Networks Next-Generation Security Platform to your remote networks and mobile users. It operationalizes

More information

Agenda Basecamp The Journey So Far Enhancements Into the Fear Zone Climbing The VM-Series Performance Peak New VM-Series Models and Licensing Best Pra

Agenda Basecamp The Journey So Far Enhancements Into the Fear Zone Climbing The VM-Series Performance Peak New VM-Series Models and Licensing Best Pra SAI3317BES What s New in Palo Alto Networks VM-Series Integration with VMware NSX A Deep Dive VMworld 2017 Sudeep - Product Line Manager Sai - Product Marketing Content: Not for publication Agenda Basecamp

More information

IP Fabric Reference Architecture

IP Fabric Reference Architecture IP Fabric Reference Architecture Technical Deep Dive jammon@brocade.com Feng Shui of Data Center Design 1. Follow KISS Principle Keep It Simple 2. Minimal features 3. Minimal configuration 4. Configuration

More information

Network Behavior Analysis

Network Behavior Analysis N E T W O R K O P E R AT I O N S. S I M P L I F I E D. FORWARD ENTERPRISE HIGHLIGHTS Forward Networks is the leader in Intent-based Networking and network assurance to automate the analysis and verification

More information

2018 Cisco and/or its affiliates. All rights reserved.

2018 Cisco and/or its affiliates. All rights reserved. Beyond Data Center A Journey to self-driving Data Center with Analytics, Intelligent and Assurance Mohamad Imaduddin Systems Engineer Cisco Oct 2018 App is the new Business Developer is the new Customer

More information

Cisco UCS Director and ACI Advanced Deployment Lab

Cisco UCS Director and ACI Advanced Deployment Lab Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container

More information

White Paper. OCP Enabled Switching. SDN Solutions Guide

White Paper. OCP Enabled Switching. SDN Solutions Guide White Paper OCP Enabled Switching SDN Solutions Guide NEC s ProgrammableFlow Architecture is designed to meet the unique needs of multi-tenant data center environments by delivering automation and virtualization

More information

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version Course: Duration: Fees: Cisco Learning Credits: Kit: DCAC9K v1.1 Cisco Data Center Application Centric Infrastructure 5 days lecture course and hands-on lab $3,295 USD 33 Digital Version Course Details

More information

VMware Validated Design for Micro-Segmentation Reference Architecture Guide

VMware Validated Design for Micro-Segmentation Reference Architecture Guide VMware Validated Design for Micro-Segmentation Reference Architecture Guide VMware Validated Design for Micro-Segmentation 3.0 This document supports the version of each product listed and supports all

More information

SDN+NFV Next Steps in the Journey

SDN+NFV Next Steps in the Journey SDN+NFV Next Steps in the Journey Margaret T. Chiosi AT&T Labs Distinguished Architect SDN-NFV Realization 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks

More information

Cisco SDN 解决方案 ACI 的基本概念

Cisco SDN 解决方案 ACI 的基本概念 Cisco SDN 解决方案 ACI 的基本概念 Presented by: Shangxin Du(@shdu)-Solution Support Engineer, Cisco TAC Aug 26 th, 2015 2013 Cisco and/or its affiliates. All rights reserved. 1 Type Consumption Delivery Big data,

More information

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design White Paper Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design Emerging IT technologies have brought about a shift from IT as a cost center to IT as a business driver.

More information

Dell EMC. VxBlock Systems for VMware NSX 6.2 Architecture Overview

Dell EMC. VxBlock Systems for VMware NSX 6.2 Architecture Overview Dell EMC VxBlock Systems for VMware NSX 6.2 Architecture Overview Document revision 1.6 December 2018 Revision history Date Document revision Description of changes December 2018 1.6 Remove note about

More information

Distributed Systems. 31. The Cloud: Infrastructure as a Service Paul Krzyzanowski. Rutgers University. Fall 2013

Distributed Systems. 31. The Cloud: Infrastructure as a Service Paul Krzyzanowski. Rutgers University. Fall 2013 Distributed Systems 31. The Cloud: Infrastructure as a Service Paul Krzyzanowski Rutgers University Fall 2013 December 12, 2014 2013 Paul Krzyzanowski 1 Motivation for the Cloud Self-service configuration

More information

vrealize Operations Management Pack for NSX for vsphere 3.0

vrealize Operations Management Pack for NSX for vsphere 3.0 vrealize Operations Management Pack for NSX for vsphere 3.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.

