SDN and NFV Paving the Way for Network Monetization with Value-Added Services

MT10.24.16

Fierce Markets WebinarWednesday June 28, 2017

SDN and NFV Paving the Way for Network Monetization with Value-Added Services

2

Today’s Panel

Copyright © 2017 – Radisys Corporation

James RadleySenior ArchitectRadisys

Duane DeCapiteSenior Director, Product Management and StrategyRadisys

Iain GillotPresident and FounderIGR Research

3

Agenda

• Introduction• Service Trends• Network Function Requirements• Scalability• Security• Summary


www.iGR-inc.com

Sour

ce: iG

illottR

esea

rch, In

c, 20

17

200,000

300,000

400,000

500,000

600,000

700,000

800,000

2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026

Population Connections

Streaming m

usic

Streaming video

Facetime, Snap,

Instagram, etc

Streaming H

D video

AR/VR

Gaming

IoT

4K video

More

V2V, V2X

Rem

ote

surg

ery

Auto

nom

ous

vehi

cles

Net

wor

k sl

icin

g

New

app

s!

5

Service Trends

Variety and volume of cloud services is expanding.

SecurityServices

VirtualizedNetworkServices

IoTServices


5G Services

Image courtesy of Google

Data center solutions need to manage

increasing service diversity

6

Classification and Forwarding of Service Flows

Wireline/WirelessAccess Network

Edge Router

Carrier Data Center

Open SDN Switch

Classifier Forwarder

Wire Speed DPI Millions of SubscribersLoad Balancing

NetworkServicesPolicies

OpenFlowController

Value Added Services

SecurityServices

IoTServices

5G Services

Data Centers require Open Intelligent Distribution of Service Flows delivering NFV integration, scalability, and security.

7

Agenda



8

FlowEngine™ Technology Focus Areas

SDN

• Flexible data plane functions that offers line-rate performance

• Handling tens of millions of active flow entries for large-scale SDN networks

• Adjustable flow (table) rules with processing pipeline of variably sized tables with high rate of flow modification per second

NFV SecurityThousands of

Network FunctionsExternal Network

Millions of Flows

• Line rate flow forwarding, classification, and steering actions: Packet normalization, statefulLB, NAT, ACL, fragmentation reassembly, etc.

• Network analytics through network tap, sampling, and flow statistics

• Standard-based Service Function Chaining (SFC) for application-awareness using ToS/DSCP marking, segment routing, or VLAN and NSH/SCH tagging

• Work load distribution & flow affinity for SPI services - policy enforcement, video optimization, application GW, security & related applications

• Autonomously create a rule with a suitable default action for any new flow (flow entries through SDN OpenFlow controller)


9

Service Function Chaining

A

CD

B


ExternalNetwork

10

Service Function Chaining

OpenFlow Pipeline

Table 0

ACL

Table 1

Classifier

Table 4

Forwarding

Table 2

SF-Proxy

Table 3

SFP

VXLAN-gpe logical port

(1..n)

Physical Port

(1..m)

VXLAN-gpe logical port

(1..a)

Physical Port

(1..c)

(1..b)

L3 logical port

Parser

SFC Classifier• Classifies packets to a service

function chain based on a set ofL2/L3/L4 header fields.

• Unique classification rule for millionsof subscribers.

• Expect non NSH encapsulatedpackets.

• After classification, encapsulatespackets with NSH header (andappropriate tunneling header) toidentify the service chain.

SFC Forwarder Supports IETF Service function

forwarder function based on NSHheader.

Identify service chain instancebased on SPI/SI field.

Unique rules per service chaininstance or rendered path.

Potentially load balance flowsacross a set of SF’s.

Support VxLAN-gpe, NvGREtunneling.

SF Proxy Support legacy SF, i.e., SF’s that

don’t support SFC encapsulation. Support for both stateful and

stateless SF’s. Use of VLAN or MAC address to

save service function chain inpacket.

Option to dynamically learn andmaintain 5-tuple flows to map SFpackets to service chain.

Open Flow Pipeline for Service Function Chaining


11

Agenda



12

Scalable Server and Application Load Balancing (LB)

VLAN-VRF ACL User Port

Stateless LB

LBG PR0PR1

PR2

VLAN-VRF ACL

Stateful LB

Flow table

Subscriber TableLBG User PortPR0

PR1PR2

Highly Redundant Processing Resources

Four Load balancer Group’sCombination of Stateful/Stateless


13

Table Cascade to deliver Scalable Stateful Load Balancing


14

Agenda



15

Use Case: Network TAP

FlowEngine

DDoSdetection*

IPFIXApplicationMonitoring

Compliance

CoordinatedIntrusion

Prevention

ACL

SIEM

DDoS*

Application Monitoring

Legal Intercept

…

SIEM = Security Information and Event Management…


16

Network Tap Benefits

• Increase security• Forward all or selected flows in real time to security devices and services• Drop flows on a per-subscriber, per-user, VLAN, application, source or destination

• Increase network awareness• Forward selected flows to external networks for analysis or archive• Create summary of network traffic in non-proprietary record (IPFIX)

• Reduce complexity• Perform switching, load balancing, LI and Tap in a single device

• Reduce costs • FlowEngine provides Tap functionality at less than 25 percent of the cost of the competition!


17

Use Case: Security Offload

• IPSec Offload• IPSec Tunnel Termination • IPSec VPN Throughput over 100 Gbps• IPSec VPN Throughput over 60 Mpps

• ACL Offload• 10,000+ 5-tuple ACLs• Apply ACLs to encrypted traffic• Ability to drop traffic of selected flows

• LI (Lawful Intercept) Offload• Send matched flows to LI• Ability to send encrypted flows to LI

TDE-2000

LEAF

SPINE

TDE-2000 TDE-2000


18

Agenda



DD. Should we also consider using the summary slide I sent earlier or Do we only need the one summary slide?

RJA – Duane summarizes FlowEngine features in next slide. Then Iain will summarize webinar learnings and close the webinar (Iain to develop this slide

19

FlowEngine™ TDE-2000: Open, Carrier Grade and High Scale

Ultra compact with high performance (up to 2 Tbps)*

Scalable to support millions of flows and subscribers

Wire speed switching

High speed network security

Advanced L4 – L7 network services

Carrier grade open source network switch

Fully data and control plane programmable

L2 – L7Intelligent SDN

Platform


Radisys FlowEngine TDE-2000

www.iGR-inc.com

Sour

ce: iG

illottR

esea

rch, In

c, 20

17

More services, more connections, more devices◦ More people doing more things, not just more people

More network complexity to manage those streams◦ Virtualized environment◦ Load balancing demands

FlowEngine key part of network management infrastructure◦ SDN, NFV and Security◦ Service Function Chaining, with scalable load balancing

Security is key◦ FlowEngine supports Network TAP◦ Offload for IPSec, ACL and Lawful Intercept

Network Virtualization is not the question – how you optimize, manage and monetize the virtualized network is the critical success factor

21

Thank You! Questions?

James RadleySenior ArchitectRadisys

Duane DeCapiteSenior Director, Product Management and StrategyRadisys

Iain GillotPresident and FounderIGR Research

For more information, download the FierceTelecom eBrief

www.radisys.com/fierce-telecom-ebrief


http://www.radisys.com/fierce-telecom-ebrief