network transformation and essential skills for next generation network engineers
TRANSCRIPT
Network Transformation and Essential Skills for Next Generation Network Engineers
Zahoor Khan, Manager Advanced Services
Imran Shahid, Solutions Integration Architect
BRKSPG-1000
(#11894)
(#11893)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ayn Rand (1905-1982)
“You can avoid reality, but you cannot avoid the consequences of avoiding reality”
BRKSPG-1000 3
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
2003 2007 2010 2013 2015 2020
500M
Connected Devices
10B
25B
50Billion
550K1M
1.5M
2M
Certifications
5B
~5M
~10M
Internet Growth
Automation
Innovation
Education
The only way to scale is to Move our
2.2M certified professionals into these
evolving roles!
BRKSPG-1000 4
• What is Transforming and Why
• Components of Transformation and Related Skills
• Learning Roadmap
• Key Takeaways
Agenda
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What Really is Transforming ?
• Connectivity Landscape
• Service Delivery Landscape
• Business Models
• Business Architecture
• Network Architecture
• Network Service Delivery
BRKSPG-1000 6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Transformations
• CLI to API
• Purpose built network device to virtualized network function (VNF)
• Closed systems to open systems. (x86 based)
• Manual to Automated Service Chaining
• Discrete to Integrated Service Assurance
• Waterfall to Agile methods
• Vendor Specific to Vendor Neutral Skillset. (OPEN)
A
P
ILC
L
O
S
D
E NPO
BRKSPG-1000 7
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Components of Transformation
SDx (Software Defined Anything)
Network programmability
Virtualization of Network Services
Open Systems (Linux)
Auto
matio
n a
nd
Orc
hestra
tion
BRKSPG-1000 9
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is Software-Defined Networking?Many different things to many different people
Evolving SDN:
tackling strategic,
technology, and
operational
challenges
NETWORKWORLD
SDN revolution or evolution: Impact on the IT manager
Google revamps networks with OpenFlow
We share a more pragmatic view, noting Cisco (for example)
is likely to view SDN as a TAM expansion opportunity…
Deutsche Bank Research Note
“Jeda Networks
proposes yet another
software-defined
option for the data
center”
SDN
BRKSPG-1000 11
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Software Defined Networking
Applications
Control Plane
Data Plane
Virtual
Physical
• In SDN, Not All Processing Happens Inside Device
• Decoupled Control and Data Planes
• Highly Centralized Control (aka SDN Controller)
• Greater application interaction with the network
• An opportunity to re-think the relationship between network hardware and software
SDN Definition (ONF): The physical separation of the
network control plane from the forwarding plane, and
where a control plane controls several devices.
Control Plane
Control Plane
DataPlaneDataPlane
BRKSPG-1000 12
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Stanford University – Clean Slate Project
“…explore what kind of Internet we would design if we were to start with a
clean slate and 20-30 years of hindsight.”
http://cleanslate.stanford.edu
BRKSPG-1000 13
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Four Parts of OpenFlow
• Controller – resides on a server and provides control plane function for the network
• OpenFlow Agent – resides on a network devices and fulfill requests from the Controller
• Northbound APIs – enable applications to interface with the Controller
• OpenFlow Protocol – the Layer 2 protocol that the Controller and Agents use to communicate
BRKSPG-1000 14
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ONF Board Members
Deutsche Telekom : Facebook :
Goldman Sachs : Yahoo
Google : Microsoft : NTT
Communications : Verizon
http://opennetworking.org
BRKSPG-1000 15
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What Is Project Daylight?• …an open source project formed by industry leaders and others under the Linux
Foundation with the mutual goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common vendor supported framework.
• Focus: Customers with some programming resources that desire a free, community-supported SDN controller
Platinum Gold Silver
BRKSPG-1000 16
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Open SDN Controller
BRKSPG-1000 18
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco’s Open SDN ControllerCisco’s Commercial Edition Of Open Daylight
“One-Click” Install
VMware ESXi and Oracle
Virtual Box hypervisor ready Pre-Installed Apps
• BGPLS Manager – visualises
network topology from BGP
database
• Inventory – augmented
OpenDaylight “Nodes” app identifies
all connected devices
• (YANG) Model Explorer – exposes
system models and previews JSON
API body
• OpenFlow Manager – manages,
visualises and troubleshoots flows +
previews JSON API body
• PCEP Manager – creates, modifies
and deletes MPLS LSPs
Centralised OA&M
Robust user, application and
feature administration
Status monitoring: system,
cluster, node
Event logging
Real-time CPU, memory,
disk, heap size, load and
network utilisation metrics
See also: http://www.cisco.com/c/en/us/products/cloud-systems-management/open-sdn-controller/index.html
BRKSPG-1000 19
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
SDX Central Use Case Categories
Network Access Control:
Campus NAC, Branch NAC,
M2M NAC, UC Optimization
Network Virtualization:
DC Virtualized Networks,
Campus/Branch Virtualized
Networks, DC Micro
Segmentation, NFaaS
Virtual Customer Edge:
Virtual CPE (on premise),
OTT vCPE (on premise),
Virtual CE (Telco),
Virtual CE (OTT)
Dynamic Interconnections:
BWoD, Virtual Private
Interconnect/Cloud Bursting,
Dynamic Enterprise VPN,
Multi-layer Optimization
Virtual Core and Aggregation:
vEPC, vIMS, vPE (inc vBNG
& vCMTS), GiLAN, Network
Virtualization (Mobile)
Data Center Optimization:
Big Data Optimization, Flow
optimization
Other (to capture other less common use cases not listed above)
BRKSPG-1000 20
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Web Servers
vLAN 666
L3
FW
SLBSSL
DB Servers
vLAN 111
vLAN 222
www www www
vLAN 444
App Servers
FW
SLB
app app
FW
db db
switch1(config)#switch1(config)# int eth 1/1
switch1(config)# switch mode acc
switch1(config)# switch acc vlan 666
switch1(config)# no shut
router(config)#router(config)# int eth 1
router(config)# ip add 6.6.6.1 255.255.255.0
router(config)# not shut
router(config)# int eth 2
router(config)# ip addr 1.1.1.1 255.255.255.0
router(config)# no shut
router(config)# router eigrp 100
router(config)# network 6.6.6.0 mask 255.255.255.0
router(config)# network 1.1.1.0 mask 255.255.255.0
router(config)# ip route 0.0.0.0 0.0.0.0 6.6.6.254
switch2(config)#switch2(config)# int eth 1/2 - 3
switch2(config)# switch mode acc
switch2(config)# switch acc vlan 111
switch2(config)# no shut
fw1(config)#fw1(config)# int eth 0/1
fw1(config)# nameif outside 0
fw1(config)# int eth 0/2
fw1(config)# nameif webfront 20
fw1(config)# object network webfront_vip
