Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Loading in …3
×
1 of 31

Introduction to Software Defined WANs

13

Share

Introduction to Software Defined WANs, by Alastair Johnson.

A presentation given at APRICOT 2016’s Software Defined Networking session on 24 February 2016.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Introduction to Software Defined WANs

  1. 1. OPEN template Alcatel, Lucent, Alcatel-Lucent, Nokia, Nuage Networks and the Nokia, Nuage Networks, and Alcatel- Lucent logos are trademarks of Nokia. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Nokia assumes no responsibility for inaccuracies contained herein. This slide must be kept when distributed externally.
  2. 2. 2   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     INTRODUCTION  TO  SOFTWARE  DEFINED  WIDE  AREA  NETWORKS  (SD-­‐WAN)   APRICOT  2016   ALASTAIR  JOHNSON   FEBRUARY  2016  
  3. 3. 3   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     AGENDA   1.  What  is  SD-­‐WAN?   2.  Why  is  SD-­‐WAN  happening?   3.  How  does  it  work?   4.  Why  do  service  providers  care?   5.  Summary  
  4. 4. 4   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     WHAT  IS  SD-­‐WAN?   SD-­‐WAN  (SoXware  Defined  Wide  Area  Network)  is  a  new  model  for  evolving  the  delivery  of  WAN  services  using   SDN  principals             SD-­‐WAN  changes  the  model  of  tradional  WAN  networking  with  an  IT-­‐approach  to  network  services,  with   centralized  control  and  a  decoupled  service/transport  architecture   Overlay(offers( transport( choices( Self%governance- of-service- func1ons- -- IT-­‐approach  to   network  service   delivery  
  5. 5. 5   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     WHAT  IS  SD-­‐WAN?   •  Open  Network  Users  Group  (ONUG)  Working  Group   -  Definion  of  use  cases,  test  plans,  and  interop   -  Whitepaper  with  core  business  requirements  for  SD-­‐WAN   -  Biannual  showcases  of  products  aligned  with  use  cases   -  Primarily  enterprise  focused,  with  vendor  parcipaon  and  contribuon   •  Heavy  focus  on  virtualiza5on   -  Network  Virtualizaon   -  Abstracon  of  service  from  transport  –  like  MPLS  did  in  the  IP  world  (and  IP  did  to   Opcal)   -  Virtual  Machines/Network  Funcon  Virtualizaon   -  Abstracon  of  service  funcon  from  hardware   -  Virtualized  router,  firewall,  …   •  Driven  by  enterprises  looking  for  new  technology  advantages   -  Operaonal   -  Financial   -  Efficiency   -  New  capabilies   1.  Acve-­‐acve  WAN  transports  (public/private)   2.  Virtual  or  physical  CPE  on  commodity  hardware   3.  Secure  hybrid  WAN  architecture  with  dynamic  traffic   engineering   4.  Visibility,  priorizaon  and  steering  of  traffic   5.  Highly  available  and  resilient  WAN   6.  L2  and  L3  interoperability   7.  Dashboard  reporng   8.  Open  north-­‐bound  APIs   9.  Zero  touch  deployment  of  branch  site   10.  FIPS  140-­‐2  cerficaon  
  6. 6. 6   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     SD-­‐WAN  –  BIGGER  PICTURE   MPLS  WAN   Internet   Wellington   Christchurch   HQ/DC   Auckland   SD-­‐WAN  enabled  VPN  Network   Centralized     Policy  and  Control   Any-­‐to-­‐any  network   connecon   Transport  Independent     Intelligent  Traffic  control   Policy  based  Network   management   Automated  branch   and  Services   orchestraon  
  7. 7. 7   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     NETWORK  VIRTUALIZATION  IS  NOT  NEW   P2P   VRF VRF VRF VRF VRF VRF VRF VRF Opcal  Transport  and  Service   IP  service  layer  overlaid  on   opcal  transport   MPLS  service  on  IP  transport   on  opcal  transport   Service  layers  connue  to  be   abstracted!  
  8. 8. 8   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     CPE  CHANGES   HOW  IS  THIS  DIFFERENT  FROM  VCPE?   •  Virtualized  CPE  (VCPE)  is  looking  at  evoluon  of  CPE,  not  at  evoluon  of  network  or  service   •  CPE  as  a  virtual  machine  on  X86   -  Virtualized  Network  Funcon  (VNF)  running  in  the  datacenter  or  on  other  commodity  hardware   •  X86  CPE  plamorm  at  the  customer  premises  that  can  host  VNFs   •  ”Same  same  but  different”   -  Changing  the  hardware  plamorm  to  reduce  cost  or  consolidate  physical  components   -  Does  not  take  advantage  of  the  management  or  network  abstracon  benefits   L2   VCPE  in  DC   PE   X86  VCPE  at  customer  site  
  9. 9. 9   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     AGENDA   1.  What  is  SD-­‐WAN?   2.  Why  is  SD-­‐WAN  happening?   3.  How  does  it  work?   4.  Why  do  service  providers  care?   5.  Summary  
  10. 10. 10   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     EVOLUTION   Flexibility   Cost  Control   •  Management scale •  Centralization •  IT-centric approach with APIs/programmability •  Automation of management •  Upgrades •  Events •  Visibility and reporting •  Span/scope delegation •  Hybrid transports •  Mix and match MPLS, Wireless, Internet, … •  Internet “good enough” •  Sharp cost savings make it so •  Primary transport for cloud/ web applications •  X86 platforms with high performance and modest cost •  Mix and match site capabilities and network requirements•  Service chaining for new functionality •  Hybrid transports •  Hybrid cloud environments •  Improve site turn-up times
  11. 11. 11   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     EVOLUTION   •  Complex  roung  relaonships   -  BGP,  roung  policies   -  Scale  –  PE  control  plane,  roung  protocols   •  Service  provider  inmately  involved  in  customer’s   topology   •  Extensive  configuraon  required   •  Limited  by  network  capability  and  reach   •  Lowest  common  denominator  features   •  PE-­‐CE  relaonship  changes   -  CE  is  completely  stub  node,  no  roung  protocols   required   -  SDN  controllers  can  integrate  with  underlay  networks   and  centralize  roung  relaonships   •  Underlay  becomes  unaware  of  the  service  layer   -  IP  packets,  not  services   -  No  configuraon  dependency   •  Service  abstracon   MPLS  Core  VRF   VRF   Any  transport  Svc   Svc  
  12. 12. 12   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     EVOLUTION   CENTRALIZED  CONTROL   •  Management   -  Reduce  challenges  of  scaling  management   infrastructure   -  Configuraon  by  necessity  is  pushed  through  SDN   controllers,  becoming  the  central  point  to  query   -  Stascs,  alarms,  events,  audit  all  through  single   system  with  API-­‐centric  approach   •  Automaon     -  Take  advantage  of  the  centralized  management  plane   to  automate  tasks  and  events   -  Reduce  error  and  me  to  service  change   •  Introduce  network  features  through  centralized   control   •  Scaling  very  large  overlays   -  Tunnel  creaon   -  OAM   •  IPsec  key  distribuon  and  management   •  Service  chaining   -  Visibility  of  all  nodes  in  the  chain   -  Configure  forwarding  based  on  flows  to  different   elements   •  Performance  Roung  and  Hybrid  Networks   -  Measure  performance  of  different  underlays  and  move   traffic  as  required  
  13. 13. 13   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     AGENDA   1.  What  is  SD-­‐WAN?   2.  Why  is  SD-­‐WAN  happening?   3.  How  does  it  work?   4.  Why  do  service  providers  care?   5.  Summary  
  14. 14. 14   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     Management/Policy   Hardware   OS   Controller   Hardware  Hardware   SOFTWARE  DEFINED  NETWORKING  RECAP   •  New  ways  of  thinking  about  exisng  ways  of  working   •  Separated  management,  control,  and  forwarding   •  Decoupled  architecture  means  each  vendor  can  focus  on   strengths   •  Decreased  barrier  to  entry  for  startups  provides  mulple   choices  for  customers   •  Feature  stability,  long  hardware  cycles  do  not  affect   soXware  features   Forwarding   Engine  
  15. 15. 15   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     PUTTING  IT  TOGETHER   •  EVPN  delivers  a  control  plane  that  can  distribute  MAC  (L2)  and  IP  (L3)  reachability  informaon   -  Scale  is  addressed:  BGP  has  proven  to  scale  well;  federaon  becomes  straight-­‐forward   -  Control  is  addressed:  programmac  network  topology,  flexibility  of  roung  policies   -  Efficiency  is  addressed:  hybrid  L2/L3  services  over  a  single  interface,  redundancy  and  mul-­‐homing  included   •  VXLAN  delivers  a  data  plane  that  can  deliver  Ethernet  frames  over  an  L3  transport   -  L2VPN,  L3VPN,  …the  Internet   BGP,  OSPF,   …   Control Plane BGP,  OSPF,   …   Data Plane FIB  
  16. 16. 16   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     OVERLAY  SD-­‐WAN  EXAMPLE   •  Controller  programs  forwarding  plane  for  all  CPEs   -  Aware  of  all  L2/L3  topology  behind  each  CPE   -  Calculate  once,  program  many   •  CPE  performs  encapsulaon  of  VPN  traffic  (VXLAN)   •  Traffic  is  carried  encapsulated  over  underlay  network   -  Underlay  network  could  be  any  infrastructure   -  Unaware  of  topology  of  VPN  service   CPE   Site  1    LAN   CPE   Site  3    LAN   CPE   Site  2    LAN   Underlay Policy  DB   SDN   Controllers   SP  Central   Funcons  
  17. 17. 17   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     OVERLAY  SD-­‐WAN  EXAMPLE   •  OpenFlow  provides  a  mechanism  to  program  the  L2/ L3  forwarding  informaon  base  (FIB)  and  provide   noficaons  to  the  controller   -  MAC/IP  address  learning  on  LAN  ports  are  alerted  to   the  controller   -  Controller  determines  whether  the  MAC/IP  is  to  be   programmed  into  FIB   •  Federaon  of  topology  between  controllers  via  BGP-­‐ EVPN   -  MAC  and  IP  reachability  signaled   -  VXLAN  VNI  informaon  combined  with  NEXT_HOP   •  Redundancy  of  controllers  is  supported  –  CPE   vSwitch  registers  and  determines  acve/standby   controllers   CPE   SDN   Controller   OpenFlow   OVSDB   BGP EVPN 10.1.0.0/24 10.3.0.0/24 192.0.2.1 192.0.2.3 10.2.0.0/24 10.2.0.1/32 aa:bb:cc:dd:ee:ff
  18. 18. 18   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     OVERLAY  SD-­‐WAN  EXAMPLE   •  CPE  forward  directly  between  each  other  using   VXLAN  as  overlay   -  10.1.0.0/24  NEXT_HOP  192.0.2.1  VNI  123456   -  10.3.0.0/24  NEXT_HOP  192.0.2.3  VNI  xyz   •  Underlay  network  sees  VXLAN  traffic  between   endpoints   •  Dataplane  can  be  further  encapsulated  for   confidenality  (e.g.  IPsec)   10.1.0.0/24 10.3.0.0/24 192.0.2.1 192.0.2.3 VNI = 123456
  19. 19. 19   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     CHANGES  FROM  AN  EXISTING  MODEL   •  Overlays  simplify  network  topology   •  SP  network  needs  to  know  less  about  customer   topology   •  Increases  flexibility  of  delivery  –  L2  services  over  L3,   On  Net,  Off  Net,  Internet,  etc   -  Use  mulple  underlays  and  move  traffic  between  them   •  Provisioning  simplified   -  Reuse  of  acvaon  processes  from  broadband   networks   VRF   VRF   Many  provisioning  touch  points   BGP Routing Policy RIB scale Failover Redundancy LAN ports WAN ports Aggregation network GRT   GRT   Dynamic   Provisioning   One-­‐me  Provisioning   GRT   GRT  
  20. 20. 20   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     Auckland   Wellington   Primary  Link   2Mbps   Secondary  Link   20Mb/s  Burst   Centralized  policy  push  to  route  traffic  over  specific  links  depending  on  type     Provider  A     (IP-­‐VPN)       INTERNET   SD-­‐WAN   Crical  Branch  App   Call  Centre  Voice     HD  Video  Conference   Centralized  Management     and  Network  Policy  Engine   INTELLIGENT  TRAFFIC  STEERING  
  21. 21. 21   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     OVERLAYS  ENABLE  SERVICE  CHAINING   •  Centralized  policy  enforcement   -  Firewall   -  Between  zones/subnets/branch  types   -  Extranet  applicaons   -  To  Internet  through  central  funcons   -  Content  filtering   -  Selecve  content  filtering  (schools  –     teacher/student;  public  WiFi  in  retail     environments  bypasses)   •  Network  analycs  and  monitoring   -  Tap  and  mirror   -  IDS/IDP   -  DPI  and  DLP   LAN   WAN   CPE   DC   LAN   CPE   LAN   WAN   CPE   DC   LAN   CPE  
  22. 22. 22   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     INTERWORKING   •  How  do  I  connect  the  new  to  the  exis/ng?   •  EVPN  with  VXLAN  terminaon  direct  into  exisng   MPLS  PE  routers   -  End-­‐to-­‐end  network  is  BGP  and  VXLAN  aware  allowing   for  PE  routers  to  act  as  VXLAN/MPLS  interworking   funcon   -  Streamlined  and  simplified  roung   •  Use  CPE  as  gateway   -  Break  VXLAN  services  out  to  Ethernet  VLANs  at  PE   router   -  Best  for  high  performance  security  encapsulaons   GRT   VRF   Internet IP/MPLS VRF   VRF   Internet IP/MPLSVRF   Traditional VPN environmentOverlay VPN EnvironmentIWF Traditional VPN environmentOverlay VPN Environment
  23. 23. 23   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     COMPARISON   Tradi5onal  L2/L3VPN  model   •  Overlay  driven  (MPLS)   •  Services  limited  to  network  reach   •  Distributed  topology  and  control   •  High  performance   •  Limited  ability  to  introduce  new  funcons   (service  chaining)   •  Tradional  roung  protocols  for  traffic   management  and  distribuon   •  Vercally  integrated  CPE  model  (but  evolving)   SD-­‐WAN  model   •  Overlay  driven  (VXLAN,  GRE,  IPsec,  …)   •  Decoupled  service/transport  model   •  Services  available  where  IP  transport  is  available   •  Centralized  control  with  distributed  topology   •  Nave  capability  for  service  chaining   •  Protocols  designed  for  flow  based  traffic   management  allowing  for  mulple  acve  links/ underlays  to  transport  service   •  Deployable  on  X86/virtualizaon  
  24. 24. 24   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     AGENDA   1.  What  is  SD-­‐WAN?   2.  Why  is  SD-­‐WAN  happening?   3.  How  does  it  work?   4.  Why  do  service  providers  care?   5.  Summary  
  25. 25. 25   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     WHY  DO  SERVICE  PROVIDERS  CARE?   •  Network  problems  that  Enterprises  have  are  the  problems  that  Service  Providers  have   •  Automa5on  brings  proven  advantages  to  service  providers   -  Fewer  touch  points  =  fewer  errors   -  Faster  service  acvaon  =  happier  customers  and  financial  controllers   •  Separa5on  of  service  and  transport     -  Proven  model,  with  new  encapsulaons  =  more  network  flexibility   -  Take  services  deeper,  over  other  network  transports   -  Reduce  service  awareness  in  the  network  =  can  be  cheaper   •  Management  and  control  brings  network  efficiency   -  Fewer  touch-­‐points,  simplified  OSS/BSS   -  Bewer  self-­‐control  of  the  network,  more  efficiency  in  links  and  equipment   •  Ignoring  it  and  being  a  bit-­‐carrier  is  perfectly  viable  as  well!  
  26. 26. 26   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     AGENDA   1.  What  is  SD-­‐WAN?   2.  Why  is  SD-­‐WAN  happening?   3.  How  does  it  work?   4.  Why  do  service  providers  care?   5.  Summary  
  27. 27. 27   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     SUMMARY   WHAT’S  GOING  ON,  AND  WHAT  DO  I  DO  NEXT?   •  SDN  as  a  technology  has  proven  deployment  use-­‐cases  that  make  sense   -  Not  just  experiments  or  ‘doing  the  same  thing  but  differently’   •  Overlays  are  not  new   -  ATM,  MPLS,  IPv6  transion  technologies  have  all  been  using  overlay  funcons  for  years   •  Service  layer  overlay  is  a  natural  evoluon  of  the  network   -  Segment  Roung  for  TE   -  Overlay  for  service   •  Real  service  provider  use-­‐cases  exist  for  leveraging  the  same  technology  as  deployed  in  datacenters   •  Speed,  flexibility,  opmizaon  of  network  service  delivery  points  
  28. 28. 29   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     TECHNOLOGY  RECAP:  VXLAN   THE  DATAPLANE   •  VXLAN  encapsulates  Ethernet  in  IP   -  Runs  over  IPv4  or  IPv6   -  UDP-­‐based,  source  port  is  a  hash  of  MAC  or  IPs  to  provide  load  balancing  entropy   -  8  byte  VXLAN  header  provides  24  bit  VXLAN  Network  Idenfier  (VNI)  and  flags   -  Total  encapsulaon  overhead  is  ~50  bytes   •  VXLAN  is  routable  with  IP,  so  the  underlay  network  may  be  any  network   that  uses  exisng  resiliency  and  load  balancing  mechanisms   -  ECMP   -  IGPs/BGP   -  IP  FRR   •  VXLAN  tunnel  endpoints  can  be  on  network  equipment  or  compung   infrastructure   -  Deliver  tunneled  packets  straight  to  a  hypervisor  vSwitch   -  Or  to  a  tenant  VM   •  VXLAN  is  hardware  accelerated  on  many  plamorms  today   •  Can  be  further  encapsulated  in  other  protocols  such  as  IPsec     IP  Network   (IP  FRR,  ECMP,  IGP)       IP  Network           IP  Network   Other  dataplanes  such  as  GRE,  NVGRE,  etc  may   be  considered  
  29. 29. 30   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     Data   Plane   Control   Plane   EVPN  MP-­‐BGP   RFC7432   TECHNOLOGY  RECAP:  EVPN   § EVPN  over  MPLS  for  VLL,  VPLS   and  E-­‐Tree  services   § All-­‐acve  mulhoming  for  VPWS   § RSVP-­‐TE  or  LDP  MPLS  protocols   § EVPN  with  PBB  PE  funconality   for  scaling  very  large  networks   over  MPLS   § All-­‐acve  mulhoming  for  PBB-­‐ VPLS   § EVPN  over  NVO  tunnels  (VXLAN,   NVGRE,  MPLSoGRE)  for  data   center  fabric  encapsulaons   § Provides  Layer  2  and  Layer  3  DCI   Mul5protocol     Label  Switching   (MPLS)   RFC7432   Provider     Backbone  Bridges   (PBB)   dra-­‐ie]-­‐l2vpn-­‐pbb-­‐evpn   Network     Virtualiza5on  Overlay   (NVO)   dra-­‐ie]-­‐bess-­‐evpn-­‐overlay  
  30. 30. 31   COPYRIGHT  ©  2016  NOKIA.  ALL  RIGHTS  RESERVED.     TECHNOLOGY  RECAP:  EVPN   •  Brings  proven  and  inherent  BGP  control  plane  scalability  to  MAC   routes   -  Consistent  signaled  FDB  in  any  size  network  instead  of  flooding   -  Even  more  scalability  and  hierarchy  with  route  reflectors   •  BGP  adverses  MACs  and  IPs  for  next  hop  resoluon  with  EVPN  NLRI   -  AFI  =  25  (L2VPN)  and  SAFI  =  70  (EVPN)   -  Fully  supports  IPv4  and  IPv6  in  the  control  and  data  plane   •  Offers  greater  control  over  MAC  learning   -  What  is  signaled,  from  where  and  to  whom   -  Ability  to  apply  MAC  learning  policies   •  Maintains  virtualizaon  and  isolaon  of  EVPN  instances   •  Enables  traffic  load  balancing  for  mulhomed  CEs  with  ECMP  MAC   routes   Route  Dis5nguisher  (8  octets)   Ethernet  Segment  Iden5fier  (10  octets)   Ethernet  Tag  ID  (4  octets)   MAC  Address  Length  (1  octet)   MAC  Address  (6  octets)   IP  Address  Length  (1  octet)   IP  Address  (0  or  4  or  16  octets)   MPLS  Label1  (3  octets)   MPLS  Label2  (0  or  3  octets)   MAC  Adversement  Route   (Light  Blue  Fields  are  Oponal)  

×