Cloud4 marvell
Upcoming SlideShare
Loading in...5

Cloud4 marvell



Presentation on cloud computing. Concentrating on cloud connectivity and the cloud's communications network

Presentation on cloud computing. Concentrating on cloud connectivity and the cloud's communications network



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Cloud4 marvell Cloud4 marvell Presentation Transcript

    • Cloud Computing for Samuel Dratwa Samuel.dratwa@gmail.comCopyright © 2011 LOGTEL
    • CommonCraft – technology in simple EnglishCopyright © 2011 LOGTEL 2
    • Logtel’s Activities Software Training Consulting Development Logtel’s fields Computer Telecom Hardware Tech. Skills Product Hi Tech Israel Companies Training Outsourcing Logtel’s Worldwide Branches PartnersCopyright © 2011 LOGTEL 3
    • About the Copyright This documentation is protected by Copyright © 2011 LOGTEL, 32 Shacham St., Petah Tikva, 49170, Israel. World rights reserved. The possession and use of this documentation is subjected to the restrictions contained in this license. No part of this documentation may be stored in a retrieval system, transmitted or reproduced in any way, including but not limited to photocopy, photograph, magnetic or other record, without the prior agreement and written permission of LOGTEL. Participants of this seminar are entitled to keep their copy of this documentation for references purposes only.Copyright © 2011 LOGTEL 4
    • Agenda  Introduction  What is a Cloud  The Services modules: SaaS / PaaS / IaaS  Cloud Advantages  Risks / Challenges  The players (today)  Architecture  Security  Provisioning  Network  The future of the cloudCopyright © 2011 LOGTEL 5
    • Samuel Dratwa  Evangelist  Telecom expert – Teleco, SP & vendors  Engineering  Marketing  IT  Field technician  Corporate management  Innovative (Telecom) Service creator  LecturerCopyright © 2011 LOGTEL 6
    • The Hype What google trends is telling us ? It’s a hype…Copyright © 2011 LOGTEL
    • Copyright © 2011 LOGTEL 8
    • What is Cloud Computing?Copyright © 2011 LOGTEL
    • Definition  Wikipedia - a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the "cloud" that supports them.  Academic (simple) - provide on-demand resources or services over a network, often the Internet, with the scale and reliability of a data center.  Mine – distributed mainframe, reachable from any device connected to the internetCopyright © 2011 LOGTEL 10
    • Oracle definition ;-) “...we’ve redefined Cloud Computing to include everything that we already do... I don’t understand what we would do differently ... other than change the wording of some of our ads.”  Larry Ellison, CEO, Oracle (Wall Street Journal, Sept. 26, 2008)Copyright © 2011 LOGTEL 11
    • Copyright © 2011 LOGTEL 12
    • 7 thing that make a cloud Flexible and Efficiency Economical (Save)  Money  Time  Energy  Labor  Less investment Environmental (efficient)  Energy  Pollution Simple Reliable Scalable Easy access – 3 screensCopyright © 2011 LOGTEL 13
    • Cloud computing is kind of hostingCopyright © 2011 LOGTEL 14
    • The ServicesCopyright © 2011 LOGTEL 15
    • Deployment Models Public Virtual Private Cloud Cloud External Internal Private Cloud Private Cloud EnterpriseCopyright © 2011 LOGTEL 16
    • Three layers of services SaaS Software as a Service PaaS Platform as a Service IaaS Infrastructure as a ServiceCopyright © 2011 LOGTEL
    • IaaS, PaaS and SaaS Point of View SaaS Software as a Service PRODUCT: Finished application available on demand to end user PaaS USERS: Software consumer Platform as a Service Infrastructure as a Service IaaS PRODUCT: storage, compute and other services to simplify application development, especially of web PRODUCT: Compute power, storage applications. and networking infrastructure over the internet, provided as a virtual machine USERS: Application Developers image USERS: DevelopersCopyright © 2011 LOGTEL
    • The “old way” Software PC(s) / Laptop(s) Buy, Install, Maintain, Upgrade Server(s)Copyright © 2011 LOGTEL 19
    • The “new way” Software PC(s) / Laptop(s) Buy, Install, Maintain, Upgrade Server(s)Copyright © 2011 LOGTEL 20
    • It’s not just above the lineCopyright © 2011 LOGTEL 21
    • Also (almost) all the rest X X X XCopyright © 2011 LOGTEL 22
    • SaaS - Software delivery model  Increasingly popular with SMEs  No hardware or software to manage  Service delivered through a browser  Examples:  CRM  Financial Planning  Human Resources  Word processing SaaS  Commercial Services:   emailcloudCopyright © 2011 LOGTEL
    • SaaS examplesCopyright © 2011 LOGTEL 24
    • SaaS - Advantages  Pay per use  Instant Scalability  Security  Reliability  Disaster recovery  APIs SaaSCopyright © 2011 LOGTEL
    • SaaS Attention Test ;-)  Is Skype a SaaS ?  Is YouTube a SaaSCopyright © 2011 LOGTEL 26
    • PaaS - Platform delivery model  Estimating demand is not a science!  Platform management is not fun!  Examples:  Storage  Database  Scalability  Commercial Services:  Google App Engine  Mosso  AWS: S3 PaaSCopyright © 2011 LOGTEL
    • PaaS examplesCopyright © 2011 LOGTEL
    • Amazon EC2Copyright © 2011 LOGTEL 29
    • Amazon pricingCopyright © 2011 LOGTEL 30
    • Copyright © 2011 LOGTEL 31
    • PaaS - Advantages  Pay per use  Instant Scalability  Security  Reliability  Disaster recovery  APIs PaaSCopyright © 2011 LOGTEL
    • PaaS Attention Test ;-)Copyright © 2011 LOGTEL 33
    • Copyright © 2011 LOGTEL 34
