OPEN template

Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo

are trademarks of Alcatel-Lucent. All other trademarks are

the property of their respective owners.

The information presented is subject to change without notice.

Alcatel-Lucent assumes no responsibility for inaccuracies

contained herein.

This slide must be kept when distributed externally.

2

COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Network policy abstraction Taking the configuration hassle and errors out of cloud networking

Mike Loomis April 2015

3

COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Virtualization and its impact on the datacenter

Traditional server Virtualized compute Cloud

Number of endpoints 1 20-40 Could be 100s

Nature of connections Static Dynamic Very dynamic

Connection duration Years Months Days or less

Service requirements Simple Variable Complex

App

OS

Server

Hypervisor

Server VMs

v-switches

Physical server Virtualization Cloud containers

Top of rack

Network endpoint End station

Top of rack

End stations

Network endpoint

VLAN separation

This is true of other networking problems: BYOD, mobile, branch, Extranets…

Hypervisor

Server VMs

v-switches

Hypervisor

Server VMs

v-switches

Hypervisor

Server VMs

v-switches Hypervisor

Server VMs

v-switches

Hypervisor

Server VMs

v-switches

4

COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Service provider networking principles applied to the problem

192.168.20.0/24

Service-specific state

exists on all elements

Service-specific state only where you need it - Endpoints

Tunnel Traffic across the network - MPLS

To preserve existing investment - VXLAN

5

COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

What is a policy

policy

noun, pol·i·cy often attributive \ˈpä-lə-sē\

Definition of POLICY

a definite course or method of action selected from among alternatives and in light of given

conditions to guide and determine present and future decisions

Policy for

web server

• Assign address out of subnet pool X

• Allow traffic from Internet on port 80

• Allow traffic to ‘business logic’ group – Redirect through firewall ‘web’

• Rate limit to 700 Mb/s

• Assign priority of Silver

• Collect interface stats every 10 sec

• Alarm if stat x, w, or z exceeds threshold

Web servers

Business logic servers

Logical network template

Database servers

Internet

6

COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Desired workflow

1. Developer deploys a workload through the cloud

management system (OpenStack, CloudStack, Vmware)

2. Workload is deployed

3. Workload is authenticated and mapped to a ‘group’

4. Policy for the group is determined

5. Policy for the group is instantiated (auto-configuration)

from the template

6. Workload is connected according to policy

Developer

Cloud automation

1.

Datacenter

services Brooklyn datacenter

- Zone 1

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Brooklyn datacenter

- Zone 2

Hypervisor

Hypervisor

Hypervisor

Manhattan datacenter

- Zone 2

Edge

router

Network

services

Business

VPN service

Private

datacenter

2.

Policy directory

3.

4.

SDN controller

5.

OPEX – faster developer TTM, Elimination of Ticketing workflow

Introduce Dev / Ops rapid deployment from Dev to UAT

Consistent, secure, error free config

6.

Network services

7

COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.