sdn / nfv / sdwan/ aeiou and a variety of other three ... technologies.pdfnms & carrier sdn...
TRANSCRIPT
SDN / NFV / SDWAN / AEIOUAnd a Variety of Other Three Letter Acronyms
Dean Campbell
10.18.18
©2018 LightRiver Technologies Inc. - Confidential
The Starting Point
• Imagine it’s the early 2000’s….
• “Software As A Service” is Taking Off
• Cloud Applications are gaining in popularity
• Salesforce, etc.
• Social Networking is Exploding Also
• Facebook, MySpace, etc.
• Disaster Recovery Planning is in Full Swing
• Driven by executive review of 9-1-1 and Y2K effects
• The Size of Data Centers is Exploding
• Going from hundreds of clients to 10’s of thousands
• Explosion in size requirements
• Explosion in complexity requirements
• Explosion in reliability requirements
©2018 LightRiver Technologies Inc. - Confidential
Challenge – Data Center Technical Perspective
• I Need to Connect Ten’s of Thousands of Clients
• Thousands of Top of Rack servers
• Hundreds of End or Row servers
• Huge Core Switches
• OpEx is Increasing Dramatically• Managing/provisioning all these switches is nearly
impossible
• Constant bug fixes and S/W upgrades on thousands of
devices - nightmare
• Capital Costs are Killing Us• Hardware is expensive, compared to generic “silicon”
• Manufacturers are bleeding us on dry support
©2018 LightRiver Technologies Inc. - Confidential
Challenge – Data Center Business Perspective
• Data Centers Provide
• Compute on Demand – processing power from multiple virtual machines
• Storage on Demand – disk space from multiple physical disk elements
• Application on Demand – cloud based applications scaling on demand
• Implementing (or moving) a New Customer/Application
• Compute - configured and turned-up in minutes using the management consoles
• Storage - configured using management GUI’s in minutes
• To connect the new server/application to the network requires:
✓ Discuss IP addresses (and get assignments) with person who manages IP addressing
✓ Discuss available VLAN’s (and get assignments) for switches
✓ Provisioning top of rack (ToR) switch to accept new VLAN
✓ Provision end of row switch to accept new VLAN
✓ Provision other aggregation switches (in primary and backup pathways) to accept VLAN
✓ Provision Router to handle new IP Addresses
✓ Work with security (and customer) to get appropriate ACL’s for router and firewall rules
✓ Connect application to Firewall or other external connectivity
✓ Total Time – days to weeks
• How do we fix the network access provisioning problem?
©2018 LightRiver Technologies Inc. - Confidential
The Solution…..
• The Realization…
• Regardless of all the hype generated by the manufacturers, an Ethernet
switch is a very simple device/function. It is just a computer that
forwards Ethernet frames from one port to another.
• The Proposal!
• Lets buy commodity “silicon” and run open-source (free) switching
software
• The devices only handle the packet traffic forwarding (data plane)
• Lets run an application on a server that uses a provisioning interface
(API) to control the switches
• Calculations needed to determine where to send the traffic are done by
a centralized server
• The central server (control plane engine) tells the dumb end devices
where to send traffic through the standard API.
• Lets scale by number of devices!
©2018 LightRiver Technologies Inc. - Confidential
SDN - And It Begins…
• A Couple of major players
• Content Service Providers (CSP’s) – the FANG companies
• Software providers – the big “M”
• Experimented and Found Scale-out of Lower Cost Platforms Worked
• Inexpensive hardware boxes
• Free-ware (open source) operating system
• Simple, customized-to-suit free-ware switching software
• Broke the Embargo of Major Manufacturers
• Proved that simple applications didn’t need the commercial one-size-fits-all
dedicated (purpose-built) hardware designs to get good scale and throughput
• Since they controlled the O/S now, the users controlled the upgrade cycle, and
controlled the introduction of wanted (and unwanted) functions
• Eliminated the “upgrade to fix a bug”, then need an “upgrade to the hardware” to
support the new O/S vicious cycle!
©2018 LightRiver Technologies Inc. - Confidential
Basic SDN Network – Gen 1
• We’ve Broken the Manufacturer’s Grip on Hardware Platforms
• Lower costs
• Manageable upgrade/feature cycle
• User control instead of vendor
• We’ve Opened the Platform up to Control by Higher Level Applications
• Separated the Control Plane (intelligence) from the data plane (data movement level). OpenFlow enables remote management of Ethernet flows
• We’ve Created Additional Options for the Business Model
• If I can manage switches, can I manage other devices the same way – routers, firewalls, load-balancers, packet filters, etc.
• What other functions can we virtualize in order to support “mass customization” – customized service per customer
©2018 LightRiver Technologies Inc. - Confidential
Data Centers Continue to Push the Limits
• Can I break out more than just the Ethernet switch
computing tasks?
• Can I build more software applications to handle
network route calculations, failover, business
workflow, etc.?
• Can I standardize this architecture so that I can
use multiple equipment vendors seamlessly?
• We are already expert with VMWare type of virtual
machine environments, can we host more than
customer applications?
• Already providing “Compute” (so we have cycles to sell)
• Already providing “Storage”
• What Other “Apps” can we sell?
Birth of NFV
©2018 LightRiver Technologies Inc. - Confidential
Let’s REALLY Virtualize Network Components
• Data Centers Have Major Virtualization (VMWare) Environments
• Can we extend our “Compute” virtualization to other applications
• We’ll Always Need a Physical Connection
• Network of Ethernet switches that are SDN (NetFlow) managed
• But Once the Client Signal is on our Network, it Can Traverse “Virtual” Devices
• Each traffic flow can be directed through a personal switch/router configured for its traffic only
• The private elements are “spun up” on a virtual machines
• Additional components can be added to this virtual machine programmatically
• Load Balancer, Firewall, Packet Filters, Angry Birds, etc.
• Traffic can also be “chained” from one virtual server to another
• Features can be dynamically added
• The entire customer flow (pipeline of traffic) is managed through virtual machines!
Cloud Services and InternetVMWare (virtual machines)
Apps customized per traffic flowPhysical Access Network
Mesh of dumb Ethernet switches
Applications and Controller Software
©2018 LightRiver Technologies Inc. - Confidential
Marketplace Has Settled On 3 Use Cases
• SD-WAN
• Software designed WAN
• Network is assumed to provide connectivity
• Edge devices are connected, and automatically connected to the correct VPN
• Extends the range of connectivity to multiple networks, off-net locations, etc.
• NFV (Network Functions Virtualization)
• Replace physical devices with apps running in VM’s
• Allows for rapid introduction of new services – just load some software
• Allows for scale-as-needed.
• Day 1: 1 customer:1VM
• Day 100: 50 sites: 50 VM’s
• Pay per license
• SDN (Software Defined Networking, Automation and Control)
• Network management system on steroids
• Programmatic control over elements across multiple layers
• Separates “control plane” from “data plane” increasing reliability and scalability
©2018 LightRiver Technologies Inc. - Confidential
VSNI Layer
SDN Stack
11
Multi-Domain Orchestrator
Overlay
SD-WAN
Underlay
NMS &Carrier SDN
Virtualization
NFV/NFVO
Creates L3 VPN’s
Over Private, Public,
and Cloud Networks
Programmatically
Manages and
Provisions Network
Elements
Manages Virtual
Devices
VS
NI H
ard
wa
re L
aye
r VS
NI H
ard
wa
re L
aye
r
©2018 LightRiver Technologies Inc. - Confidential
SD-WAN
©2018 LightRiver Technologies Inc. - Confidential
SD-WAN Solutions
13
• Software Defined Wide Area Network
• SD-WAN is a software generated network applied to WAN connections to allow
devices to securely communicate
• Creates a (use-defined) mesh network using specialized Layer 3 VPN’s and WAN
optimization technologies
• Can be utilized as or with an existing transport network (MPLS, CE, etc)
©2018 LightRiver Technologies Inc. - Confidential
SD-WAN Example
• Doug’s Utility….
