SlideShare a Scribd company logo
Architecture – Lego
Introduction
TPM A&O
Responsible for the Orchestration
platform and application landscape of
the network department
peter.boers@surf.nl
Peter Boers
TPM NFV
Responsible for the NFV platform and
SURFfirewall service. Working on VPP
and faster packet processing on
normal hardware
eyle.brinkhuis@surf.nl
Eyle Brinkhuis
Productmanager A&O
Previously architect of SURFnet8 and
responsible for the Network
dashboard and Orchestration
platform
wouter.huisman@surf.nl
Wouter Huisman
Network Architecture building blocks
The fundamentals
The SURF network at it’s
core
Composing blocks
Orchestrating blocks and
visualising in the Network
dashboard
Composed services
Using all lego bricks to build
composed services across
multiple domains
Topology
The topology of the network describes the fiber layout and locations of all PoPs.
Hardware
The chassis and interfaces that build the connectivity between all PoPs
Protocols
The way a network is logically configured. This manages failover mechanisms and how traffic
flows across the fabric
Software
The systems that interact with the network or store relevant configuration data about the
network
Processes
The way humans interact with the network
What building blocks does a network have?
• Around 13000 km dark fiber
• Relatively static optical topology
• Still adding PoPs
• Around +/- 300 PoPs throughout Europe
• Optimised for transport to Amsterdam
• Plenty of capacity to scale by using more λ
• 10G backbone to 100G backbone
• Internationally upgrading to 400G
Topology
From Ciena to Juniper and more
• Standardisation on the Juniper MX portfolio of routers
• MX2008/MX10008 Amsterdam
• MX960 Core
• MX480 Core/Metro
• MX240 Metro/Access
• MX204 Access
• MX304 International high capacity
• 400G access capability
• Lenovo SR635 – NFV
• Fortigate 601e - Firewall
Hardware
MX2008
MX10008
MX960 MX480 MX240
MX204
MX304
Lenovo SR635
Protocols
SR-MPLS
From relatively static PBB-TE to dynamic SR-MPLS fully dynamic control plane
IS-IS
IGP to weight links and distribute labels
TI-LFA
Automatic failover calculation programmed into the PFE
EVPN
More capabilities compared to virtual switches, e.g. ESI’s
VRF
VRF’s can be dropped at the access
NMS
Due to the dynamic nature of the new network a different style
of NMS was needed. The NMS no longer needed any
knowledge about the topology. Just the endpoints.
Orchestrator
Provisioning of the network would only be done by Software,
we no longer use the cli to provision network elements
Integration
Operational and business support systems are tightly
integrated with the network
Innovation
Software is increasingly the driver of innovation
Software
It’s no longer about making config work, but creating and end-to-end service
portfolio.
• Self-Service
• Network is a facilitator of end-to-end services
• All changes are standardised
• Less manual work
• An increase in dependence on software
• Reliable and repeatable changes
• Portfolio will be simplified to reflect the lego blocks
Processes
The fundamentals
• Each service that we create uses underlying resources described in one of
these categories
• These resources are the “lego bricks” that encompass the SURF network
• The lego bricks working together result in a wider variety of services and a
more diverse portfolio
• The network and NFV platform can also be seen as a lego bricks within the
SURF organisation
• The A&O platform is the network departments interface to the wider world
and the teeth to which other ”lego bricks” can attach.
Composing blocks
Where we came from
3 tiered network
1. Optical – managed with a
controller
2. Carrier Ethernet – managed with a
controller/NMS
3. IP-core – completely by hand
All supporting systems by hand (IPAM,
DNS, documentation/CMDB
Engineers had to provision a service
into A LOT of different systems
A network change
• Manual work for upto half a day
• Generating ID’s for all services
• Reserving IP’s in IPAM
• Registering everything in DNS
• Documenting in IMS
• Configuring the network
• Resulted in
• Mistakes
• Configuration inconsistencies
• A network of configuration, not of services
Why automation & …
Eliminate repetitive
& time consuming
tasks
Prevent human
mistakes
Automation != Orchestration
Automation
START
END
PLAN
DO
CHECK
ACT
Orchestration
Why automation & orchestration…
Eliminate repetitive
& time consuming
tasks
Prevent human
mistakes
Up-to-date
service lifecycle
Enable self service AI
Customer dashboard
Architecture in use at SURF
Open sourced https://workfloworchestrator.org
Producten catalogus
Lifecycle of a service
Subscription
of product X
“a service is an instance
of a product, and called
subscription”
Create WF
product X
Modify WF
product X
Validate WF
product X
Executed daily
Terminate WF
product X
Workflow Engine
WORKFLOW
Process
Input
form(s)
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Each Step writes the state to the database and is used as input for the
next step
Each (atomic) Step can be retried, making the workflow robust
GUI orchestrator - workflows
GUI orchestrator - processes
Network dashboard
• Build on single source of truth
of orchestrator
• Influx data for traffic graph and
SLS
• FW stats
• Planned work notifications
• But also
• SURFcert
• Vulnerabilities & DDoS
• SURFwireless
• SURFdomeinen (end 2023)
Beschi
kbaar
voor
“veran
twoor
delijke
” rol
Doorlo
op
Step
up
authe
nticati
e
Beschi
kbare
acties
Self service in Netwerk dashboard
• Beschikbaar voor “verantwoordelijke” rol
• Doorloop Step up authenticatie
• Beschikbare acties
• DDoS filter
• Automitigation filter
• Speed policer
• VLAN aanpassen
• BGP priority
• IP prefix toevoegen
• L2VPN uitbreiden
demo
Firewall product – composed product
SURFinternet
L2VPN
L2VPN
SURFinternet
SURFinternet
L2VPN
L2VPN L2VPN
L2VPN
L2VPN
L3VPN
Firewall opgebouwd uit de producten catalogie
Firewall met 1 klant poort gekoppeld aan SURFinternet
Firewall opgebouwd uit de producten catalogie
Firewall met 4 klant poorten gekoppeld aan SURFinternet
Firewall opgebouwd uit de producten catalogie
Firewall met 4 klant poorten gekoppeld aan SURFinternet
en gekopppeld met een L3VPN, bijv naar Azure Express Route
Composed services
SURFfirewall
Built upon several building blocks:
- SURFinternet
- L2VPN
- L3VPN
- FW
Usable in any configuration
Physical firewalls in central location
Usecases:
- Routers
- VPN concentrators
- Wireless controllers
What about other services?
NFV technology domain
- Handles compute stuff
- In-house developed
- Based on ETSI
NFV-MANO & NFVi
SURF Lego - Architecture - Peter Boers- NWD23
Payload from orchestrator
- Service version
- Availability_zone
- State
- Identifier
Customer
information
Update project
ticket
Reserve p2p
prefixes
Create IP-gateways
Create circuits
Create circuits
for impact/monitoring
Create firewall
Request license
Configure connectivity
Prepare Fortimanager
Validate everything
Put in sync
Future work
- Integrate with SURF HPC services
- Cloud Providers
Roadmap
Deploy SURFnet 8
with A&O
Integrate Network
Dashboard
Composed services
SURF HPC resources
NFV-services
Cloud provider
integration
Demo at central square!
Want to see it happening?
Eyle Brinkhuis
Eyle.Brinkhuis@surf.nl
Linkedin.com/in/eyle

More Related Content

Similar to SURF Lego - Architecture - Peter Boers- NWD23

PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław BorekPLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PROIDEA
 
Nfv short-course-sbrc14-full
Nfv short-course-sbrc14-fullNfv short-course-sbrc14-full
Nfv short-course-sbrc14-full
Christian Esteve Rothenberg
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld
 
APT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptxAPT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptx
RajeshParmar99
 
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PROIDEA
 
Banv meetup 04162014
Banv meetup 04162014Banv meetup 04162014
Banv meetup 04162014
ozkan01
 
 Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation
Cisco Service Provider
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
nvirters
 
Supporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStackSupporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStack
Bruce Davie
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Winston Morton
 
Summit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP Semiconductors
Summit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP SemiconductorsSummit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP Semiconductors
Summit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP Semiconductors
OPNFV
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
Lew Tucker
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
Mirantis
 
NFV evolution towards 5G
NFV evolution towards 5GNFV evolution towards 5G
NFV evolution towards 5G
Marie-Paule Odini
 
Software defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadriSoftware defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadri
Vahid Sadri
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
sandy_vasan
 
Lecture 11 Final.pptx
Lecture 11 Final.pptxLecture 11 Final.pptx
Lecture 11 Final.pptx
Hadeeb
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SAMeh Zaghloul
 
