Copyright	
  2013	
  Alcatel-­‐Lucent.	
  All	
  rights	
  reserved.	
  
	
  @ssneddon	
  
Sco=	
  Sneddon	
  
Principal	
...
SDN	
  in	
  2014	
  
§  OpenFlow	
  Controllers	
  
§  Network	
  VirtualizaFon	
  
§  White	
  Box	
  Switching	
  
§...
Why	
  SDN?	
  
§  Reduce	
  Cost	
  
§  Asset	
  UFlizaFon	
  
§  Self	
  Service	
  
§  AutomaFon	
  
§  Make	
  th...
The	
  “ConsumpFon	
  shi6”	
  
§  Cloud	
  is	
  changing	
  the	
  way	
  
technology	
  is	
  being	
  
consumed	
  
§...
§  Compute	
  is	
  Virtualized	
  	
  
§  Available	
  in	
  
Minutes	
  
§  Network	
  is	
  ParBally	
  
Virtualized...
§  Network	
  is	
  “more”	
  
virtualized	
  
§  Some	
  things	
  available	
  
in	
  minutes	
  –	
  Some	
  
not	
  ...
§  Commi=ees	
  sBll	
  build	
  “networks”	
  
§  Audits/reviews	
  
§  In	
  a	
  NaaS	
  environment	
  (OpenStack	
...
§  Current	
  Neutron	
  Networking	
  provides	
  building	
  blocks	
  
to	
  create	
  logical	
  topologies	
  
§  N...
§  DevOps	
  has	
  an	
  understanding	
  of	
  the	
  specific	
  applicaBon	
  needs	
  
§  SegmentaBon,	
  Port	
  nu...
Network	
  Administrators	
  need	
  to…	
  
§  Define	
  connecBvity	
  models	
  
§  Paths	
  
§  QoS	
  
§  Access	
...
Policy	
  approach	
  to	
  networking	
  
Policy	
  Templates	
  
Users	
  
ApplicaBon	
  Types	
  
Business	
  Rules	
  ...
ApplicaFon	
  =	
  Web	
  
ApplicaFon	
  =	
  SAP	
  
ApplicaFon	
  =	
  Database	
  
Policy	
  Based	
  Network	
  Virtua...
What	
  is	
  a	
  network	
  Policy?	
  
OpenStack	
  Group	
  Based	
  Policy	
  AbstracBons	
  for	
  Neutron	
  
h=ps:...
Policy	
  AbstracFons	
  for	
  Neutron	
  
OpenStack	
  Group	
  Based	
  Policy	
  AbstracBons	
  for	
  Neutron	
  
h=p...
In	
  applicaBon	
  development…	
  
§  We	
  first	
  define	
  the	
  applicaBon	
  through	
  source	
  code	
  
§  We	...
APPLICATION
ATTRIBUTES
SDN FRAMEWORK
TOPOLOGY
ATTRIBUTES
Service
Mapping
Service
Binding
Application
Request
TECHNOLOGY
AT...
Policy	
  Driven	
  Networking	
  Delivered	
  
§  Nuage	
  has	
  provided	
  policy	
  
abstracBons	
  for	
  virtual	
...
Cloud	
  Service	
  	
  
Management	
  Plane	
  
Datacenter	
  	
  
Control	
  Plane	
  
Datacenter	
  
Data	
  Plane	
  
...
DATACENTER	
  
	
  
NETWORK	
  
.	
   .	
   .	
   .	
  
Any	
  Compute	
  VirtualizaFon	
  Environment	
  
Any	
  Datacent...
Nuage	
  Networks	
  policy	
  templates	
  and	
  role-­‐based	
  workflow	
  
Compute	
  	
  
Management	
  
Tenant	
  /	...
Conclusions	
  
•  CreaBon	
  of	
  distributed	
  virtual	
  switches	
  and	
  virtual	
  routers	
  -­‐	
  great	
  for...
For	
  more	
  informaFon…	
  
•  Nuage	
  Networks	
  Virtualized	
  Services	
  Plaeorm	
  
•  h=p://www.nuagenetworks.n...
While	
  at	
  Interop	
  Tokyo…	
  
•  Visit	
  the	
  Nuage	
  Networks	
  booth	
  in	
  the	
  SDI	
  ShowCase	
  
24	
  
6/16/14	
  
Network	
  Policy	
  NOW	
  
@nuagenetworks	
  
@ssneddon	
  
Upcoming SlideShare
Loading in …5
×

Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014

1,038 views

Published on

Nuage Networks' solution for a Policy Driven approach to Software Defined Networking. Including info on the OpenStack Group Based Policy Abstractions for Neutron. Keynote session, Interop Tokyo 2014

Published in: Internet, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,038
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
69
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014

