Download - Deploying an NFV Cloud
Deploying and Operating an NFV CloudJuan Ramón Acosta, Principal ArchitectNaren Narendra, Senior Product ManagerMay 10, 2017
Service Provider Network Transformation
Reduce Network Appliances, Siloes
Avail Self-service Personalization
Automate Service Creation
Open Source
NFVSDN
Converged Infrastructure
MobilityManagedServices Video Security
SimplifiedOperations
Highly Available Infrastructure
Network Function Virtualization
Analyst View of the NFV Selling MotionLight Reading Survey from January 2016 of 120 SP’s
• “Some of the first operators to move ahead with open NFV implementations have found that the economics don’t work today, because the system integration costs of getting products from multiple vendors to work together are higher than the savings”.
• “That inconvenient economic truth is prompting a backlash against multivendor NFV installations”
• “Having flirted unsuccessfully with trying to integrate everything themselves, CSPs are going back to buying everything pre-integrated from one vendor”
NFV Coming Ready or Not, Light Reading, January 2016http://www.lightreading.com/lg_redirect.asp?piddl_lgid_docid=722671
DIY Approach
A la carte
Pre-integrated
Ingredients for successful NFVRequires specialized set of tools well beyond traditional IT
Virtual Infrastructure Mgmt
Emerging
SDN Controller& Network Integration
Chaining and Connectivity
Data Models and AutomationFast Data Plane on x86
Netconf/YANG
VTS (MP-BGP/VXLAN) ACI
SR-IOV
NSH/Service ChainingSegment Routing NEW
NEW
End-to-End Requirements for NFV
Infrastructure and OS
NEW
`
Access
Carrier-E / Transport
Central Data Centers
Edge
Internet / Partner SP Edge
Core and EdgeAggregation Multi-Cloud
VPN CPE
Cust. Prem
Cust Prem
vBranch,Analytics
Access
Nothing is seen
today…
MEC (with VPC) & Fog
Apps in future
Remote DCs
VPC, SecGW, vIMS,vManaged Service,
Media xCoding, cDVR,vPE, vBNG, vCMTS,
vCDN, Analytics
In Future - IOT / Fog Computing, Online Gaming,
Location based Services, AR/VR, Data Analytics
Central DCs
VPC, Gi-LAN, vIMS,Biz Services (vMS),
Media xCoding, cDVR,vCDN,
Virtualized RR,Analytics
Co-Lo / Peering
vMS, vCDN,vDDoS,
Analytics
Cloud Hosted
XaaS delivered from the Multi-
Cloud
NFV Deployments are Going to be Distributed
Peering
DCI
DCI
DCI
DCI
DCI
DCI
Remote DCNear Edge
Remote DCNear Edge
Co-Lo
Co-Lo
Peering
Peering
CO
vBNG, vOLT, vCMTS, vPEBiz Services (vMS),
vRAN,vCDN, Analytics
VPC & MEC apps in future (gaming, AR/VR, IOT, Fog,
location based services, Data Analytics)
NFV Infrastructure RequirementsCarrier Class Performance
Use Case Agnostic Infrastructure
Open Standards Based, Modular and Elastic
Easy to use with Unified Management
Integrated Solution with Single Point of Ownership
Service Velocity Customer Experience Open Architecture
Multi-level Security
Cisco NFV and ETSI NFV Framework
Cisco NFVI =
Cisco VIM+NFVI Monitoring+Unified Management+SDN Controller+Cisco UCS & Nexus Hardware
Cisco Network Services Orchestrator (NSO)
OSS , BSS
VNF
Service, VNF & Infrastructure Description
EMS 1
NFVI
EMS 2 EMS 3
VNF 1 VNF 2 VNF 3
Virtual Compute Virtual Storage Virtual Network
Computing Hardware
Hardware Resources
Storage Hardware Network Hardware
Virtualisation Layer
Orchestrator
Virtualised Infrastructure
Manager
VNF Managers
Cisco Elastic Services Controller (ESC)
Cisco NFV Architecture
VNF Manager
Cisco ESC Third Party
NFV-O and Resource Orchestration
NSO – Network Services Orchestrator enabled by Tail-f
North Bound APIs
Virtual Network Functions Cisco and Third Party
CSR ASAv vNAM vIPS
vPC-DI vIMS VideoOpt.
Third Party
Cisco Physical Infrastructure
Network VIM
Linux (RHEL, Hyper Visor (KVM), Host Packages, Software Defined Storage
NetworkCompute (UCS) Storage Ceph
Uni
fied
Man
agem
ent
with
ass
uran
ce
Uni
fied
Man
agem
ent
API
GUI
Virtualized Infrastructure Manager
Cisco VIM based on RHEL OSP
Ass
uran
ceThird Party
or
or APIC* VTSor 3rd Partyor
* Roadmap
Cisco Physical Infrastructure
Network VIM
Linux (RHEL), Hyper Visor (KVM), Host Packages, Software Defined Storage
NetworkCompute (UCS) Storage Ceph
Uni
fied
Man
agem
ent
with
ass
uran
ce
Uni
fied
Mgt
.
API
GUI
Virtual Infrastructure Manager
Cisco VIM on RHEL OSP
Ass
uran
ce
Leading Industry Partnerships
Performance Acceleration,Enhanced Platform Awareness
Certified by Red HatJoint Engineering
Integrated platform Design and Validation
Legend
Simple Access to Support Single Point of Contact
APIC* VTSor 3rd Partyor
* Roadmap
Use Cases
Virtual Managed Services Mobility Media
Cisco Physical Infrastructure
Network VIM
Linux (RHEL), Hyper Visor (KVM), Host Packages, Software Defined Storage
NetworkCompute (UCS) Storage Ceph
Uni
fied
Man
agem
ent
with
ass
uran
ce
UC
SD
API
GUI
Virtual Infrastructure Manager
Cisco VIM based on RHEL OSP
Ass
uran
ce
APIC* VTSor 3rd Partyor
* Roadmap
Cisco VIMVirtualized Infrastructure Manager
Installer & Life Cycle Manager
ContainerizedControl Plane
Health ChecksLogging/Monitoring
HA VerificationVM Throughput TestingCisco VIM
Security
CI/CD Enabled
Integrated Operational & Validation Tools
ELK Stack – Centralized logging for hosts and OpenStack services
CloudPulse – NFVI control plane and API endpoint health check
VMTP – Full virtual topology bring up and throughput tests
Cloud99 – Failure injection tests for HA validation
KloudBuster – Large scale virtual topology tests
Monitoring – containers, processes, physical & virtual resources
Use Cases Legend
Virtual Managed Services Mobility Media
Cisco Physical Infrastructure
Network VIM
Linux (RHEL), Hyper Visor (KVM), Host Packages, Software Defined Storage
NetworkCompute (UCS) Storage Ceph
Uni
fied
Man
agem
ent
with
ass
uran
ce
UC
SD
API
GUI
Virtual Infrastructure Manager
Cisco VIM based on RHEL OSP
Ass
uran
ce
APIC* VTSor 3rd Partyor
* Roadmap
Cisco Virtual Managed Services(VMS)
© 2017 Cisco and/or its affiliates. All rights reserved. Cicso confidential.
14
VMS Service Packages unlock many Cloud Managed Services from a single platform
NSO Service Models and Device Models simplify the orchestration of new services and multi-vendor devices (90% less code)
SPs can create new Cloud Managed Services rapidly using the VMS Software Development Kit (SDK)
Your Service
Here
VMS… A Multi-Service PlatformCloud based Service Creation …Many Services…One Platform…for Enterprises and SMBs
VMS Service Packages simplify…
vRouter vFirewall vWAAS
How to create and monetize a service
How to orchestrate and activate a service
How to monitor and modify a service
How to collect analytics and bill a service
How to boot and manage virtual and physical devices
NSO Service Models
Multi-VendorNSO Device Models
Many Service Packages offered from the SP Cloud
VMS Cloud Managed Services for SPs Rapid Time to Market using customizable Self-Service Portals and Service APIs
Customer Self-Service Portal to manage and monitor devices from the Cloud
Customer Self-Service Portal to add new services from the Cloud
SP Operator Portal to manage multi-tenant services from the Cloud
SP Operator Portal to rapidly create new Service offers from the Cloud
SP Admin Portal to manage new tenants, users, and secure access from the Cloud
SP Admin Portal to manage service creation info and analytics from the Cloud
** All service configs are available through APIs or an optional User Interface
VMS provides a Self-Service Portal and Service APIsCapture new Customers with customized Service offers
Customers can…• Purchase new Services• Create new customer sites • Select devices for each site• Select new Service options• Confirm service terms and conditions
Service Providers can…• Create customized offers with
monetized choices • Integrate the service workflow with
your BSS/OSS systems• Rapidly bring services to market• Support many tenants from a
single platform
Select a new Service
Add a new Branch Site and Device
Review Service Selections
Customer Self-service Workflow
** All service configs are available through APIs or an optional User Interface
VMS provides Self-Service Site ManagementSite Configurations made easy with protective guard rails, from the Self-Service Portal or service APIs
Customers and Service Providers can…• Manage Site configurations from the Cloud
• Make site config changes with protective guard rails and Role Based Access Control
• See a massive reduction in OPEX using Cisco certified Service Packages, all managed by VMS
Select a new Service
Add a new Branch Site and Device First Step in the Workflow
Simple configuration of IWAN Hub Sites with guard rails
Simple configuration of IWAN Branch Sites with guard rails
Simple configuration of Enterprise prefixes with guard rails
** All service configs are available through APIs or an optional User Interface
ISR 800, 1900, 2900, 3900, 4000 Series
CPE VPN Managed WAN Managed Security
VMS Cloud VPNSecure Hub-and-Spoke Connectivity with Remote Access, Web Security, and Firewall
• Enhances agility to deploy new services
• Operational efficiency with zero-touch deployment and automated provisioning
• Enable business to comply with regulatory requirements with strong encryption of data in motion
• Enable zero-touch provisioning tenants self or service provider managed solution
• Installation and deployment simplicity
Service Provider Cloud VPN Business Benefits
Firewall(ASAv)
Web Security (WSAv)
Intrusion Prevention
(IPSv)
vRouter(CSR1Kv)
Branch
Branch
Cloud VPN(IPSec) Internet
Remote Access
ISR 800, 1900, 2900, 3900, 4000 Series
CPE VPN Managed WAN Managed Security
• Simplified integration of cloud services for Internet and MPLS network customers
• Expand Cloud VPN service to support customers on MPLS network
• Maintain MPLS network integrity and security, as well as service provider domain separation
• Ability to offer network integration of customer branch offices across Cloud VPN and MPLS networks
VMS Cloud VPN with Converged EdgeSecure Convergence of IPSec and MPLS Connected Sites with Cloud Managed Security
Firewall(ASAv)
Web Security (WSAv)
Intrusion Prevention
(IPSv)
vRouter(CSR1Kv)
Branch
Branch
Branch
Branch
1Q VLANs
Cloud VPN(IPSec)
Other Networks
MPLS VPNNetwork
Internet
Service Provider Managed Network
Remote Access
Business Benefits
vBranch Solution Benefits• Expand Your TAM: Enable New Services with
Services Running Virtualized in the Branch, No Additional Hardware
• Minimize Truck Rolls: Operational Efficiency by Zero-Touch Deployment and Automated Provisioning