Feec telecom-nw-softwarization-aug-2015
Feec telecom-nw-softwarization-aug-2015Feec telecom-nw-softwarization-aug-2015
Feec telecom-nw-softwarization-aug-2015
Christian Esteve Rothenberg
 
Non-Fluff Software Defined Networking, Network Function Virtualization and IoT
Non-Fluff Software Defined Networking, Network Function Virtualization and IoTNon-Fluff Software Defined Networking, Network Function Virtualization and IoT
Non-Fluff Software Defined Networking, Network Function Virtualization and IoT
Mark Ryan Castellani
 

Similar to SURF Lego - Architecture - Peter Boers- NWD23 (20)

PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław BorekPLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
 
Nfv short-course-sbrc14-full
Nfv short-course-sbrc14-fullNfv short-course-sbrc14-full
Nfv short-course-sbrc14-full
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
 
APT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptxAPT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptx
 
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
 
Banv meetup 04162014
Banv meetup 04162014Banv meetup 04162014
Banv meetup 04162014
 
 Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
 
Supporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStackSupporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStack
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015
 
Summit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP Semiconductors
Summit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP SemiconductorsSummit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP Semiconductors
Summit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP Semiconductors
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
 
NFV evolution towards 5G
NFV evolution towards 5GNFV evolution towards 5G
NFV evolution towards 5G
 
Software defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadriSoftware defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadri
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
 
Lecture 11 Final.pptx
Lecture 11 Final.pptxLecture 11 Final.pptx
Lecture 11 Final.pptx
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
 
Feec telecom-nw-softwarization-aug-2015
Feec telecom-nw-softwarization-aug-2015Feec telecom-nw-softwarization-aug-2015
Feec telecom-nw-softwarization-aug-2015
 
Non-Fluff Software Defined Networking, Network Function Virtualization and IoT
Non-Fluff Software Defined Networking, Network Function Virtualization and IoTNon-Fluff Software Defined Networking, Network Function Virtualization and IoT
Non-Fluff Software Defined Networking, Network Function Virtualization and IoT
 

More from SURFevents

SURF Lego - SURFwired - Edwin Verheul - NWD23
SURF Lego - SURFwired - Edwin Verheul - NWD23SURF Lego - SURFwired - Edwin Verheul - NWD23
SURF Lego - SURFwired - Edwin Verheul - NWD23
SURFevents
 
SURF lego- campusdiensten - iotroam - Thomas Esman - NWD23
SURF lego- campusdiensten - iotroam - Thomas Esman - NWD23SURF lego- campusdiensten - iotroam - Thomas Esman - NWD23
SURF lego- campusdiensten - iotroam - Thomas Esman - NWD23
SURFevents
 
AI zal je baan niet vervangen, maar iemand die AI gebruikt wel - Marco van de...
AI zal je baan niet vervangen, maar iemand die AI gebruikt wel - Marco van de...AI zal je baan niet vervangen, maar iemand die AI gebruikt wel - Marco van de...
AI zal je baan niet vervangen, maar iemand die AI gebruikt wel - Marco van de...
SURFevents
 
De dagelijkse puzzel van netwerkbeheer en monitoring - Jan Martijn Metselaar ...
De dagelijkse puzzel van netwerkbeheer en monitoring - Jan Martijn Metselaar ...De dagelijkse puzzel van netwerkbeheer en monitoring - Jan Martijn Metselaar ...
De dagelijkse puzzel van netwerkbeheer en monitoring - Jan Martijn Metselaar ...
SURFevents
 
Endpoint Security- Dwars doormidden - Thijs van Tilborg- NWD23
Endpoint Security- Dwars doormidden - Thijs van Tilborg- NWD23Endpoint Security- Dwars doormidden - Thijs van Tilborg- NWD23
Endpoint Security- Dwars doormidden - Thijs van Tilborg- NWD23
SURFevents
 
Forum Groningen - een ontmoetingsplaats voor iedereen - Richard de Vries- NWD23
Forum Groningen - een ontmoetingsplaats voor iedereen - Richard de Vries- NWD23Forum Groningen - een ontmoetingsplaats voor iedereen - Richard de Vries- NWD23
Forum Groningen - een ontmoetingsplaats voor iedereen - Richard de Vries- NWD23
SURFevents
 
Grenzeloos musiceren - Bert Kremer - NWD23
Grenzeloos musiceren - Bert Kremer - NWD23Grenzeloos musiceren - Bert Kremer - NWD23
Grenzeloos musiceren - Bert Kremer - NWD23
SURFevents
 
Topspeed wifi bij de F1 Dutch GP - Raymond Hendrix - NWD23
Topspeed wifi bij de F1 Dutch GP  - Raymond Hendrix - NWD23Topspeed wifi bij de F1 Dutch GP  - Raymond Hendrix - NWD23
Topspeed wifi bij de F1 Dutch GP - Raymond Hendrix - NWD23
SURFevents
 
Ontwikkelingen in internationale research en education-infrastructuur - Bram ...
Ontwikkelingen in internationale research en education-infrastructuur - Bram ...Ontwikkelingen in internationale research en education-infrastructuur - Bram ...
Ontwikkelingen in internationale research en education-infrastructuur - Bram ...
SURFevents
 
SURF Cybersecurity met hoge snelheid - Jasper Hammink - NWD23
SURF Cybersecurity met hoge snelheid - Jasper Hammink - NWD23SURF Cybersecurity met hoge snelheid - Jasper Hammink - NWD23
SURF Cybersecurity met hoge snelheid - Jasper Hammink - NWD23
SURFevents
 
SURF Lego - Campusdiensten - Maurice van den Akker- NWD23
SURF Lego -  Campusdiensten - Maurice van den Akker- NWD23SURF Lego -  Campusdiensten - Maurice van den Akker- NWD23
SURF Lego - Campusdiensten - Maurice van den Akker- NWD23
SURFevents
 
SURF Lego - Netwerkdiensten - Sander Klemann - NWD23
SURF Lego - Netwerkdiensten - Sander Klemann -  NWD23SURF Lego - Netwerkdiensten - Sander Klemann -  NWD23
SURF Lego - Netwerkdiensten - Sander Klemann - NWD23
SURFevents
 
SURF, Hoe laat is het - Sander Klemann - NWD23
SURF, Hoe laat is het - Sander Klemann - NWD23SURF, Hoe laat is het - Sander Klemann - NWD23
SURF, Hoe laat is het - Sander Klemann - NWD23
SURFevents
 
TruSSD - Trust in Sharing Sensitive Data | Lucas van der Meer - SRD23
TruSSD - Trust in Sharing Sensitive Data | Lucas van der Meer - SRD23TruSSD - Trust in Sharing Sensitive Data | Lucas van der Meer - SRD23
TruSSD - Trust in Sharing Sensitive Data | Lucas van der Meer - SRD23
SURFevents
 
Quantum cryptography for researchers - Teodor Strömberg - SRD23
Quantum cryptography for researchers - Teodor Strömberg - SRD23Quantum cryptography for researchers - Teodor Strömberg - SRD23
Quantum cryptography for researchers - Teodor Strömberg - SRD23
SURFevents
 
Bridging the gap: hosting Linked Open Data for researchers - Driek Heesakkers...
Bridging the gap: hosting Linked Open Data for researchers - Driek Heesakkers...Bridging the gap: hosting Linked Open Data for researchers - Driek Heesakkers...
Bridging the gap: hosting Linked Open Data for researchers - Driek Heesakkers...
SURFevents
 
Interactive and collaborative AI for biodiversity monitoring and beyond - JWK...
Interactive and collaborative AI for biodiversity monitoring and beyond - JWK...Interactive and collaborative AI for biodiversity monitoring and beyond - JWK...
Interactive and collaborative AI for biodiversity monitoring and beyond - JWK...
SURFevents
 
The CAFE community: a local, inclusive programming community for researchers ...
The CAFE community: a local, inclusive programming community for researchers ...The CAFE community: a local, inclusive programming community for researchers ...
The CAFE community: a local, inclusive programming community for researchers ...
SURFevents
 
Responsible AI: the epistemology of using machine learning as a research meth...
Responsible AI: the epistemology of using machine learning as a research meth...Responsible AI: the epistemology of using machine learning as a research meth...
Responsible AI: the epistemology of using machine learning as a research meth...
SURFevents
 
Biking on the edge - Jerome Mies - SRD23
Biking on the edge - Jerome Mies - SRD23Biking on the edge - Jerome Mies - SRD23
Biking on the edge - Jerome Mies - SRD23
SURFevents
 

More from SURFevents (20)

SURF Lego - SURFwired - Edwin Verheul - NWD23
SURF Lego - SURFwired - Edwin Verheul - NWD23SURF Lego - SURFwired - Edwin Verheul - NWD23
SURF Lego - SURFwired - Edwin Verheul - NWD23
 