• 20 Locations (Control Centers, Substations)
• 15 on-net
• Needs LAN connectivity
• Traditional Method
• 15 locations on-net we can provision quickly
• 5 off-net
• we can reach 2 through commercial provider (leased circuits)
• Remaining 3 we need to build to (long time, high cost)
• SD-WAN
• We can deliver CPE’s to the 15 on-net sites and have them connected tomorrow
• The remaining 5 locations – our choice for connectivity…..
• We can utilize the alternate provider
• We can utilize any existing internet connection
• We can bond multiple “low reliability” connections into a single H/A connection
• And we can do it for less costs than the traditional methods…..
©2018 LightRiver Technologies Inc. - Confidential
SD-WAN Use (Operations)
• Provision a Shared Bandwidth Pool (network) across your infrastructure
• You’re creating the “cloud”
• Deliver End-points to Locations
• Pre-provisioned
• The Central Server Recognizes End-points when they Connect
• IP level connectivity is all that is required
• End devices “phone-home”
• Server provisions secure tunnels across the network to connect that location to others in the desired
customer WAN topology
• Turning Up a WAN (VPN)…
• Some provisioning for the Customer WAN on the SD-WAN server
• Delivery of the CPE devices
• NO MORE PROVISIONING OF CUSTOMER CIRCUITS ON THE NETWORK
©2018 LightRiver Technologies Inc. - Confidential
SD-WAN Partners
• VeloCloud
• Full turn key solution including Network Gateway Devices
• Cloud based gateway for control plane management
• Multitenant architecture
©2018 LightRiver Technologies Inc. - Confidential
SD-WAN Partners
• Silver Peak
• Multitenant Hybrid physical / virtual SD-WAN
• Enterprise class features including multi-WAN aggregation
• Built-in WAN Optimization engine
©2018 LightRiver Technologies Inc. - Confidential
SD-WAN Partners
• Nokia Nuage Networks VNS
• Full virtual network overlay that works with any Hypervisor
• Software capable of most L2 through L4 functions
©2018 LightRiver Technologies Inc. - Confidential 19
NFV
Network Function Virtualization
©2018 LightRiver Technologies Inc. - Confidential
VSNI Layer
SDN Stack
20
Multi-Domain Orchestrator
Overlay
SD-WAN
Underlay
NMS &Carrier SDN
Virtualization
NFV/NFVO
Creates L3 VPN’s
Over Private, Public,
and Cloud Networks
Programmatically
Manages and
Provisions Network
Elements
Manages Virtual
Devices
VS
NI H
ard
wa
re L
aye
r VS
NI H
ard
wa
re L
aye
r
©2018 LightRiver Technologies Inc. - Confidential
Several “Models” for NFV (Locations for the Cloud)
• Virtualize “Inside the House” -- Private Cloud
• Instead of buying routers, firewalls, etc., run them in Virtual Machines (VM’s)
• Better scalability, better reliability, better space and power usage, lower costs
• Business model is proven – improves TCO
• Allows for more rapid rollout of services (adding a new service)
• A new service only requires investment in a new VNF (virtual network function)
• Can be added easily to the existing Virtual Infrastructure
• Virtualize “At the Customer Prem” -- uCPE
• Provide a device that can host multiple applications
• Firewall and Encryption are two obvious applications
• Deep packet inspection, Load balancing, and others are coming on line
• With a “Smart” customer premise device, you can choose where to run applications
• Public Cloud
• AWS, Azure, etc.
©2018 LightRiver Technologies Inc. - Confidential
NFV: Network Function Virtualization
• Strategic Partnerships
• Product focus on complementing existing markets
• Routers, FireWalls/Security, Encryption, WAN Optimization
• One Stop Shop - Provide VNF software and licenses from technology
partners
• System Integration
• VNF Templating
• NFVO
• Design, installation, and commissioning of NFV Orchestration solutions
• Operationalization of Solutions
• Robust Virtualization Solutions
• Highly available x86 architectures
• Geographically redundant deployments
©2018 LightRiver Technologies Inc. - Confidential
VNF Partners
• VNF Partner List
• Product Portfolio
• *Denotes pending partnership
©2018 LightRiver Technologies Inc. - Confidential
UtilityControl center
VNF’s
NFV Configuration Example
24
Transport Network
vCPE Corporate
Network
uCPE Substation
Network
Orchestrator
VNF’s
VNF’s
AWS
VNF’s
©2018 LightRiver Technologies Inc. - Confidential
uCPE
• Universal CPE
• Multiport Switch with built in x86 Computer node
• Full VNF Support: Runs all common Virtual Network Functions
• Router
• Firewall
• SD-WAN
• Encryption
• Multi-Vendor
• ADVA FSP 150 Series (ProVMi, ProVMe)
• Ciena 3906mvi, 3926m
• Cisco ENCS 5000 Series
• Juniper NFX 150/250 Series
• Onboarding of new vendor: ~30 days
25
©2018 LightRiver Technologies Inc. - Confidential
uCPE Cont.
