Cisco Confidential 1
Khay Kid Chow, Cisco Systems MyNOG-3 November, 2013
Cisco Confidential 2
• Network Evolution – Programmable Networks • Enabling Technologies – vPE and ESC • Service Provider Use Cases
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Person2Person
Person2Thing
Person2Thing
Thing2Thing
Centralized Decentralized Distributed
Net
wor
k Im
pact
Anytime, Anywhere, Anyone.. …and Anything
Programmable Device-Driven
Events =
Bandwidth +
Compute +
Control
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Programmable Triggers of Event- Driven Services (Adaptation Rates and Automation)
Bandwidth (Cost Reduction and Speed)
Multi-service Consumer/ Business Bundles (Prioritization and Agility)
Service Providers in the Central Role
Bits/ps Service Provider
Voice Video Data
Mobile
Service Provider
Smart Energy
Service Provider Smart Health
Smart Industry
Smart Homes
Smart Car
Smart Offices
Cisco Confidential 5
Technology Objectives
Make everything go faster, easier and more agile
• Configurable Networks • Orchestrated Networks
• Apps-aware networks • Network-aware apps
• Network interfaces
• Managed Networks
• Programmatic interfaces
• Automated Networks
Cisco Confidential 6
Application Software New Businesses
SaaS + Integration Operations BI
Infrastructure Software Management Orchestration
Analytics, Controllers
Embedded Software Core Business
Route, Switch, Appliance IOS, XR, NXOS, others…
Services Orchestration
Workflow and Intent
Programmability
Applications
Network
Network Intelligence, Guidance
Statistics, States, Objects and Events
Analytics Policy (Application + Network + Security)
Network Intelligent Applications
Cisco Confidential 7
Resource Orchestration, Management
Applications (End-User and System Applications)
Virtual and Physical Infrastructure
Programmatic Interfaces
Cisco Confidential 8
Applications (End-User and System Applications)
Controllers and Agents
Virtual/Overlay Networks
Platform APIs
Cisco Confidential 9
Application Frameworks, Management Systems, Controllers, ...
Device
Forwarding
Control
Network Services
Orchestration
Management
PCEP Ouantum OpenFlow Puppet Netconf OMI I2RS … onePK
OpenFlow
I2RS
PCEP
Ouantum
OMI Puppet Netconf …
IOS / XE NX-OS IOS-XR
onePK API & Agent Infrastructure Agent
Agent
Agent
Agent
Agent Agent Agent
Cisco Confidential 10
“End-to-End Dynamically Provisioning and Monitoring of Virtualised Services using a single point of configuration”
Router
Network Orchestration
DC Orchestration
Compute
Traffic from 1.1.1.1
“Route all traffic from IP 1.1.1.1 to an instance of the virtualised service
foo”
Virtual Service Instance Foo
Service VM
Service VM
Load Balancer
“Can you also monitor it for any end–to-end failures and take recovery action if/when
needed”
“Of course I’d also like the service to scale up and down
dynamically based on demand”
“And give me APIs to do all this programmatically”
“Can you make sure the network is also configured to
know about this service“
Cisco Confidential 11
What services ?
Where to run?
How to manage?
Cisco Confidential 12
vSwitch VSG vISE vASA
vWAAS vMSE vWLC Route Reflector
vNAM Video Cache
PRIME (NCS) vRouter
.. Many familiar network services functions have already been developed for virtualized implementations
Cisco Confidential 13
Attaching Compute to the Network
Compute with Openstack Service
VM kvm
OpenStack
OpenStack
Service VM
kvm
Compute with Openstack Service VM
kvm Service VM
kvm
OpenStack
OpenStack
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
Blade Service
VM kvm
OpenStack
Service VM
kvm
Cisco Confidential 14
Provision Virtual
Machine(s)
Provision Virtual
Network Monitor all
Components Configure Physical Network
Advertise Service (BGP)
Parse Service
XML
API calls out to the VM Orchestration Layer (eg.
Openstack, Vmware)
Configure Virtual
Machine(s) Pass the VM Configuration data to the VM at provisioning time (so it can self configure)
VM Orchestration system to create virtual network
(Openstack: Quantum/OVS)
Openstack Quantum plugins for Physical devices
BGP service advertiser to publish/withdraw network routes to the given service
Service Definition is an XML Document
Monitoring for each VM and the application within the VM
Cisco Confidential 15
Service Catalog and Workflow
Service Orchestration
VM/Storage Controller Network Controller
Orchestration
Infrastructure
Catalog
Physical Network Compute / Storage
Virtual Services Virtual Network
App
s
App
s
App
s
App
s
App
s
App
s
(4) VM &
Service Monitoring
(6) Events/ syslog
(2) Network Provisioning
ES
C
(5) Service Advertising via BGP
(1) Service Request
External Clients
(3) VM Provisioning
Cisco Confidential 16
Service
KVM
Service
KVM
Service
KVM
Openstack
Hypervisor (KVM)
Host OS (Linux)
<service-request> XML Document
Services Controller
KVM
Service
KVM
Service
KVM
SERVICE_NAME <request-id>
Service
KVM
Service
KVM
Service
KVM
✔ ✖
Service
KVM
Service
KVM
Service
KVM
1. <service-request> is generated and sent to the Services Controller which then creates the active VMs and hot-standby VMs
2. Service starts and reports application stats to the Service Controller STATUS=OK
3. Load increases and VMs are getting overloaded STATUS=OVERLOAD
4. Services Controller activates 3 of the “hot-standby” VM and adds them to the running service causing the load on all VMs to decrease below the threshold
5. The Services controller backfills the “hot standby” queue by booting 3 new VMs but not activating them
Standby VM Queue
Load Balancer
KVM
BGP
ganglia
Cisco Confidential 17
Connecting Users to Virtualized Services
Enterprises SMBs
Mobile Users
Home
GI-LAN | Consumer
DPI CGN WWW
FW CDN IPS
Virtual Private Cloud
NfV Services
DPI CPE WAAS
FW NAM IPS Service Provider
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Connecting Network SDN and Datacenter NFV Cloud Datacenter
Consumer
DPI CGN WWW
FW CDN IPS
Virtual Private Cloud
Enterprise NfV Services
DPI CPE WAAS
FW NAM IPS
SP NGN
SP Data Center
Guaranteed Network SLA Cloud SLA Service Chaining
vPE / VSOC / ElasLc Service Controller
WAN Controller
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Physical Network
DC Interconnect (e.g.: ASR 9000)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Physical Network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Physical Network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Physical Network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
xDSL
GPON
FTTX
Mobile
xDSL
GPON
FTTX
Mobile
xDSL
GPON
FTTX
Mobile
R2
R1
R1
R1
Technology and Design Innovation – decreasing time to revenue
Creating value with new Smart Cloud services § Business – Cloud IPVPN – self-service IPVPNs
Virtual Private Cloud - Bring Your Own Design Virtualized Security, Collaboration, Cloud CPE
§ Consumer – Virtual BRAS, DHCP Subscriber Routing Virtualized Video
§ Mobility – Virtual EPC, Gi Network Services ( vGiLAN )
Enabling new modes of operation § User-centric – self-service for control of own experience § Real-time – service creation, takes minutes instead of weeks § Automation – orchestration at scale for reduced OPEX § Virtualization – service agility, infra capacity reuse, fast TTM
(v)Switch (v)Router
Controllers
Hardware
HyperVisor
VM
VM
OS OS
Service Abstraction
Topology Abstraction
Control Plane
Data Plane
Control Plane
Data Plane
Programmatic API Virtual Overlay Network OS
Network Abstraction
Applications NMS
Control Abstraction
I/O Shelf
Router Optical Shelf
Driving Operational Simplicity through Virtualization of Physical Infrastructure
Cisco ONE SDN Cisco nV Cisco NFV, XRv, VIRL, Spirit
Cisco vPE
Cisco Confidential 25
x86 Server (e.g.. UCS)
Multi-core CPU Multi-core CPU Memory Storage NIC NIC …
Hypervisor (e.g. KVM QEMU, VMWare ESXi)
vSwitch (n1kv)
vSwitch (n1kv) …
…
VM
vMemory
virtual harddisk
vNIC
vCPU
vNIC …
Virtual
Appliance
vCPU
vMemory
virtual harddisk
vNIC
vCPU
vNIC …
VM
IOS-XRv 64-bit
IOS-XR (Spirit 64bit)
vCPU
vMemory
virtual harddisk
vNIC
vCPU
vNIC …
VM
NX-OSv
NX-OS
vCPU
vMemory
virtual harddisk
vNIC
vCPU
vNIC …
VM
IOS-XRv
IOS-XR (Classic)
vCPU
vMemory
virtual harddisk
vNIC
vCPU
vNIC …
VM
CSR1kv
IOS-XE
vMemory
virtual harddisk
vNIC
vCPU
vNIC …
VM
IOSv
IOS Classic
Cisco Confidential 26
Development Environment for Cisco ONE
• A multi-purpose network virtualization platform
• Virtual machines running the same operating systems as used on physical Cisco products: IOS, IOS-XR, NX-OS
• Virtual Machine orchestration capabilities enables creation of highly-accurate models of real-world or future networks – scales to thousands of virtual network devices
Cisco Confidential 27
Application Automation
WAN Orchestration
Elastic Services – Security aaS
1
2
3
Cisco Confidential 28
Business Objectives A market leader in IaaS and Availability Services (Back-up & Recovery)
Based in the U.S. and operating in 70 countries globally.
Availability and Continuity Automate, Streamline and Scale
Core Business
Monetization Platform Offer new, elastic services on demand
Provide infrastructure and systems on demand for Hybrid/VPC business models
1
Cisco Confidential 29
Customer Recovery Service Infrastructure
Secure Multi-Tenancy Fully Automated
Aggregation
Access Access Access Access Nexus3k Nexus3k
Aggregation Aggregation Aggregatiok onePK
onePK
Router Firewall/VPN Switches Storage X86 Servers Unix Servers Load-balancer
Orchestration
VPP Application
ONE Controller
Customer 1
Customer 2
100s of customers can on-board and test recovery services simultaneously.
Network Programmability builds a “network slice” per customer track usage and health per network slice
Customer Slice #2
Customer Slice #1
Virtual Patch Panel SDN Controller, OnePK, ESC, OpenStack
1
Cisco Confidential 30
WAN Optimization: Service Velocity
SDN Benefits
Customer Self-service: Enable customers to reserve bandwidth to onboard data and applications
Track Topology and State: Compute network paths to deliver best available connection Seamless Service Creation and WAN synchronization
Bandwidth Calendaring 2
Cisco Confidential 31
Bandwidth Calendaring
Packet Bandwidth Calendaring
Application
Bandwidth Orchestration
Data Collection
Network Programming
DC Service A
User / Requestor
1 BW Calendaring App provides UI to end user. End user requests connectivity between locations with BW requirement and calendar interval
Packet Topology and State information shared
2 WAN Orchestration controller collects topology, state and utilisation info from packet network
3a User requests connection with defined BW characteristics to DC service A from location attached to Router D for specific Calendar period
3b On behalf of user, BW Calendaring App requests a Network path to DC Service A from location attached to Router D
4 WAN Orchestration controller discovers available resources and calculates optimal path and returns result to the app
5 BW calendaring confirms request to end user and tracks reservation to ensure Service is available at the required Calendar interval
PCE & Demand Engineering, WAN Controller
2
Cisco Confidential 32
SDN Benefits
Example: Security as a Service 3
Security Threat Defense and Mitigation
Program Network to insert services where it makes the most sense
Services and Functions scale elastically with the network
Enable New Services
Optimal Deployment
Leverage Cloud
Cisco Confidential 33
Cloud orchestration
WAN
User / Requestor
Dynamic Scaling of Bandwidth and Services
Security Web FWs
NAC/Compliance DDoS Scrubbers
1 Request is made to instantiate Security Service at multiple DC/Cloud locations
2 ESC Requests Cloud Orchestration to spawn VM instances and network connectivity to run the Security service
3 ESC requests from WAN Orchestration network path to carry flows requiring Security services to nearest DC/Cloud
4 ESC monitors service instances and based on policy decides when to spin up additional capacity per service DDoS – As attack traffic increases spin up additional scrubbers in both DCs
Services Controller
Service Orchestration
ES
C
DC/Cloud #1
DC/Cloud #2
WAN orchestration
1 2
3
4
PCE & Demand Engineering, ESC, Openstack, NfV
3
Security Web FWs
NAC/Compliance DDoS Scrubbers
Cisco Confidential 34
• SDN: An evolutionary step for networking - Complement/Evolve the Network Control Plane where needed
• Centered around delivering open, programmable environment for real-world use cases
- No one-size-fits-all - APIs, Network Virtualization, Agents/Controllers - Joint evolution with industry and academia
• Technology-agnostic - Not predicated on a particular technology or standard - Draw from existing technologies and industry standards
• Delivered as incremental functionality - Many customers will use hybrid implementations - Build upon existing infrastructure with investment protection
Cisco Confidential 35