Embed Size (px)
Citation preview
Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks
CloudStack Meetup at Nuage Networks
Suresh Boddapati Vice President of Engineering [email protected]
September, 2015
Nuage Networks Overview
Nuage is based in Silicon Valley with a team around the world
An Alcatel-Lucent venture focused on data center and branch office network evolution
for the cloud era
Leverage Alcatel-Lucent infrastructure and key technologies
Creation of an Abstraction & Automation layer between networking features and
hardware equipment
Policy-driven networking design reflecting business directives, not network protocols
Nuage Networks Momentum
Solid wins with marquee accounts
100+ pilot deployments
25+ commercial wins
Across large enterprises, cloud providers & service providers
PHYSICAL & MANUAL DISTRIBUTED & AUTOMATED
DYNAMIC MULTI-TENANT
VIRTUAL WORKLOADS API
NO-MOBILITY SINGLE TENANT
BARE METAL WORKLOADS MANUAL
The Cloud Shift
STATIC NETWORKS HIGHLY AUTOMATED NETWORKS
AUTOMATION ABSTRACTION
CONTROL VISIBILITY
✓
✓ ✓
✓ The SDN Framework For Highly Automated
Networks
CUSTOM COMPLEX
COSTLY CLOSED
Focus on “Needs”, automate the “Means”
The Networking Shift
Network Policy • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • …
Workloads
Appropriate network properties propagated to the workload, regardless of physical location on infrastructure
Physical: Snail mail delivered to the same physical address, regardless of Tina’s location
Virtualized: Email delivered to Tina’s location, regardless of her mailing address
Network Virtualization ABSTRACTION
Tunnels between endpoints allow for independent topologies
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
How does it work?
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
APP OS
ABSTRACTION
Natural evolution to bring more intelligence &
features near the applications
vSwitch (in software) runs on the server consuming
available resources (i.e. CPU)
If a specific vSwitch requires more capacity, one can
simply upgrade the CPU for that portion alone, not
the entire network!
Core
Aggregation
ToR
vSwitch
Features
Servers
$
Why Network Virtualization? ABSTRACTION
Network Virtualization Side Effects
But then do I get many (many) vSwitches to
manage, one per server?
SDN approach to centralize the control plane
(intelligence)
Nuage Networks virtualization approach automatically
program the virtual networking elements
Nuage vSwitch (VRS) executes the policies locally
Servers
SDN Controller
vSwitch
vSwitch
vSwitch
vSwitch
ABSTRACTION
Nuage versus Traditional Networking
When workloads are deployed, physical network
infrastructure needs to be provisioned
Time consuming, error prone, equipment specific, etc.
Introducing vSwitch removes the need to configure the
physical equipment – we then only use it for transport
Network overlays are dynamically created using VxLAN
“tunnels” according to the Network policies of each
workload
Core
Aggregation
ToR
vSwitch
Servers
Network Overlay
VxL
AN
ABSTRACTION
Modern networking protocols done in vSwitch instead of specialized hardware
Extended the life of the networking assets by 12-18 months
L2
Marketing
Engineering
L2
L2
QA
Virtualized Services Directory
Virtualized Services Controller
Virtualized Services Controller
Multiplexing the Network
Deploying more virtual networks atop the existing network infrastructure increased the utilization by 40%
Decoupling the tie between hardware vendor and software features – priceless!
ABSTRACTION
Current Data Center Network
Compute is virtualized
Available in minutes
Network is partially virtualized
Configuration takes days/weeks
Network Configuration
Compute Management
Application Request
Help Desk Change Control
IP Address
VLAN Address
Firewall Configuration
LAN (VLAN) Configuration
WAN (IP) Configuration
Security / QA Team
Project Coordinator
Network change completed in days/weeks
Service velocity is hindered by manual network process
Auto-instantiation
Compute request completed in
minutes
00:01
AUTOMATION
Nuage Networks Policy Templates
Application Request
Service velocity is not hindered by manual network process
Compute Management
Networking
Security/ Compliance
Policy Templates
Nuage Networks VSP
Auto-instantiation
Compute request completed in minutes
IP address
WAN interconnect
Policy / Security Zones
L2 /L3 Service AD
Service chaining
Policy Instantiation • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • …
Network change completed automatically
00:01
00:01
AUTOMATION
Time reductions Refocusing IT
Significant opportunities for IT re-allocations
19,160
13,930
0
5,000
10,000
15,000
20,000
25,000
Total hours Application deployment
MACs Troubleshooting
Ho
urs
Hours Saved
Baseline Nuage
27% savings in hours required
Application deployments
Hours saved of 23%, or 1,500 hours
Results in faster launch of applications
Applications MACs
Hours saved of 27% of 2,700 hours
Results in faster updates of applications
Applications troubleshooting
Hours saved of 35% of 1,0700 hours
Results in faster fixes of errors
Thousands of hours saved!
AUTOMATION
Bare Metal Servers
Gateway
Server
Server
VM VM
ESXi Server
L2
Virtual Network A
Virtual Network B
L2
L2
Virtual Network C
Nuage Networks Supports All Workloads CONTROL
Linux Server
Containers V
M VM Container
s
Any Network
Public Datacenter
Branch
Branch Branc
h
Branch location DCI
Hypervisor
Hypervisor
Hypervisor
Customer Data Center
Virtualized Services Controller
Virtualized Services Controller
Case Study – Hybrid Cloud Model
Large financial customer uses Nuage in its own DataCenter
Customer developed an architecture that will allow them to securely move workloads to public cloud provider
Nuage provides a common Networking profile regardless of the physical location and networking equipment used
For governance purposes, Nuage offer a single/centralized tracking infrastructure
Hypervisor
Hypervisor
Hypervisor
Amazon AWS
Virtualized Services Controller
Hypervisor
Hypervisor
Hypervisor
Google GCS
CONTROL
Template
Conforms to: • Connectivity • Security • QoS • Statistics
Users (Network)
Users (Compute)
Hypervisor
DC1 Zone 1
1,000 Hosts
Hypervisor
DC1 Zone 2
1,000 Hosts
Config
Update
Update
Update Config Update
Update security policies once, hierarchically & centrally.
Deployed across all appropriate endpoints instantaneously
Push-button network audit visibility
Adhere to changes across the infrastructure implicitly
Compliance with global security policies
Ensure configuration consistency
Derived Benefits: Tighter governance and Security CONTROL
The Underlay as a Network of Networks
IP Network
Hypervisor
Hypervisor
Hypervisor
DC 1 Rack 1 Hypervisor
Hypervisor
Hypervisor
DC 1 Rack 2
ToR
Hypervisor
Hypervisor
Hypervisor
DC 2 Rack 1
DC Core
X
VISIBILITY
Branch Offices Headquarters
“Hardware Centric”
Server Centric
Open Network Approach
Buy my hardware… (Propagate closed systems)
Largely ignore it… (Use marketing machine)
Use standard protocols and open interfaces to
Solve the problem
Alternatives for Assessing Service Health… VISIBILITY
VSAP is about underlay & overlay correlation
Branch Offices Headquarters
IP Network
Hypervisor
Hypervisor
Hypervisor
DC 1 Rack 1 Hypervisor
Hypervisor
Hypervisor
DC 1 Rack 2
ToR
Hypervisor
Hypervisor
Hypervisor
DC 2 Rack 1
DC Core
X
VISIBILITY
MONITOR
physical topology CORRELATE physical & virtual topology
Virtualized Services Controller (VSC)
Graphical view of alarms and faults in the network
Alarm correlation for root cause analysis
Remedial action for expediting problem resolution
Upstream router port failure
VSAP Fault Correlation VISIBILITY
EXISTING
DATACENTER
NETWORK
. . . .
Any Compute Virtualization Environment
Any Datacenter Network Infrastructure
Any Server or Hypervisor
The MUST BES
ANY APPLICATION, ANY CLOUD, EVERY TIME
ESXi KVM Hyper-V
XEN
BareMetal
BGP
MPLS Internet Mobile
Fast, simple core Multi-service edge
Multi-domain support
Massive network scale
Policy-driven, on-demand connectivity
Massive user scale
Applying Principles of Proven Architectures
Cloud Service Management Plane
Data Center Control Plane
Data Center Data Plane
Virtual Routing & Switching
Virtualized Services Directory
Virtualized Services Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analytics
Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich routing feature set
Virtual Routing & Switching (VRS) • Distributed switch / router – L2-4 rules • Integration of bare metal assets
Nuage Networks Virtualized Services Platform (VSP)
IP Fabric
Gateway for bare metal servers
Nuage Networks Virtualized Services Platform
MP-BGP
Value
Time
An SDN Journey … Delivering value over the network
Nuage Networks Virtualized Service Platform (VSP)
Hypervisor
Hypervisor
Hypervisor
• 40% increase in asset utilization
• 50% OPEX reduction • 10x improvement in service
time • Build “modern networks”
on top of existing infrastructure
• Extend life of Net HW and increase utilization
• Break dependency between features and HW supplier
Data center
Any Network
Public Datacenter
Branch
Branch Branc
h
• Reuse existing network infrastructure
• COTS hardware CPE • Advanced features in SW versus
bound to HW • Central/common policy engine
reflecting business values vs net capabilities
• Automated bootup process
Branch locations WAN
• Increase resiliency • Enable hybrid/public cloud • “Follow the sun” apps
support where you move workloads where/when needed
• Allow workloads to move from one data center to another
• Keep the same net profile/security regardless of the location
VM VM
VM
Virtual Net
Existing Network
In Conclusion
To deliver business agility, network virtualization & automation
are becoming the foundation for private clouds
To support this trend, Nuage Networks delivers a new class of
modern SDN solution
Abstraction & Automation with full Control & Visibility
Policy-driven automatic provisioning
Boundary-less automation across Data Centers & VPN
For all virtualized and bare-metal workloads
Nuage VSP CloudStack Integration
• APAC • CTCC
• Public Cloud - Deployed last year
• Growing the deployment this year – in servers and #VMs
• Private cloud deployments in pipeline
• POCs/Trials in progress in APAC.
• EMEA: Interest growing – POCs planned
• North America: A large Enterprise customer in trial
9/16/2015
28
Nuage VSP Cloudstack customers
CloudStack VSP Plugin Overview Nuage VSP has a plugin for Apache CloudStack 4.3.0, 4.5.0
Works with VSP 2.1 and 3.2
It enhances the base CloudStack networking
With Nuage VSP’s advanced virtual networking capabilities
With a sophisticated policy, controller architecture that gives much better scale and
performance than the base CloudStack networking
CloudStack to VSD Mapping • ACS has inbuilt networking constructs that are used to define the networks in an ACS cloud. • The Nuage VSP plugin support for ACS maps the ACS networking constructs to the corresponding Nuage VSP constructs
CloudStack Resource Description Corresponding Nuage Construct
Domain Collection of user groups Enterprise
Account Collection of tenant users User Group
Account User A tenant user User
Static NAT Floating IP
Firewall Rules Access control for traffic leaving a guest VM
Ingress Security Policy
Ingress Rules Access control for traffic coming into a guest VM
Egress Security Policy
Network ACL Access control for traffic coming into a guest VM in a VPC
Ingress Security Policy Egress Security Policy
Isolated Network with NAT L3 Networking
VPC Virtual Private Network L3 Networking
Advanced Networking
Isolated Network
Virtual Private Cloud
Supported Services
User Data service (password reset – uses CS VR)
Static NAT
Firewall
DHCP
Network ACL
Connectivity
External DNS
Extensions to support enhanced networking capabilities
Multi-Hypervisor support – ESXi, XenServer
9/16/2015
31
CloudStack NuageVSP Plugin
Supported Services
Updated User Data service (user data, meta data – uses CS VR)
Source NAT
Public load balancer
External DNS
Guest VMs DNS support
Extensions to support enhanced networking capabilities
Improved scalability
Enhanced concurrent operations
Improved Plugin robustness - ACS/VSP objects Audit/Sync support
Additional hypervisor support – KVM
9/16/2015
32
CloudStack NuageVSP Plugin
On The Roadmap
Parity with VR functionality
Port Forwarding
Site-to-Site VPN
Remote Access VPN
Nuage is a contributor to Apache CloudStack
We are now officially contributing to Apache CloudStack
The CloudStack VSP Plugin has been checked in upstream to ACS 4.5 branch
We are Platinum sponsors at 3 out of 5 CloudStack Collaboration conferences in 2015
We have a booth presence and speaking sessions
Nuage is the only viable SDN solution for CloudStack
Next upstream check in will be in ACS 4.6, any time now
9/16/2015 35
www.nuagenetworks.com @nuagenetworks
