f5 perspective of nfv+sdn (sdn nfv day itb 2016)
TRANSCRIPT
CONFIDENTIAL
SDN ≠ NFV
Kurniawan Darmanto
Bandung, March 21st, 2016
© F5 Networks, Inc 2CONFIDENTIAL
SDN versus NFV
SDN• Separate control plane from data
plane in forwarding elements
• API-driven forwarding rules in data plane
• Initiated by Enterprise Sector
• Focused on L2-L4 forwarding
NFV• Porting control & forwarding plane
network functions to COTS HW
• Dynamic provisioning and orchestration of network functions
• Initiated by Telco / SP Sector
• Focused on entire OSI stack: L2-L7
SDNSoftware-Defined Networking
© F5 Networks, Inc 4CONFIDENTIAL
What is SDN?
© F5 Networks, Inc 5CONFIDENTIAL
• Separation of control and forwarding functions
• Centralization of control
• Ability to program the behavior of the network using well-defined interfaces
• Better way to connect and control the explosion of virtual machines in the data center
What SDN does for me?
© F5 Networks, Inc 6CONFIDENTIAL
Why SDN exists?Challenges
Configure firewall rules as
required by the application
Configure Network to insert Firewall
Configure firewall
network parameters
Configure Load Balancer as
required by the application
Configure Load Balancer
Network Parameters
Configure Router to steer traffic
to/from Load Balancer
Service insertion takes days
Network configuration is time consuming and error prone
Difficult to track configuration on services
Service Insertion In traditional Networks
Server
vFW
Switch
Router
FW
Router
LB
© F5 Networks, Inc 7CONFIDENTIAL
API
Market drivers:
• OpEx reduction by automation and centralization
• Rapid new application service introduction
• Network to provide what application service needs
• Reduction of Complexity and Cost for Network Infra
SDN ArchitectureOpen Networking Foundation / OpenFlow
Source: Software-Defined Network Architecture, ONF White Paper, April 13, 2012
Application layer
Application layer
Control layerSDNControlSoftware Network Services
API API
Control Data Plane interface (e.g., OpenFlow)
Infrastructure layer
Network Device Network Device Network Device
Network Device Network Device
© F5 Networks, Inc 8CONFIDENTIAL
No. F5 connects to those SDN vendors, such as:
• Cisco ACI
• VMware NSX
• Many more…
F5 approach is focus on application services (L4-L7). It’s called SDAS.
Does F5 have SDN solution?
© F5 Networks, Inc 9CONFIDENTIAL
Control
Plane
Data
PlaneSo
ftw
are
-De
fin
ed
Da
ta C
en
ter
SDDC Orchestrator
SDN Controller
SDN Applications
LAYER 2-4
Stateless Fabric
Applications
NVGREVXLAN
Service Chaining
Virtual & Overlay Networks
L4-7 Stateful Services ???
OPEN
APIs
Architect / Lines of Business
© F5 Networks, Inc 10CONFIDENTIAL
Applications Rely on Stateful Layer 4-7 Services
Router Switch
LAYER 2-4STATELESSSERVICES
LAYER 4-7STATEFULSERVICES
FirewallIdentity and Access
DDoSProtection
Global Load Balancing
Malware
Detection
ADC Application Security
Local LoadBalancing
Application Performance
Secure Web
Gateway
VIRTUAL AND OVERLAY NETWORKING
© F5 Networks, Inc 11CONFIDENTIAL
SDN (L1-L3) + SDAS (L4-L7) = SDDC
Control
Plane
Data
PlaneSo
ftw
are
-De
fin
ed
Da
ta C
en
ter
BIG-IQ
Security™
BIG-IQ
Cloud™
BIG-IQ
Device™
BIG-IQ
(SDAS Controller)
SDDC Orchestrator
SDN Controller
SDN Applications
LAYER 2-4
Stateless Fabric
F5 L4-7 SDAS Stateful Fabric
Applications
NVGREVXLAN
Service Chaining
iApps
OPEN
APIs
Architect / Lines of Business
© F5 Networks, Inc 12CONFIDENTIAL
Use Case: F5 + CISCO APIC/ACI Integration
ACI Fabric Virtual Edition Appliance Chassis
BIG-IQ Device
Package
Device Package
F5 Device Package Release Deployment Model
BIG-IQ Integration with Cisco ACI
1
2
4a
BIG-IQ integration with APIC
1 - BIG-IP expose iApps to BIG-IQ
2 - BIG-IQ create custom device package
3 - Admin import BIG-IQ device package to APIC
4a - APIC sends iApp config to BIG-IQ -> BIG-IP
4b - APIC sends Device config to BIG-IP
BIG-IP integration with APIC
1 - Download device package from F5
2 - Admin import device package to APIC
3 - APIC sends config to BIG-IP directly
downloads.f5.com
3
32
4b
1
F5
Syn
the
sis
Fa
bric
Device Package
F5 Configuration{'state': 1, 'transaction': 0,
'ackedState': 0, 'value': {(5,
'DestinationNetmask',
'Netmask1'): {'state': 1,
'transaction': 0,
'ackedState': 0, 'value':
'255.255.255.255'}, (5,
'DestinationPort', 'port1'):
{'state': 1, 'transaction': 0,
'ackedState': 0, 'value': '80'
BIG-IQ Device
PackageF5 iApps Config{'state': 1, 'transaction': 0,
'ackedState': 0, 'value': {(5,
'DestinationNetmask',
'Netmask1'): {'state': 1,
'transaction': 0,
'ackedState': 0, 'value':
'255.255.255.255'}, (5,
'DestinationPort', 'port1'):
{'state': 1, 'transaction': 0,
'ackedState': 0, 'value': '80'
F5 Device Config{'state': 1, 'transaction': 0,
'ackedState': 0, 'value': {(5,
'DestinationNetmask',
'Netmask1'): {'state': 1,
'transaction': 0,
'ackedState': 0, 'value':
'255.255.255.255'}, (5,
'DestinationPort', 'port1'):
{'state': 1, 'transaction': 0,
'ackedState': 0, 'value': '80'
© F5 Networks, Inc 13CONFIDENTIAL
Use Case: F5 + VMware NSX Integration
NSX Manager
NSX Management
GenericPlatform
iApps
NSXEdge
NSXvSwitch
User
GenericPlatform
Admin
Cloud Management & Orchestration
Cloud Management & Orchestration
Application Services
BIG-IPPlatform
Deploying L3–L7 Services
ApplicationWorkloads
BIG-IQ Cloud and BIG-IQ Device
BIG-IP Local Traffic Manager
Simplified Business Models
• Operational agility at the network services (Application Delivery Networking [ADN]) layer
• Operational agility for application-specific services for acceleration, availability, and security (a rich Layer 7 protocol)
• Delivering a consistent consumer experience without consuming IT resources better spent on strategic projects
Network Functions Virtualization
NFVNo Functional Value
© F5 Networks, Inc 15CONFIDENTIAL
What is NFV?
© F5 Networks, Inc 16CONFIDENTIAL
NFV Market Drivers
© F5 Networks, Inc
• 68% consider NFV very important/essential in 2018 – 2020
• 58% of WW SPs are committed to implementing either SDN, NFV or both
82%
Increased Operational Efficiency
77%
Implementing NFVto accelerate revenue
55%
Realized new servicesthat were not possible with current technologies
55%
Scaling services up or down quickly
AutomationRevenue GenerationNetwork EfficiencyService Agility
Statistics provided by Infonetics Research and Heavy Reading
© F5 Networks, Inc 17CONFIDENTIAL
• Software/Functions will be totally decoupled from Hardware
• Reduce CapEx: allowing network functions to run on off-the-shelf hardware.
• Reduce OpEX: supporting automation and algorithm control through increased programmability of network elements to make it simple to design, deploy, manage and scale networks.
• Deliver Agility and Flexibility: helping organizations rapidly deploy new applications, services and infrastructure to quickly meet their changing requirements.
• Enable Innovation: enabling organizations to create new types of applications, services and business models.
What Problem NFV tries to Solve?
© F5 Networks, Inc 18CONFIDENTIAL
The Pillars of NFVMore than just virtualizing a network function
Virtualization
• Virtual network functions
(VNFs/VMs)
• Multi-tenancy
• High performance
• Comprehensive
hypervisor support
Abstraction
• Service and network
abstraction
• Configuration templates
• On demand resourcing
Programmability
• Data, control, and
management planes
• Open and production-
deployed APIs
• Developer-friendly
RESTful APIs
• Large dev community and
ecosystem
Orchestration
• Unified multi-vendor,
multi-service ecosystem
• Integration with major
vendors like VMware, HP,
OpenStack, ALU, CISCO
• Policy-driven flows and
steering
SDN + SDAS = SDDC
© F5 Networks, Inc 19CONFIDENTIAL
• ETSI NFV: F5 is a participant, that follows developments and attend meetings. F5 also have representatives in the IETF meetings that refer to NFV technologies.
• OPNFV: F5 currently studying membership/contribution options.
• OpenStack: F5 participates with Corporate Sponsor status
• ONF: F5 is a member
• IETF: F5 Working on the definition of SCF with NSH metadata
• Mobile World Congress: F5 participates in NFV demo/POC since 2014
F5 involvement with NFV
© F5 Networks, Inc 20CONFIDENTIAL
• Supports all major Hypervisors (e.g. VMware, KVM, Hyper-V, etc)
• Standard APIs and REST APIs
• Use ETSI NFV, IETF, OpenStack Forum, Open Networking Foundation and other NFV/SDN standards
• Supports leading orchestration solutions:
• HP NFV Director
• Cisco NSO
• Nokia / ALU Cloudband
• OpenStack
• Puppet
• Many more…
Does F5 ready to be integrated with NFV?
VNF-M
NFV-O
VIM
VNFs
ETSI
VIM
VNFs
NSONetwork Service
Lifecycle Manager
ESCVirtual Service
Lifecycle Manager
OpenstackVirtualized
Infrastructure Manager
AFMFirewall
F5
LTMLoad
Balancer
F5
APMPolicy
Manager
F5
Network Service Orchestrator
Fulfillment & Assurance
VNF
Adapter
VNF Manager
(Embedded)
Global Resource Orchestrator
VIM Adapter
(Openstack)
AFMFirewall
F5
LTMLoad
Balance
r
F5
APMPolicy
Manager
F5
HP NFV Director
CLOUDBANDORCHESTRATOR
(NFV ORCHETSRATOR)
CPAAS LCM (VNF MANAGER)
Virtualised
InfrastructureManag
er(s)
VIM
ALU Cloundband
Management
System
VNF Modeling (TOSCA)
(Device, VNFV &
Infrastructure
Description)
AFMFirewall
F5
LTMLoad
Balanc
er
F5
APMPolicy
Manager
F5
ALU/Cloudband – F5 Integration HP NFV Director – F5 Integration Cisco NSO – F5 Integration
F5 Networks 2015 PROPRIETARY & CONFIDENTIAL
Adding F5 to the NFV Partner Architecture
© F5 Networks, Inc 22CONFIDENTIAL
• Deployment Guide
• https://support.f5.com/kb/en-us/products/big-iq-cloud/manuals/product/bigiq-lbaas-openstack-plugin-setup-4-4-0.html
• Version Compatibility
• OpenStack: Grizzly/Havana
• BIG-IP VE: 11.3+ in OpenStack
• BIG-IQ Cloud: 4.4.0,4.5.0
• Features
• You need to provision BIG-IP VEon OpenStack Environment
• Uses new iControl REST API
F5 Integration with OpenStack (Official Ed.)
© F5 Networks, Inc 23CONFIDENTIAL
F5 Service Aligns with “NFV” Approach
Os-Ma
Se-MaService, VNF, and
Infrastructure Description
NFV Managementand Orchestration
VirtualComputing Hardware
VirtualStorage Hardware
Virtual Network Hardware
Ve-Vnfm
Vn-Nf
Nf-Vi
Or-Vi
VirtualInfrastructure
Manager
NFVI
Virtualization Layer
Computing Hardware
Storage Hardware
Network Hardware
OSS/BSS
Or-Vnfm
BIG-IP Virtual Edition
BIG-IQ
BIG-IQ
© F5 Networks, Inc 24CONFIDENTIAL
Use Cases: Being Deployed by Service Providers
© F5 Networks, Inc
81%
77%
68%
64%
55%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
SERVICE
CHAINING
VIRTUAL IMS
VIRTUAL EPC
VIRTUAL CPE
VIRTUAL GI-LAN
Top NFV Use Cases
Statistics provided by Infonetics
© F5 Networks, Inc 25CONFIDENTIAL
Key Benefits:
• Self-Provisioned by Enterprise customers in need of services to support Enterprise IT
• Purchase Network services that are easy to provision, scale, and rapidly deploy
Deploy Virtual Firewall / Create Business Rules
to allow only DNS traffic to pass
vFW
Deploy Virtual Load Balancer & update with Virtual Pool
Members
vLB
Deploy Virtual DNS pools
vDNS
WAN
Scalable DNSaaS
Auto Deploy \ Heal
Fully Automated Deploy \ Heal \ Scale
Out \ Scale In
LBaaSFWaaS
Management & Network
Orchestration
Case Study: Orchestrated Scaled DNS Service Use Case
SDN + NFV
© F5 Networks, Inc 27CONFIDENTIAL
Today
© F5 Networks, Inc 28CONFIDENTIAL
NFV
© F5 Networks, Inc 29CONFIDENTIAL
NFV & SDN
© F5 Networks, Inc 30CONFIDENTIAL
F5 Well Positioned for NFV & SDN
• ADC Market Leader• Accelerated Insertion of SP Security• PEM gaining traction• Big VE throughput Higher Scalability• Well Placed for Hybrid Networks• New Licensing/Business Models
RICH PRODUCT PORTFOLIO
• BIG-IQ Enhancements• Openstack plugin support• Customizable plugins for 3rd party
MANAGEMENT & ORCHESTRATION
• ALU/Cloudband – ecosystem partner• Cisco – APIC/ACI & NSO POCs• HP – active collaboration• Openstack – significant progress• VMware – active collaboration
ESTABLISHED/GROWING ALLIANCES
• ALU/Nuage Integration• Cisco ACI/APIC Integration• SDAS Positioning gaining traction • Strong SDDC portfolio• VMware Integration
STRONG SDN STORY
© F5 Networks, Inc 31CONFIDENTIAL
Good to watch https://www.youtube.com/watch?v=P4EjobItPp0
© F5 Networks, Inc 32CONFIDENTIAL
SDN and NFV will help to…
© F5 Networks, Inc 33CONFIDENTIAL
Visit F5 Community to get more details!