Deploying services in an Enterprise or SP (for their customers, either via hosted, managed) is an absolute reality and something that has tendency to disrupt the network topology (think of deploying a Layer 3 / Routed Firewall, which becomes the default gateway). Common services that we see deployed are NAT, Firewall, SBC, DPI, and many more. Usualy ways of deploying services today are:
a)via service blades in a routing/switching platform (such as Cisco 6500 / 7600 and various blades for IPsec, SBC, load balancing etc.)
b)via a highly integrated means (such as Cisco's ASR 1000 platform that hosts a QFP packet processor)
c)via a service appliance (such as Cisco's ASA firewall
Having said that, we can summarize the problem statements as the following:
• Need for faster Service creation and insertion, ideally without modifying the existing L2 or L3 topologies if possible
• Increasing Service scale where additional services can be added with some limited configuration on both the platform that is in the data plane hence sees the packets, and the service application platform (examples could be appliances, or integrated routers or switches)
• Service discovery using the existing protocols (where packets needing service somehow can find the service delivery platforms)
Now, the questions, is that something you see as a real problem that you face in your day to day service deployment hurdles, share your vision of what problems a service delivery mechanism must resolve, name the services that you'd like to see considered for such a framework?
Looking forward to having some great discussion on this topic!
Muhammad Afaq Khan, CCIE No. 9070, Afaq has worked for various start-ups as a C/C++/Web programmer. Since 2001, Afaq has been with Cisco both in post-sales technical support and technical/product marketing roles. Currently, Afaq works as a senior technical marketing engineer for the Cisco Edge Routing Business Unit, focusing on the Cisco ASR 1000 series routers. Afaq is also a sought-after speaker at the Cisco Networkers event and many other similar technical seminars. He holds three CCIEs in the areas of routing, security, and service provider technologies. He also holds multiple patents in the area of computer networking. He attended the NED University of Engineering and Technology, Karachi , Pakistan , where he earned his bachelor’s degree in computer systems. Afaq lives with his wife and son in Santa Clara, Calif.
Muhammad's latest book Building Service-Aware Networks: The Next-Generation WAN/MAN was selected for the Cisco Subnet, October, 2009 book giveaway. To enter the monthly book giveaway, click on the entry form located on the Cisco Subnet home page.
Read a free chapter excerpt, hosted exclusively by Cisco Subnet.
The Leader in Network Knowledge
Juniper
What do you think about juniper firewall solutions box, like SSG series, SSG140 etc. ?
-less costly
-more flexibility
than cisco ?
Post new comment