Network Services Orchestration Software Defined Networks, Network Function Virtualization - TODAY Bruno Paolini EMEA, Managing Director bpaolini@anutanetworks.com 2013 Anuta Networks
Agenda A few facts about today Business and Technical Challenges What Architecture & mechanisms to enable fast & secure network delivery? How does SDN/NFV look like? What about looking at a few use cases? Wrap/up
Cloud Service Providers Business Imperative SERVICE CATALOG BASED OFFERINGS Storage Revenue Pricing Constraints Commoditization Compute Revenue Pricing Constraints Commoditization Network Catalog Is this the next Wave to generate Revenue..
Enterprise IT Organization Legacy IT Organization Service Delivery Organization IT Challenges Declining IT budgets Competing Services Meeting Stringent SLAs Charge back 2013 Anuta Networks, Inc. All rights reserved.
Web / App Web / Servers App Servers Network Configuration for Tenant Onboarding WAN Edge Core Distribution / Services Access Cisco, Juniper Cisco, Juniper, HP, Arista, Dell Arista, Brocade, Cisco, Citrix, Checkpoint, F5, Palo Alto, Riverbed Cisco, Juniper, HP, Arista, Dell Configure External Network Connectivity (IP-VPN termination, DCI, Internet etc.), Routing (BGP, VRF etc.), Perimeter Security & QoS Policies Configure L3-isolation Policies (VLAN routing, Gateway functions, OSPF, etc.) Configure L2-isolation Policies Configure QoS Policies Configure Security Policies Configure Identity & Monitoring Policies Virtual Access Web / App Server Virtual Switch Web Web / / App App DB vers Server vers Configure Load balancer Policies, Firewall policies (& other ADC Policies) for each tenant context VMWare, Cisco, Open Source, F5, Riverbed, Citrix, Palo Alto As many as 100+ CLI/API commands are needed for a simple operation such as tenant onboarding (with each step requiring deep technical understanding and involving manual process). 2013 Anuta Networks 5
Network Outages Human Errors 62%
Agenda A few facts about today Business and Technical Challenges What Architecture & mechanisms to enable fast & secure network delivery? How does SDN/NFV look like? What about looking at a few use cases? Wrap/up
SDN/NFV targets multiple segments Campus Branch Data Center Core Key Requirements New Switch Onboarding, RMA Legacy Infrastructure Access Switch Port Policies(Security, QoS) Diverse Branch Deployments ZTD, Plug- n- Play NFV DC Connec,vity Encryp,on, DPI, Mul,- Vendor NFV Massive Scale, DCI, DR Legacy and New Breed Integra,on with Cloud Massive Scale Mul,- Vendor NFV Diverse Network Func,ons ZTD DCI Op,miza,on Portals Pla<orm Support and YANG End- to- End Segmenta,on Self- Service for LOB Typical Customers University Campus Mining Airline Terminals MSP Any Enterprise w/ remote sites Financial Banks SAS Providers SP Public Cloud Telecom Providers SP Core
1- LAN/WAN Coverage Enterprise Self-Service Portal App Centric Data Center Networks WAN Edge Campus Networks User centric Multi-Vendor L2-L7 Phys. & Virtual Core Distribution / Services Controller London Campus San Jose Campus Segmentation Device scale out Access Virtual Access Virtual Switch User centric MPLS and Internet IWAN (DMVPN, PFR, QOS, AVC, Web Security, Zone Based FW) Branch Office Networks NCX Remote Agent 2013 Anuta Networks 9
2- Open Architecture Third Party Controllers Cisco, HP, BMC, CA, IBM InfoBlox, QIP, Solarwinds LDAP/AD Other Splunk ü Software Appliance ü Server & Agent Model ü Device Abstraction Model ü Service Abstraction Model ü Organizational Hierarchy ü RBAC & Delegation ü Self Service Portal ü Policy Management ü Multi Vendor Devices ü Multi Node Deployment ü Policy Based Provisioning ü Multi-Tenant Support ü Yang based device model ü Support for NFV use cases 2014 Anuta Networks
Web / App Web / Servers App Servers 3- Full service life cycle management WAN Edge Tenant Cloud Portal NCX Cisco, Juniper Fully automated network provisioning From the same physical infra multiple kinds of networks provisioned in minutes using best Practices Self-Served network = Reduced OpEx, higher business agility Resource Reutilization = CapEx Savings Resources returned to network resource pool Core Cisco, Juniper, HP, Arista, Dell Highly Available Business Critical App Net Partner Network Project Dev Distribution / Services Arista, Brocade, Cisco, Citrix, Checkpoint, F5, Palo Alto, Riverbed Access Cisco, Juniper, HP, Arista, Dell Virtual Switch Virtual Access Web / App Server Virtual Switch Web Web / / App App DB vers Server vers VMWare, Cisco, Open Source, F5, Riverbed, Citrix, Palo Alto Virtual Switch Virtual Switch 2013 Anuta Networks 11
