sdn / nfv / sdwan/ aeiou and a variety of other three ... technologies.pdfnms & carrier sdn...

SDN / NFV / SDWAN / AEIOUAnd a Variety of Other Three Letter Acronyms

Dean Campbell

10.18.18

©2018 LightRiver Technologies Inc. - Confidential

The Starting Point

• Imagine it’s the early 2000’s….

• “Software As A Service” is Taking Off

• Cloud Applications are gaining in popularity

• Salesforce, etc.

• Social Networking is Exploding Also

• Facebook, MySpace, etc.

• Disaster Recovery Planning is in Full Swing

• Driven by executive review of 9-1-1 and Y2K effects

• The Size of Data Centers is Exploding

• Going from hundreds of clients to 10’s of thousands

• Explosion in size requirements

• Explosion in complexity requirements

• Explosion in reliability requirements


Challenge – Data Center Technical Perspective

• I Need to Connect Ten’s of Thousands of Clients

• Thousands of Top of Rack servers

• Hundreds of End or Row servers

• Huge Core Switches

• OpEx is Increasing Dramatically• Managing/provisioning all these switches is nearly

impossible

• Constant bug fixes and S/W upgrades on thousands of

devices - nightmare

• Capital Costs are Killing Us• Hardware is expensive, compared to generic “silicon”

• Manufacturers are bleeding us on dry support


Challenge – Data Center Business Perspective

• Data Centers Provide

• Compute on Demand – processing power from multiple virtual machines

• Storage on Demand – disk space from multiple physical disk elements

• Application on Demand – cloud based applications scaling on demand

• Implementing (or moving) a New Customer/Application

• Compute - configured and turned-up in minutes using the management consoles

• Storage - configured using management GUI’s in minutes

• To connect the new server/application to the network requires:

✓ Discuss IP addresses (and get assignments) with person who manages IP addressing

✓ Discuss available VLAN’s (and get assignments) for switches

✓ Provisioning top of rack (ToR) switch to accept new VLAN

✓ Provision end of row switch to accept new VLAN

✓ Provision other aggregation switches (in primary and backup pathways) to accept VLAN

✓ Provision Router to handle new IP Addresses

✓ Work with security (and customer) to get appropriate ACL’s for router and firewall rules

✓ Connect application to Firewall or other external connectivity

✓ Total Time – days to weeks

• How do we fix the network access provisioning problem?


The Solution…..

• The Realization…

• Regardless of all the hype generated by the manufacturers, an Ethernet

switch is a very simple device/function. It is just a computer that

forwards Ethernet frames from one port to another.

• The Proposal!

• Lets buy commodity “silicon” and run open-source (free) switching

software

• The devices only handle the packet traffic forwarding (data plane)

• Lets run an application on a server that uses a provisioning interface

(API) to control the switches

• Calculations needed to determine where to send the traffic are done by

a centralized server

• The central server (control plane engine) tells the dumb end devices

where to send traffic through the standard API.

• Lets scale by number of devices!


SDN - And It Begins…

• A Couple of major players

• Content Service Providers (CSP’s) – the FANG companies

• Software providers – the big “M”

• Experimented and Found Scale-out of Lower Cost Platforms Worked

• Inexpensive hardware boxes

• Free-ware (open source) operating system

• Simple, customized-to-suit free-ware switching software

• Broke the Embargo of Major Manufacturers

• Proved that simple applications didn’t need the commercial one-size-fits-all

dedicated (purpose-built) hardware designs to get good scale and throughput

• Since they controlled the O/S now, the users controlled the upgrade cycle, and

controlled the introduction of wanted (and unwanted) functions

• Eliminated the “upgrade to fix a bug”, then need an “upgrade to the hardware” to

support the new O/S vicious cycle!


Basic SDN Network – Gen 1

• We’ve Broken the Manufacturer’s Grip on Hardware Platforms

• Lower costs

• Manageable upgrade/feature cycle

• User control instead of vendor

• We’ve Opened the Platform up to Control by Higher Level Applications

• Separated the Control Plane (intelligence) from the data plane (data movement level). OpenFlow enables remote management of Ethernet flows

• We’ve Created Additional Options for the Business Model

• If I can manage switches, can I manage other devices the same way – routers, firewalls, load-balancers, packet filters, etc.

• What other functions can we virtualize in order to support “mass customization” – customized service per customer


Data Centers Continue to Push the Limits

• Can I break out more than just the Ethernet switch

computing tasks?

• Can I build more software applications to handle

network route calculations, failover, business

workflow, etc.?

• Can I standardize this architecture so that I can

use multiple equipment vendors seamlessly?

• We are already expert with VMWare type of virtual

machine environments, can we host more than

customer applications?

• Already providing “Compute” (so we have cycles to sell)

• Already providing “Storage”

• What Other “Apps” can we sell?

Birth of NFV


Let’s REALLY Virtualize Network Components

• Data Centers Have Major Virtualization (VMWare) Environments

• Can we extend our “Compute” virtualization to other applications

• We’ll Always Need a Physical Connection

• Network of Ethernet switches that are SDN (NetFlow) managed

• But Once the Client Signal is on our Network, it Can Traverse “Virtual” Devices

• Each traffic flow can be directed through a personal switch/router configured for its traffic only

• The private elements are “spun up” on a virtual machines

• Additional components can be added to this virtual machine programmatically

• Load Balancer, Firewall, Packet Filters, Angry Birds, etc.

• Traffic can also be “chained” from one virtual server to another

• Features can be dynamically added

• The entire customer flow (pipeline of traffic) is managed through virtual machines!

Cloud Services and InternetVMWare (virtual machines)

Apps customized per traffic flowPhysical Access Network

Mesh of dumb Ethernet switches

Applications and Controller Software


Marketplace Has Settled On 3 Use Cases

• SD-WAN

• Software designed WAN

• Network is assumed to provide connectivity

• Edge devices are connected, and automatically connected to the correct VPN

• Extends the range of connectivity to multiple networks, off-net locations, etc.

• NFV (Network Functions Virtualization)

• Replace physical devices with apps running in VM’s

• Allows for rapid introduction of new services – just load some software

• Allows for scale-as-needed.

• Day 1: 1 customer:1VM

• Day 100: 50 sites: 50 VM’s

• Pay per license

• SDN (Software Defined Networking, Automation and Control)

• Network management system on steroids

• Programmatic control over elements across multiple layers

• Separates “control plane” from “data plane” increasing reliability and scalability


VSNI Layer

SDN Stack

11

Multi-Domain Orchestrator

Overlay

SD-WAN

Underlay

NMS &Carrier SDN

Virtualization

NFV/NFVO

Creates L3 VPN’s

Over Private, Public,

and Cloud Networks

Programmatically

Manages and

Provisions Network

Elements

Manages Virtual

Devices

VS

NI H

ard

wa

re L

aye

r VS

NI H

ard

wa

re L

aye

r


SD-WAN


SD-WAN Solutions

13

• Software Defined Wide Area Network

• SD-WAN is a software generated network applied to WAN connections to allow

devices to securely communicate

• Creates a (use-defined) mesh network using specialized Layer 3 VPN’s and WAN

optimization technologies

• Can be utilized as or with an existing transport network (MPLS, CE, etc)


SD-WAN Example

• Doug’s Utility….

• 20 Locations (Control Centers, Substations)

• 15 on-net

• Needs LAN connectivity

• Traditional Method

• 15 locations on-net we can provision quickly

• 5 off-net

• we can reach 2 through commercial provider (leased circuits)

• Remaining 3 we need to build to (long time, high cost)

• SD-WAN

• We can deliver CPE’s to the 15 on-net sites and have them connected tomorrow

• The remaining 5 locations – our choice for connectivity…..

• We can utilize the alternate provider

• We can utilize any existing internet connection

• We can bond multiple “low reliability” connections into a single H/A connection

• And we can do it for less costs than the traditional methods…..


SD-WAN Use (Operations)

• Provision a Shared Bandwidth Pool (network) across your infrastructure

• You’re creating the “cloud”

• Deliver End-points to Locations

• Pre-provisioned

• The Central Server Recognizes End-points when they Connect

• IP level connectivity is all that is required

• End devices “phone-home”

