(Consumable) Networks without Borders - Charles Ferland, Interop Tokyo June 2015
-
Upload
nuage-networks -
Category
Technology
-
view
150 -
download
3
Transcript of (Consumable) Networks without Borders - Charles Ferland, Interop Tokyo June 2015
Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks
(Consumable) Networks without Borders
Charles Ferland Vice President Business Development, Nuage Networks [email protected]
June 2015
Copyright 2014 Alcatel-Lucent. All rights reserved. An Alcatel-Lucent Company
PHYSICAL & MANUAL DISTRIBUTED & AUTOMATED
The Cloud Shift
DYNAMIC MULTI-TENANT
VIRTUAL WORKLOADS API
NO-MOBILITY SINGLE TENANT
BARE METAL WORKLOADS MANUAL
Copyright 2014 Alcatel-Lucent. All rights reserved. An Alcatel-Lucent Company
STATIC NETWORKS HIGHLY AUTOMATED NETWORKS
The Networking Shift
AUTOMATION ABSTRACTION
CONTROL VISIBILITY
✓
✓ ✓
✓ The SDN Framework For Highly Automated
Networks
CUSTOM COMPLEX
COSTLY CLOSED
Focus on “Needs”, automate the “Means”
Major Trends Underway
-> Build programmable & automated IaaS/PaaS for all workloads -> Provide IaaS and Secure VPC Services -> Sovereign Clouds -> Differentiate from AWS
-> Centralized Apps & hyper-distributed users require RETHINK of branch network connectivity & services -> Provide self-managed, low
cost VPN services
-> Upsell network services
-> Automated, Agile cloud to connect virtualized Network Functions -> CPU intensive Network Functions are ideal candidates as VNFs -> Leverage webscale architectures and BigData tools for Analytics
PRIVATE & PUBLIC
CLOUDS NFV CLOUDS
BRANCH
CONNECTIVITY
Business Agility -> Massive Automation + Highly Simplified Operations
BGP
MPLS Internet Mobile
Fast, simple core Multi-service edge
Multi-domain support
Massive network scale
Policy-driven, on-demand connectivity
Massive user scale
Applying Principles of Proven Architectures
Remote Office
Wide Area Network
Remote Office BRANCH
Private/Public Cloud Architecture
Cloud Service MANAGEMENT Plane
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Datacenter CONTROL Plane
Datacenter DATA Plane
Datacenter CONTROL Plane
WAN CONTROL Plane
Data Center - 1
WAN Router
WAN Router
Network Control Plane
Network Control Plane
Network Policy Engine
BGP BGP
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Datacenter CONTROL Plane
Data Center - 3
WAN Router
Network Control Plane
BGP
Enterprise PRIVATE CLOUD PUBLIC CLOUD
Overlay
Learning's
Internet
Learning's
Mobile
Policy
Learning's
Define in business terms what networking resources are available to applications
Declare security policies in the applications context (not TCP port #)
Enforce these policies in the vSwitch independently of the network equipment
being used
Central policies:
Better governance
Human errors minimized
Quicker time to service
A Policy Approach
Service Mapping
Service Binding
Application Request
web app db
APPLICATION ATTRIBUTES
TECHNOLOGY ATTRIBUTES
TOPOLOGY ATTRIBUTES
W W
BL BL
Firewall
Firewall
Current Cloud Provisioning
Compute is virtualized
Available in minutes
Network is partially virtualized
Configuration takes days/weeks
Network Configuration
Compute Management
Application Request
Help Desk Change Control
IP Address
VLAN Address
Firewall Configuration
LAN (VLAN) Configuration
WAN (IP) Configuration
Security / QA Team
Project Coordinator
Network change completed in days/weeks
Service velocity is hindered by manual network process
Auto-instantiation
Compute request completed in
minutes
00:01
Nuage Networks Policy & Integration into a single request
Application Request
Service velocity is not hindered by manual network process
Compute Management
Networking
Security/ Compliance
Policy Templates
Nuage Networks VSP
Auto-instantiation
Compute request completed in minutes
IP address
WAN interconnect
Policy / Security Zones
L2 /L3 Service AD
Service chaining
Policy Instantiation • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • …
Network change completed automatically
00:01
00:01
Requirements continue to evolve..
Distributed to Hyper-Distributed
Highly mobile users & workloads
Due to CONTAINERS
Single to Multi-Cloud
Private + Public (for selective workloads)
Branch + Private Cloud + Public Cloud
Workloads in Public Cloud1 + Public Cloud2
..Mandates solving for multi-ADMIN Domains
Initial Focus has been SINGLE ADMIN Domain..
Although not as apparent Single Domain ISLANDS ARE FORMING
The islands by themselves are Automated & Programmable, but the issue is that they are isolated within an Admin Domain
PRIVATE & PUBLIC
CLOUDS NFV CLOUDS
BRANCH
CONNECTIVITY
SINGLE ADMIN ISLANDS
Yet, Multi-Admin Domain Architectures represent NEW CHALLENGES
Business Requirements
Resiliency across multiple Availability Zones
Ability to provide consistent service across different security
policy domains dictated by Enterprise Branch location &
provider
Peering agreements between Public Cloud Providers and with
Enterprise’s Private Cloud
Business Drivers Mandate Separate Policy Engines...
Datacenter CONTROL Plane
Datacenter DATA Plane
Cloud Service MANAGEMENT Plane
Network Policy Engine
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Datacenter CONTROL Plane
WAN CONTROL Plane
Data Center
WAN Router
Network Control Plane
Network Control Plane
BGP
Have we SOLVED the Multi-Administrative Domain Problem?
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Datacenter CONTROL Plane
Data Center
WAN Router
Network Control Plane
Remote Office
Wide Area Network
Remote Office
WAN CONTROL Plane
BGP
Cloud Service MANAGEMENT Plane
Network Policy Engine
BGP
??
Enterprise PRIVATE CLOUD PUBLIC CLOUD BRANCH NFV CLOUD
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Network Control Plane
Mobile
Policy-driven, on-demand connectivity
Massive user scale
Federated Policy of Mobile Networks
Learn from Mobile Networks
Endpoints can “roam”
Learn from Internet
This “route” is behind me
Policy Federation Approach
I am authoritative policy owner for this domain
Proxy all requests for this domain to me
An Approach to Federated Policy
Policy Federation can be achieved :
Within a SINGLE ADMIN DOMAIN
• Consistency and Availability are dominant requirements
Between Multiple ADMIN DOMAINS
• Partitioning (due to separate across admin domains) and Availability are dominant
requirements
Publisher/Subscriber Model (i.e.: what is used in social networks)
Convey Business/Location/compliance/Regulatory logic between Policy Engines
Cap Theorem: You can only really achieve two of the guarantees at the time:
Consistency Availability Partition tolerance
Networks without Borders
Consistent Network Services Across Admin Boundaries
Private
Cloud
Branches
Fixed and Mobile Networks
SINGLE SERVICE NETWORK FOR APPLICATION
Internet Private IP
Global Workforce
IP-VPN
SERVICE NETWORK PER APPLICATION
Public
Cloud
Network Policy Engine
Network Policy Engine
Business
Internet
Cloud Service Management Plane
Data Center Control Plane
Data Center Data Plane
Virtual Routing & Switching
Virtualized Services Directory
Virtualized Services Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analytics
Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich routing feature set
Virtual Routing & Switching (VRS) • Distributed switch / router – L2-4 rules • Integration of bare metal assets
Nuage Networks Virtualized Services Platform (VSP)
IP Fabric
Gateway for bare metal servers
Nuage Networks Virtualized Services Platform
EXISTING
DATA CENTER
NETWORK
. . . .
Any Compute Virtualization Environment
Any Data Center Network Infrastructure
Any Server or Hypervisor
Open environment
ANY APPLICATION, ANY CLOUD, EVERY TIME
ESXi KVM Hyper-V
XEN
Bare Metal
Value
Time
An SDN Journey … Delivering value over the network
Nuage Networks Virtualized Service Platform (VSP)
Hypervisor
Hypervisor
Hypervisor
• 40% increase in asset utilization
• 50% OPEX reduction • 10x improvement in service
time • Build “modern networks”
on top of existing infrastructure
• Extend life of Net HW and increase utilization
• Break dependency between features and HW supplier
Data center
Any Network
Public Datacenter
Branch
Branch Branc
h
• Reuse existing network infrastructure
• COTS hardware CPE • Advanced features in SW versus
bound to HW • Central/common policy engine
reflecting business values vs net capabilities
• Automated bootup process
Branch locations
• Increase resiliency • Enable hybrid/public cloud • “Follow the sun” apps
support where you move workloads where/when needed
• Allow workloads to move from one data center to another
• Keep the same net profile/security regardless of the location WAN
VM VM
VM
Virtual Net
Existing Network