DESIGNING VALUE ADDED SERVICES IN WIRELINE NETWORKS. Norbert Wicker, EMEA Advanced Technology Specialist 8 th September PDF Free Download

DESIGNING VALUE ADDED SERVICES IN WIRELINE NETWORKS Norbert Wicker, EMEA Advanced Technology Specialist 8 th September 2012

SERVICE DELIVERY GATEWAY AN INTEGRATED SERVICE PLATFORM WIRELESS Mobile Core GGSN / PGW SDG WIRELINE / CABLE EQAM CMTS L2 Aggregation SDG Core IP/Internet DSLAM BNG SDG WIRELINE / DSL 3 Copyright 2012 Juniper Networks, Inc. www.juniper.net

JUNIPER S SERVICES SOLUTIONS MX 3D SERIES AS THE IDEAL SDG PLATFORM Rich routing functionality Rich L2 features Rich services portfolio Subscriber Awareness for Services Increase subscriber stickiness and lowers churn Common Service/Subscriber Policy Flexible hardware Services on service cards, service MICs, and inline on Trio based DPCs/MPCs Supports the Junos SDK eco-system for partners and customers 4 Copyright 2012 Juniper Networks, Inc. www.juniper.net

WHY ROUTER SERVICES? The tipping point Network investment outstripping service revenues, hurting margins Routers are a natural service consolidation point What s needed? Network transformation beyond service silos and speeds and feeds Integrated service and network layers Router Integrated services Improve service performance, reliability and scale Promote network consolidation Support a consistent and efficient operations environment Every bit transits a router, and every edge router is a service delivery point 5 Copyright Copyright 2011 2012 Juniper Juniper Networks, Networks, Inc Inc. www.juniper.net

SERVICES ACROSS THE ROUTING PORTFOLIO Network Addressing NGNA (CGN) Application, Subscriber, & Protocol Awareness ADC/SLB TLB Sub & App Awareness HCM http Content Manager Service DPCs Chassis based MX Series MX mid range (inline) T Series, M Series Service PICs Network Visibility Flow Monitoring Deep Inspection Network Security Stateful Firewall IPS IPsec LOWER TCO Competitive Differentiators GREATER ONE FLEXIBILITY ARCHITECTURE ONE JUNOS SUPERIOR SCALABILITY 6 Copyright 2012 Juniper Networks, Inc. www.juniper.net

DIMENSIONING OF SERVICES Three primary data points required to size a CGN deployment # of Concurrent Subscribers Sessions per-second per-subscriber Bandwidth required per-subscriber The above elements are enough to provide a model for sizing any CGN solution Sizing of solution also depends on deployment type: Centralized vs. Decentralized Dependent on network architecture 9 Copyright 2012 Juniper Networks, Inc. www.juniper.net

WIRELINE PROVIDER Goal Provide analytic information for subscriber web surfing Requirements provide additional service treatment to subscriber traffic in packet data path Must support opt-in/out of subscribers Solution CGN SDK Application HCM Advantage Juniper CGN was already in place. HCM was added to existing environment. 10 Copyright 2012 Juniper Networks, Inc. www.juniper.net

CGN SOLUTION FOR MULTIPLE DSL GW'S Problem Address depletion, fiber service growth vs. DSL shrinking results in address reclaim Ad-Insertion, Scalable Web usage collection and reporting [Syslog] Syslog Collector and Analytics SDG 2 CGNAT JFLOW HCM Solution Apply multiple NAT services [NAT44 and NAT64] for DSL subscriber based services [VOD, IPTv and VOIP] Network Monitoring JFlow + Collectors + HCM Diameter based Opt In/Out Model [RE SDK] SDG 1 CGNAT JFLOW HCM Collector and Analytics Syslog IP/MPLS core Internet 12 Copyright 2012 Juniper Networks, Inc. www.juniper.net

SERVICES OVERVIEW Diameter [PCRF] Subscriber Opt-in/out messages Route Engine SDK Application Insert/remove host routes into BGP table for opt-in/out Ingress Interface FuF RSP Interface CGN BGP Table Egress Interface HCM 13 Copyright 2012 Juniper Networks, Inc. www.juniper.net

JWA current state A powerful SDK based HTTP parser which tracks HTTP requests & their responses Actions include: Inserting an HTTP header a.k.a. tag insertion or header enrichment Discarding, resetting, counting, etc. the transactions Logging the HTTP requests/responses Logging the TCP start/end Redirecting the client to a new host/url Associating HTTP transactions to corresponding subscriber by communicating with DSA component GA in 12.2. Supports the following HTTP requests: GET PUT POST 15 2 Copyright 2012 Juniper Networks, Inc. www.juniper.net

JWA SUPPORTED FEATURES [12.2] Fixed, wireless and BNG network architectures IPv4 and IPv6 based tag insertion, URL logging/filtering and errorredirect Asymmetrical flows (URL logging only) Extended URL logging for long HTTP contexts All JWA functions can be run on the same NPU Multiple NPUs can be used with AMS for IPv4 based traffic to support load balancing Receiving standard Radius attributes and use it for tagging and logging purpose Subscriber Opt-in/Opt-out function is supported through Sd/Diameter interface (RE based SDK app) by a 3 rd party System Integrator. 16 Copyright 2012 Juniper Networks, Inc. www.juniper.net

