network hosted kernel virtual machine - security day 2017 · pdf filecisco apps (waas, snort...
TRANSCRIPT
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Motivation for Virtualization in the Branch
Physical Branch
Long, Expensive Roll-OutsUnder Utilization
Inflexibility
Virtualized Branch
Service AgilityEfficient Resource Utilization
Opex Savings
2
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Increase revenue by accelerating delivery of new and differentiated services
Provide on-demand service delivery through customer self-service portals
Reduce Op-Ex & time-to-service from months to weeks
NFV Benefits
Reduction of network elements to manage & deploy
Operational efficiencies through virtualization
Service Elasticity &Automated Network Operations
Deployment of best-of-breed
Reduce upfront Cap-ExImprove Asset Utilization
Enterprise Service Provider
3
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Levels of Network Function VirtualizationIntegrated Services• ISR4K + Service Containers (KVM/LXC)• Native ISR Services + NFV Flexibility• Reliability with Open Service Hosting
Integrated Services with Dedicated Server• ISR4K + UCS C/E Series• Native ISR Services + NFV Hardware• Separate Administration Domains
Fully Virtualized Branch• General Purpose X86 Compute• Full Service Virtualization• Best-of-Breed Service Options
4
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Native Process
•Very Tight Integration
•Best Performance
LXC•Strict Kernel Requirements
•Good performance with some security
Docker•Emerging Industry Standard
•Future Support
KVM•Any OS•Complete separation
•Linux host OS normally – Type 2 hypervisor
Type 1 Hypervisor
•Service Module Only
•VMWare, HyperV, Zen…
Application Hosting SpectrumDifferent models for different application needs.
6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Native Process
•Very Tight Integration
•Best Performance
LXC•Strict Kernel Requirements
•Good performance with some security
Docker•Emerging Industry Standard
•Future Support
KVM•Any OS•Complete separation
•Linux host OS normally – Type 2 hypervisor
Type 1 Hypervisor
•Service Module Only
•VMWare, HyperV, Zen…
Cisco Service ContainersLinux ContainersOpen Service ContainersApplication Hosting Spectrum
7
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What are Cisco platforms doing?
Support RPM package installation directly to the system.
IOS XR
Support for 3rd party LXC containers. Support for Guest Shell LXC. Future support for Docker containers.
Nexus OS
Open to any 3rd party or custom KVM application on routing platforms. Future plans for Docker support and alignment with IOX. Ultimate flexibility with UCS-E module.
IOS XE
IOX program provides an IOT focused “app store” for KVM applications and scripts as well as Fog Director GUI manager.
Classic IOS
8
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is a Service Container?Service Containers use virtualization technology (LXC and KVM) to provide a hosting environment on Cisco routers/switches for applications which may be developed and released independent of platform release cycles. Virtualized environment on a cisco device.
Use Case Cisco Virtual Services:• Work/Appliance Consolidation• Lightweight Application Hosting• Example: ISR4451X-WAAS
Use Case Third Party Services:• KVM Hosted Applications
Container
Network OS
Virtual Service
Service Containers
9
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Linux OS
KVM/LXC
IOS-XE Software Architecture
IOSdControl Plane
Cisco Apps (WAAS, Snort) Customer and 3rd Party Applications
Platform-Specific Data Plane AppNav
Internal Services Blade (UCS® E-Series)
External Services Blade (UCS)
Virtual Ethernet
10
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ISR 4400 Series Architecture
Control Plane (1 core) and Services
Plane (3 cores)
Data Plane (6 or 10 cores)
Multigigabit Fabric
FPGE
ISC
SM-X
NIMService Plane
(control plane CPU)
KVM - Hypervisor
Service Container
Service containers live here:75% CPU
IOS-XE25% CPU
11
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ISR 4300 Series Architecture
Service Plane (control plane CPU)
KVM - Hypervisor
Service Container
IOS
Service Container
Multigigabit Fabric
FPGE
ISC
SM-X
NIM
Data Plane Cores
Note:4321 uses 2DP, 1CP & 1SC cores
12
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco WAASImprove application performance and user experience
