Professional Documents
Culture Documents
Nuagevns
Nuagevns
Roman Pindrik
Dive
Nokia ION
RBC
SD-WAN (Software Defined Wide Area Networks) is a new model for the delivery of
Enterprise services over WAN based on SDN principles
Overlay IT-approach to
offers network
service
transport delivery
choices
SD-WAN promises to shift incremental control to enterprise
IT
Automated operations
ANY Network General Purpose
On- ANY hardware
Private Net access New fulfillment models
Cloud
SEAMLESS
on- Internet
boarding
Public
Cloud Enterprise WAN Branch
offices
Business
IP-VPN L2-VPN Private Internet
IP Internet
Branch locations
To address the requirements in the previous slides, VNS uses a VXLAN based overlay solution.
An overlay network is a virtual abstraction (L2 or L3 service) built on top of an existing physical
network.
Network-centric Host-centric
overlays overlays
Examples: VPLS, PBB-VPLS, SPBM, TRILL Examples: VXLAN, NV-GRE, STT, etc.
Diminishing popularity due to one or more Increasing popularity due to one or more
of:
MAC address, VLAN scaling of:
Automated and simple VM provisioning
STP dependency, flooding limitations VM mobility
Hardware/software requirements Scaled multi-tenancy
Standards compatibility
Overlay networks are not new: Layer 2 and Layer 3 VPNs have been implemented in
IP/MPLS networks to connect customer sites in an isolated and scalable manner for many
years
TTP36009 Nuage Networks Virtualized Network Services (VNS)
Fundamentals
15
NOKIA — PROPRIETARY AND CONFIDENTIAL — RESTRICTED — SOLELY FOR AUTHORIZED PERSONS HAVING A NEEDTO
KNOW. COPYRIGHT © 2016 NOKIA. ALL RIGHTS RESERVED.
VXLAN
ENCAPSULATION
SDN controller:
Communicates with the NSG using OpenFlow protocol
MAC/IP address learning on LAN ports are alerted to the
controller
Loads the forwarding information to all the NSGs
TTP36009 Nuage Networks Virtualized Network Services (VNS)
Fundamentals
19
NOKIA — PROPRIETARY AND CONFIDENTIAL — RESTRICTED — SOLELY FOR AUTHORIZED PERSONS HAVING A NEEDTO
KNOW. COPYRIGHT © 2016 NOKIA. ALL RIGHTS RESERVED.
VNS: SD-WAN VXLAN-BASED
VPN
Control plane
OpenFlow and BGP EVPN
Data plane
VXLAN
NSGs forward directly
between each other using
VXLAN as overlay
Underlay network
VXLAN traffic (IP packets)
between endpoints
Data plane can be
further encapsulated if
needed
Secured Secured
channels channels
Branch
Hypervisor INTEIRPN
Hypervisor
ET Hypervisor
VM VM
Hypervisor
Data Plane:
VRS, VRS-G, VSG (for VSP)
NSG (for VNS)
Untrusted RR PE
NSG-V/BR
Internet
NSG
DMZ
ENT
FW
XMPP/XMPP-TLS TCP 5222 (VSC/Utils- Stats - TCP 39090
>VSD)
SNMP UDP 161 (from SAM)/162(to NTP - UDP 123
BGP TCP dPort 179, sPort
1023 HTTPS TCP SAM) RPC/Nuagemon - TCP 7407 (NSG- (NSG-
11443/12443 HTTPS TCP >VSC) OF-TLS TCP 6633 (NSG-VSC) >VSC, VSC->NTP)
TTP36009 Nuage 7443Networks Virtualized Network Services (VNS) DNS – UDP 53
Fundamentals DTLS UDP 4500 4789 NSG-
27 >VSC
NOKIA — PROPRIETARY AND CONFIDENTIAL — RESTRICTED — SOLELY FOR AUTHORIZED PERSONS HAVING A NEEDTO
KNOW. COPYRIGHT © 2016 NOKIA. ALL RIGHTS RESERVED.
VIRTUALIZED SERVICES DIRECTORY
(VSD)
Cloud service provider administrator (csproot) can create different enterprise definitions for each
tenant.
Each tenant can create their own user groups, domains and policies on the VSD.
TTP36009 Nuage Networks Virtualized Network Services (VNS)
Fundamentals
31
NOKIA — PROPRIETARY AND CONFIDENTIAL — RESTRICTED — SOLELY FOR AUTHORIZED PERSONS HAVING A NEEDTO
KNOW. COPYRIGHT © 2016 NOKIA. ALL RIGHTS RESERVED.
SELF-SERVICE NETWORK SERVICE
DELIVERY
Customer
Portal
Fixed and Mobile Access Networks Non-specialized personnel can turn up a site in
10 minutes or less
Software
VRS-G is a VM
Or runs on a x86 server
Hardware
7850 VSG
960 Gbps capacity
32 x 10G + 16 x 40G
VXLAN encapsulation at line rate
Both:
Control plane is integrated with
VSC/VSD for automated VLAN/VXLAN
mappings
L2 and L3 capable
• Health metrics of overlay network connections between NSGs in a domain using performance
monitors with a specified network profile (DSCP value, payload size, traffic rate).
