Brkarc 2259

#CLUS
Architecture of an
NFV/SDN Platform for
Orchestrating
Cloud-based & vBranch
Managed Services
R. Wayne Ogozaly Technical Lead Engineer
BRKARC-2259
#CLUS
Agenda
• What’s driving the NFV / SDN Business Transformation?
• Critical Elements of an NFV / SDN Solution
• What’ possible today…customer deployments using
Cisco Managed Service Accelerator (MSX)
• Compelling NFV Services…VNFs running in Clouds and Virtual Branches
• Compelling SDN Services…SD-WAN and SD-Access
• Conclusions…NFV / SDN are crossing the chasm
#CLUS BRKARC-2259 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
NFV and SDN Demos show
• Create a Multi-Vendor service chain on an x86 Virtual Branch…
in only 10 Minutes!
• Create an AWS Cloud Connect Service with a Cisco CSR and AWS
Gateway (VPG)… in only 5 Minutes!
• Provision an ISR 1100 using Zero Touch Provisioning over an LTE link…
in only 5 Minutes!
• Create a new DNA Center SD-Access network… in only 10 minutes
What is Network Functions Virtualization (NFV)?
Standards based frameworks…ETSI…NFV and MANO
In NFV, network functions run as software modules NFV Framework MANO

on x86 servers. An NFV infrastructure, or NFVI,
provides the underlying compute, storage, and
network resources required for NFV.
• New elastic services
• Decoupling of hardware and software
• Automating everything and simplifying network
operations
• Reducing OpEx but can we reduce complexity?
• Increasing service revenue European Telecommunications Standards Institute (ETSI)
NFV Industry Specifications Group
Management and Orchestration (MANO) Framework
What is Software Defined Networking (SDN)?
SDN Framework
In an SDN architecture, the control and data
planes are decoupled, network intelligence and
state are logically centralized, and the underlying
network infrastructure is abstracted from the
applications…
• Separation of Control and Forwarding plane
• Centralized Management – Global view
• Automating everything and simplifying network
operations
• Reducing OpEx but can we reduce complexity?
• Increasing service revenue
What’s driving the
NFV / SDN
Business
Transformation?
Markets are Poised for Epic Opportunity
By 2021, mobile traffic will represent 20% of total IP traffic (up from 8% in 2016)
Cisco VNI Mobile
80% of user workloads moved to Cloud by 2019
IoT will drive zettabytes of data and billions of new connections. Ratio of machine
communications to human communications will be 30:1 by 2020
CapGemini
5G will generate $247B in service revenue by 2025

ABI Research
Business Internet traffic will grow 4X faster than IP WAN. Global VPN grows 56%
over the next 2 years from $45B to $70B by 2019
Gaming to grow 7-fold and account for 4% percent of fixed consumer internet
by 2020; currently 2% of average and 10% of peak traffic
Cisco VNI
Enterprise customers require better IT solutions
Global business IT priorities*
*AMI-Cisco ITaaS Research of 350 business in 11 countries #CLUS BRKARC-2259 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
It’s a multicloud world
85% 87% 94%
Evaluating or using Taken steps towards a Plan to use

public cloud hybrid cloud strategy multiple clouds
Among cloud users
#CLUS
Source: IDC CloudView, April, 2017, n=8,293 worldwide respondents, weighted by country, company size and industry BRKARC-2259 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
How Organizations Address the Multicloud World
They want to
MANAGE
their multicloud
environment simply
They want to
EVOLVE
their infrastructure
to support cloud They want to
models
ADD
cloud services for
specific uses
Multicloud Complexity Challenges
“I need to…”
“…protect my cloud applications,

“…securely extend endpoints, and data”
private networks to
FRAGMENTED
public clouds”
“…manage the full

lifecycle of both COMPLEX
“…deliver a wide range
physical and virtual
cloud managed
assets”
services”
NO DATA CONTROL
SDN and NFV are Enabling the Multicloud World
MULTICLOUD SDN / NFV A multicloud approach

enables customers
GCP
Other
Public
SaaS SaaS SaaS SaaS
to consume applications
Clouds
and services from many
AWS Azure SaaS SaaS SaaS SaaS
clouds using:
Hybrid
• Cloud Native platforms
Clouds • SDN / NFV technologies
Private Private
Multicloud Software Enablers
SDN, NFV, and Cloud Native Platforms are critical elements
Multicloud
NETWORKING SECURITY ANALYTICS MANAGEMENT
Software
Cloud Native Platforms

Software Defined Networking (SDN)
Network Functions Virtualization (NFV)
…to connect, protect, and consume cloud services
Campus Data centers Private clouds Colocation Branch Public clouds Devices Internet of Things
SP
Services
UI / API OSS / BSS
Integration
SD-WAN
OSS / BSS
UI / API Integration
Virtual
Branch
OSS / BSS
mCPE UI / API Integration
OSS / BSS
DNA-C
#CLUS
OSS / BSS
Cloud
OSS / BSS
BRKARC-2259
UI / API
NFV
Integration
SP DC
OSS / BSS
Meraki
OSS / BSS
Umbrella
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Independent Services Drive complexity & costs
15
Cisco’s MSX Framework Removes Complexity, Cost
OSS / BSS
Integration
UI / API
MSX Common framework for service integration, catalog, delivery and operation.
SD-WAN Branch mCPE DNA-C SP DC Cloud Meraki Umbrella

NFV NFV
Cisco is leading Service Provider Transformation
SP Drivers Cisco Strategy SP Outcomes
• Bandwidth is growing;
• Reduce TCO
revenue is not Virtualize
• Transform operations
• Web-scale breaks current
cost & design models • Accelerate speed to market
Simplify • Generate new revenue
• Need to grow new
compelling services • Improve customer experience
• Need reductions in both • Mitigate risk

Automate
CAPEX and OPEX, not a
transfer • Application-led, not
infrastructure
• Customer retention Service
• Network as platform for
& relationship critical Focus retention and new services
Transform with a combo SDN, NFV, and Cloud Native products

Critical Elements of an
NFV / SDN Solution
Disruptive Technologies unlock new Services
Focus on simplified Operations! Many Services, Faster time-to-market
Service
Service Efficiency through automation and Orchestration
Orchestration self-service fulfillment
Network Functions Flexibility with the transformation of SDN Managed NFV

Virtualization solution architectures and operations
Service Router IPS Web
Accelerator
Agile service delivery via
(MSX)
Cloud Native micro-services, containers, and
cloud management
Software-Defined Dynamic market services delivered Cloud Native

Networking rapidly from cloud controllers Services
Convergence of multiple disruptive technologies has created massive opportunity
Disruptive Technologies unlock new Service Models
Efficiency through automation and self-service fulfillment
Virtual and Physical Simple service models Network Elements Config Roll back,
Service
devices, and device models Drivers, Conf-D, Service Extensions,
Orchestration Cisco and 3 rd Party (YANG, XML) and CLI 100,000 Devices
Flexibility with the transformation of solution architectures and operations
VNF Lifecycle Mgt VNF Smart Licensing VNF Certification of

Network Functions VNFs run in the Cloud
and Service and Pay-as-you-Grow Cisco and 3 rd Party
Virtualization or Virtual Branch (x86)
Orchestration Pricing Models VNFs
Agile service delivery via cloud-enabled services and management
Micro-services, Docker Web Scale design, Runs in any cloud, Tenant Self-Service,
Cloud Native Containers, Kubernetes, Multi-tenant 1,000s, public or private Monetized offers,
Geo-redundancy Service Orientation (VIM Independent) Auto Rendered UI
Dynamic market services via tight application and network interaction
Central Device Mgt, Self-healing Networks, Service Creation

Software-Defined REST APIs to OSS/BSS
Secure ID (RBAC), Configuration Guard capable, including
Networking for billing and SLAs
Zero Touch Provision Rails analytics & monitoring
Cisco Service Provider Architecture
OSS / BSS
Managed Service Accelerator (MSX)
NSO Orchestration
Cloud Service Management Automation

Open
Automation Analytics
Principles Programmable Security

Virtualization
Programmable Physical and Virtual infrastructure

API Driven Assurance
What is Cloud Native
“Cloud native is an approach to building and running applications that fully exploit the
advantages of the cloud computing model.”
Agile Time-to-market
Cloud native computing uses an open source software stack
that can be:
Containerized. Each applications and process is packaged in its

own container. This facilitates reproducibility, transparency, and
resource isolation.
Dynamically orchestrated. Containers are actively scheduled

and managed to optimize resource utilization.
Microservices-oriented. Applications are segmented into

microservices. This significantly increases the overall agility and
maintainability of applications. REST APIs Portable
Cisco MSX
The service creation and delivery platform
for service providers
MSX is a service creation and delivery platform that helps service providers
rapidly deliver new NFV and SDN services to market.
Cisco Managed Service Accelerator (MSX)
MSX is a
multi-tenant
multi-vendor
service creation
platform that’s
simply managed
from the Cloud of
your choice.
MSX Cloud Management
The MSX Customer and Operator dashboards
are customizable and provide simplified Cloud
Management of distributed customer sites:
• Self Service Portal
• Services Catalog
• Identity Management
• Mapping Functions
• Service Analytics and Management Displays
• Zero touch Provisioning
• Lifecycle management of physical and virtual assets
MSX provides Simplified Cloud Management
MSX is a
MSX Platform Cloud Native Platform
End-to-end Service Offering
UserMSX Optional
Operator The MSX architecture employs:
OSS/BSS
PortalUser Interface
Portal
• Docker Containers
Identity &
Logging
Security API • Kubernetes
and Alarms Management
• Micro-service framework
MSX • Network Services Orchestrator
PlatformService
Service Services and
Workflow (NSO)
Monitoring Templates
Orchestration Engine • Custom Service Templates
NSO Device Zero-touch Service
• REST APIs
Orchestration Provisioning Chaining
to deliver a rich catalog of

Cloud Managed Services
Cloud Services Virtual Branch x86 Hardware Devices
Cloud Native Platform and VIM Independence
MSX runs on the Cloud of your choice
Public Clouds
MSX
Platform
Private Data Center

Private Cloud
Cisco or 3rd Party NFVI

MSX-as-a-Service
What’ possible today…
Cisco Managed Service

Accelerator (MSX)
customer deployments
NFV / SDN Demo
Create a Multi-Vendor service chain on an
x86 Virtual Branch…in only 10 Minutes!
x86 Platform Built for Branch/Campus NFV
Managed Simply from MSX
Best of Routing Complete Open for Third Party

& Compute Virtualized Services Services and Apps
Enterprise Network Compute System
ENCS 5100 Series
ENCS 5400 Series
Network Functions simply managed from MSX
Cisco and 3rd Party Virtual Network Functions (VNFs)
ISRv ASAv/FTD * vWAAS vWLC

High Performance Full DC-class Featured Application Optimization Built for small and medium
Functionality and Akamai Connect branches
Rich Features
Viptela vEdge Windows Server Linux 3rd Party

SD-WAN Active Directory, Custom Applications Network Services
High Performance File Share, DNS/DHCP Management & Monitoring
Rich Features Server Applications Your VNF choice here…
The Power of MSX vBranch…
Many vendors, Many services…One Branch
ENCS 5000 Series - Chassis Options
ENCS5412
ENCS5408 12-Core
ENCS5406 8-Core
ENCS5104 6-Core
4-Core
ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412

CPU 4-core, 3.4 GHz 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz
PoE No No 200W 200W
Capacity Guidance ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs
ENCS 5400 Series – I/O Side
Internal
Integrated 16 - 64 GB 6, 8, or 12-Core Dedicated Board Optional Hardware M.2 Storage
Power Supply DRAM Intel Xeon-D Management Controller RAID Controller 64 – 400 GB
8 Integrated LAN Ports USB 3.0 Network Interface Module 2 HDD or SSD
with Optional POE Storage for LTE & WAN RAID 0 & 1
Hardware Acceleration for

VM Traffic 2 Onboard Gigabit
Ethernet ports
with SFP
MSX vBranch Architecture
Orchestration and Management NFVIS
Plug-n-Play
PnP Agent
VM Lifecycle Management • PnP Agent must automatically configure WAN interface
Provisioning of VNFs • Must download platform Profile
Lifecycle Management (ESC Lite)

• Provide Northbound interface for Management/Orchestration
VNF VNF VNF VNF vAPP vAPP • Provide System level information
• Provide VNF management - Create, Modify, Delete
• Provide interface with onboard LAN switch
NFVIS (Linux + ESC Lite+ PnP+CLI Agent) • Performance Monitoring of VNF’s
CLI/WebUI Agent
Onboard Storage • Interface to configure onboard switch
X86 Processor • Provide Cisco® CLI wrapper
M.2 SSD Default Storage
• Agnostic to switch vendor selected
Switch NIC NIM BMC Server Monitoring Agent

• Agent to interact with Orchestration system
• Web GUI Interface for Management and Configuration
Switch NIC
Drivers, Firmware, and Agents
8 Port Integrated Switch (only on Low) Increased performance using SRIOV
• NIC and interface drivers
Optional UPOE Support Mirroring of traffic between VNFs
• Optional Crypto support
MSX managed ENCS advantages
over white box server
Superior Hardware Engineering Superior Operational Platform
• Hardware acceleration of VM-to-VM traffic • Secure Management of all VNFs from a single
multi-tenant, multi-service platform (MSX)
flow
• Support for Cisco and 3rd Party VNFs, securely
• WAN module support managed by MSX
• 4G/LTE • Crypto hardware offload
• T1/E1
• xDSL • Secure VNF Lifecycle management
• BMC/CIMC – Lights out (server) management
• Enterprise class grade components
• Support for Software and Hardware RAID on 12”
(comparable to an ISR) chassis
• Branch Form factor • LTE modules available on NIMs.

• Shock, vibration, acoustic • Remote recovery and ZTD of system over LTE
modules
• Ability for increasing switch port density with NIMs.
Optimized for Network Services
NFV Infrastructure Software (NFVIS)
Network Hypervisor Zero-Touch Deployment

Supports segmentation of Automatic connection to PnP server
virtual networks
Highly secure connection to the
Abstract CPU, memory, orchestration system
and storage resources
Easy day-0 provisioning
Lifecycle Management Service Chaining Open API

Provisioning and launch of VNFs Elastic service insertion Programmable API for
service orchestration
Failure and recovery monitoring Multiple independent service
paths based on applications or REST and NETCONF API
Stop and restart services
user profiles
Dynamically add and
remove services
Cisco has a rich Library of Virtual Network
Functions (VNFs)
 Integrated Services Virtual Router (ISRv)
 Cloud Services Router (CSRv)
 Adaptive Security Appliance (ASAv)
 Firepower Next-Gen Firewall Virtual (NGFWv)
 Cisco IOS XRv 9000 Virtual Router
 Virtual WAN Acceleration (vWAAS)
 Wireless LAN Controller (vWLC)
 Viptela SD-WAN Virtual Router (vEdge)
 Meraki Virtual Security Appliance (vMX100)
 Cisco ACI Virtual Edge - Data Center Switch and Policy Enforcer
Cisco VNF’s
Integrated Services
Router (ISR)
Cloud Services Router

(CSR)
Cisco Integrated Services Virtual Router (ISRv)
Cisco ISRv Positioned as a Branch WAN Services Router

• The Cisco® Integrated Services
Virtual Router (ISRv) is a virtual
form-factor Cisco IOS® XE
Software router that delivers
WAN gateway and network
services functions into virtual
environments.
• Using industry-leading Cisco
IOS XE Software networking
capabilities (the same features
present on Cisco 4000 Series
ISRs and ASR 1000 Series
physical routers)
Typical Use Cases
for the Cisco ISRv
Cisco ISRv:
Highly Secure VPN Gateway
Cisco ISRv:
Traffic Control Point
Cisco ISRv:
IOS XE Features,
Performance,
and Resource
Requirements
Differences between the:
Cisco ISRv and Cisco CSR 1000v
ISRv
• The Cisco ISRv runs on server platforms running the Cisco NFVIS virtualization software only.
• It can support the network interface module (NIM) when running on a Cisco ENCS hardware
platform and can also accelerate VM-to-VM traffic using the hardware-based switching on Cisco
ENCS platforms.
CSR 1000v (Cloud Service Router)

• The Cisco CSR1000v runs in Cloud environments.
• The Cisco CSR 1000v will continue to be supported across multiple hypervisors (VMware vSphere,
Microsoft Hyper-V, Citrix XEN, RHEL KVM, Ubuntu KVM, Amazon AWS, and Microsoft Azure).
The Cisco CSR 1000v and Cisco ISRv will maintain Cisco IOS XE feature parity
MSX NFV Demo
Create an AWS Cloud Connect Service with
a Cisco CSR and AWS Gateway (VPG)…
in only 5 Minutes!
MSX Cloud Connect – Secure VPC to AWS
AWS
ISR Virtual
Branch Gateway
Router Router
CSR
Hub
Routers
Cisco VNF’s
Adaptive Security
Appliance
(ASAv)
Cisco Adaptive Security Virtual Appliance (ASAv)
• This Security appliance

brings the power of ASA to
the virtual domain and
cloud environments.
• It runs the same software
as the physical ASA to
deliver proven security
functionality. You can use
it to protect virtual
workloads within your data
center, Public / Private http://www.cisco.com/c/en/us/products/security/virtual-adaptive-security-appliance-firewall/index.html
Clouds, or virtual
branches.
Cisco ASAv:
Features,
Performance,
and Resource
Requirements
Cisco VNF’s
Next-Gen Firewall
(NGFWv)
SourceFire
Cisco Firepower Next-Gen Firewall Virtual (NGFWv)
Advanced Security services to help defend your network
Next-Gen Services
FirePOWER Firewall Security
Subscription
Subscriptionservices thatthat
services run on
runthe
onASA andand
FTDv provide enhanced
provide levels levels
enhanced of threat
ofprotection and network
threat protection andvisibility
network visibility
Next-Generation
Advanced Malware Application
URL Filtering Intrusion Prevention
Protection Visibility and Control
System
Foundational Functionality
Foundational Internet Security
Built-in
Built-infirewall services
firewall to provide
services base base
to provide protection and connect
protection with otherwith
and connect security
othersolutions
security solutions
Policy Enforcement Point

Stateful Firewalling VPN Capabilities
for ISE
Cisco Firepower Next-Gen Firewall Virtual (NGFWv)
Cisco Firepower NGFWv is available on VMware, KVM,
Amazon Web Services (AWS) and Microsoft Azure environments
for virtual, public, private, and hybrid cloud environments.
http://www.cisco.com/go/ngfw
Cisco VNF’s
Cisco IOS XRv 9000
Virtual Router
Cisco IOS XRv 9000
Virtual Router
Cisco IOS XRv 9000 Virtual Router
Use Cases and Device Specifications
Cisco VNF’s
vWAAS
Virtual WAN
Acceleration
vWAAS Use Cases
and Specifications
Cisco VNF’s
Viptela SD-WAN Router
(vEdge)
Viptela vEdge Cloud: SD-WAN Virtual Router
Extending the SD-WAN to Clouds and vBranches
Virtual
Physical
Cisco VNF’s
Meraki vMX100
Security Appliance
Meraki vMX100
Extending a Meraki Network & Policies to the Cloud
Meraki vMX100 Virtual Security Appliance
Use Cases
Cisco VNF’s
ACI Virtual Edge
Data Center Switching

