Nuage Networks Product Architecture. White Paper

Similar documents
Quick Start Guide v3. Nuage Networks 755 Ravendale Drive Mountain View, CA 94043

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

EXTENSIBLE WIDE AREA NETWORKING

Clouds at the customer edge

Virtualized Network Services SDN solution for service providers

Virtualized Network Services SDN solution for enterprises

FLEXIBLE NETWORK SERVICES TO DRIVE YOUR ENTERPRISE AT CLOUD SPEED. Solution Primer

Use Case Brief BORDERLESS DATACENTERS

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

EXPAND YOUR BUSINESS SERVICES REACH WITH VIRTUALIZED NETWORK SERVICES. Solution Primer

TECHNOLOGY WHITE PAPER. Facilitate PCI DSS compliance with the Nuage Networks SDN platform

COMPLEMENT YOUR BUSINESS SERVICES PORTFOLIO WITH VIRTUALIZED NETWORK SERVICES. Solution Primer

NETWORK VIRTUALIZATION THE STORY OF SDN/NFV, NUAGE, DATACENTERS, VCPE

ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center

Next-Generation Data Center Interconnect Powered by the Adaptive Cloud Fabric

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

The Consumable. Preparing business networks for the cloud with Software Defined Networking

CONSUMABLE DATACENTER NETWORKING

The threat landscape is constantly

Introduction. Hardware and Software. Test Highlights

NNVCP NUAGE NETWORKS VIRTUOSO CERTIFICATION PROGRAM

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

C O M P E T E A T Y O U R P E A K

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

Pluribus Adaptive Cloud Fabric

F5 and Nuage Networks Partnership Overview for Enterprises

SEVONE END USER EXPERIENCE

Securing Your Amazon Web Services Virtual Networks

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Securing Your Microsoft Azure Virtual Networks

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

Ending the Confusion About Software- Defined Networking: A Taxonomy

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

Enabling Efficient and Scalable Zero-Trust Security

Brocade and VMware Strategic Partners. Kyle Creason Brocade Systems Engineer

EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud

Huawei CloudFabric and VMware Collaboration Innovation Solution in Data Centers

Introduction. Delivering Management as Agile as the Cloud: Enabling New Architectures with CA Technologies Virtual Network Assurance Solution

SEVONE DATA APPLIANCE FOR EUE

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Pluribus Adaptive Cloud Fabric Powering the Software-Defined Enterprise

The Next Opportunity in the Data Centre

ONUG SDN Federation/Operability

Pluribus VirtualWire Solution

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

Our Virtual Intelligent Network Overlay (VINO) solutions bring next-generation performance and efficiency to business networks throughout North

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

Vortex Whitepaper. Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

Contrail Networking: Evolve your cloud with Containers

Securing the Software-Defined Data Center

Cisco Cloud Application Centric Infrastructure

Cisco Unified Computing System Delivering on Cisco's Unified Computing Vision

MPLS vs SDWAN.

Benefits of SD-WAN to the Distributed Enterprise

VXLAN Overview: Cisco Nexus 9000 Series Switches

Merging Enterprise Applications with Docker* Container Technology

Building a More Secure Cloud Architecture

A Cloud WHERE PHYSICAL ARE TOGETHER AT LAST

Features. HDX WAN optimization. QoS

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

THE EXPONENTIAL DATA CENTER

Distributed Data Centers within the Juniper Networks Mobile Cloud Architecture. White Paper

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

From Zero Touch Provisioning to Secure Business Intent

OpFlex: An Open Policy Protocol

SD-WAN Transform Your Agency

Overcoming Business Challenges in WAN infrastructure

Simple and Secure Micro-Segmentation for Internet of Things (IoT)

SDN TO BE OR NOT TO BE. Uwe Richter SE Director Russia/CIS, East and South East Europe

by Cisco Intercloud Fabric and the Cisco

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

White Paper. OCP Enabled Switching. SDN Solutions Guide

Bringing OpenStack to the Enterprise. An enterprise-class solution ensures you get the required performance, reliability, and security

Evolving Enterprise Networks with SPB-M

Service Automation Made Easy

Deploying TeraVM in an OpenStack Environment

Unity EdgeConnect SP SD-WAN Solution

Security Considerations for Cloud Readiness

SDN, SD-WAN, NFV, VNF I m confused!

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Casa Systems Axyom Multiservice Router

USE CASE - HYBRID CLOUD IZO MANAGED CLOUD FOR AWS

IZO MANAGED CLOUD FOR AZURE

ONBOARDING GUIDE GLOBALPROTECT CLOUD SERVICE FOR REMOTE NETWORKS

Mitigating Branch Office Risks with SD-WAN

1V0-642.exam.30q.

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

SDN Technologies Primer: Revolution or Evolution in Architecture?

NEC Virtualized Evolved Packet Core vepc

Build application-centric data centers to meet modern business user needs

Networking for a smarter data center: Getting it right

Connectivity to Cloud-First Applications

Move, manage, and run SAP applications in the cloud. SAP-Certified Infrastructure from IBM Cloud

Transcription:

Nuage Networks Product Architecture White Paper

Table of Contents Abstract... 3 Networking from the Application s Perspective... 4 Design Principles... 4 Architecture... 4 Integrating Bare Metal Resources... 6 Overlaying WAN Environments... 7 Software Defined WAN... 7 Last Mile Flexibility... 7 Policy- Based Automation... 8 Declarative Policies... 8 Intelligent Endpoint Interpretation... 8 Topology Modeling... 9 Service Chaining... 9 Security... 10 Microsegmentation... 10 Zero Trust Security Model... 11 Consistent across hypervisors, containers, and bare metal... 11 Bump in the Wire Extensibility... 11 Auditing and Compliance... 11 Summary... 12 About... 13 Product Architecture! Nuage Networks White Paper 2

Abstract This White Paper describes the architecture and operation of Nuage Networks Software Defined Networking (SDN) product line. The intent of this information is to provide insights into the underlying design philosophy, interoperation, and capabilities from both a high level (such as how it fits into a cloud ecosystem) and a detailed level (such as communications protocols). Product Architecture! Nuage Networks White Paper 3

Networking from the Application s Perspective Design Principles The typical enterprise application is multi- tiered, consisting of front- end, business logic and database tiers. A cloud application cannot be delivered until the compute, storage and networking requirements for the service design have all been turned up. Network connectivity between application tiers is critical, with the understanding that each of the tiers has specific requirements in terms of access, visibility and resiliency. The Nuage Networks SDN approach applies principles that have proven effective in scaling operations for the world s largest wireless and IP networks. Technologies conceived for addressing dynamic mobility of wireless devices or secure service delivery to millions of subscribers can be elegantly applied to scaling cloud datacenter networks and addressing the challenges of networking dynamic application resources. By extending the Popek- Goldberg virtualization theorems to the network, we created a new type of distributed network hypervisor that both enables nested overlays and bridges the performance gaps between overlays and underlays. These capabilities yield an efficient, reliable and elastic Compute Service Fabric. Architecture The Nuage Networks Virtualized Services Platform (VSP) Architecture is composed of three major layers. Each layer has its own form factor. Cloud Service Management Plane Virtualized Services Directory (VSD) The Nuage Networks Virtualized Services Directory (VSD) is a policy & business logic engine that simplifies the definition of network services in an application- friendly context. It provides enterprise administrators the freedom to outline the networking requirements of their cloud applications in familiar IT constructs, and establishes policies that ensure the proper scope, security and integrity of application consumption in a manner consistent with enterprise guidelines. Datacenter / WAN Control Plane Virtualized Services Controller (VSC) A Virtualized Services Controller (VSC) maintains the full view of per- tenant network and service topologies and instantiates network service templates defined through the VSD. Through the Nuage Networks VSC, distributed Product Architecture! Nuage Networks White Paper 4

virtual routing & switching constructs are established that incorporate hypervisors as direct extensions. Leveraging an operating system that has proven its resiliency, scaling and performance over a decade of operating in the world s largest Ethernet and IP networks, the Nuage Networks VSC is uniquely capable of driving comprehensive (L2- L4) network virtualization across thousands of tenant slices in a heterogeneous environment. The VSC uses standard protocols to peer with existing networks, allowing it to discover full network topology and reachability. Through Openflow, it distributes relevant switching and routing information to hypervisors within the virtualized datacenter network. To facilitate hybrid cloud deployments, the Nuage Networks VSC ensures seamless interconnection with business VPN services (L2 or L3), extending the virtualized datacenter environment to securely include enterprise locations. Through federation of controllers, the Nuage Networks VSC scales elegantly and seamlessly to meet the expectations of the world s largest and most demanding datacenter operators and cloud service providers. Datacenter / WAN Data Plane Virtualized Routing and Switching (VRS) With the Nuage Networks solution, the network can react instantaneously, and in a manner consistent with policies, as virtual machines are turned up or removed. Nuage Networks Virtual Routing & Switching (VRS) extensions provide control of network interfaces across leading hypervisor platforms including VMware, KVM, and Xen. Figure 1. The Nuage Networks Virtualized Services Platform (VSP) Architecture Product Architecture! Nuage Networks White Paper 5

Integrating Bare Metal Resources Understanding that not all of the elements of today s datacenter are currently virtualized, Nuage Networks also provides an elegant mechanism to integrate bare- metal assets such as non- virtualized servers and appliances through a comprehensive set of gateway solutions. For low volume deployments the software based VRS Gateway (VRS- G) module incorporates bare metal as virtualized extensions to the datacenter. For large scale and high traffic volume environments, the Nuage Networks 7850 VSG provides industry leading gateway functionality with native support for 1GE, 10GE and 40GE connections. Product Architecture! Nuage Networks White Paper 6

Overlaying WAN Environments Software Defined WAN By adding a Network Services Gateway (physical or logical) as an endpoint, MPLS WANs become part of the unified network fabric managed by Nuage Networks VNP. Nuage Networks VNS is based on an overlay model that uses any IP network to provide connectivity between sites. Policy'driven-Network-Services-- VSP: Massively Multi-tenanted Policy & Control Network-Services- VPNs,&FW,&ACLs,&NAT & Bootstrap& Layer&2& Layer&3& Layer&4& QoS& Security& Traffic& Steering&.-.-.-.-- Virtualized-Services-Controller-(VSC)- Virtualized-Services-Directory-(VSD)- NSG- Network&Services&Endpoint& NSG (Physical)& NSG (Virtual)& Nuage Networks Virtualized Network Services (VNS) Figure 2. Network Services delivered over MPLS WANs are seamlessly delivered and managed Last Mile Flexibility This architecture provides maximum flexibility and the support of multiple access/last- mile technologies including copper, fiber or mobile broadband. Available networks from multiple providers can be mixed and matched as well as any available access technologies. Product Architecture! Nuage Networks White Paper 7

Policy- Based Automation Declarative Policies Network policies are defined in business terms using declarative policies (such as You MUST use HTTP Authentication when accessing this application ) rather than rigid controls based on ever- changing IP addresses. Intelligent Endpoint Interpretation Each endpoint (e.g. hypervisor, router, and gateway device) intelligently interprets the declarative policy. In this fashion, a single policy stored in the VSD can be leveraged across private cloud, public cloud, datacenters, and WAN environments. Policy'Based-Automa2on-for-the-Datacenter-and-the-WAN- Cloud&Service& MANAGEMENT-Plane& Virtualized- Services& Directory& Datacenter& CONTROL-Plane& Virtualized& Services& Controller& Datacenter& CONTROL-Plane& Virtualized& Services& Controller& WAN& CONTROL-Plane& Virtualized& Services& Controller& WAN- Router- WAN- Router- Wide-Area- Network- Datacenter& DATA-Plane& Private-Cloud- Datacenter& DATA-Plane& Remote- WAN& Office- DATA-Plane& Public-Cloud- Remote- Office- Figure 3. A single policy is intelligently and consistently executed across the entire network Product Architecture! Nuage Networks White Paper 8

Topology Modeling Using the built- in User Interface or leveraging the REST API, even the most complex physical network topology can be modeled as shown in Figure 4. For convenience, the topology can also be defined in templates for use by other network teams or by application programmers. Service Chaining Leveraging the topology model, Service Chaining automation enables even the most complex automations to be performed. In the example shown in Figure 4, there are tiers of cascading firewalls for allowing the web interface to communicate with an application server running business logic (BL) that in turn communicates with a database server (DB). FW1 protects the datacenter from outside traffic while FW2 protects against successful intrusions within the datacenter. Since this topology is cumbersome to set up and maintain manually, service chaining automation is a key enabler for both sophisticated application topologies and cloud architectures. Topology+Modeling+and+Service+Chaining++ Nuage+VSD! Virtualized+Services+ Directory++ Policy!driven! automa1on! Traffic!from!VMs! Nuage+VSC! Virtualized+Services+ Controller+ Virtual+Rou:ng+&+ Switching+(VRS)++ Zone 1 BUSINESS! LOGIC! FW1+ BL! BL! Hypervisor+ V V V V M! M! M! M! FW Applica:on+VMs! 1! FW2 LB DB! BL! DATABASE! SERVERS! FW2+ South+ DB! DB! Physical or virtual service appliances A"physical"view"of"the"service"chain"topology" A"logical"view"of"the"service"chain"topology" Figure 4. Even the most complex tasks can be automated within and across clouds Product Architecture! Nuage Networks White Paper 9

Security Microsegmentation As shown in Figure 5, the Virtual Services Controller (VSC) provides control plane coordination (as indicated by the dotted line) among one- to- many Virtual Routing and Switching (VRS) components. The VRS data plane component includes both an embedded virtual switch (vswitch) and a firewall. This architecture enables full microsegmentation of Virtual Machine, Docker Container (not shown), and bare metal server- based application communications. Further, security protection begins at the initial connection to the network, thereby minimizing the overall security exposure surface. Filling Security Gaps within the Datacenter Figure 5. Providing consistent security starting at the first network attachment point. Product Architecture! Nuage Networks White Paper 10

Zero Trust Security Model Networks by default are set up to facilitate communication. This mode is often referred to as Full Trust from a security perspective. Nuage Networks VSP, however, defaults to a Zero Trust security model by default. Any communications must be explicitly allowed by a policy. This enables any security model to be implemented from micro- segmentation at the VM level all the way up to application- level controls. Since it prevents many default communications paths, it also minimizes the impact of manual errors upon security. Consistent across hypervisors, containers, and bare metal By leveraging the same architecture across multiple hypervisors, Docker Containers, and bare metal servers, Nuage Networks VSP provides not only high but also consistent levels of security across the entire network. Bump in the Wire Extensibility Nuage Networks VSP provides bump in the wire extensibility. Multiple partner products (e.g. firewalls and other security approaches) can inspect and operate on network traffic down to the packet level. Auditing and Compliance Every network event, including changes to security policies, is collected and stored in a robust Apache TM Hadoop datastore (part of the Nuage Networks VSD). Auditing, threat detection and problem investigation are possible, effective and efficient with this granularity of logging. Product Architecture! Nuage Networks White Paper 11

Summary Nuage Networks makes the entire network infrastructure as readily consumable as its compute resources. With the capabilities described in this White Paper, the network transforms into a powerful, highly automated and scalable fabric that instantaneously responds to the dynamic demands of workloads and applications. Product Architecture! Nuage Networks White Paper 12

About Nuage Networks (www.nuagenetworks.net) brings a unique combination of groundbreaking technologies and unmatched networking expertise to the enterprise and telecommunications industries. The Silicon Valley- based start- up has applied radically new thinking to the problem of delivering massively scalable and highly programmable SDN solutions with the security and availability required by business- critical environments. Nuage Networks, backed by the rapidly growing IP division of Alcatel- Lucent (Euronext Paris and NYSE: ALU), has the pedigree to serve the needs of the world s biggest clouds. The cloud has made promises the mission of Nuage Networks is to help you realize them. www.nuagenetworks.net Nuage Networks and the Nuage Networks logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein. Copyright 2015 Alcatel-Lucent. All rights reserved. 2015 (August 28) Product Architecture! Nuage Networks White Paper 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback