layer 7 visibility for vcpe services
TRANSCRIPT
Layer 7 Visibility for vCPE Services
Erik Larsson, VP Marketing
April 2016
Business Drivers for Enterprise vCPE Services
Page 2
Enterprise Drivers Service Provider Drivers
Source: 2015 Virtual Edge Report, SDxCentral
An opportunity for service providers
to offer network management functions as a value-added service
Deployment Scenarios – A Full Spectrum
Page 3
Single
“Smart”
CPE
Basic
“Thin”
CPE
Deployment scenarios will have a variable impact
on the operator’s IT systems and services offered
vCPE Benefits: Webification and Cloudification of the Telco Model
Self-service via web-based
interfaces
Service improvements deployed on
a continuous basis
Security and parental control for
entire household at once
Lower OPEX
• Fewer truck and fewer field
technicians
• Service provisioning and
maintenance from a central point
• Customer self-service; webstore
• Service improvements deployed
on a continuous basis
Opportunities for new VAS
• Reporting, web-content filtering,
self-provisioning, etc.
Lower CAPEX
• Reduced number and cost of
physical hardware
Page 4
Lower costs (OPEX & CAPEX)
• Fewer technicians to manage
infrastructure
• Reduced number and cost of
physical hardware
WAN optimization
More flexible network management
• Self-service via web-based
interfaces
• Service improvements deployed
on a continuous basis
Improved security
Residential Service ProviderEnterprise
vCPE enables operators to adopt a web-like operational model
What is Layer 7 Application Visibility?
Page 5
NG Firewall, SIEM, … Analytics, vCPE, … Policy Control, QoS, …
Protect
Caller, called party, jitter, packet loss, latency, call duration, setup time, codec, throughput, mobile ID (IMSI, IMEI), phone
number, user login, IP address, MAC
address, date & time of login / logoff, subject of email / chat / Webmail, sender, receiver,
attached documents, response time, data
transfer sessions (type, content, time), visited Website, page content, time spent on visit,
basket share, referent, etc.
Extraction of 4,000+ MetadataVisibility on thousands of application protocols
Optimize Monetize
Why L7 Visibility?
Page 6
COTS
COTSEnterprise
vCPE
(L2 element)
Other Services
Content Filtering
Firewalling
Dashboards
VNFs in the Data Center or PoP
Layer 7
Classification
Ethernet / IP / MPLS
Enables optimization of services
delivered to premises based on
subscriber and application
Enables simpler introduction of VAS
All the associated benefits of vCPE
(reduced cost, improved security,
service agility, easier & faster
deployment, etc.)
Where is L7 Application Awareness Needed?
Optimizing Service Function Chaining (SFC)
Offering new Value-Added Services through a Web interface
• Firewalling
• Dashboards
• Content filtering
• Other
Page 7
Need
L7
Granular and continuous Layer 7 application visibility
helps operators overcome challenges associated with vCPE services
Why Add L7 Application Awareness to Service Chaining?
Page 8
Why Add L7 Application Awareness to Service Chaining?
Page 9
Why Add L7 Application Awareness to Service Chaining?
Page 10
DashboardFW
L7 L7
Where is the L7 Application Awareness in Service Chaining?
Page 11
VPN Tunnels
Service Classifier &
Service Function
Forwarder
vSwitch with
conntrack
QoS NAT
Enterprise Site
Layer 7
Classification
Layer 7
Classification 1
Data Center
2
3
BENEFITS
Service chaining: Optimization of services delivered
to premises based on subscriber and application
Service functions: firewalling, dashboards, etc.
Use Case #1: Layer 7 Inside the Service Classifier
Page 12
Service
Function
“n”
Packet
Collection
(DPDK or
Qosmos DPI
Mem)
IP Traffic Ingress
Flow Table
(conntrack or
Qosmos Flow
Table)
Rule Chains
(OVS or
Qosmos rules)
Service
Function
#2
(e.g. FW)Layer 7 Classification
Configuration
Service
Function
#1(e.g
Dashboard)
ConnTrack App ID or Qosmos
Service
Function
Forwarder
(Hypervisor
vSwitch)
Tagged traffic
L7 Service
Classifier
VNF
YAML or JSON Iptables or OpenFlow
DashboardFW
L7 L7
Where is the L7 Application Awareness in Service Chaining?
Page 13
VPN Tunnels
Service Classifier &
Service Function
Forwarder
vSwitch with
conntrack
QoS NAT
Enterprise Site
Layer 7
Classification
Layer 7
Classification
Data Center
2
BENEFITS
Service chaining: Optimization of services delivered
to premises based on subscriber and application
Service functions: firewalling, dashboards, etc.
Use Case #2: Layer 7 Inside a Firewall
Page 14
Packet
Collection
(DPDK or
Qosmos DPI
Mem)
IP Traffic Ingress
Flow Table
(conntrack or
Qosmos Flow
Table)
Rule Chains
(OVS or
Qosmos rules)
Layer 7 Classification
Configuration
YAML or JSON
ConnTrack App ID or Qosmos
Iptables or OpenFlow
• Drop/Pass
• Rate Limit
• MarkEgress
Linux Server
FW VM
DashboardFW
L7 L7
Where is the L7 Application Awareness in Service Chaining?
Page 15
VPN Tunnels
BENEFITS
Service chaining: Optimization of services delivered
to premises based on subscriber and application
Service functions: firewalling, dashboards, etc.
Service Classifier &
Service Function
Forwarder
vSwitch with
conntrack
QoS NAT
Enterprise Site
Layer 7
Classification
Layer 7
Classification
Data Center
3
Use Case #3: Layer 7 Inside an Enterprise Customer Dashboard
Page 16
Packet
Collection
(DPDK or
Qosmos DPI
Mem) Linux Server
IP Traffic Ingress IP Traffic Egress
Dashboard VM,
virtual probe
Layer 7 Classification
(purely passive role)
Dashboard
IPFIX, CSV, or OpenStack Ceilometer
Configuration
YAML or JSON
Copied Packets
Example: Layer 7 Classification Function for vCPE - Sinefa
vCPE ready traffic visibility and
control function
Powered by Qosmos ixEngine
Available for download now
Support for service chaining
Cloud-based analytics and
dashboards
sinefa.com
Page 17
Summary: Why Layer 7 Visibility for vCPE Services
1. Benefits beyond capex-opex savings
2. Perfectly in line with Webification and cloudification of telco business model
3. Optimized Service Function Chaining (SFC) delivered to premises based on
subscriber and application
4. New services delivered through a Web interface (e.g. Firewalling, Dashboards)
Page 18
Layer 7 visibility is an essential ingredient of any vCPE strategy for both
equipment vendors and operators
Copyright © 2015 Qosmos S.A. All rights reserved. Qosmos, the Qosmos logo, Qosmos Classifier, Qosmos Service Aware Module, Qosmos Service Aware
Module for vSwitch, Qosmos SAM and Qosmos ixEngine are trademarks of Qosmos. Other names and brands may be claimed as the property of others.
Non-contractual information. Products and services and their specifications are subject to change without prior notice.