Contents Barriers to Network Functions Virtualization Technology Adoption 3 NFV Benefits and Adoption Challenges 3 Cisco NFV Platform Software: Cisco

Similar documents
Network Function Virtualization Using Data Plane Developer s Kit

and public cloud infrastructure, including Amazon Web Services (AWS) and AWS GovCloud, Microsoft Azure and Azure Government Cloud.

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

TALK THUNDER SOFTWARE FOR BARE METAL HIGH-PERFORMANCE SOFTWARE FOR THE MODERN DATA CENTER WITH A10 DATASHEET YOUR CHOICE OF HARDWARE

Cisco Unified Computing System Delivering on Cisco's Unified Computing Vision

Introduction to Cisco and Intel NFV Quick Start

Intel Network Builders Solution Brief. Etisalat* and Intel Virtualizing the Internet. Flexibility

Cisco Hosted Collaboration Solution (HCS)

Cisco CloudCenter Solution Use Case: Application Migration and Management

Network Edge Innovation With Virtual Routing

OPTIMIZE. MONETIZE. SECURE. Agile, scalable network solutions for service providers.

WHITE PAPER. Applying Software-Defined Security to the Branch Office

is also based on Citrix NetScaler support for the Cisco Nexus 1110-S Virtual Services Appliance and related Cisco vpath traffic-steering technology.

Drive Greater Value from Your Cisco Deployment with Radware Solutions

VMWARE AND NETROUNDS ACTIVE ASSURANCE SOLUTION FOR COMMUNICATIONS SERVICE PROVIDERS

NFV Infrastructure for Media Data Center Applications

Virtualization of Customer Premises Equipment (vcpe)

Extreme Networks Session Director

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

A10 HARMONY CONTROLLER

Virtualizing Managed Business Services for SoHo/SME Leveraging SDN/NFV and vcpe

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Cisco Start. IT solutions designed to propel your business

Pradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc.

Cisco HyperFlex HX220c Edge M5

Transforming the Cisco WAN with Network Intelligence

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

Oracle Communications Session Router

Sichere Applikations- dienste

Enterprise Cloud Computing. Eddie Toh Platform Marketing Manager, APAC Data Centre Group Cisco Summit 2010, Kuala Lumpur

Pulse Secure Application Delivery

TRANSFORM YOUR NETWORK

Mitigating Branch Office Risks with SD-WAN

Enabling Efficient and Scalable Zero-Trust Security

Oracle Solaris 11: No-Compromise Virtualization

Intel Select Solution for ucpe

The Next Opportunity in the Data Centre

COMPUTING. Centellis Virtualization Platform An open hardware and software platform for implementing virtualized applications

Cisco Virtual Managed Services

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

Cisco HyperFlex HX220c M4 and HX220c M4 All Flash Nodes

Enterprise Network Compute System (ENCS)

Solutions Guide. F5 solutions for the emerging 5G landscape

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Why Converged Infrastructure?

Phil Dredger Global Lead Network Services Cloud Platform and ITO DXC. Presentation title here edit on Slide Master

F5 Synthesis Information Session. April, 2014

Achieve Low Latency NFV with Openstack*

Cisco Virtualized Infrastructure Manager

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

Services solutions for Managed Service Providers (MSPs)

2 to 4 Intel Xeon Processor E v3 Family CPUs. Up to 12 SFF Disk Drives for Appliance Model. Up to 6 TB of Main Memory (with GB LRDIMMs)

Total Cost of Ownership Analysis for a Wireless Access Gateway

Migrating Session Border Controllers to the Cloud

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Benefits of SD-WAN to the Distributed Enterprise

Vodafone keynote. How smart networks are changing the corporate WAN. Peter Terry Brown Director of Connectivity & UC.

Elevate the Branch-Office Experience with an Application-Centric Platform

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

Red Hat OpenStack Platform 13

Intel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances

Oracle Communications Diameter Signaling Router

Cisco UCS Virtual Interface Card 1225

NEC Virtualized Evolved Packet Core vepc

Advanced threats. "Software defined" everything. Internet of Things. SDDC/Cloud. HTTP is the new TCP. Mobile. F5 Networks, Inc 2

Cisco 4000 Series Integrated Services Routers: Architecture for Branch-Office Agility

ETSI FUTURE Network SDN and NFV for Carriers MP Odini HP CMS CT Office April 2013

OpenStack Networking: Where to Next?

Cisco HyperFlex HX220c M4 and HX220c M4 All Flash Nodes

Seven Criteria for a Sound Investment in WAN Optimization

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

F5 Reference Architecture for Cisco ACI

Networks

Cisco Cloud Application Centric Infrastructure

Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13

Automate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure

INVESTOR PRESENTATION

Cisco HyperFlex HX220c M4 Node

Reconstruct to re-energize

How Smart Networks are changing the Corporate WAN

Cisco UCS Virtual Interface Card 1227

Creating new data freedom with the Shared Data Layer

DEPLOYING NFV: BEST PRACTICES

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Accelerate Your Enterprise Private Cloud Initiative

Overview of the Juniper Networks Mobile Cloud Architecture

Digital Network Architecture

Cisco Firepower with Radware DDoS Mitigation

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

End to End SLA for Enterprise Multi-Tenant Applications

Cavium FastLinQ 25GbE Intelligent Ethernet Adapters vs. Mellanox Adapters

Cisco Nexus 1000V Switch for Microsoft Hyper-V

Innovative Solutions. Trusted Performance. Intelligently Engineered. Comparison of SD WAN Solutions. Technology Brief

Securing Your Microsoft Azure Virtual Networks

Cisco SD-WAN and DNA-C

NFV and SDN what does it mean to enterprises?

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Survey of ETSI NFV standardization documents BY ABHISHEK GUPTA FRIDAY GROUP MEETING FEBRUARY 26, 2016

Vendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo

Cisco HyperFlex and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments

Transcription:

White Paper Simplify NFV Deployment for Service Providers and Enterprises in the Data Center and Hybrid Cloud Cisco,, and Radware Collaborate to Accelerate the Adoption of High-Performance NFV Contributors Travis Volk, Technical VP of Sales Development, travis.volk@radware.com Ilango Ganga, PE, Standards and Strategic Initiatives, Ilango.s.ganga@intel.com Jalal Sadreameli, Market Development Manager, jalal.e.sadreameli@intel.com Ken Hook, Technical Marketing Engineer, khook@cisco.com Gunnar Anderson, Product Line Manager, guanders@cisco.com Jim French, Distinguished Systems Engineer, jifrench@cisco.com

Contents Barriers to Network Functions Virtualization Technology Adoption 3 NFV Benefits and Adoption Challenges 3 Cisco NFV Platform Software: Cisco Cloud Services Platform 2100 4 Architecture, Software, and Hardware 5 Radware VNF Fueled by Cisco and 5 Radware Network Functions Virtualization 5 Radware Attack-Mitigation Solution 6 Radware NFV Solution Use Cases 7 Use Case 1: Virtual Customer Premises Equipment 7 Use Case 2: Mobile Data Center 7 Use Case 3: Software-Defined Networking 8 Conclusion 8 For More Information 8 2

Barriers to Network Functions Virtualization Technology Adoption For today s service providers and enterprises, bandwidth demands continue to increase and evolve. The introduction of Internet of Things (IoT) solutions, such as smart homes, smart cities, connected cars, and connected medical devices, is forcing organizations to change existing business models and to build more cost-effective networks. In addition to reduced capital expenditures (CapEx) and operating expenses (OpEx) for basic connectivity services, service providers and enterprises are seeking unique technology values that will distinguish their offerings from those of competing service providers and over-the-top (OTT) solution vendors. Fast service introduction, agility, scalability, security, and low-latency access serve as the main differentiators of OTT content and the content offered by application providers. Network functions virtualization (NFV) technologies are designed to meet this challenge and make better use of an organization s network investments. They can provide the tools to effectively grow complex network and server environments to meet business, application, and subscriber needs, while better matching revenue through smart utilization of the network. NFV Benefits and Adoption Challenges The goal of NFV technology is to alleviate some of the challenges of the modern network using the following means: NFV is designed to use x86 hardware, which allows more efficient use of capital than dedicated purpose-built hardware appliances. Significant cost reductions can be achieved through the following: -- Hardware sharing and repurposing -- Fast packet-processing algorithm for x86 servers based on the Data Plane Development Kit (DPDK) -- Single-Root I/O Virtualization (SR-IOV) and pass-through technologies, which increase hardware performance -- Hosting network functions, known as virtualized network functions (VNFs) Software-based NFV deployments alongside real-time software-defined networking (SDN) programming results in rapid service introduction and improved operation efficiency. As NFV enables the decoupling of network functions from their physical location, services can be placed at the most cost-effective locations. Also made possible are multisite application availability, scalability, cloud bursting, and real-time deployment. Operation cost reductions can be achieved through end-to-end service lifecycle management, resulting from common automation and operating procedures. Open and standardized interfaces between virtualized network functions and the infrastructure enable service providers and enterprises to avoid vendor lock-in. Each service provider or enterprise can select its own best-in-class options and run in a multi-vendor environment. Despite the many advantages of NFV, service providers and enterprises are still concerned that NFV technology is not mature enough to provide robust performance and service assurance. Furthermore, the distributed multi-site and multicloud application enablement that NFV offers introduces massive security challenges. Security policies should be enforced in an environment without a perimeter. 3

Cisco NFV Platform Software: Cisco Cloud Services Platform 2100 Cisco Cloud Services Platform (CSP) 2100 (Figure 1) is a turn-key NFV and Open x86 Linux Kernel-based Virtual Machine (KVM) software platform for both service provider and enterprise environments. The CSP 2100 is a platform without all the complexities and overhead that come with Openstack deployments. You can start with ONLY one host, then add additional hosts as needed to scale-out. The CSP 2100 bridges network, server, and security teams by offering several ways to manage and operate the platform. You can manage the platform using a GUI, command-line interface (CLI), representational state transfer (REST) API, and/or Network Configuration Protocol (NETCONF) using Cisco Network Services Orchestrator (NSO). The orchestrator has been used predominantly in service provider environments, but it is now increasingly being used in enterprise environments. Figure 1. Cisco CSP 2100 High-Level Architecture Cisco NSO/tail-f REST GUI NetConf CLI API CSR XRv 9000 ASAv Radware Alteon Radware Defense Pro NSO CSP Software, ConfD, KVM, OVS, DPDK, PCIe PT & SR-IOV UCS C-series 1RU/2RU rack servers, 1G, 10G & 40G NICs The platform enables users to quickly deploy any Cisco or third-party network VNF that supports the KVM hypervisor. The CSP 2100 NFV platform is shipping today with the CSP software running on Cisco UCS C-Series Rack Servers for 1 and 2 rack units (1RU and 2RU). The CSP 2100 is designed for a variety of use cases in the cloud, data center, point-of-presence (POP), central office (CO), co-location (COLO), carrier-neutral facility (CNF), WAN aggregation, DMZ and extranet, core network, and server farm environments. Figure 2 shows the Dashboard within the GUI. A simple 2-node cluster is displayed with one VNF running on csp1. 4

Figure 2. Cisco CSP 2100 GUI Showing a Simple 2-Node Cluster Architecture, Software, and Hardware The Xeon E5-2600 v3 product family offers the following innovative features in the 22-nanometer (nm) process technology node: Accelerated boot and runtime security with little overhead and faster encryption Technologies targeting virtual machine integrity improvement during migration and runtime Asynchronous dynamic random access memory (DRAM) refresh for memory data protection Comprehensive reliability, availability, and serviceability (RAS) features optimized for demanding communications infrastructure needs The Ethernet Controller delivers a variety of features, including: Software-configurable Ethernet port speed for up to two 40 Gigabit Ethernet or up to four 10 Gigabit Ethernet connectivity Network virtualization overlay stateless offloads for Generic Network Virtualization Encapsulation (Geneve), Virtual Extensible LAN (VXLAN), and Network Virtualization Using Generic Routing Encapsulation (NVGRE) protocols ligent load balancing for high-performance traffic flows of virtual machines DPDK optimized for efficient packet processing to support NFV DPDK offers the following features: A set of optimized software libraries and drivers that can be used to accelerate packet processing on architecture Support for buffer management, queue and ring functions, flow classifications, network interface cards (NICs), poll mode drivers (PMDs), and an environmental abstraction layer (EAL) Radware VNF Fueled by Cisco and Radware offers NFV and attack-mitigation solutions fueled by Cisco and technologies. Radware Network Functions Virtualization The Radware Alteon and DefensePro virtual appliances decouple network functions from dedicated underlying hardware, allowing nextgeneration services on the CSP 2100 (Figure 3). Delivering a scalable, ultra-high capacity of up to 225 Gbps per instance (Layer 4) and up to 1 Tbps per cluster, the Alteon virtual appliance for NFV: 5

