layer 7 visibility for vcpe services

Layer 7 Visibility for vCPE Services

Erik Larsson, VP Marketing

April 2016

Business Drivers for Enterprise vCPE Services

Enterprise Drivers Service Provider Drivers

Source: 2015 Virtual Edge Report, SDxCentral

An opportunity for service providers

to offer network management functions as a value-added service

Deployment Scenarios – A Full Spectrum

Single

“Smart”

CPE

Basic

“Thin”

CPE

Deployment scenarios will have a variable impact

on the operator’s IT systems and services offered

vCPE Benefits: Webification and Cloudification of the Telco Model

Self-service via web-based

interfaces

Service improvements deployed on

a continuous basis

Security and parental control for

entire household at once

Lower OPEX

• Fewer truck and fewer field

technicians

• Service provisioning and

maintenance from a central point

• Customer self-service; webstore

• Service improvements deployed

on a continuous basis

Opportunities for new VAS

• Reporting, web-content filtering,

self-provisioning, etc.

Lower CAPEX

• Reduced number and cost of

physical hardware

Lower costs (OPEX & CAPEX)

• Fewer technicians to manage

infrastructure

• Reduced number and cost of

physical hardware

WAN optimization

More flexible network management

• Self-service via web-based

interfaces

• Service improvements deployed

on a continuous basis

Improved security

Residential Service ProviderEnterprise

vCPE enables operators to adopt a web-like operational model

What is Layer 7 Application Visibility?

NG Firewall, SIEM, … Analytics, vCPE, … Policy Control, QoS, …

Protect

Caller, called party, jitter, packet loss, latency, call duration, setup time, codec, throughput, mobile ID (IMSI, IMEI), phone

number, user login, IP address, MAC

address, date & time of login / logoff, subject of email / chat / Webmail, sender, receiver,

attached documents, response time, data

transfer sessions (type, content, time), visited Website, page content, time spent on visit,

basket share, referent, etc.

Extraction of 4,000+ MetadataVisibility on thousands of application protocols

Optimize Monetize

Why L7 Visibility?

COTS

COTSEnterprise

vCPE

(L2 element)

Other Services

Content Filtering

Firewalling

Dashboards

VNFs in the Data Center or PoP

Layer 7

Classification

Ethernet / IP / MPLS

Enables optimization of services

delivered to premises based on

subscriber and application

Enables simpler introduction of VAS

All the associated benefits of vCPE

(reduced cost, improved security,

service agility, easier & faster

deployment, etc.)

Where is L7 Application Awareness Needed?

Optimizing Service Function Chaining (SFC)

Offering new Value-Added Services through a Web interface

• Firewalling

• Dashboards

• Content filtering

• Other

Need

L7

Granular and continuous Layer 7 application visibility

helps operators overcome challenges associated with vCPE services

Why Add L7 Application Awareness to Service Chaining?

DashboardFW

L7 L7

Where is the L7 Application Awareness in Service Chaining?

VPN Tunnels

Service Classifier &

Service Function

Forwarder

vSwitch with

conntrack

QoS NAT

Enterprise Site

Layer 7

Classification

Layer 7

Classification 1

Data Center

2

3

BENEFITS

Service chaining: Optimization of services delivered

to premises based on subscriber and application

Service functions: firewalling, dashboards, etc.

Use Case #1: Layer 7 Inside the Service Classifier

Service

Function

“n”

Packet

Collection

(DPDK or

Qosmos DPI

Mem)

IP Traffic Ingress

Flow Table

(conntrack or

Qosmos Flow

Table)

Rule Chains

(OVS or

Qosmos rules)

Service

Function

#2

(e.g. FW)Layer 7 Classification

Configuration

Service

Function

#1(e.g

Dashboard)

ConnTrack App ID or Qosmos

Service

Function

Forwarder

(Hypervisor

vSwitch)

Tagged traffic

L7 Service

Classifier

VNF

YAML or JSON Iptables or OpenFlow

DashboardFW

L7 L7


VPN Tunnels


Service Function

Forwarder

vSwitch with

conntrack

QoS NAT

Enterprise Site

Layer 7

Classification

Layer 7

Classification

Data Center

2

BENEFITS




Use Case #2: Layer 7 Inside a Firewall

Packet

Collection

(DPDK or

Qosmos DPI

Mem)

IP Traffic Ingress

Flow Table

(conntrack or

Qosmos Flow

Table)

Rule Chains

(OVS or

Qosmos rules)

Layer 7 Classification

Configuration

YAML or JSON

ConnTrack App ID or Qosmos

Iptables or OpenFlow

• Drop/Pass

• Rate Limit

• MarkEgress

Linux Server

FW VM

DashboardFW

L7 L7


VPN Tunnels

BENEFITS





Service Function

Forwarder

vSwitch with

conntrack

QoS NAT

Enterprise Site

Layer 7

Classification

Layer 7

Classification

Data Center

3

Use Case #3: Layer 7 Inside an Enterprise Customer Dashboard

Packet

Collection

(DPDK or

Qosmos DPI

Mem) Linux Server

IP Traffic Ingress IP Traffic Egress

Dashboard VM,

virtual probe

Layer 7 Classification

(purely passive role)

Dashboard

IPFIX, CSV, or OpenStack Ceilometer

Configuration

YAML or JSON

Copied Packets

Example: Layer 7 Classification Function for vCPE - Sinefa

vCPE ready traffic visibility and

control function

Powered by Qosmos ixEngine

Available for download now

Support for service chaining

Cloud-based analytics and

dashboards

sinefa.com

Summary: Why Layer 7 Visibility for vCPE Services

1. Benefits beyond capex-opex savings

2. Perfectly in line with Webification and cloudification of telco business model

3. Optimized Service Function Chaining (SFC) delivered to premises based on

subscriber and application

4. New services delivered through a Web interface (e.g. Firewalling, Dashboards)

Layer 7 visibility is an essential ingredient of any vCPE strategy for both

equipment vendors and operators

Copyright © 2015 Qosmos S.A. All rights reserved. Qosmos, the Qosmos logo, Qosmos Classifier, Qosmos Service Aware Module, Qosmos Service Aware

Module for vSwitch, Qosmos SAM and Qosmos ixEngine are trademarks of Qosmos. Other names and brands may be claimed as the property of others.

Non-contractual information. Products and services and their specifications are subject to change without prior notice.

layer 7 visibility for vcpe services

Internet