network virtualization n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Network Virtualization PowerPoint Presentation
Download Presentation
Network Virtualization

Loading in 2 Seconds...

play fullscreen
1 / 20

Network Virtualization - PowerPoint PPT Presentation


  • 237 Views
  • Uploaded on

Network Virtualization. Gregory Johnson Consulting Systems Engineer National Programs Operation. BNG. DPI. VOD. Dbase. ServiceFlex. Physical Instantiation. U-PE. Location Server. N-PE. NMS. MSE. Access. Aggregation. Edge. Core. Data Center.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Network Virtualization' - raven


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
network virtualization

Network Virtualization

Gregory Johnson

Consulting Systems Engineer

National Programs Operation

serviceflex ip ngn converged network design

BNG

DPI

VOD

Dbase

ServiceFlex

Physical Instantiation

U-PE

LocationServer

N-PE

NMS

MSE

Access

Aggregation

Edge

Core

Data Center

ServiceFlex – IP NGN Converged Network Design

IP NGN

Presence-Based Telephony

IP

Contact Center

Video & Gaming

Data

Center

Web Services

Mobile Apps

Application Layer

Framework for User and

Application-Based Control

Service Layer

Architectural Framework and Functionality

Service Exchange

Operational Layer

Customer

Element

Access/ Aggregation

Intelligent

Edge

Multiservice

Core

Network Layer

Carrier Ethernet

core edge evolution blurring boundaries
Core/EdgeEvolution Blurring Boundaries

Intelligent

Edge

  • Virtualization
  • Service flexibility
  • Scalability
  • Continuous operation
  • Management
  • Investment protection
  • Security

L2

VPN

L3

VPN

IP/MPLS

Core

Metro

Ethernet

Firewall

VoIP

Video

FR/ATM/LL

One Network, Many Services

the challenge consolidate disparate networks to single ip mpls infrastructure
The Challenge…..Consolidate disparate networks to single IP/MPLS Infrastructure

ATM

Site 2

Site 4

L2 Transport

IP NGN Core

(IP/MPLS)

Site 6

IP VPN

Site 1

Site 3

Site 5

Site 4

IP Transport

Site 2

Site 5

Site 1

Site 5

Site 3

Many networks on common sites with different edge devices and transmission

Single network over high capacity transmission carrying all services

service integration and virtualization evolving towards virtual network services
Service Integration and VirtualizationEvolving towards Virtual Network Services

Dedicated

Shared

Quasi Virtualized

Virtualized

Cust

1

Cust

2

Cust

N

Cust

1

Cust

2

Cust

N

Cust

1

Cust

2

Cust

N

Cust

1

Cust

2

Concerns for privacy & security

Virtual

Network Service

High CapEx & OpEx

Service context

Physical Resource

compartmentalization technologies
Compartmentalization Technologies

WAN

  • L2 VLAN Segmentation with 802.1x
  • L3 Compartmentalization solutions
    • VRF with GRE (HAIPE)
    • VRF-Lite end-to-end
    • RFC2547 over MPLS

COI

COI

COI

Contractor

virtual topologies vrf virtual routing and forwarding

802.1q

VRF

VRF

VRF

Virtual TopologiesVRF (Virtual Routing and Forwarding)
  • VRF allows for the creation of multiple logical forwarding tables
    • Distinct Routing Information Base (RIB)
    • Distinct Forwarding Information Base (FIB)
  • Allow virtual L3 networks on a common infrastructure
  • Associate each VRF with unique logical data paths.
    • 802.1q VLAN’s
    • GRE Tunnels
    • MPLS LSPs

GRE / MPLS

Virtual Routing and Forwarding

segmentation and virtualization vrf aware firewall

VRF

VRF

VFW

FWSM

VFW

J

Data Center

WAN

Segmentation and VirtualizationVRF Aware Firewall
  • Virtual Firewall can operate with multiple contexts each acting as independent FW
  • Each context can be associated with a specific VRF instance
  • Map VLAN from the VRF to the virtual Firewall
  • Extranets support inter-VRF collaboration
  • Centralized Resource provides for cost sharing and reduced OPEX

Data Center

network virtualization1

User Identification (Per Port or 802.1x)

Per User Role L2 VLANs

L3 VRFs

802.1Q + VRFs

MPLS,

GRE (PBR/VRF)

VirtualizedServices:

FW, Content Eng

VLANs

Partition

Server Farms

Network Virtualization

Mainframe

Servers

dedicated resources for virtual networks

Fault Isolation Isolation between traffic flows, processes, applications

Network anomalies on one routing instance do not affect others

Different s/w release per physically partitioned routing instance

Management & Security Isolation

MIB/SNMP/XML/CLI interfaces/processes per routing instance

SysLog output, Alarms, AAA processes per routing instance

Role/task based security processes per routing instance

Resource IsolationFlexible allocation of network and system resources

Dedicated Line modules and CPU

Dedicated Resources for Virtual Networks
secure domain router ios xr

SDR 1

Default

SDR

SDR 2

Secure Domain Router IOS-XR

CRS-1 SingleChassis System

  • Line Cards can be assigned to any SDR
  • Each SDR has dedicated Processor(s) and Line Modules
  • Up to 8 SDRs supported per chassis

CRS-1/16

F

A

N

F

A

N

D

R

P

D

R

P

DSC

D

R

P

D

R

P

RP

RP

  • Scalability
  • Adaptability
  • Fault Isolation
  • Service / Mgmt compartmentalization
secure domain routing via drps enhancing scalability service isolation and resiliency
Secure Domain Routing via DRPsEnhancing Scalability, Service Isolation and Resiliency
  • Increasing Control Plane Scalability
    • Added CPU and memory for specific applications i.e. BGP, LDP
    • 2 x SMP units, 8GB Total Memory
    • Granular flexibility through process assignment
  • Service Isolation
    • Enables each SDR to operate independent software versions
  • Enhanced Resiliency
    • Any scheduled or unscheduled outages are contained within each SDR
    • DRPs can be paired for added redundancy

CRS-1 DRP PLIM Module

CRS-1 DRP CPU Module

network consolidation with service level isolation
Network Consolidation with Service Level Isolation

CRS-1

10 GE

VPLS PE

IP VPN PE

10 Gbps Backhaul

L3 PE

IP KG

IP KG

Core (P) SDR

L3 Edge (PE) SDR

10GE and GE

10GE and GE links to PE

L2 Edge (PE) SDR

VPN Enclave SDR

CRS-1 Multi-Instance Service Separation Architecture

VPN

L3

Multi-compartment DC

typical ic architecture with atm today

IP KG

IP

IP

IP

IP

Typical IC Architecture with ATM (Today)

ATM Swithes

Serial KG

ATM KG

Serial KG

Low Speed

Serial Links

(~ T1)

Low Speed

Serial Links

(~ T1)

Serial KG

BLACK

ATM

Serial KG

ATM KG

  • Current architectures may use ATM Core (Black & RED)
    • In most cases use VP’s configured through the ATM KG’s
  • ATM is the most widely used “Core” encryption and is currently the fastest available Type I encryption transport
  • Current speeds supported for ATM Type I is OC-3  OC-192
  • Remote Access Site speed requirements vary from sub-T1 (serial) up to OC-3 (ATM)
ip services reference architecture for the ic architectural service modules
Independent Network Service Modules

Each module can be used independently based on customer requirement

Type 1 Encryption solution (technology agnostic to architecture) will dictate “Black” transport

Architecture is Type I independent

ALL modules must be Multiservice Capable (Voice/Video/Data)

Architecture is massively scalable and BW growth will not change design model

Technologies exist for each level that optimize network operations, scaling, and performance

VRF

VRF

Data

Center

BLACK

Service

VRF

VRF

VRF

VRF

VRF

VRF

IP Services Reference Architecture for the ICArchitectural Service Modules

Remote Site

HAIPE/GRE

Aggregation

(IP KG)

RED L2/L3

Services

Edge/Core

BLACK IP

Transport

Service

(IP KG)

L2 PW

Head-end

Existing

ATM Services

Access Technologies

DMVPN, VRF-lite, L2TPv3, MPLSoGRE

Remote Site

L3 VRFs

Options:

IP, Metro-E, SONET

Campus

full mesh gre
Full Mesh GRE
  • Requires N – 1 GRE tunnels
  • Routing protocol scalability limitations
  • Complex provisioning
  • Primarily suited for implementations with small number of sites
virtual full mesh dmvpn

= Dynamic&Temporary Spoke-to-spoke GRE tunnels

NHRP Reply

NHRP Query

Virtual Full Mesh - DMVPN

10.100.1.1

= Dynamic & Permanent spoke-to-hub GRE tunnels

130.25.13.1

10.1.2.1

10.1.1.1

red virtual wire service

IP

L2TP

Payload

IP KG

IP KG

IP

20 Bytes

L2TPv3 Hdr

4 - 12 Bytes

L2 Payload

Session ID

4 Bytes

Cookie

0,4,8 Bytes

Red Virtual Wire Service
  • Red routers appear directly connected
  • Obviates need for GRE tunnels
  • Seamless support Data Center clustering applications

Payload

Payload

summary
Summary
  • Virtualizations enables consolidation of multiple networks / enclaves onto a common infrastructure
  • Ability to provide any service at any point in the network
  • MPLS has proven to be the optimal IP Service enabler for an IP routing infrastructure
  • Segmentation/Virtualization, and the use of Service Domain Router (SDR) will evolve NG separation requirements into a more consolidated solution