Tutorial

IETF

1. SR For SDWAN: VPN with Underlay SLA

Publication URL: https://tools.ietf.org/html/draft-dukes-spring-sr-for-sdwan

Introduction:

This document describes how SR enables underlay Service Level Agreements (SLA) to a VPN with scale and security while ensuring service opacity. This solution applies to Over-The-Top VPN (OTT VPN) and Software-Defined WAN (SDWAN).

2. Segment routing for SDWAN paths over hybrid networks

Publication URL: https://tools.ietf.org/html/draft-dunbar-sr-sdwan-over-hybrid-networks

Introduction:

This document describes a method for end-to-end (E2E) SDWAN paths to traverse specific list of underlay network segments, some of which can be private networks which include SR enabled segments, some of which can be the public IP networks that do not support SR, to achieve the desired optimal E2E quality.

The method described in this draft uses the principle of segment routing to enforce a SDWAN path’s head-end selected route traversing through a list of specific nodes of multiple network segments without requiring the nodes in each network segment to have the intelligence (or maintaining states) of selecting next hop or next domain.

3. BGP Usage for SDWAN Overlay Networks

Publication URL: https://tools.ietf.org/html/draft-dunbar-bess-bgp-sdwan-usage

Introduction:

The document describes three distinct SDWAN scenarios and discusses the applicability of BGP for each of those scenarios. The goal of the document is to make it easier for future SDWAN control plane protocols discussion.

SDWAN edge nodes are commonly interconnected by multiple underlay networks which can be owned and managed by different network providers. A BGP-based control plane is chosen for handling large number of SDWAN edge nodes with little manual intervention.

4. A YANG Data Model for SD-WAN Service Delivery

Publication URL: https://tools.ietf.org/html/draft-sun-opsawg-sdwan-service-model

Introduction:

This document provides a YANG data model for an SD-WAN service. An SD-WAN service is a connectivity service offered by a service provider network to provide connectivity across different locations of a customer network or between a customer network and an external network, such as the Internet or a private/public cloud network.

This connectivity is provided as an overlay constructed using one of more underlay networks. The model can be used by a service orchestrator of a service provider to request, configure, and manage the components of an SD-WAN service.

5. Dynamic Networks to Hybrid Cloud DCs Problem Statement

Publication URL: https://tools.ietf.org/html/draft-ietf-rtgwg-net2cloud-problem-statement

Introduction:

This document describes the problems that enterprises face today when interconnecting their branch offices with dynamic workloads in third party data centers (a.k.a. Cloud DCs). There can be many problems associated with network connecting to or among Clouds, many of which probably are out of the IETF scope. The objective of this document is to identify some of the problems that need additional work in IETF Routing area. Other problems are out of the scope of this document.

This document focuses on the network problems that many enterprises face when they have workloads & applications & data split among different data centers, specially for those enterprises with multiple sites that are already interconnected by VPNs (e.g., MPLS L2VPN/L3VPN).

Current operational problems are examined to determine whether there is a need to improve existing protocols or whether a new protocol is necessary to solve them.

6. Secure EVPN

Publication URL: https://tools.ietf.org/html/draft-sajassi-bess-secure-evpn

Introduction:

This document presents a solution where BGP point-to-multipoint signaling is leveraged for key and policy exchange among PE devices to create private pair-wise IPsec Security Associations without IKEv2 point-to-point signaling or any other direct peer-to-peer session establishment messages.

7. IPsec Key Exchange using a Controller

Publication URL: https://tools.ietf.org/html/draft-carrel-ipsecme-controller-ike

Introduction:

This document presents a key exchange method allowing devices managed by a controller (e.g., an SDN management station) to create private pair-wise IPsec SAs without IKEv2 or any other direct peer-to-peer session establishment messages. The method can be used when a full mesh of IKEv2 sessions between IPsec devices is not appropriate.

8. SDWAN WAN Ports Property Advertisement in BGP UPDATE

Publication URL: https://tools.ietf.org/html/draft-dunbar-idr-sdwan-port-safi

Introduction:

The document describes how the SDWAN SAFI, which is assigned by IANA in the First Come First Server range, is used for SDWAN edge nodes to propagate its WAN port properties to its controller.

In the context of this document, BGP Route Reflectors (RR) is the component of the SDWAN Controller that receives the BGP UPDATE from SDWAN edges and in turns propagate the information to a group of authorized SDWAN edges reachable via overlay networks.

9. BGP Provisioned IPsec Tunnel Configuration

Publication URL: https://tools.ietf.org/html/draft-hujun-idr-bgp-ipsec

Introduction:

This document defines a method of using BGP to provide IPsec tunnel configuration along with NLRI, it uses and extends tunnel encapsulation attribute as specified in [I-D.ietf-idr-tunnel-encaps] for IPsec tunnel.

10. BGP Provisioned IPsec Transport Mode Protected Tunnel Configuration

Publication URL: https://tools.ietf.org/html/draft-hujun-idr-bgp-ipsec-transport-mode

Introduction:

This document defines a method of using BGP to advertise IPsec transport mode protected tunnel (like GRE tunnel with IPsec transport mode protection) configuration along with NLRI, based on [I-D.ietf-idr-tunnel-encaps] and [I-D.hujun-idr-bgp-ipsec].

11. YANG Data Model for SD-WAN OSE service delivery

Publication URL: https://tools.ietf.org/html/draft-wood-rtgwg-sdwan-ose-yang

Introduction:

This document defines two SD-WAN OSE Open SD-WAN Exchange(OSE) service YANG modules to enable the orchestrator in the enterprise network to implement SD-WAN inter-domain reachability and connectivity services and application aware traffic steering services.

12. A YANG Module for uCPE management

Publication URL: https://tools.ietf.org/html/draft-shytyi-opsawg-vysm

Introduction:

This document provides a YANG data model for uCPE management (VYSM) and definition of the uCPE equipment. The YANG Model serves as a base framework for managing an universal Customer-Premises Equipment (uCPE) subsystem. The model can be used by a Network Orchestrator.

CCSA

Demo

OpenSource

News