![Page 1: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/1.jpg)
Copyright 2013 Alcatel-Lucent. All rights reserved.@ssneddon
Scott SneddonPrincipal Solutions Architect, APAC Business Development LeadNuage Networks
A Policy Driven Approach to Software Defined Networking
![Page 2: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/2.jpg)
SDN in 2014
OpenFlow Controllers
Network Virtualization
White Box Switching
Open Source Projects
Network as a Service
Plenty of Innovation and Disruption…
![Page 3: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/3.jpg)
Why SDN?
Reduce Cost
Asset Utilization
Self Service
Automation
Make the network more “Cloud” like
We’re making great progress
![Page 4: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/4.jpg)
The “Consumption shift”
Cloud is changing the way technology is being consumed
From “order and wait”
To “instant gratification”
Consumer expectations are shifting
Multiple personas
Single user
On-demand personalized catalogue
![Page 5: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/5.jpg)
Compute is Virtualized
Available in Minutes
Network is Partially Virtualized
Configuration takes Days/Weeks
NetworkConfiguration
Compute Management
New Tenant / Application Request
Auto-instantiation
Compute Request
completed in
Minutes
Help Desk
Change Control
IP
Address
VLAN
Address
Firewall
Configuration
LAN (VLAN)
Configuration
WAN (IP)
Configuration
Security / QA
Team
Project
Coordinator
Network Change
completed in
days/Weeks
00:01
Datacenter Network
Service velocity is hindered by manual network process
![Page 6: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/6.jpg)
Network is “more” virtualized
Some things available in minutes – Some not so much
Many network elements are manually configured
Manual per-tenant network configurations
NetworkConfiguration
Compute Management
New Tenant / Application Request
Auto-instantiation
Compute Request
completed in
Minutes
SDN Controller
Some Network
Change completed
In Minutes
00:01 00:01
Software Defined Datacenter Network
Service velocity accelerated, but…
![Page 7: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/7.jpg)
Committees still build “networks”
Audits/reviews
In a NaaS environment (OpenStackNeutron, AWS, etc) this is delegated to the tenant
Is this what your DevOps team should be doing?
NetworkConfiguration
Software Defined Network Configuration
We’ve only addressed part of the automation problem
DevOps Team
VLAN
Address
IP
Address
WAN (IP)
Configuration
Firewall
Configuration
Network
Configuration
created in days/Weeks
![Page 8: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/8.jpg)
Current Neutron Networking provides building blocks to create logical topologies Networks, Ports, Subnets ,Routers, Security Groups
neutron net-create web
neutron subnet-create web 10.0.0.0/24
neutron router-create router1 neutron router-add-interface router1 web
…
Not abstracted into a consumable model
OpenStack Neutron Networks
web
VM VM VM VM VM VM
app db
Puts the burden of topology design on the DevOps team
![Page 9: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/9.jpg)
DevOps has an understanding of the specific application needs Segmentation, Port numbers, Connectivity goals
Should not be burdened with the implementation details Routes, Subnets, VLANs
The DevOps team needs an Abstracted view
A DevOps View
web
VM
VM
VM
app
VM
VM
VM
db
VM
VM
VM
![Page 10: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/10.jpg)
Network Administrators need to…
Define connectivity models Paths
QoS
Access Control
Deploy service elements Firewall
Load Balancer
IPS
Audit compliance
Audit usage
A Network Admin View
Firewall
IPS
Parental Ctl
Firewall IPSParental Ctl
Internet
Policy Selector
chain 1 chain 2 chain 3chain 4
![Page 11: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/11.jpg)
Policy approach to networking
Policy Templates
Users
Application Types
Business Rules
Policy Evaluation
Firewall
Firewall
W
BLBL
W
FirewallW W
Firewall
Firewall
W
BLBL
W
Firewall
Firewall
W
BLBL
W
BLBL
Design once, re-use multiple times
Application Networks
![Page 12: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/12.jpg)
What is a network Policy?
OpenStack Group Based Policy Abstractions for Neutronhttps://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
• An Application-centric approach to networking• Moving away from traditional network constructs
• ports, subnets, routers, etc• Aiming for a highly abstracted interface for application developers to
• express desired connectivity of application components• and express high-level policies governing that connectivity
• Without imposing constraints on the underlying implementation
![Page 13: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/13.jpg)
Policy Abstractions for Neutron
OpenStack Group Based Policy Abstractions for Neutronhttps://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
Outside EPG
Web EPG App EPG DB EPG
VM
VM
VM
VM
VM
VM
VM
VM
Web Contract
App Contract
App Contract
Public Network
Private Networks
• Endpoint (EP) – an IP addressable entity• Endpoint Group (EPG) – a grouping of Endpoints• Policy Rule – individual rule that defines communication criteria• Contract – a collection of Policy Rules that are applied to traffic between EPG’s
![Page 14: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/14.jpg)
In application development…
We first define the application through source code
We then compile the application into machine instructions
Then we bind that application to a platform at run time Assigning compute registers and memory locations
In a Policy driven network…
We first define the application’s connectivity requirements and business rules Application Policy
We then map this application to a network service Predefined network templates, network contracts
Then we implement these network services when the application is deployed Automated, Dynamic
To Achieve a Policy Driven Network
![Page 15: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/15.jpg)
APPLICATIONATTRIBUTES
SDN FRAMEWORK
TOPOLOGYATTRIBUTES
Service Mapping
Service Binding
Application Request
TECHNOLOGYATTRIBUTES
web
V
M
V
M
V
M
app
VM
VM
V
M
web
V
M
VM
VM
web app db
To Achieve a Policy Driven Network
![Page 16: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/16.jpg)
Policy Driven Networking Delivered
Nuage has provided policy abstractions for virtual and physical networks since our first release
L2, L3, ACLs, QoS, Service Chaining, Traffic Statistics
Difficult to express using existing Neutron constructs…
Which is why we’re contributing to Group Based Policy Cleanly express application policy in Neutron
![Page 17: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/17.jpg)
Network Policy templates and role-based workflow
Compute Management
Tenant / Application RequestNetworking
Security/
Compliance
Service velocity is not hindered by manual network process
Auto-instantiation
Compute Request
completed in Minutes
00:01
IP address
WAN interconnect
Policy / Security Zones
L2 /L3 Service AD
Service chaining
Templates
Network Policy Engine
(Nuage Networks VSP)
Policy Instantiation• IP address 10.x.y.z• VLAN configuration• WAN configuration• Security / FW settings• QoS parameters• …
Network Change
Completed automatically
00:01
![Page 18: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/18.jpg)
Conclusions
• Creation of distributed virtual switches and virtual routers - great for virtual networks and better than VLAN’s, but …
• Creates a distributed virtual configuration and management challenge
• Provisioning and management of these endpoints can not be done with traditional methodology
• Policy abstraction is a proven framework
• Nuage Networks has been shipping Policy Driven SDN since May 2013
![Page 19: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/19.jpg)
For more information…
• Nuage Networks Virtualized Services Platform
• http://www.nuagenetworks.net
• OpenStack Neutron Group Based Policy Abstraction
• https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
• OpenDaylight Application Policy Plugin
• https://wiki.opendaylight.org/view/Project_Proposals:Application_Policy_Plugin
![Page 20: TFI2014 Session I - State of SDN - Scott Sneddon](https://reader030.vdocuments.us/reader030/viewer/2022020218/5596ff801a28aba3778b4818/html5/thumbnails/20.jpg)
208/29/2014
Network Policy NOW
@nuagenetworks
@ssneddon