OpenCS SD-WAN Project Update QMM October 2017 Raleigh, NC Joseph Ruffles, Riverbed Tim Van Herck, VeloCloud

A brief history of the OpenCS SD-WAN project… Launched at the 2016 Members’ Meeting in Boston Focused on the SD-WAN for the MEF community Providing clarity and common language to an emerging technology area

What’s the market motivation for MEF members? Customers want the benefits of Software Defined Infrastructure…. $avings, e.g., from Reducing the cost of MPLS circuits Reducing on-premise equipment Improved used of resources Agility Control and the benefits of cloud-based services on tap, on demand, on someone else’s infrastructure details outsourced to someone else who is an expert  Managed Service – with one party responsible for the end-to-end application performance

Incubating a Service Provider Grade SD-WAN Ecosystem An agreed vocabulary and definition APIs for interoperability Multi vendor Across operators

Drivers -- Subscriber Benefits Significant OPEX Savings Utilize multiple residential / commercial links while retaining quality Increased Site reliability Through diversified provider and/or access technology use Application based policy control Policy definition based on application, no longer on 5-tuple Measure link quality and adapt application & QoS policy Rapid branch deployments Ubiquitous access to residential wired and wireless connections

Drivers -- Service Provider Benefits Lower OPEX Automation reduces truck rolls (customer self-installs) Run on commodity (e.g., x86) hardware Reduced urgency on incident response (or SLA violation) Shorten path to Revenue Start with circuits that are available, add when needed No need for NNI’s to be established Complement MPLS with extra inexpensive bandwidth Off-Net Market expansion Offer managed service in competitor or incumbent markets Decouple last mile from service via BYOC (since OTT)

SD-WAN Core Characteristics TODO: Define minimal feature set TODO: Work towards MEF product and service certification May need to include service agnostic (L2 & L3) It operates as an overlay network Transport independent (use any technology ; private & public links) Support Secure transport (VPN) Can integrate with existing carrier networks (Private cores) Application & link aware policy control Dynamic path selection and configuration based on current conditions Provide simple and extensible interface Web interface and ReST APIs Enterprise level controls vs. element manager Easy installation

SD-WAN Core Characteristics Use Examples Overlay network Actively use Business DSL, Cable, DIA, and LTE capacity Send business critical applications always over MPLS first Only use LTE when all wired links are impaired or down Application & link aware policy control Send VOIP over the lowest latency link Move VOIP if packetloss is detected Send Box.com transfer over highest capacity link Provide simple and extensible interface Provision through ReST, deploy by non-technical personnel

SD-WAN Colocated Services Service commonly found colocated in SD-WAN functions: Application Aware Firewall WAN Optimization What it is not: A WAN Optimization service (complementary service) SD-WAN performs last mile optimization WANop performs mid mile optimization An API managed router (sub function) An appliance / a VNF packaged router Formfactor independent SD-WAN is a set of overlay network of collaborative nodes SDN Segregated control & data plane

SD-WAN Concepts Underlay Network Overlay Network The physical transport network Private, public, wireline, wireless Overlay Network Virtual Network abstracted from the transport network (underlay network) No interaction between overlay and underlay Overlay networks are tunneled over Underlay networks Using an encapsulation protocol, e.g., VxLAN, NVGRE, IPSec tunnel, etc.

SD-WAN Component Functions SD-WAN Controller (SWC) Responsible for policy distribution, status and statistics collection Not a decision maker ! Policy Decision Point SD-WAN Edge (SWE) Function interfacing with Enterprise LAN or SP core Single or multi-tenant Can be integrated into the SP core (PE adjacent) Policy Enforcement Point

SD-WAN Component Segregated control and data plane TODO: Finalize terminology Do not use MPLS style terminology to avoid confusion Segregated control and data plane Provider components in the form of VNF’s SD-WAN Edge can manifest in virtual or physical form factor SD-WAN Controller XaaS Enterprise DC Other branches Control Plane Clients SD-WAN Edge Data Plane SD-WAN Edge Branch Office SD-WAN Provider Applications

