Transcript virtualized

NUAGE - VIRTUALIZED SERVICES PLATFORM (VSP) & NETWORK SERVICES (VNS)
Ing. Matej Kultan, PhD.
Technical PreSales @ IP Routing & Transport, Vienna
September 2015
1
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
AGENDA
1. Introduction
2. In the Data Center: the role of Nuage VSP
3. Beyond the DC: Nuage VNS Virtualized Network Services
4. Demo
5. Conclusion
2
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Today’s business services
Traditional (data) connectivity services:
• Internet access: point to Internet, basic and
carrier/Enterprise grade
• VPNs: L2 and L3: p2p, multi-pt (typically MPLS based)
Around for 10 to 15 years:
• Grown organically from basic to now include QoS,
SLA, portal
• Integrated in OSS, BSS systems
Not (widely) present still:
• Cloud, especially automated connectivity to
• How to address broader business market ?
below high end and above low end
3
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Today’s IT Market Expectations
Today’s business services: enterprise networking needs a RETHINK
MANUAL
(TIME ‘DEPENDENT’)
1. Turn-up a new site
2. Reconfiguration of existing site
TRANSPORT
DEPENDENT
3. Transport introduction/upgrades
4. L2-L4 VPN service configuration
5. Security implementation
6. Security assessment
LOCATION
DEPENDENT
ENTERPRISE
INTERNET
WAN
7. L4-L7 application insertion
8. Datacenter interconnection
9. Operational moves/adds/changes
10.Service assurance/fault localization
11.Service optimization/fault prevention
DEVICE
DEPENDENT
12.Device replacement
13.Configuration auditing/compliance
14. . . .
4
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Last Login: 23.05.2015
Last Login: 23.05.2015
AGENDA
1. Introduction
2. In the Data Center: the role of Nuage VSP Virtualized Service Platform
3. Beyond the DC: Nuage VNS Virtualized Network Services
4. Demo
5. Conclusion
7
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Networking evolution in CLOUD / Datacenters
MANUAL
AUTOMATED
(TIME ‘DEPENDENT’)
(TIME ‘INDEPENDENT’)
TRANSPORT
DEPENDENT
LOCATION
DEPENDENT
HARDWARE
DEPENDENT
8
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
TRANSPORT
INDEPENDENT
ENTERPRISE
INTERNET
WAN
VS
CLOUD/
INTERNET
DATACENTER
LOCATION
INDEPENDENT
HARDWARE
INDEPENDENT
Problem statement: The CURRENT DATACENTER
DC
New Tenant / Application Request
00:01
Compute Request
completed in
Minutes
Network
Configuration
Compute
Management
Help Desk
Change Control
Auto-instantiation
Project
Coordinator
VLAN
Address
Security / QA
Team

9
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
LAN (VLAN)
Configuration
WAN (IP)
Configuration
IP
Address
Compute & Storage :
Virtualized, Instantly available,
Easily consumable
Network Change
completed in
days/Weeks
X
Firewall
Configuration
The Network :
Cumbersome, constrained,
Manual processes & inefficient
The cloud-optimized datacenter – enabled by SDN
DC
New Tenant / Application Request
00:01
Compute Request
completed in
Minutes
Compute
Management
Auto-instantiation
SDN
Controller
AutoConfiguration
00:01
Network Request
completed in
Minutes
IP address
Policy / Security Zones
WAN interconnect
L2 /L3 Service AD
Service chaining

Compute & Storage :
Virtualized, Instantly available,
Easily consumable
10
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

The Network :
Automated, Agile, Programmable
Templates
THE NUAGE NETWORKS VSP SOFTWARE SUITE
REFERENCE VIEW OF SDN FRAMEWORK AND LOGICAL LAYERS
DC
Cloud Management Systems
Internet
Virtualized
Services
Zones
Directory
XMPP
Management Plane
VPN
Domain
Policies
Nuage Networks
Virtualized Services Platform
(VSP)
Subnets
Virtualized
Federated MPBGP
Services
Virtualized Services
Directory (VSD)
Controller
Control Plane
Virtualized Services
Controller (VSC)
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Data Plane
11
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Hypervisor
Virtual
Routing &
Switching
Virtual Routing & Switching
(VRS)
Nuage VSP: Putting It All Together
