Goodbye Manual Configurationclnv.s3.amazonaws.com/2017/anz/pdf/BRKSPG-2380.pdf · ZTE xPON OLT...

Goodbye Manual Configuration:Service Centric SDN, NFV and OrchestrationBilal Alam

Software Solutions Architect - Management and Network OrchestrationBRKSPG-2380

Network Services Orchestration:1. Current State vs Desired State

Hardcoded, Template & Swivel Chair Approach

2. Model Driven Architecture:Not all models are created equal

3. Future Proof Platform:Network Abstraction & Decoupled Services

4. Service Centricity:Benefits & Business Impact

5. Use-cases & Demo:Physical+NFV, Multi-Vendor, Cross-domain Orchestration

Agenda

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4BRKSPG-2380

Current State - Pain Points

• Complex & Expensive

• Slow & Error Prone

• Manual & Swivel Chair

• Network Layer the Bottleneck

Metro and Access WAN Data Centre

EMSEMS EMS

NMSNMS

CLICLICLI

CLICLI

CLI

Provisioning A

Provisioning B

Activation C

Provisioning D

Activation E

Customer Orders

INTE

GR

ATI

ON

TAX

AD

APT

ERTA

X

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Hardcoded Services

• Vertically Stacked

• Tight coupling

• Slow cross-domain activation

• Out-of-house service builds

• High cost of “change request”


EMSEMS EMS

NMSNMS

CLICLICLI

CLICLI

CLI

Provisioning A

Provisioning B

Activation C

Provisioning D

Activation E

Customer Orders

INTE

GR

ATI

ON

TAX

AD

APT

ERTA

X

BRKSPG-2380 5


Going ForwardExecution at the speed

of software

§ Service Innovation§ Agility & DevOps§ NFV & SDN

Rapidly changing business models

§ Cloud, Virtualisation, Programmable Networks

§ New ecosystems andvalue chains

Changing customer behaviour

§ INSTANT Activation§ Self-Service Portal

All of this requires flexible automation..

BRKSPG-2380 6


Business Impact

• Bring new service offering to market: 300+ days

• Cross-domain Service Activation: 2 - 4 weeks

• Service Configuration Fidelity: NO single source of truth

• Service Assurance & Troubleshooting: Manual/Operator driven

BRKSPG-2380 7

The Solution…


Solution[s]: Depends on who you ask!!!

• Device Programmability: SNMP, WSMA, OnePK, NETCONF/YANG, …

• Domain Centric SDN Controller: Control-Plane/Data-Plane Separation

• Domain Centric Overlay Networks: VXLAN

• Virtualisation: NFV on Commodity Hardware

“The need for a comprehensiveEnd-to-End Approach”

BRKSPG-2380 9


a

Service Orchestration Solution

Network

DevicePlatformLegacy &NC/YANG

SDNControllers

EMSNMS

OverlaysVirtual &Physical

NFVVNFs

VNF-MsVIMs

Ability to LeverageAny Device, Any Vendor, Any Technology

Present and Future

BRKSPG-2380 10



Quality

InnovationAgility

OperationalExcellence

Single source of truthPrecision and Traceability

Future proofLeverage ANY technology Rapidly build cross-domain services on multi-vendor hybrid networks.Standards based

Instant activationTransactional guarantees

Automatic rollback on failure

BRKSPG-2380 11



• Service Innovation

• Service Time to Market

• Service Order to Activation

• Service Data Quality

It should ALWAYS be about the SERVICES


L2VPN L3VPN NFV SECURITY BOD BCAL

Services Layer

Network Layer

BRKSPG-2380 12

Constructing the idealService Orchestration Platform


STEP1: Network Abstraction – Future proofed

• Precise data-model for the entire network. YANG based device-models.

• Automatic CRUDs on network elements via NEDs - normalised south-bound interfacing

• Generic way of consuming the network irrespective of technology vendor, platform, device.


Tail-f NSO: Service Centric Platform

Network Abstraction – YANG Data Models

Domain Controller

EMS

VNF-MNMS

SDNc

Network becomes YANG

BRKSPG-2380 14


A

B

FASTMAP

Device-Models

• Precise YANG definition for device’s configuration/operational space

• Can be rendered into other formats:• XSD/XML• JSON• NATIVE – Device’s SB protocol

BRKSPG-2380 15


Fragile Adapter Network Element Driver (NED)Cisco IOS Device Model...

// interface GigabitEthernet *list GigabitEthernet {tailf:info "GigabitEthernet IEEE 802.3z";tailf:cli-allow-join-with-key {tailf:cli-display-joined;

}tailf:cli-mode-name "config-if";tailf:cli-suppress-key-abbreviation;key name;leaf name {type string {pattern "[0-9]+.*";

}}uses interface-common-pre-grouping;uses interface-ethernet-pre-grouping;uses interface-switch-grouping;uses interface-ethernet-grouping;uses interface-common-grouping;uses interface-zone-member-grouping;

}

Cisco IOSNED Engine

South Bound Protocol: CLI

YANG Model

BRKSPG-2380 16

Declarative


NEDs (1/6)Vendor Device/Platform

A10 Networks AX SeriesThunder Series

Adtran Total Access 900 SeriesTotal Access 5000 Series

Adva Carrier Ethernet FSP 150CC Series

Affirmed Networks Acuitas Service Management System

Alcatel-Lucent 7210 Service Access Switch 7450 Ethernet Service Switch 7705 Service Aggregation Router 7750 Service Router 7950 Extensible Routing System

Arista 7048 Series7050 Series7150 SeriesvEOS

Brocade NetIron CES 2000 SeriesNetIron MLXe Series NetIron XMR SeriesServerIron ADX Series

Vendor Device/Platform

Ciena 3000 Family 5000 Family ESM

Cisco Application Policy Infrastructure Controller Data Centre (APIC-DC)

ASAASA 1000V Cloud Firewall ASA 5500-X Series Next-Generation FirewallsAdaptive Security Virtual Appliance

IOS800 Series Routers1800 Series Integrated Services Routers1900 Series Integrated Services Routers2500 Series Routers2600 Series Multiservice Platforms2800 Series Integrated Services Routers2900 Series Integrated Services Routers3800 Series Integrated Services Routers

BRKSPG-2380 17



Cisco Catalyst 6900 Series Ethernet Interface Module Cloud Services Router 1000V SeriesME 3400 Series Ethernet Access SwitchesME 3600X Series Ethernet Access SwitchesME 3800X Series Carrier Ethernet Switch RoutersME 4900 Series Ethernet SwitchesuBR10000 Series Universal Broadband Routers

ASR 900 Series Aggregation Services RoutersASR 1000 Series Aggregation Services RouterscBR Series Converged Broadband RoutersCloud Services Router 1000V SeriesRF Gateway Series

IOS XR12000 Series RoutersASR 9000 SeriesCarrier Routing SystemIOS XRv Router


Cisco IOS/IOSXE3900 Series Integrated Services Routers7200 Series Routers7600 Series Routers

Catalyst 2900 Series SwitchesCatalyst 2960 Series SwitchesCatalyst 2960-X Series SwitchesCatalyst 3550 Series Intelligent Ethernet SwitchesCatalyst 3750 Metro Series SwitchesCatalyst 3850 Series SwitchesCatalyst 4500 Series SwitchesCatalyst 4500E Series

• Supervisor Engine 7-E• Supervisor Engine 8-E

Catalyst 4500-X Series Aggregation SwitchCatalyst 4900 Series SwitchesCatalyst 6500 Series

• 10 Gigabit Ethernet Modules• Mixed Media Gigabit Ethernet Modules• Supervisor Engine 2T• Switches

Catalyst 6500-E Series Chassis

BRKSPG-2380 18



F5 Networks BIG-IP 1600 BIG-IP 3600 BIG-IP 3900 BIG-IP 6400 BIG-IP 8900 BIG-IP Virtual Edition Viprion Chassis

Fortinet FortiGate 200 SeriesFortiGate 500-300 SeriesFortiGate 800-600 SeriesFortiGate 1000 SeriesFortiGate 3000 SeriesFortiGate Virtual Appliances


Cisco NX OSNexus 1000v Series SwitchesNexus 3000 Series SwitchesNexus 5000 Series SwitchesNexus 6000 Series SwitchesNexus 7000 Series SwitchesNexus 9000 Series SwitchesNexus 9300 Platform Switches

Policy Suite (CPS/QPS)

StarOSASR 5000 SeriesQuantum Virtualised Packet Core (QvPC-SI/-DI)

Web Security Appliance (WSA)

Citrix Netscaler 1000v

BRKSPG-2380 19



Huawei ATN SeriesNetEngine40E Series Universal Service RouterNetEngine5000E Cluster RouterQuidway S3300 Series Switches

Juniper EX Series Ethernet Switches Firefly Perimeter (Virtual SRX) M Series Multiservice Edge Routers MX Series 3D Universal Edge Routers QFX Series SRX Series Services Gateways


Overture 14002200500051006000

Palo Alto Networks

PA-2000 Series PA-3000 SeriesPA-5000 SeriesVirtualised Firewalls

ProceraNetworks

PacketLogic 9000 Platform

Quagga Quagga Routing Software Suite (BGP module)

BRKSPG-2380 20



F5 Networks BIG-IQ

H3C S5800 series

Infinera DTN-X Multi-Terabit Packet Optical NetworkPlatform

Juniper Contrail Controller

MRV Communications

Master-OSOptiSwitch 9000 series

NEC iPASOLINK family

Netfilter Iptables (Linux)

Nominum DCS

OneAccess OneOS for RoutersOne540

Open vSwitch OVSDB (shell)


OpenDaylight ControllerLithium

Openstack Cloud Operating SystemIdentity (Keystone)Networking Service (Neutron)Image Service (Glace)Compute (Nova)

Pulsecom SuperG

Riverbed Steelhead Series

Silver Peak VXOA Virtual Appliance

Sonus SBC 5000 Series

Telco Systems BiNOXT-Marc Family

VMware vSphere

ZenOSS Service Dynamics

ZTE xPON OLT

BRKSPG-2380 21



AccedianNetworks

High Performance Service Assurance MetroNID

Alcatel-Lucent 5620 Service Aware Manager

Allied Telesis x210 Series

Amazon Amazon Web Services

Avaya ERS 4000 Series

SR 8000 Series

VSP 9000 Series

Brocade Vyatta 5400 vRouter (Vyatta VSE)

CableLabs Converged Cable Access Platform


Cisco ME-1200

ME-4600

Meraki

NCS2k (CTC)

Prime Network Registrar (PNR)

UCS Manager

Clavister cOS CoreEagle Series

Coriant 8600 Smart Router Series

Datacom DM2100-EDD FamilyDM4000 Family

Dell Force10 Networking S-Series

Ericsson EFN324 SeriesSE family

BRKSPG-2380 22


Device-ModelsCisco IOS Device Model...

// interface GigabitEthernet *list GigabitEthernet {tailf:info "GigabitEthernet IEEE 802.3z";tailf:cli-allow-join-with-key {tailf:cli-display-joined;

}tailf:cli-mode-name "config-if";tailf:cli-suppress-key-abbreviation;key name;leaf name {type string {pattern "[0-9]+.*";

}}uses interface-common-pre-grouping;uses interface-ethernet-pre-grouping;uses interface-switch-grouping;uses interface-ethernet-grouping;uses interface-common-grouping;uses interface-zone-member-grouping;

}

Huawei VRP Device Model...// interface GigabitEthernet *list GigabitEthernet {

tailf:info "GigabitEthernet interface";tailf:cli-full-command;key name;

leaf name {}

// interface GigabitEthernet * / descriptionuses interface-description;

// interface GigabitEthernet * / vlan-typeuses interface-vlan-type;

// interface GigabitEthernet * / speedleaf speed {}

// interface GigabitEthernet * / duplexleaf duplex {}

// interface GigabitEthernet * / mtuuses interface-mtu;

// interface GigabitEthernet * / ipcontainer ip {}

Juniper Junos Device Model...grouping top-configuration {

leaf version {type string;description "Software version information";

}container system {description "System parameters";uses juniper-system;

}list logical-systems {key "name";description "Logical systems";uses juniper-logical-system;

}container chassis {description "Chassis configuration";uses chassis-type;

}container interfaces {description "Interface configuration";uses apply-group;uses apply-macro;list pic-set {key "name";ordered-by user;

ALU-SR Device Model...list port {

tailf:info "Configure physical ports";key port-id;leaf port-id {}leaf description {}container access {}container egress {}container ingress {}

}container ethernet {leaf mode {}container access {}container autonegotiate {}

leaf dot1q-etype {}leaf duplex {}container efm-oam {}

BRKSPG-2380 23


STEP2: Network is a YANGRelocating to the Services Layer


Tail-f NSO: Service Centric Platform

Network Abstraction – YANG Data Models

Domain Controller

EMS

VNF-MNMS

SDNc

Move up the stack

BRKSPG-2380 24


STEP3: Build Decoupled Services

• Services defined in YANG. No Hardcoded Services.

• Services are Customer’s Intellectual Property

• Loosely coupled, precise “Mapping” from Service Yang à Device[s] Yang


Tail-f NSO: Services Orchestration Platform

Customer Orders

L2VPN L3VPN NFV SECURITY

Network Abstraction - YANG Data Models

Domain Controller

EMS

VNF-MNMS

SDNc

BOD Service X

BRKSPG-2380 25

Building Quality Services FAST


L3VPN - CRUDCisco IOS-XRvrf POC-holden-VRFaddress-family ipv4 unicastimport route-target4747:65123exitexport route-target4747:65123exitexit

exitinterface GigabitEthernet 0/0/0/1.123description holden: Link to main-officeipv4 address 30.10.10.1 255.255.255.0vrf POC-holden-VRFencapsulation dot1q 123

exitrouter bgp 4747vrf POC-holden-VRFrd 4747:65123address-family ipv4 unicastredistribute connectedredistribute staticexitneighbor 30.10.10.2remote-as 65123address-family ipv4 unicastas-overridesend-community-ebgp

Huawei VRP...// interface GigabitEthernet *list GigabitEthernet {


leaf name {}







ALU-SR...list port {




Juniper Junosinterfaces {

interface xe-0/0/2 {vlan-tagging;unit 431 {

description "holden: Link to branch1";vlan-id 431;family {

inet {address 30.15.15.1/24;

...routing-instances {

instance POC-holden-RI {instance-type vrf;interface xe-0/0/2.431;route-distinguisher {

rd-type 4747:65123;}vrf-import [ POC-holden-IMP ];vrf-export [ POC-holden-EXP ];protocols {

bgp {group POC-holden-BGP {

type external;peer-as 65123;local-as {

as-number 4747;}neighbor 30.15.15.2;

}...


L3VPN - CRUDCisco IOS-XRinterface GigabitEthernet 0/0/0/2.222description holden: Link to branch2ipv4 address 40.10.10.1 255.255.255.0vrf POC-holden-VRFencapsulation dot1q 222exitrouter bgp 4747vrf POC-holden-VRFneighbor 40.10.10.2remote-as 65123address-family ipv4 unicastas-overridesend-community-ebgpexitexitexitexit}



leaf name {}












interface xe-0/0/4 {vlan-tagging;unit 333 {

description "holden: Link to branch3";vlan-id 333;family {

inet {address 50.20.20.1/24;

}}

}}

}routing-instances {

instance POC-holden-RI {interface xe-0/0/4.333 {}protocols {


# after neighbor 30.15.15.2neighbor 50.20.20.2;

}}

}}

}


L3VPN - CRUDCisco IOS-XRvrf POC-holden-VRFaddress-family ipv4 unicastimport route-targetno 4747:651234747:65222exitexport route-targetno 4747:651234747:65222exitexitexitrouter bgp 4747vrf POC-holden-VRFrd 4747:65222neighbor 30.10.10.2remote-as 65222exitneighbor 40.10.10.2remote-as 65222exitexitexit



leaf name {}











Juniper Junospolicy-options {

community {- members [ target:4747:65123 ];+ members [ target:4747:65222 ];- members [ target:4747:65123 ];+ members [ target:4747:65222 ];

}}routing-instances {

instance POC-holden-RI {route-distinguisher {

- rd-type 4747:65123;+ rd-type 4747:65222;

}protocols {


- peer-as 65123;+ peer-as 65222;

}}

}}

}


L3VPN - CRUDinterface GigabitEthernet 0/0/0/1.123no vrf POC-holden-VRF

exitinterface GigabitEthernet 0/0/0/2.222no vrf POC-holden-VRF

exitno vrf POC-holden-VRFno router bgp 4747no interface GigabitEthernet 0/0/0/1.123no interface GigabitEthernet 0/0/0/2.222



leaf name {}












interface xe-0/0/2 {- unit 431 {- description "holden: Link to branch1";- vlan-id 431;- family {- inet {- address 30.15.15.1/24;...- interface xe-0/0/4 {- unit 333 {- description "holden: Link to branch3";...routing-instances {- instance POC-holden-RI {- instance-type vrf;- interface xe-0/0/2.431;- interface xe-0/0/4.333;- route-distinguisher {- rd-type 4747:65222;- }- vrf-import [ POC-holden-IMP ];- vrf-export [ POC-holden-EXP ];- protocols {- bgp {- group POC-holden-BGP {- type external;- peer-as 65222;- neighbor 30.15.15.2;- neighbor 50.20.20.2;


NFV Service CRUD


Slow - Traditional Workflow

ServiceANY Infra-structure Change

ANY Service Change

How many workflows do you need?Complexity growths exponentially

BRKSPG-2380 32


Tail-f NSO Overview

DeviceModelsNetwork Element Drivers

Device Manager

Service Manager

Tail-f NSO ServiceModels

Networkwide CLI and Web UIREST, NETCONF, JSON-RPC, Java…

Network Engineer

ManagementApplications

NETCONF, CLI, SNMP, REST, etc.

• EMS• Applications• Controllers

33BRKSPG-2380

Service Orchestration Platform - Open & Modular

UtilityModels

Runtime Package Directory

“ANY” Device Programmability

Network-wide Programmability


The YANG Dream TeamService Designer1. Strong in “Abstraction” based thinking.2. Object Oriented approach to decompose big problems into smaller parts.3. Familiarity with data-structures and programming logic

Network-Architect/Network-Operator1. Very strong in Networking2. Translate service outcomes into required Network-Functions and configs.3. Operations: Ability to formulate ways in which service “outcome” is consumed

34BRKSPG-2380


Service Model example:

A

BRKSPG-2380 35


Creation Mapping

A

ServiceCREATIONmapping

UPDATE, DELETE and REDEPLOY

INFERRED

FASTMAP

BRKSPG-2380 36


Creation Mapping

A



INFERRED

FASTMAP

BRKSPG-2380 37


‘MODIFYSERVICE’FLOW‘MODIFYSERVICE’FLOW‘MODIFYSERVICE’FLOW

Activation: NSO vs Traditional

‘CREATESERVICE’FLOW

‘MODIFYSERVICE’FLOW

‘DELETESERVICE’FLOW

‘RE-DEPLOYSERVICE’FLOW

MODIFY“ALL” FLOWS

WORKFLOW-DRIVEN(Traditional)

Minimalrequired

“workflows”

AtInsertion ofnewDevice,Platform,Technology

‘CREATESERVICE’MODEL

‘MODIFYSERVICE’MODEL

‘DELETESERVICE’MODEL

‘RE-DEPLOYSERVICE’MODEL

ADD/UPDATE1NED(minimises impact toservices layer)

MODEL-DRIVEN(NSO)

Minimalrequired“models”

AtInsertion ofnewDevice,Platform,Technology

BRKSPG-2380 38


Examples: Service Modelslist l3vpn {leaf name {}

leaf as-number {}

list site {leaf name {}

leaf device {}

leaf link {}

leaf vlan-id {}

leaf ip-address {}

}}

list nfvService {leaf name {}

leaf as-number {}

list site {}

leaf nfvDcNode {}

container virtualOffice {}

container internet {}

container security {}

container ips {}

container remoteAccess {}}


Creation Mappinglist l3vpn {leaf name {}

leaf as-number {}

list site {leaf name {}

leaf device {}

leaf link {}

leaf vlan-id {}

leaf ip-address {}

}}

<devices xmlns="http://tail-f.com/ns/ncs"><device><name>{$SITE_DEVICE}</name><config tags="merge"><configuration xmlns="http://xml.juniper.net/xnm/1.1/xnm" tags="merge"><interfaces><interface><name>{$SITE_LINK}</name><unit><name>{$SITE_VLAN}</name><description>{$TENANT_NAME}: Link to {$SITE_NAME}</description><vlan-tags/><vlan-id>{$SITE_VLAN}</vlan-id><family><inet><address><name>{$SITE_PE_PREFIX}</name>

...</interfaces><routing-instances><instance><name>POC-{$TENANT_NAME}-RI</name><instance-type>vrf</instance-type><interface><name>{$SITE_LINK}.{$SITE_VLAN}</name>

</interface><route-distinguisher><rd-type>4747:{$AS_NUMBER}</rd-type>

</route-distinguisher><vrf-import>POC-{$TENANT_NAME}-IMP</vrf-import><vrf-export>POC-{$TENANT_NAME}-EXP</vrf-export><protocols><bgp><group><name>POC-{$TENANT_NAME}-BGP</name><type>external</type><peer-as>{$AS_NUMBER}</peer-as><neighbor><name>{$SITE_CE_IP}</name>


Creation Mapping: Multi-Vendor

A

B



INFERRED

FASTMAP

BRKSPG-2380 41


A

FASTMAP FASTMAP

DeviceModels

Top Bottom

Reusability: Stacked Services

BRKSPG-2380 42

Service Orchestration ArchitectureBenefits & Impact


Tail-f NSO Overview

DeviceModes

Device Manager

Service Manager

Tail-f NSO ServiceModels

Networkwide CLI and Web UIRESTCONF, NETCONF, JSON-RPC,…

Network Engineer

ManagementApplications

44BRKSPG-2380

Model driven Auto-Generation

FASTMAP


Precision & Traceability

A

access-list 101 permit ip any 10.1.1.0 0.0.0.255

FASTMAP

NEDENGINE

Volvo

BRKSPG-2380 45


Precision & Reverse Traceability

A

access-list 101 permit ip any 10.1.1.0 0.0.0.255

FASTMAP

NEDENGINE

Volvo

BRKSPG-2380 46


BSS

Multivendor Layer 2, Layer 3, and Layer 4-7 Network

Tail-f NSO

Transactional Integrity

Network is always in a consistent state.

47BRKSPG-2380

Transactional Guarantees


Decision Makers

CTO

VP Network Operations

VP Marketing Product Owner

Make us future-ready Leverage latest technology

Stay ahead of the curve

Help me cope with growing pains and legacy problems “TODAY”

Time is of the essenceHelp me gain market share

and grow revenue


Business Impact

• Bring new service offering to market: Weeks• Cross-domain Service Activation: Instantly• Service Configuration Fidelity:

• Surgical Precision• Single Source of Truth (Services and Network

layers)

• Service Assurance & Troubleshooting:• Service-centric Orchestrated Assurance• Service-centric Automated activation-tests and

health-checks

49BRKSPG-2380

$$$Revenue

Profit

TimeScaleAgility

Future-ProofOperationalExcellence

What about:ETSI NFV Reference Architecture


ETSI NFV Reference Architecture

BSS

EMS1 EMS2 EMS3

VNF1 VNF2 VNF3

EMS1 EMS2 EMS3

OSS

VNFManager(s)

VirtualisedInfrastructure Manager(s)

Orchestrator

NFV Management and Orchestration (MANO)

Virtualisation Layer

VirtualComputing

VirtualStorage

VirtualNetwork

NFVI

Computing Hardware

Storage Hardware

Network Hardware


ETSI: Only Subset of Total Orchestration Problem Addressed

VNFManager

VirtualisedInfrastructure

Manager

Orchestrator

NFVINFRASTRUCTURE

NFV Management and Orchestration (MANO)

VNF3 VNF2 VNF1

VNF1VNF2VNF3

EMSEMSEMS EMSEMSEMSEMS

BSS/OSS

WHAT about Physical??

Once the VMs are up, WHAT about E2E Service activation across:• VNFs• PNFs• EMSs• SDN Controllers??

BRKSPG-2380 52


END-TO-END & Migration

VNFManager(s)


Orchestrator

NFV INFRASTRUCTURE

NFV Management and Orchestration (Mano)

VNF3 VNF2 VNF1

VNF1VNF2VNF3

EMSEMSEMS EMSEMSEMSEMS

BSS/OSS

VNF-M(ESC)

Tail-f NSO Orchestrator VM Life-cycleAND

E2E Service Activation

VirtualAND

Physical

MigrationHybrid enables migration

NFV-OPackage

BRKSPG-2380 53


Integrated End-To-End Orchestration & Migration

VNF3 VNF2 VNF1

VNF1VNF2VNF3

EMS EMSEMSEMS

BSS/OSS

NFV INFRASTRUCTURE (Compute, Storage, Network)

EMS EMS EMS

Network Domain Controllers

DCWAN CPE

Tail-f NSO Orchestrator

VNFManager(s)


CSR

ASAv

DCVTS, ODL, APIC

WANWAE

CPEMeraki

VM Life-cycleAND

Service Activation

VirtualAND

Physical

ESC, QTCM, CloudBand CPaaS

& Others

OpenStack, vCAC, UCSD & Others

BRKSPG-2380 54

NFV-O

No HardcodingBuild your ownBuild as many


ALU

Cisco

Cisco

Juniper

L2VPN

Huawei

NSO

BRKSPG-2380 56


L3VPN

NSO

BRKSPG-2380 57


Service Lifecycle APIs

InternetGW

APIC SDN Controller

Customer Site

Programmable Platform

Self-Service Portal

ACI Fabric

SP Core Network

ASR-9kASR-9k

MPLSL3VPN

NSO

Cross-DomainOrchestration

DC + WAN

CustomerWorkloads

VM

Customer Workloads

VM

BRKSPG-2380 58


Manual To PCxF Policy Coordination

BRKSPG-2380 59


Scale

• Thousands of business customers

• Dozens of regional points of purchase (POPs)

• Several data centres

• Tens of thousands of data centre tenants

Use case

• Provisioning of Layer 4-7 security services to VPN customers

Business case

• Incremental revenue from new business

Traffic Shaper

IPS and IDS

Content Filtering

WAN Acceleration Firewall

A

B

A

B

Security as a Service

BRKSPG-2380 60


New Breed of Cross-Domain Multi-Vendor Hybrid Services

61

Physical serverVirtual server

・Mail/Web・Airwatch GW・RADIUS

・Virus Check・Spam Prevention・Mail Archive

・Web Filtering・HTTP Virus Check・Proxy

ServerMail SecurityWeb SecurityNetwork

Physical Appliance

InternetInternetAccess

RemoteAccess

・SSL VPN・UTM・Load balancer

Datacentre

VPN

Gateway services between VPN and Internet

BRKSPG-2380 61


Volvo

PE1PE3

DCI-PE

AS 100

AS 200

ESC

NSO

APICLI

WEB

openstack

FordVolvo

Volvo

Honda

PE2

INTERNET

Hybrid: VPN & NFV

BRKSPG-2380 62

Where to Now?


Next Steps1. World Of Solutions: Meet the Expert [10:30am – 12:30pm]

2. Cisco dCould: Self-paced NSO demo labs

3. Cisco DevNet & NSO-HUB: Package/Content Library

4. “NSO Innovation Day”: 2 days with hands on lab. Build a service package.

5. NSO Evaluation Copy with Example use-cases: VPNs, Datacentre, NFV, etc.

6. Proof of Concept :Your environment, Your use-case, 1-2 weeks turnaround.

7. Instructor Led: Basic, Advanced and Operations Training

65BRKSPG-2380


Cisco Spark Ask Questions, Get Answers, Continue the Experience

Use Cisco Spark to communicate with the Speaker and fellow participants after the session

Download the Cisco Spark app from iTunes or Google Play

1. Go to the Cisco Live Melbourne 2017 Mobile app 2. Find this session3. Click the Spark button under Speakers in the session description 4. Enter the room, room name = BRKSPG-23805. Join the conversation!

The Spark Room will be open for 2 weeks after Cisco Live

67


Complete Your Online Session Evaluation

68BRKSPG-2380

Learn online with Cisco Live! Visit us online after the conference for full access to session videos and presentations. www.CiscoLiveAPAC.com

Give us your feedback and receive a Cisco Live 2017 Cap by completing the overall event evaluation and 5 session evaluations.

All evaluations can be completed via the Cisco Live Mobile App.

Caps can be collected Friday 10 March at Registration.

Thank you

Goodbye Manual Configurationclnv.s3.amazonaws.com/2017/anz/pdf/BRKSPG-2380.pdf · ZTE xPON OLT...

Documents

Transcript of Goodbye Manual Configurationclnv.s3.amazonaws.com/2017/anz/pdf/BRKSPG-2380.pdf · ZTE xPON OLT...