SD WAN MPLS service disruption or enhancement
2 likes1,178 views
The document discusses the evolution of networking solutions with a focus on SD-WAN and MPLS VPN services offered by Colt. It outlines the challenges faced by CIOs regarding bandwidth demands, application performance, and the necessity for cost-effective solutions while highlighting the benefits and potential of hybrid connectivity strategies combining MPLS and IPsec over the Internet. Key developments and future plans for enhancing SD-WAN capabilities, including security features and analytics, are also presented.
SD WAN MPLS service disruption or enhancement
- 1. SD WAN: MPLS VPN disruption or enhancement? Fahim Sabir Director of Architecture & Development, Colt On Demand 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 1
- 2. Colt networking solutions and our customers ─ Launched MPLS based services in early 2000s ─ 1000s of customers ─ Range from 10s to 1000s of sites, all over the world ─ Across all sectors: Finance, Media, Manufacturing, Transport, etc. ─ Typically headquartered in major European and Asian cities where we have a fibre presence ─ Launched IPSec sites tunnelled over the internet in late 2000s, long before SD WAN came into existence ─ Introduced SD-WAN capability into our networking solutions in 2016, partnering with Versa Networks for the platform 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 2
- 3. 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 3 The CIO challenge hasn’t really changed ─ Do more with less ─ Exponential growth in bandwidth requirements – Gbps world ─ Greater agility ─ Highly distributed organisations, all sites need connectivity ─ Measured by spend and application performance ─ Consumer experiences have set the bar much higher ─ Self-service no longer a ‘nice to have’ ─ Need the cutting edge without the disruption of a big migration
- 4. Both MPLS and IPSec over Internet have pros and cons MPLS ― High level of guaranteed performance ― Very expensive per Gbps, especially for off-net locations Use when applications are latency, performance and security sensitive 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 4 IPSec over Internet ― Performance not guaranteed ― Commodity connectivity which is cheaper and available everywhere Use when bandwidth is key and performance is not critical or can’t be controlled
- 5. Connectivity isn’t what makes SD WAN special. The intelligence and service experience we can add to the connectivity is. 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 5
- 6. Almost every networking solution RFI received by Colt in the last 18 months has requirements that are best solved by SD WAN capabilities, whilst demanding performance, security and reliability that can only be delivered by an MPLS underlay, at a price point closer to commodity internet connectivity. 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 6
- 7. High level architecture MPLS Internet x86 CPEs Cloud MPLS SD WAN Gateways x86 CPEs Control MPLS IPVPN Internet IPSec Director and Analytics Custom Portal BSS/OSS systems Traditional CPEs Firewall VNF Firewall VNF 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 7 ― Versa Networks based platform ― Commodity Atom based CPEs – alternate option high performance Xeon D based CPE due 2017Q4 ― VNFs on CPE to provide additional value, currently firewall, others planned ― Direct site-to-site IPSec tunnels where connectivity is over the Internet ― Custom portal offering control and analytics ― Integrated to existing MPLS architecture ― Integrated to existing BSS/OSS platforms
- 8. Architecture benefits ─ Delivers a good balance of cost, performance, security and agility without sacrificing on any of these ─ The customer can validate the SD WAN capability without committing to a big network rollout or migration ─ The customer can execute the migration to a full SD-WAN based solution on a rolling basis ─ End-to-end service assurance from a single operator across ‘legacy’ and next generation networks. 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 8
- 9. Challenge #1: Expensive off-net MPLS connectivity Solution: Hybrid MPLS and IPSec over Internet connectivity ― Premium (MPLS) and value (IPSec over Internet) paths back to the network ― Default path for each type of traffic, determined by basic layer 4 analysis, or DPI (2017Q4) ― Alternate path for each type of traffic based on some steering criteria (latency, available bandwidth) ― Self-service policy setting ― Analytics MPLS Internet x86 CPE Cloud MPLS SD WAN Gateway x86 CPE MPLS IPVPN Internet IPSec 9
- 10. Challenge #2: Exploding internet bandwidth requirements 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 10 MPLS Internet x86 CPE Cloud MPLS SD WAN Gateway x86 CPE MPLS IPVPN Internet IPSecSolution: Local internet breakout ― Traditional used central gateways to break out from the MPLS core ― Premium bandwidth is reserved for applications that need it ― Internet services that rely on geolocation work as they should ― Improved latency for remote sites
- 11. Challenge #3: Internet security threats 04 October 2017 11 MPLS Internet x86 CPE Cloud MPLS SD WAN Gateway x86 CPE MPLS IPVPN Internet IPSecSolution: Firewall VNF ― Layer 4 firewall. ― Logging ― Analytics of rule hits ― Resides on the same CPE, additional hardware not needed ― Multiple firewall types supported (due 2018)
- 12. Development continues… Near term developments include… ― Dual CPE support, with load balancing/redundancy ― More than 2 connections ― Advanced firewall and steering capabilities ― Advanced analytics ― Sub-networks/multi-VRF support ― High performance Xeon D based CPE ― More network functions (application optimisation) ― Support for MPLS only connectivity with an x86 CPE 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 12
- 13. 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 13 Learnings as an operator ― Feature parity is expected with the network solutions customers already have. Even the basic stuff needs to be rebuilt from scratch ― Customer pipeline initially drives the roadmap, because demand is greater than development velocity ― Customer experience implications must drive every decision ― The commodity compute+software world is very different from the custom hardware world. For everyone ― Service assurance models need to be rethought for networks which are part on-net and part overlay ― There aren’t many people available in the market with the technical skills needed. Cross training is key ― A close working relationship with your SD WAN platform vendor is a necessary foundation
- 14. Thank you 04 October 2017 SD WAN: MPLS VPN disruption or enhancement? 14