COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Michael Scharf, Vijay Gurbani, Thomas Voith, Manuel Stein, W. Roome, Greg Soprovich, Volker Hilt

Oct. 10, 2013 - Second European Workshop on Software Defined Networks (EWSDN)

DYNAMIC VPN OPTIMIZATION BY ALTO GUIDANCE

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

AGENDA

VIRTUAL PRIVATE NETWORKS

ALTO VPN SERVICE

PROTOTYPE

CONCLUSIONS AND OUTLOOK

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

VIRTUAL PRIVATE NETWORKS PROVIDER PROVISIONED VPNS

• State-of-the-art VPN technologies [RFC 4026]

• Layer 2 VPN, e. g., VPLS [RFC 4762]

• Layer 3 VPN, e. g., BGP/MPLS IP VPNs [RFC 4364]

• Possibly with QoS guarantees

• “Cloud bursting” use case

• Interconnecting customer sites and data centers

• More dynamic than traditional VPN provisioning

New, IT-friendly APIs

Service provider MPLS/IP network

PE

PE

Provider edge (PE)

Customer site Customer site

Data center

Virtual private network (VPN)

Cloud bursting with VPNs

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

VIRTUAL PRIVATE NETWORKS SDN FRAMEWORK

SDN application SDN application

SDN application

SDN controller / orchestrator

Application

domain

Network

domain

Network. element

• Topology

• Resources

• Capabilities

• QoS needs

• Constraints

• Credentials

Info

• Triggers

• Events

• Logs/billing

• Configuration

• Routing

• Exceptions

Info

Co

ntr

ol

Co

ntr

ol

Existing

control/management Network element

ALTO scope Other SDN protocols

Southbound

API

North-

bound

API

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

VIRTUAL PRIVATE NETWORKS SDN FRAMEWORK WITH ALTO

SDN application SDN application

SDN application

SDN controller / orchestrator

Application

domain

Network

domain

Network. element

• Topology

• Resources

• Capabilities

• QoS needs

• Constraints

• Credentials

Info

• Triggers

• Events

• Logs/billing

• Configuration

• Routing

• Exceptions

Info

Co

ntr

ol

Co

ntr

ol

Existing

control/management Network element

ALTO scope Other SDN protocols

Southbound

API

North-

bound

API ALTO

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

AGENDA

VIRUAL PRIVATE NETWORKS

ALTO VPN SERVICE

PROTOTYPE

CONCLUSIONS AND OUTLOOK

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

• IETF Application-Layer Traffic Optimization (ALTO) for network awareness

• Standardized API between network and apps

• Exchange topology and status information

• Objective: Optimized resource selection

• Network map: Abstract the network topology

• Cost map: Optimized costs based on service provider preferences

• Benefit: Win-win situations for network and applications

• Application: Better performance with minimal overhead

• Network: Optimized traffic and policy compliance

• Bell Labs is a core contributor to standardization

• Co-chair of IETF ALTO WG and IRTF P2P RG

• Authoring key protocol extensions for clouds and CDNs

• Full standard-compliant ALTO server by Bell Labs (http://alto.alcatel-lucent.com:8000/directory)

ALTO VPN SERVICE IETF ALTO STANDARD

Cloud

ALTO server

Network and cost map

PID#2

PID#1

PID#3

3

9 5

CDN

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

ALTO VPN SERVICE EXAMPLE FOR ALTO MAPS

PID3

0.0.0.0/0

PID1

192.0.2.0/24

198.51.100.0/25 9

3 5

HTTP/1.1 200 OK

...

Content-Type: application/alto-costmap+json

{ "data" : { "map-vtag" : "1266506139",

"cost-mode" : "numerical", "cost-type" : "routingcost",

"map" : {

"PID1": { "PID1": 0, "PID2": 3, "PID3": 9 },

"PID2": { "PID1": 3, "PID2": 0, "PID3": 5 },

"PID3": { "PID1": 9, "PID2": 5, "PID3": 0 }

} } }

Cost map

ALTO client Info ALTO server

PID2

198.51.100.128/25

HTTP/1.1 200 OK

...

Content-Type: application/alto-networkmap+json

{ "data" : { "map-vtag" : "1266506139",

"map" : {

"PID1" : { "ipv4" : [ "192.0.2.0/24", "198.51.100.0/25“ ] },

"PID2" : { "ipv4" : [ "198.51.100.128/25" ] },

"PID3" : { "ipv4" : [ "0.0.0.0/0" ] }

} } }

Network map

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

ALTO VPN SERVICE MOTIVATION AND REQUIREMENTS • Differences between VPNs and public Internet

• Addressing – VPN sites may not have meaningful address

• Overlay over the MPLS/IP core, not only using BGP/ISIS/OSPF/… routing

• No connectivity to sites not already attached to the VPN

• Topology is customer-specific and must only exposed to authorized users

• Better ALTO guidance possible due to controlled environment (typically single AS)

• Benefits of ALTO guidance

• Avoid the overhead and issues of per-application measurements

• Expose information not measurable (e. g., cost to unconnected VPN sites)

• More details on use cases and requirements: draft-scharf-alto-vpn-service-01

CE

Data center 3

Data center 1

CE VPN

MPLS/IP

CE

Data center 2

ALTO client

ALTO server

PID#2 PID#1

PID#3

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

In-band

User applications

Out-of-band

Management applications

ALTO VPN SERVICE TWO DIFFERENT USE CASES

Service provider network

PE

PE

Provider edge (PE)

Customer site Customer site

Customer site

Virtual private network (VPN)

ALTO server is attached

to VPN

In-band ALTO access

PE

PE

Provider edge (PE)

Customer site Customer site

Customer site

Virtual private network (VPN)

ALTO server stand-alone

Service provider network

Out-of-band ALTO access

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

AGENDA

PROTOTYPE

ALTO VPN SERVICE

VIRUAL PRIVATE NETWORKS

CONCLUSIONS AND OUTLOOK

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

PROTOTYPE SYSTEM ARCHITECTURE

CE

Data center 3

Data center 1

CE VPN

MPLS/IP

CE

Data center 2

ALTO server ALTO server

Northbound OSS interface

ALTO server

Network Management System (NMS)

ALTO protocol

Provisioning

NMS adapter

VPN application

SNMP, ...

PID#2 PID#1

PID#3

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

VPN topology view Constraint-based scale-out

• Topology scale-out of an MPLS-based L3VPN in a test-bed with three MPLS/IP routers

• Bandwidth information from ISIS-TE, RSVP-TE, and SNMP

• Delay information from active VPN OAM delay measurements

PROTOTYPE WEB PORTAL SCREENSHOTS

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

PROTOTYPE … NOT SOFTWARE ONLY ;)

Network management

5620 SAM, 5650 CPAM

Routing monitor

7701 CPAA

MPLS/IP Router 1

7750 SR-c4

MPLS/IP Router 2

7750 SR-c4

MPLS/IP Router 3

7750 SR-7

Servers

External/web gateways

Network/delay emulation

Networking

components

IT demo

components

Bell Labs ALTO server

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

AGENDA

CONCLUSION AND OUTLOOK

ALTO VPN SERVICE

VIRUAL PRIVATE NETWORKS

PROTOTYPE

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

CONCLUSION AND OUTLOOK ALTO VPN SERVICE

• Dynamic control and management of VPNs (L2VPN, L3VPN, …)

• New use cases such as “cloud bursting”

• New interfaces between NMS and IT applications

• ALTO VPN service

• Support of scale-out of VPNs to new sites by topology awareness

• Standardization of ALTO protocol extensions required

• Proof-of-concept prototype for optimized VPN site selection

• Using a carrier-grade NMS with existing northbound interfaces

• Demonstration in a test-bed with MPLS/IP routers

• Open issues and next steps

• Tests in larger and more complex VPN scenarios

• Quantification of the benefits of the ALTO VPN service