cloud meets networks - technische universität … function chains – first step towards sdn ......
TRANSCRIPT
Cloud Meets Networks Key for Innovations and Efficiency
Walter Haeffner Vodafone Distinguished Engineer
24th International Conference on Field Programmable Logic & Applications
Munich, Germany; 4th September 2014
Vodafone Germany – a brief company overview
Product portfolio, some major engineering activities
Cloud meets networks – virtualizing the service edge
Short Introduction into Network Function Virtualization, Status at Vodafone,
Operational benefits of cloud technologies in general
Flexibility, scalability, drastic reduction in lead times, positive business case
Service Function Chains – First step towards SDN
Improved service creation features by means of Software Defined Networks
Cloud meets Networks Topics
Public - W. Haeffner VF-DE 2
Vodafone Germany Our Company at a Glance
Vodafone Germany
Mobile and fixed communication services
Consumer & enterprise product portfolio
About 10.500 employees
More than 37 Million customers
Turnover: approximately 9,6 billion €
Over 20% of profit of the Vodafone Group
Public - W. Haeffner VF-DE 3
Vodafone Germany Our Product Portfolio
Public - W. Haeffner VF-DE
Consumer Offers
Mobile access: GSM, UMTS/HSPA, LTE
Fixed Access: xDSL/QoS, CaTV, WiFi
Services: VoIP, Internet Services, TV, VoD
Enterprise Offers
Internet Access for ISPs (IPv4 and IPv6)
MPLS VPNs, Ethernet Services, QoS, Encryption, …
Voice, IN, IVRs, FMC, Mail, Web, FW, …
Wholesale Offers
xDSL services (suitable for triple play)
Mobile voice and data services
4
Vodafone invests significantly in LTE,
CaTV and fixed networks in general
Major Vodafone Germany projects:
Converged IP backbone and
backhaul for fixed and mobile
Migration of all GSM and UMTS
mobile networks towards All-IP
First Vodafone OpCo with LTE.
VoLTE field trials ongoing
Now Vodafone Germany is first
OpCo where clouds meet networks
Vodafone Germany Future-proofing our Business
Public - W. Haeffner VF-DE 5
Cloud meets Networks Service Edge is a critical Cost Factor
Public - W. Haeffner VF-DE
Network Data Center
IPTV back-end systems,
Web, Mail and News
platforms, charging,
subscriber databases
IP Backbone
IP and Ethernet
over WDM
Service Edge
EPC, BNG,
SBC, AAA,
DNS, PEP, FW
DPI, NAT, …
Access / Backhaul
Mobile, DSL, CaTV
access network for
Consumer and
enterprise
Service edge became very complex, hard to manage and expensive to maintain
Without network function virtualization (traditional view)
6
C3-Confidential
Cloud meets Networks Service Edge Problem Statement
Public - W. Haeffner VF-DE
Service Gateways VoIP DNS / ENUM / AAA Application Servers Routers, Firewalls
Typically every telecommunication service has its own service creation environment
Proprietary telco equipment like switches, routers, service gateways, firewalls, ......
X86-based middleboxes like DNS, AAA, SIP proxies, performance optimizers, ...
Since generations, scaling up network and service capacity is basically a box business
Upgrades and extensions very time consuming, typically months to years
No elasticity, unforeseen capacity demands often hard to realize in time
Introduction of new network services very time-consuming and expensive
Commercial service platform often SW on a supplier-preferred HW platform
Telcos have a tough time to compete with Internet Service Providers
7
C3-Confidential
Service creation points are individual, dedicated proprietary telecommunication
systems with their typically extreme long development and deployment cycles
Cloud meets Networks IT Systems are much more modular than Telco Systems
Public - W. Haeffner VF-DE
Telecom Industry
Very long innovation cycles (years)
Network Operators (AT&T, BT, DT, VF, ...)
Proprietary OS Design
Proprietary HW Design
Software Applications
Proprietary
SW APIs
IT Industry
Very short innovation cycles (months)
Service Providers (Apple, Google, Facebook, ..)
Commercialized OS
Standardized Silicon
Software Applications
Standardized
SW APIs
8
C3-Confidential
Cloud meets Networks Since Years IT improves Economics with Virtualization Technology
Public - W. Haeffner VF-DE
Virtualization Layer
Virtual Switch
Application
OS Storage
Application
OS Storage
Application
OS Storage
Virtualization Layer
Application
OS Storage
Application
OS Storage
Application
OS Storage
Application
OS Storage
Application
OS Storage
Application
OS Storage
Application
OS Storage
Application
OS Storage
Larger Computer Center
based on Standard Blade Servers
Much more Virtual Machines
than Physical Servers
9
C3-Confidential
Cloud meets Networks Porting the Service Edge into the Telco Cloud
Public - W. Haeffner VF-DE
Service Gateways VoIP DNS / ENUM / AAA Application Servers Routers, Firewalls
10
Typically every telecommunication service has its own service creation environment
Proprietary telco equipment like switches, routers, service gateways, firewalls, ......
