- The document discusses moving carrier networks towards a virtualized edge model using open-source containers and software-defined networking. This allows centralized orchestration and dynamic allocation of network resources. - It proposes virtualizing traditional network services like MPLS and hosting them on virtualized edge nodes to add value for wholesale and enterprise customers. This could also enable use cases like secure SD-WAN connectivity and edge caching. - Edge virtualization opens opportunities to host third-party and customer services on the edge through APIs. Examples include regional packet gateways, security services, and CDN expansion. The next steps outlined are to standardize key scenarios and conduct proofs-of-concept.

1. Orange Restricted
Edge virtualization of Carrier networks
(for wholesale and enterprise)
Moving up the value chain of network functions through virtualization
MyNOG, June 2023

2. Orange Restricted
Access
Core
P P
PE1 PE2 PE3
CE CE CE
Service
1
Service
2
Service
3
Service
4
Service
5
Service
6
Context – from traditional to software-defined networks
Traditional 2D approach of network services
• PEs are multi-service hardware components
running independently without orchestration
• Implications on over-sizing, lack of flexibility,
lifecycle management is complex, and no elastic
allocation of resources is possible
Transport
Layer
P P
PE PE PE
Orchestration
layer
(SDN)
Service
Layer
Distributed network resource management
Remote service provisioning and maintenance
VNF 1 VNF 2 VNF 3
Open-source containers
3D layer model of software-defined networks
• Transport layer is simplified
with generic, software-
enabled basic routing and
switching hardware,
harmonized across the
network to deliver any
service at any network edge
with open-source integration.
• Orchestration and resource
allocation is done centrally
and enables dynamic
distribution of network
resources to cater for specific
network demands.
• VNFs are defined centrally by
a dedicated team not
concerned by hardware
constraints and able to create
them to answer client needs
ad-hoc.

3. Orange Restricted
Context – Bridge-building to private and public clouds
• Biggest conundrum of IoT operators today is how to
bridge the gap between public and private
infrastructures whilst maintaining low latency and
autonomy on the end-to-end flow.
• End users can be stuck in hybrid public-private
models detrimental to efficiency and automation
• Legacy platforms and sites remain stand-alone in
unmanaged environments
• Traditional carrier infrastructures can be too reliant
on Vendor hardware and integration, leaving portions
of the cloud inaccessible to new players
Fast expansion of content players in mass-market
applications is leaving part of the IoT market in a niche
by focusing on best-effort public infrastructures due to
fair-share demands from traditional Telcos
Carrier
Network
Edge
Computing
platform
IoT
operator
End
user
Devices
Content
Origin
Carrier Aggregation platform (physical / virtual)
Public Cloud Private Cloud CDN Bare-metal (DC)
Client-facing APIs
Basic Analytics
IoT Car IoT Bank IoT Camera
IoT Device gateway
IoT Factory IoT Medical
M2M optimisation
Data Caching
Flow optimisation
Real-time
data processing
Virtualised Edge Services Gateways
Telco-Cloud transformation will be a key enabler to
massive multi-service IoT, whilst increasing the value
positioning of traditional players and re-distributing Big
Data content management dynamics

4. Orange Restricted
Baseline (private)
Networking
Storage
Servers
Virtualisation
OS
Middleware
Runtime
Data
Application
Distributed IaaS
Networking
Storage
Servers
Virtualisation
OS
Middleware
Runtime
Data
Application
PaaS (public)
Networking
Storage
Servers
Virtualisation
OS
Middleware
Runtime
Data
Application
User / Operator
Service Provider
Context – where to fit in the Cloud services value chain
Edge
Virtualisation
convergence
Critical
Security
convergence
Telco
Space
Cloud
Space

5. Orange Restricted
A unique, simple, virtualized, open-source and automated
approach
VNF / Service Layer
Accessible to partners via API
Fully managed for enterprise
Simple, private, containerised
Orchestration Layer
Unique SDN infra
Based on open-source
Network Layer
Meshed MPLS backbone
“Back-to-Basics”
Physical Layer
High-speed WDM
400G native

6. Orange Restricted
Key Success factors
• Unique, simple infra for multiple use cases
• Focus on single-service transport (MPLS)
• Network layer to be modular, flexible, simple and enabling automation
• Open-source virtualization of Edge Services
• Clear separation of Service and Infra Layers
• Orchestration and automation for E2E on-demand services
• Focus on Security
• API-by-design for all end user types
• Use of AI for operational improvement
• Diversified service portfolio without impact on core infrastructure
• Future proof and scalable to future key growth drivers (Globalized AI,
Massive IoT, Carbon impact)
Simple
Scalable
Secure
Solid

7. 7
Orange Restricted
Edge Virtualisation - applications of legacy services
• From a Carrier perspective, immediate applications for edge transformation remain the delivery of legacy
connectivity services (MPLS, IPX, IP Transit) across all virtualized edge nodes
• Technical feasibility > natively supported
• Commercial positioning > in line with market trend for Wholesale and Enterprise applications
• Developments to deploy edge VNFs such as vSBC, vFW, DDoS protection, IPSEC gateway, Public cloud edge
gateways … are underway > This would add stickiness to the traditional carrier offering of basic connectivity
• The industry can multiply use cases for that would benefit from deployments of traditional network services as
virtualized edge services. Examples :
• Secure enterprise connectivity to cloud instances without transit to public domain
• Multi-country SD-WAN orchestration for regional SD-WAN operators
• Edge DDoS protection for Tier II ISPs
• Edge application deployment and cache distribution

8. 8
Orange Restricted
Edge Virtualisation - a new opportunity space
• Using open-source model and AI-driven orchestration, any service, including client services, can be deployed at any
edge, using a simple VNF
• AI and automation to be used for edge resource sharing and dynamic service routing (e.g. elastic storage, COS to
private / public clouds)
• Hosting of client services at the edge of private networks has major upsell potential as the client become agnostic to
the transport layer for his service. This also gives carriers and operators the opportunity to move up the value chain
by building VNFs around their client use case. Some examples :
• Regional PGW : Can be deployed as fully managed service or infra only for our client to install and manage on
their own > different value chain position
• Other CNaaS components that could be considered : vIMS, vSBC, vSEPP
• Edge caching of third party CDN : Extension of CDN reach edge when hardware investments do not make sense
for OTTs (e.g. small markets)
• Other prospective applications specific to carrier requirements (distributed AI, automation)

9. 9
Orange Restricted
Need: securely connect new remote site, in new region, to corporate network
Solution: use multiple Internet links and SD-WAN overlay ending in closest regional POP
Use
case
#1
Value:
• Use all Internet links and benefit from Overlay technology to mitigate Internet performance variation/degradation
• Protect remote-site from Internet cyberattacks, manage local segmentation
• Consider Internet as a local-loop and then use the highway (Orange backbone) to connect to corporate network
• No duration commitment, stop the service if site closes
• Availability of dedicated COS routing to critical sites / applications
û ü
Full-mesh over Internet Partial-mesh
using Internet as a local-loop
Simplicity – Scalability - Efficiency - SLAs
SD-wan gateway
(#sites)2 complexity
Internet used for
long-haul traffic,
with overlay
overhead
Private backbone
w/o overhead
External Partner :

10. 10
Orange Restricted
Need: secure Internet traffic for new region, without impacting performance
Solution: deploy a new Security Service Edge (SSE) instance on regional POP
Use
case
#2
Value:
• Secure Internet traffic from remote-users and remote-sites in the new region
• Use a global and consistent security policy applied for all users, whatever their locations
• Best user performance thanks to POP proximity, single-pass architecture and Orange Backbone
• Scalability to support Business development without hardware upgrade on premises
• Cloud-based security: Scalability + always up-to-date threat intelligence
ü
û
Local Internet Breakout
with SSE
Overlay up to SSE
with mastered network
Performance – End-to-End - SLAs
Overlay technology
benefits also Internet
as a destination traffic
Mastered Tier-1
Internet backbone,
up to Internet content.
Basic tunneling using a
single underlay
Unknown network with
unpredictable performance
SSE
SSE
Hardware in our POPs
VNF
External Partner :

11. 11
Orange Restricted
AI-driven edge orchestration example – Voice Fraud Management
• Using machine-learning, Voice fraud management systems deployed as VNFs at the edge of next-generation
networks can provide efficient, evolutive production against common technical threats and ensure revenue
assurance on voice services.
• Solution deployed across all network Edges for Local Breakout
• Traffic profiling algorithm to enable anti-fraud management (bypass protection) at the edge of international voice
transit network
• Call tracking solution / Call pattern alert enabling auto or manual treatment
• Automated creation and update of user profile, based on network records from MSC or IN (CDR)
• No static threshold and no preconfigured rules. Evolutive solution.
• Isolate and adapt rules to VIP customer patterns. Privacy protection
• Deployed as open-source Edge VNF (Orange Open Voice)

12. 12
Orange Restricted
Edge virtualisation next steps for Carriers
• Identify and standardize key scenarios and real use cases for support of carriers and operators
• Legacy connectivity services + Cloud hosting at network edge
• Cloud gateway for extension of client public cloud instances to private networks
• CDN expansion and granularity for OTTs
• Local Breakout and distributed P-GW network (5G roaming support)
• Edge DDoS protection and CyberSec
• Third-party application hosting (IaaS positioning)
• Others ?
Ø Ready for POCs to deploy VNFs relevant to carriers
Act
Now

13. 13
Orange Restricted
Thank you !
Terima
Kasih