More Related Content Similar to PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju urządzeń - Network Services Orchestration, Krzysztof Konkowski (20) PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju urządzeń - Network Services Orchestration, Krzysztof Konkowski2. 2© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Nasze wspólne wyzwania
Pasmo
ARPU
Klienci
Zarządzenie ciągłym wzrostem przepustowości
Wykorzystanie możliwości infrastruktury
Szybsza i efektywniejsza innowacja
Operatorzy OTT zajmują pasmo… a nie chcą za
nie płacić
Netflix = 20% całego
pasma downstream w US
YouTube zdominował
cyfrowy transport wideo
Użytkownicy korzystają z usług transmisji
danych – gdziekolwiek są
20%
3. 3© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Transformacja Biznesu
Obniżenie kosztów i jednoczesne wypracowanie namacalnych wartości
Automatyzacja Wspomaga ale i Wymusza Transformację Biznesu
Data Center
Zwirtualizowane pule
zasobów
(obliczeniowych i do
przechowywania
danych)
Orchestration
Dynamiczna konfiguracja,
zmiana oraz proces
zdalnego zarządzania
Przenoszenie
obciążenia
Przenoszenie obciążenia
zgodnie z profilami
usługowymi
Sieć
Zwirtualizowane Funkcje
Sieciowe
Usługi chmurowe
Pełen dostęp do zasobów z
dowolnego miejsca
chmury
4. Cisco Confidential 4©2014 Cisco and/or its affiliates. All rights reserved.
Różnica między kosztami VPNów
$-
$100,00
$200,00
$300,00
$400,00
$500,00
$600,00
2013 2014 2015 2016 2017 2018
MPLS VPN
IP VPN
Cloud VPN
Koszt
MPLS VPN – Premium
§ Zarządzanie po stronie operatora
§ Bezpieczeństwo i polityka QoS w sieci SP
§ Niezawodność – SLA.
§ Dedykowana infrastruktura.
MPLS VPN: $451
IP VPN : $143
Cloud VPN: $100
70%
Premium
5. 5© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Architektura SP-IWAN
Private
Cloud
Cisco ASR
1000 Series
Campus/
Data Center
IP NGN
MPLS
Public
Cloud
Service Provider Managed and Policy Control
Customer Sites
AVC WAAS
AVCWAAS
IWAN-aaS
Service Monitoring
Service Provisioning
vWAAS
vWAAS
Cisco CSR
1000V Series
AVC
Cisco CSR
1000V Series
AVC
Dual MPLS
Mobile
Mobile
MPLS
MPLS
Internet
Internet
Internet
Cisco ASR
1000 Series
6. 6© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Target – Separate Transport and Service
• CPE-to-CPE overlay enables separation of transport (underlay) and VPN
service (overlay)
– Today choices: DMVPN (IWAN current), BGP-dVPN (IWAN Future)
• Routing in VPN service overlay environment should be almost trivial
Router A
Router B
Router C
Router E
Router D
= Service aware
= Service unaware
IP or MPLS
Transport
Underlay
VPN
Service
Overlay
7. 7© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SP Cloud
Services
SP-IWAN Baseline Architecture
P
P
BR1
BR2
MPLS
INET
Orchestra)on
vMS
Multi Tenant Portal
NSO
Customer/admin Portals
ESC OpenStack ODL
Repor)ng
Netflow Collector
Customer/admin Portals
Engine
PnP
HMC
TMC
PE
BR1
BR2
MC/BR
PE
MC/BR
Dual networks (Initial SP Model)
Similar to Enterprise Deployment
• Description
– Dual network (separate MPLS and INET core)
– PfR measures performance end to end
– Secure access to MPLS-VPN over Internet (Secure
gateway)
• Requirements
– IWAN Transport Independent Design - CPE-CPE traffic is
encapsulated into mGRE
– Overlay Routing through the tunnels – BGP
– Disjoint tunnels in the SP Core
– Internet access secured by ezVPN or FlexVPN to a
Secure gateway
– PfRv3 over DMVPN over FlexVPN
BR
8. 8© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SP-IWAN Baseline Architecture – (Details)
• A solution already offered by multiple Providers to connect customers via Internet/LTE into their MPLS
VPN relies on FlexVPN client on the branch router, an FlexVPN server at point of egress from their
network, which drops the traffic into the correct MPLS VPN.
• The IWAN DMVPN overlay must run as DMVPN (encrypted or unencrypted), over FlexVPN.
Branch
(EzVPN client)
(DMVPN Spoke)
EzVPN Server
(aka Tunnel
Terminator)
HQ
(DMVPN Hub)
FlexVPN (Encrypted) DMVPN (unencrypted)
Mobile Network
9. 9© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SP-IWAN Baseline Architecture
DMVPN Control Plane / Data Plane Separation
R31
R11
DMVPN
Data Hub
R12
DMVPN Data
Hub
R21
DMVPN
Data Hub
R22
DMVPN
Data Hub
R2
R3
SP Datacenter
Customer HQ1 Customer HQ2
R41 R51 R52
• DMVPN Overlay:
– R2 and R3 DMVPN Control Plane hubs in
SP datacenter
• They are NOT PfR BRs
– DMVPN Data Plane hubs on customer
premises
• PfR
– Hub MC in SP datacenter
– No local BRs
– HQ1 and HQ2 PfR both Transit Sites
DMVPN
Control Hub
DMVPN
Control Hub
MPLS
INET
R10
Transit MC
R20
Transit MC
R1
Hub MC
Domain
Controller
• Standalone Hub MC
• Without local BRs.
Becomes a real Domain
Controller for PfR policies
10. 10© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SP-IWAN Baseline Architecture
Hosted Hub MC
R31
(MC/BR)
R11
BR
R12
BR
R21
BR
R22
BR
R2
R3
SP Datacenter
Customer HQ1 Customer HQ2
R41
(MC/BR)
R51
(MC/BR)
R52
(BR)
• Hub MC (R1) hosted in the SP Cloud
• All MCs peer with the R1
MPLS
INET
R10
Transit MC
R20
Transit MC
R1
Hub MC
Domain
Controller
• Standalone Hub MC
• Without local BRs.
Becomes a real Domain
Controller for PfR policies
11. 11© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
vMS – Topology Summary
R31
R11
DMVPN
Data Hub
R12
DMVPN Data
Hub
R21
DMVPN
Data Hub
R22
DMVPN
Data Hub
R2
R3
SP Datacenter
Customer HQ1 Customer HQ2
R41 R51 R52
MPLS
INET
R10
Hub MC
R20
Transit MC
R61
NSO
Customer/admin Portals
Single CPE
MPLS
Single CPE
MPLS/INET
Dual CPE
MPLS/INET
12. 12© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Developing IWAN Within the SP’s
One Solution–Different Access Models Across Market Segments
Service Provider Managed / Un-Managed and Service Provider Cloud Managed Models
Intelligent VPN Hybrid WAN Cloud VPN
Service
Provider
Network
Branch Office
Public
Cloud
Internet
Service
Provider Network
HQ
Service
Provider 1
Service
Provider 2
Branch Office
Private
Cloud
Public
Cloud
Internet
HQ
MPLS
Dedicated
internet
Service
Provider 1
Service
Provider 2
Branch Office
Private
Cloud
`Public
Cloud
HQ
Dedicated
internet
Dedicated
internet
INET INET
Internet
Private
Cloud
PE
L2 PtP
MPLS PW
PE INET
Common Orchestration and Elastic Cloud Services Platform Consistent Portal and Service Dashboard Instrumentation
Application Aware Cloud Services Optimization Pervasive Security WAN Optimization Usage Based Pricing
MPLS
VPN
13. 13© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Intelligent WAN
Solution Components for SPs
Intelligent
Path Control
Load Balancing
Policy-Based Path Selection
Network Availability
Secure
Connectivity
Scalable, Strong Encryption
App-Aware Threat Defense
Cloud Web Security
Application
Optimization
Application Visibility
App Acceleration
Intelligent Caching
Hybrid WAN
Application-centric Design
Common Operational Model
Deployment Flexibility
14. 14© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Transforming the User Experience
SELECT A SERVICE BUNDLE
CONNECTION
ONLY
SELECT
APPLICATION
PERFORMANCE
BASIC
SELECT
APPLICATION
PERFORMANCE
FULL
SELECT
APPLICATION
PERFORMANCE
PREMINUM
SELECT
Basic Connectivity ✓ ✓ ✓ ✓
Application Monitoring ✓ ✓ ✓
QoS Features ✓ ✓ ✓
Performance Routing ✓ ✓
Direct Internet Access ✓
App acceleration & opt ✓
Account Logout
15. 15© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ManualAutomated Self-Service On-Demand
From Complexity
to Simplicity and Automation
Where Can
We Put It?
Procure It Install It Configure It Secure It
FROM WEEKS TO MINUTES*
Service Oriented
Self-Service
Automated Provisioning
Elasticity
(Capacity-on-Demand)
Architect It Design It
Is It
Ready?
16. 16© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Orchestration System
Elastic Services
Controller (ESC)
Tenant Portal
Network Services Orchestrator (NSO)
REST API REST API
SP’s OSS/BSS
ISR CPE
PnP Functionality
Zero Touch Provisioning
OpenStack
CSR1Kv ASAv
X86Server
WSAv
CloudVPN Connectivity up
If more VNFs are needed
for a Service Chain ?
ISR CPE Shipped to Customer
Site, connected and Powered ON
Customer Orders VPN Service
Provide Day 1
Configuration
SDN Controller
Establish VPN: IPSec, IP Overlay
(BGP, GRE, LISP), L2
PnP Server
DCI/PE
Internet
Gateway
OVS/
VTF
17. 17© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SP IWAN
SP-IWAN: Business Case Catalog
Delivering Value Within the Network
Deploying New Cloud
Services/Guest Access
DIA
Ubiquitous Visibility Over
Multiple Networks
Application
Visibility
Allowing Applications
to Flow Between
Multiple Links
Performance
Routing
Extend High Quality
Digital Experiences
from Any Cloud
Application
Performance
18. 18© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ubiquitous Visibility Across Networks
Cisco Application Visibility and Control
Fault SeekingProactive Monitoring WAN Sizing
Customer Sites
Service Provider
WAN Access
Cisco CSR
1000V
Series
AVC
Cisco CSR
1000V
Series
AVC
Cisco CSR
1000V
Series
AVC
Cisco CSR
1000V
Series
AVC
Internet
Public Cloud
Private CloudCampus/Data Center
vCPE
• Trace historical records for
network data for RCA
• Determine type of traffic running
across the network
• Tune the network to business-
critical services
• Measure and project application
needs for WAN services
AVC
AVC
19. 19© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Allowing Applications
to Move Freely Between Networks
Performance Routing (PfR)
• Steer application flows based
on type, policies and path status
• Provide protection of business
applications from brownouts
Application-Aware
• Provide more value with Active/
Active WAN links
• Increase bandwidth efficiency
by load-sharing traffic over all
WAN paths
Full Utilization
• Automatic and on-demand
monitoring and intervention
• Decrease loss percentage to less
than 5%
Real-Time
Branch
ISR4K
IPSec Secure
WAN
DIA
MPLS
Public Cloud
Private Cloud
Virtual Cloud
IPSec Secure
WANMPLS
20. 20© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Optimal Application Experience from Anywhere
Application Performance
Result
Reduce Load
• Data redundancy elimination
(DRE), compression, and
TCP optimization
Application Optimization
• Fewer protocol messages
and metadata caching
Application bandwidth with Cisco® WAAS
Application bandwidth natively
Application latency natively
Application latency with Cisco WAAS
0 0
1
2
3
4
40
80
120
160
App Bandwidth App Latency
Bandwidth
(Mbps)
Latency
(Seconds)
Reduced
Bandwidth
Reduced
Latency
Public
Cloud
Privat
e
Cloud
Branch
ISR-AX
Akamai
Intelligent
Platform
Mobile Apps
Live Video
Software Downloads
Digital Signage
Catalogs
Guest WiFi
Akamai
Connect
Any Device, Connectivity,
Cloud
21. 21© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enable Cloud Application Deployment
Direct Internet Access
• Improve application performance
(right flows to right places)
Leverage local Internet path for
• Increase WAN transport capacity and
app performance cost effectively!
Internal Application Data to Center
Branch
Public Cloud
Private Cloud
Virtual Cloud
Internet
MPLS
(IP-VPN)
Direct Internet Access
22. 22© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IWAN as a Service Offering Example
PremiumBasic
AVC
AVC
+
QoS
AVC
+
QoS
+
PfR
AVC
+
QoS
+
PfR
+
Sec
AVC
+
QoS
+
PfR
+
Sec
+
WAAS
$$$
Application Acceleration
and Optimization
Application QOS and Bandwidth
Control
Real Time Application
Performance Monitoring
and Reporting
Basic
Connectivity
5% to 10%
10%
20% to 50%
$$$
Upsell Opportunity
(% of Basic Connectivity)