View
2
Download
0
Category
Preview:
Citation preview
DongChoon Lee
SE / Riverbed Korea
2020.06
SD-WAN:Simple, Powerful, Transformative
1© 2020 Riverbed Technology, Inc. All rights reserved.
제조건설/중공업/엔지니어링플랜트화학/에너지금융운송리테일게임서비스공사/공관
많은 기업들이 해외로 진출하여 비즈니스(영업/생산/서비스)
2© 2020 Riverbed Technology, Inc. All rights reserved.
브랜치는 비지니스를 만드는 곳… 하지만 비즈니스 성능은?
브랜치 사용자의 애플리케이션 성능은 곧 비즈니스 성능
3© 2020 Riverbed Technology, Inc. All rights reserved.
REAL TIME
MONITORING
CENTRALIZED
MANAGEMENTCOST SAVING
기업의 CIO IT Initiatives
4© 2020 Riverbed Technology, Inc. All rights reserved.
THE NEW IT LANDSCAPE
COMPLEX
INSECURE
UNPREDICTABLE
5© 2020 Riverbed Technology, Inc. All rights reserved.
IT관리자의 Challenges복잡한 지점 네트워킹
관리- 복잡한 하이브리드 환경
- 다양한 지점 네트워크 장비
- 관리 복잡성 및 비용 문제
6© 2020 Riverbed Technology, Inc. All rights reserved.
Networks
Local Branch
Applications
Cloud to Branch
Applications
DC to Branch
Applications
Source: ESG 2015. ROBO TRENDS SURVEY
Applications Data
Source: Riverbed Feb, 2015. DATA CENTER AND BRANCH OFFICE RESILIENCY
Data Center SaaS / IaaS
Branch
지사에서 사용하는 다양한
애플리케이션 형태
전통적인 전용회선(MPLS),
Hybrid WAN 및 WiFi 관리
원격에 있는 Data:
Security, Backup & Recovery
data resides outside the data center
50%
지사/지점 IT의 Challenges
7© 2020 Riverbed Technology, Inc. All rights reserved.
클라우드처럼 네트워크도 적은 비용으로
언제든 쉽게 구축하고 쉽게 관리할 수 있다면…..
8© 2020 Riverbed Technology, Inc. All rights reserved.
The WAN used to look like this
Now the WAN is looking more like…
MPLS-A
SaaS
Internet
Hybrid Applications
Hybrid WAN
MPLS-B or
Internet
.
... this.
“Network managers now find branch office network solutions
are increasingly complex and inflexible, as well as costly, to
deploy and manage.”
Gartner:
Market Overview for SD-WAN.December 1, 2015
Hybrid WAN increases management complexity.
9© 2020 Riverbed Technology, Inc. All rights reserved.
The future of the WAN is NOT …class-map match-any QOS-Control
match ip dscp cs3 af31
class-map match-any QOS-Video
match ip dscp af41
class-map match-any QOS-Red
match ip dscp cs2
class-map match-any QOS-Voice
match ip dscp cs5 ef
class-map match-any QOS-Routing
match ip dscp cs6 cs7
interface TenGigabitEthernet1/1
description DC1 to DC2 via MPLS 1
mtu 1600
ip address 172.16.1.1 255.255.255.252
ip pim query-interval 5
ip pim sparse-mode
ip route-cache flow
ip ospf message-digest-key 10 md5 7 12345abcde
ip ospf network point-to-point
ip ospf cost 10
ip ospf hello-interval 1
wrr-queue cos-map 2 2 3
wrr-queue cos-map 3 1 4
wrr-queue cos-map 3 2 5
priority-queue cos-map 1 6 7
mls qos trust dscp
policy-map qos_policy_155
class QOS-Routing
bandwidth percent 5
class QOS-Voice
bandwidth percent 30
class QOS-Control
bandwidth percent 10
class class-default
random-detect
router bgp 65536
no synchronization
bgp router-id 192.168.1.1
bgp cluster-id 2274532623
bgp log-neighbor-changes
timers bgp 2 8
neighbor MY-IBGP-PEER peer-group
neighbor MY-IBGP-PEER remote-as 65536
neighbor MY-IBGP-PEER update-source Loopback0
neighbor MY-IBGP-PEER next-hop-self
neighbor MY-IBGP-PEER send-community
neighbor MY-IBGP-PEER soft-reconfig inbound
neighbor 10.10.10.10 peer-group IBGP-PEER
neighbor 10.10.10.10 description DC2
maximum-paths 4
auto-summary
crypto ipsec df-bit clear
crypto gdoi group MYGROUP
identity number 12345
server address ipv4
192.168.1.6
!
!
crypto map GETVPN local-address
Loopback0
crypto map GETVPN 10 gdoi
description GetVPN crypto map
set group MYGROUP
match address GETVPN_LISTS
qos pre-classify
!
… a router.
10© 2020 Riverbed Technology, Inc. All rights reserved.
1996 2020
11© 2020 Riverbed Technology, Inc. All rights reserved.
Network Up
12© 2020 Riverbed Technology, Inc. All rights reserved.
NETWORK DOWN
13© 2020 Riverbed Technology, Inc. All rights reserved.
interface TenGigabitEthernet1/1
description DC1 to DC2 via MPLS 1
mtu 1600
ip address 172.16.1.1 255.255.255.252
ip pim query-interval 5
ip pim sparse-mode
ip route-cache flow
ip ospf message-digest-key 10 md5 7 12345abcde
ip ospf network point-to-point
ip ospf cost 10
ip ospf hello-interval 1
wrr-queue cos-map 2 2 3
wrr-queue cos-map 3 1 4
wrr-queue cos-map 3 2 5
class-map match-any QOS-Control
match ip dscp cs3 af31
class-map match-any QOS-Video
match ip dscp af41
class-map match-any QOS-Red
match ip dscp cs2
class-map match-any QOS-Voice
match ip dscp cs5 ef
class-map match-any QOS-Routing
match ip dscp cs6 cs7
interface TenGigabitEthernet1/1
description DC1 to DC2 via MPLS 1
mtu 1600
ip address 172.16.1.1 255.255.255.252
ip pim query-interval 5
ip pim sparse-mode
ip route-cache flow
ip ospf message-digest-key 10 md5 7 12345abcde
ip ospf network point-to-point
ip ospf cost 10
ip ospf hello-interval 1
queue cos-map 2 2 3
queue cos-map 3 1 4
queue cos-map 3 2 5
priority-queue cos-map 1 6 7
mls qos trust dscp
policy-map qos_policy_155
class QOS-Routing
bandwidth percent 5
class QOS-Voice
bandwidth percent 30
class QOS-Control
bandwidth percent 10
class class-default
random-detect
router bgp 65536
no synchronization
bgp router-id 192.168.1.1
bgp cluster-id 2274532623
bgp log-neighbor-changes
timers bgp 2 8
neighbor MY-IBGP-PEER peer-group
neighbor MY-IBGP-PEER remote-as 65536
neighbor MY-IBGP-PEER update-source Loopback0
neighbor MY-IBGP-PEER next-hop-self
neighbor MY-IBGP-PEER send-community
neighbor MY-IBGP-PEER soft-reconfig inbound
neighbor 10.10.10.10 peer-group IBGP-PEER
neighbor 10.10.10.10 description DC2
maximum-paths 4
auto-summary
crypto ipsec df-bit clear
crypto gdoi group MYGROUP
identity number 12345
server address ipv4 192.168.1.6
!
!
crypto map GETVPN local-address Loopback0
crypto map GETVPN 10 gdoi
description GetVPN crypto map
set group MYGROUP
match address GETVPN_LISTS
qos pre-classify
!
1996 2020
14© 2020 Riverbed Technology, Inc. All rights reserved.
SD-WAN 솔루션이 제공하는 서비스 및 혜택
50~80%
쉽고 빠른 구축비용 절감
제로 터치 프로비져닝 - 자동설치
센타 Controller에서 장비 설치전모든 지점 네트워크 관련 설정 및정책 설정
장비설치 - 전원 On, 인터넷연결
설치된 장비는 Controller로 부터설정값을 받아 즉시 동작
센타의 Controller를 통해 모든지점 네트워크 디바이스 관련설정 및 정책을 관리
게이트웨이 – VPN/FW
라우팅/QoS
L2 스위치
IP기반이 아닌 애플리케이션기반의 정책
40% TCO 절감
Subscription & Monthly Pricing
Quality-based Path Selection –
회선의 품질에 따른 애플리케이션기반의 라우팅 기능으로 WAN
회선 사용의 효율성 증대
손쉬운 통합관리
15© 2020 Riverbed Technology, Inc. All rights reserved.
The Power of Software - Defined Networking
Software-Defined WAN & Remote LAN
Unified Management & Business Intent-based Control
16© 2020 Riverbed Technology, Inc. All rights reserved.
Operational Efficiency
Operations Workload
사용자 & 지점 수
WAN 업무감소
LAN 업무 감소
17© 2020 Riverbed Technology, Inc. All rights reserved.
SD-WAN 도입 고객의 85%가 small and mid-size enterprises 고객
대형 enterprises 고객들의 고민사항
– Brownfield deployments need a migration strategy to de-risk.
– SD-WAN introduces new layers and components.
– Securing the network can’t be done with legacy methodologies.
– Internet Broadband may not meet enterprise SLAs for network reliability & app performance.
Enterprise 고객의 SD-WAN 고민
In order to cross the chasm into mainstream
adoption of SD-WAN across small to large
enterprises and organizations, we need to
address the challenges above.
18© 2020 Riverbed Technology, Inc. All rights reserved.
Use Case: Increase Capacity While Managing Cost1
Branch
Data Center
Branch
MPLS
Internet
$
Keep in mind…
1. The objective with Internet Broadband
isn’t always reducing circuit cost. But
it is always about increasing capacity.
2. MPLS will be around for a long time &
WAN OP is the best (ONLY!) answer
for capacity.
19© 2020 Riverbed Technology, Inc. All rights reserved.
Increase capacity without compromise
MPLS: More Expensive (-), Lower Capacity (-), High Quality (+)
Internet Broadband: Less Expensive (+), Higher Capacity (+), Lower Quality (-) Internet Broadband can cost-
effectively increase capacity.
But it may not deliver the quality, reliability or performance needed to meet SLAs.
Techniques like packet duplication & forward-error correction improve quality and/or reliability, but they eat away at the gains in available capacity.
What if you could dynamically and selectively enable these techniques only when needed?
Data
Packets
Data
Packets
Duplicate
Packets
FEC
FEC
20© 2020 Riverbed Technology, Inc. All rights reserved.
Use Case: Infrastructure Agility
SD-WAN
Controller
Branch
Data Center
CloudBROADBAND
MPLS
Policy-Based Path SteeringApps, Users, Sites.
Zero-Touch ProvisioningNo truck roll.
Branch Branch
BranchBranch
2
21© 2020 Riverbed Technology, Inc. All rights reserved.
Use Case: Backhaul and/or Direct Internet Access3
Branch
Data Center
Performance AND Security
… no compromise.
SaaS & Cloud
Direct Internet Access -
• Distributed Security
• Unpredictable Performance
Leverage Branch Security
Leverage App Acceleration
Backhaul -
• Centralized Security
• High Latency
Leverage WAN Optimization
Leverage App Acceleration
22© 2020 Riverbed Technology, Inc. All rights reserved.
Direct Branch-to-Internet Breakout Backhaul Through Data Center / Hub
Backhauling vs. Direct Branch-to-Internet Breakouts
Eliminate trade-offs between performance & security
Security Good
Centralized protections +
Performance Bad
Increased latency (“tromboning”) -
Centralized bottleneck -
Performance Good
Less latency +
No centralized bottleneck +
Security Bad
Wide threat perimeter -
App Acceleration
SaaS Acceleration
Cloud Acceleration
Branch Security Services
Advanced Native Security
3rd Party Service Chaining
23© 2020 Riverbed Technology, Inc. All rights reserved.
Use Case: Adopting SD-WAN4
24© 2020 Riverbed Technology, Inc. All rights reserved.
Use Case: Adopting SD-WAN4
SD-WAN Legacy
Phased roll-outs. What to know…
a. It’s the common case (always!)
b. It’s fraught with challenges
An enterprise-class SD-WAN solution must
have BOTH…
a. SD-WAN
b. Enterprise-grade Routing (differentiator!)
And…
Scales to 1,000s of sites.
Full-mesh. Hub-n-spoke. Multi-mesh.
VRF
Multicast
IPv6
25© 2020 Riverbed Technology, Inc. All rights reserved.
The Modern Digital Landscape
Users & Devices Applications & Data
26© 2020 Riverbed Technology, Inc. All rights reserved.
The Modern Digital Landscape
Users & Devices Applications & Data
Internet
MPLS
Cloud
Data CenterBranch
27© 2020 Riverbed Technology, Inc. All rights reserved.
Three Fundamental Trade-Offs
Reduce
Costs
Unpredictable
Performance
Internet Broadband
& LTE
Good
Experience
Less
SecureDirect
Branch-to-Internet
Hybrid
Apps & IT
Untenable to
Manage
Hybrid WAN &
Internet-Only WAN
28© 2020 Riverbed Technology, Inc. All rights reserved.
Hybrid
Apps & IT
Untenable to
Manage
Hybrid WAN &
Internet-Only WAN
Three Fundamental Trade-Offs
+Hybrid Apps / IT
Agile NetworkingSD-WAN
Reduce
Costs
Unpredictable
Performance
Internet Broadband
& LTE
Good
Experience
Less
SecureDirect
Branch-to-Internet
29© 2020 Riverbed Technology, Inc. All rights reserved.
Reduce
Costs
Unpredictable
Performance
Internet Broadband
& LTE
Good
Experience
Less
SecureDirect
Branch-to-Internet
Three Fundamental Trade-Offs
+Hybrid Apps / IT
Agile NetworkingSD-WAN
+Cost Effective
FastAcceleration
30© 2020 Riverbed Technology, Inc. All rights reserved.
Good
Experience
Less
SecureDirect
Branch-to-Internet
Three Fundamental Trade-Offs
+Hybrid Apps / IT
Agile NetworkingSD-WAN
+Cost Effective
FastAcceleration
Best Experience
SecureSecurity
+
Maximize Agility, Performance & Security… without compromise.
31© 2020 Riverbed Technology, Inc. All rights reserved.
Moving
to Cloud
SaaS Performance &
Employee Productivity
Network
Visibility
SD-WAN & WAN
Edge Infrastructure
Riverbed Digital Networking
Any App ∙ Any Network ∙ Anywhere
Agil i ty ∙ Performance ∙ Securi ty
32© 2020 Riverbed Technology, Inc. All rights reserved.
Functional Components
향후 Riverbed SteelConnect EX Series 지원방향
Multi-Function VNF Service Fabric
App & Cloud
Acceleration
Bandwidth
Optimization
Acceleration
Branch Data Center Cloud
SteelConnect EX AppliancesPhysical & Virtual Appliances
Physical Virtual
Enterprise
Routing
Dynamic Path
Control
SD-WAN
Next-Gen
Firewall
IPS /
IDS
Security
SteelConnect
Director
SteelConnect
Analytics
Policy-based
Centralized
Management
Big Data
Platform for
Network &
Security
33© 2020 Riverbed Technology, Inc. All rights reserved.
The Full Stack for Enterprise SD-WAN향후 Riverbed SteelConnect EX Series 지원방향
Orchestration &Management
Optimization &App Acceleration
Network Security
SD-WAN
Core NetworkServices
Orchestration & Management
Templates NETCONF & API Air GappedVisibility
Optimization & App Acceleration
TCP / UDP SSL / HTTPS
Deduplication
MobileSaaS / IaaS
File / Email VideoCompression
Advanced Security
NG-FW DDoS Prevention
URL Filtering
SSL ProxyIPS-IDS
Anti-Virus User Auth.Malware Protection
SD-WAN Key Capabilities
Application SLA
IPSEC/VxLAN overlay
FECZTP
Packet Racing Flow/Packet LB LTE modem
WiFi
Core Network Services
Dual Stack IPv4/IPv6
Enterprise Routing Multicast
Segmentation
VRRP
MP-BGP
Enterprise QoS
PPPoE
34© 2020 Riverbed Technology, Inc. All rights reserved.
회선
최적화
신속한지사 네트워크
구축 및장애복구
해외지사
업무속도 향상(On-Premise,
AWS/Azure,
SaaS(O365))
지사
네트워크
TCO
절감
센터에서
전 지사
네트워크
통합관리
고객의 Benefits
Riverbed 애플리케이션 성능 관리 솔루션
지점 사용자 IT 팀Riverbed SDWAN
35© 2020 Riverbed Technology, Inc. All rights reserved.
Thank You
Recommended