let’s talk about sd-wan – what is it really?...let’s talk about sd-wan – what is it really?...
TRANSCRIPT
Let’s talk about SD-WAN – What is it really? Options for Service Providers
October 2016
Bill Reilly, Product Manager– IWAN Product Management
Chris Lewis, Product Manager– Network Function Virtualization
2 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What you will learn • Where the industry currently is on SD-WAN
• How we define SD-WAN and why
• What it means for you, a Network Service Provider
• How you can use this technology
• Deep dive into our Cloud Intelligent WAN
3 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Why are enterprises thinking about SD-WAN?
Have either 2 or 3 WAN connections/branch
70%
of Apps accessed via Internet
50%
Cite poor application performance and latency as
corporate WAN concern
48.6%
Cite management of connectivity at branch as a
challenge
32.4%
Source: IDC Worldwide SD-WAN Survey Special Report (May 2016) PSOCRS-2011 3
4 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IT Priorities Focused on Business Outcomes
SD-WAN is expected to achieve all the above and a lot more….
5 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Emerging WAN Core Drivers • Hybrid WAN Cores Flexible transport Options
easily mix, add or change transport services – types and providers balance service level requirements and cost needs
• Cloud First – applications and data can be anywhere Cost effective access to Private, Virtual Private and Public Clouds applications optimized to deliver the required user experience
• Secure infrastructure Internal and provider networks are not trusted any more segmentation, data privacy, hardened against attacks, etc…
• Carrier Neutral Facilities For direct peering with cloud and transport providers
• Highly reliable infrastructure – now more than ever Outages impact revenue – 24x7x365, no downtime for maintenance…
• Operational efficiency, automation – Simplify operations, PnP, Cloud Self managed, On-Prem Self managed, IWANaaS
Internet West
Region IWAN
East Region IWAN IWAN
Core
South Region IWAN
North Region IWAN
Public Cloud
vPrivate Cloud
Internet
Facebook Yahoo
YouTube,…
Private Cloud
Ent POP
Branch
vBranch
V
Cloud PoP
V V
Ent POP
Cloud POP
6 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Digital Network Architecture Deliver DNA with Cisco IWAN
Cisco Intelligent WAN
Cloud Service Management
Automation
Analytics
Virtualization
Digital Network Architecture
Benefits
Automate with policies
Analytics with network insights
Physical and virtual platforms
Faster Innovation Reduce Cost & Complexity
Lower Risk & Meet Compliance
7 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Separate Transport and Service • CPE-to-CPE overlay enables separation of transport (underlay) and VPN service (overlay)
• Routing in VPN service overlay environment should be almost trivial
CPE1
CPE2 CPE5
CPE3
CPE4
= Service aware
= Service unaware
IP or MPLS Transport Underlay
VPN Service Overlay
SDN Service Control
Transport Policy and Optimisation
8 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Hybrid WAN: Leveraging the Internet Secure WAN Transport and Internet Access
Branch
MPLS (IP-VPN)
Internet
Private Cloud
Virtual Private Cloud
Public Cloud
Secure WAN transport for private and virtual private cloud access
Leverage local Internet path for public cloud and Internet access
Increased WAN transport capacity, cost effectively!
Improve application performance (right flows to right places)
Secure WAN Transport
Direct Internet Access
• Secure WAN transport for private and virtual private cloud access
• Leverage local Internet path for public cloud and Internet access
• Increased WAN transport capacity; and cost effectively!
• Improve application performance (right flows to right places)
9 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SP Shared Services
IWAN Transport – Option1
P
P
Router 1
Router 2
Single network
MPLS
PE
Customer-A Branch
PE
PE
Router 3 Router 1
Router 2
Customer-A Transit/Hub Site
Cloud Service Node
DM
Z
IWAN Edge
Customer-A Branch
vBranch
BE
GA
NFV
Physical Platform
Microsoft Azure
Internet
Google AWS
Internet
Facebook Yahoo
YouTube,…
VPN Secure
GW VPN Secure
GW
BE
PE
PE
GA
BE
GA
GA – Guaranteed Access (SLA) BE – Best Effort, Broadband (No SLA)
Service Orchestration (NSO)
NFV Orchestration (ESC) PnP Server
SP Portal
Reporting LivingObjects
10 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SP Shared Services
IWAN Transport – Option 2
Router 1
Router 2
MPLS
PE
Customer-A Branch
PE
PE
Router 3 Router 1
Router 2
Customer-A Transit/Hub Site
Cloud Service Node
DM
Z
IWAN Edge
Customer-A Branch
vBranch
BE
GA
NFV
Physical Platform
Microsoft Azure
Internet
Google AWS
Internet
Facebook Yahoo
YouTube,…
BE
PE
PE
GA
BE
GA
GA – Guaranteed Access (SLA) BE – Best Effort, Broadband (No SLA)
INET
GATEWAY
Service Orchestration (NSO)
NFV Orchestration (ESC) PnP Server
SP Portal
Reporting LivingObjects
11 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SP Shared Services
IWAN Overlay
P
P
Router 1
Router 2
PE
DMVPN Overlay
MPLS
PE
PE
Customer-A Branch
PE
PE
Router 3 Router 1
Router 2
Customer-A Transit/Hub Site
Cloud Service Node
DM
Z
IWAN Edge
Customer-A Branch
vBranch DMVPN MPLS
DMVPN INET
Microsoft Azure
Internet
Google AWS
Internet
Facebook Yahoo
YouTube,…
Service Orchestration (NSO)
NFV Orchestration (ESC) PnP Server
SP Portal
Reporting LivingObjects
12 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Identify Prioritize Accelerate
See 1000+ apps running on your network
Automate app priority based on business policies
Boost app performance
Securely on any connection or platform for all users
Cisco Intelligent WAN Application-centric SD-WAN
13 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ubiquitous Visibility Across Entire Network Make The Network Application-Aware
Intelligence & Insights Detect/Categorize 1000+ applications automatically
Application Categories Consumer Apps Voice and Video
File Sharing Business and Productivity Tools
Social Networking Software Updates Instant Messaging
Database Gaming
Browsing Email
72 48 36 31 28 24 19 17 12 9 8
Any user, device, wired or wireless
Facilitates trouble-shooting
No probes or additional HW
Browsing Consumer_apps Unknown Net-admin File-sharing Voice-and-video Other
“Cisco AVC also makes it easy to see if slow application performance is a result of client network delay or server network delay.”
“IT staff gain a 360-degree view of all devices, users, and applications from a single location.”
14 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Business Priority based Intelligent Path Control Increase Application Availability
Route app path based on policies 3
Use Internet as the 2nd WAN 2
Set app rankings and policies 1 Business Relevant – High Priority
Business Irrelevant – Low Priority
Default – Medium Priority
Active-Standby Active-Active
Full utilization of ALL available
bandwidth
Improved application
performance
Lower operating costs
“I want my critical data and voice traffic moving over MPLS, because I have a service-level agreement with my MPLS provider and I can hold him accountable if there’s an outage or slowdown. PfR does that for me, while sending lower-priority traffic like web surfing to DMVPN.”
15 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
WAN Optimization and Content Caching Enhance the Application Experience
Mobile Apps
Guest WiFi
Video Conferencing
Digital Signage
Catalogs
On-demand Training
Enable Business Initiatives
Reduced Bandwidth
0 0
1
2
3
4
40
80
120
160
App Bandwidth App Latency
Bandwidth (Mbps)
Latency (ms)
Reduced Latency
Bandwidth with IWAN
Bandwidth natively
App latency natively
App latency with IWAN
Result: Louis Vuitton
80% Faster App Response Time
3x Greater Dwell Time
Accelerate applications
over any connection
Store content locally for
instant access
Optimize WAN bandwidth for
better ROI
16 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Applications and Data Protect the Branch and WAN
Secure Intelligent WAN
Secure any connections
Meet government and regulatory compliance
Secure traffic directly accessing the Internet
Comprehensive threat defense
Integrated, all-in-one
security platform
Scalability without compromising performance
Respond faster to threats and vulnerabilities
“Having the entire security suite at our fingertips has given us agility to enhance our toolbox on the fly. It’s been easy to manage, and we don’t need to worry about whether to add security elements when we order routers or firewalls; they just come included.”
17 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What Is Cisco Virtual Managed Services? Automate services end to end
Create new services on demand
Simple, customized shopping portal
Modular tools to match your business
Easy to deploy and maintain
Seamless and highly secure cloud delivery
For enterprise and small business customers
Virtual Managed Services is a software solution platform that can enable a set of highly secure, cloud-based services solutions for automated delivery of business connectivity and applications services cost-effectively, seamlessly, and on demand to customers and partners, for amazing user experiences.
18 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Functionality of the VMS platform VMS, a multi-tenant managed NFV services platform. For each tenant, and each service (e.g. IWAN) ...
• Configure global service settings
• Create and manage Service templates
• Set per tenant parameters
• Order the service • Modify a service
instance • Monitor service, site, device status
• Monitor service-specific KPIs
• Service provisioning notifications (e.g. started, failed, completed, ...)
• Device provisioning notifications
• Site provisioning notifications
• Remote User-related notifications
User Persona for UI and APIs • SP operator /
product engineer
• Tenant administrator
• Tenant user • Trusted SP
application
VMS Platform
Service Pack Service Pack Service Pack
19 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
More about VMS outbound notifications 1. Configurable to be Email (swivel
chair processing or REST&JSON) 2. Notification can be disabled if not
consumed 3. Notifications include
• User Added (sample content in slide comment) • User Updated • User Deleted • Device Added • Device Deleted • Device Registered with Serial Number • Device Updated • Device Only Purchase • New Service • Service Updated • Service Provisioning Success
• Service Unsubscribe • Service Order Failure • Service Activation Failure • Service Update Failure • Service Unsubscribe Failure • Service Deprovisioning Success • Service Deprovisioning Failure • New Site Added
20 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VMS can run fully standalone. Integration should be prioritized from business and operational efficiency point of view. Suggested prioritization:
Systems that VMS may be integrated with
Identity • Setup operator and tenant users as federated users in VMS; automate the tenant creation in VMS from CRM
Order Entry • SP sales team’s order entry system integrates with VMS via order API
App Store • SP’s customer self-service ordering storefront integrates with VMS via order API
Self-Service Management Portal • SP’s customer self-service management portal integrates with VMS via APIs and notifications
Service Assurance System • SP’s assurance system/dashboard retrieves service status and metrics data from VMS via APIs and streaming
Incident Management • SP’s incident management system to receive event notifications and automated ticket creation from VMS (future)
21 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Browseable IWAN API documentation
22 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CSR
ASAv ODL/VPP*
SDN Controller OVS
VMS Platform Architecture
Network Services Orchestrator (NFVO)
ESC Life Cycle Manager (VNF-M)
OpenStack Virtualization (VIM)
Infrastructure
UI
Physical
OSS/BSS
Customer Facing Services
Resource Facing Services
SS
H
SS
H
vapes WSAv
VNFs
IDM
Service Assurance
SA-API
Service Interface
23 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Orchestration From instantiation to deployment
YANG Model
Instantiation for Site 1
Instantiation for Site 2
Combine with template Deliver via NETCONF Feed through NED
23
24 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VMS Network Services Orchestrator
PnP Server
Transaction Database
Open PnP
Service Manager
Device Manager
Network Element Drivers
x86 Virtual
Service Model Service Model Service Model
Zero Touch Deployment
Open Method for ZTD Access
Supported by Netconf
Service Manager Interprets Service Intent with Service Instantiation Rules and derives configuration
Device Manager manages derived and validated configurations in a transaction manner towards infrastructure.
Network Element Drivers Abstract the interfaces to the devices allowing 3rd party infrastructure to participate in Service Instantiation
Service Models written in Yang Abstract Service from underlying physical devices
23
25 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CPE Zero Touch Deployment (ZTD)
PnP Server
Transaction Database
(CDB)
Open PnP
Service Manager
Device Manager
Network Element Drivers
NSO
HTTPS PnP (CPE requests Day 0)
Virto
Associate Serial Number (SUDI) to CPE Device in the UI
2
• Pre-loaded with PnP profile
• Alternate use DHCP with Option 43
Day -1 Config 1
CPE Reaches out to PnP/NSO via HTTPS. PnP/NSO pushes down Day 0 Config, for Mgmt Tunnel
3 CPE is added to the CDB Device List.
4
FlexVPN Tunnel is setup to Mgmt-HUB. (NSO sends Day 1 Config through this Tunnel)
5
The appearance of the Device causes a Service Callback to Redeploy. CPE is associated with the Service and sends Day 1 Config
6
CPE
Mgmt-HUB
FlexVPN Mgmt Tunnel to Mgmt-HUB (NSO pushes Day 1)
CPE Day -1 pnp profile zero-touch transport https ipv4 <PNP-IP> port 443 remotecert XYZ
DMVPN Data Tunnel to ENT-HUB ASR
26 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VMS Elastic Service Controller
Confd
Service Monitor
Custom
DHCP
SNMP
Ganglia
Service Provisioning
Scale Up/Down
Elasticity
Custom
Day 0 Config
VM Provisioning & Configuration Module
VNS Bring-up & Initial Configuration Application. Multi-vendor Support.
Allows Modular Communication with NCS. Data Model Driven.
Affinity Rules and Scale Requirements for the VNF components
ESC uses multidimensional approach to VNF Monitoring/Restartability
Elastic Services Controller
Netconf
26
27 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
WAN
Nexus 9396
ASR 1000
UCS C220 M4
Production Nodes CSR, ASAv, WSAv etc
VMS Boot up Pod
Metapod Control Nodes (3) OS controllers, Ceph Mon VMS Control Nodes (3)
Service Interface, NSO, ESC, SA, IDM etc.
UCS C240 M4
UCS C220 M4
ISR 2901
28 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What VMS presents to operator and tenant
• A set of functions the SP can combine into offers
• A set of offers the tenant can combine into networks and network services
• Appropriate selection of transport for each site – Some sites IWAN – Some sites single internet access – Some sites remote access
• Appropriate selection and placement of VNFs – Some centrally – Some distributed
• VMS starts with canned offerings, and adds modularity over time
Thank you
29 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential