network transformation and essential skills for next generation network engineers

Network Transformation and Essential Skills for Next Generation Network Engineers

Zahoor Khan, Manager Advanced Services

Imran Shahid, Solutions Integration Architect

BRKSPG-1000

(#11894)

(#11893)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Ayn Rand (1905-1982)

“You can avoid reality, but you cannot avoid the consequences of avoiding reality”

BRKSPG-1000 3


2003 2007 2010 2013 2015 2020

500M

Connected Devices

10B

25B

50Billion

550K1M

1.5M

2M

Certifications

5B

~5M

~10M

Internet Growth

Automation

Innovation

Education

The only way to scale is to Move our

2.2M certified professionals into these

evolving roles!

BRKSPG-1000 4

• What is Transforming and Why

• Components of Transformation and Related Skills

• Learning Roadmap

• Key Takeaways

Agenda


What Really is Transforming ?

• Connectivity Landscape

• Service Delivery Landscape

• Business Models

• Business Architecture

• Network Architecture

• Network Service Delivery

BRKSPG-1000 6


Transformations

• CLI to API

• Purpose built network device to virtualized network function (VNF)

• Closed systems to open systems. (x86 based)

• Manual to Automated Service Chaining

• Discrete to Integrated Service Assurance

• Waterfall to Agile methods

• Vendor Specific to Vendor Neutral Skillset. (OPEN)

A

P

ILC

L

O

S

D

E NPO

BRKSPG-1000 7

Components of Transformation


Components of Transformation

SDx (Software Defined Anything)

Network programmability

Virtualization of Network Services

Open Systems (Linux)

Auto

matio

n a

nd

Orc

hestra

tion

BRKSPG-1000 9

SDNQuick Overview


What is Software-Defined Networking?Many different things to many different people

Evolving SDN:

tackling strategic,

technology, and

operational

challenges

NETWORKWORLD

SDN revolution or evolution: Impact on the IT manager

Google revamps networks with OpenFlow

We share a more pragmatic view, noting Cisco (for example)

is likely to view SDN as a TAM expansion opportunity…

Deutsche Bank Research Note

“Jeda Networks

proposes yet another

software-defined

option for the data

center”

SDN

BRKSPG-1000 11


Software Defined Networking

Applications

Control Plane

Data Plane

Virtual

Physical

• In SDN, Not All Processing Happens Inside Device

• Decoupled Control and Data Planes

• Highly Centralized Control (aka SDN Controller)

• Greater application interaction with the network

• An opportunity to re-think the relationship between network hardware and software

SDN Definition (ONF): The physical separation of the

network control plane from the forwarding plane, and

where a control plane controls several devices.

Control Plane

Control Plane

DataPlaneDataPlane

BRKSPG-1000 12


Stanford University – Clean Slate Project

“…explore what kind of Internet we would design if we were to start with a

clean slate and 20-30 years of hindsight.”

http://cleanslate.stanford.edu

BRKSPG-1000 13

http://cleanslate.stanford.edu


Four Parts of OpenFlow

• Controller – resides on a server and provides control plane function for the network

• OpenFlow Agent – resides on a network devices and fulfill requests from the Controller

• Northbound APIs – enable applications to interface with the Controller

• OpenFlow Protocol – the Layer 2 protocol that the Controller and Agents use to communicate

BRKSPG-1000 14


ONF Board Members

Deutsche Telekom : Facebook :

Goldman Sachs : Yahoo

Google : Microsoft : NTT

Communications : Verizon

http://opennetworking.org

BRKSPG-1000 15

http://opennetworking.org


What Is Project Daylight?• …an open source project formed by industry leaders and others under the Linux

Foundation with the mutual goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common vendor supported framework.

• Focus: Customers with some programming resources that desire a free, community-supported SDN controller

Platinum Gold Silver

BRKSPG-1000 16


Cisco Open SDN Controller

BRKSPG-1000 18


Cisco’s Open SDN ControllerCisco’s Commercial Edition Of Open Daylight

“One-Click” Install

VMware ESXi and Oracle

Virtual Box hypervisor ready Pre-Installed Apps

• BGPLS Manager – visualises

network topology from BGP

database

• Inventory – augmented

OpenDaylight “Nodes” app identifies

all connected devices

• (YANG) Model Explorer – exposes

system models and previews JSON

API body

• OpenFlow Manager – manages,

visualises and troubleshoots flows +

previews JSON API body

• PCEP Manager – creates, modifies

and deletes MPLS LSPs

Centralised OA&M

Robust user, application and

feature administration

Status monitoring: system,

cluster, node

Event logging

Real-time CPU, memory,

disk, heap size, load and

network utilisation metrics

See also: http://www.cisco.com/c/en/us/products/cloud-systems-management/open-sdn-controller/index.html

BRKSPG-1000 19

http://www.cisco.com/c/en/us/products/cloud-systems-management/open-sdn-controller/index.html


SDX Central Use Case Categories

Network Access Control:

Campus NAC, Branch NAC,

M2M NAC, UC Optimization

Network Virtualization:

DC Virtualized Networks,

Campus/Branch Virtualized

Networks, DC Micro

Segmentation, NFaaS

Virtual Customer Edge:

Virtual CPE (on premise),

OTT vCPE (on premise),

Virtual CE (Telco),

Virtual CE (OTT)

Dynamic Interconnections:

BWoD, Virtual Private

Interconnect/Cloud Bursting,

Dynamic Enterprise VPN,

Multi-layer Optimization

Virtual Core and Aggregation:

vEPC, vIMS, vPE (inc vBNG

& vCMTS), GiLAN, Network

Virtualization (Mobile)

Data Center Optimization:

Big Data Optimization, Flow

optimization

Other (to capture other less common use cases not listed above)

BRKSPG-1000 20

Network Programmability


Web Servers

vLAN 666

L3

FW

SLBSSL

DB Servers

vLAN 111

vLAN 222

www www www

vLAN 444

App Servers

FW

SLB

app app

FW

db db

switch1(config)#switch1(config)# int eth 1/1

switch1(config)# switch mode acc

switch1(config)# switch acc vlan 666

switch1(config)# no shut

router(config)#router(config)# int eth 1

router(config)# ip add 6.6.6.1 255.255.255.0

router(config)# not shut

router(config)# int eth 2

router(config)# ip addr 1.1.1.1 255.255.255.0

router(config)# no shut

router(config)# router eigrp 100

router(config)# network 6.6.6.0 mask 255.255.255.0

router(config)# network 1.1.1.0 mask 255.255.255.0

router(config)# ip route 0.0.0.0 0.0.0.0 6.6.6.254

switch2(config)#switch2(config)# int eth 1/2 - 3




fw1(config)#fw1(config)# int eth 0/1

fw1(config)# nameif outside 0

fw1(config)# int eth 0/2

fw1(config)# nameif webfront 20

fw1(config)# object network webfront_vip

fw1(config)# host 6.6.6.6

fw1(config)# static (webfront,outside) 1.1.1.6

fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 80

fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 443

fw1(config)# access-group outside_web in interface outside





vLAN 333

switch4(config)#switch4(config)# int eth 1/6




switch4(config)# int eth 1/7 - 9




IDS/IPS

vLAN 555

IDS/IPS

vLAN 777





switch5(config)# int eth 1/11 - 15




switch5(config)# monitor session 1 source vlan 555

switch5(config)# monitor session 1 dest eth 1/16





switch6(config)# monitor session 1 source vlan 777

switch6(config)# monitor session 1 dest eth 1/20

slb1 (CONFIG) probe http http-probe

interval 30

expect status 200 200

rserver host websrvr1

description foo web server

ip address 3.3.3.1

inservice



ip address 3.3.3.2

inservice



ip address 3.3.3.3

inservice

serverfarm host FOOWEBFARM

probe http-probe

rserver websrvr1 80

inservice

rserver websrvr2 80

inservice

rserver websrvr3 80

inservice

crypto generate key 1024 fooyou.key

crypto csr-params testparms

country US

state California

locality San Jose

organization-name foo

organization-unit you

common-name www.fooyou.com

serial-number crisco123

crypto generate csr testparms fooyou.key

crypto import ftp 12.13.14.15 anonymous fooyou.cer

parameter-map type ssl SSL_PARAMETERS

cipher RSA_WITH_RC4_128_MD5

version TLS1

ssl-proxy service FOOWEB_SSL

key fooyou.key

cert fooyou.cer

class-map match-all FOOSSL_VIP_CLASS

2 match virtual-address 2.2.2.22 tcp eq https

policy-map type loadbalance first-match L7-SSL-MATCH

class L7_WEB

sticky-serverfarm sn_cookie

policy-map multi-match FOOWEB-VIP

class FOOWEB_VIP_CLASS

loadbalance vip inservice

loadbalance policy FOOWEB-MATCH

loadbalance vip icmp-reply

loadbalance vip advertise active

class FOOSSL_VIP_CLASS


loadbalance policy FOOSSL-MATCH



fw2(config)# nameif webfront 20


fw2(config)# nameif appfront 50

fw2(config)# object network appfarm_vip


fw2(config)# nat (appfront,webfront) static 4.4.4.4

fw2(config)# access-list web_to_app permit tcp any host 4.4.4.4 eq 8081slb2 (CONFIG)rserver host appsrvr1