fw1(config)# host 6.6.6.6
fw1(config)# static (webfront,outside) 1.1.1.6
fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 80
fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 443
fw1(config)# access-group outside_web in interface outside
switch3(config)#switch3(config)# int eth 1/4 - 5
switch3(config)# switch mode acc
switch3(config)# switch acc vlan 222
switch3(config)# no shut
vLAN 333
switch4(config)#switch4(config)# int eth 1/6
switch4(config)# switch mode acc
switch4(config)# switch acc vlan 333
switch4(config)# no shut
switch4(config)# int eth 1/7 - 9
switch4(config)# switch mode acc
switch4(config)# switch acc vlan 333
switch4(config)# no shut
IDS/IPS
vLAN 555
IDS/IPS
vLAN 777
switch5(config)#switch5(config)# int eth 1/10 - 11
switch5(config)# switch mode acc
switch5(config)# switch acc vlan 444
switch5(config)# no shut
switch5(config)# int eth 1/11 - 15
switch5(config)# switch mode acc
switch5(config)# switch acc vlan 555
switch5(config)# no shut
switch5(config)# monitor session 1 source vlan 555
switch5(config)# monitor session 1 dest eth 1/16
switch6(config)#switch6(config)# int eth 1/16 - 19
switch6(config)# switch mode acc
switch6(config)# switch acc vlan 777
switch6(config)# no shut
switch6(config)# monitor session 1 source vlan 777
switch6(config)# monitor session 1 dest eth 1/20
slb1 (CONFIG) probe http http-probe
interval 30
expect status 200 200
rserver host websrvr1
description foo web server
ip address 3.3.3.1
inservice
rserver host websrvr2
description foo web server
ip address 3.3.3.2
inservice
rserver host websrvr3
description foo web server
ip address 3.3.3.3
inservice
serverfarm host FOOWEBFARM
probe http-probe
rserver websrvr1 80
inservice
rserver websrvr2 80
inservice
rserver websrvr3 80
inservice
crypto generate key 1024 fooyou.key
crypto csr-params testparms
country US
state California
locality San Jose
organization-name foo
organization-unit you
common-name www.fooyou.com
serial-number crisco123
crypto generate csr testparms fooyou.key
crypto import ftp 12.13.14.15 anonymous fooyou.cer
parameter-map type ssl SSL_PARAMETERS
cipher RSA_WITH_RC4_128_MD5
version TLS1
ssl-proxy service FOOWEB_SSL
key fooyou.key
cert fooyou.cer
class-map match-all FOOSSL_VIP_CLASS
2 match virtual-address 2.2.2.22 tcp eq https
policy-map type loadbalance first-match L7-SSL-MATCH
class L7_WEB
sticky-serverfarm sn_cookie
policy-map multi-match FOOWEB-VIP
class FOOWEB_VIP_CLASS
loadbalance vip inservice
loadbalance policy FOOWEB-MATCH
loadbalance vip icmp-reply
loadbalance vip advertise active
class FOOSSL_VIP_CLASS
loadbalance vip inservice
loadbalance policy FOOSSL-MATCH
loadbalance vip icmp-reply
fw2(config)#fw2(config)# int eth 0/1
fw2(config)# nameif webfront 20
fw2(config)# int eth 0/2
fw2(config)# nameif appfront 50
fw2(config)# object network appfarm_vip
fw2(config)# host 5.5.5.5
fw2(config)# nat (appfront,webfront) static 4.4.4.4
fw2(config)# access-list web_to_app permit tcp any host 4.4.4.4 eq 8081slb2 (CONFIG)rserver host appsrvr1
description foo app server
ip address 5.5.5.1
inservice
rserver host appsrvr2
description foo app server
ip address 5.5.5.2
inservice
rserver host appsrvr3
description foo app server
ip address 5.5.5.3
inservice
serverfarm host FOOAPPFARM
probe http-probe
rserver appsrvr1 8081
inservice
rserver appsrvr2 8081
inservice
rserver appsrvr3 8081
inservice
class-map type http loadbalance match-any FOO_APP
2 match http virtual-address 4.4.4.44 tcp eq 8081
class-map match-all FOO_APP_VIP_CLASS
policy-map type loadbalance first-match FOO_APP-MATCH
class FOO_APP
sticky-serverfarm sn_cookie
policy-map multi-match FOO_APP-VIP
class FOO_APP_VIP_CLASS
loadbalance vip inservice
loadbalance policy FOO_APP-MATCH
loadbalance vip icmp-reply
fw3(config)#fw3(config)# int eth 0/1
fw3(config)# nameif appfront 70
fw3(config)# int eth 0/2
fw3(config)# nameif dbfront 90
fw3(config)# object network db_cluster
fw3(config)# host 7.7.7.7
fw3(config)# nat (dbfront,appfront) static 5.5.5.50
fw3(config)# access-list web_to_app permit tcp any host 5.5.5.50 eq 1433
How We Deployed
Multi-Tier
Applications
In Data Center
Yesterday
BRKSPG-1000 22
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Controller
Data Plane
Applications
Open APIs
OpenFlow,
PCEP,
I2RS,
Netconf
2a Pure SDN
Vendor
Specific
(e.g. Nexus
API)
Applications
Virtual Switch
Overlays
Overlay
Protocols
(e.g. VXLAN)
Open APIs
3 Overlays Networks
Control Plane
Data Plane
Overlays
Vendor-
specific APIs
Applications
1 Programmable APIs
Control Plane
Data Plane
Vendor
Specific
(e.g. Nexus
API)
Controller
Data Plane
Applications
Open APIs
OpenFlow,
PCEP,
I2RS,
Netconf
Control Plane
2b Hybrid SDN
Vendor
Specific
(e.g. Nexus
API)
Control Plane
Data Plane
CLI,
SNMP,
Netflow,
…
Applications(Network Mgmt,
Monitoring, …)
Network Programmability Options
BRKSPG-1000 23
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Centric Infrastructure
DB DB
Web Web App Web App
Turnkey integrated solution with
security, centralized management,
compliance and scale
Automated application centric-policy
model with embedded security
Broad and deep ecosystem
Cisco Options for Data Center Programmability
Programmable Network
Modern NX-OS with enhanced
NX-APIs
DevOps toolset used for
Network Management
(Puppet, Chef, Ansible etc.)
Common NX-API
across N2K-N9K
Programmable Fabric
VxLAN-BGP EVPN
standard-based
3rd party controller support
Cisco VTS for software overlay
provisioning and management
across N2K-N9K
VTS
Creation Expansion
Fault MgmtReporting
Connection
BRKSPG-1000 24
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device Programmability Options – No Single Answer!Application Frameworks, Management Systems, Controllers, ...
Forwarding
Control
Network Services
Orchestration
Management
…
…
OpenFlow
OpenFlow
Operating Systems – IOS / NX-OS / IOS-XR
API and Data Models
OpenStack PuppetC/Java
Puppet
Neutron
“Protocols”BGP, PCEP,...
ProtocolsPython NETCONF REST ACI Fabric
OpFlex
RESTful
YANG JSON
BRKSPG-1000 25
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is NETCONF?
• NETCONF is an IETF standard (RFC 6241) network management protocol. Provides:
• Distinction between configuration and state data
• Multiple configuration data stores (candidate, running, startup, Files://…)
• In Some cases Running Config may not be writable. (Capability Exchange)
• Configuration change transactions
• Selective data retrieval with filtering
• Event notifications
• Extensible remote procedure call mechanism
Startup Running Candidate Files… / URLs…
NETCONF Data Stores
BRKSPG-1000 27
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF Transactions, Network-wide Transactions
Transaction support is a key NETCONF feature
Using the Candidate data store a NETCONF Manager can implement a network wide transaction.
• Send a configuration change to the candidate of each participating device
• Validate candidate
• If all participants are fine, tell all participating devices to commit changes
If satisfactory, commit. If not, drop the connection to the devices.
• Connection closed/lost is the NETCONF command for abort transaction
• All devices will roll back
North
East
West
Site A
Site B
BRKSPG-1000 28
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF Protocol Stack Summary
• Config / Operational DataContent
• <get>, <get-config>, etcOperations
• <rpc>,<rpc-reply>Messages
• SSHTransport
BRKSPG-1000 29
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF Encodes Everything In XML
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="1001">
<get-config>
<source>
<running/>
</source>
</get-config>
</rpc>
eXtensible Markup Language • XML describes data
• <> delimit markup text (tags)
• Machine and human readable
• W3C Recommendation
• Self-descriptive
BRKSPG-1000 30
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF References
• Tutorials:
• https://www.youtube.com/watch?v=Vr4kB1_6fLQ
• https://www.youtube.com/watch?v=xoPZO1N-x38
• Tools:
• Ncclient: https://github.com/leopoul/ncclient/
• Confd Netconf-console: http://www.tail-f.com/management-agent/
• References
• RFC 6241 https://tools.ietf.org/html/rfc6241
• RFC 6242 https://tools.ietf.org/html/rfc6242
BRKSPG-1000 31
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Container
Leaf
Container
Leaf-List
Container
List
Leaf
Container Leaf Leaf Leaf-Ref
Leaf
Container Leaf Leaf Leaf-Ref
Leaf
Container Leaf Leaf Leaf-Ref
YANG Model Statements and Hierarchy
Leaf: single value of a defined type
Leaf-list: multiple values of the same type
List: multiple records containing at least one leaf (key) and an arbitrary hierarchy of other statements
Container: groups other statements; has no value
Leafref: is a reference to another leaf
RFC6020
BRKSPG-1000 32
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
YANG Is A Language
module ietf-interfaces {import ietf-yang-types {
prefix yang; }container interfaces {
list interface { key "name"; leaf name {
type string;}leaf enabled {
type boolean; default "true";
}…
Self-contained top-level hierarchy of nodes
Import or define data types
RFC7223
Edited for Brevity
Leaf nodes for simple data
Lists for sequence of entries
Containers group related nodes
BRKSPG-1000 33
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
YANG References
• Tutorials
• http://www.yang-central.org/twiki/bin/view/Main/YangTutorials
• https://www.youtube.com/watch?v=33VBb6N4yOY
• Tools
• Pyang (python) https://code.google.com/p/pyang/
• Commercial YANG browsers – MG-Soft, Segue Soft
• http://rob.sh/post/209 (pyangbind)
• References
• RFC 6020 (YANG) : http://tools.ietf.org/html/rfc6020
• RFC 7223 (Interface Model) http://www.ietf.org/rfc/rfc7223.txt
• https://github.com/YangModels/yang/tree/master/experimental/openconfig (OpenConfig)
• https://github.com/YangModels/yang/tree/master/vendor/cisco (Cisco)
BRKSPG-1000 34
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
REST Follows a Familiar Model
HTTP GET
HTML
Describes how data should
be displayed to please
human viewer
HTTP GET
JSON/XML
Describes data in a format
applications can understand
{"ids":[303776224, 19449911, 607032789,
86544242, 2506725913, 17631389],
"next_cursor":0, "next_cursor_str":"0",
"previous_cursor":0, "previous_cursor_str":"0"}
Web Browsing REST API
GET POST PUT DELETE
BRKSPG-1000 35
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
JSON VS XML{
"firstName": "John",
"lastName": "Smith",
"age": 25,
"address": {
"streetAddress": "21 2nd Street",
"city": "New York",
"state": "NY",
"postalCode": "10021"
},
"phoneNumber": [
{
"type": "home",
"number": "212 555-1234"
},
{
"type": "fax",
"number": "646 555-4567"
}
],
"gender": {
"type": "male"
}
}
<person>
<firstName>John</firstName>
<lastName>Smith</lastName>
<age>25</age>
<address>
<streetAddress>21 2nd Street</streetAddress>
<city>New York</city>
<state>NY</state>
<postalCode>10021</postalCode>
</address>
<phoneNumbers>
<phoneNumber>
<type>home</type>
<number>212 555-1234</number>
</phoneNumber>
<phoneNumber>
<type>fax</type>
<number>646 555-4567</number>
</phoneNumber>
</phoneNumbers>
<gender>
<type>male</type>
</gender>
</person>
BRKSPG-1000 36
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
This is a RESTful API. Try It Yourself!https://restcountries.eu/
JSON• JavaScript Object Notation
• Language independent data format
• Light-weight, open standard, human
readable
• Compact alternative to XML
• RFC 4627
XML Formatted
<CUSTOMER
xmlns:xlink="http://www.w3.org/1999/xlink">
<ID>4</ID>
<FIRSTNAME>Sylvia</FIRSTNAME>
<LASTNAME>Ringer</LASTNAME>
<STREET>365 College Av.</STREET>
<CITY>Dallas</CITY>
</CUSTOMER>
BRKSPG-1000 37
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
REST: Coming Soon to a Device Near You?
CSR1kV in 3.10S, RSP2 in XE 3.16
ASR1001-X, ASR1002-X in XE 3.14S
ASA 5500-X/ASAv v1.0 Dec14,FP9300 ASA Module v1.2 March15
Support Features are evolving
BRKSPG-1000 38
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Alike: Both Send/Receive JSON
REST (CSR 1000v) JSON-RPC (N7K NX-API)
BRKSPG-1000 39
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Git
• Git is much different than your typical revision control systems, such as perforce , RCS, etc.
• Non Git version control systems store information as a list of file-based changes
• Git stores changes as snapshots of a miniature file system
BRKSPG-1000 40
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
GitHub
• GitHub is a web-based Git repository hosting service
• It is a powerful collaboration, code review and code management hub
• Hosting public projects are free whereas private projects cost money
• Huge repository of open source projects are available at GitHub
BRKSPG-1000 41
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Resources
https://developer.cisco.com/site/devnet/learningLabs/overview.gsp
https://developer.cisco.com/site/devnet/home/index.gsp
http://www.sdnskills.com/learn/devnet01/
BRKSPG-1000 42
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Logical “switch” devices overlay
the physical network
Underlying physical network carries
data traffic for overlay network
They define their own topology
Overlay 101
BRKSPG-1000 44
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Overlay Network with Virtual Switch
BRKSPG-1000 45
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Tunnels Provide Transport Between VSwitch
BRKSPG-1000 46
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Neutron is used to
help manage the
overlay (virtual)
networks
This is one linkage
between
SDN and OpenStack
BRKSPG-1000 47
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Functions Virtualization: Why, How, When?
Disaggregation of
Network Functions from
the underlying Hardware
Network Functions running inside VM on
x86 Server Platform (Virtual Network Functions)
NAT
VM
Firewall
VM
SBC
VM
dDOS
VM
Virus Scan VM
IPS
VM
DPI
VM
CGN
VM
Portal
VM
PCRF
VM
DNS
VM
DHCP
VM
BRAS
VM
SDN Control
VM
RaaS
VM
WLC
VM
WAAS
VM
CDN
VM
Caching
VM
NMS
VM
Hardware
(x86 Server)
Cloud Operating
System
Virtual Network
Functions
Existing Hardware / Appliance
based Network Functions (PNFs)
Hardware
(ASIC/NPU/GPU)
Operating System
Apps
(e.g. Routing)
How?Why?
• Hypervisor & cloud technology
• Improving x86 h/w performance
• SDN based orchestration
• Speed and Agility
• Monetization with new services
• Reduced total cost of ownership
When?
• Performance Requirements
• Physical Design Requirements
• Economics of on-boarding
Depends On
Purpose built appliances
BRKSPG-1000 48
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ETSI NFV Reference Architecture
(MANO)
Virtualized Network
Function, actual NF
application (ex. vFR,
vCPE,vLB)
Traditional Element
Manager
Virtualisation layer,
Server (hypervisor),
Network, Storage
Physical
hardware
Resource Mgr,
Operations
Lifecycle mgmt for
VNFs (upgrade, scale,
termination, etc.)
Orchestration of
overall solutionDeployment templates,
forwarding graph, service-
related information
OSS (CMDB, Monitoring,
Alarming,
IPAM/DNS/DHCP)
BSS (CRM, Billing, Order
Mgmt)
BRKSPG-1000 49
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VMware ONOS
VNF
Manager
Service, VNF and
Infrastructure
Description
Service Catalog
Cisco Network Services Orchestrator (Based on Tail-F NCS)
VNF Library (sample list)
SP’s Existing
OSS/Catalog
OpenStack
CSR1kvCSR1kvCSR1kv
NFF
3rd Party
vNFASAvASAvASAv
QvPC SIQvPC SIvWAAS
QvPC DIQvPC DIvWSA
Virtual Infra.