SURF lego- campusdiensten - iotroam - Thomas Esman - NWD23
SURF lego- campusdiensten - iotroam - Thomas Esman - NWD23SURF lego- campusdiensten - iotroam - Thomas Esman - NWD23
SURF lego- campusdiensten - iotroam - Thomas Esman - NWD23
 
AI zal je baan niet vervangen, maar iemand die AI gebruikt wel - Marco van de...
AI zal je baan niet vervangen, maar iemand die AI gebruikt wel - Marco van de...AI zal je baan niet vervangen, maar iemand die AI gebruikt wel - Marco van de...
AI zal je baan niet vervangen, maar iemand die AI gebruikt wel - Marco van de...
 
De dagelijkse puzzel van netwerkbeheer en monitoring - Jan Martijn Metselaar ...
De dagelijkse puzzel van netwerkbeheer en monitoring - Jan Martijn Metselaar ...De dagelijkse puzzel van netwerkbeheer en monitoring - Jan Martijn Metselaar ...
De dagelijkse puzzel van netwerkbeheer en monitoring - Jan Martijn Metselaar ...
 
Endpoint Security- Dwars doormidden - Thijs van Tilborg- NWD23
Endpoint Security- Dwars doormidden - Thijs van Tilborg- NWD23Endpoint Security- Dwars doormidden - Thijs van Tilborg- NWD23
Endpoint Security- Dwars doormidden - Thijs van Tilborg- NWD23
 
Forum Groningen - een ontmoetingsplaats voor iedereen - Richard de Vries- NWD23
Forum Groningen - een ontmoetingsplaats voor iedereen - Richard de Vries- NWD23Forum Groningen - een ontmoetingsplaats voor iedereen - Richard de Vries- NWD23
Forum Groningen - een ontmoetingsplaats voor iedereen - Richard de Vries- NWD23
 
Grenzeloos musiceren - Bert Kremer - NWD23
Grenzeloos musiceren - Bert Kremer - NWD23Grenzeloos musiceren - Bert Kremer - NWD23
Grenzeloos musiceren - Bert Kremer - NWD23
 
Topspeed wifi bij de F1 Dutch GP - Raymond Hendrix - NWD23
Topspeed wifi bij de F1 Dutch GP  - Raymond Hendrix - NWD23Topspeed wifi bij de F1 Dutch GP  - Raymond Hendrix - NWD23
Topspeed wifi bij de F1 Dutch GP - Raymond Hendrix - NWD23
 
Ontwikkelingen in internationale research en education-infrastructuur - Bram ...
Ontwikkelingen in internationale research en education-infrastructuur - Bram ...Ontwikkelingen in internationale research en education-infrastructuur - Bram ...
Ontwikkelingen in internationale research en education-infrastructuur - Bram ...
 
SURF Cybersecurity met hoge snelheid - Jasper Hammink - NWD23
SURF Cybersecurity met hoge snelheid - Jasper Hammink - NWD23SURF Cybersecurity met hoge snelheid - Jasper Hammink - NWD23
SURF Cybersecurity met hoge snelheid - Jasper Hammink - NWD23
 
SURF Lego - Campusdiensten - Maurice van den Akker- NWD23
SURF Lego -  Campusdiensten - Maurice van den Akker- NWD23SURF Lego -  Campusdiensten - Maurice van den Akker- NWD23
SURF Lego - Campusdiensten - Maurice van den Akker- NWD23
 
SURF Lego - Netwerkdiensten - Sander Klemann - NWD23
SURF Lego - Netwerkdiensten - Sander Klemann -  NWD23SURF Lego - Netwerkdiensten - Sander Klemann -  NWD23
SURF Lego - Netwerkdiensten - Sander Klemann - NWD23
 
SURF, Hoe laat is het - Sander Klemann - NWD23
SURF, Hoe laat is het - Sander Klemann - NWD23SURF, Hoe laat is het - Sander Klemann - NWD23
SURF, Hoe laat is het - Sander Klemann - NWD23
 
TruSSD - Trust in Sharing Sensitive Data | Lucas van der Meer - SRD23
TruSSD - Trust in Sharing Sensitive Data | Lucas van der Meer - SRD23TruSSD - Trust in Sharing Sensitive Data | Lucas van der Meer - SRD23
TruSSD - Trust in Sharing Sensitive Data | Lucas van der Meer - SRD23
 
Quantum cryptography for researchers - Teodor Strömberg - SRD23
Quantum cryptography for researchers - Teodor Strömberg - SRD23Quantum cryptography for researchers - Teodor Strömberg - SRD23
Quantum cryptography for researchers - Teodor Strömberg - SRD23
 
Bridging the gap: hosting Linked Open Data for researchers - Driek Heesakkers...
Bridging the gap: hosting Linked Open Data for researchers - Driek Heesakkers...Bridging the gap: hosting Linked Open Data for researchers - Driek Heesakkers...
Bridging the gap: hosting Linked Open Data for researchers - Driek Heesakkers...
 
Interactive and collaborative AI for biodiversity monitoring and beyond - JWK...
Interactive and collaborative AI for biodiversity monitoring and beyond - JWK...Interactive and collaborative AI for biodiversity monitoring and beyond - JWK...
Interactive and collaborative AI for biodiversity monitoring and beyond - JWK...
 
The CAFE community: a local, inclusive programming community for researchers ...
The CAFE community: a local, inclusive programming community for researchers ...The CAFE community: a local, inclusive programming community for researchers ...
The CAFE community: a local, inclusive programming community for researchers ...
 
Responsible AI: the epistemology of using machine learning as a research meth...
Responsible AI: the epistemology of using machine learning as a research meth...Responsible AI: the epistemology of using machine learning as a research meth...
Responsible AI: the epistemology of using machine learning as a research meth...
 
Biking on the edge - Jerome Mies - SRD23
Biking on the edge - Jerome Mies - SRD23Biking on the edge - Jerome Mies - SRD23
Biking on the edge - Jerome Mies - SRD23
 

Recently uploaded

EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
kumarjarun2010
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
moinahousna
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
Shiv Technolabs
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
LINUS PROJECTS (INDIA)
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
Management Institute of Skills Development
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
digitalxplive
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
CEPTES Software Inc
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 

Recently uploaded (20)

EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 

SURF Lego - Architecture - Peter Boers- NWD23

  • 2. Introduction TPM A&O Responsible for the Orchestration platform and application landscape of the network department peter.boers@surf.nl Peter Boers TPM NFV Responsible for the NFV platform and SURFfirewall service. Working on VPP and faster packet processing on normal hardware eyle.brinkhuis@surf.nl Eyle Brinkhuis Productmanager A&O Previously architect of SURFnet8 and responsible for the Network dashboard and Orchestration platform wouter.huisman@surf.nl Wouter Huisman
  • 3. Network Architecture building blocks The fundamentals The SURF network at it’s core Composing blocks Orchestrating blocks and visualising in the Network dashboard Composed services Using all lego bricks to build composed services across multiple domains
  • 4. Topology The topology of the network describes the fiber layout and locations of all PoPs. Hardware The chassis and interfaces that build the connectivity between all PoPs Protocols The way a network is logically configured. This manages failover mechanisms and how traffic flows across the fabric Software The systems that interact with the network or store relevant configuration data about the network Processes The way humans interact with the network What building blocks does a network have?
  • 5. • Around 13000 km dark fiber • Relatively static optical topology • Still adding PoPs • Around +/- 300 PoPs throughout Europe • Optimised for transport to Amsterdam • Plenty of capacity to scale by using more λ • 10G backbone to 100G backbone • Internationally upgrading to 400G Topology
  • 6. From Ciena to Juniper and more • Standardisation on the Juniper MX portfolio of routers • MX2008/MX10008 Amsterdam • MX960 Core • MX480 Core/Metro • MX240 Metro/Access • MX204 Access • MX304 International high capacity • 400G access capability • Lenovo SR635 – NFV • Fortigate 601e - Firewall Hardware MX2008 MX10008 MX960 MX480 MX240 MX204 MX304 Lenovo SR635
  • 7. Protocols SR-MPLS From relatively static PBB-TE to dynamic SR-MPLS fully dynamic control plane IS-IS IGP to weight links and distribute labels TI-LFA Automatic failover calculation programmed into the PFE EVPN More capabilities compared to virtual switches, e.g. ESI’s VRF VRF’s can be dropped at the access
  • 8. NMS Due to the dynamic nature of the new network a different style of NMS was needed. The NMS no longer needed any knowledge about the topology. Just the endpoints. Orchestrator Provisioning of the network would only be done by Software, we no longer use the cli to provision network elements Integration Operational and business support systems are tightly integrated with the network Innovation Software is increasingly the driver of innovation Software
  • 9. It’s no longer about making config work, but creating and end-to-end service portfolio. • Self-Service • Network is a facilitator of end-to-end services • All changes are standardised • Less manual work • An increase in dependence on software • Reliable and repeatable changes • Portfolio will be simplified to reflect the lego blocks Processes
  • 10. The fundamentals • Each service that we create uses underlying resources described in one of these categories • These resources are the “lego bricks” that encompass the SURF network • The lego bricks working together result in a wider variety of services and a more diverse portfolio • The network and NFV platform can also be seen as a lego bricks within the SURF organisation • The A&O platform is the network departments interface to the wider world and the teeth to which other ”lego bricks” can attach.
  • 12. Where we came from 3 tiered network 1. Optical – managed with a controller 2. Carrier Ethernet – managed with a controller/NMS 3. IP-core – completely by hand All supporting systems by hand (IPAM, DNS, documentation/CMDB Engineers had to provision a service into A LOT of different systems
  • 13. A network change • Manual work for upto half a day • Generating ID’s for all services • Reserving IP’s in IPAM • Registering everything in DNS • Documenting in IMS • Configuring the network • Resulted in • Mistakes • Configuration inconsistencies • A network of configuration, not of services
  • 14. Why automation & … Eliminate repetitive & time consuming tasks Prevent human mistakes
  • 16. Why automation & orchestration… Eliminate repetitive & time consuming tasks Prevent human mistakes Up-to-date service lifecycle Enable self service AI Customer dashboard
  • 17. Architecture in use at SURF Open sourced https://workfloworchestrator.org
  • 19. Lifecycle of a service Subscription of product X “a service is an instance of a product, and called subscription” Create WF product X Modify WF product X Validate WF product X Executed daily Terminate WF product X
  • 20. Workflow Engine WORKFLOW Process Input form(s) Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Each Step writes the state to the database and is used as input for the next step Each (atomic) Step can be retried, making the workflow robust
  • 21. GUI orchestrator - workflows
  • 22. GUI orchestrator - processes
  • 23. Network dashboard • Build on single source of truth of orchestrator • Influx data for traffic graph and SLS • FW stats • Planned work notifications • But also • SURFcert • Vulnerabilities & DDoS • SURFwireless • SURFdomeinen (end 2023)
  • 24. Beschi kbaar voor “veran twoor delijke ” rol Doorlo op Step up authe nticati e Beschi kbare acties Self service in Netwerk dashboard • Beschikbaar voor “verantwoordelijke” rol • Doorloop Step up authenticatie • Beschikbare acties • DDoS filter • Automitigation filter • Speed policer • VLAN aanpassen • BGP priority • IP prefix toevoegen • L2VPN uitbreiden demo
  • 25. Firewall product – composed product SURFinternet L2VPN L2VPN SURFinternet SURFinternet L2VPN L2VPN L2VPN L2VPN L2VPN L3VPN
  • 26. Firewall opgebouwd uit de producten catalogie Firewall met 1 klant poort gekoppeld aan SURFinternet
  • 27. Firewall opgebouwd uit de producten catalogie Firewall met 4 klant poorten gekoppeld aan SURFinternet
  • 28. Firewall opgebouwd uit de producten catalogie Firewall met 4 klant poorten gekoppeld aan SURFinternet en gekopppeld met een L3VPN, bijv naar Azure Express Route
  • 30. SURFfirewall Built upon several building blocks: - SURFinternet - L2VPN - L3VPN - FW Usable in any configuration Physical firewalls in central location
  • 31. Usecases: - Routers - VPN concentrators - Wireless controllers What about other services?
  • 32. NFV technology domain - Handles compute stuff - In-house developed - Based on ETSI NFV-MANO & NFVi
  • 34. Payload from orchestrator - Service version - Availability_zone - State - Identifier
  • 35. Customer information Update project ticket Reserve p2p prefixes Create IP-gateways Create circuits Create circuits for impact/monitoring Create firewall Request license Configure connectivity Prepare Fortimanager Validate everything Put in sync
  • 36. Future work - Integrate with SURF HPC services - Cloud Providers
  • 37. Roadmap Deploy SURFnet 8 with A&O Integrate Network Dashboard Composed services SURF HPC resources NFV-services Cloud provider integration
  • 38. Demo at central square! Want to see it happening?