description foo app server

ip address 5.5.5.1

inservice

rserver host appsrvr2


ip address 5.5.5.2

inservice

rserver host appsrvr3


ip address 5.5.5.3

inservice

serverfarm host FOOAPPFARM

probe http-probe

rserver appsrvr1 8081

inservice


inservice


inservice

class-map type http loadbalance match-any FOO_APP

2 match http virtual-address 4.4.4.44 tcp eq 8081

class-map match-all FOO_APP_VIP_CLASS

policy-map type loadbalance first-match FOO_APP-MATCH

class FOO_APP

sticky-serverfarm sn_cookie

policy-map multi-match FOO_APP-VIP

class FOO_APP_VIP_CLASS


loadbalance policy FOO_APP-MATCH



fw3(config)# nameif appfront 70


fw3(config)# nameif dbfront 90

fw3(config)# object network db_cluster


fw3(config)# nat (dbfront,appfront) static 5.5.5.50

fw3(config)# access-list web_to_app permit tcp any host 5.5.5.50 eq 1433

How We Deployed

Multi-Tier

Applications

In Data Center

Yesterday

BRKSPG-1000 22


Controller

Data Plane

Applications

Open APIs

OpenFlow,

PCEP,

I2RS,

Netconf

2a Pure SDN

Vendor

Specific

(e.g. Nexus

API)

Applications

Virtual Switch

Overlays

Overlay

Protocols

(e.g. VXLAN)

Open APIs

3 Overlays Networks

Control Plane

Data Plane

Overlays

Vendor-

specific APIs

Applications

1 Programmable APIs

Control Plane

Data Plane

Vendor

Specific

(e.g. Nexus

API)

Controller

Data Plane

Applications

Open APIs

OpenFlow,

PCEP,

I2RS,

Netconf

Control Plane

2b Hybrid SDN

Vendor

Specific

(e.g. Nexus

API)

Control Plane

Data Plane

CLI,

SNMP,

Netflow,

…

Applications(Network Mgmt,

Monitoring, …)

Network Programmability Options

BRKSPG-1000 23


Application Centric Infrastructure

DB DB

Web Web App Web App

Turnkey integrated solution with

security, centralized management,

compliance and scale

Automated application centric-policy

model with embedded security

Broad and deep ecosystem

Cisco Options for Data Center Programmability

Programmable Network

Modern NX-OS with enhanced

NX-APIs

DevOps toolset used for

Network Management

(Puppet, Chef, Ansible etc.)

Common NX-API

across N2K-N9K

Programmable Fabric

VxLAN-BGP EVPN

standard-based

3rd party controller support

Cisco VTS for software overlay

provisioning and management

across N2K-N9K

VTS

Creation Expansion

Fault MgmtReporting

Connection

BRKSPG-1000 24


Device Programmability Options – No Single Answer!Application Frameworks, Management Systems, Controllers, ...

Forwarding

Control

Network Services

Orchestration

Management

…

…

OpenFlow

OpenFlow

Operating Systems – IOS / NX-OS / IOS-XR

API and Data Models

OpenStack PuppetC/Java

Puppet

Neutron

“Protocols”BGP, PCEP,...

ProtocolsPython NETCONF REST ACI Fabric

OpFlex

RESTful

YANG JSON

BRKSPG-1000 25

Related Skills and Concepts


What is NETCONF?

• NETCONF is an IETF standard (RFC 6241) network management protocol. Provides:

• Distinction between configuration and state data

• Multiple configuration data stores (candidate, running, startup, Files://…)

• In Some cases Running Config may not be writable. (Capability Exchange)

• Configuration change transactions

• Selective data retrieval with filtering

• Event notifications

• Extensible remote procedure call mechanism

Startup Running Candidate Files… / URLs…

NETCONF Data Stores

BRKSPG-1000 27


NETCONF Transactions, Network-wide Transactions

Transaction support is a key NETCONF feature

Using the Candidate data store a NETCONF Manager can implement a network wide transaction.

• Send a configuration change to the candidate of each participating device

• Validate candidate

• If all participants are fine, tell all participating devices to commit changes

If satisfactory, commit. If not, drop the connection to the devices.

• Connection closed/lost is the NETCONF command for abort transaction

• All devices will roll back

North

East

West

Site A

Site B

BRKSPG-1000 28


NETCONF Protocol Stack Summary

• Config / Operational DataContent

• <get>, <get-config>, etcOperations

• <rpc>,<rpc-reply>Messages

• SSHTransport

BRKSPG-1000 29


NETCONF Encodes Everything In XML

<?xml version='1.0' encoding='UTF-8'?>

<rpc message-id="1001">

<get-config>

<source>

<running/>

</source>

</get-config>

</rpc>

eXtensible Markup Language • XML describes data

• <> delimit markup text (tags)

• Machine and human readable

• W3C Recommendation

• Self-descriptive

BRKSPG-1000 30


NETCONF References

• Tutorials:

• https://www.youtube.com/watch?v=Vr4kB1_6fLQ

• https://www.youtube.com/watch?v=xoPZO1N-x38

• Tools:

• Ncclient: https://github.com/leopoul/ncclient/

• Confd Netconf-console: http://www.tail-f.com/management-agent/

• References

• RFC 6241 https://tools.ietf.org/html/rfc6241

• RFC 6242 https://tools.ietf.org/html/rfc6242

BRKSPG-1000 31

https://www.youtube.com/watch?v=Vr4kB1_6fLQ

https://www.youtube.com/watch?v=xoPZO1N-x38

https://github.com/leopoul/ncclient/


Container

Leaf

Container

Leaf-List

Container

List

Leaf

Container Leaf Leaf Leaf-Ref

Leaf


Leaf


YANG Model Statements and Hierarchy

Leaf: single value of a defined type

Leaf-list: multiple values of the same type

List: multiple records containing at least one leaf (key) and an arbitrary hierarchy of other statements

Container: groups other statements; has no value

Leafref: is a reference to another leaf

RFC6020

BRKSPG-1000 32


YANG Is A Language

module ietf-interfaces {import ietf-yang-types {

prefix yang; }container interfaces {

list interface { key "name"; leaf name {

type string;}leaf enabled {

type boolean; default "true";

}…

Self-contained top-level hierarchy of nodes

Import or define data types

RFC7223

Edited for Brevity

Leaf nodes for simple data

Lists for sequence of entries

Containers group related nodes

BRKSPG-1000 33


YANG References

• Tutorials

• http://www.yang-central.org/twiki/bin/view/Main/YangTutorials

• https://www.youtube.com/watch?v=33VBb6N4yOY

• Tools

• Pyang (python) https://code.google.com/p/pyang/

• Commercial YANG browsers – MG-Soft, Segue Soft

• http://rob.sh/post/209 (pyangbind)

• References

• RFC 6020 (YANG) : http://tools.ietf.org/html/rfc6020

• RFC 7223 (Interface Model) http://www.ietf.org/rfc/rfc7223.txt

• https://github.com/YangModels/yang/tree/master/experimental/openconfig (OpenConfig)

• https://github.com/YangModels/yang/tree/master/vendor/cisco (Cisco)

BRKSPG-1000 34

https://code.google.com/p/pyang/

http://rob.sh/post/209

http://tools.ietf.org/html/rfc6020

http://www.ietf.org/rfc/rfc7223.txt

https://github.com/YangModels/yang/tree/master/experimental/openconfig

https://github.com/YangModels/yang/tree/master/vendor/cisco


REST Follows a Familiar Model

HTTP GET

HTML

Describes how data should

be displayed to please

human viewer

HTTP GET

JSON/XML

Describes data in a format

applications can understand

{"ids":[303776224, 19449911, 607032789,

86544242, 2506725913, 17631389],

"next_cursor":0, "next_cursor_str":"0",

"previous_cursor":0, "previous_cursor_str":"0"}

Web Browsing REST API

GET POST PUT DELETE

BRKSPG-1000 35


JSON VS XML{

"firstName": "John",

"lastName": "Smith",

"age": 25,

"address": {

"streetAddress": "21 2nd Street",

"city": "New York",

"state": "NY",

"postalCode": "10021"

},

"phoneNumber": [

{

"type": "home",

"number": "212 555-1234"

},

{

"type": "fax",

"number": "646 555-4567"

}

],

"gender": {

"type": "male"

}

}

<person>

<firstName>John</firstName>

<lastName>Smith</lastName>

<age>25</age>

<address>

<streetAddress>21 2nd Street</streetAddress>

<city>New York</city>

<state>NY</state>

<postalCode>10021</postalCode>

</address>

<phoneNumbers>

<phoneNumber>

<type>home</type>

<number>212 555-1234</number>

</phoneNumber>

<phoneNumber>

<type>fax</type>

<number>646 555-4567</number>

</phoneNumber>

</phoneNumbers>

<gender>

<type>male</type>

</gender>

</person>

BRKSPG-1000 36


This is a RESTful API. Try It Yourself!https://restcountries.eu/

JSON• JavaScript Object Notation

• Language independent data format

• Light-weight, open standard, human

readable

• Compact alternative to XML

• RFC 4627

XML Formatted

<CUSTOMER

xmlns:xlink="http://www.w3.org/1999/xlink">

<ID>4</ID>

<FIRSTNAME>Sylvia</FIRSTNAME>

<LASTNAME>Ringer</LASTNAME>

<STREET>365 College Av.</STREET>

<CITY>Dallas</CITY>

</CUSTOMER>

BRKSPG-1000 37


REST: Coming Soon to a Device Near You?

CSR1kV in 3.10S, RSP2 in XE 3.16

ASR1001-X, ASR1002-X in XE 3.14S

ASA 5500-X/ASAv v1.0 Dec14,FP9300 ASA Module v1.2 March15

Support Features are evolving

BRKSPG-1000 38


Alike: Both Send/Receive JSON

REST (CSR 1000v) JSON-RPC (N7K NX-API)

BRKSPG-1000 39


Git

• Git is much different than your typical revision control systems, such as perforce , RCS, etc.

• Non Git version control systems store information as a list of file-based changes

• Git stores changes as snapshots of a miniature file system

BRKSPG-1000 40


GitHub

• GitHub is a web-based Git repository hosting service

• It is a powerful collaboration, code review and code management hub

• Hosting public projects are free whereas private projects cost money

• Huge repository of open source projects are available at GitHub

BRKSPG-1000 41


Resources

https://developer.cisco.com/site/devnet/learningLabs/overview.gsp

https://developer.cisco.com/site/devnet/home/index.gsp

http://www.sdnskills.com/learn/devnet01/

BRKSPG-1000 42

https://developer.cisco.com/site/devnet/home/index.gsp

Virtualization of Network Services


Logical “switch” devices overlay

the physical network

Underlying physical network carries

data traffic for overlay network

They define their own topology

Overlay 101

BRKSPG-1000 44


Overlay Network with Virtual Switch

BRKSPG-1000 45


VXLAN Tunnels Provide Transport Between VSwitch

BRKSPG-1000 46


Neutron is used to

help manage the

overlay (virtual)

networks

This is one linkage

between

SDN and OpenStack

BRKSPG-1000 47


Network Functions Virtualization: Why, How, When?

Disaggregation of

Network Functions from

the underlying Hardware

Network Functions running inside VM on

x86 Server Platform (Virtual Network Functions)

NAT

VM

Firewall

VM

SBC

VM

dDOS

VM

Virus Scan VM

IPS

VM

DPI

VM

CGN

VM

Portal

VM

PCRF

VM

DNS

VM

DHCP

VM

BRAS

VM

SDN Control

VM

RaaS

VM

WLC

VM

WAAS

VM

CDN

VM

Caching

VM

NMS

VM

Hardware

(x86 Server)

Cloud Operating

System

Virtual Network

Functions

Existing Hardware / Appliance

based Network Functions (PNFs)

Hardware

(ASIC/NPU/GPU)

Operating System

Apps

(e.g. Routing)

How?Why?

• Hypervisor & cloud technology

• Improving x86 h/w performance

• SDN based orchestration

• Speed and Agility

• Monetization with new services

• Reduced total cost of ownership

When?

• Performance Requirements

• Physical Design Requirements

• Economics of on-boarding

Depends On

Purpose built appliances

BRKSPG-1000 48


ETSI NFV Reference Architecture

(MANO)

Virtualized Network

Function, actual NF

application (ex. vFR,

vCPE,vLB)

Traditional Element

Manager

Virtualisation layer,

Server (hypervisor),

Network, Storage

Physical

hardware

Resource Mgr,

Operations

Lifecycle mgmt for

VNFs (upgrade, scale,

termination, etc.)

Orchestration of

overall solutionDeployment templates,

forwarding graph, service-

related information

OSS (CMDB, Monitoring,

Alarming,

IPAM/DNS/DHCP)

BSS (CRM, Billing, Order

Mgmt)

BRKSPG-1000 49


VMware ONOS

VNF

Manager

Service, VNF and

Infrastructure

Description

Service Catalog

Cisco Network Services Orchestrator (Based on Tail-F NCS)

VNF Library (sample list)

SP’s Existing

OSS/Catalog

OpenStack

CSR1kvCSR1kvCSR1kv

NFF

3rd Party

vNFASAvASAvASAv

QvPC SIQvPC SIvWAAS

QvPC DIQvPC DIvWSA

Virtual Infra.

Managers (VIM)

NFV

Orchestrator

Service Lifecycle

ManagementService Provisioning

ODLCisco APIC, VTS

(Compute and Storage VIMs)

OpenStack

Heat

Cisco VNF Manager

REST API

Virtual

Network

(Network VIMs)

Service Lifecycle Management

(ESC)

OVS

Cisco VTF, VPP, AVS

Sample Products Mapped to ETSI NFV

BRKSPG-1000 50


Cisco SDN Strategy for SPs

Service-Intent API

Orchestration, Service & Policy Implementation

Branch/CPE

Control

DC & NFV

Control

Multi-layer WAN

SDNEMS/NMS

CLI/

SNMP

SDN / APIs

Openstack /

vCenterOpenflowPCEP

Segment

Routing

NETCONF

/ YANGBGP

BSS

OSS (Fulfillment & Assurance)

Multi Vendor End to End Management & Orchestration(Physical & Virtual)

Metro and Access WAN Data CentreCPE

• Management Plane: Programmable

Platforms and Network Operating

Systems

• Control Plane: Distributed Intelligence

with Centralised Control

• Data Plane: Custom, Merchant, and

Virtualised portfolio, MPLS forwarding

• Orchestration: Multi-domain and

Multi-layer, and Model driven

• E2E service lifecycle, and customer

experience focus

• Seamless integration with existing and

future OSS/BSS environment

• Modular architecture leveraging open

APIs and standard protocols

• Commitment to Open Standards and

Open Source

BRKSPG-1000 51


Cisco SDN Strategy for SPs

Service-Intent API

Orchestration, Service & Policy Implementation

Branch/CPE

Control

CLI/

SNMP

SDN / APIs

Openstack /

vCenterOpenflowPCEP

Segment

Routing

Netconf/

YANGBGP

BSS

OSS (Fulfillment & Assurance)

