Enabling SDN for Service Providers by Khay Kid Chow

Cisco Confidential 1

Khay Kid Chow, Cisco Systems MyNOG-3 November, 2013


•  Network Evolution – Programmable Networks •  Enabling Technologies – vPE and ESC •  Service Provider Use Cases

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Person2Person

Person2Thing

Person2Thing

Thing2Thing

Centralized Decentralized Distributed

Net

wor

k Im

pact

Anytime, Anywhere, Anyone.. …and Anything

Programmable Device-Driven

Events =

Bandwidth +

Compute +

Control


Programmable Triggers of Event- Driven Services (Adaptation Rates and Automation)

Bandwidth (Cost Reduction and Speed)

Multi-service Consumer/ Business Bundles (Prioritization and Agility)

Service Providers in the Central Role

Bits/ps Service Provider

Voice Video Data

Mobile

Service Provider

Smart Energy

Service Provider Smart Health

Smart Industry

Smart Homes

Smart Car

Smart Offices


Technology Objectives

Make everything go faster, easier and more agile

• Configurable Networks • Orchestrated Networks

• Apps-aware networks • Network-aware apps

• Network interfaces

• Managed Networks

• Programmatic interfaces

• Automated Networks


Application Software New Businesses

SaaS + Integration Operations BI

Infrastructure Software Management Orchestration

Analytics, Controllers

Embedded Software Core Business

Route, Switch, Appliance IOS, XR, NXOS, others…

Services Orchestration

Workflow and Intent

Programmability

Applications

Network

Network Intelligence, Guidance

Statistics, States, Objects and Events

Analytics Policy (Application + Network + Security)

Network Intelligent Applications


Resource Orchestration, Management

Applications (End-User and System Applications)

Virtual and Physical Infrastructure

Programmatic Interfaces


Applications (End-User and System Applications)

Controllers and Agents

Virtual/Overlay Networks

Platform APIs


Application Frameworks, Management Systems, Controllers, ...

Device

Forwarding

Control

Network Services

Orchestration

Management

PCEP Ouantum OpenFlow Puppet Netconf OMI I2RS … onePK

OpenFlow

I2RS

PCEP

Ouantum

OMI Puppet Netconf …

IOS / XE NX-OS IOS-XR

onePK API & Agent Infrastructure Agent

Agent

Agent

Agent

Agent Agent Agent


“End-to-End Dynamically Provisioning and Monitoring of Virtualised Services using a single point of configuration”

Router

Network Orchestration

DC Orchestration

Compute

Traffic from 1.1.1.1

“Route all traffic from IP 1.1.1.1 to an instance of the virtualised service

foo”

Virtual Service Instance Foo

Service VM

Service VM

Load Balancer

“Can you also monitor it for any end–to-end failures and take recovery action if/when

needed”

“Of course I’d also like the service to scale up and down

dynamically based on demand”

“And give me APIs to do all this programmatically”

“Can you make sure the network is also configured to

know about this service“


What services ?

Where to run?

How to manage?


vSwitch VSG vISE vASA

vWAAS vMSE vWLC Route Reflector

vNAM Video Cache

PRIME (NCS) vRouter

.. Many familiar network services functions have already been developed for virtualized implementations


Attaching Compute to the Network

Compute with Openstack Service

VM kvm

OpenStack

OpenStack

Service VM

kvm

Compute with Openstack Service VM

kvm Service VM

kvm

OpenStack

OpenStack

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Blade Service

VM kvm

OpenStack

Service VM

kvm


Provision Virtual

Machine(s)

Provision Virtual

Network Monitor all

Components Configure Physical Network

Advertise Service (BGP)

Parse Service

XML

API calls out to the VM Orchestration Layer (eg.

