AT&T’s “SDN-WAN” as the Network to Access & Deliver Cloud Services

Introduction:

For several years, we’ve wondered why there was so many alternative WANs used and proposed to access and deliver cloud computing and storage services (IaaS, PaaS, SaaS, etc.) for public, private, and hybrid clouds. The list includes: the public Internet (best effort), IP MPLS VPN, other types of IP VPNs, Carrier Ethernet for Private Cloud (MEF spec), dedicated private line to Cloud Service Provider (CSP) data center/platform/point of presence, etc.

AT&T is attempting to position its “SDN WAN” enhanced IP-MPLS VPN as the unified WAN solution for cloud services provided by its partners.  At IT Roadmap in San José, CA on Sept 17, 2014, Randall Davis announced that AT&T is partnering with several CSPs to use its enhanced IP-MPLS VPN WAN to enable end users to access a variety of cloud services. The impressive list of CSPs includes: Microsoft (Windows Azure), HP, IBM, Salesforce.com, Box, and CSC. That bestows credibility and confidence in AT&T’s cloud networking approach.

Network Enabled Cloud Solutions via AT&T NetBond:

Mr. Davis stated that AT&T spends ~$20B per year on CAPEX/OPEX to maintain and improve its wireless and wire-line networks. Instead of discrete network functions and equipment associated with individual services running on disparate subnetworks, AT&T’s goal is to consolidate all services to be delivered to customers onto a software based, programmable, cloud like “SDN WAN” which uses their own intellectual property (see below).

“The User Defined Network Cloud is AT&T’s vision for the network of the future,” Davis stated. “Our goal is to provide a set of services delivered from a single cloud-like network. AT&T is tapping into the latest technologies, open source projects and open network principles to make that happen,” he said.

“It’s a fundamental new way to build a smart “cloud-like network” that addresses the many concerns of end users about the network being the bottleneck in delivery of cloud services.” Indeed, barriers to moving enterprise workloads to the cloud often involve the WAN. For example, how can the network address cloud integration complexity, a warehouse of telecom circuits, security, reliability/availability, and compliance issues?

AT&Ts “network enabled cloud,” called NetBond, allows customers to extend their existing MPLS Virtual Private Network (VPN) to the CSPs platform for the delivery of business/ enterprise applications through fast and highly secure connectivity.  AT&T says they are driving the network enabled ecosystem and working with leading CSPs such as Microsoft, Salesforce.com, HP, IBM, CSC and Equinix.

Positioned between the enterprise customer premises and the CSP’s platform/point of presence, AT&T’s NetBond provides a highly flexible and simple way for AT&T customers to utilize their enterprise VPNs to connect to a cloud computing or IT service environment in AT&T’s cloud partner ecosystem (which is growing).  This solution bypasses the public Internet entirely, thereby providing secure and seamless access to CSPs applications and data storage.

AT&Ts NetBond enables the end customer to integrate cloud services within its enterprise wide IP-MPLS VPN (from AT&T, of course).  It does so by extending its MPLS VPN to the CSPs compute/storage platform, thereby isolating traffic from other customer traffic, creating a private network connection. As a result, there’s no need for a separate IP VPN to/from the CSP.

The solution is designed around the following keys areas:

1. Flexibility. Network bandwidth is optimized for your workloads and fully scalable
2. Network Security and isolation. Intelligent routing directs traffic to logically separated customer environments on shared physical infrastructure.
3. Availability and performance. The solution is built on a stable, robust and scalable technology platform resulting in up to 50% lower latency and up to 3X availability.
4. Automation and control. The solution uses automation and a self-service portal to activate service changes in hours versus weeks.

NetBond permits both the network and cloud infrastructure to scale or contract in tandem and on-demand, rapidly accommodating workload changes. It seems to be well suited for customers who want to avoid exposure to the public Internet and risk of DDoS attacks, as well as, have a highly available and high-performance connection to their cloud resources. Davis said that “NetBond provides a scalable, highly secure, high performance, and integrated WAN solution” for access to the cloud.

Other benefits were identified:

• Private IP address space avoids DDoS attacks
• API controlled pre-integrated survivable network infrastructure
• Elasticity with dynamic traffic bursting (above some pre-defined threshold)
• AT&T sells baseline units of traffic capacity with most bursting covered
• Bursting overages at the “95th percentile” incur an extra charge
• Any to any instant on connectivity (zero provisioning time to reach CSP that’s partnered with AT&T)
• Improved legacy application performance and increased throughput
• Privacy from separation of data and control planes
• Better availability due to simplicity of operations
• Bursting capability eliminates gaps and gluts
• Cost model aligns with cloud usage

AT&T NetBond Backgrounder:

AT&T’s website states: NetBond provides benefits of a private network with the flexibility of cloud. With NetBond, security, performance and control are no longer barriers to moving enterprise applications and data to the cloud.