JWA: URL FILTERING & LOGGING HOW IT WORKS URL filtering & logging processing includes: Router will monitor the HTTP transactions, and match HTTP requests against pre-configured URLs For a given HTTP transaction, TCP connections(start/end) can be logged as well For long HTTP contexts, extended URL logging can be enabled If a match is found, an action is taken based on the matching conditions Actions include: 1. Discard or rest 2. Count 3. Log (via syslog) It is also possible to combine the above actions 1. Discard & log 2. Reset & log Wild card character can be used in URL matching 3. Accept & count 1. The first character in hostnames 4. Accept & log 2. The last character in URLs 5. Accept & count & log 17 Copyright 2012 Juniper Networks, Inc. www.juniper.net

JWA: URL FILTERING & LOGGING WHAT FIELDS IN HTTP HEADERS ARE PROCESSED Hypertext Transfer Protocol GET /techpubs/ HTTP/1.1\r\n [Expert Info (Chat/Sequence): GET /techpubs/ HTTP/1.1\r\n] [Message: GET /techpubs/ HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: GET GET / PUT / POST Request URI: /techpubs/ Request Version: HTTP/1.1 request-uri in url-list / url-rule term url Host: www.juniper.net\r\n rest of the request truncated HTTP 1.0 & 1.1 supported host in url-list / url-rule term url 18 Copyright 2012 Juniper Networks, Inc. www.juniper.net

JWA: URL FILTERING & LOGGING HOW MATCHING WORKS Both the host and request-uri portion from the HTTP requests are extracted A search is performed against the list of host and request-uri defined in url-list If the host from the HTTP request header matches any configured host name in the url-list and the request-uri from the header matches entries from request-uri in the url-list, then a match is found. services { http-manager { url-list <url-list-name> { URL definitions // NOTE: * is optional for host names, but if provided, // it must be first character in the string. host "*.some-host.com"; host "*.some-host.ca"; host "some.specific.domain.name.org"; // NOTE: * is optional for request-uri s, but if provided, // it must be last character in the string. request-uri "/some-page/ex1/*"; request-uri "/some-other-page/ex2/very-large-size-9999"; request-uri "/other-page/ex13/short-ones/*"; } } } 19 Copyright 2012 Juniper Networks, Inc. www.juniper.net

JWA: URL LOGGING ENABLE ASYMMETRICAL FLOW Asymmetrical flow support needs to be enabled explicitly with the following configurations: services {... service-set <service-set-name> { service-set-options { enable-asymmetric-traffic-processing; } interface-service { service-interface <service-interface>; } extension-service http-packet-manager { hcm-url-rules <url-log-rule-name>; skip-url-matching; } 20 Copyright 2012 Juniper Networks, Inc. www.juniper.net

JWA: URL FILTERING & LOGGING PACKET FLOWS MX will use service filter to send HTTP traffic to JWA for processing JWA will match the traffic against its URL list and take the needed actions The logged data is send to 3 rd party analytic platform Fusing the above data together, the chosen analytic platform will present the required statistics to end user 21 Copyright 2012 Juniper Networks, Inc. www.juniper.net

JWA: URL FILTERING & LOGGING PACKET FLOW Non-HTTP Traffic HTTP Traffic 1 Ingress PFE Service Filters Service filter classifies traffics JWA Egress PFE Service PIC 2 JWA will do the URL filtering/logging and send the log to 3 rd party analytic platform 3 Data fusion will be performed and selected results will be presented Analytic platform 22 Copyright 2012 Juniper Networks, Inc. www.juniper.net

EXAMPLE USE-CASE MATRIX Mobile Packet Core Internet CSP Enterprise Cloud DataCenter Core Services + Multi-Tiered Designs Wireline Network Media flow Internet Video Opt Web Opt Content Optimization Enterprise Network MX 3D Universal edge router with integrated ADC Secure Gateways CGN Proxy Applications Mobility Services 24 Copyright 2012 Juniper Networks, Inc. www.juniper.net

USE CASE 1: DNS LOAD BALANCING Integrated ADC benefits: 25 Copyright 2012 Juniper Networks, Inc. www.juniper.net Application benefits Lowering solution TCO Improved resource utilization efficiency lowering the number of servers required Seamless service capacity growth Increasing service resiliency through integrated application health monitoring Increased infrastructure value Simple addition of ADC software as a service Fast service rollout Simple network design no need for third-party standalone new appliances

USE CASE 2 ENHANCED DNS DESIGN SDP DNS WEB Portal WAP Gateway Messaging Description DNS based queries are destined to virtual route targets (VIP) hosted at the MX Edge Routers. With intelligence about Availability, Load and Proximity of service endpoints, edge based MX ADC forwarding decisions improve QoE ensuring global resilience of this high volume core service. Supporting Direct Server Return (DSR) further accelerates transactions by removing the MX ADC from the response path. Value Improving latency, throughput and service resilience with a means for incremental growth 26 Copyright 2012 Juniper Networks, Inc. www.juniper.net

