Value-Added Services and Service Chaining: Deployment Considerations and Challenges
|
|
- Eleanor Freeman
- 7 years ago
- Views:
Transcription
1 Value-Added Services and Service Chaining: Deployment Considerations and Challenges An Industry Whitepaper Contents Executive Summary... 1 Introduction to Value-Added Services and Service Chaining... 2 Deployment Architecture Alternatives... 2 Considerations for Service Chain Enablement... 4 Topological Dependencies... 4 Configuration Complexity... 4 Constrained High Availability... 5 Consistent Ordering of Service Functions... 5 Application of Service Policy... 6 Transport Dependence... 6 Elastic Service Delivery... 6 Traffic Selection Criteria... 7 Limited End-to-End Service Visibility... 7 Per-Service (re)classification... 8 Symmetric Traffic Flows... 8 Multi-Vendor Service Functions... 8 Conclusion... 9 Requirements for Service Chain Enablement. 9 Additional Resources Executive Summary In telecommunications, value-added services (VAS) come in many forms, including consumer and enterprise, and those that generate incremental revenue and those that do not. To deploy a single VAS, there are two practical options available to a CSP: integration and redirection. A topic closely related to VAS is service chaining (i.e., service function chaining), a technique for selecting and steering data traffic flows through various service functions that is being investigated and developed by the Internet Engineering Task Force (IETF) Network Working Group. In order to realize the full promise and potential of VAS and service chaining, the IETF has identified a number of challenges that a VAS deployment approach must overcome. These challenges, or problem areas, provide a framework by which potential enablement solutions can be evaluated and compared. An integrated approach is viable if a CSP has a firm understanding of precisely what service functions they want to deploy, if the list of service functions is very small and unlikely to change, and if the integrated service functions are of acceptable quality as to fulfill the requirements. However, the redirection-based enablement is the superior option overall: when done correctly, redirection can overcome all of the challenges identified by the IETF. Most importantly, redirection preserves choice and flexibility the CSP is free to choose any vendor for any service function, and can introduce or remove service functions as needs change over time. Version 2.0
2 Introduction to Value-Added Services and Service Chaining A value-added service (VAS) is a service that is not a core requirement. In telecommunications, VAS come in many forms, including consumer and enterprise, and those that generate incremental revenue and those that do not. A single service might fall into multiple categories: for instance, a parental control function might be available for an incremental subscription fee at one communications service provider (CSP), but might be included as a market differentiator at another CSP. Alternatively, it might cost extra to subscribers in a basic service tier, but be included for those in a higher tier. There are also services that a CSP might have to implement due to regulatory requirement (e.g., URL filtering with the Internet Watch Foundation); functionally, these can be considered equivalent to VAS. A topic closely related to VAS is service chaining (i.e., service function chaining), a technique for selecting and steering data traffic flows through various service functions that is being investigated and developed by the Internet Engineering Task Force (IETF) Network Working Group. A service function need not necessarily be a value-added service, but it certainly can be, and the general challenges associated with service chaining apply to enabling value-added services. In order to realize the full promise and potential of VAS and service chaining, there are a number of challenges that must be overcome, some of which are described in the work-in-progress Internet-Draft document Network Service Chaining Problem Statement 1. To keep things as simple as possible, this whitepaper uses the same definitions found in the Network Service Chaining Problem Statement Internet-Draft: Service Function: A function that is responsible for specific treatment of received packets. A service function can act at the network layer or other OSI layers. A service function can be a virtual instance or be embedded in a physical network element. One of multiple service functions can be embedded in the same network element. Multiple instances of the service function can be enabled in the same administrative domain. A non-exhaustive list of service functions includes: firewalls, WAN and application acceleration, Deep Packet Inspection (DPI), server load balancers, NAT44 [RFC3022], NAT64 [RFC6146], HOST_ID injection [RFC6967], HTTP Header Enrichment functions, TCP optimizer, etc. The generic term "L4-L7 services" is often used to describe many service functions. Service Function Chain (SFC): A service function chain defines an ordered set of service functions that must be applied to packets and/or layer-2 frames selected as a result of classification. The implied order may not be a linear progression as nodes may copy to more than one branch. The term service chain is often used as shorthand for service function chain. Service Function Path (SFP): The instantiation of a service function chain in the network. Packets follow a service function path from a classifier through the required instances of service functions in the network. Service Node (SN): Physical or virtual element that hosts one or more service functions. Deployment Architecture Alternatives To deploy a single VAS, there are three main options available to a CSP: redirection (Figure 1), integration (Figure 2), and dedicated inline (Figure 3). 1 Which can be found here: 2
3 Figure 1 - Redirection: the VAS deployments (service functions) are separate from the data path, and a data path component (e.g., PCEF) redirects traffic Figure 2 - Integration: the service functions are integrated within an element already in the data path, and redirection is local Figure 3 - Inline: the service functions are all deployed in the data path; this deployment is not a practical option The inline model can be immediately disregarded for at least two reasons: the added complexity and risk of having many inline devices, and the strict/fixed order in which traffic passes through the service functions. Practically, then, there are only two approaches that merit exploration: integration and redirection. 3
