Realizing the
power of SDN
with HP Virtual
Application
Networks
Table of contents
3 Executive summary
3 Software-defined networks (SDN)
4 Building a software-defined network
5 HP Virtual Application Networks
5 HP Virtual Application Networks SDN Controller:
centralized network control and automation
6 HP Virtual Application Networks SDN Applications
7 Enabling SDN through technology innovation
9 Why choose HP?
10 Additional resources
Executive summary
Legacy
SDN
Orchestration
Orchestration
Complex,
device-specic
congurations
Simple,
one policy
Control plane
Infrastructure
Infrastructure
Data plane
Data plane
Data plane
Data plane
Data plane
Data plane
Data plane
Data plane
As you can see from in the figure above, legacy networks are difficult
to automate as the control plane intelligence is distributed. SDN
promises an easier, more dynamic interaction with the network
through the use of a clean interface obtained through abstraction
of the control plane. This reduces the complexity of managing,
provisioning, and changing the network.
North
Cloud orchestration
SDN applications
SDN controller
East
SDN Controller
South
Infrastructure
The APIs used to communicate between the layers of the SDN stack
are grouped based on their function in an SDN architecture:
East/Westbound APIs
Communicate between groups or federations of controllers to
synchronize state for high availability
Business applications
Network device
SDN Controller
Southbound APIs
Communicate between controller to infrastructure
Application layer
Infrastructure layer
West
Northbound APIs
Communicate between controllers and applications
Control layer
SDN Controller
Network device
Network device
As SDN technologies are still maturing, there will initially be very few
pure SDN deployments outside of massive provider networks that
require SDN to solve their scaling problems. Within the enterprise,
we will see the deployment of hybrid networks that continue
to operate in a traditional fashion but leverage SDN to provide
additional features and functionality.
Virtual Application
Network
Virtual Application
Network
Virtual Application
Network
Virtual Application
Network
Business
applications
Network
applications
Control Plane
FlexFabric
FlexCampus
FlexManagement
FlexNetwork Architecture
FlexBranch
Network control
plane
Network
infrastructure
Hadoop
Partner
third-party
apps
Cloud connectors
Network
virtualization
Security
Topology
Edge
management
Flow-based
trac eng
Network
app X
Path
calculation
VM
tracking
RESTful API
HP SDN Controller
Standard interfaces
and control protocols
HP Network Infrastructure
Public cloud
multitenancy at scale
Public cloud
automation at scale
SDN architecture
Application
layer
Tenant A
Fixed or oating IPs
Control
layer
Tenant B
Fixed or oating IPs
Internet
VPN
Tenant X
Fixed or oating IPs
VPN
Customer
network
Tenant virtual network
Internet
VPN
Customer
network
Customer
network
Virtual Application
Networks SDN controller
Infrastructure
layer
OpenStack ready
On-premise private
cloud network
Enables tenant
self-service
Internet
Enterprise public-private
cloud integration
Secure enterprise
cloud extensions
Sentinel
Application
layer
SDN architecture
Cloud security
DVLabs
RepDV DB
Virtual Application
Networks SDN controller
Control
layer
Infrastructure
layer
Scales to thousands of
endpoints
Sentinel security
HPs latest innovation in security is the Sentinel security application
for HP Virtual Application Networks SDN Controller. Sentinel is
able to stop threats before they reach your network. Sentinel
security can be deployed across a campus or data center network
to protect you from over 700,000 malicious malware, spyware,
and botnet threats.
One possible use case for Sentinel is the redirection of Domain Name
System (DNS) queries from user machines to the Sentinel application
running on the HP Virtual Application Networks SDN controller.
Take, for example, a corporate user who was to click a link in
an email:
First, the users DNS query would be sent to the local
OpenFlow-enabled HP access switch
Second, the switch would forward the traffic to the HP Virtual
Application Networks SDN controller via an OpenFlow rule
implemented by the Sentinel application targeting DNS queries
Once the SDN controller receives the query, the Sentinel
application jumps into action by checking the hostname against
the HP TippingPoint DVLabs RepDV database of known threats
Finally, if Sentinel determines that the site is legitimate, the
query is forwarded across the access layer switch. If Sentinel
detects a threat, an unresolvable response is sent back to the
client, the action is logged with HP ArcSight, and the user is
prevented from accessing the threat
Sentinel can be used in any network environment where security
is a concern, including the data center and cloud computing
environments. HP envisions a network where Sentinel security
can be implemented for unprecedented network visibility, event
correlation accuracy, and security control.
Automates threat
protection for BYOD
Uses standards-based
OpenFlow
Rule
Action
Stats
Switch
port
VLAN
ID
VLAN
pcp
MAC
src
MAC
dst
Eth
type
IP
src
IP
dst
IP
tos
IP
prot
L4
sport
L4
dport
OpenStack
Your applications
APIs
OpenStack
dashboard
Compute
Network
Storage
Additional resources
HP FlexNetwork Architecture
Open Networking Foundation
OpenStack Foundation
Indiana Center for Network Transactional Research and
Education (InCNTRE)
HP Virtual Application Networks Blog
Software-Defined Networking: The New Norm for Networks
Get connected
hp.com/go/getconnected