• Benefits
• Any customer considering Virtual Network Functions (VNF’s)
• Reduce footprint / cost, increased reliability
• Consolidate multiple boxes into a single 1U Chassis
• Limit truck rolls; single device
• Have an existing packet based network; want to add x86 capabilities without losing
standard Ethernet aggregation / carrier ethernet
• Operationalization
• Training on the virtual “stack”
• Port Layer
• Hypervisor
• Virtual Layer
• Custom NOC, Provisioning, Deployment focused trainings
26
©2018 LightRiver Technologies Inc. - Confidential
uCPE / Templating Cont.
• Templating
• LightRiver provided turn-key service
• FBN Philosophy
• Deliver a uCPE device with customer approved images of any supported VNF
• Flat pricing per VNF for supported VNF’s; Onboarding of new VNF is fee based
• Drop ship options
27
©2018 LightRiver Technologies Inc. - Confidential
Easier/Cheaper Adoption of New Services
• Addition of Features / Applications is Easier
• No addition of boxes that can fail or that need to be integrated
• Applications can be tested and added virtually, as desired
• Entire networks can be simulated in order to test behavior, scalability,
resilience
• Licenses can be purchased as needed (pay as you grow)
• Training
• Users can train / work on virtual versions of new devices to learn
provisioning and troubleshooting.
• Entire networks can be simulated for training purposes
• Common Infrastructure Removes Many Interop Issues
• The VM environment, moving data from one VM to another, does not
have any of the issues that can arise when connecting one network
element to another (through physical ports)
©2018 LightRiver Technologies Inc. - Confidential
Increase In Reliability
• Moving to a Virtualized Environment
• Less function specific hardware to fail
• Easy to spin up another virtual machine (seconds) if one fails for some reason
• Virtual Environment can be made very highly-available
• Eliminates the Hardware / Software Upgrade Cycle
• To scale to higher performance means change the virtual environment, not the actual network elements.
• Eliminates the need to swap out cards/elements/etc.
• Addition of More Virtual “Devices” Does Not Increase Failure Points
• Devices are virtual, and don’t have all the intrinsic inter-connect points of failure
• Virtual devices do not add the to quantity of hardware elements that can fail
• Virtualization Allows for More Modular Functionality
• Separation of control and data plane, means that new features can be rolled out in a controlled fashion, with much less possible impact
• Control plane changes can be rolled out and tested in seconds
• Software upgrades can be tested in seconds, rolled back in seconds..
©2018 LightRiver Technologies Inc. - Confidential
Centralized Security
• Virtual infrastructure promotes consistency of
provisioning (and security posture) across virtual
devices.
