SP Datacenter
Telco Cloud + NFVi
Joachim Jerberg Jensen
Systems Engineer, Global SP
CCIE SP #42403
April 2016
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
Applications
Servers
Networking
Storage
TelcoVirtualization
As A service
Runtimes
Databases
Security
Users
CloudComputingprovidesasetofresourcesandservices
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
2
2
ISP MegaTrends
• Virtualisering af ‘alle’ Network Services, afvikles I DC
• Slut med “Fixed Box Capabilities”
• SP infrastruktur arkitektur -> SDN/DC (xSpeed)
• Infrastruktur Programmability, Automation+Orchestration
• Infrastruktur comoditization og disagregation -> Slut med dyre SP routers?
• WEB/OTT -> The Apple/Google/Amazon World Domination
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
Source: TI Presentation at ETIS Community Gathering, Riga, 2013
http://www.slideshare.net/oscarlallo/etis-ottobre-final-oscar3
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
Network Functions Virtualization
Network infrastructure/Service Functions run on
Virtualized x86 compute platforms
• Key Enabler: Cloud
Hypervisor & x86 compute hardware
automation / orchestration
Multi-tenancy
• Benefits:
Faster service provisioning/Agility
Shorter innovation cycle
CAPEX & OPEX Savings
• SDN complementary, but not mandatory
© 2012 Cisco and/or its affiliates. All rights reserved.
Extract from ”Network Functions Virtualisation – Introductory White Paper
dDOS
VM
SBC
VM
Firewall
VM
NAT
VM
CGN
VM
DPI
VM
IPS
VM
Virus Scan
VM
DHCP
VM
DNS
VM
PCRF
VM
Portal
VM
WLC
VM
RaaS
VM
SDN
Ctrl.
VM
BNG
VM
NMS
VM
Cachin
g
VM
CDN
VM
WAAS
VM
Cisco UCS
Cisco Confidential
5
Service Provider - Transformation Mission
New Agile Operating Models for business outcomes
Dynamic Set-Up,
Tear Down and
Provisioning
On-Demand Workload
Movement with
Service Profiles
Orchestration
Full Access to
Resource Pools Anywhere
Workload
Portability
Virtualized
Resource Pools
Data Center
(network ready
compute/storage)
Network
Virtualized
Network Functions
Cloud Services
AUTOMATION, VIRTUALIZATION and ORCHESTRATION ARE KEY
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
The Cisco NFV Solution
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
7
Distributed NFVI in Cisco’s Open Network Architecture Enabling
End-to-End Service Creation
Media Cloud
SP Mobility
vMS
Apps
Generic VF
NFVI PODs
Catalog
ESP
Orchestration
Controllers
Biz CPE
Carrier-E /
Transport
Public Cloud
Edge
DCI
EPN
Data Centers
Internet
Access
Aggregation
DCI
Edge
SP IP or MPLS Core
Peering
CCS/
InterCloud
Cloud
Cisco Confidential
SP’s are Approaching NFV in Three Ways
Cisco is addressing all “Buying Centers” with different Solution Packages
Os-Ma
Service, VNF &
Infrastructure Description
EMS 1
Use Case Led
EMS 1
Use Case
EMS 2
Specific,
e.g.
VMS, VPC
EMS 2
EMS 3
Se-Ma
Ve-Vnfm
EMS 3
Vn-Nf
• Top-down approach
• Business outcome
driven
• Decision Center –
Business Vertical
Virtual Storage
Includes
NFV-O
VNF-M
and
(NFV Orch.)
NFV
Nfvo-Vnfm
Orchestrator
VNF-M
(VNF
Manager)
NFVI
Virtual Compute
NFV
Management &
Orchestration
Virtual Network
Nf-Vi
Vnfm-Vi
Virtualization Layer
Hardware,
VIM (including Network VIM), Infrastructure
Virtual Infra
Assurance
Hardware Resources
Compute
Storage
Network
Infrastructure Led
On-Vi
OSS / BSS
Orchestration Led
• Common MANO solution
for different use cases
• Decision Center –
NMS/OSS team
Manager
• Bottom-up approach common
infrastructure solution
• Decision Center – Network & DC
infrastructure
team
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
9
Service Provider Intented NFVI Scope
Easy to Use Carrier-Grade, Validated and Packaged System
Customer Intented Scope
Single Pane of Glass For Provisioning and
Management/Operations
ETSI Defined NFVI
Animated
An integrated infrastructure solution
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
10
Cisco Confidential
Cisco NFV Infrastructure (NFVI) Platform
vMS
SP Mobility
EMS
EMS
EMS
Media Cloud
Generic VNF
EMS
Orchestrator
VF
VF
VF
VF
Virtualized Network
Compute
Storage
Network
OpenStack
SDN Controller
(Optional)
Single Pane of Glass
Management
Virtualized Storage
Infra Monitoring &
Assurance
Virtualized Compute
NFV Infrastructure (NFVI)
Unified, Flexible and Agile Platform driving SP Infrastructure Transformation
Single OpenStack based platform for multiple use cases beyond NFV
NFVI – Solution of hardware and software components that build the platform for virtualized services
VF – Virtual Function (network, video etc.)
