Upload
nuage-networks
View
235
Download
3
Tags:
Embed Size (px)
Citation preview
.
Goals & Non-Goals
Goals: • Describe the SDN framework and how it applies to wide area
networking • Discuss some of the key WAN challenges • Identify how a SD WAN overcomes those challenges
Non-Goal: • Present an exhaustive discussion of any technology, architecture
or products
.
Five Key Characteristics of a SDN
• Separation of the control function from the forwarding function.
• An emphasis on policy management.
• More emphasis on automation.
• The use of multi-pathing.
• The creation of overlay networks.
.
Five Key Drivers of a SDN
• Better utilize network resources • Perform traffic engineering with an end-to-end view of the
network
• Support the dynamic movement, replication and allocation of virtual resources
• More easily scale network functionality • Enable applications to dynamically request services from
the network
.
The Definition of NFV
The virtualization of a very broad range of functionality and exhibiting the following characteristics:
• High degree of automation • Coexist with physical infrastructure • High performance • High degrees of resiliency and security • Can be effectively managed
.
The Five Primary WAN Challenges
• Support real time applications.
• Increase security.
• Improve application performance.
• Provide access to public cloud computing services.
• Reduce cost.
.
What is a SD WAN?
• Centralizes the control function in a SDN controller. • Controller sets up virtual networks that are technology
agnostic. • The controller directs the network elements to implement
functionality such as QoS, optimization and security.
• Often uses multi-pathing of WAN links.
.
Five Key Drivers of a SD WAN
• Increase flexibility.
• Simplify operations.
• Deploy new functionality more quickly.
• Reduce OPEX.
• Improve application performance
.
Dynamic Multi-Pathing • Choosing the best WAN link based on a combination of policy
and network conditions. • Most likely options:
• An MPLS link and an Internet link • Two Internet links
• Reduce cost by reducing the amount of MPLS based bandwidth. • Increase availability based on using diversely routed access links
and different ISPs.
.
The Use of Policy & Automation
• Policy is used to determine which traffic transits which WAN link. This can enable the support of real-time traffic.
• Security policies can be created and enforced centrally reducing manual effort and making it easier to show regulatory compliance.
• Device configuration can be created and managed centrally and pushed out to branch offices.
.
More Efficient WAN Topologies
• The traditional WAN is based on a hub and spoke topology.
• Hub and spoke is efficient for data traffic between a branch and a fixed data center. It is not efficient handling a lot of inter-branch office traffic.
• A better topology to support a lot of inter-branch traffic is a fully meshed topology.
.
Leveraging NFV • A typical branch office has numerous physical appliances
for a range of L4 – L7 functionality. • Can be cumbersome to provision and manage. • Are often over-provisioned • A NFV approach to providing L4 – L7 functionality
reduces the branch office complexity and reduces cost.
Copyright 2015 Alcatel-‐Lucent. All rights reserved. Copyright 2015 Alcatel-‐Lucent. All rights reserved.
Extensible Wide Area Networking
Alastair Johnson, Principal Architect 11th June 2015
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
Needs Means
Services
Moves, Adds, Changes
Management
Full range of Network + Compute services ConnecFvity + Bespoke
AutomaFon, Removal of manual configuraFon Request, and wait and wait
Visibility, Single point security management Limited, but no control
Control DIY, Compliance conformance Request, and wait and wait
ConfiguraFon Agility, Just in Fme consumpFon Ask, and wait and wait
Key Areas of Enterprise Concern
ENTERPRISE VPNS – MEANS FAIL TO DELIVER ON NEEDS
Misaligned with shiOs in cloud consumpQon model
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
ENTERPRISE NETWORKING NEEDS A RETHINK
TRANSPORT DEPENDENT
LOCATION DEPENDENT
DEVICE DEPENDENT
MANUAL (TIME ‘DEPENDENT’)
ENTERPRISE WAN
1. Turn-up a new site
2. Reconfiguration of existing site
3. Transport introduction/upgrades
4. L2-L4 VPN service configuration
5. Security implementation
6. Security assessment
7. L4-L7 application insertion
8. Datacenter interconnection
9. Operational moves/adds/changes
10. Service assurance/fault localization
11. Service optimization/fault prevention
12. Device replacement
13. Configuration auditing/compliance
14. . . .
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
WIDE AREA NETWORKING EVOLUTION WITH SD-‐WANs
TRANSPORT DEPENDENT
LOCATION DEPENDENT
DEVICE DEPENDENT
MANUAL (TIME ‘DEPENDENT’)
ENTERPRISE WAN
TRANSPORT INDEPENDENT
LOCATION INDEPENDENT
DEVICE INDEPENDENT
ENTERPRISE VNS
AUTOMATED (TIME ‘INDEPENDENT’)
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
GENERALIZATION OF THE ‘BRANCH’ CONCEPT
22
§ Branch (def.): Any locaFon requiring aTachment to Enterprise WAN
Fixed
Office / Building Retail / Store Front Kiosk / ATM
Pop-‐up
Virtual
Private Datacenter
Temporary
Mobile workforce Public Datacenter (IaaS) Cloud ApplicaFons (SaaS)
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
Centralized Management
and Network
Policy Engine
Fixed and Mobile Access Networks
SoOware Defined Wide Area Network
IP-‐VPN Private IP
Internet
Branch locaFons
L2-‐VPN Business Internet
THE PROMISE OF SDWAN -‐ YOUR WAN ON YOUR TERMS
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
THE PAST DECADE OR TWO… THE SDN BASED BRANCH
Control plane
ETH/IP
BRANCH NETWORKING DEVICE
Management plane
Forwarding plane
GENERAL PURPOSE COMPUTE
OPEN OS x86
Ope
nFlow
PROPRIETARY HARDWARE
Centralized
Policy
Manager
SDN
Controller
Security
Traffic Steering QoS
BRANCH NETWORKING FOR THE CLOUD ERA
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
Singapore
London
Washington
Service Provider B
Los Angeles
San Francisco
New York
Encrypted Traffic
Internet
x86 CPE
Service Provider A
(Virtual CPE) Customers x86 Server
SDWAN
Chicago
(Virtual CPE) Customers x86 Server
x86 CPE x86 CPE
x86 CPE
x86 CPE
SDWAN BASED WIDE AREA NETWORK
Centralized Management and Network Policy Engine
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
San Francisco New York
Primary Link 2Mbps
Secondary Link 20Mb/s Burst
Centralized policy push to route traffic over specific links depending on type
Provider A
(IP-VPN)
INTERNET
Virtualized Network Service
CriFcal Branch App Call Centre Voice
HD Video Conference
USE CASE 1: INTELLIGENT TRAFFIC STEERING
Centralized Management and Network Policy Engine
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
San Francisco New York
Primary Link 2Mbps
Secondary Link
Centralized policy push to route traffic over secondary link on failure of primary
Provider A
(IP-VPN)
Virtualized Network Service
CriFcal Branch App Call Centre Voice
HD Video Conference
X
INTERNET
USE CASE 2: SEAMLESS BACKUP TO ALTERNATIVE LINKS
Centralized Management and Network Policy Engine
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
San Francisco New York
Primary Link 2Mbps
Secondary Link
Centralized policy push to route traffic over secondary link on failure of primary
Provider A
(IP-VPN)
Mobile
Broadband
Virtualized Network Service
CriFcal Branch App Call Centre Voice
HD Video Conference
X 4G
USE CASE 2a: SEAMLESS BACKUP TO ALTERNATIVE LINKS
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
NUAGE NETWORKS SDWAN – VIRTUALIZED NETWORK SERVICES
11/06/15 29
VSP: Unified MulQ-‐tenanted Policy and Control
Virtualized Services Controller (VSC)
Virtualized Services Directory (VSD)
. . . . Layer 4 Security
Traffic Steering QoS Layer 3
7850 NSG (Physical x86) NSG (Virtual – customer provided x86)
Layer 2
✔✔
Bootstrap
§ Runtime topology engine
§ Federated control-plane manager
§ Instantaneous programming of the network
§ Unified policy-plane for management of distributed end points
§ Business/IT Service engine (definition of rules)
§ Multi-tenant templates & Analytics
§ General-purpose compute platform
§ Lightweight data-path agent leverage hardware acceleration
§ Security hardened with TPM/X.509/TLS-based identification
§ Multi-tenant/Multi-VPN with enhanced networking services
Copyright 2015 Alcatel-‐Lucent. All rights reserved.
Nuage VNS in AcQon
11/06/15 30
VNS Video
www.youtube.com/watch?v=7oOw9yLW-‐Pg