Upload
radisys-corporation
View
108
Download
0
Embed Size (px)
Citation preview
MT10.24.16
Fierce Markets WebinarWednesday June 28, 2017
SDN and NFV Paving the Way for Network Monetization with Value-Added Services
2
Today’s Panel
Copyright © 2017 – Radisys Corporation
James RadleySenior ArchitectRadisys
Duane DeCapiteSenior Director, Product Management and StrategyRadisys
Iain GillotPresident and FounderIGR Research
3
Agenda
• Introduction• Service Trends• Network Function Requirements• Scalability• Security• Summary
Copyright © 2017 – Radisys Corporation
www.iGR-inc.com
Sour
ce: iG
illottR
esea
rch, In
c, 20
17
200,000
300,000
400,000
500,000
600,000
700,000
800,000
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026
Population Connections
Streaming m
usic
Streaming video
Facetime, Snap,
Instagram, etc
Streaming H
D video
AR/VR
Gaming
IoT
4K video
More
V2V, V2X
Rem
ote
surg
ery
Auto
nom
ous
vehi
cles
Net
wor
k sl
icin
g
New
app
s!
5
Service Trends
Variety and volume of cloud services is expanding.
SecurityServices
VirtualizedNetworkServices
IoTServices
Copyright © 2017 – Radisys Corporation
5G Services
Image courtesy of Google
Data center solutions need to manage
increasing service diversity
6
Classification and Forwarding of Service Flows
Wireline/WirelessAccess Network
Edge Router
Carrier Data Center
Open SDN Switch
Classifier Forwarder
Wire Speed DPI Millions of SubscribersLoad Balancing
NetworkServicesPolicies
OpenFlowController
Value Added Services
SecurityServices
IoTServices
5G Services
Data Centers require Open Intelligent Distribution of Service Flows delivering NFV integration, scalability, and security.
7
Agenda
• Introduction• Service Trends• Network Function Requirements• Scalability• Security• Summary
Copyright © 2017 – Radisys Corporation
8
FlowEngine™ Technology Focus Areas
SDN
• Flexible data plane functions that offers line-rate performance
• Handling tens of millions of active flow entries for large-scale SDN networks
• Adjustable flow (table) rules with processing pipeline of variably sized tables with high rate of flow modification per second
NFV SecurityThousands of
Network FunctionsExternal Network
Millions of Flows
• Line rate flow forwarding, classification, and steering actions: Packet normalization, statefulLB, NAT, ACL, fragmentation reassembly, etc.
• Network analytics through network tap, sampling, and flow statistics
• Standard-based Service Function Chaining (SFC) for application-awareness using ToS/DSCP marking, segment routing, or VLAN and NSH/SCH tagging
• Work load distribution & flow affinity for SPI services - policy enforcement, video optimization, application GW, security & related applications
• Autonomously create a rule with a suitable default action for any new flow (flow entries through SDN OpenFlow controller)
Copyright © 2017 – Radisys Corporation
10
Service Function Chaining
OpenFlow Pipeline
Table 0
ACL
Table 1
Classifier
Table 4
Forwarding
Table 2
SF-Proxy
Table 3
SFP
VXLAN-gpe logical port
(1..n)
Physical Port
(1..m)
VXLAN-gpe logical port
(1..a)
Physical Port
(1..c)
(1..b)
L3 logical port
Parser
SFC Classifier• Classifies packets to a service
function chain based on a set ofL2/L3/L4 header fields.
• Unique classification rule for millionsof subscribers.
• Expect non NSH encapsulatedpackets.
• After classification, encapsulatespackets with NSH header (andappropriate tunneling header) toidentify the service chain.
SFC Forwarder Supports IETF Service function
forwarder function based on NSHheader.
Identify service chain instancebased on SPI/SI field.
Unique rules per service chaininstance or rendered path.
Potentially load balance flowsacross a set of SF’s.
Support VxLAN-gpe, NvGREtunneling.
SF Proxy Support legacy SF, i.e., SF’s that
don’t support SFC encapsulation. Support for both stateful and
stateless SF’s. Use of VLAN or MAC address to
save service function chain inpacket.
Option to dynamically learn andmaintain 5-tuple flows to map SFpackets to service chain.
Open Flow Pipeline for Service Function Chaining
Copyright © 2017 – Radisys Corporation
11
Agenda
• Introduction• Service Trends• Network Function Requirements• Scalability• Security• Summary
Copyright © 2017 – Radisys Corporation
12
Scalable Server and Application Load Balancing (LB)
VLAN-VRF ACL User Port
Stateless LB
LBG PR0PR1
PR2
VLAN-VRF ACL
Stateful LB
Flow table
Subscriber TableLBG User PortPR0
PR1PR2
Highly Redundant Processing Resources
Four Load balancer Group’sCombination of Stateful/Stateless
Copyright © 2017 – Radisys Corporation
14
Agenda
• Introduction• Service Trends• Network Function Requirements• Scalability• Security• Summary
Copyright © 2017 – Radisys Corporation
15
Use Case: Network TAP
FlowEngine
DDoSdetection*
IPFIXApplicationMonitoring
Compliance
CoordinatedIntrusion
Prevention
ACL
SIEM
DDoS*
Application Monitoring
Legal Intercept
…
SIEM = Security Information and Event Management…
Copyright © 2017 – Radisys Corporation
16
Network Tap Benefits
• Increase security• Forward all or selected flows in real time to security devices and services• Drop flows on a per-subscriber, per-user, VLAN, application, source or destination
• Increase network awareness• Forward selected flows to external networks for analysis or archive• Create summary of network traffic in non-proprietary record (IPFIX)
• Reduce complexity• Perform switching, load balancing, LI and Tap in a single device
• Reduce costs • FlowEngine provides Tap functionality at less than 25 percent of the cost of the competition!
Copyright © 2017 – Radisys Corporation
17
Use Case: Security Offload
• IPSec Offload• IPSec Tunnel Termination • IPSec VPN Throughput over 100 Gbps• IPSec VPN Throughput over 60 Mpps
• ACL Offload• 10,000+ 5-tuple ACLs• Apply ACLs to encrypted traffic• Ability to drop traffic of selected flows
• LI (Lawful Intercept) Offload• Send matched flows to LI• Ability to send encrypted flows to LI
TDE-2000
LEAF
SPINE
TDE-2000 TDE-2000
Copyright © 2017 – Radisys Corporation
18
Agenda
• Introduction• Service Trends• Network Function Requirements• Scalability• Security• Summary
Copyright © 2017 – Radisys Corporation
DD. Should we also consider using the summary slide I sent earlier or Do we only need the one summary slide?
RJA – Duane summarizes FlowEngine features in next slide. Then Iain will summarize webinar learnings and close the webinar (Iain to develop this slide
19
FlowEngine™ TDE-2000: Open, Carrier Grade and High Scale
Ultra compact with high performance (up to 2 Tbps)*
Scalable to support millions of flows and subscribers
Wire speed switching
High speed network security
Advanced L4 – L7 network services
Carrier grade open source network switch
Fully data and control plane programmable
L2 – L7Intelligent SDN
Platform
Copyright © 2017 – Radisys Corporation
Radisys FlowEngine TDE-2000
www.iGR-inc.com
Sour
ce: iG
illottR
esea
rch, In
c, 20
17
More services, more connections, more devices◦ More people doing more things, not just more people
More network complexity to manage those streams◦ Virtualized environment◦ Load balancing demands
FlowEngine key part of network management infrastructure◦ SDN, NFV and Security◦ Service Function Chaining, with scalable load balancing
Security is key◦ FlowEngine supports Network TAP◦ Offload for IPSec, ACL and Lawful Intercept
Network Virtualization is not the question – how you optimize, manage and monetize the virtualized network is the critical success factor
21
Thank You! Questions?
James RadleySenior ArchitectRadisys
Duane DeCapiteSenior Director, Product Management and StrategyRadisys
Iain GillotPresident and FounderIGR Research
For more information, download the FierceTelecom eBrief
www.radisys.com/fierce-telecom-ebrief
Copyright © 2017 – Radisys Corporation