mef gen14 presentation. effortless connection: a policy-driven approach to networking for the...

COPYRIGHT © 2014 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

EFFORTLESS CONNECTION A POLICY-DRIVEN APPROACH TO NETWORKING FOR THE DC & BEYOND Houman Modarres 17 November 2014

2 COPYRIGHT © 2014 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

§  Cloud has transformed the way applica3ons are being consumed

§  From “order and wait”

§  To “instant gra2fica2on”

The Consump2on Shi:

Copyright 2014 Alcatel-‐Lucent. All rights reserved. An Alcatel-‐Lucent Company

§  The Networking ShiF

§  Abstrac2on = Separa3ng the “what” from the “how”

§  Automa2on = Policy-‐driven resource instan3a3on

§  Focus on the needs, automate the means

A@ribu2on of value

A@ribu2on of Value

4 COPYRIGHT © 2014 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

§  The Marriage of “IP” & “IT”

§  Bridging the Gap…

§  Network Services on demand, in support of cloud applica3ons

§  Any applica3on, any cloud, every 3me

The Big Change

Copyright 2014 Alcatel-‐Lucent. All rights reserved.

CONFIDENTIAL -‐ SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION

The Datacenter as a Microcosm

Networking every bit as instantaneous and readily consumable as compute

§  Boundary-‐less: Networks, not islands

§  Open: Preserve freedom of choice

§  Policy-‐Driven: Automa3on with security & visibility



“More of the same…”

Single-‐Stack HDN

Vendor B

Hypervisor

CMS

Single-‐Stack SDN

Vendor A

Hypervisor

CMS

SDN

XEN

KVM

Ecosystem Approach

Open (Best of Breed)

LXC

Docker ESXi

Hyper-‐V Programmable NW OS

SS -‐ SDN

SS -‐ HDN

VS.

Open



Business VPN Service

Private Datacenter

Boundary-‐less



Compute Management

Tenant / Applica3on Request Networking

Security/ Compliance

Auto-‐instan3a3on

Compute Request completed in Minutes

00:01

IP address

WAN interconnect

Policy / Security Zones

L2 /L3 Service AD

Service chaining

Templates

SDN Layer

Policy Instan2a2on •  IP address 10.x.y.z •  VLAN configura3on •  WAN configura3on •  Security / FW seengs •  QoS parameters •  …

Network Change Completed automatically

00:01

Policy-‐Driven Automa2on



Virtualized Services Directory (VSD) •  Network Policy Engine – abstracts complexity •  Service templates and analy3cs

Virtualized Services Controller (VSC) •  SDN Controller, programs the network •  Rich rou3ng feature set

Virtual Rou2ng & Switching (VRS) •  Distributed switch / router – L2-‐4 rules •  Integra3on of bare metal assets

Nuage Networks Virtualized Services PlaZorm (VSP)

Cloud Service Management Plane

Virtualized Services Directory

Datacenter Control Plane

Virtualized Services Controller

WAN Router

MP-‐BGP

MP-‐BGP

Datacenter Data Plane

Virtual Rou3ng & Switching

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

Brooklyn Datacenter -‐ Zone 1

IP Fabric

Hardware GW for

Bare Metal

Ø  L2-‐L7 networking services > Service Chaining Ø  L2-‐L3 VPN, QoS, ACLs/PBR, NAT > Sta2s2cs/Repor2ng Ø  Stateful FW, DHCP, DNS > QoS ACLs/PBR, NAT

How It Gets Done



Automated, instantaneous, easy to consume…

PRIVATE CLOUD

PUBLIC CLOUD

SaaS CLOUD

“Many-‐where” is the New IT Reality

§  Applica2ons are far more interac3ve & dynamic

§  Users far more distributed, mobile & demanding

§  Work is not just done at work…

Enterprise WAN

Branch Loca3ons



Closed systems are dead

Sta2c models are dead

Hub & Spoke architecturesare dead

Branch Architectures are no match for today’s reality



Closing the Gap

Automa3on

Private Cloud

Public Clouds

Unconstrained op3ons

DC Infrastructure

ü  Automated ü  Instantaneous modifica3ons ü  Simplified policy-‐driven management ü  Freedom of choice

Evolved Datacenter Infrastructure

Constrained access op3ons

Limited hardware

Limited Automa3on

Branch offices Enterprise WAN

Specific provider

Status Quo at the Remote Loca2on

o  Costly moves, adds and changes o  Complex management o  Limited choice o  Proprietary hardware, ver3cally integrated


CONFIDENTIAL -‐ SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION 11/19/14

13

Proposed Alterna2ves Don’t Go Far Enough

Enhanced PMO: “Virtually the same”

Cloud-‐based management of exis3ng

branch devices

Cost-‐op3mized branch routers

Full Mesh Security

Virtualized CPE

Imagine if…

Private Cloud

Internet

On-‐Net ANY Network

Branch offices Enterprise WAN

SEAMLESS on-‐boarding

ANY access General Purpose

hardware & new fulfillment models

Public Cloud

Automated opera3ons

ü  Automated ü  Instantaneous policy-‐driven modifica3ons ü  Simplified fulfillment & management ü  Freedom of choice ü  Open

One Cohesive Environment: From Branch to WAN to Datacenter



Now that is possible

Virtualized Network Services

Enterprise Loca3ons

Open CPE

Consistent Policy-‐based automa3on

Flexible Deployment Models

✔✔

✔✔

Networks

Clouds

Apps

Now That’s Possible



Consistent Policy-‐Based Automa2on

. . . . Layer 4 Security

Traffic Steering QoS Layer 3

NSG Network Services Gateway

Layer 2

✔✔

Bootstrap Network Services

VPNs, FW, ACLs, NAT…

VSP: Massively Multi-tenanted Policy & Control

Virtualized Services Controller (VSC)

Virtualized Services Directory (VSD)

NSG (Physical) NSG (Virtual)

THE BRANCH UNSHACKLED

CONTROL PLANE

BRANCH NETWORKING DEVICE

MGMT PLANE

FORWARDING PLANE

GENERAL PURPOSE COMPUTE

OPEN OS

Ope

nFlow

SECURITY

TRAFFIC STEERING QoS

Open CPE

ETHERNET

PROPRIETARY HARDWARE

Today’s Closed CPE

Flexible Deployment Models

Customer Portal

Nuage Networks VNS Solu3on

Fixed and Mobile Access Networks

Customer A -‐ So:ware Defined Network Service

IP-‐VPN Private IP

Internet

Customer loca2ons

L2-‐VPN Business Internet

Public clouds

Private clouds

Order Branch Equipment

Network Services Catalogue

Select VNS Service



The Benefits are clear

Closing the Service Provisioning Gap

The Benefits are clear

$100

$1,000

Per Mobile Sub

Per Res BB Sub

Per Remote Enterprise (VPN) Site

Per Remote Site $50

10x Faster site turn-‐up

> 50% reduc3on in opera3onal

cost



§  From Branch to WAN to Datacenter §  By or for Enterprises

DISTINCT & DISJOINTED ISLANDS

ONE COHESIVE ENVIRONMENT BRINGING CLOUD SPEED TO THE ENTERPRISE



THANK YOU

About Nuage Networks

§  Leader in SoFware Defined Networking focused on best of breed, open solu3ons

§  Applying lessons learned in Internet, wireless, VPN…

§  Alcatel-‐Lucent venture, based in Silicon Valley

§  Happy to discuss how we can help... Talk to us!

Follow us: @nuagenetworks

In our first 18 months…

§  15+ wins & deployments

§  60+ trials completed worldwide

§  Financial Services, Healthcare, Cloud providers, Service Providers, in produc3on in every geographical theatre

§  Expanding use cases & applica3ons §  Growing partner & OEM ecosystem

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor DC1 Zone 1

Cloud Service Management Plane

Datacenter Control Plane

Datacenter Data Plane DC1 Zone 2 Datacenter 2`

Federa3on of controllers

DC WAN Router

Service Provider Data Plane

IP / MPLS

Service Provider Control Plane


Virtualized Services Directory


Business VPN Service

Private Datacenter

Domain

Subnets

VPN Internet

Zones

Policies

SDN Automa2on across all DC Assets

DC 2 Bare Metal Assets

Nuage 7850 VSG

mef gen14 presentation. effortless connection: a policy-driven approach to networking for the...

Technology

alcatellucent company

open copyright

proprietary use pursuant

authorized persons

security visibility

policydriven approach

big change copyright

gap network services