Openstack, Vmware)

Configure Virtual

Machine(s) Pass the VM Configuration data to the VM at provisioning time (so it can self configure)

VM Orchestration system to create virtual network

(Openstack: Quantum/OVS)

Openstack Quantum plugins for Physical devices

BGP service advertiser to publish/withdraw network routes to the given service

Service Definition is an XML Document

Monitoring for each VM and the application within the VM


Service Catalog and Workflow

Service Orchestration

VM/Storage Controller Network Controller

Orchestration

Infrastructure

Catalog

Physical Network Compute / Storage

Virtual Services Virtual Network

App

s

App

s

App

s

App

s

App

s

App

s

(4) VM &

Service Monitoring

(6) Events/ syslog

(2) Network Provisioning

ES

C

(5) Service Advertising via BGP

(1) Service Request

External Clients

(3) VM Provisioning


Service

KVM

Service

KVM

Service

KVM

Openstack

Hypervisor (KVM)

Host OS (Linux)

<service-request> XML Document

Services Controller

KVM

Service

KVM

Service

KVM

SERVICE_NAME <request-id>

Service

KVM

Service

KVM

Service

KVM

✔ ✖

Service

KVM

Service

KVM

Service

KVM

1.  <service-request> is generated and sent to the Services Controller which then creates the active VMs and hot-standby VMs

2.  Service starts and reports application stats to the Service Controller STATUS=OK

3.  Load increases and VMs are getting overloaded STATUS=OVERLOAD

4.  Services Controller activates 3 of the “hot-standby” VM and adds them to the running service causing the load on all VMs to decrease below the threshold

5.  The Services controller backfills the “hot standby” queue by booting 3 new VMs but not activating them

Standby VM Queue

Load Balancer

KVM

BGP

ganglia


Connecting Users to Virtualized Services

Enterprises SMBs

Mobile Users

Home

GI-LAN | Consumer

DPI CGN WWW

FW CDN IPS

Virtual Private Cloud

NfV Services

DPI CPE WAAS

FW NAM IPS Service Provider


Connecting Network SDN and Datacenter NFV Cloud Datacenter

Consumer

DPI CGN WWW

FW CDN IPS

Virtual Private Cloud

Enterprise NfV Services

DPI CPE WAAS

FW NAM IPS

SP NGN

SP Data Center

Guaranteed Network SLA Cloud SLA Service Chaining

vPE / VSOC / ElasLc Service Controller

WAN Controller


Physical Network

DC Interconnect (e.g.: ASR 9000)


Physical Network


xDSL

GPON

FTTX

Mobile

xDSL

GPON

FTTX

Mobile

xDSL

GPON

FTTX

Mobile

R2

R1

R1

R1

Technology and Design Innovation – decreasing time to revenue

Creating value with new Smart Cloud services §  Business – Cloud IPVPN – self-service IPVPNs

Virtual Private Cloud - Bring Your Own Design Virtualized Security, Collaboration, Cloud CPE

§  Consumer – Virtual BRAS, DHCP Subscriber Routing Virtualized Video

§  Mobility – Virtual EPC, Gi Network Services ( vGiLAN )

Enabling new modes of operation §  User-centric – self-service for control of own experience §  Real-time – service creation, takes minutes instead of weeks §  Automation – orchestration at scale for reduced OPEX §  Virtualization – service agility, infra capacity reuse, fast TTM

(v)Switch (v)Router

Controllers

Hardware

HyperVisor

VM

VM

OS OS

Service Abstraction

Topology Abstraction

Control Plane

Data Plane

Control Plane

Data Plane

Programmatic API Virtual Overlay Network OS

Network Abstraction

Applications NMS

Control Abstraction

I/O Shelf

Router Optical Shelf

Driving Operational Simplicity through Virtualization of Physical Infrastructure

Cisco ONE SDN Cisco nV Cisco NFV, XRv, VIRL, Spirit

Cisco vPE


x86 Server (e.g.. UCS)

Multi-core CPU Multi-core CPU Memory Storage NIC NIC …

Hypervisor (e.g. KVM QEMU, VMWare ESXi)

vSwitch (n1kv)

vSwitch (n1kv) …

…

VM

vMemory

virtual harddisk

vNIC

vCPU

vNIC …

Virtual

Appliance

vCPU

vMemory

virtual harddisk

vNIC

vCPU

vNIC …

VM

IOS-XRv 64-bit

IOS-XR (Spirit 64bit)

vCPU

vMemory

virtual harddisk

vNIC

vCPU

vNIC …

VM

NX-OSv

NX-OS

vCPU

vMemory

virtual harddisk

vNIC

vCPU

vNIC …

VM

IOS-XRv

IOS-XR (Classic)

vCPU

vMemory

virtual harddisk

vNIC

vCPU

vNIC …

VM

CSR1kv

IOS-XE

vMemory

virtual harddisk

vNIC

vCPU

vNIC …

VM

IOSv

IOS Classic


Development Environment for Cisco ONE

•  A multi-purpose network virtualization platform

•  Virtual machines running the same operating systems as used on physical Cisco products: IOS, IOS-XR, NX-OS

•  Virtual Machine orchestration capabilities enables creation of highly-accurate models of real-world or future networks – scales to thousands of virtual network devices


Application Automation

WAN Orchestration

Elastic Services – Security aaS

1

2

3


Business Objectives A market leader in IaaS and Availability Services (Back-up & Recovery)

Based in the U.S. and operating in 70 countries globally.

