Dynamic Service Chaining for NFV/SDN



Similar documents
SDN PARTNER INTEGRATION: SANDVINE

NFV Management and Orchestration: Enabling Rapid Service Innovation in the Era of Virtualization

Powering the Internet of Things: SDN/NFV Architectures

Leveraging SDN and NFV in the WAN

HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES

The following normative disclaimer shall be included on the front page of a PoC report:

Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University

Delivering Managed Services Using Next Generation Branch Architectures

Panel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26

What is SDN all about?

Transforming Service Life Cycle Through Automation with SDN and NFV

Customer Benefits Through Automation with SDN and NFV

SDN and NFV in the WAN

Management & Orchestration of Metaswitch s Perimeta Virtual SBC

Service Chaining in Carrier Networks

Definition of a White Box. Benefits of White Boxes

Cisco NFV Solution for the Cisco Evolved Services Platform

Service Automation Made Easy

Cisco ACI and F5 LTM Integration for accelerated application deployments. Dennis de Leest Sr. Systems Engineer F5

Introduction to Quality Assurance for Service Provider Network Functions Virtualization

Challenges and Opportunities:

SOFTWARE DEFINED NETWORKING

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

The Distributed Cloud: Automating, Scaling, Securing & Orchestrating the Edge

Business Case for NFV/SDN Programmable Networks

NFV Forum Progression to Launch

Virtualization, SDN and NFV

2015 Spring Technical Forum Proceedings

Orchestrating the next generation data center

Network Functions Virtualization (NFV) for Next Generation Networks (NGN)

SECURE CLOUD CONNECTIVITY FOR VIRTUAL PRIVATE NETWORKS

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

ETSI NFV ISG DIRECTION & PRIORITIES

Use Cases for the NPS the Revolutionary C-Programmable 7-Layer Network Processor. Sandeep Shah Director, Systems Architecture EZchip

Zero Touch Network- as- a- Service: Agile, Assured and Orchestrated with NFV

Foundation for High-Performance, Open and Flexible Software and Services in the Carrier Network. Sandeep Shah Director, Systems Architecture EZchip

Enabling Solutions in Cloud Infrastructure and for Network Functions Virtualization

Value Creation with Innovative Network Interface Devices (NIDs)

Network Function Virtualization & Software Defined Networking

The programmable network cloud

OpenFlow-enabled SDN and Network Functions Virtualization. ONF Solution Brief February 17, 2014

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

THE FRINGE OF ETSI ISG NFV Leveraging Proofs of Concept (PoCs) and reconciling SDN and NFV

THE RIGHT SDN IS RIGHT FOR NFV STRATEGIC WHITE PAPER NFV INSIGHTS SERIES

SDN Architecture and Service Trend

Building Access Networks that Support Carrier Ethernet 2.0 Services and SDN

Infrastructure for more security and flexibility to deliver the Next-Generation Data Center

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

NFV and SDN Answer or Question?

Top 26 Companies in the Global NFV Market

NFV and What it Means to You From ETSI to MANO to YANG Making Sense of it All

The promise of SDN. EU Future Internet Assembly March 18, Yanick Pouffary Chief Technologist HP Network Services

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014

CARRIER LANDSCAPE FOR SDN NEXT LEVEL OF TELCO INDUSTRILIZATION?

NFV Director overview

Authors contact info: Paul Quinn Distinguished Engineer Cisco Systems 55 Cambridge Parkway Cambridge, MA

Network Functions as-a-service over Virtualised Infrastructures T-NOVA. Presenter: Dr. Mamadu Sidibe

GAINING FULL CONTROL OF YOUR NETWORK WITH SERVICE PROVIDER SDN STRATEGIC WHITE PAPER

The Role of Big Data & Advanced Analytics in SDN/NFV. Moderated by Jim Hodges, Senior Analyst, Heavy Reading June 9, 2015

Strategic Direction of Networking IPv6, SDN and NFV Where Do You Start?