“NetBond uses patented technology that uses Software Defined Network (SDN) capabilities, providing traffic routing flexibility and integration of VPN to cloud service providers. With AT&T NetBond, customers can expect up to 50% lower latency and up to 3x availability. In addition, network connectivity can be scaled up or down with the cloud resources resulting in bursting of up to 10 times your contracted commitment. From a security perspective, AT&T NetBond isolates traffic from the Internet and from other cloud traffic reducing exposure to risks and attacks such as DDoS.”

“AT&T VPN customers can create highly-secure, private and reliable connectivity to cloud services in minutes without additional infrastructure investments and long-term contract commitments. We also enable end to end integration with cloud service providers resulting in a common customer experience regardless of the cloud platform.”

“Because it can reduce over-provisioning, AT&T NetBond can result in savings of as much as 60% on networking costs compared to internet based alternatives. Also, customers experience true flexibility in that they only pay for what they have ordered and are able to change their billing plan at any time to reflect usage.”

For more on the technology used for AT&T’s IP MPLS VPN see this white paper:

What’s the Control Mechanism for NetBond?

AT&T uses its own version of SDN WAN with “APIs to expose control mechanisms used to order (provision) and manipulate network services.” AT&T’s SDN WAN is based on proprietary intellectual property the company refers to as “Intelligent Route Service Control Processor (IRSCP).” That technology is used to dynamically change the routing (end to end paths) in the network to respond to operational changes, new customers, more or less traffic, and to automatically recover from failed network nodes or links. Davis said that AT&T’s suppliers are using the company’s version of SDN WAN in “novel ways.” AT&T is also using open source software whenever possible, he said (we assume that to mean in their suppliers’ equipment and possibly in their network management/OSS software).

A quick web search indicates that AT&T has at least one patent on IRSCP. In 2006, AT&T Labs researchers published a paper titled, “Dynamic Connectivity Management with an Intelligent Route Service Control Point” in the Proceedings of the 2006 SIGCOMM Workshop on Internet Network Management.

Mobile Integration into Cloud Applications is Needed:

With more and more mobile apps on smart phones and tablets accessing cloud based applications, it’s essential to provide a wireless network that solves both security and performance problems. Randall hinted that AT&T’s NetBond may be extended to include wireless access in the near future. The following benefits of doing so were enumerated:

• Faster time to market for new mobile apps
• Access to easier solutions which can be quickly configured (no explanation provided)
• Simpler compliance
• Improved performance
• Better security

Author’s Notes:

1. Mr. Davis referred to “Project Gamma” as an early example of AT&T’s Domain 2.0 architecture. It was said to be an example of “User Defined Network Cloud (UDNC)” in that it virtualizes Ethernet connectivity and routing to automate services delivered to AT&T customers. [No reference was given or could be found for Project Gamma.]
2. On Sept 17, 2014 (the date of Mr. Davis’ IT Roadmap-SJ presentation), Light Reading reported that AT&T will bring its User-Defined Network to Austin businesses by the end of this year.

“This is really focused on wireline services, specifically, we’re starting with Ethernet… I would expect that we’ll look at wireless too,” says Josh Goodell, VP of Network on Demand at AT&T.

Businesses with the Network on Demand Ethernet service will be able to change some network services and modify upload and download speeds via a self-service portal. This will mean that services will be changed almost instantaneously, “rather than the previous method of modifying, installing or replacing hardware to make network changes,” AT&T notes.

Addendum:

On Sept 18, 2014, AT&T and IBM announced a strategic partnership AT&T Teams with IBM Cloud to Extend Highly Secure Private Network to Clients.

AT&T NetBond services will be extended to IBM’s SoftLayer platform for stronger security and performance. This extension of the IBM and AT&T alliance will allow businesses to easily create hybrid-computing solutions. AT&T Virtual Private Network (VPN) customers can use AT&T NetBond to connect their IT infrastructure to IBM’s SoftLayer private network and cloud services. The service allows customers to benefit from highly secure connections with high reliability and performance as an alternative to relying on public Internet access.

“AT&T NetBond gives customers a broader range of options as they explore how to best leverage a hybrid cloud,” said Jim Comfort, general manager of IBM Cloud Services. “Customers can easily move workloads to and from SoftLayer as if it were part of their local area network. This added flexibility helps optimize workload performance while allowing customers to scale IT resources in a way that makes sense.”

“Businesses look to AT&T and IBM to deliver best in class solutions to meet their most demanding needs— especially when it comes to cloud,” said Jon Summers, senior vice president growth platforms, AT&T Business Solutions. “Together, we’re making the network as flexible as the cloud and giving enterprises confidence they can migrate their business systems to the cloud and still meet their security, scalability and performance requirements.”

End NOTE:  We will update this article if and when we receive a figure from AT&T that illustrates NetBond.  Stay tuned!