WAN WAN Private Network Public internet Microsoft Azure Microsoft Azure Public internet Network Service Provider Scenario Monthly dual-port fee. Unlimited data transfer (in and out) included.
Download ReportTranscript WAN WAN Private Network Public internet Microsoft Azure Microsoft Azure Public internet Network Service Provider Scenario Monthly dual-port fee. Unlimited data transfer (in and out) included.
WAN WAN Private Network Public internet Microsoft Azure Microsoft Azure Public internet Network Service Provider Scenario Monthly dual-port fee. Unlimited data transfer (in and out) included Global datacenters ExpressRoute locations today AT&T MPLS Overview AT&T NetBond Integration with ExpressRoute and Azure NetBond Configuration and Orchestration 12 © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Customer separation, security MPLS Product Offers • MPLS VPN attributes (VRF, RD, RT) to separate IP routing within the PE and PE-to-PE • AVPN, PNT, IPFR, EVPN, Hybrids • MPLS label switches traffic, not IP forwarded, separating customers. Control Plane • IP routes not known in the core (route free core) VRF: Virtual Route Forwarding, separate MPLS: CER: PER: IP Traffic CER AS:65000 eBGP Forwarding Plane LDP: LSP: NH=CER Customer 1 routing table per customer on the PER RD: Route Distinguisher RT: Route Target MP-BGP: Multi-Protocol BGP MPiBGP 10.1.1.0 : RD NH (next hop=PE) RT, inner Label Multi Protocol Label Switching RFC 4364 Customer Edge Router IP routing not MPLS Provider Edge Router IP routing to CER Label switching to the core 10.1.1.0/24 RR VRF1 PER OSPF LDP MPLSOSPF LDP LSR Outer label VRF1 PER Label Switched Path No IP route lookups except at first PER 13 Label Distribution Protocol, assign and distribute forwarding labels Label Switched Paths © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. eBGP Customer 1 CER Customer Routing CER MP-iBGP PER Core IGP LSR Core IGP Customer Routing CER LSR PER LSR Core IGP LSR LSR CER PER LSR Core IGP LSR Customer Routing PER US VPN AS 13979 CER 14 Customer Routing Route Reflector © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. CER Benefits Performance, COS Reliability Scalability Security Any-to-any or Hub-spoke connectivity Reporting Service Level Agreements Fast Failover & Disaster Recovery Customer Access The Internet FR* PPP, POS Ethernet Firewall ATM* AT&T MPLS Network DSL* AT&T PER *AT&T VPN Frame, ATM & DSL Ports are on Sales Hold and Unavailable to New Customers 15 © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Smartphone 3G & 4G Backbone Ethernet Private & Public PPP AT& T POP FR ATM DSL AT&T Client Mobility CCS AT&T MPLS VPN U C Private Business VoIP Remote Access (ANIRA) NB-FW • • • • • • Network Based Firewall ANIRA remote access Mobility AT&T Connect Business VoIP NetBond to Cloud Services Internet Public AT&T VPN Appliance Cloud Services Telepresence AT&T Connect Value-Added Security Access 16 VPN © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. • Remote access & Managed Tunneling • Managed Firewalls • Intrusion Detection Internet Class 1 VOIP None of this matters when there is no congestion CER Marks & Queues: • DSCP • CBWFQ • Police RT Class 2v Video Class 2 SAP, Oracle Applications Class 3 Web Traffic Ingress policing: • RT excess dropped • Set EXP for core Class 4 Email, FTP LAN queuing Backbone COS CER PER MPLS Core Traffic Flow 17 PER Queuing at “egress” © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Class 5 Scavenger PER LAN queuing CER AT&T NetBond 18 © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Enterprise A Private Cloud Internal IT Users IT resources – on demand, self service, consumption based, dynamically scalable, logically isolated MPLS VPN Compute Storage Base or persistent loads MPLS VPN Enterprise B 19 MPLS VPN access – Today: fixed connections Future: on demand, self service, consumption based connections © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. IPSec or Direct Connect models add cost and complexity to build and manage, and do not provide flexibility for the cloud Cloud Service Users MPLS VPN IPSEC Tunnel or Private Line Corporate Data Center NetBond Benefits Cloud Service Fixed Users 20 Mobile AT&T VPN Avoids exposure to Internet risks (DDOS) Greater Performance and Availability than alternative solutions Scales Dynamically with cloud usage Elasticity creates added pricing value Provisions in hours vs. weeks Avoids complexity and added costs of managing multiple networking solution components © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. NetBond Cloud Service Provider Physical Connection Customer 1 IBM/Microsoft/ AT&T/Partners AT&T VPN Network AVPN, EVPN, IPFR, PNT Customer 2 Customer Traffic Separated Customer n Infrastructure Capacity Change pricing BW anytime—applies to whole current month 21 Price Model like cloud service (& similar to High Cap Flex) 95% tile of 5 Min Averages Highest of In & Out © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Charges based on actual network consumption Quick turn-up without lengthy commitments AT&T NetBond Physical Infrastructure Provider Data Center Cage AT&T Common Backbone Routing Updates nx10G Cloud Product Cloud Vendor Edge VLAN per AT&T IPE Customer AT&T NetBond Customer Location on MPLS VPN Data Path (Label Switched) AVPN/PNT/IPeFR/EVPN PER NNI Cloud Provider infrastructure 22 AT&T/Provide r Peering Method Varies AT&T Common Cloud Infrastructure © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T MPLS Offerings Customer Location on MPLS VPN Integration to ExpressRoute and Azure 23 © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. • • AT&T NetBond Physical Infrastructure Routing COS nx10G Data Path (Label Switched) Routing Updates AT&T Common Backbone VLAN per Customer Customer Location on MPLS VPN /30 Microsoft Windows Azure Platform Microsoft ExpressRoute Routers /30 AT&T IPE AT&T Cloud Services AVPN/PNT/IPeFR/EVPN Customer Location on MPLS VPN BGP Routing Customer Provided /29 DSCP set by Cloud Service No QOS Egress IPE 24 QOS/COS PE R All Cloud Traffic Transmitted in EXP3 Queue in CBB Transmitted in appropriate Queue in CBB © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. COS Egress PER based on DSCP COS Ingress PER based on DSCP Tunnels Microsoft ExpressRoute Routers VRF A VRF B Cust A NetBond to Vendor Demarc RT Stitching BFD & BGP Peering per /30 192.168.0.2/30 10.50.1.2/30 10G Ethernet AT&T IPE VLAN 100 192.168.0.1/30 VLAN 200 10.50.1.1/30 VRF A AVP N VRF B VPN A Cust B VRF A VRF B Microsoft Azure Cloud 192.168.0.6/30 10.50.1.6/30 10G Ethernet VLAN 100 192.168.0.5/30 VLAN 200 10.50.1.5/30 VPN B VRF A VRF B BFD & BGP Peering per /30 192.168.0.0/29 192.168.0.0/30 & 192.168.0.4/30 • Customer provides a /29 subnet to the Synaptic Portal when enabling the VNC. The /29 is broken into 2 /30 subnets which are applied to the redundant 10G connections and used for MS to AT&T BGP peering • Routing is dynamic between MS and AT&T • Failover of redundant links is accomplished using a Primary/Secondary design utilizing prepends 25 © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. NetBond Configuration and Orchestration 26 © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. VNC: Virtual Network Connection. Container that ties together a chosen AVPN VPN, Cloud VPN, and VLAN(s) VLAN: Per VNC logical link(s) to cloud vendor from the AT&T iPE. The only customer assignable attribute is the IP address space. AT&T Common Backbone Redundant 10G Cloud Product Cloud Vendor Edge VLAN AT&T IPE Customer Cloud VPN Customer VPN Cloud Services AVPN VPN VNC 27 © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. PER Customer Location on MPLS VPN Choose CSP Choose CSP Location Name the VNC Choose AVPN VPN Choose BW 28 © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Provide /29 Subnet Name VLAN Provide Service Key 29 © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 200k+ Unique devices connect to wireless/day 180k+ 1,300+ Site locations (113 countries) 153k 80% <10% 210k 95% 300k 75k LOB apps in Azure in 5 years Users 513 100k+ 1m+ 4.5m Remote connections/ month 40k MSIT Servers in On-Prem Data Centers In the Cloud, WAP and Azure, in 5 years 12,055 Total Managed Network Devices 519 9 600 49,152 22gb Sustained Internet Traffic America’s oldest and largest healthcare services company Company Founded: Headquarters: 1833 San Francisco Fortune 500: Employees: Ranked 14th 43,500 Revenue: Segments: $122.5 billion Distribution Solutions and Technology Solutions Together with our customers and partners, we are creating a sustainable future for healthcare. Together we are charting a course to better health. Distribution Solutions Technology Solutions #1 pharmaceutical distributor in U.S. and Canada leader in clinical, revenue-cycle and resource-management solutions #1 generics distributor leading RelayHealth claims-processing and connectivity business #1 in medical-surgical distribution to alternate care sites #1 in medical-management software and services to payers We did not just go all –in with Microsoft and AT&T, we had a long journey with many evaluation points along the way: • Evaluation of top 5 IaaS and PaaS Cloud Providers – Microsoft was chosen • Put in place an Enterprise Agreement inclusive of a BAA with Microsoft • Built and Evaluated Point to Site, Site to Site and ExpressRoute POC communication paths – ExpressRoute was chosen • Evaluation of HDInsight underway, and System Center POC beginning this month We chose to become an early adopter of ExpressRoute for many reasons, but the key reasons can be summarized quickly: • Infrastructure and Administrative burden for adding new Accounts or Business Units was very taxing, and opportunity for mistakes or nonstandard deployment • Requirements for high level SLA’s that cannot be guaranteed by Public Internet links • Need for hybrid deployments with some components housed in McKesson Data Centers Solution Advancement ExpressRoute Site to Site VPN Point to Site VPN Performance Security Committed bandwidth Non-Public MPLS HealthCare Framework Can commit to SLA for performance and up time Trusted business partner Encrypted tunnel over open internet No performance commitment Enterprise Class Firewall end point No performance commitment Encrypted tunnel over open internet Workloads •SMB & Enterprsie Single installation with no changes for moves or adds Enterprise Class Firewall end point Subject to Internet performance Subject to Internet performance Administration •Moving VHD / Images •DR/Archive •SLA driven apps Requires IP block, routing updates, VPN config Requires firewall & perimeter changes Requires IP block, routing updates, VPN config Requires firewall & perimeter changes •Development •IaaS and PaaS •SMB •Development •POC •Small non-critical Our team went through an extensive checklist of requirements with specific success criteria, but there were some key take aways: • Hybrid Application (Database at McKesson – App in Azure) – easy and smooth, with no latency issues • Application Disaster Recovery Testing – successfully failed over a hosted application to Azure, but did not test end user experience • Federation/Domain Joining – Easily Domain Joined Azure to McKesson • High Speed File Transfer – Very fast FTP and SMB file transfers • Public Peering - Easily leveraged Azure storage and other services We are very happy with the outcome of the evaluation, and are in the planning phase for a live roll out. Some departing thoughts: • Commitment to GA ExpressRoute affords us the opportunity to build our cloud architecture from the ground up – not just an extension of our current compute capabilities • Pricing will play a key factor in this space Azure ExpressRoute overview Azure ExpressRoute technical overview Azure ExpressRoute FAQs Azure ExpressRoute API reference for customers Azure PowerShell cmdlet reference for customers AT&T Netbond For More Information Windows Server 2012 R2 http://technet.microsoft.com/en-US/evalcenter/dn205286 System Center 2012 R2 http://technet.microsoft.com/en-US/evalcenter/dn205295 Azure Pack http://www.microsoft.com/en-us/servercloud/products/windows-azure-pack Microsoft Azure http://azure.microsoft.com/en-us/ Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management TechExpo Level 1 Hall CD http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn