sp use cases for nfv and vcpe - enabling service agility via csr1000v leonardo solano system...
TRANSCRIPT
SP Use Cases for NFV and vCPE - Enabling Service Agility via CSR1000V
Leonardo Solano
System Engineer
CCIE#39248
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public 3
Abstract
• Today, CPE provides a number of network functions such as firewall, access control, nat, policy management and VPN. CSR1000V can help service providers cut down the cost of CPE deployments and reduce their maintenance overhead by implementing selected network functions in software that can run on variety of industry standard servers. CSR1000V also offers NFV functionality leveraging Cisco's IOS-XE already proven, and time-tested deployment of this network OS in the field. The session will go over the fundamentals of virtual IOS-XE and its use cases for NFV and vCPE. The session will focus on virtual layer 3 to 7 features such as virtual Broadband Remote Access Server (vBRAS), virtual Route Reflector (vRR), virtual Carrier Grade NAT (vCGN).
© 2015 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public
Agenda
• Introduction
• CSR 1000v System Architecture
• vCPE Network Architectures and the vMS Solution
• Virtualizing BRAS, LAC, LNS or Route Reflectors
• Conclusion
4
Introduction
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Network Functions Virtualization (NFV)Announced at SDN World Congress, Oct 2012
• AT&T• BT• CenturyLink• China Mobile• Colt• Deutsche Telekom• KDDI• NTT• Orange• Telecom Italia• Telstra• Verizon• Others TBA…
6
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
What is NfV? A Definition
…NFV decouples the network functions such as NAT, Firewall, DPI, IPS/IDS, WAAS, SBC, RR etc. from proprietary hardware appliances, so they can run in software. …..It utilizes standard IT virtualization technologies that run on high-volume service, switch and storage hardware to virtualize network functions..…..It involves the implementation of network functions in software that can run on a range of industry standard server hardware, and that can be moved to, or instantiated in, various locations in the network as required, without the need for installation of new equipment.
Sources:https://www.sdncentral.com/which-is-better-sdn-or-nfv/http://portal.etsi.org/nfv/nfv_white_paper.pdf
ServiceOrchestration
NFVSDN X86
compute
7
CSR 1000v System Architecture
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Cisco CSR 1000V – Virtual IOS XE Networking
Programmability
• RESTful APIs for Automated Management
Perpetual, Term, Usage-based Licenses
• Elastic Capacity (Throughput)
Single-tenant WAN Gateway
• Small Footprint, Low Performance
IOS XE Cloud Edition
• IOS XE features for Cloud and NfV Use Cases
Infrastructure Agnostic
• Server, Switch, Hypervisor
Rich Network Services
• Routing, VPN, App Visibility & Control, DC Interconnect, and more
Server
Hypervisor
Virtual Switch
VPC/ vDC
OS
App
OS
App
CSR 1000V
Rapid Deployment and Flexibility
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Architecture (CSR 1000v) - virtualized IOS XE Virtualized IOS XE
Generalized to work on any x86 system
Hardware specifics abstracted through a virtualization layer
Control Plane and Data Plane mapped to vCPUs
Bootflash: NVRAM: are mapped into memory from hard disk
No dedicated crypto engine – we leverage the Intel AES-NI instruction set to provide hardware crypto assist.
Boot loader functions implemented by GRUB
Packet path within CSR 1000v1. Ethernet driver (ingress)
2. Rx thread
3. PPE Thread (packet processing)
4. HQF Thread (egress queueing)
5. Ethernet driver (egress)
Control PlaneForwarding Plane
vNICvCPU vMemory vDisk
Physical Hardware
CPU Memory Disk NIC
Hypervisor (VMware / Citrix / KVM)
Chassis Mgr.
Forwarding Mgr.
IOS
Chassis Mgr.
Forwarding Mgr.
FFP Client / Driver
FFP code
Linux Container
10
DataCtrl
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Technology Package IOS-XE Features
IPBase
Basic Networking: BGP, OSPF, EIGRP, RIP, ISIS, IPv6, GRE, VRF-LITE, NTP, QoS High Availbility: HSRP, VRRP, GLBP Addressing: 802.1Q VLAN, EVC, NAT, DHCP, DNS Basic Security: ACL, AAA, RADIUS, TACACS+ Management: IOS-XE CLI, SSH, Flexible NetFlow, SNMP, EEM, NETCONF
SECIPBase Plus… Multicast: IGMP, PIM Advanced Security: Zone Based Firewall, IPSec VPN, EZVPN, DMVPN, FlexVPN
AppX
IPBase Plus… Advanced Networking: L2TPv3, BFD, MPLS, VRF, VXLAN Application Experience: WCCPv2, AppXNAV, NBAR2, AVC, IP SLA Hybrid Cloud Connectivity: LISP, OTV, VPLS, EoMPLS
AX ALL FEATURES
CSR 1000v Feature Support and Technology PackagesREFERENCE
11
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
CSR 1000V Performance-to-Footprint in IOS-XE 3.14
• For each throughput/technology-package combination, the minimum required vCPU and RAM is listed• Performance results based on 1500 Byte packets and VMWare ESXi
Throughput IP Base SEC AppX AX
10 Mbps 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB
50 Mbps 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB
100 Mbps 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB
250 Mbps 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB
500 Mbps 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB
1 Gbps 1vCPU/4GB 1vCPU/4GB 1vCPU/4GB 2vCPU/4GB
2.5 Gbps 1vCPU/4GB 1vCPU/4GB 4vCPU/4GB 4vCPU/4GB
5 Gbps 1vCPU/4GB 2vCPU/4GB 8vCPU/4GB NA
10 Gbps 2vCPU/4GB NA NA NA
12
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
License Management Overview
• With IOS XE 3.13, CSR 1000v package names are now: IPBase, Security, AppX and AX– ‘license boot level’ command adjusted accordingly– Old CLI commands are hidden but still accepted (‘[premium | advanced | standard]’)
• Smart Licensing
• Evaluation licenses can be generated for 60 days using the demo portal (www.cisco.com/go/license)– Require UDI– Two licenses: 50Mbps for AX, 500Mbps for IPBase– After evaluation period expires, throughput will be throttled to 100Kbps
• See http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/configuration/csr1000Vswcfg/licensing.html for license management details
IPBASE
Security AppX
AX
BB CGN4GMEM
1 Year3 YearPerpetual
Perpetual Only
13
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Virtualization and Hypervisor Interactions
UCS
Blade
Blade
Phy i/f Phy i/f
CPUCore Core
Hypervisor
VM CSR
vCPU
CPUCore Core
vCPUvCPUvCPU
Scheduler
Vswitchport port
Memory
vMem Tables
VNIC
VM CSR
VNIC
vMem Tables
14
• Hypervisor abstracts and shares physical hardware resources from / among multiple VMs
• Scheduling of vCPUs onto physical cores can create non-deterministic behavior
• Scheduling of vNICs onto physical ports can lead to packet losses / jitter
• Multiple VMWare settings control resource allocations, e.g.
Number of vCPUs per VM
Min cycles per vCPU / pinning
vSwitch loadbalancing settings
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
CSR 1000V vCE
PE WAN
Router
VPC/ vDC
Use Case: Cloud CE/PE Router
MPLS
Servers
Segment A
Segment B
DCFabric
Tenant Scale
CSR 1000V vPE
PE WAN
Router
VPC/ vDC
MPLS
Servers
Segment A
Segment B
DCFabric
VLAN
MPLS
IPoVLAN, IPoIP, MPLSoVLAN, MPLSoIP (IP=GRE, VXLAN, etc.)
MP-BGP
Benefits
• More Tenants per Physical Infrastructure
• End-to-end Managed Connectivity and SLAs
Challenges
• Mapping tenant traffic from VRFs to VLANs
• Maximum 4,096 VLANs limits scalability
15
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
CSR 1000V
WAN Router
Switches
ServersCSR
1000V
VPC/ vDC
VPC/ vDC
Cloud Provider’s Data CenterChallenges
• Inconsistent Security• High Network Latency• Limited Scalability
Use Case: Secure VPN Gateway• Benefit: Scalable, Dynamic, and Consistent Connectivity with the Cloud
Enterprise
Public WAN VPN tunnel
Benefits
• Direct, Secure Access • Scalable, Reliable VPN• Operational Simplicity
Solutions
• IPSec VPN, DMVPN, EZVPN, FlexVPN
• Routing and Addressing• Firewall, ACLs, AAA
ISR
ISR
ASR
DC
Branch
Branch
Internet
Network Services
16
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
CSR 1000V
WAN Router
Switches
ServersCSR
1000V
VPC/ vDC
VPC/ vDC
Optimized TCP connection
Cloud Provider’s Data Center
Enterprise
Use Case: Traffic Control and Management
• Benefit: Comprehensive Networking Services Gateway in the Cloud
vWAAS
HSRP
WAAS
WAAS
WAAS
DC
ASR
ISR
ISR
Branch
Branch
WAN
Network Services
Challenges
• Response Time of Apps
• Resource Guarantees
• Resilient Connectivity
Benefits
• Rich Portfolio of Network Features and Services
• Single Point of Control
Solutions
• AppNav for WAAS
• QoS Prioritization
• HSRP VPN Failover
17
vCPE Network Architectures and the vMS Solution
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Ethernet Agg SP Core
Managed CPE Extended Deployment ModelsCustomer Premise
CUBECUBE
On-premise Appliances / integrated Services• Router: Routing, ACL, NAT, SNMP..• Switch: port aggregation• Services realized with appliances• Full redundancy• Could be multi-vendor (Best of breed)
WAAS, FW, UC, …
F/D/C
F/D/C
F/D/C = Fibre / DSL / Copper
Ethernet Agg SP Core
L3 or L2 Private-cloud Branch • L3 router remains in branch but performs
minimal functions• L4-7 services virtualized in the private cloud• Branch router tightly coupled with virtual
router in the private cloud for services
Routing, QoS, FW, NAT..
Customer Premise
Customer Premise
FW, NAT..
F/D
Ethernet Agg SP Core
Customer Premise (v)Router + virtualized L4-7 services
• Router: Routing, ACL, NAT, SNMP• Services virtualized on UCS-E: FW, WAAS,• Could be multi-vendor (Best of breed) • Router could be virtualized too!
F/D
19
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Why Move Services into the SP Network?
Reduce costs, and consolidate by
virtualizing services.
Simple, stateless branch hardware. Ship it, plug it in,
done!
Eliminate equipment silos at each site.
Increase managed network functionality,
while reduced per-site costs.
Evolve/upgrade managed service offerings without
changing CPE devices.
“Slim” cloud CPE hardware portfolio to fit branch locations.
Unified management spanning all branches.
• Not a replacement for entire CPE portfolio, but rather a complementary solution (for ‘vanilla’ services)
20
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
vCPE Creates Four New Revenue Levers
Lever 1:Expand Cust. Base
Lever 2:Capture SMB Market
Lever 3:Reduce Churn
Lever 4:Increase ARPU
• Faster TTM enables more efficient use of resources
• SP can reach out and close more deals with existing resources
• SMBs need different value proposition and GTM than enterprises
• Cloud CPE enables better SMB value proposition and more effective GTM
• Cloud CPE improves service experience
• Less downtime, faster issue resolution, etc
• Happy customers are less likely to churn
• Cloud CPE – services are delivered and managed centrally
• Easier for customers to order new services
ExistingCustomer
Base(CPE)
New Cloud CPEcustomers
Expanding Customer Base
EnterpriseMarket
Segment
SMBMarket
Current Market New Market Layering New Services:CPE Churn Cloud CPE Churn
+
21
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
vCPE Architecture Building Blocks
• vCPE– Performs some / all of the L3 functions previously
executed by an on-premise physical CPE
– Location: either in SP PoP or in Data Center
– Can be run in single-tenant or Multi-tenant mode
– Provide Edge router either switches VLAN locally or tunnels the VLAN to the DC
• CPE-Lite – in either L2 or L3 Mode
– Minimal functions to reduce operational complexity
• SP aggregation network assumed to be Carrier Ethernet – Transparently transports Ethernet frames to the PE
• NOTE: CPE-lite and vCPE are tightly coupled through a tunnel– CPE-lite does not selectively forward only subsets of
flows to the vCPE
– => Main difference to cloud connector / NfV architecture
PoP
SP Aggregation
DC VMs
MSECPE-Lite
BranchCPE-Lite
BranchMSE
SP Core
vCPE
SP Aggregation
VMs
vCPE
22
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
vCPE L2-NID Architecture
• MSP is offering FE/GE port as a demarcation point to multiple customers (e.g. in basement)
• Uplinks are FE or GE
• NID connectivity to the SP infrastructure is purely based on Gig Ethernet
• All traffic transparently sent to SP Infrastructure / vCPE
• NID offers feature set:– Connectivity– L2 Security (L2ACL, Storm control, BPDU guard)– IP Manageability (TACACS+, AAA, OAM)– COS– No routing, services (NAT, Firewall, IPSLA, Netflow..), L3 HA
Customer Premise
Ethernet Agg SP Core
Routing, QoS, FW, NAT..