Single CSP: Internet Only Branches (OTT) TODO: Cover single link case Used for Off-Net connectivity Load Bal. [Legato] Self-service Web Portal [Presto] SD-WAN Controller [Adagio] Branch [Adagio] Branch ISP Y ISP X ISP Z ISP Y Service Provider Core SD-WAN Edge SD-WAN Gateway [optional] SD-WAN Gateway [optional] SD-WAN Edge Version 1.0 - 20160629 Branches connected with public links only (BB, DIA, …) Presto to provide a vendor neutral API to provision SD-WAN solutions

Single CSP: Hybrid Connected Branches Used for MPLS augmentation [Legato] Self-service Web Portal [Presto] SD-WAN Orchestrator [Adagio] Branch Branch ISP Y MPLS Core PE ISP X ISP Z SD-WAN Edge SD-WAN Edge ISP X SD-WAN Edge SD-WAN Edge MPLS Version 1.0 - 20160629 Branches connected with hybrid access Blend of private & public links Policy control over which application uses what links

Single SP: Multiple SD-WAN Vendors [Legato] Self-service Web Portal [Presto] [Presto] SD-WAN Orchestrator {vendor A} SD-WAN Orchestrator {vendor B} CPE [Adagio] [Adagio] CPE PE SD-WAN Edge SD-WAN Edge {vendor A} CSP Core SD-WAN Edge {vendor B} SD-WAN Edge Version 1.0 - 20160629 Multiple SD-WAN vendor solutions present Single LSO driving two or more solutions Not focused on interoperability of SD-WAN Edges

Roadmap Service Properties Formal Service Definition API Definition Data model API format (ReST, ReSTCONF, YANG/NETCONF, …) MEFnet reference implementation

MEFnet Implementation Phases

MEFnet implementation: Phase 0 Focus on environment integration Vendor A Vendor B SD-WAN Orchestrator SD-WAN Orchestrator CPE CPE BB BB SD-WAN Edge SD-WAN Edge Core SD-WAN Edge SD-WAN Edge Version 1.0 - 20160629 Service Provider Realm Manual orchestration at this phase NNI can be: IPsec, QinQ, VXLAN

MEFnet implementation: Phase 1 Focus on Integration with LSO Vendor A Vendor B SD-WAN Orchestrator SD-WAN Orchestrator CPE CPE BB BB SD-WAN Edge SD-WAN Edge Core SD-WAN Edge SD-WAN Edge Version 1.0 - 20160629 Service Provider Realm

MEFnet implementation: Phase 2 Hybrid Branch deployment Vendor A Vendor B SD-WAN Orchestrator {vendor A} SD-WAN Orchestrator CPE CPE MPLS MPLS BB BB Core SD-WAN Edge SD-WAN Edge SD-WAN Edge SD-WAN Edge Version 1.0 - 20160629 Service Provider Realm

Q & A

Reference Diagram

OpenCS SD-WAN: Reference Diagram Load Bal. [Interlude / Sonata API] Self-service Web Portal [Presto] [Presto] SD-WAN Orchestrator SDN Controller SDN Controller SD-WAN Orchestrator NFV MANO CPE CPE CSP Core PE PE PE PE ENNI UNI SDN Switch SD-WAN (v)CPE SD-WAN Gateway SD-WAN Gateway CSP Core SD-WAN (v)CPE SDN Switch SDN Switch Version 1.0 - 20160629 UNI UNI CPE CPE CPE

Deployment Models

Deployment Models: Enterprise Include MPLS link Control Channel SD-WAN Overlay Transport Underlay Load Bal. SD-WAN Controller HQ Branch ISP Y ISP X ISP Z ISP Y SD-WAN Edge Service Provider Core SD-WAN Edge Single tenant implementation Enterprise on-premise hosted SD-WAN controller No Service Provider participation