Cisco Confidential
Cisco NFV Architecture
OSS/BSS
Virtual Network Functions
Cisco and 3rd Party
CSR
ASAv
vNAM
Service Catalog
NFV-O & Resource Orchestration
NSO – Network Services Orchestrator enabled by Tail-f
vIPS
VNF Manager
3 rd party
Cisco ESC
GUI
Network VIM
Single Pane of Glass Mgmt. &
Infrastructure Assurance
Zenoss
Virtual Infrastructure Manager
UCSD
API
NFVI
Scope
3 rd Party
Mercury based on RHEL OSP 7
OpenStack
OSC
Video
Opt.
VTS
vIMS
APIC
vPC-DI
Linux (RHEL 7.1), Hyper Visor (KVM), Host Packages, Software Defined Storage
Physical Infrastructure (Cisco & 3 rd Party)
Compute (UCS)
Network (Switches /Routers)
Storage
Ceph
Problems to be solved
So you have created a “virtual machine” - what next….
2
Who configures the VM ?
3
Who monitors the VM ?
4
1
Provisioning
5
Who monitors the
application inside the VM
?
Who alerts the system
Who alerts the system when
when the VM is ready for
the VM is not responding ?
traffic ?
Who will restart the VM if it Who will scale up the VM
6
when it’s overloaded ?
fails ?
7
Who is keeping logs of all
events ?
8
Who is keeping track of
performance history ?
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
13
Cisco SDN Flexible Overlays
Cisco SDN Controller
Hardware based
Overlays
Software based Overlays
Hybrid Overlays
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
14
Service Chaining with Network Service Header
Programmability in the Data Plane
3
4
5
6
Rsvd
7
8
9
1
0
1
2
3
4
5
6
7
8
9
2
0
1
Source Switch ID
2
3
4
5
6
7
8
9
3
0
1
Source Interface ID
Reserved
Tenant ID
Destination Class / Reserved
Source Class
Service Classification Data
Service Chaining
Orchestration
Control Plane
Service Chaining Orchestration
•
Policy Plane
Define service chains & build service paths
Control / Policy Planes
Instantiate service chains adhering to policy
SF
(Physical)
SF
(VM)
SF
(Physical)
SF
(VM)
Service'
Service'
Service'
Service'
Service
Classifier
Service Function
Forwarder (SFF)
Service Header
Network Overlay +
Service Header
Forwarding
Service Function
Forwarder (SFF)
Service1(VLAN(
•
(v)switch
•
D
2
Service1(VLAN(
•
Data Plane
• Traffic steering & metadata
• Carry rich policy, end-to-end context
• End-to-end visibility and OAM
1
(v)switch
•
0
0
Forwarding
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Service
Classifier
15
Cisco NFVI Openstack Strategy
Cisco OpenStack Strategy for NFVI
Achieving Carrier Class Customer Care Abouts
1
Industry Leading Partnerships with Red
Hat Partner with the market leading distribution, no proprietary
forks, 100% upstream, pre-integrated & validated for carrier class
performance, joint engineering, joint labs, single point of support.
2
3
Cisco OpenStack Suite with CI/CD
(Mercury)
Build on top of the leading OpenStack distribution a suite of tools
and plugins to provide a hardened, reliable, highly available & easily
upgradeable OpenStack platform for SP deployment integrated with
Cisco Hardware and Software
Validate with Independent
Performance Testing
OpenStack is not Simple…
ü OpenStack is NOT a single software package, it’s an
open source public cloud “project” comprised of many
modular parts.
ü OpenStack is NOT natively HA. It’s takes deep
technical knowledge and understanding to make an
OpenStack deployment HA.
ü There is no 1-800-OpenStack number to call when
your deployment breaks, you’re on your own. No
break / fix mitigation.
ü There is NO clean upgrade path when a customer
wants to move from an older version of OpenStack to a
newer version of OpenStack.
ü Because OpenStack deployments are highly
customizable, if the technical expert that installed your
OpenStack deployment leaves your company, you are
compromised.
ü Scaling OpenStack is very hard since there are so
many modules that can become a choke point in an
installation
Cisco OpenStack Suite (Project Mercury)
Cisco OpenStack Suite
High Availability
Continuous Integration / Continuous Deployment (CI/CD)
Cloud99
Stability, Performance, Scalability & Security
•
Robust Lifecycle
Management
•
Cisco Validated Solution
•
Operational Excellence
•
Open & Flexible
Install, Upgrade, Monitoring, Serviceability, Logging & Debugging
Base OpenStack Distribution
Accelerating OpenStack adoption for Carrier Class NFV
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Mercury will be available as a part of Cisco’s NFVI solution
Not available as a standalone product
22
Cisco Confidential
What’s Cisco Mercury
•
Mercury is a Cisco OpenStack platform built on top of an underlying OpenStack Distribution like Red Hat to build a carrier class
platform integrated with Cisco HW & SW
•
Mercury provides a set of tools including an automated installer, containerized OpenStack services, logging/monitoring, health
check tools and plugins for Cisco HW and SDN controllers
Cisco OpenStack Platform (Mercury)
Redhat Enterprise Linux OpenStack Platform (RHEL OSP7)
Compute
Nova
Networking
Neutron
OVS / Linux Bridge
Plugins / Drivers
Nx9k
VTS
ASR1
k
OSC
ACI
Storage
Cinder / Glance
Ceph
Automated
Installer
Containerized
Components
Proven HA
Architecture
Integrated Test
Suite
Logging /
Monitoring
Health Checks
Cisco GIT
Repository
CI/CD
Release
System
Automated
System Test
Cisco
Redhat
Goal of Mercury is to provide a reliable, highly available & easily upgradeable OpenStack
platform for SP deployment
Cisco Confidential
Deployment – OpenStack Install
•
Kolla + Ansible to deploy Openstack services within Docker containers
Build Node (1)
UCS 240-M4 (SFF) with
FlexFlash (FF) with 4xSSD
Compute Node (n)
UCS 220-M4 (SFF) with FF
Control Node (3)
USS-220-M4 (SFF) with
FlexFlash (FF)
Linux Bridge
MariaDB/Galera
Installer
Cobbler Server
Storage Nodes (3)
UCS-240-M4 (SFF)
with FF + 4xSSD
Block Storage Volumes
RabbitMQ
Nova Compute
HaProxy/Keepalived
Logstash Forwarder
Container
Identity Service
ELK Server
Host
Image Service
Compute Management
Networking
Cinder (Block Storage)
Horizon Dashboard
Logstash Forwarder
Build packages and
containers, host
generated artifacts
Input
Validation
BareMetal
Linux
Install
Host
Setup
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Monitor/Valid
ation
Core Services
24
OpenStack
Services
Operational – Control Plane – High Availability
•
Internal
Loopback
Openstack Control Nodes:
•
•
•
High availability via three OpenStack
control nodes deployed as a cluster.
Active/Standby redundancy using HA
proxy and Keepalived.
Openstack services run within docker
containers that are
started/maintained as Linux systemd
processes.
VIP
.100
API
Control Node
.10 *
haproxy
.10
.11 *
haproxy
.11
OpenStack
OpenStack
OpenStack
API
OpenStack
API
API
OpenStack
repose
API
repose
API
repose
repose
repose
Management
.5 *
OpenStack
OpenStack
OpenStack
API
OpenStack
API
API
repose
API
repose
repose
repose
VIP
.100
MON
Ceph API
Control
Node
Control Node
.5
…
.6 *
MON
.6
* Indicates default route
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
25
Operational - Control Plane – Logging
•
Logging/Monitoring - Enhanced centralized logging using ELK Stack.
•
•
LogStash forwarder on all hosts forwards logs to LogStash on build/management host.
Kibana dashboard for viewing logs and ElasticSearch for searching through logs.
Management/Pro
visioning
Network
LogStash
Forwarder
LogStash
Forwarder
LogStash
Logs
Logs
Kibana
Control Host(s)
Compute Host(s)
ElasticSearch
Build and
Management
Host
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
26
Operational - Control Plane – Cloud Health
•
Health Checks using CloudPulse tool.
•
Why are cloud health checks so important?
•
•
•
•
Important to NFV applications, Telcos have strict SLAs.
VNFs can be moved to a different cloud if OpenStack failure is detected early.
Operators need to be aware of the failure before the customer experiences failure.
Characteristics of a healthy OpenStack cloud:
•
•
Control Plane:
•
Openstack services can handle APIs and reply with an appropriate status.
•
Openstack resources can be created and deleted.
Data Plane: VMs can communicate within and/or across networks.
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
27
Cloud99 – HA testing of OpenStack services
horizon
Keepalived
HAProxy
Neutron
Keystone
nova
Glance
•
•
•
•
cinder
Load the cloud: concurrent relevant control/data plane tests.
Process or node level disruption of service
Monitor services.
Ensure no disruption for existing cloud resources.
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
28
Intel Partnership
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
29
Intel Cisco Partnership
Industry Leadership
•#1 Network and Server OEM with #1 datacenter silicon provider
•Proven hardware and software engineering expertise and innovation capabilities
•Broad and open ecosystem
Joint Labs
•Cisco, Intel, Red Hat
•Focus on use-case driven business outcomes
•DevOps model for rapid innovation
•VNF ecosystem development through Intel Network Builders
Partnering across Open Source communities and Standards bodies
• IETF for Network Service Header, with roadmap for Intel silicon and DPDK support
• Open Daylight for Group Based Policy, Service Function Chaining
• OpenStack-Open Daylight Neutron optimization
• NIC hardware acceleration for datapath packet processing
• Innovation with DPDK – Cisco VPP and VNF catalog
• Platinum members of OPNFV
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
30
NFVI Pods
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
31
NFVI POD And Value to Service Provider
Modular Configuration
Multiple Sizes and Expandable
Single Click Automated Install
Starter Kit
½ Rack POD
Full Rack POD
(POC / Lab)
(Production)
(Production)
Easy to Manage and Operate
Pre-Integrated and Validated
Compute
Expansion Module
Storage
Expansion Module
Packaged NFVI
Cisco Confidential
Your Choice: Consuming Cisco NFV Solutions
Customers can integrate a-la-carte, consume packaged or managed solutions
Services
Infrastructure
A-la-carte
Integrated Solutions
Individual products. CSR,
ASA, vPC, etc.
vMS (Virtual Managed Services)
vPC (Virtual Mobility Services)
Media Cloud (Virtual Video Services)
UCS, Nexus, etc.
Cisco NFVI Platform
As-a-service
vMs on CIS
vPC on CIS
Video on CIS
For the integrated solutions, customers have 3 options:
1. Infrastructure solution – Cisco NFVI PoD. They can purchase this infra independent of services
2. Service solutions - They can purchase the service solutions like vMS or vPC independent of infra
3. Fully integrated pod including services + infra. E.g. vMS+NFVI or vPC+NFVI or Video+NFVI
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
33
Cisco’s VNF Portfolio
Most Developed in the Industry with 100+ VNFs and Growing
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
34
Virtual Switch Performance
VM to VM Performance
Performancethrough
virtualswitchandits
virtualinterfacetoVNFs
n
n
n
10Gbit/s,1.6million
frames/sthroughput
withCisco‘s VPP
7Gbit/s,1.09million
frames/sthroughput
withOpenvSwitch
Latency acceptable and
comparable between
OpenvSwitch and VPP
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
35
Cisco Confidential
Virtual Switch Performance
Throughput: Virtual Switch FIB Scalability - Ethernet Forwarding
Forwardingperformanceofthestandalonevirtualswitch
withmultiplelayer2/layer3forwardingtable(FIB)entries
n
n
Almostlineratethroughput
withCisco‘s VPPfor Ethernet
forwarding up to 20,000MAC
addresses
OVSperformance reduced by
81%whenforwardingto 2,000
MACaddresses – unusable for
20,000MACaddresses
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
36
Cisco Confidential
Virtual Switch Performance
Throughput: Virtual Switch FIB Scalability- IPv4 Forwarding
n
n
77%line ratewith Cisco‘s VPP
when forwarding to 20,000IPv4
addresses
OVSperformed19%of line rate
throughputwhenforwardingto
2,000IPaddresses
n
Averagelatency
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
37
Cisco Confidential
NFVI Platform Highlights & Differentiators
Joint innovation w/
partners
Pre-integrated, validated,
tested
Built with Open source
& standards Compliant
modules
No forks, 100%,
Upstream
Carrier Class
HW+SW infra
High performing, reliable
and secure
Simplified
manageability
Single pane of glass across
HW, SW, multi-sites
Integrated platform sold & supported
by Cisco
Reliable
install/upgrade
Commercially
bundled platform
Containerized services,
CI/CD for upgrades
Cisco UCS/Nexus HW +
RHEL-OS + RH OSP7
Cisco led technical
support & professional
services
Broadest open
ecosystem of VNF’s
and ISV’s
3rd party VNF certification
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
38
Thank you.
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
39