• Server provisions secure tunnels across the network to connect that location to others in the desired

customer WAN topology

• Turning Up a WAN (VPN)…

• Some provisioning for the Customer WAN on the SD-WAN server

• Delivery of the CPE devices

• NO MORE PROVISIONING OF CUSTOMER CIRCUITS ON THE NETWORK


SD-WAN Partners

• VeloCloud

• Full turn key solution including Network Gateway Devices

• Cloud based gateway for control plane management

• Multitenant architecture


SD-WAN Partners

• Silver Peak

• Multitenant Hybrid physical / virtual SD-WAN

• Enterprise class features including multi-WAN aggregation

• Built-in WAN Optimization engine


SD-WAN Partners

• Nokia Nuage Networks VNS

• Full virtual network overlay that works with any Hypervisor

• Software capable of most L2 through L4 functions

©2018 LightRiver Technologies Inc. - Confidential 19

NFV

Network Function Virtualization


VSNI Layer

SDN Stack

20


Overlay

SD-WAN

Underlay

NMS &Carrier SDN

Virtualization

NFV/NFVO

Creates L3 VPN’s

Over Private, Public,

and Cloud Networks

Programmatically

Manages and

Provisions Network

Elements

Manages Virtual

Devices

VS

NI H

ard

wa

re L

aye

r VS

NI H

ard

wa

re L

aye

r


Several “Models” for NFV (Locations for the Cloud)

• Virtualize “Inside the House” -- Private Cloud

• Instead of buying routers, firewalls, etc., run them in Virtual Machines (VM’s)

• Better scalability, better reliability, better space and power usage, lower costs

• Business model is proven – improves TCO

• Allows for more rapid rollout of services (adding a new service)

• A new service only requires investment in a new VNF (virtual network function)

• Can be added easily to the existing Virtual Infrastructure

• Virtualize “At the Customer Prem” -- uCPE

• Provide a device that can host multiple applications

• Firewall and Encryption are two obvious applications

• Deep packet inspection, Load balancing, and others are coming on line

• With a “Smart” customer premise device, you can choose where to run applications

• Public Cloud

• AWS, Azure, etc.


NFV: Network Function Virtualization

• Strategic Partnerships

• Product focus on complementing existing markets

• Routers, FireWalls/Security, Encryption, WAN Optimization

• One Stop Shop - Provide VNF software and licenses from technology

partners

• System Integration

• VNF Templating

• NFVO

• Design, installation, and commissioning of NFV Orchestration solutions

• Operationalization of Solutions

• Robust Virtualization Solutions

• Highly available x86 architectures

• Geographically redundant deployments


VNF Partners

• VNF Partner List

• Product Portfolio

• *Denotes pending partnership


UtilityControl center

VNF’s

NFV Configuration Example

24

Transport Network

vCPE Corporate

Network

uCPE Substation

Network

Orchestrator

VNF’s

VNF’s

AWS

VNF’s


uCPE

• Universal CPE

• Multiport Switch with built in x86 Computer node

• Full VNF Support: Runs all common Virtual Network Functions

• Router

• Firewall

• SD-WAN

• Encryption

• Multi-Vendor

• ADVA FSP 150 Series (ProVMi, ProVMe)

• Ciena 3906mvi, 3926m

• Cisco ENCS 5000 Series

• Juniper NFX 150/250 Series

• Onboarding of new vendor: ~30 days

25


uCPE Cont.

• Benefits

• Any customer considering Virtual Network Functions (VNF’s)

• Reduce footprint / cost, increased reliability

• Consolidate multiple boxes into a single 1U Chassis

• Limit truck rolls; single device

• Have an existing packet based network; want to add x86 capabilities without losing

standard Ethernet aggregation / carrier ethernet

• Operationalization

• Training on the virtual “stack”

• Port Layer

• Hypervisor

• Virtual Layer

• Custom NOC, Provisioning, Deployment focused trainings

26


uCPE / Templating Cont.

• Templating

• LightRiver provided turn-key service

• FBN Philosophy

• Deliver a uCPE device with customer approved images of any supported VNF

• Flat pricing per VNF for supported VNF’s; Onboarding of new VNF is fee based

• Drop ship options

27


Easier/Cheaper Adoption of New Services

• Addition of Features / Applications is Easier

• No addition of boxes that can fail or that need to be integrated

• Applications can be tested and added virtually, as desired

• Entire networks can be simulated in order to test behavior, scalability,

resilience

• Licenses can be purchased as needed (pay as you grow)

• Training

• Users can train / work on virtual versions of new devices to learn

provisioning and troubleshooting.

• Entire networks can be simulated for training purposes

• Common Infrastructure Removes Many Interop Issues

• The VM environment, moving data from one VM to another, does not

have any of the issues that can arise when connecting one network

element to another (through physical ports)


Increase In Reliability

• Moving to a Virtualized Environment

• Less function specific hardware to fail

• Easy to spin up another virtual machine (seconds) if one fails for some reason

• Virtual Environment can be made very highly-available

• Eliminates the Hardware / Software Upgrade Cycle

• To scale to higher performance means change the virtual environment, not the actual network elements.