• Performance metrics include one way packet loss, jitter and latency between the uplinks
of different NSGs
Application Policy and Visualization (APV)
• Policy-driven intelligent path selection for application traffic based on one way latency, jitter
and packet loss measurements
• Path selection based on continuous probes and/or first packet detection
• Improve scalability with first packet detection
+
Measurement
+
• The intelligent forwarding of application traffic across the Enterprise WAN,
ensuring that pre-defined per-application performance metrics (i.e. SLAs) are persistently
met
AD + NPM + APV 2
Measure path performance
= metrics over both uplinks
Site 1
Site 2
Voice Video
1 3 Email
Path 1 – low
Identify the Video Conferencing Steer Video Conferencing application
application flow to known flows over a SLA-compliant path latency/variation/loss Path 2 –
destination, NSG at Site 2 higher latency
Performance Measurement per Path – Delay, Delay Variation, Loss,
BW
Graphical Representation:
• Applications identified ranked by Total
Bytes
Graphical Representation:
• Applications identified ranked by Total
Bytes
NP2 NSG-BR
NSG-2 VRS-2
VXLANoIPsec
VXLAN VXLAN
▪ Distributed PAT
PAT
▪ Multiple PAT Pools IP1/32
SUB1 SUB1
▪ Routable in destination domain NSG NSG
▪ Assign IP per NSG in Source domain PAT
▪ Pool address management by VSD IP2/32
SUB2
▪ Local and Remote Shared domain NSG
▪ Use Case: hosted service, B2B PAT SUB2
SUB3 IP3/32 NSG
SUB4 NSG
Source Shared
Domain1
Domain
PAT
IP2/32
SUB
SUB2
2
NSG
PAT
SUB3 IP3/32
SUB
SUB4 NSG
3
Source Shared
Domain1
Domain
PAT
Pool
PAT
▪ Multiple Destination domains IP1-IP5
vPort Source Shared
▪ NOT Supported Domain 1 Domain 1
PAT PAT
Pool
IP6-IPn Shared
Domain 2
By using this approach, a hybrid WAN can give organizations a more versatile and cost-effective
way to connect their offices while still relying on dedicated links to send mission-critical data and
provide secure network resilience.
Site 2
Site 1
Site 1
Site 2
MPLS Interne
VPN t
Private Network – Overlay Internet – Overlay
Service Service
MPLS CE
Site 2
Site 2
Site 1
Site 1
NSG-BR
NSG-BR
Interne
Internet t
Context U1-2
U1-3
BR:
NH Context per underlay to C1-1 VSC
avoid overlapping IP addresses
Multi-tenant Routing table per
C1-2
customer U1-1
HA Proxy: S1 NSG-c1 C1-3
NH Context per underlay Underlay-1
Single DNS name and globally U1-2 Internet B1-1
unique IP address is used for the
proxy across all underlays with no B1-2 uBR-1
overlaps
VSC: B1-3
Multi-interface VSC using ESXi/trunk Underlay-2
VLAN/BGP
ports VRF-cust1 B2-1 per Tenant
Support 100 interfaces/VSC
(Target) U2-1
B2-2 uBR-2
The Hybrid WAN use case must be able to support
S1
NSG-cX
connectivity to sites whose NSGs are only connected to B2-3
either uplink but not both. It should also support the U2-2
case where the connection to transport “A” fails at one Underlay-X VLAN/BGP
per Tenant
site and the connection to transport “B” fails at the VRF-
other site. custX
▪ Specification
▪ Intel Atom based
▪ BayTrail E3825 2C,
1.33GHz
▪ 3 x 10/100/1000BASE-T
▪ 2GB RAM
▪ 16GB mSATA MLC
▪ TPM
▪ Fanless
▪ 1X AC PSU 3x1000BASE-T USB2.
▪ 2X USB (2.0 and 3.0)
▪ 1X RJ45 Serial Console
1xUSB3.0 0 Serial
Soft Reset Console
* TBC
*Stretch
Enterprise
VS
ECMP across both links admin
D
Intelligent Traffic Steering VS
C
Voic
e
Private Data
NS Center (or
Site IP/ MPLS WAN
G HQ)
1 (Provider Network)
Vide
o
Public Cloud,
SaaS
NS
Site G Internet (3G/LTE, BB, etc.)
2
Enterprise
VS
ECMP across both links admin
D
Intelligent Traffic Steering VS
C
Seamless Backup
Voic
e
NS
X Private Data
Center (or
Site IP/ MPLS WAN
G HQ)
1 (Provider Network)
Vide
o
Public Cloud,
SaaS
NS
Site G Internet (3G/LTE, BB, etc.)
2
Voice Video
Site 2
Site 1
IPVPN
Full- Hub-
mesh Spoke
Shadow-responder
NSG
NSG-E or BYOD
NSG-X
NSG NSG
OWAMP probe
NSG NSG
NSG NSG-E NSG-C NSG-F
R4.0R4 GA Subsequent releases
Third- Server
party application Eg. www.google.com
responder 7750 SR
IP RTT probe
NSG
TWAMP RTT probe
Any-IP responder
I would like to discover which applicationsare running at my ToDscheduled monitoring – known applications/knownsubset of sites
site
Unknown apps Known apps Known apps
NS
NSG NSG NSG
G
Discovery mode PPS mode PPS mode
I would like to monitor custom apps independent of Known applications/unknown sites – 1st packet
destination trigger
Custom apps Unknown Known apps Known apps
destinations
NSG X NSG NS
X
G
PPS mode PPS mode PPS mode
e.g. - Enterprise in-house developed applications e.g. - VoIP call between users