DGTL Brkens 1100
DGTL Brkens 1100
DGTL Brkens 1100
Alexey Romanov
Consulting Engineer
DGTL-BRKENS-1100
#CiscoLive
Agenda
• Introduction
• SD-WAN Architecture Overview
• ENCS Platform Overview
• VNF Service Chaining in SD-WAN
• VNF and Network Types
• Virtual Branch Design Scenarios
• Virtual Branch Management
• Automation of Service Chain Deployments
• SD-WAN Operations Cycle
• Takeaways
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
SD-WAN Architecture
Overview
Cisco SD-WAN Architecture
Orchestration Plane Management Plane
vManage
• First point of authentication • Single pane of glass for Day0, Day1
• Distributes list of vSmarts/ and Day2 operations
vManage to all vEdge routers APIs • Multitenant or single-tenant
• Facilitates NAT traversal rd
3 Party • Centralized provisioning,
vBond troubleshooting and monitoring
Automation
• RBAC and APIs
vAnalytics
Data Plane Control Plane
• Physical or virtual vSmart Controllers • Dissimilates control plane
• Zero Touch Provisioning information between vEdges
• Establishes secure fabric MPLS 4G • Distributes data plane policies
• Implements data plane policies • Implements control plane policies
INET
• Exports performance statistics WAN Edge Routers
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Network-wide Control Plane
Cisco SD-WAN Traditional
Network Control Plane
Data Plane + Local Control Plane Integrated Control and Data Plane
O(n) Control Complexity O(n^2) Control Complexity
High Scale Limited Scale
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Overlay Management Protocol (OMP)
vSmart
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Transport Locators (TLOCs)
vSmarts advertise TLOCs to
vSmart all WAN Edges*
(Default)
Full Mesh
SD-WAN Fabric TLOCs advertised to vSmarts
(Default)
WAN Edge
Local TLOCs
WAN Edge (System IP, Color, Encap)
WAN Edge
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
vManage Demo
ENCS Platform
Overview
What is Enterprise Network Compute System?
Small Office/Home office
SOHO device
+ =
Enterprise Network
Unified + Compute System
Computing
(ENCS)
System Router Switch
(UCS)
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Platform Built for Enterprise NFV
• ENCS 5000 Series for the Branch
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
ENCS 5000 Series - Chassis Options
ENCS5412
ENCS5408 12-Core
ENCS5406 8-Core
ENCS5104 6-Core
4-Core
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
NFV and NFVIS
What and Why Network Function Virtualisation?
Prior to NFV - physical appliance per network function in each branch
NFV gives an opportunity to combine multiple network functions in one ENCS device
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Purpose built Network Hypervisor
Enterprise NFV Infrastructure Software (NFVIS)
Network Hypervisor Zero-Touch Deployment Security
§ Provisioning and launch of VNFs § Elastic service insertion § Programmable API for
§ Stop and restart services § PNIC tracking and VNIC update service orchestration
§ Dynamically add and remove § Multiple independent service § Rest and NETCONF API
services paths based on applications or § Netconf Notification
§ Failure monitoring and and user profiles
recovery § Host and VM Statistics, Packet
§ VNF Backup Restore Capture
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Network Functions Virtualization Infrastructure
Software (NFVIS)
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
ENCS Demo
VNF Service Chaining
in SD-WAN
VNF and Network
Types
What is Service Chain?
Traffic flow
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Where Do We Start With Virtual Branch Design?
• What Virtual Functions do we need?
• What are the bandwidth requirements?
• Single-homed, dual-homed, multi-homed site?
• L2 or L3 connectivity on the LAN side?
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
What SD-WAN Relevant VNFs are Certified?
• Firewalls:
• ASAv, FTDv, Checkpoint Cloud Guard, FortiGate, NETSCOUT vAED, Palo Alto VM
• Routers:
• ISRv, vEdge Cloud
• WAN Optimisation:
• vWAAS and Riverbed SteelHead
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Interface Types
• Open vSwitch(OVS)/virtio - bridges and virtual networks for service
chaining between VMs
• SR-IOV - High performance networks
• DPDK – Data Plane Development Kit skips the Linux kernel by processing
packets directly in the user space.
• PCI Passthrough – dedicating the entire NIC to the VNF directly
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
5400 ENCS Internal Networking
5400 ENCS Platform Data Path
Control Path
VM 1 ISRv VM 2
(NIC aware) (NIC aware)
Cisco
VLAN-aware X86 IMC
NIM
HW switch mgmt
PoE
mgmt
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Data Plane Development Kit (DPDK)
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Design Considerations
How to Read the GUI?
