ExpressRoute: Connecting Private and Public Clouds through
Download
Report
Transcript ExpressRoute: Connecting Private and Public Clouds through
WAN
WAN
Private
Network
Public
internet
Microsoft
Azure
Microsoft
Azure
Public
internet
Network Service Provider Scenario
Monthly dual-port fee.
Unlimited data transfer (in and out) included
Global datacenters
ExpressRoute locations
today
AT&T MPLS Overview
AT&T NetBond
Integration with ExpressRoute and Azure
NetBond Configuration and Orchestration
12
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
Customer separation, security
MPLS Product Offers
• MPLS VPN attributes (VRF, RD, RT) to separate IP routing within the PE and PE-to-PE • AVPN, PNT, IPFR, EVPN, Hybrids
• MPLS label switches traffic, not IP forwarded, separating customers.
Control Plane
• IP routes not known in the core (route free core)
VRF:
Virtual Route Forwarding, separate
MPLS:
CER:
PER:
IP Traffic
CER
AS:65000
eBGP
Forwarding Plane
LDP:
LSP:
NH=CER
Customer 1
routing table per customer on the PER
RD:
Route Distinguisher
RT:
Route Target
MP-BGP: Multi-Protocol BGP
MPiBGP
10.1.1.0 : RD
NH (next
hop=PE)
RT, inner Label
Multi Protocol Label Switching
RFC 4364
Customer Edge Router
IP routing not MPLS
Provider Edge Router
IP routing to CER
Label switching to the core 10.1.1.0/24
RR
VRF1
PER
OSPF
LDP
MPLSOSPF
LDP
LSR
Outer
label
VRF1
PER
Label Switched Path
No IP route lookups except at first PER
13
Label Distribution Protocol, assign and
distribute forwarding labels
Label Switched Paths
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
eBGP
Customer 1
CER
Customer
Routing
CER
MP-iBGP
PER
Core IGP
LSR
Core IGP
Customer
Routing
CER
LSR
PER
LSR
Core IGP
LSR
LSR
CER
PER
LSR
Core IGP
LSR
Customer Routing
PER
US VPN
AS 13979
CER
14
Customer
Routing
Route
Reflector
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
CER
Benefits
Performance, COS
Reliability
Scalability
Security
Any-to-any or Hub-spoke connectivity
Reporting
Service Level Agreements
Fast Failover & Disaster Recovery
Customer Access
The Internet
FR*
PPP, POS
Ethernet
Firewall
ATM*
AT&T MPLS
Network
DSL*
AT&T
PER
*AT&T VPN Frame, ATM & DSL Ports are on
Sales Hold and Unavailable to New Customers
15
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
Smartphone
3G & 4G
Backbone
Ethernet
Private & Public
PPP
AT&
T
POP
FR
ATM
DSL
AT&T Client
Mobility
CCS
AT&T MPLS
VPN
U
C
Private
Business
VoIP
Remote
Access
(ANIRA)
NB-FW
•
•
•
•
•
•
Network Based Firewall
ANIRA remote access
Mobility
AT&T Connect
Business VoIP
NetBond to Cloud Services
Internet
Public
AT&T
VPN Appliance
Cloud
Services
Telepresence
AT&T Connect
Value-Added
Security
Access
16
VPN
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
• Remote access & Managed Tunneling
• Managed Firewalls
• Intrusion Detection
Internet
Class 1
VOIP
None of this matters when there is no
congestion
CER Marks & Queues:
• DSCP
• CBWFQ
• Police RT
Class 2v
Video
Class 2
SAP, Oracle
Applications
Class 3
Web
Traffic
Ingress policing:
• RT excess dropped
• Set EXP for core
Class 4
Email, FTP
LAN queuing
Backbone COS
CER
PER
MPLS Core
Traffic Flow
17
PER Queuing at “egress”
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
Class 5
Scavenger
PER
LAN queuing
CER
AT&T NetBond
18
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
Enterprise A
Private Cloud Internal IT
Users
IT resources – on demand, self service,
consumption based, dynamically scalable,
logically isolated
MPLS VPN
Compute
Storage
Base or persistent loads
MPLS VPN
Enterprise B
19
MPLS VPN access – Today: fixed connections
Future: on demand, self service, consumption
based connections
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
IPSec or Direct Connect models add cost and complexity to build and manage,
and do not provide flexibility for the cloud Cloud Service
Users
MPLS VPN
IPSEC Tunnel
or Private Line
Corporate
Data Center
NetBond
Benefits
Cloud Service
Fixed
Users
20
Mobile
AT&T VPN
Avoids exposure to Internet risks (DDOS)
Greater Performance and Availability than
alternative solutions
Scales Dynamically with cloud usage
Elasticity creates added pricing value
Provisions in hours vs. weeks
Avoids complexity and added costs of managing
multiple networking solution components
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
NetBond
Cloud Service
Provider
Physical
Connection
Customer 1
IBM/Microsoft/
AT&T/Partners
AT&T VPN Network
AVPN, EVPN, IPFR, PNT
Customer 2
Customer Traffic Separated
Customer n
Infrastructure Capacity
Change pricing BW
anytime—applies to
whole current month
21
Price Model like
cloud service
(& similar to
High Cap Flex)
95% tile of 5 Min
Averages
Highest of In & Out
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
Charges based
on actual network
consumption
Quick turn-up
without lengthy
commitments
AT&T NetBond Physical
Infrastructure
Provider Data Center
Cage
AT&T Common Backbone
Routing Updates
nx10G
Cloud
Product
Cloud
Vendor
Edge
VLAN per AT&T
IPE
Customer
AT&T NetBond
Customer
Location on
MPLS VPN
Data Path
(Label Switched)
AVPN/PNT/IPeFR/EVPN
PER
NNI
Cloud Provider
infrastructure
22
AT&T/Provide
r Peering
Method Varies
AT&T Common
Cloud
Infrastructure
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
AT&T MPLS
Offerings
Customer
Location on
MPLS VPN
Integration to ExpressRoute
and Azure
23
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
•
•
AT&T NetBond Physical
Infrastructure
Routing
COS
nx10G
Data Path
(Label
Switched)
Routing
Updates
AT&T Common Backbone
VLAN per
Customer
Customer
Location on
MPLS VPN
/30
Microsoft
Windows
Azure
Platform
Microsoft
ExpressRoute
Routers
/30
AT&T
IPE
AT&T Cloud Services
AVPN/PNT/IPeFR/EVPN
Customer
Location on
MPLS VPN
BGP Routing
Customer Provided
/29
DSCP set
by Cloud Service
No QOS Egress
IPE
24
QOS/COS
PE
R
All Cloud Traffic Transmitted
in EXP3 Queue in CBB
Transmitted in appropriate
Queue in CBB
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
COS Egress PER
based on DSCP
COS Ingress PER
based on DSCP
Tunnels
Microsoft
ExpressRoute
Routers
VRF A
VRF B
Cust A
NetBond to Vendor
Demarc
RT Stitching
BFD & BGP Peering per /30
192.168.0.2/30
10.50.1.2/30
10G Ethernet
AT&T IPE
VLAN 100
192.168.0.1/30
VLAN 200
10.50.1.1/30
VRF A
AVP
N
VRF B
VPN A
Cust B
VRF A
VRF B
Microsoft
Azure Cloud
192.168.0.6/30
10.50.1.6/30
10G Ethernet
VLAN 100
192.168.0.5/30
VLAN 200
10.50.1.5/30
VPN B
VRF A
VRF B
BFD & BGP Peering per /30
192.168.0.0/29
192.168.0.0/30
&
192.168.0.4/30
• Customer provides a /29 subnet to the Synaptic Portal when enabling the VNC. The /29 is broken
into 2 /30 subnets which are applied to the redundant 10G connections and used for MS to AT&T
BGP peering
• Routing is dynamic between MS and AT&T
• Failover of redundant links is accomplished using a Primary/Secondary design utilizing prepends
25
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
NetBond Configuration
and Orchestration
26
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
VNC:
Virtual Network Connection. Container that ties together a chosen
AVPN VPN,
Cloud VPN, and
VLAN(s)
VLAN:
Per VNC logical link(s) to cloud vendor from the AT&T iPE.
The only customer assignable attribute is the IP address space.
