Developing & Implementing MEF 3.

0 SD-WAN
Services

Charles Eckel, Applications Committee Co-Chair, MEF; Developer Advocate, Cisco DevNet

MEF Q3/19 Members Meeting, July 2019

MEF 3.0 Global Services Framework
Accelerate assured services across automated networks

Assured Automated
• Applications • Orchestration across multiple service
• Security providers
•• SD-WAN
SD-WAN • Orchestration over multiple network
• IP technology domains
• Carrier Ethernet • Specifications and SDKs
• Optical Transport

Agile Expanded
• Cloud-based test & certification • MEF global membership
platform • MEF 3.0 Proof of Concepts
• On-demand, user-initiated • MEF LSO Developer Community
• For both services & LSO APIs • Open source projects & SDOs
• Plus certified professionals • Enterprise Advisory Council
• Events, workshops, webinars
Key pain points in the SD-WAN industry

LACK OF:

A common definition of a SD- Single service orchestration of A certification framework for

WAN framework & services multiple SD-WAN vendor baseline SD-WAN compliance
implementations
Lack of an industry-standard SD-WAN definition has been a
significant challenge for offering SD-WAN managed services

Moderate Chal-
lenge
36%
Major Challenge
43%
Migration to MEF 3.0 Services
Powered by LSO
Service Provider Survey – Q4/2018
MEF with Vertical Systems Group Minor Challenge

Don't Know / 16%

Unsure
5%
MEF SD-WAN Work
SD-WAN Service Standard (MEF 70)
• Application flow policy over multiple underlay
• Complex service attributes; private/public cloud
services connectivity
SD-WAN Service, Technology &
Professional Certification

SECaaS for SD-WAN

SD-WAN LSO Presto APIs

SD-WAN for 5G
• Mapping SD-WAN application performance
and security to 5G slices

Intent-based Networking for SD-WAN

MEF SD-WAN Service
(MEF 70)
MEF SD-WAN Service Definition

Enables a wide range of ecosystem stakeholders to use the same terminology

when buying, selling, assessing, deploying, and delivering SD-WAN services.

MEF 3.0 SD-WAN Service provides a virtual overlay network that enables application-
aware, policy driven, and orchestrated connectivity between locations

Uses policies and service attributes that meet business objectives that determine how
application flows are forwarded over multiple underlay networks irrespective of the
underlay technologies.
MEF SD-WAN work is supported by more than 30 service
provider and technology supplier & testing companies.
MEF SD-WAN Service Overview

BSS
SD-WAN Edge
Service Orchestrator Physical or virtual
Subscriber Web Portal
SD-WAN Controller
SD-WAN Controller
Centralized management of SD-WAN edges
CSP Backbone
& gateways

Service Orchestrator
Lifecycle Service Orchestration of SD-WAN and other
services
Internet

Subscriber Web Portal

Subscriber service ordering and modification
SD-WAN CE / MPLS SD-WAN
Edge Edge
LSO Reference Architecture
Customer Domain SP Domain Partner Domain

Business Applications Business Applications

CANTATA SONATA
(CUS:BUS) (BUS:BUS)
Customer Application LEGATO LEGATO
Coordinator (BUS:SOF) (BUS:SOF)

Service Orchestration Service Orchestration

ALLEGRO Functionality INTERLUDE Functionality
(CUS:SOF) (SOF:SOF)
PRESTO PRESTO
(SOF:ICM) (SOF:ICM)

Infrastructure Control and Infrastructure Control and

Management Management
ADAGIO ADAGIO
(ICM:ECM) (ICM:ECM)
CUS: Customer Application Coordinator Element Control and Element Control and
BUS: Business Applications
Management Management
SOF: Service Orchestration Functionality
ENNI
ICM: Infrastructure Control and Management
ECM: Element Control and Management Network Infrastructure Network Infrastructure
SD-WAN Service Components within the LSO Reference
Architecture
Customer Domain SP Domain

