Upload
cohesive-networks
View
91
Download
0
Tags:
Embed Size (px)
Citation preview
copyright 2014
Patrick Kerpan, CEO
1
App to Cloud: Doing More With Overlay Networks at the IaaS Level
copyright 2014copyright 2014
Agenda
2
•Company Overview •What Customers Need •Overlay/Underlay •The Promise of Network Virtualization •Application Networks in the “Top of the Cloud” •A New “Network Reality” •Summary & Questions
copyright 2014copyright 2014 3
VNS3 FamilyWho We Are
• Founded by IT and capital markets professionals
• VNS3 launched in 2008 • Hundreds of millions device hours in
public, private, & hybrid clouds • Offices in Chicago, London and Palo
Alto
!
• Network Function Virtualization (NFV) software-only appliance that allows customers to build customized overlay networks, Mgmt System, HA System, Cloud Agents
• Extends existing networks to public, private & hybrid clouds
• Use cases: cloud VPN, cloud WAN, & cloud partner networks
Public Cloud Solution Partner
CohesiveFT
copyright 2014copyright 2014
What Customers Need
4
copyright 2014copyright 2014
What Customers Need
5
copyright 2014copyright 2014
Virtual servers are moving by the millions per year, into public cloud, and applications are moving with them.
6
Millions of Applications
by 2020System Integrators
as a Service businesses
TECH
Geezeo®
ISV as a Service OfferingCloud ERP Cloud
as a Service
copyright 2014copyright 2014
Everywhere these cloud applications go, they need connectivity, integration and security.
7
This creates the market for application network services (Layers 3-7) for applications deployed to public cloud.
Connectivity Integration Security
confidential 2014
Just like the existing, large market for connecting, integrating, and securing mobile workers…
…the market for application network services in the public cloud creates a large market opportunity for new entrants.
8
copyright 2014 9
•The transition of spend from IT to LOB has been accelerated by cloud computing.
•$10B+ is spent annually on value-added networking (Layers 3-7) in data centers.
•A significant % of this spend is shifting toward application networking services in Public Cloud, becoming a $1B market by 2017
copyright 2014copyright 2014
Your Overlay is my “Underlay”
10
copyright 2014copyright 2014
Networking at the top of the cloud
11
Layer 3
!
Layer 2
!
Layer 1
!
Layer 0
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Application SDN • Help me run my business in
the cloud NOW • Delivered primarily via
Network Function Virtualization (NFV) appliances
Service-Provider SDN • Optimizes service provider
data center operations • Delivered primarily via
OpenFlow Controllers
Application Layer
Virtual Layer
Limit of user access, control and visibility
Application O
wner
Clo
ud O
wne
r
Hardware Layer
Alcatel
copyright 2014copyright 2014 12
Datacenter as a Service (public cloud) has 2 “buying” centers • The infrastructure
owner / operator • And the application
owner / operator
Traditional HW and Software Defined Datacenter have one buying center • The infrastructure
owner / operator
Layer 3
!
Layer 2
!
Layer 1
!
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Software Defined Datacenter
Application Intelligence
Infr
astr
uctu
re In
telli
genc
e
Datacenter as a Service
Traditional HW Datacenter
Limit of user access, control and visibility
Public Cloud is the trendsetter
copyright 2014copyright 2014
The Promise of Network Virtualization
13
copyright 2014copyright 2014
Level Set - NFV and SDN•Network Function Virtualization (NFV)
- Network independent from hardware runs in virtual layer - Isolation between the virtual network, physical network and control plane - Programmatic networking provisioning and control
•Software Defined Networking (SDN) - Networks that can be configured through an API - OpenFlow (Nicira) pure view is separation of a
control plane from forwarding plane - What is managing the network vs what moves
the packets around the network
14
OpenFlow
SDN
NFV
copyright 2014copyright 2014 15
Nicira’s “declaration of independence” from metal, freed NFV from OpenFlow
+
http://nicira.com/sites/default/files/docs/Nicira%20-%20The%20Seven%20Properties%20of%20Virtualization.pdf
15
copyright 2014copyright 2014
Independence from network hardware
16
Customer Data Center
NFV
Standard IPsec Tunnel
Firewall / IPsec Device
Data Center Servers
Overlay IP: 172.31.11.xx
Public CloudRegion 1
IP: 192.168.1.xx LAN
Cloud Server Cloud Server
Overlay Network
With VM-based network devices you can use the cloud network as “bulk transport” and are indifferent to all else.
copyright 2014copyright 2014
Compatible with any hypervisor platform
NFV does more than “follow” the model of compute virtualization, it exists via compute virtualization.
17
copyright 2014copyright 2014
Secure isolation
Isolation takes many forms: from underlying infra, allow my protocols, keep my “chattiness” in, keep others out, etc
Customer Data CenterCustomer Remote Office
NFV
Overlay NetworkSubnet: 172.31.0.0/22
Overlay IP: 172.31.1.1 Overlay IP: 172.31.1.5 Overlay IP: 172.31.1.9 Overlay IP: 172.31.1.13 Overlay IP: 172.31.1.17 Overlay IP: 172.31.1.21Cloud Server A Cloud Server B Cloud Server C Cloud Server D Cloud Server E Cloud Server F
Active IPsec Tunnel Active IPsec Tunnel
Failover IPsec Tunnel192.168.4.0/24 - 172.31.1.0/24192.168.3.0/24 - 172.31.1.0/24
Firewall / IPsec Cisco 5505
Firewall / IPsec Cisco 5585
Data Center ServerData Center Server
LAN IP: 192.168.4.50 LAN IP: 192.168.4.100User Workstation
LAN IP: 192.168.3.100
User Workstation
LAN IP: 192.168.3.50
Chicago, IL USA Remote Subnet: 192.168.3.0/24
London, UK Remote Subnet: 192.168.4.0/24
Public IP: 184.73.174.250 Overlay IP: 172.31.1.250
Public IP: 54.246.224.156 Overlay IP: 172.31.1.246
Public IP: 192.158.29.143 Overlay IP: 172.31.1.242
Peered Peered
US East 1 EMEA APAC
NFV
18
copyright 2014copyright 2014
Cloud performance and scale
Where NFV really shines today: create a WAN in minutes, use cloud as points of presence for your business
NFV
User Workstation User Workstation
Data Center Server
19
copyright 2014copyright 2014
Application layer networking gives control in the cloud of: • IP Addressing •Protocols •Network Topology •Security !
Use NFV to build Application Networks: •Separate network identity from location •Configure in a mesh for high availability •Overlay network across multiple virtual
environments for infrastructure federation •Rest API or UI Data Center
VNS3 Overlay Network 172.31.0.0/24
VNS3 1
Overlay IP’s: 172.31.1.1 - 172.31.1.10
Cloud Server Instances
Public IP: 54.42.93.145
PeeredVNS3 2
Public IP: 54.42.93.147
VNS3 3
Overlay IP’s: 172.31.1.11 - 172.31.1.20
Cloud Server Instances
Public IP: 15.108.20.50
PeeredVNS3 4
Public IP: 15.108.20.52
Peered
Cloud 1 Cloud 2
Data Center Server
LAN IP: 192.168.4.50Data Center Server
LAN IP: 192.168.4.100
Cisco ASA
IPsec Tunnel
Extend Applications with NFV
20
copyright 2014copyright 2014
Application Networking in the “Top of Cloud”
21
copyright 2014copyright 2014
Top of Cloud Trends
22
Cloud Databases
• More complex networks (more functionality needed)
Cloud Databases
Cloud Databases Cloud Databases
Cloud Databases Cloud Databases
Cloud Databases Cloud Databases
Failover
copyright 2014copyright 2014
EC2 US-East-1EC2 US-East-1 EC2 US-East-1
Top of Cloud Trends
23
Cloud Databases
• More complex networks (more functionality needed)• Larger networks (more devices/more networks)
Cloud Databases
Cloud Databases Cloud Databases
Cloud Databases Cloud Databases
Cloud Databases Cloud Databases
Failover
copyright 2014copyright 2014
EC2 US-East-1EC2 US-East-1 EC2 US-East-1
Top of Cloud Trends
24
Cloud Databases
• More complex networks (more functionality needed)• Larger networks (more devices/more networks)• More important network (growing costs)
$ $$ $$$Cloud Databases
Cloud Databases Cloud Databases
Cloud Databases Cloud Databases
Cloud Databases Cloud Databases
Failover
copyright 2014copyright 2014
Top of Cloud Use Cases
25
Hybrid Cloud Cloud AD Cloud Migration Cloud WAN Partner/Customer Network
App Modernization Capacity Expansion Cloud DR Cloud Federation
!