Cisco ACI Virtual Edge
Data Center Switch and Policy Enforcer
Cisco ACI Virtual Edge
Data Center Use Cases
Cisco VNF’s
Wireless LAN Controller

(vWLC)
Cisco vWLC
Virtual Wireless LAN Controller
Virtual form-factor controller for any x86 server with

VMware Hypervisor ESXi 4.x or 5.x
• Supports up to 3000 access points and 32000 clients across 200 branches
• Supports 100 access points per branch
• Co-resides with other virtualized network services, including Cisco Identity Services
Engine (ISE), Cisco Prime™ Infrastructure, and Cisco Mobility Services Engine (MSE)
• Entry-level 802.11n, 802.11ac controller application for small to medium-sized
enterprises and branch offices
• Pay as you grow licensing starting at support for five access points
Cisco vWLC: Virtual Wireless LAN Controller
Cisco
Smart Software
Licensing
Cisco ESC Smart Licensing
• VNF Licensing is another core task in virtualized environments that typically
requires manual processes to activate the VNF license.
• Cisco’s new “pay-as-you-go” Smart licensing model, on supported VNFs.
• With Smart Licensing, instead of having to manually activate licenses for
each virtual machine, the virtual machine registers itself with a centralized
licensing server on boot-up, tracks how the resource is used, and bills on a
consumption basis.
• This setup provides important flexibility for elastic environments, allowing
you to expand and contract as needed, in a completely automated fashion,
while paying only for the resources you actually consume.
Smart Licensing Example
More Flexible with PAY as you Grow model
• Cisco Smart Software Licensing
makes it easier to buy, deploy,
track, and renew Cisco licenses.
• Simpler purchase and activation
of the VM, Pay-as-you-grow
(PAYG)
• Easier license management and
reporting of virtual appliances
due to license pooling
• Automatic license activation when
the virtual appliance is provisioned
• Customers can view product
entitlements and services in the
Cisco Smart Software Manager.
Zero Touch Provisioning
2 Ways for CPEs to Call Home
Direct Calls to MSX Host or Redirected via Cisco Plug-n-Play Service
Option 1: Call Home to Cisco Redirect Service
No Config
Branch CPE
Customer
The CPE has a no config. IOS automatically “calls home” to Cisco Plug-n-Play Service for
redirection to MSX Server
Minimal Boot
Option 2: Call Home PnP Server Config
CPE
Branch
Customer “ transport https ipv4 198.135.4.159 port 8443 source GigabitEthernet0/0/1”
The CPE has a minimal configuration that points the device at the MSX PnP server
MSX Support of Cisco’s Plug and Play Connect Service
Automated Provisioning Service for Zero Touch Provisioning
CPE
As Devices are ordered, they can be automatically

added to Cisco’s Plug-and-Play Service
How Does Zero Touch Provisioning Work?
Understanding the Call Flow…1…2…3 Cisco Plug and Play Connect
SP Common Systems
Billing Order Infrastructure Applications Monitoring
Redirected to MSX 2
PnP Server
Call Home 1
“devicehelper.cisco.com”
Internet
Managed Device 3
MSX Platform Config Applied
1100 LTE or 829 IOT

LTE Provisioning for True ZTP
Use Case: LTE Provisioning to Automated WAN Enablement
4G LTE Cellular
Network
Cisco Plug and MSX Platform

Orchestration Plane Play Connect
• ISR 1100 LTE Series

• Connect to MSX CLoud over LTE
• Download Template for WAN and NAT
ISR1111 Enablement
• Establish Data Plane over WAN
MSX SDN Demo
Provision an ISR 1100 using Zero Touch
Provisioning over an LTE link…
in only 5 Minutes!
MSX Secure Management Connection
Secure IPSec Tunnel to CPEs. Configuration can now be pushed; Data Retrieved privately
Provider CPEs
CPE
Branch
Provider
Customer
CPE
Branch
Customer
Cisco MSX Ordering Portal
Inventory
CPE 1xxxxx
CPE 2xxxxx
Configurations CPE 3xxxxx
CPE Hub
Branch Traps, Logs, Stats
Customer
MSX Provides Template Management System
SP Controls which configurations are available for Tenant and Device downloads
Provider CPEs
CPE
Branch
Customer
CPE
Branch
Customer
Cisco MSX Ordering Portal
Inventory
CPE 1xxxxx
CPE 2xxxxx
CPE 3xxxxx
CPE Hub
Branch
Customer
Custom Configurations
MSX REST APIs
REST APIs and Software Development Kits
Simple to use, simple to create new SP Services
• All MSX Services are

configurable via
REST APIs
• New Services can be

created through the
Software
Development Kit
(SDK)
Network Services
Orchestration…
Yang Models, VNF Lifecycles,
Zero Touch Provisioning,
for Cisco and 3rd Party devices
Cisco Network Services Orchestrator
Enabled by Tail-f
MSX Service Creation is built on NSO
Cisco Network Services Orchestrator (NSO)
Agile Automation Network

