SlideShare a Scribd company logo

Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati

Download as PPTX, PDF
B
buildacloud

Nuage Networks provides an SDN solution called the Virtualized Services Platform that abstracts physical network infrastructure and automates network provisioning through centralized policy-based controls. Nuage has integrated its VSP with CloudStack to enhance CloudStack's networking capabilities with advanced virtual networking, improved scalability, and automated provisioning based on Nuage's policy engine. The Nuage-CloudStack plugin maps CloudStack networking constructs to corresponding constructs in the VSP to provide services like isolated networks, firewalls, and load balancing across multiple hypervisors.

Software
1 of 34
Downloaded 29 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks CloudStack Meetup at Nuage Networks Suresh Boddapati Vice President of Engineering suresh@nuagenetworks.net September, 2015
Nuage Networks Overview  Nuage is based in Silicon Valley with a team around the world  An Alcatel-Lucent venture focused on data center and branch office network evolution for the cloud era  Leverage Alcatel-Lucent infrastructure and key technologies  Creation of an Abstraction & Automation layer between networking features and hardware equipment  Policy-driven networking design reflecting business directives, not network protocols
Nuage Networks Momentum  Solid wins with marquee accounts  100+ pilot deployments  25+ commercial wins  Across large enterprises, cloud providers & service providers
PHYSICAL & MANUAL DISTRIBUTED & AUTOMATED DYNAMICMULTI-TENANT VIRTUAL WORKLOADS API NO-MOBILITYSINGLE TENANT BARE METAL WORKLOADS MANUAL The Cloud Shift
STATIC NETWORKS HIGHLY AUTOMATED NETWORKS AUTOMATIONABSTRACTION CONTROL VISIBILITY ✓ ✓ ✓ ✓ The SDN Framework For Highly Automated Networks CUSTOMCOMPLEX COSTLY CLOSED Focus on “Needs”, automate the “Means” The Networking Shift
Network Policy • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • … Workloads Appropriate network properties propagated to the workload, regardless of physical location on infrastructure Physical: Snail mail delivered to the same physical address, regardless of Tina’s location Virtualized: Email delivered to Tina’s location, regardless of her mailing address Network Virtualization ABSTRACTION
Tunnels between endpoints allow for independent topologies APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS How does it work? APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS ABSTRACTION
 Natural evolution to bring more intelligence & features near the applications  vSwitch (in software) runs on the server consuming available resources (i.e. CPU)  If a specific vSwitch requires more capacity, one can simply upgrade the CPU for that portion alone, not the entire network! Core Aggregation ToR vSwitch Features Servers $ Why Network Virtualization? ABSTRACTION
Network Virtualization Side Effects  But then do I get many (many) vSwitches to manage, one per server?  SDN approach to centralize the control plane (intelligence)  Nuage Networks virtualization approach automatically program the virtual networking elements  Nuage vSwitch (VRS) executes the policies locally Servers SDN Controller vSwitch vSwitch vSwitch vSwitch ABSTRACTION
Nuage versus Traditional Networking  When workloads are deployed, physical network infrastructure needs to be provisioned  Time consuming, error prone, equipment specific, etc.  Introducing vSwitch removes the need to configure the physical equipment – we then only use it for transport  Network overlays are dynamically created using VxLAN “tunnels” according to the Network policies of each workload Core Aggregation ToR vSwitch Servers Network Overlay VxLAN ABSTRACTION
 Modern networking protocols done in vSwitch instead of specialized hardware  Extended the life of the networking assets by 12-18 months L2 Marketing Engineering L2 L2 QA Virtualized Services Directory Virtualized Services Controller Virtualized Services Controller Multiplexing the Network  Deploying more virtual networks atop the existing network infrastructure increased the utilization by 40%  Decoupling the tie between hardware vendor and software features – priceless! ABSTRACTION
