Cloud Enablement Architecture and NfV Services · A hybrid network environment consisting of blend of custom NFs and Virtualized NFs (VNFs) Thank you. © 2014 Cisco and/or its affiliates

Cisco Public © 2014 Cisco and/or its affiliates. All rights reserved. 1

Cloud Enablement Architecture and NfV Services Prashant Jhingran [email protected]

Technical Marketing Engineer – Cisco Systems

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public

Agenda

§  Key SP Challenges §  Demystifying NfV §  NfV and Standardization §  Applicability of NfV §  NfV Use cases §  Case Study - Virtualizing Service Provider Wi-Fi Core

§  Summary


Key SP challenges and Path Forward

TRADITIONAL SP

Traffic Growth

Network Cost and

Complexity

Time to Market

Competitive Pressure

Slow Innovation

Lean SP

Rapid Innovation


TRANSFORMATION

Transformation To Carrier As A Service

Agile SP Traditional SP

NFv + SDN &

Physical

E2E Service Orchestration

Self Service

Carrier Class

Carrier As A

Service

NfV E2E Solution

Demystifying NfV


NAT VM

Firewall VM

SBC VM

dDOS VM

Virus Scan VM

IPS VM

DPI VM

CGN VM

Portal VM

PCRF VM

DNS VM

DHCP VM

BRAS VM

SDN Ctrl. VM

RaaS VM

WLC VM

WAAS VM

CDN VM

Caching VM

NMS VM

Network Functions Virtualisation Enablers, benefits and applications

§  Enablers Hypervisor and cloud computing technology Improving x86 h/w performance Optimised packet processing and coding techniques Network industry standardising on Ethernet SDN based orchestration

§  Value Proposition Shorter innovation cycle Improved service agility Reduction in CAPEX and OPEX

§  Applications Potentially all network functions

NfV = Transition of network infrastructure services to run on virtualised compute platforms Using cloud technology to provide network functionality


0.0

20.0

40.0

60.0

80.0

100.0

120.0

140.0

2012 2013 2014 2015 2016 2017

Exab

ytes

per

Mon

th

Web/Data (24.2%, 18.9%)

The Backdrop : Ever increasing Traffic Levels

Source: Cisco VNI Global IP Traffic Forecast, 2012–2017

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

100%

2012 2013 2014 2015 2016 2017

Traf

fic S

hare

Long-Haul (Also Traverses Metro)

58%

45%

42%

55%

23% CAGR 2012–2017

Metro : 10G à Multiple 10G or 100G

Core : Multiple 10G à 100G

NfV and Standardization


Network Functions Virtualization history § Brought to prominence in October 2012

13 operators published a white paper, coining the term Network Functions Virtualization (NFV) Announced and the highlight of the “SDN and OpenFlow world Congress in Darmstadt

§ Formal process based on an ETSI Industry Standard Group (ISG) Created January 2013 Anticipated lifetime 2 years

§ Role of NFV part 1 Use cases, architecture and terminology, highlighting of functional gaps Output is informational

§ Role of NFV part 2 Format, terms of reference etc. under discussion Continue when NFV part 1 completes Likely to be more normative in nature than NFV part 1


ETSI NFV Organization

© ETSI 2012. All rights reserved 10

Computing Hardware

Storage Hardware

Network Hardware

Hardware resources

Virtualisation Layer

Virtualised

Infrastructure Manager(s)

VNF Manager(s)

VNF 2

Orchestrator

OSS/BSS

NFVI

VNF 3

VNF 1

Execution reference points Main NFV reference points Other reference points

Virtual Computing

Virtual Storage Virtual Network

NFV Management and Orchestration

EMS 2

EMS 3

EMS 1

Service, VNF and Infrastructure Description

Or-Vi

Or-Vnfm

Vi-Vnfm

Os-Ma

Se-Ma

Ve-Vnfm

Nf-Vi

Vn-Nf

Vl-Ha Infrastructure

S/W Architecture Management and

Operations

Technical Steering

Committee

Reliability and Availability

Performance and portability

Security

Expert Groups

Applicability of NfV


Network solutions: Design approaches

CPU Reqs

Backbone, Metro and DC switching

Business CPE

Home CPE

0 10Mbps 100Mbps 1Gbps 10Gbps 100Gbps 1Tbps 10Tbps 100Tbps 1Pbps

Wireless GWs

High

Low

Wireline GWs

Appliances (L4-L7)

Distributed: CPUs + Lots of NPUs

Distributed: Lots CPUs + NPUs

Centralized: CPU + NPU

CPU

Centralized: CPU or SoC

Variable CPU / FPGA / NPU

OSS/BSS, subsystem and N/W control


Virtual Network Functions (VNF) – evaluation criteria § Physical Design Requirements

interface count, interface size, system design requirements, specialist N/W functions

§ Performance Requirements L1-L3 packet performance, CPU processing, fabric capacity

§ Network Architecture Will virtualization fit the network architecture principles of the network

§ Elasticity of the service

§ Economics Onboarding, CapEX and OpEx


Virtualized standard server based solutions – assessment Strengths

•  High CPU processing functions •  Not extreme packet processing •  Low physical interface counts (<20) •  Low-medium interface speeds •  Ethernet interfaces (copper 10/1000/10Gbps) •  Standard hardware server builds •  Elastic services where h/w can be redeployed

Weaknesses •  Very high packet processing •  Specialized SP design and h/w functionality •  High physical interface counts (>20s) •  High interface speeds (>40G) •  Diverse interfaces types •  Unpredictable performance metrics

NfV Use Cases


Internet

NfV use case: Virtualized SP / 3rd party applications

§  Many examples OSS/BSS, voice and video solutions, N/W control, video/collaboration solutions, wireless/Wi-Fi, security

§  NFV transition well underway

§  There are several existing products in this space See earlier slide for details

§  New solutions coming think and fast

Centralised DC

Orchestration

IP edge CPE

NGN

Streamer DHCP

DNS Content Ingestion

IMS

IaaS


Internet

NfV use case: Virtualized Edge Gateway

§  Vendors have complementing existing h/w gateway solutions with virtualized g/w solutions

§  vPE, vBNG/BRAS based on Cloud Service Router

§  Virtual mobile gateways (MME, S/PGW)

§  CableLabs have kicked off work on vCMTS

§  Virtualized gateways may require architectural changes Virtual racking and stacking

Centralised DC

Orchestration Policy Server

IP edge CPE

NGN

vBNG vBNG


NfV use case : Virtual residential gateway

§ Quantum Virtual Broadband Node L2 domain between home and data center Virtualized CPE and home services in the cloud

Cloud Data Centre

Gateway

Internet

L2 Domain

Data Centre Services

Wireless AP

Management and Control

FW

L2 Domain


NfV use case: Virtual Service Infrastructure

§  Simple reconfiguration of service chains via SDN and virtualization tools Improved scaling Elastic services

Cloud Orchestration and Management

Access GGSN/PGW

Web Proxy NAT DPI FW

VO

VO FW

FW

A-‐SBC

12ABC3DEF

4GHI5JKL6MNO

7PQRS

8TUV9WXYZ

*0#

Signal Strength

Physical Router


vFW

Public Zone (DMZ) Protected FE Zone 1 Zone 2 Zone 3

Sub-Zone W

Sub-Zone X

Sub-Zone Y

Sub-Zone Z

Front-end Zones

L3 VPN

Internet

Back-end Zones

vLB vLB vLB

vIPSec GW

Virtualized Compute and DC overlay

Data Center Evolution

Public Internet L3 VPN

Server VLANS

Firewall Outside VLAN

Firewall Inside, ACE outside VLAN

AS 65522

RP RP

AS 109

ASA- VPN Front-end VRF

Back-end VRF

Shared/public VLAN

ASA- FW

WAN Edge (NGN PE)

Aggregation

Service-Core

Aggregation

Compute

ASA- VPN

ASA- FW

eMBGP

VRF

VRF

eBGP + static redist.

VRF *

***

*

*

***

*Tennant L3

Edge (VRF-CE)

L3 VPN Edge (DC-PE)

L3 VPN Edge (NGN-PE)

Legacy DC NFV DC

Agility (Create/Delete), Scale, Flexible Topologies, BYOD, Elasticity, Utility Based Pricing

Case Study: Virtualizing Service Provider Wi-Fi Core


Wi-Fi E2E Solution Architecture

22

UCS

CAPWAP

WLAN Controller

Internet Backhaul

§  Session management §  L4 Redirection §  Transparent Auto Logon §  Policy enforcement §  Accounting start / stop §  Legal Intercept

§  Subscriber management

§  Subscriber authentication

§  Service authorization §  Web portals §  Policy definition §  Roaming

§  Address assignment §  Accounting / Billing §  Whitelisting §  Location awareness §  Network Analytics

Core Network

802.11 a/b/g/n

§  NAT §  Firewall §  DPI §  Video optimization

L2 / L3 L3

Portal DNS

PCRF DNS SUM

DHCP

AAA PI MSE

WAG

WLAN Access


What to virtualize?

23

UCS

CAPWAP

WLAN Controller

Internet Backhaul


§  Subscriber management

§  Subscriber authentication

§  Service authorization §  Web portals §  Policy definition §  Roaming

§  Address assignment §  Accounting / Billing §  Whitelisting §  Location awareness §  Network Analytics

WLAN Access

Core Network

802.11 a/b/g/n

§  NAT §  Firewall §  DPI §  Video optimization

L2 / L3 L3

Portal MSE

PCRF DNS SUM

DHCP

Mgmt

DNS AAA

§  DNS service §  Authentication §  Accounting §  Management §  Subscriber management

WAG


Virtualized Wi-Fi instance

24

Internet

AAA

§  Web portals §  Policy definition §  Roaming §  Address assignment §  Whitelisting

§  Location awareness §  Network Analytics §  BBX – Ad insertion


§  DNS service §  Authentication §  Accounting §  Management §  Subscriber management

WAG

CAPWAP

WLAN Controller

Backhaul

Core Network

UCS Portal

DNS

DHCP

Mgmt

MSE

L2 / L3 L3 NAT

§  NAT §  Firewall

WLAN Access


Virtualized Wi-Fi Service Instances

25

CAPWAP

WLAN Controller

Internet

Backhaul

WLAN Access Core Network

Portal DNS DHCP

Mgmt

AAA

MSE

802.11 a/b/g/n L2 / L3 L3 NAT

CAPWAP

WLAN Controller

Backhaul

WLAN Access Core Network

UCS / Blade Server

Portal DHCP MSE

802.11 a/b/g/n L2 / L3 L3 NAT

Service Instance - 1


WAG

WAG


Differences between service instances

•  IP addresses for all components on the SP management network

•  Public IP addresses for virtual WLC’s

•  NAT pool for each service instance

•  VLAN’s must be unique per service instance within a cluster

Everything else remains the same across ALL service instances

26


Virtual Wi-Fi (inside of a service instance)

SP Network

VL-1

093

VL-1

094

ISC DHCP (V4 & V6) MSE

Backhaul VL-61

VL-62

Web Portal

DNS V4 & V6

AAA V4 & V6

Mgmt

DNS

vWAG

vNAT

vWLC-1

vWLC-2

27


Summary

§ The backdrop to NfV and all network evolution is increasing amount of network traffic

§ Both vendors & SP’s are experimenting with NfV

§ Caution: NfV doesn’t mean EoL of your production hardware

§ NfV: some functions are obvious / large spectrum are dependent on SP and their architecture

§ A hybrid network environment consisting of blend of custom NFs and Virtualized NFs (VNFs)

Thank you.


Layer 2 Connectivity with Virtual Switch

30

vSphere

Virtual Switch

vSphere

Virtual Switch

Virtual Switch Controler

ESXi host 1

Physical Switches

vWLC vWAG MSE DHCP vNAT Portal vWLC vWAG MSE DHCP vNAT Portal Virtual Machines

L2 Trunks ESXi host 2


Service Instances across a cluster

DHCP DNS vWLC vNAT vWAG Portal MSE



Virtual Switch

VMWare Cluster

ESXi Host - 1 ESXi Host - 3 ESXi Host - 2 ESXi Host - 4

Service Instance 1

Service Instance 2

Service Instance 3

Virtual Switch

Virtual Switch

Virtual Switch

31


Fault tolerance for service instances



Virtual Switch

VMWare Cluster

ESXi Host - 1 ESXi Host - 3 ESXi Host - 2 ESXi Host - 4

Service Instance 1

Fault Tolerance

Virtual Switch

Virtual Switch

Virtual Switch

•  Only VM’s with a single vCPU can be made fault tolerant •  Virtual hard disk should be set up as Thick eager zeroed •  Only 4 Fault Tolerant VM’s per ESXi host

32


SP Network

Wi-Fi service instances

AAA

Mgmt DNS

Location -1

Backhaul

VMWare Cluster

ESXi Host1

ESXi Host2

ESXi Host3

ESXi Host4


Location -2

Location -3

•  Consistent subscriber experience •  Centralized asset management •  Customized portal experience •  Shared IP address space •  Separate administration domain •  Custom billing / reporting



•  Centralized asset management •  Fault isolation / troubleshooting •  Rapid “cookie cutter” deployment •  Opportunity to customize •  Self service management portals •  License based solution

33


Web-Authentication with DNS redirect

34

AP WLC AAA DHCP WAG PORTAL Client Association (1)

DHCP Discover (3) DHCP Relay (4)

DHCP Offer (5)

DHCP Request / ACK (6)

HTTP Response (11) – Web Login page

HTTP Request (10)

DNS Query (7)

DNS REDIRECT (8)

Unauthenticated Session

Association (2)

DNS Response (9) – Portal IP address

User Login (12)

RADIUS CoA (13) RADIUS Auth (14)

DNSMasq

CoA Ack (15)

Authenticated Session DNS redirection

removed

User profile Cached


Summary

§ The backdrop to NfV and all network evolution is increasing amount of network traffic

§ Both vendors & SP’s are experimenting with NfV

§ Caution: NfV doesn’t mean EoL of your production hardware

§ NfV: some functions are obvious / large spectrum are dependent on SP and their architecture

§ A hybrid network environment consisting of blend of custom NFs and Virtualized NFs (VNFs)


References

§  ETSI - http://www.etsi.org/technologies-clusters/technologies/nfv/nfv-poc

§  SDN Central - http://www.sdncentral.com/whats-network-functions-virtualization-nfv/

§ Cisco Live - http://www.ciscolive.com/

36


Content Contributors

§  Piyush Patel ([email protected])

§ Ravindra Shankar ([email protected])

§  Simon Spraggs ([email protected])

37

Thank you.

Documents

Cloud Enablement Architecture and NfV Services · A hybrid network environment consisting of blend of custom NFs and Virtualized NFs (VNFs) Thank you. © 2014 Cisco and/or its affiliates