X86-based middleboxes like DNS, AAA, SIP proxies, performance optimizers, ...
Since generations, scaling up network and service capacity is basically a box business
Upgrades and extensions very time consuming, typically months to years
No elasticity, unforeseen capacity demands often hard to realize in time
Introduction of new network services very time-consuming and expensive
Commercial service platform often SW on a supplier-preferred HW platform
Telcos have a tough time to compete with Internet Service Providers
Individual proprietary system platforms removed – functionality ported into Telco Cloud
Standard Blade Server Hardware as Platform for Virtual Machines
And don’t forget
C3-Confidential
Cloud meets Networks Porting the Service Edge into the Telco Cloud
Public - W. Haeffner VF-DE
Service Gateways VoIP DNS / ENUM / AAA Application Servers Routers, Firewalls
11
Standard Blade Server Hardware as Platform for Virtual Machines
And don’t forget
Individual proprietary system platforms removed – functionality ported into Telco Cloud
Telco Cloud
Network Cloud Center
Cloud meets Networks Network Function Virtualization will help to reduce Life Cycle Costs
Public - W. Haeffner VF-DE
IP Backbone Access / Backhaul
With network function virtualization (the final view – so far)
Many service edge systems
virtualized to run in a
common Telco Edge Cloud
All server-based service
platforms, OSS and BSS
are migrated into a Cloud Center
12
Cloud meets Networks Paradigm Changes with Network Function Virtualization
13 Public - W. Haeffner VF-DE
Replaces box business by software license business.
Opens market for innovation.
Easier operational handling.
SW runs on a virtual machine and therefore is movable.
Commercial (e.g. VMware, Microsoft) or
public domain (e.g. Linux/KVM) platform.
Of the shelf servers.
Only one platform to manage.
Business case: more virtual servers than physical servers.
Of the shelf high volume storage.
Off the shelf Ethernet switches.
Virtual Machines
Virtualization Layer
above bare metal
Commodity Server
Hardware
Storage
Cloud Center Switching
Highest availability of HW and Software: 99,999% (5 min / year)?
Characteristics of telco data plane and control plane traffic supported?
Quality of Service (QoS) with respect to IP and Ethernet transport?
Sufficient throughput comparable to ASIC-based network elements?
Should we always (try to) virtualize/emulate silicon-based features?
Cloud meets Networks Is an out of the Box System ready for virtualized Telco Environments?
Public - W. Haeffner VF-DE 14
Cloud meets Networks NFV and SDN Application Domains in Carrier Networks
Public - W. Haeffner VF-DE 15
Network Core
Simple, just MPLS forwarding
SDN not required
Network
Edge
Network Edge
• keeps all the intelligence
• Could be fully realized in SW
(virtualized data centers)
• Well, could become expensive
Data Centers
• Hypervisors include
many virtual switches
Network Centers
• Include many
middleboxes
• Could be fully
virtualized Firewalls, Proxies, Optimizers,
Load Balancers, DPI,
Intrusion Detection, ….
is data plane functionality
SDN
• Traffic Engineering
• Access Control
• VPN creation (isolation)
• Other connectivity services
Other potential
SDN domains
Only global functionality
Cloud meets Networks Interrupts may become potential Bottlenecks within Virtualized Platforms
Public - W. Haeffner VF-DE 16
External IRQ causes eight exits and enters before guest VM is allowed to restart stalled process:
Guest System
Host System
Running ISR Running
Running Running
VM exit
Host enter
VM enter
Host exit
VM exit
Host enter
VM enter
Host exit
External Interrupt Request (IQR)
VM: Virtual Machine
ISR: Interrupt Service Request
Source: Wind River, Intel: HIGH PERFORMANCE, OPEN STANDARD VIRTUALIZATION WITH NFV AND SDN
Achieving near-real-time performance in SDN and NFV requires to solve some main issues.
Cloud meets Networks Interrupts may become Bottlenecks in Telco Applications
Public - W. Haeffner VF-DE 17
Mobile base stations I/O intense systems hundreds to thousands of IRQs per second.
Similar, Mini Cloud virtualization layer must handle thousands of interrupts per second.
Thousands of IRQs per second serious impact on quality of telco services ( delay, jitter).
E.g. Wind River /Intel claims to reduce the typical interrupt latency from between
300 and 700 μsec to sub-20 μsec, (close to near-native performance) by using
Wind River Open Virtualization Profile Carrier grade RT-Linux kernel, high priority guest VMs
Virtualized Packet GW (EPC)
Virtualized Baseband Unit
(running in a Mini Cloud)
Remote
Radio Head
Telco Edge Cloud
Source: Wind River, Intel: HIGH PERFORMANCE, OPEN STANDARD VIRTUALIZATION WITH NFV AND SDN
Cloud meets Networks Intel Data Plane Development Kit (DPDK) reduces Latency significantly
Public - W. Haeffner VF-DE 18
Message signaled interrupt (MSI) latency of
an out-of-the box version of KVM and Linux
measured over thousands of interrupts,
In this virtualized environment, some
interrupts had latencies exceeding 600 μs
and the average was around 25 μs.
System with Wind River Open Virtualization
Profile. The maximum interrupt latency was
less than 14 μs and the average was about
8 μs. This represents a more than 40 times
improvement in the worst-case latency of
the non-optimized case.
Source: Wind River, Intel: HIGH PERFORMANCE, OPEN STANDARD VIRTUALIZATION WITH NFV AND SDN
Cloud meets Networks Intel Data Plane Development Kit : Virtual Machine gets direct Access to phyNIC
19
Virtual
Appliance
Virtual
Appliance
Virtual
Appliance
Virtual
Appliance
Virtual
Appliance
Virtual
Appliance
Intel DPDK
Environment Abstraction Layer
Environment Abstraction Layer Linux
Kernel
Intel DPDK
Environment Abstraction Layer
Hardware
user space
kernel space
No nondeterministic
behavior and overhead
of virtualization layer
and Linux kernel
Public - W. Haeffner VF-DE
Cloud meets Networks Lot of tweaking necessary for virtualized Network Functions
Public - W. Haeffner VF-DE 20
6WIND extended Intel’s DPDK
IPSec acceleration
Crypto acceleration
Virtualization enhancements
Virtualization enhancements include
I/O Virtualization (IOv)
bypassing virtual switch,
shortcut between VM and phyNIC
Virtual NIC (vNIC) Driver
for east-west traffic via vSwitch
VM to VM (VM2VM) driver
direct VM-to-VM communication
bypassing vSwitch (highest throughput)
Virtual Machine
Virtual
Appliance
Operating
System
Virtual Machine
Virtual
Appliance
LINUX
6WIND
Intel DPDK
Virtual Machine
Virtual
Appliance
LINUX
6WIND
Intel DPDK
Virtual Switch
Hypervisor
phyNICs
VM2VM
vNICs
IOv
Source: Whitepaper from www.6wind.com
Cloud meets Networks Today a single x86 Xeon now makes up to 80 Mpps
Public - W. Haeffner VF-DE 21
Intel Xeon
E5645
2 sockets
6x 2,4 GHz
Intel Xeon
E5645
1 socket
6x 2,4 GHz
Intel Xeon
E5-2600 v3
1 socket
8x 2,0 GHz
80 Mpps
35.2 Mpps
12.2 Mpps Native
Linux
Stack
Intel
DPDK
in Linux
user
space
Intel
DPDK
in Linux
user
space
Intel
DPDK
in Linux
user
space
Intel
DPDK
in Linux
user
space
2010
2010
2014
Reference Platform
Quad Intel® Xeon® Processor
E5-2600 v2 Series at 2.8 GHz
64 GB RAM
20 x 10G Ethernet ports
IP Forwarding: 10 Mpps per core,
up to 228 Mpps using 40 cores
Performance scales linearly with
number of cores configured to run
the 6WINDGate fast path
Performance is independent of
packet size
Cloud meets Networks 6WINDGate reported up to 226 Mpps independent on Packet Size
Public - W. Haeffner VF-DE 22
Source: Whitepaper from www.6wind.com
Session Boarder Controllers connect
external with internal networks.
SBCs include a Back-to-back user
agent, Firewall, NAT/PAT, ...
Very often used to secure and support
internal VoIP networks and platforms.
Split signalling (SIP) from voice data.
Hardware SBCs include a network
processor, a DSP for voice and fax
transcoding, a x86 CPU for signalling.
Cloud meets Networks Virtualizing ASIC-based Features
Public - W. Haeffner VF-DE 23
SIP signaling, protection, NAT:
in fact often already done on x86.
SIP encryption (SIP over TLS):
Network processors or x86 CPUs
may do the job easily.
Data layer throughput (RTP stream of
small voice IP packets): Today no
issue at all with Intel DPDK.
Media layer handling the voice
stream, voice and FAX transcoding:
SBC
sessions
Transcoding
< 5% of sessions
Transcoding
> 5% of sessions
Few hundred Good fit for vSBC Good fit for vSBC
Thousands Good fit for vSBC Bad fit for vSBC
Source: AudioCodes, April 2014
Highest availability of HW and Software: 99,999% (5 min / year)?
For sure. Feasible for HW and SW. Standard by now.
Characteristics of telco data plane and control plane traffic supported?
Not out of the box. Requires mods in operating system and virtualization layer.
Quality of Service (QoS) with respect to IP and Ethernet transport?
Typically, vSwitches, vRouters support L2 & L3 DSCP marking and basic QoS.
By today, “real” QoS with multiple queues still silicon-based.
Sufficient throughput comparable to ASIC-based network elements?
Up to 100, ...200 Gbps feasible and reasonable with virtualized systems.
But virtualization of large routers (2 – 4 Tbps per shelf) not feasible by now.
Should we always (try to) virtualize/emulate silicon-based features?
Depends pretty much on the use case. Extensive use of e.g. DSPs may
exclude virtualization of a hardware device.
Cloud meets Networks Is an out of the Box System ready for virtualized Telco Environments?
Public - W. Haeffner VF-DE 24
Cloud meets Networks Keep your Objectives feasible
Public - W. Haeffner VF-DE 25
virtualized Telco Cloud
on x86 Architecture x86-based
server systems
network elements
with “large brain and
less muscles”
network elements
with “small brain and
big muscles”
stay with silicon-based
physical boxes
Specialized ASICs
hard to map on x86
Public - W. Haeffner VF-DE 26
Cloud meets Networks Our Three Year Network Engineering Telco Cloud Program
Accelerate network and service deployments by
Telco Edge Clouds & SDN technologies:
Short Term: Move all middleware and server-based
functionality into unique Telco Edge Cloud
(Focus fixed and mobile VoIP infrastructure).
Mid term: Mobile Packet Core, Internet platforms,
NMS/OSS, virtual CPEs, self service portals.
Design and deploy orchestration platform.
Long Term Objectives with focus SDN:
Management of virtual LANs
Service creation platform for Gi-LANs
Flexible and fast provisioning of mobile backhaul links
Cloud meets Networks Virtualized Voice Services for Fixed and Mobile –Field Trials ongoing
Public - W. Haeffner VF-DE 27
VAS Service Chains vEPC VoLTE Fixed VoIP
VCE vBlock
*Target: one VoIP Platform (based on our VoLTE solution) for Mobile, DSL, TV Cable or FttH
Cloud meets Networks Paradigm Shift: From centralized to decentralized Mobile Network Platforms
Local Management
Platform
Central Management
Platform
Flexible capacity scaling for
all virtualized network apps
New IT-like deployment model
for new services
Increased redundancy
Uniform and standardized HW
(compute, storage, switch)
Network function shifts possible
between locations
Lower latency through closeness
to network edge
Run regional apps for specific
customers (e.g. enterprise)
Higher complexity and new
service assurance models
Public - W. Haeffner VF-DE 28
Cloud meets Networks Benefits already seen
Lower costs – Network will utilise
cheaper due to general purpose
standard hardware
Faster time to market – standard
HW deploys faster. And it’s just SW
deployment once cloud platform is
in place.
Better performance – NVF ensures
elasticity (network can automatically
adapt to resources required)
Improved quality – automatic
provisioning reduces manual
configuration errors
Public - W. Haeffner VF-DE 29
C3-Confidential
Cloud meets Networks First vEPC Implementations appeared
30
VCE vBlock
Core capacities can be scaled with
much better flexibility
Enabler for new resilience schemes
and increased site redundancy
vEPC
Internet
Walled Garden
Public - W. Haeffner VF-DE
Cloud meets Networks Business Case for Telco Cloud very attractive
Considered TCO for eight services
Telco Edge Cloud business case
25 % to 45 % CAPEX savings over
the next 5 years
30% to 60% OPEX reductions over
the next 3 years
IMS TAS NGN IVR
IN TDM EPC DNS
31 Public - W. Haeffner VF-DE
Cloud meets Networks Service Function Chains manage network traffic and service policing
Public - W. Haeffner VF-DE 32
Mobile network operators need to implement a complex array of single- (or few-) function
devices ( a.k.a. SFC) to control data traffic such that they can achieve their business goals.
Internet
PGW
Router
Router
IP Backbone
Access
protect network & privacy – FW, IDS, ACL, ...
optimize transport & payload – TCP Opt., Video Opt., ...
functions required for technical reasons – GC-NAT, DPI, LB, ...
merge signaling information into data flow - HTTP header enrichment, ...
network-based value added services – parental control, malware protection, ...
LAN(s) with Service Function Chains
Walled Garden
Services
Cloud meets Networks Service Chaining will allow flexible Service Composition
33
Composition of services will be enabled
by Network Function Virtualisation
Users (or groups of users) can have
individual service chains
Service Chains
example
Public - W. Haeffner VF-DE 33
Cloud meets Networks Not only Servers but also Switches become virtualized
Public - W. Haeffner VF-DE 34
Virtual Switch
Virtual Switch
SF1
SF1
SF1
SF1
SF2
SF2
SF3
SF3
SF3
SF4
SF4
Service Chain Blue: SF1 – SF3 – SF4
Service Chain Red: SF1 – SF2 – SF4
Cloud meets Networks Simplified and flexible Service Chain Set-up based on SDN Technologies
Public - W. Haeffner VF-DE 35
1 2 4
3 5
6
• Create Service Function Topology • Define Branching Conditions
(Business Rules) graphs uni- or bidirectional
SDN Compiler translates automatically abstract Service Function Chain into a physical Network Configuration
Mediation Device (Openflow, OVSDB, Netconf, LISP, ...)
S4 S5 S6 • Forwarding Topologies for multiple service chains.
• Branching rules in services
1 Abstract service
Abstract link
S1 (virtual) service function
(virtual) forwarding device Physical Layer
1 3 6
S1 S2 S3
Cloud meets Networks Define Forwarding in an abstract topological Service Function Graph
Public - W. Haeffner VF-DE 36
SFP-2
SFP-1
SFP from to
SFP-2 class SF-1
SFP-2 SF-1 SFF-2
SFP-1 class SF-1
SFP-1 SF-1 SF-2
SFP-1 SF-2 SFF-2
SFP from to
SFP-2 SFF-1 SF-6
SFP-2 SF-6 SF-7
SFP-2 SF-7 SFF-3
SFP-1 SFF-1 SF-3
SFP-1 SF-3 SFF-3
SFP from to
SFP-2 SFF-2 SF-4
SFP-2 SF-4 SF-5
SFP-2 SF-5 exit
SFP-1 SFF-2 SF-4
SFP-1 SF-4 SF-5
SFP-1 SF-5 exit
Classifier
SF-1
SF-3
SF-4 SF-7 SF-6
SF-2
SF-5
Control and
User Plane
Metadata
IP User Data Metadata .....SFP... Transport Header
New NSF Header
flow is from P-GW to data source
and from data source to P-GW
SFF-1 SFF-2 SFF-3
Classifier is
always first
element
traversed by
an IP packet
NSF: Network Service Function
SFF: Service Function Forwarder
SFP: Service Function Path
P-GW: LTE Packet Gateway
Cloud meets Networks Map topological Forwarding onto physical Underlay Network using SDN
Public - W. Haeffner VF-DE 37
SFP-2
SFP-1
Classifier
SF-1
SF-3
SF-4 SF-7 SF-6
SF-2
SF-5
SFF-1 SFF-2 SFF-3
Topological SFP Table
SF Attachment Table
Underlay Tunnel Table
SFP-Instance
SDN Controller
OVSDB Openflow
Service Function Chain
Compiler
Map onto Flow Tables
Cloud meets Networks Service Function Chaining is going to be Silicon-based
Public - W. Haeffner VF-DE 38
IP User Data Metadata .....SFP... Transport Header
New NSF Header
First Network Processors soon will be able to process not only L2 (Ethernet) and L3 (IP)
but also Network Service Function Header which is going to be defined by IETF SFC-WG.
If you like to know more details, google for Cisco ACI (Application Centric Infrastructure) .
Cloud meets Networks Summary
Public - W. Haeffner VF-DE 39
Network Function Virtualization permits by now unseen scalability and elasticity.
NFV and Cloud technologies enables us to reduce CAPEX and OPEX
significantly in the respective application domains of the network edge.
NFV offers the potential to reduce implementation lead times from weeks
and days to hours and minutes.
Virtualization of Fixed and Mobile Voice Infrastructure (NGN, VoLTE) is already
in place at Vodafone-DE and ready to support full national coverage.
Further applications specially from the mobile core (EPC, DNS, AAA, ...)
are currently going to be virtualized.
Most complex task will be the specification and implementation of the
corresponding IT-based orchestration system for the combined management
of virtualized computing resources and network functionality.
Cloud meets Networks
Public - W. Haeffner VF-DE 40