Cisco
Connect
NFV/SDN Platform for
Orchestrating Cloud and
vBranch Managed Services
R. Wayne Ogozaly
Technical Lead Engineer
Cisco Systems
October 12th , 2017
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
Agenda
•
What’s driving the NFV / SDN Business Transformation?
•
Critical Elements of a Next-gen NFV / SDN Solution
•
What’ possible today…Cisco Virtual Managed Services (VMS) Demo
•
Services Overview…VNFs running in Clouds and Virtual Branches
•
Network Services Orchestration…Yang Models, VNF Lifecycles, and Zero Touch
Provisioning for Cisco and 3rd Party devices (physical and virtual)
•
Conclusions
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is Network Functions Virtualization (NFV)?
Standards based frameworks…ETSI…NFV and MANO
In NFV, network functions run as software modules
on x86 servers. An NFV infrastructure, or NFVI,
provides the underlying compute, storage, and
network resources required for NFV.
•
New elastic services
•
Decoupling of hardware and software
•
Automating everything and simplifying network
operations
•
Reducing OpEx (not transferring cost)
•
Increasing service revenue
NFV Framework
MANO
European Telecommunications Standards Institute (ETSI)
NFV Industry Specifications Group
Management and Orchestration (MANO) Framework
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
3
What is Software Defined Networking (SDN)?
In an SDN architecture, the control and data
planes are decoupled, network intelligence and
state are logically centralized, and the
underlying network infrastructure is abstracted
from the applications…
•
Separation of Control and Forwarding plane
•
Centralized Management – Global view
•
Automating everything and simplifying
network operations
•
Reducing OpEx (not transferring cost)
•
Increasing service revenue
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
4
What’s driving the NFV / SDN
Business Transformation?
Markets are Poised for Epic Opportunity
By 2021, mobile traffic will represent 20% of total IP traffic (up from 8% in 2016)
Cisco VNI Mobile, 2017
80% of user workloads moved to Cloud by 2019
IoT will drive zettabytes of data and billions of new connections. Ratio of machine
communications to human communications will be 30:1 by 2020
CapGemini, 2015
5G will generate $247B in service revenue by 2025
ABI Research
Business Internet traffic will grow 4X faster than IP WAN. Global VPN grows 56%
over the next 2 years from $45B to $70B by 2019
Gaming to grow 7-fold and account for 4% percent of fixed consumer internet
by 2020; currently 2% of average and 10% of peak traffic
Cisco VNI
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
Enterprise customers require better IT solutions
Global business IT priorities*
Global
SDN/NFV market
is expected to
reach $6B by
2020 (IDC)
*AMI-Cisco ITaaS Research of 350 business in 11 countries
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
7
Is your Network ready for the Digital Transformation?
The WAN Connects Branch Sites to the rest of the world
80%
of employees and customers are
served in branch offices
70%
50%
Have either 2 or 3 WAN
connections per branch
of our applications are
accessed via the Internet
How can SPs
deliver better
branch services,
at a lower cost,
over any
connection?
48%
Cite poor application
performance and latency
as a corporate concern
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
8
Cisco is leading Service Provider Transformation
SP Drivers
• Bandwidth is growing;
revenue is not
• Web-scale breaks
current cost &
design models
Cisco Strategy
SP Outcomes
• Reduce TCO
Virtualize
• Transform operations
• Accelerate speed to market
Simplify
• Generate new revenue
• Need to grow new
compelling services
• Need reductions in
both CAPEX and
OPEX, not a transfer
• Customer retention
& relationship critical
• Improve customer experience
• Mitigate risk
Automate
• Application-led, not
infrastructure
Service
Focus
• Network as platform for
retention and new services
Transform with a combo SDN, NFV, and traditional Network Products
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
9
Critical Elements of a Next-gen
NFV / SDN Solution
Disruptive Technologies unlock new Services
Allowing Industry to Address new Market Opportunities
Orchestration
Network Functions
Virtualization
Cloud Native
Software-Defined
Networking
Service
Orchestration
Efficiency through automation and
self-service fulfillment
Flexibility with the transformation of
solution architectures and operations
SDN
Virtual
Managed
Services
Agile service delivery via
cloud-enabled services and
management
Dynamic market services via tight
application and network interaction
NFV
Router FW
Web IPS
Cloud Managed
Services
Convergence of multiple disruptive technologies has created massive opportunity
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
11
Disruptive Technologies unlock new Service Models
Allowing Industry to Address new Market Opportunities
Efficiency through automation and self-service fulfillment
Orchestration
Virtual and Physical
devices,
Cisco and 3rd Party
Simple service models
and device models
(YANG, XML)
Network Elements
Drivers, Conf-D,
and CLI
Config Roll back,
Service Extensions,
100,000 Devices
Flexibility with the transformation of solution architectures and operations
Network Functions
Virtualization
VNF Lifecycle Mgt
and
Service Orchestration
VNFs run in the Cloud
or
Virtual Branch (x86)
VNF Smart Licensing
and Pay-as-you-Grow
Pricing Models
VNF Certification of
Cisco and 3rd Party
VNFs
Agile service delivery via cloud-enabled services and management
Cloud Native
Tenant Self-Service,
Monetized offers,
Auto Rendered UI,
Runs in any cloud,
public or private
(VIM Independent)
Web Scale design,
Multi-tenant 1,000s,
Service Orientation
Micro-services, Docker
Containers, Kubernetes,
Geo-redundancy
Dynamic market services via tight application and network interaction
Software-Defined
Networking
Central Device Mgt,
Secure ID (RBAC),
Zero Touch Provision
Self-healing Networks,
Configuration Guard
Rails
Service Creation
capable, including
analytics & monitoring
BRKARC-2259
REST APIs to
OSS/BSS for
billing and SLAs
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
12
Virtual Managed Services (VMS) Example
Service Creation Platform Components
VMS Service Creation
Service Design | Service Assurance | Cloud Optimization
Analytics
Policy
Security
Cloud-based Services
Consumer | Business | IoT | Many Markets
Self-healing
Network
Network Abstraction
Orchestration | Automation
Infrastructure
Physical | Virtual | Data Center
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
13
What’s possible today…
Cisco Virtual Managed Services (VMS)
Live Demo
Cisco and Verizon SDN / NFV
Running Cisco Virtual Managed Services (VMS)
getsdwan.com
https://getsdwan.com/?utm_source=mrpdb&utm_medium=email&utm_campaign=visitsdwangeni
nfo&login=CV3655315889&elqTrackId=fdab2eea85914a6e876740e048848635&elq=fc084ed17
5084de8947d7ea1ef8a7a65&elqaid=2205&elqat=1&elqCampaignId=897
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
15
Cisco VMS SDN/NFV - Optimized for ease of Management
Automated end-to-end SDN/NFV Services
managed from the Verizon Cloud
Secure multi-tenant Cloud Managed platform,
simplified orchestration & tenant self-service
WAN created with Zero Touch Provisioning,
validated Service Packs (NSO), 1000’s devices
Rapidly create new monetized services,
modify existing services instantly from Cloud
Perfect for distributed customers looking for
lower cost and self-managed SDN/NFV options
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
16
Cisco SD-WAN running on VMS
SD-WAN Made Easy With VMS
Microsoft Office 365
MPLS
Internet
LTE
Public/Private Cloud
New Branch
Extensions
MPLS, Internet, LTE links
Secure VPN Overlays
Lower Cost, Higher Capacity
Identify
See 1000+ apps
on your network
with NBAR
Accelerate &
Secure
Prioritize
Map apps to links using
business policies with
Performance Routing
Boost app performance
over secure overlays
Secure, Reliable Application Experience for Enterprises and SMBs
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
17
Why Verizon choose Cisco VMS SDN/NFV
Business Challenge / Need
Verizon Business Outcomes
•
Need to deploy new SDN/NFV faster
•
Reduced Time to market, deploy SD-WAN in
minutes
•
DIY too costly, need resources per tenant
•
Reduced risk/cost via full service support
•
Scale customers without exponential costs
•
Saved CAPEX & OPEX, pay you grow model
•
Increase total addressable market
•
Leveraged Cisco Sales & Cisco installed base
•
Leverage existing IT investments
•
Used open APIs to integrate existing IT tooling
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
18
VMS Architecture - Simplified Cloud Management
SERVICE PROVIDER | CUSTOMER
VMS Operator/Admin Service
VMS Customer Service
Secure Multi-tenant Cloud management,
Service creation platform for Enterprises & SMBs
Self-service portal for service selection, device
analytics, traffic usage, and service configuration
[ OPTIONAL ]
ISRs &
ASRs
Open REST APIs and SDKs
Develop new Services using rich APIs,
Service SDKs, and world-class NSO
VNFs
Customer equipment
BRKARC-2259
vBranch
Security
MultiVendor
(On-premise and In-cloud)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
19
VMS Demo based on Customer SD-WAN PoC
SP team deployed this IWAN tenant in 34 minutes:
(1) WAN Hub using three ASR-1001s
(4) WAN Branches using ISR 2911s and 2951s
MPLS and Internet links for all sites
DMVPNs and VMS Mgt Tunnels
 Tenant creation  WAN Hub site deployment
 User creation
 WAN Branch deployments
 Service creation  PnP Device Registration
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
20
Demo
Virtual Managed Services running
Cisco an SDN Service
From Service Concept to Service Activation…in minutes
VMS WAN Service Example
Network Services Orchestrator
(NSO)
VMS WAN
Service Package
SERVICE MANAGER
VMS WAN
Service Model
Yang Service Models
VMS Models the
Service Options
WAN Service Models
represent the IWAN Service
intention
•
•
Service Activation processes
the Customer Intent
SERVICE ACTIVATION LOGIC
Mapping Code
(Java/Templates)
•
VMS WAN
DEVICE MANAGER
Device Model
Yang Device Models
Network Element Drivers
Physical Devices
vBranch (x86)
VNFs
Maps Service Model options to the
Device Model for each customer
WAN Device Model abstracts
Device specifics from the
Service
•
Real Customer,
Real WAN Service
in only 30 Minutes!