Deployment Models: Service Provider Control Channel SD-WAN Overlay Transport Underlay SD-WAN Controller HQ Branch ISP Y ISP X ISP Z ISP Y SD-WAN Edge SD-WAN Edge Service Provider Core SD-WAN Edge SD-WAN Edge Multi tenant implementation SP hosted SD-WAN Controller and Customer SD-WAN Edges Enterprise on-prem SD-WAN Edges (SP provided) Integration with the SP Private Core (at the PE)

Deployment Models: Managed Service Provider SD-WAN Controller HQ Branch ISP Y ISP X ISP Z ISP Y SD-WAN Edge Service Provider Core SD-WAN Edge Multi tenant implementation MSP hosts SD-WAN controller MSP supplies Enteprise on-premise SD-WAN Edge Optional Service Provider participation

Single CSP: Internet Only Branches (OTT) TODO: Cover single link case Used for Off-Net connectivity Load Bal. [Legato] Self-service Web Portal [Presto] SD-WAN Controller [Adagio] Branch [Adagio] Branch ISP Y ISP X ISP Z ISP Y Service Provider Core SD-WAN (v)CPE SD-WAN Gateway [optional] SD-WAN Gateway [optional] SD-WAN (v)CPE Version 1.0 - 20160629 Branches connected with public links only (BB, DIA, …) Presto to provide a vendor neutral API to provision SD-WAN solutions

Use Cases

Single CSP: Internet Only Branches (OTT) TODO: Cover single link case Used for Off-Net connectivity Load Bal. [Legato] Self-service Web Portal [Presto] SD-WAN Controller [Adagio] Branch [Adagio] Branch ISP Y ISP X ISP Z ISP Y Service Provider Core SD-WAN (v)CPE SD-WAN Gateway [optional] SD-WAN Gateway [optional] SD-WAN (v)CPE Version 1.0 - 20160629 Branches connected with public links only (BB, DIA, …) Presto to provide a vendor neutral API to provision SD-WAN solutions

Single CSP: Internet Only Branches (OTT) As an enterprise, I would like to use multiple transport links in an Active/Active fashion As an enterprise, I would like to steer application based on business priority to the best available link matching the network requirements of the application As a Service Provider, I would like to provision the SD-WAN network through a standardized API

Single CSP / Single Link: Internet Only Branches (OTT) Load Bal. [Legato] Self-service Web Portal [Presto] SD-WAN Controller [Adagio] Branch [Adagio] Branch ISP Y ISP X Service Provider Core SD-WAN Edge SD-WAN Edge [optional] SD-WAN Edge [optional] SD-WAN Edge Version 1.0 - 20160629 Single link (Internet or MPLS) attached to the branch Limited steering benefits, however, still benefit from: Remote management of the branch Application aware QOS Application aware local breakout / offload

Single CSP / Single Link: Internet Only Branches (OTT) As an enterprise, I would like add new links in the future without significant configuration changes As an Service Provider, I would like to remotely monitor deployed SD-WAN edges As a Service Provide, I would like to locally break out non- critical traffic. As a Service Provider, I would like to enable link impairment mitigation techniques if link quality degrades

Presto API Focus Areas Provisioning Site Networks (LAN, WAN, VLANs, IPAM) Application policy  Complex definition Features (VPN, …) Status Sites, Links, Overlay, VPN Statistics Flows (applications, sources, destinations) Users & devices Link quality Events Link condition changes Quality thresholds Routing changes

Single CSP: Non SD-WAN Branch Integration Used for migrations Load Bal. [Legato] Self-service Web Portal [Presto] [Adagio] SD-WAN Controller Branch Service Provider Core Legacy Branch ISP Y ISP Y IPsec ISP Z SD-WAN Edge SD-WAN Gateway PE SD-WAN Gateway FW Version 1.0 - 20160629 Legacy Branch SD-WAN sites connected with public links only (BB, DIA, …) Legacy branch interoperability DC / VDC interoperability using IPsec (proposed) Non SD-WAN sites connected using private links (MPLS, LL, …) Routing exchanged between all branches MPLS CE