• Allows for rapid response/correction of zero-day
attacks
• Allows for simplifications of each layer (data
plane, etc.) providing less room for attack vectors
• Modular components, reduction # of possible
exposures
• Allows for easy deployment of flexible
encryption layer components
©2018 LightRiver Technologies Inc. - Confidential 31
VSNI
“Virtual Servers and Network Infrastructure”
©2018 LightRiver Technologies Inc. - Confidential
VSNI: Virtual Server & Network Infrastructure• Defined
• The physical server, network, and storage infrastructure to support
datacenter, central office, or CPE deployments
• LightRiver’s Approach
• System Integration Role
• Sizing requirements and site considerations
• Design, furnish, install, and commission virtual infrastructure
• Migrate existing applications
• Provide training and support on virtual infrastructure
• Example Network Applications
• Network Management Systems (NMS)
• Windows and Linux servers
• Appliance based applications
• Standalone VNF’s
32
©2018 LightRiver Technologies Inc. - Confidential
Supported VSNI Products
33
• Hypervisor Support
• VMWare
• ESXi
• vSphere vCenter
• Enterprise licensing for dynamic load balancing
• Linux KVM
• RedHat / CentOS
• Ubuntu LTS
• Hardware Partners
• Dell
• 1-4 Socket servers
• EqualLogic & EMC SAN solutions
• HP
• 1-4 Socket Servers
• LeftHand SAN
©2018 LightRiver Technologies Inc. - Confidential
VSNI Hardware Examples
34
Primary Server
SAN
Secondary Server
Primary Switch
Secondary Switch
Datacenter / CO
High Availability
• Robust Infrastructure
to support Virtual
server and VNF
deployments
• For high capacity or
high bandwidth
demands
• 10+ VM Server
• 20+ VNF’s
• 40+ Gb
Aggregation or
Large vCPE Edge CPE
• Virtual Aggregation
device for VNF
deployment and
service chaining
• Muti-tenant / Multi-
domain
• For medium capacity
and bandwidth
requirements
• 8+ VNF’s
• Up to 20 Gb
• Dedicated low cost
CPE with x86
capability
• For customer premise
bandwidth needs
• 2 VNF’s
• Up to 4 Gb
©2018 LightRiver Technologies Inc. - Confidential
Hardened Servers
• Dell EMC PowerEdge XR2
• Extremely powerful Skylake-X CPU, up to 512GB RAM
• -15 to +55C
• 20” short depth with 40G Shock rating up to 15k Altitude
• MIL-STD-810G, MIL-STD-461G (Military) and DNV GL, IEC60945
(Marine) compliant
35
©2018 LightRiver Technologies Inc. - Confidential
Hardened Servers Cont.
• SEL-3355
• Low Power i7, up to 16GB RAM
• Fanless / No moving parts
• -40 to +75C
• IEC 61850-3:2013, IEEE 1613-2009 Severity Level: Class 1, IEC 61000-6-
2:2005, IEC 61000-6-4:2006
36
©2018 LightRiver Technologies Inc. - Confidential 37
SDN
Software Defined Networking
©2018 LightRiver Technologies Inc. - Confidential
Quick Definitions
• SDN: Software Defined Networking
• A programmable software interface that manipulates networks, devices, elements
or protocols.
• Conceptually: any software that provides control of physical or virtual network
devices
• Started years ago when Router vendors separated control plane from
forwarding plane
• Real (server-based) software took hold in the data-center evolution
• Now, we’re looking at programmatic control of network elements
• Taking vendors quite a while to provide programmatic accessible interfaces for control
• Still limited “standardization” of API’s….
• Service creation automation with extended constraints (Intent Based Networking)
• Continuous monitoring and automated remediation
• End-user control of customer network domain
38
©2018 LightRiver Technologies Inc. - Confidential
• R&D
• LightRiver has invested the last 4+ years in research,
development, and lab trials with numerous SDN
technologies and vendor’s products in order to find the
“best of breed” technologies in the SDN space.
• Focus
• Provide SDN technologies that augment client network
operations
• Stay in the Network Transport space
• Full turn-key system integrator
• Provide customer with SDN expertise, consulting,
and design resources
• Partner with leading SDN vendors
• Certified individuals on staff
LightRiver and SDN
39
©2018 LightRiver Technologies Inc. - Confidential
LightRiver and SDN
• State of the Market
• 2014-2016
• SDN technologies needed definition and focus
• Vendors popping up every month; weed out the
“science projects”
• Hardware was needed to match the software
• 2017 – Shipped and installed production ready
products and applications
• 2018 – “Virtualization and Miniaturization of the
Network”
• LightRiver SDN Technology Portfolio
• Network Management Systems (NMS)
• Software Defined-WAN (SD-WAN)
• Virtual Server and Network Infrastructure (VSNI)
• Network Function Virtualization (NFV)
• Universal Customer Premise Devices (uCPE)
40
©2018 LightRiver Technologies Inc. - Confidential
High Level Architecture - components
Multi-Domain Orchestrator
SDN Orchestrator NFV Orchestrator
Overlay Underlay NFV
VM’sNetwork Elements
VPN’s
VM Controller(Open Stack)
O/S Hypervisor(VMWare, KVM)
Controller or NMS(ONOS, etc.)
Element Translators(OpenFlow, NetConf)
VPN Orchestrator
VPN Mgr
vCPE Devices(routers)
©2018 LightRiver Technologies Inc. - Confidential Proprietary and Confidential
A Map of Some Players…
©2018 LightRiver Technologies Inc. - Confidential Proprietary and Confidential
SDN / NFV Architecture – 2018
Physical / Virtual Assets - Data Plane
Controllers - Control Plane
Orchestration - Management Plane
Business Applications
Route Calculation
Restoration Manager
REST interfaces Native Northbound API’s
Workflow Manager
Orchestrator
Open Flow Based Network Controller
NetConf Based Provisioning Module
YANG Based Network Topology Modeler
AAA Support
Customer Self-ServiceAutomated Service
Turn-upBandwidth on
Demand
Network Configuration Mgmt
Network Fault MgmtService Turn-up /
ProvisioningService Billing
Business Rules Manager DB
OpenFlow X-lator
NetConf X-lator
Other X-lator
Router Switch Optical Firewall
Virtua Server and Storage Controller
Virtual
Machines
Virtual
Storage
OpenStack
NFV-O
©2018 LightRiver Technologies Inc. - Confidential
LightRiver Partners• LightRiver has performed in-house testing of products from a multitude of
vendors. As part of this process, we’ve developed partnerships with the
partners listed below.*
• We’re helping customers put together SOLUTIONS!
44
* Other partnerships pending
©2018 LightRiver Technologies Inc. - Confidential
Questions?
©2018 LightRiver Technologies Inc. - Confidential
Example Products
Multi-Domain Orchestrator
Nokia Nuage
Silver Peak
Viptela / Velocloud / Versa
Nokia-NSP
BluePlanet MCP
Cisco Evolved Service Platform
Nokia CloudBand
BluePlanet NFV-O
ADVA Ensemble
Overlay Underlay NFV
VM’sNetwork Elements
VPN’s
©2018 LightRiver Technologies Inc. - Confidential
Data Center Access Networks
• Clos Network
• Bell Labs designed in the 1950’s to support high capacity, non-blocking, voice switching
• Resurrected in Order to Support Scale-out to Thousands of Ports
• Software developed to support this infrastructure
• TRILL (Transparent interconnection of Lots of Links)
• Juniper Q-fabric, Cisco Fabric-path, Brocade Virtual Cluster Switching, Arista Spline/leaf
• “OpenFlow” Created
• Standards-based API to “provision” the data flows across these large, but simple, networks
©2018 LightRiver Technologies Inc. - Confidential
SD-WAN Solutions
48
• Business Drivers
• Flexibility - Customers are demanding more flexible cloud-based WAN technologies, rather
than installing proprietary or specialized hardware
• Cost Savings - Has the advantage of removing expensive routing hardware by provisioning
connectivity and services via BYO Internet
• Reliability – Utilize multiple WAN connections to increase uptime and availability of services
• Footprint - Customers are able to scale their network without the typical physical construction
costs to run fiber
• LightRiver's Approach
• System integrator role
• Multi-vendor best-of-breed technology approach
• SD-WAN and NFV Orchestration interop testing / POC
©2018 LightRiver Technologies Inc. - Confidential 49
©2018 LightRiver Technologies Inc. - Confidential
NMS System Integration
• LightRiver has provided full turn-key installation, training,
and operationalization assistance on numerous NMS
products over the last 15 years
• Full Turn-Key Solutions:
• Ciena OneControl / Blue Planet MCP
• Nokia 5620 SAM
• LightRiver Software netFLEX
• Basic Installation and Node Discovery
• Infinera DNA/DNA-M
• Fujitsu NetSmart 1500
• ADVA FSP Network Manager
• Cisco EPNM
50