Virtualization

Definition 2- Hosted hypervisors (Full-virtualization)

➔ Run in standard OS environment and are the best choice to run VMs
Virtualization is the use of a single physical machine’s hardware to run on desktop because you can use them like any other application.
multiple virtual machines within it. (Exp: VMware Workstation, VirtualBox…)
Key points: Bare-Metal hypervisor Hosted hypervisor
▪ The use of the system’s hardware • Optimized and virtualization • Installs and runs as an app.
▪ Allocate CPU/RAM/Storage... to the VM centric Kernel. • Relies on host OS for device
▪ Cannot exceed the CPU/RAM/Storage that are • More stable: minor overhead. support and physical
available on the physical hardware. • Suitable for server resources management.
installations (OS is not
Benefits /Advantages required)
• Better use of the hardware resources.  Provides virtualization without
 Allocate maximum of physical
• Power saving/reduced footprint(space)[sustainability] resources to VMs modifying guest OS.
• Recovery or Backups (VMs can be saved as files)  Runs directly on the hardware  Expensive in performance, it’s
• Flexibility (VMs can be moved (from Data Center to another) of the host. not memory-efficient.
[Manageability]  Dedicated only to be a  Weak in reliability and security
• Researching OS & other Software (Sandbox) hypervisor. (they inherit the vulnerabilities
• Isolation of VMs and apps (security)  Device drivers’ inflexibility: of the user-controlled host OS)
cannot dynamically load device  VMs affected by the update
History drivers.) process of the host (ex:
Rebooting).
• The term virtualization was coined in the 19060s in IBM
laboratories. Containerization
• The IBM M44/44X was the first experimental computer system
capable of simulating multiple VMs. Containerization is a lightweight alternative to virtualization. This
involves encapsulating an application in a container with its own
Hypervisor or VMM (Virtual Machine Monitor) operating environment. Thus, instead of installing an OS for each virtual
Is a software layer between the host machine (physical) and the guest machine, containers use the host OS.
machine (OS on the VM). It’s the control system between VMs and the ➔ Enables you to deploy multiple applications using the same OS on a
hardware. There are 2 types of hypervisors: single VM or server.
➔ The container shares the kernel of the host OS with other containers
1- Bare Metal hypervisors (Para-virtualization)
and this shared part is read-only so no more dedicating one server to
➔ Runs directly on the host’s hardware and control available resources
a single operation. (Same OS: instead of installing an OS for each VM,
and manage guest operating systems. (BMH: micro-OS that enable
virtualization on the computers (classic implementation of containers use the host OS).
virtualization in enterprise infrastructure) (Exp: Citrix, XenServer &
VMware ESX).
 Virtualization Containerization

