Service Driven Network AutomationPowered by Tail-f
Bilal AlamSolutions Architect, Software SalesManagement and Network Orchestration (MANO)
Current State
Metro and Access WAN Data Center
EMSEMS EMS
NMSNMS
CLICLI
CLICLI
CLICLI
Provisioning
A
Provisioning
B
Activation
C
Provisioning D
Activation
E
Customer Orders
Cross-Domain Multi-Vendor Hybrid ServiceGateway services between VPN and Internet
Physical server
Virtual server
・Mail/Web
・Airwatch GW
・RADIUS
・Virus Check
・Spam Prevention
・Mail Archive
・Web Filtering
・HTTP Virus Check
・Proxy
ServerMail SecurityWeb SecurityNetwork
Physical Appliance
Internet
InternetAccess
RemoteAccess
・SSL VPN
・UTM
・Load balancer
Datacenter
VPN
Going Forward
Execution at the speed
of software
Service Innovation
Agility & DevOps
NFV & SDN
Rapidly changing
business models
Cloud, Virtualization,
Programmable Networks
New ecosystems and
value chains
Changing customer
behavior
INSTANT Activation
Self-Service Portal
All of this requires flexible automation..
Current State - Pain Points
Metro and Access WAN Data Center
EMSEMS EMS
NMSNMS
CLICLI
CLICLI
CLICLI
Provisioning
A
Provisioning
B
Activation
C
Provisioning D
Activation
E
Customer Orders
INT
EG
RA
TIO
NT
AX
AD
AP
TE
RT
AX
• Complex & Expensive
• Slow & Error prone
• Always the bottleneck
Multi-Vendor Environment
Network Services
Metro and Access WAN Data Center
It should ALWAYS be about the SERVICES
L2VPN L3VPN NFV SECURITY BOD Service X
• Time to Market
• Order to Activation
• Configuration Data Quality
Service Driven Network Automation
1. Orchestration Platform Architecture
2. Diverse Customer Use Cases
3. Data Model Driven Approach
4. Open & Modular Platform
5. Demo
Agenda
• Orchestration Platform Architecture - Any Service across any network, any topology, any vendor, any device
NSO Overview
Orchestration Platform Architecture
Metro and Access WAN Data Center
Domain
Controller
EMS
VNF-MNMS
SDNc
Orchestration Platform Architecture
Metro and Access WAN Data Center
NSO Platform
Network Abstraction – YANG Data Models
Domain
Controller
EMS
VNF-MNMS
SDNc
• Introducing the Network Element
Driver (NED)
South-Bound Integration - NEDs (1/6)Vendor Device/Platform
A10 Networks AX Series
Thunder Series
Adtran Total Access 900 Series
Total Access 5000 Series
Adva Carrier Ethernet FSP 150CC Series
Affirmed Networks Acuitas Service Management System
Alcatel-Lucent 7210 Service Access Switch
7450 Ethernet Service Switch
7705 Service Aggregation Router
7750 Service Router
7950 Extensible Routing System
Arista 7048 Series
7050 Series
7150 Series
vEOS
Brocade NetIron CES 2000 Series
NetIron MLXe Series
NetIron XMR Series
ServerIron ADX Series
Vendor Device/Platform
Ciena 3000 Family
5000 Family
ESM
Cisco Application Policy Infrastructure Controller Data
Center (APIC-DC)
ASA
ASA 1000V Cloud Firewall
ASA 5500-X Series Next-Generation Firewalls
Adaptive Security Virtual Appliance
IOS
800 Series Routers
1800 Series Integrated Services Routers
1900 Series Integrated Services Routers
2500 Series Routers
2600 Series Multiservice Platforms
2800 Series Integrated Services Routers
2900 Series Integrated Services Routers
3800 Series Integrated Services Routers
South-Bound Integration - NEDs (2/6)Vendor Device/Platform
Cisco Catalyst 6900 Series Ethernet Interface Module
for Cisco Catalyst 6500 Series Switches
Cloud Services Router 1000V Series
ME 3400 Series Ethernet Access Switches
ME 3600X Series Ethernet Access Switches
ME 3800X Series Carrier Ethernet Switch Routers
ME 4900 Series Ethernet Switches
uBR10000 Series Universal Broadband Routers
ASR 900 Series Aggregation Services Routers
ASR 1000 Series Aggregation Services Routers
