Layer 7 Visibility for vCPE Services

Download Layer 7 Visibility for vCPE Services

Post on 13-Feb-2017

371 views

Category:

Internet

1 download

Embed Size (px)

TRANSCRIPT

<ul><li><p>Layer 7 Visibility for vCPE Services</p><p>Erik Larsson, VP Marketing</p><p>April 2016</p></li><li><p>Business Drivers for Enterprise vCPE Services</p><p>Page 2</p><p>Enterprise Drivers Service Provider Drivers</p><p>Source: 2015 Virtual Edge Report, SDxCentral</p><p>An opportunity for service providers</p><p>to offer network management functions as a value-added service</p></li><li><p>Deployment Scenarios A Full Spectrum</p><p>Page 3</p><p>Single </p><p>Smart </p><p>CPE</p><p>Basic </p><p>Thin </p><p>CPE</p><p>Deployment scenarios will have a variable impact</p><p>on the operators IT systems and services offered</p></li><li><p>vCPE Benefits: Webification and Cloudification of the Telco Model</p><p> Self-service via web-based </p><p>interfaces</p><p> Service improvements deployed on </p><p>a continuous basis</p><p> Security and parental control for </p><p>entire household at once</p><p> Lower OPEX</p><p> Fewer truck and fewer field </p><p>technicians</p><p> Service provisioning and </p><p>maintenance from a central point</p><p> Customer self-service; webstore</p><p> Service improvements deployed </p><p>on a continuous basis </p><p> Opportunities for new VAS</p><p> Reporting, web-content filtering, </p><p>self-provisioning, etc.</p><p> Lower CAPEX</p><p> Reduced number and cost of </p><p>physical hardware</p><p>Page 4</p><p> Lower costs (OPEX &amp; CAPEX)</p><p> Fewer technicians to manage </p><p>infrastructure</p><p> Reduced number and cost of </p><p>physical hardware</p><p> WAN optimization</p><p> More flexible network management</p><p> Self-service via web-based </p><p>interfaces</p><p> Service improvements deployed </p><p>on a continuous basis</p><p> Improved security</p><p>Residential Service ProviderEnterprise</p><p>vCPE enables operators to adopt a web-like operational model</p></li><li><p>What is Layer 7 Application Visibility? </p><p>Page 5</p><p>NG Firewall, SIEM, Analytics, vCPE, Policy Control, QoS, </p><p>Protect</p><p>Caller, called party, jitter, packet loss, latency, call duration, setup time, codec, throughput, mobile ID (IMSI, IMEI), phone </p><p>number, user login, IP address, MAC address, date &amp; time of login / logoff, subject of email / chat / Webmail, sender, receiver, attached documents, response time, data transfer sessions (type, content, time), visited Website, page content, time spent on visit, </p><p>basket share, referent, etc.</p><p>Extraction of 4,000+ MetadataVisibility on thousands of application protocols</p><p>Optimize Monetize</p></li><li><p>Why L7 Visibility?</p><p>Page 6</p><p>COTS</p><p>COTSEnterprise </p><p>vCPE</p><p>(L2 element)</p><p>Other Services</p><p>Content Filtering</p><p>Firewalling</p><p>Dashboards</p><p>VNFs in the Data Center or PoP</p><p>Layer 7 </p><p>Classification</p><p>Ethernet / IP / MPLS</p><p> Enables optimization of services </p><p>delivered to premises based on </p><p>subscriber and application</p><p> Enables simpler introduction of VAS</p><p> All the associated benefits of vCPE </p><p>(reduced cost, improved security, </p><p>service agility, easier &amp; faster </p><p>deployment, etc.)</p></li><li><p>Where is L7 Application Awareness Needed?</p><p> Optimizing Service Function Chaining (SFC)</p><p> Offering new Value-Added Services through a Web interface</p><p> Firewalling</p><p> Dashboards </p><p> Content filtering</p><p> Other</p><p>Page 7</p><p>Need</p><p>L7</p><p>Granular and continuous Layer 7 application visibility</p><p>helps operators overcome challenges associated with vCPE services</p></li><li><p>Why Add L7 Application Awareness to Service Chaining?</p><p>Page 8</p></li><li><p>Why Add L7 Application Awareness to Service Chaining?</p><p>Page 9</p></li><li><p>Why Add L7 Application Awareness to Service Chaining?</p><p>Page 10</p></li><li><p>DashboardFW</p><p>L7 L7</p><p>Where is the L7 Application Awareness in Service Chaining? </p><p>Page 11</p><p>VPN Tunnels</p><p>Service Classifier &amp; </p><p>Service Function </p><p>Forwarder</p><p>vSwitch with </p><p>conntrack</p><p>QoS NAT</p><p>Enterprise Site</p><p>Layer 7 </p><p>Classification</p><p>Layer 7 </p><p>Classification 1</p><p>Data Center</p><p>2</p><p>3</p><p>BENEFITS</p><p> Service chaining: Optimization of services delivered </p><p>to premises based on subscriber and application</p><p> Service functions: firewalling, dashboards, etc.</p></li><li><p>Use Case #1: Layer 7 Inside the Service Classifier</p><p>Page 12</p><p>Service </p><p>Function</p><p>n</p><p>Packet </p><p>Collection</p><p>(DPDK or </p><p>Qosmos DPI </p><p>Mem)</p><p>IP Traffic Ingress</p><p>Flow Table</p><p>(conntrack or </p><p>Qosmos Flow </p><p>Table)</p><p>Rule Chains </p><p>(OVS or </p><p>Qosmos rules)</p><p>Service </p><p>Function </p><p>#2</p><p>(e.g. FW)Layer 7 Classification</p><p>Configuration</p><p>Service </p><p>Function </p><p>#1(e.g</p><p>Dashboard)</p><p>ConnTrack App ID or Qosmos</p><p>Service </p><p>Function </p><p>Forwarder</p><p>(Hypervisor </p><p>vSwitch)</p><p>Tagged traffic</p><p>L7 Service </p><p>Classifier </p><p>VNF</p><p>YAML or JSON Iptables or OpenFlow</p></li><li><p>DashboardFW</p><p>L7 L7</p><p>Where is the L7 Application Awareness in Service Chaining? </p><p>Page 13</p><p>VPN Tunnels</p><p>Service Classifier &amp; </p><p>Service Function </p><p>Forwarder</p><p>vSwitch with </p><p>conntrack</p><p>QoS NAT</p><p>Enterprise Site</p><p>Layer 7 </p><p>Classification</p><p>Layer 7 </p><p>Classification</p><p>Data Center</p><p>2</p><p>BENEFITS</p><p> Service chaining: Optimization of services delivered </p><p>to premises based on subscriber and application</p><p> Service functions: firewalling, dashboards, etc.</p></li><li><p>Use Case #2: Layer 7 Inside a Firewall</p><p>Page 14</p><p>Packet </p><p>Collection</p><p>(DPDK or </p><p>Qosmos DPI </p><p>Mem)</p><p>IP Traffic Ingress</p><p>Flow Table</p><p>(conntrack or </p><p>Qosmos Flow </p><p>Table)</p><p>Rule Chains </p><p>(OVS or </p><p>Qosmos rules)</p><p>Layer 7 Classification</p><p>Configuration</p><p>YAML or JSON</p><p>ConnTrack App ID or Qosmos</p><p>Iptables or OpenFlow</p><p> Drop/Pass</p><p> Rate Limit</p><p> MarkEgress</p><p>Linux Server</p><p>FW VM</p></li><li><p>DashboardFW</p><p>L7 L7</p><p>Where is the L7 Application Awareness in Service Chaining? </p><p>Page 15</p><p>VPN Tunnels</p><p>BENEFITS</p><p> Service chaining: Optimization of services delivered </p><p>to premises based on subscriber and application</p><p> Service functions: firewalling, dashboards, etc.</p><p>Service Classifier &amp; </p><p>Service Function </p><p>Forwarder</p><p>vSwitch with </p><p>conntrack</p><p>QoS NAT</p><p>Enterprise Site</p><p>Layer 7 </p><p>Classification</p><p>Layer 7 </p><p>Classification</p><p>Data Center</p><p>3</p></li><li><p>Use Case #3: Layer 7 Inside an Enterprise Customer Dashboard</p><p>Page 16</p><p>Packet </p><p>Collection</p><p>(DPDK or </p><p>Qosmos DPI </p><p>Mem) Linux Server</p><p>IP Traffic Ingress IP Traffic Egress</p><p>Dashboard VM, </p><p>virtual probe</p><p>Layer 7 Classification</p><p>(purely passive role)</p><p>Dashboard</p><p>IPFIX, CSV, or OpenStack Ceilometer</p><p>Configuration</p><p>YAML or JSON</p><p>Copied Packets</p></li><li><p>Example: Layer 7 Classification Function for vCPE - Sinefa</p><p> vCPE ready traffic visibility and </p><p>control function</p><p> Powered by Qosmos ixEngine</p><p> Available for download now</p><p> Support for service chaining</p><p> Cloud-based analytics and </p><p>dashboards</p><p>sinefa.com</p><p>Page 17</p></li><li><p>Summary: Why Layer 7 Visibility for vCPE Services</p><p>1. Benefits beyond capex-opex savings</p><p>2. Perfectly in line with Webification and cloudification of telco business model</p><p>3. Optimized Service Function Chaining (SFC) delivered to premises based on </p><p>subscriber and application</p><p>4. New services delivered through a Web interface (e.g. Firewalling, Dashboards)</p><p>Page 18</p><p>Layer 7 visibility is an essential ingredient of any vCPE strategy for both </p><p>equipment vendors and operators</p></li><li><p>Copyright 2015 Qosmos S.A. All rights reserved. Qosmos, the Qosmos logo, Qosmos Classifier, Qosmos Service Aware Module, Qosmos Service Aware </p><p>Module for vSwitch, Qosmos SAM and Qosmos ixEngine are trademarks of Qosmos. Other names and brands may be claimed as the property of others.</p><p>Non-contractual information. Products and services and their specifications are subject to change without prior notice.</p></li></ul>