Date post: | 07-Aug-2015 |
Category: |
Technology |
Upload: | ntt-innovation-institute-inc |
View: | 937 times |
Download: | 3 times |
DELIVERING A CARRIER-CLASS NFV USE-CASE
INTRODUCTION Ichiro Fukuda, Chief Architect, Infrastructure, NTT I3 § NTT Innovation Institute for 5 years working on realizing NTT's Cloud and Software-Defined
networking vision § NTT Communications over 10 years. He led various development projects including ATM and
IP/MPLS technology based network services § M.E. and B.E. degree from Waseda University § Member of CTO Council of Open Networking Foundation(ONF), and OpenContrail Advisory
Board.
Pratik Roychowdhury, Director, Product Management, Contrail (Juniper) § Juniper for last 5 years leading product management activities for Juniper’s Network Virtualization
Platform and Network Programmability products and taking some of those products from concept to release
§ 15 yrs in the hi-tech industry assuming various roles including product development at Citrix, strategy & marketing at early stage start-ups and technology investment banking at UBS
§ B.Tech in EE from Indian Institute of Technology; MBA from Univ of Michigan, Ann Arbor
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
AGENDA
ENTERPRISE WAN : CHALLENGES & TRENDS
ESI SOLUTION OVERVIEW
DEMO
Q&A
1
2
3
4
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
CHALLENGES & TRENDS
ENTERPRISE WAN OVERVIEW
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
ENTERPRISE CUSTOMERS’ CHALLENGES
COMPLIANCE OVERHEAD
INSUFFICIENT VISIBILITY
OPERATIONAL INSECURITY
SLOW NETWORK PROVISIONING
OVERWHELMING WORKLOAD
§ Too many types of devices to manage
§ Too many sites to manage
§ Lot of customization § Network provisioning for a new application is slow
§ Provisioning a VPN circuit takes 60-90 days
§ Lack of expertise to properly configure security devices to address their requirements
§ Lack of expertise to find meaningful events from logs
§ Limited ability to correlate data during downtimes
§ Hard to identify dependencies between applications and infrastructure elements
§ Must comply with multi-regional policies
§ Rigid change management is required to enforce and maintain policies
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
High Expectation to Software-Defined Wide Area Network (SD-WAN)
PROBLEM STATEMENT (ONUG SD-WAN WG )
1. Significant delays and cost in provisioning cycles of remote sites
2. Operational and management complexities, resulting in provisioning and remediation inefficiencies
3. The proliferation of required network and security services has resulted in a 1:1 ratio mapping of multi-vendor appliances not optimal for remote sites
4. Complexity and inefficiency for managing security and compliance controls
5. High cost and low control of the wide area network
Source: Open Networking User Group (ONUG) white paper https://opennetworkingusergroup.com/wp-content/uploads/2015/05/ONUG-SD-WAN-WG-Whitepaper_Final1.pdf
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
CONVERGED
INFRASTRUCTURE
AS A SERVICE
AS A SERVICE PROVIDER, WHAT DO WE DO?
New revenues from a managed enterprise
Network appliance (re)-selling accelerated by NFV and an as-a-service consumption model
Differentiate Service Provider’s Data Centers and Cloud collocated with a SDN/NFV Service enabled POP
‘Share of Customer Wallet’ shifting from Carrier Circuits & Networking Hardware to Managed Value Added Software and Services. We Will Provide An End to End Solution to Capture this Opportunity
IT Outsourcing
Network Integration
DC Hosting Cloud
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
STRATEGY AND APPROACH
ELASTIC SERVICE INFRASTRUCTURE (ESI)
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
ESI : ELASTIC SERVICE INFRASTRUCTURE
Cloud DC (for Hosting/Cloud services)
POP WITH NFVI
Network POP
CPE WITH NFVI
Customer Premises
CLOUD/DC WITH NFVI
§ Service Infrastructure for SDN/NFV-Enabled Programmable Enterprise Networking § NFVI Distributed over Multiple Locations in Three Altitudes: Cloud, Fog, and Ground § Creates an Open Market for VNF Providers to Deliver Leading-Edge NFV Solutions to Customers § Currently under Internal Product Evaluation within NTT Group
Cloud
Fog Ground NTT’s Global Networks
(Internet Backbone / MPLS-VPN)
VNF
VNF Market Place
VNF VNF
VNF
VNF
VNF
VNF VNF
VNF VNF VNF
VNF Providers
VNF ORCHESTRATOR
Local Network
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
ESI SOLUTION OVERVIEW Solution Description Customer Needs
§ Multi-tenant LBaaS, FWaaS, WanOpt-aaS capability § Reduced TCO from low-cost CPE devices, (ê cust support costs) § Improved agility in introducing new (& upgrading existing) services § Self-service portal for service enablement
Scale-out and on-demand security and connectivity services to business customers with light-weight device at customer premise
1 Flexible Service Chaining § Service Catalog / Marketplace with choice of services § Service Chaining of Security and Network services § Services run in POP or customer premises (ESE) § APIs integration with self-service portal
4 Software Defined WAN § Built on top of the Internet, using secure connection for data and
control traffic § Integrates with existing L3VPN (wherever applicable)
2 Central management, monitoring, troubleshooting § ESI Controller manages & monitors the environment centrally § OpenStack Heat to create service templates
Customer Branch
Customer DC
Software Defined WAN (L3VPN)
ESI Controller
4
2
ESE ESE
ESE ESE ESE
ESI POP
ESE ESE ESE
ESI POP
ESE ESE Customer HQ
Customer Premise
ESI POP (NTT DC)
COTS HW (X86, ARM, )
SDN / NFV Software Stack VNFs MARKET PLACE
…
3
1
3 Open, interoperable Carrier-grade SDN Platform § OpenContrail - scalable, performant & available SDN platform § BGP & other standards-based protocol for interoperability
Internet
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
ESI SOLUTION DETAILS
ESE Device (compute node)
Multiple LAN Interfaces (wired / wireless)
CUSTOMER SITE
…
POP
Analytics
INTERNET
Internet Access / Connectivity
On Premise Services
Services & Service Chaining on a Contrail Cloud Cluster
1
2b
2a
4
2a
Hypervisor
1. Initial Provisioning à Once the CPE device comes up it calls home, gets info on which DC/POP to connect to, establishes a secure connection to the PoP. Contrail Controller running in the DC/POP, manages/provisions the CPE device, assigns IP, etc.
2. CPE Device is just as another compute node à vRouter in the CPE device, and the DC compute nodes à a. Service Chaining: Enable services to be chained on the CPE as well as the ones in the DC. (Note that for the CPE device which cannot run vRouter
in the data plane, vRouter agent could be running in the user space and programming the data plane for forwarding.) b. Analytics: Granular flow statistics information is communicated back to the Controller (analytics node) from the vRouter (both from CPE & the DC
compute nodes), then aggregate/stream to global analytics backend 3. Centralized Portal à Policy definition + Monitoring, diagnostics, analytics (aggregates statistics info across all POPs/DCs) 4. Internet Connectivity à to the customer environment is provided from the DC or directly from the CPE device (through split tunneling)
3
Secure Connection over Internet
Centralized Operator Portal (management/provisioning + monitoring + Billing) + Customer Self Service Portal
Management & Provisioning
SSL Concentrator
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
ESI PRODUCT DEMO
LIVE DEMO
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
USE-CASE: BRANCH NETWORKING
§ Management of enterprise infrastructure o E2E Automation and Network orchestration
o Overcome overload and increased latency of private WAN and DC links
§ Spinning up new services on-demand, rapidly and stitching the services in a chain regardless of location of services
§ Achieving Carrier-grade infrastructure
o Network Availability with NFV o Scaling for unpredictable Network Utilization
§ Monitoring, Debugging, Troubleshooting entire environment centrally
Technical / Operational Needs
§ Enterprise customers need to simplify Branch Networking
o Need to quickly deploy new branch sites (slow VPN circuit delivery when opening new sites)
o Expensive carrier VPN bandwidth to be used effectively
o Netw. device mgmt. with limited IT resources
§ Lowering TCO o Operational cost of managing and operating the
network
o Very high price-per-bandwidth of enterprise WAN § Rapid service delivery and application roll out to
accelerate business
Business Needs
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
DEMO SETUP
WAN
LAN
Management
Admin Portal @Palo Alto
Web Filter VNF
Overlay VPN
Demo Laptop
ESE Device
INTERNET
Go to Demo
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
DEMO MOVIE
Demo movie can be found in YouTube OpenContrail channel https://www.youtube.com/user/OpenContrail
ESI DEMO MOVIE
Demo: E2E Automation of Enterprise Branch Roll-out https://www.youtube.com/watch?v=tRYsALKtWfQ
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
HOW DOES OPENSTACK FIT IN?
Back from Demo
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
ESI HIGH LEVEL ARCHITECTURE Global Service Orchestrator
Service Distribution Layer (ETCD)
Dashboard Model Importer
API
NFVI
VNF
Local Resource Orchestrator
SDN Controller (CONTRAIL)
Orchestration Engine (HEAT)
Virtual Network
Service Chain
Cloud Controller (OPENSTACK)
VNF Compute
VNF Manager
VNF Manager
VPN Controller
Overlay VPN VNF Image Repo.
Worker (Model Transformer / Resource Scheduler)
NFV Infrastructure Layer
SSL Forwarder vRouter
VNF
VNF VNF VNF VNF
COTS Hardware x86 SOC
ARM SOC NPU FPGA
KVM / Docker
Software-Defined WAN Fabric
(Overlay-VPN / MPLS)
ESE: Service Edge (Customer Premises)
Service / Network Model
Catalog Policy
End-customer
Analytic
SSL Concentrator KVM / Docker vRouter
VNF VNF VNF VNF VNF VNF VNF VNF
NFV Resource Pool
Underlay Infrastructure Server ToR Router Appliance
Micro Service Controllers
VNF VNF
Operator
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
CONTROLLER ARCHITECTURE Zero Coding Service Definition
JSON Schema
Schema Mapping
Heat Template SouthBound API
New OpenStack-like Service on the fly
Automatically Generate à UI /
API / DB / SOUTHBOUND
Policy (JSON based)
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
CONTROLLER ARCHITECTURE Model Definition by JSON Schema
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
CONTROLLER ARCHITECTURE Template Mapping and Heat Template
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
LOCAL
GLOBAL
ESI API Server (Go based)
etcd (pubsub) mysql
Heat worker
Heat
OpenStack OpenContrail VNF GW
VNF
Worker
JSON Schema
Schema Mapping
Heat Template
Keystone
CONTROLLER ARCHITECTURE Agile Service Development Engine
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
ESI-POP ESI-POP
Hosted Private Cloud
NETWORK ARCHITECTURE Virtual Network and L3-VPN as First Class Citizen à L3-VPN Based WAN Fabric
ESI CONTROLLER
ESI-POP
ESE
Existing L3VPN Sites
Scale Horizontally -- Coexistence with other L3 VPN Sites
SaaS
IaaS
ESE: Elastic Service Edge (Smart CPE w/ Distributed NFVI)
External Cloud Services
ESE ESE ESE ESE ESE ESE ESE ESE
L3VPN
Internet Pvt. Line
DYNAMIC OVERLAY-VPN
(TUNNEL MESH)
DYNAMIC OVERLAY-VPN
(TUNNEL MESH)
DYNAMIC OVERLAY-VPN
(TUNNEL MESH)
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
CPE FEATURE
NFV Infrastructure Layer
SSL Forwarder vRouter
VNF
VNF VNF VNF VNF
COTS Hardware x86 SOC
ARM SOC NPU FPGA
KVM / Docker
ESE: Service Edge (Customer Premises)
§ Self-service SSL-VPN On-boarder § Dynamic SSL-VPN Configuration
o Create tunnel dynamically when NH Update § Simple and Robust Service Insertion and Chaining
o No Nova-Compute in ESE o Instantiate VM / Docker container via vRouter-agent
§ Granular Log/Metric Collection for Analytics § Automatic OS Update
o Pull and Update OS if needed § Software Portability Across Different Hardware
o Network Appliance, ToR Switch, x86 Server
Linux and Open-Source Software Allow us to Develop Managed Service Device that is Tailored to our Business and Operational Processes
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
OPENCONTRAIL - SOFTWARE NETWORKING SYSTEM
Physical IP Fabric (no changes)
OPENCONTRAIL CONTROLLER
ORCHESTRATOR
Host O/S vRouter
Network Orchestration Compute / Storage orchestration
Gateway
Config Plane: Bi-directional real-time message bus using XMPP
…
Scale-out Multi-vendor VNFs can run on the same platform
Interoperates with different Orchestration systems
Integrates with § different Linux Hosts, § multiple hypervisors, Containers § multi-vendor X86, ARM servers
Multi-vendor SDN Gateway (any router that can talk BGP and the dynamic tunneling protocols)
Data Plane: Overlay Tunnels (MPLSoGRE, MPLSoUDP, VXLAN)
Control Plane: BGP Control Plane (logically centralized, physically distributed Controller elements)
Automation: REST APIs to integrate with different Orchestration Systems
Internet / WAN or Legacy Env.
(Config, Control, Analytics)
Control /Config Plane: for Bare Metal support - OVSDB or EVPN + Netconf
Multi-vendor TOR support to connect Bare Metal Servers, using standard control plane & config plane protocols
(Windows, Linux ….) on BMS
TOR
Neutron
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
OPENCONTRAIL BENEFITS
PERFORMANCE: vRouter provides Multi-tenant Routing, Switching, Firewall, and Load Balancing
SCALABILITY: No Shared State or Per Flow Computation
AVAILABILITY: All components (Controller and OpenStack) are highly available
INTEROPERABILITY: with multi-vendor physical infrastructure for investment protection
ANALYTICS: Application and Network state for rich Diagnostics, Monitoring, Reporting
SECURITY: Inherent security from L3VPN, enhanced with further control/data plane sec. features
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
ESI SOLUTION – CO-CREATION EFFORTS
Driving Requirements
Features
§ ESE Device management / control / data traffic over the Internet on a secure channel § P + V Interconnect (Bare Metal TOR integration) § Container integration (running on the ESE devices) § Centralized portal allowing
o Initial provisioning of CPE device including à policy definition once CPE device comes up (creating OpenStack Heat-based templates)
§ Service Chaining capabilities between services running at the Customer site (i.e. on CPE) with services in the POP
§ Centralized security policy creation with distributed policy enforcement § vRouter running on the ESE device (ESE device just another compute node) – analytics from the ESE device § Carrier-grade platform …
Collaboration
§ Co-creation / Agile development of solution between OpenContrail and NTT § Partner relation more than a customer relation § Architectural support on using Contrail and OpenStack components within ESI Solution
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
© 2014 NTT i³ - Internal Only
PRESS RELEASE OF THE SOLUTION
Press Release: http://www.ntti3.com/blog//ntt-i3-introduces-elastic-service-infrastructure-to-enable-the-cloud-ready-enterprise
ESI, an infrastructure for NFV-enabled enterprise networking, leverages Juniper Networks’ Contrail™ Cloud Platform, an OpenStack-based cloud orchestration platform
“NTT Communications is committed to launching new services which create strong ROI for our customers. NTT i3's R&D approach demonstrates that NTT Group is an industry-leading innovator for IT services.”
- Takashi Ooi, Director, Member of the Board , Senior Vice President , NTT Communications
OpenStack Summit, May 18-22, 2015, Vancouver BC CANADA, ©NTT INNOVATION INSTITUTE, INC.
THANK YOU!