• Easy Integration: Utilize Existing Branch Delivery Model with Service Capability Remaining in the Branch
• Offer Flexibility: Enables Tenant Self-Management or Service Provider Managed Offers
• Overlay Oriented: Suited to Wide Array of Overlay VPNs: MPLS, IWAN, IVPNs
vBranch Solution Overview and BenefitsSolution to Deploy Feature-Rich Services in Branch Environment Using Virtualization Technology
Firewall(ASAv)
vRouterISRv
WAN opt(WAASv)
ENCS w/NFVIS
vBranch @ Enterprise
Branch Office
Self-Service Portal
Internet
VMS vBranchManagement Platform
Service Provider Infrastructure
EnterpriseHeadquarters
MPLS VPN(MPLS)
VMS Cloud Managed IWANA DMVPN Service with Many Transport Options between Branches and Hub
ISR 800, 1900, 2900, 3900, 4000 Series
CPE VPN Managed WAN Managed Security
Branch
InternetDMVPN
Internet
MC
Border Router
Border Router
Intelligent WANBranch Router
MPLSDMVPN
Cloud IWAN Business Benefits
• Steer application flows based on type, policies and path status
• Provide protection of business applications from brownouts
Application-Aware• Provide more value with
Active/Active low cost WAN links• Increase bandwidth efficiency by
load-sharing traffic over all WAN paths
Full Utilization / Lower Cost• Automatic and on-demand
monitoring and intervention• Decrease loss percentage to
less than 5%
Real-Time
Master ControllerHub
VMS Cloud Managed SD-WAN
Perfect for distributed customers looking forlower cost and self-managed SD-WAN options
SD-WAN created with Zero Touch Provisioning (PnP) and validated IWAN Service Packs (NSO)
Automated end-to-end SD-WAN Services managed from the Service Provider Cloud
Secure multi-tenant Cloud Managed platform, simplified orchestration and tenant self-service
Rapidly create new monetized services, modify existing services instantly from Cloud
Optimized for Ease of Management
VMS Offers using Service Extensions
Multi-Vendor Network Element Drivers
Device Manager
Service Manager
Network Services Orchestrator (NS0)
SP Applications/Systems
Active Network
View
Physical Networks
VNFM Controller apps EMS and NMS
Network Abstraction in Modern and Brownfield Environments
Network AppsVirtual Networks
Service InterfacesVMS
Service CreationPlatform
Service Infrastructure
Service Offers
Data Platforms
OpenAPIs
Custom Template Service
Custom Template Extension
Orchestration Templates
UX/UI Extension
Extending Packaged Services Services will never be one size fits all Providers need a way to customize and
add configurations to existing services.
Custom Template Service Provides UI/UX extensions per service
to Operators and Tenants. Leverages NSO templates VMS offer
templates to create new payloads for service offer.
Builds on NSO Capabilities NSO provides template capabilities New Templates can be reloaded These templates are then
referenced Does not require new NSO
Java/Python Mapping code.
VMS Service Extension Feature FlowExample iWAN Offer Modification
Development iWAN Template to Disable DHCP on CPE Client
Load new template into NSO
Service Infrastructure
VMS Platform learns of NSO Extension
iWAN Service Offer
iWAN Service Offer Picks up service extension
iWAN Service UI automatically presents as a configuration service option.
iWAN Service Requests now include Service Extension
NSO Drives follows normal process of creating device configurations.
1
2 3 4
5
6
7
VMS Service Creation; Opaque Services
Multi-Vendor Network Element Drivers
Device Manager
Service Manager
Network Services Orchestrator (NS0)
SP Applications/Systems
Active Network
View
Physical Networks
VNFM Controller apps EMS and NMS
Network Abstraction in Modern and Brownfield Environments
Network AppsVirtual Networks
Service InterfacesVMS
Service CreationPlatform
Service Infrastructure
Service Offers
Data Platforms
OpenAPIsVMS Provides Catalog of Opaque Services & Ordering
Opaque Service Model
NSO invokes VMs and pushes Day 0 Configs.Device still “unmanaged”
VMS Signals External NMS/EMS that Opaque Devices are ready.
External NMS/EMS Takes over all subsequent Service Configs. VMS platform maintains the infrastructure for the service.
VMS Service Creation Platform; SDKDo I want to use it? How do I try it?How do I get started?
How do I use it? How do I get help?
Developer Site Developer SandboxTutorials & How-Tos
</>
Docs & Sample Code Community & Support
Visit Cisco in Booth A4See how our cloud solutions provide what you need to meet your goals.
Join the conversation @CiscoCloud© 2017 Cisco and/or its affiliates. All rights reserved. Cicso confidential. 30