sd wan mpls service disruption or enhancement
Post on 21-Jan-2018
257 Views
Preview:
TRANSCRIPT
SD WAN: MPLS VPN disruption or enhancement?
Fahim Sabir
Director of Architecture & Development, Colt On Demand
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 1
Colt networking solutions and our customers
─ Launched MPLS based services in early 2000s
─ 1000s of customers
─ Range from 10s to 1000s of sites, all over the world
─ Across all sectors: Finance, Media, Manufacturing, Transport,
etc.
─ Typically headquartered in major European and Asian cities
where we have a fibre presence
─ Launched IPSec sites tunnelled over the internet in late
2000s, long before SD WAN came into existence
─ Introduced SD-WAN capability into our networking solutions in
2016, partnering with Versa Networks for the platform
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 2
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 3
The CIO challenge hasn’t really changed
─ Do more with less
─ Exponential growth in bandwidth requirements – Gbps world
─ Greater agility
─ Highly distributed organisations, all sites need connectivity
─ Measured by spend and application performance
─ Consumer experiences have set the bar much higher
─ Self-service no longer a ‘nice to have’
─ Need the cutting edge without the disruption of a big migration
Both MPLS and IPSec over Internet have pros and cons
MPLS― High level of guaranteed performance
― Very expensive per Gbps, especially for off-net locations
Use when applications are latency, performance and security sensitive
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 4
IPSec over Internet― Performance not guaranteed
― Commodity connectivity which is cheaper and available everywhere
Use when bandwidth is key and performance is not critical or can’t be controlled
Connectivity isn’t what makes
SD WAN special. The intelligence
and service experience we can add
to the connectivity is.
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 5
Almost every networking solution
RFI received by Colt in the last 18
months has requirements that are
best solved by SD WAN
capabilities, whilst demanding
performance, security and reliability
that can only be delivered by an
MPLS underlay, at a price point
closer to commodity internet
connectivity.
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 6
High level architecture
MPLS Internet
x86 CPEs
Cloud
MPLS SD WAN
Gateways
x86 CPEs
Control
MPLS IPVPN
Internet
IPSec
Director and
Analytics
Custom Portal
BSS/OSS
systems
Traditional
CPEs
Firewall VNF
Firewall VNF
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 7
― Versa Networks based platform
― Commodity Atom based CPEs – alternate option high performance Xeon D based CPE due 2017Q4
― VNFs on CPE to provide additional value, currently firewall, others planned
― Direct site-to-site IPSec tunnels where connectivity is over the Internet
― Custom portal offering control and analytics
― Integrated to existing MPLS architecture
― Integrated to existing BSS/OSS platforms
Architecture benefits
─ Delivers a good balance of cost, performance, security and
agility without sacrificing on any of these
─ The customer can validate the SD WAN capability without
committing to a big network rollout or migration
─ The customer can execute the migration to a full SD-WAN
based solution on a rolling basis
─ End-to-end service assurance from a single operator across
‘legacy’ and next generation networks.
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 8
Challenge #1: Expensive off-net MPLS connectivity
Solution: Hybrid MPLS and IPSec over Internet connectivity
― Premium (MPLS) and value (IPSec over Internet) paths back to the network
― Default path for each type of traffic, determined by basic layer 4 analysis, or DPI (2017Q4)
― Alternate path for each type of traffic based on some steering criteria (latency, available bandwidth)
― Self-service policy setting
― Analytics
MPLS Internet
x86 CPE
Cloud
MPLS SD WAN
Gateway
x86 CPE
MPLS IPVPN
Internet
IPSec
9
Challenge #2: Exploding internet bandwidth requirements
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 10
MPLS Internet
x86 CPE
Cloud
MPLS SD WAN
Gateway
x86 CPE
MPLS IPVPN
Internet
IPSecSolution: Local internet breakout
― Traditional used central gateways to break out from the MPLS core
― Premium bandwidth is reserved for applications that need it
― Internet services that rely on geolocation work as they should
― Improved latency for remote sites
Challenge #3: Internet security threats
04 October 2017 11
MPLS Internet
x86 CPE
Cloud
MPLS SD WAN
Gateway
x86 CPE
MPLS IPVPN
Internet
IPSecSolution: Firewall VNF
― Layer 4 firewall.
― Logging
― Analytics of rule hits
― Resides on the same CPE, additional hardware not needed
― Multiple firewall types supported (due 2018)
Development continues…
Near term developments include…
― Dual CPE support, with load balancing/redundancy
― More than 2 connections
― Advanced firewall and steering capabilities
― Advanced analytics
― Sub-networks/multi-VRF support
― High performance Xeon D based CPE
― More network functions (application optimisation)
― Support for MPLS only connectivity with an x86 CPE
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 12
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 13
Learnings as an operator
― Feature parity is expected with the network solutions
customers already have. Even the basic stuff needs to be
rebuilt from scratch
― Customer pipeline initially drives the roadmap, because
demand is greater than development velocity
― Customer experience implications must drive every decision
― The commodity compute+software world is very different
from the custom hardware world. For everyone
― Service assurance models need to be rethought for
networks which are part on-net and part overlay
― There aren’t many people available in the market with the
technical skills needed. Cross training is key
― A close working relationship with your SD WAN platform
vendor is a necessary foundation
Thank you
04 October 2017 SD W AN: MPLS VPN d isrupt ion or enhancement? 14
top related