Engineers
 Active network view Third-Party Applications
Modern APIs Modern Ways of Working

 Any service, any device
 Multi-vendor support Service Interface MSX Service Packages
Service Creation
Network Services Orchestrator (NS0)
Network Abstraction Layer Service Manager Active

 Physical Network
Device Manager View
 Virtual
 Network applications Multi-Vendor Network Element Drivers
Network Abstraction in Modern and Brownfield Environments

Northbound APIs
Physical Networks Virtual Networks Network Apps
 OSS and BSS
 Third-party applications  VNFM
 Controller apps
 DevOps support  EMS and NMS
Cisco MSX follows ETSI MANO Model
• Cisco Managed Services solution
follows the ETSI MANO model
• The Cisco Network Services
Orchestrator (NSO) orchestration
engine software modules handle
the NFVO functions.
• The Elastic Services Controller
(ESC) software modules are
responsible for VNF life cycle
management (VNF-M).
• OpenStack networking software
plug-ins modules provide virtual
infrastructure management (VIM)
functionality.
NSO Architecture
• Cisco NSO provides
automated services
orchestration capabilities.
• Cisco NSO receives a
service request through
the open API interface
presented northbound
interface (or customer
OSS/BSS).
• For all services, NSO has
a Yang service definition
model loaded into the
transaction database to
handle such a request.
Single Create operation captures all operational States
Create operations covers the Modify and Delete operations as well
State convergence provides single

Any service operation (create, approach across service and device
update, delete, redeploy)
models:
• Strict separation between models of

Services
• CREATE only services and devices, separate lifecycle
• MODIFY, DELETE derived
• One single create operation captures all
that is needed for full lifecycle (CRUD)
Devices
• The state-convergence algorithm
renders arbitrarily complex scenarios
and operations
VNF Manager • Overlay Mgmt
• Controller Apps
• EMS and NMS Scales with number of services and
Physical Networks Virtual Networks Network Apps
complexity of infrastructure
NSO 3rd Party Integrations…managed simply by MSX
Open Platform with the Broadest Multi-vendor support, and Vendor Qualification
3rd Party VNFs

available through MSX
Network Services Orchestrator (NSO) - Over 100 Vendors Supported

Cisco Vendor Qualification Program
NSO 3rd Party Integrations…managed simply by MSX
Open Platform supporting BOTH Lifecycle Mgt AND Orchestration of 3rd Party products
VNF Lifecycle Mgt VNF Service Orchestration
Select VNF
1 (Fortinet)
Fortinet VNF 3
Service
Selection
Select Cloud Fortinet VNF
provision
(SP or AWS or vBranch)
Monetize the
Service
VNF Lifecycle Functions VNF (or Device) Service Orchestration

 Allocate VNF Resource  Secure mgt connection
 Locate / Boot Image  Create / Provision VNF Service
 Load Day 0 Config  Monitor VNF Service
 Monitor VNF / Analytics  Collect Service Analytics
2  VNF High Availability  Add / Delete / Change Service
Fortinet VNF boot  Add / Delete VNFs  Multi-tenant, 1000’s of Services
VNF Lifecycle
Management using
Cisco Elastic Services
Controller (ESC)
VNF Lifecycle Management thru ESC XML Template
• vCPUs, memory, disk
• Monitoring KPIs
• Day-zero config
• Cisco Elastic Services Controller (ESC)

provides comprehensive lifecycle
management for NFV.
• Cisco NSO and ESC together provides
comprehensive VNF and Service
lifecycle management capabilities for
both physical and virtual environment.
• Drawing on industry standards and open
APIs, you can control the full lifecycle of
all your virtualized resources, whether
using Cisco or third-party VNFs and
management tools
ESC follows ETSI NFV Framework
• Cisco ESC provides VNF lifecycle
management that conform to the ETSI NFV
framework.
• By conforming to industry standards and
exposing well-defined APIs, it can
interoperate with any standards-based VNF
infrastructure (VNFI) or NFV orchestration
(VNFO)
• Cisco ESC lifecycle management capabilities
are data model-directed (VNF Descriptor, or
VNFD), supporting the Yang data model and
NETCONF interfaces.
• So you can define data models once using an
XML template - for example, a virtualized
firewall service template - and use them over
and over again for multiple deployments.
How to transform your
Business… Conclusions
Cisco is leading Service Provider Transformation
SP Drivers Cisco Strategy SP Outcomes
• Bandwidth is growing;
• Reduce TCO
revenue is not Virtualize
• Transform operations
• Web-scale breaks current
cost & design models • Accelerate speed to market
Simplify • Generate new revenue
• Need to grow new
compelling services • Improve customer experience
• Need reductions in both • Mitigate risk

Automate
CAPEX and OPEX, not a
transfer • Application-led, not
infrastructure
• Customer retention Service
• Network as platform for
& relationship critical Focus retention and new services
Transform with a combo SDN, NFV, and traditional Network Products

Disruptive Technologies unlock new Service Models
Allowing Industry to Address new Market Opportunities
Virtual and Physical Simple service models Network Elements Config Roll back,
Service
devices, and device models Drivers, Conf-D, Service Extensions,
Orchestration Cisco and 3rd Party (YANG, XML) and CLI 100,000 Devices
VNF Lifecycle Mgt VNF Smart Licensing VNF Certification of

Network Functions VNFs run in the Cloud
and Service and Pay-as-you-Grow Cisco and 3rd Party
Virtualization or Virtual Branch (x86)
Orchestration Pricing Models VNFs
Tenant Self-Service, Web Scale design, Runs in any cloud, Micro-services, Docker
Cloud Native Monetized offers, Multi-tenant 1,000s, public or private Containers, Kubernetes,
Auto Rendered UI Service Orientation (VIM Independent) Geo-redundancy
Central Device Mgt, Self-healing Networks, Service Creation

Software-Defined REST APIs to OSS/BSS
Secure ID (RBAC), Configuration Guard capable, including
Networking for billing and SLAs
Zero Touch Provision Rails analytics & monitoring
Complete your online session evaluation
Give us your feedback to be entered

into a Daily Survey Drawing.
Complete your session surveys through
the Cisco Live mobile app or on
www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available for viewing
on demand after the event at www.CiscoLive.com/Online.
Continue
your Demos in
the Cisco
Walk-in
self-paced
Meet the
engineer
Related
sessions
education campus labs 1:1
meetings
Thank you
#CLUS
#CLUS
Backup
Viptela SD-WAN
Services
Viptela is the Leader in SD-WAN Innovation
MSX
Enterprise class SD-WAN

that’s Simple to Operate,
Secure, and built for the Cloud
50% Lower Cost 10X More Bandwidth 5X Cloud Performance

• Reduced CapEx and bandwidth expense • No capacity restraints • Application traffic steering delivers
• Reduced OpEx thru simplified • Instantly add bandwidth anytime, blazing performance
Cloud mgt and automation anywhere based on application needs • Self-healing network. Loss, latency,
• Next-gen Service Analytics jitter measured with auto cutover
Viptela SD-WAN Provides Control and Agility
Unique Business Policies, managed simply from the Cloud
Full Mesh
Latency
MSX Cloud Platform
SD-WAN Tunnel
Collaboration
Partial Mesh Controller

Cloud Performance Viptela SD-WAN Tunnel
SD-WAN Business
Fabric Services SD-WAN Enterprise
Router Users
SD-WAN Tunnel
Hub-and-Spoke Best Effort
Security
Traffic
Enterprise Branch Sites

SD-WAN Policies and Business Intent
MPLS, Internet, or 4G/5G network
Managed Service Accelerator (MSX)
Unlocks Multi-service, Multi-tenancy, Multi-vendor for Service Providers
One-time
OSS / BSS
Integration
UI /
API
Managed Services Accelerator (MSX) – One Platform… Many Services
SD-Access SD-Branch Managed SD-WAN Meraki Security Your Service
DNA-C x86 Device here 
Viptela SD-WAN Controllers
Branch, Campus, Extended Campus, IoT

SD-WAN Fabric
Viptela SD-WAN Controllers managed simply by MSX
MSX Micro-service manages Viptela Controllers for the Apple tenant
MSX creates and manages
Viptela SD-WAN Controllers
per tenant:
Tenant
 vManage
 vSmart
 vBond
Viptela Controller placement

options with VMS:
 Public Cloud
 SP Cloud
 Private Cloud
 Hybrid Cloud
Launch Viptela vManage for a specific Tenant
Simply with a single click from MSX
MSX Tenants are simply mapped to Viptela Controllers:
vManage, vSmart, vBond
MSX can cross launch to the

vManage for a Viptela tenant with a
simple click of a button 
Backup
DNA Center
Software Defined
Access (SD-Access)
The Network. Intuitive.
Constantly learning, adapting and protecting.
LEARNING
DNA Center
Policy Automation Analytics
INTENT CONTEXT
Intent-based
Network Infrastructure
SECURITY
Software Defined Access DNA Center
Automation Segmentation Assurance

Identity-based
policy & segmentation
Decoupled security policy definition
from VLAN and IP Address
Automated
network fabric
Single Fabric for Wired & Wireless
with Workflow-based Automation
Insights
& telemetry User mobility
Analytics and insights into Policy stays with user
user and application behavior
IoT network Employee network
DNA Center Platform Unlocks Managed Services
Monetizing and Operationalizing Intent Based Networks
Applications Service Provider OSS/BSS
Managed Service Accelerator
(Cisco MSX, Cisco NSO)
Intent APIs
Domain Controller
Campus, Extended Campus, IoT

SD-Access Fabric
MSX Unlocks Multi-service, Multi-tenancy, Multi-
vendor for Service Providers
One-time
OSS / BSS
Integration
UI /
API
Managed Services Accelerator (MSX) – One Platform… Many Services
SD-WAN SD-Branch Managed SD-Access Meraki Security Your Service
x86 Device DNA-C here 
DNA Center: Domain Controller for

Managed SD-Access
Campus, Extended Campus, IoT

SD-Access Fabric
SD-Access Devices
A single fabric for your digital ready network
Switching Routing Wireless Extension

Catalyst 9400
NEW
ASR-1000-X
NEW
AIR-CT5520
Catalyst 9300
NEW
ASR-1000-HX
AIR-CT8540 Catalyst Digital Building
NEW
NEW
ISR 4430
Catalyst 9500 AIR-CT3504

ISR 4450
Catalyst 3560-CX
ISR 4351 Wave 2 APs (1800, 2800,3800)
Catalyst 4500E Catalyst 6K Nexus 7700 ISR 4331
ENCS 5400**
Catalyst 3850 and 3650 CSRv Wave 1 APs* (1700, 2700,3700) IE Switches** (2K/3K/4K/5K)
*with Caveats
**Future
MSX SDN Demo
Create a new DNA Center SD-Access
global network… in only 10 minutes
Thank you
#CLUS

Brkarc 2259

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brkarc 2259

Uploaded by

Copyright:

Available Formats

#CLUS

In NFV, network functions run as software modules NFV Framework MANO

80% of user workloads moved to Cloud by 2019

5G will generate $247B in service revenue by 2025

85% 87% 94%

Evaluating or using Taken steps towards a Plan to use

“…protect my cloud applications,

“…manage the full

MULTICLOUD SDN / NFV A multicloud approach

Cloud Native Platforms

…to connect, protect, and consume cloud services

SD-WAN Branch mCPE DNA-C SP DC Cloud Meraki Umbrella

• Need reductions in both • Mitigate risk

Transform with a combo SDN, NFV, and Cloud Native products

Network Functions Flexibility with the transformation of SDN Managed NFV

Software-Defined Dynamic market services delivered Cloud Native

Convergence of multiple disruptive technologies has created massive opportunity

Flexibility with the transformation of solution architectures and operations

VNF Lifecycle Mgt VNF Smart Licensing VNF Certification of

Agile service delivery via cloud-enabled services and management

Dynamic market services via tight application and network interaction

Central Device Mgt, Self-healing Networks, Service Creation

Cloud Service Management Automation

Principles Programmable Security

Programmable Physical and Virtual infrastructure

Containerized. Each applications and process is packaged in its

Dynamically orchestrated. Containers are actively scheduled

Microservices-oriented. Applications are segmented into

• Service Analytics and Management Displays

• Zero touch Provisioning

• Lifecycle management of physical and virtual assets

to deliver a rich catalog of

Private Data Center

Cisco or 3rd Party NFVI

Cisco Managed Service

Best of Routing Complete Open for Third Party

Enterprise Network Compute System

ENCS 5100 Series

ENCS 5400 Series

ISRv ASAv/FTD * vWAAS vWLC

Viptela vEdge Windows Server Linux 3rd Party

ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412

Hardware Acceleration for

Lifecycle Management (ESC Lite)

Switch NIC NIM BMC Server Monitoring Agent

• Branch Form factor • LTE modules available on NIMs.

Network Hypervisor Zero-Touch Deployment

Lifecycle Management Service Chaining Open API

Cloud Services Router

Cisco ISRv Positioned as a Branch WAN Services Router

CSR 1000v (Cloud Service Router)

• This Security appliance

Policy Enforcement Point

Cisco IOS XRv 9000

Viptela SD-WAN Router

ACI Virtual Edge

Data Center Switching

Wireless LAN Controller

Virtual form-factor controller for any x86 server with

Option 1: Call Home to Cisco Redirect Service

Customer “ transport https ipv4 198.135.4.159 port 8443 source GigabitEthernet0/0/1”

As Devices are ordered, they can be automatically

Billing Order Infrastructure Applications Monitoring