let’s talk about sd-wan – what is it really?...let’s talk about sd-wan – what is it really?...

Let’s talk about SD-WAN – What is it really? Options for Service Providers

October 2016

Bill Reilly, Product Manager– IWAN Product Management

Chris Lewis, Product Manager– Network Function Virtualization

2 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

What you will learn •  Where the industry currently is on SD-WAN

•  How we define SD-WAN and why

•  What it means for you, a Network Service Provider

•  How you can use this technology

•  Deep dive into our Cloud Intelligent WAN


Why are enterprises thinking about SD-WAN?

Have either 2 or 3 WAN connections/branch

70%

of Apps accessed via Internet

50%

Cite poor application performance and latency as

corporate WAN concern

48.6%

Cite management of connectivity at branch as a

challenge

32.4%

Source: IDC Worldwide SD-WAN Survey Special Report (May 2016) PSOCRS-2011 3


IT Priorities Focused on Business Outcomes

SD-WAN is expected to achieve all the above and a lot more….


Emerging WAN Core Drivers •  Hybrid WAN Cores Flexible transport Options

easily mix, add or change transport services – types and providers balance service level requirements and cost needs

•  Cloud First – applications and data can be anywhere Cost effective access to Private, Virtual Private and Public Clouds applications optimized to deliver the required user experience

•  Secure infrastructure Internal and provider networks are not trusted any more segmentation, data privacy, hardened against attacks, etc…

•  Carrier Neutral Facilities For direct peering with cloud and transport providers

•  Highly reliable infrastructure – now more than ever Outages impact revenue – 24x7x365, no downtime for maintenance…

•  Operational efficiency, automation – Simplify operations, PnP, Cloud Self managed, On-Prem Self managed, IWANaaS

Internet West

Region IWAN

East Region IWAN IWAN

Core

South Region IWAN

North Region IWAN

Public Cloud

vPrivate Cloud

Internet

Facebook Yahoo

YouTube,…

Private Cloud

Ent POP

Branch

vBranch

V

Cloud PoP

V V

Ent POP

Cloud POP


Cisco Digital Network Architecture Deliver DNA with Cisco IWAN

Cisco Intelligent WAN

Cloud Service Management

Automation

Analytics

Virtualization

Digital Network Architecture

Benefits

Automate with policies

Analytics with network insights

Physical and virtual platforms

Faster Innovation Reduce Cost & Complexity

Lower Risk & Meet Compliance


Separate Transport and Service •  CPE-to-CPE overlay enables separation of transport (underlay) and VPN service (overlay)

•  Routing in VPN service overlay environment should be almost trivial

CPE1

CPE2 CPE5

CPE3

CPE4

= Service aware

= Service unaware

IP or MPLS Transport Underlay

VPN Service Overlay

SDN Service Control

Transport Policy and Optimisation


Hybrid WAN: Leveraging the Internet Secure WAN Transport and Internet Access

Branch

MPLS (IP-VPN)

Internet

Private Cloud

Virtual Private Cloud

Public Cloud

Secure WAN transport for private and virtual private cloud access

Leverage local Internet path for public cloud and Internet access

Increased WAN transport capacity, cost effectively!

Improve application performance (right flows to right places)

Secure WAN Transport

Direct Internet Access

•  Secure WAN transport for private and virtual private cloud access

•  Leverage local Internet path for public cloud and Internet access

•  Increased WAN transport capacity; and cost effectively!

•  Improve application performance (right flows to right places)


SP Shared Services

IWAN Transport – Option1

P

P

Router 1

Router 2

Single network

MPLS

PE

Customer-A Branch

PE

PE

Router 3 Router 1

Router 2

Customer-A Transit/Hub Site

Cloud Service Node

DM

Z

IWAN Edge

Customer-A Branch

vBranch

BE

GA

NFV

Physical Platform

Microsoft Azure

Internet

Google AWS

Internet

Facebook Yahoo

YouTube,…

VPN Secure

GW VPN Secure

GW

BE

PE

PE

GA

BE

GA

GA – Guaranteed Access (SLA) BE – Best Effort, Broadband (No SLA)

Service Orchestration (NSO)

NFV Orchestration (ESC) PnP Server

SP Portal

Reporting LivingObjects


SP Shared Services

IWAN Transport – Option 2

Router 1

Router 2

MPLS

PE

Customer-A Branch

PE

PE

Router 3 Router 1

Router 2


Cloud Service Node

DM

Z

IWAN Edge

Customer-A Branch

vBranch

BE

GA

NFV

Physical Platform

Microsoft Azure

Internet

Google AWS

Internet

Facebook Yahoo

YouTube,…

BE

PE

PE

GA

BE

GA

GA – Guaranteed Access (SLA) BE – Best Effort, Broadband (No SLA)

