SlideShare a Scribd company logo

mnNOG 5: Open source SD-WAN

APNIC
APNIC

APNIC Senior Network Analyst/Technical Trainer Dave Phelan presents on open source SD-WAN at mnNOG, held in Ulaanbaatar, Mongolia from 18 to 23 September 2023.

1 of 26
Download to read offline
1
Open source SD-WAN
One man’s decent into Madness
Dave Phelan - APNIC
2
Who Am I?
• Dave Phelan
– Network and Infrastructure engineer for a LONG time
– Trainer at APNIC
– Parent to 2 Human children and 2 Fur Children
– Likes Cat memes
• [Date[
• [xx]
3
3
What are we going to talk about?
• Why am I talking about ANOTHER overlay network?
• What is SD-WAN?
• What are the “standards” for this?
• What are my FOSS options?
• How do I do it?
• Should I do it (or what problem am I solving)?
4
Why am I talking about this?
• Post training surveys
– Most requested content
• Finding solutions that don’t have a vendor lock in
– This is HARD…Or is it?
• Like it or not, SD-WAN is being deployed
5
What is SD-WAN
• Defined in MEF-70(07/2019) Updated MEF-
70.1(11/2021)
• SD-WAN Is a Virtual Overlay Network
• Operates over one or more underlay (Layer 3)
services
• Centralised Management and Orchestration
– Usually via a Vendor Portal
• Provisions for Flexible routing
– Application based routing (YMMV)
– Load balanced/Preferred/failover etc
6
What is SD-WAN – Components - 1
• Underlay Network
– The network that our SD-WAN sits over the top of.
– Can be any form of connectivity as long as we have L3
• LTE/Ethernet/MPLS/Commodity BB etc
• Overlay Network
– Virtual Tunnels for our SD-WAN Network
• SD-WAN Edge Device
– Serve as endpoints for connectivity to the Virtual Fabric
– Encapsulate and forward the traffic based on Policies

Recommended

SDN Demystified, by Dean Pemberton [APNIC 38]
SDN Demystified, by Dean Pemberton [APNIC 38]SDN Demystified, by Dean Pemberton [APNIC 38]
SDN Demystified, by Dean Pemberton [APNIC 38]APNIC
 
Control Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring UsControl Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring UsHungWei Chiu
 
Webinar: IBM Connections Adminblast
Webinar: IBM Connections AdminblastWebinar: IBM Connections Adminblast
Webinar: IBM Connections Adminblastpanagenda
 
Webinar: IBM Connections Adminblast
Webinar: IBM Connections AdminblastWebinar: IBM Connections Adminblast
Webinar: IBM Connections AdminblastNico Meisenzahl
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Realtime traffic analyser
Realtime traffic analyserRealtime traffic analyser
Realtime traffic analyserAlex Moskvin
 
Building an OpenMRS Distribution - Lessons from KenyaEMR
Building an OpenMRS Distribution - Lessons from KenyaEMRBuilding an OpenMRS Distribution - Lessons from KenyaEMR
Building an OpenMRS Distribution - Lessons from KenyaEMRrowanseymour
 
The State of Rootless Containers
The State of Rootless ContainersThe State of Rootless Containers
The State of Rootless ContainersAkihiro Suda
 

More Related Content

Similar to mnNOG 5: Open source SD-WAN

Docker in pratice -chenyifei
Docker in pratice -chenyifeiDocker in pratice -chenyifei
Docker in pratice -chenyifeidotCloud
 
AdminCamp 2017 - IBM Connections Adminblast
AdminCamp 2017 - IBM Connections AdminblastAdminCamp 2017 - IBM Connections Adminblast
AdminCamp 2017 - IBM Connections AdminblastNico Meisenzahl
 
Lightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in PracticeLightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in PracticeDocker, Inc.
 
Considerations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmfConsiderations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmfhik_lhz
 
Zend con what-i-learned-about-mobile-first
Zend con what-i-learned-about-mobile-firstZend con what-i-learned-about-mobile-first
Zend con what-i-learned-about-mobile-firstClark Everetts
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoringVinay Krishna
 
Cross Community CI project
Cross Community CI projectCross Community CI project
Cross Community CI projectVictor Morales
 
Microservices: Yes or not?
Microservices: Yes or not?Microservices: Yes or not?
Microservices: Yes or not?Eduard Tomàs
 
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioWhen DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioDevOps4Networks
 
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Jeremy Brown
 
Warsaw MuleSoft Meetup - Runtime Fabric
Warsaw MuleSoft Meetup - Runtime FabricWarsaw MuleSoft Meetup - Runtime Fabric
Warsaw MuleSoft Meetup - Runtime FabricPatryk Bandurski
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andAlisa Esage Шевченко
 
