Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks
Unconstrained Networking To Enable Business Innovation
Houman Modarres
April 2015
@modarres
@nuagenetworks
@NewGuyStory
Your Business in the Cloud Age
What has changed?
What needs to be re-thought as a result?
(as far as networking is concerned)
What does this mean to CIOs & network
administrators?
What’s possible?
The Marriage of “IP” & “IT”
Shift in Operational Mindset
Network Services on demand,
in support of cloud applications
Any application, any cloud, every time
The Big Change
Today’s Application Requirements
Broader footprint
Workloads anywhere
Hyper-distributed applications
Multi-tenant
Far more dynamic
Ephemeral (e.g. containers, docker…)
Multi-site (e.g. DCs & remote locations)
Multi-provider
Hybrid environments
Instantiated on-demand & securely
Networking every bit as instantaneous
and readily consumable as compute
Open: Preserve choice
Boundary-less: Networks, not islands
Policy-Driven: Security & visibility
The Big Idea
A shift in How applications interact with the network ABSTRACTION
IT-Friendly Definition
A Fundamental Shift
Lost in Translation
A shift in How network services are instantiated AUTOMATION
Auto-instantiation
A Fundamental Shift
Configuration-driven
Compute Management
Tenant / Application Request
Auto-instantiation
Compute Request
completed in Minutes
00:01
IP address
WAN interconnect
Policy / Security Zones
L2 / L3 Services
Service chaining
Policy Instantiation • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • …
Network Changes
Completed automatically
00:01
Policy-Driven Network Automation
Networking
Security/
Compliance
Hierarchical
Permission Templates
SDN Policy Framework
50% Reduction in Operational Expense
10x Improvement in turn-up response time, Reduction in configuration errors
40% Increase in asset utilization & flexibility
Bottom Line for the CIO
Source: ALU Analysis, customer survey feedback 2013-2014
Learn from Mobile Networks
Endpoints “roam” at will
Rules defined once, used often
Learn from the Internet
Network of Networks
Capabilities advertised
Topology discovered
Policy Federation takes same approach, applies it within & across datacenters
A Federated Policy Approach
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
DC1 Zone 1
Cloud Service Management Plane
Datacenter Control Plane
Datacenter Data Plane DC1 Zone 2 Datacenter 2`
Federation of controllers
DC WAN Router
Service Provider Data Plane
IP / MPLS
WAN Service Control Plane
Virtualized Services Controller
Virtualized Services Directory
Virtualized Services Controller
Business VPN Service
Private Datacenter
Domain
Subnets
VPN Internet
Zones
Policies
SDN Automation across all Assets
DC 2 Bare Metal Assets
Nuage 7850 VSG
Move workloads over existing network infrastructure
Virtual networks span across physical locations
Workloads inherit the same policy & attributes regardless of location
Control and visibility across separate physical locations
Ideal for traversing private, public or hybrid clouds
Hypervisor
Hypervisor
Hypervisor
Datacenter 1
Hypervisor
Datacenter 2
SDN Controller
MP-BGP
SDN Controller
Hypervisor
Hypervisor
Multi-DC Private Cloud with Bursting Options
Move or mirror applications to backup sites in private or hybrid cloud
Virtual networks scale between physical locations
Application servers inherit configurations, are instantiated based on policy
Control and visibility across disparate physical locations
Hypervisor
Hypervisor
Hypervisor
DC1 Zone 1
Hypervisor
DC2 Zone 2
Policy Directory
SDN Controller
MP-BGP
Common application policy Enterprise wide, full workload mobility with no reconfiguration
Disaster Recovery
SDN Controller
Template
Conforms to:
• Connectivity
• Security
• QoS
• Statistics
Users
(Network)
Users
(Compute)
Hypervisor
DC1 Zone 1
1,000 Hosts
Hypervisor
DC1 Zone 1
1,000 Hosts
Config
Update
Update
Update Config
Update
Update security policies once, hierarchically & centrally.
Deployed across all appropriate endpoints instantaneously
Push-button network audit visibility
Adhere to changes across the infrastructure implicitly
Compliance with global security policies
Ensure configuration consistency
A Derived Benefit
Very cool…
Programmable SDN policy framework
Within & across datacenters
Multi-HV, Multi-DC
Independent of networking HW
Even in cases where network services
Cross Availability Zones
Span Enterprise and Service Provider
Burst from private to public infrastructure
So are we done? Not quite.
What are Enterprise Customers Telling us now?
PRIVATE CLOUD
PUBLIC CLOUD
SaaS CLOUD
Applications are far more interactive & dynamic
Users far more distributed, mobile & demanding
Work is not just done at work…
Enterprise WAN
“Many-where” is the new IT Reality…
Automated, instantaneous, easy to consume…
Branch Locations
Decades-old Branch Architectures are no match for today’s reality
Automation
Constrained access options
Limited hardware
Limited Automation
Private Cloud
Public Clouds
Evolved Datacenter Infrastructure
Automated
Instantaneous modifications
Simplified policy-driven management
Freedom of choice
Open
Status Quo at the Remote Location
o Manual provisioning
o Costly moves, adds and changes
o Complex management
o Limited choice
o Proprietary, vertically integrated
Unconstrained options
Branch offices Enterprise WAN DC Infrastructure
Specific provider
Imagine if…
Public Cloud
Automated operations
Private Cloud
Internet
On-Net
ANY Network
ONE COHESIVE ENVIRONMENT: FROM BRANCH TO WAN TO DATACENTER
Automated
Instantaneous policy-driven modifications
Simplified fulfillment & management
Freedom of choice
Open
Branch offices Enterprise WAN
SEAMLESS
on-boarding
ANY access
COTS
hardware & new fulfillment models
Virtualized Network Services Policy-driven network services for & by enterprises
VSP: Massively Multi-tenanted Policy & Control
Physica
l
Virtualized Services Controller (VSC)
Virtualized Services Directory (VSD)
x86 Compute Various form factors
. . . . Layer 4 Security
Traffic Steering QoS Layer 3
NSG Network Services Endpoint
NSG (Physical) NSG (Virtual)
Layer 2
✔ ✔
Bootstrap Network Services
VPNs, FW, ACLs, NAT…
THE BRANCH UNSHACKLED
CONTROL PLANE
BRANCH NETWORKING DEVICE
MGMT PLANE
FORWARDING PLANE
GENERAL PURPOSE COMPUTE
OPEN OS
Op
enFl
ow
SECURITY
TRAFFIC
STEERING QoS
Open CPE
ETHERNET
PROPRIETARY HARDWARE
Today’s Closed CPE
Customer Portal
Order Branch Equipment
Network Services Catalogue
Self-Service Network Service Delivery
Nuage Networks VNS Solution
Fixed and Mobile Access Networks
Customer A - Software Defined Network Service
IP-VPN Private IP
Internet
Customer locations
L2-VPN Business
Internet
In the new operational model
Users can turn up new services on
demand
Non-specialized personnel can turn up a
site In 10 minutes or less
Select VNS Service
The Benefits are clear
~ $50
~ $100
>$1,000
Per Mobile
Sub
Per Res BB
Sub
Per Remote
Site
Per Remote
Enterprise (VPN) Site
> 50% Reduction in operational cost
10x Faster site turn-up
What’s Possible
Taking the datacenter as it stands
Policy-Based Network Auto-instantiation
Agility without losing control & visibility
Virtualizing Networks not islands
Within & across Datacenters & branches
ANY APPLICATION,
ANY CLOUD,
EVERY TIME.
Key Takeaways:
Networks should follow at speed of cloud apps
SDN = Abstraction + Automation (& its principles really can drive more agility & less lock-in)
Policy-driven auto-instantiation in lieu of device-by-device configuration (like mobile networks)
Peering without boundaries, inclusive of branches (like the internet & VPNs)
Benefits must extend across all assets (virtualized & bare metal, as many of your critical apps require)