4 Considerations for Service Chain Enablement The IETF has identified 12 Problem Areas that represent the primary challenges related to service chaining. The italicized text in the subsections below is reproduced from the IETF problem statement draft; the remainder explains the implications for operators when they are choosing how to deploy value-added service chains. Topological Dependencies Network service deployments are often coupled to network topology, whether it be real or virtualized, or a hybrid of the two. Such dependency imposes constraints on the service delivery, potentially inhibiting the network operator from optimally utilizing service resources, and reduces the flexibility. This limits scale, capacity, and redundancy across network resources. These topologies serve only to "insert" the service function (i.e., ensure that traffic traverses a service function); they are not required from a native packet delivery perspective. For example, firewalls often require an "in" and "out" layer-2 segment and adding a new firewall requires changing the topology (i.e., adding new layer-2 segments). As more service functions are required - often with strict ordering - topology changes are needed before and after each service function resulting in complex network changes and device configuration. In such topologies, all traffic, whether a service function needs to be applied or not, often passes through the same strict order. The topological coupling limits placement and selection of service functions: service functions are "fixed" in place by topology and therefore placement and service function selection taking into account network topology information is not viable. Furthermore, altering the services traversed, or their order, based on flow direction is not possible. A common example is web servers using a server load balancer as the default gateway. When the web service responds to non-load balanced traffic (e.g., administrative or backup operations) all traffic from the server must traverse the load balancer forcing network administrators to create complex routing schemes or create additional interfaces to provide an alternate topology. The key takeaway from this problem area is that to reduce complexity of introducing new service functions, and to maintain flexibility (e.g., to support real or virtualized functions, to support varied placement and selection of service functions), the enabling deployment must abstract the service function from the physical network topology. The redirection model can achieve this requirement, while the integrated solution fails - only those service functions that can be integrated are supported, so there is a dependency that extends far beyond topology and ultimately limits placement, selection, and format (e.g., physical or virtual) of available service functions. Configuration Complexity A direct consequence of topological dependencies is the complexity of the entire configuration, specifically in deploying service function chains. Simple actions such as changing the order of the service functions in a service function chain require changes to 4
5 the topology. Changes to the topology are avoided by the network operator once installed, configured and deployed in production environments fearing misconfiguration and downtime. All of this leads to very static service delivery deployments. Furthermore, the speed at which these topological changes can be made is not rapid or dynamic enough as it often requires manual intervention, or use of slow provisioning systems. It is imperative that the enablement solution must maintain flexibility, ease of configuration, and ease of reordering of service functions. Again, a redirection-based deployment can theoretically fulfill these requirements (e.g., by abstracting the service function from the physical network topology and providing a simple means of adding, removing, and changing the order of service functions), while an integrated solution fails due to the restrictive nature of the implementation. Constrained High Availability An effect of topological dependency is constrained service function high availability. Worse, when modified, inadvertent non-high availability or downtime can result. Since traffic reaches many service functions based on network topology, alternate, or redundant service functions must be placed in the same topology as the primary service. Ideally, how a CSP chooses to deploy service functions should not impact the availability of those functions; that is, the service functions should be highly available regardless of the enablement mechanism. In reality though, this is not the case; both models introduce risk. The redirection-based deployment has the benefit of decoupling the availability of each service function from the others: every service function is available, or not, based on its own merits. However, all are dependent upon the redirection mechanism working correctly. Should that mechanism go down, then the entire service chain becomes unavailable. Therefore, the redirection platform itself must have a reliable means of achieving high availability. Provided integrated service functions are decoupled from each other within the integrated platform, then the availability issues are of practical equivalence to the redirection model. In either scenario, there should be a health-check mechanism to detect if/when a service function is no longer available and to omit that service function from the service chain. Consistent Ordering of Service Functions Service functions are typically independent; service function_1 (SF1)...service function_n (SFn) are unrelated and there is no notion at the service layer that SF1 occurs before SF2. However, to an administrator many service functions have a strict ordering that must be in place, yet the administrator has no consistent way to impose and verify the ordering of the service functions that are used to deliver a given service. Service function chains today are most typically built through manual configuration processes. These are slow and error prone. With the advent of newer service deployment models the control and policy planes provide not only connectivity state, but will also be increasingly utilized for the creation of network services. Such control/management planes could be centralized, or be distributed. Essentially, the solution must allow the CSP to define and control a specific and consistent (subject to conscious decisions to change) ordering of service functions within the chain. 5
6 Both deployment architectures should be able to provide an interface through which the CSP can modify the order in which service functions are applied, and through which the operator can verify the ordering after the fact. Application of Service Policy Service functions rely on topology information such as VLANs or packet (re)classification to determine service policy selection, i.e. the service function specific action taken. Topology information is increasingly less viable due to scaling, tenancy, and complexity reasons. The topological information is often stale, providing the operator with inaccurate placement that can result in suboptimal resource utilization. Per-service function packet classification is inefficient and prone to errors, duplicating functionality across service functions. Furthermore packet classification is often too coarse, lacking the ability to determine class of traffic with enough detail. This problem area essentially translates to a requirement that there be an effective global (rather than at each service function) means of determining what packets should go to what service functions. In theory, there should be no variation between the integrated approach and the redirection-based approach. Transport Dependence Service functions can and will be deployed in networks with a range of transports, including under and overlays. The coupling of service functions to topology requires service functions to support many transport encapsulations or for a transport gateway function to be present. This problem area imposes a number of requirements upon the enablement mechanism: It must be completely agnostic of the access technology, or combination of access technologies, within the network It must be able to apply redirection to traffic that is tunneled It must be able to apply redirection to traffic that is encapsulated To support these last two requirements, the enablement platform must therefore be able to remove and reapply the headers. In theory, there is no reason why the redirection-based architecture and the integrated architecture should perform differently; however, in practice the CSP must ask pointed questions to ensure fulfillment of these requirements. Elastic Service Delivery Given that the current state of the art for adding/removing service functions largely centers around VLANs and routing changes, rapid changes to the service deployment can be hard to realize due to the risk and complexity of such changes. In theory, this problem area substantially favors enablement via redirection. The redirection model enables rapid changes to the service chain (e.g., by safely adding or removing service functions outside of the data path and then simply changing the configuration on the redirection platform) and also provides a significant degree of elastic service delivery (since each service function can be scaled independently of the others). 6
7 With an integrated design, processing consumed by one service function automatically makes that processing capacity unavailable to other service functions. Traffic Selection Criteria Traffic selection is coarse, that is, all traffic on a particular segment traverse service functions whether the traffic requires service enforcement or not. This lack of traffic selection is largely due to the topological nature of service deployment since the forwarding topology dictates how (and what) data traverses service function(s). In some deployments, more granular traffic selection is achieved using policy routing or access control filtering. This results in operationally complex configurations and is still relatively inflexible. This problem area presupposes that there is no means of efficiently and effectively determining what traffic should go to what service functions, but this is not the case. What is true, however, is that the degrees of efficiency and effectiveness vary greatly. It is very important to note that even with integrated solutions, the VAS component typically resides on a separate blade or processing group; as a result, the platform must still redirect traffic to these processors, even though the redirection is at a process-level or internal to a larger chassis. In the theoretical best case, only traffic that meets criteria specific to a service function gets sent to that service function. Such criteria might include traffic pertaining to a particular subscriber, subscriber segment, device, application, protocol, CDN, delivery route, video resolution, video provider, etc. Regardless of the means of implementing the service chain - whether via an integrated solution or through redirection - there is a general requirement to send only pertinent traffic to a particular service function. CSPs, then, need to inquire as to how a particular vendor determines what traffic gets sent to what service function, as efficiency varies enormously from vendor to vendor. For instance, on one end of the spectrum are inefficient and rudimentary port-based redirections that simply forward all traffic on a particular port (e.g., Port 80 for HTTP) to the service functions. At the other end of the spectrum are highly efficient truly intelligent redirection systems that consider application, subscriber identity and entitlement, and other relevant factors (e.g., video provider, video resolution, video container, etc.); these intelligent systems are often protected by patents. Somewhere in the middle are systems that apply some level of heuristic guessing to be more precise than the port-based systems without getting near the efficiency of, or infringing on the patents of, the advanced systems. Limited End-to-End Service Visibility Troubleshooting service related issues is a complex process that involves both networkspecific and service-specific expertise. This is especially the case when service function chains span multiple DCs, or across administrative boundaries. Furthermore, the physical and virtual environments (network and service), can be highly divergent in terms of topology and that topological variance adds to these challenges. Whether enabled through redirection or integration, it is imperative that the platform provide visibility into service function availability and performance. In theory, the integrated approach has an advantage in this regard, as it should be able to provide complete visibility into all service functions 7
8 through a single interface 2. In the redirection model, the redirection platform would be able to provide visibility into redirection metrics and anything that can be extracted via API from the other service functions, but it is likely that the service functions themselves would have dedicated troubleshooting and diagnostic interfaces. Per-Service (re)classification Classification occurs at each service function independent from previously applied service functions. More importantly, the classification functionality often differs per service function and service functions may not leverage the results from other service functions. This problem area presupposes that the service chain is not configured in an end-to-end manner, but there is no reason why this cannot be the case (regardless of whether the service functions are integrated or enabled via redirection). Symmetric Traffic Flows Service function chains may be unidirectional or bidirectional depending on the state requirements of the service functions. In a unidirectional chain traffic is passed through a set of service functions in one forwarding direction only. Bidirectional chains require traffic to be passed through a set of service functions in both forwarding directions. Many common service functions such as DPI and firewall often require bidirectional chaining in order to ensure flow state is consistent. Existing service deployment models provide a static approach to realizing forward and reverse service function chain association most often requiring complex configuration of each network device throughout the SFC. Provided that the enablement platform (whether integrated or redirection-based) can resolve network asymmetry, then the service functions themselves will not be exposed to asymmetric traffic and the problems that it poses 3. Multi-Vendor Service Functions Deploying service functions from multiple vendors often require per-vendor expertise: insertion models differ, there are limited common attributes and inter-vendor service functions do not share information. Perhaps more than any other problem area, this one strongly favors the redirection-based architecture. With an integrated approach, the CSP can only choose from those service functions that are already integrated (or could be integrated via additional effort). Practically, this restriction prevents the CSP from choosing between a range of best-of-breed options to select the optimal choice. Redirection preserves the CSP s ability to choose service functions from any vendor, provided they can interoperate with the redirection platform. In practice, interoperation necessitates meeting some fairly low requirements (although CSPs should be mindful that this does vary). 2 This might not necessarily be the case, however: if the integrated solutions have been acquired (as opposed to built), then there might well still be multiple management interfaces. 3 A comprehensive explanation of routing asymmetry and its implications for network policy control is available in the Sandvine whitepaper Applying Network Policy Control to Asymmetric Traffic: Considerations and Solutions 8
9 Conclusion In order to realize the full promise and potential of VAS and service chaining, there are a number of challenges that must be overcome many of these are included in the Network Service Chaining Problem Statement, from the IETF. Practically, there are two approaches that can be used to implement service function chains: Integration: the service functions are integrated within an element already in the data path, and redirection is local Redirection: the VAS deployments (service functions) are separate from the data path, and a data path component (e.g., PCEF) redirects traffic Using the problem areas outlined in the IETF document as a guide, it is apparent that both approaches are promising. An integrated approach is viable if a CSP has a firm understanding of precisely what service functions they want to deploy, if the list of service functions is very small and unlikely to change, and if the integrated service functions are of acceptable quality as to fulfill the requirements. However, the redirection-based enablement is the superior option overall: when done correctly, redirection can overcome all of the challenges identified in the IETF problem statement. Most importantly, redirection preserves choice and flexibility the CSP is free to choose any vendor for any service function, and can introduce or remove service functions as needs change over time. In order to make educated choice about VAS and service chain enablement, CSPs must ask pointed questions of their potential platform vendors. Requirements for Service Chain Enablement The table below summarizes the high-level requirements that emerge from each IETF problem area. Consideration Topological Dependencies Configuration Complexity Constrained High Availability Consistent Ordering of Service Functions Application of Service Policy Transport Dependence Requirement VAS-enablement platform should abstract the service functions from the physical network topology VAS-enablement platform must maintain flexibility, ease of configuration, and ease of reordering service functions Service functions should be highly available regardless of the VASenablement mechanism; said alternatively, the VAS-enablement should be decoupled from the availability of the service functions VAS-enablement platform must be highly available VAS-enablement platform should have a health-check mechanism to detect availability and health of service functions VAS-enablement platform must allow the CSP to define and control a specific and consistent ordering of service functions within the service function chain VAS-enablement platform must provide an effective global (rather than at each service function) means of determining what packets should go to what service functions. VAS-enablement platform must function completely agnostic of the network s access technologies VAS-enablement platform must be able to redirect traffic that is tunneled, with header removal and reapplication VAS-enablement platform must be able to redirect traffic that is 9
10 Elastic Service Delivery Traffic Selection Criteria Limited End-to-End Service Visibility Per-Service (re)classification Symmetric Traffic Flows Multi-Vendor Service Functions encapsulated, with header removal and reapplication VAS-enablement platform must accommodate rapid changes to the service chain VAS-enablement platform must provide an efficient means of redirecting only relevant traffic to each service function; practically, this means that the redirection should be based on a combination of application, protocol, provider, subscriber, and other factors relevant to the service function VAS-enablement platform must provide visibility into service function availability and performance VAS-enablement platform should provide end-to-end configuration of the service chain, to avoid the need for per-service (re)classification VAS-enablement platform must be able to provide redirection for all appropriate traffic when intersecting asymmetric traffic routes VAS-enablement platform must not restrict the CSP s choice of service function vendors Additional Resources In addition to the resources cited in the footnotes throughout this document, please consider reading the Sandvine technology showcase Enabling Service Function Chains and Value-Added Services with Sandvine Divert, available on 10
Enabling Service Function Chains and Value- Added Services with Sandvine Divert
Value- Added Services with Sandvine Divert A Sandvine Technology Showcase Contents Executive Summary... 1 Introduction to Value-Added Services and Service Chaining... 2 Sandvine Divert... 3 Enabling Service
More informationDynamic Service Chaining for NFV/SDN
Dynamic Service Chaining for NFV/SDN Kishore Inampudi A10 Networks, Inc. Agenda Introduction NFV Reference Architecture NFV Use cases Policy Enforcement in NFV/SDN Challenges in NFV environments Policy
More informationHow To Use The Cisco Wide Area Application Services (Waas) Network Module
Cisco Wide Area Application Services (WAAS) Network Module The Cisco Wide Area Application Services (WAAS) Network Module for the Cisco Integrated Services Routers (ISR) is a powerful WAN optimization
More informationSDN and NFV in the WAN
WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network
More informationEVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE
EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need
More informationThe following normative disclaimer shall be included on the front page of a PoC report:
Annex B (normative): NFV ISG PoC #28 Report The following normative disclaimer shall be included on the front page of a PoC report: Submission of this NFV ISG PoC Report as a contribution to the NFV ISG
More informationPolicy Traffic Switch Clusters: Overcoming Routing Asymmetry and Achieving Scale
: Overcoming Routing Asymmetry and Achieving Scale A Sandvine Technology Showcase Contents Executive Summary... 1 Introduction to Scaling Challenges for Stateful Solutions... 2 Routing Asymmetry... 2 Absolute
More informationBusiness Cases for Brocade Software-Defined Networking Use Cases
Business Cases for Brocade Software-Defined Networking Use Cases Executive Summary Service providers (SP) revenue growth rates have failed to keep pace with their increased traffic growth and related expenses,
More informationAuthors contact info: Paul Quinn paulq@cisco.com Distinguished Engineer Cisco Systems 55 Cambridge Parkway Cambridge, MA 02141.
Authors contact info: Paul Quinn paulq@cisco.com Distinguished Engineer Cisco Systems 55 Cambridge Parkway Cambridge, MA 02141 Tel: 408 527 3560 Jim Guichard jguichar@cisco.com Principal Engineer Cisco
More informationThe Economics of Cisco s nlight Multilayer Control Plane Architecture
The Economics of Cisco s nlight Multilayer Control Plane Architecture Executive Summary Networks are becoming more difficult to plan and optimize because of high traffic growth, volatile traffic patterns,
More informationCCNA R&S: Introduction to Networks. Chapter 5: Ethernet
CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.
More informationService Delivery Automation in IPv6 Networks
Service Delivery Automation in IPv6 Networks C. Jacquenet christian.jacquenet@orange.com Slide 1 Outline Rationale Beyond the SDN hype: a true need for automation Global framework From service negotiation
More informationWeb Browsing Quality of Experience Score
Web Browsing Quality of Experience Score A Sandvine Technology Showcase Contents Executive Summary... 1 Introduction to Web QoE... 2 Sandvine s Web Browsing QoE Metric... 3 Maintaining a Web Page Library...
More informationOverview of Routing between Virtual LANs
Overview of Routing between Virtual LANs This chapter provides an overview of virtual LANs (VLANs). It describes the encapsulation protocols used for routing between VLANs and provides some basic information
More informationConfiguration Management: Best Practices White Paper
Configuration Management: Best Practices White Paper Document ID: 15111 Contents Introduction High Level Process Flow for Configuration Management Create Standards Software Version Control and Management
More informationLeveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
More informationAccurate End-to-End Performance Management Using CA Application Delivery Analysis and Cisco Wide Area Application Services
White Paper Accurate End-to-End Performance Management Using CA Application Delivery Analysis and Cisco Wide Area Application Services What You Will Learn IT departments are increasingly relying on best-in-class
More informationByteMobile Adaptive Traffic Management Product Family
ByteMobile Adaptive Traffic Management Product Family Building Adaptive Traffic Management Solutions ByteMobile Adaptive Traffic Management Solutions allow mobile operators to actively and dynamically
More informationSDN PARTNER INTEGRATION: SANDVINE
SDN PARTNER INTEGRATION: SANDVINE SDN PARTNERSHIPS SSD STRATEGY & MARKETING SERVICE PROVIDER CHALLENGES TIME TO SERVICE PRODUCT EVOLUTION OVER THE TOP THREAT NETWORK TO CLOUD B/OSS AGILITY Lengthy service
More informationOVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight
More informationNetwork-Wide Change Management Visibility with Route Analytics
Network-Wide Change Management Visibility with Route Analytics Executive Summary Change management is a hot topic, and rightly so. Studies routinely report that a significant percentage of application
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Username support to Forward and Reverse Proxy TMG Servers Published: December 2010 Applies to: Winfrasoft X-Username for
More informationCisco and Citrix Solution
Cisco and Citrix Solution Build Application-Centric Data Centers with Application Delivery Controllers 2014 Cisco Citrix. All rights reserved. Page 1 What You Will Learn Cisco Application Centric Infrastructure
More informationFlexible SDN Transport Networks With Optical Circuit Switching
Flexible SDN Transport Networks With Optical Circuit Switching Multi-Layer, Multi-Vendor, Multi-Domain SDN Transport Optimization SDN AT LIGHT SPEED TM 2015 CALIENT Technologies 1 INTRODUCTION The economic
More informationSoftware-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University
Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University Transition to NFV Cost of deploying network functions: Operating expense
More informationCisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments
Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer
More informationNetwork Security Topologies. Chapter 11
Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationWhy Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs
Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs P/N 500205 July 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 1 Integrated VPN/firewall Page 2 placed
More informationA Mock RFI for a SD-WAN
A Mock RFI for a SD-WAN Ashton, Metzler & Associates Background and Intended Use After a long period with little if any fundamental innovation, the WAN is now the focus of considerable innovation. The
More information2015 Spring Technical Forum Proceedings
Virtualizing the Home Network Michael Kloberdans CableLabs Abstract One of the areas of focus in the Cable industry has been a virtualized home network. This paper proposes a road map with an analysis
More informationCertes Networks Layer 4 Encryption. Network Services Impact Test Results
Certes Networks Layer 4 Encryption Network Services Impact Test Results Executive Summary One of the largest service providers in the United States tested Certes Networks Layer 4 payload encryption over
More informationNetwork Functions Virtualization in Home Networks
Network Functions Virtualization in Home Networks Marion Dillon Timothy Winters Abstract The current model of home networking includes relatively low- cost, failure- prone devices, requiring frequent intervention
More informationHow Network Transparency Affects Application Acceleration Deployment
How Network Transparency Affects Application Acceleration Deployment By John Bartlett and Peter Sevcik July 2007 Acceleration deployments should be simple. Vendors have worked hard to make the acceleration
More informationNetwork Design Best Practices for Deploying WLAN Switches
Network Design Best Practices for Deploying WLAN Switches A New Debate As wireless LAN products designed for the enterprise came to market, a debate rapidly developed pitting the advantages of standalone
More informationUnifying the Distributed Enterprise with MPLS Mesh
Unifying the Distributed Enterprise with MPLS Mesh Technical Whitepaper June 2011 Copyright 2011 AireSpring Introduction Today s modern enterprise employs IT technologies that deliver higher value, resiliency,
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationBusiness Case for S/Gi Network Simplification
Business Case for S/Gi Network Simplification Executive Summary Mobile broadband traffic growth is driving large cost increases but revenue is failing to keep pace. Service providers, consequently, are
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationOptimizing Service Levels in Public Cloud Deployments
WHITE PAPER OCTOBER 2014 Optimizing Service Levels in Public Cloud Deployments Keys to Effective Service Management 2 WHITE PAPER: OPTIMIZING SERVICE LEVELS IN PUBLIC CLOUD DEPLOYMENTS ca.com Table of
More informationNetworking for cloud computing
IBM Global Technology Services Thought Leadership White Paper Cloud computingi IBM Global Technology Services Networking for cloud computing Optimize your network to make the most of your cloud 2 Networking
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
More informationEnhancing Cisco Networks with Gigamon // White Paper
Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationCisco and Citrix: Building Application Centric, ADC-enabled Data Centers
Solutions Brief : Building Application Centric, ADC-enabled Data Centers Cisco Application Centric Infrastructure (ACI) integrates Citrix NetScaler Application Delivery Controller (ADC) appliances to reduce
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationService Automation Made Easy
Service Automation Made Easy Networks that know how to customize the network experience for every subscriber Challenge Service providers want to quickly develop and deliver personalized services their
More informationEMC Data Domain Boost and Dynamic Interface Groups
EMC Data Domain Boost and Dynamic Interface Groups Maximize the Efficiency of Multiple Network Interfaces ABSTRACT EMC delivers dynamic interface groups to simplify the use of multiple network interfaces
More informationUsing SDN-OpenFlow for High-level Services
Using SDN-OpenFlow for High-level Services Nabil Damouny Sr. Director, Strategic Marketing Netronome Vice Chair, Marketing Education, ONF ndamouny@netronome.com Open Server Summit, Networking Applications
More informationNetwork Services in the SDN Data Center
Network Services in the SDN Center SDN as a Network Service Enablement Platform Whitepaper SHARE THIS WHITEPAPER Executive Summary While interest about OpenFlow and SDN has increased throughout the tech
More informationWhitepaper Unified Visibility Fabric A New Approach to Visibility
Whitepaper Unified Visibility Fabric A New Approach to Visibility Trends Networks continually change and evolve. Many trends such as virtualization and cloud computing have been ongoing for some time.
More informationHow OpenFlow -Based SDN Transforms Private Cloud. ONF Solution Brief November 27, 2012
How OpenFlow -Based SDN Transforms Private Cloud ONF Solution Brief November 27, 2012 Table of Contents 2 Executive Summary 2 Trends in the Private Cloud 3 Network Limitations and Requirements 4 OpenFlow-Based
More informationTransform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure
White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure
More informationCorporate Network Services of Tomorrow Business-Aware VPNs
Corporate Network Services of Tomorrow Business-Aware VPNs Authors: Daniel Kofman, CTO and Yuri Gittik, CSO Content Content...1 Introduction...2 Serving Business Customers: New VPN Requirements... 2 Evolution
More informationExtreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF
Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF TECHNOLOGY STRATEGY BRIEF Extreme Networks CoreFlow2 Technology Benefits INCREASED VISIBILITY Detailed monitoring of applications, their
More informationIntroduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre
Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future
More informationADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY
ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY One of the largest concerns of organisations is how to implement and introduce advanced security mechanisms to protect
More information1.1.1 Introduction to Cloud Computing
1 CHAPTER 1 INTRODUCTION 1.1 CLOUD COMPUTING 1.1.1 Introduction to Cloud Computing Computing as a service has seen a phenomenal growth in recent years. The primary motivation for this growth has been the
More informationCloud: Bridges, Brokers and Gateways
Integrating the Cloud: Bridges, Brokers, and Gateways Organizations are increasingly adopting a hybrid strategy for cloud computing to realize the benefits without compromising on control. The integration
More informationEBOOK. The Network Comes of Age: Access and Monitoring at the Application Level
EBOOK The Network Comes of Age: Access and Monitoring at the Application Level www.ixiacom.com 915-6948-01 Rev. A, January 2014 2 Table of Contents How Flow Analysis Grows Into Total Application Intelligence...
