Under the Hood: Cisco Enterprise NFV

James Sandgathe

May 10, 2016

Enterprise NFVNetwork VirtualizationJames Sandgathe – Engineer, Technical Marketing

May 2016

**

Enterprise Infrastructure Solutions Group

Cisco Enterprise NFV • Concept to Award Winning < 12 Months

Cisco Enterprise NFV2016 Best of Interop Award - Networking

Agenda

• What’s the Problem• This Thing Called NFV• Enterprise NFV Building Blocks• Platforms for Enterprise NFV

What’s The Problem

The Current Enterprise Branch Landscape

Multiple DevicesRouters, Appliances, Servers

Costly to OperateUpgrades, refresh cycles,

site visits

Difficult to ManageDevice integration and

operation

Horseman of the branch apocalypse

Now think of deploying an additional serviceFirst, the integration complexity

Next, the logistical challenge …Shipping equipmentTruck roll to install equipment

So why is this different than virtualization done at the Data Center?

9

Implementing VirtualizationData Center and Branch

Focus on virtualization has been in the cloud and DC where between management console, VMs and hypervisors:

• Near infinite bandwidth • Near zero latency • Straight IP

Over the WAN this is not the same:• WAN BW is not infinite• WAN latency is not sub millisecond• WANs have tunneling, encryption, and labeling• Management of the hypervisor can be dependent

on a VM and its stability

MPLS Wireless Route Security

Hypervisor Platform

PKT

Implementing VirtualizationData Center and Branch

• Packet from the same flow can be spread across many different CPU pools

SLB

HTTP HTTP

PKT

WAN OptRoute Security

HypervisorPlatform

• Packet from the same flow use same CPU pool

• Two, Three or more VMs may process all packets of the same flow PKT

What’s this NFV thing all about

What NFV Can Do For You

Gives you flexible deployment options

Simplify day to day operations

Quickly roll out new services and locationsSimple and easy

to design, provision, manage the trusted

services that are critical to your business

How would the branch office change ….

NIC NIM BMC Switch

X86 Processor

Life Cycle MGT Automation Policy Enforcement

Virtualization Layer - KVM

Operating System

Router

Firewall

Wireless

WAN Opt

Proxy/Cache

WAN-Opt vAPP WLC

Route/Path

Selection

FW/IDS

NIC NIM BMC Switch

X86 Processor

Life Cycle MGT Automation Policy Enforcement

Virtualization Layer - KVM

vAPP

Operating System

Branch on Hardware This is a Branch with Cisco Enterprise NFV

So how can it be used?

15

What if remote sites looked like this …

Route

vnet

Platform

Route

vnet

Platform

Route

Platform

Orchestration & Automation

vnet

What if remote sites looked like this …

Route

vnet

Platform

Route

vnet

Platform

Route

Platform

Orchestration & Automation

vnet

Orchestration & Automation

What if a company wide webcast needed to be run …

Route

vnet

Route

vnet

Route

vnet

Platform

Video

Video

Video

Platform

Platform

Orchestration & Automation

When the webcast is over, resources are released

Route

vnet

Route

vnet

Route

vnet

Platform

Video

Video

Video

Platform

Platform

Orchestration & Automation

Consider a new threat the business

Route WAN Opt

vnet

Route WAN Opt

vnet

Route WAN Opt

Platform WLC FW/IPS WLC

FW/IPS

FW/IPS

vnet

vnet vnet

vnet vnet

vnet vnet

vnet

But a new defense network can be up… everywhere at once

Platform

Platform

Why Virtualization for the Network?

Lower operating costsAND

IoTMobility Analytics CloudMobile traffic will Exceed

wired traffic by 2017IoT Devices will triple by 2020

76% of companies planning to or investing in Big Data

80% of organizations will primarily use SaaS by 2018

Deploy new capabilities faster

Enterprise NFV Building Blocks

Enterprise NFV Solution ArchitecturePhase 1

Platform Hardware

NFVIS

Cisco VNF

Cisco VNF

3rd VNF1

App1 Appn

Orchestration, Automation and Management (OAM)

… …

Various Host options for different Branch

Sizes

Software host managing

virtualization and hardware

VNF and Application hosting with 3rd party support

Common Orchestration and

Management across virtual & physical

network

API Interface

Platform Management Hypervisor Virtual

Switching

NFVIS = Network Function Virtualization Infrastructure Software

3rd VNFn

…

• Enterprise Service Automation (ESA)• Creates implementable policy from business intent via Profiles• Automates site turn up

• APIC-EM & Prime Infrastructure• Branch (NFVIS) registration & PnP Server• API interface to NFVIS• Day 1+ services configuration• Monitoring and Service Assurance

Enterprise NFVOAM System Platform Hardware

NFVIS

Cisco VNF

Cisco VNF

3rd VNF1

App1 Appn

Orchestration, Automation and Management (OAM)

… …

API Interface

Platform Management Hypervisor Virtual

Switching

3rd VNFn

…

Upload Devices to be used

Upload the Branch locations

Design a Profile & select functions

Map to Branch(s)

Assign template and attributes

Pick validated topologies

1 2 3

5

4

Branch DesignEnterprise Service Automation

Platform Hardware

NFVIS

Cisco VNF

Cisco VNF

3rd VNF1

App1 Appn

Orchestration, Automation and Management (OAM)

… …

API Interface

Platform Management Hypervisor Virtual

Switching

3rd VNFn

…

Orchestration & ManagementDay 0

WAN

SN, IP for host

Office

IP

NFVIS

IPSWAAS

vSwitchPr

ofile

to S

N m

appi

ng

Prov

isio

ning

Prov

isio

ning

APIC-EMPrime Infrastructure PnP

REST

ESC-Lite

Enterprise Services Automation (ESA)

Platform Hardware

NFVIS

Cisco VNF

Cisco VNF

3rd VNF1

App1 Appn

Orchestration, Automation and Management (OAM)

… …

API Interface

Platform Management Hypervisor Virtual

Switching

3rd VNFn

…

Profile mapped to branch

-Inventory-Create Network-Deploy Services

-Set Device

Orchestration & ManagementMonitoring

Platform Hardware

NFVIS

Cisco VNF

Cisco VNF

3rd VNF1

App1 Appn

Orchestration, Automation and Management (OAM)

… …

API Interface

Platform Management Hypervisor Virtual

Switching

3rd VNFn

…

WCMCSM

WAN

Office

IP

NFVIS

IPSWAAS

vSwitch

Enterprise Services Automation (ESA)

APIC-EMPrime Infrastructure

Monitoring• Performance• Health• Fault

Service Element Manager

Demo – ESA Automation

Network Services from CiscoConsistent software across physical and virtual

* FirePOWER Threat Defense for ENFV June/July 2016

Platform Hardware

NFVIS

Cisco VNF

Cisco VNF

3rd VNF1

App1 Appn

Orchestration, Automation and Management (OAM)

… …

API Interface

Platform Management Hypervisor Virtual

Switching

3rd VNFn

…

ISRv

High Performance

Rich Features

ASAv/FTD

Full DC-class Featured Functionality

* vWAAS Application Optimization

and Akamai Connect

vWLC Built for small and medium

branches

LinuxWindows Server

Extending the Reach of NFV Application and Network Services

Active Directory, SCCM, File Share

Server Applications

Custom ApplicationsDNS/DHCP

Platform Hardware

NFVIS

Cisco VNF

Cisco VNF

3rd VNF1

App1 Appn

Orchestration, Automation and Management (OAM)

… …

API Interface

Platform Management Hypervisor Virtual

Switching

3rd VNFn

…

3rd PartyNetwork Services

Management & Monitoring

NFVIS Software

Linux

NFVIS

Virtualization Layer Hypervisor & vSwitch

Orchestration APIPlug-n-PlayClient

Console/SSH

ESA via Prime

CLI REST/NETCONF

Health Monitor

HTTPS

Device Web PortalAPIC-EM

Platform Hardware

NFVIS

Cisco VNF

Cisco VNF

3rd VNF1

App1 Appn

Orchestration, Automation and Management (OAM)

… …

API Interface

Platform Management Hypervisor Virtual

Switching

3rd VNFn

…

WAN OptRoute Security

HypervisorPlatform

• Packet from the same flow use same CPU pool

• Two, Three or more VMs may process all packets of the same flow PKT

Remember our discussion where at the branch multiple virtualized functions could be processing every packet of a flow

NFVIS Software

Linux

NFVIS

Virtualization Layer Hypervisor & vSwitch

Orchestration APIPlug-n-PlayClient

Console/SSH

APIC-EM/Prime

CLI REST/NETCONF

Health Monitor

HTTPS

Device Web Portal

PlatformsInterface Controller

Interface Adaptors

PKT

C C C

PKT

PKT

PKT PKT VNF

VNF

VNF

APIC-EM

Platform Hardware

NFVIS

Cisco VNF

Cisco VNF

3rd VNF1

App1 Appn

Orchestration, Automation and Management (OAM)