Business Applications
CANTATA
(CUS:BUS) LEGATO
Self-service Web Portal (BUS:SOF)

Service Orchestrator
ALLEGRO
(CUS:SOF)
PRESTO
(SOF:ICM)

SD-WAN Controller

ADAGIO
( ICM:ECM)
CUS: Customer Application Coordinator Element Control and
BUS: Business Applications
Management
SOF: Service Orchestration Functionality
ICM: Infrastructure Control and Management
ECM: Element Control and Management Network Infrastructure
SD-WAN Edge
Components of MEF SD-WAN Service

UCS
SD-WAN UNI
Service Provider
Network
Private or
Virtual
SD-WAN User to Network Interface (UNI)
Private Cloud Demarcation point between the Service Provider and the

SW
Subscriber’s responsibility

VC
EP
SD-WAN
UNI (UNI)
UCS#2
SD-WAN Virtual Connection (SWVC)
SD-WAN
Virtual
Logical multipoint connection between the SD-WAN
Subscriber
SWVC EP

Network UCS#1 Connection

(SWVC)
UNIs that corresponds to the SD-WAN Service
Site A

SD-WAN SD-WAN Virtual Connection End-Point (SWVC EP)

Edge
Logical point at which policies are assigned to
application flows and applied to each IP Packet
EP
VC
Subscriber
SW

Internet Network
Site B
Components of MEF SD-WAN Service
SD-WAN Edge
Connects the SD-WAN UNI to the UCSs, including
UCS mapping packets to application flows, applying policies,
SD-WAN UNI
Service Provider Private or and selecting a TVC over which to forward each flow.
Network Virtual
Private Cloud

SW
Underlay Connectivity Service (UCS)

VC
EP
SD-WAN
Various services including (but not limited to) Ethernet
UNI (UNI)
UCS#2 Services (MEF 6.2), MEF IP Services (MEF 61.1)
SD-WAN including MPLS VPNs and public Internet Access, and
Subscriber Virtual
MEF Optical Transport Services (MEF 63).
SWVC EP

UCS#1 Connection
Network (SWVC)
Site A

SD-WAN
Tunnel Virtual Connection (TVC)
Edge The point-to-point paths across the UCSs that compose an
SD-WAN Service.
EP
VC
Subscriber
SW

Internet Network Internet Breakout

Site B
Certain Application Flows are forwarded by an SD-WAN
UNI directly to the Internet rather than delivered to
another SD-WAN UNI.
MEF SD-WAN Service Attributes

Service Attributes capture specific information that is Service Attributes per SD-WAN UNI, SWVC
agreed on between the Service Provider and the and SWVC EP; include
Subscriber of a MEF SD-WAN Service, and describes
• Service Uptime objective
some aspect of the service behavior.
• Application Flow definitions
• Many forms of agreement!
• Policies for the SWVC, and how they are
• Does not describe or constrain the service
used for each Application Flow at each
implementation
SWVP EP
• UNI Addressing (DHCP, Static, etc.)
• UNI L2 properties (VLAN ID, Max Frame
Size)
MEF SD-WAN Virtual Connection (SWVC) Attributes
Attribute Name Summary description Possible values

SWVC Identifier Identification of the SWVC for

SD-WAN Virtual Connection (SWVC)
Unique Identifier String for a given
management purposes SD_WAN Service • attributes located at each SWVC End
SWVC End Point List of SWVC End Point Identifiers
List
The SWVC End Points that are Point (SWVC EP)
associated by the service
SWVC A partition of the ordered End Point pairs List of 2-tuples <Group Name, List • associated to the SD-WAN UNI at each
Performance into groups with similar performance of ordered End Point pairs>
Groups characteristics site
SWVC Service The objective for Service Uptime for the 3-tuple <ts, T, Û> where ts is a date
Uptime Objective SD-WAN Service during a Performance and time, T is a duration, and Û is a
Evaluation Interval percentage between 0 and 100% MEF SD-WAN is multi-tenant in nature
SWVC Reserved IP prefixes reserved for use by the SP None or list of IP Prefixes • a different SWVC for each tenant
Prefixes
SWVC List of A list of the Policies that can be applied to List of 2-tuples <Policy Name, List
Policies Application Flows carried by the SWVC of Policy Criteria n-tuples> SWVC is multipoint in nature
SWVC List of A list of the Application Flow Groups of List of 2-tuples <Application Flow • one-to-one relationship between an SD-
Application Flow
Groups
which Application Flows can be
members
Group Name, Application Flow
Group Policy>
WAN Service and an SWVC

SWVC List of A list of the Application Flows that are List of 4-tuples <Application Flow
Application Flows recognized by the SD-WAN Service Name, List of Application Flow
Criteria n-tuples, Policy,
Application Flow Group Name>
 SD-WAN Application Flow & Policy Function

Incoming
IP PKT TVC 1
UCS 1
Policy Applied TVC TVC 2
Application Forwarding
to Application
Classification Decision
Flows TVC 3
SD-WAN UCS 2
UNI TVC 4

SD-WAN Edge
 SD-WAN Application Flow & Policy Function
Example Classification
Criteria:
• Ethertype/VLAN
• Src/Dst IP Address
• L4 Protocol
• Src/Dst Port
• Custom match

Incoming
IP PKT TVC 1
UCS 1
Policy Applied TVC TVC 2
Application Forwarding
to Application
Classification Decision
Flows TVC 3
SD-WAN UCS 2
UNI TVC 4
TVC 1
TVC 2
TVC 3
SD-WAN Edge TVC 4
 SD-WAN Application Flow & Policy Function
Each Policy includes:
1. ENCRYPTION (Yes, Either)
2. PUBLIC-PRIVATE (Private-only, Either)
3. INTERNET-BREAKOUT (Yes, No)
4. BILLING-METHOD (Flat-Rate-only, Either)
5. BACKUP (Yes, No)
6. BANDWIDTH (Committed and Max Rate)
7. Custom policy criteria
Incoming
IP PKT TVC 1
UCS 1
Policy Applied TVC TVC 2
Application Forwarding
to Application
Classification Decision
Flows TVC 3
SD-WAN UCS 2
UNI TVC 4
TVC 1 TVC 1
TVC 2 TVC 2
TVC 3 TVCs 1 and 2 TVC 3
SD-WAN Edge TVC 4 meet the TVC 4
policy
 SD-WAN Application Flow & Policy Function

Determine which TVCs

have a route to the
intended destination.

Incoming
IP PKT TVC 1
UCS 1
Policy Applied TVC TVC 2
Application Forwarding
to Application
Classification Decision
Flows TVC 3
SD-WAN UCS 2
UNI TVC 4
TVC 1 TVC 1 TVC 1
TVC 2 TVC 2 TVC 2
TVC 3 TVCs 1 and 2 TVC 3 TVCs 2 and 4 TVC 3
SD-WAN Edge TVC 4 meet the TVC 4 have a route TVC 4
policy
 SD-WAN Service Use Cases

21
 SD-WAN Service Use Case
Hybrid WAN: SD-WAN Service over Internet and MPLS WANs
1

Cantata Business Applications

• Encrypted SD-WAN tunnel over the
Legato Internet
Self-service
Web Portal Allegro Service Orchestrator • Can often increase site-to-site

Presto
bandwidth at no additional cost

SD-WAN Controller • Increased network availability and

CSP/MSP Network resiliency
Adagio Adagio

• Internet and MPLS VPNs can be

provided by different service providers
Internet

SD-WAN SD-WAN
MPLS VPN
Edge Edge
 SD-WAN Service Use Case
Dual Internet WAN: SD-WAN Service over Multiple ISPs
2

Cantata Business Applications

• SD-WAN Service operating over underlays
Legato from multiple ISPs to increase WAN
Self-service
resiliency
Web Portal Allegro Service Orchestrator

• Underlay access (L1/2) technology can be

Presto
mixed and matched and be composed of
SD-WAN Controller public and private network services
CSP/MSP Network
Adagio Adagio
• ISPs may not be the SD-WAN Service
Provider, enabling larger SD-WAN managed
service deployment where both sites can
ISP X ISP A
only be reached via the Internet WAN

SD-WAN SD-WAN
Edge Edge
ISP Y ISP B
 Next Steps &
Related Projects
SD-WAN Services Standard Roadmap

SD-WAN Service & Technology Certification – Pilot now open

MEF is developing MEF SDN/NFV Professional Certification, with a beta exam

scheduled for availability in October

MEF 70.1 (Phase 2 of MEF 70)

• Application Flow performance and business importance
• Service Attributes to define SD-WAN Service topology and connectivity
• Underlay Connectivity Service parameters
• Enhancement of public and private cloud connectivity
IETF SD-WAN YANG Models
Location within LSO Reference Architecture
Customer Domain SP Domain

Business Applications
CANTATA
(CUS:BUS) LEGATO
Self-service Web Portal (BUS:SOF)

Service Orchestrator
ALLEGRO
(CUS:SOF)
PRESTO IETF OSE
(SOF:ICM) service models

SD-WAN Controller
IETF SD-WAN
service model ADAGIO
( ICM:ECM)
CUS: Customer Application Coordinator Element Control and
BUS: Business Applications
Management
SOF: Service Orchestration Functionality
ICM: Infrastructure Control and Management
ECM: Element Control and Management Network Infrastructure
SD-WAN Edge
YANG models for SD-WAN Service
• IETF draft-sun-opsawg-sdwan-service-model, “A YANG Data
Model for SD-WAN Service Delivery”
• IETF draft-wood-rtgwg-sdwan-ose-yang, “YANG Data Model for
SD-WAN OSE Service Delivery”
• Unify these efforts, break into multiple modules/building blocks
with common terminology (e.g. application flow, policy, site)
• Use IETF CE-based Managed VPN terminology, per RFC 4110
• References MEF 70 Draft (R1), “SD-WAN Service Attributes and
Services” for definition of service/service requirements
MEF SD-WAN and IETF alignment work in progress

SD-WAN network
MEF Service Common Model (MSCM) Relationships
• MSCM aligns with MEF Services Common Model
MEF-Common (Carrier Ethernet – EVC-OVC)
Core Model (MCM) and
ONF TAPI <<import>> <<import>>

MCM

• MSCM supports elastic …….

behavior (supporting LSO MEF-Types …….

Interlude Elastic)
<<import>>
<<import>>

• MSCM collapses common

Services Common Model
types & objects into (SD-WAN)

models for import by other

efforts
Application Security for SD-WAN

Reference Architecture Security Function Policy Definition and

Behavior Definition Attributes

Language and constructs in relation to 1. Threats to security functions Security policy terminology and
SD-WAN 2. Security function behavior attributes
Adding concept of zones 3. Best practices & placement of
security functions within an SD-WAN
deployment
 MEF SD-WAN Project Summary
• SD-WAN Service Standard MEF 70
– Published standard now available
– Version 2 (MEF 70.1) started
Participate now to influence the next release
• MEF 3.0 SD-WAN Certification
– Blueprint completed More on
MEF 3.0 SD-WAN
– Pilot Certification now open for participation
• Extension to the SD-WAN Project
– LSO APIs
– Application Security for SD-WAN
– Engage now
• SD-WAN Content in the MEF SDN/NFV Professional
Certification Exam
– Incorporating general SD-WAN information
Developing & Implementing MEF 3.0 SD-WAN
Services

Charles Eckel, Applications Committee Co-Chair, MEF; Developer Advocate, Cisco DevNet

MEF Q3/19 Members Meeting, July 2019