Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW

PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks

(Consumable) Networks without Borders

Charles Ferland Vice President Business Development, Nuage Networks charles.ferland@nuagenetworks.net

June 2015

Copyright 2014 Alcatel-Lucent. All rights reserved. An Alcatel-Lucent Company

PHYSICAL & MANUAL DISTRIBUTED & AUTOMATED

The Cloud Shift

DYNAMIC MULTI-TENANT

VIRTUAL WORKLOADS API

NO-MOBILITY SINGLE TENANT

BARE METAL WORKLOADS MANUAL

Copyright 2014 Alcatel-Lucent. All rights reserved. An Alcatel-Lucent Company

STATIC NETWORKS HIGHLY AUTOMATED NETWORKS

The Networking Shift

AUTOMATION ABSTRACTION

CONTROL VISIBILITY

✓

✓ ✓

✓ The SDN Framework For Highly Automated

Networks

CUSTOM COMPLEX

COSTLY CLOSED

Focus on “Needs”, automate the “Means”

Major Trends Underway

-> Build programmable & automated IaaS/PaaS for all workloads -> Provide IaaS and Secure VPC Services -> Sovereign Clouds -> Differentiate from AWS

-> Centralized Apps & hyper-distributed users require RETHINK of branch network connectivity & services -> Provide self-managed, low

cost VPN services

-> Upsell network services

-> Automated, Agile cloud to connect virtualized Network Functions -> CPU intensive Network Functions are ideal candidates as VNFs -> Leverage webscale architectures and BigData tools for Analytics

PRIVATE & PUBLIC

CLOUDS NFV CLOUDS

BRANCH

CONNECTIVITY

Business Agility -> Massive Automation + Highly Simplified Operations

BGP

MPLS Internet Mobile

Fast, simple core Multi-service edge

Multi-domain support

Massive network scale

Policy-driven, on-demand connectivity

Massive user scale

Applying Principles of Proven Architectures

Remote Office

Wide Area Network

Remote Office BRANCH

Private/Public Cloud Architecture

Cloud Service MANAGEMENT Plane

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

Datacenter CONTROL Plane

Datacenter DATA Plane

Datacenter CONTROL Plane

WAN CONTROL Plane

Data Center - 1

WAN Router

WAN Router

Network Control Plane

Network Control Plane

Network Policy Engine

BGP BGP

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

Datacenter CONTROL Plane

Data Center - 3

WAN Router

Network Control Plane

BGP

Enterprise PRIVATE CLOUD PUBLIC CLOUD

Overlay

Learning's

Internet

Learning's

Mobile

Policy

Learning's

Define in business terms what networking resources are available to applications

Declare security policies in the applications context (not TCP port #)

Enforce these policies in the vSwitch independently of the network equipment

being used

Central policies:

Better governance

Human errors minimized

Quicker time to service

A Policy Approach

Service Mapping

Service Binding

Application Request

web app db

APPLICATION ATTRIBUTES

TECHNOLOGY ATTRIBUTES

TOPOLOGY ATTRIBUTES

W W

BL BL

Firewall

Firewall

Current Cloud Provisioning

Compute is virtualized

Available in minutes

Network is partially virtualized

Configuration takes days/weeks

Network Configuration

Compute Management

Application Request

Help Desk Change Control

IP Address

VLAN Address

Firewall Configuration

LAN (VLAN) Configuration

WAN (IP) Configuration

Security / QA Team

Project Coordinator

Network change completed in days/weeks

Service velocity is hindered by manual network process

Auto-instantiation

Compute request completed in

minutes

00:01

Nuage Networks Policy & Integration into a single request

Application Request

Service velocity is not hindered by manual network process

Compute Management

Networking

Security/ Compliance

Policy Templates

Nuage Networks VSP

Auto-instantiation

Compute request completed in minutes

IP address

WAN interconnect

Policy / Security Zones

L2 /L3 Service AD

Service chaining

Policy Instantiation • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • …

Network change completed automatically

00:01

00:01

Requirements continue to evolve..

Distributed to Hyper-Distributed

Highly mobile users & workloads

Due to CONTAINERS

Single to Multi-Cloud

Private + Public (for selective workloads)

Branch + Private Cloud + Public Cloud

Workloads in Public Cloud1 + Public Cloud2

..Mandates solving for multi-ADMIN Domains

Initial Focus has been SINGLE ADMIN Domain..

Although not as apparent Single Domain ISLANDS ARE FORMING

The islands by themselves are Automated & Programmable, but the issue is that they are isolated within an Admin Domain

PRIVATE & PUBLIC

CLOUDS NFV CLOUDS

BRANCH

CONNECTIVITY

SINGLE ADMIN ISLANDS

Yet, Multi-Admin Domain Architectures represent NEW CHALLENGES

Business Requirements

Resiliency across multiple Availability Zones

Ability to provide consistent service across different security

policy domains dictated by Enterprise Branch location &

provider

Peering agreements between Public Cloud Providers and with

Enterprise’s Private Cloud

Business Drivers Mandate Separate Policy Engines...

Datacenter CONTROL Plane

Datacenter DATA Plane

Cloud Service MANAGEMENT Plane

Network Policy Engine

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

Datacenter CONTROL Plane

WAN CONTROL Plane

Data Center

WAN Router

Network Control Plane

Network Control Plane

BGP

Have we SOLVED the Multi-Administrative Domain Problem?

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

Datacenter CONTROL Plane

Data Center

WAN Router

Network Control Plane

Remote Office

Wide Area Network

Remote Office

WAN CONTROL Plane

BGP

Cloud Service MANAGEMENT Plane

Network Policy Engine

BGP

??

Enterprise PRIVATE CLOUD PUBLIC CLOUD BRANCH NFV CLOUD

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

Network Control Plane

Mobile

Policy-driven, on-demand connectivity

Massive user scale

Federated Policy of Mobile Networks

Learn from Mobile Networks

Endpoints can “roam”

Learn from Internet

This “route” is behind me

Policy Federation Approach

I am authoritative policy owner for this domain

Proxy all requests for this domain to me

An Approach to Federated Policy

Policy Federation can be achieved :

Within a SINGLE ADMIN DOMAIN

• Consistency and Availability are dominant requirements

Between Multiple ADMIN DOMAINS

• Partitioning (due to separate across admin domains) and Availability are dominant

requirements

Publisher/Subscriber Model (i.e.: what is used in social networks)

Convey Business/Location/compliance/Regulatory logic between Policy Engines

Cap Theorem: You can only really achieve two of the guarantees at the time:

Consistency Availability Partition tolerance

Networks without Borders

Consistent Network Services Across Admin Boundaries

Private

Cloud

Branches

Fixed and Mobile Networks

SINGLE SERVICE NETWORK FOR APPLICATION

Internet Private IP

Global Workforce

IP-VPN

SERVICE NETWORK PER APPLICATION

Public

Cloud

Network Policy Engine

Network Policy Engine

Business

Internet

Cloud Service Management Plane

Data Center Control Plane

Data Center Data Plane

Virtual Routing & Switching

Virtualized Services Directory

Virtualized Services Controller

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analytics

Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich routing feature set

Virtual Routing & Switching (VRS) • Distributed switch / router – L2-4 rules • Integration of bare metal assets

Nuage Networks Virtualized Services Platform (VSP)

IP Fabric

Gateway for bare metal servers

Nuage Networks Virtualized Services Platform

EXISTING

DATA CENTER

NETWORK

. . . .

Any Compute Virtualization Environment

Any Data Center Network Infrastructure

Any Server or Hypervisor

Open environment

ANY APPLICATION, ANY CLOUD, EVERY TIME

ESXi KVM Hyper-V

XEN

Bare Metal

Value

Time

An SDN Journey … Delivering value over the network

Nuage Networks Virtualized Service Platform (VSP)

Hypervisor

Hypervisor

Hypervisor

• 40% increase in asset utilization

• 50% OPEX reduction • 10x improvement in service

time • Build “modern networks”

on top of existing infrastructure

• Extend life of Net HW and increase utilization

• Break dependency between features and HW supplier

Data center

Any Network

Public Datacenter

Branch

Branch Branc

h

• Reuse existing network infrastructure

• COTS hardware CPE • Advanced features in SW versus

bound to HW • Central/common policy engine

reflecting business values vs net capabilities

• Automated bootup process

Branch locations

• Increase resiliency • Enable hybrid/public cloud • “Follow the sun” apps

support where you move workloads where/when needed

• Allow workloads to move from one data center to another

• Keep the same net profile/security regardless of the location WAN

VM VM

VM

Virtual Net

Existing Network

20 6/11/2015

Thank You!

@nuagenetworks