layer 7 visibility for vcpe services

Download Layer 7 Visibility for vCPE Services

Post on 13-Feb-2017

371 views

Category:

Internet

1 download

Embed Size (px)

TRANSCRIPT

  • Layer 7 Visibility for vCPE Services

    Erik Larsson, VP Marketing

    April 2016

  • Business Drivers for Enterprise vCPE Services

    Page 2

    Enterprise Drivers Service Provider Drivers

    Source: 2015 Virtual Edge Report, SDxCentral

    An opportunity for service providers

    to offer network management functions as a value-added service

  • Deployment Scenarios A Full Spectrum

    Page 3

    Single

    Smart

    CPE

    Basic

    Thin

    CPE

    Deployment scenarios will have a variable impact

    on the operators IT systems and services offered

  • vCPE Benefits: Webification and Cloudification of the Telco Model

    Self-service via web-based

    interfaces

    Service improvements deployed on

    a continuous basis

    Security and parental control for

    entire household at once

    Lower OPEX

    Fewer truck and fewer field

    technicians

    Service provisioning and

    maintenance from a central point

    Customer self-service; webstore

    Service improvements deployed

    on a continuous basis

    Opportunities for new VAS

    Reporting, web-content filtering,

    self-provisioning, etc.

    Lower CAPEX

    Reduced number and cost of

    physical hardware

    Page 4

    Lower costs (OPEX & CAPEX)

    Fewer technicians to manage

    infrastructure

    Reduced number and cost of

    physical hardware

    WAN optimization

    More flexible network management

    Self-service via web-based

    interfaces

    Service improvements deployed

    on a continuous basis

    Improved security

    Residential Service ProviderEnterprise

    vCPE enables operators to adopt a web-like operational model

  • What is Layer 7 Application Visibility?

    Page 5

    NG Firewall, SIEM, Analytics, vCPE, Policy Control, QoS,

    Protect

    Caller, called party, jitter, packet loss, latency, call duration, setup time, codec, throughput, mobile ID (IMSI, IMEI), phone

    number, user login, IP address, MAC address, date & time of login / logoff, subject of email / chat / Webmail, sender, receiver, attached documents, response time, data transfer sessions (type, content, time), visited Website, page content, time spent on visit,

    basket share, referent, etc.

    Extraction of 4,000+ MetadataVisibility on thousands of application protocols

    Optimize Monetize

  • Why L7 Visibility?

    Page 6

    COTS

    COTSEnterprise

    vCPE

    (L2 element)

    Other Services

    Content Filtering

    Firewalling

    Dashboards

    VNFs in the Data Center or PoP

    Layer 7

    Classification

    Ethernet / IP / MPLS

    Enables optimization of services

    delivered to premises based on

    subscriber and application

    Enables simpler introduction of VAS

    All the associated benefits of vCPE

    (reduced cost, improved security,

    service agility, easier & faster

    deployment, etc.)

  • Where is L7 Application Awareness Needed?

    Optimizing Service Function Chaining (SFC)

    Offering new Value-Added Services through a Web interface

    Firewalling

    Dashboards

    Content filtering

    Other

    Page 7

    Need

    L7

    Granular and continuous Layer 7 application visibility

    helps operators overcome challenges associated with vCPE services

  • Why Add L7 Application Awareness to Service Chaining?

    Page 8

  • Why Add L7 Application Awareness to Service Chaining?

    Page 9

  • Why Add L7 Application Awareness to Service Chaining?

    Page 10

  • DashboardFW

    L7 L7

    Where is the L7 Application Awareness in Service Chaining?

    Page 11

    VPN Tunnels

    Service Classifier &

    Service Function

    Forwarder

    vSwitch with

    conntrack

    QoS NAT

    Enterprise Site

    Layer 7

    Classification

    Layer 7

    Classification 1

    Data Center

    2

    3

    BENEFITS

    Service chaining: Optimization of services delivered

    to premises based on subscriber and application

    Service functions: firewalling, dashboards, etc.

  • Use Case #1: Layer 7 Inside the Service Classifier

    Page 12

    Service

    Function

    n

    Packet

    Collection

    (DPDK or

    Qosmos DPI

    Mem)

    IP Traffic Ingress

    Flow Table

    (conntrack or

    Qosmos Flow

    Table)

    Rule Chains

    (OVS or

    Qosmos rules)

    Service

    Function

    #2

    (e.g. FW)Layer 7 Classification

    Configuration

    Service

    Function

    #1(e.g

    Dashboard)

    ConnTrack App ID or Qosmos

    Service

    Function

    Forwarder

    (Hypervisor

    vSwitch)

    Tagged traffic

    L7 Service

    Classifier

    VNF

    YAML or JSON Iptables or OpenFlow

  • DashboardFW

    L7 L7

    Where is the L7 Application Awareness in Service Chaining?

    Page 13

    VPN Tunnels

    Service Classifier &

    Service Function

    Forwarder

    vSwitch with

    conntrack

    QoS NAT

    Enterprise Site

    Layer 7

    Classification

    Layer 7

    Classification

    Data Center

    2

    BENEFITS

    Service chaining: Optimization of services delivered

    to premises based on subscriber and application

    Service functions: firewalling, dashboards, etc.

  • Use Case #2: Layer 7 Inside a Firewall

    Page 14

    Packet

    Collection

    (DPDK or

    Qosmos DPI

    Mem)

    IP Traffic Ingress

    Flow Table

    (conntrack or

    Qosmos Flow

    Table)

    Rule Chains

    (OVS or

    Qosmos rules)

    Layer 7 Classification

    Configuration

    YAML or JSON

    ConnTrack App ID or Qosmos

    Iptables or OpenFlow

    Drop/Pass

    Rate Limit

    MarkEgress

    Linux Server

    FW VM

  • DashboardFW

    L7 L7

    Where is the L7 Application Awareness in Service Chaining?

    Page 15

    VPN Tunnels

    BENEFITS

    Service chaining: Optimization of services delivered

    to premises based on subscriber and application

    Service functions: firewalling, dashboards, etc.

    Service Classifier &

    Service Function

    Forwarder

    vSwitch with

    conntrack

    QoS NAT

    Enterprise Site

    Layer 7

    Classification

    Layer 7

    Classification

    Data Center

    3

  • Use Case #3: Layer 7 Inside an Enterprise Customer Dashboard

    Page 16

    Packet

    Collection

    (DPDK or

    Qosmos DPI

    Mem) Linux Server

    IP Traffic Ingress IP Traffic Egress

    Dashboard VM,

    virtual probe

    Layer 7 Classification

    (purely passive role)

    Dashboard

    IPFIX, CSV, or OpenStack Ceilometer

    Configuration

    YAML or JSON

    Copied Packets

  • Example: Layer 7 Classification Function for vCPE - Sinefa

    vCPE ready traffic visibility and

    control function

    Powered by Qosmos ixEngine

    Available for download now

    Support for service chaining

    Cloud-based analytics and

    dashboards

    sinefa.com

    Page 17

  • Summary: Why Layer 7 Visibility for vCPE Services

    1. Benefits beyond capex-opex savings

    2. Perfectly in line with Webification and cloudification of telco business model

    3. Optimized Service Function Chaining (SFC) delivered to premises based on

    subscriber and application

    4. New services delivered through a Web interface (e.g. Firewalling, Dashboards)

    Page 18

    Layer 7 visibility is an essential ingredient of any vCPE strategy for both

    equipment vendors and operators

  • Copyright 2015 Qosmos S.A. All rights reserved. Qosmos, the Qosmos logo, Qosmos Classifier, Qosmos Service Aware Module, Qosmos Service Aware

    Module for vSwitch, Qosmos SAM and Qosmos ixEngine are trademarks of Qosmos. Other names and brands may be claimed as the property of others.

    Non-contractual information. Products and services and their specifications are subject to change without prior notice.

Recommended

View more >