Reduces total cost of ownership (TCO) Simplifies network Xeon processor E5-2699 v3 2.30-GHz 145W CPU with 18-core 45-MB cache and DDR4 at 2133 MHz and Xeon processor E3-2600 v3 CPU (two processors) services deployment Enables capacity elasticity through a simple license upgrade Automates service lifecycle management A total of 225 Gbps was achieved on a CSP 2100 2RU form-factor solution, which included the following: CSP 2100 Software running on a 2RU Cisco UCS C240 M4 Rack Server Note: Broadwell processors were not available when testing started, but they will be available in Q3CY16 on the CSP 2100. Dual-port 40-Gbps Quad Enhanced Small Form-Factor Pluggable (QSFP+) Ethernet Controller NICs (six cards total) Radware Alteon virtual appliance for NFV Figure 3. Radware VNF Fueled by Cisco and Cisco CSP 2100 Radware VNF Alteon VA for NFV Application DPDK Linux/KVM The Alteon and DefensePro VNFs provide highly efficient resource utilization on open-source hypervisors by redesigning the virtualization approach to incorporate new technologies that increase overall performance: They bypass the hypervisor s virtual switch, providing direct and the fast access to the physical NICs of the server based on the PCIe passthrough which is available on the Niantic ( 82599 10-Gbps Ethernet controller) and Fortville ( Ethernet Controller ) NICs. They use a fast-packet-processing algorithm for x86 server-based platforms such as the CSP 2100, which is based on the DPDK code. They use the non-uniform memory access (NUMA) topology of the host server, which enables the VNF to optimize its performance to the underlying server configuration. These capabilities enable the Alteon virtual appliance for NFV to reach the industry s best performance of up to 225 Gbps on the CSP 2100. Radware Attack-Mitigation Solution The Radware Attack Mitigation Solution (AMS) is a multi-layered security architecture that is well suited for service providers, including carriers and cloud providers. It is based on these main pillars: robust data collection, anomaly detection, attack mitigation, service automation, and attack lifecycle management. AMS is a hybrid solution offering multi-vector attack detection and mitigation. It combines always-on, on-demand, and cloud peak protection service layers to help guarantee availability in an evolving threat landscape. 6

AMS provides zero-day network-to-application protection, malware propagation protection, and intrusion defense with the most complete distributed denial-of-service (DDoS) solution on the market. Radware offers unique behavioral capabilities for detecting and generating adaptive real-time signatures with encrypted attack support. A web application firewall is integrated through signaling, combining expression protection with the performance of volumetric mitigation. End-toend visibility and reporting allows service providers to monetize tailored service through a multitenant managed services service provider (MSSP) portal. Radware partners with service providers to help guarantee mitigation support with an emergency response team (ERT) dedicated to defending customers from attack. Radware NFV Solution Use Cases Radware NFV solutions are compatible with cloud, carrier, and enterprise application and service delivery environments. Table 1 lists well-defined use cases for integrating a Radware VNF solution with CSP 2100 running on processors and NICs. Table 1. Radware NFV Use Cases VNF Use Case LB Acceleration H2GW, TCPO SSL Inspect IP Reputation URL Filtering Defense SSL vdp Detector vdp Mitigation WAF vcpe Mobile DC: DNS, IMP, Billing, VAS, Portals SDDC Use Case 1: Virtual Customer Premises Equipment End-to-end Virtual customer premises equipment (vcpe) is designed to help service providers save expenses incurred while operating and managing network functions such as routing, firewall, application delivery controller (ADC), DDoS protection, intrusion prevention system (IPS), WAN optimization, access control, and web application firewall (WAF) services. The cost savings are achieved by deploying existing CPE functions in POPs running on software and hardware platforms such as the CSP 2100, which elastically manages capacity based on subscription. MSSP Radware introduces best-in-class vcpe cybersecurity, traffic acceleration, and content delivery functions, exceeding customer requirements while accelerating service agility. Always-on multitenant network and application DDoS services offer any combination of: Encrypted attack protection Multitiered web application firewall services Web acceleration, HTTP 2.0 Gateway (H2GW), SSL inspection, URL filtering, etc. health monitoring that helps ensure service continuity and origin-based high availability portal available for white labeling to promote downstream channels Use Case 2: Mobile Data Center Voice over long-term evolution (VoLTE) service, based on virtual IP multimedia subsystem (vims) infrastructure, offers operators huge cost savings and operational benefits. It eliminates the need to have voice and data on separate networks, and it can unlock new revenue potential with rich communication services (RCS) multimedia services such as VoLTE. As VoLTE becomes more attractive, service providers are looking for advanced scalability solutions. Along with its benefits, VoLTE does introduce many security risks because it is based on IMS technology. vims introduces the potential for application DDoS attacks targeting control-plane elements, such as Session Initiation Protocol (SIP) application servers (IMS infrastructure), and data-plane elements, such as session border controllers (SBC) and IMS proxies (P-CSCF). 7

