virtual services router - hewlett packard · by leveraging standard it virtualization technology to...

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

HP Virtual Services Router Technical Overview Technical Design Presentation

HP Networking Global Technical Marketing Engineering, FlexBranch

September 27, 2013

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2

HP Virtual Services Router Technical Overview

Agenda

Value Proposition

Design Guidelines

Features

Configurations

Specifications


Value Proposition


Key routing trends in cloud era

Rising costs, complexity, and poor network/app performance

SaaS and Cloud apps Data Center off-load

Elasticity of Compute, Storage, & Apps

Growing Use of High Quality Low Cost Transport

DSL, 3G, 4G-LTE, Wideband

Virtualization at WAN Edge

Consolidation and cost containment


Key requirements in cloud era

Flexible, open • Multiple use cases for public cloud, multi-tenant, and Wan edge virtualization

• Interoperability with 3rd party equipment and virtual appliances on open standards

• Extensible application ready platform

Converged services

• Device consolidation (WAN router, Ethernet switch, firewall, VPN, WLAN, VoIP Gateway)

• Supported on Industry Standard Servers (ISS)

• Single pane of glass management

Performance, security,

and availability

• Secure, reliable access with multiple performance options

• Direct connectivity from WAN edge to public cloud

• Local survivability and network/system resiliency similar to hardware based routers


NFV – What is it? Definition from ETSI NFV Whitepaper

Network Functions Virtualization (NFV)

By leveraging standard IT virtualization technology to consolidate many network equipment types onto industry standard high volume servers, switches and storage, which could be

located in Data-Centers, Network Nodes and in the end user premises, NFV provides a model to meet the challenges around reducing CAPEX, improving manageability, increasing the time-

to-market and encourages a wider eco-system.

Network Functions Virtualization (NFV)

By leveraging standard IT virtualization technology to consolidate many network equipment types onto industry standard high volume servers, switches and storage, which could be located in Data-Centers, Network Nodes and in the end user premises, NFV provides a model to meet the

challenges around reducing CAPEX, improving manageability, increasing the time-to-market and encourages a wider eco-system.


Switching Elements NAT Gateways,

Routers

NFV: What is being virtualized?

HPN asset

HP CMS

Partners

Telco + IT functions

Mainly Telco

functions

Traffic Analysis DPI, QoE

Converged functions AAA servers, PCRF

SP Network Nodes BRAS, HLR, SBC,

MME, SGSN, RNC, SBC, eNodeB

Tunneling gateway IPsec, SSL

Service assurance Load Balancers, SLA monitoring, Testing

NGN signaling

IMS, VoIP, HSS

Application optimizations

CDN, cache, application accelerators

Security functions

Firewall, IDS, IPS, App security


Traditional WAN architecture cloud dilemma Problems with traditional WAN architectures and cloud hosted enterprise apps

Poor network performance Lack of control in the cloud No visibility in the cloud Security/compliance concerns

External cloud

External cloud

Enterprise data center

MPLS

Internet

Enterprise internet gateway

Enterprise VPN

Branch offices

IP VPN


Branch virtual routing – a logical progression

Router + stack of appliances Router w/virtualized

integrated services

Server with virtualized

router & services


Introducing HP Virtual Services Router (VSR) Series

• Deployment flexibility across branch, data center and cloud

• Agile services delivery for faster time to revenue

• Virtualized router for multi-tenant, hosted public clouds

• Extends enterprise routing policies to the cloud

Industry’s first carrier grade Network Function Virtualization (NFV) technology

ZERO dedicated appliances

1Compared with Cisco Nexus 1010 Virtual Services Appliance

80% OPEX

cost reduction

VSR based on Comware 7

10x faster

time to revenue


HP FlexNetwork router portfolio updates

FlexNetwork

FlexFabric FlexCampus FlexBranch

FlexManagement

HP HSR6800 Router Series

HP 8800 Router Series

HP HSR6600 Router Series

HP 6600 Router Series

HP MSR2000/3000/4000 Router Series

HP MSR93X Router Series

VSR1000 VSR1000


Agility

Allocate the VSR resource on demand dynamically

Dynamic resource allocation

Performance

Resource One Core Multi-core

10

0 M

bp

s

1

Gb

ps

Increase VM resource and upgrade license to improve performance.

Pay for performance

Virtualization


Ease of deployment

MPLS/Internet

VPC of Company A VPC of Company B

Company B Company A

Public Cloud

VSR


Design Guidelines


HP Virtual Services Router (VSR) highlights

Advanced software platform - Comware v7

Agility Ease of deployment

Branch network virtualization

Extend enterprise WAN to cloud

VM VM VM

Hypervisor

Server

VSR


HP VSR1000 Series - Virtual Services Router (VSR)

• Licensable, Comware 7 software product

• Runs on a VM created by the hypervisor installed on a COTS physical server.

• VSR provides the same functions and experience as the physical router.

ISO, OVA, and IPE formats

VMware vSphere, Linux KVM

Standard X86 server

Minimal Resource Requirement for VM: 1 vCPU, 1GB RAM, 8GB Disk, 2 vNICs

License based on: • The number of Virtual CPUs (1, 4, 8)

E1000, VMXNET3, VirtIO

VM VM VM

Hypervisor

Server

VSR


HP VSR1000

Different from physical routers, the VSR virtual router is a software-only router running on the virtual machine of a standard server

• Based on a license, the VSR virtual router provides the corresponding functions and performance to meet the network requirements of users

Item Description

Software package VSR1000 software (based on Comware v7)

Distribution in format of ISO, OVA, or IPE

Virtual platform VMware ESXi

Linux KVM

License Supports control based on the virtual CPU count


HP Virtual Services router applications

HP VSR1000 virtual router provides the following typical applications: • VPC - works as the gateway of the enterprise network in the cloud (VPC gateway)

• HP VSR1000 virtual router can be deployed on the database servers to provide the VPN and

security functions

• In this way, the cloud-side applications can be integrated into the enterprise network for

unified management, which secures the cloud-side applications and data of the enterprise

• vCPE - works as the network component of the devices in a branch of an enterprise • HP VSR1000 virtual router can be deployed on the server of an enterprise branch to provide

Ethernet access, security, firewall, and QoS functions for the branch users


Virtual platform - VMware vSphere vShpere is a virtual server platform

released by Vmware.

The latest version is 5.1 and its

core component is ESXi 5.1.0,which

can be installed and run in a server.

Normally, we also use the vSphere

to control it by remote connection.

VMware ESXi Server

VMware ESXi Server

VMware ESXi Server

VMware vCenter

VMware vSphere

Client

Installed on windows 2008/2012 Server

Installed on windows XP/7/8

vswitch vswitch vswitch

VSR VSR VSR


Virtual platform - Linux KVM

KVM(Kernel-based Machine) is a open

source virtual platform based on Linux.

From Linux2.6.20, it is integrated in most

versions (Centos,Fedora,Rhel,Suse,Ubuntu).

KVM needs the support of hardware (Intel

VT or AMD V).

Linux KVM

VM

Virtual Machine Manager

VNC Server

VNC Client

vswitch

VSR


Advanced software platform - Comware v7

Abundant features

Security

Open platform

Unified experience

High reliability

Flexible framework

HP HSR6600 series routers HP MSR series routers

Comware v7

HP HSR6800 routers

VM VM VM

Hypervisor

Server

VSR


High level architecture

HP Virtual Services Router

VSR

Management Plane

IMC/metering

Key management

Authentication

Telnet, SNMP, etc.

Data Plane

VPN tunneling

IPv4 forwarding

IPv6 forwarding

Control Plane

HA to backup VM

VAM Server

Network Signaling


HP VSR solution

Internet VPN

HQ/DC Branch

Customer A

MPLS VPN

Private Cloud

Mobile Worker

Branch

Customer B

SMB

VPC A VPC B

SSL VPN

VPN

VPN

VPN

VPN

VPN VPN

VPN

Networking management

VM VM VM VM VM VM VM VM


Public cloud

Hypervisor (vSwitch)

Fire

wal

l

WA

N O

pt

Web

cac

he

En

t A

pp

VS

R

VM Hypervisor

Fire

wal

l

WA

N O

pt

Web

cac

he

En

t A

pp

VS

R

VM Hypervisor

VSR VSR


Extend enterprise WAN to clouds

Unified network management

Consistent Network experience

Secure cloud access

Internet VPN

MPLS VPN

VPC A VPC B

VPN

VM VM VM VM VM VM VM VM

Public cloud

Hypervisor (vSwitch) VSR VSR

HQ/DC

Enterprise

Private Cloud

Branch Networking

management

Fire

wal

l

WA

N O

pt

Web

cac

he

En

t A

pp

VS

R

VM Hypervisor

VPN

Branch

VPN VPN


VSR in the branch (vCPE)

• Standard server-based CPE: Pre-installed hypervisor and provide a virtualization-ready platform

• Integrated VSR to provide network and security services, support migrating applications between

enterprise private cloud and public cloud

• Customer can create VMs to install local agents to accelerate cloud applications

• Customer can create VMs to install IT applications for the local branch office

Public Cloud

WAN Fire

wal

l

WA

N O

pt

Web

cac

he

En

t A

pp

VS

R

VM Hypervisor Private Cloud



When to deploy a software router

• Enterprise Locations with Ethernet WAN access

• Enterprise locations requiring local virtualized services

– POS, Survivable UC, WAN Acceleration, SBC, IPS, NGFW, Caching …

• Enterprises with many branches looking for significant OPEX reduction

• Communications Service Providers looking for competitive advantage offering incremental managing services to CPE clients

Time

Vo

lum

e

Metro Ethernet

E1/T1, Serial,

xDSL


Features


Virtual machine hardware requirements for VSR1001

Item Description

Processor One vCPU (main frequency≥ 2.0GHz)

Memory 1 GB

Hard disk One vHD, 8 GB

Network interface card Two virtual NICs at least. Up to 16 virtual NICs are supported

Minimum virtual machine hardware configuration requirements


Software configuration requirements

Before installing or configuring the VSR, please make sure following virtual platform and client are ready

Item Description

Virtual platform Install the virtual machine platform software. (VMware ESXi or Linux KVM platform, on the physical server)

virtual client Install the virtual machine client software. (VMware vSphere Client, on the local PC)


HP VSR product licenses

License Product Description

JG811AAE HP VSR1001 Comware 7 Virtual Services Router E-LTU



To use the software functions of the VSR1000 virtual router, you must install the license activation file on the device. The HP website generates the license activation file according to the serial number of a device and the license key in the software license purchased by users.


HP VSR1000 key features

Features Specification

IP Routing/Services Static Routing, RIP, OSPF, BGP, IS-IS, Multicast, Policy Based Routing (PBR), IPv4 & IPv6

DHCP, DNS, NTP

MPLS MPLS VPN

Security

VPN: IPSec VPN

Application Specific Packet Firewall (ASPF)

Access Control: ACL, AAA

Others: SSH, SSL, GRE, L2TP, NAT, URPF

QoS CAR, LR, GTS, FIFO, WFQ, CBQ, Tail-Drop, WRED

High Availability VRRP, BFD

Management CLI, SSH, Telnet, SNMP, IMC


Configurations


How to deploy

Branch

Remote Site

Deploy on the Virtual machine

of Datacenter and branch server

Uplink port

Create one or more virtual WAN ports

Connect to physical WAN with vSwitch

Downlink port

Create one or more virtual LAN ports

Connect to other VM or physical LAN

with vSwitch

Deployment location V

M

Hypervisor

VM

VS

R

vSwitch

LAN WAN

MPLS Internet

HQ

VPC / vCPE


Mapping VSR network interfaces to virtual NICs

• When the VSR starts up for the first time, it scans PCI devices to identify supported virtual NICs.

• After a virtual NIC is identified, the VSR initializes the virtual NIC, records its MAC address, and maps it to the corresponding slot according to the order the MAC address is identified.


Specifications


Version format

Used for upgrading from CLI

Only used for upgrading from VMWARE ESXi virtual platform by OVA template

Used for upgrading from VMWARE ESXi and Linux-KVM virtual platform


License registration and activation procedures

License activation file : •Registering the first time—Registers a license for a device that has never been activated. •Registering an upgrade license—Registers a license for add-on nodes, add-on features, or time extension.

Step 1: Find your device ID 1. Use the “display license device-id” command to obtain your Device ID for license registration. <HP>display license device-id SN: -------------------- Device ID: flash:/license/DeviceID.did

2. Download the Device ID file (DeviceID.did) to a local PC by a TFTP or FTP service.

Step 2 : Request an activation file with device ID and License key Step3 : Install the activation file


HP Virtual Services Router 1000 specifications


HP VSR1001 performance

Test conditions:

1. Test Hardware: HP DL360G8(E5-2690 @2.9GHz), 2*10GE(BCM57810)

2. IMIX Traffic (7 x 78 bytes, 4 x 512 bytes, 1 x 1400 bytes)

3. Packet Loss ≤ 0.01%

4. Fedora17-KVM (vNIC: virtIO)

160

140

120

100

80

60

40

20

0

IPv4 Forwarding

NAT

IPSec (AES256+SHA1)

IPSec (3DES+SHA1)

64 Bytes IMIX 1518 Bytes

Forwarding rate (Kpps)

2000

1800

1600

1400

1200

1000

800

600

400

200

0

IPv4 Forwarding

NAT

IPSec (AES256+SHA1)

IPSec (3DES+SHA1)

64 Bytes IMIX 1518 Bytes

Throughput(Mbps)


HP VSR vs HP MSR performance

Product IMIX Forwarding (kpps) IPsec (Mbps)

MSR900/920 70-100 5

MSR20-1X 160 8

MSR20 180 30

MSR30-1X 220 30

MSR30 360 60

MSR50 G2 1300 150

MSR50 800 150

VSR1001* 183 268

VSR1004* 227 588

VSR1008* 190 926

MSR930 300 150

MSR2000 1000 400

MSR3000 2000-5000 1900-3300

MSR4000 7500-12500 4000-8000

* Test configuration

DL360

VMware ESXi 5.1results

E1000 vNIC

AES256+SHA1

1400 bytes for IPsec


Summary


HP Virtual Services Router Technical Overview

Summary

Branch Deployments

• Easy/flexible deployment of new services

• Remote management

• Smaller footprint/power

• Lower total Opex

Cloud Deployments

• Consistent enterprise polices

• Secure burst capacity in public cloud

• Lower cloud application latency

• Lower total Opex


Thank you

virtual services router - hewlett packard · by leveraging standard it virtualization technology to...

Documents