szabó gábor mérnök-tanácsadó, cisco magyarország kft…events.cisco.hu/2014/techtorial/doc/11...

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved.

Szabó Gábor

Mérnök-tanácsadó, Cisco Magyarország Kft.

2014. február 27-28.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

•  Introduction to NFV • Cisco strategy around NFV • Standardization effort around NFV • Where NFV applies, where it does not • NFV components • NFV use cases


NAT VM

Firewall VM

SBC VM

dDOS VM

Virus Scan VM

IPS VM

DPI VM

CGN VM

Portal VM

PCRF VM

DNS VM

DHCP VM

BRAS VM

SDN Ctrl. VM

RaaS VM

WLC VM

WAAS VM

CDN VM

Caching

VM NMS VM

•  Enablers Hypervisor and cloud computing technology Improving x86 h/w performance Optimised packet processing and coding techniques Network industry standardising on Ethernet SDN based orchestration

•  Value Proposition Shorter innovation cycle Improved service agility Reduction in CAPEX and OPEX

•  ETSI based standardization

NfV = Transition of network infrastructure services to run on virtualised compute platforms


Today With NfV

Use case #2: Increase service capacity

1.  Iden5fy capacity threshold reached 2.  Buy hardware 3.  Install image 4.  Install hardware in DC 5.  Connect to network 6.  Configure and commission service

1.  Service dynamically scales to adjust to demand

Use case #1: New service required

1.  Buy hardware 2.  Install image 3.  Install hardware in DC 4.  Connect to network 5.  Configure and commission service

1.  Requests service 2.  Service is dynamically deployed in DC


•  A hybrid network environment consisting of custom NFs and Virtualized NFs High capacity plumbing and gateways à NFs on custom solutions Management and services à VNFs

•  Supplementing existing hardware solutions with virtualized solutions

•  Infrastructure : From data center to edge / different form factors

•  Multi-hypervisor strategy for NVF à KVM preferred but others required

•  Modular and abstracted orchestration utilizing OpenStack and Open Daylight

•  Participate in standards associated with NFV Concentrated on protocol development to date Upping our NFV ISG activity

•  Lab infrastructure for developing customer driven solutions

Cisco is fully behind NFV and have multiple NFV related projects underway


LTE

Metro and Access

xDSL

WiFi

RNC 2G 3G

Small Cell

Gateways

OSS/BSS/NMS/EMS

Subsystems and Network Control

User plane

Backbone Network

Voice/IMS

HFC

PGW SGW

GGSN

SGSN

MME

Security GWs FW

DPI CGN Cache streaming

Transcoding MSC-S MGW

BGCF

MGCF

PS/RLS

DRA

Video ingestion

DRM

EMS Provisioning Analytics Billing

AAA

DNS DHCP

CSCF

I-CSCF

Transcoding Cache control

Policy

LB

HLR

HSS

ENUM

TAS SMS-C

Service Provider Services OCS MMS-C RMS

Biz CPE

Res CPE

Capacity Planning SecGW

Business PE

BNG

ePDG eWAG

HCS

HNB-GW

WLC

A-SBC I-SBC

SDN Controller

BGP server

Video Network

Transrating

Voice/IMS Video Data

FTTx PON

CMTS

Wireless

Wireline

Metro Network

Data Center

DC Network

SP Data Center

Enterprise Data Center


CPU Reqs

Backbone, Metro and DC switching

Business CPE

Home CPE

0 10Mbps 100Mbps 1Gbps 10Gbps 100Gbps 1Tbps 10Tbps 100Tbps 1Pbps

Wireless GWs

High

Low

Wireline GWs

Appliances (L4-L7)

Distributed: CPUs + Lots of NPUs

Distributed: Lots CPUs + NPUs

Centralized: CPU + NPU

CPU

Centralized: CPU or SoC

Variable CPU / FPGA / NPU

OSS/BSS, subsystem and N/W control


•  Physical Design Requirements

interface count, interface size, system design requirements, specialist N/W functions

•  Performance Requirements

L1-L3 packet performance, CPU processing, fabric capacity

•  Network Architecture

Will virtualization fit the network architecture principles

•  Elasticity of the service

•  Economics

Onboarding, CapEX and OpEx

Evaluating the applicability of virtualization Many network functions are suitable for virtualization but not all. Each functional component of the network needs to be evaluated


Strengths •  High CPU processing functions •  Low-medium packet processing •  Low physical interface counts (<20) •  Low-medium interface speeds •  Ethernet interfaces (copper 10/1000/10Gbps) •  Fast evolving functionality •  Elasticity

Weaknesses •  High packet processing •  Specialized SP design and h/w functionality •  High physical interface counts (>20s) •  High interface speeds (>40G) •  Diverse interfaces types

Strengths •  High packet performance / bandwidth •  Low performance drop-off with features •  Power efficiency (Gb/W) •  High speed interfaces / interface counts /

interface diversity •  Custom design to meet a requirement •  Mature functionality

Weaknesses •  Longer developments cycles •  Closed s/w and h/w designs •  Solution flexibility / reuse •  Elasticity


Wide Area Network

•  Real : High capacity plumbing and high performance gateways

•  Virtualized : CPU intensive functions, low – mid range packet processing functions

•  Interaction required between the real and virtual network functions via orchestration

•  All use cases è Compute + VNFs + DC virtualization + Orchestration / Redirection use cases àRe-direction + Policy Server + WAN Overlay

The Architectural Components

Data Centre

and / or

Customer Premises

PoP

Virtualised Network Functions (VNFs)

Orchestration (NFVO)

Policy Server Classification

+ Redirection

Function

Compute +

Virtualization Technology (NFVI) +

Service Chaining

Network Overlays


Centralised DC

Virtualised services +

service chaining

Distributed DC (standalone or on-box)

IP edge CPE

NGN

Placement

VSM running in an ASR9000

ISR G2 Cloud Connector (UCS)

UCS directly connected to ASR9000

UCS with virtual switching and appliances


Bare Metal

Virtual Machine

•  NFV Group looking for maximum flexibility

•  Compute Technology Hypervisor and Virtual Machines preferred Bare metal acceptable – needed for performance reasons

•  NIC Mapping Major bottle neck for packet performance Pass-through and SR-IOV

•  SP want to use KVM for NFV applications


VSG

Public Zone (DMZ) Protected FE Zone 1 Zone 2 Zone 3

Sub-Zone W

Sub-Zone X

Sub-Zone Y

Sub-Zone Z

Front-end Zones

L3 VPN

Internet

Back-end Zones

NS1000v

ASA1000v VPN CSR1000v

L2 or L3 Fabric

NGN

Virtualized Compute and DC overlay

Data Centre Virtualization

NS1000v NS1000v


•  Steer traffic through a one or more service entities

•  Critical for non routed data plane services

•  Important for control plane services

•  Physically/logically directed or carried in packet metadata

Re-direction function

Internet

NAT

Service Chains

Default Service

Service 2

Service 1

NAT

Video opt DPI

DPI

Service Chain Definition

Complex Services and Service Chains Simple Service Chains

DNS

DNS

DNS LB


•  Service ordering determined by n/w structure

•  Virtual Packet Edge (vPE) solution

vForwarder Service

Redirection

Internet

HDR Original Frame NSH

Service Path information determines Service Chaining

•  Service ordering by info in user packet

•  5 drafts submitted by Cisco at Berlin IETF

•  BoF session run at the Berlin meeting

Service Chain Technology

vSwitch 1

2 3

vSwitch 5

6 7

External Controller

vForwarder vForwarder

4


VXLAN (Virtual Extensible LAN)

Ethernet in IP overlay network

Include 24 bit VXLAN Identifier 16 M logical networks

Technology submitted to IETF

Outer MAC SA

Outer 802.1Q

Outer IP DA

Outer IP SA

Outer UDP VXLAN ID (24 bits)

Inner MAC DA

Inner MAC SA

Optional Inner

802.1Q

Original Ethernet Payload

CRC

VXLAN Encapsulation Original Ethernet Frame

Virtualised Data Centre

Outer MAC DA

IP/MPLS

Virtualised WAN

L2 and L3 Virtualised WAN

L2 VPN options E-line, E-LAN, E-Tree

L3/L3VPN options MPLS L3VPN/Vrf Lite, Global IP

Virtual Network Overlays


vCGN (via

CSR1000v)

Adaptive Security

Appliance (ASA + VSG)

Email

Security (Ironport)

Web

Security (Ironport)

Network Analysis Module (vNAM)

Load

Balancer (NS1000v)

Quantum

Policy Suite

vCPE

(CSR1000v)

vIOS

Classic OnePK SDK

IOS-XR

vRR (32/64 bit)

PGW/SGW (STAR-OS)

Virtual L2

Switch (Nexus 1000v)

Virtual Forwarder

(L2 / L3 forwarder)

Load

balancer (VPP)

vDPI

(vSCE)

4-6 Softwire Concentrator

(VPP)

Quantum

WAN Orchestration

VIRL

Wireless LAN

Controller

Prime Access

Registrar (RADIUS)

Prime

Network Registrar (DNS and

DHCP)

Quantum

WAN Orchestration

Simulation and Test

Network Control

CSR1000vCSR1000v

OSS/BSS and SP Applications

Prime Central

Prime

Fulfillment

Prime

Provisioning

Prime

Security Manager

Prime

Infrastructure

Mobility Services Engine

Identity Services Engine

Wide Area Application Services (vWaaS)

Deep Packet

Inspection (CSR1000v)

User Plane Appliances

vBNG

(CSR1000v)

Routing / Switching / Gateways

Ipsec

Gateway (CSR1000v)

SGSN/GGSN (STAR-OS)

vSecGW

(ASR9000)

eWAG/ePDG (STAR-OS)

MME (STAR-OS)

eWAG/ePDG (STAR-OS)

MME (STAR-OS)

Control Plane components

CDN

Virtual Network Functions (VNFs)


•  From monolithic …

Device Device Device

Compute Domain Controller


Storage Domain Controller


Network Domain Controller

Cross Domain Orchestration

Service Service Service Service Service API

Domain abstracted API

Cross-domain Orchestrator

Domain specific controllers provide device abstraction

Device API

[Animated]

Monolithic Orchestration Solution

•  to open, layered, abstracted and distributed – divide and conquer …


NfV Orchestration

Service Orchestration

Service Control

Ser

vice

Ass

uran

ce

VM/Storage Control Network Control

Orchestration

Infrastructure OSS

Cisco Cloud Service Management

Portal / UI / API

Res

ourc

e M

anag

emen

t

Physical Network

Compute / Storage

Virtual Services Virtual Network

App

s

App

s

App

s

App

s

App

s

App

s

Catalog Workflow


Cloud Service Orchestration Orchestration

Workflow Catalog Portal / UI / API

VM/Storage Control Network Control

Network Service Control

Ser

vice

C

reat

ion

Ser

vice

M

onito

ring

Ser

vice

C

onfig

IP

Con

trol

DC

N

etw

ork

Con

trolle

r

WA

N

Con

trolle

r

…

1.  Request received

2.  Catalog item

3.  Defines workflow

4.  Workflow calls Service Creation to set up service VMs

5.  Service Creation calls to Openstack to set up VMs

6.  Openstack sets up VMs

7.  Workflow calls to Service Config function to set up services

8.  Service Config configures services

9.  Workflow calls DC network controller

10.  DC network controller configures overlay network

11.  Service monitoring tracks availability and performance of service

12.  Service Creation manages service elasticity and high availability

1

2 34 7

Infrastructure

Physical Network

Virtual Network

Compute

Storage

Virtual Services

6

58

11 12

9

10


•  Virtualized SP and third party applications / appliances •  Virtualized gateways (PE, P-GW, BNG/BRAS)

•  Virtual Managed Services

•  Virtualized mobile solutions

•  Virtualized video solutions, Virtual Home CPE – Not covered today


Internet

Virtualized SP / 3rd Party applications / subsystems

Centralised DC

Orchestration

IP edge CPE

NGN

Streamer DHCP

DNS Content Ingestion

IMS

•  NFV transition well underway Custom / Specialized h/w à Commercial off the Shelf (COTS) à Today: Virtualized solutions

•  Examples: OSS/BSS, IMS, network control, video/collaboration, wireless/wifi, security application

•  Onboarding can be an issue due to age and complexity of some OSS/BSS systems


Internet

Virtualized Edge Gateways

Centralised DC

Orchestration Policy Server

IP edge

Customer Premise

CPE

NGN

vBNG vBNG

•  vPE, vBNG/BRAS, vS/PGW, vCMTS

•  Wide range of gateway architectures deployed Regionalized: High subscriber / high capacity dedicated devices Distributed: Gateway functionality integrated into metro infrastructure

•  Cisco is complementing existing h/w gateway solutions with virtualized solutions

Pure virtualized solution based on CSR1000v Splitting the subscriber control plane function from the data plane function

• 


Metro + WAN

Data Centre Branch Office

Today

Service appliances in the branch and DC

Metro + WAN

Data Centre

Metro + WAN

Data Centre

Metro + WAN

Data Centre

Virtualised services on the router

Branch Office

Virtualised router and services

V Branch Office

Branch services In the DC

V V

L2 CPE Branch Office


•  Physical Appliances are complex to design because of mismatched capacities, diverse resiliency strategies, incompatible networking

•  Re-configuration (adding capacity or adding an appliance) is also difficult

•  No agility because the service chains are “hard-wired” to the APN and there is no programmability; reconfiguration requires manual operations

IMS User

Video Only

Android User

Enterprise Access GGSN/

PGW

DPI FirewallWebProxy

FWVO

A-‐SBC

12ABC3DEF

4GHI5JKL6MNO

7PQRS

8TUV9WXYZ

*0#

Signal Strength

APNAPN

APNAPN

AddressTranslation

Virtual Services Infrastructure - example: GiLAN Today


§  Simple reconfiguration of service chains via SDN and virtualization tools

§  è better vertical scaling

§  è horizontal scaling (adjusting capacity)

Cloud Orchestration and Management

Access GGSN/PGW

Web Proxy NAT DPI FW

VO

VO FW

FW

A-‐SBC

12ABC3DEF

4GHI5JKL6MNO

7PQRS

8TUV9WXYZ

*0#

Signal Strength

ASR 9000

Service chains in the virtualized environment are “perfectly balanced”

§  Simplified cost model based on subscriber count + base cost of commodity hardware

§  Better solutions for fault tolerance and high availability based on hypervisor tools

Virtual Service Infrastructure - example: Virtualized GiLAN concept


•  The backdrop to NFV and all network evolution is increasing amount of network traffic

•  Cisco is fully behind NFV and has multiple efforts underway VNFs, NFVIs and orchestration

•  NFV: some functions are obvious / large spectrum are dependent on SP and their architecture

•  A hybrid network environment consisting of blend of custom NFs and Virtualized NFs (VNFs)

•  Outlined some of the use cases Cisco is working on


Thank you.

szabó gábor mérnök-tanácsadó, cisco magyarország kft…events.cisco.hu/2014/techtorial/doc/11...

Documents