INET

GATEWAY



SP Portal



SP Shared Services

IWAN Overlay

P

P

Router 1

Router 2

PE

DMVPN Overlay

MPLS

PE

PE

Customer-A Branch

PE

PE

Router 3 Router 1

Router 2


Cloud Service Node

DM

Z

IWAN Edge

Customer-A Branch

vBranch DMVPN MPLS

DMVPN INET

Microsoft Azure

Internet

Google AWS

Internet

Facebook Yahoo

YouTube,…



SP Portal



Identify Prioritize Accelerate

See 1000+ apps running on your network

Automate app priority based on business policies

Boost app performance

Securely on any connection or platform for all users

Cisco Intelligent WAN Application-centric SD-WAN


Ubiquitous Visibility Across Entire Network Make The Network Application-Aware

Intelligence & Insights Detect/Categorize 1000+ applications automatically

Application Categories Consumer Apps Voice and Video

File Sharing Business and Productivity Tools

Social Networking Software Updates Instant Messaging

Database Gaming

Browsing Email

72 48 36 31 28 24 19 17 12 9 8

Any user, device, wired or wireless

Facilitates trouble-shooting

No probes or additional HW

Browsing Consumer_apps Unknown Net-admin File-sharing Voice-and-video Other

“Cisco AVC also makes it easy to see if slow application performance is a result of client network delay or server network delay.”

“IT staff gain a 360-degree view of all devices, users, and applications from a single location.”


Business Priority based Intelligent Path Control Increase Application Availability

Route app path based on policies 3

Use Internet as the 2nd WAN 2

Set app rankings and policies 1 Business Relevant – High Priority

Business Irrelevant – Low Priority

Default – Medium Priority

Active-Standby Active-Active

Full utilization of ALL available

bandwidth

Improved application

performance

Lower operating costs

“I want my critical data and voice traffic moving over MPLS, because I have a service-level agreement with my MPLS provider and I can hold him accountable if there’s an outage or slowdown. PfR does that for me, while sending lower-priority traffic like web surfing to DMVPN.”


WAN Optimization and Content Caching Enhance the Application Experience

Mobile Apps

Guest WiFi

Video Conferencing

Digital Signage

Catalogs

On-demand Training

Enable Business Initiatives

Reduced Bandwidth

0 0

1

2

3

4

40

80

120

160

App Bandwidth App Latency

Bandwidth (Mbps)

Latency (ms)

Reduced Latency

Bandwidth with IWAN

Bandwidth natively

App latency natively

App latency with IWAN

Result: Louis Vuitton

80% Faster App Response Time

3x Greater Dwell Time

Accelerate applications

over any connection

Store content locally for

instant access

Optimize WAN bandwidth for

better ROI


Secure Applications and Data Protect the Branch and WAN

Secure Intelligent WAN

Secure any connections

Meet government and regulatory compliance

Secure traffic directly accessing the Internet

Comprehensive threat defense

Integrated, all-in-one

security platform

Scalability without compromising performance

Respond faster to threats and vulnerabilities

“Having the entire security suite at our fingertips has given us agility to enhance our toolbox on the fly. It’s been easy to manage, and we don’t need to worry about whether to add security elements when we order routers or firewalls; they just come included.”


What Is Cisco Virtual Managed Services? Automate services end to end

Create new services on demand

Simple, customized shopping portal

Modular tools to match your business

Easy to deploy and maintain

Seamless and highly secure cloud delivery

For enterprise and small business customers

Virtual Managed Services is a software solution platform that can enable a set of highly secure, cloud-based services solutions for automated delivery of business connectivity and applications services cost-effectively, seamlessly, and on demand to customers and partners, for amazing user experiences.


Functionality of the VMS platform VMS, a multi-tenant managed NFV services platform. For each tenant, and each service (e.g. IWAN) ...

•  Configure global service settings

•  Create and manage Service templates

•  Set per tenant parameters

•  Order the service •  Modify a service

instance •  Monitor service, site, device status

•  Monitor service-specific KPIs

•  Service provisioning notifications (e.g. started, failed, completed, ...)

•  Device provisioning notifications

•  Site provisioning notifications

•  Remote User-related notifications

User Persona for UI and APIs •  SP operator /

product engineer

•  Tenant administrator

•  Tenant user •  Trusted SP

application

VMS Platform

Service Pack Service Pack Service Pack


More about VMS outbound notifications 1.  Configurable to be Email (swivel

chair processing or REST&JSON) 2.  Notification can be disabled if not

consumed 3.  Notifications include

•  User Added (sample content in slide comment) •  User Updated •  User Deleted •  Device Added •  Device Deleted •  Device Registered with Serial Number •  Device Updated •  Device Only Purchase •  New Service •  Service Updated •  Service Provisioning Success

•  Service Unsubscribe •  Service Order Failure •  Service Activation Failure •  Service Update Failure •  Service Unsubscribe Failure •  Service Deprovisioning Success •  Service Deprovisioning Failure •  New Site Added


VMS can run fully standalone. Integration should be prioritized from business and operational efficiency point of view. Suggested prioritization:

Systems that VMS may be integrated with

Identity •  Setup operator and tenant users as federated users in VMS; automate the tenant creation in VMS from CRM

Order Entry •  SP sales team’s order entry system integrates with VMS via order API

App Store •  SP’s customer self-service ordering storefront integrates with VMS via order API

Self-Service Management Portal •  SP’s customer self-service management portal integrates with VMS via APIs and notifications

Service Assurance System •  SP’s assurance system/dashboard retrieves service status and metrics data from VMS via APIs and streaming

Incident Management •  SP’s incident management system to receive event notifications and automated ticket creation from VMS (future)


Browseable IWAN API documentation


CSR

ASAv ODL/VPP*

SDN Controller OVS

VMS Platform Architecture

Network Services Orchestrator (NFVO)

ESC Life Cycle Manager (VNF-M)

OpenStack Virtualization (VIM)

Infrastructure

UI

Physical

OSS/BSS

Customer Facing Services

Resource Facing Services

SS

H

SS

H

vapes WSAv

VNFs

IDM

Service Assurance

SA-API

Service Interface


Orchestration From instantiation to deployment

YANG Model

Instantiation for Site 1

Instantiation for Site 2

Combine with template Deliver via NETCONF Feed through NED

23


VMS Network Services Orchestrator

PnP Server

Transaction Database

Open PnP

Service Manager

Device Manager

Network Element Drivers

x86 Virtual

Service Model Service Model Service Model

Zero Touch Deployment

Open Method for ZTD Access

Supported by Netconf

Service Manager Interprets Service Intent with Service Instantiation Rules and derives configuration

Device Manager manages derived and validated configurations in a transaction manner towards infrastructure.

Network Element Drivers Abstract the interfaces to the devices allowing 3rd party infrastructure to participate in Service Instantiation

Service Models written in Yang Abstract Service from underlying physical devices

23


CPE Zero Touch Deployment (ZTD)

PnP Server

Transaction Database

(CDB)

Open PnP

Service Manager

Device Manager

Network Element Drivers

NSO

HTTPS PnP (CPE requests Day 0)

Virto

Associate Serial Number (SUDI) to CPE Device in the UI

2

•  Pre-loaded with PnP profile

•  Alternate use DHCP with Option 43

Day -1 Config 1

CPE Reaches out to PnP/NSO via HTTPS. PnP/NSO pushes down Day 0 Config, for Mgmt Tunnel

3 CPE is added to the CDB Device List.

4

FlexVPN Tunnel is setup to Mgmt-HUB. (NSO sends Day 1 Config through this Tunnel)

5

The appearance of the Device causes a Service Callback to Redeploy. CPE is associated with the Service and sends Day 1 Config

6

CPE

Mgmt-HUB

FlexVPN Mgmt Tunnel to Mgmt-HUB (NSO pushes Day 1)

CPE Day -1 pnp profile zero-touch transport https ipv4 <PNP-IP> port 443 remotecert XYZ

DMVPN Data Tunnel to ENT-HUB ASR


VMS Elastic Service Controller

Confd

Service Monitor

Custom

DHCP

SNMP

Ganglia

Service Provisioning

Scale Up/Down

Elasticity

Custom

Day 0 Config

VM Provisioning & Configuration Module

VNS Bring-up & Initial Configuration Application. Multi-vendor Support.

Allows Modular Communication with NCS. Data Model Driven.

Affinity Rules and Scale Requirements for the VNF components

ESC uses multidimensional approach to VNF Monitoring/Restartability

Elastic Services Controller

Netconf

26


WAN

Nexus 9396

ASR 1000

UCS C220 M4

Production Nodes CSR, ASAv, WSAv etc

VMS Boot up Pod

Metapod Control Nodes (3) OS controllers, Ceph Mon VMS Control Nodes (3)

Service Interface, NSO, ESC, SA, IDM etc.

UCS C240 M4

UCS C220 M4

ISR 2901


What VMS presents to operator and tenant

•  A set of functions the SP can combine into offers

•  A set of offers the tenant can combine into networks and network services

•  Appropriate selection of transport for each site –  Some sites IWAN –  Some sites single internet access –  Some sites remote access

•  Appropriate selection and placement of VNFs –  Some centrally –  Some distributed

•  VMS starts with canned offerings, and adds modularity over time

Thank you


let’s talk about sd-wan – what is it really?...let’s talk about sd-wan – what is it really?...

Documents