  1. 1. Copyright  2013  Alcatel-­‐Lucent.  All  rights  reserved.    @ssneddon   Sco=  Sneddon   Principal  Solu-ons  Architect,  APAC  Business  Development  Lead    Nuage  Networks     A  Policy  Driven  Approach  to   So6ware  Defined  Networking  
  2. 2. SDN  in  2014   §  OpenFlow  Controllers   §  Network  VirtualizaFon   §  White  Box  Switching   §  Open  Source  Projects   §  Network  as  a  Service     Plenty  of  InnovaFon  and  DisrupFon…  
  3. 3. Why  SDN?   §  Reduce  Cost   §  Asset  UFlizaFon   §  Self  Service   §  AutomaFon   §  Make  the  network  more   “Cloud”  like   We’re  making  great  progress  
  4. 4. The  “ConsumpFon  shi6”   §  Cloud  is  changing  the  way   technology  is  being   consumed   §  From  “order  and  wait”   §  To  “instant  graFficaFon”   Consumer  expectaFons  are  shi6ing   MulBple  personas   Single  user   On-­‐demand  personalized  catalogue  
  5. 5. §  Compute  is  Virtualized     §  Available  in   Minutes   §  Network  is  ParBally   Virtualized   §  ConfiguraBon  takes   Days/Weeks   Network   ConfiguraBon   Compute     Management   New  Tenant  /  ApplicaBon  Request   Auto-­‐instanBaBon   Compute Request completed in Minutes Help Desk Change Control IP Address VLAN Address Firewall Configuration LAN (VLAN) Configuration WAN (IP) Configuration Security / QA Team Project Coordinator Network Change completed in days/Weeks 00:01   Datacenter  Network   Service  velocity  is  hindered  by  manual  network  process  
  6. 6. §  Network  is  “more”   virtualized   §  Some  things  available   in  minutes  –  Some   not  so  much   §  Many  network   elements  are  manually   configured   §  Manual  per-­‐tenant   network  configuraBons   Network   ConfiguraBon   Compute     Management   New  Tenant  /  ApplicaBon  Request   Auto-­‐instanBaBon   Compute Request completed in Minutes SDN Controller Some Network Change completed In Minutes 00:01   00:01   So6ware  Defined   Datacenter  Network   Service  velocity  accelerated,  but…  
  7. 7. §  Commi=ees  sBll  build  “networks”   §  Audits/reviews   §  In  a  NaaS  environment  (OpenStack   Neutron,  AWS,  etc)  this  is   delegated  to  the  tenant   §  Is  this  what  your  DevOps  team   should  be  doing?   Network   ConfiguraBon   So6ware  Defined   Network  ConfiguraFon   We’ve  only  addressed  part  of  the  automaFon  problem   DevOps Team VLAN Address IP Address WAN (IP) Configuration Firewall Configuration Network Configuration created in days/Weeks
  8. 8. §  Current  Neutron  Networking  provides  building  blocks   to  create  logical  topologies   §  Networks,  Ports,  Subnets  ,Routers,  Security  Groups     neutron  net-­‐create  web     neutron  subnet-­‐create  web  10.0.0.0/24     neutron  router-­‐create  router1  neutron  router-­‐add-­‐interface  router1  web   …       §  Not  abstracted  into  a  consumable  model       OpenStack  Neutron  Networks   web   VM   VM   VM   VM   VM   VM   app   db   Puts  the  burden  of  topology  design  on  the  DevOps  team  
  9. 9. §  DevOps  has  an  understanding  of  the  specific  applicaBon  needs   §  SegmentaBon,  Port  numbers,  ConnecBvity  goals   §  Should  not  be  burdened  with  the  implementaBon  details   §  Routes,  Subnets,  VLANs   The  DevOps  team  needs  an  Abstracted  view     A  DevOps  View   web   VM   VM   VM   app   VM   VM   VM   web   VM   VM   VM  
  10. 10. Network  Administrators  need  to…   §  Define  connecBvity  models   §  Paths   §  QoS   §  Access  Control     §  Deploy  service  elements   §  Firewall   §  Load  Balancer   §  IPS   §  Audit  compliance   §  Audit  usage   A  Network  Admin  View   Firewall IPS Parental Ctl Firewall IPSParental Ctl Internet Policy Selector chain 1 chain 2 chain 3 chain 4
  11. 11. Policy  approach  to  networking   Policy  Templates   Users   ApplicaBon  Types   Business  Rules   Policy  EvaluaBon   Firewall   Firewall   W   BL  BL   W   Firewall   W   W   Firewall   Firewall   W   BL  BL   W   Firewall   Firewall   W   BL  BL   W   BL  BL   Design  once,  re-­‐use  mulFple  Fmes   ApplicaBon  Networks  
  12. 12. ApplicaFon  =  Web   ApplicaFon  =  SAP   ApplicaFon  =  Database   Policy  Based  Network  VirtualizaFon   Group  applicaFons  into  “network  sandboxes”  
  13. 13. What  is  a  network  Policy?   OpenStack  Group  Based  Policy  AbstracBons  for  Neutron   h=ps://blueprints.launchpad.net/neutron/+spec/group-­‐based-­‐policy-­‐abstracBon   •  An  ApplicaBon-­‐centric  approach  to  networking   •  Moving  away  from  tradiBonal  network  constructs     •  ports,  subnets,  routers,  etc   •  Aiming  for  a  highly  abstracted  interface  for  applicaBon  developers  to   •  express  desired  connecBvity  of  applicaBon  components   •  and  express  high-­‐level  policies  governing  that  connecBvity   •  Without  imposing  constraints  on  the  underlying  implementaBon      