• Eliminates the need to swap out cards/elements/etc.

• Addition of More Virtual “Devices” Does Not Increase Failure Points

• Devices are virtual, and don’t have all the intrinsic inter-connect points of failure

• Virtual devices do not add the to quantity of hardware elements that can fail

• Virtualization Allows for More Modular Functionality

• Separation of control and data plane, means that new features can be rolled out in a controlled fashion, with much less possible impact

• Control plane changes can be rolled out and tested in seconds

• Software upgrades can be tested in seconds, rolled back in seconds..


Centralized Security

• Virtual infrastructure promotes consistency of

provisioning (and security posture) across virtual

devices.

• Allows for rapid response/correction of zero-day

attacks

• Allows for simplifications of each layer (data

plane, etc.) providing less room for attack vectors

• Modular components, reduction # of possible

exposures

• Allows for easy deployment of flexible

encryption layer components


VSNI

“Virtual Servers and Network Infrastructure”


VSNI: Virtual Server & Network Infrastructure• Defined

• The physical server, network, and storage infrastructure to support

datacenter, central office, or CPE deployments

• LightRiver’s Approach

• System Integration Role

• Sizing requirements and site considerations

• Design, furnish, install, and commission virtual infrastructure

• Migrate existing applications

• Provide training and support on virtual infrastructure

• Example Network Applications

• Network Management Systems (NMS)

• Windows and Linux servers

• Appliance based applications

• Standalone VNF’s

32


Supported VSNI Products

33

• Hypervisor Support

• VMWare

• ESXi

• vSphere vCenter

• Enterprise licensing for dynamic load balancing

• Linux KVM

• RedHat / CentOS

• Ubuntu LTS

• Hardware Partners

• Dell

• 1-4 Socket servers

• EqualLogic & EMC SAN solutions

• HP

• 1-4 Socket Servers

• LeftHand SAN


VSNI Hardware Examples

34

Primary Server

SAN

Secondary Server

Primary Switch

Secondary Switch

Datacenter / CO

High Availability

• Robust Infrastructure

to support Virtual

server and VNF

deployments

• For high capacity or

high bandwidth

demands

• 10+ VM Server

• 20+ VNF’s

• 40+ Gb

Aggregation or

Large vCPE Edge CPE

• Virtual Aggregation

device for VNF

deployment and

service chaining

• Muti-tenant / Multi-

domain

• For medium capacity

and bandwidth

requirements

• 8+ VNF’s

• Up to 20 Gb

• Dedicated low cost

CPE with x86

capability

• For customer premise

bandwidth needs

• 2 VNF’s

• Up to 4 Gb


Hardened Servers

• Dell EMC PowerEdge XR2

• Extremely powerful Skylake-X CPU, up to 512GB RAM

• -15 to +55C

• 20” short depth with 40G Shock rating up to 15k Altitude

• MIL-STD-810G, MIL-STD-461G (Military) and DNV GL, IEC60945

(Marine) compliant

35


Hardened Servers Cont.

• SEL-3355

• Low Power i7, up to 16GB RAM

• Fanless / No moving parts

• -40 to +75C

• IEC 61850-3:2013, IEEE 1613-2009 Severity Level: Class 1, IEC 61000-6-

2:2005, IEC 61000-6-4:2006

36


SDN

Software Defined Networking


Quick Definitions

• SDN: Software Defined Networking

• A programmable software interface that manipulates networks, devices, elements

or protocols.

• Conceptually: any software that provides control of physical or virtual network

devices

• Started years ago when Router vendors separated control plane from

forwarding plane

• Real (server-based) software took hold in the data-center evolution

• Now, we’re looking at programmatic control of network elements

• Taking vendors quite a while to provide programmatic accessible interfaces for control

• Still limited “standardization” of API’s….

• Service creation automation with extended constraints (Intent Based Networking)

• Continuous monitoring and automated remediation

• End-user control of customer network domain

38


• R&D

• LightRiver has invested the last 4+ years in research,

development, and lab trials with numerous SDN

technologies and vendor’s products in order to find the

“best of breed” technologies in the SDN space.

• Focus

• Provide SDN technologies that augment client network

operations

• Stay in the Network Transport space

• Full turn-key system integrator

• Provide customer with SDN expertise, consulting,

and design resources

• Partner with leading SDN vendors

• Certified individuals on staff

LightRiver and SDN

39


LightRiver and SDN

• State of the Market

• 2014-2016

• SDN technologies needed definition and focus

• Vendors popping up every month; weed out the

“science projects”

• Hardware was needed to match the software

• 2017 – Shipped and installed production ready

products and applications

• 2018 – “Virtualization and Miniaturization of the

Network”

• LightRiver SDN Technology Portfolio

• Network Management Systems (NMS)

• Software Defined-WAN (SD-WAN)

• Virtual Server and Network Infrastructure (VSNI)

• Network Function Virtualization (NFV)

• Universal Customer Premise Devices (uCPE)

40


High Level Architecture - components


SDN Orchestrator NFV Orchestrator

Overlay Underlay NFV

VM’sNetwork Elements

VPN’s

VM Controller(Open Stack)

O/S Hypervisor(VMWare, KVM)

Controller or NMS(ONOS, etc.)

Element Translators(OpenFlow, NetConf)

VPN Orchestrator

VPN Mgr

vCPE Devices(routers)

©2018 LightRiver Technologies Inc. - Confidential Proprietary and Confidential

SDN / NFV Architecture – 2018

Physical / Virtual Assets - Data Plane

Controllers - Control Plane

Orchestration - Management Plane

Business Applications

Route Calculation

Restoration Manager

REST interfaces Native Northbound API’s

Workflow Manager

Orchestrator

Open Flow Based Network Controller

NetConf Based Provisioning Module

YANG Based Network Topology Modeler

AAA Support

Customer Self-ServiceAutomated Service

Turn-upBandwidth on

Demand

Network Configuration Mgmt

Network Fault MgmtService Turn-up /

ProvisioningService Billing

Business Rules Manager DB

OpenFlow X-lator

NetConf X-lator

Other X-lator

Router Switch Optical Firewall

Virtua Server and Storage Controller

Virtual

Machines

Virtual

Storage

OpenStack

NFV-O


LightRiver Partners• LightRiver has performed in-house testing of products from a multitude of

vendors. As part of this process, we’ve developed partnerships with the

partners listed below.*

• We’re helping customers put together SOLUTIONS!

44

* Other partnerships pending


Questions?


Example Products


Nokia Nuage

Silver Peak

Viptela / Velocloud / Versa

Nokia-NSP

BluePlanet MCP

Cisco Evolved Service Platform

Nokia CloudBand

BluePlanet NFV-O

ADVA Ensemble

Overlay Underlay NFV

VM’sNetwork Elements

VPN’s


Data Center Access Networks

• Clos Network

• Bell Labs designed in the 1950’s to support high capacity, non-blocking, voice switching

• Resurrected in Order to Support Scale-out to Thousands of Ports

• Software developed to support this infrastructure

• TRILL (Transparent interconnection of Lots of Links)

• Juniper Q-fabric, Cisco Fabric-path, Brocade Virtual Cluster Switching, Arista Spline/leaf

• “OpenFlow” Created

• Standards-based API to “provision” the data flows across these large, but simple, networks


SD-WAN Solutions

48

• Business Drivers

• Flexibility - Customers are demanding more flexible cloud-based WAN technologies, rather

than installing proprietary or specialized hardware

• Cost Savings - Has the advantage of removing expensive routing hardware by provisioning

connectivity and services via BYO Internet

• Reliability – Utilize multiple WAN connections to increase uptime and availability of services

• Footprint - Customers are able to scale their network without the typical physical construction

costs to run fiber

• LightRiver's Approach

• System integrator role

• Multi-vendor best-of-breed technology approach

• SD-WAN and NFV Orchestration interop testing / POC


NMS System Integration

• LightRiver has provided full turn-key installation, training,

and operationalization assistance on numerous NMS

products over the last 15 years

• Full Turn-Key Solutions:

• Ciena OneControl / Blue Planet MCP

• Nokia 5620 SAM

• LightRiver Software netFLEX

• Basic Installation and Node Discovery

• Infinera DNA/DNA-M

• Fujitsu NetSmart 1500

• ADVA FSP Network Manager

• Cisco EPNM

50

sdn / nfv / sdwan/ aeiou and a variety of other three ... technologies.pdfnms & carrier sdn...

Documents