AT&T Common
Backbone
Redundant 10G
Cloud
Product
Cloud
Vendor
Edge
VLAN
AT&T
IPE
Customer
Cloud VPN
Customer VPN
Cloud Services
AVPN VPN
VNC
27
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
PER
Customer Location
on MPLS VPN
Choose CSP
Choose CSP Location
Name the VNC
Choose AVPN VPN
Choose BW
28
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
Provide /29 Subnet
Name VLAN
Provide Service Key
29
© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
200k+
Unique devices
connect to
wireless/day
180k+
1,300+
Site locations
(113 countries)
153k
80%
<10%
210k
95%
300k
75k
LOB apps in
Azure in 5 years
Users
513
100k+
1m+
4.5m
Remote
connections/
month
40k
MSIT Servers in
On-Prem Data
Centers
In the Cloud,
WAP and Azure,
in 5 years
12,055
Total Managed
Network
Devices
519
9
600
49,152
22gb
Sustained
Internet Traffic
America’s oldest and largest healthcare services company
Company Founded:
Headquarters:
1833
San Francisco
Fortune 500:
Ranked 14th
Employees:
43,500
Revenue:
Segments:
$122.5 billion
Distribution Solutions
and Technology Solutions
Together with our customers and partners,
we are creating a sustainable future for healthcare. Together we are charting a course to
better health.
Distribution
Solutions
Technology
Solutions
#1 pharmaceutical distributor
in U.S. and Canada
leader in clinical, revenue-cycle and
resource-management solutions
#1 generics distributor
leading RelayHealth claims-processing
and connectivity business
#1 in medical-surgical distribution
to alternate care sites
#1 in medical-management software
and services to payers
We did not just go all –in with Microsoft and AT&T, we had a long
journey with many evaluation points along the way:
• Evaluation of top 5 IaaS and PaaS Cloud Providers – Microsoft was chosen
• Put in place an Enterprise Agreement inclusive of a BAA with Microsoft
• Built and Evaluated Point to Site, Site to Site and ExpressRoute POC
communication paths – ExpressRoute was chosen
• Evaluation of HDInsight underway, and System Center POC beginning this
month
We chose to become an early adopter of ExpressRoute for many
reasons, but the key reasons can be summarized quickly:
• Infrastructure and Administrative burden for adding new Accounts or
Business Units was very taxing, and opportunity for mistakes or nonstandard deployment
• Requirements for high level SLA’s that cannot be guaranteed by Public
Internet links
• Need for hybrid deployments with some components housed in
McKesson Data Centers
Solution
Advancement
ExpressRoute
Site to Site
VPN
Point to Site
VPN
Performance
Security
Committed bandwidth
Non-Public MPLS
HealthCare Framework
Can commit to SLA for
performance and up
time
Trusted business
partner
Encrypted tunnel over
open internet
No performance
commitment
Enterprise Class
Firewall end point
No performance
commitment
Encrypted tunnel over
open internet
Workloads
•SMB & Enterprsie
Single installation with
no changes for moves
or adds
Enterprise Class
Firewall end point
Subject to Internet
performance
Subject to Internet
performance
Administration
•Moving VHD / Images
•DR/Archive
•SLA driven apps
Requires IP block,
routing updates, VPN
config
Requires firewall &
perimeter changes
Requires IP block,
routing updates, VPN
config
Requires firewall &
perimeter changes
•Development
•IaaS and PaaS
•SMB
•Development
•POC
•Small non-critical
Our team went through an extensive checklist of requirements with
specific success criteria, but there were some key take aways:
• Hybrid Application (Database at McKesson – App in Azure) – easy and
smooth, with no latency issues
• Application Disaster Recovery Testing – successfully failed over a hosted
application to Azure, but did not test end user experience
• Federation/Domain Joining – Easily Domain Joined Azure to McKesson
• High Speed File Transfer – Very fast FTP and SMB file transfers
• Public Peering - Easily leveraged Azure storage and other services
We are very happy with the outcome of the evaluation, and are in the
planning phase for a live roll out. Some departing thoughts:
• Commitment to GA ExpressRoute affords us the opportunity to build our
cloud architecture from the ground up – not just an extension of our
current compute capabilities
• Pricing will play a key factor in this space
Azure ExpressRoute overview
Azure ExpressRoute technical overview
Azure ExpressRoute FAQs
Azure ExpressRoute API reference for customers
Azure PowerShell cmdlet reference for customers
AT&T Netbond
For More Information
Windows Server 2012 R2
http://technet.microsoft.com/en-US/evalcenter/dn205286
System Center 2012 R2
http://technet.microsoft.com/en-US/evalcenter/dn205295
Azure Pack
http://www.microsoft.com/en-us/servercloud/products/windows-azure-pack
Microsoft Azure
http://azure.microsoft.com/en-us/
Come Visit Us in the Microsoft Solutions Experience!
Look for Datacenter and Infrastructure Management
TechExpo Level 1 Hall CD
http://channel9.msdn.com/Events/TechEd
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn