[Note: This is part 1 of a 3-part blog post on Nuage Networks release 4.0. Part 2 | Part 3]
Over the past 12 months Nuage Networks has achieved a major product milestone with release 4.0 of our software, covering both Data Center SDN and SD-WAN product lines. While significantly enhancing the capabilities of both our DC and SD-WAN products, we are also introducing a software defined security solution that covers DC as well as branch as part of release 4.0.
As a leader in SDN and policy-based automation, our customers are driving us to continually raise the bar and match their efforts at deploying new applications and cloud-based architectures. As we get ready for OpenStack Summit in Barcelona on October 25, now is a great time to highlight the key areas of product innovation and the new capabilities that r4.0 is enabling for customers.
With these enhancements, Nuage Networks has continued to make great inroads that play to our traditional points of differentiation. In the SD-WAN product line (called VNS or Virtualized Network Services) these include carrier grade routing, boundaryless networking between WAN and DC, application aware routing, scalable and watertight encryption algorithm, actionable analytics as well as security. On the datacenter SDN product line (called Virtualized Cloud Services or VCS), Nuage differentiates itself by providing support for all application platforms and virtualization technologies in heterogeneous environment (containers, bare metal, VMs), a strong focus on security policy automation and compliance, and reliance on open APIs and standards. Underpinning both product lines is a common policy and control platform that provides unsurpassed scale, resilience and routing features. This platform is called Virtualized Services Platform (VSP).
As part of release 4.0, Nuage Networks is delivering a new software defined security offering called Virtualized Security Services (VSS). VSS is the industry’s first distributed, end-to-end (cloud, DC, branch) software-defined network security, visibility and security automation solution, and is based on Nuage Networks SDN platform (VSP). VSS is applicable to both DC and SD-WAN environments and builds up security features present in the Nuage VSP platform by offering advanced visibility and security monitoring in addition to event-triggered policy automation.
For the Nuage Networks 4.0 release, we are grouping the feature enhancements into three main areas:
- SD-WAN Enhancements in VNS
- Virtualized Security Services (VSS) for DC and SD-WAN
- DC SDN Enhancements
Nuage Networks SD-WAN Enhancements in VNS R4.0
Nuage Networks’ SD-WAN solution is unique in its ability to offer a highly scalable policy and control plane with MP-BGP federated scale out. It offers service architecture consistency between Layer 2 and Layer 3 services, as well as automated peering between SD-WAN services and MPLS PE via BGP. The Nuage branch GW device (CPE) is built on an X86 based open architecture and is offered as a physical as well as virtual form factor. Backed by key customer wins in 2016, Nuage Networks is taking its SD-WAN solution further ahead in R4.0 with the following key enhancements:
Application Aware Routing: Application Aware Routing (AAR) is the intelligent forwarding of application traffic across the enterprise WAN ensuring that pre-defined, per-application performance metrics, or service level agreements (SLA), are consistently met at the lowest achievable costs.
The Nuage Networks implementation of AAR is based on the combination of three independent but related features:
- Application Discovery (AD)
- Identify and classify network traffic coming into the access ports coming into the branch gateway on a per-application basis using:
– Signature-based Layer 7 classification (e.g. Skype, Facebook, Google, etc.) using a library of 1400+ signatures
– Custom classification based on source/destination IP address, source/destination Layer 4 ports, Layer 4 Protocol (TCP/UDP)
- Network Performance Measurement (NPM)
- Measure and report health metrics (one way packet loss, jitter and latency) of overlay network connections between sites in a domain
- Define performance monitors with a specified network profile (DSCP value, payload size, traffic rate) to measure performance
- Policy Enforcement and Visualization (PEV)
- Define Applications and manage SLAs via centralized policy engine
- Extensible visualization and analytics offering insight into applications, network performance and policy invocations.
Many SD-WAN vendors apply a brute-force approach to monitoring all WAN paths continuously, with a number of resulting trade-offs. Nuage Networks, however, has designed performance monitoring to achieve greater scale, while balancing accuracy, traffic overhead and resource demands. The AAR solution from Nuage helps customers:
- Improve Hybrid WAN utilization
- Improve Application performance, availability, and cost efficiency
- Leverage Internet for price/performance benefits
- Improve end-user experience at remote branch offices
NSG Border Router: A key complementary component that Nuage Networks has developed for SD-WAN deployments in release 4.0 is the Network Services Gateway – Border Router (NSG-BR). NSG is Nuage Networks’ SD-WAN branch router or customer premises equipment (CPE) based on an open x86 architecture. NSG Border Router is a software function running on CPE device that typically acts as an overlay network gateway between the on-premises datacenter/cloud network and the WAN network. Traditional SD-WAN and DC SDN solutions treat the DC and WAN as two silos that require manual stitching of policy, control and data plane. However, enterprise networking needs a connection from users in branches to applications in the DC that is automated and boundaryless.
NSG-BR provides seamless connectivity between SD-WAN and DC networks via a unified policy and federated control across the two. It supports a data plane handoff (from IPSEC to VXLAN or VLAN) between the two domains without need for a terminating gateway.
NSG-BR typically resides at the edge of the datacenter network, at the gateway to the Internet/WAN, hence the name border router. It can be deployed as a dedicated Nuage Network appliance, the NSG-X, or as a virtual gateway, NSG-V, on server hardware. The NSG-BR can deliver all the WAN policy services that the NSG provides as the gateway at remote sites, including security access controls, link optimization, load balancing, quality of service, etc. It is designed for fault-tolerant deployments with either active-active pairs and equal cost multipath routing (ECMP), or active-standby redundancy groups.
Public Cloud Gateway (for AWS): Speaking of the NSG-V, our ability to deploy virtual border routers gives us a natural conduit to extend policy-based WAN automation to public cloud providers as well. Starting with 4.0, Nuage Networks now has the ability to deploy NSG-V in Amazon Web Services (AWS) as an Amazon Machine Image (AMI). The NSG-V then acts as a gateway to a Virtual Private Cloud (VPC) hosted on AWS, just as it would to an on-premises datacenter or a branch location. In time, the same methodology will allow flexible connections to Google Compute Engine (GCE) and Microsoft Azure.
From the centralized SDN policy-controller, AWS Virtual Private Cloud (VPC) network policies can be managed as easily as remote datacenter site. Customers still have one cloud, one policy, on-premises or off. Customers will manage their AWS accounts and workloads themselves, as usual. There is no incremental Nuage Networks feature or usage licenses for public cloud deployment versus other gateway location (i.e., usual licensing costs apply). With this approach, public cloud locations can be made part of a SD-WAN network with secure, automated connectivity provided by Nuage.
The initial release of our AWS integration supports L3 domains, IPsec tunnels to the cloud provider, NAT-T, and Policy Based Routing via Access Control Lists (PBR ACL) at the gateway.
Connecting Disjoint Underlay Networks: In advanced deployment mode, an NSG Border Router can also be used to seamlessly connect branch devices that do not have direct connectivity over a common MPLS-VPN or Business Internet underlay network. This is a critical feature required by Service Providers and Enterprises as they deploy VNS to provide SD-WAN services across their global footprint. Not only does this enable faster service deployments across geographies, it also adds to the overall resilience and performance for business critical applications that can traverse the Border Router as a path of last resort.
In Part 2 of this blog series we will delve into major security enhancements in release 4.0.
Related: Read how BT has selected Nuage to provide SD-WAN services across its global network here
Read how one global oil corporation is using Nuage Networks SD-WAN to reduce global WAN networking costs and complexity here.
Learn how UK Service Provider Exponential-e is rolling Nuage Networks SD-WAN services to customers to reduce operational costs here.
Learn more about Nuage Networks SD-WAN strategy in this Light Reading webinar here. (Registration required)
Compare SD-WAN vendors in this year’s market survey from Current Analysis here (subscription required).