Copyright 2013 Alcatel-Lucent. All rights reserved.CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW

PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTIONNuage Networks

(Consumable) Networks without Borders

@SunilSKhandekar

Sunil KhandekarCEO, Nuage Networks

Copyright 2014 Alcatel-Lucent. All rights reserved.An Alcatel-Lucent Company

PHYSICAL & MANUAL DISTRIBUTED & AUTOMATED

The Cloud Shift

DYNAMICMULTI-TENANT

VIRTUALWORKLOADS API

NO-MOBILITYSINGLE TENANT

BARE METALWORKLOADS MANUAL

Copyright 2014 Alcatel-Lucent. All rights reserved.An Alcatel-Lucent Company

STATIC NETWORKS HIGHLY AUTOMATED NETWORKS

The Networking Shift

AUTOMATIONABSTRACTION

CONTROL VISIBILITY

✓

✓ ✓

✓The SDN FrameworkFor Highly Automated

Networks

CUSTOMCOMPLEX

COSTLY CLOSED

Focus on “Needs”, automate the “Means”

Major Trends Underway

-> Build programmable & automated IaaS/PaaS for all workloads

-> Provide IaaS and Secure VPC Services

-> Sovereign Clouds

-> Differentiate from AWS

-> Centralized Apps & hyper-distributed users require RETHINK of branch network connectivity & services

-> Provide self-managed, low

cost VPN services

-> Upsell network services

-> Automated, Agile cloud to connect virtualized Network Functions

-> CPU intensive Network Functions are ideal candidates as VNFs

-> Leverage webscalearchitectures and BigData tools for Analytics

PRIVATE & PUBLIC

CLOUDSNFV CLOUDS

BRANCH

CONNECTIVITY

Business Agility -> Massive Automation + Highly Simplified Operations

BGP

MPLS Internet Mobile

• Fast, simple core• Multi-service edge

• Multi-domain support

• Massive network scale

• Policy-driven, on-demand connectivity

• Massive user scale

Applying Principles of Proven Architectures

RemoteOffice

Wide Area Network

RemoteOffice BRANCH

Private/Public Cloud Architecture

Cloud ServiceMANAGEMENT Plane

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

DatacenterCONTROL Plane

DatacenterDATA Plane

DatacenterCONTROL Plane

WANCONTROL Plane

Data Center - 1

WANRouter

WANRouter

Network Control Plane

Network Control Plane

NetworkPolicy Engine

BGP BGP

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

DatacenterCONTROL Plane

Data Center - 3

WANRouter

Network Control Plane

BGP

Enterprise PRIVATE CLOUD PUBLIC CLOUD

Overlay

Learnings

Internet

Learnings

Mobile

Policy

Learnings

Requirements continue to evolve..

Distributed to Hyper-Distributed

Highly mobile users & workloads

Due to CONTAINERS

Single to Multi-Cloud

Private + Public (for selective workloads)

Branch + Private Cloud + Public Cloud

Workloads in Public Cloud1 + Public Cloud2

..Mandates solving for multi-ADMIN Domains

Initial Focus has been SINGLE ADMIN Domain..

Although not as apparent Single Domain ISLANDS ARE FORMING

The islands by themselves are Automated & Programmable, but the issue is that they are isolated within an Admin Domain

PRIVATE & PUBLIC

CLOUDSNFV CLOUDS

BRANCH

CONNECTIVITY

SINGLE ADMIN ISLANDS

Yet, Multi-Admin Domain Architectures represent NEW CHALLENGES

Business Requirements

Resiliency across multiple Availability Zones

Ability to provide consistent service across different security

policy domains dictated by Enterprise Branch location &

provider

Peering agreements between Public Cloud Providers and with

Enterprise’s Private Cloud

Business Drivers Mandate Separate Policy Engines...

DatacenterCONTROL Plane

DatacenterDATA Plane

Cloud ServiceMANAGEMENT Plane

NetworkPolicy Engine

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

DatacenterCONTROL Plane

WANCONTROL Plane

Data Center

WANRouter

Network Control Plane

Network Control Plane

BGP

Have we SOLVED the Multi-Administrative Domain Problem?

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

DatacenterCONTROL Plane

Data Center

WANRouter

Network Control Plane

RemoteOffice

Wide Area Network

RemoteOffice

Network Control Plane

WANCONTROL Plane

BGP

Cloud ServiceMANAGEMENT Plane

NetworkPolicy Engine

BGP

??

Enterprise PRIVATE CLOUD PUBLIC CLOUDBRANCHNFV CLOUD

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

Mobile

• Policy-driven, on-demand connectivity

• Massive user scale

Federated Policy of Mobile Networks

Learn from Mobile Networks

Endpoints can “roam”

Learn from Internet

This “route” is behind me

Policy Federation Approach

I am authoritative policy owner for this domain

Proxy all requests for this domain to me

An Approach to Federated Policy

Policy Federation can be achieved :

Within a SINGLE ADMIN DOMAIN

• Consistency and Availability are dominant requirements

Between Multiple ADMIN DOMAINS

• Partitioning (due to separate across admin domains) and Availability are dominant requirements

Pub/Sub Model

Convey Business/Location/compliance/Regulatory logic between Policy Engines

Final View: Networks without Borders

Consistent Network Services Across Admin Boundaries

Private

CloudBranches

Fixed and Mobile Networks

SINGLE SERVICE NETWORK FOR APPLICATION

InternetPrivate IPBusiness

Internet

GlobalWorkforce

IP-VPN

SERVICE NETWORK PER APPLICATION

Public

Cloud

NetworkPolicy Engine

NetworkPolicy Engine

143/18/2015

Thank You!

@nuagenetworks

@SunilSKhandekar