    • IaaS - infrastructure delivery model  Access to infrastructure stack:  Full OS access  Firewalls  Routers  Load balancing  Commercial Services:  Flexiscale  AWS: EC2  RackSpace IaaSCopyright © 2011 LOGTEL
    • IaaS - Advantages  Pay per use  Instant Scalability  Security  Reliability  Disaster recovery  APIs IaaSCopyright © 2011 LOGTEL
    • Common Factors  Pay per use  Instant Scalability SaaS  Security  Reliability  APIs PaaS IaaSCopyright © 2011 LOGTEL
    • Advantages  Lower cost of ownership SaaS  Reduce infrastructure management responsibility  Allow for unexpected resource loads  Faster application rollout PaaS IaaSCopyright © 2011 LOGTEL
    • Aren’t we missing something ?  NaaS – Network (connectivity) as a Service  Manage the network itself  Having on demand bandwidth  Network abstractionCopyright © 2011 LOGTEL 39
    • CloudNetCloud Manager• Allocates computation and storage resources• Manages VLAN assignment within cloud networkNetwork Manager Routers Customer Edge• Creates and configure VPN endpoints• Reserves network resources Provider Edge Network Manager Cloud Manager VPN VLAN VM VM VPN VLAN VM VM
    • Risks SaaS  Security  Downtime  Access  Dependency PaaS  Interoperability  Regulation IaaSCopyright © 2011 LOGTEL
    • Cloud and the “security problem”  The good news  The cloud providers are better at security than we are (hey, it’s their specialty…)  The bad news  It’s a different ball game  With bigger threatsCopyright © 2011 LOGTEL 42
    • Moving from “not so smart” to “the smarter”Copyright © 2011 LOGTEL 43
    • Standards are on the wayCopyright © 2011 LOGTEL 44
    • The playersCopyright © 2011 LOGTEL 45
    • Commercial cloudsCopyright © 2011 LOGTEL
    • Three Cloud Models – You Choose. Aggregation Verticalization Virtualization Applicatio Applicatio ns ns Middlewar Middlewar e e Über-cloud Database Database OS OS Server Virtual Infrastructure StorageCopyright © 2011 LOGTEL
    • Copyright © 2011 LOGTEL 48
    • Copyright © 2011 LOGTEL 49
    • Copyright © 2011 LOGTEL
    • Cloud ArchitectureCopyright © 2011 LOGTEL 51
    • Cloud computing is kind of hostingCopyright © 2011 LOGTEL 52
    • What is there in a Cloud? Individuals Corporations Non-Commercial Cloud provisioning Storage OS Network Service(apps) SLA(monitor), Provisioning Provisioning Provisioning Provisioning Security, Billing, Payment Resources Services Storage Network OSCopyright © 2011 LOGTEL
    • What is Cloud OS ? • System Management Software layer Backup HC Mail AppX – Physical Resource Provisioning Virtual Virtual Cluster Virtual Cluster Virtual Cluster – Virtual Resource Management Cluster • Improve manageability of massive System Cloud Data Center Service daemons • Enhance self-provisioning Compute Cloud • Optimize physical resource utilization Nodes OS agents • High Availability for any single point of failure • Energy management – Highly Available Distributed Storage Management – Service Load Balancing Service Nodes Data Nodes – Security – High Speed Networking • What is it not? Physical Physical Storage Storag Storage Storag – It’s not Operating System Node Node Physical Node Server e Server e Server Server – It’s not Virtualization HypervisorCopyright © 2011 LOGTEL 54
    • Service/Technology MappingSaaS Applications Automated Cloudification Technology Cloud Application Middleware PlatformPaaS LAMP .NET WebSphere WebLogic Google App Engine Cloud System Software Platform Hypervisor Virtualization Mgmt Storage Mgmt Security Backup/Replication Data Center Automation EnergyManagement Cloud Hardware PlatformIaaS Scalable System Architecture System Management Cooling + Servers Storage Arrays Switches Power Distribution Copyright © 2011 LOGTEL 55
    • CloudOS Virtualization Level VDC VDC VCluster VCluster VCluster vm vm vm vm vm vm vm vm vm vm vm vm vm vm vm vm … … … … APs OS APs OS APs OS APs OS APs OS APs OS APs OS APs OS APs OS APs OS APs OS APs OS APs OS APs OS APs OS APs OS PM PM PM … PMCopyright © 2011 LOGTEL CloudOS 56
    • Load balancingCopyright © 2011 LOGTEL 57
    • Consolidation planCopyright © 2011 LOGTEL 58
    • DIY ApproachCopyright © 2011 LOGTEL
    • Copyright © 2011 LOGTEL 60
    • Is this a Cloud ?Copyright © 2011 LOGTEL 61
    • Google’s Chrome OSCopyright © 2011 LOGTEL 62
    • Cloud Data CenterCopyright © 2011 LOGTEL
    • Google data centerCopyright © 2011 LOGTEL 64
    • Microsoft - AzureCopyright © 2011 LOGTEL 65
    • Azure Virtualization Architecture Public Internet Front-end Worker Web Role Role(s) Load Balancer Azure Services (storage) Load-balancers In-band Switches communication – software control Highly-available Fabric ControllerCopyright © 2011 LOGTEL
    • Azure Virtualization Architecture Host Partition Guest Partition Guest Partition (VM) (VM) (VM) Public Applications Applications Internet Host OS Server Core Guest OS Guest OS Server Enterprise Server Enterprise Virtualization Front-end Worker Stack Web Role Role(s) Virtualization Virtualization Load (VSP) RD OS Stack StackBalancer (VSC) (VSC) Azure Services (storage) Drivers VMBUS VMBUS VMBUS Hypervisor Disk Disk NIC Hardware CPU 1 2 Copyright © 2011 LOGTEL
    • Introducing Azure™ An internet-scale cloud services platform hosted in Microsoft data centers, which provides an operating system and a set of developer services that can be used individually or together. ™ Microsoft Confidential 68Copyright © 2011 LOGTEL
    • Commitment to Interoperability Microsoft Confidential 69Copyright © 2011 LOGTEL
    • IBMCopyright © 2011 LOGTEL 70
    • AmazonCopyright © 2011 LOGTEL 71
    • Copyright © 2011 LOGTEL 72
    • Copyright © 2011 LOGTEL 73
    • What is OpenStack?  Originated at NASA, with Rackspace  Driven by an open community process OpenStack Compute  Three existing projects: (VMs & VM Networks)  OpenStack Compute  OpenStack Image Service  Open Object Storage OpenStack Image Service (Image Library & Management)  Multiple hypervisors: Xen, KVM, ESXi, Hyper-V  Releases: OpenStack Object Store • Austin: Oct 2010 (Storage) • Bexar: Feb 2011 • Cactus: April 2011 • Diablo: Sept 2011 - CurrentCopyright © 2011 LOGTEL
    • OpenStack Community – 60+ companiesCopyright © 2011 LOGTEL
    • OpenStack logic architecture Developer API Compute Network Storage Service Services Services User and (Subnets, (Block, (VMs, Memory, Network Massive Key- System Local Disk) Admin Svcs, value store) Security) Servers Networks DisksCopyright © 2011 LOGTEL
    • Pre-summit OpenStack Networking Blueprints NetworkService NetworkService NetworkServicePO NetworkContainers NaaS Core Citrix/Rackspace Rackspace/Nicira C Cisco Design /Nicira NTT/Midokura Intel Unified PlanCopyright © 2011 LOGTEL
    • Quantum – Network Service  API gives ability to create interesting network topologies.  Example: create multi-tier applications  Provide way to connect multiple Openstack services.  Example: Nova VM + Atlas LB on same private network.  Open the floodgates to let anyone build services that plug into Openstack networks.  Examples: VPN-aaS, firewall-aaS, IDS-aaS.  Allows innovation plugins that overcomes common cloud networking problems  Example: avoid VLAN limits, provide strong QoSCopyright © 2011 LOGTEL
    • Quantum – Extensibility Quantum API API Extensions Quantum Service L2 network abstraction definition and • management Device and service attachment framework • Does NOT do any actual implementation of • abstraction Quantum Plug-in API Vendor/User Plug-In Maps abstraction to implementation on physical network • Makes all decisions about *how* a network is implemented • Can provide additional features through API extensions •Copyright © 2011 LOGTEL
    • Why now ? Why not now ?  No standard definition  No standard architecture  Cloud architectures are not new  What is new:  Bandwidth  Scale  Ease of use  Pricing modelCopyright © 2011 LOGTEL 80
    • ProvisioningCopyright © 2011 LOGTEL 81
    • DemoCopyright © 2011 LOGTEL 82
    • Copyright © 2011 LOGTEL 83
    • Cloud Computing for part 2 Samuel Dratwa Samuel.dratwa@gmail.comCopyright © 2011 LOGTEL
    • Copyright © 2011 LOGTEL 85
    • Copyright © 2011 LOGTEL 86
    • Copyright © 2011 LOGTEL 87
    • What will be the physical layer ?  Copper ?  Fiber (FTTH) ?  WiFi ?  WiMax ?  LTE ?  Power CableCopyright © 2011 LOGTEL 88
    • The NetworkCopyright © 2011 LOGTEL 89
    • Strategic Advisory Group Project Facts members: Olle Viktorsson, Ericsson Start Date: 2008-01-01 Adam Wolisz, TUB. Duration: 24 months Staffan Truvé, SICS. Project Cost: 23.25 million euro Heiner Stüttgen, NEC. Werner Mohr, NSN. End Date: 2010-06-30 Kurt Lösch, Alcatel-Lucent. Project Status: Execution Roberto Kung, Orange France Telecom. Project Funding: 14.45 million euro Dipankar Raychaudhuri, Rutgers University.Copyright © 2011 LOGTEL 90
    • Network Virtualization (VNet)Copyright © 2011 LOGTEL 91
    • 4awrd WPs  Business Innovation, Regulation, and Dissemination  New Architecture Principles and Concepts (NewAPC)  Network Virtualization (VNet)  In-Network Management  A new path abstraction  Networking of Information (NetInf)Copyright © 2011 LOGTEL 92
    • In-Network ManagementCopyright © 2011 LOGTEL 93
    • Networking of Information (NetInf) The traditional role of networking has been to interconnect remotely located devices like computers or telephones. This function is increasingly recognized to be ill-adapted and inadequate for the information-centric applications that currently generate the vast majority of Internet traffic. In 4WARD we take a different approach, instead of the node-centric paradigm, we adopt an information-centric paradigm. In this paradigm, the communication abstraction presented to applications is based on transfer of application data objects instead of the end-to-end reliable byte- stream used by the majority of applications today.Copyright © 2011 LOGTEL 94
    • QuantumCopyright © 2011 LOGTEL 95
    • Network TechnologiesApplication Virtual Storage IP NGN VSwitch Compute Access Aggregation Core Peering Software Machine and SAN Backbone App App OS App OS OS Virtual Device Let’s abstract all this Contexts Fabric-Hosted Internet App App Storage Firewall Virtual Device App OS OS Virtualization Services Contexts OS Storage Media Secure App App Encryption Domain App OS OS Routing OS IP NGN Service Profiles Port Profiles Virtual and VN-Link Machine Global Site Line-Rate Optimization Selection NetFlow Fibre Channel Forwarding Partners Port Profiles Intrusion and VN-Link Detection Fabric App Extension App App OS OS Application OS Control (SLB+) Ethernet10G FCoE10G Service FC4G Control Ethernet1G App VM to vSwitch App OS Virtual App OS Contexts for vSwitch to HW OS FW and SLB App to HW / VM Applications VMWare Nexus 1000v MDS 9000 + UCS, MCS 7800 Nexus 5000 Nexus 7000 Nexus 7000 CRS-1 CRS-1 Xen Consolidated (or Generic w/ Nexus 2000 (w/ Cat 6500 7600 ASR 9000 Hyper-V Storage Arrays Rack or Fabric Extender as Services 6500 ASR 1000 (EMC, etc.) Blade Servers) Chassis) 7600 Copyright © 2011 LOGTEL
    •  Compute service (EC2): virtual machines  Launch instance (image, mem_size, disk) App Svr OS  Suspend, clone, migrate VM  Storage service (S3, EBS): virtual storage  Store object  Create/attach block  Network service (Quantum): virtual networks App Svr App Svr OS OS  Create/delete private network VM VM  Create “ports” and attach VM’s  Assign IP address blocks (DHCP)Copyright © 2011 LOGTEL
    • User Application – CLI - Horizon Dashboard - Tools Tenant API Tenant API Compute Network Service Service Internal API (Quantum) Admin API System (Nova) Admin Plug-In Physical Compute Node Clustered Network Network Hypervisor vSwitch Controller Router/SwitchCopyright © 2011 LOGTEL
    • Choose the Right Network for Cloud Cloud Service Provider End users get an Excellent Connection Cloud service experience MidMarket Public The Internet Cloud SaaS Large Private Enterprise Private Line Clouds Healthcare IaaS (SONET) Private VPN (MPLS) Wavelength Financial PaaS (DWDM) Services Cloud Service The Adaptive Cloud Business Users ProvidersCopyright © 2011 LOGTEL
    • Smart Network Web 3.0 Application Semantic Web Linked open Ecosystem platform Data Smart Network app. platform Legacy Internet Smart Network service, IMS services Future Internet Cloud Smart Network Server Backbone 4G/5G Network Virtualization wired wireless Super WiFi WDM-PON, OFDM Enterprise Network FTTH 1~10GbpsCopyright © 2011 LOGTEL
    • Copyright © 2011 LOGTEL 101
    • Copyright © 2011 LOGTEL 102
    • Need a standard - SDN  Future Networks: a Programmable Network ?  Standardization in ONF  Standardisation in IETF  Standardisation in ITU-T  Standardisation in ETSI  Standardisation in 3GPP  Standardisation in ISO IEC JTC1 103Copyright © 2011 LOGTEL Geneva, Switzerland, 11
    • The transition Feature Feature Network OS Feature Feature OS Feature Feature Custom Hardware OSFeature Feature Custom Hardware OS Feature Feature Custom Hardware OS Feature Feature Custom Hardware OS Custom Hardware 104 104
    • Separation of control, forwarding planes3. Consistent, well-defined global view Feature Ctl. Program 2. At least one Network OS probably many Network OS Open- and closed- source 1. Open interface to packet forwarding “If header = x, send to port 4” Flow Packet “If header = y, overwrite header with z, send to ports 5,6” Table “If header = ?, send to me” Forwarding Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding 105 105
    • ONF basicsONF•is a foundation for the advancement of SDN (including standardization)•is not a simple SDOVision•Make Software-Defined Networking the new norm for networksMission•Foster a vibrant market for SDN products, services, applications, usersGoals•Create the most relevant standards in record time to support a switchingecosystem based on the OpenFlow protocol•Accelerate understanding of how to realize the abstractions above OpenFlow 106
    • Rich environment above OpenFlowApps Control Program A Control Program B Tools Abstract Network View Virtualization Control Program C Global Network View Network OS(s) Control Program D Slicing Layer: FlowVisor Packet Forwarding Packet Forwarding Packet Packet Forwarding Forwarding Packet Forwarding 107 107
    • Future Networks: a Programmable Network ? Several solutions and Terminologies SDN: Software-Defined Networking Introduced by the New initiative ONF and recently by ITU-T SG 13 Future Networks Under discussion at IETF as Network Programmability (or Software- Driven Networks ) Self Organizing & Autonomic Networks Network resources and policy controller Network Virtualization & slicing Cloud Network & Network as a Services …. Smart Ubiquitous & Distributed Services, Information-Centric Networks…. Opportunity for telecom operators:  To hide network complexity by abstraction layer  Improve “Dynamically” network Management ‘Programmability’ & performance  Ability to deliver “On demand” network resources …And some use cases: Bandwidth On Demand, Network virtualization , Policy control, Chained Business services , Cloud Network, NaaS, Traffic Offload…
    • OpenFlow Switching : how it works? OpenFlow is based on an L2-L4 switch, with an internal flow-table, and a "standardized" interface to add and remove flow entries. New actions can be done on packet. OpenFlow Control Plane Large modifications of fields. Controller Routing on new criteria : L4, mix Define network slice on flow criteria … OpenFlow New routing protocol : multipath, load-balancing Protocol SSL Data Plane Flow tableOpenFlow is implemented byseveral vendors OpenFlow-enabled Layer 2-4 Switch Matches subsets of packet header fields Switch Eth VLAN IP TCP Port MAC ID
    • Standardisation in IETF IETF : new Programmable Network (Software-Driven Network)  Software-Driven Networks : to enable programmatic automation of configuration, management, monitoring, accounting/data mining of networks  Use cases: Bandwidth On Demand, Data center (Application-network information), Cloud bursting (Private/Public) IETF WG ForCes: started since 2002, but hardly active now  Objective: to standardize open, programmable distributed network architecture including description of the functional model of a Forwarding Element and the specification of the protocol for communication between control and forwarding plane in the router.  Standards: FoRCES working group has produced several RFCs for requirements , architecture framework, Protocol description, Forwarding Element Model and MIB for control-data plane interaction on top of transport layer. NETCONF/NETMOD:  provides a XML-based solution for network device configuration. It has been in wide-deployment (IP, LTE…)  it supports server-to-client configuration, but not client-to-server alarms or feedback.
    • Forwarding & Control Element Separation: IETF ForCES WG Top down approach, first RFC in 2003, with 3 academic implementations. Interaction of control and forwarding planes in distributed Routers Protocols for (multiple) control elements (CE) and forwarding elements (FE) Define objects model to instantiate functions in FE ------------------------------------------------- | | | | | | | |OSPF |RIP |BGP |RSVP |LDP |. . . | CE | | | | | ForCES Interface | | ------------------------------------------------- | | ------------------------------------------------- ^ ^ ForCES | |data control | |packets messages| |(e.g.,routing packets) v v ------------------------------------------------- | ForCES Interface | ------------------------------------------------- | | | | | | | |LPM Fwd|Meter |Shaper |NAT |Classi-|. . . | FE | | | | | FE resources |fier | ------------------------------------------------- | | ------------------------------------------------- Examples of CE and FE functions. (source FORCES)
    • Standardisation in ITU-T ITU-T SG 13 Futures Networks: NGN RACF Y.2111 Resource and Admission Control Function Full Network Virtualization based on logically isolated network partition LINP Rec Y.3011 Framework of network virtualization for Future Networks Framework of software-defined networking for Future Networks Y.SDN Architecture of independent Scalable Control Plane Y.iSCP (in Future Packet Based Network FPBN) SUN Smart Ubiquitous Networks: knowledgeable, context-aware, adaptable, autonomous, programmable allow access anytime anywhere Cloud Networking and infrastructure New Draft recommendations Y.CCInfra, Y.CCRA NaaS architecture was identified as a candidate for the next study period. ITU-T SG16 Multimedia coding, systems and applications ITU-T Media Gateways SG16 “H.248 packages for IP Routers”
    • Standardisation in ETSI E2NA/AFI Autonomic network engineering for the self-managing Future Internet started in 2009 (Enhancing ETSI Network Activities) Autonomic: network exhibit a certain level of autonomicity (intelligent behaviour)• Main objectives: Harmonizing concepts & design principles for autonomic networking 1. Scenarios, Use Cases, and Requirements for Autonomic/Self- Managing Future Internet. • Description of Scenarios, Use Cases, and Definition of Requirements for the Autonomic/Self-Managing Future Internet. 2. AFI Generic Autonomic Network Architecture Reference Model  Design a generic autonomic/self-managing network architecture as reference model for engineering the Future Internet. 3. Implementable Autonomic Network Architecture • How to make existing architecture "Autonomic-Aware" • 3 Sub WI set up in April 2011: • ITU-T for NGN / IMS, • BBF for xDSL /FTTH, • 3GPP for Wireless Sensor networks / Wireless Mesh Network
    • Standardisation in 3GPP / SA5OA&M for mobile networks (Access / Core / Control)Converged Management of fixed and mobile networksSelf-Organizing Networks (SON) Objective: decrease OPEX/CAPEX related to network configuration, operation, optimization Main functionalities: Self-Configuration (Plug & Play of new eNodeB) Self-Healing (e.g. Cell Outage Compensation) Self-Optimization* (e.g. Mobility Load Balancing, Handover Optimization, Energy Saving Management, etc.) Rel. 8/9/10 focused on SON for LTE Rel. 11 addresses 3G and inter-RAT SON (Radio Access Technology) OA&M SON function related Decision indicators Statistical * Self-Optimization Analysis Setting of Configuration Performance parameters measurement reports, Alarm information,, etc. eNodeB
    • Standardisation in ISO IEC JTC1 SC6 WG 7: Network, transport and future network : ISO/IEC DTR 29281-1 -Problems with current Internet (routing failures, scalability, insecurity, mobility, QoS, lack of efficient media distribution, packet switching, …) - Design goals and high level requirements: • Scalability (routing architecture, multi-homing) • Naming & addressing scheme (separation of user identifier & device locator) • Security & QoS (including Privacy, Authentication) • Mobility (seamless mobility of devices, services, users; network-based mobility control, flow-level mobility, context awareness…) • Heterogeneity (device, physical media, application/service) • Network virtualization • Service composition (at design time & at run-time, context awareness) • Media distribution (content-centric networking) • Cross-layer communications • Management (autonomic) • Energy efficiency • Economic incentives -Gap analysis (with NGN; IPv6 networks,…)"Packet switching technology is not assumed for FN at this moment"Jamil Chawki, ONF 2011
    • Flow table entry (version 1.0.0) Rules : match Actions Statsagainst packets Counters : per-table, per-flow, per-port and queue 1. Forward packet to : (optional) Version 1.1.0 1. All : not incoming iface + Multi table + 2. Controller : encapsulate and send 3. Local : to the local networking switch stack Metadata 4. Table : perform actions in flow table 5. In-port : send to given port 6. Normal : traditional forwarding path + MPLS label 2. 7. Flood : along the minimum spt Enqueue + MPLS traffic 3. Drop packet class 4. Modify field (VLAN, MAC sd, IP sd, TOS, Ports sd) No v6!….Ingress MAC MAC Eth VLAN VLAN IP IP IP IP TCP/UDT TCP/UDP Port src dst type ID prio Src Dst Prot TOS sport dport+ mask, wildcards (source OpenFlow)
    • CCT: NetworkingNetwork:• Gigabit to external network• Gigabit among compute nodes, head nodes.• 10 Gigabit among storage nodes• Flat topology• Racks have 4 HP ProCurve 2650 switches, connecting to 2 ProCurve 5412zl switches for the testbed.• Compute nodes have 2 NICs, connected to each 5412zl switch
    • Challenges to Network InnovationInnovation in the network is lagging. Why? • Proprietary Network Hardware • Incompatibilities between vendors • Network switch hardware and software in a black box • Too dangerous to experiment on production networks • Too expensive to test deployments • Hardware vendors implement features only for revenue
    • Software Defined NetworksIt is helpful to abstract servers using virtualmachines.We can apply a similar abstraction to networksthemselves.We would like to be able to programmaticallyconfigure and define networks.
    • Benefits of SDN Abstraction• Unity in conceptualizing pieces of the network.• One comprehensive view with which to monitor and control the network• Separate job of configuring the network from the job of defining and enforcing policy.
    • SDN and the Cloud• Hide physical complexity• Manage, on-demand virtual networks• Sustain multiple concurrent virtual networks• Provide resilience and flexibility with physical modifications to the network• Automated scaling
    • Barriers to SDNNetwork hardware companies do not want toexpose access to hardware.We must rely on what features the vendorsprovide and the way they are provided.There is a lack of consistency in what vendorsprovide and in the definitions of features.
    • OpenFlowOpenFlow is an API to the forwarding plane of thenetwork hardware.It separates the control function from the hardwareinto software controller servers.Any switch implementing the OpenFlow API can beprogrammatically operated by a separate server.Network hardware supporting OpenFlow ships withOpenFlow firmware.
    • SDN with OpenFlowOpenFlow-enabled switches and routers are configured byOpenFlow controllers.OpenFlow controllers can be simple Python servicesconnected using secure protocols.• Administrators can capture a complete topology of the network from a single controller.• No matter what vendor hardware or software, if the unit supports OpenFlow, the hardware can be abstracted.• Users could be granted permission to define circuits without the aid of IT support.• Compromised nodes can be detected and isolated.
    • Examples of OpenFlow Use Cases• NEC ProgrammableFlow – Virtualized Physical Network – Automatic Optimization of Network Resources – Alternate route finding for end-to-end reliability• Juniper Junos SDK – Added OpenFlow application to SDK – Customers can implement their own features• Deutsch Telekom – Energy-aware server provisioning and consolidation• Verizon – Deliver bandwidth-on-demand between data centers – Shape Traffic for long-lived flows, avoiding full algorithm
    • Open Networking Foundation“Founded in 2011 by Deutsche Telekom, Facebook,Google, Microsoft, Verizon, and Yahoo!, the OpenNetworking Foundation (ONF) is a nonprofitorganization whose goal is to rethink networkingand quickly and collaboratively bring to marketstandards and solutions. ONF will accelerate thedelivery and use of Software-Defined Networking(SDN) standards and foster a vibrant market ofproducts, services, applications, customers, andusers.” —
    • ONF VisionWith the advent of cloud computing, ONF believesthe line will continue to blur between the computerand the network.Network innovation must keep pace with demands.The Open Network Foundation aims to create “themost relevant SDN standards.”(Mission Assurance will depend on both the agilityand security of the network.)
    • Datacenter Architecture Evolution Link State Bridging & L2MP IP/IPVPN VRF MPLS VID/ISID attachment to IPVPN VM MAC’s Contained atSimple ISID edgeConfig Core Ethernet LANs EOR Aggregation Broadcast containment Eth •Protect core from VM MAC scaling Access •Optimized Multicast Algorithm TOR Easy Subnet management TOR DCB/FCoE EOR IPVPN integrated VEPA/T3P Equal Cost Path Forwarding Operationally Simpler •Simple endpoint provisioning All Rights Reserved © Alcatel-Lucent 2009 Level 3 Communications, LLC. All Rights Reserved. 129
    • Cloud Service Delivery Integration Old Model CoLo / Mng Hosting CSD Model Service Provider InternetExternalProvidersServiceProvider Trend MPLS MPLS L2VPN/L3VPN L2VPN/L3VPN HQ HQ Enterprise Datacenter Enterprise Datacenter • Integrated IaaS and Cloud VPNs • Provide fat pipes to external colo’s • SP integrates compute resources into regional sites and CO’s • SP is a dumb pipe between IT DC’s and “Rackspace” or Terremark like hosting providers • Partnerships between network service providers and SaaS/PaaS providers to offer end to end service Level 3 Communications, LLC. All Rights Reserved. 130
    • Background• CSF (Cloud Services Forum) launched mid-February 2011.• The committee includes the concepts of the previous SON Forum with a broader scope.• Initial set of deliverables identified during inaugural meeting focused on inter-provider telepresence, content distribution and VPNs.• Subsequently, it was agreed that the primary focus would be to complete Content Delivery Network Interconnection (CDN-I) work in a short time interval.• Additional information can be found at the following link • ITU-T SDP Workshop October 17, 2011
    • CSF Principles User End users interact with the business Subscriber application oblivious of the component parts. End Users Service Service Interaction Management is used to blend service enablers into a business Service Applications application. Interaction Reuse Service Service Enablers Resource App App App ApplicationsThe Service Enablers exposes resources(applications, data, and connectivity) through a Data Data Data Storage anddefined, reusable interface. Computing Networks Access & Transport ITU-T SDP Workshop 132 October 17, 2011
    • CDN-I Release 1• CDN Interconnection Use Case Specification and High Level Requirements, (ATIS-0200003), published June 2011• Develops use cases and requirements for CDN-I structured by phase in the interconnect lifecycle• Provides focused interconnection model that addresses • Software Download • Cached Delivery • Peer to Peer Interconnection ITU-T SDP Workshop 133 October 17, 2011
    • Inter-connected CDN Delivery Model CDN Provider-1 Network & CDN CDN Provider-2 Network & CDN Content Delivery Content Node. Delivery Routing, Back- Node. office Routing, Back- office Network Storage, Origin Peering Storage, Origin Content Delivery Content Node. Delivery Node.Note: only data path is shown for clarity.Request & back-office path not shown. User Content Data Path Node Cache Fill Data Cache Based Delivery Path ITU-T SDP Workshop 134 October 17, 2011
    • CDN-I Interface Domains Bi-Lateral Agreement Between Two Carrier CDNs. Assume that each carrier peers with another carrier at the CDN Level Operations & Operations & Customer Care SLA/outages/ticketing, Customer Care Special customer requests Back-Office Back-Office Provisioning, Logs, settlement Routing Traffic distribution, load Routing management, AMT Relay addresses Delivery Features, Capacity reservation, Delivery Origin access, multicast sources/groups Network Network Interconnection Access, Security Interconnection CDN Provider-1 CDN Provider-2 ITU-T SDP Workshop 135 October 17, 2011
    • CDN-I Release 2• CDNI-I Release 2, targeted for completion by the end of 2011, will develop use cases and requirements for: • Multicast-based content delivery with applicable content types (e.g., live streaming) • Federated CDN-Interconnect • Cloud services charging (generic function driven by CDN Use Cases)• Other Release 2 objectives: • Group comprehensive requirements per applicable interconnection domain • Develop reference architecture for CDN-I NNI with other impacted ATIS Committees • Evaluate protocols including the output of the IETF CDNi Working Group (when available) to support use cases and requirements ITU-T SDP Workshop 136 October 17, 2011
    • CDN Federation Model Interface DomainsFederation exchange: There is a trusted 3rd party for facilitating federation Third Party Functions Operations & Operations & SLA/outages/ticketing, Customer Care Customer Care special customer requests Back-Office Back-Office Provisioning, 3rd logs, settlement Party Routing Routing Traffic distribution, load management, AMT relay addresses Delivery Delivery Features, capacity Origin access reservation, multicast sources/groups Network Network Interconnection Access, Security Interconnection Carrier-1 Carrier-2 ITU-T SDP Workshop 137 October 17, 2011
    • Today’s Networks areDefined by the “Box”• Hardware, Operating System, and Applications Built Into a “Box”.• Cannot Mix and Match• Mainframe Mentality• Lack of Competition at Each Layer• Barrier to Entry
    • Challenges• Rapid Innovation in Computing Technology• Massively Diverse User Groups• Demand for Bandwidth Growing Rapidly• Increasing Costs - CAPEX & OPEX• Increasing Complexity - 5400 RFCs
    • Software Defined Networks
    • App App App App Network Operating System App App App App App App App App Operating System Operating System Packet-Forwarding Packet-Forwarding Hardware HardwareApp App App App App App App App Operating System Operating SystemPacket-Forwarding Packet-Forwarding Hardware Hardware
    • The “Software-Defined Network” App App App App Open API Network Operating System Open Interface to Hardware (OpenFlow) Openflow Firmware Openflow Firmware Packet-Forwarding Packet-Forwarding Hardware HardwareOpenflow Firmware Openflow FirmwarePacket-Forwarding Packet-Forwarding Hardware Hardware
    • Computer Industry Network Industry Apps Apps Apps Apps Apps Apps WindowsWindows Windows Windows Windows Windows FreeBSD Windows Network Windows Windows Windows Windows WindowsWindows Linux NOX Beacon OS Virtualization Virtualization Openflow x86
    • Status• Open Networking Foundation (ONF) • Board: Deutche Telekom, Facebook, Google, Microsoft, Verizon, Yahoo • 36 Members• 14 Vendors Demonstrating Interoperability at Interop 2011• SDN Interop Lab Established at IU
    • Impacts• Ability to Innovate through Software• Decreased Cycle from Lab to Production• Less Complex Networks that are Easier to Manage and More Secure• Cost Reductions through Increased Competition, Hardware Commoditization & Open-Source Software
    • NAAS Major Services • NAAS Web Service Interface: Simple Object Access Protocol (SOAP) service that exposes user authentication and authorization functions to all state nodes. It is the entry point for all service requests • Network Authentication Service: This is a subsystem for verifying subject (user or machine) identity • Network Authorization Service: This component is for entitlement management. Authorization is typically role- or policy-based. It must be flexible so that a variety of factors can be part of the decision to grant or deny access to specific resources • User Identity Management: This component is responsible for registering users, removing users, and modifying user profiles • Policy Management: The component allows administrators to create or modify rules or policies for resource access • Vulnerability Management: This component tracks instances of security breaches and generates reports that contain specific information about vulnerability and actions taken. A good vulnerability management system helps to prevent security problems from recurring • Network Certificate Authority: This component issues and manages certificates used for secure socket layer (SSL), encryption, and signature • Public Key Management: This component allows users to locate and validate public keysCopyright © 2011 LOGTEL
    • USN - Ubiquitous Sensor Network  USN is a conceptual network built over existing physical networks which makes use of sensed data and provides knowledge services to anyone, anywhere and at anytime, and where the information is generated by using context awareness.  USN utilizes wireline sensor networks and/or wireless sensor networks (WSNs).  WSNs are wireless networks consisting of interconnected and spatially distributed autonomous devices using sensors to cooperatively monitor physical or environmental conditions (e.g., temperature, sound, vibration, pressure, motion or pollutants) at different locations.  Sensor networks is made by the capture and transmission of collected sensed data to designated application systems.Copyright © 2011 LOGTEL 147
    • USN with related technical areasCopyright © 2011 LOGTEL 148
    • Security & AuthenticationCopyright © 2011 LOGTEL 149
    • Network Security Infrastructure Integrated Security Managements Netw ork Authentication User Request Service Management User Identity Store Policy Management NAAS Netw ork Web Service Authorization Security Policy Interface Service Store Vulnerability Management Response Intrusion Detection Rules Netw ork Identity Certificate/Public Management Key Service Management Public Key StoreCopyright © 2011 LOGTEL
    • Delegated Authentication 1. Authenticate 4. Security Token Netw ork 5. Service Request (Security Token) Node 6. Service Response 3. Security Token Netw ork Node 2. Central User Auth Central Authentication Services • Nodes delegate authentication task to NAAS • Security Token is validated through NAASCopyright © 2011 LOGTEL
    • Direct Authentication 3. Service Request (Securty Token) Netw ork 6. Service Response Node 5.Response Netw ork Node 4. Validate User 1. Authenticate NAAS 2. Security Token • Users authenticate at NAAS and obtain Security Token • Users use the Security Token to access a node • Node validates the Security Token at NAASCopyright © 2011 LOGTEL
    • “Just not enough, baby …” 153(Barry White – “Can’t Get Enough of Your Love,Babe”) Now it’s enough! Transparency Source: NIST SP500-291-v1.0, p. 42, Figure 12 © 2011 Cloud Security Alliance, Inc. All rights reserved.
    • 154CCM – 11 Domains 1. Compliance (CO) 7. Operations Management (OM) 2. Data Governance (DG) 8. Risk Management (RI) 3. Facility Security (FS) 9. Release Management (RM) 4. Human Resources (HR) 10. Resiliency (RS) 5. Information Security (IS) 11.Security Architecture (SA) 6. Legal (LG) © 2011 Cloud Security Alliance, Inc. All rights reserved.
    • 155CCM – 98 Controls © 2011 Cloud Security Alliance, Inc. All rights reserved.
    • 156CCM – 98 Controls (cont.) © 2011 Cloud Security Alliance, Inc. All rights reserved.
    • 157CCM – 98 Controls (cont.) © 2011 Cloud Security Alliance, Inc. All rights reserved.
    • 158CCM – 98 Controls (cont.) © 2011 Cloud Security Alliance, Inc. All rights reserved.
    • 159Control Matrix >> Guidance >>ISO
    • 160Cloud Supply Chain –Information Security Risks You can outsource business capability or function but you cannot outsource accountability for information security  do your due diligence to identify and address… – Control Gaps (Shared Control) • Information Security (Access Controls, Vulnerability & Patch Management) • Security Architecture • Data Governance (Lifecycle Management) • Release Management (Change Control) • Facility Security – Control Dependencies • Corporate Governance • Incident Response • Resiliency (BCM & DR) • Risk & Compliance Management © 2011 Cloud Security Alliance, Inc. All rights reserved.
    • The futureCopyright © 2011 LOGTEL 161
    • Where are we going to ?Copyright © 2011 LOGTEL 162
    •  Source: Daniel Kofman & Yuri Gittik - RADCopyright © 2011 LOGTEL 163
    • 7 thing that make a cloud Flexible and Efficiency Economical (Save)  Money  Time  Energy  Labor  Less investment Environmental (efficent)  Energy  Pollution Simple Reliable Scalable Easy access – 3 screensCopyright © 2011 LOGTEL 164
    • The end ;-) Samuel.dratwa@gmail.comCopyright © 2011 LOGTEL 165
    • • Cloud Computing Provider: Could save energy Capacity Energy Machines Demand Capacity Demand Time Time “Statically provisioned” Real data center data center in the cloud Unused resources 166Copyright © 2011 LOGTEL
    • Grid vs. Cloud Grid Cloud Underlying concept Utility Computing Utility Computing Main benefit Solve computationally Provide a scalable standard complex problems environment for network- centric application development, testing and deployment Resource distribution / Negotiate and manage Simple user <-> provider allocation resource sharing; model; pay-per-use schedulers Domains Multiple domains Single domain Character / history Non-commercial, publicly Commercial fundedCopyright © 2011 LOGTEL 167