Upload
cohesive-networks
View
161
Download
1
Tags:
Embed Size (px)
Citation preview
copyright 2014 1
Waves of adoption for NFV
Chris Swan, CTO
@cpswan
the original cloud networking company
How public, private and hybrid cloud
networking is used for real workloads
copyright 2014 2
Agenda
What is NFV?
Bursting and Containment
Hubs and Spokes
Winning Back Control
Summary
copyright 2014
Providers and Customers
have different concerns
Layer
0
Layer
4
Layer
3
Layer
2
Layer
1
Layer
5
Layer
7
Layer
6
Virtualization
Layer
Hardware
Ownership
Layer
Limits of access, control, & visibility
User
Contr
ol
Use
r C
on
tro
l
Service Provider SDN starts at the
bottom of the network with the
"device" and network flows.
Application SDN (using NFV)
begins at the top of the network
with the enterprise application, its
owner and their collective technical
and organizational demands.
5
copyright 2014 6
NFV as a networking Swiss Army knife
Firewall
Dynamic &
Scriptable
SDN
Protocol
Redistributor
IPsec/SSL VPN
concentrator
Router Switch
NFV
Hybrid
virtual
device
able to
extend to
multiple
sites
Application SDN (Software Defined Network) Appliances
• Allow control, mobility & agility by separating network location
and network identity
• Control over end to end encryption, IP addressing and network
topology
copyright 2014 7
A technical use case overview
Customer Data Center Customer Remote Office
NFV
Overlay Network Subnet: 172.31.0.0/22
Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21 Cloud Server A Cloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F
Active IPsec
Tunnel Active IPsec Tunnel
Failover IPsec
Tunnel
192.168.4.0/24 -
172.31.1.0/24 192.168.3.0/24 -
172.31.1.0/24 Firewall / IPsec
Cisco 5505
Firewall / IPsec
Cisco 5585
Data Center
Server Data Center
Server LAN IP:
192.168.4.50
LAN IP:
192.168.4.100
User Workstation
LAN IP:
192.168.3.100
User Workstation
LAN IP:
192.168.3.50
Chicago, IL USA
Remote Subnet:
192.168.3.0/24
London, UK
Remote Subnet:
192.168.4.0/24
Public IP:
184.73.174.250
Overlay IP:
172.31.1.250 Public IP:
54.246.224.156
Overlay IP:
172.31.1.246
Public IP:
192.158.29.143
Overlay IP:
172.31.1.242
Peered Peered
US East 1 EMEA
NFV NFV
APAC
copyright 2014
Mutual fund securely
extends HPC grid
resource
Fund bursts into public cloud to extend HPC
Private Data Center
NFV
US-east-1
Active IPsec Tunnels
Firewall / IPsec
Data Center Node
Boston, USA
Node
US-west-1
Overlay Network
Peered
Node
Node
NFV
9
copyright 2014
Developer Office
NFV
US-east-1
Active IPsec Tunnels
192.168.4.0/24 - 172.31.1.0/24
Firewall / IPsec
USA
User Workstation User Workstation
Partner Data
Center
Firewall / IPsec
Data Center Servers
Private Cloud
Peered
Hybrid Network
Virtual Machine Virtual Machine
NFV
Mobile provider creates
secure dev/test
environments
AD Configuration with Dual NIDs
10
copyright 2014
UK non-profit analyses
20 years of energy data
& reduces CO2
Energy Savings Trust analyses data in IBM Cloud
11
On-Site Hardware
NFV
Active IPsec Tunnel
UK
Firewall / IPsec
Data Center Servers
Virtual Machine Cloud Server
Ehningen
copyright 2014
US Sports Association
flexes up & down during
large annual events
Capacity expansion: meeting game day demand
12
Main Offices
NFV
Active IPsec Tunnels
New York, NY USA
Data Center
Virtual Machine Cloud Server
us-east-1
Media Partners
Firewall / IPsec
EMEA, & US & ANZ
Workstations
copyright 2014
BPMS vendor reaches
customers without on
premise installations
BPMS-as-a-SaaS without traditional complexity
13
Home Data Center
NFV
Active IPsec Tunnels
Firewall / IPsec
Boston, MA USA
us-east-1
Customer Data
Center 2
Peered
Federated Cloud
Overlay Network
NFV
Virtual Machine Virtual Machine
Customer Data
Center 1
Cloud-based
SaaS tool
Failover IPsec
Private Cloud
Data Center Servers
us-west-2
Berlin, DE London, UK
copyright 2014
Retail analytics firm
connects in shared,
private environment
Cloud “Meet Me Room”
15
Home Data Center
NFV
Active IPsec Tunnels
Firewall / IPsec
Boston, MA USA
us-east-1
Dev/Test
Peered
Federated Cloud
Overlay Network
NFV
Virtual Machine Virtual Machine
Internal IT Data
Center 1
Remote Team
Failover IPsec
Data Center Servers
us-west-2
New York, NY USA Camden, MA
USA
Remote Team
copyright 2014
Firm extended offerings
with global cloud points
of presence
Cloud WAN for global reach and redundancy
16
Remote Team
Data Center
Active IPsec Tunnels
Frankfurt, Germany
Firewall / IPsec
Data Center Server
Customer 2 Tokyo, Japan
Workstations
APAC-1
Peered
US East Coast
Peered
Customer 1 New York USA
Office London, UK
Data Center Server Data Center Server
Netherlands
NFV NFV NFV
copyright 2014
Connecting mobile
banking customers to
common infrastructure
Multitenant cloud-based partner network
17
Data Center Server
Encrypted IPsec Tunnels
Home Network USA
Firewall / IPsec
Customer
Data Center 2
USA
Customer
Data Center 1
UK
Data Center Server
NFV
Virtual Machine
Mobile Banking
Platform
Cloud Region A Cloud Region B Cloud Region C Cloud Region D
Data Center Server
Customer Data
Center N
USA
Customer
Data Center 3
UK
Data Center Server Data Center Server
copyright 2014
The globe spanning disposable network
Where NFV really shines today: create a WAN in minutes,
use cloud as points of presence for your business
User Workstation User Workstation
Data Center Server
18
Mission specific
networks brought up in
hours, used for weeks
copyright 2014 20
Overlay between public & private cloud
Public IP: 194.42.93.145 Public IP: 194.42.93.146 Public IP: 194.42.93.147 Public IP: 194.42.93.148 Public IP: 194.42.93.149 Public IP: 194.42.93.150
Public IP: 194.42.93.151 Public IP: 194.42.93.152 Public IP: 194.42.93.153 Public IP: 194.42.93.154
Public IP: 5.23.25.66
Cloud Servers
Peered
Location 1
Cloud Servers
Peered
Location 2
Cloud Servers
Peered
Location 3
Cloud Servers
Peered
Location 4
Cloud Servers
Peered
Location 5 Peered Public IP: 5.23.25.12
Region: Europe-1
NFV Overlay Network
172.31.0.0/24
Peered Peered
Peered
Peere
d
Peered
Application developers
no longer have ITIL
processes in the way of
agile delivery
copyright 2014 21
The first “process” customizable cloud transport
network device
NFV allows customers to embed features and functions provided by
other vendors - or developed in house, safely and securely into
cloud networks
• Not just a scripting interpreter that allows control over known, existing
features
• Completely new functions, processes, computation delivered to the
core of the customer cloud network (patent pending)
NFV
Customer
controlled,
and co-
created, for
the best
hybrid cloud
experience
Router
SSL
Termination Content
Caching
Load
Balancing
Intrusion
Detection More....
Switch Firewall IPsec/SSL
VPN
Concentrator
Protocol
Redistributor
Dynamic &
Scriptable
SDN
(Reverse)
Proxy
copyright 2014 23
NFV allows networks to be built out of the cloud
Users get control over their: Security
Topology
Addressing
Protocols
When you give people a networking Swiss Army
knife to run in the cloud they do all kinds of
stuff that you might not have expected
Summary
copyright 2013 24
The CloudCamp Team 'Fireside
Chat' - why is it still called cloud?
24
12:45 - 13:10 in Management, Services and
Applications Stream