Flexible DevOps Deployment of Enterprise Test Environments in the Cloud
Flexible DevOps Deployment of Enterprise Test Environments in the CloudFlexible DevOps Deployment of Enterprise Test Environments in the Cloud
Flexible DevOps Deployment of Enterprise Test Environments in the CloudDevOps for Enterprise Systems
 
06 integrating extra features and looking forward
06   integrating extra features and looking forward06   integrating extra features and looking forward
06 integrating extra features and looking forwardМарина Босова
 
Docking postgres
Docking postgresDocking postgres
Docking postgresrycamor
 
OpenNebulaConf2015 1.07 Cloud for Scientific Computing @ STFC - Alexander Dibbo
OpenNebulaConf2015 1.07 Cloud for Scientific Computing @ STFC - Alexander DibboOpenNebulaConf2015 1.07 Cloud for Scientific Computing @ STFC - Alexander Dibbo
OpenNebulaConf2015 1.07 Cloud for Scientific Computing @ STFC - Alexander DibboOpenNebula Project
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device InsecurityJeremy Brown
 

Similar to mnNOG 5: Open source SD-WAN (20)

Docker in pratice -chenyifei
Docker in pratice -chenyifeiDocker in pratice -chenyifei
Docker in pratice -chenyifei
 
AdminCamp 2017 - IBM Connections Adminblast
AdminCamp 2017 - IBM Connections AdminblastAdminCamp 2017 - IBM Connections Adminblast
AdminCamp 2017 - IBM Connections Adminblast
 
Deploying PHP apps on the cloud
Deploying PHP apps on the cloudDeploying PHP apps on the cloud
Deploying PHP apps on the cloud
 
Lightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in PracticeLightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in Practice
 
Considerations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmfConsiderations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmf
 
Zend con what-i-learned-about-mobile-first
Zend con what-i-learned-about-mobile-firstZend con what-i-learned-about-mobile-first
Zend con what-i-learned-about-mobile-first
 
resume_new
resume_newresume_new
resume_new
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoring
 
Cross Community CI project
Cross Community CI projectCross Community CI project
Cross Community CI project
 
TFI2014 Session II - Requirements for SDN - Eric Osborne
TFI2014 Session II - Requirements for SDN - Eric OsborneTFI2014 Session II - Requirements for SDN - Eric Osborne
TFI2014 Session II - Requirements for SDN - Eric Osborne
 
Microservices: Yes or not?
Microservices: Yes or not?Microservices: Yes or not?
Microservices: Yes or not?
 
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioWhen DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
 
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
Browser Fuzzing with a Twist (and a Shake) -- ZeroNights 2015
 
Warsaw MuleSoft Meetup - Runtime Fabric
Warsaw MuleSoft Meetup - Runtime FabricWarsaw MuleSoft Meetup - Runtime Fabric
Warsaw MuleSoft Meetup - Runtime Fabric
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits and
 
Flexible DevOps Deployment of Enterprise Test Environments in the Cloud
Flexible DevOps Deployment of Enterprise Test Environments in the CloudFlexible DevOps Deployment of Enterprise Test Environments in the Cloud
Flexible DevOps Deployment of Enterprise Test Environments in the Cloud
 
06 integrating extra features and looking forward
06   integrating extra features and looking forward06   integrating extra features and looking forward
06 integrating extra features and looking forward
 
Docking postgres
Docking postgresDocking postgres
Docking postgres
 
OpenNebulaConf2015 1.07 Cloud for Scientific Computing @ STFC - Alexander Dibbo
OpenNebulaConf2015 1.07 Cloud for Scientific Computing @ STFC - Alexander DibboOpenNebulaConf2015 1.07 Cloud for Scientific Computing @ STFC - Alexander Dibbo
OpenNebulaConf2015 1.07 Cloud for Scientific Computing @ STFC - Alexander Dibbo
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 

More from APNIC

NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessAPNIC
 
RIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
RIPE 87: On Low Earth Orbit Satellites (LEOs) and StarlinkRIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
RIPE 87: On Low Earth Orbit Satellites (LEOs) and StarlinkAPNIC
 
VNNIC Internet Day 2023: On LEOs and Starlink
VNNIC Internet Day 2023: On LEOs and StarlinkVNNIC Internet Day 2023: On LEOs and Starlink
VNNIC Internet Day 2023: On LEOs and StarlinkAPNIC
 
40th TWNIC Open Policy Meeting: APNIC PDP update
40th TWNIC Open Policy Meeting: APNIC PDP update40th TWNIC Open Policy Meeting: APNIC PDP update
40th TWNIC Open Policy Meeting: APNIC PDP updateAPNIC
 
40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUICAPNIC
 
40th TWNIC OPM: On LEOs (Low Earth Orbits) and Starlink Download
40th TWNIC OPM: On LEOs (Low Earth Orbits) and Starlink Download40th TWNIC OPM: On LEOs (Low Earth Orbits) and Starlink Download
40th TWNIC OPM: On LEOs (Low Earth Orbits) and Starlink DownloadAPNIC
 
IETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol PerformanceAPNIC
 
HKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksAPNIC
 

More from APNIC (20)

NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
 
RIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
RIPE 87: On Low Earth Orbit Satellites (LEOs) and StarlinkRIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
RIPE 87: On Low Earth Orbit Satellites (LEOs) and Starlink
 
VNNIC Internet Day 2023: On LEOs and Starlink
VNNIC Internet Day 2023: On LEOs and StarlinkVNNIC Internet Day 2023: On LEOs and Starlink
VNNIC Internet Day 2023: On LEOs and Starlink
 
40th TWNIC Open Policy Meeting: APNIC PDP update
40th TWNIC Open Policy Meeting: APNIC PDP update40th TWNIC Open Policy Meeting: APNIC PDP update
40th TWNIC Open Policy Meeting: APNIC PDP update
 
40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC
 
40th TWNIC OPM: On LEOs (Low Earth Orbits) and Starlink Download
40th TWNIC OPM: On LEOs (Low Earth Orbits) and Starlink Download40th TWNIC OPM: On LEOs (Low Earth Orbits) and Starlink Download
40th TWNIC OPM: On LEOs (Low Earth Orbits) and Starlink Download
 
IETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol Performance
 
HKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK NetworksHKNOG 12.0: RPKI Actions Required by HK Networks
HKNOG 12.0: RPKI Actions Required by HK Networks
 

Recently uploaded

Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Damar Juniarto
 
Augmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & DefenseAugmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & Defensethirdeyegen65
 
AWS Overview of AWS Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS  Clarify, Feature Store, Hyper parameter TuningAWS Overview of AWS  Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS Clarify, Feature Store, Hyper parameter TuningVarun Garg
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPTPraveenKumarThota7
 
Red shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's CyberspaceRed shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's Cyberspacesttyk
 
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyDisobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyKarri Huhtanen
 
Model Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfModel Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfgalfinprihardiputra0
 
Augmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical ProfessionalsAugmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical Professionalsthirdeyegen65
 

Recently uploaded (8)

Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023
 
Augmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & DefenseAugmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & Defense
 
AWS Overview of AWS Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS  Clarify, Feature Store, Hyper parameter TuningAWS Overview of AWS  Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS Clarify, Feature Store, Hyper parameter Tuning
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPT
 
Red shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's CyberspaceRed shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's Cyberspace
 
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyDisobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
 
Model Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfModel Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdf
 
Augmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical ProfessionalsAugmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical Professionals
 

mnNOG 5: Open source SD-WAN

  • 1. 1 Open source SD-WAN One man’s decent into Madness Dave Phelan - APNIC
  • 2. 2 Who Am I? • Dave Phelan – Network and Infrastructure engineer for a LONG time – Trainer at APNIC – Parent to 2 Human children and 2 Fur Children – Likes Cat memes • [Date[ • [xx]
  • 3. 3 3 What are we going to talk about? • Why am I talking about ANOTHER overlay network? • What is SD-WAN? • What are the “standards” for this? • What are my FOSS options? • How do I do it? • Should I do it (or what problem am I solving)?
  • 4. 4 Why am I talking about this? • Post training surveys – Most requested content • Finding solutions that don’t have a vendor lock in – This is HARD…Or is it? • Like it or not, SD-WAN is being deployed
  • 5. 5 What is SD-WAN • Defined in MEF-70(07/2019) Updated MEF- 70.1(11/2021) • SD-WAN Is a Virtual Overlay Network • Operates over one or more underlay (Layer 3) services • Centralised Management and Orchestration – Usually via a Vendor Portal • Provisions for Flexible routing – Application based routing (YMMV) – Load balanced/Preferred/failover etc
  • 6. 6 What is SD-WAN – Components - 1 • Underlay Network – The network that our SD-WAN sits over the top of. – Can be any form of connectivity as long as we have L3 • LTE/Ethernet/MPLS/Commodity BB etc • Overlay Network – Virtual Tunnels for our SD-WAN Network • SD-WAN Edge Device – Serve as endpoints for connectivity to the Virtual Fabric – Encapsulate and forward the traffic based on Policies
  • 7. 7 What is SD-WAN – Components - 2 • SD-WAN Controller – Manages and Orchestrates the Overlay Network – Policy/routing definition is done here • Management and Orchestration – UI into the controller – Allows for configuration of our Edges and creation of policy/routing
  • 8. 8 What is SD-WAN – Components - 3 MEF-70.1 Page 13
  • 9. 9 What are the Standards? • MEF-70.1 – It defines the components, features, and Framework • https://www.mef.net/resources/mef-70-1-sd-wan-service-attributes-and-service- framework/ – Vendor Interop is questionable(non-existent) • You have to drink the kool-aid – It covers off the “Do” and “Don’t”, “Must”, and “Should” – It’s all about the Subscriber and Supplier • Not so much about the “how”
  • 10. 10 What are my FOSS Options? • There are now many options – Zero-Tier – Headscale(Based on Tailscale) – Flexiwan – Zevenet – VyOS – Others…… • BUT They all have drawbacks – Limited Options for self-hosted controller/UI – Still broken interop – Not all SD-WAN Features are implemented – Some still require you to create an account(phone home)
  • 11. 11 How do I do it? • Choose an Open source Option • Install the required software on your network devices – This is where the problems start • Configure your routing policy – This is where more problems occur • Join your network devices to your Virtual Network • Magic Magic… • Packets go from A to B
  • 12. 12 How DID I do it? • Problem 1 – Network Hardware – Low Cost, but flexible – SD-WAN parts already there • or that I can Modify • Problem 2 – Which FOSS solution to use? – Does my SW Choice drive my hardware or Visa-Versa – What features am I missing? – What can I do without? – I don’t want to have to create a login with a Vendor!
  • 13. 13 How DID I do it? • Hardware/Network OS – Mikrotik ROS7 – ARM Hardware has options for Zero-Tier by additional NPK – X86 (CHR) supports docker containers • Custom Rolled my own Docker ZeroTier Container – More to come on this… • Software – ZeroTier (https://www.zerotier.com/) – Many Deployment options • Clients for Windows/Mac/Android/iPhone/Linux – Can Be run as a docker container – Doesn’t need to connect to the Mother ship (Planet servers)
  • 14. 14 How DID I do it? • Other Options could be – OpenWRT – Teltonika – Protectli(Running OpenWRT) • Still investigating these Options • Still Investigating the other Software as well
  • 15. 15 How DID I do it? • Caveats – This Method breaks the ties to the ZeroTier Roots • You CAN’T do this if you run Android/iOS clients • You CAN do this if you are running a docker/linux/wrt image • IF you want to use Android/iOS clients, you will need create a ZT login and NOT REMOVE/DISABLE the planets – Packet Processing is done in CPU • No HW offload
  • 16. 16 How DID I do it? • Challenges – Primarily for a LAB – Finding a good UI for the users – Emulating as MUCH functionality as possible • At what point do I “Draw the line” • Still building some of this
  • 17. 17 How DID I do it? • Some Zero-Tier Terminology – Planet • Zero-Tier Root Servers – Moon • User Defined Root Server – Leaf • SD-WAN Endpoints • Controllers
  • 18. 18 How DID I do it? • ZT Docker image – Unable to run an ARM image as a VM • Had to go x86(CHR) • Sits off to the side of the rest of the routing engine – Missing some tooling • jq – Parsing JSON queries from the Mikrotik API • curl – execute the API queries – Preinstall my “Moon” files • Still unsure if I can even do this on ARM_64 MT – Based on the original image • https://hub.docker.com/r/zerotier/zerotier
  • 19. 19 How DID I do it? • Step 1 – Create some new ROOT servers • At least 2 Recommended • Tooling is built-in to do this – https://docs.zerotier.com/zerotier/moons/ • Step 2 – Block access to the planet servers • IPTABLES rules/firewall rules should be sufficient • Step 3 – Install the “MOONS” on your client nodes • Details included in the above
  • 20. 20 How DID I do it? • Step 4 – Install a Node to use as a controller • Step 5 – Choose a GUI • https://github.com/dec0dOS/zero-ui • https://github.com/key-networks/ztncui – They have their Pros and Cons • Step 6 – Setup your networks and Join your clients – Configure any routing required on your end nodes
  • 21. 21 Should I do it? • What Problem am I trying to solve? – Cost? – Service Availability? – Splitting services? – User Self-Management? • They All have different answers – Can I do it another way? – Will a standard VPN do the same thing?
  • 22. 22 Should I do it? • Use Case #1 MEF-70.1 Page 98
  • 23. 23 Should I do it? • Use Case #2 MEF-70.1 Page 99