More informationSTEELHEAD HYBRID NETWORKING
STEELHEAD HYBRID NETWORKING INCREASE NETWORK APPLICATION PERFORMANCE AND AVAILABILITY WHILE REDUCING COSTS WITH RIVERBED PATH SELECTION THE RISE OF THE HYBRID INFRASTRUCTURE Today, businesses are rapidly
More informationBASIC ANALYSIS OF TCP/IP NETWORKS
BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks
More informationVirtualized Security: The Next Generation of Consolidation
Virtualization. Consolidation. Simplification. Choice. WHITE PAPER Virtualized Security: The Next Generation of Consolidation Virtualized Security: The Next Generation of Consolidation As we approach the
More informationMaking the Case for Satellite: Ensuring Business Continuity and Beyond. July 2008
Making the Case for Satellite: Ensuring Business Continuity and Beyond July 2008 Ensuring Business Continuity and Beyond Ensuring business continuity is a major concern of any company in today s technology
More informationBusiness Case for Cisco SDN for the WAN
Business Case for Cisco SDN for the WAN s Executive Summary Traffic requirements are growing rapidly because of the widespread acceptance of online video services, cloud computing, and mobile broadband.
More informationMulti- Path Networking Is a Key to Maximizing Cloud Value
Multi- Path Networking Is a Key to Maximizing Cloud Value May 2015 Prepared by: Zeus Kerravala Multi- Path Networking Is a Key to Maximizing Cloud Value by Zeus Kerravala May 2015 º º º º º º º º º º º
More informationVirtual CPE and Software Defined Networking
Virtual CPE and Software Defined Networking Virtual CPE and Software Defined Networking Residential broadband service providers are looking for solutions that allow them to rapidly introduce innovative
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Forwarded-For support to Forward and Reverse Proxy TMG Servers Published: May 2010 Applies to: Winfrasoft X-Forwarded-For
More informationMonitoring Hybrid Cloud Applications in VMware vcloud Air
Monitoring Hybrid Cloud Applications in ware vcloud Air ware vcenter Hyperic and ware vcenter Operations Manager Installation and Administration Guide for Hybrid Cloud Monitoring TECHNICAL WHITE PAPER
More informationLAN Switching and VLANs
26 CHAPTER Chapter Goals Understand the relationship of LAN switching to legacy internetworking devices such as bridges and routers. Understand the advantages of VLANs. Know the difference between access
More informationAPPLICATION-AWARE ROUTING IN SOFTWARE-DEFINED NETWORKS
APPLICATION-AWARE ROUTING IN SOFTWARE-DEFINED NETWORKS SARO VELRAJAN Director of Technology, Aricent APPLICATION-AWARE ROUTING IN SOFTWARE-DEFINED NETWORKS Service providers are constantly exploring avenues
More informationCisco Quantum Policy Suite for BNG
Data Sheet Cisco Quantum Policy Suite for BNG Solution Overview The Cisco Quantum Policy Suite is a carrier-grade policy, charging, and subscriber data management software solution that enables service
More informationCisco Networking Professional-6Months Project Based Training
Cisco Networking Professional-6Months Project Based Training Core Topics Cisco Certified Networking Associate (CCNA) 1. ICND1 2. ICND2 Cisco Certified Networking Professional (CCNP) 1. CCNP-ROUTE 2. CCNP-SWITCH
More informationExtending Networking to Fit the Cloud
VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at
More informationTechnical Bulletin. Enabling Arista Advanced Monitoring. Overview
Technical Bulletin Enabling Arista Advanced Monitoring Overview Highlights: Independent observation networks are costly and can t keep pace with the production network speed increase EOS eapi allows programmatic
More informationExtraHop and AppDynamics Deployment Guide
ExtraHop and AppDynamics Deployment Guide This guide describes how to use ExtraHop and AppDynamics to provide real-time, per-user transaction tracing across the entire application delivery chain. ExtraHop
More informationHow To Provide Qos Based Routing In The Internet
CHAPTER 2 QoS ROUTING AND ITS ROLE IN QOS PARADIGM 22 QoS ROUTING AND ITS ROLE IN QOS PARADIGM 2.1 INTRODUCTION As the main emphasis of the present research work is on achieving QoS in routing, hence this
More informationAdvanced Higher Computing. Computer Networks. Homework Sheets
Advanced Higher Computing Computer Networks Homework Sheets Topic : Network Protocols and Standards. Name the organisation responsible for setting international standards and explain why network standards
More informationService Chaining in Carrier Networks
White Paper Service Chaining in Carrier Networks Prepared by Gabriel Brown Senior Analyst, Heavy Reading www.heavyreading.com on behalf of www.qosmos.com February 2015 Dynamic Services, Dynamic Networks
More informationCisco Prime Network Analysis Module Software 5.1 for WAAS VB
Cisco Prime Network Analysis Module Software 5.1 for WAAS VB Network administrators need multifaceted visibility into the network and application to help ensure consistent and cost-effective delivery of
