Unravelling Managed SD-WAN Services
ralphsan
270 views
15 slides
Feb 21, 2019
Slide 1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Presentation
SD-WAN service offerings and their capabilities vary tremendously. This presentation describes the fundamental components and capabilities of an SD-WAN service based on the standardization work of MEF Forum. This presentation will help organizations evaluating SD-WAN service offerings to make the mo...
Slide Content
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
Ralph Santitoro Head of SDN/NFV/SD-WAN Services, Fujitsu |
[email protected]
Distinguished Fellow and Director, MEF Forum |
[email protected]
February 20, 2019 SD-WAN Webinar Series:
Unravelling Managed SD-WAN Services
Ralph Santitoro Head of SDN/NFV/SD-WAN Services, Fujitsu |
[email protected]
Distinguished Fellow and Director, MEF Forum |
[email protected]
February 20, 2019 SD-WAN Webinar Series:
Unravelling Managed SD-WAN Services
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
What You Will Learn in this Webinar
Standard MEF 3.0 SD-WAN Service Components and Terminology
Will help you communicate and understand using industry st andard terminology
SD-WAN Services are uniquely different than legacy WAN services
Understanding baseline capabilities will help you evalua te different SD-WAN
Service offerings
Importance and Role of each SD-WAN Service capability
Will help you understand the business benefits
Unravelling Managed SD-WAN Services
This Is Part of a Webinar Series Covering Different Topics about SD-WAN Services
2
What You Will Learn in this Webinar
Standard MEF 3.0 SD-WAN Service Components and Terminology
Will help you communicate and understand using industry st andard terminology
SD-WAN Services are uniquely different than legacy WAN services
Understanding baseline capabilities will help you evalua te different SD-WAN
Service offerings
Importance and Role of each SD-WAN Service capability
Will help you understand the business benefits
Unravelling Managed SD-WAN Services
This Is Part of a Webinar Series Covering Different Topics about SD-WAN Services
2
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
Concepts: MEF 3.0 SD-WAN Service Constructs*
Subscriber Network
SD-WAN UNI
SD-WAN Edge
Underlay Connectivity Service (UCS aka Underlay WAN)
Tunnel Virtual Connection (TVC)
* From MEF 70 SD-WAN Service Attributes and Service Description Draft Standard (MEF Forum)
Unravelling Managed SD-WAN Services
3
Concepts: MEF 3.0 SD-WAN Service Constructs*
Subscriber Network
SD-WAN UNI
SD-WAN Edge
Underlay Connectivity Service (UCS aka Underlay WAN)
Tunnel Virtual Connection (TVC)
* From MEF 70 SD-WAN Service Attributes and Service Description Draft Standard (MEF Forum)
Unravelling Managed SD-WAN Services
3
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
SD-WAN
Edge
SD-WAN
Edge
Internet
DSL
Modem
Cable
Modem
MPLS
MPLS
CE Router
MPLS
CE Router
SD-WAN
UNI
Underlay
Connectivity Services
MEF 3.0 SD-WAN Service Components
TVC 1 TVC 2
Subscriber
Network
Subscriber
Network
SD-WAN
UNI
Unravelling Managed SD-WAN Services
4
Internet
Breakout
SD-WAN
Edge
SD-WAN
Edge
Internet
DSL
Modem
Cable
Modem
MPLS
MPLS
CE Router
MPLS
CE Router
SD-WAN
UNI
Underlay
Connectivity Services
MEF 3.0 SD-WAN Service Components
TVC 1 TVC 2
Subscriber
Network
Subscriber
Network
SD-WAN
UNI
Unravelling Managed SD-WAN Services
4
Internet
Breakout
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
SD-WAN Services Are Over-the-Top (OTT) Services
SD-WAN Services operate over existingUnderlay Connectivity Services (UCS)
Examples of UCSs
Public UCSs, e.g., Internet service delivered over DSL, HF C, PON, LTE, Fiber (DIA), etc.
Private UCSs, e.g., MPLS, Carrier Ethernet, Optical Tr ansport, etc.
Why is this important?
Enables service to operate over any Service Providers UC S
Provides faster service delivery (no need to purchase/activ ate a new UCS)
Enables SD-WAN to operate over a mixture of public and private UCSs
An SD-WAN Service Operates over Your Existing Underlay Connectivity Services
Unravelling Managed SD-WAN Services
5
SD-WAN Services Are Over-the-Top (OTT) Services
SD-WAN Services operate over existingUnderlay Connectivity Services (UCS)
Examples of UCSs
Public UCSs, e.g., Internet service delivered over DSL, HF C, PON, LTE, Fiber (DIA), etc.
Private UCSs, e.g., MPLS, Carrier Ethernet, Optical Tr ansport, etc.
Why is this important?
Enables service to operate over any Service Providers UC S
Provides faster service delivery (no need to purchase/activ ate a new UCS)
Enables SD-WAN to operate over a mixture of public and private UCSs
An SD-WAN Service Operates over Your Existing Underlay Connectivity Services
Unravelling Managed SD-WAN Services
5
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
6
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
SD-WAN Service Application Identification and
Classification Criteria
Domain name
facebook.com
google.ru
Country
Iran
U.S.
UDP port number
TCP port number
SaaS Application
Office365
Salesforce
SD-WAN services must be Application-Aware
But what is an Application ?
An Application is anything you can classify to which you can ap ply Policies
Application classification based on one or more of the following criterion:
Granular Application Classification Is a Critical R equirement for an SD-WAN Service
IPv4 or IPv6 address/subnet
10.10.100.1/24
fe80::204:23ff:fe8:4ba2/128
IP protocol name
ICMP
FTP
Application Groups
Social Media
Gambling
Custom, User-defined
POS terminal identified
by IP subnet, TCP port
Unravelling Managed SD-WAN Services
6
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
SD-WAN Service Application Identification and
Classification Criteria
Domain name
facebook.com
google.ru
Country
Iran
U.S.
UDP port number
TCP port number
SaaS Application
Office365
Salesforce
SD-WAN services must be Application-Aware
But what is an Application ?
An Application is anything you can classify to which you can ap ply Policies
Application classification based on one or more of the following criterion:
Granular Application Classification Is a Critical R equirement for an SD-WAN Service
IPv4 or IPv6 address/subnet
10.10.100.1/24
fe80::204:23ff:fe8:4ba2/128
IP protocol name
ICMP
FTP
Application Groups
Social Media
Gambling
Custom, User-defined
POS terminal identified
by IP subnet, TCP port
Unravelling Managed SD-WAN Services
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
SD-WAN Policies
Policies are a set of criteria to apply actions
IF {criterion1, criterion2, }, THEN {action(s)}
SD-WAN services must be able to apply granular policies
Network-wide Policies (applies to all sites)
Per-site Policies (applies unique policies at each site)
Application or Application Group Policies (applies to any classified App or App Group)
SD-WAN Services have different types of Policies
Security Policies
Block all online storage sites (box.com, icloud.com, etc.)
QoS Policies
Send VoIP calls over any TVC with Latency < 35ms and Loss < 1%
Application Importance Policies
If Primary MPLS WAN fails, only send POS terminal, VoIP calls and Email over LTE Backup WAN
Unravelling Managed SD-WAN Services
7
SD-WAN Policies
Policies are a set of criteria to apply actions
IF {criterion1, criterion2, }, THEN {action(s)}
SD-WAN services must be able to apply granular policies
Network-wide Policies (applies to all sites)
Per-site Policies (applies unique policies at each site)
Application or Application Group Policies (applies to any classified App or App Group)
SD-WAN Services have different types of Policies
Security Policies
Block all online storage sites (box.com, icloud.com, etc.)
QoS Policies
Send VoIP calls over any TVC with Latency < 35ms and Loss < 1%
Application Importance Policies
If Primary MPLS WAN fails, only send POS terminal, VoIP calls and Email over LTE Backup WAN
Unravelling Managed SD-WAN Services
7
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
8
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
High Availability Dimensions of an SD-WAN Service
S
Access Network Type Diversity
S
Use Wireline and Wireless WANs
Unravelling Managed SD-WAN Services
Active-Active
WANs
SD-WAN
Edge
WAN 1 WAN 2
Different
WAN Providers
ISP A NSP B
SD-WAN
Edge
WSP C
Different
Access Network
Types
Cable,
DSL, PON
LTE / 5G
SD-WAN
Edge
SD-WAN Services Intrinsically Provide High Availability and Resiliency
S
WAN Provider Diversity
S
Use WANs from different providers
S
WAN Load Balancing
S
Application flows instantaneously forwarded to
alternate WAN in the event of a WAN failure
8
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
High Availability Dimensions of an SD-WAN Service
S
Access Network Type Diversity
S
Use Wireline and Wireless WANs
Unravelling Managed SD-WAN Services
Active-Active
WANs
SD-WAN
Edge
WAN 1 WAN 2
Different
WAN Providers
ISP A NSP B
SD-WAN
Edge
WSP C
Different
Access Network
Types
Cable,
DSL, PON
LTE / 5G
SD-WAN
Edge
SD-WAN Services Intrinsically Provide High Availability and Resiliency
S
WAN Provider Diversity
S
Use WANs from different providers
S
WAN Load Balancing
S
Application flows instantaneously forwarded to
alternate WAN in the event of a WAN failure
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
9
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
MPLS VPN
Internet
Access
Internet
Access
MPLS VPN
Internet
Access
Internet
Access
SD-WAN TVCs
SD-WAN
Edge CPE
SD-WAN
Edge CPE
SD-WAN Services Increase Site-to-Site WAN Bandwidth
without Increasing Underlay WAN Bandwidth
S
Before SD-WAN Service
S
All internal site-to-site communications over MPLS
S
Internet access used to only connect to Internet
not used for site-to-site connectivity
S
Internet BW 10-20X > MPLS BW
S
Must increase MPLS BW to increase site-to-site BW
S
After SD-WAN Service
S
Load-balance site-to-site traffic across MPLS and Internet using secure SD-WAN TVCs
S
Forwarding choices based on Application Policies
S
Internet used for local breakout and site-to-site
S
Site-to-Site BW increased without adding any MPLS BW
9
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
MPLS VPN
Internet
Access
Internet
Access
MPLS VPN
Internet
Access
Internet
Access
SD-WAN TVCs
SD-WAN
Edge CPE
SD-WAN
Edge CPE
SD-WAN Services Increase Site-to-Site WAN Bandwidth
without Increasing Underlay WAN Bandwidth
S
Before SD-WAN Service
S
All internal site-to-site communications over MPLS
S
Internet access used to only connect to Internet
not used for site-to-site connectivity
S
Internet BW 10-20X > MPLS BW
S
Must increase MPLS BW to increase site-to-site BW
S
After SD-WAN Service
S
Load-balance site-to-site traffic across MPLS and Internet using secure SD-WAN TVCs
S
Forwarding choices based on Application Policies
S
Internet used for local breakout and site-to-site
S
Site-to-Site BW increased without adding any MPLS BW
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
SD-WAN Service Information Security Data Protection and Privacy
SD-WAN Services must secure data in transit and at rest
In Transit Data:
256-bit AES Encryption of TVCs across underlay WANs
At Rest Data:
256-bit AES Encryption of any Subscriber data stored on an SD-WAN Edge
Subscriber Data Privacy
SD-WAN Service Provider must not be able to read or modify Subscriber data
Important for Data Privacy regulations
HIPAA (patient healthcare data privacy)
EU GDPR (personal information privacy EU requirement now, expected to be required globally)
PCI DSS (payment card data protection)
Unravelling Managed SD-WAN Services
10
SD-WAN Service Information Security Data Protection and Privacy
SD-WAN Services must secure data in transit and at rest
In Transit Data:
256-bit AES Encryption of TVCs across underlay WANs
At Rest Data:
256-bit AES Encryption of any Subscriber data stored on an SD-WAN Edge
Subscriber Data Privacy
SD-WAN Service Provider must not be able to read or modify Subscriber data
Important for Data Privacy regulations
HIPAA (patient healthcare data privacy)
EU GDPR (personal information privacy EU requirement now, expected to be required globally)
PCI DSS (payment card data protection)
Unravelling Managed SD-WAN Services
10
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
SD-WAN Service Network Security SD-WAN Edge Firewall
At a minimum, an SD-WAN Edge must have a firewall if it connects to an Internet WAN
For IP address and port address translation (NAT/PA T) and address/port blocking
Some SD-WAN Edges now support Zone-based Firewalls (ZFW)
ZFWs use Policies to restrict traffic to/from diffe rent LAN (ports/VLANs), UCSs (WANs) and TVCs
ZFWs ensures potential threats are contained to a p articular zone and do not affect other zones
Mitigates Spoofing of IP Addresses from LAN zones
If one zone uses same IP address as another zone, SD-WAN Edge will detect spoofed IP address and block it
from traversing a different zone
Examples Zones where traffic is segregated to a unique LAN/VLAN, TVC or Local Internet Breakout
Guest Wi-Fi Network on LAN/VLAN Local Internet Breakout
Extranet / Partner TVC Engineering VLAN
POS Terminals on LAN/VLAN Data Center TVC and Printer on LAN/VLAN
Intranet LAN/VLAN Intranet TVC and Local Internet Breakout
Unravelling Managed SD-WAN Services
Firewall Zones Enable Secure Segmentation of Apps and Users over LANs/VLANs, WANs and TVCs
11
SD-WAN Service Network Security SD-WAN Edge Firewall
At a minimum, an SD-WAN Edge must have a firewall if it connects to an Internet WAN
For IP address and port address translation (NAT/PA T) and address/port blocking
Some SD-WAN Edges now support Zone-based Firewalls (ZFW)
ZFWs use Policies to restrict traffic to/from diffe rent LAN (ports/VLANs), UCSs (WANs) and TVCs
ZFWs ensures potential threats are contained to a p articular zone and do not affect other zones
Mitigates Spoofing of IP Addresses from LAN zones
If one zone uses same IP address as another zone, SD-WAN Edge will detect spoofed IP address and block it
from traversing a different zone
Examples Zones where traffic is segregated to a unique LAN/VLAN, TVC or Local Internet Breakout
Guest Wi-Fi Network on LAN/VLAN Local Internet Breakout
Extranet / Partner TVC Engineering VLAN
POS Terminals on LAN/VLAN Data Center TVC and Printer on LAN/VLAN
Intranet LAN/VLAN Intranet TVC and Local Internet Breakout
Unravelling Managed SD-WAN Services
Firewall Zones Enable Secure Segmentation of Apps and Users over LANs/VLANs, WANs and TVCs
11
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
SD-WAN Service Information Security Secure Connectivity to Cloud Security Services
Cloud Security Service ideal for InfoSec scanner functions
Anti-Malware, Anti-Spam, Anti-Phishing, Vulnerabili ty Scanning (for PCI DSS compliance)
Many Enterprises are migrating to Cloud Security for InfoSec
More optimal location to perform information scanni ng
Quarantine InfoSec threats before reaching site sav es Internet access bandwidth and eliminate threat p ropagation
SD-WAN Edges should provide encrypted IPsec tunnel to Cloud Security Providers
To ensure no threat injection between Subscriber si te and Cloud Security Service Provider
IPsec Tunnel over
Internet WAN
Cloud Security Services for Information Scanning Security Functions
Cloud Security
Service Provider
Internet site or
SaaS Provider
Anti-
Malware
SD-WAN
Edge
Local Internet
Breakout
TVC over WAN
to other sites
Unravelling Managed SD-WAN Services
12
SD-WAN Service Information Security Secure Connectivity to Cloud Security Services
Cloud Security Service ideal for InfoSec scanner functions
Anti-Malware, Anti-Spam, Anti-Phishing, Vulnerabili ty Scanning (for PCI DSS compliance)
Many Enterprises are migrating to Cloud Security for InfoSec
More optimal location to perform information scanni ng
Quarantine InfoSec threats before reaching site sav es Internet access bandwidth and eliminate threat p ropagation
SD-WAN Edges should provide encrypted IPsec tunnel to Cloud Security Providers
To ensure no threat injection between Subscriber si te and Cloud Security Service Provider
IPsec Tunnel over
Internet WAN
Cloud Security Services for Information Scanning Security Functions
Cloud Security
Service Provider
Internet site or
SaaS Provider
Anti-
Malware
SD-WAN
Edge
Local Internet
Breakout
TVC over WAN
to other sites
Unravelling Managed SD-WAN Services
12
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
SD-WAN Service : Centralized Service Management
All SD-WAN Services must be centrally managed
Ensures consistency in policies and configuration ch anges
Service may be Fully-Managed or Co-Managed
Fully-Managed
Service Provider manages all aspects of the service
Subscriber can view network health and other metric s
Typically used by organizations with limited IT sup port staff
Co-Managed
SP manages many aspects of service but enables Subscriber to make service changes
Create new QoS and Security Policies for different App lications
Create custom application classification criterion
Typically used by organization with larger IT suppo rt staff
Unravelling Managed SD-WAN Services
13
SD-WAN Service : Centralized Service Management
All SD-WAN Services must be centrally managed
Ensures consistency in policies and configuration ch anges
Service may be Fully-Managed or Co-Managed
Fully-Managed
Service Provider manages all aspects of the service
Subscriber can view network health and other metric s
Typically used by organizations with limited IT sup port staff
Co-Managed
SP manages many aspects of service but enables Subscriber to make service changes
Create new QoS and Security Policies for different App lications
Create custom application classification criterion
Typically used by organization with larger IT suppo rt staff
Unravelling Managed SD-WAN Services
13
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
Unravelling SD-WAN Services Key Takeaways
Not all SD-WAN Services are created equal
MEF 3.0 SD-WAN service definition standard is establishin g the baseline
SD-WAN Services are uniquely different than legacy WAN services
Application-aware, Policy-driven, Highly Resilient
When evaluating SD-WAN Services, carefully review baseline capabilities
OTT, App Classification, Security, Policies, Multi-WAN, WA N bonding, etc.
Unravelling Managed SD-WAN Services
14
Unravelling SD-WAN Services Key Takeaways
Not all SD-WAN Services are created equal
MEF 3.0 SD-WAN service definition standard is establishin g the baseline
SD-WAN Services are uniquely different than legacy WAN services
Application-aware, Policy-driven, Highly Resilient
When evaluating SD-WAN Services, carefully review baseline capabilities
OTT, App Classification, Security, Policies, Multi-WAN, WA N bonding, etc.
Unravelling Managed SD-WAN Services
14
Fujitsu Proprietary and Confidential All Rights Reserv ed, ©2019 Fujitsu Network Communications
Ralph Santitoro Head of SDN/NFV/SD-WAN Services, Fujitsu |
[email protected]
Distinguished Fellow and Director, MEF Forum |
[email protected]
February 20, 2019 SD-WAN Webinar Series:
Unravelling Managed SD-WAN Services
Ralph Santitoro Head of SDN/NFV/SD-WAN Services, Fujitsu |
[email protected]
Distinguished Fellow and Director, MEF Forum |
[email protected]
February 20, 2019 SD-WAN Webinar Series:
Unravelling Managed SD-WAN Services
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 270
- Slides 15
- Favorites 2
- Age 2475 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views