Goodbye Manual Configurationclnv.s3.amazonaws.com/2017/anz/pdf/BRKSPG-2380.pdf · ZTE xPON OLT...
Transcript of Goodbye Manual Configurationclnv.s3.amazonaws.com/2017/anz/pdf/BRKSPG-2380.pdf · ZTE xPON OLT...
Goodbye Manual Configuration:Service Centric SDN, NFV and OrchestrationBilal Alam
Software Solutions Architect - Management and Network OrchestrationBRKSPG-2380
Network Services Orchestration:1. Current State vs Desired State
Hardcoded, Template & Swivel Chair Approach
2. Model Driven Architecture:Not all models are created equal
3. Future Proof Platform:Network Abstraction & Decoupled Services
4. Service Centricity:Benefits & Business Impact
5. Use-cases & Demo:Physical+NFV, Multi-Vendor, Cross-domain Orchestration
Agenda
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4BRKSPG-2380
Current State - Pain Points
• Complex & Expensive
• Slow & Error Prone
• Manual & Swivel Chair
• Network Layer the Bottleneck
Metro and Access WAN Data Centre
EMSEMS EMS
NMSNMS
CLICLICLI
CLICLI
CLI
Provisioning A
Provisioning B
Activation C
Provisioning D
Activation E
Customer Orders
INTE
GR
ATI
ON
TAX
AD
APT
ERTA
X
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Hardcoded Services
• Vertically Stacked
• Tight coupling
• Slow cross-domain activation
• Out-of-house service builds
• High cost of “change request”
Metro and Access WAN Data Centre
EMSEMS EMS
NMSNMS
CLICLICLI
CLICLI
CLI
Provisioning A
Provisioning B
Activation C
Provisioning D
Activation E
Customer Orders
INTE
GR
ATI
ON
TAX
AD
APT
ERTA
X
BRKSPG-2380 5
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Going ForwardExecution at the speed
of software
§ Service Innovation§ Agility & DevOps§ NFV & SDN
Rapidly changing business models
§ Cloud, Virtualisation, Programmable Networks
§ New ecosystems andvalue chains
Changing customer behaviour
§ INSTANT Activation§ Self-Service Portal
All of this requires flexible automation..
BRKSPG-2380 6
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Business Impact
• Bring new service offering to market: 300+ days
• Cross-domain Service Activation: 2 - 4 weeks
• Service Configuration Fidelity: NO single source of truth
• Service Assurance & Troubleshooting: Manual/Operator driven
BRKSPG-2380 7
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Solution[s]: Depends on who you ask!!!
• Device Programmability: SNMP, WSMA, OnePK, NETCONF/YANG, …
• Domain Centric SDN Controller: Control-Plane/Data-Plane Separation
• Domain Centric Overlay Networks: VXLAN
• Virtualisation: NFV on Commodity Hardware
“The need for a comprehensiveEnd-to-End Approach”
BRKSPG-2380 9
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
a
Service Orchestration Solution
Network
DevicePlatformLegacy &NC/YANG
SDNControllers
EMSNMS
OverlaysVirtual &Physical
NFVVNFs
VNF-MsVIMs
Ability to LeverageAny Device, Any Vendor, Any Technology
Present and Future
BRKSPG-2380 10
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Service Orchestration Solution
Quality
InnovationAgility
OperationalExcellence
Single source of truthPrecision and Traceability
Future proofLeverage ANY technology Rapidly build cross-domain services on multi-vendor hybrid networks.Standards based
Instant activationTransactional guarantees
Automatic rollback on failure
BRKSPG-2380 11
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Service Orchestration Solution
• Service Innovation
• Service Time to Market
• Service Order to Activation
• Service Data Quality
It should ALWAYS be about the SERVICES
Metro and Access WAN Data Centre
L2VPN L3VPN NFV SECURITY BOD BCAL
Services Layer
Network Layer
BRKSPG-2380 12
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
STEP1: Network Abstraction – Future proofed
• Precise data-model for the entire network. YANG based device-models.
• Automatic CRUDs on network elements via NEDs - normalised south-bound interfacing
• Generic way of consuming the network irrespective of technology vendor, platform, device.
Metro and Access WAN Data Centre
Tail-f NSO: Service Centric Platform
Network Abstraction – YANG Data Models
Domain Controller
EMS
VNF-MNMS
SDNc
Network becomes YANG
BRKSPG-2380 14
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
A
B
FASTMAP
Device-Models
• Precise YANG definition for device’s configuration/operational space
• Can be rendered into other formats:• XSD/XML• JSON• NATIVE – Device’s SB protocol
BRKSPG-2380 15
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Fragile Adapter Network Element Driver (NED)Cisco IOS Device Model...
// interface GigabitEthernet *list GigabitEthernet {tailf:info "GigabitEthernet IEEE 802.3z";tailf:cli-allow-join-with-key {tailf:cli-display-joined;
}tailf:cli-mode-name "config-if";tailf:cli-suppress-key-abbreviation;key name;leaf name {type string {pattern "[0-9]+.*";
}}uses interface-common-pre-grouping;uses interface-ethernet-pre-grouping;uses interface-switch-grouping;uses interface-ethernet-grouping;uses interface-common-grouping;uses interface-zone-member-grouping;
}
Cisco IOSNED Engine
South Bound Protocol: CLI
YANG Model
BRKSPG-2380 16
Declarative
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NEDs (1/6)Vendor Device/Platform
A10 Networks AX SeriesThunder Series
Adtran Total Access 900 SeriesTotal Access 5000 Series
Adva Carrier Ethernet FSP 150CC Series
Affirmed Networks Acuitas Service Management System
Alcatel-Lucent 7210 Service Access Switch 7450 Ethernet Service Switch 7705 Service Aggregation Router 7750 Service Router 7950 Extensible Routing System
Arista 7048 Series7050 Series7150 SeriesvEOS
Brocade NetIron CES 2000 SeriesNetIron MLXe Series NetIron XMR SeriesServerIron ADX Series
Vendor Device/Platform
Ciena 3000 Family 5000 Family ESM
Cisco Application Policy Infrastructure Controller Data Centre (APIC-DC)
ASAASA 1000V Cloud Firewall ASA 5500-X Series Next-Generation FirewallsAdaptive Security Virtual Appliance
IOS800 Series Routers1800 Series Integrated Services Routers1900 Series Integrated Services Routers2500 Series Routers2600 Series Multiservice Platforms2800 Series Integrated Services Routers2900 Series Integrated Services Routers3800 Series Integrated Services Routers
BRKSPG-2380 17
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NEDs (2/6)Vendor Device/Platform
Cisco Catalyst 6900 Series Ethernet Interface Module Cloud Services Router 1000V SeriesME 3400 Series Ethernet Access SwitchesME 3600X Series Ethernet Access SwitchesME 3800X Series Carrier Ethernet Switch RoutersME 4900 Series Ethernet SwitchesuBR10000 Series Universal Broadband Routers
ASR 900 Series Aggregation Services RoutersASR 1000 Series Aggregation Services RouterscBR Series Converged Broadband RoutersCloud Services Router 1000V SeriesRF Gateway Series
IOS XR12000 Series RoutersASR 9000 SeriesCarrier Routing SystemIOS XRv Router
Vendor Device/Platform
Cisco IOS/IOSXE3900 Series Integrated Services Routers7200 Series Routers7600 Series Routers
Catalyst 2900 Series SwitchesCatalyst 2960 Series SwitchesCatalyst 2960-X Series SwitchesCatalyst 3550 Series Intelligent Ethernet SwitchesCatalyst 3750 Metro Series SwitchesCatalyst 3850 Series SwitchesCatalyst 4500 Series SwitchesCatalyst 4500E Series
• Supervisor Engine 7-E• Supervisor Engine 8-E
Catalyst 4500-X Series Aggregation SwitchCatalyst 4900 Series SwitchesCatalyst 6500 Series
• 10 Gigabit Ethernet Modules• Mixed Media Gigabit Ethernet Modules• Supervisor Engine 2T• Switches
Catalyst 6500-E Series Chassis
BRKSPG-2380 18
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NEDs (3/6)Vendor Device/Platform
F5 Networks BIG-IP 1600 BIG-IP 3600 BIG-IP 3900 BIG-IP 6400 BIG-IP 8900 BIG-IP Virtual Edition Viprion Chassis
Fortinet FortiGate 200 SeriesFortiGate 500-300 SeriesFortiGate 800-600 SeriesFortiGate 1000 SeriesFortiGate 3000 SeriesFortiGate Virtual Appliances
Vendor Device/Platform
Cisco NX OSNexus 1000v Series SwitchesNexus 3000 Series SwitchesNexus 5000 Series SwitchesNexus 6000 Series SwitchesNexus 7000 Series SwitchesNexus 9000 Series SwitchesNexus 9300 Platform Switches
Policy Suite (CPS/QPS)
StarOSASR 5000 SeriesQuantum Virtualised Packet Core (QvPC-SI/-DI)
Web Security Appliance (WSA)
Citrix Netscaler 1000v
BRKSPG-2380 19
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NEDs (4/6)Vendor Device/Platform
Huawei ATN SeriesNetEngine40E Series Universal Service RouterNetEngine5000E Cluster RouterQuidway S3300 Series Switches
Juniper EX Series Ethernet Switches Firefly Perimeter (Virtual SRX) M Series Multiservice Edge Routers MX Series 3D Universal Edge Routers QFX Series SRX Series Services Gateways
Vendor Device/Platform
Overture 14002200500051006000
Palo Alto Networks
PA-2000 Series PA-3000 SeriesPA-5000 SeriesVirtualised Firewalls
ProceraNetworks
PacketLogic 9000 Platform
Quagga Quagga Routing Software Suite (BGP module)
BRKSPG-2380 20
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NEDs (5/6)Vendor Device/Platform
F5 Networks BIG-IQ
H3C S5800 series
Infinera DTN-X Multi-Terabit Packet Optical NetworkPlatform
Juniper Contrail Controller
MRV Communications
Master-OSOptiSwitch 9000 series
NEC iPASOLINK family
Netfilter Iptables (Linux)
Nominum DCS
OneAccess OneOS for RoutersOne540
Open vSwitch OVSDB (shell)
Vendor Device/Platform
OpenDaylight ControllerLithium
Openstack Cloud Operating SystemIdentity (Keystone)Networking Service (Neutron)Image Service (Glace)Compute (Nova)
Pulsecom SuperG
Riverbed Steelhead Series
Silver Peak VXOA Virtual Appliance
Sonus SBC 5000 Series
Telco Systems BiNOXT-Marc Family
VMware vSphere
ZenOSS Service Dynamics
ZTE xPON OLT
BRKSPG-2380 21
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NEDs (6/6)Vendor Device/Platform
AccedianNetworks
High Performance Service Assurance MetroNID
Alcatel-Lucent 5620 Service Aware Manager
Allied Telesis x210 Series
Amazon Amazon Web Services
Avaya ERS 4000 Series
SR 8000 Series
VSP 9000 Series
Brocade Vyatta 5400 vRouter (Vyatta VSE)
CableLabs Converged Cable Access Platform
Vendor Device/Platform
Cisco ME-1200
ME-4600
Meraki
NCS2k (CTC)
Prime Network Registrar (PNR)
UCS Manager
Clavister cOS CoreEagle Series
Coriant 8600 Smart Router Series
Datacom DM2100-EDD FamilyDM4000 Family
Dell Force10 Networking S-Series
Ericsson EFN324 SeriesSE family
BRKSPG-2380 22
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device-ModelsCisco IOS Device Model...
// interface GigabitEthernet *list GigabitEthernet {tailf:info "GigabitEthernet IEEE 802.3z";tailf:cli-allow-join-with-key {tailf:cli-display-joined;
}tailf:cli-mode-name "config-if";tailf:cli-suppress-key-abbreviation;key name;leaf name {type string {pattern "[0-9]+.*";
}}uses interface-common-pre-grouping;uses interface-ethernet-pre-grouping;uses interface-switch-grouping;uses interface-ethernet-grouping;uses interface-common-grouping;uses interface-zone-member-grouping;
}
Huawei VRP Device Model...// interface GigabitEthernet *list GigabitEthernet {
tailf:info "GigabitEthernet interface";tailf:cli-full-command;key name;
leaf name {}
// interface GigabitEthernet * / descriptionuses interface-description;
// interface GigabitEthernet * / vlan-typeuses interface-vlan-type;
// interface GigabitEthernet * / speedleaf speed {}
// interface GigabitEthernet * / duplexleaf duplex {}
// interface GigabitEthernet * / mtuuses interface-mtu;
// interface GigabitEthernet * / ipcontainer ip {}
Juniper Junos Device Model...grouping top-configuration {
leaf version {type string;description "Software version information";
}container system {description "System parameters";uses juniper-system;
}list logical-systems {key "name";description "Logical systems";uses juniper-logical-system;
}container chassis {description "Chassis configuration";uses chassis-type;
}container interfaces {description "Interface configuration";uses apply-group;uses apply-macro;list pic-set {key "name";ordered-by user;
ALU-SR Device Model...list port {
tailf:info "Configure physical ports";key port-id;leaf port-id {}leaf description {}container access {}container egress {}container ingress {}
}container ethernet {leaf mode {}container access {}container autonegotiate {}
leaf dot1q-etype {}leaf duplex {}container efm-oam {}
BRKSPG-2380 23
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
STEP2: Network is a YANGRelocating to the Services Layer
Metro and Access WAN Data Centre
Tail-f NSO: Service Centric Platform
Network Abstraction – YANG Data Models
Domain Controller
EMS
VNF-MNMS
SDNc
Move up the stack
BRKSPG-2380 24
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
STEP3: Build Decoupled Services
• Services defined in YANG. No Hardcoded Services.
• Services are Customer’s Intellectual Property
• Loosely coupled, precise “Mapping” from Service Yang à Device[s] Yang
Metro and Access WAN Data Centre
Tail-f NSO: Services Orchestration Platform
Customer Orders
L2VPN L3VPN NFV SECURITY
Network Abstraction - YANG Data Models
Domain Controller
EMS
VNF-MNMS
SDNc
BOD Service X
BRKSPG-2380 25
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27BRKSPG-2380
L3VPN - CRUDCisco IOS-XRvrf POC-holden-VRFaddress-family ipv4 unicastimport route-target4747:65123exitexport route-target4747:65123exitexit
exitinterface GigabitEthernet 0/0/0/1.123description holden: Link to main-officeipv4 address 30.10.10.1 255.255.255.0vrf POC-holden-VRFencapsulation dot1q 123
exitrouter bgp 4747vrf POC-holden-VRFrd 4747:65123address-family ipv4 unicastredistribute connectedredistribute staticexitneighbor 30.10.10.2remote-as 65123address-family ipv4 unicastas-overridesend-community-ebgp
Huawei VRP...// interface GigabitEthernet *list GigabitEthernet {
tailf:info "GigabitEthernet interface";tailf:cli-full-command;key name;
leaf name {}
// interface GigabitEthernet * / descriptionuses interface-description;
// interface GigabitEthernet * / vlan-typeuses interface-vlan-type;
// interface GigabitEthernet * / speedleaf speed {}
// interface GigabitEthernet * / duplexleaf duplex {}
// interface GigabitEthernet * / mtuuses interface-mtu;
// interface GigabitEthernet * / ipcontainer ip {}
ALU-SR...list port {
tailf:info "Configure physical ports";key port-id;leaf port-id {}leaf description {}container access {}container egress {}container ingress {}
}container ethernet {leaf mode {}container access {}container autonegotiate {}
leaf dot1q-etype {}leaf duplex {}container efm-oam {}
Juniper Junosinterfaces {
interface xe-0/0/2 {vlan-tagging;unit 431 {
description "holden: Link to branch1";vlan-id 431;family {
inet {address 30.15.15.1/24;
...routing-instances {
instance POC-holden-RI {instance-type vrf;interface xe-0/0/2.431;route-distinguisher {
rd-type 4747:65123;}vrf-import [ POC-holden-IMP ];vrf-export [ POC-holden-EXP ];protocols {
bgp {group POC-holden-BGP {
type external;peer-as 65123;local-as {
as-number 4747;}neighbor 30.15.15.2;
}...
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28BRKSPG-2380
L3VPN - CRUDCisco IOS-XRinterface GigabitEthernet 0/0/0/2.222description holden: Link to branch2ipv4 address 40.10.10.1 255.255.255.0vrf POC-holden-VRFencapsulation dot1q 222exitrouter bgp 4747vrf POC-holden-VRFneighbor 40.10.10.2remote-as 65123address-family ipv4 unicastas-overridesend-community-ebgpexitexitexitexit}
Huawei VRP...// interface GigabitEthernet *list GigabitEthernet {
tailf:info "GigabitEthernet interface";tailf:cli-full-command;key name;
leaf name {}
// interface GigabitEthernet * / descriptionuses interface-description;
// interface GigabitEthernet * / vlan-typeuses interface-vlan-type;
// interface GigabitEthernet * / speedleaf speed {}
// interface GigabitEthernet * / duplexleaf duplex {}
// interface GigabitEthernet * / mtuuses interface-mtu;
// interface GigabitEthernet * / ipcontainer ip {}
ALU-SR...list port {
tailf:info "Configure physical ports";key port-id;leaf port-id {}leaf description {}container access {}container egress {}container ingress {}
}container ethernet {leaf mode {}container access {}container autonegotiate {}
leaf dot1q-etype {}leaf duplex {}container efm-oam {}
Juniper Junosinterfaces {
interface xe-0/0/4 {vlan-tagging;unit 333 {
description "holden: Link to branch3";vlan-id 333;family {
inet {address 50.20.20.1/24;
}}
}}
}routing-instances {
instance POC-holden-RI {interface xe-0/0/4.333 {}protocols {
bgp {group POC-holden-BGP {
# after neighbor 30.15.15.2neighbor 50.20.20.2;
}}
}}
}
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29BRKSPG-2380
L3VPN - CRUDCisco IOS-XRvrf POC-holden-VRFaddress-family ipv4 unicastimport route-targetno 4747:651234747:65222exitexport route-targetno 4747:651234747:65222exitexitexitrouter bgp 4747vrf POC-holden-VRFrd 4747:65222neighbor 30.10.10.2remote-as 65222exitneighbor 40.10.10.2remote-as 65222exitexitexit
Huawei VRP...// interface GigabitEthernet *list GigabitEthernet {
tailf:info "GigabitEthernet interface";tailf:cli-full-command;key name;
leaf name {}
// interface GigabitEthernet * / descriptionuses interface-description;
// interface GigabitEthernet * / vlan-typeuses interface-vlan-type;
// interface GigabitEthernet * / speedleaf speed {}
// interface GigabitEthernet * / duplexleaf duplex {}
// interface GigabitEthernet * / mtuuses interface-mtu;
// interface GigabitEthernet * / ipcontainer ip {}
ALU-SR...list port {
tailf:info "Configure physical ports";key port-id;leaf port-id {}leaf description {}container access {}container egress {}container ingress {}
}container ethernet {leaf mode {}container access {}container autonegotiate {}
leaf dot1q-etype {}leaf duplex {}container efm-oam {}
Juniper Junospolicy-options {
community {- members [ target:4747:65123 ];+ members [ target:4747:65222 ];- members [ target:4747:65123 ];+ members [ target:4747:65222 ];
}}routing-instances {
instance POC-holden-RI {route-distinguisher {
- rd-type 4747:65123;+ rd-type 4747:65222;
}protocols {
bgp {group POC-holden-BGP {
- peer-as 65123;+ peer-as 65222;
}}
}}
}
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30BRKSPG-2380
L3VPN - CRUDinterface GigabitEthernet 0/0/0/1.123no vrf POC-holden-VRF
exitinterface GigabitEthernet 0/0/0/2.222no vrf POC-holden-VRF
exitno vrf POC-holden-VRFno router bgp 4747no interface GigabitEthernet 0/0/0/1.123no interface GigabitEthernet 0/0/0/2.222
Huawei VRP...// interface GigabitEthernet *list GigabitEthernet {
tailf:info "GigabitEthernet interface";tailf:cli-full-command;key name;
leaf name {}
// interface GigabitEthernet * / descriptionuses interface-description;
// interface GigabitEthernet * / vlan-typeuses interface-vlan-type;
// interface GigabitEthernet * / speedleaf speed {}
// interface GigabitEthernet * / duplexleaf duplex {}
// interface GigabitEthernet * / mtuuses interface-mtu;
// interface GigabitEthernet * / ipcontainer ip {}
ALU-SR...list port {
tailf:info "Configure physical ports";key port-id;leaf port-id {}leaf description {}container access {}container egress {}container ingress {}
}container ethernet {leaf mode {}container access {}container autonegotiate {}
leaf dot1q-etype {}leaf duplex {}container efm-oam {}
Juniper Junosinterfaces {
interface xe-0/0/2 {- unit 431 {- description "holden: Link to branch1";- vlan-id 431;- family {- inet {- address 30.15.15.1/24;...- interface xe-0/0/4 {- unit 333 {- description "holden: Link to branch3";...routing-instances {- instance POC-holden-RI {- instance-type vrf;- interface xe-0/0/2.431;- interface xe-0/0/4.333;- route-distinguisher {- rd-type 4747:65222;- }- vrf-import [ POC-holden-IMP ];- vrf-export [ POC-holden-EXP ];- protocols {- bgp {- group POC-holden-BGP {- type external;- peer-as 65222;- neighbor 30.15.15.2;- neighbor 50.20.20.2;
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31BRKSPG-2380
NFV Service CRUD
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Slow - Traditional Workflow
ServiceANY Infra-structure Change
ANY Service Change
How many workflows do you need?Complexity growths exponentially
BRKSPG-2380 32
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Tail-f NSO Overview
DeviceModelsNetwork Element Drivers
Device Manager
Service Manager
Tail-f NSO ServiceModels
Networkwide CLI and Web UIREST, NETCONF, JSON-RPC, Java…
Network Engineer
ManagementApplications
NETCONF, CLI, SNMP, REST, etc.
• EMS• Applications• Controllers
33BRKSPG-2380
Service Orchestration Platform - Open & Modular
UtilityModels
Runtime Package Directory
“ANY” Device Programmability
Network-wide Programmability
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
The YANG Dream TeamService Designer1. Strong in “Abstraction” based thinking.2. Object Oriented approach to decompose big problems into smaller parts.3. Familiarity with data-structures and programming logic
Network-Architect/Network-Operator1. Very strong in Networking2. Translate service outcomes into required Network-Functions and configs.3. Operations: Ability to formulate ways in which service “outcome” is consumed
34BRKSPG-2380
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Service Model example:
A
BRKSPG-2380 35
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creation Mapping
A
ServiceCREATIONmapping
UPDATE, DELETE and REDEPLOY
INFERRED
FASTMAP
BRKSPG-2380 36
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creation Mapping
A
ServiceCREATIONmapping
UPDATE, DELETE and REDEPLOY
INFERRED
FASTMAP
BRKSPG-2380 37
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
‘MODIFYSERVICE’FLOW‘MODIFYSERVICE’FLOW‘MODIFYSERVICE’FLOW
Activation: NSO vs Traditional
‘CREATESERVICE’FLOW
‘MODIFYSERVICE’FLOW
‘DELETESERVICE’FLOW
‘RE-DEPLOYSERVICE’FLOW
MODIFY“ALL” FLOWS
WORKFLOW-DRIVEN(Traditional)
Minimalrequired
“workflows”
AtInsertion ofnewDevice,Platform,Technology
‘CREATESERVICE’MODEL
‘MODIFYSERVICE’MODEL
‘DELETESERVICE’MODEL
‘RE-DEPLOYSERVICE’MODEL
ADD/UPDATE1NED(minimises impact toservices layer)
MODEL-DRIVEN(NSO)
Minimalrequired“models”
AtInsertion ofnewDevice,Platform,Technology
BRKSPG-2380 38
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39BRKSPG-2380
Examples: Service Modelslist l3vpn {leaf name {}
leaf as-number {}
list site {leaf name {}
leaf device {}
leaf link {}
leaf vlan-id {}
leaf ip-address {}
}}
list nfvService {leaf name {}
leaf as-number {}
list site {}
leaf nfvDcNode {}
container virtualOffice {}
container internet {}
container security {}
container ips {}
container remoteAccess {}}
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40BRKSPG-2380
Creation Mappinglist l3vpn {leaf name {}
leaf as-number {}
list site {leaf name {}
leaf device {}
leaf link {}
leaf vlan-id {}
leaf ip-address {}
}}
<devices xmlns="http://tail-f.com/ns/ncs"><device><name>{$SITE_DEVICE}</name><config tags="merge"><configuration xmlns="http://xml.juniper.net/xnm/1.1/xnm" tags="merge"><interfaces><interface><name>{$SITE_LINK}</name><unit><name>{$SITE_VLAN}</name><description>{$TENANT_NAME}: Link to {$SITE_NAME}</description><vlan-tags/><vlan-id>{$SITE_VLAN}</vlan-id><family><inet><address><name>{$SITE_PE_PREFIX}</name>
...</interfaces><routing-instances><instance><name>POC-{$TENANT_NAME}-RI</name><instance-type>vrf</instance-type><interface><name>{$SITE_LINK}.{$SITE_VLAN}</name>
</interface><route-distinguisher><rd-type>4747:{$AS_NUMBER}</rd-type>
</route-distinguisher><vrf-import>POC-{$TENANT_NAME}-IMP</vrf-import><vrf-export>POC-{$TENANT_NAME}-EXP</vrf-export><protocols><bgp><group><name>POC-{$TENANT_NAME}-BGP</name><type>external</type><peer-as>{$AS_NUMBER}</peer-as><neighbor><name>{$SITE_CE_IP}</name>
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creation Mapping: Multi-Vendor
A
B
ServiceCREATIONmapping
UPDATE, DELETE and REDEPLOY
INFERRED
FASTMAP
BRKSPG-2380 41
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
A
FASTMAP FASTMAP
DeviceModels
Top Bottom
Reusability: Stacked Services
BRKSPG-2380 42
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Tail-f NSO Overview
DeviceModes
Device Manager
Service Manager
Tail-f NSO ServiceModels
Networkwide CLI and Web UIRESTCONF, NETCONF, JSON-RPC,…
Network Engineer
ManagementApplications
44BRKSPG-2380
Model driven Auto-Generation
FASTMAP
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Precision & Traceability
A
access-list 101 permit ip any 10.1.1.0 0.0.0.255
FASTMAP
NEDENGINE
Volvo
BRKSPG-2380 45
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Precision & Reverse Traceability
A
access-list 101 permit ip any 10.1.1.0 0.0.0.255
FASTMAP
NEDENGINE
Volvo
BRKSPG-2380 46
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
BSS
Multivendor Layer 2, Layer 3, and Layer 4-7 Network
Tail-f NSO
Transactional Integrity
Network is always in a consistent state.
47BRKSPG-2380
Transactional Guarantees
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48BRKSPG-2380
Decision Makers
CTO
VP Network Operations
VP Marketing Product Owner
Make us future-ready Leverage latest technology
Stay ahead of the curve
Help me cope with growing pains and legacy problems “TODAY”
Time is of the essenceHelp me gain market share
and grow revenue
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Business Impact
• Bring new service offering to market: Weeks• Cross-domain Service Activation: Instantly• Service Configuration Fidelity:
• Surgical Precision• Single Source of Truth (Services and Network
layers)
• Service Assurance & Troubleshooting:• Service-centric Orchestrated Assurance• Service-centric Automated activation-tests and
health-checks
49BRKSPG-2380
$$$Revenue
Profit
TimeScaleAgility
Future-ProofOperationalExcellence
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51BRKSPG-2380
ETSI NFV Reference Architecture
BSS
EMS1 EMS2 EMS3
VNF1 VNF2 VNF3
EMS1 EMS2 EMS3
OSS
VNFManager(s)
VirtualisedInfrastructure Manager(s)
Orchestrator
NFV Management and Orchestration (MANO)
Virtualisation Layer
VirtualComputing
VirtualStorage
VirtualNetwork
NFVI
Computing Hardware
Storage Hardware
Network Hardware
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ETSI: Only Subset of Total Orchestration Problem Addressed
VNFManager
VirtualisedInfrastructure
Manager
Orchestrator
NFVINFRASTRUCTURE
NFV Management and Orchestration (MANO)
VNF3 VNF2 VNF1
VNF1VNF2VNF3
EMSEMSEMS EMSEMSEMSEMS
BSS/OSS
WHAT about Physical??
Once the VMs are up, WHAT about E2E Service activation across:• VNFs• PNFs• EMSs• SDN Controllers??
BRKSPG-2380 52
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
END-TO-END & Migration
VNFManager(s)
VirtualisedInfrastructure Manager(s)
Orchestrator
NFV INFRASTRUCTURE
NFV Management and Orchestration (Mano)
VNF3 VNF2 VNF1
VNF1VNF2VNF3
EMSEMSEMS EMSEMSEMSEMS
BSS/OSS
VNF-M(ESC)
Tail-f NSO Orchestrator VM Life-cycleAND
E2E Service Activation
VirtualAND
Physical
MigrationHybrid enables migration
NFV-OPackage
BRKSPG-2380 53
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Integrated End-To-End Orchestration & Migration
VNF3 VNF2 VNF1
VNF1VNF2VNF3
EMS EMSEMSEMS
BSS/OSS
NFV INFRASTRUCTURE (Compute, Storage, Network)
EMS EMS EMS
Network Domain Controllers
DCWAN CPE
Tail-f NSO Orchestrator
VNFManager(s)
VirtualisedInfrastructure Manager(s)
CSR
ASAv
DCVTS, ODL, APIC
WANWAE
CPEMeraki
VM Life-cycleAND
Service Activation
VirtualAND
Physical
ESC, QTCM, CloudBand CPaaS
& Others
OpenStack, vCAC, UCSD & Others
BRKSPG-2380 54
NFV-O
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ALU
Cisco
Cisco
Juniper
L2VPN
Huawei
NSO
BRKSPG-2380 56
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Service Lifecycle APIs
InternetGW
APIC SDN Controller
Customer Site
Programmable Platform
Self-Service Portal
ACI Fabric
SP Core Network
ASR-9kASR-9k
MPLSL3VPN
NSO
Cross-DomainOrchestration
DC + WAN
CustomerWorkloads
VM
Customer Workloads
VM
BRKSPG-2380 58
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Manual To PCxF Policy Coordination
BRKSPG-2380 59
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Scale
• Thousands of business customers
• Dozens of regional points of purchase (POPs)
• Several data centres
• Tens of thousands of data centre tenants
Use case
• Provisioning of Layer 4-7 security services to VPN customers
Business case
• Incremental revenue from new business
Traffic Shaper
IPS and IDS
Content Filtering
WAN Acceleration Firewall
A
B
A
B
Security as a Service
BRKSPG-2380 60
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
New Breed of Cross-Domain Multi-Vendor Hybrid Services
61
Physical serverVirtual server
・Mail/Web・Airwatch GW・RADIUS
・Virus Check・Spam Prevention・Mail Archive
・Web Filtering・HTTP Virus Check・Proxy
ServerMail SecurityWeb SecurityNetwork
Physical Appliance
InternetInternetAccess
RemoteAccess
・SSL VPN・UTM・Load balancer
Datacentre
VPN
Gateway services between VPN and Internet
BRKSPG-2380 61
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Volvo
PE1PE3
DCI-PE
AS 100
AS 200
ESC
NSO
APICLI
WEB
openstack
FordVolvo
Volvo
Honda
PE2
INTERNET
Hybrid: VPN & NFV
BRKSPG-2380 62
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Next Steps1. World Of Solutions: Meet the Expert [10:30am – 12:30pm]
2. Cisco dCould: Self-paced NSO demo labs
3. Cisco DevNet & NSO-HUB: Package/Content Library
4. “NSO Innovation Day”: 2 days with hands on lab. Build a service package.
5. NSO Evaluation Copy with Example use-cases: VPNs, Datacentre, NFV, etc.
6. Proof of Concept :Your environment, Your use-case, 1-2 weeks turnaround.
7. Instructor Led: Basic, Advanced and Operations Training
65BRKSPG-2380
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark Ask Questions, Get Answers, Continue the Experience
Use Cisco Spark to communicate with the Speaker and fellow participants after the session
Download the Cisco Spark app from iTunes or Google Play
1. Go to the Cisco Live Melbourne 2017 Mobile app 2. Find this session3. Click the Spark button under Speakers in the session description 4. Enter the room, room name = BRKSPG-23805. Join the conversation!
The Spark Room will be open for 2 weeks after Cisco Live
67
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online Session Evaluation
68BRKSPG-2380
Learn online with Cisco Live! Visit us online after the conference for full access to session videos and presentations. www.CiscoLiveAPAC.com
Give us your feedback and receive a Cisco Live 2017 Cap by completing the overall event evaluation and 5 session evaluations.
All evaluations can be completed via the Cisco Live Mobile App.
Caps can be collected Friday 10 March at Registration.