(consumable) networks without borders
TRANSCRIPT
Copyright 2013 Alcatel-Lucent. All rights reserved.CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTIONNuage Networks
(Consumable) Networks without Borders
@SunilSKhandekar
Sunil KhandekarCEO, Nuage Networks
Copyright 2014 Alcatel-Lucent. All rights reserved.An Alcatel-Lucent Company
PHYSICAL & MANUAL DISTRIBUTED & AUTOMATED
The Cloud Shift
DYNAMICMULTI-TENANT
VIRTUALWORKLOADS API
NO-MOBILITYSINGLE TENANT
BARE METALWORKLOADS MANUAL
Copyright 2014 Alcatel-Lucent. All rights reserved.An Alcatel-Lucent Company
STATIC NETWORKS HIGHLY AUTOMATED NETWORKS
The Networking Shift
AUTOMATIONABSTRACTION
CONTROL VISIBILITY
✓
✓ ✓
✓The SDN FrameworkFor Highly Automated
Networks
CUSTOMCOMPLEX
COSTLY CLOSED
Focus on “Needs”, automate the “Means”
Major Trends Underway
-> Build programmable & automated IaaS/PaaS for all workloads
-> Provide IaaS and Secure VPC Services
-> Sovereign Clouds
-> Differentiate from AWS
-> Centralized Apps & hyper-distributed users require RETHINK of branch network connectivity & services
-> Provide self-managed, low
cost VPN services
-> Upsell network services
-> Automated, Agile cloud to connect virtualized Network Functions
-> CPU intensive Network Functions are ideal candidates as VNFs
-> Leverage webscalearchitectures and BigData tools for Analytics
PRIVATE & PUBLIC
CLOUDSNFV CLOUDS
BRANCH
CONNECTIVITY
Business Agility -> Massive Automation + Highly Simplified Operations
BGP
MPLS Internet Mobile
• Fast, simple core• Multi-service edge
• Multi-domain support
• Massive network scale
• Policy-driven, on-demand connectivity
• Massive user scale
Applying Principles of Proven Architectures
RemoteOffice
Wide Area Network
RemoteOffice BRANCH
Private/Public Cloud Architecture
Cloud ServiceMANAGEMENT Plane
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
DatacenterCONTROL Plane
DatacenterDATA Plane
DatacenterCONTROL Plane
WANCONTROL Plane
Data Center - 1
WANRouter
WANRouter
Network Control Plane
Network Control Plane
NetworkPolicy Engine
BGP BGP
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
DatacenterCONTROL Plane
Data Center - 3
WANRouter
Network Control Plane
BGP
Enterprise PRIVATE CLOUD PUBLIC CLOUD
Overlay
Learnings
Internet
Learnings
Mobile
Policy
Learnings
Requirements continue to evolve..
Distributed to Hyper-Distributed
Highly mobile users & workloads
Due to CONTAINERS
Single to Multi-Cloud
Private + Public (for selective workloads)
Branch + Private Cloud + Public Cloud
Workloads in Public Cloud1 + Public Cloud2
..Mandates solving for multi-ADMIN Domains
Initial Focus has been SINGLE ADMIN Domain..
Although not as apparent Single Domain ISLANDS ARE FORMING
The islands by themselves are Automated & Programmable, but the issue is that they are isolated within an Admin Domain
PRIVATE & PUBLIC
CLOUDSNFV CLOUDS
BRANCH
CONNECTIVITY
SINGLE ADMIN ISLANDS
Yet, Multi-Admin Domain Architectures represent NEW CHALLENGES
Business Requirements
Resiliency across multiple Availability Zones
Ability to provide consistent service across different security
policy domains dictated by Enterprise Branch location &
provider
Peering agreements between Public Cloud Providers and with
Enterprise’s Private Cloud
Business Drivers Mandate Separate Policy Engines...
DatacenterCONTROL Plane
DatacenterDATA Plane
Cloud ServiceMANAGEMENT Plane
NetworkPolicy Engine
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
DatacenterCONTROL Plane
WANCONTROL Plane
Data Center
WANRouter
Network Control Plane
Network Control Plane
BGP
Have we SOLVED the Multi-Administrative Domain Problem?
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
DatacenterCONTROL Plane
Data Center
WANRouter
Network Control Plane
RemoteOffice
Wide Area Network
RemoteOffice
Network Control Plane
WANCONTROL Plane
BGP
Cloud ServiceMANAGEMENT Plane
NetworkPolicy Engine
BGP
??
Enterprise PRIVATE CLOUD PUBLIC CLOUDBRANCHNFV CLOUD
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Mobile
• Policy-driven, on-demand connectivity
• Massive user scale
Federated Policy of Mobile Networks
Learn from Mobile Networks
Endpoints can “roam”
Learn from Internet
This “route” is behind me
Policy Federation Approach
I am authoritative policy owner for this domain
Proxy all requests for this domain to me
An Approach to Federated Policy
Policy Federation can be achieved :
Within a SINGLE ADMIN DOMAIN
• Consistency and Availability are dominant requirements
Between Multiple ADMIN DOMAINS
• Partitioning (due to separate across admin domains) and Availability are dominant requirements
Pub/Sub Model
Convey Business/Location/compliance/Regulatory logic between Policy Engines
Final View: Networks without Borders
Consistent Network Services Across Admin Boundaries
Private
CloudBranches
Fixed and Mobile Networks
SINGLE SERVICE NETWORK FOR APPLICATION
InternetPrivate IPBusiness
Internet
GlobalWorkforce
IP-VPN
SERVICE NETWORK PER APPLICATION
Public
Cloud
NetworkPolicy Engine
NetworkPolicy Engine
143/18/2015
Thank You!
@nuagenetworks
@SunilSKhandekar