DC
① Openstack receives request for compute assets
Policy
② VM instantiated on hypervisors
Virtualized
Services
Directory
③ Event triggers Nuage VRS which informs VSC of VM
placement
Cloud
Management Plane
Network Service
Control Plane
Virtualized
Services
Controller
④ Network services are created based on policy from VSD
MP-BGP
IP / MPLS
Network SP1 Control Plane
IP Data Plane
App Domain
IP Network
Data Plane
Business
Provider Edge
VPN Service
Private
Nuage Gateway
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
DC1 Zone 1
12
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
DC1 Zone 2
Hypervisor
DC 2 (Bare Metal)
Datacenter
Service Provider Data Plane
AGENDA
1. Introduction
2. In the Data Center: the role of Nuage VSP
3. Beyond the DC: Nuage VNS Virtualized Network Services
4. Demo
5. Conclusion
13
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Virtualized Network Services (VNS) building blocks
Virtualized Services Directory (VSD)
• Unified policy-plane for mgmt of
distributed end points
- Business/IT Service engine, Multi-tenant
templates & Analytics
Virtualized Services Controller (VSC)
Bootstrap Layer 2
Layer 3 Layer 4
QoS
Security
Traffic
Steering
✔
✔
NSG Network Operating System
NSG (Physical)
14
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
...
• Federated control-plane manager
• General-purpose compute platform
• Virtual / Physical
NSG (Virtual)
VNS – A New Type of VPN
FW
WiFi
LB
Customer
Portal
QoS
Select VNS Service
VSD
Network services “App Store”
Customer Portal
Order Branch Equipment
Network Services Catalogue
VSC
Data Center
VNS
Service
Site A
VSD
Operator Network
VNS
VSC
Site B
Site C
15
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Select VNS Service
Order Branch Equipment
Network Services Catalogue
Network Services Gateway
NSG-P & NSG-V
And at the same time… simplifying the enterprise CPE
VSC
Nuage VSP
VSD
CUSTOMER
EDGE DEVICE
• Virtualization
of the Service
End Device
– Streamlining of Mgmt
hardware
plane
– Centralization of control-planes
– Policy-based service provisioning
– NFV-ready platform
Control plane
OpenFlow
Fwd plane
HYPERVISOR
vSwitch
COMMODITY HARDWARE
16
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
PROPRIETARY HARDWARE
ETH/IP
A complete Rethink of Branch Architecture is required
 Branch (def.): Any location with hosts requiring attachment to Enterprise WAN
(i.e. generalizing the branch concept)
 Traditional DC: NSG gateway with hosts of type Bare-metal servers
 Cloud DC: NSG gateway with hosts of type Virtual Machines
 Branch/HQ/Store: NSG gateway with hosts of type PCs/WiFi/Routers/…
NSG gateway
Host
Host
Host
Host
Host
Host
Host
Host
Host
Host
Host
Host
Traditional DC
17
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
NSG VM
Hosts
NSG appliance
Hypervisor
Hypervisor
Cloud DC
Hosts
Branch/HQ/Store
Retail store or
central warehouse
Off-net Extension Services
Simplify backhaul of remote (off-net) sites to
existing VPN services where coverage outside of
footprint is required
Interwork with existing environments
Enable a new model of customer service
IPVPN PROVIDER
CE
BRANCH
PE
PE
IPVPN
INTERNET
IPSEC
VID
PE
CE
18
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Users
WHOLESALE/
NSG
CO
NSG
Retail store or
central warehouse
Internet Off-load use case
• provides physical Ethernet To Branch or
Central Office
termination for locally
connected hosts
• maintains IPSEC tunnels,
one over broadband link,
other over BR/T1 uplink
• performs traffic steering
functions to select uplink
paths based on
Application policies
19
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
PROVIDER 1
BRANCH
IPSEC tunnel
FW
(e.g. INTERNET)
DHCP
PBR
Broadband
NSG
IPSEC tunnel
PROVIDER 2
(e.g. IPVPN)
Legacy
QoS
VPN
Users
Branch 2
DIY IPsec VPN
FW
DHCP
PBR
QoS
LAN
NSG
Branch 1
DHCP
PBR
QoS
NSG
Internet
Network
With VNS, Service Providers become engaged in the customer
overlay network – providing a managed service for SMB/SME.
Value-added services are introduced from the datacenter
20
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Branch 3
FW
DHCP
PBR
NSG
QoS
LAN
LAN
FW
VNS breaks implementation boundaries
Physical Appliance
Traditional
Datacenter
NUAGE hardware
SW Image = VM
INTERNET
IP/MPLS
INTERNET
BYOD hardware
Virtualized
Datacenter
3G/LTE *
SW Image = OS
Virtual Private
or Public Cloud
BYOD hardware
FORM-FACTOR FLEXIBILITY
21
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
TRANSPORT FLEXIBILITY
CLOUD FLEXIBILITY
AGENDA
1. Introduction
2. In the Data Center: the role of Nuage VSP
3. Beyond the DC: Nuage VNS Virtualized Network Services
4. Demo
5. Conclusion
22
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Retail store or
central warehouse
VNS – A New Type of VPN
• VNS DEMO:
https://www.youtube.com/watch?v=7oOw9yLW-Pg
Duration:2:30
23
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
1
Flexible deployment models - Hardware
NSG-E
NSG-F
Intel Atom based (2C)
6x 10/100/1000BASE-T
Trusted Platform Module
Compact Flash storage
1X AC PSU
2X USB
1X RJ45 Serial Console
Intel Atom based (4-8C)
8x 10/100/1000BASE-T
2x 1000BASE-x SFP
Trusted Platform Module
Compact Flash storage
1X AC PSU
2X USB
1X RJ45 Serial Console
NSG-X*
Intel Xeon based (4-8C)
2x 10GBASE-x SFP+ LAN
2x 10GBASE-x SFP+ WAN
8x 1000BASE-T interfaces
Trusted Platform Module
Compact Flash storage
2X AC PSU
2X USB
1X RJ45 Serial Console
NSG-L*
Intel Atom based (4-8C)
24x 1000BASE-T*
2x GE-SFP WAN
Power over Ethernet
Trusted Platform Module
Compact Flash storage
2X AC PSU
2X USB
1X RJ45 Serial Console
* HW switching module
Up to 500Mbps
Up to 2Gbps
Up to 5G/10G/20G*
Up to 2Gbps WAN*
Beta
NSG-E
NSG-F
NSG-X
NSG-L
1Q15
2Q15
4Q15
1Q16
Flexible deployment models - Software
Services:
•
IP VPN
•
P2P or MP Ethernet VPN
•
Reflexive ACLs
•
Ingress/Egress H-QoS
•
1:1 NAT/PAT
•
DHCP Server
•
Service chaining
•
LAN-side gateway resiliency*
25
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Management
•
None or multi-factor auth
•
Auth/Encrypted channels
•
Rsyslog/remote-upgrade
•
On-board assurance agent
•
Secure statistics export
•
Centralized CLI
•
EMS-integration*
NSG (Physical)
NSG (Virtual)
Form-factors:
•
Software-image
•
6-port appliance (up to 500Mbps)
•
Hardware key store
•
IPSEC acceleration
•
Dual gateway HA-support
Networking:
•
No-tunnel (IP)
•
Tunnel – VXLAN
•
Tunnel – MPLSoGRE
•
Tunnel – VXLANoIPSEC
•
Dual-uplinks support
•
Centralized MP-BGP control-plane
•
Group-key server
•
NAT-Traversal*
2
5
AGENDA
1. Introduction
2. In the Data Center: the role of Nuage VSP
3. Beyond the DC: Nuage VNS Virtualized Network Services
4. Demo
5. Conclusion
26
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Retail store or
central warehouse
VNS Summary: key points
WAN
DC
What if you would intelligently apply the principles of mobile and broadband
services to business VPN services ?
• Automation: addresses velocity
• Abstraction: removes complexity
• And add Visibility & Control: customer self service
Resulting in a business service that is:
• not tied to network technology, nor to access,
• only IP connectivity required = huge deployment and scale benefits,
• allowing big simplification for provisioning, assurance and TTM
VNS = strengthening your relevance for your cloud savvy customers
27
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Retail store or
central warehouse
VNS Summary: main benefits
WAN
DC
OPEX (figures from customer cases):
• VNS could improve on 38% of their current provisioning steps
• VNS significantly improves 80% of their high cost processes
• They estimate that on average VNS would reduce their per site provisioning costs by 60%
CAPEX:
CPE x86 iso proprietary HW, SW version also available
TTM:
Drastically reduce “order – first-bill” to hours
New revenues
• Open up new segment and upsell to VPN
• Service chaining in DC
VNS = strengthening your relevance for your cloud savvy customers
28
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
29
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
AGENDA
1. Backup Slides
30
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Retail store or
central warehouse
Want to experience VNS yourself ?
Virtual Point of Delivery (vPOD)
VNS tenant account
4 weeks on mt-vPOD
• Get access to the Evonet-ALU launch platform
Infrastructure
• Bundle of training, support, access, NSG
• No need to look for own lab set-up
• Up and running in no time
• Experience VNS life
Compute
Immediate access to Evonet – Alcatel-Lucent launch platform
31
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Datacenter 1
Datacenter 2
Architectural view
internet
7850 VSG
7850 VSG
7850 VSG
7850 VSG
7850 VSG
7850 VSG
7850 VSG
7850 VSG
7750 SR7
7750 SR7
10G rings
Experience VNS and its use-cases
32
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
RETHINK needed for Incumbent, Cable, challenger, XLE, Enterprise:
changing landscape and consequences
1
Cost optimization is driving a review of ‘branch’ site equipment
CAPEX (HW + connectivity) under pressure, OPEX demands automation
2
Cloud is redefining the concept of “Time to access”
Apps instantiated in DC/VPC/Public clouds in seconds, Branch connectivity must to same/similar timespan
3
Traffic types and communication patterns are changing
H&S insufficient-UC&C applications, Dev/Test in VPCs with ephemeral lifetimes, Guest Inet-local offloads,
Traffic encryptions
4
Hybrid WAN networks of lesser-SLA then VPN transport require intelligent routing
SLA driven routing, Multiple WAN providers-identifying
5
Focus on the WAN but what about the LAN
Integration with WiFi, extend automation to LAN
Source: Alcatel-Lucent research
33
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Untapped Market Segments
• Can’t afford “Gold plated” VPNs
• Want more self-management
Flexible
deployment
models
Offnet /
expansion
• Break-out to cloud
VNS
• Complement with service chaining
• Out of Region: VPN + VNS
• On any underlay
• Enterprise Operated Network Services
Automating
Service
chaining /x
VAS
Offload /
intelligence
Seamless
cloud
integration
VNS = Software Defined Automated Networking
34
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
The emergence of the cloud marketplace fit to Service Providers & Enterprises needs?
• (Virtual) Services catalogue
• The option to chain these (virtual) services
• Flexible connectivity to the (virtual) services
Source: Infonetics SDN/NFV Global Service Provider Survey 2014
35
COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
COMPLETE OPERATIONAL TOOLKIT
Virtual Services Assurance Platform (5620 SAM - VSAP)
REST
/JMS
Virtualized
Services
Directory
Virtualized
Services
Controller
Control Plane
OpenFlow
IP Dataplane
Virtual
Routing &
Switching
with new DC feature sets
Policy
Correlation
•
•
Mirrors Nuage VSP policy objects
Tracks dynamic lifecycle of virtual machines & services
Over/Underlay
Correlation
•
Topology map of virtual objects associated with physical
elements
Correlate events between the virtual and physical
environments
Monitoring and
Troubleshooting
•
Multi-Vendor
Support
Hypervisor
DC
Proven SAM / CPAM Technology
VSAP
XMPP
WAN
•
•
•
•
Historical events & alarm correlation in a dynamic
environment
Maintain past events to identify root cause & impact
analysis
Standard protocols for underlay topology detection &
path monitoring
Underlying core network can consist of any components
supporting standard protocols (OSPF, BPG, ISIS, SNMP)
L e v e ra g e s 5 6 2 0 S A M a n d a n y b a c k o f f i c e i n t e g ra t i o n s
36
COPYRIGHT © 2014 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION