Professional Documents
Culture Documents
Ramesh Kalimuthu,
Technical Marketing Engineer
BRKARC-2112
#CLUS
Agenda
• Introduction and Motivation
• What is SD Branch?
Solution Components
Automation, Security, Performance, High availability, Serviceability
• SD-WAN Integration
• Deployed Use-cases
• Monitoring and Troubleshooting
• Conclusion
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Benefits of Software Defined Branch
Simplified Management
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Cisco DNA Virtualization
Automated, software-based network services in minutes on any platform
Branch/
Mobile Campus
Devices
Laptops
Cisco
Digital Network
Architecture
Users/Things Applications
IoT
Colocation Public
Centers Cloud
Freedom of choice
Hardware platform
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Software Defined Branch
Deploy Services on Any Platform
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Hardware
Enterprise Network
Compute System
Platform Built for Enterprise NFV
Branch/Campus
Colocation Center
Public Cloud
ENCS 5000 Series for the Branch
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
ENCS 5000 Series - Chassis Options
ENCS 5412
ENCS 5408 12-Core
ENCS 5406 8-Core
ENCS 5104 6-Core
4-Core
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
ENCS 5400 Series – I/O Side
Dedicated Lights- (Optional) Internal
Integrated 16 - 64 GB 6, 8, or 12-Core
out Management Hardware RAID M.2 Storage
Power Supply DRAM Intel Xeon-D
(CIMC) Controller 64 – 400 GB
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Data Path
Control Path
High-speed Lights-out
NIC CIMC
backplane management
Switch
VLAN-aware
X86 CIMC
HW Switch NIM
POE MGMT MGMT
Dual-PHY
Cellular, T1, Dedicated management
WAN GE or
DSL, LAN, GE ports
LAN uplink
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Understanding SR-IOV on the ENCS 5400
• There are multiple ways a VNF can connect to a physical NIC
of the underlying server/hardware
1
Virtual • Virtual switch - introduced by the hypervisor
Switch
• SR-IOV - by connecting the VNF directly to the physical NIC
• PCI Passthrough – dedicating the entire NIC to the VNF directly
• On the ENCS, there are two NIC types on which SR-IOV has
been enabled
• WAN NIC GiG NIC – Intel i350, uses IGB Drivers
• LAN back plane NIC - Intel XL710, uses i40vef Drivers
• As long as the VNF supports these NIC drivers, the VNF can be
deployed using SR-IOV
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
NFVIS Compare Networking Options
SR-IOV DPDK-OVS OVS
Performance Flexibility
Service Chain Service Chain throughput Service Chain throughput near Service chain
Throughput better than DPDK/OVS SRIOV, better than non-DPDK throughput lower than
OVS DPDK and SRIOV
NFVIS Default 1 core < 16core system 1+1 CPU <=16 core system 1 core < 16core
Cores + 2 cores >= 16 core system 2+2 >16 core system system
Additional CPU 1+1GB mem in <=32GB system 2 cores >= 16 core
1+2GB mem in > 32GB system system
Driver SRIOV NO NO
requirements in Virtio required Virtio required
VNF
Supported ENCS54xx igb, igbvf, i40evf Yes 3.10.1 onwards Supported
capability in UCSEM3 front_10G ixgbvf Yes 3.12.1 onwards
platforms *** UCS5K, CSP5K i40evf, ixgbvf Yes 3.12.1 onwards
***Default LAN-VF increase from 6-to-16 in NFVIS 3.12.1 onwards
***Dynamic VF addition in CSP5K, UCSM5 in NFVIS 3.12.1 onwards
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Packet flow to the VM deployed with SRIOV
Virtual Machine
User Space
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Packet flow to the VM deployed with OVS DPDK
Virtual Machine User Space
Application
8
1. Packet is received by the physical NIC and
Guest Kernel
7
Cisco placed in the ring buffer in user space
2. DPDK Poll Mode Driver dequeues the packet
Tx
6
Rx
NFVIS 3. OVS performs a MAC/VLAN lookup and
identifies specific port
Qemu 4. Packet is copied to vhost-user shared memory
Ctrl Socket
Notification
Virtual 5. OVS generates the control socket notification to
5 Storage Qemu.
6. Guest kernel processes the notification and
vhost user OVS
reads the packet from the buffer
shared mem 4 7. Guest Linux networking stack processes the
packet and delivers the packet to the user
Tx
3 2 Rx
space process.
VFIO Driver 8. Guest User space process consumes the
packet
Huge Pages
Kernel Space
TenGig Port 1 (PF)
1
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Packet flow to the VM deployed with OVS
Virtual Machine User Space
Application
8
1. Packet is received by the physical NIC
7
2. Packet is placed in the interface ring buffer and
Guest Kernel
an interrupt is generated.
Cisco
6
Tx Rx 3. OVS performs a MAC/VLAN lookup and
identifies specific port
Qemu NFVIS 4. vHost kernel thread is scheduled and copies the
5 Virtual packet to shared memory
Tx Rx Storage 5. Qemu generates the IRQ virtual interrupt to the
shared mem Kernel Space
guest kernel.
vhost-net kernel 4 3 OVS
6. Guest kernel processes the interrupt and reads
thread Tap the packet from the buffer
7. Guest Linux networking stack processes the
Tx
2 Rx
packet and delivers the packet to the user
pNIC Driver space process.
TenGig Port 1 (PF) 8. Guest User space process consumes the
packet
1
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
ENCS-W vs ENCS
ENCS-W ENCS
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
UCS E-Series
Cisco UCS E-Series DC-class Servers
Intel Broadwell
Performance
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Cloud Services
Platform 5K
CSP 5000 SKUs:
CSP 5216 CSP 5228 CSP 5436 CSP 5444 CSP 5456
Rack 1RU 2RU
16 28 36 44 56
CPU Cores
2.1GHz Xeon 4110 2.2 GHz Xeon 5120 3.0GHz Xeon 6154 2.1GHz Xeon 6152 2.1GHz Xeon 8176
Mem(16GB/32GB) (128GB Minimum)
(12x2 DIMM Slot) 384GB-768 GB Total Capacity
PCIe NIC Slots 2 6
On Board NICs (LOM) 2x10 GbE SFP+
i520(2x10GbE SFP+) Y
I710(4x10GbE SFP+) Y
Max NIC ports 14 (2x4+4+2) 30(6x4+4+2)
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
NFVIS on CSP5K
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Virtual Network
Functions
Network Services from Cisco
Consistent software across physical and virtual
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Enterprise NFV Open Ecosystem
https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/enterprise-network-
functions-virtualization-nfv/nfv-open-ecosystem-qualified-vnf-vendors.pdf
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Reference
Third party VNF Certification Resources
http://cisco.com/go/enfv
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Vendor Status (December ‘18)
Certified Currently Testing Ready to Test
Netscaler
Expected Engaged
CloudBridge
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
NFVIS
Purpose built Network Hypervisor
Enterprise NFV Infrastructure Software (NFVIS)
Network Hypervisor Zero-Touch Deployment Security
Provisioning and launch of VNFs Elastic service insertion Programmable API for
Stop and restart services PNIC tracking and VNIC update service orchestration
Dynamically add and remove Multiple independent service Rest and NETCONF API
services paths based on applications or Netconf Notification
Failure monitoring and and user profiles
recovery Host and VM Statistics, Packet
VNF Backup Restore Capture
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
NFVIS Architecture
Not Just KVM, Power in software
PnP Console/ NSO DNA Center Portal
Server SSH
Hardware
libvirt Open vSwitch Qemu Collectd Syslogd Snmpd
Management
* Roadmap
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
What is NEW in NFVIS?
• NFVIS 3.11.2FC2 posted in April 2019. NFVIS 3.12.1 in EFT Target CCO July
2019
• Validated SRIOV for LAN/WAN SDWAN on ENCS
• Secure Overlay Tunnel with VNF Management Network with MSX, DNAC
• VNF Storage IO optimization via eager-zero initialization
• VNF storage Backup and Restore for VNFs
• PNIC tracking for LAN/WAN interface on ENCS
• OVS-DPDK performance improvement across supported platforms ENCS,
CSP5K, UCSC-M5, UCSE
• Dynamic SRIOV for VNF scale
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Default System Configuration on ENCS NFVIS
3.10.1 +
ENCS5400
Hypervisor (KVM)
NFVIS
vSwitch
wan-br wan2-br lan-br Int-mgmt-br
VF VF VF VF VF VF
VF VF VF VF MGMT
NFVIS LAN Backplane
GE0/0 GE0/1 Port NIM
• NFVIS can be accessed by default via the FP GE WAN ports or via the dedicated Management port
• NFVIS 3.10+ Default association: GE0-0 to wan-br, GE0-1 to wan2-br. Both wan-br and wan2-br are enabled for DHCP by default.
DHCP is attempted(cycle between GE0-0, GE0-1) until one of the ports acquire DHCP address. PnP will be attempted over the wan
facing network with path to default gateway. Pre-NFVIS 3.10, no wan2-br created by default, no dhcp by default via GE0-1.
• An internal management network (int-mgmt-net) and a bridge (int-mgmt-br) is created and is internally used for system monitoring.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
NFVIS Security
Security: Chain of trust
Host Secure Boot VNF Secure Boot
KVM Kernel verifies
module signature
NFVIS
Kernel
Kernel hardened
Kernel for protection
VNF
Grub.efi uses
shim.efi to verify
shim.efi Grub.efi uses
kernel
Trust Chain
shim.efi to verify
Grub-efi kernel Grub-efi
UEFI uses UEFI uses
shim.efi shim.efi to verify shim.efi to verify
grub.efi grub.efi
NFVIS
verifies UEFI
firmware
OVMF UEFI
Hardware Trust Anchor
Microloader
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Cisco SD Branch Chain of Trust
Security Risks Cisco Trusted Solution
VNF secure boot based on OVMF UEFI
VM image tampering
VM-to-VM communication
VNF / VM Encrypt VM Disk and VNF image*
VNF secure boot*
vulnerabilities
Hypervisor security
Integrity measurement architecture (IMA)*
Components integrity
UEFI, GRUB, Kernel secure boot
Unauthorized access to hypervisor
System file integrity NFVIS Basic RBAC, secure SSL, Granular RBAC*
Restrict NFVIS access from VNFs*
OS authenticity
Kernel hardening
OS tampering
Storage isolation
Hardware authenticity
SUDI / ACT2 authentication with orchestrator
Storage security and vulnerabilities Hardware Storage encryption via CIMC
Note: features with * are planned roadmap items.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Security embedded at all layers of software
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Trustworthy Technologies for Enterprise Networking
Built-in security features that defend against today’s threats
Hardware Anchored Trust Anchor Module Hardware Authenticity
Image Signing (TAm) Check
Secure Boot
Creates a unique digital signature Helps ensure that code is authentic A tamper-resistant chip featuring Uses a X.509 SUDI certificate to
for a block of code. Signed images and unmodified. Anchors the nonvolatile secure storage, SUDI, verify hardware authenticity. Runs
may be checked at runtime to microloader in immutable and crypto services including RNG, only after the secure boot process
verify that software has not been hardware, to prevent Cisco key store, and crypto engine. has completed and software has
modified. devices from executing tainted
been verified to be trusted.
software.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Dedicated CPUs vs. Hyperthreading vs. pinning
Hyper-threaded platform like ENCS5400
Best Practice :
Lightweight Compute
Applications based on TCP
could share cores, host
more applications
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Domain Isolation between network function and
VMs
Storage Isolation Interface Isolation
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Security: Linux
Feature Detail Status
Image Tamper Digital signature creation and verification using asymmetric key Available today
Protection pairs.
Attack Vector Only essential packages that are required by NFVIS service is Available today
Reduction installed.
Only selective NFVIS service ports are opened through firewall rules
Strong SSH/SSL/TLS 2048 bit key; strong encryption, hash, and key exchange algorithm, Available today
Configs Support for TLS 1.2 only.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Security: NFVIS Management (Access)
Feature Detail Status
Secure Interfaces Allow only secure authenticated administrative interfaces for Available today
REST/NetConf (SSH, HTTPS)
Restricted storage access Restricted access to storage and folders. Protects NFVIS data Available today
Admin-User Controlled Network Allow user to define the scope of IP addresses/services through Available today
Access “ip-receive-acl”. - Access list
VM Console Access Protection Port is opened for 60 seconds for external server to start Available today
session to the VM inside. If no activity, then then port is closed.
The port allows only one-time access.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Security: NFVIS Management (Access)
Feature Detail Status
Role Based Access Sensitive information/action accessible only to a predefined set of Available today
Control users.
Identity Control Default password change enforced at initial login Available today
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Security: NFVIS Management (Access)
Feature Detail Status
Idle Session Timeout User Session times out automatically Available today
Activity Logging Every attempt to login/logout and system configuration Available today
changes are recorded with enough information (who, when,
what)
VM lifecycle auditing
Session Resource Protection Maximum limit on concurrent sessions Available today
Secure Unlock Client Presents a mechanism to ensure privileged debug access to a Available today
device in the field is restricted to authorized employees
Input Validation API input-validations to prevent command injection attacks Available today
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Security: NFVIS Management (System)
Feature Detail Status
Memory Isolation for System isolates VM and host memory to prevent threat from compromised VM. Available
VMs and Host KVM/QEMU adds an extra level of address translation. today
Resource provision for One VM can not use more resources than provisioned. This will avoid denial of service Available
VMs condition from one VM consuming the resources. CPU, memory and storage are today
protected
ENCS 5400 Secure Ensure only authentic (signed) NFVIS software is executed Available
Boot today
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Security: NFVIS Management (Traffic)
Feature Detail Status
Traffic Segmentation Support creating VLAN and virtual bridges to help identify different sources of traffic Available
between VMs and and separate traffic between each VMs today
Host
Separate bridges and VLANs isolate the virtual machine network and management
network. Two machines on same physical network cannot send packets to each other
unless they are on same VLAN.
NIC Virtualization SRIOV (IO Virtualization) support enables Ethernet adaptor to appear as multiple virtual Available
adaptors called Virtual Functions (VFs). today
Hypervisor can map guest interfaces to specific VFs, guest uses direct access to their
VFs. Each VM “owns” a virtual interface and its related resource
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Security: NFVIS Management (GUI / Portal)
Feature Detail Status
Session Management Delete session information after user logout Available today
Input Field Validation Input validation to avoid command injection runtime Available today
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
VNF Onboarding
Demo
VNF format support on NFVIS
• NFVIS is based on a Linux distribution with KVM
• Can deploy any VNF with a QCOW2 extension (standard KVM file format)
• However, NFVIS can also support additional file formats
• .ISO, .IMG, .RAW
• Has ability to convert a VMDK file into QCOW2 using NFVIS CLI
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Why Package?
• Creating a VNF package is not mandatory however it has it advantages
• Provides a way to scale out deployments
• Support for Day 0 configuration for 3rd party VNFs
• The packaging utility creates a tar.gz file which contains
• The raw QCOW2 file
• Image properties file
• Supported and default profiles
• Day 0 configs
• Image properties file is created by using either the GUI or using the
packaging utility provided with every release.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
VM Packaging using Packing Tool
• This is an enhanced packaging process that allows the VM owner to run
the nfvpt.py utility as a command with a combination of parameters to
package the VM.
• The VM packaging utility contains the following
• nfvpt.py—It is a python based packaging tool that bundles the VM raw disk
image/s along with VM specific properties.
• image_properties_template.xml—This is the template file for the VM image
properties file, and has the parameters with default values. If the user provides
new values to these parameters while creating the VM package, the default
values get replaced with the user-defined values.
• nfvis_vm_packaging_utility_examples.txt—This file contains examples on how
to use the image packaging utility to package a VM image.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
vEdge VM Packaging using the Package Utility
(nfvpt.py)
Input parameters Packaging Utility Final Package
image_properties_template.xml
vendor_data
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Creating a Package using the NFVIS GUI
Access the utility from VM Life Cycle -> Image Repository -> Image Packaging
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Upload the QCOW2 binary and Day 0 config
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Define Flavors
• Flavors set the CPU, Memory, Storage requirements for a VNF
Default Flavor
2 vCPU and 4096 MB of RAM
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Create Package, Download or Register
• Once the package is created, you can then download it and reuse it on other NFVIS
systems
• Register the VNF within NFVIS to deploy it
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Access the VNF Console from NFVIS
NFVIS - shows list of VM names NFVIS - console request to a deployed VM
VNF must be packaged with “Serial” console as enabled while using the VNF
packaging tool
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Accessing VNF using Port Forwarding
Port Forwarding from NFVIS
• NFVIS supports port forwarding for VNFs
• NFVIS Host IP address can be used to manage multiple VNFs using port
forwarding
• Example
• NFVIS host - 172.19.169.51
• ISRv deployed with port 22 is mapped to 2224
Lab-test01$ ssh admin@172.19.169.51:2224
Note:
• In order to use Port Forwarding, the VNF must allow itself to be monitored via NFVIS.
• NFVIS can then use the internal management network to connect to the VNF
• Port forwarding needs to know the source interface – Either MGMT or WAN Interface to work
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Secure Overlay
and Single WAN IP
Secure Overlay over WAN
Static/DHCP with/without NAT CPE
Orchestrator
MSX
S/N Day 0 mapping
NSO
vBranchCFP
1 Day 0 config
Call Home
3
NFVIS 4
Management Network
vBranch
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Solution – Hypervisor Management Overlay
Orchestrator
MSX
S/N Day 0 mapping
NSO
Mgmt-Hub
PnP Headend System-IP
Headend Interface IP
2
1 Day 0 config
Call Home
3
NFVIS 4
vBranch
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Solution – Overlay and Single Public IP
Orchestrator
MSX
NSO
Mgmt-Hub
PnP
Headend System IP
Headend Interface IP
WAN-IP
7
NFVIS Interface IP
NFVIS System IP
8
NFVIS 9
vBranch
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Solution – Single Public IP Failover
Orchestrator
MSX
NSO
Mgmt-Hub
PnP Headend System IP
Headend Interface IP
X
WAN-IP NFVIS Interface IP
NFVIS System IP
2
NFVIS 3
vBranch
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Backup and
Restore
NFVIS Backup Restore NFVIS
3.10.1 +
BACKUP
rbac monitoring
API
rbac monitoring
API
pnp snmp mgmt rbac monitoring
API
pnp snmp mgmt
ovs ovs pnp snmp mgmt
sriov ovs
sriov ovs
ovs ovs
sriov
or
vnf1 … vnfN or
vnf1 … vnfN vnf1 … vnfN
or or
Mgmt
connectivity Mgmt
connectivity Mgmt
connectivity
vBranch Topology
DEPLOYED Optional Per VNF vs
Complete Topology Backup RESTORE
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Backup/Restore CLIs
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Physical Port
Status Tracking
NFVIS PNIC Tracking, VNIC Update NFVIS
3.10.1 +
ISRv NGFW
Hypervisor (KVM)
vSwitch
VF VF VF VF VF VF
VF VF VF VF NIM
MGMT LAN Backplane
GE0/0 GE0/1
TRACK TRACK
ENCS Integrated Switch
GE1/0 GE1/1 GE1/2 GE1/3 GE1/4 GE1/5 GE1/6 GE1/7
• PNIC tracking works for ports associated with OVS, works on LAN and WAN facing ports. Available starting NFVIS 3.10.1 release.
• PNIC tracking is useful in High Availability Designs. HSRP, VRRP like stateful features depend on interface status to switch between
ACTIVE and STANDBY modes.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
High Availability
ENCS High Availability
MPLS
Internet
PORT CHANNEL
Hosts on LAN
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Deploying a VNF
on NFVIS using the
GUI
Deploying VNFs Using NFVIS GUI
VM Life Cycle -> Deploy
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Network PnP
PnP Solution Components
1 DNA-C (PnP Server)
Auto-provision device w/
images & configs.
DNA Center
SSL
PnP Connect
Cloud-based device Policy Automation Analytics
discovery Customer On-Premise
SSL
PnP Connect
4 Redirects devices to SSL
On-Prem DNA-C
PnP Protocol
3 HTTPs/XML based Open
Schema protocol
Routers
DHCP with options 60 and 43 (ASR, ISR)
1 PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server
Wireless
Automated
Access Points
DNS lookup
2
resolves to DNA-C IP Address
Switches
(Catalyst®)
3 Redirect
Cloud re-direction https://devicehelper.cisco.com/device-helper
USB-based bootstrapping
4 router-confg/router.cfg/ciscortr.cfg Manual discovery
not supported for
Manual
Access Points
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
PnP DNS Lookup
Construct a fully qualified domain name (FQDN), using the preset hostname "pnpserver”,
based on the network domain name configured on the DHCP server.
Example of DNS lookup configurations on DHCP server:
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
PnP Cloud Redirect
• This method uses the Cisco Cloud Device Redirect
tool available in the Cisco Software Central.
• User needs to have a Cisco CCO account in advance.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
PnP Cloud Redirect – Cisco Account
In order to use Cisco Cloud Device Redirect tool, user needs to have a Cisco Account in advance.
Launch Cisco Software Central at https://software.cisco.com in browser and Click “Login In”
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
PnP Cloud Redirect (cont’d)
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Orchestration
Deploying a VNF
on NFVIS using
APIs
Deploying VNFs Using APIs
Using NFVIS APIs – REST or NETCONF
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
What is so great about REST? – Same concept,
many APIs Easy to use:
• In mobile apps
• In console apps
• In web apps
Cisco NFVIS REST APIs
• VM Image Management
• VM Deployment
• Virtual Network Configuration
• On-box Switch
• PNP
How does this work?
GET, POST, PUT,
Client Request DELETE API Service
Client Action Do Something
JSON, XML, TEXT Response
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Network Service
Orchestrator
Automation Transition Challenges
Network Service
Ops and
Engineerin Developer
Provisioning s
g
Automation Customer Experience Time-to-Market
Day-to-day management Provisions services and manages Develops new network services
of rapidly growing, service quality on demand
complex networks in networks
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
System Overview
• Model-driven, end-to-
Network Service end service lifecycle and
Ops and
Engineerin Developer customer experience
g Provisioning focused
s
• Seamless integration
with existing and future
OSS/BSS environment
Orchestrator (NSO)
Service Manager
Network Services
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Network Service Orchestrator (NSO) for Service
Providers
• Model-driven end-to-end
Network Engineering Ops and Provisioning Service Developers
service lifecycle and
customer experience in
focus
NSO
• Seamless integration
Service Manager with existing and future
Package OSS/BSS environment
CDB Manager
Device Manager • Loosely-coupled and
modular architecture
Device Abstraction ESC (VNFM)
leveraging open APIs and
standard protocols
VNF Lifecycle VNF Service
NED NED NED • Orchestration across
Manager Monitoring
multi-domain and multi-
layer for centralized policy
and services across
Multi-domain Networks
entire network
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Core Function Packs
Currently
• Ready-made implementations
supported
for specific features
• Productized, TAC supported
• 80/20 rule – reduce
implementation cost and TTM SDWAN
vBranch
NFVO
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
NFV Orchestration with
NSO NFVO
NFV Orchestration Challenges
Lessons Learned
A flexible software platform with open and Proprietary technologies with specialized
ETSI-aligned architecture and interfaces tooling driving long integration projects
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
NFVO High Level Architecture
VNFD Catalogue
OSS/BSS RFS Services
NSD Catalogue
NFV Orchestrator (NFVO)
NSRs and VNFRs
EM EM EM NFVI Resources
Or-Vnfm
(Or-Vi)
RFS Services
RFS Provisioning and Activation VNFD, NSD Catalogue NFV Orchestrator (NFVO)
Cisco NSO NSRs and VNFRs NSO NFVO Component
NFVI Resources
Or-Vnfm
(Or-Vi)
VNF Manager (VNFM)
VNF VNF VNF
Cisco ESC
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
ENFV Automated Operations - 2
Branch CPE fully operational in minutes
3. Configure
CPE and
VNFs
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
• Bootstrap configuration (day-0)
• e.g. IP/credentials/license
• Set once
BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
MSX
MSX Unlocks Multiservice, Multitenancy, Multivendor
for Service Providers
One-time OSS / BSS Integration
UI /
API
Managed Services Accelerator (MSX) – One Platform; Many Services
SD-WAN SD-Branch Managed SD-Access Meraki Security SP Custom
Cisco Service Device
Packs: PnP Services
Reduce Costs and
Time to Market
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
MSX Simplifies Service Creation & Delivery
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
The Power of MSX vBranch…
Many vendors, Many services…One Branch
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Drill Down to Site/Device Status
VNF Resource
Consumption
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Cisco DNA Center
Cisco DNA Center for Enterprise Customers
Profiles Self-Optimizing Predictive
Standardized configurations Machine learning-based detection
for multi-PIN services of problems prior to occurrence
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Deployment using Profiles
• Plan for the network deployment
Network Before
• Feature and Capabilities to be
enabled based on requirements
Design
• Topology for network
deployment
~50%
Day 0 OPEX Savings*
Cisco DNA Center Automation
With Plug & Play • Drop Ship devices
Order Deploy
• Centralized device discovery
Equipment device on
(DHCP, DNS, Cloud)
site
• Non-technical installer at site
• Template based configurations
• Secure SUDI Authentication
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Device on-Boarding – Router/Switch Design
Design
Design Tools Network Profile
Design Template Editor
Image Repository Image Repository Create Network Profile and
Assign Image to product Create Onboarding day0 select Onboarding day0
Family Mark image as golden for a Template and tag for given template for given product
product family product family family, Assign to a Site
PROVISION
Provision
Provision Provision
Device Unclaimed Device Claim Provision Day0 Config
Device shows up Select ‘Unclaimed’ switch, Select image, day0 PreviewClaim
Unclaimed in Cisco DNA Action>>Claim template/fill-in values
Center using DHCP Option Device is added to
Select Site Inventory
43 Discovery
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Cisco DNA Center components
Routing Routing
Switching Wireless PathTrace
Switching Wireless WAAS NFV
NFV
Apps
Automation Automation Apps Assurance Assurance Apps
P/IAAS Maglev
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Cisco DNA Automation – Branch DeploymentCisco ONE
Simplified Deployment of Physical/Virtual Branches Foundation
ISR/ENCS DHCP
WAN
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
SD-Branch
Orchestration in
Cisco DNAC
ENCS based Virtual Branch Profile
Router WAN Router LAN
1 Configuration
2 Configuration 3 Integrated Switch
Configuration
4 Custom CLI
Configuration
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Virtual Services using Cisco Validated Designs
Select to
add service
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Support for Third party Services
3rd party
Services
support
with day 0
configs
Application
Hosting
Support
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Support for Third party Applications
Custom
network for
untrusted
traffic
CVD service
chaining
support for
DIA
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Plug and Play
PnP Cloud
Redirection Service
PnP-Agent PnP-Agent
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
SDWAN
Integration
Available Today
Cisco SD-WAN Support on ENCS
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Provision Work Flow In Cisco DNA Center 1.2
vEdge – Input
Provision vEdge
Select ENCS and parameters Connect vEdge to
on ENCS with Day
Map to Site obtained from vManage
0 config
vManage
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Viptela vEdgeCloud Onboarding through Cisco DNAC
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Virtual vEdge On-boarding on ENCS
Provisioning Flow
lan-net
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
SDWAN onboarding using Zero Touch
Provisioning
Cisco SD-WAN Control and Policy
Redirect Elements
PnP Server 4
Server
3
Token and Serial Number
2 vEdge-cloud
Chain
Full Registration and
1 Configuration
Assumption:
DHCP on Transport Side (ENCS mgmt) DHCP or Static IP (WAN Transport)
DNS to resolve devicehelper.cisco.com* DNS to resolve vbond fqdn
* Factory default config NFVIS
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
ENFV and SDWAN Zero Touch Provisioning
CPE NAT Traversal
Secure Overlay
7
8
10
Service Chain
Secure Overlay
Deploy VNF
Tunnel
Full Registration and
1 Configuration
9
NAT Enabled CPE
Assumption:
DHCP on Transport Side (ENCS mgmt) DHCP or Static IP (WAN Transport)
DNS to resolve devicehelper.cisco.com* DNS to resolve vbond fqdn
* Factory default config NFVIS
Note : Step 7 REST API uses Secure Overlay Tunnel.
Without Step 4 and 5, Step 7 cannot traverse NAT CPE
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
Cisco DNA Center
Automation Demo
Customer Use
Cases
Straumann Reference
BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
Investment Company in NY
Ethernet Transport vEdge
• Two major use case driving this LTE Transport ISRv
• Redesign their WAN WAN Opt vWAAS
• Refresh their existing ISRs (2911s) VNF Orchestration DNA Center
SD-WAN Management vManage
• As part of their SD-WAN design they evaluated Cisco
IWAN, Viptela and Versa.
• Cisco IWAN – They evaluated IWAN, but overall
were not happy with management options.
• Viptela – Liked ease of manageability, and had
features they want
• Versa – Really liked the NFV and virtualization
approach, but not so much on the SD-WAN
capabilities
BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 133
Large bottling company – Type 1 Profile
Managed Service
(SDWAN)
• Branch consolidation and operational efficiency driving move to
virtualization
BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
Reference
Bank in EMEA Why ENFV?
• Automation has been key
• Cisco chosen after beating out the • Bank has been exploring virtualization for
a year now
competition for 246 branches. Initial order
for 165 branches. • Bank initially were engaged with other
vendors. However no vendor was able
• Key Requirements to provide an end to end solution that
included automation.
• Consolidation, Automation and Quickly
• After running pilots at multiple branches
isolate and troubleshoot problems. and saw how easy it was to automate
• Security is paramount with the bank. and spin up new sites, the customer was
convinced with the Cisco solution.
• Analyzed every component of the solution till
it met their standards • They were able to eliminate multiple
Windows workstations at every branch
• Two key promises made by Cisco by virtualizing them
• Continue to invest in the solution • Chose the ENCS for it compactness
• Complete Common Criteria certification
BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
Reference
Large Bank in Canada
BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
Reference
Orange Business Services
• OBS has been one of the first customers to For OBS, ENFV opens up new revenue streams
test and provide feedback on a lot of areas OBS use Blue Plant to orchestrate. They have
of the solution integrated with NFVIS NETCONF APIs
• Used the learnings from OBS to shape
Positioning ISRv with 3rd party VNFs
the product for the better
Initially wanted to use Riverbed for WAN Opt,
• Tested 3rd party VNFs – PAN, Steelhead, however Cisco and OBS were able to convince
Checkpoint, Fortinet PMI to use vWAAS instead
• Started pilot with Phillip Morris International OBS have projected 800 sites across 8
and E&Y customers for FY18
https://www.businesswire.com/news/ho
me/20180206005830/en/Orange-
Business-Services-Cisco-Bring-SD-WAN-
Network
BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
Reference
British Telecom
• BT are launching their service in September 2017 One of BT’s key requirement has been to
deploy a site with 1 WAN routable IP address.
• BT are using NSO w/ vbranch CFP for
orchestration Enhancements done in NFVIS to support this
by implementing secondary IP addressing
• BT are enhancing their existing monitoring tools
and are gearing up to support this launch
• They are moving away from SNMP based
monitoring to API based monitoring
• Accordingly to BT, APIs are proving to be far
more efficient than SNMP
• They have integrated all the monitoring APIs
provided
• NFVIS supports REST and NETCONF APIs that can be used to export all Host and VNF specific information
Hypervisor
• CLIs are also available to monitor and export data
NFVIS
• All data is exported via NETCONF. Need a NETCONF client to receive data
• Host and Interface SNMP MIBS support added as part of 3.6.1 release (July 2017)
• Exporting to external Syslog support added as part of 3.6.1 release (July 2017)
Hardware • Monitoring via Cisco Integrated Management Controller for Platforms that support it.
ENCS • CIMC supports an exhaustive list of MIBS which can be used to monitor every aspect of the underlying
hardware
• CPU, Memory, Interface and Disk Stats
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
CLIs for Monitoring
• Stats: content for graphical display
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
NFVIS Notifications for Monitoring and Troubleshooting
• NFVIS sends notifications for
• vmlcEvents (VM Lifecycle)
• nfvisEvents (NFVIS)
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
NFVIS Notification Events
• VM Life Cycle Events
CREATE_IMAGE VM_STOPPED
DELETE_IMAGE VM_STARTED
CREATE_FLAVOR VM_REBOOTED
DELETE_FLAVOR VM_MONITOR_UNSET
VM_DEPLOYED VM_MONITOR_SET
VM_ALIVE VM_RECOVERY_CANCELLED
VM_UPDATED VM_RECOVERY_REBOOT
VM_UNDEPLOYED
VM_RECOVERY_INIT
VM_RECOVERY_COMPLETED
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
SPAN & Packet Capture
SRIOV or OVS vnic can be spanned(port replicated) to a Packet capture VM
Tcpdump can be done via GUI or CLI on OVS vnics
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
Troubleshooting Enhancements
Exposed low level Linux show commands without having to go to root
• Low level Show commands under “Support” keyword
• Provides stats from OVS, provides TCP data dump and output from virsh commands
Example: How to verify if the Day 0 configuration is attached to the VNF when instantiated by NFVIS?
Step 2: Next check if there is a config drive generated with the day 0 configuration you added to the package
nfvis# support show config-drive 19
-rw-r--r--. 1 qemu qemu 397312 Nov 1 16:23 /cisco/esc/esc_database/nodejs/VM/ae828bab-
3e90-4a53-ba97-14aa0db258f2/ae828bab-3e90-4a53-ba97-14aa0db258f2-hdd.config
Step 3: Once verified that config drive is present, next look at the contents of the drive by using
nfvis# support show config-drive content 19
At the tail end you should see the configuration that you packaged with the VNF
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 145
Troubleshooting Enhancements
Example 2 : How to verify if your VM is actually enabled for serial console?
The virsh dumpxml command lists out exactly how the VNF was deployed on NFVIS. It lists out the properties that was
enabled as well
For the above example by using the virsh dumpxml command look for key word Serial, if you see the following in the
output then you know the VNF was enabled for Serial Console on NFVIS.
<serial type='pty'>
<source path='/dev/pts/0'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 146
Troubleshooting (specific to config drive)
Issue Cause Debug Fix
Image registration fails if package is not *.tar.gz Look at the error message on Repackage using local portal
(doesn’t have the required files portal/API response code. or packaging tool
on slide#27 Also look at ESCManager.log
NFVIS#show log
/var/log/esc/escmanager.log |
include Image_name
Image registration fails Checksum is not correct - Look at the error message on Repackage using local portal
maybe packaging tool /local portal/API response code. or packaging tool
portal not used to package the Also look at ESCManager.log
VM NFVIS#show log
/var/log/esc/escmanager.log |
include Image_name
VM deployment fails VM is monitored VM. VM is not Look at the API response Undeploy VM
attached to int-mgmt-net (it code. Re-Deploy using local portal or
can be attached to any nic) Also look at ESCManager.log using API attach int-mgmt-net
when deployed using API. By NFVIS#show log to one of the nics
default local portal attaches /var/log/esc/escmanager.log |
nic0 of the monitored VM to include vm_dep_name
int-mgmt-net.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 147
Troubleshooting (contd…)
Issue Cause Debug Fix
VM deployment fails VM is a monitored VM and Look at the error message on Re-deploy using local portal
bootup_time is not specified in portal/API response code. (default bootup_time is local
the payload Also look at ESCManager.log portal is 600 seconds)
bootup_time is boot time NFVIS#show log Or deploy using API and specify a
required for VM to boot in /var/log/esc/escmanager.log | reasonable, positive value for the
seconds (+ve value) include vm_dep_name VM to boot in seconds.
Some VMs need longer time to
boot.
VM deployment fails VM is a monitored VM and Look at the error message on Re-deploy using local portal
kpi_data is not provided in the portal/API response code. (it attaches kpi_data)
payload Also look at ESCManager.log Or deploy using API and specify a
NFVIS#show log kpi_data
/var/log/esc/escmanager.log |
include vm_dep_name
VM deployment fails Bootstrap config file is tokenized Look at the API response code. Use a different unused ip address
and the key, value pairs are Also look at ESCManager.log for the int-mgmt-net.
passed during deployment using NFVIS#show log
API. But static ip address is used /var/log/esc/escmanager.log |
through the deployment payload include vm_dep_name
for this VM for int-mgmt-net
which was already assigned by
the system for other VMs.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
White box or not a
White box
White Box - what could possibly go wrong?
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 150
All Cisco Stack vs White Box Stack
White Box Stack consists of… “quality?”
“reliability?”
“licensing cost?”
• COTS Hardware “support?” “compatibility with
• Unrelated hypervisor hardware?”
“support?” (again)
• Disparate VNF collection “cross component compatibility/duplication?”
“support?” (again) (multiple touch points now!)
• Orchestration?
so. many.
“what’s the glue?” questions.
“Can it ‘see’ my hardware?”
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 151
All Cisco Stack vs White Box Stack
All Cisco White Box
vBranch is the key to How well can a single
VMS Non-Cisco
success for the Cisco
vBranch + SDWAN Orchestration (Ericsson, etc..)
orchestrator support
stack. Pre-defined multiple underlying
templates are fully components?
tested and supported
VNFs are on their own.
Palo Alto
Riverbed
vWAAS
Fortinet
Juniper
strengthen the vEdge
vWLC
Cisco
ASAv
Inconsistent licensing,
ISRv
VNF
overall offer. VNFs hypervisor support, etc.
weaken the stack.
Opportunity to
highlight synergies
How well does each
between products Non-Cisco
NFVIS Hypervisor VNF work with the
throughout the entire (KVM, Openstack, etc.) chosen hypervisor?
solution stack.
No Cisco product in
An integrated stack
Advantech
the white box space.
offers single vendor
Cisco ?
Juniper
ENCS and UCSE do
Dell
sourcing, and ENCS Hardware not fit into white box
consistent cross- model (pricing or
solution support. technology)
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 152
Example: Cisco Stack vs Dell VEP ‘white box’
vCenter?
The SD-WAN vendor’s?
Good Luck! (you’re going to need it)
RedHat’s? (CloudForm? OpenStack Platform Director?)
Some other vendor or open source*?
Versa VeloCloud Silver Peak Choice?: Three (only) vendors. SD-WAN only.
hypervisor Extra cost: VMWare ESX isn’t free if you want to manage it,
VMWare or RedHat RedHat isn’t free. Both require support.
Single platform only, Ethernet only, Intel Xeon D2100
‘up to’** 16 cores, ‘up to’ 64 RAM, max 1TB storage
Two expansion slots, but nothing for them
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 153
Summary of ENCS advantages over Competition Reference
* Roadmap
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 154
Reference
NFVIS – True Network Hypervisor
• Designed Specifically for Enterprise • Zero touch deployment
deployments • Embedded PnP Client in NFVIS enables true Zero Touch
Deployment model without any human intervention
• Targeted for Networking teams in Enterprise
organizations • Allows for quick and error free deployment of network
services
• Optimized for the deployment and • Automatic Resource Optimization for improved network
monitoring of Virtual Network Functions performance
• Built-in VM monitoring capability allows for • Optimized use of CPU, Memory and Storage for maximum
auto restart of VNFs when down performance of the different VNFs.
• Avoids expensive truck rolls to remote sites • Management GUI bundled in with NFVIS
• Rich Open APIs • Easy to use GUI eliminates complexity of dealing with the
underlying hypervisor
• Industry standard API that allows integration • Provides ability to draw network topology and instantiate a
with any Orchestration system virtual branch
• APIs available for both RESTConf and • Open Architecture Software stack
NETConf
• Allows for easy onboarding of any 3rd party software
• APIs support includes
• VM deployment • Secure and Trusted Infrastructure Software
• VM health monitoring • Security tested and certified. Chain of trust between
orchestrator, hardware, nfvis components and vnfs
• System resource (compute/memory/storage)
management • FIPS and Common Criteria Certifications on Roadmap
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 155
Key Takeaways
Key Takeaways
• Network Function Virtualization is a standard tool in the tool-box of network
engineers
• SD-Branch solution is SDWAN ready
• Cisco Virtualized Network Functions offer full feature richness and
consistency with their hardware variants
• Key benefits:
• Operational simplicity - deploy functionality within minutes
• Leverage power of programmability
• Potential to achieve architectural simplification
• Important to understand the system architecture, in particular with a view to
performance
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 157
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 158
Continue your education
Demos in the
Walk-in labs
Cisco campus
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 159
NDA Roadmap Sessions at Cisco Live
Customer Connection Member Exclusive
Join Cisco’s online user group to …
Connect online with 29,000 peer and Cisco NETWORKING ROADMAPS SESSION ID DAY / TIME
experts in private community forums
Roadmap: SD-WAN and Routing CCP-1200 Mon 8:30 – 10:00
Give feedback to Cisco product teams Join at the Customer Connection Booth
(in the Cisco Showcase)
Product enhancement ideas
Early adopter trials Member Perks at Cisco Live
User experience insights • Attend NDA Roadmap Sessions
• Customer Connection Jacket
Join online: www.cisco.com/go/ccp • Member Lounge
#CLUS BRKARC-2112 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 160
Thank you
#CLUS
#CLUS