Transcription

Network VirtualizationHappiest People . Happiest Customers

ContentsDocument Information Document Distribution List Version History2Introduction5Scope Purpose Executive Summary6Benefits of Network Functions VirtualizationCurrent market trends7Network virtualization services comparison Network Virtualization of WAN Benefit of WAN virtualization:8What are the hardware and software elements of network virtualization?What planning or upgrades may be needed for network virtualization?9Virtualization Scope11Our Services WAN Virtualization LAN Virtualization12Current and future market trend13References142 Happiest Minds Technologies. All Rights Reserved

IntroductionNetwork operators’ networks comprises of wide variety of hardware appliances. In a big and globally distributed network; thenetwork would comprise of multi-vendor equipment and variety of proprietary services offered by the vendor.Any change and/or extension in the existing network would involve cost and effort at multiple folds as below: Cost of hardware Cost of energy Skill Physical space for the placement of devicesWith the pace of invent of new technologies and current market demands it becomes necessary to upgrade the existingnetwork hardware at regular interval which includes replacement of the devices as well. On top of it there is no direct revenuebenefit of the new hardware purchases.In the current age of fast changing and internet connected world there is need for new ways of network services which shouldbe cost effective, frequent change prone, easy to configure and manageable.ScopeThis document has been produced to provide the information to explain the philosophy of network virtualization and servicesbeing offered by different vendors as per current market trends. The documentation is written as a reference guide for all theconcerned people from Happiest Minds.PurposeThe purpose of this document is to provide an overview of the network virtualization services that can be offered and thecurrent market offerings.Executive SummaryVirtualization technique is highly accepted and has a proven history of implementation in case of servers and other infrastructure domain. When it comes to network virtualization, it is basically the virtualization of different network resources. It isdefining a dummy hardware piece on top of a physical box that can work independently and provide its services independently.It is achieved by separating the control and data plane of the logically defined resource from that of the physical resource.3 Happiest Minds Technologies. All Rights Reserved

There is a related term to Network Virtualization which isSDN (Software Defined Networking). Since SDN is out ofscope so I would only give a brief of the relationshipbetween SDN and Network Virtualization.The relationship is that Network virtualization providesinfrastructure on top of which the SDN runs. HoweverCurrent market trendsNetwork virtualization is offered by several equipmentand software vendors through: ers. These are also known as network interface cardsboth are independent with each other.Network virtualization can be implemented in below areasNetwork hardware like switches and network adapt(NICs) Network components like Load balancers, Firewalls,but not limited to:Virtual LANs (VLANs) and containers such as virtual machines (VMs) Switching elements include Broadband Network Gate,routers and Carrier Grade Network Address Translation. Storage equipmentsMobile network nodes consist of HLR/HSS, MME, M2M elements such as telecommunications 4G HLRand SLR devicesGGSN/PDN-GW, Node B, eNode B,RNC SGSN. Functions in set top boxes and home routers create smart phones)virtualization in home environments. Tunnelling gateway elements such as IPsec/SSL VPNgateways. Traffic analysis in DPI, QoE measurement. Service Assurance, service level agreement monitoring,Test and Diagnostics. NGN signalling: SBCs, IMS. Converged and network-wide functions for authenticationauthorization accounting servers, chargingplatforms and policy control. Application-level optimization for load balancers, application accelerators, content delivery network andcache servers. Security functions in firewalls, virus scanners, intrusiondetection systems, spam protection.Benefits of Network FunctionsVirtualizationMobile elements (End users devices/equipments like Ethernet and Fibre Channel mediaOperators that can benefit fromvirtualization could be: Mobile/fixed network operatorsNetwork as a service providersVirtual mobile/fixed network operatorVirtual wholesalersExchange brokersResellersVirtual network providersResource providersNetwork virtualization servicescomparisonThere are 2 types of network virtualization services:External network virtualization:In this type of service Reduced equipment costs and reduced power consumptionmore than one local networks are used and broken down Better scalabilityinto virtual networks. Intent is to improve the performance, Running multiple environments on the same infrastruture.optimize and increase the efficiency of corporate data Geographical independencecenter network. Prime components of an external virtual Multi-tenancynetwork in a corporate data center are VLANs and Switch- Improved operational efficiency by taking advantage ofes.By implementing VLAN and switch technology, systemthe higher uniformity of the physical network platform.administrators can easily manage and configure systemsphysically attached to the same local network into differentvirtual networks. On the contrary, VLAN technologyempowers the system administrators to merge thesystems on separate local networks into a VLAN on bothsides of the segments of a large corporate network ordatacenter.4 Happiest Minds Technologies. All Rights Reserved

Internal network virtualization: As the name suggests inagement perspectives. This empowers networkinternal virtualization service, a single network system ismanagers with the capability of tracing a VLAN fromconfigured using network containers like Xen domain andserver-to-LAN-to-WAN–to-end user while correlating corethis is pooled with hypervisor control programs like VNIC.physical infrastructure for troubleshooting and capacityThis helps in creating “consolidated network boxes”. Inplanning. This can radically improve mean-time-to-isolatethis type of virtualization service there is improvedand tackle network performance and security issues.efficiency of a single system that is achieved by separat-Benefit of WAN virtualization:ing the applications to detached containers.Convergence:AdoptingInternal network virtualization:As the name suggests in internal virtualization service, asingle network system is configured using networkcontainers like Xen domain and this is pooled with hypervisor control programs like VNIC. This helps in creating“consolidated network boxes”. In this type of virtualizationservice these is improved efficiency of a single systemthat is achieved by separating the applications to detachedcontainers.Network Virtualization of WANCreate multiple virtual network "channels" on the samephysical network.Creating virtual channels and passing on each of theseindividual channels to individual applications. Thisenables organizations to make certain that every criticalapplication can be flawlessly transferred across thenetwork to ensure that new technology rollouts are notcausing any worsening of existing business services .Merge networks for better performance, bandwidth andnetworkvirtualizationdecrease the number of physical devices followed byreducing operations and improving ease of management.Improved Security:Virtualization security comprises ofthree prime aspects: Access control, Path seclusion, andservices edge management. Access control meansimplementing authentication and authorization across theenterprise data center. An example to this can be in theform of a Cisco TACACS or a RADIUS server thatsupports in determining the entity that may access aparticular VLAN. Path seclusion happens through MPLS,GRE and Virtual Routing and Forwarding (VRF) to segregate one stream of data from another over the WAN.Lastly, services edge management is used to segregatethe application environments and control the interface tostorage and computing. These functions are used toextend the contiguous security across the WAN in aconvenient manner.Planning or upgrades required for network virtualization: Robust deployment planningMerging several ISPs connections together. Bandwidth considerationsBenefit of WAN virtualization: Security considerations while creating multiple virtualmanagement.networks.Optimum network utilization and high availability: Primebenefit of network virtualization is optimization of networkutilization. This is achieved by sharing of physical network utilization. Besides this, high availability is thebenefit which is achieved by making supporting clustersappear as one device from a network management and Switching requirements for virtualization environment. CPU and memory considerations of switches/routersto handle the additional workloads in certain scenariostopology perspective. This further helps to simplify theWAN architecture and allied WAN management complexity. network appears as dedicated adjoining channels. This isMitigating SPOF or single points of failure and takingremedial action to ensure high availability.Improved Visibility:Using DCI and WAN virtualization,the data centerUpgrade considerations either to 1 or 10 GigabitEthernet.connectivity by multiple virtual networks, ensuring higher Need for virtualization friendly management tools thatcan manage end to end virtual networksvery crucial from policy, security and performance man5helps Happiest Minds Technologies. All Rights Reserved

Need for virtualization friendly management tools that can manage end to endvirtual networksTo virtualize an enterprise network, basic functionalblocks of the modular enterprise must be enhanced toprovide the following functionalities: Authentication and Authorization must be dynamicallydone for various user groups. Connectivity isolation to promise privacy within thegroups. Form precise and handy ingress and egress points atthe boundary of each Virtual network. Impose autonomous security policies on each groupat the network boundary Centralization of boundary security policies must beenforced on diverse Virtual networks by allowing: Secured collaboration mechanisms within groups Secured sharing of common resources Offer fundamental networking services toshared/dedicated groups. Offer autonomous routing domains and addressspaces to each groupThese functional areas provide a framework for the ture and with any existing hardware Transport virtualization Edge authorization Central services access (VN perimeter)Connect virtual networks with physical networksusing VTEP/L2 bridging Virtual Switching –distributed on each computenode Virtual Routing –distributed on each computenode, provide dynamic routing between virtualand physical networks MidoNet API –To integrate with any Cloud Management platform, and to program networks Virtual Load Balancer –Provides load balancer asa service Virtual Firewall –Provides firewall as a service VXLAN and GRE -Support for popular encapsulation protocols like VXLAN and GRE Layer 2 Gateway –bridges MidoNet logicalnetworks with physical VLAN enabled networks,offers VLAN tagging and translation virtualization of networks: Works with already configured networks infrastrucLayer 3 Gateway- ‐Distributed gateway to connect external networks using eBGPVirtualization ScopeOur ServicesSupport for multi-tenancy has become a core require-WAN Virtualizationment of data centres. Three key requirements needed tosupport multi-tenancy are: tenant's addressing schemes. less fall back provisions Address independence to ensure that one addressing scheme does not smash together with otherGlobal Load Balancers – Provides the edge tomanage the traffic intelligently and has seamIsolating traffic, to ensure that tenant's traffic is notvisible to any other tenant WAN Accelerators – To optimize WAN link utilizationand enhance the application response time VRF Aware Protocols – Helps in managing WAN andovercomes there-usage limitation of IP addressSupporting the placement and migration of VMsspaces. It also provides the extra security and helpswithin the data center by overcoming traditional DCin implementing VRF based solutions like VPNnetwork constraints like IP subnet boundaries etc. GRE, DMVPN and MPLS services – MPLS, MGRE Rapid provisioning of virtual networksand GRE based solution helps in segmenting the End to end management of virtual networks that istraffic and allow multiple sharing of a single bandfree of the underlying physical networkwidth by different business units. Overcome limitations of physical networks, including VLAN limitations, by creating isolated andoverlapping address spaces Distributed architecture provides scalability, resiliency and avoids single points of failure6 Happiest Minds Technologies. All Rights Reserved

LAN VirtualizationSub-Areas Access control to recognize and classify legitimate Switching and Routingusers & devices and authorize them to enter Securityassigned portions of the network Multi-TenancyPath isolation to map validated users or devices to High Availability L2-L4 network services L2-L3 Gateway service the correct set of available resources. The VLANs,Private VLANS, GRE, VRF Lite and MPLSVPN are some of our techniques used for LANVirtualization Services edge to provide access to services for alegitimate set of user and devices by using centralized policy enforcement.Current and future market trend 45,000Western Europe 50,000North America 250,00 200,00Middle East & Africa 150,00Latin & CentralAmericaEastern Europe 100,00 5,0002020192018201720162015202014Asia PacificSDN & NFV Induced Service Provider CapEx Saving Potential by Region: 2014-2050 ( -248402321.html7 Happiest Minds Technologies. All Rights Reserved

About the Author11 years of IT experience, including 3 years in Data center planning and implementation and 2 years in wireless planning and implementation. He has workedin multivendor environment including Cisco, Aruba, HP, Nortel, F5, Watchguard,Fortigate and others. He has also worked in Open source technologies andproviding solutions based upon them. Key past project includes: Data centerplanning for one of the client at Malaysia having multiple sites geographicallyKapil Chaturvedidistributed across the globe, NOC planning and new project implementation forStandard Chartered bank, Wireless implementation for Aruba Networks Inc.About Happiest MindsHappiest Minds, the Mindful IT Company, applies agile methodologies to enable digital transformation for enterprises andtechnology providers by delivering seamless customer experience, business efficiency and actionable insights. We leveragea spectrum of disruptive technologies such as: Big Data Analytics, AI & Cognitive Computing, Internet of Things, Cloud,Security, SDN-NFV, RPA, Blockchain, etc. Positioned as “Born Digital . Born Agile”, our capabilities spans across productengineering, digital business solutions, infrastructure management and security services. We deliver these services acrossindustry sectors such as retail, consumer packaged goods, edutech, e-commerce, banking, insurance, hi-tech, engineeringR&D, manufacturing, automotive and travel/transportation/hospitality.Headquartered in Bangalore, India; Happiest Minds has operations in USA, UK, The Netherlands, Australia and Middle East. Happiest Minds. All Rights Reserved. BusinessContact: [email protected] Visit us:www.happiestminds.comFollow us onThis document is an exclusive property of Happiest Minds Technologies.6 Happiest Minds Technologies. All Rights Reserved

Network virtualization services comparison There are 2 types of network virtualization services: External network virtualization: In this type of service more than one local networks are used and broken down into virtual networks. Intent is to improve the performance, optimize and increase the effi