Single CSP: Non SD-WAN Branch Integration As an enterprise, I would like to integrate non Sd-WAN branches to the SD-WAN (VPN) Overlay As a Service Provider, I would like to interconnect the SD- WAN (VPN) Overlay to existing MPLS network while maintaining customer traffic segregation As a Service Provider, I would like to integrate MPLS only branches into the SD-WAN (VPN) Overlay

Focus Areas Provisioning VPN endpoints, tunnels and associated policies VRF attachments (.1q, qinq, etc …) Routing BGP configurations (between PE and SD-WAN Gateway) Route influencing & redistribution

Single CSP: Cloud Integration Load Bal. [Legato] [Presto] VPC [Adagio] SD-WAN Controller SD-WAN Edge VNF CSP Branch ISP Y Service Provider Core ISP Y IPsec VPC ISP Z SD-WAN Edge SD-WAN Edge PE SD-WAN Edge FW CSP Version 1.0 - 20160629 Cloud Exchange Fabric 802.1q SD-WAN sites connected with public links only (BB, DIA, …) Legacy branch interoperability DC / VDC interoperability using Ipsec Non SD-WAN sites connected using private links (MPLS, LL, …) Routing exchanged between all branches VPC VGW CSP

Single CSP: Cloud Integration As an enterprise, I would like to Connect to resources at my CSP / VDC As a service provider, I would like to have diverse mechanisms to provide connections from the SD-WAN overlay to external CSP’s

Single CSP: Hybrid Connected Branches Used for MPLS augmentation [Legato] Self-service Web Portal [Presto] SD-WAN Orchestrator [Adagio] Branch Branch ISP Y MPLS Core PE ISP X ISP Z SD-WAN Edge SD-WAN Edge ISP X SD-WAN Edge SD-WAN Edge MPLS Version 1.0 - 20160629 Branches connected with hybrid access Blend of private & public links Policy control over which application uses what links

Single CSP: Non SD-WAN Branch Integration As an enterprise, I would like to augment my MPLS link with higher speed commercial transport for use of non-business critical applications As an enterprise, I would like to fail over to the broadband circuit(s) in the event the MPLS link fails. As a Service Provider, I would like to mix MPLS and DIA/BB transport circuits to supply more bandwidth to branches

Single SP: Multiple SD-WAN Vendors [Legato] Self-service Web Portal [Presto] [Presto] SD-WAN Orchestrator {vendor A} SD-WAN Orchestrator {vendor B} CPE [Adagio] [Adagio] CPE PE SD-WAN Edge SD-WAN Edge {vendor A} CSP Core SD-WAN Edge {vendor B} SD-WAN (v)CPE Version 1.0 - 20160629 Multiple SD-WAN vendor solutions present Single LSO driving two or more solutions Not focused on interoperability of SD-WAN Edges

Single CSP: Multiple SD-WAN Vendors As a Service Provider, I would like to use multiple SD-WAN vendor solution but provision these through a standardized API As a Service Provider, I would like to interconnect the different SD-WAN Overlays using standard NNI mechnisms

[Interlude / Sonata API] Multi SP Load Bal. Self-service Web Portal [Interlude / Sonata API] [Presto] [Presto] SD-WAN Orchestrator SD-WAN Orchestrator MPLS MPLS CPE CPE PE PE PE ENNI UNI UNI SDN Switch UNI SD-WAN (v)CPE SD-WAN Gateway PE SD-WAN Gateway SD-WAN (v)CPE SDN Switch Version 1.0 - 20160629 Multiple LSO’s, multiple SD-WAN vendors Exchange policy information Provision NNI CPE CPE