SDN Overlays Possibilities and Implications

ETSI NFV Management and Orchestration - An Overview

Ericsson Virtual Router (EVR) is the industry s first carrier-grade virtual router that delivers agility in service and infrastructure deployment

Network Operations in the Era of NFV & SDN. Chris Bilton - Director of Research & Technology, BT

The Benefits of SD-WAN with Integrated Branch Security

Using SDN-OpenFlow for High-level Services

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

Software-defined networking: the service provider perspective

ODL: Service Function Chaining

Virtualized Network Services SDN solution for enterprises

How To Build A Software Defined Data Center

A Whitepaper by. In collaboration with:

An Integrated Validation Approach to SDN & NFV

SDN-NFV: An introduction

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

Group-Based Policy for OpenStack

PLUMgrid Open Networking Suite Service Insertion Architecture

WHITE PAPER. Network Virtualization: A Data Plane Perspective

Deliver the Next Generation Intelligent Datacenter Fabric with the Cisco Nexus 1000V, Citrix NetScaler Application Delivery Controller and Cisco vpath

Zero Touch Network-as-a-Service: Agile, Assured and Orchestrated with NFV

Building an Open, Adaptive & Responsive Data Center using OpenDaylight

NEC Virtualized Evolved Packet Core vepc

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack

OVERVIEW. Virtual Solutions for Your NFV Environment

SDN, NFV & Future Technologies. Chris Thompson Director of Product Management, Cloud Connectivity Solutions

Service Provider Solutions for Growth in Managed and UnManaged Video

2013 ONS Tutorial 2: SDN Market Opportunities

DPI & Traffic Analysis in Networks Based on NFV and SDN

Simplifying Virtual Infrastructures: Ethernet Fabrics & IP Storage

Transformation of the enterprise WAN with dynamic-path networking

Virtualization techniques for network functions. Fabrice Guillemin, Orange Labs, OLN/CNC/NCA September 14, 2015

F V CE Brocade Communications Systems, Inc. PROPRIETARY INFORMATION 2

Cloud, SDN and the Evolution of

OpenStack, OpenDaylight, and OPNFV. Chris Wright Chief Technologist Red Hat Feb 3, CHRIS WRIGHT OpenStack, SDN and NFV

white paper Introduction to Cloud Computing The Future of Service Provider Networks

Virtualized Network Services SDN solution for service providers

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

Enabling Application Aware Networks The Next Generation Data Centre with Citrix NetScaler & Cisco Nexus. Ralph W. Lorkins Lead Systems Engineer

White Paper - Huawei Observation to NFV

Transcription:

Dynamic Service Chaining for NFV/SDN Kishore Inampudi A10 Networks, Inc.

Agenda Introduction NFV Reference Architecture NFV Use cases Policy Enforcement in NFV/SDN Challenges in NFV environments Policy Enforcement Needs for SDN/NFV environments Dynamic Service Chaining Architecture Service chaining standards (SFC, Metadata) Design considerations Dynamic Service Chaining Benefits 2

NFV Architecture Reference NFV Management and Orchestration (MANO) OSS/BSS Orchestrator VNF E2E Service Definition 1. Define Service EM 1 Element Management EM 2 EM 3 2. Render Service path NFVI Security VNF 1 VNF SLB 2 CGNAT VNF 3 Virtual Computing Computing Hardware Service Chaining Virtual Storage Virtualization Layer DPDK, Virtual BareMetal, Network Containers Hardware Resources Storage Network Hardware Hardware Lifecycle, Licensing ODL Openstack VNF Manager(s) Virtualized Infrastructure Manager(s) Service, VNF & Infrastructure Description 3. Program Service path Source: ETSI NFV 002 3

Service Provider: NFV Use cases User Equipment Mobile CPE CPE CPE Transport Network 3GPP CATV FTTH xdsl Access/ Edge P-GW CMTS OLT BNG Use cases: Mobile: vepc, vtdf/vpcef, vims, vsecurity Fixed: vcpe, vbras, vsecurity Cable: vcpe, vpe, vsecurity Network Services DPI Value Added Services (VAS) Parental Control Ad Insert Routing LB/ ADC Video Opt. Malware Lawful Intercept WAN Opt FW HTTP Enrich CGN Security Location services Other VAS NFV Target Choice of Form Factors Private Clouds/DC Public Clouds 4

Policy Enforcement in SDN/NFV Needs & Challenges

The Challenge: Policy Enforcement @ Scale Consumer Smartphone/ Tablets Coffee shops, Subways etc. Public Cloud Customers Laptop Home Service Providers Private & Hybrid Cloud Employees Bot Students DDoS Corporate/ Enterprise Hosting Hacker Malware/ Spyware Branch Enterprise Datacenter USERS DEVICES LOCATION REGION APPLICATIONS 6

Solution: Automated Policy Enforcement Consumer Smartphone/ Tablets Coffee shops, Subways etc. Intelligent L4-L7 Service Overlays @Edge of Network Internet Customers Laptop Employees Bot Home IP Backbone Network Public Cloud Students Hacker DDoS Malware/ Spyware Corporate/ Enterprise Branch USERS DEVICES LOCATION Context awareness (subscriber, tenant policy) Dynamic Services Chaining (SFC) Scale-out architecture Private Cloud APPLICATIONS 7

NFV Policy Enforcement Needs: Dynamic Service Chaining Today: Static Need: Dynamic FW DPI ADC Manual & Complex Characteristics: Physical Appliances Manual Provisioning Static Hop by Hop Services Basic L2-L3 based Policy classification Disadvantages: Restrictive: Topology dependent Sub-optimal: Not context sharing Expensive: Overprovisioned resources Automated & Simple Characteristics: Virtual, Physical or Hybrid Automated Provisioning Intelligent Policy L2-L7 classification Advantages: Flexible: Topology independent Optimal: Context awareness Cost-effective: On-demand resources 8

vcpe Example: End to End Solution Requirements Service Orchestrator SP Network OSS/BSS Provisioning Subscriber Management AAA/Radius vcpe API Parental Control VAS VNFs Video Optimization Security API CPE L2 Tunnel Access VHG (Gateway) Network VNFs Service Overlay Network Fabric CGNAT Network VNFs Tunnels: Overlays L2 for visibility Leverage existing Infrastructure VHG Programmability Subscriber Awareness Policy Enforcement Overlays, Tunnels Service Chaining Scalability Network Fabric: Programmability High-speed L2/L3 Interconnect Self Healing Underlay/Overlay CGN Programmability High performance Integrated Security Scalability 9

Dynamic Service Chaining Architecture

Standards: Service Function Chaining (SFC) SFC-aware Service SFC-aware SFC-aware Service Functions Functions Service Functions SFC Encapsulation SFC-enabled Domain Network Overlay Transport Network SFC: Services Overlay Model Decouples Service Function from Topology Overlays/Underlays for Transport SFC: Orchestration Service chain definition Service chain instantiation SFC: Policy Policy based Service Chaining Transferring Metadata for Context Source: https://datatracker.ietf.org/doc/draft-ietf-sfc-architecture/ 11

Standards: SFC Components SFC-aware Service SFC-aware SFC-aware Service Functions Functions Service Functions SFF SFC-enabled Domain SFF/ Classifier Network SFC-aware SFC-aware SFC-unaware Service Service Functions Functions Service Functions SFC Proxy SFC Components Service Function (SF): A function responsible for specific treatment of received packets. Classifier: Locally instantiated policy Service profile matching of traffic flows for forwarding actions. Service Function Forwarder (SFF): Forward to one or more connected service functions (SFs). SFC Proxy: Removes and inserts SFC encapsulation on behalf of a SFC-unaware service function. Source: https://datatracker.ietf.org/doc/draft-ietf-sfc-architecture/ 12

Policy Model Rule 1: SFC1: Policy is a set of policy rules Rule consists of a condition-action pair Premium HTTP Rule 2: Video DPI, QoS, FW SFC2: Optimization Detects a flow belonging to the Subscriber Rule 3: Other Default Identify set of value added services per policy Provide policy control for the flow Report statistics and charging parameters Standard Rule 1: HTTP Rule 2: Other SFC3: QOS, FW Default Basic Rule 1: All Default 13

SFC (Classification, SFF) Policy Enforcement Traffic coming from the endpoint is processed by the classification engine based on conditions The next policy action is identified based on policy decision Traffic is diverted to the next chain endpoint 1 1. Rule 1: if condition_1, forward to endpoint 1 2. Rule 2: if condition_2, forward to endpoint 2 3. Rule 3: If condition_3, forward to endpoint 3 Subscribers Internet Access 2 3 Need: Granular per subscriber per flow policy enforcement endpoint 1 endpoint 2 endpoint 3 14

SFC/SFF: Transferring Metadata Examples of metadata Subscriber-ID Application-ID Service-Profile-ID Service-Chain-ID Certain types of information are expensive to extract The objective is avoiding repeated execution of expensive operation What to transfer: Subscriber Identity or Policy Decision? Refer: https://tools.ietf.org/html/draft-rijsman-sfc-metadata-considerations-00 15

Transferring Metadata Where the standard is going? Labeling (IPv4, IPv6, TCP options extensions) In-band transferring Network Service Header (NSH) Application (HTTP Header Extensions) Source: https://tools.ietf.org/html/draft-rijsman-sfc-metadata-considerations-00 https://tools.ietf.org/html/draft-quinn-sfc-nsh-07 16

SFC: Service Path / Forwarding L4-L7 TCP flow, HTTP session, Proxy Services Segment Routing Source routing: Steering traffic ordered set of routers L2/L3 Traffic is forwarded to the endpoint and, optionally, encapsulated in VLAN/VXLAN 17

Dynamic Service Chaining: Design Considerations Service consolidation and convergence Service Programmability Granular policy enforcement Carrier class performance Elastic Scale on demand services Capacity Planning Automation Scalability Visibility Resilience Adv. Analytics Predictive Maintenance Reporting HA, Fault Tolerance Non-disruptive failover Security, Integrated DDoS protection 18

Dynamic Service Chaining = Intelligent Edge + Service Overlays SF1 SF1 SF1 Video Video Opt. Opt. Opt. SF2 SF2 SF2 Parental Control SF3 SF3 SF3 Security Services Edge Subscriber Edge Gateway Network Inline: Classifier, SFF Services: DHCP, Radius, etc. Policy: ACL, QoS, SFC etc. Service Edge Gateway Subscriber Edge Services Overlay IP Backbone Network Internet Edge Service Inline: SFF, re-classify, Proxy Services: SLB, Security, etc. Policy: ACL, SFC etc. Internet Edge Gateway Internet Inline: SFF, Classifier Services: CGN, FW etc. Policy: ACL 19

Dynamic Service Chaining Benefits Agility Automation Reduced TCO Personalized services to subscribers Reduce TTM new services On-demand service delivery Increase ARPU Simplified end to end service orchestration Automated configuration and provisioning Consistent policy enforcement: SLA, Compliance Operational Simplicity Efficient resource utilization Dynamic capacity scale up/down Pay-as-you-go usage model 20

THANK YOU

Policy Enforcement Challenges in NFV/SDN Network VNFs & VAS VNFs are not fixed and cause operational challenges. L4-L7 service change Context Traffic Management Service Management Scalability Lost Visibility, Header changes Flow terminated Flows created Unpredictable traffic flows Not predefined Address overlap Service Resiliency Service Placement Monitoring, SLA In line network functions High performance Scale out Example: CGNAT, ADC, WANOpt. Example: Firewalls, Security, DHCP Example: DDoS Protection, CGNAT Example: CGNAT, Load balancing 22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information