Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  @AristaNetworks   @nuagenetworks  

SDN                                        Dublin  

patrick.lynchehaun@nuagenetworks.net  

Nuage  Networks  

So3ware  Defined  Networking  

Internet  

Cloud Technologies Networking at scale Policy Based Solutions

Proven  by  success  with  Enterprises  and  Service  Providers    

 

§  Leader  in  SoBware  Defined  Networking  focusing  on  best  of  breed,  open  soluHons  

§  Alcatel-­‐Lucent  venture-­‐  Built  from  a  solid  networking  background  

§  Deployed  at  20+  Enterprise  and  Service  Provider  Customers  across  public  and  private  clouds  

VPN VPN

KVM/XEN   LXC/Docker  

ESXi  

Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  

§  Current  SituaHon  

§  Compute  is  Virtualized    

§  Available  in  Minutes  

§  Network  is  ParHally  Virtualized  

§  ConfiguraHon  takes  Days/Weeks  

Network  ConfiguraHon  

Compute    Management  

New  Tenant  /  ApplicaHon  Request  

Auto-­‐instanHaHon  

Compute Request completed in

Minutes Help Desk Change Control

IP Address

VLAN Address

Firewall Configuration

LAN (VLAN) Configuration

WAN (IP) Configuration

Security / QA Team

Project Coordinator

Network Change completed in days/Weeks

00:01  

AutomaHng  and  Securing  the  Network  

Cloud  Service    Management  Plane  

Virtualized  Services  Directory  

Datacenter    Control  Plane  

Virtualized  Services  Controller  

Virtualized  Services  Directory  (VSD)  •  Network  Policy  Engine  –  abstracts  complexity  •  Service  templates  and  analyHcs  

Nuage  Networks  Virtualized  Services  PlaKorm  (VSP)  

Virtual  RouMng  &  Switching  (VRS)  •  Distributed  switch  /  router  –  L2-­‐4  rules  •  IntegraHon  of  bare  metal  assets  

Virtualized  Services  Controller  (VSC)  •  SDN  Controller,  programs  the  network  •  Rich  rouHng  feature  set    

WAN  Router    

MP-­‐BGP    

MP-­‐BGP    

Datacenter  Data  Plane  

Virtual  RouHng  &  Switching    

HYPERVISOR  

HYPERVISOR  

HYPERVISOR  

HYPERVISOR  

HYPERVISOR  

HYPERVISOR  

Brooklyn  Datacenter  -­‐    Zone  1  

IP  Fabric  

Hardware  GW  for  

Bare  Metal    

Nuage  Networks  Virtual  Services  PlaKorm  

Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  

Nuage  VRS  (Hypervisor)  

•  Single  OVS  Bridge  –  Is  Flow-­‐Based  –  Performs  Firewalling,  

Switching,  RouHng,  NAT,  …  –  Processes  ARP,  DHCP  locally  

•  Does  not  require  Dedicated  Network  Node  for  RouHng,  DNAT,  SNAT,  DHCP      

VRS  (Single  OVS  bridge)  

 

Nuage  VRS  (Hypervisor)  

Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  

VSP  Role  in  the  Policy  Workflow  

Compute    Management  

2  

Policy  InstanMaMon  •  IP  address,  •  L2,  L3  service  •  MulH-­‐domain,  WAN  •  Security  /  FW  secngs  •  QoS  parameters  

Network Change Completed automatically 00:01  

Nuage  VSP  

Networking, Security policies

1  

Compute  policies  

1  

3  

Overall  Policy/OrchestraHon  Engine  

Firewall  

Firewall  

4  

Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  

Example  of  tools  used  in  CI/CD-­‐Chain  

Commit   Automated  and  repeatable  -­‐ Build  of  packages  -­‐ Deployment  of  infrastructure  -­‐ Deployment  of  new  package  -­‐ Unit  /  IntegraHon  /  Performance  TesHng  

 

Package  

Repeatable  allocaHon  of    Servers,  Storage,  Network,  Security  

Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  @AristaNetworks   @nuagenetworks  

Arista  IntegraMon    

Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  

Arista  and  Nuage  SoluHon  Highlights  

Cloud  Service    Management  Plane  

Datacenter  1    Control  Plane  

Datacenter  1  Data  Plane  

Virtual  RouHng  &  Switching  

Virtualized  Services  Directory  

Virtualized  Services  Controller  

HYPERVISOR  

HYPERVISOR  

HYPERVISOR  

HYPERVISOR  

HYPERVISOR  

HYPERVISOR  

Metropolis  Datacenter  -­‐    Zone  1  

IP  Fabric  

MP-­‐BGP    MP-­‐BGP  

 