copyright 2014copyright 2014
26
Secure Hybrid CloudNetwork Subnet 10.1.1.0/24
Customer Data Center - LondonSubnet: 192.168.4.0/24
Customer Remote Office - ChicagoSubnet: 192.168.3.0/24
Client Server Overlay IP: 172.31.1.9
Client Server Overlay IP: 172.31.1.13
Client Server Overlay IP: 172.31.1.1
Client Server Overlay IP: 172.31.1.5
Data Center ServerData Center ServerLAN IP: 192.168.4.50 LAN IP: 192.168.4.100
User WorkstationLAN IP: 192.168.3.100
User WorkstationLAN IP: 192.168.3.50
the internet
Public Cloud - Europe
FirewallFirewall
SwitchSwitch
VNS3 Manager Public IP: 170.225.97.160 Overlay IP: 172.31.1.250
IPsec Tunnel 192.168.4.0/24 - 172.31.1.0/24
IPsec Tunnel 192.168.3.0/24 - 172.31.1.0/24
copyright 2014copyright 2014
Federated and Hybrid within the “Big Clouds”
27
VNS3 Manager 2 VNS3 Manager 1 VNS3 Manager 3
VNS3 Manager 4
VNS3 Overlay Network - 192.168.56.0/24
Sinatra App Tier Primary DB Backup DB
Active IPsec Tunnel
Peered
VNS3 Overlay - 172.31.0.0/22
Nginx Server
Peered
Customer Corp OfficeSan Francisco
Private Cloud / Data Center
US East 1 US West EMEA
copyright 2014copyright 2014
Federated and Hybrid across the “Small Clouds”
28
VNS3 Manager 2 VNS3 Manager 1 VNS3 Manager 3
VNS3 Manager 4
VNS3 Overlay Network - 192.168.56.0/24
Sinatra App Tier Primary DB Backup DB
Active IPsec Tunnel
Peered
VNS3 Overlay - 172.31.0.0/22
Nginx Server
Peered
Customer Corp Office
Private Cloud
San Francisco
copyright 2014copyright 2014
Critical but Transient Infrastructures
29
copyright 2014copyright 2014
Application Overlay Networks let customers build their businesses in the cloud - anywhere.
30
copyright 2014copyright 2014
A New Network Reality (from cloud application owner’s point of view)
31
copyright 2014copyright 2014
The Cloud Application Owner = A New Network Reality
Your complexity is not my problem (separation of concerns)
32
copyright 2014copyright 2014
The Cloud Application Owner = A New Network Reality
Your overlay is my underlay.
33
copyright 2014copyright 2014
The Cloud Application Owner = A New Network Reality
Networks (telcos/carriers take note) where there is NOT
customer controlled encryption end-to-end are NOT safe.
They should by no measure qualify as “trusted networks”.
34
copyright 2014copyright 2014
The Cloud Application Owner = A New Network Reality
No computer can talk to any other server through a “naked” switch, there MUST be an intervening
security and mediation device IN PATH of every network interaction.
35
copyright 2013
•As we converge our infrastructures we need proper “separation of concerns” between “physical networks”, “virtual infrastructure networks” and “application networks”.
•There is a new customer at the “top of the cloud” and that customer is mostly concerned with their application and their business.
•Network Function Virtualization (NFV) devices and techniques help align the interests and capabilities of the “top of cloud” customer and the underlying infrastructure providers.
Summary
36
copyright 2014copyright 2014
Questions?•Body Level One • Body Level Two
• Body Level Three • Body Level Four
• Body Level Five
!
CohesiveFT [email protected] 888.444.3962
!
37
Patrick Kerpan CEO @pjktech