Loading...

Follow Nuage Networks Blog on Feedspot

Continue with Google
Continue with Facebook
or

Valid

The race to SD-WAN market leadership is a marathon and not a sprint. In the crowded SD-WAN market, we are slowly witnessing a “thinning of the herd” as rapid vendor consolidation is shaping the future of SD-WAN while shuffling the leadership deck.

The market incumbency head start

So far it is clear that enterprise incumbency has been paramount in the success of SD-WAN and has been explicitly used by legacy players and large conglomerates to their advantage. Legacy players used their incumbency to pivot from their core competency (e.g. WAN optimization, security, routing, etc.) while bolting on some SD-WAN capabilities. The problem with their approach is that these solutions were not purpose-built to offer SD-WAN, yet their incumbency gave them a strong start.

Large enterprise-focused conglomerates representing incumbent vendors in the enterprise market (e.g. data center SDN or enterprise routing) have used a market strategy to leverage their large customer base to parlay into SD-WAN wins. For these SD-WAN offerings the solution can often involve current proprietary hardware that locks the enterprise or service provider inflexibly into their legacy hardware.

Smaller pure play SD-WAN vendors that have depended upon venture capital, have either been acquired by a larger conglomerate already, are looking for a suitor, or are exploring different selling channels by partnering with other players in the space.

Proof is in the pudding

Throughout this rapid market movement, Nuage Networks SD-WAN or Virtualized Network Services (VNS) has slowly yet steadily moved up in terms of revenue and perception of leadership within the market. It is the only solution that has not pivoted, has not shifted in its product philosophy or market approach… it has remained steady, and consistent and it is being rewarded for this.

Nuage Networks has always believed that the ideal enterprise consumption model for SD-WAN is through a managed service delivered through a communication service provider (CSP). This was not the general consensus of the industry a few years ago, yet today we are seeing SD-WAN managed services as being the predominant model and increasing in share every year. A recent market report by Frost and Sullivan[1] underscores this fact. In addition, a report from ACG[2] has Nuage Networks ranked #1 in market share for the service provider market. Times have certainly changed.

Overall Nuage Networks leadership in SD-WAN is being recognized in both perception as well as through revenue. In a recent report from IDC[3], Nuage Networks’ SD-WAN revenue measured across the overall market including all consumption models, increased 125% year over year representing a move from #6 to #4 in overall market share position.

Here is one of the charts that IDC shares in the report depicting worldwide market share:

If indeed it is true that SD-WAN market leadership is a marathon and not a sprint, Nuage Networks is prepared for this race, we have advanced gel soles in our shoes, and energy packs in our hands, while we take comfort from our years of advanced routing training and proven innovation to take us forward.

[1] Frost and Sullivan, Global SD-WAN Vendor Market Mid-Year Forecasts 2018, August 2018

[2] ACG Research, A Fresh Market Perspective on SD-WAN, May 2019

[3] IDC, Worldwide SD-WAN Infrastructure Market Shares, 2018: Incumbent and Start-Up Networking Vendors Continue to Compete in Fast-Growing Market, doc #US45160019, June 2019

The post The volatile road to SD-WAN market leadership appeared first on Nuage Networks.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

As Enterprise Digital Transformation accelerates, the demands on the network are also increasing and many Enterprises are embracing SD-WAN as part of their network transformation to support the shift to hybrid cloud and a more agile, dynamic infrastructure that can respond quickly and efficiently to the demands of the business.

The choice of DIY or managed service for Wide Area Networking is one that Enterprises have debated for years and it’s often a question of strategy and skills, not cost savings. When SD-WAN first appeared on the market, many Communication Service Providers (CSPs) saw it as a threat to their MPLS services and revenues, but as the market has evolved, most CSPs have embraced SD-WAN as a vital tool in their portfolio of managed services as it provides an overlay on top of business-grade Internet and/or MPLS as well as an opportunity to upsell a range of value-add services (e.g. managed security) on top of the SD-WAN service.

A recent report from ACG Research indicates the SP segment for SD-WANaaS was globally worth $178m in 2018 but is forecasted to grow at 59% CAGR, reaching $1.791B by 2023.

ACG Research analyst Liliane Offredo-Zreik noted that “Although the DIY segment started out strong, it is losing momentum against the service provider segment as enterprises take stock of the complexity of bringing SD-WAN in their networks and managing it.”

Nuage Networks now has more than 70 service provider partners delivering SD-WAN to more than 700 Enterprise customers and we are seeing an increasing set of common drivers behind the growth of SD-WAN as a managed service:

  • Increased complexity of multi-site corporate networking
  • Organizational distribution (e.g. more locations, remote users, M&A activity)
  • Network complexity associated with hybrid Private and Public Cloud-resident business applications, including a trend to spread business applications across multiple public cloud platforms
  • Increased dependence on business-critical IP-based applications (which need high quality bandwidth)
  • A shift in business communication paths (and network topologies) from a hub-spoke to a full mesh as branch to branch collaborative suites (Skype for Business, WebEx) style applications are deployed
  • Mixed access connectivity, leveraging fixed broadband Internet, MPLS and wireless technologies
  • Local Internet breakout at remote locations causing increased security concerns

Enterprise IT and network teams are facing unprecedented challenges to meet the rising demand for bandwidth and quality without increasing spend. SD-WAN helps mitigate this by supporting network-wide policies that define application security, traffic steering and QoS; reducing turn-up time for adding sites and network re-configuration; leveraging cheaper access underlay technologies such as broadband Internet. The factors affecting the Enterprise choice of DIY or managed SD-WAN are described in detail in a research brief by AvidThink.

Enterprises partnering with a service provider to manage their SD-WAN can also take advantage of outsourcing security and other complex network functions, while also having full visibility of their network, location, user and application performance through an SD-WAN portal. More insight into how SD-WAN can help Enterprises on their digital transformation journey is available in this report from AvidThink.

The post Service Provider Growth Demonstrates Enterprise Adoption of SD-WAN as a Managed Service appeared first on Nuage Networks.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The Nuage Networks from Nokia Virtualized Services Platform (VSP) is now supported with Oracle Cloud Infrastructure. You can use the Nuage Networks VSP as a virtual overlay network platform for all your existing virtual and physical server and network resources. It provides secure Layer 2 and Layer 3 access, giving you connectivity from user applications into Oracle Cloud Infrastructure.

Nuage Networks VSP is a software-defined networking (SDN) solution that provides data center and cloud network virtualization. It automatically provides connectivity between compute resources. Nuage Networks uses a quick Open vSwitch replacement on top of the bare metal servers within Oracle Cloud Infrastructure to connect the Nuage Networks Virtual Routing and Switching (VRS) to the controller. Designed for large enterprises and service providers, it supports clouds of all sizes and architectures, from data center private clouds to large enterprise wide area networks (WANs) and some of the largest public clouds in the world.

This open SDN and SD-WAN platform helps you avoid vendor lock-in. After the VRS is connected to the control plane (VSC), and control plane and data plane (infrastructure) connectivity is established via an IPSec virtual private network (VPN) tunnel, the rest is defined within the cloud-based solution. Read the full blog on Oracle.com.

The post Use the Nuage Networks Virtualized Services Platform with Oracle Cloud appeared first on Nuage Networks.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

It is always more compelling when an objective and respected third party articulates a solution’s value proposition compared to telling it yourself. Appledore Research’s November 2018 profile on Nuage Networks SD-WAN does just that when describing Nuage Network’s SD-WAN solution.

This comprehensive profile first outlines how Nuage Networks was formed as an “intrapreneurial” venture of Alcatel-Lucent (now Nokia) to exploit the emerging software defined networking (SDN) market while thinking “outside the box”. The profile then gets into the general value proposition of SD-WAN that some leading vendors in the industry share: simplified configuration, increased agility, cost reduction, application-level traffic management techniques to optimize network resources. We believe that many of these values represent “table stakes” and are no longer considered significant differentiators to really set yourself apart in the competitive and crowed SD-WAN vendor market you need to bring more to address enterprise needs in the emerging cloud era.

Unique differentiators of Nuage Networks SD-WAN

It is especially rewarding to see a third-party profile that describes Nuage Network’s differentiators that go beyond the aforementioned expected capabilities. For convenience I have broken them up into two categories: SD-WAN 2.0 enabling pillars and advanced routing/integration capabilities.

SD-WAN 2.0 pillars

The SD-WAN market has moved from just requiring “automated connectivity” to requiring an infrastructure that enables the automated delivery of IT services. We call this set of capabilities SD-WAN 2.0 (see the PR) and in this profile Appledore Research does a good job in describing them as summarized below:

  • A single end-to-end platform that is used to configure SD-WAN and other networking services that span private data centers (both enterprise and Telco Cloud), the public cloud, and branch locations across any WAN transport
  • Software-defined security that goes beyond just protecting network resources (i.e. micro-segmentation) to include application level visibility and analytics allowing for programmable and dynamic threat responses
  • A flexible VNF framework that supports the virtualization of network functions in three flexibly ways: embedded within the Nuage Networks SD-WAN SW itself, programmable service chaining to third party hosted VNFs, and third party VNFs hosted on Nuage Networks uCPE
Advanced routing/integration capabilities

The following differentiators further set Nuage Networks apart from its competition and it was nice to see these capabilities called out by Appledore Research in the profile.

  • Enhanced WAN/routing integration allowing for multiple routing protocols in the overlay (e.g. BGP, OSPF, static) as well as BGP on the underlay/uplink. This provides a great level of flexibility when interworking with legacy sites that do yet support SD-WAN
  • Open API that is available to the vast set of partners that Nuage Networks integrates with. This simplifies and accelerates any new integrations and has been proven in large CSP orchestration and OSS environments
  • Specialized multi-tenant routers (underlay border routers – UBRs) that are deployed to seamlessly interconnect different heterogeneous WAN transport segments
  • One of the richest and most complete ecosystems of technology partners in the industry
Nuage Networks unique position to empower CSPs

Early on in the profile, Appledore Research acknowledges how the market for SD-WAN is shifting rapidly to being sold as a managed service through the CSP customer:

“Over the last 18-24 months the market has shifted from direct enterprise sales, as leading CSPs have recognized that they can play a key role in delivering, managing and most importantly, combining SD-WAN technology with complementary — and sometimes unique — communications offerings.”

This is consistent with our view as well and has become a focus of our go to market strategy. In fact, MEF has acknowledged Nuage Networks as the leading SD-WAN solution for CSPs by being awarded Technology Solution of the Year for the last two years in a row. Furthermore, to showcase how ready Nuage Networks solution is for CSPs, EANTC released a report based on a set of comprehensive tests that details the extreme scale that this solution provides across multiple enterprise tenants.

It was nice to read how Appledore Research further elaborates on how Nuage Networks SD-WAN offering is in a terrific position to empower the CSP. This can be summarized by the points below:

  • As one of the leading SDN vendors and being part of a major Network Equipment Provider (NEP), Nuage Networks is well positioned to provide synergistic offerings to CSPs that include SD-WAN, access facilities, premiums WANs, wireless backup, related VNFs, end-to-end monitoring, root cause analysis and remediation.
  • For a CSP serving a large enterprise, Nuage Networks software can represent a single unified solution across the enterprise data center, the CSP’s NFVI, and the SD-WAN. This will centralize administration and optimize routing across the entire end-to-end network improving performance and agility, reducing errors and cost
  • Support for BGP on both the LAN and WAN sides of the SD-WAN gateway allows a CSP WAN vendor to have deeper integration with more granular flow and data handling
  • Support for seamlessly connecting disjointed and heterogeneous networks allows CSPs to have superior underlay WAN interworking capabilities to address many realistic use cases
  • Nuage Networks SD-WAN architecture meets Appledore Research’s requirements for the next-generation automation and efficient operation of a CSP multi-domain Telco cloud.
  • Nuage Networks software is implemented as an SD-WAN domain controller with other OSS and BSS allowing it to easily become part of a cross-layer end-to-end process automation. This is essential for CSPs who want to deploy an SD-WAN solution as part of their overall network services offering
  • Nuage Networks SD-WAN allows CSPs to easily offer adjacent services such as firewalls, WAN accelerators, etc. It does this by offering its Network’s Services Gateway (NSG) as an x86 uCPE appliance that can host many applications from its rich set of ecosystem partners. Alternatively, these partner applications can be accessed by programming a service chain

As the SD-WAN market requirements continue to shift to meet the next generation enterprise needs, it is terrific to be acknowledged by one of the leading analyst firms in Appledore Research as a leader in the industry who offers a broad set of unique and differentiating capabilities. It is an exciting time in the SDN/SD-WAN market and Nuage Networks is committed to exert its leadership to empower CSPs to solve today’s enterprise WAN requirements while establishing an infrastructure to meet tomorrow’s challenges as well. You can read the full report here.

The post Nuage Networks Setting Itself Apart from the SD-WAN Crowd appeared first on Nuage Networks.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
First generation SD-WAN solutions (SD-WAN 1.0) have focused on delivering automated IP connectivity and WAN management across different transport types.

These deployments were primarily constrained within the WAN itself and overlooked the end-to-end aspect of service delivery. Since then, enterprise IT needs have rapidly shifted to accommodate multi-cloud capabilities, leading to many models for enterprises to consume cloud services.  This environment has created a new set of requirements that legacy SD-WAN 1.0 deployments were not designed to address.

We’ve developed SD-WAN 2.0, which expands the SD-WAN 1.0 paradigm to a cloud based platform, delivering diverse IT services for modern enterprises. It transcends connectivity and allows enterprises to offer IT services across any IP-based networks.

Click to read the full blog

The post SD-WAN 2.0: the delivery of enterprise IT services across any network and cloud appeared first on Nuage Networks.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The compelling second paragraph of the United States Declaration of Independence starts as follows: “We hold these truths to be self-evident, that all men are created equal…”. While this is true for humanity it most definitely does not hold true for the various SD-WAN solutions that are available today.

SD-WAN offerings up to now have been provided by vendors within three general groups:

  • legacy vendors who are attempting to pivot from their core competency,
  • pure play vendors who have started from scratch with venture capital investments, and
  • conglomerates who often leverage their enterprise market incumbency and offer a portfolio of acquired solutions.

Up to now some of these vendors have essentially providedagile connectivity in an operationally efficient manner allowing enterprises to get a little more from their WAN. However, although some of these early offerings have helped to transform enterprise WANs they have also been rife with challenges that the enterprise or managed service provider has to deal with.

In pursuit of growth, legacy players are attempting a pivot from their core competency (e.g. WAN optimization, security, routing, etc.) and have bolted on some SD-WAN capabilities. The problem with their approach is that these solutions were not purpose-built to offer SD-WAN and they are still focused around their core competency. These solutions typically include a handful of SD-WAN features that complement their incumbent solution, resulting in limited SD-WAN solutions that have quality issues and are not designed for large scale networks. Furthermore, these solutions are not equipped to meet the demands of today’s enterprise customers, let alone managed service providers.

Pure play SD-WAN players, most of them start-ups with an infusion of venture capital dollars, are focused on WAN connectivity only and often lack hardened and comprehensive networking features with little expertise in delivering carrier-grade solutions that can support large scale multi-cloud deployments. In addition, many of these start-ups have an uncertain future, lack the infrastructure and resources to support a large install base, which introduces unnecessary risk to many enterprise customers.

Large conglomerates represent incumbent vendors in the enterprise market who try to leverage their large customer base to parlay into SD-WAN wins. For these SD-WAN offerings the solution often involves current proprietary hardware that locks the enterprise or service provider inflexibly into their legacy hardware. This is contrary to the shift we are seeing toward x86-based commodity CPEs that offer openness, flexibility while supporting an easy path toward virtualization and agility. In an effort to capture more of the enterprise market, conglomerates try to be all things to all enterprises and offer multiple overlapping solutions. This approach is not only inflexible but is also confusing to the enterprise as it creates uncertainty for what their end game will be and complicates the decision to invest in the right long-term solution.

In addition to these challenges, the industry is seeing a large disconnect between what enterprise IT needs and what is available on the market. Many enterprises have multiple sites and run their business applications in a multi-cloud environment that includes public or private clouds and are consuming increasingly more SaaS applications. These needs have fueled the growth and the merging of SDN, NFV, and SD-WAN cloud technologies (see SD-WAN market trends from Global SD-WAN Vendor Market Mid-Year Forecasts 2018, Frost and Sullivan, 2018). Unfortunately for the market, these SDN and SD-WAN solutions are offered as distinct products with different management and control systems and completely different data and policy models. Putting these separate solutions into production creates massive operational overhead and complexity, leaving Enterprise IT teams with inflexible and less secure networks that are expensive to operate and manage. In the end, these separate solutions can leave the enterprise worse off than they were before.

This is where Nuage Networks and its SD-WAN 2.0 solution comes in, offering a singleplatform that does not inherit any of the challenges mentioned earlier since it was purpose-built from the ground up with the vision to securely connect users to applications anywhere with no restrictions. It does not inherit the fragility and lack of features that legacy players have as it was built from inception for the needs of the enterprise consumer. At its core, it leverages a mature, carrier grade and highly scalable control and management plane based on decades of experience delivering products for massive infrastructures. Finally, it comes from an industry leader that has the resources, infrastructure and experience to support global customers of any size.

Perhaps most important of all is that Nuage Networks SD-WAN 2.0 solution represents the industry’s first and only platform that provides a single management and control plane for end-to-end network and security automation between data centers, public and SaaS clouds, and branch sites across any WAN transport network. These capabilities have always been part of the Nuage Networks SDN platform and it is only until recently that the industry has caught up to Nuage Networks leadership in the SDN space. In fact, there is a tremendous amount of vendor activity rapidly trying to close this technology gap resulting in many vendor acquisitions and consolidations totaling up $1B+ in the past year alone.

With close to 30 SD-WAN vendors, it is important to be able to filter out the noise and invest in a solution that is built to address your needs today and tomorrow. Many of the SD-WAN 1.0 solutions on the market are missing the mark on enterprise IT needs. Fortunately, Nuage Networks SD-WAN 2.0 solution is all about meeting the needs of Enterprise IT and providing a single platform to deliver IT services and ensure the end-to-end security of their users and business applications. With this infrastructure in place Enterprises are in a position to thrive in this ever-evolving cloud era.

The post Not all SD-WAN solutions are created equal appeared first on Nuage Networks.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This is part 3 of a three-part blog post describing Nuage Networks’ single-platform approach for the software-defined DC and SD-WAN. Read part one here  and part two here.

The third and final part of this blog post addresses the DC, which covers Policy-automated 100G Switching and NFV & Telco Cloud.

It is worth noting that the 5.0 release provides a significant number of new capabilities beyond those discussed in this blog, in areas such as  DevOps/container networking and cloud integrations with OpenStack, VMware, and Microsoft Hyper-V/SCVMM.

DC Policy-automated 100G DC Switching

Nuage Networks provides a portfolio of DC switches based on Broadcom architecture with carrier-grade SROS routing code. The switches are fully automated, SDN-ready, managed and orchestrated from the same centralized cloud policy plane (Nuage Networks VSD) that manages virtual end points. Uniform policy constructs are pushed to virtual and physical switches, hiding the virtual/physical demarcation from the user.

The 5.0 release introduced the second generation of Nuage Networks switches (WBX product line) that support 100G port forwarding with the ability to connect 25G server NICs. The WBX switches further differentiate themselves by running a combination of Linux and SROS and providing the ability to run 3rd party software add-ons on a standard x86-based control platform. They can be deployed using a simple REST API and managed with centralized API-based orchestration of QoS, ACLs, dynamic and static routing capabilities. The WBX switches offer telcos and enterprises the ability to build automated DC underlay fabrics with a robust routing feature set. More details and WBX information can be found at http://www.nuagenetworks.net/resources/product-information/

NFV & Telco Cloud

Service providers must adapt to the increasing demands of digital enterprises, and to do that they need cloud-based networking solutions to provide scale and agility without compromising control. Cloud network solutions for telcos include:

  • Centralized DCs for highly scalable network and IT workloads,
  • Distributed DCs for cloud at the network edge (central offices, points of presence and radio sites) for hosting VNFs. Nuage Networks VSP offers the best-in-class SDN support for VNFs and caters to their need for:
  • Automated connectivity to virtual and physical network assets (DC fabric, gateway, PE, Firewall)
  • Isolation and security
  • Service chaining
  • Packet Acceleration for VNFs with high throughput requirements
  • Integration with OpenStack and Other CMS (cloud management systems)

The Nuage Networks solution fits into the ETSI NFV framework as part of the NFVi (infrastructure) layer.

VNFs in telco clouds often rely on IPv6 addressing for scale, and in 5.0 we are IPv6-compliant for the overlay. In some cases, such as Mobile Gateways, there is a need to advertise and learn IP addresses (such as UE pools) by direct BGP peering, which is now supported by Nuage Networks DC to exchange overlay routing information with these VNFs. In the near future, this capability will be supported by Nuage Networks virtual switches.

Packet Acceleration for VNFs

With the goal of supporting packet acceleration for VNFs, Nuage Networks VSP 5.0 provides:

  • Automated SRIOV Orchestration – SRIOV is a packet acceleration technique that relies on server NICs that can be virtualized and shared across multiple VMs, eliminating the hypervisor packet processing overhead. We have added automated topology discovery, configuration and management of SRIOV-enabled server ports. The functionality enables automated stitching of SRIOV ports to switch ports via VLANs.
  • Accelerated virtual routing and switching (AVRS) based on DPDK – DPDK is a set of fast packet processing libraries that rely on polling from user space to bypass network layer (kernel) and context switches inherent in the standard virtualized data path. Nuage Networks VRS is now available in a DPDK persona that creates a fast path for packet flows delivering an order of magnitude in improved performance, while providing the same policy controls, automation, and overlay networking as the standard kernel OVS-based implementation.
  • Support for Smart NICs – VSP 5.0 provides early access to functionality that integrates the Nuage Networks data plane with Smart NICs, allowing for transparent offload of select packet processing rules to Smart NICs (from specific vendors). The resulting solution provides packet acceleration and frees up server CPU cycles from packet processing tasks.
Integration with OpenStack and Other CMS

Starting with the 5.0 release, Nuage Networks coverage for telco cloud environments has grown substantially. We have expanded our OpenStack integration by providing full support for the Neutron ML2 plugin and FWaaS APIs. Furthermore, we support OpenStack  Newton and Ocata in addition to the SUSE OpenStack distribution.

The post Nuage Networks VSP Continued Evolution – Release 5.0 – Pt. 3 appeared first on Nuage Networks.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This is part two of a three-part blog post describing Nuage Networks’ single-platform approach for the software-defined DC and SD-WAN. Read part one here.

Nuage Networks is the only vendor to provide true end-to-end seamless connectivity and policy across the DC, WAN, and Public Cloud.

The first blog addressed SD-WAN, which covers SD-WAN Beyond Connectivity and Advanced Networking with SD-WAN.

This second blog addresses SD-WAN and DC, which covers Security and Analytics for DC & WAN.

The third and last part of this blog post will address the DC, which covers Policy-automated 100G Switching and NFV & Telco Cloud.

SD-WAN and DC Security and Analytics for DC & SD-WAN

In a multi-cloud environment, traditional security approaches that rely on perimeter security and segregate DC from the WAN for flow analysis, are inadequate. Nuage Networks introduced the industry’s first distributed, end-to-end (cloud, DC, branch) SDN security, visibility and security automation solution in late 2016. Nuage Networks’ Virtualized Security Services (VSS) complemented what the VSP does in terms of micro-segmentation to protect workload, and added the ability to detect security threats, while monitoring compliance using contextual network visibility and security analytics. It also enables the network to respond in near real-time to incidents by dynamically automating security remediation processes to neutralize known threats.

The 5.0 release expands the VSS flow logic significantly to provide:

  • Automated firewall rule generation based on real-time flow data
  • Advanced ACL constructs that allow for complex rules to be expressed in simple hierarchical building blocks
  • Support for Hyper-V environments in the DC

VSS has enhanced SD-WAN by adding Application-aware (L7) ACLs and (early availability of) URL Filtering based on dynamic categorization.

Application-aware (L7) ACLs

L4/port-based security controls do not provide sufficient granularity to allow or block specific applications from the branch to outside. With L7 or application-aware ACLs, Nuage utilizes intelligent DPI and heuristics to identify underlying applications per flow in real-time. The output is then fed to the firewall rule engine. With this capability, a branch administrator can allow/deny the branch or a branch user group access to specific applications (e.g., Skype or Facebook). It also provides application-level visibility for traffic leaving the branch perimeter, and this capability can accelerate the response to attacks by enabling the definition of dynamic policies for branch traffic based on L7 traffic analytics (e.g., DNS traffic exceeding a specified threshold).

URL Filtering

With URL filtering, users or administrators can secure local internet breakout from branch locations by blocking access to inappropriate or malicious content. Cloud-based controls can be used to define individual domain/URL-based whitelist/ blacklist policies as well as category-based filtering policies (to block pornography or botnet sites, for example).

.

The post Nuage Networks VSP Continued Evolution – Release 5.0 – Pt. 2 appeared first on Nuage Networks.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Note: This is part 1 of a 3-part blog post on Nuage Networks release 5.0.

2017 began with key wins – BT, Telefonica, and Telia, among others – followed by a healthy stream of Service Provider and Enterprise wins. No less important, 2017 was also a year with a major product milestone in form of the Nuage Networks VSP 5.0 software release. Maintaining Nuage as the leading provider of SDN policy-based automation for the data center (DC) and the wide area network (WAN), the 5.0 release introduced significant product innovations and feature capabilities. As we begin the new year, it is a good time to look back at the evolution of our product palette over the last twelve months and review what we delivered in 2017.

Nuage Networks single-platform approach for the software-defined DC and SD-WAN makes it the only vendor to provide true end-to-end seamless connectivity and policy across the DC, WAN, and Public Cloud.

Our 5.0 release introduced innovations spanning all three of our product services as well as the underlying platform. To review the innovations, it is helpful to have a brief summary of our platform and the product services that derive from it:

Nuage Networks Virtualized Services Platform (VSP) comprises three basic components:

  • The Virtualized Services Directory (VSD), an analytics node that combines policy management with network abstractions; RESTful APIs.
  • The Virtualized Services Controller (VSC), a highly scalable SDN controller that provides carrier grade routing assuring massive scale-out capabilities with MP-BGP-based federation and easy interconnection of gateways and PE routers in both DC & WAN.
  • In addition to these, the data plane consists of the 7850 Network Service Gateway (NSG) or Virtualized Router & Switch (VRS)

These components deliver three services:

Our 2017 innovations fall into three broad categories, called ‘themes’ in the following diagram:

This first part of the blog post addresses SD-WAN, which covers SD-WAN Beyond Connectivity and Advanced Networking with SD-WAN.

The second part of this blog post addresses SD-WAN and DC, which covers Security and Analytics for the DC and WAN.

The third and last part of this blog post will address the DC , which covers Policy-automated 100G Switching and NFV & Telco Cloud.

It is worth noting that the 5.0 release provides a significant number of new capabilities beyond those discussed in this blog, in areas such as  DevOps/container networking and cloud integrations with OpenStack, VMware, and Microsoft Hyper-V/SCVMM.

SD-WAN

SD-WAN extends the concept of SDN to enterprise branch connectivity, offering a way of replacing or augmenting traditional enterprise VPN service (such as MPLS or VPLS) with a secure automated connectivity model that can work on any access network (MPLS, Internet, 3G/LTE, etc.). However, WAN connectivity is only one part of the enterprise networking puzzle. Overall, extending the value proposition of SD-WAN beyond connectivity is a key component of the Nuage Networks SD-WAN strategy as we begin 2018. It translates into immediate CapEx and operational gains that improve the SD-WAN business case for enterprises and service providers alike.

SD-WAN Beyond Connectivity

Modern enterprise sites require a range of networking value-added services (VAS) in addition to WAN connectivity. These include functions such as:

  • Firewall
  • URL filtering
  • IPS/IDS
  • NAT
  • WAN Opt
  • DPI/Analytics
  • VOIP gateways
  • Wireless LAN controllers, etc.

These functions are typically delivered as standalone appliances (physical or virtual). As such, they do not have unified cloud-based management or control, and they do require rigid/manual traffic steering to the function itself and standalone appliances do not have any direct tie-in with DC services.

Our SD-WAN solution can be used as a platform for delivering a variety of enterprise VASs. Consolidating centralized and unified policy/control for all services, seamless extension into the DC, unified interfaces to orchestration, ease of traffic selection, and chaining to and from the service functions, all add up to significant technological advantages.

For telcos, the business benefit of SD-WAN is the ability to offer on-demand, programmable VAS in addition to L2/L3 VPN connectivity.

For enterprises, the business benefit is a DevOps-style agility of service deployment, resource allocation and cost.

Nuage Networks offers two models for delivering VAS services with SD-WAN:

  • Embedded on-board – services included with SD-WAN CPE software
  • Service-chained functions – services hosted in a DC and chained/connected to the branch via seamless flow steering
Branch-in-a-Box

VSP 5.0 introduces a disruptive model of delivering VAS with SD-WAN. “Hosted on-premises” services (often referred to as “branch-in-a-box” or “SD-Branch”)  involve hosting VAS as a virtual appliance (VM or container) on the CPE such that all the functionality needed to operate a branch is hosted in a single box with unified/secure policy and control and with lifecycle management (LCM) of that appliance.

This flexible approach sets the Nuage solution apart from similar offers currently on the market through:

  • Openness: Ability to host 3rd party value-added appliances via an open ecosystem that is not locked into a specific vendor’s functions.
  • Self-contained VNF management: Lightweight LCM of appliances is part of the Nuage Networks offer; it does not require additional management/orchestration systems. If desired, complex LCM schemes can co-exist and be implemented outside of the SD-WAN system.
  • Secure and tamper-proof operation: Our SD-WAN includes a secure, authenticated message channel between cloud policy plane and branch device. The channel is used for device bootstrapping, pushing policy/forwarding updates, and extracting SD-WAN analytics data. Nuage Networks’ “branch-in-a-box” utilizes the same channel for both VAS appliance bootstrapping and LCM, thereby ensuring fully secure, tamper-proof and encrypted operation.
  • Traffic monitoring and insight: In order to derive full benefit from SDN-based automation for VAS, the system must provide pan-network flow/traffic analytics that are easy to consume via APIs and built-in visualization. The flow data can be used to automate the creation of policies based on real-time traffic, thereby dictating service chaining, mirroring and shaping for VAS traffic.

WiFi

In addition to hosting VNFs, 5.0 introduces the ability to support built-in WiFi access point (AP) capability on the CPE itself, thereby addressing the WiFi needs of  small branch sites where a single AP may be sufficient. This WiFi functionality is managed by the Nuage Networks SD-WAN cloud-based policy/management plane, and includes WiFi status, user-level statistics, and public and private SSIDs with whitelists of user devices. This consolidation ensures consistent end-to-end cloud-based visibility, management, and policy plane.

Advanced Networking with SD-WAN

SD-WAN responds to two competing requirements:

  • The first is cloud agility, which implies attaining the speed and efficiency of cloud-to-enterprise WAN. This is achieved by implementing application-aware routing, automated cloud policy, secure automated bootstrapping, and VAS.
  • The second requirement is that the cloud coexist and interconnect with existing networks including IP VPN or VPLS sites, PE gateways, NAT devices, LAN switches, and DC virtual private cloud, etc.

Many over-the-top SD-WAN solutions on the market focus on the former requirement. The downside of this approach becomes evident as soon as the SD-WAN solution moves from PoC/demos to real world deployments where SD-WAN is no longer a standalone silo.

At Nuage, we have not only enabled cloud agility for SD-WAN, but also leveraged our routing heritage as part of Alcatel-Lucent/Nokia by continuing to invest in advanced networking functions for SD-WAN. In 2017, we introduced several additional advanced networking capabilities including (but not limited to):

  • Underlay Border Router – UBR is a software gateway function that enables multiple SD-WAN sites residing in disjoint underlays (MPLS, internet or a combination) to communicate seamlessly with each other using automated virtual connections. UBR is available in physical form as an x86 SD-WAN CPE or as a VM to run on generic server infrastructure. Multiple UBR instances can form a cluster group offering out-of-the-box scale, load balancing and redundancy.
  • Bidirectional NAT for extranet connectivity – Extranet is defined as a partial exposure of intranet to an external (but private) network. Extranets connect various partner enterprises to each other; for example, a component vendor to a manufacturer, or a credit card provider to a financial institution. Enterprise extranets are typically very tightly designed, deployed, and controlled – but cumbersome and complex to manage. Building on the SD-WAN feature set, bidirectional NAT enables enterprise extranet connectivity with the full flexibility of address range overlap by simultaneously performing source NAT (SNAT) and destination NAT (DNAT).
  • Optimized Selective Breakout (Direct MPLS Handoff) – Nuage Networks SD-WAN has a variety of options to connect the SD-WAN network to a legacy MPLS network.
    • One is to use a VLAN Handoff from an SD-WAN gateway to a PE device;
    • Another is to  do PE interworking directly, whereby the encrypted tunnels terminate at the PE and the PE is part of the extended virtual cross-connect.
    • A third option introduced in 5.0 allows for selective breakout of traffic from branch CPE to a PE without requiring traversal to a central gateway function. In this scenario, the branch CPE peers directly with the PE and imports relevant IP  VPN routes. This optimized breakout reduces latency and improves scale for the SD-WAN to IP VPN interface.
  •  LTE Uplink support – We have expanded our uplink transport options by including support for LTE/3G connections from the CPE. The LTE connectivity can serve as a primary uplink (highly desirable in certain geographic or remote locations) or a backup link of last resort.

Other advanced capabilities include:

  • New CPE form factors based on the Intel x86 architecture
  • Dynamic hole punching for NAT traversal
  • BGP enhancements
  • OSPF for LAN peering
  • QoS support for voice traffic, etc.

The post Nuage Networks VSP Continued Evolution – Release 5.0 appeared first on Nuage Networks.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

We’re taking another step towards making the Nuage Networks Virtuoso Certification Program (VCP) the industry’s premier SDN certification with a major release of courses, exams and other learning materials in early 2018.

Some of the new course material we’re introducing includes the VNS Operations course (available early Q2) and updates to existing courses, with a focus on new platform capabilities such as VSS (Virtualized Security Services) and many more. In Q3 of this year, we will also release the Advanced VNS topics course, which is another key addition to the full Virtuoso portfolio of courses and exams. To help you reach your certification goals, the team will be adding practice exam questions to help you prepare for your written exams.

Building a good understanding of, and competency with new technologies like SDN and NFV only comes with actual hands-on experience. That’s why we’ve always made hands-on activities and resources a prominent component of the VCP since its inception. VCP courses allocate over 50% of the time to lab exercises and we continue to add other opportunities for you to practice with resources like MyNuageNetworksLab. To verify your practical competencies, we’re adding two lab exams for the VCP Expert certifications – NN Expert SD-DC and NN Expert SD-WAN. These 3 and a half hour exams validate your practical knowledge and expertise with the Nuage Networks VSP.

Visit the Nuage Networks website for the current schedule of VCP courses, or to book a live SDN experience with MyNuageNetworksLab. Invest in yourself – move forward on the path to an SDN certification today!

The post A New Year Brings More SDN Learning with Nuage Networks Virtuoso 2.0 appeared first on Nuage Networks.

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview