1 / 20

Network Virtualization

Network Virtualization. Gregory Johnson Consulting Systems Engineer National Programs Operation. BNG. DPI. VOD. Dbase. ServiceFlex. Physical Instantiation. U-PE. Location Server. N-PE. NMS. MSE. Access. Aggregation. Edge. Core. Data Center.

raven
Download Presentation

Network Virtualization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Virtualization Gregory Johnson Consulting Systems Engineer National Programs Operation

  2. BNG DPI VOD Dbase ServiceFlex Physical Instantiation U-PE LocationServer N-PE NMS MSE Access Aggregation Edge Core Data Center ServiceFlex – IP NGN Converged Network Design IP NGN Presence-Based Telephony IP Contact Center Video & Gaming Data Center Web Services Mobile Apps Application Layer Framework for User and Application-Based Control Service Layer Architectural Framework and Functionality Service Exchange Operational Layer Customer Element Access/ Aggregation Intelligent Edge Multiservice Core Network Layer Carrier Ethernet

  3. Core/EdgeEvolution Blurring Boundaries Intelligent Edge • Virtualization • Service flexibility • Scalability • Continuous operation • Management • Investment protection • Security L2 VPN L3 VPN IP/MPLS Core Metro Ethernet Firewall VoIP Video FR/ATM/LL One Network, Many Services

  4. The Challenge…..Consolidate disparate networks to single IP/MPLS Infrastructure ATM Site 2 Site 4 L2 Transport IP NGN Core (IP/MPLS) Site 6 IP VPN Site 1 Site 3 Site 5 Site 4 IP Transport Site 2 Site 5 Site 1 Site 5 Site 3 Many networks on common sites with different edge devices and transmission Single network over high capacity transmission carrying all services

  5. Service Integration and VirtualizationEvolving towards Virtual Network Services Dedicated Shared Quasi Virtualized Virtualized Cust 1 Cust 2 Cust N Cust 1 Cust 2 Cust N Cust 1 Cust 2 Cust N Cust 1 Cust 2 … … … Concerns for privacy & security Virtual Network Service High CapEx & OpEx Service context Physical Resource

  6. Compartmentalization Technologies WAN • L2 VLAN Segmentation with 802.1x • L3 Compartmentalization solutions • VRF with GRE (HAIPE) • VRF-Lite end-to-end • RFC2547 over MPLS COI COI COI Contractor

  7. 802.1q VRF VRF VRF Virtual TopologiesVRF (Virtual Routing and Forwarding) • VRF allows for the creation of multiple logical forwarding tables • Distinct Routing Information Base (RIB) • Distinct Forwarding Information Base (FIB) • Allow virtual L3 networks on a common infrastructure • Associate each VRF with unique logical data paths. • 802.1q VLAN’s • GRE Tunnels • MPLS LSPs GRE / MPLS Virtual Routing and Forwarding

  8. VRF VRF VFW FWSM VFW J Data Center WAN Segmentation and VirtualizationVRF Aware Firewall • Virtual Firewall can operate with multiple contexts each acting as independent FW • Each context can be associated with a specific VRF instance • Map VLAN from the VRF to the virtual Firewall • Extranets support inter-VRF collaboration • Centralized Resource provides for cost sharing and reduced OPEX Data Center

  9. User Identification (Per Port or 802.1x) Per User Role L2 VLANs L3 VRFs 802.1Q + VRFs MPLS, GRE (PBR/VRF) VirtualizedServices: FW, Content Eng VLANs Partition Server Farms Network Virtualization Mainframe Servers

  10. Fault Isolation Isolation between traffic flows, processes, applications Network anomalies on one routing instance do not affect others Different s/w release per physically partitioned routing instance Management & Security Isolation MIB/SNMP/XML/CLI interfaces/processes per routing instance SysLog output, Alarms, AAA processes per routing instance Role/task based security processes per routing instance Resource IsolationFlexible allocation of network and system resources Dedicated Line modules and CPU Dedicated Resources for Virtual Networks

  11. SDR 1 Default SDR SDR 2 Secure Domain Router IOS-XR CRS-1 SingleChassis System • Line Cards can be assigned to any SDR • Each SDR has dedicated Processor(s) and Line Modules • Up to 8 SDRs supported per chassis CRS-1/16 F A N F A N D R P D R P DSC D R P D R P RP RP • Scalability • Adaptability • Fault Isolation • Service / Mgmt compartmentalization

  12. Secure Domain Routing via DRPsEnhancing Scalability, Service Isolation and Resiliency • Increasing Control Plane Scalability • Added CPU and memory for specific applications i.e. BGP, LDP • 2 x SMP units, 8GB Total Memory • Granular flexibility through process assignment • Service Isolation • Enables each SDR to operate independent software versions • Enhanced Resiliency • Any scheduled or unscheduled outages are contained within each SDR • DRPs can be paired for added redundancy CRS-1 DRP PLIM Module CRS-1 DRP CPU Module

  13. Network Consolidation with Service Level Isolation CRS-1 10 GE VPLS PE IP VPN PE 10 Gbps Backhaul L3 PE IP KG IP KG Core (P) SDR L3 Edge (PE) SDR 10GE and GE 10GE and GE links to PE L2 Edge (PE) SDR VPN Enclave SDR CRS-1 Multi-Instance Service Separation Architecture VPN L3 Multi-compartment DC

  14. IP KG IP IP IP IP Typical IC Architecture with ATM (Today) ATM Swithes Serial KG ATM KG Serial KG Low Speed Serial Links (~ T1) Low Speed Serial Links (~ T1) Serial KG BLACK ATM Serial KG ATM KG • Current architectures may use ATM Core (Black & RED) • In most cases use VP’s configured through the ATM KG’s • ATM is the most widely used “Core” encryption and is currently the fastest available Type I encryption transport • Current speeds supported for ATM Type I is OC-3  OC-192 • Remote Access Site speed requirements vary from sub-T1 (serial) up to OC-3 (ATM)

  15. Independent Network Service Modules Each module can be used independently based on customer requirement Type 1 Encryption solution (technology agnostic to architecture) will dictate “Black” transport Architecture is Type I independent ALL modules must be Multiservice Capable (Voice/Video/Data) Architecture is massively scalable and BW growth will not change design model Technologies exist for each level that optimize network operations, scaling, and performance VRF VRF Data Center BLACK Service VRF VRF VRF VRF VRF VRF IP Services Reference Architecture for the ICArchitectural Service Modules Remote Site HAIPE/GRE Aggregation (IP KG) RED L2/L3 Services Edge/Core BLACK IP Transport Service (IP KG) L2 PW Head-end Existing ATM Services Access Technologies DMVPN, VRF-lite, L2TPv3, MPLSoGRE Remote Site L3 VRFs Options: IP, Metro-E, SONET Campus

  16. Full Mesh GRE • Requires N – 1 GRE tunnels • Routing protocol scalability limitations • Complex provisioning • Primarily suited for implementations with small number of sites

  17. = Dynamic&Temporary Spoke-to-spoke GRE tunnels NHRP Reply NHRP Query Virtual Full Mesh - DMVPN 10.100.1.1 = Dynamic & Permanent spoke-to-hub GRE tunnels 130.25.13.1 10.1.2.1 10.1.1.1

  18. IP L2TP Payload IP KG IP KG IP 20 Bytes L2TPv3 Hdr 4 - 12 Bytes L2 Payload Session ID 4 Bytes Cookie 0,4,8 Bytes Red Virtual Wire Service • Red routers appear directly connected • Obviates need for GRE tunnels • Seamless support Data Center clustering applications Payload Payload

  19. Summary • Virtualizations enables consolidation of multiple networks / enclaves onto a common infrastructure • Ability to provide any service at any point in the network • MPLS has proven to be the optimal IP Service enabler for an IP routing infrastructure • Segmentation/Virtualization, and the use of Service Domain Router (SDR) will evolve NG separation requirements into a more consolidated solution

More Related