Isolation Complete isolation from lightweight isolation from

Virtualization’s types of application:
the host operating system the host and other  Desktop Virtualization
and the other VMs. containers, but doesn’t
provide as strong a Allows multiple virtual machines to run cloud-based desktops on the
security boundary as a VM same physical or virtual server. Users view and interact with their
OS Runs a complete operating Runs the user-mode desktops over a network by using a remote display protocol.RDP (Remote
system including the portion of an operating Desktop Protocol) for Microsoft, ICA (Independent Computing
kernel, requiring more system, and can be Architecture) for Citrix, PCoIP (PC over IP) for VMware, Browser access.
system resources such as tailored to contain just the
CPU, memory, and needed services for your  Server Virtualization
storage. app using fewer system
resources. Creates a virtual server in place of the physical one, allowing for
Guest Runs just about any Runs on the same management of the server through the cloud. vSphere (VMware),
Compatibility operating system inside operating system version XenServer (Citrix) and Hyper-V (Microsoft), etc.
the virtual machine. as the host.
 Software/Application Virtualization
Deployment Deploy individual VMs by Deploy individual
using Hypervisor software. containers by using Creates a virtual instance of the applications needed for core business
Docker or deploy multiple operations, which keeps app software off of local operating systems.
containers by using an (Remote & streaming) (Pros: Reduces testing costs, Reduces application
orchestrator such as packaging times…) (Exp: Microsoft App-V, Citrix XenApp)
Kubernetes.
Storage Use a Virtual Hard Disk Use local disks for local  Storage Virtualization
(VHD) for local storage for storage for a single node or
a single VM or a Server SMB for storage shared by Basically combines/pools the storage that is available in various devices
Message Block (SMB) file multiple nodes or servers. and keeps it as single storage. It helps businesses store data securely
share for storage shared and also has backup and data recovery features. Dropbox. Google Drive,
by multiple servers. etc., are examples of cloud storage services.
Load- Virtual machine load An orchestrator can
Balancing balancing is done by automatically start or stop  Network Virtualization
running VMs in other containers on cluster Uses physical and virtual components to create a hybrid network,
servers in a failover nodes to manage changes allowing the administration of the network through software switches.
cluster. in load and availability.
(Pros: Improve network efficiency/Increase flexibility, Reduce capital and
Networking Uses virtual network Uses an isolated view of a
operational costs. Maintain high standards of security, scalability…)
adapters. virtual network adapter.
This, provides a little less Virtualization challenges
virtualization.
o Extra costs (powerful machines)
o Congested storage network. (Massive data storage traffic).
o Complexity of virtual infrastructure configuration.
Virtual Network: (VN) is a collection of virtual nodes and virtual links. Traditional Networking
There are four main classes in the concept of multiple coexisting logical
networks: VLAN, VPN, active and programmable and lastly overlay
networks. VN types:

• VLAN: The VLAN is a set of hosts that has a typical interest

which brings them together paying little respect to their
physical connectivity under a single broadcast domain.
• VPN: It is a communication network of at least one enterprise
that is shared over numerous sites and connected by tunnels
over the public network.
• Active & programmable: it was motivated by the need to
create, deploy, and manage novel services on the fly in
response to user demands. In addition to programmability,
they also promote concepts of isolated environments to allow
multiple parties to run possibly conflicting codes on the same
network elements without causing network instability.
• Overlay Network: is a logical network built on top of one or
more existing physical networks. The Internet itself started off
as an overlay on top of the telecommunication network.
Network virtualization: is defined by the decoupling of the roles of the
traditional Internet Service Providers (ISPs) into two independent entities:
Infrastructure providers: manage the physical infrastructure. And Service
providers: create virtual networks by aggregating resources from multiple Limitation of Traditional Networking
infrastructure providers and offer end-to-end services. Types of NV:
• Complexity (one protocol per case use).
• Internal network: consists of one system using virtual • Inability to scale (Increasing the number of endpoints, services, or
machines or zones that are configured over at least one bandwidth requires substantial planning and redesign of the
pseudo-network interface. network)
• External networks: consist of several local networks that are • Inconsistent policies (Security and quality‐of‐service (QoS)
administered by software as a single entity. policies).
• Manual configuration (errors and time wasting)
Advantages of NV:

• Uses less (and less expensive) hardware.

• Increases flexibility and workload portability.
• Provides the ability to spin workloads up and down with
minimal effort.
• Allows resources to be scaled elastically to address changing
network demands.
 Software Defined Network SDN
Definition Northbound APIs:
SDN is the separation of the control functions from the data forwarding The northbound interface is used to access the SDN controller itself. This
functions which enables greater automation and programmability in the allows a network administrator to access the SDN to configure it or to
network. retrieve information from it. (Exp: List information from all network
devices in your network. Show the status of all physical interfaces in the
SDN creates a centralized brain for the network that can communicate
network. Add a new VLAN on all your switches. Show the topology of
and command the rest of the network.
your entire network. Automatically configure IP addresses, routing, and
Architecture access-lists when a new virtual machine is created. This could be done
through GUI, Java/Python scripts …)
Benefits

