5G, SASE, AI, Big Data Technologies

[PlAwAnSaI]

MPLS L3VPN Inter-AS Option A, B, and C
www.bloggang.com/viewblog.php?id=likecisco&date=29-12-2016&group=12&gblog=2

MPLS-TE: เปรียบเทียบ SPF (OSPF/ISIS) กับ CSPF (OSPF-TE/ISIS-TE)
www.bloggang.com/viewblog.php?id=likecisco&date=28-06-2017&group=12&gblog=3

IP Networks for the cloud, 5G and IoT era:

IP Network Requirements:

• Multiples - Capacity and fan-in
• Superior - Capability and agility
• Fraction - OpEx and complexity

Networks of the future must be:

• Bigger, faster & more efficient
• Safer
• More adaptable

Connecting the Internet of Things - New opportunities, and threats:

• No perimeter:
  • Large attack surface
  • Countless sources
• Malicious user traffic:
  • Hackers and cyber criminals
  • Terrorists and anarchists
• Many vulnerabilities:
  • Hijacked cloud servers, IoT devices
  • Essential services (DNS, AAA, NFV)
• Distributed DoS attacks:
  • Causing widespread outages
  • Increasing frequency and volume
  Denial of service = no service! Service availability is gated by network security

Unmitigated DDoS attacks can cause massive outages within hours - Time is of the essence to detect and stop them

Major DDOS attack on Dyn disrupts AWS, Twitter, Spotify and more - 21 Oct. 2016 by Sebastian

Cloud and IoT are fueling major DDoS attacks - Security is an ongoing and evolving threat:

• Increasing scale and complexity:
  • Higher internet upload speeds
  • More connected IoT devices
  • Many vulnerabilities. DDoS as a service
• Increasing attack frequency:
  • 100G+ attacks are a daily occurrence
  • Bi-weekly attacks in 300 - 600G range
  • Multiple attackers (Mirai, Kaiten, XOR, Spike, ...)

Mirai: The first open-source IoT botnet:

• Sep 2016:
  • 600G attack on security expert Brian Kreb's website
  • 1.1T attack on OVH, a French web hosting company
• Oct:
  • Mirai source code is released in public domain
  • 1T+ flooding attack on DynDNS
• Nov:
  • Attack on DT, disabling 900,000 home routers

Terabit DDoS attacks will soon be the norm. Is your network prepared for this?DDoS mitigation Present Mode - The network is part of the problem:

• IP routers backhaul DDoS traffic to scrubbing center
• Network appliances detect and filter DDoS traffic
• High cost, partial protection and poor scalability

Escalating cost of backhaul capacity and scrubbing appliances to mitigate DDoS attacksDDoS mitigation Future Mode - The network is part of the solution:

• Cloud-based DDoS detection and analysis
• Filtering volumetric DDoS traffic at the IP edge
• Network-wide protection with superior scalability

Scalable, distributed solution to mitigate volumetric Distributed Denial-of-Service attacksDetecting and mitigating DDoS attacks - Packet inspection and signature detectionDos flows can be detected by inspecting the IP packet payload for tell-tale signature patterns:

• Conventional IP routers are incapable to look beyond the "5 tuple" IP packet header field
• DPI appliances can look deeper into the packet, but their forwarding capacity is very limited

How to mitigate DDoS flooding attacks containing 100,000 of flows?Denial of Service attacks: Top 10 threats:

• UDP amplification-based attacks using "reflection"
• DNS/NTP reflector attacks:
  • Abuse DNS/NTP protocol aspects to generate a large payload from small requests
  • Use IoT bot-nets to amplify the attack (nature of DDoS)
  • Hard to detect and mitigate. Must be surgically blocked

Insight driven automation - Growing list of use cases:

• Automated IP Network Security:
  • Multiple tier 1 SPs - DDoS Attack Mitigation
• Service automation with dynamic assurance:
  • Multiple tier 1 SPs - Dynamic IP/MPLS services
  • Multiple tier 1 SPs - On-demand IP/MPLS services
• Multi-dimensional flow steering:
  • Global webscale company - Peering/CDN optimization
  • EMEA content provider - High quality experience
  • APAC tier 1 ISP - High quality OTT experience

5G Addressing Diversified Network Requirements:

• Extreme Mobile Broadband:
  • Devices 1.5GB/day
  • Mobility on Demand
  • >10 Gbps peak data rates
  • 10,000 x more traffic
  • 100 Mbps whenever needed
  • Capacity on Demand
• Critical machine communication:
  • Smart factories 1 PB/day
  • Autonomous driving 1ms latency

 

[PlAwAnSaI]

Transformation to 5G network:
[*]Build in 5G capabilities into existing IP Transport Network:

• mmWave/vRAN
• Fronthaul
• Segment Routing

[*]Evolve traditional packet core to virtual (or hybrid) solution:

• CUPS
• Distributed Functions
• Edge Compute

[*]Automate and Simplify:

• NSO
• WAE
• Ultra-Automate
• Analytics and Telemetry

[*]Secure:

• Devices
• Network
• Cloud

[/list]

Segment Routing Migration Strategies and Case Studies:

Current Deployment Landscape:

Current State of SP Network Deployments:
[*]Decades of Technical Evolution and Deployment[*]Vast Array of Technologies in Core, Edge, Access and Data Centers[*]Huge CapEx Investment. Cannot be simply uprooted[*]Complex, multigenerational Networks[/list]Evolution of Technical Architectures and Protocols - over last few decades:[*]Native L2:

• Low Cost, Plug & Play
• IRB creates L3 overlay network to support TDM
• STP/PVST/RPVST -> G.8032, REP, MC-LAG

[*]IP/MPLS - to Access/Aggregation:

• Unify services (TDM, Ethernet)
• Common MPLS (access, aggregation, Core)
• Remote LFA, Auto IP Ring

[*]Unified MPLS - for Scale:

• Operational Simplicity Model
• Remove majority of protocols on access/aggr devices
  

[*]karneliuk.com/2016/01/ccie-what-you-need-to-know-about-study-process

[*]www.flowtable.net/remote-lfa-2

[*]Virtual Extensible LAN (VxLAN):
www.facebook.com/virintr/posts/1075382535938948

[*]Building DataCenter Networks with VXLAN BGP-EVPN
clnv.s3.amazonaws.com/2017/usa/pdf/BRKDCN-3378.pdf

[*]MPLS + SDN + NFV World Congress Public Multi-Vendor Interoperability Test 2017:
www.eantc.de/showcases/mpls_sdn_2017/intro.html

[/list]Segment Routing:

[*]www.bloggang.com/viewblog.php?id=likecisco&date=19-11-2016&group=12&gblog=1

[*]www.facebook.com/groups/CCNAHunterGroup/permalink/1707585259544859

[*]blogs.cisco.com/sp/segment-routing-fundamental-to-make-your-network-sdn-ready

[*]LTRRST-2500 - Get your hands dirty - Segment Routing on IOS-XR and IOS-XE (2017 Berlin)
www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=94120

[*]www.ozguler.co/blog/why-should-i-do-segment-routing
[/list]

 

[PlAwAnSaI]

SASE - CATO:
[*]

• Current State and Network Challenges:
  www.youtube.com/watch?v=2pa8fdHzCLE
  
• Cato's Disruptive WAN Architecture - The Answer:
  www.youtube.com/watch?v=Eu04yh88p50
  
• Intelisys Whiteboard Session: Cato Networks:
  www.youtube.com/watch?v=E8IwqdDgvhk
  
• Cato Prospect Discovery:
  www.youtube.com/watch?v=NzQI3Y0SlD4
  
• s3-us-west-2.amazonaws.com/ab-media-prod-01/catonetworks-ab/2019/06/Cato-Cloud_Solution-Brief_NUM171.pdf
  
• partners.catonetworks.com/wp-content/documents/catonetworks/uploads/2019/07/Cato-Networks-Security-as-a-Service-002.pdf
  
• s3-us-west-2.amazonaws.com/ab-media-prod-01/catonetworks-ab/2019/06/Cato-Networks-Cheat-Sheet-2019.pdf
  
• Customer are using MPLS in order to: Connect their physical locations, avoiding sending latency/packet-loss sensitive applications over the unpredictable Internet.
  
• Why should a customer consider CATO cloud as an MPLS alternative:
  • Need to reduce MPLS costs and/or increase network capacity but without compromising on quality and availability.
  • Need a managed service that is agile, customer-centric, and tailored to the needs of the digital business.
  • Need to optimize and secure access to cloud data-centers and/or cloud applications.
    
• Natively-integrated, global connectivity for mobile, allowing optimized and secure access enterprise resources and to the Internet offering does CATO have for mobile workforce.
  
• Cato's SD-WAN is delivered as a cloud
  
  service with a private backbone for global connectivity, integrated security and with cloud and mobile access is Cato's SD-WAN different than other SD-WANs.
  
• Uses link profiling to identify and
  
  report on blackouts as well as brownouts (quality degradation) makes Cato's ILMM (Intelligent Last Mile Management) service unique.
  
• Cato built its own NGFW which is natively integrated into its service is NGFW used in Cato's security stack.
  
• It governs both North-South (Internet) and East-West (WAN) traffic, rather then just North-South is Cato's integrated NGFW unique compared to
  
  other gateway firewalls.
  
• The capabilities are included in Cato's security stack:
  • Intrusion Prevention System (IPS) as a Service
  • Known and zero-day malware prevention
  • Application aware access control for both WAN and Internet
    
• Natively-integrated TCP Proxy is wan optimization technology provided by CATO cloud to maximize file transfer speed.
  
• Cato Socket edge SD-WAN appliances do CATO customers use.
  
• Simply contact Cato's partner and adjust the subscription Cato's customers do when grow in users, traffic, or sites.
  
• CFO must reduce global MPLS wan connectivity costs. CATO can help with using last-mile Internet together with Cato Cloud.
  
• CIO need more bandwidth in MPLS-based network with the same budget. Using last-mile Internet together with Cato can help keep the same spend and increase capacity.
  
• Have 20 offices with Fortinet UTMs which are about to expire. Cato's FWaaS can easily replace all UTMs with security as a service, also transitioning from CAPEX to OPEX.
  
• Cato is the ONLY vendor that can address regional SD-WAN needs and also security, cloud access and mobile access needs - all in one cloud-service platform.
  
• Cato uses multiple SLA-backend backbone connections between all its PoPs, and proprietary routing software that always chooses the optimal path for each packet in real-time.
• For the last mile, Cato supports aggregation of multiple Internet links (fiber, DSL, cable, and LTE) to establish a highly available connection to Cato's Cloud. On middle-mile, provide a 5-9's SLA similar to MPLS providers.
  
• Cato has built a software-based, global network that has full control of the routing like MPLS networks, so it definitely can guarantee MPLS-like experience. The price difference is a result of Cato being a pure software-based solution.

 

[PlAwAnSaI]

Huawei 5G:

• 5G Motivation and Industry Progress: Introduction to 5G
  www.facebook.com/355860167826586/videos/904528570011024
• 5G is not equal 4G + 1G. 4G + 1G is just 10% of 5G. 5G + ABC (AI, Big data, & Cloud).
• One of the innovative services is VR. Ideal/ultimate experience Virtual Reality (VR) requires 9.4Gbps. Only 5G networks can support. 4G LTE can support just 100Mbps. Cannot share the same 5G network slice with Water, Gas, and Electricity meter.
• The maximum 5G E2E latency/design requirement is 1ms.
• 5G The Road to A Super Connected World:
  www.youtube.com/watch?v=gpZvE8rcfSU
• Internet of Vehicles (IoV) and Vehicle-to-everything (V2X) services belongs to ultra-Reliable Low Latency Communication (uRLLC) scenario.
• Under the 5G network supported 1 million connections per square kilometer.
• The challenges faced in the 5G era:
  • Explosive growth in Mobile BroadBand (MBB) data traffic.
  • Number of connected devices has increased dramatically.
  • Ultra-low latency is required for Vehicle-to-Vehicle (V2V) communication.
• Connect future “The world connected by 5G”:
  www.youtube.com/watch?v=xU5zPvP5oAo
• Introduction to Microsoft HoloLens and Holographic technology:
  www.youtube.com/watch?v=aYdB2xBNFek
• China turns to AI, robots in coronavirus control:
  www.youtube.com/watch?v=7YVzWgyMbl8
• Chinese cops use facial recognition smart glasses to identify suspects in crowds:
  www.youtube.com/watch?v=1MCLR5TD28w
• 5G driverless smart bus:
  www.youtube.com/watch?v=97jA9fGjHok
• 5G Tele-Operated Driving:
  www.youtube.com/watch?v=ZQPZ-_k_2Hg
• In 5G charging model, can charge customers based on Traffic Value, Speed Value, Latency Value, Connectivity Value and Time Value.
• In enhanced Mobile BroadBand (eMBB), the maximum download speed is 10Gbps.
• Network Slicing can be understood as a logical network that serves services for a specific requirement. 5G technology can enable and ensure differentiated network service requirements.
• For Frequency Range 1 (FR1), the maximum supported bandwidth of a NR cell is 100 MHz.
• The frequency range of 5G C-Band is 3.4~3.6GHz.
• The Key Technologies of 5G Core Network:
  • Service Based Architecture (SBA)
  • Cloud Native
  • Control and User Plane Separation (CUPS)
  • Slicing
• Driving force of Digital transformation are Revenue Decline/OPEX Increase, Changing customer expectation, and The Changing ICT Market.
• Key objective of 'Digitization' are Operational efficiency, Reliability, and Cost savings.
• Multi-access Edge Computing (MEC), formerly Mobile Edge Computing characteristics are Connectivity and Content Downward to Edge, and Computing Upward to Edge. 5G technology can enable ultra-low latency application such as autonomous car.
• How can carriers enable digital transformation in the 5G era?
  5G + 4G + Artificial intelligence, Internet of things, Cloud computing, big Data and Edge computing (AICDE) + Ecology + Industry application and solutions => 5G+X.
• uRLLC and massive Machine Type Communication (mMTC) scenarios enable Vertical industry and support to-Business (2B) market significantly.
• The digital economy refers to a broad range of economic activities that include using digitized information as the key factor of production, modern information networks as an important activity space, and the effective use of Information and Communication Technology (ICT) as an important driver of productivity growth and economic structural optimization.
• In the Robotic Restaurant, Robot serves dishes to customers.
• In the Global Industry Vision 2025 white paper, it said:
  All Things Sensing
  All Things Connected
  All Things Intelligent
  And the 100 billions projected number of global connections in 2025.
• Digitized = Operational Excellence, Digital = Rapid Business Innovation.
• Massive MIMO and 256QAM technologies are used to improve the throughput in 5G network.
• Decrease guard band by using F-OFDM, High-order QAM Modulation, and New channel coding are the techniques improving traffic efficiency.

AI & Big Data:

• Data is the oil of the Digital World.
• AI is very powerful and has many capabilities. Some of the capabilities include 'See', 'Hear', 'Act' and 'Think'.
• In the China AI Plan, Government focuses on Strategy, Plan and Policy while Enterprises focus on Product, Solution and Open AI Platform.
• The benefits of Government Big Data:
  • Efficient Government
  • Better public service
  • Enable digital economy
• In the China Government Big Data implementation, they ensure data are collected from all possible sources within government departments by Established Big Data Management Bureau and Enforced 5-Cross data collection requirements.

• ลักษณะของการทำงานแบบ Pair Programming:
  • เป็นการช่วยกันระดมความคิดของผู้เขียน Code
  • มีการร่วมกันตรวจสอบ Code ในขั้นตอนการเขียน
  • ใช้เวลามากกว่าปกติเนื่องจากใช้ทรัพยากรคนมากขึ้น
    .
• ช่องทางที่จะใช้งาน AI Pair Programmer:
  • หน้า Web โดยปกติของการใช้ Large Language Model เช่น ChatGPT, Bard
  • Integrated Development Environment (IDE)
    .
• Version Control ทำให้การทำงานร่วมกันระหว่าง Programmer ง่ายขึ้น และสามารถเก็บ Version ที่เสถียรของ Program ที่เราเขียนไว้และสามารถหยิบมาใช้งานได้ทุกเมื่อ
  
  
• GitHub Copilot เป็น Program ประเภท AI Pair Programmer
  
  
• งานที่ต้องการความรวดเร็วในการขึ้นชิ้นงานเหมาะกับการใช้ AI Pair Programmer เพราะ AI สามารถแนะนํา Code ที่เราต้องการใช้ได้
  
  
• การใช้ AI Pair Programmer สำหรับมือใหม่ควรทบทวน Code ที่ AI Pair Programmer เขียนมาให้เพื่อทําความเข้าใจ