Cloud/SDN in Service Provider Networks Dr. Marcus Brunner Head of Standardization marcus.brunner@swisscom.com
Cloud momentum Increasing VM density Mobile data is exploding High bandwidth
Why a new network architecture is needed? Current trends Increased mobility Increased # of devices Cloud model dynamic Aging network technology static
Where we are today Series of ad-hoc solutions after another Vendor Lock-in
Forces that will shape the future Software Defined Networks SDN Program services instead of rearchitecting the network and the management system for every new service. Network Function Virtualization NFV NFV is concerned with porting network or telecommunications applications that today typically run on dedicated and specialized hardware platforms to virtualized Cloud infrastructure.
SDN What is it? Today Concept: Separation of control and data planes A logically centralized control plane Network Application Programming Interfaces Value proposition: Network virtualization Programmability and automation Openness Enable innovation SDN
SDN use cases Network Function Virtualization DC Interconnect Network aware load balancing QoS for pay FW LB BRAS Cloud Multi Tenancy Virtual Residential Gateway Performance on demand for IaaS Traffic steering for mobile QoE management
NFV What is it? Carrier-led initiative to virtualize networking software that today run on proprietary hardware Leveraging (high volume) standard servers and IT virtualization Value proposition Faster time to market Elasticity Redundancy Independence from hardware
Baseline Network Functions Virtualization Architecture NFV Applications Domain NFV Container Interface Working Draft ETSI NFV
Example: Interplay NFV-SDN Virtualization of Network Functions on cloud infrastructure Interplay with SDN to route sessions through appropriate functions OF-Controller (session routing) SW-functions Cloud Stack Access Network OF-switch COTS-HW
NFV Security Implications gaps: identify NfV s security gaps solutions: help the NFV working groups design-in security opportunities: identify opportunities to improve security Non-goal: address security problems NfV has in common with non-nfvnfv Security Problem Statement consolidated security-related key issues Title Issue # Proposed owner Topology Validation & Enforcement BT12 MANO Availability of Management Support Infrastructure DT01 ArchVI, RelAv Secure Boot BT10, ATT02, BT03 MANO, ArchVI Secure Crash BT10 ArchVI, MANO Performance Isolation BT11 RelAv, ArchVI Tenant Service Accounting TF05 MANO, ArchVI Time Service Authentication BT05 ArchVI Private Keys within Cloned Images VZ07 SWArch, MANO
Key Takeaways NFV Network operators have proven NFV feasibility via proof of concept test platforms Network operators and vendors have identified numerous fields of application spanning all domains (fixed and mobile network infrastructures) Significant CapEx/OpEx benefits, leveraging also the economies of scale Network Functions Virtualization can dramatically change the telecom landscape and industry over the next 2-5 years NFV ISG formed under ETSI (Nov. 2012), led by network operators with wide industry participation Emerging virtual network appliance market Opportunities for new market players Novel ways to architect and operate networks, spawning a new wave of industry wide innovation 12
Swiss Chapter of Cloud Security Alliance Goal: define bests practices, guidelines and basics for secure cloud computing Swiss chapter specifically takes the Swiss regulation on data protection into account Membership Free of charge http://www.linkedin.com/groups?gid=4484376 Link Cloud Security Alliance Switzerland https://cloudsecurityalliance.org/chapters/official/#switzerland-chapter