More information

Recommended Configuration Maximums. NSX for vsphere Updated on August 08, 2018

Recommended Configuration Maximums. NSX for vsphere Updated on August 08, 2018 Recommended Configuration Maximums NSX for vsphere 6.3.6 Updated on August 08, 2018 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have

More information

SDN TO BE OR NOT TO BE. Uwe Richter SE Director Russia/CIS, East and South East Europe

SDN TO BE OR NOT TO BE. Uwe Richter SE Director Russia/CIS, East and South East Europe SDN TO BE OR NOT TO BE Uwe Richter SE Director Russia/CIS, East and South East Europe uwe@juniper.net FUNDAMENTAL PROBLEMS TO SOLVE Want more innovation in networking Want it more quickly too Want more

More information

vrealize Operations Management Pack for NSX for vsphere 2.0

vrealize Operations Management Pack for NSX for vsphere 2.0 vrealize Operations Management Pack for NSX for vsphere 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.

More information

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack White Paper Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack Introduction Cisco Application Centric Infrastructure (ACI) is a next-generation data center fabric infrastructure

More information

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION

More information

Cisco Application Centric Infrastructure Roadshow. Wednesday, 2. April 14

Cisco Application Centric Infrastructure Roadshow. Wednesday, 2. April 14 Cisco Application Centric Infrastructure Roadshow Wednesday, 2. April 14 Cisco ACI Roadshow - Agenda Business and IT trends Cisco Open Network Environment (ONE) Lunch Cisco Application Centric Infrastructure

More information

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any

More information

Intuit Application Centric ACI Deployment Case Study

Intuit Application Centric ACI Deployment Case Study Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key

More information

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k) Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k) Overview 2 General Scalability Limits 2 Fabric Topology, SPAN, Tenants, Contexts

More information

vshield Administration Guide

vshield Administration Guide vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

SECURING THE MULTICLOUD

SECURING THE MULTICLOUD SECURING THE MULTICLOUD Bahul Harikumar and Ali Bidabadi Juniper Networks This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice.

More information

The Next Opportunity in the Data Centre

The Next Opportunity in the Data Centre The Next Opportunity in the Data Centre Application Centric Infrastructure Soni Jiandani Senior Vice President, Cisco THE NETWORK IS THE INFORMATION BROKER FOR ALL APPLICATIONS Applications Are Changing

More information

Provisioning Overlay Networks

Provisioning Overlay Networks This chapter has the following sections: Using Cisco Virtual Topology System, page 1 Creating Overlays, page 2 Creating Network using VMware, page 4 Creating Subnetwork using VMware, page 4 Creating Routers

More information

Quick Start Guide (SDN)

Quick Start Guide (SDN) NetBrain Integrated Edition 7.1 Quick Start Guide (SDN) Version 7.1 Last Updated 2018-07-24 Copyright 2004-2018 NetBrain Technologies, Inc. All rights reserved. Contents 1. Discovering and Visualizing

More information

Palo Alto Networks PCNSE7 Exam

Palo Alto Networks PCNSE7 Exam Volume: 96 Questions Question: 1 Which three function are found on the dataplane of a PA-5050? (Choose three) A. Protocol Decoder B. Dynamic routing C. Management D. Network Processing E. Signature Match

More information

DELL EMC TECHNICAL SOLUTION BRIEF

DELL EMC TECHNICAL SOLUTION BRIEF DELL EMC TECHAL SOLUTION BRIEF ARCHITECTING A CLOUD FABRIC WHEN DEPLOING VIRTUALIZATION OVERLAS Version 2.0 Author: VICTOR LAMA Dell EMC Networking SE May 2017 Architecting a Data Center Cloud Fabric:

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback