Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PRO...
Nuage Networks Overview
 Nuage is based in Silicon Valley with a team around the world
 An Alcatel-Lucent venture focuse...
Nuage Networks Momentum
 Solid wins with marquee accounts
 100+ pilot deployments
 25+ commercial wins
 Across large e...
PHYSICAL & MANUAL DISTRIBUTED & AUTOMATED
DYNAMICMULTI-TENANT
VIRTUAL
WORKLOADS API
NO-MOBILITYSINGLE TENANT
BARE METAL
WO...
STATIC NETWORKS HIGHLY AUTOMATED NETWORKS
AUTOMATIONABSTRACTION
CONTROL VISIBILITY
✓
✓ ✓
✓
The SDN Framework
For Highly Au...
Network Policy
• IP address 10.x.y.z
• VLAN configuration
• WAN configuration
• Security / FW settings
• QoS parameters
• ...
Tunnels between endpoints
allow for independent
topologies
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
...
 Natural evolution to bring more intelligence &
features near the applications
 vSwitch (in software) runs on the server...
Network Virtualization Side Effects
 But then do I get many (many) vSwitches to
manage, one per server?
 SDN approach to...
Nuage versus Traditional Networking
 When workloads are deployed, physical network
infrastructure needs to be provisioned...
 Modern networking protocols
done in vSwitch instead of
specialized hardware
 Extended the life of the
networking assets...
Current Data Center Network
 Compute is virtualized
 Available in minutes
 Network is partially virtualized
 Configura...
Nuage Networks Policy Templates
Application Request
Service velocity is not hindered by manual network process
Compute
Man...
Time reductions  Refocusing IT
Significant opportunities for IT re-allocations
19,160
13,930
0
5,000
10,000
15,000
20,000...
Bare Metal
Servers
Gateway
Server
Server
VM VM
ESXi Server
L2
Virtual Network A
Virtual Network B
L2
L2
Virtual Network C
...
Hypervisor
Hypervisor
Hypervisor
Customer Data Center
Virtualized
Services
Controller
Virtualized
Services
Controller
Case...
Template
Conforms to:
• Connectivity
• Security
• QoS
• Statistics
Users
(Network)
Users
(Compute)
Hypervisor
DC1 Zone 1
1...
The Underlay as a Network of Networks
IP Network
Hypervisor
Hypervisor
Hypervisor
DC 1 Rack 1
Hypervisor
Hypervisor
Hyperv...
“Hardware Centric”
Server Centric
Open Network Approach
Buy my hardware…
(Propagate closed systems)
Largely ignore it…
(Us...
VSAP is about underlay & overlay correlation
Branch Offices Headquarters
IP Network
Hypervisor
Hypervisor
Hypervisor
DC 1 ...
 Graphical view of alarms and faults in the network
 Alarm correlation for root cause analysis
 Remedial action for exp...
EXISTING
DATACENTER
NETWORK
. . . .
Any Compute Virtualization Environment
Any Datacenter Network Infrastructure
Any Serve...
BGP
MPLS Internet Mobile
 Fast, simple core
 Multi-service edge
 Multi-domain support
 Massive network scale
 Policy-...
Cloud Service
Management Plane
Data Center
Control Plane
Data Center
Data Plane
Virtual
Routing &
Switching
Virtualized
Se...
Value
Time
An SDN Journey … Delivering value over the network
Nuage Networks
Virtualized Service Platform (VSP)
Hypervisor...
In Conclusion
 To deliver business agility, network virtualization & automation
are becoming the foundation for private c...
Nuage VSP CloudStack Integration
• APAC
• CTCC
• Public Cloud - Deployed last year
• Growing the deployment this year – in servers and #VMs
• Private cloud...
CloudStack VSP Plugin Overview
 Nuage VSP has a plugin for Apache CloudStack 4.3, 4.5
 Works with Nuage VSP v2.1 and v3....
CloudStack to VSD Mapping
• ACS has inbuilt networking constructs that are used to define the networks in an ACS cloud.
• ...
 Advanced Networking
 Isolated Network
 Virtual Private Cloud
 Supported Services
 Virtual Network
 User Data servic...
On The Roadmap
Parity with VR functionality
 Port Forwarding
 Site-to-Site VPN
 Remote Access VPN
Nuage is a contributor to Apache CloudStack
 We are now officially contributing to Apache CloudStack
 The CloudStack VSP...
9/15/2015
34
www.nuagenetworks.com @nuagenetworks
Upcoming SlideShare
Loading in …5
×

Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati

598 views

Published on

In this talk Suresh will discuss how Nuage Networks Virtualized Services Platform (VSP) helps overcome the challenges that cloud service providers and large enterprises face delivering, and managing, large multi-tenant clouds. He will discuss how Nuage Networks delivers a massively scalable SDN solution that ensures that datacenters, and wide area networks, are able to respond instantly to demand, and are boundary-less. The talk will also provide an overview of the SDN capabilities that Nuage VSP adds to CloudStack.

Bio

Suresh is the VP of Engineering at Nuage Networks. He has over 19 years experience in software development, building great teams and delivering high quality software. As the first engineer at Nuage Networks, Suresh played a key role in shaping the architecture of the Nuage Virtualized Services Platform (VSP). Suresh’s experience includes extensive protocol development, having developed IP routing and multicast protocols from scratch and deploying them in large ISPs. Suresh was part of the original TiMetra team before becoming part of Alcatel Lucent as Principal Engineer. He then took a role as Director of Engineering at Juniper where he worked on their QFabric product. Earlier in his career, Suresh worked in software engineering at Shasta Networks (Nortel acquired) as well as Fore Systems (Marconi, Ericsson acquired).

Published in: Software
  • Be the first to comment

Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati

  1. 1. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks CloudStack Meetup at Nuage Networks Suresh Boddapati Vice President of Engineering suresh@nuagenetworks.net September, 2015
  2. 2. Nuage Networks Overview  Nuage is based in Silicon Valley with a team around the world  An Alcatel-Lucent venture focused on data center and branch office network evolution for the cloud era  Leverage Alcatel-Lucent infrastructure and key technologies  Creation of an Abstraction & Automation layer between networking features and hardware equipment  Policy-driven networking design reflecting business directives, not network protocols
  3. 3. Nuage Networks Momentum  Solid wins with marquee accounts  100+ pilot deployments  25+ commercial wins  Across large enterprises, cloud providers & service providers
  4. 4. PHYSICAL & MANUAL DISTRIBUTED & AUTOMATED DYNAMICMULTI-TENANT VIRTUAL WORKLOADS API NO-MOBILITYSINGLE TENANT BARE METAL WORKLOADS MANUAL The Cloud Shift
  5. 5. STATIC NETWORKS HIGHLY AUTOMATED NETWORKS AUTOMATIONABSTRACTION CONTROL VISIBILITY ✓ ✓ ✓ ✓ The SDN Framework For Highly Automated Networks CUSTOMCOMPLEX COSTLY CLOSED Focus on “Needs”, automate the “Means” The Networking Shift
  6. 6. Network Policy • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • … Workloads Appropriate network properties propagated to the workload, regardless of physical location on infrastructure Physical: Snail mail delivered to the same physical address, regardless of Tina’s location Virtualized: Email delivered to Tina’s location, regardless of her mailing address Network Virtualization ABSTRACTION
  7. 7. Tunnels between endpoints allow for independent topologies APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS How does it work? APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS ABSTRACTION
  8. 8.  Natural evolution to bring more intelligence & features near the applications  vSwitch (in software) runs on the server consuming available resources (i.e. CPU)  If a specific vSwitch requires more capacity, one can simply upgrade the CPU for that portion alone, not the entire network! Core Aggregation ToR vSwitch Features Servers $ Why Network Virtualization? ABSTRACTION
  9. 9. Network Virtualization Side Effects  But then do I get many (many) vSwitches to manage, one per server?  SDN approach to centralize the control plane (intelligence)  Nuage Networks virtualization approach automatically program the virtual networking elements  Nuage vSwitch (VRS) executes the policies locally Servers SDN Controller vSwitch vSwitch vSwitch vSwitch ABSTRACTION
  10. 10. Nuage versus Traditional Networking  When workloads are deployed, physical network infrastructure needs to be provisioned  Time consuming, error prone, equipment specific, etc.  Introducing vSwitch removes the need to configure the physical equipment – we then only use it for transport  Network overlays are dynamically created using VxLAN “tunnels” according to the Network policies of each workload Core Aggregation ToR vSwitch Servers Network Overlay VxLAN ABSTRACTION
  11. 11.  Modern networking protocols done in vSwitch instead of specialized hardware  Extended the life of the networking assets by 12-18 months L2 Marketing Engineering L2 L2 QA Virtualized Services Directory Virtualized Services Controller Virtualized Services Controller Multiplexing the Network  Deploying more virtual networks atop the existing network infrastructure increased the utilization by 40%  Decoupling the tie between hardware vendor and software features – priceless! ABSTRACTION
  12. 12. Current Data Center Network  Compute is virtualized  Available in minutes  Network is partially virtualized  Configuration takes days/weeks Network Configuration Compute Management Application Request Help Desk Change Control IP Address VLAN Address Firewall Configuration LAN (VLAN) Configuration WAN (IP) Configuration Security / QA Team Project Coordinator Network change completed in days/weeks Service velocity is hindered by manual network process Auto-instantiation Compute request completed in minutes 00:01 AUTOMATION
  13. 13. Nuage Networks Policy Templates Application Request Service velocity is not hindered by manual network process Compute Management Networking Security/ Compliance Policy Templates Nuage Networks VSP Auto-instantiation Compute request completed in minutes IP address WAN interconnect Policy / Security Zones L2 /L3 Service AD Service chaining Policy Instantiation • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • … Network change completed automatically 00:01 00:01 AUTOMATION
  14. 14. Time reductions  Refocusing IT Significant opportunities for IT re-allocations 19,160 13,930 0 5,000 10,000 15,000 20,000 25,000 Total hours Application deployment MACs Troubleshooting Hours Hours Saved Baseline Nuage 27% savings in hours required  Application deployments   Hours saved of 23%, or 1,500 hours  Results in faster launch of applications  Applications MACs   Hours saved of 27% of 2,700 hours  Results in faster updates of applications  Applications troubleshooting   Hours saved of 35% of 1,0700 hours  Results in faster fixes of errors Thousands of hours saved! AUTOMATION
  15. 15. Bare Metal Servers Gateway Server Server VM VM ESXi Server L2 Virtual Network A Virtual Network B L2 L2 Virtual Network C Nuage Networks Supports All Workloads CONTROL Linux Server Container s V M V MContainer s Any Network Public Datacenter Branch Branch Branc h Branch locationDCI
  16. 16. Hypervisor Hypervisor Hypervisor Customer Data Center Virtualized Services Controller Virtualized Services Controller Case Study – Hybrid Cloud Model  Large financial customer uses Nuage in its own DataCenter  Customer developed an architecture that will allow them to securely move workloads to public cloud provider  Nuage provides a common Networking profile regardless of the physical location and networking equipment used  For governance purposes, Nuage offer a single/centralized tracking infrastructure Hypervisor Hypervisor Hypervisor Amazon AWS Virtualized Services Controller Hypervisor Hypervisor Hypervisor Google GCS CONTROL
  17. 17. Template Conforms to: • Connectivity • Security • QoS • Statistics Users (Network) Users (Compute) Hypervisor DC1 Zone 1 1,000 Hosts Hypervisor DC1 Zone 2 1,000 Hosts Config Update Update Update Config Update  Update security policies once, hierarchically & centrally.  Deployed across all appropriate endpoints instantaneously  Push-button network audit visibility  Adhere to changes across the infrastructure implicitly  Compliance with global security policies  Ensure configuration consistency Derived Benefits: Tighter governance and Security CONTROL
  18. 18. The Underlay as a Network of Networks IP Network Hypervisor Hypervisor Hypervisor DC 1 Rack 1 Hypervisor Hypervisor Hypervisor DC 1 Rack 2 ToR Hypervisor Hypervisor Hypervisor DC 2 Rack 1 DC Core X VISIBILITY Branch Offices Headquarters
  19. 19. “Hardware Centric” Server Centric Open Network Approach Buy my hardware… (Propagate closed systems) Largely ignore it… (Use marketing machine) Use standard protocols and open interfaces to Solve the problem Alternatives for Assessing Service Health… VISIBILITY
  20. 20. VSAP is about underlay & overlay correlation Branch Offices Headquarters IP Network Hypervisor Hypervisor Hypervisor DC 1 Rack 1 Hypervisor Hypervisor Hypervisor DC 1 Rack 2 ToR Hypervisor Hypervisor Hypervisor DC 2 Rack 1 DC Core X VISIBILITY MONITOR physical topology CORRELATE physical & virtual topology Virtualized Services Controller (VSC)
  21. 21.  Graphical view of alarms and faults in the network  Alarm correlation for root cause analysis  Remedial action for expediting problem resolution Upstream router port failure VSAP Fault Correlation VISIBILITY
  22. 22. EXISTING DATACENTER NETWORK . . . . Any Compute Virtualization Environment Any Datacenter Network Infrastructure Any Server or Hypervisor The MUST BES ANY APPLICATION, ANY CLOUD, EVERY TIME ESXi KVM Hyper-V XEN BareMetal
  23. 23. BGP MPLS Internet Mobile  Fast, simple core  Multi-service edge  Multi-domain support  Massive network scale  Policy-driven, on-demand connectivity  Massive user scale Applying Principles of Proven Architectures
  24. 24. Cloud Service Management Plane Data Center Control Plane Data Center Data Plane Virtual Routing & Switching Virtualized Services Directory Virtualized Services Controller HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analytics Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich routing feature set Virtual Routing & Switching (VRS) • Distributed switch / router – L2-4 rules • Integration of bare metal assets Nuage Networks Virtualized Services Platform (VSP) IP Fabric Gateway for bare metal servers Nuage Networks Virtualized Services Platform MP-BGP
  25. 25. Value Time An SDN Journey … Delivering value over the network Nuage Networks Virtualized Service Platform (VSP) Hypervisor Hypervisor Hypervisor • 40% increase in asset utilization • 50% OPEX reduction • 10x improvement in service time • Build “modern networks” on top of existing infrastructure • Extend life of Net HW and increase utilization • Break dependency between features and HW supplier Data center Any Network Public Datacenter Branch Branch Branc h • Reuse existing network infrastructure • COTS hardware CPE • Advanced features in SW versus bound to HW • Central/common policy engine reflecting business values vs net capabilities • Automated bootup process Branch locationsWAN • Increase resiliency • Enable hybrid/public cloud • “Follow the sun” apps support where you move workloads where/when needed • Allow workloads to move from one data center to another • Keep the same net profile/security regardless of the location VM VM VM Virtual Net Existing Network
  26. 26. In Conclusion  To deliver business agility, network virtualization & automation are becoming the foundation for private clouds  To support this trend, Nuage Networks delivers a new class of modern SDN solution  Abstraction & Automation with full Control & Visibility  Policy-driven automatic provisioning  Boundary-less automation across Data Centers & VPN  For all virtualized and bare-metal workloads
  27. 27. Nuage VSP CloudStack Integration
  28. 28. • APAC • CTCC • Public Cloud - Deployed last year • Growing the deployment this year – in servers and #VMs • Private cloud deployments in pipeline • POCs/Trials in progress in APAC. • EMEA: Interest growing – POCs planned • North America: A large Enterprise customer in trial 9/15/2015 28 Nuage VSP CloudStack customers
  29. 29. CloudStack VSP Plugin Overview  Nuage VSP has a plugin for Apache CloudStack 4.3, 4.5  Works with Nuage VSP v2.1 and v3.2  It enhances the base CloudStack networking  With Nuage VSP’s advanced virtual networking capabilities  With a sophisticated policy, controller architecture that gives much better scale and performance than the base CloudStack networking
  30. 30. CloudStack to VSD Mapping • ACS has inbuilt networking constructs that are used to define the networks in an ACS cloud. • The Nuage VSP plugin support for ACS maps the ACS networking constructs to the corresponding Nuage VSP constructs CloudStack Resource Description Corresponding Nuage Construct Domain Collection of user groups Enterprise Account Collection of tenant users User Group Account User A tenant user User Static NAT Floating IP Firewall Rules Access control for traffic leaving a guest VM Ingress Security Policy Ingress Rules Access control for traffic coming into a guest VM Egress Security Policy Network ACL Access control for traffic coming into a guest VM in a VPC Ingress Security Policy Egress Security Policy Isolated Network with NAT L3 Networking VPC Virtual Private Network L3 Networking
  31. 31.  Advanced Networking  Isolated Network  Virtual Private Cloud  Supported Services  Virtual Network  User Data service (password reset, meta data – uses CS VR)  Static NAT  Firewall  DHCP  Network ACL  External DNS  Source NAT  Public load balancer  Guest VMs DNS support  Multi-Hypervisor support – ESXi, XenServer, KVM  Extensions to support enhanced networking capabilities  Improved scalability  Enhanced concurrent operations  Improved Plugin robustness - ACS/VSP objects Audit/Sync support 9/15/2015 31 CloudStack NuageVSP Plugin
  32. 32. On The Roadmap Parity with VR functionality  Port Forwarding  Site-to-Site VPN  Remote Access VPN
  33. 33. Nuage is a contributor to Apache CloudStack  We are now officially contributing to Apache CloudStack  The CloudStack VSP Plugin has been checked in upstream to ACS 4.5 branch  We are Platinum sponsors at 3 out of 5 CloudStack Collaboration conferences in 2015  We have a booth presence and speaking sessions  Nuage is the only viable SDN solution for CloudStack  Next upstream check in will be in ACS 4.6, any time now 
  34. 34. 9/15/2015 34 www.nuagenetworks.com @nuagenetworks

×