View
7
Download
0
Category
Preview:
Citation preview
1 © Nokia 2016
Nuage Networks:Programmable network services for the cloud era
Confidential
Mini SReXperts Russia – December 2016
• James Cumming, PLM
• 06-12-2016
@nokia_jcumming
2 © Nokia 2016
1. Introduction
2. SDN in the data center: Nuage Networks VSP
3. Beyond the DC: SD-WAN
4. Automated Networks without Borders
5. Customer use cases
6. Conclusion
Agenda
3 © Nokia 2016
• All Enterprises must transform themselves to “Software Driven Businesses”
• Rapid introduction of new Services
• Learn, adapt, refine and reintroduce quickly and consistently
• Superb Customer Experience
Digital Transformation is driving cloud architectures and IT automation
Source: Gigaom
4 © Nokia 2016
Network Transformation is the path to business agility
Closing the GAP between Applications & Networking
Marriage of IP & IT
Big Shift in Operational Mindset
SD-DCDisruption in DC
Networking
SD-WANDisruption in Branch VPN Networking
Business Needs
IT Strategy
IT must align with Business Needs:
• access to apps
• & business agility
5 © Nokia 2016
1. Introduction
2. SDN in the data center: Nuage Networks VSP
3. Beyond the DC: SD-WAN
4. Automated Networks without Borders
5. Customer use cases
6. Conclusion
AgendaNetwork Transformation is the path to business agility
6 © Nokia 2016
Compute and storage: Virtualized, instantly available,easily consumable
Problem statement: networking in the current data center
New tenant/application request
Compute management
Compute requestcompleted in minutes Auto-instantiation
00:01
Help deskchange control
Network changecompleted in days/weeks
IP address
VLAN address
Firewallconfiguration
LAN (VLAN)configuration
WAN (IP)configuration
Security/QA team
XThe network:Cumbersome, constrained,manual processes, inefficient
Projectcoordinator
Networkconfiguration
DC
7 © Nokia 2016
Solution: the cloud-optimized data center – enabled by SDN
Compute management
Auto-instantiation
The network:Automated, agile,
programmable
Auto-configuration IP address
WAN interconnect
Policy/security zones
L2 /L3 service AD
Service chaining
SDNcontroller Network Request
completed in Minutes Templates
00:01
New tenant/application request
Compute requestcompleted in minutes
00:01
Compute and storage: Virtualized, instantly available,easily consumable
DC
8 © Nokia 2016
The Nuage Networks VSP software suiteReference view of SDN framework and logical layers
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Management plane
Control plane
Data plane
VirtualizedServicesController
VirtualizedServices Directory
VPN domain
Subnets
Policies
Internet
Virtual Routing & Switching
Cloud Management Systems
Federated MPBGP
XM
PP
Virtual Routing & Switching (VRS)• Distributed switch / router – L2-4 rules• Integration of bare metal assets
Virtualized Services Controller (VSC)• SDN Controller, programs the network• Rich routing feature set based on the 7x50
Virtualized Services Directory (VSD)• Network Policy Engine – abstracts complexity• Service templates and analytics
Nuage NetworksVirtualized Services Platform (VSP)
Zones
DC
9 © Nokia 2016
Transformation of Datacenter to CloudMulti Hypervisor - Multi Tenancy - Multi DC
ESXi Overlay
ESXi
ESXi
ESXi
ESXi
KVM
KVM Overlay
KVM KVM
KVM
Hyper-V
Hyper-V
Hyper-V
Hyper-V
Hyper-V Overlay
Bare Metal
Bare Metal
Bare Metal
Bare Metal
Bare Metal Overlay
Container Overlay
Container
Container
Container
Private Cloud
Data Center -1 Data Center -2
Private Cloud
VirtualizedServices
Controller
VirtualizedServicesDirectory
VirtualizedServicesController
Data Center -1 Data Center -2
Service Overlay #1 Service Overlay #2
Service Overlay #3
Services view: overlays
10 © Nokia 2016
Total Flexibility
• Any Workload
• Any Hypervisor
• Any Orchestration
• Any DataCenter
• Any Network underlay
• Any Combination
Final Picture : Datacenter to Cloud
Private Cloud
VirtualizedServices
Controller
VirtualizedServicesDirectory
VirtualizedServicesController
Data Center -1 Data Center -2
Service Overlay #1 Service Overlay #2
Service Overlay #3
Consistent Automation and Total control
11 © Nokia 2016
1. Introduction
2. SDN in the data center: Nuage Networks VSP
3. Beyond the DC: SD-WAN
4. Automated Networks without Borders
5. Customer use cases
6. Conclusion
Agenda
12 © Nokia 2016
• Internet access
- Around for long time; price has been changing
• VPNs:
- Continuous enhancements: QoS, SLA, VPLS, …
• Yet:
- The basic proposition meeting the enterprise requirements of 15 years ago did not change at all
• Because the world did not change, right?
- What about agile, dynamic, digital?
- What about cloud?
- What about “apps”?
Enterprise connectivity did Today’s expectationsnot really change?
13 © Nokia 2016
Adapt business communication to today’s needs
@ the speed of change
Immediate/real-time control of Enterprise communication needs
@ your fingertips
Imagine service flexibility (service, location), On/off –net
@ any underlay
Seamless reach to all apps/clouds
@ any cloud
Automation, intelligent off –loading, security, compliance, inventory,…
So the ultimate solution should …
It is not about interconnection of sites anymore
14 © Nokia 2016
Worldwide SD-WAN survey - special reportMay 2016
15 © Nokia 2016
Internet:
• Res IA (aka BB)
• Business IA
• DIY IPSec
The SD-WAN Journey
Partners
Wide Area Network
VPLS
HQ BranchData Center
IPVPN
Public IP(Internet)
MPLS
Branch
MPLS:
• L3 mpt: IP-VPN
• L2 mpt: VPLS
• L2 p2p
MPLS + IA
16 © Nokia 2016
Business services:
• IA
• MPLS VPN
• SD-WAN over Internet
SD-WAN over Internet + Connecting to Existing VPN Services
HQ Branch Partners
Wide Area Network
Data Center
IPVPN
VPLS
Public IP(Internet)
MPLS
Branch Branch
SD-WAN
17 © Nokia 2016
Business services:
• IA
• MPLS VPN
• SD-WAN over Internet
• SD-WAN overlay:
• Any access
• Any underlay
SD-WAN over Internet, MPLS and Connecting to Existing Services
HQ Branch Partners
Wide Area Network
Data Center
IPVPN
VPLS
Public IP(Internet)
MPLS
Branch Branch
SD-WAN
SD-WAN
18 © Nokia 2016
SD-WAN: Over MPLS and Internet
18
HQ Branch Partners
Wide Area Network
Data Center
IPVPN
VPLS
Public IP(Internet)
MPLS
SD-WAN
Branch Branch
SD-WAN Service Overlay #1 Service Overlay #2
Service Overlay #3
VirtualizedServices
Controller
VirtualizedServicesDirectory
VirtualizedServicesController Total Flexibility
• Any Workload
• Any Hypervisor
• Any Orchestration
• Any DataCenter
• Any Network underlay
• Any Combination
Consistent Automation and Total control
19 © Nokia 2016
What if you could realize all of the above?
www.nuagenetworks.net/sd-wan-branch-office
20 © Nokia 2016
VNS Customer Portal
Any network
NSG Site C
NSG Site A
NSG Site B
Order Branch Equipment
Network ServicesCatalogue
Select VNS Service
VSD
VSC
VNS Service
VNS Portal
VPNs/Branches Enablement
Enterprises Management
Analytics / reports
Dashboard
NSG Ordering / Billing
Features
• Network or Branch Activation• Analytics/Reports • TCA/Alerts
• Simplified Branch Enablement • Network Visibility• Live reports
• Service Activation in minutes• Scale up/Scale down
Self-Service
User ExperienceAgility
VNS Portal
21 © Nokia 2016
Network/Branch Enablement
VNS Customer Portal
Public
• Create/Update/Delete VPNs
• Activate and Manage Branches
Network/Branch
Value to Service Providers
• Selling VPNs with self-service tool
•Network visibility and control
• Efficiency in operations
Value to End Customer
• Self Service Branch Activation and Management
• Self service VPN management
Create a VPN
Create New Branch
22 © Nokia 2016
Dashboard
VNS Customer Portal
Public
• Customizable
• Widgets per module
Dashboard
Value to Service Providers
• Sell widgets as value add or differentiator
•Operational Efficiencies
• Pro-active Troubleshooting (e.g. NSG Health)
Value to End Customer
•Network Utilization
• Auditing
23 © Nokia 2016
Site A
Site B
Site C
Operator network
Customer portalFW WiFi LB QoS
VSD
VSC
VNS service
Data center
Network services “App Store” customer portal
VNSVSD
VSC
Network services GatewayNSG-P & NSG-V
VNS – A new way of working
Select VNS serviceOrder branch equipment
Network services catalog
24 © Nokia 2016
Virtualized Services Controller (VSC)
Virtualized Services Directory (VSD)
... Layer 4 Security Traffic
steeringQoSLayer 3
NSG (physical) NSG (virtual)
Layer 2
✔✔
Bootstrap
NSG network operating system
• Unified policy plane for management of distributed endpoints
– Business/IT service engine, multi-tenant templates and analytics
• Federated control plane manager
• General purpose compute platform
– Virtual/physical
VNS: building blocks
✔✔
Confidential
25 © Nokia 2016
• Branch (def.): Any location with hosts requiring attachment to enterprise WAN(i.e. generalizing the branch concept)
- Traditional DC: NSG gateway with hosts of type bare-metal servers
- Cloud DC: NSG gateway with hosts of type Virtual Machines
- Branch/HQ/store: NSG gateway with hosts of type PCs/Wi-Fi/routers/…
A complete rethink of branch architecture is required
NSG gateway
Host
Host
Host
Host
Host
Host
Host
Host
Host
Host
Host
Host
Traditional DC Branch/HQ store
NSG appliance
Hypervisor
Hypervisor
Cloud DC Hosts
NSG VM hosts
26 © Nokia 2016
Retail store or
central warehouse
Branch
UsersPE
CO
PE
PE
NSG
NSG
CE
CE
IPsecVID
IP VPN provider
Off-net extension services
Wholesale/ Internet
IP VPN
Simplify backhaul of remote (off-net) sites to existing VPN services where coverage outside of footprint is required
Interwork with existing environments
Enable a new model of customer service
27 © Nokia 2016
Branch 2
Branch 3
NSG
NSG
LA
NL
AN
NSG
Branch 1L
AN
FW DHCP PBR QoS
FW DHCP PBR QoS
FW DHCP PBR QoS
DIY IPsec VPN
Internetnetwork
With VNS, service providers become engaged in the customer overlay network – providing a managed service for SMB/SME. Value-added services are introduced from the data center.
28 © Nokia 2016
Retail store or
central warehouse
Users
IPsec tunnel
IPSec tunnel
FW DHCP PBR QoS VPN
To branch or central office
NSG
• Internet off-load:
- Local break-out
• Maintains IPSec tunnels, one over managed VPN link, other over any (internet) broadband uplink
• Hybrid WAN
• Application aware routing
Internet off-load & Hybrid WAN uses cases
Provider 1 (IA, managedVPN L2/L3)
Branch
Provider 2
(any broadband inclFE/GE/LTE/DOCSIS)
Hybrid WAN is a method to connect a geographically dispersed wide area network (WAN) by sending traffic over two or more connection types. VNS combines hybrid WAN with Application zware Routing
29 © Nokia 2016
Application Discovery (AD)
VNS application capabilities (1 of 2)
• Health metrics of overlay network connections between NSGs in a domain using performance monitors with a specified network profile (DSCP value, payload size, traffic rate).
• Performance metrics include one way packet loss, jitter and latency between the uplinks of different NSGs
• Monitoring and classification of application traffic coming into the access ports of a NSG
• Signature-based L7 classification (e.g. Skype, Facebook, Google, etc). A library with signatures is bundled with the NSG software
• Customized classification based on source/destination IP address, source/destination L4 ports, L4 Protocol (TCP/UDP)
Network Performance Measurement (NPM)
30 © Nokia 2016
• Policy-driven intelligent path selection for application traffic based on one way latency, jitter and packet loss measurements
• Path selection based on continuous probes and/or first packet detection
• Improve scalability with first packet detection
VNS application capabilities (2 of 2)
Application-Aware Routing (AAR)
31 © Nokia 2016
The intelligent forwarding of application traffic across the Enterprise WAN,ensuring that pre-defined per-application performance metrics (i.e. SLAs) are persistently met
Combining VNS application capabilitiesS
ite
1
Performance Measurement per Path – Delay, Delay Variation, Loss, BW
Voice Video Email
Voice Video
Voice VideoEmail
Sit
e 2
Path 1 – low latency/variation/loss
Path 2 – higher latency
AD + NPM + AAR =
+ +
32 © Nokia 2016
NSG Border Router – NSG BR
Untrusted Underlay Trusted Underlay
NSG 1
NSG 2
VRS 1
NSG 3
NSG BR
VXLANVXLANoIPsec
WAN DC
Service overlay
Multiple use cases
• Disjointed underlay
• Connect trusted & untrusted underlays
• Multi-tenant VLAN hand-off
• Tenant VXLAN interworking with PE
How to connect trusted underlay (e.g. DC) to untrusted underlay (e.g. IPsec encrypted branch offices)
NSG Border Router
• SW function, supported on NSG-X and NSG-V
• Unified policy from SD WAN to DC
• Demarcation point between under-lays Multi-tenancy
33 © Nokia 2016
The complete SD-WAN solutionVirtualized Network Services
• Secure bootstrapping
- Multi-factor
• No device pre-staging
• Transport technology independence
• Open multi-form factors
- Appliance / VM
• Branch-to-cloud connectivity
• Advance application management
• Embedded PKI
- Device X.509 cert
• Advanced encryption
- Aggressive re-keying
• Service micro-segmentation
• Unified policy from branch-to-cloud
• Multi-tenanted
• Integrated assurance
Site Onboarding
User to Application
Advanced Security
CentralizedControl
34 © Nokia 2016
1. Introduction
2. SDN in the data center: Nuage Networks VSP
3. Beyond the DC: SD-WAN
4. Automated Networks without Borders
5. Customer use cases
6. Conclusion
Agenda
35 © Nokia 2016
Islands of Automation
??
Public Cloud
Public CloudSD-WAN
HQ Branch Partners
Wide Area NetworkData Center
VPLS
Public IP(Internet)
MPLS
SD-WAN
Branch Branch
SD-WAN Service Overlay #1 Service Overlay #2
Service Overlay #3
VirtualizedServices
Controller
VirtualizedServicesDirectory
VirtualizedServicesController
SD-DC
Private Cloud
VirtualizedServices
Controller
VirtualizedServicesDirectory
VirtualizedServicesController
Data Center -1 Data Center -2
Service Overlay #1 Service Overlay #2
Service Overlay #3
36 © Nokia 2016
Journey to Automated Networks without Borders
Private Cloud
Data Center -1 Data Center -2
VirtualizedServices
Controller
VirtualizedServicesDirectory
VirtualizedServicesController
Overlay #1 Overlay #2Overlay #3
Data Center HQ Branch Partners
Wide Area Network
Public IP(Internet)MPLS
SD-WAN
Branch Branch
Overlay #1 Overlay #2Overlay #3
VirtualizedServices
Controller
VirtualizedServicesDirectory
VirtualizedServicesController
37 © Nokia 2016
Journey to Automated Networks without Borders
Private Cloud
Data Center -1 Data Center -2Data Center HQ Branch Partners
Wide Area Network
Public IP(Internet)MPLS
SD-WAN
Branch Branch
Service Overlay #1 Service Overlay #2
Service Overlay #3
VirtualizedServices
Controller
VirtualizedServicesDirectory
VirtualizedServicesController
38 © Nokia 2016
Journey to Automated Networks without Borders
Private Cloud
Data Center -1 Data Center -2Data Center HQ Branch Partners
Wide Area Network
Public IP(Internet)MPLS
SD-WAN
Branch Branch
VirtualizedServices
Controller
VirtualizedServicesDirectory
VirtualizedServicesController
Public Cloud
Service Overlay #1
Service Overlay #2
Service Overlay #3
39 © Nokia 2016
• Fully automated
• Full flexibility
• Total control
• Secure
• On-demand
• Any network infrastructure
• Consistent policy framework for all use cases
Final Destination: Automated Networks without Borders
VirtualizedServices
Controller
VirtualizedServicesDirectory
VirtualizedServicesController
HQ Branch Partners
Wide Area Network
Data Center
Public IP(Internet)
MPLS
Branch Branch
Service Overlay #1
Service Overlay #2
Service Overlay #3
Public CloudPrivate Cloud
Data Center -1 Data Center -2
Connecting Users in Any location to Applications in Any Cloud
40 © Nokia 2016
1. Introduction
2. SDN in the data center: Nuage Networks VSP
3. Beyond the DC: SD-WAN
4. Automated Networks without Borders
5. Customer use cases
6. Conclusion
Agenda
41 © Nokia 2016
BANKS TECH COMPANIES
HEALTHCARE & INSURANCE COMPANIES
GAMING FIRMS CLOUD PROVIDERS
SERVICE
PROVIDERS
Customer Momentum
80+ wins anddeployments
170+ successfultrials / pilots
42 © Nokia 2016
China Mobile Deployment Case Study
• Public Cloud focus on Enterprises
• Largest OpenStack deployment in China (+1,000 compute nodes with 100K VM)
• Provides both IaaS and PaaS, at par with Amazon AWS
• Network services: Virtual Private Cloud (VPC), IaaS, Layer 2, Layer 3, Firewall as a Service, Loadbalancer as a Service, VPN as a Service, Security monitoring
• Seamless interconnection across two locations
• Exhaustive networking support for containers
43 © Nokia 2016
Betfair: DevOps @ Massive Scale
• 135M peak transactions/day (average
100M/day)
• >20x Volume of NYSE!
