Nuage Networks provides an SDN solution called the Virtualized Services Platform that abstracts physical network infrastructure and automates network provisioning through centralized policy-based controls. Nuage has integrated its VSP with CloudStack to enhance CloudStack's networking capabilities with advanced virtual networking, improved scalability, and automated provisioning based on Nuage's policy engine. The Nuage-CloudStack plugin maps CloudStack networking constructs to corresponding constructs in the VSP to provide services like isolated networks, firewalls, and load balancing across multiple hypervisors.

1. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Nuage Networks
CloudStack Meetup at Nuage Networks
Suresh Boddapati
Vice President of Engineering
suresh@nuagenetworks.net
September, 2015

2. Nuage Networks Overview
 Nuage is based in Silicon Valley with a team around the world
 An Alcatel-Lucent venture focused on data center and branch office network evolution
for the cloud era
 Leverage Alcatel-Lucent infrastructure and key technologies
 Creation of an Abstraction & Automation layer between networking features and
hardware equipment
 Policy-driven networking design reflecting business directives, not network protocols

3. Nuage Networks Momentum
 Solid wins with marquee accounts
 100+ pilot deployments
 25+ commercial wins
 Across large enterprises, cloud providers & service
providers

4. PHYSICAL & MANUAL DISTRIBUTED & AUTOMATED
DYNAMICMULTI-TENANT
VIRTUAL
WORKLOADS API
NO-MOBILITYSINGLE TENANT
BARE METAL
WORKLOADS MANUAL
The Cloud Shift

5. STATIC NETWORKS HIGHLY AUTOMATED NETWORKS
AUTOMATIONABSTRACTION
CONTROL VISIBILITY
✓
✓ ✓
✓
The SDN Framework
For Highly Automated
Networks
CUSTOMCOMPLEX
COSTLY CLOSED
Focus on “Needs”, automate the “Means”
The Networking Shift

6. Network Policy
• IP address 10.x.y.z
• VLAN configuration
• WAN configuration
• Security / FW settings
• QoS parameters
• …
Workloads
Appropriate network properties propagated
to the workload, regardless of physical
location on infrastructure
Physical:
Snail mail delivered to
the same physical address,
regardless of Tina’s location
Virtualized:
Email delivered to
Tina’s location, regardless
of her mailing address
Network Virtualization
ABSTRACTION

7. Tunnels between endpoints
allow for independent
topologies
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
How does it work?
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
ABSTRACTION

8.  Natural evolution to bring more intelligence &
features near the applications
 vSwitch (in software) runs on the server consuming
available resources (i.e. CPU)
 If a specific vSwitch requires more capacity, one can
simply upgrade the CPU for that portion alone, not
the entire network!
Core
Aggregation
ToR
vSwitch
Features
Servers
$
Why Network Virtualization?
ABSTRACTION

9. Network Virtualization Side Effects
 But then do I get many (many) vSwitches to
manage, one per server?
 SDN approach to centralize the control plane
(intelligence)
 Nuage Networks virtualization approach automatically
program the virtual networking elements
 Nuage vSwitch (VRS) executes the policies locally
Servers
SDN
Controller
vSwitch
vSwitch
vSwitch
vSwitch
ABSTRACTION

10. Nuage versus Traditional Networking
 When workloads are deployed, physical network
infrastructure needs to be provisioned
 Time consuming, error prone, equipment specific, etc.
 Introducing vSwitch removes the need to configure the
physical equipment – we then only use it for transport
 Network overlays are dynamically created using VxLAN
“tunnels” according to the Network policies of each
workload
Core
Aggregation
ToR
vSwitch
Servers
Network
Overlay
VxLAN
ABSTRACTION

11.  Modern networking protocols
done in vSwitch instead of
specialized hardware
 Extended the life of the
networking assets by 12-18
months
L2
Marketing
Engineering
L2
L2
QA
Virtualized
Services
Directory
Virtualized
Services
Controller
Virtualized
Services
Controller
Multiplexing the Network
 Deploying more virtual networks
atop the existing network infrastructure increased
the utilization by 40%
 Decoupling the tie between hardware vendor and
software features – priceless!
ABSTRACTION

12. Current Data Center Network
 Compute is virtualized
 Available in minutes
 Network is partially virtualized
 Configuration takes days/weeks
Network
Configuration
Compute
Management
Application Request
Help Desk
Change Control
IP
Address
VLAN
Address
Firewall
Configuration
LAN (VLAN)
Configuration
WAN (IP)
Configuration
Security / QA
Team
Project
Coordinator
Network change
completed in
days/weeks
Service velocity is hindered by manual network process
Auto-instantiation
Compute request
completed in
minutes
00:01
AUTOMATION

13. Nuage Networks Policy Templates
Application Request
Service velocity is not hindered by manual network process
Compute
Management
Networking
Security/
Compliance
Policy Templates
Nuage Networks VSP
Auto-instantiation
Compute request
completed in minutes
IP address
WAN interconnect
Policy / Security Zones
L2 /L3 Service AD
Service chaining
Policy Instantiation
• IP address 10.x.y.z
• VLAN configuration
• WAN configuration
• Security / FW settings
• QoS parameters
• …
Network change
completed automatically
00:01
00:01
AUTOMATION

14. Time reductions  Refocusing IT
Significant opportunities for IT re-allocations
19,160
13,930
0
5,000
10,000
15,000
20,000
25,000
Total hours Application
deployment
MACs Troubleshooting
Hours
Hours Saved
Baseline Nuage
27% savings in
hours required
 Application deployments 
 Hours saved of 23%, or 1,500 hours
 Results in faster launch of applications
 Applications MACs 
 Hours saved of 27% of 2,700 hours
 Results in faster updates of applications
 Applications troubleshooting 
 Hours saved of 35% of 1,0700 hours
 Results in faster fixes of errors
Thousands of hours saved!
AUTOMATION

15. Bare Metal
Servers
Gateway
Server
Server
VM VM
ESXi Server
L2
Virtual Network A
Virtual Network B
L2
L2
Virtual Network C
Nuage Networks Supports All Workloads
CONTROL
Linux Server
Container
s V
M
V
MContainer
s
Any
Network
Public
Datacenter
Branch
Branch
Branc
h
Branch locationDCI

16. Hypervisor
Hypervisor
Hypervisor
Customer Data Center
Virtualized
Services
Controller
Virtualized
Services
Controller
Case Study – Hybrid Cloud Model
 Large financial customer uses Nuage in its
own DataCenter
 Customer developed an architecture that
will allow them to securely move
workloads to public cloud provider
 Nuage provides a common Networking
profile regardless of the physical location
and networking equipment used
 For governance purposes, Nuage offer a
single/centralized tracking infrastructure
Hypervisor
Hypervisor
Hypervisor
Amazon AWS
Virtualized
Services
Controller
Hypervisor
Hypervisor
Hypervisor
Google GCS
CONTROL

17. Template
Conforms to:
• Connectivity
• Security
• QoS
• Statistics
Users
(Network)
Users
(Compute)
Hypervisor
DC1 Zone 1
1,000 Hosts
Hypervisor
DC1 Zone 2
1,000 Hosts
Config
Update
Update
Update Config
Update
 Update security policies once,
hierarchically & centrally.
 Deployed across all appropriate
endpoints instantaneously
 Push-button network audit visibility
 Adhere to changes across the
infrastructure implicitly
 Compliance with global security
policies
 Ensure configuration consistency
Derived Benefits: Tighter governance and Security
CONTROL

18. The Underlay as a Network of Networks
IP Network
Hypervisor
Hypervisor
Hypervisor
DC 1 Rack 1
Hypervisor
Hypervisor
Hypervisor
DC 1 Rack 2
ToR
Hypervisor
Hypervisor
Hypervisor
DC 2 Rack 1
DC
Core
X
VISIBILITY
Branch Offices Headquarters

19. “Hardware Centric”
Server Centric
Open Network Approach
Buy my hardware…
(Propagate closed systems)
Largely ignore it…
(Use marketing machine)
Use standard protocols
and open interfaces to
Solve the problem
Alternatives for Assessing Service Health…
VISIBILITY

20. VSAP is about underlay & overlay correlation
Branch Offices Headquarters
IP Network
Hypervisor
Hypervisor
Hypervisor
DC 1 Rack 1
Hypervisor
Hypervisor
Hypervisor
DC 1 Rack 2
ToR
Hypervisor
Hypervisor
Hypervisor
DC 2 Rack 1
DC
Core
X
VISIBILITY
MONITOR
physical topology
CORRELATE
physical & virtual topology
Virtualized
Services Controller
(VSC)

21.  Graphical view of alarms and faults in the network
 Alarm correlation for root cause analysis
 Remedial action for expediting problem resolution
Upstream router
port failure
VSAP Fault Correlation
VISIBILITY

22. EXISTING
DATACENTER
NETWORK
. . . .
Any Compute Virtualization Environment
Any Datacenter Network Infrastructure
Any Server or Hypervisor
The MUST BES
ANY APPLICATION, ANY CLOUD, EVERY TIME
ESXi KVM Hyper-V
XEN
BareMetal

23. BGP
MPLS Internet Mobile
 Fast, simple core
 Multi-service edge
 Multi-domain support
 Massive network scale
 Policy-driven,
on-demand connectivity
 Massive user scale
Applying Principles of Proven Architectures

24. Cloud Service
Management Plane
Data Center
Control Plane
Data Center
Data Plane
Virtual
Routing &
Switching
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Virtualized Services Directory (VSD)
• Network Policy Engine – abstracts complexity
• Service templates and analytics
Virtualized Services Controller (VSC)
• SDN Controller, programs the network
• Rich routing feature set
Virtual Routing & Switching (VRS)
• Distributed switch / router – L2-4 rules
• Integration of bare metal assets
Nuage Networks
Virtualized Services Platform (VSP)
IP Fabric
Gateway for
bare metal
servers
Nuage Networks Virtualized Services Platform
MP-BGP

25. Value
Time
An SDN Journey … Delivering value over the network
Nuage Networks
Virtualized Service Platform (VSP)
Hypervisor
Hypervisor
Hypervisor
• 40% increase in asset
utilization
• 50% OPEX reduction
• 10x improvement in service
time
• Build “modern networks”
on top of existing
infrastructure
• Extend life of Net HW and
increase utilization
• Break dependency between
features and HW supplier
Data center
Any
Network
Public
Datacenter
Branch
Branch
Branc
h
• Reuse existing network
infrastructure
• COTS hardware CPE
• Advanced features in SW versus
bound to HW
• Central/common policy engine
reflecting business values vs net
capabilities
• Automated bootup process
Branch locationsWAN
• Increase resiliency
• Enable hybrid/public cloud
• “Follow the sun” apps
support where you move
workloads where/when
needed
• Allow workloads to move
from one data center to
another
• Keep the same net
profile/security
regardless of the location
VM
VM
VM
Virtual Net
Existing Network

26. In Conclusion
 To deliver business agility, network virtualization & automation
are becoming the foundation for private clouds
 To support this trend, Nuage Networks delivers a new class of
modern SDN solution
 Abstraction & Automation with full Control & Visibility
 Policy-driven automatic provisioning
 Boundary-less automation across Data Centers & VPN
 For all virtualized and bare-metal workloads

27. Nuage VSP CloudStack Integration

28. • APAC
• CTCC
• Public Cloud - Deployed last year
• Growing the deployment this year – in servers and #VMs
• Private cloud deployments in pipeline
• POCs/Trials in progress in APAC.
• EMEA: Interest growing – POCs planned
• North America: A large Enterprise customer in trial
9/15/2015
28
Nuage VSP CloudStack customers

29. CloudStack VSP Plugin Overview
 Nuage VSP has a plugin for Apache CloudStack 4.3, 4.5
 Works with Nuage VSP v2.1 and v3.2
 It enhances the base CloudStack networking
 With Nuage VSP’s advanced virtual networking capabilities
 With a sophisticated policy, controller architecture that gives much better scale and
performance than the base CloudStack networking

30. CloudStack to VSD Mapping
• ACS has inbuilt networking constructs that are used to define the networks in an ACS cloud.
• The Nuage VSP plugin support for ACS maps the ACS networking constructs to the corresponding Nuage VSP constructs
CloudStack Resource Description Corresponding Nuage
Construct
Domain Collection of user groups Enterprise
Account Collection of tenant users User Group
Account User A tenant user User
Static NAT Floating IP
Firewall Rules Access control for traffic leaving
a guest VM
Ingress Security Policy
Ingress Rules Access control for traffic coming
into a guest VM
Egress Security Policy
Network ACL Access control for traffic coming
into a guest VM in a VPC
Ingress Security Policy
Egress Security Policy
Isolated Network with NAT L3 Networking
VPC Virtual Private Network L3 Networking

31.  Advanced Networking
 Isolated Network
 Virtual Private Cloud
 Supported Services
 Virtual Network
 User Data service (password reset, meta data – uses CS VR)
 Static NAT
 Firewall
 DHCP
 Network ACL
 External DNS
 Source NAT
 Public load balancer
 Guest VMs DNS support
 Multi-Hypervisor support – ESXi, XenServer, KVM
 Extensions to support enhanced networking capabilities
 Improved scalability
 Enhanced concurrent operations
 Improved Plugin robustness - ACS/VSP objects Audit/Sync support
9/15/2015
31
CloudStack NuageVSP Plugin

32. On The Roadmap
Parity with VR functionality
 Port Forwarding
 Site-to-Site VPN
 Remote Access VPN

33. Nuage is a contributor to Apache CloudStack
 We are now officially contributing to Apache CloudStack
 The CloudStack VSP Plugin has been checked in upstream to ACS 4.5 branch
 We are Platinum sponsors at 3 out of 5 CloudStack Collaboration conferences in 2015
 We have a booth presence and speaking sessions
 Nuage is the only viable SDN solution for CloudStack
 Next upstream check in will be in ACS 4.6, any time now 

34. 9/15/2015
34
www.nuagenetworks.com @nuagenetworks