Current Data Center Network  Compute is virtualized  Available in minutes  Network is partially virtualized  Configuration takes days/weeks Network Configuration Compute Management Application Request Help Desk Change Control IP Address VLAN Address Firewall Configuration LAN (VLAN) Configuration WAN (IP) Configuration Security / QA Team Project Coordinator Network change completed in days/weeks Service velocity is hindered by manual network process Auto-instantiation Compute request completed in minutes 00:01 AUTOMATION
Nuage Networks Policy Templates Application Request Service velocity is not hindered by manual network process Compute Management Networking Security/ Compliance Policy Templates Nuage Networks VSP Auto-instantiation Compute request completed in minutes IP address WAN interconnect Policy / Security Zones L2 /L3 Service AD Service chaining Policy Instantiation • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • … Network change completed automatically 00:01 00:01 AUTOMATION
Time reductions  Refocusing IT Significant opportunities for IT re-allocations 19,160 13,930 0 5,000 10,000 15,000 20,000 25,000 Total hours Application deployment MACs Troubleshooting Hours Hours Saved Baseline Nuage 27% savings in hours required  Application deployments   Hours saved of 23%, or 1,500 hours  Results in faster launch of applications  Applications MACs   Hours saved of 27% of 2,700 hours  Results in faster updates of applications  Applications troubleshooting   Hours saved of 35% of 1,0700 hours  Results in faster fixes of errors Thousands of hours saved! AUTOMATION
Bare Metal Servers Gateway Server Server VM VM ESXi Server L2 Virtual Network A Virtual Network B L2 L2 Virtual Network C Nuage Networks Supports All Workloads CONTROL Linux Server Container s V M V MContainer s Any Network Public Datacenter Branch Branch Branc h Branch locationDCI
Hypervisor Hypervisor Hypervisor Customer Data Center Virtualized Services Controller Virtualized Services Controller Case Study – Hybrid Cloud Model  Large financial customer uses Nuage in its own DataCenter  Customer developed an architecture that will allow them to securely move workloads to public cloud provider  Nuage provides a common Networking profile regardless of the physical location and networking equipment used  For governance purposes, Nuage offer a single/centralized tracking infrastructure Hypervisor Hypervisor Hypervisor Amazon AWS Virtualized Services Controller Hypervisor Hypervisor Hypervisor Google GCS CONTROL
Template Conforms to: • Connectivity • Security • QoS • Statistics Users (Network) Users (Compute) Hypervisor DC1 Zone 1 1,000 Hosts Hypervisor DC1 Zone 2 1,000 Hosts Config Update Update Update Config Update  Update security policies once, hierarchically & centrally.  Deployed across all appropriate endpoints instantaneously  Push-button network audit visibility  Adhere to changes across the infrastructure implicitly  Compliance with global security policies  Ensure configuration consistency Derived Benefits: Tighter governance and Security CONTROL
The Underlay as a Network of Networks IP Network Hypervisor Hypervisor Hypervisor DC 1 Rack 1 Hypervisor Hypervisor Hypervisor DC 1 Rack 2 ToR Hypervisor Hypervisor Hypervisor DC 2 Rack 1 DC Core X VISIBILITY Branch Offices Headquarters
“Hardware Centric” Server Centric Open Network Approach Buy my hardware… (Propagate closed systems) Largely ignore it… (Use marketing machine) Use standard protocols and open interfaces to Solve the problem Alternatives for Assessing Service Health… VISIBILITY
VSAP is about underlay & overlay correlation Branch Offices Headquarters IP Network Hypervisor Hypervisor Hypervisor DC 1 Rack 1 Hypervisor Hypervisor Hypervisor DC 1 Rack 2 ToR Hypervisor Hypervisor Hypervisor DC 2 Rack 1 DC Core X VISIBILITY MONITOR physical topology CORRELATE physical & virtual topology Virtualized Services Controller (VSC)
 Graphical view of alarms and faults in the network  Alarm correlation for root cause analysis  Remedial action for expediting problem resolution Upstream router port failure VSAP Fault Correlation VISIBILITY
EXISTING DATACENTER NETWORK . . . . Any Compute Virtualization Environment Any Datacenter Network Infrastructure Any Server or Hypervisor The MUST BES ANY APPLICATION, ANY CLOUD, EVERY TIME ESXi KVM Hyper-V XEN BareMetal
BGP MPLS Internet Mobile  Fast, simple core  Multi-service edge  Multi-domain support  Massive network scale  Policy-driven, on-demand connectivity  Massive user scale Applying Principles of Proven Architectures
Cloud Service Management Plane Data Center Control Plane Data Center Data Plane Virtual Routing & Switching Virtualized Services Directory Virtualized Services Controller HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analytics Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich routing feature set Virtual Routing & Switching (VRS) • Distributed switch / router – L2-4 rules • Integration of bare metal assets Nuage Networks Virtualized Services Platform (VSP) IP Fabric Gateway for bare metal servers Nuage Networks Virtualized Services Platform MP-BGP
Value Time An SDN Journey … Delivering value over the network Nuage Networks Virtualized Service Platform (VSP) Hypervisor Hypervisor Hypervisor • 40% increase in asset utilization • 50% OPEX reduction • 10x improvement in service time • Build “modern networks” on top of existing infrastructure • Extend life of Net HW and increase utilization • Break dependency between features and HW supplier Data center Any Network Public Datacenter Branch Branch Branc h • Reuse existing network infrastructure • COTS hardware CPE • Advanced features in SW versus bound to HW • Central/common policy engine reflecting business values vs net capabilities • Automated bootup process Branch locationsWAN • Increase resiliency • Enable hybrid/public cloud • “Follow the sun” apps support where you move workloads where/when needed • Allow workloads to move from one data center to another • Keep the same net profile/security regardless of the location VM VM VM Virtual Net Existing Network
In Conclusion  To deliver business agility, network virtualization & automation are becoming the foundation for private clouds  To support this trend, Nuage Networks delivers a new class of modern SDN solution  Abstraction & Automation with full Control & Visibility  Policy-driven automatic provisioning  Boundary-less automation across Data Centers & VPN  For all virtualized and bare-metal workloads
Nuage VSP CloudStack Integration
• APAC • CTCC • Public Cloud - Deployed last year • Growing the deployment this year – in servers and #VMs • Private cloud deployments in pipeline • POCs/Trials in progress in APAC. • EMEA: Interest growing – POCs planned • North America: A large Enterprise customer in trial 9/15/2015 28 Nuage VSP CloudStack customers
CloudStack VSP Plugin Overview  Nuage VSP has a plugin for Apache CloudStack 4.3, 4.5  Works with Nuage VSP v2.1 and v3.2  It enhances the base CloudStack networking  With Nuage VSP’s advanced virtual networking capabilities  With a sophisticated policy, controller architecture that gives much better scale and performance than the base CloudStack networking
CloudStack to VSD Mapping • ACS has inbuilt networking constructs that are used to define the networks in an ACS cloud. • The Nuage VSP plugin support for ACS maps the ACS networking constructs to the corresponding Nuage VSP constructs CloudStack Resource Description Corresponding Nuage Construct Domain Collection of user groups Enterprise Account Collection of tenant users User Group Account User A tenant user User Static NAT Floating IP Firewall Rules Access control for traffic leaving a guest VM Ingress Security Policy Ingress Rules Access control for traffic coming into a guest VM Egress Security Policy Network ACL Access control for traffic coming into a guest VM in a VPC Ingress Security Policy Egress Security Policy Isolated Network with NAT L3 Networking VPC Virtual Private Network L3 Networking
 Advanced Networking  Isolated Network  Virtual Private Cloud  Supported Services  Virtual Network  User Data service (password reset, meta data – uses CS VR)  Static NAT  Firewall  DHCP  Network ACL  External DNS  Source NAT  Public load balancer  Guest VMs DNS support  Multi-Hypervisor support – ESXi, XenServer, KVM  Extensions to support enhanced networking capabilities  Improved scalability  Enhanced concurrent operations  Improved Plugin robustness - ACS/VSP objects Audit/Sync support 9/15/2015 31 CloudStack NuageVSP Plugin
On The Roadmap Parity with VR functionality  Port Forwarding  Site-to-Site VPN  Remote Access VPN
Nuage is a contributor to Apache CloudStack  We are now officially contributing to Apache CloudStack  The CloudStack VSP Plugin has been checked in upstream to ACS 4.5 branch  We are Platinum sponsors at 3 out of 5 CloudStack Collaboration conferences in 2015  We have a booth presence and speaking sessions  Nuage is the only viable SDN solution for CloudStack  Next upstream check in will be in ACS 4.6, any time now 
9/15/2015 34 www.nuagenetworks.com @nuagenetworks

More Related Content

PDF
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
buildacloud
 
PDF
The Future of SDN in CloudStack by Chiradeep Vittal
buildacloud
 
PDF
Presentation cloud orchestration
xKinAnx
 
PDF
Cloud Networking is not Virtual Networking - London VMUG 20130425
Greg Ferro
 
PDF
Presentation cloud orchestration solution overview
xKinAnx
 
PDF
VMworld 2013: VMware NSX Integration with OpenStack
VMworld
 
PDF
VMware NSX 101: What, Why & How
Aniekan Akpaffiong
 
PPTX
Cloud computing and OpenStack
Edgar Magana
 
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
buildacloud
 
The Future of SDN in CloudStack by Chiradeep Vittal
buildacloud
 
Presentation cloud orchestration
xKinAnx
 
Cloud Networking is not Virtual Networking - London VMUG 20130425
Greg Ferro
 
Presentation cloud orchestration solution overview
xKinAnx
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld
 
VMware NSX 101: What, Why & How
Aniekan Akpaffiong
 
Cloud computing and OpenStack
Edgar Magana
 

What's hot (20)

PDF
VNG/IRD - Cloud computing & Openstack discussion 3/5/2014
Tran Nhan
 
PDF
Cloud orchestration major tools comparision
Ravi Kiran
 
PPTX
Designing CloudStack Clouds
ShapeBlue
 
PDF
An Introduction to VMware NSX
Scott Lowe
 
PDF
Intel & QLogic NIC performance test results v0.2
David Pasek
 
PDF
[2015-05월 세미나] Network Bottlenecks Mutiply with NFV Don't Forget Performance ...
OpenStack Korea Community
 
PDF
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
OpenStack Korea Community
 
PDF
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
PDF
OpenStack 101 update
Kamesh Pemmaraju
 
PPTX
Rightscale Webinar: Designing Private & Hybrid Clouds (Hosted by Citrix)
RightScale
 
PPTX
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Cloud Native Day Tel Aviv
 
PDF
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
VMUG IT
 
PDF
Introduction to MANTL Data Platform
Cisco DevNet
 
PDF
Si fa presto a dire SDDC: come, quando e perché?
Andrea Mauro
 
PDF
OpenStack Scale-out Networking Architecture
Randy Bias
 
PDF
Private IaaS Cloud Provider
David Pasek
 
PDF
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
OpenStack Korea Community
 
PDF
EMC & OpenStack: A View From Within
EMC
 
PDF
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
OpenStack Korea Community
 
PDF
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
ShapeBlue
 
VNG/IRD - Cloud computing & Openstack discussion 3/5/2014
Tran Nhan
 
Cloud orchestration major tools comparision
Ravi Kiran
 
Designing CloudStack Clouds
ShapeBlue
 
An Introduction to VMware NSX
Scott Lowe
 
Intel & QLogic NIC performance test results v0.2
David Pasek
 
[2015-05월 세미나] Network Bottlenecks Mutiply with NFV Don't Forget Performance ...
OpenStack Korea Community
 
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
OpenStack Korea Community
 
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
OpenStack 101 update
Kamesh Pemmaraju
 
Rightscale Webinar: Designing Private & Hybrid Clouds (Hosted by Citrix)
RightScale
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Cloud Native Day Tel Aviv
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
VMUG IT
 
Introduction to MANTL Data Platform
Cisco DevNet
 
Si fa presto a dire SDDC: come, quando e perché?
Andrea Mauro
 
OpenStack Scale-out Networking Architecture
Randy Bias
 
Private IaaS Cloud Provider
David Pasek
 
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
OpenStack Korea Community
 
EMC & OpenStack: A View From Within
EMC
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
OpenStack Korea Community
 
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
ShapeBlue
 
Ad

Similar to Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati (20)

PDF
SDN Enablement for Microsoft Hyper-V powered Data Centers
Benjamin Eggerstedt
 
PDF
SDN and Photonics for Dynamic Cloud Connectivity
ADVA
 
PDF
VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...
VMworld
 
PPTX
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
SDN_Paris
 
PDF
Banv meetup-contrail
nvirters
 
PDF
Alcatel-Lucent Tech Symposium 2013: SDN: Innovating for Growth with Nuage Net...
Nuage Networks
 
PDF
Atrinet - Lifecycle Service Manager
Atrinet - Network Management Solutions
 
PDF
Sdn primer pdf
Pooja Patel
 
PDF
Why Network Functions Virtualization sdn?
idrajeev
 
PDF
Anuta Networks at Networking Field Day 14
Kiran Sirupa
 
PDF
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
Bayu Wibowo
 
PDF
VMworld 2013: An Introduction to Network Virtualization
VMworld
 
PDF
Anuta NCX Platform Overview - Agile Network Services with Orchestration
Kiran Sirupa
 
PPTX
Lisa Guess - Embracing the Cloud
centralohioissa
 
PPTX
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SAMeh Zaghloul
 
PPTX
TFI2014 Session I - State of SDN - Scott Sneddon
Colorado Internet Society (CO ISOC)
 
PPTX
Deploying Elastic, Self-Service Load Balancing for VMware NSX-T
Avi Networks
 
PDF
CloudGenix_Customer Presentation
Syed Arsalan
 
PDF
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld
 
PPTX
Reston Virtualization Group 9-18-2014
VMwareJenn
 
SDN Enablement for Microsoft Hyper-V powered Data Centers
Benjamin Eggerstedt
 
SDN and Photonics for Dynamic Cloud Connectivity
ADVA
 
VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...
VMworld
 
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
SDN_Paris
 
Banv meetup-contrail
nvirters
 
Alcatel-Lucent Tech Symposium 2013: SDN: Innovating for Growth with Nuage Net...
Nuage Networks
 
Atrinet - Lifecycle Service Manager
Atrinet - Network Management Solutions
 
Sdn primer pdf
Pooja Patel
 
Why Network Functions Virtualization sdn?
idrajeev
 
Anuta Networks at Networking Field Day 14
Kiran Sirupa
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
Bayu Wibowo
 
VMworld 2013: An Introduction to Network Virtualization
VMworld
 
Anuta NCX Platform Overview - Agile Network Services with Orchestration
Kiran Sirupa
 
Lisa Guess - Embracing the Cloud
centralohioissa
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SAMeh Zaghloul
 
TFI2014 Session I - State of SDN - Scott Sneddon
Colorado Internet Society (CO ISOC)
 
Deploying Elastic, Self-Service Load Balancing for VMware NSX-T
Avi Networks
 
CloudGenix_Customer Presentation
Syed Arsalan
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld
 
Reston Virtualization Group 9-18-2014
VMwareJenn
 
Ad

More from buildacloud (20)

PDF
L4-L7 services for SDN and NVF by Youcef Laribi
buildacloud
 
POTX
Jenkins, jclouds, CloudStack, and CentOS by David Nalley
buildacloud
 
PPTX
Intro to Zenoss by Andrew Kirch
buildacloud
 
ODP
Guaranteeing Storage Performance by Mike Tutkowski
buildacloud
 
PPT
Introduction to Apache CloudStack by David Nalley
buildacloud
 
PDF
Managing infrastructure with Application Policy by Mike Cohen
buildacloud
 
PPTX
Intro to Zenoss by Andrew Kirch
buildacloud
 
PPTX
Monitoring CloudStack in context with Converged Infrastructure by Mike Turnlund
buildacloud
 
PDF
Rest api design by george reese
buildacloud
 
PPTX
Enterprise grade firewall and ssl termination to ac by will stevens
buildacloud
 
PDF
State of the cloud by reuven cohen
buildacloud
 
PDF
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
buildacloud
 
PPTX
DevCloud - Setup and Demo on Apache CloudStack
buildacloud
 
PDF
Cloud Network Virtualization with Juniper Contrail
buildacloud
 
PPTX
Ian rae panel cloud stack & cloud storage where are we at, and where do we ne...
buildacloud
 
PDF
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
buildacloud
 
PPT
CloudStack University by Sebastien Goasguen
buildacloud
 
PDF
Building Scalable, Resilient Infrastructure on CloudStack by Sebastian Stadil
buildacloud
 
PPTX
Cloudstack Continuous Delivery
buildacloud
 
PDF
SDN in CloudStack
buildacloud
 
L4-L7 services for SDN and NVF by Youcef Laribi
buildacloud
 
Jenkins, jclouds, CloudStack, and CentOS by David Nalley
buildacloud
 
Intro to Zenoss by Andrew Kirch
buildacloud
 
Guaranteeing Storage Performance by Mike Tutkowski
buildacloud
 
Introduction to Apache CloudStack by David Nalley
buildacloud
 
Managing infrastructure with Application Policy by Mike Cohen
buildacloud
 
Intro to Zenoss by Andrew Kirch
buildacloud
 
Monitoring CloudStack in context with Converged Infrastructure by Mike Turnlund
buildacloud
 
Rest api design by george reese
buildacloud
 
Enterprise grade firewall and ssl termination to ac by will stevens
buildacloud
 
State of the cloud by reuven cohen
buildacloud
 
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
buildacloud
 
DevCloud - Setup and Demo on Apache CloudStack
buildacloud
 
Cloud Network Virtualization with Juniper Contrail
buildacloud
 
Ian rae panel cloud stack & cloud storage where are we at, and where do we ne...
buildacloud
 
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
buildacloud
 
CloudStack University by Sebastien Goasguen
buildacloud
 
Building Scalable, Resilient Infrastructure on CloudStack by Sebastian Stadil
buildacloud
 
Cloudstack Continuous Delivery
buildacloud
 
SDN in CloudStack
buildacloud
 

Recently uploaded (20)

PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PPTX
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
System and Network Administraation Chapter 3
jaramharo
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 

Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati

  • 1. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks CloudStack Meetup at Nuage Networks Suresh Boddapati Vice President of Engineering suresh@nuagenetworks.net September, 2015
  • 2. Nuage Networks Overview  Nuage is based in Silicon Valley with a team around the world  An Alcatel-Lucent venture focused on data center and branch office network evolution for the cloud era  Leverage Alcatel-Lucent infrastructure and key technologies  Creation of an Abstraction & Automation layer between networking features and hardware equipment  Policy-driven networking design reflecting business directives, not network protocols
  • 3. Nuage Networks Momentum  Solid wins with marquee accounts  100+ pilot deployments  25+ commercial wins  Across large enterprises, cloud providers & service providers
  • 4. PHYSICAL & MANUAL DISTRIBUTED & AUTOMATED DYNAMICMULTI-TENANT VIRTUAL WORKLOADS API NO-MOBILITYSINGLE TENANT BARE METAL WORKLOADS MANUAL The Cloud Shift
  • 5. STATIC NETWORKS HIGHLY AUTOMATED NETWORKS AUTOMATIONABSTRACTION CONTROL VISIBILITY ✓ ✓ ✓ ✓ The SDN Framework For Highly Automated Networks CUSTOMCOMPLEX COSTLY CLOSED Focus on “Needs”, automate the “Means” The Networking Shift
  • 6. Network Policy • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • … Workloads Appropriate network properties propagated to the workload, regardless of physical location on infrastructure Physical: Snail mail delivered to the same physical address, regardless of Tina’s location Virtualized: Email delivered to Tina’s location, regardless of her mailing address Network Virtualization ABSTRACTION
  • 7. Tunnels between endpoints allow for independent topologies APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS How does it work? APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS ABSTRACTION
  • 8.  Natural evolution to bring more intelligence & features near the applications  vSwitch (in software) runs on the server consuming available resources (i.e. CPU)  If a specific vSwitch requires more capacity, one can simply upgrade the CPU for that portion alone, not the entire network! Core Aggregation ToR vSwitch Features Servers $ Why Network Virtualization? ABSTRACTION
  • 9. Network Virtualization Side Effects  But then do I get many (many) vSwitches to manage, one per server?  SDN approach to centralize the control plane (intelligence)  Nuage Networks virtualization approach automatically program the virtual networking elements  Nuage vSwitch (VRS) executes the policies locally Servers SDN Controller vSwitch vSwitch vSwitch vSwitch ABSTRACTION
  • 10. Nuage versus Traditional Networking  When workloads are deployed, physical network infrastructure needs to be provisioned  Time consuming, error prone, equipment specific, etc.  Introducing vSwitch removes the need to configure the physical equipment – we then only use it for transport  Network overlays are dynamically created using VxLAN “tunnels” according to the Network policies of each workload Core Aggregation ToR vSwitch Servers Network Overlay VxLAN ABSTRACTION
  • 11.  Modern networking protocols done in vSwitch instead of specialized hardware  Extended the life of the networking assets by 12-18 months L2 Marketing Engineering L2 L2 QA Virtualized Services Directory Virtualized Services Controller Virtualized Services Controller Multiplexing the Network  Deploying more virtual networks atop the existing network infrastructure increased the utilization by 40%  Decoupling the tie between hardware vendor and software features – priceless! ABSTRACTION
  • 12. Current Data Center Network  Compute is virtualized  Available in minutes  Network is partially virtualized  Configuration takes days/weeks Network Configuration Compute Management Application Request Help Desk Change Control IP Address VLAN Address Firewall Configuration LAN (VLAN) Configuration WAN (IP) Configuration Security / QA Team Project Coordinator Network change completed in days/weeks Service velocity is hindered by manual network process Auto-instantiation Compute request completed in minutes 00:01 AUTOMATION
  • 13. Nuage Networks Policy Templates Application Request Service velocity is not hindered by manual network process Compute Management Networking Security/ Compliance Policy Templates Nuage Networks VSP Auto-instantiation Compute request completed in minutes IP address WAN interconnect Policy / Security Zones L2 /L3 Service AD Service chaining Policy Instantiation • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • … Network change completed automatically 00:01 00:01 AUTOMATION
  • 14. Time reductions  Refocusing IT Significant opportunities for IT re-allocations 19,160 13,930 0 5,000 10,000 15,000 20,000 25,000 Total hours Application deployment MACs Troubleshooting Hours Hours Saved Baseline Nuage 27% savings in hours required  Application deployments   Hours saved of 23%, or 1,500 hours  Results in faster launch of applications  Applications MACs   Hours saved of 27% of 2,700 hours  Results in faster updates of applications  Applications troubleshooting   Hours saved of 35% of 1,0700 hours  Results in faster fixes of errors Thousands of hours saved! AUTOMATION
  • 15. Bare Metal Servers Gateway Server Server VM VM ESXi Server L2 Virtual Network A Virtual Network B L2 L2 Virtual Network C Nuage Networks Supports All Workloads CONTROL Linux Server Container s V M V MContainer s Any Network Public Datacenter Branch Branch Branc h Branch locationDCI
  • 16. Hypervisor Hypervisor Hypervisor Customer Data Center Virtualized Services Controller Virtualized Services Controller Case Study – Hybrid Cloud Model  Large financial customer uses Nuage in its own DataCenter  Customer developed an architecture that will allow them to securely move workloads to public cloud provider  Nuage provides a common Networking profile regardless of the physical location and networking equipment used  For governance purposes, Nuage offer a single/centralized tracking infrastructure Hypervisor Hypervisor Hypervisor Amazon AWS Virtualized Services Controller Hypervisor Hypervisor Hypervisor Google GCS CONTROL
  • 17. Template Conforms to: • Connectivity • Security • QoS • Statistics Users (Network) Users (Compute) Hypervisor DC1 Zone 1 1,000 Hosts Hypervisor DC1 Zone 2 1,000 Hosts Config Update Update Update Config Update  Update security policies once, hierarchically & centrally.  Deployed across all appropriate endpoints instantaneously  Push-button network audit visibility  Adhere to changes across the infrastructure implicitly  Compliance with global security policies  Ensure configuration consistency Derived Benefits: Tighter governance and Security CONTROL
  • 18. The Underlay as a Network of Networks IP Network Hypervisor Hypervisor Hypervisor DC 1 Rack 1 Hypervisor Hypervisor Hypervisor DC 1 Rack 2 ToR Hypervisor Hypervisor Hypervisor DC 2 Rack 1 DC Core X VISIBILITY Branch Offices Headquarters
  • 19. “Hardware Centric” Server Centric Open Network Approach Buy my hardware… (Propagate closed systems) Largely ignore it… (Use marketing machine) Use standard protocols and open interfaces to Solve the problem Alternatives for Assessing Service Health… VISIBILITY
  • 20. VSAP is about underlay & overlay correlation Branch Offices Headquarters IP Network Hypervisor Hypervisor Hypervisor DC 1 Rack 1 Hypervisor Hypervisor Hypervisor DC 1 Rack 2 ToR Hypervisor Hypervisor Hypervisor DC 2 Rack 1 DC Core X VISIBILITY MONITOR physical topology CORRELATE physical & virtual topology Virtualized Services Controller (VSC)
  • 21.  Graphical view of alarms and faults in the network  Alarm correlation for root cause analysis  Remedial action for expediting problem resolution Upstream router port failure VSAP Fault Correlation VISIBILITY
  • 22. EXISTING DATACENTER NETWORK . . . . Any Compute Virtualization Environment Any Datacenter Network Infrastructure Any Server or Hypervisor The MUST BES ANY APPLICATION, ANY CLOUD, EVERY TIME ESXi KVM Hyper-V XEN BareMetal
  • 23. BGP MPLS Internet Mobile  Fast, simple core  Multi-service edge  Multi-domain support  Massive network scale  Policy-driven, on-demand connectivity  Massive user scale Applying Principles of Proven Architectures
  • 24. Cloud Service Management Plane Data Center Control Plane Data Center Data Plane Virtual Routing & Switching Virtualized Services Directory Virtualized Services Controller HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analytics Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich routing feature set Virtual Routing & Switching (VRS) • Distributed switch / router – L2-4 rules • Integration of bare metal assets Nuage Networks Virtualized Services Platform (VSP) IP Fabric Gateway for bare metal servers Nuage Networks Virtualized Services Platform MP-BGP
  • 25. Value Time An SDN Journey … Delivering value over the network Nuage Networks Virtualized Service Platform (VSP) Hypervisor Hypervisor Hypervisor • 40% increase in asset utilization • 50% OPEX reduction • 10x improvement in service time • Build “modern networks” on top of existing infrastructure • Extend life of Net HW and increase utilization • Break dependency between features and HW supplier Data center Any Network Public Datacenter Branch Branch Branc h • Reuse existing network infrastructure • COTS hardware CPE • Advanced features in SW versus bound to HW • Central/common policy engine reflecting business values vs net capabilities • Automated bootup process Branch locationsWAN • Increase resiliency • Enable hybrid/public cloud • “Follow the sun” apps support where you move workloads where/when needed • Allow workloads to move from one data center to another • Keep the same net profile/security regardless of the location VM VM VM Virtual Net Existing Network
  • 26. In Conclusion  To deliver business agility, network virtualization & automation are becoming the foundation for private clouds  To support this trend, Nuage Networks delivers a new class of modern SDN solution  Abstraction & Automation with full Control & Visibility  Policy-driven automatic provisioning  Boundary-less automation across Data Centers & VPN  For all virtualized and bare-metal workloads
  • 27. Nuage VSP CloudStack Integration
  • 28. • APAC • CTCC • Public Cloud - Deployed last year • Growing the deployment this year – in servers and #VMs • Private cloud deployments in pipeline • POCs/Trials in progress in APAC. • EMEA: Interest growing – POCs planned • North America: A large Enterprise customer in trial 9/15/2015 28 Nuage VSP CloudStack customers
  • 29. CloudStack VSP Plugin Overview  Nuage VSP has a plugin for Apache CloudStack 4.3, 4.5  Works with Nuage VSP v2.1 and v3.2  It enhances the base CloudStack networking  With Nuage VSP’s advanced virtual networking capabilities  With a sophisticated policy, controller architecture that gives much better scale and performance than the base CloudStack networking
  • 30. CloudStack to VSD Mapping • ACS has inbuilt networking constructs that are used to define the networks in an ACS cloud. • The Nuage VSP plugin support for ACS maps the ACS networking constructs to the corresponding Nuage VSP constructs CloudStack Resource Description Corresponding Nuage Construct Domain Collection of user groups Enterprise Account Collection of tenant users User Group Account User A tenant user User Static NAT Floating IP Firewall Rules Access control for traffic leaving a guest VM Ingress Security Policy Ingress Rules Access control for traffic coming into a guest VM Egress Security Policy Network ACL Access control for traffic coming into a guest VM in a VPC Ingress Security Policy Egress Security Policy Isolated Network with NAT L3 Networking VPC Virtual Private Network L3 Networking
  • 31.  Advanced Networking  Isolated Network  Virtual Private Cloud  Supported Services  Virtual Network  User Data service (password reset, meta data – uses CS VR)  Static NAT  Firewall  DHCP  Network ACL  External DNS  Source NAT  Public load balancer  Guest VMs DNS support  Multi-Hypervisor support – ESXi, XenServer, KVM  Extensions to support enhanced networking capabilities  Improved scalability  Enhanced concurrent operations  Improved Plugin robustness - ACS/VSP objects Audit/Sync support 9/15/2015 31 CloudStack NuageVSP Plugin
  • 32. On The Roadmap Parity with VR functionality  Port Forwarding  Site-to-Site VPN  Remote Access VPN
  • 33. Nuage is a contributor to Apache CloudStack  We are now officially contributing to Apache CloudStack  The CloudStack VSP Plugin has been checked in upstream to ACS 4.5 branch  We are Platinum sponsors at 3 out of 5 CloudStack Collaboration conferences in 2015  We have a booth presence and speaking sessions  Nuage is the only viable SDN solution for CloudStack  Next upstream check in will be in ACS 4.6, any time now 