Contrail Service Orchestration (CSO)
Designs,
secures, automates, and runs the entire service l
ife
cycle across
NFX
Series Network Services
Platforms,
MX
Series
Routers,
and
SRX
Series Services Gateways. along with the
vSRX
Virtual
Firewall
available
in
public
cloud
marketplaces.
Scanned
with
CamScanner
Network
Functions
Overview
•
Services plane is a fundamental
networking
software plane
•
Examples
of
network
functions
or
services:
o Stateful firewall
o
Network
Address Translation
(NATI
c
Intrusion detection and prevention (IDP)
o
Load balancing
-,
Caching
.o
WAN
acceleration
•
Historically,
network
services have been deployed using
c
Physical appliances
or
servers
c
Service cards installed in routers
or
switches
Scanned
with
CamScanner
Orchestration
Platforms:
OpenStack
Applications
0~
~6
QI
-----,
Monitoring
ofi.
1
°6
9
and Tools
Dashboard
iQ
,~
APls
API
API
Scanned
wi
th
Camscanne
r
Report
Generation
•
Project/Tenant Reporting
o
Resource usage
o
Histori
ca
l instance creation and termination
o
Billing and costs
,-
Downloadable
HTML,
comma-separated values
(CSV),
PDF formats
Scanned
with
CamScanner
Scanned wi
th
CamScanner
Ju
nos
Control
Adv Services
Plane (
JCP
/v
RE)
+
Flow
Process
ing
IMGD I
RPD
I
+
Packet
FWD
(JEXEC)
119t•M
.,.~-
-1~,l,ZP
Single
Sou
r
ced
Codebase
>
CLI/Netconf/
RESTCONF
nsd
IPS
flowd
PacketlO
Mgmt
Appld
Scanned
with
CamScanner
System
daemons
/
Network
Security
Evo
lution
•
Key developments
o
Artificial intelligence and machine learning enable security analysis
•
To shift away from traditional static signatures
•
To move
toward
behavior analysis
of
applications and
network
functions
o
Security
threat
designers hide security threats
within
codes
o
Bigdata
•
Leverages and analyzes pools
of
security
threat
information
to
determine behaviors
of
the
security
threats and then real-time
network
patterns
o
Security threats are self-propagating,
so
the
traditional
model
of
identification is
no
more sufficient
Automation
•
Enables security
threat
remediation to take place
at
the
speed
of
the
systems
that
are infected
Scanned
with
CamScanner
OpenFlow
1.5
Previously, Open
Flow
flow
processing was always
done
in
the
context
of
the
packet ingress
port.
In
Open
Flow
version 1.5,
the
addition
of
egress tables enables the processing
of
flows
in
the
context
of
the
output
port
When
a packet
is
output
to
a
port.
the
packet
will
be processed
by
the egress tables,
which
take some action
or
redirect
the
packet
to
another
egress table.
Open
Flow
had been an
Ethernet-only
protocol
until
version 1.5,
when
packet
type
identification
was added
to
the
specification.
New
type, length, and values
(TLVs)
were
added
that
identify
the
packet type and can
be
used in matches and
now
acts as a prerequisite
for
header fields. The packet
type
field can be used in various
other
types
of
Open
Flow
protocol messages
to
identify
their
payload.