… …

API Interface

Platform Management Hypervisor Virtual

Switching

3rd VNFn

…

NFVIS Software

Linux

NFVIS

Virtualization Layer Hypervisor & vSwitch

Orchestration APIPlug-n-PlayClient

Console/SSH

APIC-EM/Prime

CLI REST/NETCONF

Health Monitor

HTTPS

Device Web Portal

PlatformsInterface Controller

Interface Adaptors

VNF

VNF

VNF

VF VFVF

PKT

APIC-EM

Platform Hardware

NFVIS

Cisco VNF

Cisco VNF

3rd VNF1

App1 Appn

Orchestration, Automation and Management (OAM)

… …

API Interface

Platform Management Hypervisor Virtual

Switching

3rd VNFn

…

• Enterprise NFV local management capabilities

• Components:• Local GUI, VM Life-cycle Manager• Local PnP Agent• Useful if WAN connectivity is unavailable• For small deployments

NFVIS Local ManagementThe POWER under the hood

All controls written using public APIs!!

Linux

NFVIS

Virtualization Layer Hypervisor & vSwitch

Orchestration API Plug-n-Play Client

CLI REST/NETCONF

Health Monitor

HTTPS

Demo – NFVIS Portal

Enterprise NFV Platforms

Reliable

Long life cycle Secure

What’s needed from the platform

Form factor

Expandable

Programmable Scalable

Strong Support

• Designed for a wide range of workloads

• Dense 1RU modular general compute platform • CPU: Single/Dual 4 to 18 cores each• Memory: Up to 784GB• Storage : 4 or 8 up to 8TB (RAID 10)

• External Interfaces: • Dual GE on-board• Two PCIe slots (Quad or Dual GE)

• Cisco integrated management controller (CIMC)

Enterprise NFV UCS-220-M4

VM VM VM

NFVIS

Enterprise NFV Modular Compute Platform

SupportOne support cost

Native L2-7 ServicesSecurity, optimization

Virtualized Services FrameworkAppliance-level performance

Life-Cycle5 – 7 Years

Cisco ISR4000

Revolutionary Platform

Architecture

ReliableBest edge platform

UCS® E-SeriesIntegrated & OIR Support compute – up to 8 cores

x86GE

NFV Platform with modular options

x86GE

With an SD-WAN solution built in

WAN

Internet

IWANNFVIS

VNF VNF

Orchestration & Automation

x86 blade with NFVISAlong with automation control

Remember our discussion on how virtualization was different over the WAN

Over the WAN this is not the same:• WAN BW is not infinite• WAN latency is not sub millisecond• WANs have tunneling, encryption, and labeling• Management of the hypervisor can be dependent

on a VM and its stability

MPLS Wireless Route Security

Hypervisor Platform

Hypervisor (KVM)

IOS

-XE

vSwitch BR2

WAAS

FFP DataPlane (ISR-4K)

GE (MGF)

FPGA

GE GE0 GE1

ISR-4K

Snort

Mgmt NIC GE

IOSd

NIM

NFV

-OS

WLC Windows vFP(t)

OVS

UC

S-E

GE

GE

1 GE

2

Internal NIC GE0 GE1

UCS-E

Hypervisor (KVM)

BR1

vnet vnet

BR0

3rd Party

NIM

IoT

Enterprise NFV ISR-4000 Modular Compute Platform

DMVPN & MPLS

• UCS-E Compute blade runs orchestrated and automated NFVIS

• Platform CIMC fully manages the x86 UCS-E hardware with control right down to BIOS

• 4K implements Transport Services and Intelligent WAN along with varying interfaces CIMC

ZBFW

NFVI

S

MGF

During his keynote for the first iPhone, Steve Jobs quoted computer scientist Alan Kay …

"People who are really serious about software should make their own hardware…”

Thanks to Dave Zacks, Distinguished Engineer

• CCO information (www.cisco.com/go/enfv)

• CiscoLive Melbourne - BRKCRS-3447: Enterprise Network Function Virtualization

• Two new sessions are added at CiscoLive Las Vegas 2016BRKCRS-2006 – 2 Hour Breakout TECCRS-3006 – 8 Hour Deep Dive Tectorial and Hands On Lab

• Interop Tech Field Day – Enterprise NFV Session

Additional Resources

Thank you for watching.