Webinar: Introducing the Next Evolution of Wide Area Network Freedom

.

The What and the Why of a Software Defined WAN

Jim Metzler

[email protected]

.

Goals & Non-Goals

Goals: •  Describe the SDN framework and how it applies to wide area

networking •  Discuss some of the key WAN challenges •  Identify how a SD WAN overcomes those challenges

Non-Goal: •  Present an exhaustive discussion of any technology, architecture

or products

.

Agenda

The SDN Framework

.

The ONF’s SDN Solution Architecture

.

Five Key Characteristics of a SDN

•  Separation of the control function from the forwarding function.

•  An emphasis on policy management.

•  More emphasis on automation.

•  The use of multi-pathing.

•  The creation of overlay networks.

.

Five Key Drivers of a SDN

•  Better utilize network resources •  Perform traffic engineering with an end-to-end view of the

network

•  Support the dynamic movement, replication and allocation of virtual resources

•  More easily scale network functionality •  Enable applications to dynamically request services from

the network

.

The Definition of NFV

The virtualization of a very broad range of functionality and exhibiting the following characteristics:

•  High degree of automation •  Coexist with physical infrastructure •  High performance •  High degrees of resiliency and security •  Can be effectively managed

.

The Five Primary WAN Challenges

•  Support real time applications.

•  Increase security.

•  Improve application performance.

•  Provide access to public cloud computing services.

•  Reduce cost.

.

POLL QUESTION

.

Agenda

The SD WAN Value

Proposition

.

What is a SD WAN?

•  Centralizes the control function in a SDN controller. •  Controller sets up virtual networks that are technology

agnostic. •  The controller directs the network elements to implement

functionality such as QoS, optimization and security.

•  Often uses multi-pathing of WAN links.

.

Five Key Drivers of a SD WAN

•  Increase flexibility.

•  Simplify operations.

•  Deploy new functionality more quickly.

•  Reduce OPEX.

•  Improve application performance

.

Dynamic Multi-Pathing •  Choosing the best WAN link based on a combination of policy

and network conditions. •  Most likely options:

•  An MPLS link and an Internet link •  Two Internet links

•  Reduce cost by reducing the amount of MPLS based bandwidth. •  Increase availability based on using diversely routed access links

and different ISPs.

.

The Use of Policy & Automation

•  Policy is used to determine which traffic transits which WAN link. This can enable the support of real-time traffic.

•  Security policies can be created and enforced centrally reducing manual effort and making it easier to show regulatory compliance.

•  Device configuration can be created and managed centrally and pushed out to branch offices.

.

More Efficient WAN Topologies

•  The traditional WAN is based on a hub and spoke topology.

•  Hub and spoke is efficient for data traffic between a branch and a fixed data center. It is not efficient handling a lot of inter-branch office traffic.

•  A better topology to support a lot of inter-branch traffic is a fully meshed topology.

.

Leveraging NFV •  A typical branch office has numerous physical appliances

for a range of L4 – L7 functionality. •  Can be cumbersome to provision and manage. •  Are often over-provisioned •  A NFV approach to providing L4 – L7 functionality

reduces the branch office complexity and reduces cost.

.

Thank you.

17

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

Extensible  Wide  Area  Networking      

Alastair  Johnson,  Principal  Architect  11th  June  2015  

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

Needs   Means  

Services  

Moves,  Adds,  Changes  

Management  

Full  range  of  Network  +  Compute  services   ConnecFvity  +  Bespoke  

AutomaFon,    Removal  of  manual  configuraFon   Request,  and  wait  and  wait  

Visibility,  Single  point  security  management   Limited,  but  no  control  

Control   DIY,  Compliance  conformance     Request,  and  wait  and  wait  

ConfiguraFon   Agility,  Just  in  Fme  consumpFon   Ask,  and  wait  and  wait  

Key  Areas  of  Enterprise  Concern  

ENTERPRISE  VPNS  –  MEANS  FAIL  TO  DELIVER  ON  NEEDS  

Misaligned  with  shiOs  in  cloud  consumpQon  model  

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

ENTERPRISE  NETWORKING  NEEDS  A  RETHINK  

TRANSPORT DEPENDENT

LOCATION DEPENDENT

DEVICE DEPENDENT

MANUAL (TIME ‘DEPENDENT’)

ENTERPRISE WAN

1.  Turn-up a new site

2.  Reconfiguration of existing site

3.  Transport introduction/upgrades

4.  L2-L4 VPN service configuration

5.  Security implementation

6.  Security assessment

7.  L4-L7 application insertion

8.  Datacenter interconnection

9.  Operational moves/adds/changes

10. Service assurance/fault localization

11. Service optimization/fault prevention

12. Device replacement

13. Configuration auditing/compliance

14.  . . .

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

WIDE  AREA  NETWORKING  EVOLUTION  WITH  SD-­‐WANs  

TRANSPORT DEPENDENT

LOCATION DEPENDENT

DEVICE DEPENDENT

MANUAL (TIME ‘DEPENDENT’)

ENTERPRISE WAN

TRANSPORT INDEPENDENT

LOCATION INDEPENDENT

DEVICE INDEPENDENT

ENTERPRISE VNS

AUTOMATED (TIME ‘INDEPENDENT’)

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

GENERALIZATION  OF  THE  ‘BRANCH’  CONCEPT  

22  

§  Branch  (def.):  Any  locaFon  requiring  aTachment  to  Enterprise  WAN  

Fixed  

Office  /  Building   Retail  /  Store  Front   Kiosk  /  ATM  

Pop-­‐up  

Virtual  

Private  Datacenter  

Temporary  

Mobile  workforce   Public  Datacenter  (IaaS)   Cloud  ApplicaFons  (SaaS)  

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

Centralized    Management    

and    Network  

Policy  Engine  

Fixed  and  Mobile            Access  Networks    

SoOware  Defined  Wide  Area  Network  

IP-­‐VPN   Private  IP    

Internet  

Branch  locaFons  

L2-­‐VPN   Business    Internet  

THE  PROMISE  OF  SDWAN  -­‐  YOUR  WAN  ON  YOUR  TERMS  

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

THE  PAST  DECADE  OR  TWO…  THE  SDN  BASED  BRANCH  

Control  plane  

ETH/IP  

BRANCH  NETWORKING  DEVICE  

Management  plane  

Forwarding  plane  

GENERAL  PURPOSE  COMPUTE  

OPEN  OS    x86  

Ope

nFlow  

PROPRIETARY  HARDWARE  

Centralized

Policy

Manager

SDN

Controller

   Security  

Traffic  Steering  QoS  

BRANCH  NETWORKING  FOR  THE  CLOUD  ERA  

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

Singapore  

London  

Washington  

Service  Provider  B    

Los  Angeles  

San  Francisco  

New  York  

Encrypted  Traffic  

Internet  

x86 CPE  

Service  Provider  A    

(Virtual CPE) Customers x86 Server  

SDWAN  

Chicago  

(Virtual CPE) Customers x86 Server  

x86 CPE   x86 CPE  

x86 CPE  

x86 CPE  

SDWAN  BASED  WIDE  AREA  NETWORK  

Centralized    Management    and    Network  Policy  Engine  

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

San  Francisco   New  York  

Primary  Link  2Mbps  

Secondary  Link  20Mb/s  Burst  

Centralized  policy  push  to  route  traffic  over  specific  links  depending  on  type  

Provider A

(IP-VPN)

INTERNET

Virtualized  Network  Service  

CriFcal  Branch  App  Call  Centre  Voice    

HD  Video  Conference  

USE  CASE  1:  INTELLIGENT  TRAFFIC  STEERING  

Centralized    Management    and    Network  Policy  Engine  

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

San  Francisco   New  York  

Primary  Link  2Mbps  

Secondary  Link  

Centralized  policy  push  to  route  traffic  over  secondary  link  on  failure  of  primary  

Provider A

(IP-VPN)

Virtualized  Network  Service  

CriFcal  Branch  App  Call  Centre  Voice    

HD  Video  Conference  

X  

INTERNET

USE  CASE  2:  SEAMLESS  BACKUP  TO  ALTERNATIVE  LINKS  

Centralized    Management    and    Network  Policy  Engine  

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

San  Francisco   New  York  

Primary  Link  2Mbps  

Secondary  Link  

Centralized  policy  push  to  route  traffic  over  secondary  link  on  failure  of  primary  

Provider A

(IP-VPN)

Mobile

Broadband

Virtualized  Network  Service  

CriFcal  Branch  App  Call  Centre  Voice    

HD  Video  Conference  

X  4G  

USE  CASE  2a:  SEAMLESS  BACKUP  TO  ALTERNATIVE  LINKS  

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

NUAGE  NETWORKS  SDWAN  –  VIRTUALIZED  NETWORK  SERVICES  

11/06/15  29  

VSP:    Unified  MulQ-­‐tenanted  Policy  and  Control  

Virtualized  Services  Controller  (VSC)  

Virtualized  Services  Directory  (VSD)  

.  .  .  .    Layer  4   Security  

Traffic  Steering  QoS  Layer  3  

7850  NSG  (Physical  x86)   NSG  (Virtual  –  customer  provided  x86)  

Layer  2  

✔✔

Bootstrap  

§  Runtime topology engine

§  Federated control-plane manager

§  Instantaneous programming of the network

§  Unified policy-plane for management of distributed end points

§  Business/IT Service engine (definition of rules)

§  Multi-tenant templates & Analytics

§  General-purpose compute platform

§  Lightweight data-path agent leverage hardware acceleration

§  Security hardened with TPM/X.509/TLS-based identification

§  Multi-tenant/Multi-VPN with enhanced networking services

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

Nuage  VNS  in  AcQon  

11/06/15  30  

VNS  Video  

www.youtube.com/watch?v=7oOw9yLW-­‐Pg  

Copyright  2015  Alcatel-­‐Lucent.  All  rights  reserved.  

11/06/15  31  

THANK  YOU