This third blog post in the “Massive Scale” series will focus on the scalability of service orchestration. In our previous blog posts, we touched upon the importance of massive scale networking as well as the scalable workflow automation capabilities of Anuta Networks ATOM.
Service orchestration and lifecycle management are some of the most commonly used features of any orchestration platform. Enterprises and service providers frequently need to provision L2, L3 services, L2/L3 VPN services, EVPN services, application delivery services, and security-related services. ATOM provides customers with automation and orchestration requirements around delivering such services, updating lifecycle services, and retirement. In large-scale networks, it is essential for ATOM or any other automation platform to simultaneously manage thousands of services.
In the following sections, we will take a closer look at ATOM’s scale capabilities for provisioning an L2VPN Service.
Anuta ATOM Support for L2 VPN Services
Service providers primarily offer two types of L2VPN services – Virtual Private Wire Service (VPWS) and Virtual Private LAN Service (VPLS).
A VPWS is a VPN service that supplies an L2 point-to-point service. Scaling issues associated with VPWS might arise from maxing out the number of endpoints that can be supported on a particular provider edge. A VPLS is an L2 service that emulates LAN service across a Wide Area Network (WAN). Scaling issues can arise when the number of endpoints and state information at the network edge exceeds capacity.
ATOM offers out-of-box support for IETF L2VPN. ATOM’s L2VPN model is based on RFC 8466 YANG data model for a Layer 2 provider-provisioned VPN service. The YANG data model supports Virtual Private Wire Services (VPWS) and multipoint Virtual Private LAN Services (VPLS) that use Pseudowire signalling using LDP and BGP. The model also defines service configuration elements that can be used in communication protocols between customers and network operators. It defines the configuration of one single container for L2VPN, and within the l2VPN container, common parameters, and a list of endpoints.
For the point-to-point VPWS configuration, the endpoint list is used with the constraint limiting the number of endpoints to two. For the multipoint service (VPLS), an endpoint list is used. Each endpoint contains the common definition that is either an attachment circuit, a pseudowire, or a redundancy group. The endpoint entry also includes the split-horizon attribute which defines the frame forwarding restrictions between the endpoints belonging to the same split-horizon group. This construct permits multiple instances of split-horizon groups with its own endpoint members. The frame forwarding restrictions do not apply to endpoints that belong to two different split horizon groups.
The L2VPN service model is architected as a collection of sites that exchange traffic over a shared infrastructure. The provisioned model will deliver an end-to-end layer 2 connectivity between two or more customer sites. The following diagram captures the core elements.
ATOM’s L2VPN Service model offers lifecycle management through an abstracted interface to request, configure, and manage L2VPN service components. The configuration of network elements may be accomplished using CLI or other southbound interfaces such as NETCONF in conjunction with ATOM’s device models based on CLI, Native YANG, or OpenConfig. All services configured by ATOM are vendor agnostic (i.e., an L2VPN service can be utilized to configure devices from Cisco, Juniper, or any other supported vendor. ATOM services are dynamic and prevent the existence of stale configuration entries. A failure to provision specific L2VPN parameters on any device will immediately result in a rollback procedure on all associated devices
Provisioning 3,200 L2VPNs per minute Across 10,000 Devices
ATOM’s microservice-based architecture enables massive scale service orchestration. It allows network engineers to provision up to an astounding 200,000 services per hour. The graph below displays the service orchestration scale for provisioning an L2VPN service. This scale has been tested for over 10,000 devices by Anuta Networks.
Deploying a Flow-Based Service with Anuta ATOM
ATOM workflow automation can complement service orchestration to automate certain procedures related to service provisioning. It is typical to execute pre-checks before provisioning a service and post-check validations after service installation. Consider a scenario where a service provider wishes to provide a layer 3 VPN (L3VPN) service to its customers. Before provisioning, it is customary to execute certain pre-checks. These may include:
- Ensuring device connectivity and availability to the ATOM platform;
- Validating log route, BGP, VPN4 Unicast, VRF, neighbor routes, and advertised routes of PE devices.
- Ensuring device availability of the customer edge device.
- Validating VLAN, dynamic MAC addresses on a particular port, and current configuration of the last mile switch.
L3VPN service must be provisioned only after successfully validating the pre-checks. After service provisioning, operators may define certain post-checks to verify service status, the interface state, and O&M operators. Upon successful validation of post-checks, operators may need to close an ITSM ticket.
ATOM workflow automation integrates with service orchestration to automate all procedures pre and post service provisioning. The integration enables operators to automate method of procedures that include pre-checks, post-checks, approvals, integrations to ITSM, and other solutions.
Massive Scale Service orchestration is an essential requirement for large service providers and enterprises. The ATOM platform provides a highly scalable architecture that enables it to provision thousands of services every minute. Integration with workflow automation offers an additional capability of automating the entire method-of-procedure to provision any service at scale.
The next blog will focus on ATOM’s scale for compliance and monitoring. Stay tuned!