Multi Vendor End to End Management & Orchestration(Physical & Virtual)

Metro and Access WAN Data CentreCPE

Programmable Cisco Routers, Switches, Optical, Servers and Virtual Network Functions

DC & NFV

Control

Multi-layer WAN

SDNEMS/NMS

Cisco Network Services Orchestrator(enabled by Tail-F)

Cisco WAN Automation Engine (powered by ODL)

Cisco Virtual Topology System

Cisco OpenSDN Controller

• Management Plane: Programmable

Platforms and Network Operating

Systems

• Control Plane: Distributed Intelligence

with Centralised Control

• Data Plane: Custom, Merchant, and

Virtualised portfolio, MPLS forwarding

• Orchestration: Multi-domain and

Multi-layer, and Model driven

• E2E service lifecycle, and customer

experience focus

• Seamless integration with existing and

future OSS/BSS environment

• Modular architecture leveraging open

APIs and standard protocols

• Commitment to Open Standards and

Open Source

NETCONF

/ YANG

BRKSPG-1000 52


Cisco Cloud Services Router (CSR) 1000VCisco IOS Software in Virtual Form-Factor

Server

Hypervisor

Virtual Switch

OS

App

OS

App

CSR 1000V IOS XE Cloud Edition

• Selected features of IOS XE based on targeted use cases

Infrastructure Agnostic

• Not tied to any server or vSwitch, supports ESXi, KVM, Xen, AMI

Throughput Elasticity

• Delivers 10 Mbps to 10 Gbps throughput, consumes 1 to 8 vCPU

Multiple Licensing Models

• Term, Perpetual, Hourly

Programmability

• RESTful APIs for automated management

Enterprise-class Networking with Rapid Deployment and Flexibility

BRKSPG-1000 53


• Virtualized ASR 9000 router including:

– 64-bit Linux kernel with KVM and Container based virtualization for control plane

– High performance, feature rich data plane based on x86 optimized code base

• 20Gbps+ Forwarder with features for IMIX traffic (with 8 core socket)

– i.e. 2×10GE ports at line rate

– Multi-core scale-out for feature performance

– Multi-socket scale out for control plane

– x86-optimised emulated HW assists (QOS traffic manager, SW TCAM, PLU, Packet Replication)

• Available since July 2015

– Hypervisor support includes Red Hat KVM, Ubuntu KVM and VMware ESXi (more to follow)

– Operates as single VM → Linux containers used for data, control and admin planes

– VM creation and deployment: OpenStack, VMware vCenter and VMware vCloud Director

IOS XRv 9000

BRKSPG-1000 54


Network Virtualization Essentials

• OVS (Open vSwitch) OVSDB, Nexus1000v

• VXLAN, MP-BGP, EVPN

• DPDK

• Using Openstack

• ONOS

• iWAN / SD-WAN

• Segment Routing

• Path Computation Element Routing PCEP

• vCPE

BRKSPG-1000 56


Open vSwitch

BRKSPG-1000 57


• DPDK is an Open Source BSD licensed project.

• DPDK is a set of libraries and drivers for fast packet processing.

• It was designed to run on any processors knowing Intel x86 has been the first CPU to be supported.

• DPDK is not a networking stack and does not provide functions such as Layer-3 forwarding, IPsec, firewalling, etc.

DPDK: Data Plane Development Kit

Sources: www.dpdk.org, DPDK Summit (Sept. 2014)

BRKSPG-1000 58

http://www.dpdk.org/


• IP/MPLS architecture that seeks the right balance between distributed intelligence and centralized optimization and programming

• Drastic reduction of control-plane and hardware state

• Better utilization of the installed infrastructure

• Wide applicability: DC, WAN, Metro, Peering (end-to-end)

• An architecture designed with SDN in mind

• Unleash application-network innovation

• Open IETF proposed standard (SPRING working group)

Segment Routing

www.segment-routing.net

BRKSPG-1000 59


Segment Routing

• Distributed routing protocol used to compute shortest (or best) paths and advertise segments

• Segments identify forwarding resources within the topology and are encoded as labels

• Global segments: nodes / prefixes

• Local segments: peers, output interfaces

• Central SDN controller chooses explicit paths for flows and programs source (border router, VM, application) with forwarding policies (i.e., match flow → push segments / label stack)

• Downstream nodes switch based on label stack without carrying any per-flow state (reuses MPLS data plane)

• Implementations: IOS XR, IOS XE, NX-OS, WAE

4 5

3

6 7

AS2

2

1AS1

pkt

16007

16003

16002

SDNControl

BGP-LS

PCEPNETCONF/YANGOpenFlowCLI/XML

BRKSPG-1000 60


Path Computation Element Protocol (PCEP)

• Used between head-end router and PCE to:

• Request/receive path from PCE subject to constraints

• State synchronization between PCE and router

• Hybrid CSPF

• Two current modes based on Stateful PCE initiative:

• PCE Initiated: App + PCE initiate tunnel setup

• LSP Delegation: router initiates tunnel setup (e.g. via CLI or NMS) then delegates tunnel management to PCE

• Implementations

• IOS XR 5.1.1, WAE, Open Daylight

4 5

3

6 7

AS2

2

1AS1

PCE

PCEP

BRKSPG-1000 61


• Base specification defined in IETF RFC 5575

• Various extensions defined in other IETF documents (see IDR working group docs)

• Provides the following key capabilities:

1. Distribute ACLs via BGP, thereby, enabling rapid inter-domain distribution of flow-based traffic filters at large-scale (network wide)

2. Flow-based traffic redirection, for example, to traffic scrubber for DDoS mitigation

• Open Daylight Lithium release will support origination of BGP Flowspec rules

• Recent Cisco contribution

• Enables centralized policy engine to dynamically program network wide traffic filtering and steering policies via Open Daylight SDN controller REST interface

• Facilitates SDN-based DDoS mitigation

• Implementations: IOS XR 5.2.0, IOS XE 3.15S, Open Daylight (Lithium)

BGP Flow Specification (aka Flowspec)

BRKSPG-1000 62


• Allows BGP to push IGP topology (LSDB) and resource utilization up to central SDN controller

• New link state address family

• BGP provides a familiar operational model to aggregate topology information across domains

• Multi-hop sessions

• Need at minimum single BGP-LS speaker per domain

• Topology information distributed from IGP into BGP (only if changed)

• Implementations

• IOS XR 5.1.1, WAE, Open Daylight

Domain 1 Domain 2

Domain 0

BGP-LS

BGP-LS BGP-LS

RR

BGP Link State (BGP-LS)

SDNControl

BRKSPG-1000 63


VXLAN Overview

Introducing VXLAN

• Traditionally VLAN is expressed over 12 bits (802.1Q tag)

• Limits the maximum number of segments in a Data Centre to 4096 VLANs

• VXLAN leverages the VNI field with a total address space of 24 bits

• Support of ~16M segments

• The VXLAN Network Identifier (VNI/VNID) is part of the VXLAN Header

Cisco DFA

Frame

VXLAN

Frame

Classical Ethernet Frame

CRC (new)

VxLAN (8)

UDP (8)

IP (20)

Original CE Frame 50 bytes

Outer MAC (14)

VNI

DMAC SMAC 802.1Q Etype CRC Payload

DMAC SMAC 802.1Q optional

Etype Payload

ags

8 bits 24 bits 8 bits 24 bits

Reserved Reserved VNI

VNI

BRKSPG-1000 64


VXLAN Frame FormatMAC-in-IP Encapsulation

Un

de

rlay

Outer IP Header

Outer MAC Header

UDP Header

VXLAN Header

Original Layer-2 Frame Ove

rlay

14 Bytes

(4 Bytes Optional)

Ether Type

0x0800

VLAN ID

Tag

VLAN Type

0x8100

Src. MAC Address

Dest. MAC Address 48

48

16

16

16

20 Bytes

Dest. IP

Source IP

Header

Checksum

Protocol 0x11 (UDP)

IP Header

Misc. Data72

8

16

32

32

8 Bytes

Checksum 0x0000

UDP Length

VXLAN Port

Source

Port16

16

16

16

8 Bytes

Reserved

VNI

Reserved

VXLAN Flags

RRRRIRRR8

24

24

8

Src VTEP MAC Address

Next-Hop MAC Address

Src and Dst

addresses of the

VTEPs

Allows for 16M

possible

Segments

UDP 4789

Hash of the inner L2/L3/L4 headers of

the original frame.

Enables entropy for ECMP Load

balancing in the Network.

50 (

54)

Byte

s o

f O

ve

rhe

ad

BRKSPG-1000 65


IP Interface

IP Interface

Edge Device

Edge Device

Edge Device

Edge Device

Edge Device

Edge Device

Local LAN

Segment

Local LAN

Segment

Physical Servers

Virtual Servers

VXLAN Taxonomy (1)

BRKSPG-1000 66


Local LAN

Segment

Local LAN

Segment

Physical Servers

Virtual Servers

VTEP

VTEP

VTEP

VTEP

VTEP

VTEP

VXLAN Taxonomy (2)

VTEP: VXLAN Tunnel End-PointVNI/VNID: VXLAN Network Identifier

BRKSPG-1000 67


EVPN – Ethernet VPN

Control-

PlaneEVPN MP-BGP - RFC 7432

Data-

Plane

Multi-Protocol Label Switching

(MPLS)draft-ietf-l2vpn-evpn

Provider Backbone Bridges

(PBB)draft-ietf-l2vpn-pbb-evpn

Network Virtualisation Overlay

(NVO)draft-ietf-bess-evpn-overlay

EVPN over NVO Tunnels (ie VXLAN) for Data Centre Fabric encapsulations

Provides Layer-2 and Layer-3 Overlays over simple IP Networks

BRKSPG-1000 68

Open Systems (Linux)


Why Linux is Essential for Network Engineers

BRKSPG-1000 70


Popular Linux Distributions

• Red Hat Enterprise Linux

• Red Hat’s official commercial distribution of Linux for training, services, and support.

• It works closely with emerging platforms such as OpenStack.

• Red Hat is paid support for production.

BRKSPG-1000 71


Linux Shells

• There are various flavors of Linux shells out there. Some of the more common ones are:

• bash – Bourne Again Shell

• sh – Bourne Shell

• csh – C shell

• tcsh – TENEX C Shell

• As soon as a Linux users logs into a system, the user will have a default shell prompt. Default shell type is defined in users .login file

BRKSPG-1000 72


Accessing Linux in Nexus 9000

• Prerequisite – enable the bash-shell featuren9k1(config)#feature bash-shell

• Start using Linux!n9k1(config)#run bash

BRKSPG-1000 73


Linux Essential skills to know

• File System Structure and Navigation

• File Permissions

• Viewing file contents (start, end, sort, find)

• Text editor

• nmap, netstat, traceroute, ifconfig, route

• Iptables, Linux bridge

• Package management

BRKSPG-1000 74

Linux Security

• Linux Security Practices


Minimize Packages to Minimize Vulnerability

• Find and remove or disable unwanted services from the server to minimize vulnerability.

• Use the ‘chkconfig‘ command to find out services which are running on runlevel 3.

# chkconfig serviceName off

• Use the RPM package manager such as “yum” or “apt-get” tools to list and remove installed packages

# yum –y remove package-name

# sudo apt-get remove package-name

BRKSPG-1000 76


Check Listening Network Ports

• With the help of ‘netstat‘ networking command you can view all open ports and associated programs.

• Use ‘chkconfig‘ command to disable all unwanted network services from the system.

Example:

netstat -tulpn

BRKSPG-1000 77


Secure Shell (SSH) Common Implementation Practices

• SSH is a secure protocol that use encryption technology during communication with server.

• Use “sudo” to execute commands.

• sudo are specified in /etc/sudoers file

• can be edited with the “visudo” utility which opens in VI editor.

• Modify # vi /etc/ssh/sshd_config to:

• Disable root Login

• Only allow Specific Users

• Use SSH Protocol 2 Version

BRKSPG-1000 78


Security Monitoring & Management

• Setup tripwire to monitor system file integrity and to audit changes.

• Setup and implement log file rotation policies.

• Setup a central syslog server (syslog-ng)

• Use a log analyzer, such as logcheck.

• Setup a monitoring system using Nagios or Argus on your network.

BRKSPG-1000 79


Define Containers

An isolated, resource controlled application environment.

An individual Linux-based runtime environment

Infrastructure embedded containers

Virtual infrastructure environments -- Cisco Virtual Application Container Services (VACS) application environments

Container Perspectives

- App Container – means to encapsulate

and deploy a software component and all

its dependencies

- OS Container – Light weight virtual

machine

Kernel Features enabling Containers:

Isolation by namespaces

Resource Limits by control groups (cgroups)

BRKSPG-1000 80


Why containers• Cloud Native Applications

• Run in cloud computing environments

• Infrastructure agnostic

• Application components designed as

relatively simple, discoverable, re-useable

services such as microservices.

• The Unix philosophy is to write small,

single-purpose tools that can be

composed together (in pipelines, via

scripts, etc.) to build larger solutions.

Monolithic Apps Cloud Native

Apps

server / hypervisor,

IaaS

server clusters,

containers

difficult to scale easy to scale

high impact to

component

failure

built for failure,

system resilience

challenging to

upgrade

easy to upgrade

larger dev and ops

teams

smaller, agile

devops teams

BRKSPG-1000 81


Containers are almost like Virtual Machines

• Linux Containers (LXC) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a single control host (LXC host).

• Containers have their own network interface (and IP address)• Can be bridged, routed... just like with Xen, KVM etc.

• Containers have their own file system• For example a Debian host can run Fedora container (and vice-versa)

• Security: Containers are isolated from each other• Two containers can't harm (or even see) each other

• Resource Control: Containers are isolated and can have dedicated resources

• Cisco support for containers come as “virtual service nodes”

• Cisco Nexus 9000 supports containers for extending the Linux tools available on the switch as well as

for running agents such as Puppet & Chef

BRKSPG-1000 82


Hypervisors vs. Containers

Hardware

Operating System

Hypervisor

Virtual Machine

Operating

System

Bins / libs

App App

Virtual Machine

Operating

System

Bins / libs

App App

Hardware

Hypervisor

Virtual Machine

Operating

System

Bins / libs

App App

Virtual Machine

Operating

System

Bins / libs

App App

Hardware

Operating System

Container

Bins / libs

App App

Container

Bins / libs

App App

Type 1 Hypervisor Type 2 Hypervisor Linux Containers

Containers are isolated,

but share OS and, where

appropriate, libs / bins.

BRKSPG-1000 83


Dockers and Containers

• Docker: the Linux container engine• Better than VM

• Size

• Performance

• Portability

• Application-centric

• Containers use less resources and are more efficient to run an application than hypervisors

• Container consists of an entire runtime environment: an application, plus all its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package, • gives it application portability

• can run virtually anywhere

• can be started almost instantly

BRKSPG-1000 84


Container World Taxonomy

• Container Tools

• Docker, Rkt, repos/registries

• micro-OSs – CoreOS, RHEL Atomic, Ubuntu Snappy

• Cluster Control and Services

• Scheduler/Job Monitor – Marathon, Aurora

• Resource Managers – Mesos, Kubernetes

• Distributed Key/Value/lock managers –zookeeper, etcd, consul

• Service Orchestration/Management

• Kubernetes, Mesosphere DCOS, CoreOS Swarm, HashiCorp Terraform

container / service management

physical & virtual cluster nodes

PaaS

SchedulerDistributed

Frameworks

Container Tools

applications

Cluster Services

Service Orch/Mgmt

microservices

IaaS

BRKSPG-1000 85


Cisco Containers Projects • Mantl

• Container orchestrator

• Uses Apache Mesos as cluster manager

• Shipped

• Hybrid DevOps platform for containerized microservices

• Supports Docker containerized microservices

• Contiv

• Open source

• Defines infrastructure operational policies for container-based application deployment

• Ability to specify infrastructure operational policies for network, storage and compute

BRKSPG-1000 86


Vision for Linux Containers

BRKSPG-1000 87

Essential Skills and Concepts


Linux Commands (Cheat Sheet)Command Description Command Description

cat [filename] Display file’s contents to the

standard output device.

man [command] Display the help information for the

specified command.

cd /path/to/directory Change to directory. mkdir [options] directory Create a new directory.

chmod [options] mode filename Change a file’s permissions. mv [options] source destination Rename/move file(s) or directories.

chown [options] filename Change who owns a file. ps [options] Show currently running processes.

clear Clear a command line window. pwd Pathname for the current directory.

cp [options] source destination Copy files and directories. rm [options] directory Remove file(s) and/or directories.

date [options] Display/set system date/time. ssh [options] user@machine Remote into another Linux machine

find [pathname] [expression] Search for files matching a provided

pattern.

su [options] [user [arguments]] Switch to another user account.

grep [options] pattern [filename] Search files or output for a particular

pattern.

tail [options] [filename] Display the last n lines of a file (the

default is 10).

kill [options] pid Stop a process. tar [options] filename Store and extract files from a tarfile

less [options] [filename] View the contents of a file one page

at a time.

touch filename Create an empty file with the

specified name.

ls [options] List directory contents. who [options] Display who is logged on.

