Upload
trandat
View
228
Download
0
Embed Size (px)
Citation preview
Cloud and NFV Services delivery with Cisco Virtual Packet Edge (Cloud Services Platform) BRKSPG-3864
Peter Weinberger, Principal Engineer
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Session Abstract
Service provider cloud based offerings gain more popularity with an ever increasing set of possible applications. The recent trend to Network Function Virtualization enriches the possible services portfolio to be delivered out of a Service provider datacenter . A scalable and automated way of delivering such cloud services is paramount for service providers who want to be successful in such a service environment. This session will focus on Cisco's new datacenter overlay solution (Virtual Packet Edge) and explain how Service Provider NFV and Virtual Private Cloud services can be easily and effortlessly managed by means of the VPE solution. It will detail the solution's control and data plane components and the service orchestration steps. We will dive into its use of SDN and RESTful APIs, and how virtualized services are spawned, managed throughout their lifecycle and automatically integrated with pre-existing network based VPN offerings (MPLS VPN).
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Cloud Services Platform Solution
Server virtualization & cloud computing has transformed the IT industry
Service providers are now looking at applying virtualization techniques to their service and network offerings to achieve – reductions in expenses
– accelerated service delivery
– deliver new services and service bundles
This has led to massive SP interest in Cloud computing and Network Function Virtualization (NFV)
SP offered Virtual Private Cloud services benefit from NFV
Question to be addressed: How to Automate and Manage Cloud based services delivery that attaches to a standard Service Provider network?
Motivation
5
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
NAT
VM
Firewall
VM
SBC
VM
dDOS
VM
Virus Scan
VM
IPS
VM
DPI
VM
CGN
VM
Portal
VM
PCRF
VM
DNS
VM
DHCP
VM
BRAS
VM
SDN Ctrl.
VM
RaaS
VM
WLC
VM
WAAS
VM
CDN
VM
Caching
VM
NMS
VM
Network Function virtualization Opportunities and Requirements
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
From Cabling to Service
Chaining
Simple Logistics &
Common Sparing
Dynamic & Elastic
Scale
Service
provisioning
from days to
minutes
Seamless Integration with IP
NGN
NAT
VM
Firewall
VM
SBC
VM
dDOS
VM
Virus Scan
VM
IPS
VM
DPI
VM
CGN
VM
Portal
VM
PCRF
VM
DNS
VM
DHCP
VM
BRAS
VM
SDN Ctrl.
VM
RaaS
VM
WLC
VM
WAAS
VM
CDN
VM
Caching
VM
NMS
VM
VM (vPE-F)
VM
“CE”
Server
VM
“CE”
VM
“CE”
VM
“CE”
VM
“CE”
VM
“CE”
VRF
VRF
VRF
Cisco VPP
Cisco
Cloud Services Platform
Automated Cloud Services Delivery for NfV Transition network infrastructure services to virtual workloads
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
VSG
Public Zone
(DMZ) Protected FE Zone 1 Zone 2 Zone 3
S
u
b
-
Z
o
n
e
W
S
u
b
-
Z
o
n
e
X
S
u
b
-
Z
o
n
e
Y
S
u
b
-
Z
o
n
e
Z
Front-end Zones
L3 VPN
Internet
Back-end Zones
vACE vACE vACE
ASA1000v
VPN
Virtualized Compute and DC overlay
Public Internet
L3 VPN
Server VLANS
Firewall Outside VLAN
Firewall Inside, ACE outside VLAN
AS 65522
R
P
R
P
AS 109
ASA-
VPN Front-end VRF
Back-end VRF
Shared/public VLAN
ASA-
FW
WAN Edge
(NGN PE)
Aggregation
Service-
Core
Aggregation
Compute
ASA-
VPN
ASA-
FW
eMBGP
VRF
VRF
eBGP + static redist.
VRF *
*
*
*
*
*
*
*
*
* Tennant L3
Edge (VRF-CE)
L3 VPN Edge
(DC-PE)
L3 VPN Edge
(NGN-PE)
Legacy DC vPE DC
Agility, Scale, Flexible Topologies,
BYOS, Elasticity
Data Center Evolution
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Cisco Cloud Services Platform
9
… an open, standards-based, modular
architecture and platform for services
orchestration
… manages the physical & virtual network,
as well as the compute & storage
infrastructure to deliver carrier-class
services
… which range from VPC to NFV services
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
What are the use cases for SP Virtualization
Virtualization of SP Infrastructure Virtualization of foundation SP infra such as routing and
mobility packet core.
Virtual
Route
Reflector
Virtual PE
Router
NFV for Enterprise Managed Services Virtualization of Network Services that can be delivered as managed
services for enterprise
Virtual
BNG Virtual
EPC Virtual
GiLAN
HERO
Mobile Infra Virtualization
Security-
as-a-
Service
(Virtual
Firewall)
Routing-
as-a-
Service
(Virtual
CE)
…….
SP Cloud Services Platform
Virtual
Private
Cloud
(VPC)
Orchestration
Routing Infra Virtualization
Network Control Compute Control Storage Control
SDN Overlay
Network Service Chaining
L3VPN/Internet
integration
System
Management
High Availability
User Portal / Catalog / NB REST API
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
SP-WAN
Customer
VPC
SP-WAN
Customer
SaaS Cloud
Transit-NFv
SP-WAN
Customer
Legacy Services
RaaS
vBRAS
NETWORK AND APPLICATION
CONNECTIVITY MODELS
WHAT CAN BE VIRTUALIZED?
3-tier Apps, Web Servers, DB Servers, Hadoop Clusters,
Distributed Storage
DPI, Firewall, NAT, Load Balancers, GI-LAN
Applications
IPSec Gateways, SSL VPNs,
vEPC Applications, BRAS/BNG
DNS, Routing, NTP
ENTERPRISE
APPS
TRANSIT
NFV
TERMINATE
NFV
NETWORK
SERVICES
Cisco Cloud Services Platform A flexible multi-tenanted cloud infrastructure for the virtualized data center
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
•Datacenters of varying sizes
•Large number of servers/VMs
•Multi-tenancy
•High bisectional bandwidth within DC
Scale
•Network Virtualization, instant Insertion of network services
•Service Chaining, Services networking
•Robust network availability and redundancy
•Seamless integration with WAN, DCI
Services
•DC Underlay network agnostic
•Add network capacity and load incrementally
•Workload and VM mobility
•Variety of server, access connectivity options, multi-homing
Flexibility
•Network orchestration and operations at scale
•Simplified network, service provisioning for tenants
•Ease of data collection and troubleshooting
•Support for OAM and proactive monitoring
Manageability
Openness •Yang Models
•REST, RESTConf
•BGP
•MPLS-over-GRE, VXLAN,
MPLS-over-UDP, L2TPv3
•OVF, VMDK
•Linux/Ubuntu
•Openstack
•KVM
•Ganglia
•Puppet & Cobbler
Cloud & Data Center Requirements
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Operational Simplicity
• Application Driven
Provisioning
• Integrated Management &
Orchestration
• Central Point of Management
• Custom Extensions
• API & CLI Based
• GUI
Extensible & Flexible Topologies
• L2, L3, Flow Based
Forwarding
• Software Defined Overlays
• Multiple Network Topologies
per Customer
• Multiple Zones per Topology
• Virtual Services and Service
Chaining
System Attributes
• High Performance
• Highly Available
• Scalable
• Multi-Tenant
• Work Conserving
Architecture Highlights
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Carrier Class, Multi-Tenanted Cloud Services Platform
Enterprises
SMBs
Mobile
Users
Residential
Users
SP WAN / VPN
SP Distributed Cloud Datacenters
System Mgmt
(Install/Admin
HA Control)
Orchestration
Security
POD
Virtual Private
Cloud POD Mobility POD
Video/Content
POD
Network Control Compute Control Storage Control
Managed Service
POD
Cisco Cloud
Services
Platform
DC Fabric,
x86 server pool,
storage
DC Fabric,
x86 server pool,
storage
DC Fabric,
x86 server pool,
storage
Orchestrated Service
Provisioning
Elastic Service Control
Tenant Service Catalog
Automated network config
Application driven network
policy
Rich Service Topologies
And service chaining
Integrated cloud service with
SP WAN/VPN
Service monitoring &
Service Assurance
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Vision for E2E Service Orchestration Cross-Domain & Multilayer
16
SP WAN / VPN SP Core
SP DC 2
SP DC 1
EMS WAN OPTIMIZATION CLOUD SERVICES PLATFORM
SERVICES CATALOG
Routing / VPN Mobility Video/ Content Security Virtual Private
Cloud
Managed
Services
Customer Request:
• VPN Access
• Bandwidth
• Secure Internet Access
• Voice
• /w Firewall
• IPSec VPN Access
Packet Optical
Provision WAN/VPN
Services & SLA
Admit Bandwidth
Optimize WAN
Activate & Place
Cloud/NFV services
Cross Domain Orchestration
Transport
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Physical Network
The Data Center
DC Interconnect
(e.g.: ASR 9000)
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Physical Network
Building an Overlay
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Physical Network
Connecting VMs to VPNs
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Physical Network
Connecting VMs to VPNs
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Server-2
Three Tier Fat Tree
Single Tier Access
Aggregation Type Single Tier Full-Mesh
Computer Cluster
Folded Clos
• Many Options for building the underlay
• Provides Fast Reliable Network Connectivity
• Should support P2P and P2MP Capabilities
• Hardware optimized for cost and efficiency
Data Center Fabric – The Underlay Network
DCI
Server 3 Server 2 Server 1
Server 4
SP WAN
(L3VPN, L2VPN,
Internet)
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
VM Foo DB VM Bar
vPE-F
Server 4
L2 L3
Server-2
• Each vPE-f has VRF & L2 tables
• vPE-f populated with MAC entries
• VMs see each other in an L2 segment
• Multi-tenant traffic encapsulated in single transport
tunnel
VM WALMAR
T
VM1 GE-WEB
vPE-f L2/L3 VRF FIB
Virtual Topology
L2
MPLS-over-GRE (or)
VXLAN Tunnels
vPE Intra-Segment Forwarding
Server 3 Server 2 Server 1
DCI
SP WAN
(L3VPN, L2VPN,
Internet)
VM Foo Web VM Bar
vPE-F L2 L3
VM Foo Web VM Foo DB
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
• Each vPE-f has VRF L3 tables
• vPE-f populated with L3 /32 or /128 entries
• vPE-f is first hop router/DHCP Relay
• VMs can reach each other in L3 network
• MT traffic encapsulated in single transport tunnel
vPE Inter-Segment Forwarding
DCI
SP WAN
(L3VPN, L2VPN,
Internet)
Virtual Topology
VM Foo DB VM Bar
vPE-F
Server 4
L3
Server-2
VM WALMAR
T
VM1 GE-WEB
vPE-f L2/L3 VRF FIB
L2
MPLS-over-GRE (or)
VXLAN Tunnels
Server 3 Server 2 Server 1
VM Foo Web VM Bar
vPE-F L3
L3
L3
VM Foo Web VM Foo DB
vPE-F
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Server 2 Server 1
• Network Services could be bump-in-the wire services or
termination services
• Using L2/L3 entries in tables an arbitrary
services topology can be created
• No hair-pinning of traffic as it moves from service to service
• Control Plane responsible for computation of paths and
optimal routing of traffic
• Bring-your-own-Service or choose from Cisco service catalog
vPE Network Function Virtualization
DCI
SP WAN
(L3VPN, L2VPN,
Internet)
Virtual Topology
VM Foo DB VM Bar
vPE-F
Server 4
L3
Server-2
VM WALMAR
T
VM1 GE-WEB
vPE-f L2/L3 VRF FIB
L2
MPLS-over-GRE (or)
VXLAN Tunnels
Server 3
VM Foo Web VM Bar
vPE-F L3
L3
L3
VM Foo FW VM Bar
vPE-F L3 L3
VM Foo Web VM Foo DB
FW
vPE-F
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
• DCI can be either by injecting /32 or aggregates in SP-
WAN MP-BGP
• All VMs default route to DCI for unknown destinations
vPE L3VPN & Internet Access
DCI
SP WAN
(L3VPN, L2VPN,
Internet)
Server 2
Virtual Topology
VM Foo DB VM Bar
vPE-F
Server 4
L3
Server-2
VM WALMAR
T
VM1 GE-WEB
vPE-f L2/L3 VRF FIB
L2
MPLS-over-GRE (or)
VXLAN Tunnels
Server 3
VM Foo Web VM Bar
vPE-F L3
L3
L3
VM Foo FW VM Bar
vPE-F L3 L3
Server 1
VM Foo Web VM Foo DB
FW vPE-F
vPE-F
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
• Network Services can be daisy chained
• No restriction on the number of services in a chain
• Services can be dynamically inserted in the chain
vPE Services in a Chain
DCI
SP WAN
(L3VPN, L2VPN,
Internet)
Server 2
Virtual Topology
VM Foo DB VM Bar
vPE-F
Server 4
L3
Server-2
VM WALMAR
T
VM1 GE-WEB
vPE-f L2/L3 VRF FIB
L2
MPLS-over-GRE (or)
VXLAN Tunnels
Server 3
VM Foo Web VM Bar
vPE-F L3
L3
L3
VM Foo FW VM Bar
vPE-F L3 L3
Server 1
VM Foo Web VM Foo DB
VM Foo NAT VM Bar
vPE-F L3 L3
FW
NAT
vPE-F
vPE-F
vPE-F
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Server 2 Server-2
VM WALMAR
T
VM1 GE-WEB
vPE-f L2/L3 VRF FIB
L2
Server 3
VM Foo Web VM Bar
vPE-F L3 L3
VM Foo FW VM Bar FW
vPE-F L3 L3
Server 1
VM Foo NAT VM Bar NAT
vPE-F L3 L3
vPE Multi-Tenancy, Varied Topologies
DCI
SP WAN
(L3VPN, L2VPN,
Internet)
VM Foo Web VM Foo DB
FW
NAT
vPE-F
vPE-F
vPE-F
FW
vPE-F
NAT
vPE-F
vPE-F
VM Foo DB VM Bar
vPE-F
Server 4
L3 L3
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Components of Cisco vPE Solution
Virtual Systems Operations Center (vSOC) Extensible Service Orchestrator
vSOC
Virtual Packet Edge Forwarder (vPE-F) – Light weight forwarding element per Server
vPEF
CSR 1000 for NAT and DPI & RaaS, vASA, vEPC, GI-LAN et al future
NfV Services
e.g: ASR9k, Nexus 7k - Physical PE (DC WAN Gateway)
DC WAN Gateway
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
VM (vPE-F)
VM
“CE”
Data
to DC Fabric
Server
VM
“CE”
VM
“CE”
VM
“CE”
VM
“CE”
VM
“CE”
VRF
R VRF
Y
VRF
G
• Light weight, high performance software forwarding plane
• Provides highly optimized forwarding in x86 environment
• Runs once on each server
• Contains a unique forwarding context per tenant
• Provides per-tenant L3, L2 and PBR forwarding for service chaining
• Provides IP routed and L2 P2P transport
• Provides DHCP relay, ARP function
• Programmed by vSOC Controller using YANG over RESTConf
All forwarding controlled centrally
Granular L3 and L2 forwarding entries
N-tuple match
Control
channel
to vSOC
Virtual Packet Edge Forwarder (VPE-F)
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
VPE-F Deployment Modes
The patch panel provides a virtual point-to-point connection from the tenant VMs to
the vPE-f dataplane
Patch panel is an Open Vswitch (OVS) running as host kernel module configured
for Point-to-point connectivity without Mac learning
VM deployment model: easy portable, high performance
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Sticky &
Symmetric Load-
Balancing
VPE-F
L3 IP stack and Forwarding – IPv6
– IPv4 (ARP, ICMP, etc.)
– VRF aware FIBs for all address families
– un-equal-cost multipath forwarding
– ARP/ND Proxy
– DHCPv6 Relay
L2 Forwarding – VLAN crossconnect
– L2 P2P
– L2 Bridging
Load-Balancing – Sticky load balancing onto stateful services (e.g. firewall)
Tenant Encapsulation – Ethernet
– 802.1q (single-tag) VLAN sub-interfaces
Network Encapsulation – Routed: GREoIPv4, MPLS-o-GREoIPv4
– L2 Forwarded: L2tpv3 L2 cross-connect
Capabilities
34
VM (vPE-F)
VM VM
L2 XC VRF
G
DHCP relay
agent
VM
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
VM (vPE-F)
VPE-F
Routed Service
– IPv6 Network stack towards tenant VM
– ICMPv6
– Neighbor Discovery
– Router Solicitations
– Router Advertisement source link layer address and
MTU options only
– MLDPv2 to indicate membership in the all-
nodes and all-routers multicast groups
– DHCPv6 Relay with interface ID option
IPv6 Capabilities
35
VM VM
L2 XC VRF
G
Layer 2 Transport service
Layer 2 VLAN Crossconnect
Point-to-Point
Layer 2 Transport over L2TPv3 over IPv6
– See: draft-mkonstan-l2tpext-keyed-ipv6-tunnel-00
DHCPv6
relay agent
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
vSOC – Virtual Systems Operations Center
Controller - brains of the system
Management Function (north) – Operator or Customers configures all the network
elements and policies (topology, zone, service policies)
Provisioning Function (south) – Communicates with vPEF to program the forwarding
tables – Communicates with VM Orchestrator implementation
(OpenStack) to manage VM resources – Communicates with DCI to interwork with SP network
Orchestrator Function (glue) – State machine w/ the ability to modify and extend
behavior using trigger points and scripts. – Continuous health monitoring of VM Subsystem and
Network – Initiates all ISSU, VM-mobility and fault management
actionn
System Mgmt
(Install/Admin
HA Control)
Orchestration
Network Control Compute Control Storage Control
Tenant Setup: – Topology
– Zones, Networks
VM Management: service VM lifecycle management & elasticity
IP Address and Name resolution
Routing Control and Data plane setup in Physical (DC Edge) and logical forwarders (v-PEF)
Service chains
Service policies (VNF configuration)
Monitoring of Compute & Service VM
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Virtual Systems Operations Center
System Management (vSOC-CC)
Packaging & Install
HA Manager
ISSU Manager
Underlay Config
Assurance & FM
POD Connectivity
Control Components (vSOC)
Network Control (SDN)
DCI Routing
DCI Configuration
VM Discovery
IP Address Services
Virtual Topology Mgr
Service OAM & FM
Compute Control (NFv Orchestration)
VM Management
Service Lifecycle
Service Configuration
Network Attach
Service Scale
Elasticity
CFS: NFv/vPC Topology, Service Template Catalog, Service Management API
Storage Control
No(SQL) Database
Persistent Store
NAS, SAN, Object DB
Cloud Service Orchestration
REST APIs
GUI
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Essential vSOC Components
Model driven Workflow Engine • Prime Active Catalog: An aggregation layer where RFSs (Resource Facing Services) are bundled
together to form CFSs (Customer/Consumption Facing Services). Prime Active Catalog publishes the CFSs via its northbound REST API and orchestrates the delivery of the various RFSs which make up a CFS through the execution of transactions on the CFSs.
• Prime Order Management: Is a workflow system which implements workflows as required by RFSs.
• Secure REST NB API with RBAC support
VM Management and Elastic Services Control: • VM Deployment and VM Lifecycle management • VM Monitoring & VM Recovery • Scale up/down of VM based on elasticity criteria
Routing Controller : • Populates routing table on vPE-Forwarders using YANG API • Propagates routes to DCI router using BGP speaker thru’ XR/VR
Service Configuration Manager • Configures DHCP Server • Configures Service VMs e.g. ACL, Firewall, etc. on CSR • Configures DCI router for L3VPN VRF & MPLSoGRE tunnel for connection to vPE-f
DHCP Server: DHCP mapping with Option 82 for multi-tenancy
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
vSOC Architecture characteristics
Modular and Loosely Coupled
Model Driven and Workflow based Orchestration
Well-defined Interface between Components
Extensible and Reusable Components
Multi-tenant Architecture with Role based Access control
Easy to Deploy and Maintain
Scalable, Secure, and Highly Available Components
Abstracted Customer Facing Services (CFS) model
System Management (vSOC-CC)
Packaging & Install HA Manager
ISSU Manager
Underlay Config Assurance & FM
POD Connectivity
Control Components (vSOC)
Network Control (SDN)
DCI Routing DCI Configuration
VM Discovery
IP Address Services Virtual Topology Mgr
Service OAM & FM
Compute Control (NFv Orchestration)
VM Management Service Lifecycle
Service Configuration
Network Attach
Service Scale
Elasticity
CFS: NFv/vPC Topology, Service Template Catalog, Service Management API
Storage Control
No(SQL) Database Persistent Store
NAS, SAN, Object DB
Cloud Service Orchestration
REST APIs
GUI
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Cluster Installation
Cluster Monitoring
Cluster Admin
Functions
Cluster High
Availability
• Packaging
• Zero Touch Install
• Policy Based Declarative Install
• System Underlay Inventory
• Software Versioning
• Compatibility matrix
• ISSU
• Fault Detection
• NIC Failure Detection & Recovery
• Server/VM Failure recovery
• Control VM Switch over
• NIC Teaming, bonding and Redundancy
• DCI Redundancy
• Storage HA
• Service Assurance
• Server Monitoring
• Control Plane VM Monitoring
• NIC Monitoring
• Storage Monitoring
• Process Monitoring
• VIP Monitoring
• DCI Monitoring
• NAGIOS
• System Log Management
• Time synchronization
• Name Resolution
• Service Access Protocol
Tunneling
• License Management
• Crypto Key Management
• Backup and Restore
• Storage Management
VSOC - System Management Overview (cluster controller)
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
VSOC VM Management and Elastic Services Control
Elastic Services Controller
Provisioning
Configuration
Monitoring
Service Catalog Entry
Configuration
Recipe
Provisioning
Recipe
Monitoring
Recipe
Provisioning
VM Disk Images - can be several images in a topology
Virtual CPUs, MEMORY– resource requirements for service
Network – NIC interface type & network topology/configuration (basic or complex)
Hypervisor - supported hypervisors for this service
Configuration Puppet/Chef- Service has a puppet/chef
agent that allows it to have it’s configuration pushed to the VM after boot-up
Inject – Orchestration system can inject the configuration into the VM image file-system at provision time
Monitoring SNMP- service has an SNMP agent &
metrics that can be monitored
Ganglia - service has a ganglia agent & metrics that can be monitored
PING – service has no monitoring support so is deemed to be alive when VM responds to pings
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Server 2 Server-2
VM WALMAR
T
VM1 GE-WEB
vPE-f L2/L3 VRF FIB
L2
Server 3
VM Foo Web VM Bar
vPE-F L3 L3
VM Foo FW VM Bar FW
vPE-F L3 L3
Server 1
VM Foo NAT VM Bar NAT
vPE-F L3 L3
Solution OAM
DCI
SP WAN
(L3VPN, L2VPN,
Internet)
• Monitoring at different levels
• Data Plane OAM for Service
Assurance
• Path monitoring for fault
detection
• VPE-F data interface
reachability tracking from
VSOC
• End-to-end path monitoring
• Service Instance OAM -
VPE-F to VM reachability
• Data uplink OAM - VPE-F
data link, first-hop physical
switch/router
• Transport OAM - VPE-F -
VPE-F/DCI
• Service chain ping,
traceroute
VSOC Cluster
Control
OAM
VSOC VM elastic
services control
OAM
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Server 1
Virtual Private Cloud to VPN mapping
Server 3
Multi-Tenant Data Center
Tenant 1
VM 1
Tenant 2
VM 1
vPEF
VRF2
VRF1
Data Center
Network IP NGN
MPLS-VPN
VRF1
VRF2
VRF3
DC gateway Provider Network
Server 1
Server 2
Tenant 1
VNF 1
Tenant 2
NNF 1
vPEF
Tenant 1
VNF 2
Tenant 2
VNF 3
vPEF
VRF2 VRF1 VRF2 VRF1
Tunnels MPLSoGRE, L2TPv3, VXLAN etc
BGP
CLI, XML, NC/YANG
Elastic network
services
Elastic tenant
Workloads/VMs
REST APIs
YANG over RESTConf
System Mgmt
(Install/Admin
HA Control)
Orchestration
Network Control Compute Control Storage Control
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
SIMPLY DEFINE THE SERVICE PARAMETERS
Define CPU, Memory, Network Interfaces, Horizontal Scale
Factor, Elasticity, Disk Storage, Persistency Requirements,
Network Zones, Zone Connectivity, External Zones, Managed Zones,
Transit NFv Appliances, Terminate NFv Appliances, Service Topology Definition, Service Chain Definition,
Multi-Path Requirements
Tenant Identifier, Tenant Specific VPN Identifier, L3VPN & L2VPN
Extended Communities, Organization Definition, Global
Tenant Specific IP Address Pools
NETWORK
PROFILE
TENANT
PROFILE
COMPUTE &
STORAGE
PROFILE
Provisioning a Service
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Customer Experience - GUI
Single portal for customers to login and provision their network and application VMs
Each customer can create multiple topologies
Traffic for a topology could come from Internet, existing L3VPN network, L2VPN network
Topology composed of multiple zones
Inter zonal traffic subjected to one or more services (FW, NAT, DPI, Load Balancer)
Ability to provide pre-packaged end application services such as Web Server, Video Server, Mail Server, Database Servers, Hadoop Cluster, etc
Design template library and custom network topology templates for provisioning ease.
BYOS – Ability for customers to bring their own service appliances
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Customer Experience - GUI
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Customer Experience – Designer
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Video POD (Cloud DVR) Security POD
Mobility POD (vEPC/Gi-LAN)
Enterprise App 3 Tier POD
Managed Services POD
Data Plane
Prime NSC Components
Video Streamer 3rd Party / Others
VXLAN/MPLSoGRE
vPE System Management (vSOC-CC)
Packaging & Install
HA Manager
ISSU Manager
Underlay Config
Assurance & FM
POD Connectivity
vPE Control Components (vSOC)
vPE Network Control
DCI Routing
DCI Configuration
VM Discovery
IP Address Services
Virtual Topology Mgr
Service OAM & FM
vPE Compute Control
VM Management
Service Lifecycle
Service Configuration
Network Attach
Service Scale
Elasticity
CFS: NFv/vPC Topology, Service Template Catalog, Service Management API
vPE Storage Control
No(SQL) Database
Persistent Store
NAS, SAN, Object DB
Service Chaining
Data Plane OAM
DCI Integration
DHCP Relay
ARP and ARP Proxy
Port & VM Monitor
IPv4, IPv6 Forwarding
Firewall
NAT
DPI
Video Streamer
DNS
vBRAS
Router as a Service
NTP
Video Streamer
SGW/PGW/MME
NFv Services
3rd Party
Transcoder
Cloud Services Platform SUmmary
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Key Solution Highlights
End to end Solution offering
Based on Open, standards-based
interfaces
Highest performance virtual forwarder
Virtual forwarder in a VM isolates network failure domain from
compute
Overlay architecture independent of
underlying fabric
Self Service model and automated network config enables zero touch provisioning
Service configuration integrated with Solution
Elastic Service management
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Call to Action…
Visit the World of Solutions:-
Cisco Campus
Walk-in Labs
Technical Solutions Clinics
Meet the Engineer
Lunch Time Table Topics, held in the main Catering Hall
Recommended Reading: For reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2014
51
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPG-3864 Cisco Public
Complete your online session evaluation
Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt
Complete Your Online Session Evaluation
52