f5 perspective of nfv+sdn (sdn nfv day itb 2016)

CONFIDENTIAL

SDN ≠ NFV

Kurniawan Darmanto

[email protected]

Bandung, March 21st, 2016

mailto:[email protected]

© F5 Networks, Inc 2CONFIDENTIAL

SDN versus NFV

SDN• Separate control plane from data

plane in forwarding elements

• API-driven forwarding rules in data plane

• Initiated by Enterprise Sector

• Focused on L2-L4 forwarding

NFV• Porting control & forwarding plane

network functions to COTS HW

• Dynamic provisioning and orchestration of network functions

• Initiated by Telco / SP Sector

• Focused on entire OSI stack: L2-L7

SDNSoftware-Defined Networking


What is SDN?


• Separation of control and forwarding functions

• Centralization of control

• Ability to program the behavior of the network using well-defined interfaces

• Better way to connect and control the explosion of virtual machines in the data center

What SDN does for me?


Why SDN exists?Challenges

Configure firewall rules as

required by the application

Configure Network to insert Firewall

Configure firewall

network parameters

Configure Load Balancer as

required by the application

Configure Load Balancer

Network Parameters

Configure Router to steer traffic

to/from Load Balancer

Service insertion takes days

Network configuration is time consuming and error prone

Difficult to track configuration on services

Service Insertion In traditional Networks

Server

vFW

Switch

Router

FW

Router

LB


API

Market drivers:

• OpEx reduction by automation and centralization

• Rapid new application service introduction

• Network to provide what application service needs

• Reduction of Complexity and Cost for Network Infra

SDN ArchitectureOpen Networking Foundation / OpenFlow

Source: Software-Defined Network Architecture, ONF White Paper, April 13, 2012

Application layer

Application layer

Control layerSDNControlSoftware Network Services

API API

Control Data Plane interface (e.g., OpenFlow)

Infrastructure layer

Network Device Network Device Network Device

Network Device Network Device


No. F5 connects to those SDN vendors, such as:

• Cisco ACI

• VMware NSX

• Many more…

F5 approach is focus on application services (L4-L7). It’s called SDAS.

Does F5 have SDN solution?


Control

Plane

Data

PlaneSo

ftw

are

-De

fin

ed

Da

ta C

en

ter

SDDC Orchestrator

SDN Controller

SDN Applications

LAYER 2-4

Stateless Fabric

Applications

NVGREVXLAN

Service Chaining

Virtual & Overlay Networks

L4-7 Stateful Services ???

OPEN

APIs

Architect / Lines of Business


Applications Rely on Stateful Layer 4-7 Services

Router Switch

LAYER 2-4STATELESSSERVICES

LAYER 4-7STATEFULSERVICES

FirewallIdentity and Access

DDoSProtection

Global Load Balancing

Malware

Detection

ADC Application Security

Local LoadBalancing

Application Performance

Secure Web

Gateway

VIRTUAL AND OVERLAY NETWORKING


SDN (L1-L3) + SDAS (L4-L7) = SDDC

Control

Plane

Data

PlaneSo

ftw

are

-De

fin

ed

Da

ta C

en

ter

BIG-IQ

Security™

BIG-IQ

Cloud™

BIG-IQ

Device™

BIG-IQ

(SDAS Controller)

SDDC Orchestrator

SDN Controller

SDN Applications

LAYER 2-4

Stateless Fabric

F5 L4-7 SDAS Stateful Fabric

Applications

NVGREVXLAN

Service Chaining

iApps

OPEN

APIs

Architect / Lines of Business


Use Case: F5 + CISCO APIC/ACI Integration

ACI Fabric Virtual Edition Appliance Chassis

BIG-IQ Device

Package

Device Package

F5 Device Package Release Deployment Model

BIG-IQ Integration with Cisco ACI

1

2

4a

BIG-IQ integration with APIC

1 - BIG-IP expose iApps to BIG-IQ

2 - BIG-IQ create custom device package

3 - Admin import BIG-IQ device package to APIC

4a - APIC sends iApp config to BIG-IQ -> BIG-IP

4b - APIC sends Device config to BIG-IP

BIG-IP integration with APIC

1 - Download device package from F5

2 - Admin import device package to APIC

3 - APIC sends config to BIG-IP directly

downloads.f5.com

3

32

4b

1

F5

Syn

the

sis

Fa

bric

Device Package

F5 Configuration{'state': 1, 'transaction': 0,

'ackedState': 0, 'value': {(5,

'DestinationNetmask',

'Netmask1'): {'state': 1,

'transaction': 0,

'ackedState': 0, 'value':

'255.255.255.255'}, (5,

'DestinationPort', 'port1'):

{'state': 1, 'transaction': 0,

'ackedState': 0, 'value': '80'

BIG-IQ Device

PackageF5 iApps Config{'state': 1, 'transaction': 0,




'transaction': 0,


'255.255.255.255'}, (5,




F5 Device Config{'state': 1, 'transaction': 0,




'transaction': 0,


'255.255.255.255'}, (5,





Use Case: F5 + VMware NSX Integration

NSX Manager

NSX Management

GenericPlatform

iApps

NSXEdge

NSXvSwitch

User

GenericPlatform

Admin

Cloud Management & Orchestration

Cloud Management & Orchestration

Application Services

BIG-IPPlatform

Deploying L3–L7 Services

ApplicationWorkloads

BIG-IQ Cloud and BIG-IQ Device

BIG-IP Local Traffic Manager

Simplified Business Models

• Operational agility at the network services (Application Delivery Networking [ADN]) layer

• Operational agility for application-specific services for acceleration, availability, and security (a rich Layer 7 protocol)

• Delivering a consistent consumer experience without consuming IT resources better spent on strategic projects

Network Functions Virtualization

NFVNo Functional Value


What is NFV?


NFV Market Drivers

© F5 Networks, Inc

• 68% consider NFV very important/essential in 2018 – 2020

• 58% of WW SPs are committed to implementing either SDN, NFV or both

82%

Increased Operational Efficiency

77%

Implementing NFVto accelerate revenue

55%

Realized new servicesthat were not possible with current technologies

55%

Scaling services up or down quickly

AutomationRevenue GenerationNetwork EfficiencyService Agility

Statistics provided by Infonetics Research and Heavy Reading


• Software/Functions will be totally decoupled from Hardware

• Reduce CapEx: allowing network functions to run on off-the-shelf hardware.

• Reduce OpEX: supporting automation and algorithm control through increased programmability of network elements to make it simple to design, deploy, manage and scale networks.

• Deliver Agility and Flexibility: helping organizations rapidly deploy new applications, services and infrastructure to quickly meet their changing requirements.

• Enable Innovation: enabling organizations to create new types of applications, services and business models.

What Problem NFV tries to Solve?


The Pillars of NFVMore than just virtualizing a network function

Virtualization

• Virtual network functions

(VNFs/VMs)

• Multi-tenancy

• High performance

• Comprehensive

hypervisor support

Abstraction

• Service and network

abstraction

• Configuration templates

• On demand resourcing

Programmability

• Data, control, and

management planes

• Open and production-

deployed APIs

• Developer-friendly

RESTful APIs

• Large dev community and

ecosystem

Orchestration

• Unified multi-vendor,

multi-service ecosystem

• Integration with major

vendors like VMware, HP,

OpenStack, ALU, CISCO

• Policy-driven flows and

steering

SDN + SDAS = SDDC


• ETSI NFV: F5 is a participant, that follows developments and attend meetings. F5 also have representatives in the IETF meetings that refer to NFV technologies.

• OPNFV: F5 currently studying membership/contribution options.

• OpenStack: F5 participates with Corporate Sponsor status

• ONF: F5 is a member

• IETF: F5 Working on the definition of SCF with NSH metadata

• Mobile World Congress: F5 participates in NFV demo/POC since 2014

F5 involvement with NFV


• Supports all major Hypervisors (e.g. VMware, KVM, Hyper-V, etc)

• Standard APIs and REST APIs

• Use ETSI NFV, IETF, OpenStack Forum, Open Networking Foundation and other NFV/SDN standards

• Supports leading orchestration solutions:

• HP NFV Director

• Cisco NSO

• Nokia / ALU Cloudband

• OpenStack

• Puppet

• Many more…

Does F5 ready to be integrated with NFV?

VNF-M

NFV-O

VIM

VNFs

ETSI

VIM

VNFs

NSONetwork Service

Lifecycle Manager

ESCVirtual Service

Lifecycle Manager

OpenstackVirtualized

Infrastructure Manager

AFMFirewall

F5

LTMLoad

Balancer

F5

APMPolicy

Manager

F5

Network Service Orchestrator

Fulfillment & Assurance

VNF

Adapter

VNF Manager

(Embedded)

Global Resource Orchestrator

VIM Adapter

(Openstack)

AFMFirewall

F5

LTMLoad

Balance

r

F5

APMPolicy

Manager

F5

HP NFV Director

CLOUDBANDORCHESTRATOR

(NFV ORCHETSRATOR)

CPAAS LCM (VNF MANAGER)

Virtualised

InfrastructureManag

er(s)

VIM

ALU Cloundband

Management

System

VNF Modeling (TOSCA)

(Device, VNFV &

Infrastructure

Description)

AFMFirewall

F5

LTMLoad

Balanc

er

F5

APMPolicy

Manager

F5

ALU/Cloudband – F5 Integration HP NFV Director – F5 Integration Cisco NSO – F5 Integration

F5 Networks 2015 PROPRIETARY & CONFIDENTIAL

Adding F5 to the NFV Partner Architecture


• Deployment Guide

• https://support.f5.com/kb/en-us/products/big-iq-cloud/manuals/product/bigiq-lbaas-openstack-plugin-setup-4-4-0.html

• Version Compatibility

• OpenStack： Grizzly/Havana

• BIG-IP VE： 11.3+ in OpenStack

• BIG-IQ Cloud: 4.4.0,4.5.0

• Features

• You need to provision BIG-IP VEon OpenStack Environment

• Uses new iControl REST API

F5 Integration with OpenStack (Official Ed.)

https://support.f5.com/kb/en-us/products/big-iq-cloud/manuals/product/bigiq-lbaas-openstack-plugin-setup-4-4-0.html


F5 Service Aligns with “NFV” Approach

Os-Ma

Se-MaService, VNF, and

Infrastructure Description

NFV Managementand Orchestration

VirtualComputing Hardware

VirtualStorage Hardware

Virtual Network Hardware

Ve-Vnfm

Vn-Nf

Nf-Vi

Or-Vi

VirtualInfrastructure

Manager

NFVI

Virtualization Layer

Computing Hardware

Storage Hardware

Network Hardware

OSS/BSS

Or-Vnfm

BIG-IP Virtual Edition

BIG-IQ

BIG-IQ


Use Cases: Being Deployed by Service Providers

© F5 Networks, Inc

81%

77%

68%

64%

55%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

SERVICE

CHAINING

VIRTUAL IMS

VIRTUAL EPC

VIRTUAL CPE

VIRTUAL GI-LAN

Top NFV Use Cases

Statistics provided by Infonetics


Key Benefits:

• Self-Provisioned by Enterprise customers in need of services to support Enterprise IT

• Purchase Network services that are easy to provision, scale, and rapidly deploy

Deploy Virtual Firewall / Create Business Rules

to allow only DNS traffic to pass

vFW

Deploy Virtual Load Balancer & update with Virtual Pool

Members

vLB

Deploy Virtual DNS pools

vDNS

WAN

Scalable DNSaaS

Auto Deploy \ Heal

Fully Automated Deploy \ Heal \ Scale

Out \ Scale In

LBaaSFWaaS

Management & Network

Orchestration

Case Study: Orchestrated Scaled DNS Service Use Case

SDN + NFV


Today


NFV


NFV & SDN


F5 Well Positioned for NFV & SDN

• ADC Market Leader• Accelerated Insertion of SP Security• PEM gaining traction• Big VE throughput Higher Scalability• Well Placed for Hybrid Networks• New Licensing/Business Models

RICH PRODUCT PORTFOLIO

• BIG-IQ Enhancements• Openstack plugin support• Customizable plugins for 3rd party

MANAGEMENT & ORCHESTRATION

• ALU/Cloudband – ecosystem partner• Cisco – APIC/ACI & NSO POCs• HP – active collaboration• Openstack – significant progress• VMware – active collaboration

ESTABLISHED/GROWING ALLIANCES

• ALU/Nuage Integration• Cisco ACI/APIC Integration• SDAS Positioning gaining traction • Strong SDDC portfolio• VMware Integration

STRONG SDN STORY


Good to watch https://www.youtube.com/watch?v=P4EjobItPp0


SDN and NFV will help to…


Visit F5 Community to get more details!

f5 perspective of nfv+sdn (sdn nfv day itb 2016)

Technology