Managers (VIM)
NFV
Orchestrator
Service Lifecycle
ManagementService Provisioning
ODLCisco APIC, VTS
(Compute and Storage VIMs)
OpenStack
Heat
Cisco VNF Manager
REST API
Virtual
Network
(Network VIMs)
Service Lifecycle Management
(ESC)
OVS
Cisco VTF, VPP, AVS
Sample Products Mapped to ETSI NFV
BRKSPG-1000 50
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco SDN Strategy for SPs
Service-Intent API
Orchestration, Service & Policy Implementation
Branch/CPE
Control
DC & NFV
Control
Multi-layer WAN
SDNEMS/NMS
CLI/
SNMP
SDN / APIs
Openstack /
vCenterOpenflowPCEP
Segment
Routing
NETCONF
/ YANGBGP
BSS
OSS (Fulfillment & Assurance)
Multi Vendor End to End Management & Orchestration(Physical & Virtual)
Metro and Access WAN Data CentreCPE
• Management Plane: Programmable
Platforms and Network Operating
Systems
• Control Plane: Distributed Intelligence
with Centralised Control
• Data Plane: Custom, Merchant, and
Virtualised portfolio, MPLS forwarding
• Orchestration: Multi-domain and
Multi-layer, and Model driven
• E2E service lifecycle, and customer
experience focus
• Seamless integration with existing and
future OSS/BSS environment
• Modular architecture leveraging open
APIs and standard protocols
• Commitment to Open Standards and
Open Source
BRKSPG-1000 51
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco SDN Strategy for SPs
Service-Intent API
Orchestration, Service & Policy Implementation
Branch/CPE
Control
CLI/
SNMP
SDN / APIs
Openstack /
vCenterOpenflowPCEP
Segment
Routing
Netconf/
YANGBGP
BSS
OSS (Fulfillment & Assurance)
Multi Vendor End to End Management & Orchestration(Physical & Virtual)
Metro and Access WAN Data CentreCPE
Programmable Cisco Routers, Switches, Optical, Servers and Virtual Network Functions
DC & NFV
Control
Multi-layer WAN
SDNEMS/NMS
Cisco Network Services Orchestrator(enabled by Tail-F)
Cisco WAN Automation Engine (powered by ODL)
Cisco Virtual Topology System
Cisco OpenSDN Controller
• Management Plane: Programmable
Platforms and Network Operating
Systems
• Control Plane: Distributed Intelligence
with Centralised Control
• Data Plane: Custom, Merchant, and
Virtualised portfolio, MPLS forwarding
• Orchestration: Multi-domain and
Multi-layer, and Model driven
• E2E service lifecycle, and customer
experience focus
• Seamless integration with existing and
future OSS/BSS environment
• Modular architecture leveraging open
APIs and standard protocols
• Commitment to Open Standards and
Open Source
NETCONF
/ YANG
BRKSPG-1000 52
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Cloud Services Router (CSR) 1000VCisco IOS Software in Virtual Form-Factor
Server
Hypervisor
Virtual Switch
OS
App
OS
App
CSR 1000V IOS XE Cloud Edition
• Selected features of IOS XE based on targeted use cases
Infrastructure Agnostic
• Not tied to any server or vSwitch, supports ESXi, KVM, Xen, AMI
Throughput Elasticity
• Delivers 10 Mbps to 10 Gbps throughput, consumes 1 to 8 vCPU
Multiple Licensing Models
• Term, Perpetual, Hourly
Programmability
• RESTful APIs for automated management
Enterprise-class Networking with Rapid Deployment and Flexibility
BRKSPG-1000 53
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Virtualized ASR 9000 router including:
– 64-bit Linux kernel with KVM and Container based virtualization for control plane
– High performance, feature rich data plane based on x86 optimized code base
• 20Gbps+ Forwarder with features for IMIX traffic (with 8 core socket)
– i.e. 2×10GE ports at line rate
– Multi-core scale-out for feature performance
– Multi-socket scale out for control plane
– x86-optimised emulated HW assists (QOS traffic manager, SW TCAM, PLU, Packet Replication)
• Available since July 2015
– Hypervisor support includes Red Hat KVM, Ubuntu KVM and VMware ESXi (more to follow)
– Operates as single VM → Linux containers used for data, control and admin planes
– VM creation and deployment: OpenStack, VMware vCenter and VMware vCloud Director
IOS XRv 9000
BRKSPG-1000 54
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Virtualization Essentials
• OVS (Open vSwitch) OVSDB, Nexus1000v
• VXLAN, MP-BGP, EVPN
• DPDK
• Using Openstack
• ONOS
• iWAN / SD-WAN
• Segment Routing
• Path Computation Element Routing PCEP
• vCPE
BRKSPG-1000 56
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• DPDK is an Open Source BSD licensed project.
• DPDK is a set of libraries and drivers for fast packet processing.
• It was designed to run on any processors knowing Intel x86 has been the first CPU to be supported.
• DPDK is not a networking stack and does not provide functions such as Layer-3 forwarding, IPsec, firewalling, etc.
DPDK: Data Plane Development Kit
Sources: www.dpdk.org, DPDK Summit (Sept. 2014)
BRKSPG-1000 58
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• IP/MPLS architecture that seeks the right balance between distributed intelligence and centralized optimization and programming
• Drastic reduction of control-plane and hardware state
• Better utilization of the installed infrastructure
• Wide applicability: DC, WAN, Metro, Peering (end-to-end)
• An architecture designed with SDN in mind
• Unleash application-network innovation
• Open IETF proposed standard (SPRING working group)
Segment Routing
www.segment-routing.net
BRKSPG-1000 59
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Segment Routing
• Distributed routing protocol used to compute shortest (or best) paths and advertise segments
• Segments identify forwarding resources within the topology and are encoded as labels
• Global segments: nodes / prefixes
• Local segments: peers, output interfaces
• Central SDN controller chooses explicit paths for flows and programs source (border router, VM, application) with forwarding policies (i.e., match flow → push segments / label stack)
• Downstream nodes switch based on label stack without carrying any per-flow state (reuses MPLS data plane)
• Implementations: IOS XR, IOS XE, NX-OS, WAE
4 5
3
6 7
AS2
2
1AS1
pkt
16007
16003
16002
SDNControl
BGP-LS
PCEPNETCONF/YANGOpenFlowCLI/XML
BRKSPG-1000 60
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Path Computation Element Protocol (PCEP)
• Used between head-end router and PCE to:
• Request/receive path from PCE subject to constraints
• State synchronization between PCE and router
• Hybrid CSPF
• Two current modes based on Stateful PCE initiative:
• PCE Initiated: App + PCE initiate tunnel setup
• LSP Delegation: router initiates tunnel setup (e.g. via CLI or NMS) then delegates tunnel management to PCE
• Implementations
• IOS XR 5.1.1, WAE, Open Daylight
4 5
3
6 7
AS2
2
1AS1
PCE
PCEP
BRKSPG-1000 61
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Base specification defined in IETF RFC 5575
• Various extensions defined in other IETF documents (see IDR working group docs)
• Provides the following key capabilities:
1. Distribute ACLs via BGP, thereby, enabling rapid inter-domain distribution of flow-based traffic filters at large-scale (network wide)
2. Flow-based traffic redirection, for example, to traffic scrubber for DDoS mitigation
• Open Daylight Lithium release will support origination of BGP Flowspec rules
• Recent Cisco contribution
• Enables centralized policy engine to dynamically program network wide traffic filtering and steering policies via Open Daylight SDN controller REST interface
• Facilitates SDN-based DDoS mitigation
• Implementations: IOS XR 5.2.0, IOS XE 3.15S, Open Daylight (Lithium)
BGP Flow Specification (aka Flowspec)
BRKSPG-1000 62
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Allows BGP to push IGP topology (LSDB) and resource utilization up to central SDN controller
• New link state address family
• BGP provides a familiar operational model to aggregate topology information across domains
• Multi-hop sessions
• Need at minimum single BGP-LS speaker per domain
• Topology information distributed from IGP into BGP (only if changed)
• Implementations
• IOS XR 5.1.1, WAE, Open Daylight
Domain 1 Domain 2
Domain 0
BGP-LS
BGP-LS BGP-LS
RR
BGP Link State (BGP-LS)
SDNControl
BRKSPG-1000 63
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Overview
Introducing VXLAN
• Traditionally VLAN is expressed over 12 bits (802.1Q tag)
• Limits the maximum number of segments in a Data Centre to 4096 VLANs
• VXLAN leverages the VNI field with a total address space of 24 bits
• Support of ~16M segments
• The VXLAN Network Identifier (VNI/VNID) is part of the VXLAN Header
Cisco DFA
Frame
VXLAN
Frame
Classical Ethernet Frame
CRC (new)
VxLAN (8)
UDP (8)
IP (20)
Original CE Frame 50 bytes
Outer MAC (14)
VNI
DMAC SMAC 802.1Q Etype CRC Payload
DMAC SMAC 802.1Q optional
Etype Payload
ags
8 bits 24 bits 8 bits 24 bits
Reserved Reserved VNI
VNI
BRKSPG-1000 64
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Frame FormatMAC-in-IP Encapsulation
Un
de
rlay
Outer IP Header
Outer MAC Header
UDP Header
VXLAN Header
Original Layer-2 Frame Ove
rlay
14 Bytes
(4 Bytes Optional)
Ether Type
0x0800
VLAN ID
Tag
VLAN Type
0x8100
Src. MAC Address
Dest. MAC Address 48
48
16
16
16
20 Bytes
Dest. IP
Source IP
Header
Checksum
Protocol 0x11 (UDP)
IP Header
Misc. Data72
8
16
32
32
8 Bytes
Checksum 0x0000
UDP Length
VXLAN Port
Source
Port16
16
16
16
8 Bytes
Reserved
VNI
Reserved
VXLAN Flags
RRRRIRRR8
24
24
8
Src VTEP MAC Address
Next-Hop MAC Address
Src and Dst
addresses of the
VTEPs
Allows for 16M
possible
Segments
UDP 4789
Hash of the inner L2/L3/L4 headers of
the original frame.
Enables entropy for ECMP Load
balancing in the Network.
50 (
54)
Byte
s o
f O
ve
rhe
ad
BRKSPG-1000 65
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IP Interface
IP Interface
Edge Device
Edge Device
Edge Device
Edge Device
Edge Device
Edge Device
Local LAN
Segment
Local LAN
Segment
Physical Servers
Virtual Servers
VXLAN Taxonomy (1)
BRKSPG-1000 66
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Local LAN
Segment
Local LAN
Segment
Physical Servers
Virtual Servers
VTEP
VTEP
VTEP
VTEP
VTEP
VTEP
VXLAN Taxonomy (2)
VTEP: VXLAN Tunnel End-PointVNI/VNID: VXLAN Network Identifier
BRKSPG-1000 67
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN – Ethernet VPN
Control-
PlaneEVPN MP-BGP - RFC 7432
Data-
Plane
Multi-Protocol Label Switching
(MPLS)draft-ietf-l2vpn-evpn
Provider Backbone Bridges
(PBB)draft-ietf-l2vpn-pbb-evpn
Network Virtualisation Overlay
(NVO)draft-ietf-bess-evpn-overlay
EVPN over NVO Tunnels (ie VXLAN) for Data Centre Fabric encapsulations
Provides Layer-2 and Layer-3 Overlays over simple IP Networks
BRKSPG-1000 68
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why Linux is Essential for Network Engineers
BRKSPG-1000 70
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Popular Linux Distributions
• Red Hat Enterprise Linux
• Red Hat’s official commercial distribution of Linux for training, services, and support.
• It works closely with emerging platforms such as OpenStack.
• Red Hat is paid support for production.
BRKSPG-1000 71
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Linux Shells
• There are various flavors of Linux shells out there. Some of the more common ones are:
• bash – Bourne Again Shell
• sh – Bourne Shell
• csh – C shell
• tcsh – TENEX C Shell
• As soon as a Linux users logs into a system, the user will have a default shell prompt. Default shell type is defined in users .login file
BRKSPG-1000 72
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Accessing Linux in Nexus 9000
• Prerequisite – enable the bash-shell featuren9k1(config)#feature bash-shell
• Start using Linux!n9k1(config)#run bash
BRKSPG-1000 73
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Linux Essential skills to know
• File System Structure and Navigation
• File Permissions
• Viewing file contents (start, end, sort, find)
• Text editor
• nmap, netstat, traceroute, ifconfig, route
• Iptables, Linux bridge
• Package management
BRKSPG-1000 74
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Minimize Packages to Minimize Vulnerability
• Find and remove or disable unwanted services from the server to minimize vulnerability.
• Use the ‘chkconfig‘ command to find out services which are running on runlevel 3.
# chkconfig serviceName off
• Use the RPM package manager such as “yum” or “apt-get” tools to list and remove installed packages
# yum –y remove package-name
# sudo apt-get remove package-name
BRKSPG-1000 76
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Check Listening Network Ports
• With the help of ‘netstat‘ networking command you can view all open ports and associated programs.
• Use ‘chkconfig‘ command to disable all unwanted network services from the system.
Example:
netstat -tulpn
BRKSPG-1000 77
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Secure Shell (SSH) Common Implementation Practices
• SSH is a secure protocol that use encryption technology during communication with server.
• Use “sudo” to execute commands.
• sudo are specified in /etc/sudoers file
• can be edited with the “visudo” utility which opens in VI editor.
• Modify # vi /etc/ssh/sshd_config to:
• Disable root Login
• Only allow Specific Users
• Use SSH Protocol 2 Version
BRKSPG-1000 78
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Security Monitoring & Management
• Setup tripwire to monitor system file integrity and to audit changes.
• Setup and implement log file rotation policies.
• Setup a central syslog server (syslog-ng)
• Use a log analyzer, such as logcheck.
• Setup a monitoring system using Nagios or Argus on your network.
BRKSPG-1000 79
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Define Containers
An isolated, resource controlled application environment.
An individual Linux-based runtime environment
Infrastructure embedded containers
Virtual infrastructure environments -- Cisco Virtual Application Container Services (VACS) application environments
Container Perspectives
- App Container – means to encapsulate
and deploy a software component and all
its dependencies
- OS Container – Light weight virtual
machine
Kernel Features enabling Containers:
Isolation by namespaces
Resource Limits by control groups (cgroups)
BRKSPG-1000 80
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why containers• Cloud Native Applications
• Run in cloud computing environments
• Infrastructure agnostic
• Application components designed as
relatively simple, discoverable, re-useable
services such as microservices.
• The Unix philosophy is to write small,
single-purpose tools that can be
composed together (in pipelines, via
scripts, etc.) to build larger solutions.
Monolithic Apps Cloud Native
Apps
server / hypervisor,
IaaS
server clusters,
containers
difficult to scale easy to scale
high impact to
component
failure
built for failure,
system resilience
challenging to
upgrade
easy to upgrade
larger dev and ops
teams
smaller, agile
devops teams
BRKSPG-1000 81
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Containers are almost like Virtual Machines
• Linux Containers (LXC) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a single control host (LXC host).
• Containers have their own network interface (and IP address)• Can be bridged, routed... just like with Xen, KVM etc.
• Containers have their own file system• For example a Debian host can run Fedora container (and vice-versa)
• Security: Containers are isolated from each other• Two containers can't harm (or even see) each other
• Resource Control: Containers are isolated and can have dedicated resources
• Cisco support for containers come as “virtual service nodes”
• Cisco Nexus 9000 supports containers for extending the Linux tools available on the switch as well as
for running agents such as Puppet & Chef
BRKSPG-1000 82
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Hypervisors vs. Containers
Hardware
Operating System
Hypervisor
Virtual Machine
Operating
System
Bins / libs
App App
Virtual Machine
Operating
System
Bins / libs
App App
Hardware
Hypervisor
Virtual Machine
Operating
System
Bins / libs
App App
Virtual Machine
Operating
System
Bins / libs
App App
Hardware
Operating System
Container
Bins / libs
App App
Container
Bins / libs
App App
Type 1 Hypervisor Type 2 Hypervisor Linux Containers
Containers are isolated,
but share OS and, where
appropriate, libs / bins.
BRKSPG-1000 83
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Dockers and Containers
• Docker: the Linux container engine• Better than VM
• Size
• Performance
• Portability
• Application-centric
• Containers use less resources and are more efficient to run an application than hypervisors
• Container consists of an entire runtime environment: an application, plus all its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package, • gives it application portability
• can run virtually anywhere
• can be started almost instantly
BRKSPG-1000 84
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Container World Taxonomy
• Container Tools
• Docker, Rkt, repos/registries
• micro-OSs – CoreOS, RHEL Atomic, Ubuntu Snappy
• Cluster Control and Services
• Scheduler/Job Monitor – Marathon, Aurora
• Resource Managers – Mesos, Kubernetes
• Distributed Key/Value/lock managers –zookeeper, etcd, consul
• Service Orchestration/Management
• Kubernetes, Mesosphere DCOS, CoreOS Swarm, HashiCorp Terraform
container / service management
physical & virtual cluster nodes
PaaS
SchedulerDistributed
Frameworks
Container Tools
applications
Cluster Services
Service Orch/Mgmt
microservices
IaaS
BRKSPG-1000 85
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Containers Projects • Mantl
• Container orchestrator
• Uses Apache Mesos as cluster manager
• Shipped
• Hybrid DevOps platform for containerized microservices
• Supports Docker containerized microservices
• Contiv
• Open source
• Defines infrastructure operational policies for container-based application deployment
• Ability to specify infrastructure operational policies for network, storage and compute
BRKSPG-1000 86
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Vision for Linux Containers
BRKSPG-1000 87
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Linux Commands (Cheat Sheet)Command Description Command Description
cat [filename] Display file’s contents to the
standard output device.
man [command] Display the help information for the
specified command.
cd /path/to/directory Change to directory. mkdir [options] directory Create a new directory.
chmod [options] mode filename Change a file’s permissions. mv [options] source destination Rename/move file(s) or directories.
chown [options] filename Change who owns a file. ps [options] Show currently running processes.
clear Clear a command line window. pwd Pathname for the current directory.
cp [options] source destination Copy files and directories. rm [options] directory Remove file(s) and/or directories.
date [options] Display/set system date/time. ssh [options] user@machine Remote into another Linux machine
find [pathname] [expression] Search for files matching a provided
pattern.
su [options] [user [arguments]] Switch to another user account.
grep [options] pattern [filename] Search files or output for a particular
pattern.
tail [options] [filename] Display the last n lines of a file (the
default is 10).
kill [options] pid Stop a process. tar [options] filename Store and extract files from a tarfile
less [options] [filename] View the contents of a file one page
at a time.
touch filename Create an empty file with the
specified name.
ls [options] List directory contents. who [options] Display who is logged on.
BRKSPG-1000 89
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
KVM Intro• KVM, which stands for Kernel-based Virtual Machine, is an open-
source software platform that enables virtualization for x86 and other
server platforms running the Linux operating system (OS)
• It can be loaded to run multiple virtual machines on a single server
running unmodified Linux or Windows.
• KVM has become one of the most widely used virtualization
technologies today, and it has taken on many different forms by
companies or organizations that have modified the code, including
IBM and Red Hat.
• It is a open-source alternative to proprietary virtualization
technologies such as ESXi offered by VMware and Microsoft hyperV.
• Other open-source virtualization solutions include Xen, which is
supported by Citrix.
BRKSPG-1000 90
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
How to develop your Linux Skills
Books and E-Books • Certifications
• Linux Foundation Linux Certification: https://training.linuxfoundation.org/certification
• Linux Foundation Certified System Administrator: https://training.linuxfoundation.org/certification/lfcs
Web Links
• An overview of Red Hat OpenStack Platform: https://www.redhat.com/en/services/training/cl010-red-hat-openstack-technical-overview
• Linux Academy – Linux & Cloud Training: https://linuxacademy.com
• Introduction to Linux: https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
• Network Programmability Users Group.
• Following Linux Education WebexSeries are available @ http://www.npug.net/past-events/
Linux Network Administrators Guide:
http://www.tldp.org/LDP/nag2/nag2.pdf
BRKSPG-1000 91
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Open InnovationCreate competitive supply of innovative
applications by third parties
Orchestration for automation, provisioning andinterworking of physical and virtual resource.
Enable new service innovations from Weeks and Months to Minutes and Days
Software Defined NetworkSeparation of control and data plane. Create
network abstraction for faster innovation
Network Function VirtualizationNetwork functions and software running on any open standards-based hardware.
Reduce CAPEX, OPEX, power and space
OpenInnovation
NFVSDN
NewService
SDN, NFV, and Open Innovation
BRKSPG-1000 93
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
OpenStack is an Infrastructure As A Service (IaaS) cloud computing project
“…provides a means to control (administer) compute, storage, network and virtualization
technologies…”
= Cloud Operating System
BRKSPG-1000 94
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
OpenStack to Manage IAAS
BRKSPG-1000 95
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
OpenStackOpen Source Software for Creating Private and Public Clouds
Compute (Nova)
Self-service provisioning of virtual machines through a software API
Object Storage (Swift)
Massively scalable, distributed object store
Network Service (Neutron)
For tenant created, virtual isolated networks and subnets, and services
Your Application
www.openstack.org
BRKSPG-1000 96
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
OpenStack Projects
BRKSPG-1000 97
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco OpenStack Platform (Mercury) Introduction• Mercury is a Cisco OpenStack platform built on top of an underlying OpenStack Distribution like Red Hat to build a
carrier grade platform integrated with Cisco HW & SW
• Mercury provides a set of tools including an automated installer, containerized OpenStack services, logging/monitoring, health check tools and plugins for Cisco HW and SDN controllers
98BRKSPG-1000
Redhat Enterprise Linux OpenStack Platform (RHEL OSP7)
Compute Networking Storage
Nova
Automated
Installer
Cisco OpenStack Platform (Mercury)
Proven HA
Architecture
Health Checks
ASR1k ACI
OSC
Nx9k
Redhat
VTSLogging /
Monitoring
Containerised
Components
OVS / Linux Bridge
Cisco
Integrated Test
Suite
Neutron
Plugins / Drivers
Cinder / Glance
Ceph
Goal of Mercury is to provide a reliable, highly available & easily upgradeable OpenStack
platform for SP deployment
CI/CD
Release
System
Automated
System Test
Cisco GIT
Repository
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Services Orchestrator (NSO)
• Enabled by tail-f
• Multi-vendor service orchestrator for existing and future networks o Includes distributed (multi-device) service
configuration management, transaction integrity, validation and rollback
• Single pane of glass for:o L2-L7 networking
o Hardware Devices
o Virtual Appliances
• YANG Model Driven Orchestrationo Service Data models (declarative)
o Device Data Model (for auto config)
o Fastmap engine translates models to device configuration including CLI
• Highly Scalable for large infrastructure
o One of the existing deployment is managing 60K devices on the network
Network Element Drivers
Device Manager
Service Manager
Network Services Orchestrator (NSO) Service
Models
Device
Models
Network-wide CLI, Web UIREST, Java, NETCONF
Network
Engineer
Management
Applications
End-to-End
Transactions
NETCONF, CLI, SNMP, REST, etc.
• Applications
• Controllers
BRKSPG-1000 99
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
List of Events
• VM Alive
• Service Alive
• Upper load threshold crossed
• Lower load threshold crossed
• Service Dead
• VM Dead
List of Actions
• Notify (callback)
• Advertise Service
• Withdraw Service
• Restart VM
• Scale up (add a VM)
• Scale down (remove a VM)
• Individually customisable
action(s) for every event
Simple Rules
Service Alive => advertise
VM Dead => withdraw
Upper load => scale up
Complex Rules
Upper load => Scale up, Notify, Advertise
Service Dead => Withdraw, Notify, Restart
Service Alive => Advertise, Notify
Elastic Services Controller
Provision
VM
VM Bootstrapprocess
Service Bootstrap Process
Servicealive
VMalive
ServiceFunctional
ServiceOverloaded / Underloaded
VNFProvisioning
VNF MonitorVNF
Configuration
Configure
Service
Service DEAD
VM DEAD
Custom Script
Action
VMOverloaded / Underloaded
Predefined Action
Custom Script
Action
Predefined Action
Custom Script
Action Predefined Action
Custom Script
Action Predefined Action
Custom Script
Action Predefined Action
Custom Script
Action Predefined Action
Analytic Engine Rule Engine
Elastic Services Controller (ESC)VNF Lifecycle Management, Monitoring and Elasticity
BRKSPG-1000 100
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtual Topology System (VTS)
REST API
Virtual Topology System
(VTS)MP-BGP
BGP-EVPN
VTFVTFOVS dVS
RESTCONF/YANG
MP-BGP
BGP-EVPNRR RR
IP / MPLS
WAN
WAN / Internet
3rd Party Cloud
Bare Metal
Workload
Virtualised
Workloads with OVS
Virtualised Workloads with Feature Rich &
High Performance Cisco VTF Solution
Virtualised
Workloads with SR-IOVVirtualised
Workloads with dVS
DCIDCI
Data Plane
Control Plane
Management &
Orchestration Plane
ToR ToR
VM or
VNF
VM or
VNF
VM or
VNF
VM or
VNFVM or
VNF
VM or
VNFVM or
VNF
VM or
VNF
VM or
VNF
VM or
VNF
VM or
VNF
VM or
VNF
• DC Overlay SDN system consisting of:
• Virtual Topology Controller (VTC)
• Virtual Topology Forwarder (VTF)
• VTF is highly optimized forwarding for x86
• Guest OS as opposed to Host OS
• VXLAN overlays
• Service chaining
BRKSPG-1000 101
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtual Topology System (VTS)
VCenter3rd Party VM
Manager
REST API
Virtual Topology System
(VTS)MP-BGP
BGP-EVPN
VTFVTFOVS dVS
RESTCONF/YANG
MP-BGP
BGP-EVPNRR RR
IP / MPLS
WAN
WAN / Internet
3rd Party Cloud
Bare Metal
Workload
Virtualised
Workloads with OVS
Virtualised Workloads with Feature Rich &
High Performance Cisco VTF Solution
Virtualised
Workloads with SR-IOVVirtualised
Workloads with dVS
DCIDCI
Data Plane
Control Plane
Management &
Orchestration PlaneVTS GUI
ToR ToR
VM or
VNF
VM or
VNF
VM or
VNF
VM or
VNFVM or
VNF
VM or
VNFVM or
VNF
VM or
VNF
VM or
VNF
VM or
VNF
VM or
VNF
VM or
VNF
NSOCFS
RFS
Elastic Services
Controller (ESC)
BRKSPG-1000 102
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What CliQr Does…• Single Cloud Management Platform
• Manage Full Lifecycle
• VMs, OSes, Services, Applications
• Apps - Model, Deploy, Manage
• One to Many, New and Existing Apps
• Simple or Complex Multi-Tier
• Component/VM, Container, PaaS
• One to Many Datacenters, Private or Public Clouds
• Comprehensive Management, Administration and Governance
• Enterprise-Class
• Multi-Tenant, Scalable – Secure - Integrate
• Fast Time-to-Value: Deliver first use case in days. Non-Invasive to architecture
BRKSPG-1000 103
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Multi-Application Engine for the SP WAN
• Enables applications to make queries about placing demands
• Run demand placement and network failure simulations
• Request demand placement or optimisation on the network
• WAE is really an advanced suite of network optimisation, planning and calendaring capabilities which can be leveraged by applications
• Capabilities exposed via northbound REST/Java/Thrift APIs
• WAE uses topology and traffic abstraction
• By collecting information from the network
• Multi-Vendor platform
• Compliments NSO and Open SDN Controller (ODL)
WAE: WAN Automation Engine
http://www.cisco.com/go/wae
Source Destination
SDN Orchestration & ControlConfiglet NSO EMS/NMSODL/OSC …
Traffic Management Applications
REST
REST/NETCONF
NETCONF/PCEP/BGP-LS
BRKSPG-1000 104
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ONOS
NB Core API
Distributed Core (state management, notifications, high-availability & scale-out)
SB Core API
Protocols
Adapters
Protocols
Adapters
Protocols
Adapters
Protocols
Adapters
Apps Apps
ONOS*Distributed*Architecture*Scalable*Distributed*Core*for*Scalability,*HA,*Performance*
INSTANCE 1 INSTANCE 2 INSTANCE 3 INSTANCE N
DATAPLANE
• The Open Network Operating
System (ONOS) is the first open
source SDN network operating
system targeted specifically at the
Service Provider and mission critical
networks.
• ONOS is purpose built to provide the
high availability (HA), scale-out, and
performance these networks demand.
• In addition, ONOS has created useful
Northbound abstractions and APIs to
enable easier application development
and Southbound abstractions and
interfaces to allow for control of
OpenFlow-ready and legacy devices. http://onosproject.org/wp-content/uploads/2014/11/Webinar-prajakta.pdf
BRKSPG-1000 105
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agent Based Agent-less
Higher Order
BRKSPG-1000 107
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Jenkins
• It is a powerful DevOps tool
• It is a continuous integration and continuous delivery application
• Easy to install, easy to configure
• Build and test loads that can be distributed multiple computers using different Operating Systems.
• Jenkins integrates well with any build tools
BRKSPG-1000 108
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Puppet
• It is a power configuration management tool
• Extensibly used in IT operations
• With Puppet you can automate the entire data center without needing to write enormous scripts
• Enormous reduction in time in rolling out new releases – From weeks to hours!!
• Puppet is written in Ruby language.
• Expert knowledge of Ruby is not required to use Puppet but some basics are needed
BRKSPG-1000 109
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Chef
• Like Puppet, Chef is also widely used in the cloud infrastructure automation
• It operates in Client-Server model
• Each chef-client has cookbook which tells how each node in your organization should be configured
• The Chef-Server stores cookbooks , the policies that are applied to the nodes
• Using Chef-Client, Nodes asks the Chef Server for configuration details
BRKSPG-1000 110
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ansible
• Just like Chef and Puppet Ansible is also a configuration management tool
• Unlike Puppet and Chef , Ansible does not use Ruby
• Ansible is implemented using Python
• Currently it is only available on Linux and Unix platforms
• Excellent security using SSH/SSH2
• Still fairly new tool, not tried and tested as Chef and Puppet
BRKSPG-1000 111
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Underlay
Technologies
Virtualization
& Overlay
(include VNFs)
VIM and
Overlay/SDN
Controllers
(Network VIM)
Management &
Orchestration
(ETSI NFV MANO)
Services
Consumptions
SDN & NFV
Solutions
Business Outcomes
Compute: Physical
(servers), Linux OS
Network: Physical (Routers &
Switches), Routing, Switching,
Network Device OS/Firmware
Storage: Physical
(disks), OS, FCOE
Compute
Virtualization:
Hypervisor (KVM)
Network Virtualization:
VXLAN, OpenFlow,
MPLS, EVPN, OVSDB
Storage
Virtualization:
CEPH, Swift
Cloud VPN/
VMS, vCPE, vEPC
User Web Portal, Admin
Portal, Ticketing System,
Billing/BSS, UCS Director
Top
Three
Cisco NSO
VNF Manager:
Elastic Controller
OSS/Management
VTS
BRKSPG-1000 113
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
CCIEs – How About Your SDN Base Skills?
LINUX AND
VIRTUALIZATION
(KVM, QEMU, OVS)
NETWORK
VIRTUALIZATION
(VXLAN, EVPN, OVSDB)
SDN/OVERLAY
CONTROLLERS
(APIC, ODL, ONOS)
OPENSTACK
VIRTUAL INFRA
MANAGER (VIM)
PROGRAMMING, API,
DEVOPS TOOLS
(PUPPET, ANSIBLE)
BRKSPG-1000 114
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ACI: Full Stack SDN in Data Center
Single Point of Management
Without a Single Point of Failure
APIC ClusterDistributed, Synchronized, Replicated
APIC• Hardware (Nexus 9000) and
software (APIC) working hand in
hand
• Network virtualization +
abstraction to decouple network
constructs from application
policies
• Simplify provisioning, operating
through relational object-model
• Fully programmable (REST API,
Python bindings)
BRKSPG-1000 116
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
How We Deploy Services with Cisco ACI Today
BRKSPG-1000 117
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco VTS: SDN Across Nexus Portfolio
VTS
vCenter
REST API
GUI
Nexus Portfolio
Nexus 2k – 9k
Programmable Fabric
Scalable Multi-Tenancy
• MP-BGP EVPN control plane
• Physical and Virtual overlay support
• High performance virtual forwarding
Automated Provisioning
• Group Based Policy model
• Overlay Provisioning
• Service Chaining
Open, Standards Based
• Rest based Northbound APIs
• Multi-protocol support (EVPN, VXLAN)
• Multi-Hypervisor, Bare Metal, Container
Overlay Management
• Automatic Topology Discovery
• Resources Management
• Overlay monitoring and troubleshooting
BRKSPG-1000 118
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco CloudVirtualPrivate Cloud Public Cloud
CPE Evolution from On-Premise to Cloud Based
Premise
Cloud
L3
“classic”
L2 NID
Network Functions from the Cloud
Network Functions on the CPE
L3 CPE + x86
on premise
L3 Cloud
Managed
Simple L3
CPE
vRouter on
X86 on prem
Network Functions
Virtual Network
Functions
Network Secure IP Overlays MPLS Layer 2 VPN Intelligent/Hybrid
Cloud
Application
Containers Applications from the Cloud
Cisco Cloud SP Private Cloud
BRKSPG-1000 119
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Virtual Managed Services (VMS)
BRKSPG-1000 120
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
NFV Orchestrator (NFVO)
VNF Manager (VNFM)
Virtualized Infrastructure Manager (VIM)
Tail-f NCS
ESC
OpenStack
REST/NETCONF/YANG
SDN Controller
OVS Cisco VPP/VTF
Plugin
Monitor
SLA
Scale
Service
Model
Mapping
Device
Model
REST/NETCONF/YANG
ConfD
Portal OSS/BSS • The Portal represents the CFS layer of the Orchestration Stack.
• Orchestrator level. Processes Service Model Instantiation
Requests and Maps these to the Resources required.
• VNF Lifecycle Management. Launch VNFs as needed by the
orchestration layer. Monitor, and scale up or down based on
service consumption models.
• DC Overlay Model. Option to use different SW overlay models
including OVS and VPP. Programmed through SDN Controller
called by OpenStack APIs.
NFV MANO Components for VMS in Data Center
BRKSPG-1000 121
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
SP Cloud / Data Center
Service
Provider
VR
CSR
NED
vFW
vASA
NED
ISR
NED
ISR
Call-home
Adapter
O/S
virt infra mgr
NCS
network service lifecycle
NC/YANG
REST/XSD
Internet
(on-net and off-net)
vNG
IPS
NED
vSec
Web
NED
vSec
NED
Customer CloudVPN
and CloudSecurity
BSS
Systems
RC/YANG
NC/YANG
Operator
Self Service
RESTful
RC/YANG?
NC/YANG
VR_CSR
Other Network
Services
vNG-Intrusion
Protection
vSecWeb
VFW_vASA
vSecEmail
ESC
virt infra
lifecycleconfd
service
models
device
models
fastmap
O/S
component
APIs
App:
User
Self
Service
RC/YANG
NC/YANG
Cisco
RESTful
Cisco CLI
via SSHConfig &
Operation
ISR CPEISR CPE
ISR CPE
ISR CPE
SP
Portal
Config &
Operation
Cisco VMS Service Delivery WorkflowModel Driven Automation
BRKSPG-1000 122
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
SDN/NFV Baseline Skills Matrix
Network Virtualization OS/Compute/Storage Virtualization
Virtual infrastructure Manager
Overlay & SDN Controller Orchestration and Chaining Network Programmability
OVS (Open vSwitch)
OVSDB,Nexus1000v
NSX, VXLAN,
BGP, EVPN, VNF
Linux
KVM
Docker
ESXi
CEPH/SWIFT
Openstack
vCenter
NFV MANO
Open Daylight
Cisco Open SDN Controller
NSX
ACI, APIC-EM
VTS
Netconf, Yang
Puppet, Chef
Tosca
VNFM ( ESC)
NSO,
Openstack (HEAT)
NFV MANO
Scripting
General Programming Skills,
North and South Bound APIs
Devops
Python,JSON, XML, REST
Basic Knowledge of Networking Standards + Cloud and Virtualization Concepts
BRKSPG-1000 124
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Begin with End in Mind: Which Role Will You Be?
Skills:Business Architecture, Service Chaining, Industry
Standards, Product Roadmaps, Broad Knowledge of
VNFs & Virtualization in general, Network Assessments,
Solutions Architecture, Understand Abstractions
Architect SME
OperatorInstaller
Provides Technical Solutions to Business Problems Domain Experts in one or more Areas of Technology
Provides Day 2 Support for Deployed SolutionsProvides Implementation and Testing of the
Solution
Skills:Solutions Architecture, Domain Expertise, Virtualization
Expertise, Dockers, Containers, Service Chaining, SDN
and NFV, VNFs, Open Systems ( Linux), Ability to write
detailed design, Industry Standards,
Skills:Strong Troubleshooting, Network and OS Virtualization,
Strong Orchestration Tools knowledge, Basic Scripting
and Network programmability, Good Linux background.
SDN/NFV background to suggest optimizations.
Focused on operations and usability of the Solution.
Skills:Advanced skills to install, configure and customize
components of solution, Software Development with
Agile/Scrum. Strong Orchestration and Automations
Skills, Strong Open Systems ( Linux) expertise.
BRKSPG-1000 125
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
CISCO NETWORKING
LINUX OS
HYPERVISOR
OPENSTACK
PYTHON/SCRIPTING
COMMUNICATION
PROBLEM SOLVING
BUSINESS ACUMEN
LEADERSHIP
SOLUTIONS ARCHITECTURE
Complete Novice
Domain ExpertHands on
Done some reading
Self Assessment and Gap Analysis
BRKSPG-1000 126
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Learning Strategy
Compute Software
Security
Networking
Route
/Switch
SP
DC
OS/Linux
Programmability
Virtualization
Openstack
Start
Storage
BRKSPG-1000 127
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
BuildLearning Path
Underlay
Technologies
Virtualization
& Overlay
(include VNFs)
VIM and
Overlay/SDN
Controllers
(Network VIM)
Management &
Orchestration
(ETSI NFV MANO)
Services
Consumptions
SDN & NFV
Solutions
Business Outcomes
Compute: Physical
(servers), Linux OS
Network: Physical (Routers &
Switches), Routing, Switching,
Network Device OS/Firmware
Storage: Physical
(disks), OS, FCOE
Compute
Virtualization:
Hypervisor (KVM)
Network Virtualization:
VXLAN, OpenFlow,
MPLS, EVPN, OVSDB
Storage
Virtualization:
CEPH, Swift
Cloud VPN/
VMS, vCPE, vEPC
User Web Portal, Admin
Portal, Ticketing System,
Billing/BSS, UCS Director
Top
Three
Cisco NSO
VNF Manager:
Elastic Controller
OSS/Management
VTS
Te
ch
nic
al S
kill
De
ve
lop
me
nt
Solv
ing B
usin
ess P
roble
ms
BRKSPG-1000 128
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Get with the Program!!
www.opennetworking.org/certification/skills
learningnetwork.cisco.com/community/cert
ifications/network-programmability
•
•
Required
Exams
Recommended Training
300-504
CLDINF
Implementing and Troubleshooting
the Cisco Infrastructure (CLDINF)
300-505
CLDDES
Designing the Cisco Cloud
(CLDDES)
300-506
CLDAUT
Automating the Cisco Enterprise
Cloud (CLDAUT)
300-507
CLDACI
Building the Cisco Cloud with
Application Centric Infrastructure
(CLDACI)
Cisco Programmability CertificationsCisco Cloud Certifications
DNA
BRKSPG-1000 129
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Skill Transformation Roadmap
Network and DC Virtualization
Linux For Network
EngineersOpenStack Certified
Professional
Python/XML for Network Engineers
Automation & Orchestration
Network Engineer/Architect.Time
SDN & NFV Use Cases
Ready For Tomorrow
Open Engineer
2017
2016 BRKSPG-1000 130
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
How Much Time Investment Required?
20% = 1 Day / Week = 4-5 Days / Month
It Depends on existing back ground and many other factors
All Engineers are not made the same
This is a general guestimate
BRKSPG-1000 131
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
CCIEs – How to Transform and How Long?
BRKSPG-1000 132
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Learning resources
• Cisco Devops
• ONF
• Linux Foundation
• SDx Central
• Internet - Training Material - Classroom - Cisco Live Recording - Online Forum - Online Library - Industry Standard
• Practice Labs
133BRKSPG-1000
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.
BRKSPG-1000 134
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Muhammad Ali
“The best way to realize our dreams is to wake up”
BRKSPG-1000 136
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wrap Up
• The Transformation is Real
• Segment your Learning
• Learn Virtualization
• Learn Linux
• Learn Scripting and Programming
• Start Using open Stack before mastering how to Install it.
• Understand Orchestration Tools
• Always keep the Big Picture in mind
• Your Target Role
• Use cases
• If you do not have Rotation Program available then get into a certification program
• With All the above Technologies Blend an Analytical Approach.
• Do not lose sight of Security
137BRKSPG-1000
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What happens in VegasStays in Vegas
This Does NOT Apply To Ciscolive!
2016
BRKSPG-1000 138