Virtual WAAS• Application acceleration from Private/Virtual Private Cloud• VMWare ESX/ESXi and UCSdeployments• Agile, elastic, multi-tenant deployment• vCM: common virtualized management for physical/virtual WAAS
ISR-WAAS on ISR 4K• Integrated on platform• Full Feature Parity• Software on-demand provisioning• No fork lift upgrade
WAAS Appliance• Application acceleration• Virtual blades in branch offices• Scalable platforms for range of deployments
13
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Introducing
Product Overview§ Open source intrusion prevention system for real-time traffic analysis § Lightweight threat defense for price sensitive customers§ Integrated in ISR 4K service container § IPS/IDS functionality with an IOS IPS look and feel
14
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Positioning IPS/IDS Solution for the WAN
ISR 4321Up to 50 Mbps
ISR 433160 – 140 Mbps
ISR 4351 75 – 170 Mbps
ISR 4451 115 – 270 Mbps
Regulatory/ PCI Compliance
Internet guest access
MSSP
Direct Internet access to partner sites or public cloud (i.e. Office365, Salesforce.com)
Full DIA
Full DIA
15
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
StealthWatch Learning Network-SLNHQISE
SCA
Branch 1Branch 2
DLAISR
DLAISR
Distributed Learning Agent
• Data collection. Netflow, DPI (control and data plane, local states)
• Analytics and Learning• Edge Mitigation
programmed/autonomous (police, shape, recolor, redirect) etc.)
• G2 -> UCS-E blade• 4K -> container-based
SLN Control Agent
• Orchestration and interaction with remote DLAs
• Advanced visualizations• Centralized policy
Secu
rity
Man
agem
ent
Priv
ate/
Publ
ic
Net
wor
kN
etw
ork
Edge
Admin
• Reputation• IoCs• ThreatGRID
PCAP/Honeypot
Context
ISE pxGrid
16
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Common KVM Use Cases
General purpose virtual machine with custom and open-source troubleshooting tools. (Wireshark, Speedtest, etc.)
Troubleshooting VM
Common network functions such as Print Server, Domain Controller, File Storage, etc.
Network Functions
Network Analysis and Application Performance Monitoring without a dedicated probe.
Analytics
Augment the capabilities of the host platform in some way. (Custom encryption, business-based routing, specialized API interface)
Device Customization
17
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ThousandEyesView Across Internal and External Networks
Hosting / SaaS Provider
3 App Delivery:Website, CDN, DNS, ISP
4 Internet Security: DNS, BGP, DDoS
EnterpriseAgents
Branch
Data Center
Internet
Consumers
Cloud Agent
1 Network Ops: WAN, VoIP, DCs
2 Cloud Migration:SaaS and IaaS
18
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ThousandEyesTroubleshoot, Monitor, Resolve
• Hop-by-hop path visualization from monitoring agents to cloud hosted or internal services
• Actively monitor and troubleshoot any network including branch offices, data centers
• Visualize network and application performance to detect trends and anomalies
19
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
STORAGE
POWER&COOLING
SERVERNETWORK
DATABASE
CLOUD
USEREXPERIENCE
APPLICATION
MONITOR
• PredictiveAnalytics
• SLACompliance
• Dashboards&
Reporting
• IntelligentAlerts
VIRTUALIZATION
BIG DATA MAINFRAME
Aunifiedviewandarchitecturetomanage
yourinternalandexternalinfrastructure.
CA Unified Infrastructure ManagementUnified IT Monitoring Providing Broad Coverage
20
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
CA Unified Infrastructure Management Multi-Site Deployment
Relay Hub
Servers w/ Robots
Relay Hub
Servers w/ Robots
Remote Site 2Remote Site 1
Primary Datacenter
Primary Hub
Secondary Hub
Data Repository
UNIFIED MONITORING OF PUBLIC AND PRIVATE IT ENVIRONMENTS
21
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
UIM Reference Architecture
KVMRelay Hub
KVMPolling Robot
ISR 4400/4300KVMRelay Hub
KVMPolling Robot
ISR 4400/4300KVMRelay Hub
KVMPolling Robot
ISR 4400/4300
Location 1 Location 2 Location 3
Servers w/Robots
Network Infrastructure
Servers w/Robots
Network Infrastructure
Servers w/Robots
Network Infrastructure
UIM CORE
UIM Portal
UIM DB
UIM Primary HUB
Recommended Probe Technologies included with ISR UIM OVAs:• CDM/RSP• SNMPC• UCS• URL Response• Net Connect• DNS Response• XenApp• e2e appmon
Virtual Image Requirements:• Relay Hub: 1 CPU – Quad
Core, 8GB Memory. Redhat/CentOS 6 or 7.