Agenda A few facts about today Business and Technical Challenges What Architecture & mechanisms to enable fast & secure network delivery? How does SDN/NFV look like? What about looking at a few use cases? Wrap/up
1- Simple to Use Service Design Engine Basic Network Service DMZ / Direct Public Access Advanced Service Unique drag & drop capability simplifies Network Services Design Offers additional customization Placement of Network Service Customize each network service function 2013 Anuta Networks 13
2- Service Orchestration Engine Service Definition Physical Topology Operations What s available for service Configure instantiation layer 2 & 3 isolation Reserve VRF Physical on the Resources devices distribution added & prepare switch to NCX Firewall configuration VLAN Network Rules the topology access mapped switch out Sub-interfaces Service templates for LB created & FW and reach made from Add distribution available VRF a firewall context via switch rule service to block catalogue http traffic from outside SVI IP VLANs addressing, with zone IP addressing towards VLAN, inside naming zone web Firewall servers. Routing convention Firewall configuration parameters populated populated Decommission Generic Load balancer device firewall parameters rule to allow populated access. Create IP addressing an inside/outside security zone Load balancer configuration Load for balance the path web traffic Add interfaces to the specific zones. Internal VLANs/Routes VLANs/Routing for reachability Create Route a domain rule to load balance http traffic between VIP the two web servers. Page 14
3- Service Management Engine Tenant 1 Tenant 2 Tenant 3 Tenants Map devices to services and services to tenants Services Gold Silver Bronze Monitor device alarms and notify affected tenants Devices Monitor tenant SLAs and map to devices 2013 Anuta Networks 15
4- Capacity Management Engine Real-time Capacity monitoring Network Service Capacity forecast Instant resource re-utilization Overall Network health monitoring Threshold based alerts Tenant 1 Tenant 2 Tenant 3 Tenant 4 Service Availability Nearing Capacity limit GOLD SILVER BRONZE Logical Resources VLANs VRFs FW Contexts LB Contexts Physical Resources Admin
Agenda A few facts about today Business and Technical Challenges What Architecture & mechanisms to enable fast & secure network delivery? How does SDN/NFV look like? What about looking at a few use cases? Wrap/up
NFV Support 2014 Anuta Networks 18
19 Virtual CPE Physical Topology Logical Topology Use cases ESXi Host Cisco CSR1000v Private WAN MPLS Nexus 1000v or VMware vswitch Juniper vsrx - Firefly User Access Switch (Physical) vwaas / Virtual Steelhead Support for CPE Functions L3 Termination DMVPN, L3 VPN, FlexVPN Zone based Firewall Wan Optimization Web Security Vendors Supported Cisco CSR 1000V Juniper Firefly Perimeter, Firefly Host Riverbed Virtual Steelhead Checkpoint VSG 2014 Anuta Networks
20 Virtual MPLS Backbone and Edge Physical Topology Logical Topology Use cases Support for Virtual PEs CEs Route Reflectors Vendors Supported Cisco CSR 1000V Brocade Vyatta* 2014 Anuta Networks
21 Virtual Data Center Physical Topology Logical Topology Use cases ESXi Host Private WAN MPLS Support for Virtual Router Firewall Load Balancer WAN optimization Switch Cisco CSR 1000v Nexus 1000v or VMware vswitch Juniper vsrx - Firefly BIG IP LTM VE Or Citrix Juniper vgw or Cisco VSG Vendors Supported Cisco CSR 1000V F5 LTM VE F5 GTM VE Citrix NetScaler Radware ADC-VX 2014 Anuta Networks
Distributed Network services
Policy Design, Orchestration & Management Application Access Self-Service: Host Exchange App in DC Access Exchange App Access Facebook.com Application Control Policies QOS FW LB QOS FW AVC AVC CME PFR VPN IPS WANOp DC with Default App Policy Campus Network with Access to DC & Internet Retail Branch Network Level Policy Design Custom Topology Templates Topology Map built with best practices Network Admin Device Credentials Network Discovered using standard protocols
Agenda A few facts about today Business and Technical Challenges What Architecture & mechanisms to enable fast & secure network delivery? How does SDN/NFV look like? What about looking at a few use cases? Wrap/up
Summary Key Highlights - SDN/NFV benefits: SDN Benefits for Today s Enterprise Networks NFV Benefits for Service Providers Orchestration across Campus, Branch, Data Center & Carrier Networks OPEX Reduction, Improved Customer Satisfaction Converged Infrastructure Support Complete Analytics for the Network 2014 Anuta Networks 25
Wrap/up 2013 Anuta Networks 26