 DIRECTLY PROGRAMMABLE: Network control is directly

programmable because it is decoupled from forwarding functions.
 AGILE: Abstracting control from forwarding lets administrators
dynamically adjust network-wide traffic flow to meet changing
needs.
 CENTRALLY MANAGED: Network intelligence is (logically)
centralized in software-based SDN controllers that maintain a global
view of the network, which appears to applications and policy
engines as a single, logical switch.
 PROGRAMMATICALLY CONFIGURED: SDN lets network managers
configure, manage, secure, and optimize network resources very
Southbound APIs: The SDN controller has to communicate with our quickly via dynamic, automated SDN programs, which they can
network devices in order to program the data plane. This is done through write themselves because the programs do not depend on
the southbound interface. This is not a physical interface but a software proprietary software.
interface, often an API, popular southbound interfaces (OpenFlow it’s an  OPEN STANDARDS-BASED AND VENDOR-NEUTRAL: When
open-source protocol from the Open Networking Foundation. Cisco implemented through open standards, SDN simplifies network
OpFlex: an open-source protocol which has been submitted to the IETF design and operation because instructions are provided by SDN
for standardization. CLI: Cisco offers APIC-EM which is an SDN solution controllers instead of multiple, vendor-specific devices and protocols.
for the current generation of routers and switches. It uses protocols that
are available on current generation hardware like telnet, SSH, and
SNMP.)
 OpenFlow Protocol
Definition: Single switch can be managed by more than one controller for load
balancing or redundancy purpose. In this case the controller can take
The OpenFlow (OF) protocol is a standard in software-defined networking
any one of the following roles.
(SDN) architecture. This protocol defines the communication between an
SDN controller and the network device/agent. ▪ Master.
▪ Slave.
History:
▪ Equal.
This protocol was developed first by researchers at Stanford University in
OpenFlow controller deployment models:
2008 and was first adopted by Google in their backbone network in
2011-2012. It is managed now by the Open Networking Foundation Centralized Distributed
(ONF). The latest version used in the industry is V1.5.
Overview: The OpenFlow architecture consists of three basic concepts.

• The network is built up by OpenFlow-compliant switches that

Proactive:
compose the data plane.
• the control plane consists of one or more OpenFlow controllers. ▪ Controller pre-populates flow table in switch.
• a secure control channel connects the switches with the control ▪ Zero additional flow setup time.
plane. ▪ Loss of control connection does not disrupt traffic.
▪ Essentially requires aggregated (wildcard) rules.
Reactive:
▪ First packet of flow triggers controller to insert flow entries.
▪ Efficient use of flow table.
▪ Every flow incurs small additional flow setup time.
▪ If control connection lost, switch has limited utility.
Flow-Based:
▪ Every flow is individually set up by controller.
▪ Exact-match flow entries.
OpenFlow Controller: ▪ Flow table contains one entry per flow.
▪ Good for fine grain control, campus networks.
It’s a software program, responsible for populating and manipulating the
flow tables of the switches. Aggregated:

By insertion, modification and removal of flow entries, the controller can ▪ One flow entry covers large groups of flows
modify the behavior of the switches with regard to forwarding. The ▪ Wildcard flow entries
OpenFlow specification defines the protocol that enables the controller to ▪ Flow table contains one entry per category of flows
instruct the switches. To that end, the controller uses a secure control ▪ Good for large number of flows, e.g., backbone
channel.
 Pipeline processing happens in two stages, ingress processing and
egress processing. The separation of the two stages is indicated by the
first egress table, all tables with a number lower than the first egress
table must be used as ingress tables, and no table with a number higher
than or equal to the first egress table can be used as an ingress table.
How it works:

• Pipeline processing always starts with ingress processing at the first

flow table: the packet must be first matched against flow entries of
flow table 0.
• If the outcome of ingress processing is to forward the packet to an
output port, the OpenFlow switch may perform egress processing in
the context of that output port.
• Egress processing is optional, a switch may not support any egress
tables or may not be configured to use them. If no valid egress table is
configured as the first egress table the packet must be processed by
OpenFlow Switch: the output port, and in most cases the packet is forwarded out of the
An OpenFlow Switch consists of one or more flow tables and a group switch.
table, which perform packet lookups and forwarding, and one or more • If a valid egress table is configured as the first egress table, the packet
OpenFlow channels to an external controller. must be matched against flow entries of that flow table, and other
egress flow tables may be used depending on the outcome of the
The switch communicates with the controller and the controller manages match in that flow table.
the switch via the OpenFlow switch protocol. • When processed by a flow table, the packet is matched against the
flow entries of the flow table to select a flow entry.
OpenFlow-compliant switches come in two types:
• If a flow entry is found, the instruction set included in that flow entry
➔ OpenFlow-only switches: support only OpenFlow operation, in is executed. These instructions may explicitly direct the packet to
those switches all packets are processed by the OpenFlow pipeline, another flow table (using the Go to Table Instruction), where the same
and cannot be processed otherwise. process is repeated again. A flow entry can only direct a packet to a
➔ OpenFlow-hybrid switches: support both OpenFlow operation and flow table number which is > than its own flow table number, in other
normal Ethernet switching operation (traditional L2 Ethernet words pipeline processing can only go forward and not backward.
switching, VLAN isolation, L3 routing (IPv4 routing, IPv6 • If a packet does not match a flow entry in a flow table, this is a table
routing...), ACL and QoS processing) miss.
OpenFlow Pipeline: The OpenFlow pipeline contains one or more flow • The behavior on a table miss depends on the table configuration.
tables, each flow table containing multiple flow entries. • The instructions in the table-miss flow entry in the flow table can
specify how to process unmatched packets: dropping them, passing
OpenFlow processing: The OpenFlow pipeline processing defines how them to another table or sending them to the controllers over the
packets interact with those flow tables. control channel via packet-in messages.
 A- The flow table: holds a set of flow table entries, each of which
consists of match fields, counters and instructions.

o Header fields: describe to which packets this entry is applicable. The

header fields can match different protocols depending on the
OpenFlow.
o Counters: are reserved for collecting statistics about flows. They store
the number of received packets and bytes, as well as the duration of
the flow.
o Actions: specify how packets of that flow are handled. Common
actions are “forward”, “drop”, “modify field”, etc.
B- Flow entry:

• match fields: to match against packets. These consist of the ingress

port and packet headers, and optionally other pipeline fields such as
metadata specified by a previous table.
• priority: matching precedence of the flow entry.
• counters: updated when packets are matched.
• instructions: to modify the action set or pipeline processing.
• timeouts: maximum amount of time or idle time before flow is expired
by the switch.
• cookie: opaque data value chosen by the controller. May be used by the
controller to filter flow entries affected by flow statistics, flow modification
and flow deletion requests. Not used when processing packets.
• flags: flags alter the way flow entries are managed, for example the flag
OFPFF_SEND_FLOW_REM triggers flow removed messages for that flow
entry.
 C- The group table: consists of group entries. The ability for a flow Features The controller may request the identity and the basic
entry to point to a group enables OpenFlow to represent additional capabilities of a switch by sending a features request;
methods of forwarding. the switch must respond with a feature reply that
specifies the identity and basic capabilities of the
switch.
Configuratio The controller is able to set and query configuration
n parameters in the switch. The switch only responds to
a query from the controller.
Modify-State sent by the controller to manage state on the switches.
Each group entry is identified by its group identifier and contains: Used is to add, delete and modify flow/group entries
and insert/remove action buckets of group in the
• group identifier: a 32-bit unsigned integer uniquely identifying the
OpenFlow tables and to set switch port properties.
group on the OpenFlow switch. Read-State used by the controller to collect various information
• group type: to determine group semantics. from the switch, such as current configuration,
statistics and capabilities.
• counters: updated when packets are processed by a group. Packet-out used by the controller to send packets out of a specified
port on the switch, and to forward packets received via
• action buckets: an ordered list of action buckets, where each action Packet-in messages. (Messages must contain a full
bucket contains a set of actions to execute and associated parameters. packet or a buffer ID referencing a packet stored in the
The actions in a bucket are always applied as an action set. switch. also, a list of actions
to be applied in the order they are specified; an empty
D- The OpenFlow channel: is the interface that connects each
list of actions drops the packet.)
OpenFlow Switch to an OpenFlow controller.
Barrier Barrier request/reply messages are used by the
Through this interface, the controller configures and manages the switch, controller to ensure message dependencies
receives events from the switch, and sends packets out the switch. The have been met or to receive notifications for completed
Control Channel of the switch may support a single OpenFlow channel operations.
with a single controller, or multiple OpenFlow channels enabling multiple Role- used by the controller to set the role of its OpenFlow
Request channel, set its Controller ID, or query these. This is
controllers to share management of the switch.
mostly useful when the switch connects to multiple
Between the data path and the OpenFlow channel, the interface is controllers.
implementation-specific, however all OpenFlow channel messages must Asynchronous used by the controller to set an additional filter on the
- asynchronous messages that it wants to receive on its
be formatted according to the OpenFlow switch protocol. The OpenFlow Configuration
channel is usually encrypted using TLS, but may be run directly over OpenFlow channel, or to query that filter. This is
mostly useful when the switch connects to multiple
TCP.
controllers.
OpenFlow messages/communication:
Three classes of communication exist in the OpenFlow protocol:
o The controller-to-switch communication is responsible for feature
detection, configuration, programming the switch and information
retrieval, initiated by the controller and may or may not require a
response from the switch.
 o Asynchronous communication is initiated by the OpenFlow- Simplified flowchart detailing packet flow through an OpenFlow switch
compliant switch. It is used to inform the controller about packet
arrivals, state changes at the switch and errors.

Packet-in Transfer the control of a packet to the controller.

Packet-out or message from a controller, or automatically expired
Flow-mod after some time.
Flow-Removed Inform the controller about the removal of a flow
entry from a flow table. (exp: timeout reason)
Port-status Inform the controller of a change on a port. The
switch is expected to send port-status messages to
controllers as port configuration or port state
changes.
Role-status Inform the controller of a change of its role. When a
new controller elects itself master, the switch is
expected to send role-status messages to the former
master controller.
Controller- Inform the controller when the status of an
Status OpenFlow channel changes.
Flow-monitor Inform the controller of a change in a flow table.

o Symmetric messages are sent without solicitation from either side,

the switch or the controller are free to initiate the communication
without solicitation from the other side.

Hello Hello messages are exchanged between the switch and

controller upon connection startup.
Echo Echo request/reply messages can be sent from either
the switch or the controller, and must return an echo
reply. They are mainly used to verify the liveness of a
controller-switch connection, and may as well be used
to measure its latency or bandwidth.
Error are used by the switch or the controller to notify
problems to the other side of the connection. They are
mostly used by the switch to indicate a failure of a
request initiated by the controller.
Experimenter provide a standard way for OpenFlow switches to offer
additional functionality within the OpenFlow message
type space.
 Network Function Virtualization
Definition: For example, instead of deploying a new hardware appliance across the
network to enable network encryption, encryption software can be
Network Function Virtualization, or NFV, is a way to reduce cost and
deployed on a standardized server or switch already in the network.
accelerate service deployment for network operators by decoupling
functions like a firewall or encryption from dedicated hardware and This virtualization of network functions reduces dependency on dedicated
moving them to virtual servers. hardware appliances for network operators, and allows for improved
scalability and customization across the entire network. Different from a
Explanation
virtualized network, NFV seeks to offload network functions only, rather
Instead of installing expensive proprietary hardware, service providers than the entire network.
can purchase inexpensive switches, storage and servers to run virtual
Benefits:
machines that perform network functions. This collapses multiple
functions into a single physical server, reducing costs and minimizing Virtualization: Use network resource without worrying about where it is
truck rolls. physically located, how much it is, how it is organized, etc.
If a customer wants to add a new network function, the service provider Orchestration: Manage thousands of devices
can simply spin up a new virtual machine to perform that function.
Programmable: Should be able to change behavior on the fly.
Dynamic Scaling: Should be able to change size, quantity
Automation, Multi-tenancy, Service Integration
Visibility: Monitor resources, connectivity
Performance: Optimize network device utilization
Openness: Full choice of Modular plug-ins.
Relationship with Software Defined Networks (SDN)
Network Functions Virtualization is highly complementary to Software
Defined Networking (SDN), but not dependent on it (or vice-versa).
Network Functions Virtualization can be implemented without a SDN
being required, although the two concepts and solutions can be
combined and potentially greater value accrued.
 1- NFVI (Network Functions Virtualization Infrastructure):
It provides the virtual compute, storage, and network infrastructure, and
the physical compute, storage, and network infrastructure, on which
VNFs are deployed and executed. NFVI nodes are deployed in multiple
sites and regions to provide service high-availability and to support
locality and workload latency requirements
2- VNFs (Virtualized network functions):
Virtualized network functions run in one or more virtual machines on top
of the hardware networking infrastructure.
VNFs include routers, switches, SD-WAN, firewalls and a growing
number of other network services now available as software from vendors
like Cisco, Juniper Networks and Palo Alto Networks.
▪ EM (Element Management):
This is the element management system for VNF. This is
responsible for the functional management of VNF.
exp: FCAPS (Fault, Configuration, Accounting, Performance and
Security Management).
NFV architecture:
This may manage the VNFs through proprietary interfaces. There
The major components of an NFV architecture include the virtualized may be one EMS per VNF or an EMS can manage multiple VNFs.
network functions (VNFs), NFV Infrastructure (NFVI) and NFV EMS itself can be a VNF.
management and orchestration (MANO). 3- MANO (Management and Network orchestration):
NFV management and network orchestration (MANO) is a framework
developed by a European Telecommunications Standards Institute (ETSI)
working group.
From initial set up to quotidian operations, NFV MANO coordinates
resources—the NFVI as well as VNFs—running in a virtualized data
center including compute, networking, storage and virtual machines
(VM).
NFV MANO uses templates for standard VNFs that allow architects to
select the appropriate NFVI resources to be deployed.
NFV MANO is comprised of three functional areas: Service-Chaining (SC) Strategies
▪ NFV Orchestrator handles VNF onboarding, lifecycle ▪ SC using Middle-Boxes (MB): This is the traditional way to create
management, global resource management and validation and a service chain. Each network function is a hardware-based
authorization of NFVI resource requests. appliance (MB), and a service chain is formed by hardwiring a
▪ VNF Manager controls VNF lifecycle management of instances, sequence of MBs.
providing a coordination and adaptation role for NFVI and ▪ SC using Data Center (DC): the network functions are deployed in
Element/Network Management Systems configuration and event the form of VNFs at DCs. In this scheme, all service chains will be
reporting. deployed inside the DC, therefore all traffic will have to be routed
▪ Virtual Infrastructure Manager (VIM) controls and manages the to the DC for service.
NFVI compute, storage and network resources. ▪ SC using DC plus ’x’ NFV-capable nodes (DC NFV x): In this
4- OSS/BSS (Operation Support System/Business Support System) scheme, service chains can be implemented both inside the DC
and/or in a set of NFV-capable nodes.
OSS deals with network management, fault management, configuration
▪ SC using NFV: This is a completely-distributed NFV scenario
management and service management.
where all nodes are NFV-capable and there is no centralized NFV
BSS deals with customer management, product management and order infrastructure like a DC.
management etc.
Service Functions
Service chaining:
A function that is responsible for specific treatment of received packets. A
Network functions process traffic either singularly or in sync with other service function can act at various layers of a protocol stack.
network functions, forming a “service chain”.
Service Functions Chain SFC: a set of network functions placed in a
The term “service chaining” is used “to describe the deployment of such specific order.
functions, and the network operator’s process of specifying an ordered
Traffic flows are classified, and depending on the service required, they
list of service functions that should be applied to a deterministic set of
pass through a specific service chain.
traffic flows”.
The classification can be done on per-port basis, per-subscriber basis, or
on the basis of location (in the network). operators will have different
routing policies according to the traffic type, and route the traffic through
the service chain to satisfy service requirements.
Service function chaining components
▪ Classifier: determines what traffic needs to be chained based on
policy.
▪ Service Chain: the intended set of service that must be traversed.
▪ Service Path: the actual instances of services traversed.
▪ Service Overlay: topology created to realize a service path.
▪ Metadata: information passed between participating nodes.
APN:
▪ In a mobile network, the access point name (APN) is the virtual
private network.
▪ (VPN) that connects the user equipment through the Packet Data net.
▪ Gateway (P-GW) to the Packet Data Network (PDN).
▪ User equipment can access many APNs.
▪ In the LTE architecture for the Evolved Packet Core (EPC), the APN
determines the P-GW the user equipment should use.
▪ The APN also defines the tunnel connecting the user equipment to a
PDN such as the Internet.
▪ Each PDN that the user subscribes to has an APN and an associated
P-GW, often called a “PDN subscription context.”
▪ One context is the default APN, connecting to a PDN such as the
Internet unless the user activates another APN.
Dynamic service chaining:
With SDN and NFV physical devices are replaced by virtual machines,
which accelerate an operator's TTM for a new service. The reason for this
is that, in SDN, the centralized controller has a global view of the
network, which allows for new service chains to be created by a simple
change in policy associated with a flow.
Dynamic Service Chaining Benefits Example of DSC

