SOFTWARE-DEFINED NETWORKING (SDN)/NFV AND ACADEMIC RESEARCH IN CANADA CHRIS BACHALO CTO JUNIPER CANADA APR 28, 2015
INDUSTRY TRENDS WHITE BOX Reliable software still needed Feature / function Cost savings not realized x86 EVERYWHERE Not a threat to scale up architectures Solution for scale out architectures without a heavy data plane AUTOMATION PEOPLE THREATS Layered building block approach It is a journey not a destination Learn new skills or perish Organizational structure and behaviors biggest challenge Assume you are compromised Transformation to Virtual Impact is everywhere
DATA CENTER WHITE BOX SWITCH ADOPTION
INDUSTRY TRENDS WHITE BOX Reliable software still needed Feature / function Cost savings not realized x86 EVERYWHERE Not a threat to scale up architectures Solution for scale out architectures without a heavy data plane AUTOMATION PEOPLE THREATS Layered building block approach It is a journey not a destination Learn new skills or perish Organizational structure and behaviors biggest challenge Assume you are compromised Transformation to Virtual Impact is everywhere
EFFICIENCY (MPPS/WATT) CHIP EFFICIENCY VERSUS USE CASE COMPLEXITY 20 10 1 0.1 USE CASE COMPLEXITY
INDUSTRY TRENDS WHITE BOX Reliable software still needed Feature / function Cost savings not realized x86 EVERYWHERE Not a threat to scale up architectures Solution for scale out architectures without a heavy data plane AUTOMATION PEOPLE THREATS Layered building block approach It is a journey not a destination Learn new skills or perish Organizational structure and behaviors biggest challenge Assume you are compromised Transformation to Virtual Impact is everywhere
OTT PROVIDERS ARE INNOVATING FASTER Dynamic network service automation is the key priority for Service Providers OPERATING EXPENSES Servers managed per admin GOOGLE: 1 per 10,000 servers SP: Less than 100 TIME TO SERVICE DEPLOYMENT Code to production launch AMAZON: Few seconds SP: 10-12 Months OPERATIONAL COMPLEXITY # of SKUs to manage GOOGLE: 10s Configs SP: Thousands configs Opportunity for accelerating TTM, reducing costs and optimizing operations
INDUSTRY TRENDS WHITE BOX Reliable software still needed Feature / function Cost savings not realized x86 EVERYWHERE Not a threat to scale up architectures Solution for scale out architectures without a heavy data plane AUTOMATION PEOPLE THREATS Layered building block approach It is a journey not a destination Learn new skills or perish Organizational structure and behaviors biggest challenge Assume you are compromised Transformation to Virtual Impact is everywhere
DRIVERS AND BARRIERS TO EVOLUTION DRIVERS BARRIERS Scale Services up or down quickly 1. ELASTICITY 90% NFV-knowledgeable engineers 1. SPECIALIZED SKILLS 52% Use standard virtualized servers to reduce costs 2. TCO 81% Immature technologies 2. TECH MATURITY 52% Introduce new services quickly 3. AGILITY 76% Unclear cost benefits tradeoffs 3. COST-BENEFIT 52% Optimize network in real time 67% Incomplete or non-existent standards 48% Multi-tenants on the same hardware 52% How to prioritize NFV projects 48% Reduce energy consumption by using power management of standard servers 43% NFV software slows/delays traffic 33% Introduce services based on geography or customer sets 38% Deploy new NFV in existing networks 24% Reduce energy consumption by consolidating workloads on standard servers Open market to software-only and small players Run production and test on same network 38% 33% 33% 0% 20% 40% 60% 80% Operate NFV and non-nfv in same network Test NFV in existing network 10% 10% 0% 20% 40% * Source: Infonetics Research, 2013 (Survey conducted around SDN and NFV Adoption)
INDUSTRY TRENDS WHITE BOX Reliable software still needed Feature / function Cost savings not realized x86 EVERYWHERE Not a threat to scale up architectures Solution for scale out architectures without a heavy data plane AUTOMATION PEOPLE THREATS Layered building block approach It is a journey not a destination Learn new skills or perish Organizational structure and behaviors biggest challenge Assume you are compromised Transformation to Virtual Impact is everywhere
EVOLUTION OF CYBER ATTACKS
WHAT IS SDN?
Definition and Goals of SDN SDN has many definitions and many goals Separation of control and data planes Interoperability, innovation, higher feature velocity Separation of control and data planes Programmability, more network control OpenFlow-based data plane Standardized, powerful Increasing use of CPUs (Intel x86 processors) General purpose, cheap, ubiquitous Next-gen NMS: orchestration and automation Lower OpEx, faster service delivery SMS = Service Management System
SDN as a Compiler Say what you want, not how To Do It service reqts High-level, declarative specification of service requirements Service configuration lives here S DB Process & compile SDN system Parse specification Process analytics Configuration is sent to chosen device A DB Network Analytics Device 1 Device 2 Device 3 Device 4 Device 5 Device 6
OPENCONTRAIL Get the code at www.opencontrail.org Production-ready; built on proven, stable open networking standards Open Source fosters innovation and adoption of SDN Available via Apache 2.0 license www.opencontrail.org
CONTRAIL COMPONENTS 4 KEY COMPONENTS OF CONTRAIL FAMILY Contrail Controller Controller Contrail SDN Controller Analytics Open, Standards-based Controller Contrail Analytics Virtualized Server VM vrouter IP fabric (underlay network) QFX, Q-Fabric, EX Bare Metal Server QFX5100 TOR Real-time analytics engine on various protocols between any network Contrail vrouter VM engine which handles the forwarding plane work on the compute node MX-3D (Gateway Element) Gateway Element MX Series (or other router) can serve as gateway, eliminating need for SW gateway & improving scale QFX 5100 series (TOR gateway)
ACADEMIC ENGAGEMENT
JUNIPER NETWORKS ACADEMIC ALLIANCE PROGRAM Technical Learning Resources are provided: Curriculum and lab resources and faculty support Students get discounted certification vouchers (50%) Free course books follow curriculum Virtual labs through Junosphere free for cert courses Research Opportunities are provided: Working with Juniper engineering team to develop a deeper research relationship Prebuilt course modules and SDN training vehicles are provided as foundation Joint opportunities for published papers Academic Research Projects on Junos and SDK * Contrail, and Automation Globally, there are over 100 academic institutions in the JNAA Program academicalliance@juniper.net University of Brescia Multiplexer Application University of Roma Tre TMAC University of Pennsylvania RapidNet Declarative Network Engine Rochester Institute of Technology Special Protocol,Research University of Toronto York University - SAVI Research Project
SAVI (YORK UNIVERSITY) DYNAMIC SECURITY SERVICE CHAINING FOR VIRTUAL SECURITY SHARK TANK 5-tuple Filter Setup & NAT (Netconf) Service Chain & Policy Setup Centralized Controller SAVI Autonomic Security App REST APIs OpenStack JunosV Contrail Controller and Space Configuration, Analytics, Control, Monitoring VM Orchestration SNMP trap (5-tuple) Service Chain & Policy Setup, Monitoring Juniper MX Compute Nodes (KVM) Filter Based Forwarding SC1 Service Virtual Security Node1 Service Node 3 Production Application Attacker 5-tuple NAT SC2 Service Virtual Security Node1 Wireshark Service Node 3 Service Node 3 Application Copy Shark Tank (New IP Address) State Synch
CENGN PLATFORM AND NETWORK CENGN MEMBERS SDDC OpenStack Management &Automation Management &Automation VM VM VM VM VM VM Openzone Virtualizing Technology /Hypervisor DCI Virtualizing Technology /Hypervisor SMB/SME/Start-up Internet DC I
UNIVERSITY OF REGINA (BRIC) PUBLIC SAFETY TESTBED EVENT Event Classification Layer (Governance & Policy) Orchestration and Policy Layer (SDN Driven Dynamic Service Chaining and Policy Management) 9-1-1 Fire Ambulance Provincial Police National Security Local Police Logical Overlay Event Use Case #3: Hostage Incident Public Safety Internetwork Drug Enforcement RCMP Canada Customs Command Common Applications, Tools, Virtualized Network Functions SWAT Regional and National Databases
ALGONQUIN PACKET OPTICAL RESEARCH Network Optimization Service Optimization Bandwidth Calendaring Dynamic Security Disaster Recovery Elastic Scale Fault Recovery 4 3 rd Party Orchestration 3 6 Juniper Contrail Controller Virtualized Data Center/NG- CO Juniper NorthStar Controller A PCEP, BGP-LS (Southbound interface to NE) B C 3 rd Party Controller of Controllers 1 Abstract link topology (via Northbound Restful interface*) Q S 2 T V 5 Virtual Router on x86 Blade Optical SDN Controller SNMP, OpenFlow, NetConf, etc (Southbound interface to NE) X Y Z 6 Research Focus Areas: 1. E-W Controller Federation 2. Controller of Controllers 3. End to End Orchestration 4. Autonomic Application 5. Virtual Router Integration 6. DC SDN Integration Virtualized Data Center/NG- CO R U W * http://tools.ietf.org/html/draft-liu-netmod-yang-abstract-topo-00