cBR Series Converged Broadband Routers
Cloud Services Router 1000V Series
RF Gateway Series
IOS XR
12000 Series Routers
ASR 9000 Series
Carrier Routing System
IOS XRv Router
Vendor Device/Platform
Cisco IOS/IOSXE3900 Series Integrated Services Routers
7200 Series Routers
7600 Series Routers
Catalyst 2900 Series Switches
Catalyst 2960 Series Switches
Catalyst 2960-X Series Switches
Catalyst 3550 Series Intelligent Ethernet Switches
Catalyst 3750 Metro Series Switches
Catalyst 3850 Series Switches
Catalyst 4500 Series Switches
Catalyst 4500E Series
• Supervisor Engine 7-E
• Supervisor Engine 8-E
Catalyst 4500-X Series Fixed 10 Gigabit Ethernet
Aggregation Switch
Catalyst 4900 Series Switches
Catalyst 6500 Series
• 10 Gigabit Ethernet Modules
• Mixed Media Gigabit Ethernet Modules
• Supervisor Engine 2T
• Switches
Catalyst 6500-E Series Chassis
South-Bound Integration - NEDs (3/6)Vendor Device/Platform
F5 Networks BIG-IP 1600
BIG-IP 3600
BIG-IP 3900
BIG-IP 6400
BIG-IP 8900
BIG-IP Virtual Edition
Viprion Chassis
Fortinet FortiGate 200 Series
FortiGate 500-300 Series
FortiGate 800-600 Series
FortiGate 1000 Series
FortiGate 3000 Series
FortiGate Virtual Appliances
Vendor Device/Platform
Cisco NX OS
Nexus 1000v Series Switches
Nexus 3000 Series Switches
Nexus 5000 Series Switches
Nexus 6000 Series Switches
Nexus 7000 Series Switches
Nexus 9000 Series Switches
Nexus 9300 Platform Switches
Policy Suite (CPS/QPS)
StarOS
ASR 5000 Series
Quantum Virtualized Packet Core (QvPC-SI/-DI)
Web Security Appliance (WSA)
Citrix Netscaler 1000v
South-Bound Integration - NEDs (4/6)Vendor Device/Platform
Huawei ATN Series
NetEngine40E Series Universal Service Router
NetEngine5000E Cluster Router
Quidway S3300 Series Switches
Juniper EX Series Ethernet Switches
Firefly Perimeter (Virtual SRX)
M Series Multiservice Edge Routers
MX Series 3D Universal Edge Routers
QFX Series
SRX Series Services Gateways
Vendor Device/Platform
Overture 1400
2200
5000
5100
6000
Palo Alto
Networks
PA-2000 Series
PA-3000 Series
PA-5000 Series
Virtualized Firewalls
Procera
Networks
PacketLogic 9000 Platform
Quagga Quagga Routing Software Suite (BGP module)
South-Bound Integration - NEDs (5/6)Vendor Device/Platform
AccedianNetworks
High Performance Service Assurance MetroNID
Alcatel-Lucent 5620 Service Aware Manager
Allied Telesis x210 Series
Amazon Amazon Web Services
Avaya ERS 4000 Series
SR 8000 Series
VSP 9000 Series
Brocade Vyatta 5400 vRouter (Vyatta VSE)
CableLabs Converged Cable Access Platform
Vendor Device/Platform
Cisco ME-1200
ME-4600
Meraki
NCS2k (CTC)
Prime Network Registrar (PNR)
UCS Manager
Clavister cOS Core
Eagle Series
Coriant 8600 Smart Router Series
Datacom DM2100-EDD Family
DM4000 Family
Dell Force10 Networking S-Series
Ericsson EFN324 Series
SE family
South-Bound Integration - NEDs (6/6)Vendor Device/Platform
F5 Networks BIG-IQ
H3C S5800 series
Infinera DTN-X Multi-Terabit Packet Optical Network
Platform
Juniper Contrail Controller
MRV Communications
Master-OS
OptiSwitch 9000 series
NEC iPASOLINK family
Netfilter Iptables (Linux)
Nominum DCS
OneAccess OneOS for Routers
One540
Open vSwitch OVSDB (shell)
Vendor Device/Platform
OpenDaylight Controller
Lithium
Openstack Cloud Operating System
Identity (Keystone)
Networking Service (Neutron)
Image Service (Glace)
Compute (Nova)
Pulsecom SuperG
Riverbed Steelhead Series
Silver Peak VXOA Virtual Appliance
Sonus SBC 5000 Series
Telco Systems BiNOX
T-Marc Family
VMware vSphere
ZenOSS Service Dynamics
ZTE xPON OLT
Orchestration Platform Architecture
Metro and Access WAN Data Center
Services Orchestration Platform
Customer Orders
• Concept to production in weeks.
• Instant Activation
• Surgical precision
L2VPN L3VPN NFV SECURITY
Network Abstraction - YANG Data Models
Domain
Controller
EMS
VNF-MNMS
SDNc
BOD Service X
• Orchestration Platform Architecture - Any service across any network, any topology, any vendor, any device
• Diverse Customer Use Cases
NSO Overview
ALU
Cisco
Cisco
Juniper
NSO Multi-Vendor L2VPN
Huawei
Multi-Vendor L3VPN NSO
VolvoASBR
PE1PE3
DCI-PE
AS 100
AS 200
Inter-AS
ESC
NSO
API
CLI
WEB
openstack
FordVolvo
Volvo
Honda
PE2
NFV Bump in the Wire
Service Lifecycle APIs
Internet
GWAPIC
Customer
Site
VM
VM
Self-Service Portal
SP Core
Network
ASR-9kASR-9k
MPLS
L3VPN
NSO
Cross-Domain
Orchestration
DC + WAN
Multi-vendor
VNFsMulti-vendor
VNFsMulti-vendor
VNFs
ACI Fabric
Customer
WorkLoads
Customer
Workloads
Palo-Alto
F5
Fortinet
Manual To
PCxF Policy Coordination
Scale
• Thousands of business customers
• Dozens of regional points of purchase (POPs)
• Several data centers
• Tens of thousands of data center tenants
Use case
• Provisioning of Layer 4-7 security services to VPN customers
Business case
• Incremental revenue from new business
Traffic
ShaperIPS and
IDS
Content
Filtering
WAN
Acceleration Firewall
A
B
A
B
Security as a Service
• Orchestration Platform Architecture - Any service across any network, any topology, any vendor, any device.
• Diverse Customer Use Cases
• Data Model Driven Approach
NSO Overview
Service
Models
Device
Models
BSS
Multivendor Layer 2, Layer 3, and Layer 4-7 Network
Tail-f NSONo hard-coding of:
• Network services
• Network architecture
• Network devices
Instead:
• Data models for everything
Model-Based Architecture
Service Model examplesaugment /ncs:services {
list l2vpn {
key name;
leaf name {
}
list endpoint {
key device;
leaf device {
}
leaf intf-number {
}
leaf remote-ip {
}
}
leaf pw-id {
}
}
}
container vpn {
list l3vpn {
key name;
leaf name {
}
leaf as-number {
}
list endpoint {
key "id";
leaf id{
}
leaf ce-device {
}
leaf ce-interface {
}
leaf ip-network {
}
leaf bandwidth {
}
}
}
}
Network Element Driver (NED)Cisco IOS Device Model
...
// interface GigabitEthernet *
list GigabitEthernet {
tailf:info "GigabitEthernet IEEE 802.3z";
tailf:cli-allow-join-with-key {
tailf:cli-display-joined;
}
tailf:cli-mode-name "config-if";
tailf:cli-suppress-key-abbreviation;
key name;
leaf name {
type string {
pattern "[0-9]+.*";
}
}
uses interface-common-pre-grouping;
uses interface-ethernet-pre-grouping;
uses interface-switch-grouping;
uses interface-ethernet-grouping;
uses interface-common-grouping;
uses interface-zone-member-grouping;
}
Cisco IOS
NED Engine
South Bound
Protocol: CLI
YANG
Model
Device ModelsCisco IOS Device Model
...
// interface GigabitEthernet *
list GigabitEthernet {
tailf:info "GigabitEthernet IEEE 802.3z";
tailf:cli-allow-join-with-key {
tailf:cli-display-joined;
}
tailf:cli-mode-name "config-if";
tailf:cli-suppress-key-abbreviation;
key name;
leaf name {
type string {
pattern "[0-9]+.*";
}
}
uses interface-common-pre-grouping;
uses interface-ethernet-pre-grouping;
uses interface-switch-grouping;
uses interface-ethernet-grouping;
uses interface-common-grouping;
uses interface-zone-member-grouping;
}
Huawei VRP Device Model
...
// interface GigabitEthernet *
list GigabitEthernet {
tailf:info "GigabitEthernet interface";
tailf:cli-full-command;
key name;
leaf name {
}
// interface GigabitEthernet * / description
uses interface-description;
// interface GigabitEthernet * / vlan-type
uses interface-vlan-type;
// interface GigabitEthernet * / speed
leaf speed {
}
// interface GigabitEthernet * / duplex
leaf duplex {
}
// interface GigabitEthernet * / mtu
uses interface-mtu;
// interface GigabitEthernet * / ip
container ip {
}
Juniper Junos Device Model
...
grouping top-configuration {
leaf version {
type string;
description "Software version information";
}
container system {
description "System parameters";
uses juniper-system;
}
list logical-systems {
key "name";
description "Logical systems";
uses juniper-logical-system;
}
container chassis {
description "Chassis configuration";
uses chassis-type;
}
container interfaces {
description "Interface configuration";
uses apply-group;
uses apply-macro;
list pic-set {
key "name";
ordered-by user;
ALU-SR Device Model
...
list port {
tailf:info "Configure physical ports";
key port-id;
leaf port-id {
}
leaf description {
}
container access {
}
container egress {
}
container ingress {
}
}
container ethernet {
leaf mode {
}
container access {
}
container autonegotiate {
}
leaf dot1q-etype {
}
leaf duplex {
}
container efm-oam {
}
Service-Model to Device-Model Mapping
A
ServiceCREATIONmapping
UPDATE, DELETE and REDEPLOY
INFERRED
FASTMAP
Service-Model to Device-Model Mapping
A
B
ServiceCREATIONmapping
UPDATE, DELETE and REDEPLOY
INFERRED
FASTMAP
Slow - Traditional Workflow
ServiceANY Infra-structure Change
ANY Service Change
How many workflows do you need?
Complexity growths exponentially
Focus on how
Model Based State-Convergence
ServiceANY Infra-structure Change
ANY Service Change
Service Data-Model
Device Data-Model
Single Mapping: “intent”Convergence
Algorithm
• One Single Definition
• Complexity growths linearly
• Arbitrarily complex scenarios
• Focus on what, intent
Constant (iterative)
Convergence
Precision & Traceability
A
access-list 101 permit ip any 10.1.1.0 0.0.0.255
FASTMAP
NED
ENGINE
Volvo
Precision & Reverse Traceability
A
access-list 101 permit ip any 10.1.1.0 0.0.0.255
FASTMAP
NED
ENGINE
Volvo
BSS
Multivendor Layer 2, Layer 3, and Layer 4-7 Network
Tail-f NSO
Transactional Integrity
Transactional guarantees
Automatic rollback
Transactional Guarantees
Tail-f NSO Overview
Device
Modes
Device Manager
Service Manager
Tail-f NSO Service
Models
Networkwide CLI and Web UIREST, NETCONF, JSON-RPC, Java…
Network Engineer
ManagementApplications
API, WEBUI, CLI Auto-Generation
• Orchestration Platform Architecture - Any service across any network, any topology, any vendor, any device.
• Diverse Customer Use Cases
• Data Model Driven Approach
• Open & Modular Platform – Speed & Agility
NSO Overview
Tail-f NSO Overview
Device
ModelsNetwork Element Drivers
Device Manager
Service Manager
Tail-f NSO Service
Models
Networkwide CLI and Web UIREST, NETCONF, JSON-RPC, Java…
Network Engineer
ManagementApplications
NETCONF, CLI, SNMP, REST, etc.
• EMS
• Applications• Controllers
Open & Modular Platform
Utility
Models
Runtime Package Directory
Utility Packages
1. Discovery
2. Plug-and-Play
3. Resource Manager
• ID Allocator (VLAN, RD etc.)
• IP Address Allocator
4. Virtual-Machine Manager
• Orchestration Platform Architecture - Any service across any network, any topology, any vendor, any device.
• Diverse Customer Use Cases
• Data Model Driven Approach
• Open & Modular Platform – Speed & Agility
• Start on SDN/NFV journey now!
NSO Overview
Demo
Q & A
Complete Your Online Session Evaluation
Learn online with Cisco Live!
Visit us online after the conference
for full access to session videos and
presentations.
www.CiscoLiveAPAC.com
Give us your feedback and receive a
Cisco 2016 T-Shirt by completing the
Overall Event Survey and 5 Session
Evaluations.– Directly from your mobile device on the Cisco Live
Mobile App
– By visiting the Cisco Live Mobile Site http://showcase.genie-connect.com/ciscolivemelbourne2016/
– Visit any Cisco Live Internet Station located
throughout the venue
T-Shirts can be collected Friday 11 March
at Registration
Thank you