BRKSPG-1000 89


KVM Intro• KVM, which stands for Kernel-based Virtual Machine, is an open-

source software platform that enables virtualization for x86 and other

server platforms running the Linux operating system (OS)

• It can be loaded to run multiple virtual machines on a single server

running unmodified Linux or Windows.

• KVM has become one of the most widely used virtualization

technologies today, and it has taken on many different forms by

companies or organizations that have modified the code, including

IBM and Red Hat.

• It is a open-source alternative to proprietary virtualization

technologies such as ESXi offered by VMware and Microsoft hyperV.

• Other open-source virtualization solutions include Xen, which is

supported by Citrix.

BRKSPG-1000 90


How to develop your Linux Skills

Books and E-Books • Certifications

• Linux Foundation Linux Certification: https://training.linuxfoundation.org/certification

• Linux Foundation Certified System Administrator: https://training.linuxfoundation.org/certification/lfcs

Web Links

• An overview of Red Hat OpenStack Platform: https://www.redhat.com/en/services/training/cl010-red-hat-openstack-technical-overview

• Linux Academy – Linux & Cloud Training: https://linuxacademy.com

• Introduction to Linux: https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux

• Network Programmability Users Group.

• Following Linux Education WebexSeries are available @ http://www.npug.net/past-events/

Linux Network Administrators Guide:

http://www.tldp.org/LDP/nag2/nag2.pdf

BRKSPG-1000 91

https://training.linuxfoundation.org/certification

https://training.linuxfoundation.org/certification/lfcs

https://www.redhat.com/en/services/training/cl010-red-hat-openstack-technical-overview

https://linuxacademy.com/

https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux

http://www.npug.net/past-events/

http://www.tldp.org/LDP/nag2/nag2.pdf

Automation/Orchestration


Open InnovationCreate competitive supply of innovative

applications by third parties

Orchestration for automation, provisioning andinterworking of physical and virtual resource.

Enable new service innovations from Weeks and Months to Minutes and Days

Software Defined NetworkSeparation of control and data plane. Create

network abstraction for faster innovation

Network Function VirtualizationNetwork functions and software running on any open standards-based hardware.

Reduce CAPEX, OPEX, power and space

OpenInnovation

NFVSDN

NewService

SDN, NFV, and Open Innovation

BRKSPG-1000 93


OpenStack is an Infrastructure As A Service (IaaS) cloud computing project

“…provides a means to control (administer) compute, storage, network and virtualization

technologies…”

= Cloud Operating System

BRKSPG-1000 94


OpenStack to Manage IAAS

BRKSPG-1000 95


OpenStackOpen Source Software for Creating Private and Public Clouds

Compute (Nova)

Self-service provisioning of virtual machines through a software API

Object Storage (Swift)

Massively scalable, distributed object store

Network Service (Neutron)

For tenant created, virtual isolated networks and subnets, and services

Your Application

www.openstack.org

BRKSPG-1000 96


OpenStack Projects

BRKSPG-1000 97


Cisco OpenStack Platform (Mercury) Introduction• Mercury is a Cisco OpenStack platform built on top of an underlying OpenStack Distribution like Red Hat to build a

carrier grade platform integrated with Cisco HW & SW

• Mercury provides a set of tools including an automated installer, containerized OpenStack services, logging/monitoring, health check tools and plugins for Cisco HW and SDN controllers

98BRKSPG-1000

Redhat Enterprise Linux OpenStack Platform (RHEL OSP7)

Compute Networking Storage

Nova

Automated

Installer

Cisco OpenStack Platform (Mercury)

Proven HA

Architecture

Health Checks

ASR1k ACI

OSC

Nx9k

Redhat

VTSLogging /

Monitoring

Containerised

Components

OVS / Linux Bridge

Cisco

Integrated Test

Suite

Neutron

Plugins / Drivers

Cinder / Glance

Ceph

Goal of Mercury is to provide a reliable, highly available & easily upgradeable OpenStack

platform for SP deployment

CI/CD

Release

System

Automated

System Test

Cisco GIT

Repository


Network Services Orchestrator (NSO)

• Enabled by tail-f

• Multi-vendor service orchestrator for existing and future networks o Includes distributed (multi-device) service

configuration management, transaction integrity, validation and rollback

• Single pane of glass for:o L2-L7 networking

o Hardware Devices

o Virtual Appliances

• YANG Model Driven Orchestrationo Service Data models (declarative)

o Device Data Model (for auto config)

o Fastmap engine translates models to device configuration including CLI

• Highly Scalable for large infrastructure

o One of the existing deployment is managing 60K devices on the network

Network Element Drivers

Device Manager

Service Manager

Network Services Orchestrator (NSO) Service

Models

Device

Models

Network-wide CLI, Web UIREST, Java, NETCONF

Network

Engineer

Management

Applications

End-to-End

Transactions

NETCONF, CLI, SNMP, REST, etc.

• Applications

• Controllers

BRKSPG-1000 99


List of Events

• VM Alive

• Service Alive

• Upper load threshold crossed

• Lower load threshold crossed

• Service Dead

• VM Dead

List of Actions

• Notify (callback)

• Advertise Service

• Withdraw Service

• Restart VM

• Scale up (add a VM)

• Scale down (remove a VM)

• Individually customisable

action(s) for every event

Simple Rules

Service Alive => advertise

VM Dead => withdraw

Upper load => scale up

Complex Rules

Upper load => Scale up, Notify, Advertise

Service Dead => Withdraw, Notify, Restart

Service Alive => Advertise, Notify

Elastic Services Controller

Provision

VM

VM Bootstrapprocess

Service Bootstrap Process

Servicealive

VMalive

ServiceFunctional

ServiceOverloaded / Underloaded

VNFProvisioning

VNF MonitorVNF

Configuration

Configure

Service

Service DEAD

VM DEAD

Custom Script

Action

VMOverloaded / Underloaded

Predefined Action

Custom Script

Action

Predefined Action

Custom Script

Action Predefined Action

Custom Script


Custom Script


Custom Script


Analytic Engine Rule Engine

Elastic Services Controller (ESC)VNF Lifecycle Management, Monitoring and Elasticity

BRKSPG-1000 100


Virtual Topology System (VTS)

REST API

Virtual Topology System

(VTS)MP-BGP

BGP-EVPN

VTFVTFOVS dVS

RESTCONF/YANG

MP-BGP

BGP-EVPNRR RR

IP / MPLS

WAN

WAN / Internet

3rd Party Cloud

Bare Metal

Workload

Virtualised

Workloads with OVS

Virtualised Workloads with Feature Rich &

High Performance Cisco VTF Solution

Virtualised

Workloads with SR-IOVVirtualised

Workloads with dVS

DCIDCI

Data Plane

Control Plane

Management &

Orchestration Plane

ToR ToR

VM or

VNF

VM or

VNF

VM or

VNF

VM or

VNFVM or

VNF

VM or

VNFVM or

VNF

VM or

VNF

VM or

VNF

VM or

VNF

VM or

VNF

VM or

VNF

• DC Overlay SDN system consisting of:

• Virtual Topology Controller (VTC)

• Virtual Topology Forwarder (VTF)

• VTF is highly optimized forwarding for x86

• Guest OS as opposed to Host OS

• VXLAN overlays

• Service chaining

BRKSPG-1000 101


Virtual Topology System (VTS)

VCenter3rd Party VM

Manager

REST API

Virtual Topology System

(VTS)MP-BGP

BGP-EVPN

VTFVTFOVS dVS

RESTCONF/YANG

MP-BGP

BGP-EVPNRR RR

IP / MPLS

WAN

WAN / Internet

3rd Party Cloud

Bare Metal

Workload

Virtualised

Workloads with OVS

Virtualised Workloads with Feature Rich &

High Performance Cisco VTF Solution

Virtualised

Workloads with SR-IOVVirtualised

Workloads with dVS

DCIDCI

Data Plane

Control Plane

Management &

Orchestration PlaneVTS GUI

ToR ToR

VM or

VNF

VM or

VNF

VM or

VNF

VM or

VNFVM or

VNF

VM or

VNFVM or

VNF

VM or

VNF

VM or

VNF

VM or

VNF

VM or

VNF

VM or

VNF

NSOCFS

RFS

Elastic Services

Controller (ESC)

BRKSPG-1000 102


What CliQr Does…• Single Cloud Management Platform

• Manage Full Lifecycle

• VMs, OSes, Services, Applications

• Apps - Model, Deploy, Manage

• One to Many, New and Existing Apps

• Simple or Complex Multi-Tier

• Component/VM, Container, PaaS

• One to Many Datacenters, Private or Public Clouds

• Comprehensive Management, Administration and Governance

• Enterprise-Class

• Multi-Tenant, Scalable – Secure - Integrate

• Fast Time-to-Value: Deliver first use case in days. Non-Invasive to architecture

BRKSPG-1000 103


• Multi-Application Engine for the SP WAN

• Enables applications to make queries about placing demands

• Run demand placement and network failure simulations

• Request demand placement or optimisation on the network

• WAE is really an advanced suite of network optimisation, planning and calendaring capabilities which can be leveraged by applications

• Capabilities exposed via northbound REST/Java/Thrift APIs

• WAE uses topology and traffic abstraction

• By collecting information from the network

• Multi-Vendor platform

• Compliments NSO and Open SDN Controller (ODL)

WAE: WAN Automation Engine

http://www.cisco.com/go/wae

Source Destination

SDN Orchestration & ControlConfiglet NSO EMS/NMSODL/OSC …

Traffic Management Applications

REST

REST/NETCONF

NETCONF/PCEP/BGP-LS

BRKSPG-1000 104

http://www.cisco.com/go/wae


ONOS

NB Core API

Distributed Core (state management, notifications, high-availability & scale-out)

SB Core API

Protocols

Adapters

Protocols

Adapters

Protocols

Adapters

Protocols

Adapters

Apps Apps

ONOS*Distributed*Architecture*Scalable*Distributed*Core*for*Scalability,*HA,*Performance*

INSTANCE 1 INSTANCE 2 INSTANCE 3 INSTANCE N

DATAPLANE

• The Open Network Operating

System (ONOS) is the first open

source SDN network operating

system targeted specifically at the

Service Provider and mission critical

networks.

• ONOS is purpose built to provide the

high availability (HA), scale-out, and

performance these networks demand.

• In addition, ONOS has created useful

Northbound abstractions and APIs to

enable easier application development

and Southbound abstractions and

interfaces to allow for control of

OpenFlow-ready and legacy devices. http://onosproject.org/wp-content/uploads/2014/11/Webinar-prajakta.pdf

BRKSPG-1000 105


Agent Based Agent-less

Higher Order

BRKSPG-1000 107


Jenkins

• It is a powerful DevOps tool

• It is a continuous integration and continuous delivery application

• Easy to install, easy to configure

• Build and test loads that can be distributed multiple computers using different Operating Systems.

• Jenkins integrates well with any build tools

BRKSPG-1000 108


Puppet

• It is a power configuration management tool

• Extensibly used in IT operations

• With Puppet you can automate the entire data center without needing to write enormous scripts

• Enormous reduction in time in rolling out new releases – From weeks to hours!!

• Puppet is written in Ruby language.

• Expert knowledge of Ruby is not required to use Puppet but some basics are needed

BRKSPG-1000 109


Chef

• Like Puppet, Chef is also widely used in the cloud infrastructure automation

• It operates in Client-Server model

• Each chef-client has cookbook which tells how each node in your organization should be configured

• The Chef-Server stores cookbooks , the policies that are applied to the nodes

• Using Chef-Client, Nodes asks the Chef Server for configuration details

BRKSPG-1000 110


Ansible

• Just like Chef and Puppet Ansible is also a configuration management tool

• Unlike Puppet and Chef , Ansible does not use Ruby

• Ansible is implemented using Python

• Currently it is only available on Linux and Unix platforms

• Excellent security using SSH/SSH2

• Still fairly new tool, not tried and tested as Chef and Puppet

BRKSPG-1000 111

Putting It All Together


Underlay

Technologies

Virtualization

& Overlay

(include VNFs)

VIM and

Overlay/SDN

Controllers

(Network VIM)

Management &

Orchestration

(ETSI NFV MANO)

Services

Consumptions

SDN & NFV

Solutions

Business Outcomes

Compute: Physical

(servers), Linux OS

Network: Physical (Routers &

Switches), Routing, Switching,

Network Device OS/Firmware

Storage: Physical

(disks), OS, FCOE

Compute

Virtualization:

Hypervisor (KVM)


VXLAN, OpenFlow,

MPLS, EVPN, OVSDB

Storage

Virtualization:

CEPH, Swift

Cloud VPN/

VMS, vCPE, vEPC

User Web Portal, Admin

Portal, Ticketing System,

Billing/BSS, UCS Director

Top

Three

Cisco NSO

VNF Manager:

Elastic Controller

OSS/Management

VTS

BRKSPG-1000 113


CCIEs – How About Your SDN Base Skills?

LINUX AND

VIRTUALIZATION

(KVM, QEMU, OVS)

NETWORK

VIRTUALIZATION

(VXLAN, EVPN, OVSDB)

SDN/OVERLAY

CONTROLLERS

(APIC, ODL, ONOS)

OPENSTACK

VIRTUAL INFRA

MANAGER (VIM)

PROGRAMMING, API,

DEVOPS TOOLS

(PUPPET, ANSIBLE)

BRKSPG-1000 114


Cisco ACI: Full Stack SDN in Data Center

Single Point of Management

Without a Single Point of Failure

APIC ClusterDistributed, Synchronized, Replicated

APIC• Hardware (Nexus 9000) and

software (APIC) working hand in

hand

• Network virtualization +

abstraction to decouple network

constructs from application

policies

• Simplify provisioning, operating

through relational object-model

• Fully programmable (REST API,

Python bindings)

BRKSPG-1000 116


How We Deploy Services with Cisco ACI Today

BRKSPG-1000 117


Cisco VTS: SDN Across Nexus Portfolio

VTS

vCenter

REST API

GUI

Nexus Portfolio

Nexus 2k – 9k

Programmable Fabric

Scalable Multi-Tenancy

• MP-BGP EVPN control plane

• Physical and Virtual overlay support

• High performance virtual forwarding

Automated Provisioning

• Group Based Policy model

• Overlay Provisioning

• Service Chaining

Open, Standards Based

• Rest based Northbound APIs

• Multi-protocol support (EVPN, VXLAN)

• Multi-Hypervisor, Bare Metal, Container

Overlay Management

• Automatic Topology Discovery

• Resources Management

• Overlay monitoring and troubleshooting

BRKSPG-1000 118


Cisco CloudVirtualPrivate Cloud Public Cloud

CPE Evolution from On-Premise to Cloud Based

Premise

Cloud

L3

“classic”

L2 NID

Network Functions from the Cloud

Network Functions on the CPE

L3 CPE + x86

on premise

L3 Cloud

Managed

Simple L3

CPE

vRouter on

X86 on prem

Network Functions

Virtual Network

Functions

Network Secure IP Overlays MPLS Layer 2 VPN Intelligent/Hybrid

Cloud

Application

Containers Applications from the Cloud

Cisco Cloud SP Private Cloud

BRKSPG-1000 119


Cisco Virtual Managed Services (VMS)

BRKSPG-1000 120


NFV Orchestrator (NFVO)

VNF Manager (VNFM)

Virtualized Infrastructure Manager (VIM)

Tail-f NCS

ESC

OpenStack

REST/NETCONF/YANG

SDN Controller

OVS Cisco VPP/VTF

Plugin

Monitor

SLA

Scale

Service

Model

Mapping

Device

Model

REST/NETCONF/YANG

ConfD

Portal OSS/BSS • The Portal represents the CFS layer of the Orchestration Stack.

• Orchestrator level. Processes Service Model Instantiation

Requests and Maps these to the Resources required.

• VNF Lifecycle Management. Launch VNFs as needed by the

orchestration layer. Monitor, and scale up or down based on

service consumption models.

• DC Overlay Model. Option to use different SW overlay models

including OVS and VPP. Programmed through SDN Controller

called by OpenStack APIs.

NFV MANO Components for VMS in Data Center

BRKSPG-1000 121


SP Cloud / Data Center

Service

Provider

VR

CSR

NED

vFW

vASA

NED

ISR

NED

ISR

Call-home

Adapter

O/S

virt infra mgr

NCS

network service lifecycle

NC/YANG

REST/XSD

Internet

(on-net and off-net)

vNG

IPS

NED

vSec

Web

NED

vSec

Email

NED

Customer CloudVPN

and CloudSecurity

BSS

Systems

RC/YANG

NC/YANG

Operator

Self Service

RESTful

RC/YANG?

NC/YANG

VR_CSR

Other Network

Services

vNG-Intrusion

Protection

vSecWeb

VFW_vASA

vSecEmail

ESC

virt infra

lifecycleconfd

service

models

device

models

fastmap

O/S

component

APIs

App:

User

Self

Service

RC/YANG

NC/YANG

Cisco

RESTful

Cisco CLI

via SSHConfig &

Operation

ISR CPEISR CPE

ISR CPE

ISR CPE

SP

Portal

Config &

Operation

Cisco VMS Service Delivery WorkflowModel Driven Automation

BRKSPG-1000 122

Learning Roadmap


SDN/NFV Baseline Skills Matrix

Network Virtualization OS/Compute/Storage Virtualization

Virtual infrastructure Manager

Overlay & SDN Controller Orchestration and Chaining Network Programmability

OVS (Open vSwitch)

OVSDB,Nexus1000v

NSX, VXLAN,

BGP, EVPN, VNF

Linux

KVM

Docker

ESXi

CEPH/SWIFT

Openstack

vCenter

NFV MANO

Open Daylight

Cisco Open SDN Controller

NSX

ACI, APIC-EM

VTS

Netconf, Yang

Puppet, Chef

Tosca

VNFM ( ESC)

NSO,

Openstack (HEAT)

NFV MANO

Scripting

General Programming Skills,

North and South Bound APIs

Devops

Python,JSON, XML, REST

Basic Knowledge of Networking Standards + Cloud and Virtualization Concepts

BRKSPG-1000 124


Begin with End in Mind: Which Role Will You Be?

Skills:Business Architecture, Service Chaining, Industry

Standards, Product Roadmaps, Broad Knowledge of

VNFs & Virtualization in general, Network Assessments,

Solutions Architecture, Understand Abstractions

Architect SME

OperatorInstaller

Provides Technical Solutions to Business Problems Domain Experts in one or more Areas of Technology

Provides Day 2 Support for Deployed SolutionsProvides Implementation and Testing of the

Solution

Skills:Solutions Architecture, Domain Expertise, Virtualization

Expertise, Dockers, Containers, Service Chaining, SDN

and NFV, VNFs, Open Systems ( Linux), Ability to write

detailed design, Industry Standards,

Skills:Strong Troubleshooting, Network and OS Virtualization,

Strong Orchestration Tools knowledge, Basic Scripting

and Network programmability, Good Linux background.

SDN/NFV background to suggest optimizations.

Focused on operations and usability of the Solution.

Skills:Advanced skills to install, configure and customize

components of solution, Software Development with

Agile/Scrum. Strong Orchestration and Automations

Skills, Strong Open Systems ( Linux) expertise.

BRKSPG-1000 125


CISCO NETWORKING

LINUX OS

HYPERVISOR

OPENSTACK

PYTHON/SCRIPTING

COMMUNICATION

PROBLEM SOLVING

BUSINESS ACUMEN

LEADERSHIP

SOLUTIONS ARCHITECTURE

Complete Novice

Domain ExpertHands on

Done some reading

Self Assessment and Gap Analysis

BRKSPG-1000 126


Learning Strategy

Compute Software

Security

Networking

Route

/Switch

SP

DC

OS/Linux

Programmability

Virtualization

Openstack

Start

Storage

BRKSPG-1000 127


BuildLearning Path

Underlay

Technologies

Virtualization

& Overlay

(include VNFs)

VIM and

Overlay/SDN

Controllers

(Network VIM)

Management &

Orchestration

(ETSI NFV MANO)

Services

Consumptions

SDN & NFV

Solutions

Business Outcomes

Compute: Physical

(servers), Linux OS

Network: Physical (Routers &

Switches), Routing, Switching,

Network Device OS/Firmware

Storage: Physical

(disks), OS, FCOE

Compute

Virtualization:

Hypervisor (KVM)


VXLAN, OpenFlow,

MPLS, EVPN, OVSDB

Storage

Virtualization:

CEPH, Swift

Cloud VPN/

VMS, vCPE, vEPC

User Web Portal, Admin

Portal, Ticketing System,

Billing/BSS, UCS Director

Top

Three

Cisco NSO

VNF Manager:

Elastic Controller

OSS/Management

VTS

Te

ch

nic

al S

kill

De

ve

lop

me

nt

Solv

ing B

usin

ess P

roble

ms

BRKSPG-1000 128


Get with the Program!!

www.opennetworking.org/certification/skills

learningnetwork.cisco.com/community/cert

ifications/network-programmability

•

•

Required

Exams

Recommended Training

300-504

CLDINF

Implementing and Troubleshooting

the Cisco Infrastructure (CLDINF)

300-505

CLDDES

Designing the Cisco Cloud

(CLDDES)

300-506

CLDAUT

Automating the Cisco Enterprise

Cloud (CLDAUT)

300-507

CLDACI

Building the Cisco Cloud with

Application Centric Infrastructure

(CLDACI)

Cisco Programmability CertificationsCisco Cloud Certifications

DNA

BRKSPG-1000 129


Skill Transformation Roadmap

Network and DC Virtualization

Linux For Network

EngineersOpenStack Certified

Professional

Python/XML for Network Engineers

Automation & Orchestration

Network Engineer/Architect.Time

SDN & NFV Use Cases

Ready For Tomorrow

Open Engineer

2017

2016 BRKSPG-1000 130


How Much Time Investment Required?

20% = 1 Day / Week = 4-5 Days / Month

It Depends on existing back ground and many other factors

All Engineers are not made the same

This is a general guestimate

BRKSPG-1000 131


CCIEs – How to Transform and How Long?

BRKSPG-1000 132


Learning resources

• Cisco Devops

• ONF

• Linux Foundation

• SDx Central

• Internet - Training Material - Classroom - Cisco Live Recording - Online Forum - Online Library - Industry Standard

• Practice Labs

133BRKSPG-1000


Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.

BRKSPG-1000 134

CiscoLive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/us

http://ciscolive.com/us

Key Takeaways


Muhammad Ali

“The best way to realize our dreams is to wake up”

BRKSPG-1000 136


Wrap Up

• The Transformation is Real

• Segment your Learning

• Learn Virtualization

• Learn Linux

• Learn Scripting and Programming

• Start Using open Stack before mastering how to Install it.

• Understand Orchestration Tools

• Always keep the Big Picture in mind

• Your Target Role

• Use cases

• If you do not have Rotation Program available then get into a certification program

• With All the above Technologies Blend an Analytical Approach.

• Do not lose sight of Security

137BRKSPG-1000


What happens in VegasStays in Vegas

This Does NOT Apply To Ciscolive!

2016

BRKSPG-1000 138

Thank you

BRKSPG-1000