Agility Useful link: https://youtu.be/CySIxjUJ_IM

▪ Personalized services to subscribers

▪ Reduce TTM (time to market) new services
▪ On-demand service delivery
▪ Increase ARPU
Automation
▪ Simplified end to end service orchestration.
▪ Automated configuration and provisioning.
▪ Consistent policy enforcement : SLA, Compliance.
Reduced TCO (total cost of ownership)
▪ Operational Simplicity.
▪ Efficient resource utilization.
▪ Dynamic capacity scale up/down.
▪ Pay-as-you-go usage model.
 Network Automation
Definition:
Network automation is the process of automating the configuring,
managing, testing, deploying, and operating of physical and virtual
devices within a network.
Why automates your network?
▪ One of the biggest issues for network managers is the growth of IT
costs for network operations.
▪ The growth of data and devices is starting to outpace IT
capabilities, making manual approaches nearly impossible.
▪ Yet up to 95 percent of network changes are performed manually,
resulting in operational costs 2 to 3 times higher than the cost of
the network. Network automation:
▪ Increased IT automation, centrally and remotely managed, is
▪ Network automation software finds the most efficient way to map,
essential for businesses to keep pace in the digital world.
configure, provision, and manage a network.
Traditional network configuration: ▪ API-based automation replaces manual, command-line instructions to
configure each networking device.
▪ Networks are traditionally automated through CLI of devices, in
▪ The APIs can be invoked directly or go through a programming
which case the scope of automation is limited to a device or a
language, for example Python, Java or Go. Scripts are only one aspect
module at best.
of network automation—a modern automation platform monitors
▪ It requires network engineers to have prior knowledge of
network resources when provisioning and verifies that a network will
programming languages, which not everybody has.
be able to handle a configuration request before implementing it.
▪ Command-line scripting works for standard processes and
consistent procedures but falls apart if strategic changes are made
to the infrastructure and operations.
▪ Simple Network Management Protocol (SNMP) lets administrators
manage nodes on an IP network.
▪ With a network management station (NMS), network
administrators use SNMP to monitor and manage network
performance, find and solve network problems, and perform
queries for statistics.
▪ SNMP is not typically used for configuration due to security
concerns and difficulty in implementation.
Configuration Management Tools
Configuration management tools make use of RESTful API requests to
automate tasks and can scale across thousands of devices. These are
some characteristics of the network that administrators benefit from
automating:
▪ Software and version control
▪ Device attributes such as names, addressing, and security
▪ Protocol configurations
▪ ACL configurations
Configuration management tools typically include automation and
orchestration.
▪ Automation is when a tool automatically performs a task on a
system.
▪ Orchestration is the arranging of the automated tasks that results
in a coordinate process or workflow.
There are several tools available to make configuration management
easier:
Ansible
Chef
Puppet
SaltStack
The goal of all of these tools is to reduce the complexity and time involved
in configuring and maintaining a large-scale network infrastructure with
hundreds, even thousands of devices. These same tools can benefit
smaller networks as well.