Availability and Continuity Automate, Streamline and Scale

Core Business

Monetization Platform Offer new, elastic services on demand

Provide infrastructure and systems on demand for Hybrid/VPC business models

1


Customer Recovery Service Infrastructure

Secure Multi-Tenancy Fully Automated

Aggregation

Access Access Access Access Nexus3k Nexus3k

Aggregation Aggregation Aggregatiok onePK

onePK

Router Firewall/VPN Switches Storage X86 Servers Unix Servers Load-balancer

Orchestration

VPP Application

ONE Controller

Customer 1

Customer 2

100s of customers can on-board and test recovery services simultaneously.

Network Programmability builds a “network slice” per customer track usage and health per network slice

Customer Slice #2

Customer Slice #1

Virtual Patch Panel SDN Controller, OnePK, ESC, OpenStack

1


WAN Optimization: Service Velocity

SDN Benefits

Customer Self-service: Enable customers to reserve bandwidth to onboard data and applications

Track Topology and State: Compute network paths to deliver best available connection Seamless Service Creation and WAN synchronization

Bandwidth Calendaring 2


Bandwidth Calendaring

Packet Bandwidth Calendaring

Application

Bandwidth Orchestration

Data Collection

Network Programming

DC Service A

User / Requestor

1 BW Calendaring App provides UI to end user. End user requests connectivity between locations with BW requirement and calendar interval

Packet Topology and State information shared

2 WAN Orchestration controller collects topology, state and utilisation info from packet network

3a User requests connection with defined BW characteristics to DC service A from location attached to Router D for specific Calendar period

3b On behalf of user, BW Calendaring App requests a Network path to DC Service A from location attached to Router D

4 WAN Orchestration controller discovers available resources and calculates optimal path and returns result to the app

5 BW calendaring confirms request to end user and tracks reservation to ensure Service is available at the required Calendar interval

PCE & Demand Engineering, WAN Controller

2


SDN Benefits

Example: Security as a Service 3

Security Threat Defense and Mitigation

Program Network to insert services where it makes the most sense

Services and Functions scale elastically with the network

Enable New Services

Optimal Deployment

Leverage Cloud


Cloud orchestration

WAN

User / Requestor

Dynamic Scaling of Bandwidth and Services

Security Web FWs

NAC/Compliance DDoS Scrubbers

1 Request is made to instantiate Security Service at multiple DC/Cloud locations

2 ESC Requests Cloud Orchestration to spawn VM instances and network connectivity to run the Security service

3 ESC requests from WAN Orchestration network path to carry flows requiring Security services to nearest DC/Cloud

4 ESC monitors service instances and based on policy decides when to spin up additional capacity per service DDoS – As attack traffic increases spin up additional scrubbers in both DCs

Services Controller

Service Orchestration

ES

C

DC/Cloud #1

DC/Cloud #2

WAN orchestration

1 2

3

4

PCE & Demand Engineering, ESC, Openstack, NfV

3

Security Web FWs

NAC/Compliance DDoS Scrubbers


•  SDN: An evolutionary step for networking -  Complement/Evolve the Network Control Plane where needed

•  Centered around delivering open, programmable environment for real-world use cases

-  No one-size-fits-all -  APIs, Network Virtualization, Agents/Controllers -  Joint evolution with industry and academia

•  Technology-agnostic -  Not predicated on a particular technology or standard -  Draw from existing technologies and industry standards

•  Delivered as incremental functionality -  Many customers will use hybrid implementations -  Build upon existing infrastructure with investment protection

Enabling SDN for Service Providers by Khay Kid Chow

Technology

Transcript of Enabling SDN for Service Providers by Khay Kid Chow