• 2.7B+ API calls daily
• 1.7M+ Active users
• Nuage SDN + Red Hat RHEL OSP
• “Nuage & Red Hat get us, and we get
them…” R. Haigh
• Ansible scripts regularly shared & co-
developed…
44 © Nokia 2016
MyRepublicMySDN integrates seamlessly with any existing links, devices and services
1000 active NSGsPer VSC pair
1000 active NSGsPer VSC pair
45 © Nokia 2016
MySDN integrates seamlessly with any existing links, devices and services
100% Service Level Assurance (SLA) with multiple VSCs redundancies
Specialized Network Operation Centre (NOC) team
Dedicated 24/7 Customer Service
Leveraging on our regional footprint, distributor regional presence and building strong relationships with key partners (Datacenters & Carriers)
46 © Nokia 2016
BT at SDN & Openflow world congress
Confidential
Den Haag, 2016
47 © Nokia 2016
Exponential-e at SD-WAN summit
Confidential
Paris, September 2016
Exponential-e’s DC offering based on Nuage Networks VSP
48 © Nokia 2016
1. Introduction
2. SDN in the data center: Nuage Networks VSP
3. Beyond the DC: SD-WAN
4. Automated Networks without Borders
5. Customer use cases
6. Conclusion
Agenda
49 © Nokia 2016
Centralized Policy-based control
DC/cloud service chaining
Expand to include applications
IT approach to network service delivery
How does it work?Architecture overview
Site
Site
Separation of service from transport
Hybrid WAN (Multiple transport links)
Application-aware path selection
AppApp
App
InternetMPLS VPN
Overlay offers transport choices
Self-governance
of service functions
“Offering a spread of SD-WAN options will be key moving forward and Nuage (backed by Nokia) represents a solid solution partner”
September, 2016
50 © Nokia 2016
Enterprises transforming their IT to become more agile & responsive
Nuage VSP provides programmable networks across DC & branch VPN
Single declarative policy agnostic of the orchestrator, network or workload type
Rich & Richer technology partner ecosystem
In Conclusion….
51 © Nokia 2016
Virtualized Services Platform (VSP)
Virtualized Network Services (VNS)
Virtualized ServicesAssurance Platform (VSAP)
SD-WAN: Connecting & Serving Disparate Locations
Site A
Site B
Site C
VPN
Data Center(Private Cloud)
VM VM
Operational Tools (Monitoring / Correlation)
Virtualized Services Directory (VSD)• Network Policy Engine – abstracts complexity• Service templates and analytics
Virtualized Services Controller (VSC)• SDN Controller, programs the network• Rich routing feature set
Virtual Routing & Switching (VRS)• Distributed switch / router – L2-4 rules• Supports leading hypervisors and base metal assets• Virtual (VRS) and Physical (VSG) form-factors
Network Services Gateway (NSG)• Network service platform for branches• L2-L4 Switching & routing w/advanced nwk functions • Physical or Virtual form-factors
Nuage NetworksVirtualized Services Platform (VSP)
Data Center Feature Set (VCS) SD-WAN Feature Set (VNS)
Virtualized CloudServices (VCS)
The Nuage Networks Offer:Single Policy based Network Automation Platform from the DC to the Branch
Recommended