Written in Yang
Includes service validation logic
•
Supports different devices thru the
use of Network Element Drivers
Creates an WAN instance based on
Customer choices and topology
VMS Service Activation
across Diverse Devices and many Locations
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
22
User SDN selections activated through NSO service models
Simple, secure, and scalable management of diverse devices
NSO
VMS User Selections
NSO creates configs to
match Branch Devices
VMS WAN
Service Package
(VMS User Interface or APIs)
Secure
Branch Updates
VMS WAN
Cisco ISR 2901
Service Model
Service
Activation
or Change
VMS WAN
Device Model
Cisco ISR 899
Device
Specific
Configs
VMS
Cisco ISR 4431
NSO Atomic transactions,
over secure links
Network
Element Drivers
Physical Devices
vBranch (x86)
User makes a policy choice,
Portal / APIs provide guard rails
VNFs
NSO processes User intent
thru Service & Device models
Device specific configs
and updates are created
BRKARC-2259
With a single click,
updates are pushed to
many sites
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
23
Simple Implementation of SDN/NFV using VMS
From Network Complexity to Simplicity and Automation
Manual
Plan It
Design It
Where Can
We Put It?
Procure It
Install It
Configure It
Secure It
Is It
Ready?
From Months to Minutes
Automated Self- Service On-Demand
Plan It
Design It
Service Oriented
Is It Ready?
Self-Service
Automated Provisioning
BRKARC-2259
Scalability
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
24
SPs need a Multi-Service Platform
Cloud based Service Creation …Many Services…One Platform…for Enterprises and SMBs

VMS SDN/NFV Service Packages unlock many Cloud Managed
Services from a single platform

NSO Service Models and Device Models simply the orchestration
of new services and multi-vendor devices (90% less code)

SPs can create new Cloud Managed Services rapidly using the
VMS Software Development Kit (SDK)
Your
Service
Here

Many Service Packages
offered from the SP Cloud
VMS SDN/NFV Service Packages simplify…
How to create and
monetize a service
How to orchestrate
and activate a service
How to monitor and
modify a service
How to collect analytics
and bill a service
How to boot and
manage virtual and
physical devices
vRouter
vFirewall
vWAAS
Multi-Vendor
NSO Device Models
NSO Service Models
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
25
Services Overview…
VNFs running in Clouds and
Virtual Branches
Cisco ISRv and CSRv
Cisco Integrated Services Virtual Router (ISRv)
•
The Cisco® Integrated Services
Virtual Router (ISRv) is a virtual
form-factor Cisco IOS® XE
Software router that delivers
WAN gateway and network
services functions into virtual
environments.
•
Using industry-leading Cisco
IOS XE Software networking
capabilities (the same features
present on Cisco 4000 Series
ISRs and ASR 1000 Series
physical routers)
Cisco ISRv Positioned as a Branch WAN Services Router
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
28
Typical Use Cases
for the Cisco ISRv
Cisco ISRv:
Highly Secure VPN Gateway
Cisco ISRv:
Traffic Control Point
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
29
Differences between the:
Cisco ISRv and Cisco CSR 1000v
ISRv
Cisco ENCS or UCS or Whitebox with NFVIS
•
The Cisco ISRv runs on server platforms running the Cisco NFVIS virtualization software only.
•
It can support the network interface module (NIM) when running on a Cisco ENCS hardware platform
and can also accelerate VM-to-VM traffic using the hardware-based switching on Cisco ENCS
platforms.
CSR 1000v (Cloud Service Router)
•
The Cisco CSR1000v does not have these capabilities.
•
The Cisco CSR 1000v will continue to be supported across multiple hypervisors (VMware vSphere,
Microsoft Hyper-V, Citrix XEN, RHEL KVM, Ubuntu KVM, Amazon AWS, and Microsoft Azure).
The Cisco CSR 1000v and Cisco ISRv will maintain Cisco IOS XE feature parity
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
31
ASAv
Cisco Adaptive Security Virtual Appliance (ASAv)
•
This Security appliance
brings the power of ASA to
the virtual domain and
cloud environments.
•
It runs the same software
as the physical ASA to
deliver proven security
functionality. You can use it
to protect virtual workloads
within your data center,
Public / Private Clouds, or
virtual branches.
http://www.cisco.com/c/en/us/products/security/virtual-adaptive-security-appliance-firewall/index.html
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
33
Cisco ASAv:
Features,
Performance,
and Resource
Requirements
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
34
Cisco
FirePower
Next-Gen
Firewall
(NGFW)
Cisco Firepower Next-Gen Firewall Virtual (NGFWv)
Advanced Security services to help defend your network
FirePOWER
Services
Next-Gen Firewall
Security
Subscription
thatthat
run run
on the
andand
provide
enhanced
levelslevels
of threat
and network
Subscriptionservices
services
onASA
FTDv
provide
enhanced
ofprotection
threat protection
andvisibility
network visibility
URL Filtering
Next-Generation
Intrusion Prevention
System
Advanced Malware
Protection
Application
Visibility and Control
Foundational
Functionality
Foundational
Internet Security
Built-in
services
to provide
basebase
protection
and connect
with otherwith
security
Built-infirewall
firewall
services
to provide
protection
and connect
othersolutions
security solutions
Stateful Firewalling
Policy Enforcement Point
for ISE
VPN Capabilities
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
36
Cisco Firepower Next-Gen Firewall Virtual (NGFWv)
•
Cisco Firepower NGFWv is available on VMware, KVM,
Amazon Web Services (AWS) and Microsoft Azure environments
for virtual, public, private, and hybrid cloud environments.
http://www.cisco.com/go/ngfw
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
37
Cisco vWLC
Wireless LAN
Controller
Cisco vWLC
Virtual Wireless LAN Controller
Virtual form-factor controller for any x86 server with VMware Hypervisor
ESXi 4.x or 5.x
•
Supports up to 3000 access points and 32000 clients across 200 branches
•
Supports 100 access points per branch
•
Co-resides with other virtualized network services, including Cisco Identity Services
Engine (ISE), Cisco Prime™ Infrastructure, and Cisco Mobility Services Engine (MSE)
•
Entry-level 802.11n, 802.11ac controller application for small to medium-sized
enterprises and branch offices
•
Pay as you grow licensing starting at support for five access points
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
39
Cisco vWLC: Virtual Wireless LAN Controller
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
40
Cisco vBranch
and ENCS
Freedom of Choice from VMS
Cisco Intelligent Branch
Traditional
Physical Router
Cisco®
4000 Series ISR
Centralized services
Fixed integrated services
Conservative
Virtual Managed
Services for SPs
Branch and Campus NFV
Physical Router
Virtual Services
Virtual Router
Virtual Services
Virtual Router
Virtual Services
4000 Series ISR +
UCS® E-Series
Enterprise Network
Compute System (ENCS)
UCS C-Series
Upgradable hardware
Deterministic routing
performance
Elastic routing and services
Router / Server Hybrid
Access to Ongoing
Innovation
License
Portability
Elastic routing and services
Performance
Early adopter
Investment
Protection
Introducing Cisco NFV managed by VMS
Network Services in Minutes
Virtual Managed Services (VMS & NSO for SPs)
Virtual Router
(ISRv / vEdge)
Virtual Firewall
(ASAv, FTDv)
Virtual WAN
Optimization
(vWAAS)
Virtual Wireless
LAN Controller
(vWLC)
Third-Party VNFs
Network Functions Virtualization Infrastructure Software (NFVIS)
Cisco 4000 Series ISR +
UCS® E-Series
Enterprise Network Compute
System
(ENCS)
Cisco® UCS
C-Series
Platform Built for Branch/Campus NFV
ENCS 5000 Series for the Branch
Best of Routing
& Compute
Complete
Virtualized Services
Open for Third Party
Services and Apps
Enterprise Network Compute System
ENCS 5100 Series
ENCS 5400 Series
ENCS 5000 Series - Chassis Options
ENCS5104
4-Core
ENCS5406
6-Core
ENCS5408
8-Core
ENCS5412
12-Core
ENCS 5104
ENCS 5406
ENCS 5408
ENCS 5412
CPU
4-core, 3.4 GHz
6-core, 1.9GHz
8-core, 2.0GHz
12-core, 1.5GHz
PoE
No
No
200W
200W
ISRv + 1 VNF
ISRv + 2 VNFs
ISRv + 3 VNFs
ISRv + 5 VNFs
Capacity Guidance
Shipping Now
Roadmap
ENCS 5400 Series – I/O Side
Integrated
Power Supply
16 - 64 GB
DRAM
8 Integrated LAN Ports
with Optional POE
Hardware Acceleration for
VM Traffic
6, 8, or 12-Core
Intel Xeon-D
Dedicated Board
Management Controller
USB 3.0
Storage
Optional Hardware
RAID Controller
Network Interface Module
for LTE & WAN
2 Onboard Gigabit
Ethernet ports
with SFP
Internal
M.2 Storage
64 – 400 GB
2 HDD or SSD
RAID 0 & 1
Q3 CY 2017
ENCS 5100 Series - I/O Side
Size: 1 RU
13” x 10”
16 & 32 GB
DRAM
Integrated
Power Supply
Console
& MGMT
4-Core AMD
CPU
4 GE ports
with 2 SFPs
M.2 Storage
64 – 400 GB
2 x USB 3.0
Storage
Optional
4G / LTE WAN
(Roadmap)
ENCS 5100 & 5400 Series Comparison
5100 Series
5400 Series
AMD Merlin Falcon, RX-421ND
Intel Xeon Broadwell D-1500 Series
4-core @ 3.4 GHz
6, 8, 12-core with Hyper-threading @ 1.5 – 2.0 GHz
2 MB
1.5 MB per core
Memory
16 – 32 GB
16 – 64 GB
Storage (M.2 SATA)
64 – 400 GB
64 – 400 GB
-
2 disks with RAID (SATA, SAS, SED, SSD)
12.7” x 10” x 1RU
17.5” x 12” x 1RU
4 x GE, Cellular
2 x GE, Cellular, T1, DSL, Serial
LAN
-
8 port Switch with Optional PoE
Hardware Offload
-
VM – VM Traffic, Crypto
Lights-out Management
-
Built-in CIMC
500 Mbps
2.5 Gbps
CPU Vendor / Model
CPU Cores / Frequency
CPU L2 Cache Size
Storage (SFF)
Dimensions
WAN Options
ISRv Performance
ENCS 5400 NIM Support
Managed simply by VMS
Category
Description
Availability on ENCS
WAN 4G LTE (CAT3)
USA, Canada, Europe, Australia & selected LATAM / APAC
Now
WAN 4G LTE (CAT6)
USA, Canada, Europe, Australia & selected LATAM / APAC
Now
WAN T1/E1
1, 2, 4 & 8 ports
Now
Serial
Asynchronous Serial: 16 & 24 ports
Q1 CY18
WAN xDSL
Multi-mode VDSL2 / ADSL Annex A, B & M
Q1 CY18
WAN Ethernet
Dual-PHY: 1 & 2 ports
Q1 CY18
LAN
Ethernet Switches: 4 & 8 ports
Q2 CY18
WAN Serial
Synchronous Serial: 1, 2 & 4 ports
Roadmap
Voice
T1/E1, FXS, FXO
Roadmap
Demo
Virtual Managed Services running
on a Virtual Branch x86 device
Network Functions simply managed from VMS
Cisco and 3rd Party Virtual Network Functions (VNFs)
Viptela vEdge
Windows Server
Linux
3rd Party
SD-WAN
Active Directory,
Custom Applications
Network Services
High Performance
File Share,
DNS/DHCP
Management & Monitoring
Rich Features
Server Applications
Example VMS
vBranch templates
•
•
Dual WAN Links
Protected with a Firewall
•
Add an Linux Server
SPs can create
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
52
Viptela vEdge VNF running on a VMS vBranch
VMS vBranch
WAN
(GE)
vEdge
Viptela
vEdge VNF is directly connected via GE port to the WAN Network
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
53
ISRv providing CUBE Voice Service for Viptela vEdge
Running on a VMS vBranch
vEdge is directly connected via GE port to the WAN Network
vEdge VNF is connected via GE port to an
ISRv that’s providing a CUBE Unified Communication Service
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
54
The Power of VMS vBranch…
Many vendors, Many services…One Branch
Internet
VMS vBranch
GE0-0
wan-br1
Firewall
& IPS
NFVIS
SD-WAN
ISRv
lan-br1
VMS Services
vWAAS
lan-br2
GE1-2
GE1-0
Branch Clients
Viptela vEdge
SD-WAN Service
Cisco vWAAS
WAN acceleration
Cisco ISRv
IOS-XE routing and mgt
Palo Alto FW
WAN firewall +
Intrusion Protection Service (IPS)
Cisco NFVIS
vBranch service chaining
and VNF Lifecycle mgt
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
55
Demo
Virtual Managed Services running
on a Virtual Branch x86 device
SP Managed Service Options
Branch Templates manage Physical (ISRs), Virtual (vBranch), and 3rd Party devices
Branches managed
from VMS running
in the SP Cloud
Many Service options,
defined by the SP,
created & managed by VMS
Zero touch provisioning
over secure mgt tunnels
Diverse Branch
topologies, defined
with VMS templates
BRKARC-2259
Real-time analytics
service assurance,
site and device status
from VMS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
57
VMS vBranch Architecture
NFVIS
VMS Orchestration and Management
Plug-n-Play
VM Lifecycle Management
Provisioning of VNFs
PnP Agent
• PnP Agent must automatically configure WAN interface
• Must download platform Profile
Lifecycle Management (ESC Lite)
VNF
VNF
VNF
VNF
vAPP
vAPP
NFVIS (Linux + ESC Lite+ PnP+CLI Agent)
•
•
•
•
•
Provide Northbound interface for Management/Orchestration
Provide System level information
Provide VNF management - Create, Modify, Delete
Provide interface with onboard LAN switch
Performance Monitoring of VNF’s
CLI/WebUI Agent
X86 Processor
Switch
NIC
Onboard Storage
M.2 SSD Default Storage
NIM
BMC
• Interface to configure onboard switch
• Provide Cisco® CLI wrapper
• Agnostic to switch vendor selected
Server Monitoring Agent
• Agent to interact with Orchestration system
• Web GUI Interface for Management and Configuration
Switch
NIC
8 Port Integrated Switch (only on Low)
Optional UPOE Support
Increased performance using SRIOV
Mirroring of traffic between VNFs
Drivers, Firmware, and Agents
• NIC and interface drivers
• Optional Crypto support
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
58
Optimized for Network Services
NFV Infrastructure Software (NFVIS)
Network Hypervisor
Zero-Touch Deployment
Supports segmentation of
virtual networks
Automatic connection to PnP server
Abstract CPU, memory,
and storage resources
Highly secure connection to the
orchestration system
Easy day-0 provisioning
Lifecycle Management
Service Chaining
Open API
Provisioning and launch of VNFs
Elastic service insertion
Failure and recovery monitoring
Multiple independent service
paths based on applications or
user profiles
Programmable API for
service orchestration
Stop and restart services
REST and NETCONF API
Dynamically add and
remove services
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
59
VMS managed ENCS advantages
over white box server
Superior Hardware Engineering
• Hardware acceleration of VM-to-VM traffic
flow
• WAN module support
• 4G/LTE
• T1/E1
• xDSL
Superior Operational Platform
• Secure Management of all VNFs from a single
multi-tenant, multi-service platform (VMS)
• Support for Cisco and 3rd Party VNFs, securely
managed by VMS
• Crypto hardware offload
• Secure VNF Lifecycle management
• BMC/CIMC – Lights out (server) management
• Enterprise class grade components
(comparable to an ISR)
• Branch Form factor
• Shock, vibration, acoustic
• Support for Software and Hardware RAID on 12”
chassis
• LTE modules can support Dying gasp support that
is available on NIMs.
• Remote recovery of system over LTE modules
• Ability for increasing switch port density with NIMs.
NSO 3rd Party Integrations…managed simply by VMS
Open Platform with the Broadest Multi-vendor support, and Vendor Qualification
3rd Party VNFs
available through VMS
Network Services Orchestrator (NSO) - Over 100 Vendors Supported
Cisco Vendor Qualification Program
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
61
NSO 3rd Party Integrations…managed simply by VMS
Open Platform supporting BOTH Lifecycle Mgt AND Orchestration of 3rd Party products
VNF Service Orchestration
VNF Lifecycle Mgt
Select VNF
(Fortinet)
1
Fortinet VNF
Service
Selection
3
Select Cloud
Fortinet VNF
provision
(SP or AWS or vBranch)
Monetize the
Service
2
Fortinet VNF boot
VNF Lifecycle Functions
VNF (or Device) Service Orchestration
 Allocate VNF Resource
 Secure mgt connection
 Locate / Boot Image
 Create / Provision VNF Service
 Load Day 0 Config
 Monitor VNF Service
 Monitor VNF / Analytics
 Collect Service Analytics
 VNF High Availability
 Add / Delete / Change Service
 Add / Delete VNFs
 Multi-tenant, 1000’s of Services
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
62
Demo
Virtual Managed Services running
CloudVPN demo
VMS Cloud VPN Service Package
Service Provider Cloud
Enterprise
Headquarters
Managed
CPE
Cloud Services made easy with
Virtual Network Functions:
• VPNs and Routing
• Web Security
• Internet Firewall
Remote
Access VPN
Users
Branch 1
Internet
Access
Branch 2
AWS Branch
CSRv
IPSec
VPN
CSRv
Cloud
Router
WSAv
L3 Interface
Web
Security
ASAv
Internet
Firewall
Security
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
66
Firepower NGFW Cloud Security Service Use Case
Enterprise
Headquarters
Service Provider
Cloud
FMC
Firepower
Management Center
Services
Managed
CPE
Multi-tenant Sensor Mgt
Per Tenant Threat Reporting
Remote Access
VPN
Branch 1
Managed
CPE
Branch 2
Managed
CPE
Branch 3
IPSec
VPN
CSRv
Cloud Services
Router
Managed
CPE
Services
IPSec VPN
Firewall
BGP
L3 Interface
NGFW
Firepower
Internet
Access
Internet
Services
Intrusion Protection (IPS)
Application Visibility Control (AVC)
Geographic IP Control
Advanced Malware Protection (AMP)
URL Filtering
Internet Firewall
Remote Access VPN
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
67
Demo
Virtual Managed Services extensions
to Viptela Services
Better Together: Providing Better Outcomes
Leading Routing &
SD-WAN Platforms
Cloud-managed &
Feature-rich SD-WAN
Together, helping businesses and IT to innovate faster, securing and delivering
better customer outcomes, while reducing costs and lowering risk
Goal: Building next generation SD-WAN solutions
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
100+ Global Enterprise Customers Across Verticals
FinServ
Retail
FINSERV
RETAIL
HEALTHCARE
/ PHARMA
Healthcare
/ Pharma
MANUFACTURING
Manufacturing
TECHNOLOGY
Technology
OTHER
INDUSTRIES
Other
Industries
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Viptela Integration Plan
Phase 1
Phase 2 (9-12 mo)
Phase 3 (12-mo +)
vManage
vManage
DNA Center
+ SD-WAN
Deployment Scenarios
No Integration
vEdge
Benefits
Details
Platform Integration
vEdge
Support and Scale the current
sales motion
Management Integration
vEdge
ISR4K + vEdge SW
Viptela SD-WAN on strategic
ISR platform
Deliver end-to-end experience
with full DNA & DNA-SP
integration
Platform:
Platform:
Management:
•
•
•
As-is
Management:
•
vManage
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
vEdge capabilities integrated into all IOS-XE
platforms (ISR, CSR, ENCS, ASR1K)
Management:
•
vManage for SD-WAN capabilities on IOS-XE
ISR4K + vEdge SW
•
Cloud hosted DNA Center-SP integrates
vManage capabilities
Full DNA Center-SP capabilities (Assurance,
Integrated workflows for SD-Access and
SD-WAN)
Viptela Secure Extensible Network
vManage
Orchestration Plane
vOrchestrator
vSmart
vBond
MANAGEMENT
vEdge
Management Plane
API
(Multi-tenant or Dedicated)
ANALYTICS
ORCHESTRATION
Control Plane
(Containers or VMs)
CONTROL
INTERNET
MPLS
4G
Data Plane
(Physical or Virtual)
Cloud
Data Center
Campus
Branch
Home Office
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simplified Management and Operations
Single Pane Of Glass Operations
Rich Analytics
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
vEdge-1000 and vEdge-2000 Routers
vEdge 1000








1 Gbps AES-256
1RU, standard rack mountable
8x GE SFP (10/100/1000)
TPM chip
3G/4G via USB (or) Ethernet
Security, QoS
Dual Power supplies (external)
Low power consumption
vEdge 2000











10 Gbps AES-256
1RU, standard rack mountable
4x Fixed GE SFP (10/100/1000)
2 Pluggable Interface Modules
8 x 1GE SFP (10/100/1000)
2 x 10GE SFP+
TPM chip
3G/4G via USB (or) Ethernet
Security, QoS
Dual power supplies (internal)
Redundant fans
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
vEdge-100 Routers
vEdge 100m
vEdge 100mw
vEdge 100









100 Mbps AES-256
5x 1000Base-T
TPM chip
Security, QoS
External AC PS
Kensington lock
Fan-less
9” x 1.75” x 5.5”
GPS











100 Mbps AES-256
1RU
5x 1000Base-T
1x POE port
2G/3G/4G LTE
Internal AC PS
1x USB-3.0
TPM Board-ID
Kensington lock
Low power fan
GPS












100 Mbps AES-256
1RU
5x 1000Base-T
1x POE port
2G/3G/4G LTE
802.11a/b/g/n/ac
Internal AC PS
1x USB-3.0
TPM Board-ID
Kensington lock
Low power fan
GPS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Extending Viptela with VMS
6
SP OSS/BSS
1
1
VMS
3
Public Cloud, VMS on-boarding Viptela service
3
VMS vBranch support, Viptela vEdge VNFs
4
VMS Cloud based Service Extensions
5
VMS Service Interconnects, installed networks
6
VMS OSS/BSS APIs (VMS micro-service)
VMS vBranch (ENCS)
VMS
VMS
Tenant 1 Tenant 2
3rd Party
VNFs
ASAv
FTDv
VMS
Tenant 3
Viptela SD-WAN
Controllers
Viptela
vEdge
vManage
vSmart & vBond
Viptela
SD-WAN Fabric
SP Data Center
Cloud
Services
SP Data Center
INTERNET
4G
MPLS
Security and Cloud Services
VMS
Tenant 4
vEdge
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
5
Public Cloud
Internet
SP
Services
4
2
Viptela
Customer Sites
(vEdge)
VMS Multi-tenancy, Viptela Controller on-boarding
2
Interconnects with
installed Networks
Hosted Collaboration,
Security, Storage…
How to transform your Business…
Conclusions
VMS Disruptive Technologies unlock new Services
Allowing Industry to Address new Market Opportunities
Orchestration
Virtual and Physical
devices,
Cisco and 3rd Party
Simple service models
and device models
(YANG, XML)
Network Elements
Drivers, Conf-D,
and CLI
Config Roll back,
Service Extensions,
100,000 Devices
Network Functions
Virtualization
VNF Lifecycle Mgt
and
Service Orchestration
VNFs run in the Cloud
or
Virtual Branch (x86)
VNF Smart Licensing
and Pay-as-you-Grow
Pricing Models
VNF Certification of
Cisco and 3rd Party
VNFs
Cloud Native
Web Scale design,
Multi-tenant 1,000s,
Service Orientation
Runs in any cloud,
public or private
(VIM Independent)
Micro-services, Docker
Containers, Kubernetes,
Geo-redundancy
Auto Rendered UI,
Tenant Self-Service,
Monetized offers
Software-Defined
Networking
Central Device Mgt,
Secure ID (RBAC),
Zero Touch Provision
Self-healing Networks,
Configuration Guard
Rails
Service Creation
capable, including
analytics & monitoring
REST APIs to
OSS/BSS for
billing and SLAs
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
78
Why do SPs want VMS VNF/SDN Services?
Bring up new tenants and services in minutes
Simplify service activation, management,
and assurance for 1000’s of devices/tenants
More cost effective WAN options with better
performance and greater capacity
Simplify
service creation while
delivering better app
experiences over any
branch connection.
“Cisco VMS is helping
us to deliver secure,
high-performance
virtualized services
with agility to our
clients.”
Cisco NFV/SDN made easy with Virtual Managed Services
Rapid Time to Market, Proven Scale and Security
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
79
Thank you
Backup
Thank you
Zero Touch
Provisioning
VMS CPE Onboarding
Zero Touch Provisioning using Cloud Plug and Play (PnP) server
Secure management tunnels using Network Service Orchestrator (NSO)
Customer IWAN Hub Site
IWAN
Master
Controller
1
Onboard new branch CPE to NSO with specific identifier
(Serial #) and wait for CPE to be booted
2
CPE calls home using HTTPS (with Crypto/Cert) to the
VMS PnP Server. CPE Identity based on CPE Serial #
3
PnP Delivers CPE Day 0 config including Mgt Keys
to form secure FlexVPN Mgt Tunnel (IKEv2)
VMS in a
Service Provider
Datacenter
1 NSO
CPE #15
4
MPLS
Border
Router
5
PnP
Server
DMVPN
MPLS
Secure FlexVPN Mgt Tunnel is created for subsequent
CPE configurations, analytics, and monitoring
5
NSO sends tenant configuration to the CPE device
6
NSO creates DMVPN Tunnels between CPE and
Hub devices and completes service activation
INET
Border
Router
DMVPN
INET
6
6
2
VMS
Mgt Hub
3
4
5
Branch
CPE #15
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
83
Cisco
Smart Software
Licensing
Cisco ESC Smart Licensing
•
VNF Licensing is another core task in virtualized environments that typically
requires manual processes to activate the VNF license.
•
Cisco’s new “pay-as-you-go” Smart licensing model, on supported VNFs.
•
With Smart Licensing, instead of having to manually activate licenses for each
virtual machine, the virtual machine registers itself with a centralized licensing
server on boot-up, tracks how the resource is used, and bills on a consumption
basis.
•
This setup provides important flexibility for elastic environments, allowing you to
expand and contract as needed, in a completely automated fashion, while
paying only for the resources you actually consume.
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
85
Smart Licensing Example – More Flexible with PAYG
•
Cisco Smart Software Licensing
makes it easier to buy, deploy,
track, and renew Cisco licenses.
•
Simpler purchase and activation of
the VM, Pay-as-you-grow (PAYG)
•
Easier license management and
reporting of virtual appliances
due to license pooling
•
Automatic license activation when
the virtual appliance is provisioned
•
Customers can view product
entitlements and services in the
Cisco Smart Software Manager.
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
86
VMS REST APIs
REST APIs and Software Development Kits
Simple to use, simple to create new SP Services
•
All VMS Services are
configurable via
REST APIs
•
New Services can be
created through the
Software Development
Kit (SDK)
BRKARC-2259
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
88
Thank you