The Radware vims solution is equipped to provide scalability plus protection against SIP scans, SIP application DDoS attacks, brute-force and pre-attack activities, and SIP anomalies. Control-plane network components are considered mission critical. Radware control-plane solutions provide high availability, scalability, resiliency, and application protection for control-plane protocols, including Domain Name Service (DNS), RADIUS, DIAMETER, Dynamic Host Configuration Protocol (DHCP), and syslog. Radware also provides the best response time in the industry because the company understands that delays in control-plane traffic have a direct, negative impact on users quality of experience (QoE). Transparent traffic handling within SGi-LAN zones include header enrichment, packet normalization, real-time policy updates, and advanced TCP acceleration for effective spectral efficiency. Radware offers elasticity and high availability for value-added proxies, gateways, and other high-speed session brokers to increase the resilience and utilization of highly distributed resources. The capability to combine application delivery, performance acceleration, and security across a broad range of elements in a consistent manner offers element consolidation and efficiency. Use Case 3: Software-Defined Networking Enterprises and cloud providers are gradually shifting to SDN. Radware provides compelling solutions that transparently integrate its ADC and cybersecurity product portfolio into such environments, allowing customers to capitalize on their investments. Radware s SDN and NFV-based solutions allow customers complete elasticity in deploying their ADC and security services throughout the network on the Cisco CSP 2100. Customers can now deploy and redeploy ADC and security services across their entire network in hours, regardless of the desired location of those solutions. With Radware s Alteon NFV and virtual DefensePro (vdp) solutions, network operators can now quickly deploy high-throughput services wherever required across their network. The joint venture among Cisco,, and Radware frees expensive IT resources for innovation. Radware s SDN-integrated solutions are focused on simplifying and abstracting the deployment, management, and monitoring of ADC and security solutions, thus requiring less of IT and networking personnel. ADC and security professionals are now able to explore and experiment. At the same time, simplified implementation of network services, including complex, multi-appliance services, reduces the cost of implementation. Conclusion Radware s SDN and NFV solutions broaden an organization s ability to introduce new network services that previously had been either too costly to deploy or impossible to implement. High-scale network services use NFV-compliant ADC and security components, which can perform and scale to match the performance of a high-end hardware device. products offer open architecture in a secure, low-latency, virtualized, and scalable environment to optimize Cisco and Radware software. The Cisco CSP 2100 NFV platform software for the Cisco Unified Computing System (Cisco UCS) provides both service providers and enterprises a turn-key solution that they can use to begin benefiting from NFV starting today. For More Information For additional information, see: http://www.cisco.com/go/csp https://dcloud-cms.cisco.com/?p=23376 https://networkbuilders.intel.com/ http://www.radware.com/products/ Alteon-VA-NFV-Resources/ For questions and comments, contact CSP-2100@cisco.com. 2016 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) 2016 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners. Copyright Corporation, 2016. All rights reserved. * Other names and brands may be claimed as the property of others. C11-737457-00 06/16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback