I have recently returned from the MEF17 event in Orlando, where Nuage Networks received several awards for its leadership in SD-WAN as well as a Proof of Concept (POC) award for demonstrating tremendous deployment flexibility across a multi-vendor environment. We often tout the flexibility and openness of our VNS solution and this POC was a great testament to that.
In this POC, Nuage Networks joined forces with Telia along with Kvantel, Cisco, OneAccess, and RAD Communications to showcase the orchestrated, agile, assured, and on-demand delivery of SD-WAN services across a multi-vendor and multi-transport network. Nuage Networks showcased VNS, representing our set of SD-WAN capabilities enabled by the Nuage Networks Virtualized Services Platform (VSP).
Key MEF-driven objectives of the POC
Enterprises are rapidly moving toward the deployment of SD-WAN services and MEF recognizes the key deployment challenges that exist to implement these services. These challenges relate to inadequate interoperability, lack of flexibility, and insufficient standardization to deliver these dynamic, on-demand services. To help overcome this, MEF has developed the Lifecycle Service Orchestration (LSO) Reference Architecture, outlined in its recent white paper, Understanding SD-WAN Managed Services. The goal of LSO is to enable enterprises to better address these deployment challenges by providing a standard architecture and framework, which, in turn promotes interoperability. The key objective for Nuage Networks was to test out the SD-WAN use cases outlined within this white paper.
General POC setup
Carrier Ethernet underlay network
The drawing below presents a high-level view of the POC based on MEFs LSO reference architecture for a specific multi-vendor, multi-transport implementation. In this POC, there were three branch sites deployed across Finland, Sweden, and Norway. All sites were connected through a Carrier Ethernet underlay network. Specifically, Finland and Sweden were connected through Telia’s E-LAN underlay, and the site in Norway was connected through the E-Access service provided by the wholesaler, Kvantel. The Carrier Ethernet underlay was built by deploying the OneAccess Network Interface Device (NID). Each NID also offered a 4G backup transport link providing further transport diversity. In addition to the Carrier Ethernet and 4G WAN transport underlays, the SD-WAN also included Internet access as another underlay transport option.
Country Branch descriptions
The three branches represented deployment diversity. The Finland branch deployed a Nuage Networks Network Services Gateway (NSG) physical SD-WAN Edge customer premise equipment (CPE) terminating the required overlay VPN connections at that site. In addition, the NSG was configured in ‘branch in a box’ mode and hosted a third party L7 firewall (FW) Virtualized Network Function (VNF) which allowed for flexible and efficient local service chaining. The Sweden and Norway branches leveraged the RAD virtualized CPE (vCPE) edge device as a host for a virtualized version of the NSG (NSG-V) to provide SD-WAN Edge VNF capabilities. The RAD vCPE also hosted a third party L7 FW VNF. This demonstrated how the Nuage Networks NSG can be configured in both a physical SD-WAN Edge CPE as well as being a SD-WAN Edge VNF on an existing vCPE device.
L2/L3 VPN overlay networks
With the SD-WAN capabilities in place, a set of logical VPN overlays were built (both L2 and L3 VPNs) that pass application traffic over any of the policy-designated transport underlay links (Internet, Carrier Ethernet, LTE). All three sites were connected to each other with a L3 VPN that spans the ethernet underlay. In addition, Finland and Norway were connected with a L2 VPN. Finland and Norway were also connected with a dual-uplink to local Internet access as another underlay, allowing for a hybrid WAN configuration with traffic steering. This showcased how multiple services can be turned up at any location, across any transport, from any CPE device.
The SD-WAN ‘brain’ of the POC was setup in Lisbon which hosted the Virtualized Services Directory (VSD) and the Virtualized Services Controller (VSC). The VSD is a policy, business logic, and analytics engine that supports the abstract definition of network services. The VSC provides a control plane for the routing elements of the network, maintaining a full view of the network and service topologies. All SD-WAN policies were built using the VSD and instantiated into the network through the VSC. In addition to the control functions, a customer and operator-facing portal was provided for the management of the SD-WAN overlay networks.
Key use cases demonstrated
Upon completion of the setup, all use cases in the MEF white paper were on display which included:
- Easy site turn-up – The Nuage Networks SD-WAN function on all three sites was easily and securely brought up by leveraging zero touch provisioning using Nuage Networks extensive, flexible, and secure bootstrapping model.
- Security – IPsec encryption was established for each of the L2 and L3 VPN connections showcasing the ability to protect application data traversing each VPN.
- Multiple Classes of Service with SLAs – video, email, and voice applications were used, each with their own specific Service Level Agreement (SLA)s. This showcased how a diverse set of applications with different SLAs can be treated independently as they are transported across an SD-WAN.
- Network Performance Monitoring (NPM) – each of the overlay VPNs were constantly measured in terms of their latency, jitter, and packet loss regardless of the network path used in the underlay. These metrics were used to ensure that each application (e.g. video, voice, email) received adequate performance to meet their SLAs. This reflects the importance of measuring the actual SD-WAN overlay performance and making intelligent traffic steering applications, instead of only measuring underlay performance.
- Hybrid WAN – using the hybrid WAN deployment, high availability was shown by re-routing email traffic from the primary VPN to the back-up VPN when the primary failed. In addition, by leveraging NPM, the inability of the primary VPN to accommodate the video’s SLA was detected and by using Application Aware Routing (AAR), the video application was immediately re-routed across the back-up VPN
- Service Chaining with L7 FW – overlay traffic that was sent over a VPN with the Internet transport as its underlay was routed (service-chained) through the L7 FW. This use case would represent a case where traffic (e.g. SaaS applications such as SalesForce) from the Internet underlay may be considered untrusted and would use a L7 FW to protect the traffic.
A job well done
As the market’s leading SDN and SD-WAN platform, Nuage Networks understands that as service providers and enterprises adopt new technology, they may choose or require different vendors in parts of their network resulting in a unique multi-vendor environment. This POC further demonstrates how Nuage Networks VNS is versatile, flexible, and open and can adapt to any deployment scenario.
The POC was an early step in showing how deployment challenges to implement SD-WAN in a multi-vendor environment can be overcome. I would like to send my appreciation to Telia for pulling together such a comprehensive initiative. Similarly, kudos to the other essential participants who worked so well together to showcase a great example of multi-vendor cooperation.