Huntsville Speaker Presentations

Designing the
Modern Data Center Network

Dr. Chip Copper
Strategic Technologist
1
The Industry is in a Mega Transition
By 2020
2015
3rd Platform Cloud spending
IoT > $1.7T > $500B
Cloud, mobile, social,
and data analytics
1995 2nd Platform

Client-server
LAN/WAN, Internet, and IP networks > 1.5B people affected Mobile phones
1st Platform by data hacks > 2.1B
1975 Mainframes, PCs

SNA arch, private lines
© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. 2

Evolutionary Steps to Revolutionary Results
• We understand that change can
be difficult…
Enterprise as
• …we de-risk the transformation
by encouraging an evolutionary
Digital Business
approach to revolutionary results

Digitized Enterprise
• Examples:
Traditional
Enterprise
‒ Branch Office SDN/Network Virtualization.

Non-Linear Strategy ‒ Hybrid Cloud with Fabrics, SDN and VNFs
Conventional Strategy ‒ Automate Management of Existing Infrastructure
with Brocade SDN Controller
‒ Encryption for Securing the New IP Edge
• Change at your pace, in your

own way
Reference Architecture NFV
Network Advisor
Internet
Border Border
Primary Data DCI DCI Secondary
Center Data Center
Fabric Fabric
Visibility Visibility
Analytics Analytics
Branch Office NFV
Campus
Switches
WiFi
Storage Servers Virtualization Storage Servers Virtualization
Automation &
Orchestration Network
Advisor

Evolution of Datacenter Architectures
INTERNET DC INTERCONNECT
Core
Core
SUPER SPINE
WAN
EDGE
Agg
Leaf / Spine Scale Out SPINE BORDER LEAF

Access
LEAF 10G
DC POD 1 DC POD N Edge Services

POD
Scale-out Layer 2 Fabric Scale-out Layer 3

3-tier Architecture Architecture Fabric Architecture
Overlays with NSX or Overlays with NSX or
Virtual Fabrics BGP/EVPN
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC 5

Learning from Massive Scale Deployments
Source: https://code.facebook.com/posts/360346274145943/introducing-data-center-fabric-the-
next-generation-facebook-data-center-network/
#ASKBROCADE © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC 6

Datacenter POD IP Routing Core
Traditional Clos Architecture
SPINE
LEAF
LAG LAG
COMPUTE Firewall Firewall
Border Leaf

Datacenter Multi-fabric Physical Architecture
(5-stage folded Clos)
INTERNET DC INTERCONNECT
L2 Links SUPER SPINE

L3 Links
WAN EDGE
BORDER
LEAF
SPINE
LEAF
10G 10G
10G 10G 10G 10G 10G 10G 10G 10G
Compute and Infrastructure/Management Racks Compute and Infrastructure/Management Racks Edge Racks
DC POD 1 DC POD N Edge Services POD
#ASKBROCADE © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 8

Choosing the Right Fabric
VCS Same Hardware IP
Same Software
• Clos Topology
• Topology Agnostic • Layer 3 Fabric IP Transport
• Layer 2 Fabric TRILL Transport • Open Automation
• Embedded Automation • Scale to 100’s of Switches
• Scale to 48 Switches
Brocade Data Center Design Stack
Controller based
VMware NSX, VXLAN
Virtualization
Controller-less
BGP-EVPN, VXLAN
Automation
Automation Python, Ansible, Puppet, YANG model, REST, Netconf, OpenStack,
VMware vRealize plugins, OpenFlow
VCS Fabric IP Fabric

Fabrics
Layer 2 Optimized Fabric Layer 3 Optimized Fabric
Brocade Network Operating System (NOS)

Platforms
Brocade VDX Ethernet Switches

L3 Multi-Tenancy w/ VxLAN
• VxLAN Based L3 Multi-

Tenancy
S1 S2 S3 S4
• VRF + L3 VNI L3-VNI
L3-VNI
• Standards based Interop
• No MPLS complexity L3 VNI L3 VNI L3 VNI L3 VNI L3 VNI L3 VNI
• RT/RD Import Export Policies VRF VRF VRF VRF VRF VRF
supported
• Scale 2000 Tenants/TOR
Controller-less Overlay
Standards based BGP/EVPN control plane VXLAN data plane
BGP-EVPN
Mac/ IP
Mac/ IP
CORE
EVI EVI EVI

Border Leaf Border Leaf
Severs/Blades Severs/Blades Severs/Blades Severs/Blades
eBGP Underlay iBGP Underlay eBGP Overlay

Controller-based Overlay
VMware Integration - NSX
NSX
OVSdb
CORE
Border Leaf Border Leaf
Severs/Blades Severs/Blades Severs/Blades Severs/Blades

VMware Integration
VCS IP
vCenter
VTEP Gateway
LAG LAG
vRealize
Fabric Level Integration Rack Level Integration

Operational Workflow Categories
Infrastructure, Service Troubleshooting & Data Collection Operations & Management

Provisioning, Validation Remediation

Data Center Automation
VCS IP
Logical
Chassis
Future Today
Brocade
Workflow
Composer
LAG LAG
Automation &
Integration Framework
(A&I) © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC 16
Automation & Integration
Value of Integration
Feed back from Data Perform actions and

Center Resources Points of Integration changes to Data
Center Resources
Private ASN
Data Center Compute Cloud

Network Infrastructure Infrastructure Infrastructure Storage Operations Support Services
Network Validation with InSpec
Bringing CI/CD practices to networking
• Configuration Automation is Change

important… Config
• ... Network Validation shows you

didnt break something!
Validate Bring continuous
• Built on common CI/CD tool Change
integration and testing, to
network deployments
from Chef (InSpec)
‒ Based on rSpec testing framework
• Extend for network use cases Proceed or
Rollback?

Data Center Network Visibility
Blind Spots Where More Visibility is Required
Security Virtualization Overlays Data Recording
Palo Alto VMware VxLAN NSA Massive Data Repository

FireEye Hyper-V NVGRE Big Data Analytics
KVM

Brocade Network Visibility Architecture
Data Center Network Packet Broker Analytics Tools
(Brocade)
Brocade Flow Optimizer Visibility Manager

API Interface
SIEM
SDN Forensics
SDN
Stream 1 IDS / IPS
NPM
Stream 2
IT Management
Stream n
Network Taps / Span Ports APM

Data Center Interconnect
THREE DATA CENTER ARCHITECTURE
VDX 6740 Existing Existing VDX 6740

Router Router
Data Center 1 WAN Data Center 3

(MPLS/IP) Networks
Networks VDX 6740
Existing
Router
Existing
Router VDX 6740
Existing Existing
Router Router
VDX 6740 VDX 6740
DC Interconnect
Underlay Control Plane

• Multi-hop eBGP between DCI Edges
Data Center 2
• Private 4 byte ASN
Networks
• Each DCI Edge switch peers with all other
DCI Edge switches
Data Center Interconnect
UNDERLAY / OVERLAY NETWORKING
VDX 6740 Existing Existing VDX 6740

Router Router
ASN ASN
Data Center 1 64101 EVPN WAN
Overlay 64301 Data Center 3
(MPLS/IP) Networks
Networks VDX 6740
Existing
Router
Existing
Router VDX 6740
Existing Existing
Router Router
Multi-hop
eBGP
Underlay
ASN 64201
VDX 6740 VDX 6740
DC Interconnect
Underlay Control Plane Controller-less Overlay

• Multi-hop eBGP between DCI Edges • BGP/EVPN
Data Center 2
• Private 4 byte ASN • Each DCI Edge pair configured as VTEP
Networks
• Each DCI Edge switch peers with all other • VXLAN tunnels between DCI Edges
DCI Edge switches • Layer 2 or Layer 3 extension services
A Portfolio of Purpose-Built Fabrics
Storage Fabrics Campus Fabric Data Center Fabrics

Network Virtualization Options
VCS VCS IP IP
Virtual Fabrics VMware NSX Integration BGP/EVPN
VTEP Gateway
Mac/ IP
EVI EVI
NSX
Controller-based solution from
Controller-less native Ethernet VMware that integrates with Controller-less overlay tunnel
Fabric multi-tenancy solution based Brocade VCS to seamlessly extend solution using BGP/EVPN
on TRILL Fine Grained Labeling VXLAN networks between virtual supporting multi-tenancy and
and non-virtualized assets. VLAN extension
…And With More Experience Than Anyone Else
Think Big, Start Now.
Brocade is changing the

networking landscape Open With
a Purpose
and shaking up the Innovation-Centric,
industry with our core Software-Enabled
beliefs – we will not

The New Way
of Doing Business
compromise our vision Your Own Pace,
and focus on the new IP Your Own Way
Ecosystem
and what it stands for… Driven
We’re All In.

In Summary
Evolutionary Steps to Revolutionary Results
Move Faster and Be More Efficient Than Your Competitors
The Data Center is Everywhere, and Anywhere
The New IP as an Architecture Allows You To Do More with Security
We are so Confident in Our Solution You Can Remove Us Anytime You Want
Never Buy Another Network Again… Ever

Thank you
27
Huntsville Technology Day
May 10, 2016
Rick Simmons
Director, Federal Software Sales
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION

Brocade Software Networking Leadership
Launches Launches Industry-Leading BRCD Selected Industry-First SDN & NFV

vRouter vRouter vRouter Benchmark for Domain 2.0 Commercial Release In Production
Nov Jan Jan Jun Aug Dec Nov Feb Mar July Nov
2012 2013 2014 2014 2014 2014 2015 2015 2015 2015 2015
BRCD BRCD Platinum BRCD BRCD BRCD wins BRCD Opens BRCD ACQUISITIONS
acquires Vyatta Membership Sets vRouter Virtualizes 2014 NFV
Innovator of Europe VistaPointe Riverbed
Speed Record ADC Services the Year from Analytics SteelApp
Software R&D
Technology Offices Connectem
Marketing
vEPC
Corporation
Why Brocade?
#2 Datacenter Software Networking Enterprise, Cloud Open Innovation Large Partners Solutions
Network Vendor Leadership & NFV Architecture
Worldwide © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 2
The Brocade vADC Family
A Comprehensive Approach To Application Delivery
Services Director
• Elastic and adaptive services

director
• Automates licensing, &
metering of ADC services
Virtual Traffic Manager
• Disruptive licensing model
• Load Balancer / Traffic Manager / ADC
• Provides reliability, availability, offload,
security, scripting, and more
• Traffic Script
Virtual Web Application Firewall
• Web Application Firewall

• Defends your web applications against
Layer-7 attacks
© 2015 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only 3

How Brocade is Different
Born Virtual. Not all virtual products live up to their name.
Purpose Built for Software:

Virtual and Cloud
Software ADC Process Automation:

Get Ready for the SDN World
Powerful Programmability
Hyper-Scale and
Legacy Performance on Demand
Hardware ADC
The Competition Brocade
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 4

Build the network you need
Reduce your networking Guard against increased

expenses cyber security risks
Distribute resources from a
shared pool, allowing you to
reduce your server footprint and
ensure cost savings
Apply customized
rules to inspect and
block attacks against
your network

Brocade Application Delivery
Controller (ADC) – A Layered
Security Solution
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 6

Current Approach

Great Start to Securing Data
Certificate
Certificate Validation
Authority Authority
(CA) (VA)
Fed Civilian
PIVi Card
Resident
Authority
(RA) Web
Application
Customer /
User
Public Key Infrastructure (PKI) DoD CAC

Card
Federal Memorandums and Directives

Today’s world...circle of trust
“Meet the Parents”

Robert De Niro to Ben Stiller

Application Micro-Segmentation:
Securing the Enterprise
© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY

What is Micro-Segmentation?

Micro-Segmentation
“East-west (machine-to-machine) data movement is increasing in volume as workloads become movable
and thus more demanding on their infrastructures. At the same time, perimeter-only, firewall-based
security has proved weak in a world of advanced cyber-attacks. Evolving security models, such as
software-defined and distributed firewalls, are beneficial, but they also create new management
complexities. In these environments, IT teams are finding it difficult to deploy a tight approach to
security. To improve security profiles, organizations are now turning to techniques such as micro-
segmentation to amplify and distribute current defenses. Micro-segmentation divides a network into
smaller zones and provides protection by making security adaptive and multilayered. It provisions
services closer to the applications, between application tiers and even to the machines within tiers.
Taken from “Micro-Segmentation: A Better Way to Defend the Data Center”; eWeek, Chris Preimesberger; posted July 28, 2015

Benefits of Micro-Segmentation
• Zero Trust Security*
In the micro-segmentation model, there is no default trust for any entity—users, devices, applications and network—regardless
of placement or location. The entire mechanism is based on denying all communication until explicitly allowed (via explicit
policies) and permitting only what is necessary from trusted sources………
• Application-Aware Security*
Micro-segmentation policy groups are generally created based on application tiers, workload profiles, placement zones and
other factors. They are not based on rigid IP addresses or subnets. Policies also are enforced right at the virtual machines or
containers hosting the application tiers. Workloads and data access are secured at the source as an application-centric security
model.
• DevOps Alignment*
Micro-segmentation allows application owners to be responsible for their own app's security while allowing them to see only
what they are entitled to see. This allows operators to analyze and manage applications more effectively and efficiently, without
being granted universal control. These specific security clearances can prevent insider attacks and interference by barring
actors from moving beyond individual purview.
• High Agility and OPEX Efficiency*
Breaches in data centers can remain undetected for extended periods of time. Micro-segmentation enables the data center to be
far more agile and quick to react with the ability to identify the breach almost immediately and to contain it within a narrow
fault domain. At the same time, its multiple layers of security help to slow the attack's spread and enable operators to lock down
the hacker and secure uncompromised data at a faster rate. It's a more agile, cost-effective approach to security.
* Information taken from “Micro-Segmentation: A Better Way to Defend the Data Center”; eWeek, Chris Preimesberger; posted July
28, 2015

Application Micro-Segmentation w/
vADC

“Duct taping an airbag on a 1965 Mustang to make it modern is
almost impossible to work”
*Brocade Federal Forum 2015

Tony Scott, Federal CIO
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION

Micro-Segmentation w/ vADC
User Requests
Application Micro-Segmentation
Micro-Segmentation using vTM & Web App Firewall –
Role Based Access
PKI Validation
Authority
Certificate Status
Check
Web App
User Requests Firewall
(typical)
Darren
Larry
Brocade vADC
Carol Identity/Attribute
Check
Identity/Attribute
Management Server
Micro-Segmentation using vTM & Web App Firewall – Group 1 Servers
Workload Access Group 2 Servers
PKI Validation
Authority
Certificate Status
Check
Web App
Firewall
User Requests
(typical)
Group 1 Brocade vADC
Group 2
Identity/Attribute
Group 3 Check
Legend
Identity/Attribute
Red Green Purple Management Server Group 3 Servers
User User User © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 19
Public Key Brocade Virtual Traffic Brocade Web App
Infrastructure Manager Firewall
• Meets Government • Utilizes multi-factor authentication, • Locks down Web Application

standards / mandates more than two factor if needed vulnerabilities
• Deployed throughout • Enforces Fine Grain Access • Highly agile and flexible for rapid
Federal Government permissions deployment
• Validates Digital • Enforces Micro-Segmentation based • Enforces Zero Trust model and
Certificate using PKI on policy, i.e. Role or Workload Application-Aware Security
Based
• Authenticates User(s)
• Utilizes PKI Validation and
ID/Attribute Management

Micro-Segmentation w/ vADC
Impacts of Micro-Segmentation
Achieves the defined Benefits of Micro-Segmentation
– Zero Trust Security Model
• No internal or external user request is trusted - every user request is validated, authenticated, and authorized using multi-factor
authentication
• Utilizes explicit policy enforcement to validate and authenticate user access – every user credential/request is validated and
authenticated using multi-factor authentication for fine grain access
– Application Aware Security
• Utilizes defined Policy Groups, i.e. Application Tiers, Workload Profiles, etc. to enforce authorization and access
• Security is enforced at the application/virtual machine level, i.e. web application firewall for each application or virtual machine
– DevOps Alignment
• Multi-factor authentication, fine grain access and web application firewalls allow application owners to control security at the
application level
• Fine grain access limits user purview, restricting any movement beyond, preventing or limiting insider threats and attacks.
– High Agility and OpEx Efficiency
• Software based solution for both vTM and WAF provide a highly agile and flexible solution with the ability to deploy additional (or
contract and re-deploy) the number of instances rapidly
• Multi-factor authentication, fine grain access, and web application firewall provide a cost effective layered security solution for
immediate breach identification and containment

Questions

The Domain of CYBER & How to Respond
to it’s Inherent Architectural Challenges
Scottie Ray
@H20nly
sray@vmware.com
Staff Systems Engineer
VMware Network & Security Team
Public Sector
© 2014 VMware Inc. All rights reserved.
The Paradigm in the Domain of CYBER
“In physical space, the reconnaissance is
almost always easier than the
operation…in the CYBER domain, the
reconnaissance is usually a more difficult
task than the follow on operation…it is
tougher to penetrate a network and live
on it undetected while extracting large
volumes of data from it than it is to
‘digitally speaking’ kick in the front door
and fry a circuit or two. ….An attack on a
network to degrade it or destroy
information on it is generally a lesser
included case of the technology and
operational art needed to spy on that
same network.”
CONFIDENTIAL 2
Trading Off Context and Isolation
Traditional Approach
Software Defined
Data Center (SDDC) High Context
Low Isolation
Any Application
SDDC Platform
Data Center Virtualization
Any x86
No Ubiquitous Enforcement
Any Storage
Any IP network High Isolation

Low Context
3
The M&M Approach to Security
“In today’s new threat

landscape, this M&M and
‘trust but verify’ is no
longer an effective way of
enforcing security.”
Forrester Research
In Response to NIST RF 130208119-3119-01I
“Developing a Framework to Improve Critical

Infrastructure Cyber-Security”
CONFIDENTIAL 4
But Micro-Segmentation has NOT been
Operationally Feasible
WAN
A typical data center has:
“X” firewalls
vs
… “X” + “1000
workloads
Directing all traffic (virtual + physical) through And a physical firewall per workload is cost
chokepoint firewalls is inefficient prohibitive
CONFIDENTIAL 5
SDDC Virtualization Layer – Delivers Both Context and Isolation
Software Defined Secure Host Introspection

Data Center (SDDC)
Any Application SDDC Approach

SDDC Platform High Context
Data Center Virtualization High Isolation
Ubiquitous Enforcement
Any x86
Any Storage
Any IP network
6
Taking a Step Towards “Zero-Trust”
Traditional Data Center NSX Data Center
Perimeter Perimeter
firewall firewall
DMZ/Web VLAN Mission-A Mission-B
Mission-A Mission-B DMZ/Web DMZ/Web

Inside firewall
App VLAN Services/Management VLAN

App App
Mission-A
DB DB
Services Mgmt
DB VLAN Services/Management
Mission-B
Group
Mission-B Mission-A
Services Mgmt
CONFIDENTIAL 7
The Beginning of Policy Shifts….again
FY16 House NDAA Report

Cyber Defense Network Segmentation
The committee is aware that the Department of Defense is looking at modifying the way it builds,
maintains, and upgrades data center, including increased use of commercial cloud capabilities
and public-private partnerships. The committee is aware that as the Department increasingly
looks at software-defined networking, it could potentially reduce the mobility of cyber threats
across data center and other networks by increasing the compartmentalization and segmentation
between systems, and providing a mix of security techniques to enable access to those
compartments. Such actions have the potential to lessen the chance of a widespread or
catastrophic breach, including breaches caused by insider threats. The committee encourages
the Department to explore ways to use compartmentalization or segmentation as part of a
software-defined networking approach in order to increase the security of its networks.
Security Groups & Security Policies
 Designated Consumers & Cloud Admins are able to select pre-defined security policies
already approved by the Security Admin in NSX
 Security policies are applied to one or more security groups where workloads are
members
 These security groups are created
on-demand by vRA at deployment time “Standard Web” Services (Firewall,
 Firewall – allow
antivirus, IPS etc.) and
HOW you want
inbound HTTP/S,
allow outbound ANY Profiles (labels
to protect it
 IPS – prevent DOS
representing specific
attacks, enforce
acceptable use policies)
SECURITY POLICY
Members (VM, vNIC) WHAT you
and Context (user want to
identity, security protect
posture)
SECURITY GROUP
Programmatic Approach to Security: An Example
 NSX Security Tags can be used to define IF/THEN workflows for security services, e.g. IF
user selects a “Mission A” application, THEN place the VM in the “Mission A” security
group
Step 2: Cloud Admin creates a Multi-

“Mission A App” Machine Blueprint which sets a Security
 Set Tag Tag. Cloud Admin needs no knowledge
“Mission A”
of Security Groups or Security Policies.
Cloud Admin
Multi-
Machine APPS
Blueprint
INFRASTRUCTURE
“Mission A Policy” Step 1: Security Admin pre-defines a

 IF Tag = “Mission
Security Admin A” THEN add VM Security Group and a Security Policy with
to Security Group dynamic membership based on a Security
“Mission A” with
Security Policy Tag
“Mission A”
Programmatic Approach to Security: An Example (cont.)
 NSX Security Tags can be used to define IF/THEN workflows for security services, e.g. IF
user selects a “Mission A” application, THEN place the VM in the “Mission A” security
group
Requests Step 3: End-User requests Application

“Mission A App” via the Service Catalog
Cloud
Consumer
Service
Catalog APPS
INFRASTRUCTURE
Step 4: VM is automatically deployed
with its Security Tag WHAT Ayou
SG=Mission
want to
protect
Step 5: VM is dynamically assigned to
the relevant pre-defined Security
Group
Security Groups & Tags assigned to a VM - Workload-Centric
View
Virtual Machine
Assigned Security TAG
Security Group VM belongs to
CONFIDENTIAL 12
Combining Organic Capabilities with Best of Breed
Deploy Apply Automate

Provision and monitor Apply and visualize Automate workflows
uptime of different services, security policies for across best-of-breed
using one method. workloads, in one place. services, without custom
Service Insertion
integration.
Security Groups Security Policies Security Tags
NSX Network Virtualization Platform

Built-In Services Third-Party Services
Intrusion
Antivirus DLP Firewall
Firewall Data Security (DLP) Prevention
Security Policy Vulnerability Identity and
Management Management Access Mgmt
Server Activity Monitoring VPN (IPSEC, SSL)
…and more in progress
Service Chaining
Network Security Services Guest VM
Partner Partner
Service 1 VM Service 2 VM
• DVSFilter contains 16 slots. Slots 0-3 and 13-16 Slot 2

are reserved for VMware use. DFW
• Services are assigned the remaining slots in

their registration order. Slot 4
Traffic
Redirection
Filtering Module Module
• Traffic comes out of the first service and is then
sent to the next service in the order.
Slot 5
Filtering Module
• Services are managed via a Guest or Network
Introspection Policy creation VDS
External Network
14
Workload-Centric View:
All Security Policies Applied to a VM
CONFIDENTIAL
15
Automated Security in a Software Defined Data Center
Quarantine Vulnerable Systems until Remediated
Security Group = Quarantine Zone
Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2
Isolated Network}
Security Group = Web
Policy Definition Tier
Standard Desktop VM Policy

 Anti-Virus – Scan
Quarantined VM Policy
 Firewall – Block all except security tools
 Anti-Virus – Scan and remediate
16
Understanding SDDC Network Virtualization
17
The Operational Model of a VM for the Networking
Internet
Native Isolation 192.168.2.11
192.168.2.11
192.168.2.10
192.168.2.10
Support for Physical Workloads and VLANs
NSX with a Cloud Management Platform
Dynamic Configuration and Deployment of Logical Network & Security Services
NSX vRealize Automation On Demand Application Delivery

Service Catalog
Logical Switch
Resource
Reservation
VM VM VM
Web
Logical Router
Cloud
Management VM VM
Platform
App
Logical Firewall VM
Multi-Machine
Database
Blueprint
Logical Load Security Policies

Balancer
Security Groups
Network Profiles
Thank you
CONFIDENTIAL
22

Huntsville Speaker Presentations

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Huntsville Speaker Presentations

Uploaded by

Copyright:

Available Formats

Designing the

Modern Data Center Network

1995 2nd Platform

1975 Mainframes, PCs

© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. 2

approach to revolutionary results

‒ Branch Office SDN/Network Virtualization.

• Change at your pace, in your

Storage Servers Virtualization Storage Servers Virtualization

© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. 4

Leaf / Spine Scale Out SPINE BORDER LEAF

DC POD 1 DC POD N Edge Services

Scale-out Layer 2 Fabric Scale-out Layer 3

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC 5

#ASKBROCADE © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC 6

Traditional Clos Architecture

COMPUTE Firewall Firewall

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 7

L2 Links SUPER SPINE

10G 10G 10G 10G 10G 10G 10G 10G

DC POD 1 DC POD N Edge Services POD

#ASKBROCADE © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 8

VCS Same Hardware IP

VCS Fabric IP Fabric

Brocade Network Operating System (NOS)

© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC 10

• VxLAN Based L3 Multi-

EVI EVI EVI

Severs/Blades Severs/Blades Severs/Blades Severs/Blades

eBGP Underlay iBGP Underlay eBGP Overlay

#ASKBROCADE © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 12

Border Leaf Border Leaf

Severs/Blades Severs/Blades Severs/Blades Severs/Blades

#ASKBROCADE © 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. 13

Fabric Level Integration Rack Level Integration

© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. 14

Infrastructure, Service Troubleshooting & Data Collection Operations & Management

© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. 15

Feed back from Data Perform actions and

Data Center Compute Cloud

• Configuration Automation is Change

• ... Network Validation shows you

© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. 18

Security Virtualization Overlays Data Recording

Palo Alto VMware VxLAN NSA Massive Data Repository

© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. 19

Brocade Flow Optimizer Visibility Manager

© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. 20

VDX 6740 Existing Existing VDX 6740

Data Center 1 WAN Data Center 3

VDX 6740 VDX 6740

Underlay Control Plane

VDX 6740 Existing Existing VDX 6740

Underlay Control Plane Controller-less Overlay

Storage Fabrics Campus Fabric Data Center Fabrics

© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. 2

Virtual Fabrics VMware NSX Integration BGP/EVPN

Brocade is changing the

and shaking up the Innovation-Centric,

industry with our core Software-Enabled

beliefs – we will not

and what it stands for… Driven

We’re All In.