  14. 14. Policy  AbstracFons  for  Neutron   OpenStack  Group  Based  Policy  AbstracBons  for  Neutron   h=ps://blueprints.launchpad.net/neutron/+spec/group-­‐based-­‐policy-­‐abstracBon   Outside EPG Web EPG App EPG DB EPG VM VM VM VM VM VM VM VM Web Contract App Contract App Contract Public Network Private Networks •  Endpoint  (EP)  –  an  IP  addressable  enBty   •  Endpoint  Group  (EPG)  –  a  grouping  of  Endpoints   •  Policy  Rule  –  individual  rule  that  defines  communicaBon  criteria   •  Contract  –  a  collecBon  of  Policy  Rules  that  are  applied  to  traffic  between  EPG’s  
  15. 15. In  applicaBon  development…   §  We  first  define  the  applicaBon  through  source  code   §  We  then  compile  the  applicaBon  into  machine  instrucBons     §  Then  we  bind  that  applicaBon  to  a  plaeorm  at  run  Bme   §  Assigning  compute  registers  and  memory  locaBons   In  a  Policy  driven  network…   §  We  first  define  the  applicaBon’s  connecBvity  requirements  and  business  rules   §  ApplicaBon  Policy   §  We  then  map  this  applicaBon  to  a  network  service   §  Predefined  network  templates,  network  contracts   §  Then  we  implement  these  network  services  when  the  applicaBon  is  deployed   §  Automated,  Dynamic   To  Achieve  a  Policy  Driven  Network  
  16. 16. APPLICATION ATTRIBUTES SDN FRAMEWORK TOPOLOGY ATTRIBUTES Service Mapping Service Binding Application Request TECHNOLOGY ATTRIBUTES web   app   web   web   app   db   To  Achieve  a  Policy  Driven  Network  
  17. 17. Policy  Driven  Networking  Delivered   §  Nuage  has  provided  policy   abstracBons  for  virtual  and   physical  networks  since  our   first  release   §  L2,  L3,  ACLs,  QoS,  Service   Chaining,  Traffic  StaBsBcs   §  Difficult  to  express  using   exisBng  Neutron  constructs…   §  Which  is  why  we’re   contribuBng  to  Group   Based  Policy     Cleanly  express  applicaFon  policy  in  Neutron  
  18. 18. Cloud  Service     Management  Plane   Datacenter     Control  Plane   Datacenter   Data  Plane   Virtual   RouBng  &   Switching     R2.1  GA  in  April  2014   Virtualized   Services   Directory   Virtualized   Services   Controller   HYPERVISOR   HYPERVISOR   HYPERVISOR   HYPERVISOR   HYPERVISOR   HYPERVISOR   Brooklyn  Datacenter  -­‐    Zone  1   Virtualized  Services  Directory  (VSD)   •  Network  Policy  Engine  –  abstracts  complexity   •  Service  templates  and  analyBcs   Virtualized  Services  Controller  (VSC)   •  SDN  Controller,  programs  the  network   •  Rich  rouBng  feature  set     Virtual  RouFng  &  Switching  (VRS)   •  Distributed  switch  /  router  –  L2-­‐4  rules   •  IntegraBon  of  bare  metal  assets   Nuage  Networks   Virtualized  Services  Pla`orm  (VSP)   IP  Fabric   Edge  Router     MP-­‐BGP     MP-­‐BGP     Hardware   GW  for   Bare  Metal     Nuage  Networks  Virtual  Services  Pla`orm  
  19. 19. DATACENTER     NETWORK   .   .   .   .   Any  Compute  VirtualizaFon  Environment   Any  Datacenter  Networking  Hardware   Any  Server  or  Hypervisor   Open  soluFon   Consistent  capabiliFes  across  
  20. 20. Nuage  Networks  policy  templates  and  role-­‐based  workflow   Compute     Management   Tenant  /  ApplicaBon  Request   Networking Security/ Compliance Service  velocity  is  not  hindered  by  manual  network  process   Auto-­‐instanBaBon   Compute Request completed in Minutes 00:01   IP address WAN interconnect Policy / Security Zones L2 /L3 Service AD Service chaining Templates Nuage Networks VSP   Policy  InstanFaFon   •  IP  address  10.x.y.z   •  VLAN  configuraBon   •  WAN  configuraBon   •  Security  /  FW  sekngs   •  QoS  parameters   •  …   Network Change Completed automatically 00:01  
  21. 21. Conclusions   •  CreaBon  of  distributed  virtual  switches  and  virtual  routers  -­‐  great  for   virtual  networks  and  be=er  than  VLAN’s,  but  …   •  Creates  a  distributed  virtual  configuraBon  and  management  challenge       •  Provisioning  and  management  of  these  endpoints  can  not  be  done   with  tradiBonal  methodology   •  Policy  abstracBon  is  a  proven  framework   •  Successfully  shipping  since  May  2013  
  22. 22. For  more  informaFon…   •  Nuage  Networks  Virtualized  Services  Plaeorm   •  h=p://www.nuagenetworks.net   •  OpenStack  Neutron  Group  Based  Policy  AbstracBon   •  h=ps://blueprints.launchpad.net/neutron/+spec/group-­‐based-­‐policy-­‐abstracBon   •  OpenDaylight  ApplicaBon  Policy  Plugin   •  h=ps://wiki.opendaylight.org/view/Project_Proposals:ApplicaBon_Policy_Plugin  
  23. 23. While  at  Interop  Tokyo…   •  Visit  the  Nuage  Networks  booth  in  the  SDI  ShowCase  
  24. 24. 24   6/16/14   Network  Policy  NOW   @nuagenetworks   @ssneddon  

×