Sławomir Słowiński – is responsible for technical business development @Nuage Networks (part of Alcatel-Lucent) in the Central and Eastern Europe. He has a knowledge and practical experience in designing and maintaining data center infrastructure , which he has acquired over the last 10 years working as a network engineer, architect and consultant for companies like IBM and Siemens. For more than two years actively involved in promoting SDN solution, presenting the benefits and advantages of this cutting edge technology during the largest IBM conferences in Poland, Czech Republic, China, Turkey. Topic of Presentation: The real potential of network virtualization Language: Polish Abstract: While much has been said about network virtualization, a lot of people have the impression that the current SDN solutions are quite limited, especially when it comes to satisfying the high and complex business and technical requirements. We often wonder whether the implementation based on a modern SDN technology will be successful , and maintaining easier compare to traditional implementation. Nuage Networks describe a novel approach, as well as mature Alcatel-Lucent solution , that fulfills the promise of massively scalable and fully virtualized modern Data Centers.

1. Prawdziwy potencjał wirtualizacji sieci
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Sławomir Słowiński
slawomir.slowinski@nuagenetworks.net
+48 783 948 102
Nuage Networks
@slowinskis

2. Agenda
• Czym jest Nuage Networks
• Omówienie komponentów rozwiązania
• Pokaz demo

3. Nuage Networks
 Alcatel-Lucent venture
 Headquartered in
Mountain View, CA –
Silicon Valley
 Staffed by IP Routing
and Virtual Compute
experts
VPN
Software Defined Networking
VPN
VPN
VPN Internet
Network
Virtualization
Massive IP
Scale
Policy Based
Endpoint Attachment
Best in class, proven technologies and software development

4. A Powerful Ecosystem

5. Datacenter Network
 Compute is Virtualized
 Available in Minutes
 Network is Partially
Virtualized
 Configuration takes
Days/Weeks
 Static addressing =
chained resources
New Tenant / Application Request
Network
Configuration
Compute
Management
Auto-instantiation
00:01
Compute Request
completed in
Minutes
Help Desk
Change Control
VLAN
Address
IP
Address
LAN (VLAN)
Configuration
WAN (IP)
Configuration
Firewall
Configuration
Project
Coordinator
Security / QA
Team
Network Change
completed in
days/Weeks
Service velocity is hindered by manual network process

6. Nuage Networks policy templates and role-based workflow
Tenant / Application Request
Compute
Management
Networking
Security/
Compliance
Auto-instantiation
Policy / Security Zones
00:01
Service velocity is not hindered by manual network process
00:01
Compute Request
completed in Minutes
IP address
WAN interconnect
L2 /L3 Service AD
Service chaining
Templates
Nuage Networks VSP
Policy Instantiation
• IP address 10.x.y.z
• VLAN configuration
• WAN configuration
• Security / FW settings
• QoS parameters
• …
Network Change
Completed automatically

7. Nuage Networks Virtualized Services Platform
Cloud Service
Management Plane
Virtualized
Services
Directory
Datacenter
Control Plane
Virtualized
Services
Controller
Nuage Networks
Virtualized Services Platform (VSP)
Virtualized Services Directory (VSD)
• Network Policy Engine – abstracts complexity
• Service templates and analytics
Virtualized Services Controller (VSC)
• SDN Controller, programs the network
• Rich routing feature set
Virtual Routing & Switching (VRS)
• Distributed switch / router – L2-4 rules
• Integration of bare metal assets
Edge Router
MP-BGP
MP-BGP
Datacenter
Data Plane
Virtual
Routing &
Switching
HYPERVISOR
HYPERVISOR
HYPERVISOR
IP Fabric
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 1
Hardware
GW for
Bare Metal

8. From ALU SR7750 to Nuage VSP
Virtualized
Services
Controller (VSC)
Server 1
Server 2
Server n
NUAGE VIRTUAL SERVICE NODE (vPE)
Openflow
Proven 7750 SROS technology Mixing proven SROS & cloud technologies
VRS
VRS
VRS
Control Plane Card
Line card
Line card
Line card
7750 (SROS) or any Switch, Router, PE
Proprietary Protocol

9. Virtualized Services Directory (VSD)
XMPP
IP Traffic
Virtualized Services Directory
(VSD)
• VIRTUAL MACHINE BASED
• SERVICE DEFINITION
• POLICY ESTABLISHMENT
• SERVICE TEMPLATING
• ANALYTICS ENGINE &
REPORTING
NETWORKS
SECURITY
ZONE POLICIES:
WEB ACCESS
BACKEND LOGIC
ETC.
QoS
CRM APP :- VM
“80MBPS – REAL TIME”
STATISTICS
THRESHHOLD ALARM
Message
Bus
UI
UI
REST API
Domain
Zones
Policies
Subnets
VPN
Public
Internet
Virtualized
Services
Directory
Virtualized
Services
Controller
Virtual
Routing &
Switching
Hypervisor

10. VSD Service Abstractions
 DOMAIN
 A logical distributed router that enables L2 &
L3 communication
 ZONE
 A set of network endpoints that must adhere
to the same security policies
 SUBNET
 A layer 2 segment that allows communication
between VMs
 POLICIES
 Security, QoS, Statistics,Service chainning
Routed Domain
Zones
Subnets
Policies
Managed VPN
Network
Public Internet
SEPARATED PER
ORGANIZATION/ENTERPRISE

11. VSD organizations - logical view
Domain PROD
WAN/Internet
Firewall
Firewall
Prod Web Zone
W
W
Subnet 1
BL BL
Subnet 2
Prod Biz Logic Zone
Subnet 3
WAN/Internet
Firewall
Firewall
Test Web Zone
W
W
Subnet 1
BL BL
Domain
TEST
Subnet 2
Test Biz Logic Zone
Subnet 3
ENTERPRISE CUSTOMER A
Domain PROD
WAN/Internet
Firewall
Firewall
Prod Web Zone
W
W
Subnet 1
BL BL
Subnet 2
Prod Biz Logic Zone
Subnet 3
WAN/Internet
Firewall
Firewall
Test Web Zone
W
W
Subnet 1
BL BL
Domain
TEST
Subnet 2
Test Biz Logic Zone
Subnet 3
ENTERPRISE CUSTOMER C
Domain PROD
WAN/Internet
Firewall
Firewall
Prod Web Zone
W
W
Subnet 1
BL BL
Subnet 2
Prod Biz Logic Zone
Subnet 3
WAN/Internet
Firewall
Firewall
Test Web Zone
W
W
Subnet 1
BL BL
Domain
TEST
Subnet 2
Test Biz Logic Zone
Subnet 3
ENTERPRISE CUSTOMER B

12. • Service Provider Level
– Service provider has full visibility of the
infrastructure state
• Organization level
– Isolates different enterprises
– Enterprise IT admins responsible for
enterprise policies
• Group level
– Identifies groups of users with with
similar requirements
– A user can belong to more than one
groups
• User level
– End user control of service creation
VSD User Hierarchy
SP Enterprise Groups Users
Service
Provider
Organization A
Engineering
User4
User1
QA
User3
User2
Operations
User1
User2
Organization B
Engineering
User1
User3
Operations
User1
User2

13. ROLE BASED HIERARCHY FLEXIBLE ASSIGNMENT TO RESOURCES
Service
Provider
Enterprise
A
Enterprise
B
Engineering
QA
Operations
Engineering
Operations
User 2
User 1
User 3
User 2
User 1
User 2
User 1
User 3
User 1
User 2
Domain 2
App Container
Zones
Domain 1
App Container
Zones
Flexible Role-based Policy Design

14. ACL Designer
• Graphical selection of ACL entries to
edit based on ACL endpoints
– Connect two endpoints to create rules
between them
– Select an existing edge to edit the
related ACL entries
– Order ACL entries in the priority list at
the bottom
– Selected ACL entries are highlighted
• Supports additional ACL capabilities in
2.0
– ToEndpoint and FromEndpoint ACLs
– vPort Tags
– Port ranges
– Redirect action

15. ACL Redirect action- service chaining
• Within a single routing domain, the
network designer wants to force
traffic to flow through other devices
(e.g. Firewall, Load balancer)
• In addition to allow and drop actions,
the Redirect action sends traffic to
another VM, bypassing the routing
table
• A vPort Container can be used used
as redirect destination
Desired Logical Topology
• Lines A show standard routing
• Lines B show ACL redirect FW1-ext
LB1-ext LB1-int Zone:
FW1-ext FW1-int
FW1-int LB1-ext LB1-int
Subnet:
Web
Subnet:
Biz Logic
Subnet:
Untrusted Domain
Web
Zone:
Biz Logic
Zone:
Untrusted
Domain Topology
B
B
A
A
A
A

16. Virtualized Services Controller (VSC)
Virtualized Services Controller
(VSC)
• VIRTUAL MACHINE BASED
• SDN CONTROLLER
• POWERED BY SERVICE
ROUTER OPERATING
SYSTEM (SROS)
• PEERING & FEDERATION
• AUTO-DISCOVERY
• TENANT SLICING
SROS BASED
SMNP/CLI
BGP/IGP
SERVICE MGR
Forwarding dB
RIB/FIB
XMPP
Message bus for:
Event Notifications
Policy Push
Std. Protocol
Control path
to VRS
Security
Load Balancing
XMPP
IP Traffic
Virtualized
Services
Directory
Virtualized
Services
Controller
Virtual
Routing &
Switching
Hypervisor

17. Mechanics of VSC
 Requests policy from VSD at time of VM instantiation (XMPP)
 Programs VRS with allowed forwarding entries and
manipulation instructions (OpenFlow)
 Runs MP-BGP (IP-VPN) with DC Router to advertise accessible
VMs
 Runs as federation for scalability reasons. Runs MP-BGP
(EVPN) to exchange VXLAN ID/MAC/IP reachability
information
 Participates in IGP (ISIS/OSPF) with local DC fabric to ensure
VMs can be reached
VSD
xmpp
MP-BGP (IPVPN)
Hyper
Network Service
Definintion
VSC
VSC
VRS
VM
VM
VM
MP-BGP (EVPN)
OpenFlow
DCR

18. Virtualized Routing and Switching (VRS)
L2 or L3
(VLAN, VXLAN, GRE)
Virtual Routing and Switching
(VRS)
VRS-X
Citrix XEN
Hypervisors
VRS-K
KVM
Hypervisors
VRS-V
VMware vSphere
Hypervisors
VRS-H*
Microsoft Hyper-V
Hypervisors
VRS-G
Gateway for Bare
Metal Servers &
Appliances
VRS-?
Support for Brand X
Hypervisor
L2-L4 VIRTUAL SWITCH
• OPEN V-SWITCH BASED
• PROVIDES BOTH VXLAN
AND MPLSoGRE TUNNEL
ENCAPSULATION OPTIONS
• PROGRAMMED THROUGH
OPENFLOW FROM VSC,
ENCAPSULATES VM FLOW
INTO PREFERRED
PROTOCOL (L2 OR L3)
• DETECTS VM
INSTANTIATION AND
TEARDOWN
XMPP
IP Traffic
Virtualized
Services
Directory
Virtualized
Services
Controller
Virtual
Routing &
Switching
Hypervisor
Virtual
Routing &
Switching
Hypervisor
*Hyper-V supported in an upcoming release

19. L3-Service – GUI + Data Model
L3 Domain
(will be translated to VPRN
instance)
Subnet
(will be translated to R-VPLS
instance)
vPort
Host/Bridge/Virtual Machine
= Attachment point
Actual Interface with IP/MAC

20. Virtual Network representation in VSC
VXLAN 2001
Tunnels
SAP
VM
VRF Tunnels to
DC PE GWs
dVPRN
20013
dVRS
R-VPLS
20015
R-VPLS
20016
U
D
P
G
R
E
U
D
P
VXLAN 2000
Tunnels
SAP SAP SAP
VM VM VM
Openflow
VRS VM
Server 1
Server 2
Server n
VRS
VRS
VM
VM
VM

21. dVPRN Default Gateway MAC & IP Assignment
dVPRN
X
dVRS
dVPRN
X
dVRS
VPLS
2000
VPLS
2001
VPLS
2000
VPRN X
IF1 IF2
VPLS
2001
R-VPLS/VXLAN 2000
W2
Subnet 10.1.0.0
10.1.0.1, M1
10.1.0.101 10.1.0.102
R-VPLS/VXLAN 2001
Subnet 10.2.0.0
10.1.0.102 10.2.0.101
B
10.1.0.2, M2
VSW1 VSWn
IF1 IF2 IF1 IF2
dVRS Logical View
across VSCs
W1
dVRS view in VSW
Nuage VRS Agent
B

22. Network Services Instantiation with Nuage Networks
Network policies defined in advanced (UI or API)
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Virtual
Routing &
Switching
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Cloud Manager to Hypervisor communications
Brooklyn Datacenter - Zone 1
Domain
Zones
Subnets
Policies
VPN
Internet

23. Network Services Instantiation with Nuage Networks
Request for compute assets by Cloud Manager
① Openstack receives request for compute assets
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Internet VPN
Virtual
Routing &
Switching
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
1
Cloud Manager to Hypervisor communications
Brooklyn Datacenter - Zone 1
Domain
Subnets
Zones
Policies

24. Network Services Instantiation with Nuage Networks
Virtual Machine allocation by Compute Manager
① Openstack receives request for compute assets
② VM instantiated on hypervisors
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Internet VPN
Virtual
Routing &
Switching
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
2
2
Cloud Manager to Hypervisor communications
Brooklyn Datacenter - Zone 1
Domain
Subnets
Zones
Policies

25. Network Services Instantiation with Nuage Networks
Policy decision and network deployment
① Openstack receives request for compute assets
② VM instantiated on hypervisors
③ Event triggers Nuage VRS which informs VSC of VM placement
a. VSC queries VSD on policy
b. VSD issues VSC with network service template
c. VSC deploys policy to applicable VRS’s
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Internet VPN
Virtual
Routing &
Switching
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
3c
3c
3
3b
3a
Cloud Manager to Hypervisor communications
Brooklyn Datacenter - Zone 1
Domain
Subnets
Zones
Policies

26. Network Services Instantiation with Nuage Networks
Network connectivity instantiated
① Openstack receives request for compute assets
② VM instantiated on hypervisors
③ Event triggers Nuage VRS which informs VSC of VM placement
a. VSC queries VSD on policy
b. VSD issues VSC with network service template
c. VSC deploys policy to applicable VRS’s
④ Network services are created based on policy from VSD
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Internet VPN
Virtual
Routing &
Switching
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Network
Services
4
Cloud Manager to Hypervisor communications
Brooklyn Datacenter - Zone 1
Domain
Subnets
Zones
Policies

27. Network Services Instantiation with Nuage Networks
Multi-zone (Intra-Datacenter)
Internet VPN
Domain
Subnets
Zones
Policies
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Cloud Manager to Hypervisor communications
HYPERVISOR
HYPERVISOR
HYPERVISOR
Network Services
Brooklyn Datacenter - Zone 1 Brooklyn Datacenter - Zone 2

28. Network Services Instantiation with Nuage Networks
Inter Datacenter with multiple Cloud Managers
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Cloud Manager to Hypervisor communications
Internet VPN
Policies
Subnets
HYPERVISOR
HYPERVISOR
HYPERVISOR
Network Services
HYPERVISOR
HYPERVISOR
HYPERVISOR
Domain
Zones
Brooklyn Datacenter - Zone 1 Brooklyn Datacenter - Zone 2 Manhattan Datacenter - Zone 2

29. Network Services Instantiation with Nuage Networks
Inter Datacenter with multiple Cloud Managers
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Virtualized
Services
Directory
Virtualized
Services
Controller
Brooklyn Datacenter - Zone 1
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Cloud Manager to Hypervisor communications
Internet VPN
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 2
HYPERVISOR
HYPERVISOR
HYPERVISOR
Network Services
Virtualized
Services
Controller
Manhattan Datacenter - Zone 2
Federation of
Controllers
Domain
Subnets
Zones
Policies

30. Network Services Instantiation with Nuage Networks
Federated Inter Datacenter Services (multiple CMS)
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Virtualized
Services
Directory
Virtualized
Services
Controller
Brooklyn Datacenter - Zone 1
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Cloud Manager to Hypervisor communications
Internet VPN
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 2
HYPERVISOR
HYPERVISOR
HYPERVISOR
Network Services
Manhattan Datacenter - Zone 2
Federation of
Controllers
Edge
Router
MPLS
(MP-BGP)
Service Provider
Control Plane
Business
VPN Service
Service Provider
Data Plane
Private
Datacenter
Domain
Subnets
Zones
Policies

31. Seamless Enterprise - Datacenter connectivity
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
CloudBand
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Cloud Manager to Hypervisor communications
Internet VPN
Domain
Zones
HYPERVISOR
HYPERVISOR
HYPERVISOR
Policies
Subnets
Brooklyn Datacenter - Zone 1 Brooklyn Datacenter - Zone 2
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
Manhattan Datacenter - Zone 2
Network Services
Edge
Router
MPLS
(MP-BGP)
WAN
Control Plane
Business
VPN Service
WAN
Data Plane
Private
Datacenter
MP-BGP
VPN
CPE
VPN
CPE
Virtualized
Services
Controller
SD VPN
VPN
CPE

32. Nuage Networks Covers Full Range of Options
Software Gateways
Third party/“White Boxes”
High-Performance Gateways
Nuage VRS-G
 Recommended for small DCs
 Limited number of bare metal servers
Hardware VTEPs
OVSDB, VXLAN
Open Ecosystem
 L2 only, introducing L3 services
 Capability tradeoffs across various
options
Nuage Networks
7850 VSG
Virtualized Services Gateway
 Carrier grade OS, consistent feature set
 Recommended for large DCs
 Large number of bare metal assets

33. 33
10/2/2014
NUAGE VSP
DEMO

34. www.nuagenetworks.net
@nuagenetworks
34
10/2/2014
Sławomir Słowiński
slawomir.slowinski@nuagenetworks.net
+48 783 948 102