• Polling Robot: 1 CPU –Quad Core, 8GB Memory. Redhat/CentOS 6 or 7.
22
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Network Discovery, Operation and Management
• Open application built without any Cisco involvement.
• Terrific option for low-footprint branch management.
Ned.io – Open Source Service Containerhttp://www.nedi.ch/running-nedi-on-a-cisco-router/
23
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ISR4K Services Core SpecificationsPlatform Service Cores Speed
(GHz)Relative Compute
PowerMin Additional
DRAMMin Additional
SSDMin Additional
HDDISR4451(Gladden) 3 2 6P 4GB 200GB 1TB
ISR4431 (Gladden) 3 1 3P 4GB 200GB 1TB
ISR4351 (Rangeley) 3 2.4 3 P 4GB 50GB 1TB
ISR4331(Rangeley) 3 2.0 2.5 P 4GB 50GB 1TB
ISR4321 (Rangeley) 1 2.4 P 4GB 50GB 1TB
UCS-E NIM 4 1.6 2.6 P N/A N/A N/A
UCS-E EHWIC 2 1.6 1.3 P N/A N/A N/A
Normalize to Rangley 2.4 GHz core = 1PGladden 1GHz = Rangley 2.4 GHz
For YourReference
24
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What do I need to add to an ISR4K system?
• Service Containers (currently) REQUIRE additional DRAM beyond the 4GB system default• Additional DRAM beyond 4GB will be available to a KVM application
• Example: 8GB DRAM will have 4GB available to Service Containers• Example: 16GB DRAM will have 12GB available to Service Containers
Memory
• No storage is included by default and applications do not have access to bootflash.• Options include internal MSATA SSD on 4300 Series, NIM-SSD or NIM-HD on all ISR4K.• Smaller sizes and lower reliability SSD options at lower price will be available in CY15.
Storage
Note: ASR1K/CSR requirements will be different.25
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
NIM-SSD:
• 1 or 2 hot-swappable 200GB SSD drives
• 100GB and 400GB options
SSD-MSATA-50G & SSD-MSATA-200G :
• Doesn’t consume a NIM slot!
• Embedded 50GB/200GB SSD storage
• Not available on 4431/4451
Storage Options
26
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Unique Requirements for IOS XE Service Containers
• YAML (derived from LibVirt XML) header file(s) within the OVA• Outlines the resource requirements for the application so the system knows
what to do with it.• Memory, storage, CPU shares, CDROM ISO, etc.
• Properly formatted disk image• Supported formats are qcow2, raw and raw with Cisco capacity XML tag
• IDE virtio driver within the VM kernel for disk access• Optional TTY0 and TTY1 specification for console/aux connection
27
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• YAML Descriptor File Defining:• Number of VCPUs and Share of CPU cycles• Memory• Disks including size and source image if applicable• Virtual NICs• Console/Aux connectivity
• Disk Image – One or more disk image files. • ISO: Supported for read-only file systems like a CDROM.• RAW: Supported for read-write file systems.• QCOW2: Supported for read-write with compression. Longer initial install time but much
smaller disk images as a result of compression. Generally the recommended format for standard disk images.
• Manifest File – Simple text file with the SHA1 hash for all files in the OVA.
• Version File – Simple text file with application version number.
Mandatory Service Container OVA Contents
28
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Example YAML File
disk:- target dev: hdcfile: montavista.iso
- target dev: sdafile: kvm_storage_4000MB.imgupgrade-model: ha-sync
interfaces:- target-dev: net1alias: net1
- target-dev: net2type: management
serial:- serial- console
# Specify runtime and startupstartup:runtime: kvmboot-dev: cdrom
manifest-version: 1.0
info:name: kvm_prof_2description: "KVM Montavista Test Distroversion: 1.0author-name: Cisco Systems, Inc.author-link: "http://www.cisco.com"
app:# Indicate app type (vm, paas, lxc etc.,)apptype: vm
resources:cpu: 6memory: 262144vcpu: 1
App Info & Definition
Memory/CPU Reservation
Disk(s) Definition
Ethernet Interfaces
Serial Devices
Boot Details
29
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Example libvirt.xml File <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0' id='1'><name>ubuntuserver</name><uuid>cdc7b1e3-4a61-8452-98cd-2932f8d781da</uuid>
<memory>262144</memory><currentMemory>262144</currentMemory>
<vcpu>1</vcpu>
<os><type arch='x86_64' machine='pc-0.12'>hvm</type><bootdev='hd'/>
</os>
<features><acpi/><pae/>
</features><clock offset='localtime'/><on_poweroff>destroy</on_poweroff><on_reboot>restart</on_reboot><on_crash>destroy</on_crash>
<devices><emulator>/usr/bin/qemu-kvm</emulator>
<disk type='file' device='disk'><driver name='qemu' type='qcow2'/><source file='UbuntuServer.qcow2'/><target dev='hdb' bus='virtio'/><alias name='virtio-0-0-4'/><address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk><controller type='ide' index='0'>
<alias name='ide0'/><address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='network'><mac address='52:54:00:89:c4:96'/><source network='default'/><target dev='net1'/><model type='virtio'/><alias name='net1'/><address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='tcp'><source mode='bind' host='' service='4444'/><target port='0'/><protocol type='telnet'/><alias name='serial0'/>
</serial><serial type='tcp'>
<source mode='bind' host='' service='4445'/><target port='1'/><protocol type='telnet'/><alias name='serial1'/>
</serial><serial type='unix'>
<source mode='bind' path='syslog'/><target port='2'/><alias name='serial2'/>
</serial><serial type='unix'>
<source mode='bind' path='logger'/><target port='3'/><alias name='serial3'/>
</serial>
</devices><qemu:commandline><qemu:arg value='-cpu'/>
<qemu:arg value='host'/><qemu:arg value='-device'/><qemu:arg value='usb-tablet'/>
</qemu:commandline>
</domain>
Potential Security Holes
Same VM Definition as Previous Slide
30
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Useful Open Source Tools for Developers
virt-manager – GUI Linux tool for creating and managing VMs.qemu-img – Useful tool for converting disk images
Example: qemu-img convert -p -c -f raw -O qcow2 <raw.img> <qcow2.img> openssl – Generates manifest file.
Example: openssl sha1 *.qcow2 *.ver *.yaml > vm.mftar – An OVA is nothing more than a tar file with a fancy name.
Example: tar -cvf VM.ova vm.qcow2 platform.xml 4300.xml 4400.xml vm.mf
create_ova.sh – Cisco script to help build an ova in one step.
31
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Service Container Install/Monitor Commands
Virtual-Service Install/Monitor:ISR4K# virtual-service install name testapp package bootflash:testapp.ovaISR4K# show virtual-service listISR4K# show virtual-service detail name testappISR4K# virtual-service connect name testapp aux|console
Install an OVA to disk
Show current status including application install progress
Connect a virtual terminal to the application serial port (if supported)
32
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Service Container Configure & Activate Commands
Virtual-Service Configuration:virtual-servicesigning level unsigned!interface virtualportgroup 1ip address 10.0.0.1 255.255.255.0!virtual-service testappvnic gateway virtualportgroup 1guest ip address 10.0.0.2activate
New Global-Level Structure
Single command to disable signing
Up to 32 virtual interfaces to OVS
Application Instance Configuration
One or more interfaces per application
Optional guest interface configuration
Activate an installed & configured App
33
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Easy to use•Simplified application lifecycle management•Stand Alone UI or may be integrated into 3rd party applications restful APIs
Managing Application Resources•Tracks IOx resource utilization (CPU, Memory, BW)•Display per application and per device historical trends•Establish per application status frequency from the onboard agent
Manage Application Lifecycle•Stage the application image within the local application catalog•Push changes to end-points•Detailed application rollout tracking
Cisco Fog Director: App Life Cycle Management, App Management & Monitoring at Scale
34
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Fog Director: Application Dashboard
View of installed Apps
Instant status of Apps running
Resource consumption dashboard
Apps that are ready to deploy
Apps that have not cleared deployment
readiness yet
Enables management of application deployment to the edge devices at scale
35
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Fog Director: Application DashboardDrilling down on deployed applications
36
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Fog Director: Application Monitoring view
App Deployed on devices
Apps Success & Failure view
App Device monitor
Monitor deployed applications at scale
Apps resource monitor
37
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Fog Director: Trouble shootingDrilling down in to devices and application logs
38
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Fog Director: Device-centric Dashboard
Device Resource view
Last heard status
Device IP & Configuration
Device View and association
Adding new devices
BRKARC-2014 39
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Open Service Container Support Model
Linux OSKVM/LXC
IOSdControl Plane
WAAS Customer and 3rd
Party Applications
Platform-Specific Data Plane
Virtual Ethernet
Cisco Support: Call TAC and they’ll help you out.Third Party & Community Support:TAC will redirect you.
Cisco Devnet Provides:• Community support for developers
• Documentation• Developer Tools• Access to Cisco Engineers
• Sample open source VMs• Share open source projects• Examples from Cisco Engineers
40
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Future Development• RAM Disks – will allow apps with low storage requirements to keep their
disk images on bootflash• Default DRAM – Support for lightweight applications in default 4GB memory.• VM Configuration – User can overwrite the VM specifications from the YAML
file (CPU, DRAM, NICS, etc) through configuration commands.• Docker – Support standard Docker containers in addition to KVM.• Fog Director – Support the same app-store model and deployment GUI as
IOX applications in IOS XE 16.3.• VBO/NSO Orchestration – Integration with Elastic Service Controller and
NSO for consistent orchestration with other Cisco NFV products.• Layer 2 Redirect/Chaining – Bridging/Redirect from data plane interfaces as
well as L2 VLAN switching between Service Containers.
41
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco UCS E-Series DC-class Servers
Cisco® UCS E160D
§ Double-Wide Service Module§ VMware, Hyper-V,
Citrix certified§ Intel E5 6 core processor§ 96GB DRAM
Cisco UCS E180D
§ Double-Wide Service Module§ VMware, Hyper-V,
Citrix certified§ Intel E5 8 core processor§ 96GB DRAM
Cisco UCS® E140S
§ Service module§ VMware, Hyper-V,
Citrix certified§ Intel E3 4 core processor§ 16GB DRAM
Performance
Scal
abilit
y
Cisco UCS® E160S
§ Single-Wide Service module§ VMware, Hyper-V,
Citrix certified§ Intel Broadwell 6 core
processor§ 32GB DRAM§ USB 3.0 & 10Gb Interface
Intel Broadwell
Intel Ivy Bridge
Intel Ivy Bridge
Intel Ivy Bridge
43
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco UCS E-Series Network Compute EngineCompact, Multipurpose Blade Housed in 4000 Series ISR -Cisco UCS EN140N M2
Up to 8 GB RAM
Intel® Atom quad-core processor
One 2GB SD cardfor CIMC
50, 100, 200 GB mSATASSD options
Dedicated management port
One external Gigabit Ethernet port/ Two internal Gigabit Ethernet ports
KVM console connectorUSB 2.0 port for
external device connectivity
44
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco UCS E-Series Servers Support ModelHardware Support Provided by Cisco§ Cisco UCS® E-Series hardware supported under ISR G2 SMARTnet® at no additional cost§ Hypervisor and OS supported by hypervisor and OS vendor
ISR
Cisco® UCS E-Series Server Module
Hypervisor
§ Supported by Cisco SMARTnet
§ Attached to ISR G2
§ Supported by OS / hypervisor vendor
§ Purchased separately
45
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco 4000 Series ISR + UCS® E-Series
Cisco® UCS C-Series
Network Functions Virtualization Infrastructure Software (NFVIS)
Cisco Enterprise Service Automation (ESA) on APIC-EM
Introducing Cisco Enterprise NFVNetwork Services in Minutes, on Any Platform
Virtual Router(ISRv)
Virtual Firewall(ASAv)
Virtual WAN Optimization
(vWAAS)
Virtual Wireless LAN Controller
(vWLC)Third-Party VNFs
47
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Zero-touch deployment• Automated orchestration of platform and VNFs• Service chaining and licensing
• Health monitoring• Dynamic scaling of services• Operational SLA management
• Create standard profiles for different types of branches• Cisco® tested and validated designs• Embedded approval process and versioning
Automated Orchestration, Management, PolicyCisco Enterprise Service Automation (ESA)
48
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
LinksWAY MORE INFO:
What the Heck is a Service Container?http://cs.co/9001BnlDN
Fundamentals of Service Containers (Techwise Video)http://cs.co/9004BnlDA
Wireshark on the Catalyst 4500http://cs.co/9002BnlD4
Virtual Service Container Config Guide (NXOS &IOSXE)http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus/openflow/b_openflow_agent_nxos_1_3/Virtual_Services_Container.pdf
Dcloud demo platformhttp://dcloud.cisco.com
49
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
More Information Cisco DevNet
• Online community for developers• Direct access to Cisco Engineers and
Product Teams• Repository of how-to guides, best
practices and sample code• This will be the primary source for Service
Container information and sample OVAs• Due to Cisco support requirements, VMs will
not be posted to Cisco.com directly.• Keep an eye out for a Service Container
Hackathon with fabulous prizes!
50
https://developer.cisco.com/site/kvm
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ISR 4000 Series with Container
ISR 4000 Series with UCS-E ENCS 5400 Series
Architecture Embedded IOS-XE Container for light-weight applications Dedicated x86 blade server for applications Shared x86 platform for Routing &
hosted applications
Legacy WAN Multiple Multiple Single
4G / LTE Support Yes Yes Yes
TDM Voice Yes Yes No
Switch-ports 72 64 8
Routing Throughput 2 Gbps 2 Gbps 1 Gbps
Resources for Applications
CPU Cores 1-3 8 9
RAM 12 GB 96 GB 64 GB
Disk 800 GB 6 TB 4 TB disks +400 GB SSD
OS / Hypervisors IOS-XE with embedded KVM VMware ESXi, Microsoft HyperV & Citrix XenServer and more… NFVIS with embedded KVM
Product Specifications Comparison For YourReference
51
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise Networks Joins Customer Connection ProgramVirtual Customer User Group Program
52
19,000+Members
Strong
• Who can join: Cisco customers & partners
• Private online community to connect customers with peers & Cisco’s Enterprise Networking product teams
• Monthly technical & roadmap briefings via WebEx
• Opportunities to influence product direction
• New member thank you gift* & badge ribbon when you join in the Digital Arcade
• Other CCP tracks: Security & Collaboration
Join in World of SolutionsDigital Arcade à Customer Connection stand
Ø Learn about CCP and Join Ø New member thank-you gift*Ø Customer Connection Member badge ribbon
Join Onlinewww.cisco.com/go/ccp
Come to Digital Arcade to get your new member gift* and ribbon
* While supplies last
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Other Sessions
BRKARC-3001 Cisco Integrated Services Router - Architectural Overview Monday 1:30PM
BRKARC-3111 Deploying Cisco Smart Software Licensing Enabled Products Monday 1:30PM
LTRRST-3003 Dr. Evil's secret VIRL hands-on Lab Tuesday 1PM
BRKRST-2041 WAN Architectures and Design Principles Wednesday 8AM
BRKCRS-2006 Creating the Virtual Edge: Cisco Enterprise NFV Wednesday 8AM
BRKCRS-3447 Network Function Virtualization for Enterprise Networks Thursday 8AM
BRKARC-2091 Emerging Trends in Branch Office Architectures Thursday 10:30AM
BRKRST-3336 WAN Virtualization Using Over-the-Top (OTP) Thursday 10:30AM
53