Enterprise WAN Evolution with SD-WAN

NOKIA— PROPRIETARY AND CONFIDENTIAL — RESTRICTED — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW.
COPYRIGHT © 2016 NOKIA. ALL RIGHTS RESERVED.
Enterprise WAN Evolution with SD-WAN
Toshal Dudhwala
20-Oct-2016

Agenda
• State of Enterprise WAN
• Enterprise SD-WAN Use Cases
• VNS Deployment Example

Adoption of Off-Premise Cloud services
• Cloud has changed the way applications are being
consumed - From “order and wait” To “order and
get” -> WAN becomes more strategic
• Enterprise WANs are costly and complex to
manage, 15% of IT budgets
• 40-60 % of enterprise data traffic is migrating
from WANs to the internet
• Cloud drives requirement for increased WAN
agility and flexibility: access, automation, app-
control, visibility
Multiple personas
Single user
Source: www.idc.com

How an Enterprise NETWORK should look like…
Public Cloud
Automated operations
Private Cloud
Internet
On-Net
ANY Network
Branch offices
Enterprise WAN
SEAMLESS
on-boarding
ANY access
COTS
hardware
& new fulfillment models
Cloud to Branch Policy-based Automation
ü Automated
ü Instantaneous policy-driven modifications
ü Simplified fulfillment and management
ü Freedom of choice

SDN evolution – the journey
Network automation for
physical/virtual workloads
SD - DC
Applications
Network automation for
Network Services
SD-WAN
WAN
Network automation for User
networking
SD-LAN
Users

What is SD-WAN?
SD-WAN (Software Defined Wide Area Networking) is a new model for the delivery of
enterprise services over the WAN based on SDN principles
IT-approach to
network service
delivery
SD-WAN promises to shift incremental control to enterprise IT

HQ
Private Cloud
RO Branch
Branch
Branch
Any
Network
ü Any application
ü Any network
ü Any cloud
MPLS VPN
Customer
Portal
FW Wi-Fi LB QoS L3
SD-WAN: A new type of VPN for the Cloud Era
Internet
SD-WAN
Policy Engine
Any
Cloud
Any
Network
Open
CPE
Public /SaaS Cloud

Virtualized Services Directory (VSD)
• Network Policy Engine – abstracts complexity
• Service templates and analytics
Virtualized Services Controller (VSC)
• SDN Controller, programs the network
• Rich routing feature set
Virtual Routing & Switching (VRS)
• Distributed switch / router – L2-4 rules
• Supports leading hypervisors and base metal assets
• Virtual (VRS) and Physical (VSG) form-factors
Network Services Gateway (NSG)
• Network service platform for branches
• L2-L4 Switching and routing with advanced network functions
• Physical or Virtual form-factors
Nuage Networks
Virtualized Services Platform (VSP)
Virtualized Cloud Services: Data Center Feature Set Virtualized Network Services: SD-WAN Feature Set
Nuage Network Solution
Single policy-driven SDN layer across all IT environments

Virtualized Services Directory (VSD)
• Network Policy Engine – abstracts complexity
• Service templates and analytics
Virtualized Services Controller (VSC)
• SDN Controller, programs the network
• Rich routing feature set
Nuage Networks
Virtualized Services Platform (VSP)
Virtualized Network Services - VNS
. . . .
Layer 4 Security
Traffic
SteeringQoSLayer 3
NSG (Physical) NSG (Virtual)
Layer 2
✔
✔
Bootstrap
• Unified policy plane for
management of distributed
endpoints
– Business/IT service engine, multi-
tenant templates and analytics
• Federated control plane manager
• General purpose compute
platform
– Virtual/physical

SD-WAN Considerations
Connectivity
Application Driven Network
Cloud Service Access
Resiliency
Operational Efficiency

Onboarding a New Branch
Connectivity
Resiliency
VSD
VSC
MPLS WAN (Provider
Networks)
Internet (3G/LTE, BB)
Site1
Site2
Enterprise admin
NSG
NSG• Zero Factor – USB
or
• One Factor – Email
or
• Two Factor – Email, SMS
• Onboard a new branch independent
of transport connection
• Utilize all available links, maximize
your WAN investment.

Any-to-Any Connectivity
Private Data
Center (or HQ)
VSD
VSC
Site1
Site2
Enterprise admin
NSG
MPLS WAN (Provider
Networks)
Public Cloud, SaaS
NSG
• Unified Scalable VPN
• Use of All available BW
• Connectivity to Internet
via local breakout
Connectivity
Resiliency

Ease of Migration
VSD
VSC
IP VPN site
Remote
Internet Site
Enterprise admin
NSG
IP VPN Network
• Connectivity between
off-net and on-net site
during migration
• Backhaul traffic from
remote (off-net) site
NSG
PE
VID
CO
Connectivity
Resiliency
IPSec
IP VPN
MP-BGP

Autonomous Network Connectivity
VSD
VSC
IP VPN site
Internet Site
Enterprise admin
NSG
IP VPN Network
• Connect dis-joined
network and
provide connectivity
between branch on
different network
domain
NSG
CO
NSG
VXLAN
IPSec
Connectivity
Resiliency

DC
Fabric
Seamless connectivity to Business Applications
VSD
VSC
IP VPN site
Internet Site
Enterprise admin
NSG
IP VPN Network
• Dis-joined network
connectivity
• Unified Network
policy from your
Branch and DC
NSGNSG
VXLAN
IPSec
Private Data
Center
VXLAN
Connectivity
Resiliency

Intelligent Traffic Steering
Connectivity
Resiliency
Private Data
Center (or HQ)
VSD
VSC
Site1
Enterprise admin
Voice
Video
NSG
MPLS WAN (Provider
Networks)
NSG
• Classify the traffic
and select best
transport to meet
business objective
• Use of all available
BW, maximize your
WAN investment

Application Aware Routing
Private Data
Center (or HQ)
VSD
VSC
Site1
Enterprise admin
Voice
NSG
MPLS WAN (Provider
Networks)
NSG
Voice
• Continuously Measure
link performance
• Match the performance
with Business SLA
• Choose best optimal path
to send application flow
Connectivity
Resiliency

SaaS (Cloud) Service Access
Connectivity
Resiliency
Private Data
Center (or HQ)
VSD
VSC
Site1
Site2
Enterprise admin
NSG
NSG
MPLS WAN (Provider
Networks)
Public Cloud, SaaS
SaaS
Direct Access
• Access to SaaS or IaaS
application in the cloud
• Securely transport branch
traffic direct to SaaS vendors

Secure Hybrid Cloud Interconnect
Cloud VPCPrivate Cloud
NSG appliance
NSG AMI
IPsec
VPC
Cloud VPCPrivate Cloud
NSG appliance
NSG AMI
VPC
• Domain topology stretches across private and
public clouds
• Encrypts traffic between private and public
clouds
• Private interconnections (Direct Connect,
ExpressRoute)
• Internet gateway (IGW)
• Cross-connect logical networks / VPCs across
• Regions, different Cloud Providers,
corporate networks
Connectivity
Resiliency

Seamless access to Hybrid Cloud
Private Data
Center (or HQ)
AWS VPC
VSD
VSC
Site1
Site2
Enterprise admin
NSG
NSG
N
S
G
MPLS WAN (Provider
Networks)
Direct Access
• Bring vPC into the SD-WAN
Overlay and treat it like any
other Branch Location
• Same user polices for private
and virtual private cloud
(VPC)
Connectivity
Resiliency

Resiliency at Each Layer
Connectivity
Resiliency
Full resiliency at every layer
• Policy – 3 x VSD
• Controller - 2 x VSC
• WAN Links – 2 x uplinks on each NSG
• Node/CPE Protection – 2 x NSG in
redundancy pair
• Access Port Resiliency - 2 x NSG in
redundancy pair
LAN Switch
Transport 1 Transport 2
VSD
VSC
Branch
RG

Link Protection
Private Data
Center (or HQ)
VSD
VSC
Site1
Site2
Enterprise admin
NSG
XApp
MPLS WAN (Provider
Networks)
Public Cloud, SaaS
NSG
• Link Protection
• Protect against Link down or
communication drop to the
controller
• Traffic is switched to
secondary link
Connectivity
Resiliency

Application Visibility & Analytics
Connectivity
Resiliency
VSD
VSC
MPLS WAN (Provider
Networks)
Site1
Site2
Enterprise
admin
NSG
NSG
• Contextual Traffic Visibility
• Real-time Actionable Alerts, ACL
and Traffic Analytics
• Collect DPI stats from all NSG on the
network and store it in a central
Elastic Search Tool

Network Functions Consolidation
• Centralized policy enforcement
• E.g. Firewall, load balancer, DPI,
Analytics
DC
Fire Wall
Internet
NSG
NSG
A
P
P
S
Branch
Connectivity
Resiliency

Network Functions Consolidation
Branch
DC
Firewall
Internet
NSG
NSG
A
P
P
S
R HQ /PoP
NSG
• Distributed network functions
• E.g. Firewall
Connectivity
Resiliency
• Centralized policy enforcement
• E.g. Firewall, load balancer, DPI,
Analytics
Saving in operating cost by
consolidating and hence reducing the
number of network functions

Resource Consolidation
Multi-Org Ent
Overlapping IPs
Ent B
NSG
Ent C
NSG
Ent A
NSG
Common
Resources DC
NSG
Multiple WAN
• Provide access to commons resources in case like M&A or provide
(e.g. financial) services to external client
• Save CAPEX/OPEX by removing duplicate functions/resources
from the network and providing common pool of resources e.g. IT
services
Connectivity
Resiliency

INTERNET
INTERNET
IP/MPLS
3G/LTE*
VNS Deployment Models
NSG VM
Physical Appliance
x86 Server
NUAGE hardware
TRANSPORT FLEXIBILITYFORM-FACTOR FLEXIBILITY CLOUD FLEXIBILITY
Traditional
Datacenter
Virtualized
Datacenter
Virtual Private
or Public Cloud
NSG VM
x86 Server
VNF APP

Case Study #1: Global Oil and Gas Exploration and Production Company
• Dramatically reduced WAN networking costs across
geographically dispersed remote sites
- Murphy is expected to reduce WAN networking costs
by $1 Million (30% saving) across the first 40 sites in
first year.
• Shorten the time to get new sites connected to
corporate applications and data from weeks to a
matter of hours.
• Policy-based networking and access controls
improve security and optimize quality of service,
from DC to remote sites.

Case Study #2: Large Financial and Banking Services Company
• Accelerated service delivery to support new sites,
branches and projects with minimal to no
operational overhead
• Improved network security policy enforcement,
centralized controls, reduced risk.
- PCI DSS-compliant solution, with IPSec provides
secure VPN communications between sites.
• On demand connectivity to their private cloud
financial services application to remote branch
locations providing End-to-end automation, policy
and control from DC-to-branch.

SD-WAN business case for Enterprise
• Large enterprise with 200 branch locations
worldwide
- Uses multiple transport medium for VPN connectivity
- Over 80% saving in rollout cost
- Using automated bootstrapping with policy based
orchestration
- Over 40% saving in TCO (Total Cost of
Ownership)
- Template based policy allows easily and automated
management of branch network policies
1 2 3 4
TCO
YEAR
Savings 14% 34% 41% 65%
IP-VPN SD-WAN (VNS)

Steps to the future of Enterprise WAN
• Connecting users and devices, across
enterprise, to the cloud and back
• Constantly adapting to real-time demands,
user location and context
• Virtualization
• Automated, best value network path
• Aligning consumption to demand
• Scale up/down
• Secure at al points, intelligent threat
prevention
On-demand
Network
Reducing
Cost
Business
Agility
$
Network Audits and Application Discovery
Identify Cloud and Digital Strategy
implications
Know your Topologies, Traffic Flows and
VNF needs
Finalize Self-serv and Control Plans
Determine Network Provider and Commercial
requrements
1
5
2
4
3

Thank you!
http://www.nuagenetworks.net/sd-wan
@nuagenetworks

Enterprise WAN Evolution with SD-WAN

More Related Content

What's hot

Viewers also liked

Similar to Enterprise WAN Evolution with SD-WAN

Recently uploaded

Enterprise WAN Evolution with SD-WAN