•  Supported  Services  in  Nuage  VSP  Release  3.0  •  L2  domain/VXLAN  with  MAC  Learning  in  the  

data  path  

•  VSC  integraHon  point  •  VSC  uses  OVSDB  to  push  VLAN,  VXLAN,  port  

configuraHon  to  Arista  •  VSC  MP-­‐BGP  federaHon  enables  Arista  

VXLAN  extension  across  DC  domains  

•  Data  plane  interoperability  •  Arista  performs  Head  End  ReplicaHon    &  

sends  BUM  traffic  to  all  VTEPs  (SW  and  HW)  associated  with  a  VNI  

•  Nuage  &  Arista  VXLAN  instances  perform  MAC  learning  on  interconnecHng  tunnels  

Datacenter  2  Edge  Router  

CVX*

Arista  VXLAN  GW  

Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  

Nuage  VSP  and  Arista  HW  VXLAN  Gateway  IntegraHon  

Virtual    RouHng  &  

Switching  (VRS)  

Virtualized  Services  Controller    (VSC)  

Hypervisors,  servers  

Virtualized  Services  

Directory  (VSD)  

4.  VSC  sends  VXLAN  service  aiributes  (OVSDB)  

Nuage  VSP  

2.  VSD  takes  control  of  Arista  VXLAN  GWs  •  Discovers  Arista  via  VSC  •  Assigns  permissions  to  

Arista  resources  •  Configures  VLANs  •  Map  endpoints  to  service  

templates  (HW  GW  &  VRS)  

VXLAN  datapath  with  MAC  Learning  

3.  VSD  sends  to  VSC  related  service  informaHon  

5.  Arista  HW  VTEP  is  configured:  Port-­‐VLAN  mapping  to  VXLAN,  VXLAN  VNID  &  list  of  tunnels  

Arista  VXLAN  GW  Arista VXLAN  GW  

ApplicaHon  plalorm  

1.  Configure  VSC  on  Arista  GW  •  VSC-­‐Arista  OVSDB  

control  established    

6.  VSC  sends  flood  list  to  Arista  whenever  a  new  host  or  end  point  is  discovered  (SW  or  HW  VTEP)  

CVX*

*Arista  Strictly  Private  &  ConfidenHal  –  shared  under  NDA  only  

Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  

   WAN      

MP-­‐BGP    Nuage  VSD  

Policy  driven    automaHon  

Inter-­‐Data  Center  connecHvity  

OVSDB

Nuage  VSC  

Arista VXLAN GW!Arista VXLAN GW!

Bare Metal Server & Virtualized Servers and Storage

Arista VXLAN GW!Arista VXLAN GW!

VM   VM  

Hypervisor  

Virtual  RouMng  &  Switching  (VRS)    

CVX*

Data  Center  1  

OVSDB

Nuage  VSC  

Arista VXLAN GW!Arista VXLAN GW!

Bare Metal Server & Virtualized Servers and Storage

Arista VXLAN GW!Arista VXLAN GW!

VM   VM  

Hypervisor  

Virtual  RouMng  &  Switching  (VRS)    

CVX*

Data  Center  2  

DC  Edge  Router  DC  Edge  Router  

MP-­‐BGP    

Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  

Service  InserHon  

Virtualized  Services  Directory    

Nuage  VSD  

Arista VXLAN GW!

Physical or virtual service appliances

Arista VXLAN GW!Arista VXLAN GW!

Zone 1

Policy  driven  automaHon  

Virtualized  Services  Controller  

Nuage  VSC  

VM  FW1  

Hypervisor  

Virtual  RouMng  &  Switching  (VRS)    

LB VM  VM  

Arista VXLAN GW!

ApplicaMon  VMs  VM  

Traffic  from  VMs  

BUSINESS  LOGIC  

DATABASE  SERVERS  

FW1  

BL  

DB  

BL  

DB  

FW2  

South  

BL  FW2

DB  

LB

A  logical  view  of  the  service  chain  topology  

Copyright  2016  Alcatel-­‐Lucent.  All  rights  reserved.  

Demo  

Extending Cloud to Bare-metal Network

Management  Plane  

Control  Plane  

IP  Network  Data  Plane  

VSD  

VSC  

Baremetal  Network  VLANx

VXLAN

CVX  

Database  

VRS  

Physical  Device  Virtual  Device   VRS/HV-­‐Remote  Leaf  VXLAN VLAN

DOMAIN

NETWORK

TOR  

Subnet

-  Extended Layer2 connectivity across spine to remote racks via VXLAN tunnel with Bare-metal network

-  Underlay network extended into the overlay

Overlay

OVSDB

vms

https://youtu.be/kLJg4O9rI50

Automation Nuage VSP

Management  Plane  

Control  Plane  

IP  Network  Data  Plane  

VSD  

VSC  

VXLAN

VRS  

Virtual  Device  Inter-­‐Rack    

VXLAN

DOMAIN

NETWORK

Subnet vm

VRS  

Subnet

vm Overlay

Virtual  Device  

Example script to build full network connectivity between racks using Nuage VSPK

https://youtu.be/ael15tddmFk