SDN IN DATA CENTER, SP AND TELCO
TODAY: RUNNING NETWORK IN SILOS
DEVOPS FOR PROGRAMMABLE NETWORKPEOPLE – PROCESS - TOOLS
Architecture Design Implementation Operation
MULTI-DOMAIN RESOURCE & SERVICE ORCHESTRATIONData Center and/or CloudData Center and/or Cloud WANWAN CampusCampus
ServiceOverlayNetwork(L2 or L3)
ServiceOverlayNetwork(L2 or L3)
PE
PE
ServiceOverlayNetwork(L2 or L3)
ServiceOverlayNetwork(L2 or L3)
PE
PE
PE
NFV:vPE, vRouter,vFirewall, vIPS
NFV:vPE, vRouter,vFirewall, vIPS
L2/L3Switching/Routing
L2/L3Switching/Routing
L2/L3 Overlay – L2VPN/L3VPNEdge/Core Routing
L2/L3 Overlay – L2VPN/L3VPNEdge/Core Routing
L2/L3 Overlay – L2VPN/L3VPNCampus Routing/Switching
L2/L3 Overlay – L2VPN/L3VPNCampus Routing/Switching
Controller-baseController-baseController-baseController-baseController-baseController-base
Policy Driver Programmable Network –Fixed & Wireless: ZTD, QoS, ACL
Policy Driver Programmable Network –Fixed & Wireless: ZTD, QoS, ACL
WAN Analytic Engine for Optimization –Traffic Optimization, Demand EngineeringWAN Analytic Engine for Optimization –Traffic Optimization, Demand Engineering
Policy Driven Data Center Fabric –Elastic Services, Service Chains,
Fabric/Overlay Control
Policy Driven Data Center Fabric –Elastic Services, Service Chains,
Fabric/Overlay Control
Workflow Management & OrchestrationWorkflow Management & Orchestration
THE “WHOLE STACK” VIEW
Source: Cisco Live BRKSDN-2760
Software Defined Data Center
NEXT GENERATION DATA CENTER?
• Multi-tenancy with Virtualization• Cloud Based Services (XaaS)• End-to-end Tenant Segmentation• Highly Scalable DC Fabric• Overlay Based for L2 Mobility• Programmable Fabric• Single Point of Management• Self Service for Customer/Tenant• Full Automation with DevOps• Multi Data Center Interconnect• Open Standard, Open Protocols,
Multi-Vendors Environment
• Multi-tenancy with Virtualization• Cloud Based Services (XaaS)• End-to-end Tenant Segmentation• Highly Scalable DC Fabric• Overlay Based for L2 Mobility• Programmable Fabric• Single Point of Management• Self Service for Customer/Tenant• Full Automation with DevOps• Multi Data Center Interconnect• Open Standard, Open Protocols,
Multi-Vendors Environment
SCALABLE MULTI-TIER DC FABRIC
Spine
Super-Spine
Leaf
Spine
Tiered networks provide predictable performance
Layer-3
VXLAN OverlayVXLAN OverlayVXLAN OverlayVXLAN Overlay
VXLAN INTEGRATED OVERLAY
• Extend Layer 2 across Layer-3 boundaries• Enables Seamless Virtual Machine Mobility• Removes VLAN Scalability issues
VTEPVTEP VTEPVTEP VTEPVTEP VTEPVTEP VTEPVTEP
Layer-3
Layer-2
VxLAN BGP EVPN Fabric
Custom automation tooling throughopen APIs
Overlay provisioning and managementsystem through Cisco Virtual TopologySystem (VTS) integrated with a group
based policy model
Application CentricInfrastructure
DB DB
Web Web App Web App
CISCO OPTIONS FOR DATA CENTER FABRICProgrammable NetworkProgrammable Fabric
VTSCreation Expansion
Fault MgmtReporting
Connection
VxLAN BGP EVPN Fabric
Custom automation tooling throughopen APIs
Overlay provisioning and managementsystem through Cisco Virtual TopologySystem (VTS) integrated with a group
based policy model
Web Web App Web App
Turnkey integrated solution withsecurity, centralized management,
compliance and scale
Automated application centric-policymodel with embedded security
Broad and deep ecosystem
Modern NX-OS with enhanced NX-APIs
DevOps toolset used for NetworkManagement
(Puppet, Chef, Ansible etc.)
VxLAN-BGP EVPNstandard-based
3rd party controller support
Cisco Controller for softwareoverlay provisioning and
management across N2K-N9K
Automation, API’s, Controllers and Tool-chain’s
AUTOMATION ‘AND’ OPERATIONS
CONTINUOUS INTEGRATION
ORCHESTRATION &MANAGEMENT (O&M)
Operations involves a full life cycle of infrastructure andapplication management?
FCAPS ‘AND’ AUTOMATIONProgrammable Network
Modern NX-OS with enhanced NX-APIs
DevOps toolset used for Network Management(Puppet, Chef, Ansible etc.)
Customer Script based Operations and Workflows
Application CentricInfrastructure
Turnkey integrated solution with security, centralizedmanagement, compliance and scale
Automated application centric-policy model with embeddedsecurity
Broad and deep ecosystem
Programmable Fabric
Integrated stackOr
A-la-carte Automation
Streamlined Workflow Management
VTSCreation Expansion
Fault MgmtReporting
Connection
Modern NX-OS with enhanced NX-APIs
DevOps toolset used for Network Management(Puppet, Chef, Ansible etc.)
Customer Script based Operations and Workflows
ExternalTools
Turnkey integrated solution with security, centralizedmanagement, compliance and scale
Automated application centric-policy model with embeddedsecurity
Broad and deep ecosystem
FaultFault
AccountingAccounting
PerformancePerformance
SecuritySecurity
ConfigurationConfiguration
IntegratedTools
Integrated stackOr
A-la-carte Automation
Streamlined Workflow Management
ExternalTools
IntegratedTools
SDN IN DATA CENTER WITH APIC OR VTSOrchestrationOrchestration
APICAPICVirtual
TopologyController
VirtualTopologyController
VMVMVMVMAVSAVS
x86 Server
Bare MetalApp
Bare MetalApp
VLANVxLAN
DCIASR-9K / N7K
DCIASR-9K / N7K
VxLAN
VMVMVMVMVTFVTF
x86 Server
Bare MetalApp
Bare MetalApp
VLANVxLAN
DCIASR-9K / N7K
DCIASR-9K / N7K
VxLANContainersContainers
ContainersContainers
VLANVLAN
CISCO ACI: SDN IN DATA CENTER
Single Point of ManagementSingle Point of ManagementWithout a Single Point of FailureWithout a Single Point of Failure
APICAPIC• Hardware (Nexus 9000) and
software (APIC) working hand inhand
• Network virtualization +abstraction to decouple networkconstructs from applicationpolicies
• Simplify provisioning, operatingthrough relational object-model
• Fully programmable (REST API,Python bindings) APIC Cluster
Distributed, Synchronized, Replicated
• Hardware (Nexus 9000) andsoftware (APIC) working hand inhand
• Network virtualization +abstraction to decouple networkconstructs from applicationpolicies
• Simplify provisioning, operatingthrough relational object-model
• Fully programmable (REST API,Python bindings)
WebServersWebServers
vLAN 666
L3L3
FWFW
SLBSLBSSLSSL
vLAN 111
vLAN 222
wwwwww wwwwww wwwwww
vLAN 444
FWFW
switch1(config)#switch1(config)# int eth 1/1switch1(config)# switch mode accswitch1(config)# switch acc vlan 666switch1(config)# no shut
switch1(config)#switch1(config)# int eth 1/1switch1(config)# switch mode accswitch1(config)# switch acc vlan 666switch1(config)# no shut
router(config)#router(config)# int eth 1router(config)# ip add 6.6.6.1 255.255.255.0router(config)# not shutrouter(config)# int eth 2router(config)# ip addr 1.1.1.1 255.255.255.0router(config)# no shutrouter(config)# router eigrp 100router(config)# network 6.6.6.0 mask 255.255.255.0router(config)# network 1.1.1.0 mask 255.255.255.0router(config)# ip route 0.0.0.0 0.0.0.0 6.6.6.254
router(config)#router(config)# int eth 1router(config)# ip add 6.6.6.1 255.255.255.0router(config)# not shutrouter(config)# int eth 2router(config)# ip addr 1.1.1.1 255.255.255.0router(config)# no shutrouter(config)# router eigrp 100router(config)# network 6.6.6.0 mask 255.255.255.0router(config)# network 1.1.1.0 mask 255.255.255.0router(config)# ip route 0.0.0.0 0.0.0.0 6.6.6.254
switch2(config)#switch2(config)# int eth 1/2 - 3switch2(config)# switch mode accswitch2(config)# switch acc vlan 111switch2(config)# no shut
switch2(config)#switch2(config)# int eth 1/2 - 3switch2(config)# switch mode accswitch2(config)# switch acc vlan 111switch2(config)# no shut
fw1(config)#fw1(config)# int eth 0/1fw1(config)# nameif outside 0fw1(config)# int eth 0/2fw1(config)# nameif webfront 20fw1(config)# object network webfront_vipfw1(config)# host 6.6.6.6fw1(config)# static (webfront,outside) 1.1.1.6fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 80fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 443fw1(config)# access-group outside_web in interface outside
fw1(config)#fw1(config)# int eth 0/1fw1(config)# nameif outside 0fw1(config)# int eth 0/2fw1(config)# nameif webfront 20fw1(config)# object network webfront_vipfw1(config)# host 6.6.6.6fw1(config)# static (webfront,outside) 1.1.1.6fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 80fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 443fw1(config)# access-group outside_web in interface outside
switch3(config)#switch3(config)# int eth 1/4 - 5switch3(config)# switch mode accswitch3(config)# switch acc vlan 222switch3(config)# no shut
switch3(config)#switch3(config)# int eth 1/4 - 5switch3(config)# switch mode accswitch3(config)# switch acc vlan 222switch3(config)# no shut
vLAN 333
switch4(config)#switch4(config)# int eth 1/6switch4(config)# switch mode accswitch4(config)# switch acc vlan 333switch4(config)# no shutswitch4(config)# int eth 1/7 - 9switch4(config)# switch mode accswitch4(config)# switch acc vlan 333switch4(config)# no shut
switch4(config)#switch4(config)# int eth 1/6switch4(config)# switch mode accswitch4(config)# switch acc vlan 333switch4(config)# no shutswitch4(config)# int eth 1/7 - 9switch4(config)# switch mode accswitch4(config)# switch acc vlan 333switch4(config)# no shut
switch5(config)#switch5(config)# int eth 1/10 - 11switch5(config)# switch mode accswitch5(config)# switch acc vlan 444switch5(config)# no shutswitch5(config)# int eth 1/11 - 15switch5(config)# switch mode accswitch5(config)# switch acc vlan 555switch5(config)# no shutswitch5(config)# monitor session 1 source vlan 555switch5(config)# monitor session 1 dest eth 1/16
switch5(config)#switch5(config)# int eth 1/10 - 11switch5(config)# switch mode accswitch5(config)# switch acc vlan 444switch5(config)# no shutswitch5(config)# int eth 1/11 - 15switch5(config)# switch mode accswitch5(config)# switch acc vlan 555switch5(config)# no shutswitch5(config)# monitor session 1 source vlan 555switch5(config)# monitor session 1 dest eth 1/16
slb1 (CONFIG)probe http http-probeinterval 30expect status 200 200rserver host websrvr1description foo web serverip address 3.3.3.1inservice
rserver host websrvr2description foo web serverip address 3.3.3.2inservice
rserver host websrvr3description foo web serverip address 3.3.3.3inservice
serverfarm host FOOWEBFARMprobe http-proberserver websrvr1 80inservice
rserver websrvr2 80inservice
rserver websrvr3 80inservicecrypto generate key 1024 fooyou.keycrypto csr-params testparms
country USstate Californialocality San Joseorganization-name fooorganization-unit youcommon-name www.fooyou.comserial-number crisco123
crypto generate csr testparms fooyou.keycrypto import ftp 12.13.14.15 anonymous fooyou.cerparameter-map type ssl SSL_PARAMETERS
cipher RSA_WITH_RC4_128_MD5version TLS1
ssl-proxy service FOOWEB_SSLkey fooyou.keycert fooyou.cer
class-map match-all FOOSSL_VIP_CLASS2 match virtual-address 2.2.2.22 tcp eq https
policy-map type loadbalance first-match L7-SSL-MATCHclass L7_WEBsticky-serverfarm sn_cookie
policy-map multi-match FOOWEB-VIPclass FOOWEB_VIP_CLASSloadbalance vip inserviceloadbalance policy FOOWEB-MATCHloadbalance vip icmp-replyloadbalance vip advertise active
class FOOSSL_VIP_CLASSloadbalance vip inserviceloadbalance policy FOOSSL-MATCHloadbalance vip icmp-replyloadbalance vip advertise activessl-proxy server FOOWEB_SSL
interface vlan 222service-policy input FOOWEB_SSL
slb1 (CONFIG)probe http http-probeinterval 30expect status 200 200rserver host websrvr1description foo web serverip address 3.3.3.1inservice
rserver host websrvr2description foo web serverip address 3.3.3.2inservice
rserver host websrvr3description foo web serverip address 3.3.3.3inservice
serverfarm host FOOWEBFARMprobe http-proberserver websrvr1 80inservice
rserver websrvr2 80inservice
rserver websrvr3 80inservicecrypto generate key 1024 fooyou.keycrypto csr-params testparms
country USstate Californialocality San Joseorganization-name fooorganization-unit youcommon-name www.fooyou.comserial-number crisco123
crypto generate csr testparms fooyou.keycrypto import ftp 12.13.14.15 anonymous fooyou.cerparameter-map type ssl SSL_PARAMETERS
cipher RSA_WITH_RC4_128_MD5version TLS1
ssl-proxy service FOOWEB_SSLkey fooyou.keycert fooyou.cer
class-map match-all FOOSSL_VIP_CLASS2 match virtual-address 2.2.2.22 tcp eq https
policy-map type loadbalance first-match L7-SSL-MATCHclass L7_WEBsticky-serverfarm sn_cookie
policy-map multi-match FOOWEB-VIPclass FOOWEB_VIP_CLASSloadbalance vip inserviceloadbalance policy FOOWEB-MATCHloadbalance vip icmp-replyloadbalance vip advertise active
class FOOSSL_VIP_CLASSloadbalance vip inserviceloadbalance policy FOOSSL-MATCHloadbalance vip icmp-replyloadbalance vip advertise activessl-proxy server FOOWEB_SSL
interface vlan 222service-policy input FOOWEB_SSL
fw2(config)#fw2(config)# int eth 0/1fw2(config)# nameif webfront 20fw2(config)# int eth 0/2fw2(config)# nameif appfront 50fw2(config)# object network appfarm_vipfw2(config)# host 5.5.5.5fw2(config)# nat (appfront,webfront) static 4.4.4.4fw2(config)# access-list web_to_app permit tcp any host 4.4.4.4 eq 8081
fw2(config)#fw2(config)# int eth 0/1fw2(config)# nameif webfront 20fw2(config)# int eth 0/2fw2(config)# nameif appfront 50fw2(config)# object network appfarm_vipfw2(config)# host 5.5.5.5fw2(config)# nat (appfront,webfront) static 4.4.4.4fw2(config)# access-list web_to_app permit tcp any host 4.4.4.4 eq 8081
HOW WE DEPLOYMULTI-TIER
APPLICATIONSTODAY
DBServersDBServers
vLAN 444
AppServersAppServers
SLBSLB
appapp appapp
FWFW
dbdb dbdb
IDS/IPSIDS/IPS
vLAN 555
IDS/IPSIDS/IPS
vLAN 777
switch5(config)#switch5(config)# int eth 1/10 - 11switch5(config)# switch mode accswitch5(config)# switch acc vlan 444switch5(config)# no shutswitch5(config)# int eth 1/11 - 15switch5(config)# switch mode accswitch5(config)# switch acc vlan 555switch5(config)# no shutswitch5(config)# monitor session 1 source vlan 555switch5(config)# monitor session 1 dest eth 1/16
switch5(config)#switch5(config)# int eth 1/10 - 11switch5(config)# switch mode accswitch5(config)# switch acc vlan 444switch5(config)# no shutswitch5(config)# int eth 1/11 - 15switch5(config)# switch mode accswitch5(config)# switch acc vlan 555switch5(config)# no shutswitch5(config)# monitor session 1 source vlan 555switch5(config)# monitor session 1 dest eth 1/16
switch6(config)#switch6(config)# int eth 1/16 - 19switch6(config)# switch mode accswitch6(config)# switch acc vlan 777switch6(config)# no shutswitch6(config)# monitor session 1 source vlan 777switch6(config)# monitor session 1 dest eth 1/20
switch6(config)#switch6(config)# int eth 1/16 - 19switch6(config)# switch mode accswitch6(config)# switch acc vlan 777switch6(config)# no shutswitch6(config)# monitor session 1 source vlan 777switch6(config)# monitor session 1 dest eth 1/20
slb1 (CONFIG)probe http http-probeinterval 30expect status 200 200rserver host websrvr1description foo web serverip address 3.3.3.1inservice
rserver host websrvr2description foo web serverip address 3.3.3.2inservice
rserver host websrvr3description foo web serverip address 3.3.3.3inservice
serverfarm host FOOWEBFARMprobe http-proberserver websrvr1 80inservice
rserver websrvr2 80inservice
rserver websrvr3 80inservicecrypto generate key 1024 fooyou.keycrypto csr-params testparms
country USstate Californialocality San Joseorganization-name fooorganization-unit youcommon-name www.fooyou.comserial-number crisco123
crypto generate csr testparms fooyou.keycrypto import ftp 12.13.14.15 anonymous fooyou.cerparameter-map type ssl SSL_PARAMETERS
cipher RSA_WITH_RC4_128_MD5version TLS1
ssl-proxy service FOOWEB_SSLkey fooyou.keycert fooyou.cer
class-map match-all FOOSSL_VIP_CLASS2 match virtual-address 2.2.2.22 tcp eq https
policy-map type loadbalance first-match L7-SSL-MATCHclass L7_WEBsticky-serverfarm sn_cookie
policy-map multi-match FOOWEB-VIPclass FOOWEB_VIP_CLASSloadbalance vip inserviceloadbalance policy FOOWEB-MATCHloadbalance vip icmp-replyloadbalance vip advertise active
class FOOSSL_VIP_CLASSloadbalance vip inserviceloadbalance policy FOOSSL-MATCHloadbalance vip icmp-replyloadbalance vip advertise activessl-proxy server FOOWEB_SSL
interface vlan 222service-policy input FOOWEB_SSL
slb1 (CONFIG)probe http http-probeinterval 30expect status 200 200rserver host websrvr1description foo web serverip address 3.3.3.1inservice
rserver host websrvr2description foo web serverip address 3.3.3.2inservice
rserver host websrvr3description foo web serverip address 3.3.3.3inservice
serverfarm host FOOWEBFARMprobe http-proberserver websrvr1 80inservice
rserver websrvr2 80inservice
rserver websrvr3 80inservicecrypto generate key 1024 fooyou.keycrypto csr-params testparms
country USstate Californialocality San Joseorganization-name fooorganization-unit youcommon-name www.fooyou.comserial-number crisco123
crypto generate csr testparms fooyou.keycrypto import ftp 12.13.14.15 anonymous fooyou.cerparameter-map type ssl SSL_PARAMETERS
cipher RSA_WITH_RC4_128_MD5version TLS1
ssl-proxy service FOOWEB_SSLkey fooyou.keycert fooyou.cer
class-map match-all FOOSSL_VIP_CLASS2 match virtual-address 2.2.2.22 tcp eq https
policy-map type loadbalance first-match L7-SSL-MATCHclass L7_WEBsticky-serverfarm sn_cookie
policy-map multi-match FOOWEB-VIPclass FOOWEB_VIP_CLASSloadbalance vip inserviceloadbalance policy FOOWEB-MATCHloadbalance vip icmp-replyloadbalance vip advertise active
class FOOSSL_VIP_CLASSloadbalance vip inserviceloadbalance policy FOOSSL-MATCHloadbalance vip icmp-replyloadbalance vip advertise activessl-proxy server FOOWEB_SSL
interface vlan 222service-policy input FOOWEB_SSL
fw2(config)#fw2(config)# int eth 0/1fw2(config)# nameif webfront 20fw2(config)# int eth 0/2fw2(config)# nameif appfront 50fw2(config)# object network appfarm_vipfw2(config)# host 5.5.5.5fw2(config)# nat (appfront,webfront) static 4.4.4.4fw2(config)# access-list web_to_app permit tcp any host 4.4.4.4 eq 8081
fw2(config)#fw2(config)# int eth 0/1fw2(config)# nameif webfront 20fw2(config)# int eth 0/2fw2(config)# nameif appfront 50fw2(config)# object network appfarm_vipfw2(config)# host 5.5.5.5fw2(config)# nat (appfront,webfront) static 4.4.4.4fw2(config)# access-list web_to_app permit tcp any host 4.4.4.4 eq 8081slb2 (CONFIG)rserver host appsrvr1description foo app serverip address 5.5.5.1inservice
rserver host appsrvr2description foo app serverip address 5.5.5.2inservice
rserver host appsrvr3description foo app serverip address 5.5.5.3inservice
serverfarm host FOOAPPFARMprobe http-proberserver appsrvr1 8081inservice
rserver appsrvr2 8081inservice
rserver appsrvr3 8081inserviceclass-map type http loadbalance match-any FOO_APP
2 match http virtual-address 4.4.4.44 tcp eq 8081class-map match-all FOO_APP_VIP_CLASSpolicy-map type loadbalance first-match FOO_APP-MATCH
class FOO_APPsticky-serverfarm sn_cookie
policy-map multi-match FOO_APP-VIPclass FOO_APP_VIP_CLASSloadbalance vip inserviceloadbalance policy FOO_APP-MATCHloadbalance vip icmp-replyloadbalance vip advertise active
slb2 (CONFIG)rserver host appsrvr1description foo app serverip address 5.5.5.1inservice
rserver host appsrvr2description foo app serverip address 5.5.5.2inservice
rserver host appsrvr3description foo app serverip address 5.5.5.3inservice
serverfarm host FOOAPPFARMprobe http-proberserver appsrvr1 8081inservice
rserver appsrvr2 8081inservice
rserver appsrvr3 8081inserviceclass-map type http loadbalance match-any FOO_APP
2 match http virtual-address 4.4.4.44 tcp eq 8081class-map match-all FOO_APP_VIP_CLASSpolicy-map type loadbalance first-match FOO_APP-MATCH
class FOO_APPsticky-serverfarm sn_cookie
policy-map multi-match FOO_APP-VIPclass FOO_APP_VIP_CLASSloadbalance vip inserviceloadbalance policy FOO_APP-MATCHloadbalance vip icmp-replyloadbalance vip advertise active
fw3(config)#fw3(config)# int eth 0/1fw3(config)# nameif appfront 70fw3(config)# int eth 0/2fw3(config)# nameif dbfront 90fw3(config)# object network db_clusterfw3(config)# host 7.7.7.7fw3(config)# nat (dbfront,appfront) static 5.5.5.50fw3(config)# access-list web_to_app permit tcp any host 5.5.5.50 eq 1433
fw3(config)#fw3(config)# int eth 0/1fw3(config)# nameif appfront 70fw3(config)# int eth 0/2fw3(config)# nameif dbfront 90fw3(config)# object network db_clusterfw3(config)# host 7.7.7.7fw3(config)# nat (dbfront,appfront) static 5.5.5.50fw3(config)# access-list web_to_app permit tcp any host 5.5.5.50 eq 1433
HOW WE DEPLOYMULTI-TIER
APPLICATIONSTODAY
HOW WE DEPLOY SERVICES WITH CISCO ACI
Capacity DashboardDrag and Drop Configuration
APIC PROVIDES FULL FCAPS
Troubleshooting WizardsApp Health Score
CISCO VTS: SDN ACROSS NEXUS PORTFOLIO
vCentervCenter
REST API
GUIGUI
Automated Provisioning• Group Based Policy model• Overlay Provisioning• Service Chaining
Automated Provisioning• Group Based Policy model• Overlay Provisioning• Service Chaining
Open, Standards Based• Rest based Northbound APIs• Multi-protocol support (EVPN, VXLAN)• Multi-Hypervisor, Bare Metal, Container
Open, Standards Based• Rest based Northbound APIs• Multi-protocol support (EVPN, VXLAN)• Multi-Hypervisor, Bare Metal, Container
VTS
Nexus PortfolioNexus 2k – 9k
Programmable Fabric
Scalable Multi-Tenancy• MP-BGP EVPN control plane• Physical and Virtual overlay support• High performance virtual forwarding
Scalable Multi-Tenancy• MP-BGP EVPN control plane• Physical and Virtual overlay support• High performance virtual forwarding
Automated Provisioning• Group Based Policy model• Overlay Provisioning• Service Chaining
Automated Provisioning• Group Based Policy model• Overlay Provisioning• Service Chaining
Open, Standards Based• Rest based Northbound APIs• Multi-protocol support (EVPN, VXLAN)• Multi-Hypervisor, Bare Metal, Container
Open, Standards Based• Rest based Northbound APIs• Multi-protocol support (EVPN, VXLAN)• Multi-Hypervisor, Bare Metal, Container
Overlay Management• Automatic Topology Discovery• Resources Management• Overlay monitoring and troubleshooting
Overlay Management• Automatic Topology Discovery• Resources Management• Overlay monitoring and troubleshooting
VXLAN EVPN FABRIC WITH MP-IBGPIP transport devices.
HW VTEPs run iBGP sessions with thededicated XRv route reflectors.
Spine
VXLAN OverlayMP-iBGP EVPN
IOS-XR MP-BGP RRDeploy a pair for HA
UCSUCSVTFVTF
Cisco Virtual TopologyForwarder
DCIDCI
VTEPVTEPVTEPVTEPVTEPVTEP VTEPVTEP VTEPVTEP
eBGP Peering
VTEPVTEP
UCSUCS UCSUCSXRvXRv XRvXRv
FULLY AUTOMATEDCISCO PROGRAMMABLE NETWORK
DevOps Tooling
Operations
SECURITY STORAGE
Open APIs
OptimizedMobility
POAP
Interoperable
Development
NETWORK COMPUTE
DEV OPS
ARCHITECT
DEVELOPER
QA
Next Gen DC Fabric
PXE ONIELinux/PythonDaemon
NXAPI
AUTOMATION ‘AND’ OPERATIONS –CISCO OPTIONS
WorkloadOrchestration
WorkloadOrchestration
API
API
WorkloadOrchestration
WorkloadOrchestration Workload
OrchestrationWorkload
OrchestrationDeviceMgmtDeviceMgmt
Audit,Capacity,
Fault
Audit,Capacity,
Fault
Audit,Capacity,
Fault
Audit,Capacity,
Fault
Programmable NetworkProgrammable FabricApplication CentricInfrastructure
HW SwitchesHW Switches
SDN Controller(Provisioning)SDN Controller(Provisioning)
WorkloadOrchestration
API
API
VirtualSwitchesVirtual
Switches
VM
OS
HW SwitchesHW Switches VirtualSwitchesVirtual
Switches
Integrated SDN Controller and FCAPSManagement
Integrated SDN Controller and FCAPSManagement
API
API
VM
OS
API
API
Hardware SwitchesHardware Switches
Agents and DirectDevice Access
Agents and DirectDevice Access
WorkloadOrchestration
DeviceMgmtDeviceMgmt
Audit,Capacity,
Fault
Audit,Capacity,
Fault
Audit,Capacity,
Fault
Audit,Capacity,
Fault
Device/Fabric
Mgmt
Device/Fabric
Mgmt
ACI – OPENSTACK INTEGRATION
2
OpenStack Tenant(Performs step 1,4) Instantiate VMs
WebWeb WebWebWebWebWebWeb AppAppAppApp4
Create Application NetworkProfile
1
DBDB DBDB
HYPERVISOR HYPERVISOR HYPERVISOR
NOVANEUTRON
Automatically PushNetwork Profiles toAPIC
L/BL/BEPGEPGAPPAPP
EPGEPGDBDBF/WF/W
L/BL/B
EPGEPGWEBWEB
Application Network Profile
2
ACI Admin(manages physical
network, monitors tenantstate)
L/BL/BEPGEPGAPPAPP
EPGEPGDBDBF/WF/W
L/BL/B
EPGEPGWEBWEB
Application Network Profile
Create Application Policy
3
5 ACIFabric
Push Policy
Automatically PushNetwork Profiles toAPIC
APICAPIC
SpineSpine SpineSpine
Cisco VTSCisco VTS
Create TenantNetworks
11
VNID assigned foreach network
33
Tenent and TenantNetworks Created
22
REST API
VXLAN
VXLAN
NX-API, CLI,YANG
VTS provisions VTEP, VLANfor each VTEP and EVPN on
ToR/VTF66
VTS – OPENSTACK WORKFLOW #1
ToRToR ToRToR ToRToR
HypervisorHypervisor
VMVM
x86 Server
OpenStack Tenant View
HypervisorHypervisor
VMVM
x86 Server
VTEPVTEP VTEPVTEP
HypervisorHypervisor
VMVMVMVM
x86 Server
VTEP
VNID assigned foreach network
Attach VMto Network
44
VM Host info capturedby VTS and mapped to
the right ToR & ToR portusing topology database
55
Neutron agent modified torequest VLAN information
from VTS beforeprogramming vSwitch
77
VLAN
VLANVLANVLAN
SpineSpine SpineSpine
Cisco VTSCisco VTSREST API
VXLAN
VXLAN
NX-API, CLI,YANG
VTS provisions L3 VXLAN(distributed L2/L3) , Anycast
gateway with EVPN
99
VTS – OPENSTACK WORKFLOW #2
24
ToRToR ToRToR ToRToR
HypervisorHypervisor
VMVM
x86 Server
OpenStack Tenant View
HypervisorHypervisor
VMVM
x86 Server
VTEPVTEP VTEPVTEP
HypervisorHypervisor
VMVMVMVM
x86 Server
VTEP
VLAN
VLANVLANVLAN
Create routerand attach
interfaces totenant
networks
88
WHAT DOES BIG SWITCH DO?Help you get from Here to There
We build SDNSoftware...
(to reduce Complexity)
... That runs on Bare Metal Switch HW(White box or Dell/HP/Juniper branded)
(to reduce cost)
... To monitor networksand build cloud fabrics
(to deliver cost-effectiveProduction-grade SDN)
BIG SWITCH – BIG CLOUD FABRICBIG CLOUD FABRIC
CONTROLLER
HierarchicalControl Plane
1 3
SPINE SWITCHES(32x40G)
2
COMPUTE WORKLOADSERVICES & CONNECTIVITY
RACKSCOMPUTE WORKLOAD
LEAF SWITCHES(48x10G+6x40G)
Physical&
VirtualWorkloads
10G/40G Links
HYPERSCALE NETWORKING OVERVIEWLeaf-Spine Architecture – Core and POD
Hyper-scale DataCenter Scale-outApproach Optimized for multi-vendor
data center networks
Optimized for atomic unitsof automation
Optimized for rapidadoption offaster/better/cheapertechnologies
CORE
AGGREGATIONCORE
Pod v1
Pod v2
Pod v3
Hyper-scale DataCenter Scale-outApproach Optimized for multi-vendor
data center networks
Optimized for atomic unitsof automation
Optimized for rapidadoption offaster/better/cheapertechnologies
RACK MRACK NRACK 1
EDGE
N-TIER DATA CENTER DESIGN
(Traditional Approach)
CORE-AND-POD DESIGN
(Hyper-scale Approach)
Pod vN
RACK NRACK 1INGRESS/EGRE
SS
CLI AND GUI ARE REST CLIENTS! tenanttenant BLUElogical-routerroute 0.0.0.0/24 tenant systeminterface segment web
ip address 10.1.1.254/24
interface segment appip address 10.1.3.254/24
segment webmember-port-group pg-bm0 vlan 20
segment appmember-port-group pg-bm5 vlan 40
CLI
GUI
! tenanttenant BLUElogical-routerroute 0.0.0.0/24 tenant systeminterface segment web
ip address 10.1.1.254/24
interface segment appip address 10.1.3.254/24
segment webmember-port-group pg-bm0 vlan 20
segment appmember-port-group pg-bm5 vlan 40
OpenStack Horizon GUI
bash$ curl -X PUT -d '{"interface": "ethernet14", "switch": "lab-leaf1b", "vlan": -1}'' http://10.1.7.4:8080/api/v1/data/controller/applications/bvs/tenant[name="tenant1"]/segment[name="web"]/switch-port-membership-rule[interface="ethernet14"][switch="lab-leaf1b"]
bash$ curl -X PUT -d '{"interface": "ethernet14", "switch": "lab-leaf1b", "vlan": -1}'' http://10.1.7.4:8080/api/v1/data/controller/applications/bvs/tenant[name="tenant1"]/segment[name="web"]/switch-port-membership-rule[interface="ethernet14"][switch="lab-leaf1b"]
REST API
BIG SWITCH – SINGLE PANE OF GLASS
• Single pane of glassfor networkmonitoring andmanagement
• User can choosebetween CLI and/orGUI
• GUI and CLI areREST clients
Big Cloud FabricController
• Single pane of glassfor networkmonitoring andmanagement
• User can choosebetween CLI and/orGUI
• GUI and CLI areREST clients
RACK NRACK N-1RACK 2RACK 1INGRESS/EGRES
S
2
3
41
BIG SWITCH – OPENSTACK INTEGRATION
3
SDN in Service Providers
ENTERPRISECUSTOMERSARE GOING WITHINTERNET ASTRANSPORT!
SDN + OVERLAY FOR WAN
Source: Viptela
MODULAR ARCHITECTURE FOR SERVICEPROVIDER NETWORK OPTIMISATION
Cross Domain Orchestrator (RFS)Cross-DomainOrchestration
ModularComponents
WANOptimisation
WANProvisioning
Virtual
PhysicalProgrammable Network
Storage NetworkComputeMulti-
VendorWorld-ClassInfrastructure
ModularComponents
OpenArchitecture
Open Daylight
PROGRAMMING WAN LOAD BALANCING
WAN Analytic Engine PlatformRESTful APIs
Problem:SP needs to efficiently use expensiveresources (high cost links).
Solution:The most expensive networkresources are fully optimized byWAN Analytic Engine assigning bestload share metrics.
① Network conditions reportedto collector, accessible to App
② App determines LSP imbalance andrequests WAN Analytic Engine torecalculate LSP load share metrics
③ WAN Analytic Engine computesnew load share metrics
④ WAN Analytic Engine programs newload share metrics for LSPs
2
TE TunnelBuilder App 3WAN Analytic Engine Platform
ProgrammingCollection
1
DataCenter
WAN
R1
TE TunnelBuilder App
PCEP/NCS 4
Situation Mature MPLS VPN market (CAGR = 5-7%) Strong adoption by enterprises (large, medium) SMB Market expansion opportunity
Mature MPLS VPN market (CAGR = 5-7%) Strong adoption by enterprises (large, medium) SMB Market expansion opportunity
Increasing adoption of Public Cloud services (workloads shifting) Price Pressure: IT cost reduction plans TTM too long Competitive Pressure
Increasing adoption of Public Cloud services (workloads shifting) Price Pressure: IT cost reduction plans TTM too long Competitive Pressure
EVOLVING THE VPN SERVICES OFFERING
EnhanceAgility
IncreaseRevenue
£$¥€£$¥€
Complication
Proposal
Increasing adoption of Public Cloud services (workloads shifting) Price Pressure: IT cost reduction plans TTM too long Competitive Pressure
Increasing adoption of Public Cloud services (workloads shifting) Price Pressure: IT cost reduction plans TTM too long Competitive Pressure
Cloud Based Managed Services SolutionIntegration of Cloud, CPE, VPN, 4G/WifiSP Private WAN and/or Internet
Cloud Based Managed Services SolutionIntegration of Cloud, CPE, VPN, 4G/WifiSP Private WAN and/or Internet
EnhanceAgility
DecreaseOpEx
Cisco CloudVirtualPrivate Cloud Public Cloud
MANAGED SERVICES – PREMISE TO VIRTUAL
Cloud
Network Functions from the CloudVirtual Network
Functions
CloudApplicationContainers Applications from the Cloud
Cisco Cloud SP Private Cloud
Premise
L3“classic”
L2 NID
Network Functions on the CPE
L3 CPE + x86on premise
L3 CloudManaged
Simple L3CPE
vRouter onX86 on prem
Network Functions
Network Secure IP Overlays MPLS Layer 2 VPN Intelligent/Hybrid
SERVICE PROVIDER BENEFITSVIRTUAL MANAGED SERVICES
Web-based ServiceInterface
automates serviceordering AND activation
Enterprise-gradeNetwork & Security Servicesextended to multiple markets
78%LowerOPEX
Plug & Play Installreduces or eliminates truck rolls
Web-based ServiceInterface
automates serviceordering AND activation
Enterprise-gradeNetwork & Security Servicesextended to multiple markets
Automated Service LifecycleManagement dramaticallyreduces operating costs
010100100
010100100 200%Improved
ROISource: ACG Research: Business Case for Virtual Managed Services – Sept 2014
VIRTUAL MANAGED SERVICESKEY COMPONENTS
VIRTUAL MANAGED SERVICESSIMPLE WORKFLOW
SELF-SERVICE PORTALFOR END CUSTOMER AND ADMINISTRATOR
MANAGED SERVICES EVOLUTIONOPTION 1: CLOUD VPN, VCPE (+ OTHER VNFS) IN THE CLOUD
PEPE PEPE
PEPE
• Simplification of the branchBasic routingL2 switching
• Primarily an SP play
• Service moves to SP DCVirtualizedDCs spread across infrastructure
• BenefitsReduced equipment costsReduced onsite effortMore flexibility
IP/MPLSPEPE PEPE
PEPESP Data Centre
• Simplification of the branchBasic routingL2 switching
• Primarily an SP play
• Service moves to SP DCVirtualizedDCs spread across infrastructure
• BenefitsReduced equipment costsReduced onsite effortMore flexibility
IP/MPLS
FLEXIBLE SERVICECHAIN TOPOLOGIES
vIPVPN with BYOD, FW, RA, WebSec,ngIPS- vFW with NAT and FW policy.- vFW with IPSec/SSL remote accessincl. remote end-host security postureverification.- vISE for BYOD svc auth (AAA, trust-sec label to IP binding)- vWSA for Enhanced Web Security-vNG-IPS (SourceFire) for advancedthreat protection and real-timecontextual awareness
5
vWSA
vFW
vNG-IPS
vR
CPE
CPE
CPE
vISE
InternetRouter
vNG-IPS
5
vIPVPN with BYOD, FW, RA, EmailSec- vFW with NAT and FW policy.- vFW with IPSec/SSL remote accessincl. remote end-host security postureverification.- vESA for Critical Information Protection(inbound and outbound Emails)
4
vESA
vFWvR
CPE
CPE
CPE
InternetRouter
DMZ
emailserver?
4
vIPVPN with BYOD, FW and RA- vFW with NAT and FW policy.- vFW with IPSec/SSL remoteaccess incl. remote end-hostsecurity posture verification.- vISE for BYOD svc auth (AAA,trust-sec label to IP binding)
2
vFWvR
CPE
CPE
CPE
InternetRouter
vISE
2
vIPVPN with FW and RA- vFW with NAT and FW policy.- vFW with IPSec/SSL RemoteAccess (RA) incl. remote end-hostsecurity posture verification.
1
vFWvR
CPE
CPE
CPE
InternetRouter
1
vWSA
vESA
vISE
vNG-IPS
vFW
vDDoSweb securityapplianceemail securityappliance
identity servicesengine
fire wall
intrusion protectionsystemddos mitigationservices
vR
vLB
InternetRouter
router
load balancer
InternetRouter
Packet service nodes
L2L3
Termination points
tunnellocal link
Packet links
unclassifiedBYOD AAAhttp requestsemail (inside&outside)DDoS threat
IPSec/SSLIPS threat
Packet flows
vFW
vDDoS
vR
CPE
CPE
CPE
vISE
InternetRouter
vWSA
6vIPVPN with BYOD, FW, RA, WebSec, DDoS- vFW with NAT and FW policy.- vFW with IPSec/SSL remote access incl.remote end-host security posture verification.- vISE for BYOD svc auth (AAA, trust-sec labelto IP binding)- vWSA for Enhanced Web Security- vDDoS (Radware DefensePro) for volumetricand application DDoS visibility and mitigationservices
6
vIPVPN with BYOD, FW, RA, WebSec,ngIPS- vFW with NAT and FW policy.- vFW with IPSec/SSL remote accessincl. remote end-host security postureverification.- vISE for BYOD svc auth (AAA, trust-sec label to IP binding)- vWSA for Enhanced Web Security-vNG-IPS (SourceFire) for advancedthreat protection and real-timecontextual awareness
5
vWSA
vFW
vNG-IPS
vR
CPE
CPE
CPE
vISE
InternetRouter
vNG-IPS
5
vIPVPN with BYOD, FW, RA, WebSec- vFW with NAT and FW policy.- vFW with IPSec/SSL remote accessincl. remote end-host security postureverification.- vISE for BYOD svc auth (AAA, trust-sec label to IP binding)- vWSA for Enhanced Web Security
3
vWSA
vFWvR
CPE
CPE
CPE
vISE
InternetRouter
3
vWSA
vIPVPN with BYOD, FW and RA- vFW with NAT and FW policy.- vFW with IPSec/SSL remoteaccess incl. remote end-hostsecurity posture verification.- vISE for BYOD svc auth (AAA,trust-sec label to IP binding)
2
vFWvR
CPE
CPE
CPE
InternetRouter
vISE
2
Service Provider Datacenter
UserSelf
Service
Create
Deliver
Operate
Optimize
cisco
Network
Compute
Storage
Service Design
Create
Deliver
Operate
Optimize
cisco
Service Design
My DeploymentsMy Designs
Deploy
Deployment Wizard
Select Scope
Engineering
New Folder
Testing OperatorSelf Service
RESTfulNC/YANGRESTful
NC/YANG
BSSSystems
BSS APINC/YANGBSS API
NC/YANG
Cross DomainOrchestrator
servicemodelsservicemodels
devicemodelsdevicemodels
databasedatabase
RestfulNC/YANG
RestfulNC/YANG
servicetopologyservice
topology
NC/YANGREST
NC/YANGREST
VirtualInfra
LifecycleDriv
erD
river
CLOUD BASED MANAGED SERVICESSAMPLE ARCHITECTURE
Service Provider DatacenterService Provider Datacenter
vRoutervRouterOther Network
ServicesOther Network
Services
vIntrusionProtectionvIntrusionProtection
vWeb FiltervWeb Filter
CustomerService
ChainvFirewallvFirewall
VRDriver
VRDriver
vFWDrivervFWDriver
vIPSDrivervIPSDriver
vWebdrivervWebdriver
vSecEmailDriver
vSecEmailDriver
MPLSPE
Driver
MPLSPE
Driver
Config &OperationConfig &Operation
MPLSMPLS
L3 CPEL3 CPE
SSHSSHZTDZTD
Internet
RESTfulRESTful
CLIvia SSH
CLIvia SSH
Config &OperationConfig &Operation
Discovery& Call Home
Discovery& Call Home
L3 CPEL3 CPEL3 CPEL3 CPE
L3 CPEL3 CPE
NetflowNetflow
Cross DomainOrchestrator device
modelsdevicemodels
OpenStackVIM
OpenStackVIM
O/Scomponent
APIs
O/Scomponent
APIs
MANAGED SERVICES EVOLUTIONOPTION 2: ON-PREMISE VCPE
PEPE PEPE
PEPE
• Overlay VPNs at branch
• SP and Enterprise play
• Functionality moves to branchSecurityContentWAN Performance monitoringEncryption etc.
• BenefitsReduced WAN costsLocal service breakoutLAN services
OverlayPEPE PEPE
PEPESP/EnterpriseData Centre
• Overlay VPNs at branch
• SP and Enterprise play
• Functionality moves to branchSecurityContentWAN Performance monitoringEncryption etc.
• BenefitsReduced WAN costsLocal service breakoutLAN services
Overlay
DELIVERING SERVICES TO THE BRANCHTODAY’S APPROACHES
Good
Best in breed
Customer choice
Modular build-out
Drawbacks
Environmental (space / power / wiring)
Onsite + complex installation
Truck rolls
Rack and StackGood
Best in breed
Customer choice
Modular build-out
Drawbacks
Environmental (space / power / wiring)
Onsite + complex installation
Truck rolls
Benefits
Fully integrated solution
No truck roll
Simpler environmental
Drawbacks
Reduced customer choice
Upfront hardware investment
Software inter-dependencies
Integrated Branch Solution
VIRTUAL CPE ORCHESTRATIONCENTRALLY ORCHESTRATED BRANCH LEVEL NFV SOLUTION
NFV and Service ChainOrchestration
NFV and Service ChainOrchestration
User & Operator portalUser & Operator portal
VNF EMS / NMS /Controller
VNF EMS / NMS /Controller
• Central portal Infrastructure
• Central NFV and Service Chain Orchestrator
• Central VNF EMS / NMS / ControllerDifferent choice depending on VNF
• Service Life Cycle Monitor at vCPE (x86)Local life cycle management
• x86 capability at the branchIP networkIP network
X86 entity vRouter vFW vIPS VNFs
• Central portal Infrastructure
• Central NFV and Service Chain Orchestrator
• Central VNF EMS / NMS / ControllerDifferent choice depending on VNF
• Service Life Cycle Monitor at vCPE (x86)Local life cycle management
• x86 capability at the branch
vRoutervCPE_WAN vCPE_LAN
Basic Internet(routing - ISP / NAT)
VNF SERVICE CHAIN PROFILES EXAMPLE
vRouter vFirewallvCPE_WAN
vFilter
vCPE_Private
vCPE_LAN
vRouter vFirewallvCPE_WANvCPE_Private
vCPE_LAN
Internet Security(routing + firewall)
Advanced Internet(routing + firewall +URL filtering)
DELIVERING SERVICES TO THE BRANCHIMPACT OF VIRTUAL CPE ORCHESTRATION
NFV OrchestrationNFV Orchestration
User & Operator portalUser & Operator portal
VNF EMS / NMS /Controller
VNF EMS / NMS /Controller
Benefits
Best in breed appliances
Customer choice
Service agility and elasticity
Can be Zero touch deployment
No truck rolls for new services
IP networkIP network
vCPE node vRouter vFW vIPS VNFs
Benefits
Best in breed appliances
Customer choice
Service agility and elasticity
Can be Zero touch deployment
No truck rolls for new services
Drawbacks
Upfront hardware costs
On-boarding of new services
Another component to manage
Support models
Performance / efficiency (needfurther investigation)
CLOUD VPN VS. ON-PREMISE VCPE
• Depends on latency• Depends on access
connectivity to DC• VNF on central location:
Enterprise applications• VNF on-premise: firewall/NAT
(if there is local breakout),QoS, WAN opt
• Cloud VPN: VNF density,higher performance
• On-premise vCPE: HWresource efficiency, more VAS
• Depends on latency• Depends on access
connectivity to DC• VNF on central location:
Enterprise applications• VNF on-premise: firewall/NAT
(if there is local breakout),QoS, WAN opt
• Cloud VPN: VNF density,higher performance
• On-premise vCPE: HWresource efficiency, more VAS
NFV and Service ChainOrchestration platformNFV and Service ChainOrchestration platform
VM config and controlVM config and control
VNF NMS/EMS
VM config and controlVM config and controlVNF config and controlVNF config and control
NFV orchestrationAnd management
User & Operator portalUser & Operator portal
BEST OF BOTH WORLDS
Overlay orIP/MPLS
Overlay orIP/MPLS
Single Server(KVM)
Single Server(KVM)
VMVM
Service Life CycleManagement
Service Life CycleManagement
Branch SP Data Center
Access circuit
Virtual n/wVirtual n/w
VMVM
VMVMVMVM
computecomputecomputecompute computecomputecomputecompute computecompute
VMVMVMVM VMVMVMVM
Virtual n/wVirtual n/w
Service Life Cycle ManagementService Life Cycle Management
OpenStackOpenStack
PortalCreate
Deliver
Operate
Optimize
cisco
Network
Compute
Storage
Service Design
ZTDZTD
1000s of sites1 or 2 servers< 10 VMsRemote and unreliable connectivity
1 or 2 sites1000s of servers1000s of VMsHighly reliable connectivity
END USER PORTAL #1
END USER PORTAL #2
END USER PORTAL #3
END USER PORTAL #4
END USER PORTAL #5
SDN in Mobility / Telco
ConsumerBroadband
Femto / Wi-Fi
Macro2G/3G/4G
•• Network ServicesNetwork Services•• Firewall / NATFirewall / NAT•• Video/TrafficVideo/Traffic OptimisationOptimisation•• Enhanced ChargingEnhanced Charging•• Content FilteringContent Filtering•• IMS ServicesIMS Services•• Header EnrichmentHeader Enrichment•• Application Det & OptApplication Det & Opt•• Traffic Control and ReportingTraffic Control and Reporting
Control FunctionControl FunctionHSS / AAAHSS / AAA
API GWAPI GWAnalyticsAnalytics AbstractionAbstractionPolicyPolicyANDSF, PCRFANDSF, PCRF
Mobile TerminationMobile Termination
RAN AnalyticsRAN Analytics
Small Cell SONSmall Cell SON Macro SONMacro SONHybrid SONOptimisationOptimisation && MonetisationMonetisation
Small CellSmall CellGWsGWs
OrchestrationOrchestrationService Fulfillment / CatalogService Fulfillment / CatalogService Lifecycle ControllersService Lifecycle Controllers
OrchestratorsOrchestrators OrchestratorsOrchestrators
vGiLANvGiLANvEPCvEPC
SDN AND NFV IN MOBILITY #1
3rd PartyApps
EnterpriseSmall Cell
3G/4G/WiFi
ConsumerBroadband
Femto / Wi-Fi IPIPTransportTransport
•• Network ServicesNetwork Services•• Firewall / NATFirewall / NAT•• Video/TrafficVideo/Traffic OptimisationOptimisation•• Enhanced ChargingEnhanced Charging•• Content FilteringContent Filtering•• IMS ServicesIMS Services•• Header EnrichmentHeader Enrichment•• Application Det & OptApplication Det & Opt•• Traffic Control and ReportingTraffic Control and Reporting
CLOUD VIRTUALISATIONCLOUD VIRTUALISATION
Small CellsSmall Cells OptimisedOptimised BHBHOptimisedOptimised CoreCore
WiWi--Fi IntegrationFi IntegrationGi/SGi LAN ServicesGi/SGi LAN Services
Consumer andEnterprise Wired
Access
Broadband TerminationBroadband Termination
S/PS/P--GW + MMEGW + MMESmall CellSmall Cell
GWsGWs
BNGBNG
Internet
3rd PartyApps
OperatorApps
PROGRAMMING IP TRANSPORT OPTIMIZATION
WAN Analytic Engine PlatformRESTful APIs
Problem:A mobile provider needs to ensurelow latency for high priority traffic,even in the event of a fibre cut
Solution:WAN Analytic Engine assigns new TEmetrics based on measured latency,thereby routing LSPs according tolowest latent paths
① Real-time data collectionreveals latency at L3 accessible toApp (caused by fibre cut / opticalfailover)
② App requests TE Metric change onL3 circuits routed over L1 link
③ WAN Analytic Engine computesnew TE metric that will decreaselatency of traffic
④ WAN Analytic Engine programs TEmetric change using PCEP, causingLSPs to reroute
2
3
LatencyReducerApp WAN Analytic Engine Platform
ProgrammingCollection
① Real-time data collectionreveals latency at L3 accessible toApp (caused by fibre cut / opticalfailover)
② App requests TE Metric change onL3 circuits routed over L1 link
③ WAN Analytic Engine computesnew TE metric that will decreaselatency of traffic
④ WAN Analytic Engine programs TEmetric change using PCEP, causingLSPs to reroute
1
R1 R2
3
Ra Rb
Rc
O1 O2
High latency!
PCEP
IP TransportLSP
4
LatencyReducerApp
ConsumerBroadband
Femto / Wi-Fi
Macro2G/3G/4G
•• Network ServicesNetwork Services•• Firewall / NATFirewall / NAT•• Video/TrafficVideo/Traffic OptimisationOptimisation•• Enhanced ChargingEnhanced Charging•• Content FilteringContent Filtering•• IMS ServicesIMS Services•• Header EnrichmentHeader Enrichment•• Application Det & OptApplication Det & Opt•• Traffic Control and ReportingTraffic Control and Reporting
Control FunctionControl FunctionHSS / AAAHSS / AAA
API GWAPI GWAnalyticsAnalytics AbstractionAbstractionPolicyPolicyANDSF, PCRFANDSF, PCRF
Mobile TerminationMobile Termination
RAN AnalyticsRAN Analytics
Small Cell SONSmall Cell SON Macro SONMacro SONHybrid SONOptimisationOptimisation && MonetisationMonetisation
Small CellSmall CellGWsGWs
OrchestrationOrchestrationService Fulfillment / CatalogService Fulfillment / CatalogService Lifecycle ControllersService Lifecycle Controllers
OrchestratorsOrchestrators OrchestratorsOrchestrators
vGiLANvGiLANvEPCvEPC
SDN AND NFV IN MOBILITY #2
3rd PartyApps
EnterpriseSmall Cell
3G/4G/WiFi
ConsumerBroadband
Femto / Wi-Fi IPIPTransportTransport
•• Network ServicesNetwork Services•• Firewall / NATFirewall / NAT•• Video/TrafficVideo/Traffic OptimisationOptimisation•• Enhanced ChargingEnhanced Charging•• Content FilteringContent Filtering•• IMS ServicesIMS Services•• Header EnrichmentHeader Enrichment•• Application Det & OptApplication Det & Opt•• Traffic Control and ReportingTraffic Control and Reporting
CLOUD VIRTUALISATIONCLOUD VIRTUALISATION
Small CellsSmall Cells OptimisedOptimised BHBHOptimisedOptimised CoreCore
WiWi--Fi IntegrationFi IntegrationGi/SGi LAN ServicesGi/SGi LAN Services
Consumer andEnterprise Wired
Access
Broadband TerminationBroadband Termination
S/PS/P--GW + MMEGW + MMESmall CellSmall Cell
GWsGWs
BNGBNG
Internet
3rd PartyApps
OperatorApps
NFV FOR MOBILE CORE: VEPC
CISCO VEPC DEPLOYMENT MODELS
Source: Cisco Live BRKSPM-2125
VEPC: CENTRALIZED, DISTRIBUTED, TACTICAL
Source: Cisco Live BRKSPM-2125
ConsumerBroadband
Femto / Wi-Fi
Macro2G/3G/4G
•• Network ServicesNetwork Services•• Firewall / NATFirewall / NAT•• Video/TrafficVideo/Traffic OptimisationOptimisation•• Enhanced ChargingEnhanced Charging•• Content FilteringContent Filtering•• IMS ServicesIMS Services•• Header EnrichmentHeader Enrichment•• Application Det & OptApplication Det & Opt•• Traffic Control and ReportingTraffic Control and Reporting
Control FunctionControl FunctionHSS / AAAHSS / AAA
API GWAPI GWAnalyticsAnalytics AbstractionAbstractionPolicyPolicyANDSF, PCRFANDSF, PCRF
Mobile TerminationMobile Termination
RAN AnalyticsRAN Analytics
Small Cell SONSmall Cell SON Macro SONMacro SONHybrid SONOptimisationOptimisation && MonetisationMonetisation
Small CellSmall CellGWsGWs
OrchestrationOrchestrationService Fulfillment / CatalogService Fulfillment / CatalogService Lifecycle ControllersService Lifecycle Controllers
OrchestratorsOrchestrators OrchestratorsOrchestrators
vGiLANvGiLANvEPCvEPC
SDN AND NFV IN MOBILITY #3
3rd PartyApps
EnterpriseSmall Cell
3G/4G/WiFi
ConsumerBroadband
Femto / Wi-Fi IPIPTransportTransport
•• Network ServicesNetwork Services•• Firewall / NATFirewall / NAT•• Video/TrafficVideo/Traffic OptimisationOptimisation•• Enhanced ChargingEnhanced Charging•• Content FilteringContent Filtering•• IMS ServicesIMS Services•• Header EnrichmentHeader Enrichment•• Application Det & OptApplication Det & Opt•• Traffic Control and ReportingTraffic Control and Reporting
CLOUD VIRTUALISATIONCLOUD VIRTUALISATION
Small CellsSmall Cells OptimisedOptimised BHBHOptimisedOptimised CoreCore
WiWi--Fi IntegrationFi IntegrationGi/SGi LAN ServicesGi/SGi LAN Services
Consumer andEnterprise Wired
Access
Broadband TerminationBroadband Termination
S/PS/P--GW + MMEGW + MMESmall CellSmall Cell
GWsGWs
BNGBNG
Internet
3rd PartyApps
OperatorApps
SERVICE FUNCTION CHAIN (SFC)
• The service-layer abstraction provides the semantic how for service graphtraversal (can be enabled by IETF SFC/NSH)
• Nodes are network functions (physical or virtual) and edges indicate thedirection, order and sequence of the flow of traffic through those chains
How SP and Telco Buy NetworkToday: Network FunctionVirtualization Infrastructure (NFVI)
How SP and Telco Buy NetworkToday: Network FunctionVirtualization Infrastructure (NFVI)
Virtualized NetworkFunction, actual NFapplication (ex. vFR,
vCPE,vLB)
Virtualized NetworkFunction, actual NFapplication (ex. vFR,
vCPE,vLB)
Traditional ElementManager
Traditional ElementManager
Lifecycle mgmt for VFNs(upgrade, scale,
termination, etc.)
Lifecycle mgmt for VFNs(upgrade, scale,
termination, etc.)
Orchestration of overallsolution
Orchestration of overallsolutiondeployment templates,
forwarding graph, service-relatedinformation
deployment templates,forwarding graph, service-related
information
OSS (CMDB, Montoring,Alarming, IPAM/DNS/DHCP)
BSS (CRM, Billing, OrderMgmt)
OSS (CMDB, Montoring,Alarming, IPAM/DNS/DHCP)
BSS (CRM, Billing, OrderMgmt)
ETSI NFVI AND CUSTOMER NFVI
(MANO)
Virtualized NetworkFunction, actual NFapplication (ex. vFR,
vCPE,vLB)
Virtualized NetworkFunction, actual NFapplication (ex. vFR,
vCPE,vLB)
Virtualisation layer,Server (hypervisor),Network, Storage
Virtualisation layer,Server (hypervisor),Network, Storage
PhysicalhardwarePhysical
hardware
Resource Mgr,Operations
Resource Mgr,Operations
Lifecycle mgmt for VFNs(upgrade, scale,
termination, etc.)
Lifecycle mgmt for VFNs(upgrade, scale,
termination, etc.)
NFVI (CUSTOMER VIEW)
VIRTUALIZED INFRASTRUCTURE (NFVI)• Follow ETSI NFV, embrace Open API and Open Source technologies
• OpenStack as Virtual Infrastructure Manager (VIM)
• Different options of SDN controller as Network VIM
• Vendor-agnostic for Compute, Network and Storage
• Follow ETSI NFV, embrace Open API and Open Source technologies
• OpenStack as Virtual Infrastructure Manager (VIM)
• Different options of SDN controller as Network VIM
• Vendor-agnostic for Compute, Network and Storage
Network (Switches & Routers) StorageCompute
VXLA
NCo
ntro
ller
ON
OS
Virtual Infrastructure Manager
Carrier Grade Linux (Ubuntu/RedHat), Hyper Visor (KVM), Host Packages, Software Defined Storage
Network VIM
Adm
inist
rato
r Da
shbo
ard
GUI
Sing
le P
ane
of G
lass
Infr
astr
uctu
reM
anag
emen
t & A
ssur
ance
API
Host/KVMDriver
NetworkDriver
Physical Infrastructure
ODL
NFVI POD FOR ANY USE CASES
Administrator Dashboard(Single pane of glass for NFVI)
Service AssuranceFor physical resource,
VIM, VNFs
X-DomainOrchestrator
NFV Orchestration
71Physical Devices
Switch RouterOpenStack/KVM VNFs
vFirewall vLoadBalancervRouter
Server
OpenStackOverlay
Manager
SDNController
X-DomainOrchestrator
Service/VNFLife Cycle
OpenStack/ KVM VNFs
vEPC Other VNFs / Use Cases
OpenStackVirtualizedInfrastructureManagers (VIM)
Openstack POD#1 OpenStack POD#2…X
VNF
NFV USE CASES – DEFINED BY ETSIETSI Formalized NFV Use Cases Potentially Virtualized Functions
Network Functions Virtualization Infrastructure as a Service vNAT, vFW, vLB, vRR, vVPN, vRouter
Virtual Network Function as a Service (VNFaaS) vCPE, vPE
Virtual Network Platform as a Service (VNPaaS) vPrivateCloud
VNF Forwarding Graphs VPE-F
Source: http://www.etsi.org/deliver/etsi_gs/NFV/001_099/001/01.01.01_60/gs_NFV001v010101p.pdf
VNF Forwarding Graphs VPE-F
Virtualization of Mobile Core Networks and IMS vEPC (vS/P-GW, vMME, vPCRF, vSGSN, vGGSN, vGiLan)vIMS (vP/S/I-CSCF, vMGCF, vAS)
Virtualization of Mobile Base Station vMAC, vRLC, vPDCP, vRRC, vCOMP, vBBU
Virtualization of the Home Environment vBNG, vRGW, vSTB
Virtualization of CDNs vCDN
Fixed Access Network Functions Virtualization vOLT, vDSLAM, vONU, vONT, vMDU, vDPU
Cloud Service OrchestrationOrchestration
WorkflowWorkflowCatalogCatalogPortal / UI / APIPortal / UI / API
Network Service Control
Serv
ice
Crea
tion
Serv
ice
Crea
tion
Serv
ice
Mon
itorin
gSe
rvic
eM
onito
ring
Serv
ice
Conf
igSe
rvic
eCo
nfig
IPCo
ntro
lIP
Cont
rol
DCN
etw
ork
Cont
rolle
r
DCN
etw
ork
Cont
rolle
r
WAN
Cont
rolle
rW
ANCo
ntro
ller
……
NFV SAMPLE WORKFLOW1. Request received2. Catalog item3. Defines workflow4. Workflow calls Service Creation to set up
service VMs5. Service Creation calls to Openstack to
set up VMs6. Openstack sets up VMs7. Workflow calls to Service Config function
to set up services8. Service Config configures services9. Workflow calls DC network controller10. DC network controller configures overlay
network11. Service monitoring tracks availability and
performance of service12. Service Creation manages service
elasticity and high availability
1. Request received2. Catalog item3. Defines workflow4. Workflow calls Service Creation to set up
service VMs5. Service Creation calls to Openstack to
set up VMs6. Openstack sets up VMs7. Workflow calls to Service Config function
to set up services8. Service Config configures services9. Workflow calls DC network controller10. DC network controller configures overlay
network11. Service monitoring tracks availability and
performance of service12. Service Creation manages service
elasticity and high availability
11111212
11
22 3344 77 99
VM/StorageControl
NetworkControl
Serv
ice
Crea
tion
Serv
ice
Crea
tion
Serv
ice
Mon
itorin
gSe
rvic
eM
onito
ring
Serv
ice
Conf
igSe
rvic
eCo
nfig
IPCo
ntro
lIP
Cont
rol
DCN
etw
ork
Cont
rolle
r
DCN
etw
ork
Cont
rolle
r
WAN
Cont
rolle
rW
ANCo
ntro
ller
……
1. Request received2. Catalog item3. Defines workflow4. Workflow calls Service Creation to set up
service VMs5. Service Creation calls to Openstack to
set up VMs6. Openstack sets up VMs7. Workflow calls to Service Config function
to set up services8. Service Config configures services9. Workflow calls DC network controller10. DC network controller configures overlay
network11. Service monitoring tracks availability and
performance of service12. Service Creation manages service
elasticity and high availability
1. Request received2. Catalog item3. Defines workflow4. Workflow calls Service Creation to set up
service VMs5. Service Creation calls to Openstack to
set up VMs6. Openstack sets up VMs7. Workflow calls to Service Config function
to set up services8. Service Config configures services9. Workflow calls DC network controller10. DC network controller configures overlay
network11. Service monitoring tracks availability and
performance of service12. Service Creation manages service
elasticity and high availability
Infrastructure
PhysicalNetwork
VirtualNetwork
Compute
Storage
Virtual Services
11111212
101055
66
88
THANK YOU