copyright 2014 1

The networking declaration

of independence

Chris Swan, CTO

@cpswan

the original cloud networking company

How overlay networking gives

you control of your networks

copyright 2014 2

Agenda

What is NFV?

Declaration of Independence

NFV Capabilities

Preview: Waves of Adoption

copyright 2014 3

What is

Network Function Virtualization?

copyright 2014

Positioning - NFV and SDN

4

copyright 2014 5

NFV can be a networking Swiss Army knife

Firewall

Dynamic &

Scriptable

SDN

Protocol

Redistributor

IPsec/SSL VPN

concentrator

Router Switch

NFV

Hybrid

virtual

device

able to

extend to

multiple

sites

Application SDN (Software Defined Network) Appliances

• Allow control, mobility & agility by separating network location

and network identity

• Control over end to end encryption, IP addressing and network

topology

copyright 2014 6

Networking Declaration

of Independence

copyright 2014 7

Nicira’s “declaration of independence” from metal,

freed NFV from OpenFlow

+

http://nicira.com/sites/default/files/docs/Nicira%20-

%20The%20Seven%20Properties%20of%20Virtualization.pdf

copyright 2014 8

These same properties free NFV from the

“constraints” of OpenFlow (technology, timing and target)

Nicira defined the 7 Properties of network virtualization as:

1. Independence from network hardware

2. Faithful reproduction of the physical

network service model

3. Follow operational model of compute

virtualization

4. Compatible with any hypervisor

platform

5. Secure isolation between virtual

networks, the physical network, and

the control plane

6. Cloud performance and scale

7. Programmatic networking provisioning and control

copyright 2014 9

With VM-based network devices you can use the cloud

network as “bulk transport” and are indifferent to all else.

Independence from network hardware

Customer Data Center

NFV Standard IPsec

Tunnel

Firewall / IPsec Device

Data Center Servers

Overlay IP: 172.31.11.xx

Public Cloud Region 1

IP: 192.168.1.xx LAN

Cloud Server Cloud Server

Overlay Network

copyright 2014 10

NFV devices “look” and “feel” like the same networking

devices customers have used for ever, without boundaries

Reproduction of physical network model

Customer Data Center

Standard IPsec Tunnel

Data Center Servers

Virtual Network

Cloud Server

Public Cloud Region 1

Overlay Network

Data Center Servers

Cloud Server

NFV

copyright 2014 11

Follow operational model of compute virtualization

NFV NFV NFV NFV

NFV functions can be dynamically brought on-line, up to

the elastic limits of the total infrastructure available (!!)

copyright 2014 12

Compatible with any hypervisor platform

NFV does more than “follow” the model of compute

virtualization, it exists via compute virtualization.

Public Clouds

Private

Clouds

Virtual

Infrastructure

copyright 2014 13

Secure isolation

Isolation takes many forms: from underlying infra, allow my

protocols, keep my “chattiness” in, keep others out, etc..

Customer Data Center Customer Remote Office

NFV

Overlay Network Subnet: 172.31.0.0/22

Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21 Cloud Server A Cloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F

Active IPsec

Tunnel Active IPsec Tunnel

Failover IPsec

Tunnel

192.168.4.0/24 -

172.31.1.0/24

192.168.3.0/24 -

172.31.1.0/24

Firewall / IPsec

Cisco 5505

Firewall / IPsec

Cisco 5585

Data Center Server Data Center Server

LAN IP: 192.168.4.50 LAN IP: 192.168.4.100 User Workstation

LAN IP: 192.168.3.100

User Workstation

LAN IP: 192.168.3.50

Chicago, IL USA Remote Subnet:

192.168.3.0/24

London, UK Remote Subnet:

192.168.4.0/24

Public IP:

184.73.174.250

Overlay IP: 172.31.1.250

Public IP: 54.246.224.156

Overlay IP: 172.31.1.246

Public IP:

192.158.29.143

Overlay IP: 172.31.1.242

Peered Peered

US East 1 EMEA APAC

NFV

copyright 2014 14

Cloud performance and scale

Where NFV really shines today: create a WAN in minutes,

use cloud as points of presence for your business

NFV

User Workstation User Workstation

Data Center Server

copyright 2014 15

Programmatic networking provisioning & control

+ http://maxoffsky.com/code-blog/building-restful-api-in-laravel-start-here/

Cloud Compute and Network APIs + NFV Device APIs

allow previously unimaginable flexibility and power

Public Clouds

Private Clouds

Virtual Infrastructure

copyright 2014 16

Preview: Waves of Adoption

copyright 2014 17

Waves of NFV Adoption

Customer Data Center

NFV

Standard IPsec Tunnel

Firewall / IPsec Device

Data Center Servers

Overlay IP: 172.31.11.xx

Public Cloud Region 1

IP:

192.168.1.xx LAN

Cloud Server Cloud Server

Overlay Network

Bursting and

Containment

Standard IPsec Tunnel

Public Cloud Region 1

Cloud Server Cloud Server

NFV

Overlay Network

Customer

Site N

Multiple

IPsec Devices

Customer

Site 2

Customer

Site 1

Hubs and

Spokes

“Winning back

control”

Encrypted Overlay network in VPC

Web App 2 Web App 1 Web App 3

Encrypted Connections

Tomorrow 11:25 - 11:50 in DCIM / Software

Defined Datacentres and Networks Stream

copyright 2014 18

Paddington, London, UK

ContactMe@cohesiveft.com

+44 20 8144 0156

Questions?