Service Provider Technologies
  • MPLS L3VPN Inter-AS Option A, B, and C
    www.bloggang.com/viewblog.php?id=likecisco&date=29-12-2016&group=12&gblog=2

    MPLS-TE: เปรียบเทียบ SPF (OSPF/ISIS) กับ CSPF (OSPF-TE/ISIS-TE)
    www.bloggang.com/viewblog.php?id=likecisco&date=28-06-2017&group=12&gblog=3

    IP Networks for the cloud, 5G and IoT era:

    IP Network Requirements:
    • Multiples - Capacity and fan-in
    • Superior - Capability and agility
    • Fraction - OpEx and complexity

    Networks of the future must be:

    • Bigger, faster & more efficient
    • Safer
    • More adaptable
    image
    Connecting the Internet of Things - New opportunities, and threats:
    • No perimeter:
      • Large attack surface
      • Countless sources
    • Malicious user traffic:
      • Hackers and cyber criminals
      • Terrorists and anarchists
    • Many vulnerabilities:
      • Hijacked cloud servers, IoT devices
      • Essential services (DNS, AAA, NFV)
    • Distributed DoS attacks:
      • Causing widespread outages
      • Increasing frequency and volume

      Denial of service = no service! Service availability is gated by network security

    image
    Unmitigated DDoS attacks can cause massive outages within hours - Time is of the essence to detect and stop them

    Major DDOS attack on Dyn disrupts AWS, Twitter, Spotify and more - 21 Oct. 2016 by Sebastian
    image
    Cloud and IoT are fueling major DDoS attacks - Security is an ongoing and evolving threat:
    • Increasing scale and complexity:
      • Higher internet upload speeds
      • More connected IoT devices
      • Many vulnerabilities. DDoS as a service
    • Increasing attack frequency:
      • 100G+ attacks are a daily occurrence
      • Bi-weekly attacks in 300 - 600G range
      • Multiple attackers (Mirai, Kaiten, XOR, Spike, ...)

    Mirai: The first open-source IoT botnet:

    • Sep 2016:
      • 600G attack on security expert Brian Kreb's website
      • 1.1T attack on OVH, a French web hosting company
    • Oct:
      • Mirai source code is released in public domain
      • 1T+ flooding attack on DynDNS
    • Nov:
      • Attack on DT, disabling 900,000 home routers

    Terabit DDoS attacks will soon be the norm. Is your network prepared for this?

    DDoS mitigation Present Mode - The network is part of the problem:

    • IP routers backhaul DDoS traffic to scrubbing center
    • Network appliances detect and filter DDoS traffic
    • High cost, partial protection and poor scalability
    image

    Escalating cost of backhaul capacity and scrubbing appliances to mitigate DDoS attacks

    DDoS mitigation Future Mode - The network is part of the solution:

    • Cloud-based DDoS detection and analysis
    • Filtering volumetric DDoS traffic at the IP edge
    • Network-wide protection with superior scalability
    image

    Scalable, distributed solution to mitigate volumetric Distributed Denial-of-Service attacks

    Detecting and mitigating DDoS attacks - Packet inspection and signature detection:

    DDos flows can be detected by inspecting the IP packet payload for tell-tale signature patterns:

    • Conventional IP routers are incapable to look beyond the "5 tuple" IP packet header field
    • DPI appliances can look deeper into the packet, but their forwarding capacity is very limited
    image

    How to mitigate DDoS flooding attacks containing 100,000 of flows?

    Denial of Service attacks: Top 10 threats:

    • UDP amplification-based attacks using "reflection"
    • DNS/NTP reflector attacks:
      • Abuse DNS/NTP protocol aspects to generate a large payload from small requests
      • Use IoT bot-nets to amplify the attack (nature of DDoS)
      • Hard to detect and mitigate. Must be surgically blocked
    image
    Insight driven automation - Growing list of use cases:
    • Automated IP Network Security:
      • Multiple tier 1 SPs - DDoS Attack Mitigation
    • Service automation with dynamic assurance:
      • Multiple tier 1 SPs - Dynamic IP/MPLS services
      • Multiple tier 1 SPs - On-demand IP/MPLS services
    • Multi-dimensional flow steering:
      • Global webscale company - Peering/CDN optimization
      • EMEA content provider - High quality experience
      • APAC tier 1 ISP - High quality OTT experience

    5G Addressing Diversified Network Requirements:

    • Extreme Mobile Broadband:
      • Devices 1.5GB/day
      • Mobility on Demand
      • >10 Gbps peak data rates
      • 10,000 x more traffic
      • 100 Mbps whenever needed
      • Capacity on Demand
    • Critical machine communication:
      • Smart factories 1 PB/day
      • Autonomous driving 1ms latency
      • <1 ms radio latency
      • Coverage on Demand
      • Ultra reliability
    • Massive machine communication:
      • Billions of sensors connected
      • Connectivity on Demand
      • Security on Demand
      • 1 Million Connection/SqKm

    Key trends on the path to 5G - and their implications on transport networks:

    • New spectrum options, multi-connectivity and carrier aggregation - More transport capacity to support 10x rise in demand
    • Densification - Higher port density to accommodate macro/small cells
    • Evolution to Cloud RAN - New RAN architectures, use of ethernet for fronthaul
    • Proximity of content to users - Diverse topologies, Multi-connectivity to different networks
    • 5G/IoT coming but 2G/3G/4G not leaving - Support old and new, w/ scale & security for 1,000x devices
    • Customer experience is king - Adequate transport must be in place ahead of RAN

    The evolution of mobile transport to 5G:

    image
    1. 5G anyhaul
    2. Converged any-G transport 2G/3G/LTE with 5G
    3. Fixed-mobile convergence
    4. Multi-access edge computing (MEC) and radio cloud centers interconnectivity
    5. SDN control

    Universal need for mission-critical communication networks - Different Business Objectives and Challenges:

    • Energy and resources:
      • Power utilities
      • Oil, gas & mining
      • Smart grid
      • Monitoring & automation
    • Transportation:
      • Railways
      • Highways
      • Aviation
      • Passenger experience
      • Efficient operation
    • Public sector:
      • Government
      • Defense
      • Public safety
      • Multi-agency networks
      • Safety and Security
    • Large enterprises
      • Automotive
      • Finance & insurance
      • Healthcare
      • Digital banking
      • Telemedicine, telehealth
    image

    searchsdn.techtarget.com/tip/SDN-poised-to-play-major-role-in-5G-networks
    B-)
  • 3 Comments sorted by
  • Transformation to 5G network:
    1. Build in 5G capabilities into existing IP Transport Network:
      • mmWave/vRAN
      • Fronthaul
      • Segment Routing
    2. Evolve traditional packet core to virtual (or hybrid) solution:
      • CUPS
      • Distributed Functions
      • Edge Compute
    3. Automate and Simplify:
      • NSO
      • WAE
      • Ultra-Automate
      • Analytics and Telemetry
    4. Secure:
      • Devices
      • Network
      • Cloud

    image

    Segment Routing Migration Strategies and Case Studies:

    Current Deployment Landscape:

    Current State of SP Network Deployments:
    • Decades of Technical Evolution and Deployment
    • Vast Array of Technologies in Core, Edge, Access and Data Centers
    • Huge CapEx Investment. Cannot be simply uprooted
    • Complex, multigenerational Networks

    Evolution of Technical Architectures and Protocols - over last few decades:

    • Native L2:
      • Low Cost, Plug & Play
      • IRB creates L3 overlay network to support TDM
      • STP/PVST/RPVST -> G.8032, REP, MC-LAG
    • IP/MPLS - to Access/Aggregation:
      • Unify services (TDM, Ethernet)
      • Common MPLS (access, aggregation, Core)
      • Remote LFA, Auto IP Ring
    • Unified MPLS - for Scale:
      • Operational Simplicity Model
      • Remove majority of protocols on access/aggr devices

    • karneliuk.com/2016/01/ccie-what-you-need-to-know-about-study-process

    • www.flowtable.net/remote-lfa-2

    • Virtual Extensible LAN (VxLAN):
      www.facebook.com/virintr/posts/1075382535938948

    • Building DataCenter Networks with VXLAN BGP-EVPN
      clnv.s3.amazonaws.com/2017/usa/pdf/BRKDCN-3378.pdf

    • MPLS + SDN + NFV World Congress Public Multi-Vendor Interoperability Test 2017:
      www.eantc.de/showcases/mpls_sdn_2017/intro.html

    Segment Routing:

    • www.bloggang.com/viewblog.php?id=likecisco&date=19-11-2016&group=12&gblog=1

    • www.facebook.com/groups/CCNAHunterGroup/permalink/1707585259544859

    • blogs.cisco.com/sp/segment-routing-fundamental-to-make-your-network-sdn-ready

    • LTRRST-2500 - Get your hands dirty - Segment Routing on IOS-XR and IOS-XE (2017 Berlin)
      www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=94120

    • www.ozguler.co/blog/why-should-i-do-segment-routing
    B-)
  • SD-WAN:

    • SD-WAN ช่วยให้องค์กรใน America และ Europe ลดค่าเครือข่ายระหว่างสาขาสูงสุดถึง 400 เท่าจาก MPLS:
      www.techtalkthai.com/sd-wan-saves-wan-link-cost-for-upto-400-times-in-us-and-europe

    • รู้จักกับ SD-WAN:
      www.techtalkthai.com/techtalk-webinar-sd-wan-by-velocloud-video

    • แจก Free eBook เรื่อง Software-Defined WAN for Dummies:
      www.techtalkthai.com/software-defined-wan-for-dummies-ebook

    • 4 Feature ต้องมีใน SD-WAN:
      www.branchconnect.in.th/blog/what-is-sd-wan

    • SDN, SD-WAN, NFV, VNF รู้ยังตัวไหนปังสุด???:
      www.branchconnect.in.th/blog/compare-sdn-sd-wan-nfv-and-vnf

    • What is SDN & SD-WAN?:
      image
      www.sd-wan.in.th/post/whatissdnnsdwan

    • 7 เรื่องจริง SD-WAN Infographic:
      image
      www.sd-wan.in.th/post/7sinssdwan

    • How to reduce MPLS cost with SD-WAN

    • The VMware SD-WAN by VeloCloud architecture:
      image
      www.sd-wan.in.th/post/the-vmware-sd-wan-by-velocloud-architecture

    • SD-WAN Visibility & Control:
      image
      www.sd-wan.in.th/post/vmware-sd-wan-visibility-control

    • Network & SD-WAN overlay and how to config it on VMware SD-WAN:
      image
      www.sd-wan.in.th/post/network-sd-wan-overlay-and-how-to-config-it-on-vmware-sd-wan

    • SD-WAN Redundancy ตอนที่ 1 EDGE Redundancy options:
      image
      www.sd-wan.in.th/post/sd-wan-redundancy-part1-edge-redundancy-options

    • SD-WAN Redundancy ตอนที่ 2 Spoke/Branch HA Design options:
      image
      www.sd-wan.in.th/post/sd-wan-redundancy-part2-spoke-branch-ha-design-options

    • SD-WAN Redundancy ตอนที่ 3 Hub/DC HA Design options:
      image
      www.sd-wan.in.th/post/sd-wan-redundancy-hubdcdeployment
    B-)
  • CATO:

    • Current State and Network Challenges:
      www.youtube.com/watch?v=2pa8fdHzCLE

    • Cato's Disruptive WAN Architecture - The Answer:
      www.youtube.com/watch?v=Eu04yh88p50

    • Intelisys Whiteboard Session: Cato Networks:
      www.youtube.com/watch?v=E8IwqdDgvhk

    • Cato Prospect Discovery:
      www.youtube.com/watch?v=NzQI3Y0SlD4

    • s3-us-west-2.amazonaws.com/ab-media-prod-01/catonetworks-ab/2019/06/Cato-Cloud_Solution-Brief_NUM171.pdf

    • partners.catonetworks.com/wp-content/documents/catonetworks/uploads/2019/07/Cato-Networks-Security-as-a-Service-002.pdf

    • s3-us-west-2.amazonaws.com/ab-media-prod-01/catonetworks-ab/2019/06/Cato-Networks-Cheat-Sheet-2019.pdf

    • Customer are using MPLS in order to: Connect their physical locations, avoiding sending latency/packet-loss sensitive applications over the unpredictable Internet.

    • Why should a customer consider CATO cloud as an MPLS alternative:
      • Need to reduce MPLS costs and/or increase network capacity but without compromising on quality and availability.
      • Need a managed service that is agile, customer-centric, and tailored to the needs of the digital business.
      • Need to optimize and secure access to cloud data-centers and/or cloud applications.

    • Natively-integrated, global connectivity for mobile, allowing optimized and secure access enterprise resources and to the Internet offering does CATO have for mobile workforce.

    • Cato's SD-WAN is delivered as a cloud
      service with a private backbone for global connectivity, integrated security and with cloud and mobile access is Cato's SD-WAN different than other SD-WANs.

    • Uses link profiling to identify and
      report on blackouts as well as brownouts (quality degradation) makes Cato's ILMM (Intelligent Last Mile Management) service unique.

    • Cato built its own NGFW which is natively integrated into its service is NGFW used in Cato's security stack.

    • It governs both North-South (Internet) and East-West (WAN) traffic, rather then just North-South is Cato's integrated NGFW unique compared to
      other gateway firewalls.

    • The capabilities are included in Cato's security stack:
      • Intrusion Prevention System (IPS) as a Service
      • Known and zero-day malware prevention
      • Application aware access control for both WAN and Internet

    • Natively-integrated TCP Proxy is wan optimization technology provided by CATO cloud to maximize file transfer speed.

    • Cato Socket edge SD-WAN appliances do CATO customers use.

    • Simply contact Cato's partner and adjust the subscription Cato's customers do when grow in users, traffic, or sites.

    • CFO must reduce global MPLS wan connectivity costs. CATO can help with using last-mile Internet together with Cato Cloud.

    • CIO need more bandwidth in MPLS-based network with the same budget. Using last-mile Internet together with Cato can help keep the same spend and increase capacity.

    • Have 20 offices with Fortinet UTMs which are about to expire. Cato's FWaaS can easily replace all UTMs with security as a service, also transitioning from CAPEX to OPEX.

    • Cato is the ONLY vendor that can address regional SD-WAN needs and also security, cloud access and mobile access needs - all in one cloud-service platform.

    • Cato uses multiple SLA-backend backbone connections between all its PoPs, and proprietary routing software that always chooses the optimal path for each packet in real-time.

    • For the last mile, Cato supports aggregation of multiple Internet links (fiber, DSL, cable, and LTE) to establish a highly available connection to Cato's Cloud. On middle-mile, provide a 5-9's SLA similar to MPLS providers.

    • Cato has built a software-based, global network that has full control of the routing like MPLS networks, so it definitely can guarantee MPLS-like experience. The price difference is a result of Cato being a pure software-based solution.
    B-)