L2
23
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Single-tenant vCPE + L2 CPE-lite Protocol Stack
ME1200 ASR 9000 L2 DC UCS/vCPE
Carrier Ethernet Ethernet/
VLAN
VLANQinQ
ASR 9000L2 DC
IP
Eth
Phy
Eth
Phy
.1Q
Phy
.1Q
Phy
QinQ
Phy
QinQ
Phy
.1Q
Phy
.1Q
Phy
IP
.1Q
Phy
.1Q
Phy
.1Q
Phy
.1Q
Phy
.1Q
Phy
.1Q
Phy
IP
.1Q
Phy
VRF
CPE-liteEither VLAN or Ethernet Encap
Ethernet Transport Network:MPLS/TP
QinQ imposition
PEDecapsulate QinQ (e.g. EVC)
Encap customer VLAN according to DC underlay
Could also be last Eth Agg Switch
DC Underlay:Ethernet /L3 basedQinQ imposition
vCPEFirst L3 hop
vCPE on ‘on-a-stick’
PETerminate customer VLANs into
VRF or GRT
DC Underlay:Same DC underlay
UNI
24
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Reference E2E Functional Architecture for vMS/vCPEExtending orchestration to physical devices
PE/DCI UCS
CPE Management
VNF Management & Service Chaining
CFS
RFS
Self Service Portal
Network Services Orchestrator
VNFs
Metro/WAN Management
Meraki
ISR, Other CPE
Meraki MX
x86
Prime
WAE
WAN/Internet
ESCServic
e Config
Overlay SDN
Controller
L2/L3 CPE(ISR, NID)
WAN Orchestration
Demand Placement
Service Assurance
Analytics
Day 0 boot-strapDay 1/Day 2 config
Stats collection (n/w & apps)Fault management
Customer Facing Services provide portal access to Catalog offerings including vCPE.
Virtual Network Functions provide CloudVPN and other NFVaaS
Future: provision SP Metro/VPNWAN Optimization
Operations management & Service Assurance
25
DevNet-1020
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Prime Service Catalog(PSC)
User Self-Service Portal
NFV Orchestrator
VM and ServiceLifecycle Manager
SDN sub-system / SDNController
SDN Virtual Forwarder
VM & Storage Orchestrator
DCI
REST API REST API
MP-BGPRestconf/Yang
Net
conf
/Yan
gO
r C
LI
Prime Order Fulfillment or SP’s OSS/BSS
OpenStack APIs
VNF
VNFx86 Server
ESC API VTM API
OpenStack
Elastic Services Controller (ESC)
Virtual Topology Controller (VTC)
Service Assurance
A Framework enabled by multiple products & architecture
OVS
VTF
Cisco NfV Orchestration SolutionOSS
Network Services Orchestrator (NSO)(Foundation Based on Tail-f NCS)
REST API / JCloud (Future)
SP WANCSR 1000v
26
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Cisco NFV Orchestration Solution: Capability Summary
•Multi-domain orchestration across compute, storage and network (physical and virtual)•Data model driven design for service profile specification•Customer facing service definition exposed via RESTful API
Service orchestration (across physical and virtual)
•Elastic VM Lifecycle management to grow/shrink service on demand•Supports horizontal and vertical scaling of VNFs (scale up/down, scale in/out)
VNF Lifecycle management (on-prem and in the cloud)
•YANG based service models•Supports flexible south bound device interfaces (CLI, SNMP, Netconf/YANG, REST)
Service Provisioning
•Application driven network policy•Supports rich network topologies and service chains •Integrates cloud service with SP WAN (VPN/Internet)
Automated Network Control
•High performance virtual data plane (10Gbps per core) •High availability across infrastructure plane and service plane
Carrier-class performance and reliability
One Touch Install
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
VMware
Mapping architecture to ETSI NFV Framework
VNF Manager
Service, VNF and Infrastructure
Description
Service Catalog
Network Services Orchestrator (Based on Tail-F NCS)
VNF Library (sample list)
SP’s Existing OSS/Catalog
OpenStack
CSR1kvCSR1kvCSR1kv
NFF3rd Party
vNFASAvASAvASAv
QvPC SIQvPC SIQvPC SI
QvPC DIQvPC DIQvPC DI
Virtual Infra. Managers (VIM)
NFV Orchestrator
Service Lifecycle Management
Service Provisioning
Cisco Virtual Topology Controller
(Compute and Storage VIMs)
Cisco VNF Manager
REST API
NFV Infra (NFVI)
Currently available (included in 1.0)
(Network VIMs)
Service Lifecycle management(ESC)
VTF
28
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Service agility: From months…
29
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
… to minutes
value
1
2
3
2
1
3
1
2
3
time
minutes
months
present modeof operation
3
3 new modeof operation
daysweeks
User Self-Service : GUI Inputrendering & corrections1
Order Auto-orchestratedin virtualized Multi-Service
Smart Infra Cloud3
IT-light Service Control
Self-monitoring,Self-maintaining
Elastic
4
Auto-created designBased on user inputs2
30
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
NFV Orchestration Solution: Network Control System (NCS)
• Multi-vendor service orchestrator for existing and future networks
• Single pane of glass for:– L2-L7 networking– Hardware Devices– Virtual Appliances
• Model Driven Orchestration– Service Data models (declarative)– Device Data Model (for auto config)– All Models are YANG Based
• Highly Scalable for large infrastructure– One of the existing deployment is managing
60K devices on the network
• Additional orchestration capabilities are being added
Network Element Drivers
Device Manager
Service Manager
Network Control System (NCS) ServiceModels
DeviceModels
Network-wide CLI, Web UIREST, Java, NETCONF
Network Engineer
ManagementApplications
End-to-EndTransactions
NETCONF, CLI, SNMP, REST, etc.
• Applications• Controllers
31
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
• End to end customizations for specialized applications
• Integrate with 3rd Party Orchestration, and Assurance systems
• Agentless, multi-vendor VNFs support - no limits
• Onboard new applications faster with custom monitoring
• Dynamic VNF registration, deployment, and LCM
• VNF monitoring and elasticity with vertical and horizontal scale
• Integrated Intelligent rules based engine
• Service auto-recovery and N-way redundancy
Cisco Elastic Services Controller: Customer Benefits
Service Agility
Faster Innovation
Reduce Opex, Optimal resource consumption
• Modular architecture- offering choice of multi-vendor – OSS, VNF’s and VIM
• Extensible, supports VNF descriptor data models (Yang)
Modularity, Multi-vendor and Open Platform
32
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
List of Events
• VM Alive• Service Alive• Upper load threshold crossed• Lower load threshold crossed• Service Dead• VM Dead
List of Actions• Notify (callback)• Advertise Service• Withdraw Service• Restart VM• Scale up (add a VM)• Scale down (remove a VM)• Individually customizable
action(s) for every event
Simple Rules
Service Alive => advertise
VM Dead => withdraw
Upper load => scale up
Complex Rules
Upper load => Scale up, Notify, Advertise
Service Dead => Withdraw, Notify, Restart
Service Alive => Advertise, Notify
Elastic Services Controller
ProvisionVM
VM Bootstrapprocess
Service Bootstrap Process
Servicealive
VMalive Service
Functional
ServiceOverloaded / Underloaded
VNFProvisioning VNF MonitorVNF
Configuration
ConfigureService
Service DEAD
VM DEADCustom Script
Action
VMOverloaded / Underloaded
Predefined Action
Custom Script Action
Predefined Action
Custom Script Action Predefined Action
Custom Script Action Predefined Action
Custom Script Action Predefined Action
Custom Script Action
Predefined Action
Analytic Engine Rule Engine
ESC - VNF Lifecycle Management, Monitoring and Elasticity
33
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
NFV Orchestration Solution: Virtual Transport Function and Controller (VTF & VTC)• VTC – Routing controller based on XRv
• VTF - Light weight, high performance software forwarding plane – Provides highly optimized forwarding in x86
environment– Runs once on each server– Contains a unique forwarding context per tenant– Provides per-tenant L3, L2 and PBR forwarding for
service chaining– Provides IP routed and L2 P2P transport – Provides DHCP relay, ARP function– Programmed by NSO Controller using YANG over
RESTConf• All forwarding controlled centrally• Granular L3 and L2 forwarding entries• N-tuple match
VM (VTF)
VM
“CE”
Datato DC Fabric
Server
VM
“CE”
VM
“CE”
VM
“CE”
VM
“CE”
VM
“CE”
VRFR
VRFY
VRFG
Control channel to NSO
34
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
CloudVPN Business Services: Use Case 1: CloudVPN with Internet, Firewall (FW), Remote Access (RA)
Cloud IPVPN with FW and Remote Access to Internet vFW with NAT and Policy vFW with IPSec/SSL Remote Access
including Remote End-Host posture verification
CPE
CPE
CPE
Internet Router
vFW
SP CLOUDInternet
Cloud-Hosted Management
Scalable, elastic, on-demand
Overlay Packet Tunnels Keyed IPv6 tunnels - mesh, hub&spoke; IPSec tunnels – mesh, hub&spoke if
keyed IPv6 tunnels not supported;
VR
35
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Network Services Orchestrator (NSO)PnP Server
CloudVPN with ISR CPE Use Case
Elastic Services Controller (ESC)
Tenant Portal
REST API REST API
SP’s OSS/BSS
ISR CPE
PnP Functionality Zero Touch Provisioning
OpenStack
X8
6
Serv
er
CloudVPN Connectivity up
ProvisionCSR
ISR CPE Shipped to Customer Site, connected & Powered ON
Customer Orders VPN Service
Provide Day 1 Configuration
Establish VPN: IPSec, IP Overlay (VXLAN, GRE, LISP), L2
DCI/PE
CSR1Kv
Spin up CSR
36
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Adding VNFs in the cloud
Elastic Services Controller (ESC)
Tenant Portal
Network Services Orchestrator (NSO)
REST API REST API
SP’s OSS/BSS
ISR CPE
PnP Functionality Zero Touch Provisioning
OpenStack
CSR1Kv ASAv
X8
6
Serv
er
Internet Gateway
vESACloudVPN Connectivity up
If more VNFs are neededfor a Service Chain ?
More scalable and flexible service chaining enabled with VTC & high-performance VTF
ISR CPE Shipped to Customer Site, connected & Powered ON
Customer Orders VPN Service
Provide Day 1 Configuration
Virtual Topology Controller (VTC)
OVS/VTF
Establish VPN: IPSec, IP Overlay (VXLAN, GRE, LISP), L2
PnP Server
DCI/PE
37
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Cloud Service OrchestrationOrchestration
WorkflowCatalogPortal / UI / API
VM/Storage Control
Network Control
Network Service Control
Ser
vice
C
rea
tion
Ser
vice
M
onito
ring
Ser
vice
C
onfig
IPC
ontr
ol
DC
N
etw
ork
Con
trol
ler
WA
N
Con
trol
ler
…
NfV Example Workflow1. Request received
2. Catalog item
3. Defines workflow
4. Workflow calls Service Creation to set up service VMs
5. Service Creation calls to Openstack to set up VMs
6. Openstack sets up VMs
7. Workflow calls to Service Config function to set up services
8. Service Config configures services
9. Workflow calls DC network controller
10. DC network controller configures overlay network
11. Service monitoring tracks availability and performance of service
12. Service Creation manages service elasticity and high availability
Infrastructure
PhysicalNetwork
VirtualNetwork
Compute
Storage
Virtual Services
1112
10
1
2 34 7 9
5
6
8
38
Conclusion
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Summary – what we talked about Today
This session reviewed the
• CSR 1000v System Architecture
• vCPE Network Architectures and the vMS Solution
• Virtualizing BRAS, LAC, LNS or Route Reflectors
40
© 2015 Cisco and/or its affiliates. All rights reserved.BRKSPG-2519 Cisco Public
Key Conclusions
• Virtualization is maturing fast and enabling new architectural variations
• CSR 1000v is able to meet SP requirements for virtualization from a feature-richness and performance perspective
• vCPE architectures are enabled by Cisco using the vMS solution, where the CSR 1000v offers virtualized CPE functionality in the cloud combined with orchestration
• The virtualized IOS XE of the CSR 1000v enables other NfV use-cases like vBRAS, vLNS and thus enables different architectures
• Virtualization is about changing the architecture, not simply replacing a hardware system with a software system– Increased focus on automation and orchestration
41