SlideShare a Scribd company logo

SDN and NFV Paving the Way for Network Monetization with Value-Added Services

Radisys Corporation
Radisys Corporation

As Communication Service Providers (CSPs) look at making investmements in SDN and NFV, a good SDN architecture is essential to maximizing the benefits of your NFV investments. This webinar explores how SDN-enabled open intelligent switching needs to interwork with NFV for achieving agile service delivery and scalability towards monetizing digital services.

Related slideshows

Radisys/Orange/Strategy Analytics Webinar 090618
Radisys/Orange/Strategy Analytics Webinar 090618Radisys/Orange/Strategy Analytics Webinar 090618
Radisys/Orange/Strategy Analytics Webinar 090618
 
Radisys at Mobile World Congress Americas
Radisys at Mobile World Congress AmericasRadisys at Mobile World Congress Americas
Radisys at Mobile World Congress Americas
 
OCP Telco Engineering Workshop at BCE2017
OCP Telco Engineering Workshop at BCE2017OCP Telco Engineering Workshop at BCE2017
OCP Telco Engineering Workshop at BCE2017
 
1 of 21
Download to read offline
MT10.24.16 Fierce Markets Webinar Wednesday June 28, 2017 SDN and NFV Paving the Way for Network Monetization with Value-Added Services
2 Today’s Panel Copyright © 2017 – Radisys Corporation James Radley Senior Architect Radisys Duane DeCapite Senior Director, Product Management and Strategy Radisys Iain Gillot President and Founder IGR Research
3 Agenda • Introduction • Service Trends • Network Function Requirements • Scalability • Security • Summary Copyright © 2017 – Radisys Corporation
www.iGR-inc.com Source:iGillottResearch,Inc,2017 200,000 300,000 400,000 500,000 600,000 700,000 800,000 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 Population Connections Streamingmusic Streamingvideo Facetime,Snap, Instagram,etc StreamingHDvideo AR/VR Gaming IoT 4Kvideo More V2V,V2X Remotesurgery Autonomous vehicles Networkslicing Newapps!
5 Service Trends Variety and volume of cloud services is expanding. Security Services Virtualized Network Services IoT Services Copyright © 2017 – Radisys Corporation 5G Services Image courtesy of Google Data center solutions need to manage increasing service diversity
6 Classification and Forwarding of Service Flows Wireline/Wireless Access Network Edge Router Carrier Data Center Open SDN Switch Classifier Forwarder Wire Speed DPI Millions of Subscribers Load Balancing Network Services Policies OpenFlow Controller Value Added Services Security Services IoT Services 5G Services Data Centers require Open Intelligent Distribution of Service Flows delivering NFV integration, scalability, and security.
7 Agenda • Introduction • Service Trends • Network Function Requirements • Scalability • Security • Summary Copyright © 2017 – Radisys Corporation
8 FlowEngine™ Technology Focus Areas SDN • Flexible data plane functions that offers line-rate performance • Handling tens of millions of active flow entries for large-scale SDN networks • Adjustable flow (table) rules with processing pipeline of variably sized tables with high rate of flow modification per second NFV Security Thousands of Network Functions External Network Millions of Flows • Line rate flow forwarding, classification, and steering actions: Packet normalization, stateful LB, NAT, ACL, fragmentation reassembly, etc. • Network analytics through network tap, sampling, and flow statistics • Standard-based Service Function Chaining (SFC) for application-awareness using ToS/DSCP marking, segment routing, or VLAN and NSH/SCH tagging • Work load distribution & flow affinity for SPI services - policy enforcement, video optimization, application GW, security & related applications • Autonomously create a rule with a suitable default action for any new flow (flow entries through SDN OpenFlow controller) Copyright © 2017 – Radisys Corporation
9 Service Function Chaining A C D B Copyright © 2017 – Radisys Corporation External Network
10 Service Function Chaining OpenFlow Pipeline Table 0 ACL Table 1 Classifier Table 4 Forwarding Table 2 SF-Proxy Table 3 SFP VXLAN-gpe logical port (1..n) Physical Port (1..m) VXLAN-gpe logical port (1..a) Physical Port (1..c) (1..b) L3 logical port Parser SFC Classifier • Classifies packets to a service function chain based on a set of L2/L3/L4 header fields. • Unique classification rule for millions of subscribers. • Expect non NSH encapsulated packets. • After classification, encapsulates packets with NSH header (and appropriate tunneling header) to identify the service chain. SFC Forwarder  Supports IETF Service function forwarder function based on NSH header.  Identify service chain instance based on SPI/SI field.  Unique rules per service chain instance or rendered path.  Potentially load balance flows across a set of SF’s.  Support VxLAN-gpe, NvGRE tunneling. SF Proxy  Support legacy SF, i.e., SF’s that don’t support SFC encapsulation.  Support for both stateful and stateless SF’s.  Use of VLAN or MAC address to save service function chain in packet.  Option to dynamically learn and maintain 5-tuple flows to map SF packets to service chain. Open Flow Pipeline for Service Function Chaining Copyright © 2017 – Radisys Corporation
11 Agenda • Introduction • Service Trends • Network Function Requirements • Scalability • Security • Summary Copyright © 2017 – Radisys Corporation
12 Scalable Server and Application Load Balancing (LB) VLAN-VRF ACL User Port Stateless LB LBG PR0 PR1 PR2 VLAN-VRF ACL Stateful LB Flow table Subscriber Table LBG User PortPR0 PR1 PR2 Highly Redundant Processing Resources Four Load balancer Group’s Combination of Stateful/Stateless Copyright © 2017 – Radisys Corporation
13 Table Cascade to deliver Scalable Stateful Load Balancing Copyright © 2017 – Radisys Corporation
14 Agenda • Introduction • Service Trends • Network Function Requirements • Scalability • Security • Summary Copyright © 2017 – Radisys Corporation
15 Use Case: Network TAP FlowEngine DDoS detection* IPFIX Application Monitoring Compliance Coordinated Intrusion Prevention ACL SIEM DDoS* Application Monitoring Legal Intercept … SIEM = Security Information and Event Management … Copyright © 2017 – Radisys Corporation
16 Network Tap Benefits • Increase security • Forward all or selected flows in real time to security devices and services • Drop flows on a per-subscriber, per-user, VLAN, application, source or destination • Increase network awareness • Forward selected flows to external networks for analysis or archive • Create summary of network traffic in non-proprietary record (IPFIX) • Reduce complexity • Perform switching, load balancing, LI and Tap in a single device • Reduce costs • FlowEngine provides Tap functionality at less than 25 percent of the cost of the competition! Copyright © 2017 – Radisys Corporation
17 Use Case: Security Offload • IPSec Offload • IPSec Tunnel Termination • IPSec VPN Throughput over 100 Gbps • IPSec VPN Throughput over 60 Mpps • ACL Offload • 10,000+ 5-tuple ACLs • Apply ACLs to encrypted traffic • Ability to drop traffic of selected flows • LI (Lawful Intercept) Offload • Send matched flows to LI • Ability to send encrypted flows to LI TDE-2000 LEAF SPINE TDE-2000 TDE-2000 Copyright © 2017 – Radisys Corporation
18 Agenda • Introduction • Service Trends • Network Function Requirements • Scalability • Security • Summary Copyright © 2017 – Radisys Corporation DD. Should we also consider using the summary slide I sent earlier or Do we only need the one summary slide? RJA – Duane summarizes FlowEngine features in next slide. Then Iain will summarize webinar learnings and close the webinar (Iain to develop this slide
19 FlowEngine™ TDE-2000: Open, Carrier Grade and High Scale Ultra compact with high performance (up to 2 Tbps)* Scalable to support millions of flows and subscribers Wire speed switching High speed network security Advanced L4 – L7 network services Carrier grade open source network switch Fully data and control plane programmable L2 – L7 Intelligent SDN Platform Copyright © 2017 – Radisys Corporation Radisys FlowEngine TDE-2000
www.iGR-inc.com Source:iGillottResearch,Inc,2017  More services, more connections, more devices ◦ More people doing more things, not just more people   More network complexity to manage those streams ◦ Virtualized environment ◦ Load balancing demands  FlowEngine key part of network management infrastructure ◦ SDN, NFV and Security ◦ Service Function Chaining, with scalable load balancing  Security is key ◦ FlowEngine supports Network TAP ◦ Offload for IPSec, ACL and Lawful Intercept  Network Virtualization is not the question – how you optimize, manage and monetize the virtualized network is the critical success factor
21 Thank You! Questions? James Radley Senior Architect Radisys Duane DeCapite Senior Director, Product Management and Strategy Radisys Iain Gillot President and Founder IGR Research For more information, download the FierceTelecom eBrief www.radisys.com/fierce-telecom-ebrief Copyright © 2017 – Radisys Corporation

More Related Content

SDN and NFV Paving the Way for Network Monetization with Value-Added Services

  • 1. MT10.24.16 Fierce Markets Webinar Wednesday June 28, 2017 SDN and NFV Paving the Way for Network Monetization with Value-Added Services
  • 2. 2 Today’s Panel Copyright © 2017 – Radisys Corporation James Radley Senior Architect Radisys Duane DeCapite Senior Director, Product Management and Strategy Radisys Iain Gillot President and Founder IGR Research
  • 3. 3 Agenda • Introduction • Service Trends • Network Function Requirements • Scalability • Security • Summary Copyright © 2017 – Radisys Corporation
  • 4. www.iGR-inc.com Source:iGillottResearch,Inc,2017 200,000 300,000 400,000 500,000 600,000 700,000 800,000 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 Population Connections Streamingmusic Streamingvideo Facetime,Snap, Instagram,etc StreamingHDvideo AR/VR Gaming IoT 4Kvideo More V2V,V2X Remotesurgery Autonomous vehicles Networkslicing Newapps!
  • 5. 5 Service Trends Variety and volume of cloud services is expanding. Security Services Virtualized Network Services IoT Services Copyright © 2017 – Radisys Corporation 5G Services Image courtesy of Google Data center solutions need to manage increasing service diversity
  • 6. 6 Classification and Forwarding of Service Flows Wireline/Wireless Access Network Edge Router Carrier Data Center Open SDN Switch Classifier Forwarder Wire Speed DPI Millions of Subscribers Load Balancing Network Services Policies OpenFlow Controller Value Added Services Security Services IoT Services 5G Services Data Centers require Open Intelligent Distribution of Service Flows delivering NFV integration, scalability, and security.
  • 7. 7 Agenda • Introduction • Service Trends • Network Function Requirements • Scalability • Security • Summary Copyright © 2017 – Radisys Corporation
  • 8. 8 FlowEngine™ Technology Focus Areas SDN • Flexible data plane functions that offers line-rate performance • Handling tens of millions of active flow entries for large-scale SDN networks • Adjustable flow (table) rules with processing pipeline of variably sized tables with high rate of flow modification per second NFV Security Thousands of Network Functions External Network Millions of Flows • Line rate flow forwarding, classification, and steering actions: Packet normalization, stateful LB, NAT, ACL, fragmentation reassembly, etc. • Network analytics through network tap, sampling, and flow statistics • Standard-based Service Function Chaining (SFC) for application-awareness using ToS/DSCP marking, segment routing, or VLAN and NSH/SCH tagging • Work load distribution & flow affinity for SPI services - policy enforcement, video optimization, application GW, security & related applications • Autonomously create a rule with a suitable default action for any new flow (flow entries through SDN OpenFlow controller) Copyright © 2017 – Radisys Corporation
  • 9. 9 Service Function Chaining A C D B Copyright © 2017 – Radisys Corporation External Network
  • 10. 10 Service Function Chaining OpenFlow Pipeline Table 0 ACL Table 1 Classifier Table 4 Forwarding Table 2 SF-Proxy Table 3 SFP VXLAN-gpe logical port (1..n) Physical Port (1..m) VXLAN-gpe logical port (1..a) Physical Port (1..c) (1..b) L3 logical port Parser SFC Classifier • Classifies packets to a service function chain based on a set of L2/L3/L4 header fields. • Unique classification rule for millions of subscribers. • Expect non NSH encapsulated packets. • After classification, encapsulates packets with NSH header (and appropriate tunneling header) to identify the service chain. SFC Forwarder  Supports IETF Service function forwarder function based on NSH header.  Identify service chain instance based on SPI/SI field.  Unique rules per service chain instance or rendered path.  Potentially load balance flows across a set of SF’s.  Support VxLAN-gpe, NvGRE tunneling. SF Proxy  Support legacy SF, i.e., SF’s that don’t support SFC encapsulation.  Support for both stateful and stateless SF’s.  Use of VLAN or MAC address to save service function chain in packet.  Option to dynamically learn and maintain 5-tuple flows to map SF packets to service chain. Open Flow Pipeline for Service Function Chaining Copyright © 2017 – Radisys Corporation
  • 11. 11 Agenda • Introduction • Service Trends • Network Function Requirements • Scalability • Security • Summary Copyright © 2017 – Radisys Corporation
  • 12. 12 Scalable Server and Application Load Balancing (LB) VLAN-VRF ACL User Port Stateless LB LBG PR0 PR1 PR2 VLAN-VRF ACL Stateful LB Flow table Subscriber Table LBG User PortPR0 PR1 PR2 Highly Redundant Processing Resources Four Load balancer Group’s Combination of Stateful/Stateless Copyright © 2017 – Radisys Corporation
  • 13. 13 Table Cascade to deliver Scalable Stateful Load Balancing Copyright © 2017 – Radisys Corporation
  • 14. 14 Agenda • Introduction • Service Trends • Network Function Requirements • Scalability • Security • Summary Copyright © 2017 – Radisys Corporation
  • 15. 15 Use Case: Network TAP FlowEngine DDoS detection* IPFIX Application Monitoring Compliance Coordinated Intrusion Prevention ACL SIEM DDoS* Application Monitoring Legal Intercept … SIEM = Security Information and Event Management … Copyright © 2017 – Radisys Corporation
  • 16. 16 Network Tap Benefits • Increase security • Forward all or selected flows in real time to security devices and services • Drop flows on a per-subscriber, per-user, VLAN, application, source or destination • Increase network awareness • Forward selected flows to external networks for analysis or archive • Create summary of network traffic in non-proprietary record (IPFIX) • Reduce complexity • Perform switching, load balancing, LI and Tap in a single device • Reduce costs • FlowEngine provides Tap functionality at less than 25 percent of the cost of the competition! Copyright © 2017 – Radisys Corporation
  • 17. 17 Use Case: Security Offload • IPSec Offload • IPSec Tunnel Termination • IPSec VPN Throughput over 100 Gbps • IPSec VPN Throughput over 60 Mpps • ACL Offload • 10,000+ 5-tuple ACLs • Apply ACLs to encrypted traffic • Ability to drop traffic of selected flows • LI (Lawful Intercept) Offload • Send matched flows to LI • Ability to send encrypted flows to LI TDE-2000 LEAF SPINE TDE-2000 TDE-2000 Copyright © 2017 – Radisys Corporation
  • 18. 18 Agenda • Introduction • Service Trends • Network Function Requirements • Scalability • Security • Summary Copyright © 2017 – Radisys Corporation DD. Should we also consider using the summary slide I sent earlier or Do we only need the one summary slide? RJA – Duane summarizes FlowEngine features in next slide. Then Iain will summarize webinar learnings and close the webinar (Iain to develop this slide
  • 19. 19 FlowEngine™ TDE-2000: Open, Carrier Grade and High Scale Ultra compact with high performance (up to 2 Tbps)* Scalable to support millions of flows and subscribers Wire speed switching High speed network security Advanced L4 – L7 network services Carrier grade open source network switch Fully data and control plane programmable L2 – L7 Intelligent SDN Platform Copyright © 2017 – Radisys Corporation Radisys FlowEngine TDE-2000
  • 20. www.iGR-inc.com Source:iGillottResearch,Inc,2017  More services, more connections, more devices ◦ More people doing more things, not just more people   More network complexity to manage those streams ◦ Virtualized environment ◦ Load balancing demands  FlowEngine key part of network management infrastructure ◦ SDN, NFV and Security ◦ Service Function Chaining, with scalable load balancing  Security is key ◦ FlowEngine supports Network TAP ◦ Offload for IPSec, ACL and Lawful Intercept  Network Virtualization is not the question – how you optimize, manage and monetize the virtualized network is the critical success factor
  • 21. 21 Thank You! Questions? James Radley Senior Architect Radisys Duane DeCapite Senior Director, Product Management and Strategy Radisys Iain Gillot President and Founder IGR Research For more information, download the FierceTelecom eBrief www.radisys.com/fierce-telecom-ebrief Copyright © 2017 – Radisys Corporation