More informationContents. Load balancing and high availability
White Paper Load Balancing in GateDefender Performa The information contained in this document represents the current view of Panda Software International, S.L on the issues discussed herein as of the
More informationT6 w a y s t o m a x i m i z e y o u r s u c c e s s
B e s t P r a c t i c e s f o r I P D e p l o y m e n t i n a M u l t i - v e n d o r E n v i r o n m e n t T6 w a y s t o m a x i m i z e y o u r s u c c e s s Authored by Ajay Kapoor, Senior Manager,
More informationIP Addressing A Simplified Tutorial
Application Note IP Addressing A Simplified Tutorial July 2002 COMPAS ID 92962 Avaya Labs 1 All information in this document is subject to change without notice. Although the information is believed to
More informationVPN Technologies: Definitions and Requirements
VPN Technologies: Definitions and Requirements 1. Introduction VPN Consortium, January 2003 This white paper describes the major technologies for virtual private networks (VPNs) used today on the Internet.
More informationNetworking and High Availability
TECHNICAL BRIEF Networking and High Availability Deployment Note Imperva appliances support a broad array of deployment options, enabling seamless integration into any data center environment. can be configured
More informationHighly Available Mobile Services Infrastructure Using Oracle Berkeley DB
Highly Available Mobile Services Infrastructure Using Oracle Berkeley DB Executive Summary Oracle Berkeley DB is used in a wide variety of carrier-grade mobile infrastructure systems. Berkeley DB provides
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationLoad Balancing 101: Firewall Sandwiches
F5 White Paper Load Balancing 101: Firewall Sandwiches There are many advantages to deploying firewalls, in particular, behind Application Delivery Controllers. This white paper will show how you can implement
More informationDelivering Managed Services Using Next Generation Branch Architectures
Delivering Managed Services Using Next Generation Branch Architectures By: Lee Doyle, Principal Analyst at Doyle Research Sponsored by Versa Networks Executive Summary Network architectures for the WAN
More informationsoftware networking Jithesh TJ, Santhosh Karipur QuEST Global
software defined networking Software Defined Networking is an emerging trend in the networking and communication industry and it promises to deliver enormous benefits, from reduced costs to more efficient
More information100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)
100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.
More informationThe Promise and the Reality of a Software Defined Data Center
The Promise and the Reality of a Software Defined Data Center Authored by Sponsored by Introduction The traditional IT operational model is highly manual and very hardware centric. As a result, IT infrastructure
More informationVirtual Machine Manager Domains
This chapter contains the following sections: Cisco ACI VM Networking Supports Multiple Vendors' Virtual Machine Managers, page 1 VMM Domain Policy Model, page 2 Virtual Machine Manager Domain Main Components,
More informationGLOBAL SERVER LOAD BALANCING WITH SERVERIRON
APPLICATION NOTE GLOBAL SERVER LOAD BALANCING WITH SERVERIRON Growing Global Simply by connecting to the Internet, local businesses transform themselves into global ebusiness enterprises that span the
More informationA Look at the New Converged Data Center
Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable
More informationVEEAM CLOUD CONNECT REPLICATION
VEEAM CLOUD CONNECT REPLICATION DRaaS that is extremely powerful and extremely easy Luca Dell Oca vexpert, VCAP-DCD, CISSP Contents Veeam Cloud Connect Replication, easy disaster recovery for everyone...3
More informationUnleash the power of Cisco ACI and F5 Synthesis for Accelerated Application deployments. Ravi Balakrishnan Senior Marketing Manager, Cisco Systems
Unleash the power of Cisco ACI and F5 Synthesis for Accelerated Application deployments Ravi Balakrishnan Senior Marketing Manager, Cisco Systems Cisco F5 Solutions Outline Cisco and F5 Areas of Partnership
More informationAutomated Firewall Change Management. Ensure continuous compliance and reduce risk with secure change management workflows
Automated Firewall Change Management Ensure continuous compliance and reduce risk with secure change management workflows JANUARY 2015 Executive Summary Firewall management has become a hot topic among
More informationIntegration Maturity Model Capability #5: Infrastructure and Operations
Integration Maturity Model Capability #5: Infrastructure and Operations How improving integration supplies greater agility, cost savings, and revenue opportunity TAKE THE INTEGRATION MATURITY SELFASSESSMENT
More informationITL BULLETIN FOR JANUARY 2011
ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division
More information