NUAGE VIRTUALIZED SERVICES PLATFORM VSP NETWORK SERVICES VNS

NUAGE - VIRTUALIZED SERVICES PLATFORM (VSP) & NETWORK SERVICES (VNS) Ing. Matej Kultan, Ph. D. Technical Pre. Sales @ IP Routing & Transport, Vienna September 2015 1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

AGENDA 1. Introduction 2. In the Data Center: the role of Nuage VSP 3. Beyond the DC: Nuage VNS Virtualized Network Services 4. Demo 5. Conclusion 2 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Today’s business services Traditional (data) connectivity services: • Internet access: point to Internet, basic and carrier/Enterprise grade • VPNs: L 2 and L 3: p 2 p, multi-pt (typically MPLS based) Around for 10 to 15 years: • Grown organically from basic to now include Qo. S, SLA, portal • Integrated in OSS, BSS systems Not (widely) present still: • Cloud, especially automated connectivity to • How to address broader business market ? below high end above low end 3 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Today’s IT Market Expectations

Today’s business services: enterprise networking needs a RETHINK MANUAL (TIME ‘DEPENDENT’) TRANSPORT DEPENDENT LOCATION DEPENDENT DEVICE DEPENDENT 4 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ENTERPRISE INTERNET WAN 1. Turn-up a new site 2. Reconfiguration of existing site 3. Transport introduction/upgrades 4. L 2 -L 4 VPN service configuration 5. Security implementation 6. Security assessment 7. L 4 -L 7 application insertion 8. Datacenter interconnection 9. Operational moves/adds/changes 10. Service assurance/fault localization 11. Service optimization/fault prevention 12. Device replacement 13. Configuration auditing/compliance 14. .

Last Login: 23. 05. 2015

Last Login: 23. 05. 2015

AGENDA 1. Introduction 2. In the Data Center: the role of Nuage VSP Virtualized Service Platform 3. Beyond the DC: Nuage VNS Virtualized Network Services 4. Demo 5. Conclusion 7 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Networking evolution in CLOUD / Datacenters MANUAL AUTOMATED (TIME ‘DEPENDENT’) (TIME ‘INDEPENDENT’) TRANSPORT DEPENDENT LOCATION DEPENDENT HARDWARE DEPENDENT 8 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. TRANSPORT INDEPENDENT ENTERPRISE INTERNET WAN VS CLOUD/ INTERNET DATACENTER LOCATION INDEPENDENT HARDWARE INDEPENDENT

Problem statement: The CURRENT DATACENTER DC New Tenant / Application Request 00: 01 Compute Request completed in Minutes Network Configuration Compute Management Help Desk Change Control Auto-instantiation Project Coordinator VLAN Address Security / QA Team 9 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. LAN (VLAN) Configuration WAN (IP) Configuration IP Address Compute & Storage : Virtualized, Instantly available, Easily consumable Network Change completed in days/Weeks X Firewall Configuration The Network : Cumbersome, constrained, Manual processes & inefficient

The cloud-optimized datacenter – enabled by SDN DC New Tenant / Application Request 00: 01 Compute Request completed in Minutes Compute Management Auto-instantiation SDN Controller Auto. Configuration 00: 01 Network Request completed in Minutes IP address Policy / Security Zones WAN interconnect L 2 /L 3 Service AD Service chaining Compute & Storage : Virtualized, Instantly available, Easily consumable 10 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. The Network : Automated, Agile, Programmable Templates

THE NUAGE NETWORKS VSP SOFTWARE SUITE REFERENCE VIEW OF SDN FRAMEWORK AND LOGICAL LAYERS DC Cloud Management Systems Internet Virtualized Services Zones Directory XMPP Management Plane VPN Domain Policies Nuage Networks Virtualized Services Platform (VSP) Subnets Virtualized Federated MPBGP Services Virtualized Services Directory (VSD) Controller en Op ow Fl en Hypervisor Hypervisor Data Plane 11 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Virtualized Services Controller (VSC) Op Flo w Control Plane Hypervisor Virtual Routing & Switching (VRS)

Nuage VSP: Putting It All Together Policy DC ① Openstack receives request for compute assets ② VM instantiated on hypervisors ③ Event triggers Nuage VRS which informs VSC of VM placement ④ Network services are created based on policy from VSD Virtualized Services Directory Cloud Management Plane Network Service Control Plane Virtualized Services Controller MP-BGP IP / MPLS Network SP 1 Control Plane IP Data Plane App Domain IP Network Data Plane Business Provider Edge VPN Service Private Nuage Gateway Hypervisor Hypervisor DC 1 Zone 1 12 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. DC 1 Zone 2 Hypervisor DC 2 (Bare Metal) Datacenter Service Provider Data Plane

AGENDA 1. Introduction 2. In the Data Center: the role of Nuage VSP 3. Beyond the DC: Nuage VNS Virtualized Network Services 4. Demo 5. Conclusion 13 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Virtualized Network Services (VNS) building blocks Virtualized Services Directory (VSD) • Unified policy-plane for mgmt of distributed end points Business/IT Service engine, Multi-tenant templates & Analytics Virtualized Services Controller (VSC) Bootstrap Layer 2 Layer 3 Layer 4 Qo. S Security Traffic Steering ✔ ✔ NSG Network Operating System NSG (Physical) 14 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. . • Federated control-plane manager • General-purpose compute platform • Virtual / Physical NSG (Virtual)

VNS – A New Type of VPN FW Wi. Fi LB Customer Portal Qo. S VSD Network services “App Store” Customer Portal Select VNS Service Order Branch Equipment VSC Network Services Catalogue Data Center VNS Service Site A VSD Operator Network VNS VSC Site B Site C 15 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Select VNS Service Order Branch Equipment Network Services Catalogue Network Services Gateway NSG-P & NSG-V

And at the same time… simplifying the enterprise CPE VSC Nuage VSP VSD CUSTOMER EDGE DEVICE • Virtualization of the Service End Device – Streamlining of Mgmt hardware plane – Centralization of control-planes – Policy-based service provisioning – NFV-ready platform Control plane Open. Flow Fwd plane HYPERVISOR v. Switch COMMODITY HARDWARE 16 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. PROPRIETARY HARDWARE ETH/IP

A complete Rethink of Branch Architecture is required § Branch (def. ): Any location with hosts requiring attachment to Enterprise WAN (i. e. generalizing the branch concept) § Traditional DC: NSG gateway with hosts of type Bare-metal servers § Cloud DC: NSG gateway with hosts of type Virtual Machines § Branch/HQ/Store: NSG gateway with hosts of type PCs/Wi. Fi/Routers/… NSG gateway Host Host NSG VM Hosts Host Host Traditional DC 17 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. NSG appliance Hosts Cloud DC Branch/HQ/Store

Retail store or central warehouse Off-net Extension Services Simplify backhaul of remote (off-net) sites to existing VPN services where coverage outside of footprint is required Interwork with existing environments IPVPN PROVIDER Enable a new model of customer service CE BRANCH PE IPVPN PE CE 18 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. PE INTERNET VID NSG CO Users WHOLESALE/ IPSEC NSG

Retail store or central warehouse Internet Off-load use case • provides physical Ethernet To Branch or Central Office termination for locally connected hosts • maintains IPSEC tunnels, one over broadband link, other over BR/T 1 uplink • performs traffic steering functions to select uplink paths based on Application policies 19 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. PROVIDER 1 (e. g. INTERNET) BRANCH IPSEC tunnel FW DHCP PBR Broadband NSG IPSEC tunnel PROVIDER 2 (e. g. IPVPN) Legacy Qo. S VPN Users

Branch 2 DIY IPsec VPN FW DHCP PBR Qo. S LAN NSG Branch 1 DHCP PBR Qo. S NSG Internet Network With VNS, Service Providers become engaged in the customer overlay network – providing a managed service for SMB/SME. Value-added services are introduced from the datacenter 20 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Branch 3 FW DHCP PBR NSG Qo. S LAN FW

VNS breaks implementation boundaries Physical Appliance Traditional Datacenter NUAGE hardware SW Image = VM INTERNET IP/MPLS INTERNET BYOD hardware Virtualized Datacenter 3 G/LTE * SW Image = OS Virtual Private or Public Cloud BYOD hardware FORM-FACTOR FLEXIBILITY 21 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. TRANSPORT FLEXIBILITY CLOUD FLEXIBILITY

AGENDA 1. Introduction 2. In the Data Center: the role of Nuage VSP 3. Beyond the DC: Nuage VNS Virtualized Network Services 4. Demo 5. Conclusion 22 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Retail store or central warehouse VNS – A New Type of VPN • VNS DEMO: https: //www. youtube. com/watch? v=7 o. Ow 9 y. LW-Pg Duration: 2: 30 23 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Flexible deployment models - Hardware NSG-E 1 NSG-F Intel Atom based (2 C) 6 x 10/1000 BASE-T Trusted Platform Module Compact Flash storage 1 X AC PSU 2 X USB 1 X RJ 45 Serial Console Intel Atom based (4 -8 C) 8 x 10/1000 BASE-T 2 x 1000 BASE-x SFP Trusted Platform Module Compact Flash storage 1 X AC PSU 2 X USB 1 X RJ 45 Serial Console NSG-X* Intel Xeon based (4 -8 C) 2 x 10 GBASE-x SFP+ LAN 2 x 10 GBASE-x SFP+ WAN 8 x 1000 BASE-T interfaces Trusted Platform Module Compact Flash storage 2 X AC PSU 2 X USB 1 X RJ 45 Serial Console NSG-L* Intel Atom based (4 -8 C) 24 x 1000 BASE-T* 2 x GE-SFP WAN Power over Ethernet Trusted Platform Module Compact Flash storage 2 X AC PSU 2 X USB 1 X RJ 45 Serial Console * HW switching module Up to 500 Mbps Up to 2 Gbps Up to 5 G/10 G/20 G* Up to 2 Gbps WAN* Beta NSG-E NSG-F NSG-X NSG-L 1 Q 15 2 Q 15 4 Q 15 1 Q 16

Flexible deployment models - Software Services: • IP VPN • P 2 P or MP Ethernet VPN • Reflexive ACLs • Ingress/Egress H-Qo. S • 1: 1 NAT/PAT • DHCP Server • Service chaining • LAN-side gateway resiliency * 25 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Management • None or multi-factor auth • Auth/Encrypted channels • Rsyslog/remote-upgrade • On-board assurance agent • Secure statistics export • Centralized CLI • EMS-integration* Form-factors: • Software-image • 6 -port appliance (up to 500 Mbps) • Hardware key store • IPSEC acceleration • Dual gateway HA-support Networking: • No-tunnel (IP) • Tunnel – VXLAN • Tunnel – MPLSo. GRE • Tunnel – VXLANo. IPSEC • Dual-uplinks support • Centralized MP-BGP control-plane • Group-key server • NAT-Traversal* 2 5

AGENDA 1. Introduction 2. In the Data Center: the role of Nuage VSP 3. Beyond the DC: Nuage VNS Virtualized Network Services 4. Demo 5. Conclusion 26 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Retail store or central warehouse VNS Summary: key points WAN DC What if you would intelligently apply the principles of mobile and broadband services to business VPN services ? • Automation: addresses velocity • Abstraction: removes complexity • And add Visibility & Control: customer self service Resulting in a business service that is: • not tied to network technology, nor to access, • only IP connectivity required = huge deployment and scale benefits, • allowing big simplification for provisioning, assurance and TTM VNS = strengthening your relevance for your cloud savvy customers 27 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Retail store or central warehouse VNS Summary: main benefits WAN DC OPEX (figures from customer cases): • VNS could improve on 38% of their current provisioning steps • VNS significantly improves 80% of their high cost processes • They estimate that on average VNS would reduce their per site provisioning costs by 60% CAPEX: CPE x 86 iso proprietary HW, SW version also available TTM: Drastically reduce “order – first-bill” to hours New revenues • Open up new segment and upsell to VPN • Service chaining in DC VNS = strengthening your relevance for your cloud savvy customers 28 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

29 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

AGENDA 1. Backup Slides 30 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Retail store or central warehouse Want to experience VNS yourself ? Virtual Point of Delivery (v. POD) VNS tenant account 4 weeks on mt-v. POD • Get access to the Evonet-ALU launch platform Infrastructure • Bundle of training, support, access, NSG • No need to look for own lab set-up • Up and running in no time • Experience VNS life Compute Immediate access to Evonet – Alcatel-Lucent launch platform 31 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Datacenter 1 Datacenter 2 Architectural view internet 7850 VSG 7850 VSG 7750 SR 7 10 G rings Experience VNS and its use-cases 32 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

RETHINK needed for Incumbent, Cable, challenger, XLE, Enterprise: changing landscape and consequences 1 2 3 4 5 Cost optimization is driving a review of ‘branch’ site equipment CAPEX (HW + connectivity) under pressure, OPEX demands automation Cloud is redefining the concept of “Time to access” Apps instantiated in DC/VPC/Public clouds in seconds, Branch connectivity must to same/similar timespan Traffic types and communication patterns are changing H&S insufficient-UC&C applications, Dev/Test in VPCs with ephemeral lifetimes, Guest Inet-local offloads, Traffic encryptions Hybrid WAN networks of lesser-SLA then VPN transport require intelligent routing SLA driven routing, Multiple WAN providers-identifying Focus on the WAN but what about the LAN Integration with Wi. Fi, extend automation to LAN Source: Alcatel-Lucent research 33 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Untapped Market Segments • Can’t afford “Gold plated” VPNs • Want more self-management Flexible deployment models Offnet / expansion • Break-out to cloud VNS • Complement with service chaining • Out of Region: VPN + VNS • On any underlay • Enterprise Operated Network Services Automating Service chaining /x VAS Offload / intelligence Seamless cloud integration VNS = Software Defined Automated Networking 34 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

The emergence of the cloud marketplace fit to Service Providers & Enterprises needs? • (Virtual) Services catalogue • The option to chain these (virtual) services • Flexible connectivity to the (virtual) services Source: Infonetics SDN/NFV Global Service Provider Survey 2014 35 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

COMPLETE OPERATIONAL TOOLKIT Virtual Services Assurance Platform (5620 SAM - VSAP) DC REST /JMS Virtualized Services Directory Proven SAM / CPAM Technology VSAP XMPP Virtualized Services Controller Control Plane Open. Flow IP Dataplane Virtual Routing & Switching WAN Policy Correlation • • Mirrors Nuage VSP policy objects Tracks dynamic lifecycle of virtual machines & services Over/Underlay Correlation • Topology map of virtual objects associated with physical elements Correlate events between the virtual and physical environments Monitoring and Troubleshooting • Multi-Vendor Support Hypervisor with new DC feature sets • • Historical events & alarm correlation in a dynamic environment Maintain past events to identify root cause & impact analysis Standard protocols for underlay topology detection & path monitoring Underlying core network can consist of any components supporting standard protocols (OSPF, BPG, ISIS, SNMP) Leverages 5620 SAM and any back office integrations 36 COPYRIGHT © 2014 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION