SD-WAN-培训材料PPT课件

黄孝国,SD-WAN,专业词汇,UnderlayNetworkThephysicaltransportnetworkOverlayNetworkVirtualNetworkabstractedfromthetransportnetwork(underlaynetwork)OverlaynetworksaretunneledoverUnderlaynetworksUsinganencapsulationprotocol,e.g.,VxLAN,NVGRE,IPSectunnel,etc.Overlay/UnderlayterminologyusedinDCNetworkingTerminologyusagemorerecentwithWAN(SD-WAN),为什么SD-WANSD-WAN技术方案案例,目录,1,为什么SD-WANSD-WAN技术方案案例,目录,1,企业网络及IT应用面临的问题,什么是SD-WAN,企业部署SD-WAN的驱动力是啥,过去的血泪史,VSAT：时延600ms,模式1,模式2,模式3,有问题,有变化,有需求,案例,企业IT成本支出情况,有问题,有变化,有需求,案例,分支机构网络维护复杂,有问题,有变化,有需求,案例,目前部分厂商已经提供了uCPE解决方案，在通用硬件上运行虚拟机或者容器，不同虚拟化单元上运行不同的网络服务，比如Firewall，UTM，NAT等构成ServiceChain，极大的便利了服务的快速部署，提高了可维护性给租户提供更多的选择空间，租户希望在保证基本的网络连接的基础上能够有更多控制盒选择权。E2E的操作和监控,SD-WAN-广域网组网日益复杂,复杂并缺乏灵活性：网络配置和策略MPLS成本高网络性能不稳定漫长的交付周期WAN的优化成本高广域网线路的可用性难题安全Mobility,cloud和IoTservices都要向分支机构开放，增加了安全隐患Downtime：关键应用需要实时在线敏捷性：传统WAN无法快速适应新需求,有问题,有变化,有需求,案例,Internet线路状况日益变好，价格降低,Source:WilliamNorton(DrP);Stanfordpingend-to-endreporting(PingER),有问题,有变化,有需求,案例,谁在驱动WAN改变？,有问题,有变化,有需求,案例,SD-WAN的需求-企业应用逐步上云,有问题,有变化,有需求,案例,公司广域网例子架构简单，网络清晰,PrivateWAN,DataCenter,RemoteandBranchOffice,RemoteandBranchOffice,RegionalHubandCampus,DisasterRecoverySite,ITOps,App.teams,2014,Internet,过去，网络仅仅是网络，只关注连通,有问题,有变化,有需求,案例,公司广域网例子架构复杂，网络复杂,PrivateWAN,DataCenter,RemoteandBranchOffice,RemoteandBranchOffice,RegionalHubandCampus,DisasterRecoverySite,2016+,Mobile,PublicInternet,CarrierNeutralFacilities,GlobalOps,IaaS,SaaS,现在，网络不久是连通，更关注面向应用,有问题,有变化,有需求,案例,总结：什么因素决定着企业需要采用SD-WAN,GlobalDataTechnologyresearchhasidentifiedsomekeydeterminantsthatearlyadoptersofSD-WANshaveusedtojustifyornotjustifytheuseofSD-WANwithintheirnetwork:,SD-WAN与MPLSWAN的区别点,SD-WAN与MPLSWAN的区别点,为什么SD-WANSD-WAN技术方案案例,目录,1,企业网络及IT应用面临的问题,什么是SD-WAN,企业部署SD-WAN的驱动力是啥,Software-DefinedWAN,“Bytheendof2019,30%ofenterpriseswilluseSD-WANproductsinalltheirbranches,upfromlessthan1%today.”,1Gartner,Jul2015“TechnologyOverviewforSD-WAN”,IsntSD-WANreallySDN?SDNisanarchitecture,whereasSD-WANisatechnologythatcanbepurchased.SD-WANisbuiltonthefoundationalconceptsofSDN.,Byyear-end2018,10%ofenterpriseswillhavereplacedtheirWANroutingwithSD-WAN-basedpathforwarding,up.,SDNCPEverificationbasedonX.509digitalcertificatestandard;securityVPNestablishmentamongdifferentsites;Ruleconfigurationforserviceaware,multiplelinks;Topology,monitoring,alarm,log,etc.,ZTE,huawei,Nokia,Cisco,SoftwareArchitectureofWANController,ZTE,huawei,Nokia,Cisco,SDNController安全设计,ZTE,huawei,Nokia,Cisco,接口安全机制,ThenorthboundinterfacesofthecontrollerincludeRESTCONFandNETCONF.TheRESTCONFinterfaceisbasedonHTTPS.TheNETCONFinterfaceprovidesusername/password-basedloginorcertificateauthenticationmodes.,Northboundinterfaces,Southboundinterfaces,ZTE,huawei,Nokia,Cisco,为什么SD-WANSD-WAN技术方案案例,目录,2,企业应用场景,企业应用价值,相关的应用,SD-WAN部署-客户价值,客户价值：,IXP和SD-WAN构建ISP广域网络,为什么SD-WANSD-WAN技术方案案例,目录,2,企业应用场景,企业应用价值,相关的应用,SD-WAN应用场景-网络功能虚拟化（VNF）,为什么SD-WANSD-WAN技术方案案例,目录,3,PGCIL案例需求,POWERGRIDintendsprovideManagedSoftwaredefinedWAN(SD-WAN)ServicestotheirEnterprisecustomersforbelowcases,PGCIL案例需求（控制器）,CentralizedControlSolution:Amulti-tenantedcentralcontrolsolutionforcontrolandoperationoftheentiresolution.Thebasecomponentshostedatcentralizedsiteshallconsistof:,PGCIL案例需求（网关）,SD-WANGatewayshallbecentrallyhostedatthePOWERGRIDCorewiththecapabilityto:a)InterconnectSD-WANdomainsintoMPLSIPVPNs.b)InterconnectmultipledisjointunderlayslikeInternetandMPLSunderlays.c)SD-WANGatewayisamulti-tenantdevice,itcansupportmultiplesimultaneouscustomerVPNs.d)SimultaneoussupportbyeachSD-WANGatewayto10Enterprises.e)SimultaneoussupportbyeachSD-WANGatewayto2000RemoteSD-WANCPEs.f)Capabilitytoscalehorizontallywithoutdisruptingtherunningservices.,PGCIL骨干网络信息,Tier-ICity,Internet,ISPPeering,CDNCaching,5x10G,Internet,ISPPeering,CDNCaching,Nx10G,Nx10G,4x10G,4x10G,4x10G,1x10G,1x10G,2x10G,2x10G,5x10G,5x10G,Nx10G,Nx10G,2x10G,1x10G,Tier-IICity,100G,100G,100G,100G,100G,100G,100G,100G,100G,100G,Mumbai,Chennai,Shillong,Delhi,Raipur,Durgapur,CoreRouters,EdgeRouters,InternetPeeringRouters,MENSwitch/Routers,AccessSwitch/Routers,100GLinks,N*10GLinks,我们的建议,Tier-ICity,POP#1,Mumbai,Chennai,Shillong,Delhi,Raipur,Durgapur,SD-WANGateway,SD-WANGateway,SD-WANCPE,SD-WANEDGESwitch,SD-WANEDGESwitch,POP#2,POP#3,POP#4,Tier-IICity,SD-WANCPE,SD-WANController,SD-WANController,SD-WANNMS,SD-WANNMS,DC(Delhi),DRC(Banglaore),SD-WANCPE,SD-WANCPE,我们的建议,某公司的SD-WANEANTC测试网络,中国联通的企业SD-WAN和云DC直接相关,DeployingSDNcontrollerforPErouter,fastconnectionachievedbetweenDCsTakingDC-GWasCE,ARofthenetworkasPE,L3VPNisbasedonTEandSLAguaranteedUsersareabletoaccessmulti-cloudplatform,SDN-basednetworkupgradingforIPA(AS9929)isunderway.ElasticDCIandNetworkonDemandservicesareduetolaunchat30citiesbytheendof2016.,中国联通的企业SD-WAN和云DC直接相关,中国移动的SD-WAN,中国移动的SD-WAN,NaaSisakillerserviceforSP,whichcouldprovideendtoendvirtualizednetworkforenterprisecustomer.Thevisualizednetworkindifferentscenarioscanbesummarizedasbelow:DataCenter:VPCandServiceChaininoneormultipleDCsa.VirtualPrivateCloud(VPC):Customsdefineandmanagetheircloudnetwork/compute/storagethemselvesinrealtime,mostlynetworkprovisionbasedSDN.ThenetworkprovisionincludesIPaddress/subnet/ACL/QOS/FWaaS/LBaaS/VPNaaS.b.ServiceChain:Customersdefinetheflowchainfortheirnorth-southoreast-westtrafficthemselves.Forexample,inpublicandprivatecloud,thechainnodesincludeNATFWLBVPNGW.Foreachcustomer,VPCandSCshouldsupporttobedefinedwithinoneormultipleDCs.SometimesaDCistraditionalDCandnotcontrolledbySDN.VPN:CustomersdefinetheirVPNsitesconnectivityandbandwidthonlinewhichacrossthecarriersIP/MPLSbackbonenetwork.AndtheVPNserviceshouldbeprovisionedinnearlyrealtime.ComparedwiththetraditionalVPNservice,FlexibleVPNreducesprovisioningtimegreatly.WANTrafficoptimization:Withthelargetrafficincreasesweanticipate,congestionmusthappeninsomenetworkelements.Withcurrentnetworkingtechnologies,eachnetworkdevicemustbeconfiguredtohandlemaximumtraffic,thoughitisunlikelyeverynetworkelementwillexperiencemaximumtrafficatthesametime.SDNscentralizedarchitecturemeansthatexcessnetworkcapacityisgenerallyunnecessary.Weexpecttoscheduletheentirenetworkbandwidthandimproveutilization.SDNcanevenguaranteeend-to-endQoSforsomeservices.,中国移动的SD-WAN,PillarsofSDNGoogle,B4WANInt