USE CASE 3: CARRIER GRADE NAT LOGGING Logging Server 1 Logging Server 2 DR Location Logging Server Backup ADC UE client IP/Ethernet Backhaul CGN CGN CGN NAT Internet MX Service Delivery Gateway 27 Copyright 2012 Juniper Networks, Inc. www.juniper.net

USE CASE 4: CONTENT DELIVERY NETWORKS Description The goal for the Content Distribution Edge routers in this design is to differentiate Hot Content from 3rd Party Origins driving efficiency in UA and Content Interactions. There may also be a need to transparently intercept content requests that require edge optimization for traffic outside of the control of the content management system. With intelligence about Availability, Load and Proximity of service elements and content locations, edge based forwarding decisions improve QoE while the MX ADC infrastructure ensures global resilience of this high volume distribution service. Value Improving latency, throughput and service resilience with a means for incremental growth Guarantee cost-effective CDN operation and delivery 28 Copyright 2012 Juniper Networks, Inc. www.juniper.net

CDN USECASE Problem Dynamic growth of video consumes tremendous amounts of bandwidth IPv4 Optimized Access based Caching solution Pacifica IPv6 TLB TLB Pacifica VXA2010 MX series SLB 4 x 10 GE Subscribers Access Core 10 GE 29 Copyright 2012 Juniper Networks, Inc. www.juniper.net Internet Origin Server

DIRECT SERVER RETURN (DSR) DNS LOAD BALANCING CLIENT TO SERVER Stage 1: LB MS-DPC LB MS-DPC LB MS-DPC Juniper Router RE LB MS-DPC MS-DPC MS-DPC MS-DPC MS-DPC Client request arrives to Juniper Router Destination IP = VIP Stage 2: Clients Clients Router DNS Servers DNS Servers Router performs L3- based ECMP across the routes to spread the load between the NPUs (Routing instances will be used) 30 Copyright 2012 Juniper Networks, Inc. www.juniper.net

DIRECT SERVER RETURN (DSR) DNS LOAD BALANCING CLIENT TO SERVER Stage 3: Clients LB MS-DPC Clients LB MS-DPC LB MS-DPC Juniper Router LB MS-DPC RE Router MS-DPC DNS Servers 31 Copyright 2012 Juniper Networks, Inc. www.juniper.net MS-DPC MS-DPC MS-DPC DNS Servers SLB makes a load balancing decision and selects one of the DNS servers. A route in forwarding instance steers packets to real servers. Packet destination IP remains the VIP. Stage 4: Packet is sent to selected server MAC, bypassing regular routing paths

DIRECT SERVER RETURN (DSR) DNS LOAD BALANCING SERVER TO CLIENT Juniper Router Stage 1: RE Reverse traffic goes to inet0 directly. LB MS-DPC LB MS-DPC LB MS-DPC LB MS-DPC MS-DPC Router MS-DPC MS-DPC MS-DPC DNS response returns to Client directly, bypassing SLB blade. Clients Clients DNS Servers DNS Servers 32 Copyright 2012 Juniper Networks, Inc. www.juniper.net

ADC VS. TLB TLB Methods Hash Hash, least connections, round robin, response time, bandwidth ADC Session State Stateless Stateful or Stateless Traffic Rate PFE dependent MS-DPC dependent Layer support L4 L4 - L7 providing Enhanced services stickiness Transparency Supported Supported + Enables configurable virtual IP destination as part of the ADC. Required HW MS-DPC (only 1 NPU) MS-DPC (At least 1 NPU) Connections/PPS PFE dependent Stateful:1M/2M per NPU Stateless: PFE dependent/2m per NPU Health check type ICMP, TCP, HTTP ICMP, TCP, HTTP\S, DNS, SNMP, TFTP, IMAP, POP3, WAP, SMTP, RADIUS, NNTP, LDAP, FTP, SIP 33 Copyright 2012 Juniper Networks, Inc. www.juniper.net IPv4/IPv6 Supported Supported

TLB ARCHITECTURE [TRAFFIC LOAD BALANCER] Leverages traffic distribution capabilities of TRIO chipset Source IP address based hashing to distribute traffic Supports graceful operation change, does not affect traffic flows to other active servers Hybrid mode: Separate application level health checks mechanism on MS-DPC, inline traffic not requiring MS-DPC 2. Apply next hop rules according to health status MX Data plane (NPU) Forwarding plane (Trio) 1. Monitor applications and servers health Video Media Monitoring 3. Distribute traffic according to rules ECMP LB 34 Copyright 2012 Juniper Networks, Inc. www.juniper.net Media Gateway

DESIGNING VALUE ADDED SERVICES IN WIRELINE NETWORKS. Norbert Wicker, EMEA Advanced Technology Specialist 8 th September 2012