1. Network infrastructures: what’s new with Service Defined Network?
Yesterday, network was more complex, so more time and always more skills were required to configure and secure network connectivity.
Today, with a Service Define Network, it’s much simpler, your network can be automated, to free up IT time and reduce costs.
Service Defined Network scalability is very high. It’s a controllerless architecture and you need only few seconds to enable a new service. The network design is extremely simplified, there is no need to consider layer 2 connectivity (Spanning Tree, Ling Agg., etc) and layer 3 routing protocols, everything is simple, network nodes discovered themselves and their control plane makes all links actives and available for switching, routing traffic.
Once the network administrator has defined what network service to run, every node of the iFab is automatically provisioned and ready to switch traffic. It’s real network automation with seamless replacement of a network node, if eventually one fails, and simplified upgrades without service interruption.
Figure 1 – Service Defined Network: how does it work?
The network becomes a high performance secure and reliable infrastructure, thanks to:
- Universal Network Profile (UNP) – A set of rules based on devices, users and applications classification defining the security and network Quality of Service (QOS) to be enforced at the access port.
- Intelligent Fabric (iFab) – The network deployment is fully automated, each node discovers its neighbors, get its network links and management interfaces provisioned automatically, even the firmware is updated too when needed. It’s a real Zero Touch Provisioning, you don’t even have to connect via the console port or telnet anymore, other nodes, that are already a member of the Fabric, will be able to automatically update the firmware to the latest iFab release without the need to contact OmniVista, our network management system.
- Shortest Path Bridging for better connections and high scalability networking. It’s also very secure thanks to strong traffic isolation capabilities. With SPB all links of the fabric are available, the control plan, based on IS-IS, will dynamically determine the shortest path between a source and destination across the entire Fabric. SPB enables the dynamic creation of symmetrical path with end to end quality of service.
- Dynamic Routing and QoS (Quality of service), the front-line implementation of providing service guarantee for network, is natively provided by SPB. SPB allows up to 16 millions of services with up to 16 Fabric paths to be used. Each service or group of services could use one or more Fabric path or BVLAN as defined in the SPB standard. Path selection can be fully automated or control by the user for bandwidth increase, load balancing, and predictive redundancy.
- Virtualization and Security Services are the foundation of the Service Define Network. VMs are grouped into layer 2 and/or IP network domains by the hypervisor manager or orchestrator then, the Service Defined network will automatically create a virtual network or network service based on the MAC or IP @ of the VM or container. A set of rules defined in the UNP will be enforced at the access port. Then security policies will be applied to filter traffic between domains and VMs. The router function to the Service Defined Network nodes will be used to connect to 3rd party application firewall, proxy, load balancer and others security devices.
2. Better than Software Defined Access Network:
The Service Defined Network provides secure and automatic connection of a user, or object, to an authorized application. The Campus Network is a large Fabric, an access switch or WiFi Access Point identifies network connections and which applications are used, even for encrypted traffic, via a unique Deep Packet Inspection feature. The administrator can enforce a security policy to limit, deny or prioritize certain applications or services on the Fabric without the need to use a central application firewall or proxy.
Advanced DC Fabric management: In the Data Centre the top of rack switch performs virtual machines (VM) snooping: a switch port receives traffic from many VMs, by snooping traffic the switch will capture the VM name and use it to authenticate, classify and assign the VM or group of VMs to a network profile or service and provide visibility and statistics to the administrator.
Devices or VMs are authenticated and classified to be assigned to a network service or virtual network in order to provide a high level of security. A profile contains rules defining a role on the network for VMs, devices, users or applications. Rules can also use the context, where, when and how (which application) to apply a role to specific connection. It is key to enforce security policies and provision automatically the network service in order to guaranty the quality of experience.
All these elements provide an Autonomous and Intelligent Network Fabric based on SPB standards that simplify the design, configuration and security of your network infrastructure.
3. Get access to a unified dashboard to manage your entire network
Figure 2_ OmniVista 2500 NMS dashboard
The Service Define Network administration is simplified with a single management platform for the entire network. From access with WiFi and LAN unified management to core network and Data Centre Fabric with Unified Profile Access Manager (UPAM) to define policies and role globally for users, devices and VMs.
UPAM, a built-in server of OmniVista 2500 Network Management System, is your authentication server (RADIUS) and your network policies or profiles management system. With UPAM the administrator creates role-based access rules, network profiles, and security rules. With the open API, he can easily manage the integration with existing directory services, hypervisor and orchestrator management, security and cloud services.
Simplify the management of your DC Fabric Network.
The Virtual Machine Manager (VMM), another server module available in OmniVista 2500 NMS, is hypervisor agnostic, it helps for monitoring and tracking VMs and network usage. VMs are dynamics, they start and move across your IT infrastructures and the network Fabric must follow without disruption of connectivity service. VMM is the tool that IT managers will use to troubleshoot and monitor VMs location, network usage, performance with access to live and historical data.
As you can see, Service Defined Network has an important role in Digital Age Networking, in the next article about Digital Age Networking, I’ll speak about IoT, and how it is used to generate new outcome from millions of Internet of Things.