Ge0/0 Physical ports Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2 SR-IOV ports
wan-br
wan-br2
Virtual bridges OVS
can be accelerated with DPDK
lan-net
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Adding VNF to the Picture
Ge0/0 Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
wan-br
wan-br2
Connecting VM to
SR-IOV or OVS lan-net
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Connecting Multiple VNFs
Ge0/0 Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
wan-br
wan-br2
inter-vnf-net
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Connecting Multiple VNFs
Ge0/0 Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
wan-br
wan-br2
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Multi-Homed Site - L3 on the LAN side
Internet
Internet
MPLS
MPLS
Edge Edge
Ge0/0 Ge0/1 Ge0/0 Ge0/1
Ge1/… Ge1/…
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
TLOC Extension Options
TLOC Ext
Internet
MPLS
Multiple Subs
on Edge
Edge Edge
Ge0/0 Ge0/1 Ge0/0 Ge0/1
ENCS ENCS
Switch Switch
Ge1/… Ge1/…
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
TLOC Extension Options Cont.
Internet
Internet
MPLS
MPLS
Edge Edge
Ge0/0 Ge0/1 Ge0/0 Ge0/1
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Spanning Tree Design
Internet
Internet
MPLS
MPLS
• Based on the LAN
Edge Edge
connectivity you might need Ge0/1 Ge0/1
Ge0/0 Ge0/0
to plan L2 domain design
• RSTP is the default
spanning-tree mode
• RPVST is not supported ENCS Ge1/… TLOC Ext Ge1/…
ENCS
• MST is configurable via CLI Switch Switch
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Using VLANs
Configuring VLANs on Virtual Networks
VLAN configuration
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Configuring VLANs on SR-IOV prior to 3.12
• SR-IOV is configured as trunk by Configure SRIOV port in NFVIS:
default conf t
networks network GE0-0-SRIOV-1
• Configuration changes on SR-IOV trunk true
native-vlan [ 10 ]
should be applied before attaching VM vlan [ 100 200 ]
to SR-IOV port
networks network GE0-0-SRIOV-2
• If you don’t want to change NFVIS trunk false
configuration you can just configure vlan [ 100 ]
sub-interface on the VM
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Configuring VLANs on SR-IOV starting 3.12
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Adding VLANs to the Switch
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Image Management
and VNF deployment
VM Image Packaging
• Converting qcow2 and img images into tar.gz
• Adds SR-IOV drivers to images
• ISRv package “.tar.gz” is available on cisco.com
• To create vEdge Cloud package you need build-in tool in the NFVIS GUI or use python script in the CLI
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
VM Image Package Files
• Image properties file (Image_properties.xml) <bootstrap_file_1>ovf-env.xml</bootstrap_file_1>
<bootstrap_file_2>iosxe_config.txt</bootstrap_file_2>
VM Type
<custom_property>
• <tech_package>ax</tech_package>
<tech_package>security</tech_package>
<tech_package>ipbase</tech_package>
• Resource requirement (vCPU, Memory etc.,) <tech_package>appx</tech_package>
</custom_property>
<custom_property>
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
VM Image Package Files Cont.
• Bootstrap Configuration file (ovf-conf.xml)
• Login username and password
• Mgmt interface
<?xml version="1.0" encoding="UTF-8"?>
<Environment
xmlns:oe="http://schemas.dmtf.org/ovf/environment/1">
<PropertySection>
<Property oe:key="com.cisco.csr1000v.config-version.1" oe:value="1.0"/>
<Property oe:key="com.cisco.csr1000v.enable-ssh-server.1" oe:value="True"/>
<Property oe:key="com.cisco.csr1000v.login-username.1" oe:value="cisco"/>
<Property oe:key="com.cisco.csr1000v.login-password.1" oe:value="ciscoIsrv123!"/>
<Property oe:key="com.cisco.csr1000v.mgmt-interface.1" oe:value="GigabitEthernet1"/>
!!!GigabitEthernet1-nicid(0)-int-mgmt-interface-don't change ip address or don't shutdown
<Property oe:key="com.cisco.csr1000v.mgmt-ipv4-addr.1" oe:value="${NICID_0_IP_ADDRESS}/24"/>
<Property oe:key="com.cisco.csr1000v.mgmt-ipv4-network.1" oe:value=""/>
<Property oe:key="com.cisco.csr1000v.license.1" oe:value="${TECH_PACKAGE}"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0001" oe:value="vrf definition Mgmt-intf"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0002" oe:value="address-family ipv4"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0003" oe:value="exit-address-family"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0004" oe:value="address-family ipv6"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0005" oe:value="exit-address-family"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0006" oe:value="exit"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0007" oe:value="interface GigabitEthernet1"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0008" oe:value="vrf forwarding Mgmt-intf"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0009" oe:value="ip address ${NICID_0_IP_ADDRESS} ${NICID_0_NETMASK}"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0010" oe:value="no shut"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0011" oe:value="exit"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0012" oe:value="ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 ${NICID_0_GATEWAY}"/>
</PropertySection>
</Environment>
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
VM Image Package Files Cont.
• Package Manifest (package.mf)
• Checksum
• File type, name
<!-- sha1sum - for calculating checksum -->
<PackageContents>
<File_Info>
<name>isrv-ucmk9.16.10.2-vga.qcow2</name>
<type>root_image</type>
<sha1_checksum>9a61ef4e7c79fe6f6d6cf9fa5b3651dac7780624</sha1_checksum>
</File_Info>
<File_Info>
<name>image_properties.xml</name>
<type>image_properties</type>
<sha1_checksum>3f78a87d67cfd55e9ba108e7b36b119e0534ef16</sha1_checksum>
</File_Info>
<File_Info>
<name>isrv_ovf_env.xml</name>
<type>bootstrap_file_1</type>
<sha1_checksum>aad802de6ef10dc4b4b4c13d7d5d9991e4d89a8c</sha1_checksum>
</File_Info>
</PackageContents>
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Image Packaging GUI
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Image Packaging GUI Cont.
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Image Packaging GUI Cont.
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Image Packaging CLI
• VM packaging utility located in VM Life Cycle->Image Repository->Browse Datastore->data->intdatastore-
>vmpackagingutility
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
VM Deployment
Deploying VM
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Deploying VM Cont.
VM name
Image you are going to use
Resource allocation profile or flavour, also defines
maximum performance in terms of tunnels and
throughput
Technology package licence type
NIM support
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Deploying VM Cont.
VM interface
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Deploying VM Cont.
VM interface
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
vEdge Cloud and ISRv Flavours
• vEdge Cloud using 1 core for the system and the rest for the forwarding, you can
have 2 flavours 2 cores or 4 cores
• vEdge Cloud gives better performance with 8 Gig of RAM
• ISRv will also take 1 core for OS others for forwarding
• ISRv can allocate additional cores for security features which require use of
containers
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Interface Performance
• SRIOV and DPDK in theory should provide performance close to interface speed, in
reality performance is affected by feature set, DPI, Firewall, IPS etc. it all slows down
the maximum performance and needs to be tested.
• OVS is capable to provide performance up to a few hundred Mbps with same
remarks regarding feature set.
• PCI path-though same as SRIOV and DPDK
• VNF can have performance limitations, also important to look at the datasheet before
deploying high performance interfaces.
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Monitored VM Caveat
• When VM is monitored – it is connected to internal NFVIS management network.
• If this address is not reachable, NFVIS will reload the VM (be careful applying
template from vManage).
• If after 3 reloads VM is not reachable on this management interface, it will be moved
to the error state even being fully operational.
• If VM is not monitored first interface you create will be management interface
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
VM Deployment Demo
High Availability
Design Considerations
LAN Failure
OMP routes
Internet
Internet
OMP routes
MPLS
MPLS
• OMP update time is equal to
routing protocol timers
• BFD is not supported on SD-WAN Ge0/0 Ge0/1 Ge0/0 Ge0/1
Ge1/… Ge1/…
LAN LAN
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
VRRP LAN Failure
Internet
OMP routes
OMP routes
Internet
MPLS
MPLS
Port tracking is developed to resolve
this issue.
Ge0/0 Ge0/1 Ge0/0 Ge0/1
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
VRRP LAN Failure
Internet
OMP routes
OMP routes
Internet
MPLS
MPLS
Port tracking is developed to resolve
this issue.
Ge0/0 Ge0/1 Ge0/0 Ge0/1
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
VRRP LAN Failure
Internet
OMP routes
OMP routes
Internet
MPLS
MPLS
Port tracking is developed to resolve
this issue.
Ge0/0 Ge0/1 Ge0/0 Ge0/1
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Few Caveats For vEdge Cloud
• For vEdge Cloud VRRP on SRIOV is supported starting 19.2 but due to Intel NIC
packet processing, additional fixes in the drivers needed and full support expected
in NFVIS 4.2.1 July 2020
• Port tracking for SRIOV is supported on NFVIS 3.12.3
• DPI supports ~140k flows per CPU.
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Virtual Branch Design
Scenarios
vEdge/ISRv + ASAv + OVS
Ge0/0 Internet Ge0/1 MPLS
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
wan-br
wan-br2
Interface to Internet Interface to MPLS
Interface Interface
to Edge to ASAv
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
vEdge/ISRv + ASAv + SRIOV
Ge0/0 Internet Ge0/1 MPLS
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
SR-IOV-2
Interface to ASAv
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
vEdge/ISRv + ASAv
Internet
MPLS
Ge0/0 Ge0/1
ENCS Ge1/…
Switch
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
vEdge/ISRv + vWAAS/SteelHead In-path + OVS
Ge0/0 MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
SR-IOV-2
wan-br
wan-br2
Interface to MPLS
Interface Interface
to vWAAS to Edge
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
vEdge/ISRv + vWAAS/SteelHead In-path + SRIOV
Ge0/0 MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
Interface to MPLS
Interface to Edge
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
vEdge/ISRv + vWAAS/SteelHead In-path
MPLS
Ge0/0 Ge0/1
ENCS Ge1/…
Switch
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
ISRv + vWAAS Out-of-path + OVS
Ge0/0 MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
SR-IOV-2
wan-br
wan-br2
Interface to MPLS
*Supported starting
Interface Interface 20.1/17.2.1 with AppNav-XE
to vWAAS to Edge and full SD-WAN WAAS
integration
LAN Interface Inter-vnf-net
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
ISRv + vWAAS Out-of-path + SRIOV
Ge0/0 MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
Interface to MPLS
*Supported starting
LAN Interface 20.1/17.2.1 with AppNav-XE
and full SD-WAN WAAS
integration
Interface to vWAAS Interface to Edge
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
ISRv + vWAAS Out-of-path
MPLS
*Supported starting
Ge0/0 Ge0/1 20.1/17.2.1 with AppNav-XE
and full SD-WAN WAAS
integration
ENCS Ge1/…
Switch
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
vEdge/ISRv + vWAAS/SteelHead In-path + ASAv
+OVS
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
wan-br
wan-br2
Interface to Internet
Interface to MPLS
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
vEdge/ISRv + vWAAS/SteelHead In-path + ASAv
+ SRIOV
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2
SR-IOV-2 SR-IOV-1
SR-IOV-1 SR-IOV-2
Interface
to ASAv Interface to Edge
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
vEdge/ISRv + vWAAS/SteelHead In-path + ASAv
Internet
MPLS
Ge0/0 Ge0/1
ENCS Ge1/…
Switch
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
ISRv + vWAAS Out-of-path + ASAv +OVS
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
wan-br
wan-br2
Interface to Internet
Interface to MPLS
*Supported starting
20.1/17.2.1 with AppNav-XE
Inter-vnf-net and full SD-WAN WAAS
Inter-vnf-net2 integration
LAN Interface
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
ISRv + vWAAS Out-of-path + ASAv + SRIOV
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1
SR-IOV-1 SR-IOV-2
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
ISRv + vWAAS Out-of-path + ASAv
Internet
MPLS
*Supported starting
20.1/17.2.1 with AppNav-XE
and full SD-WAN WAAS
integration
Ge0/0 Ge0/1
ENCS Ge1/…
Switch
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
vEdge/ISRv + FTD + ASAv +OVS
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1
SR-IOV-1 SR-IOV-2
wan-br
wan-br2
Interface to Internet
Interface to MPLS
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
vEdge/ISRv + FTD + ASAv + SRIOV
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1
SR-IOV-1 SR-IOV-2
Interface
to ASAv Interface to Edge
Interface Interface
LAN Interface
to Edge to FTD
10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
vEdge/ISRv + FTD + ASAv
Internet
MPLS
Ge0/0 Ge0/1
ENCS Ge1/…
Switch
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Virtual Branch
Management
Automation of Service
Chain Deployments
Software Defined Branch
Deploy Services on Any Platform
Virtual WAN
Virtual Router Virtual Firewall Optimization Third-Party
(ISRv,CSR,vEdge) (ASAv, NGFWv) (vWAAS) applications/VNFs
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Orchestrators
• Network Service Orchestrator(NSO)
• Using NETCONF for device configuration
• CLI management and configuration, requires programming skills
• Managed Services Accelerator (MSX)
• Using NSO under the hood
• User friendly Graphical Interface
• DNA Center
• Using REST for configuration
• User friendly Graphical Interface
• vManage (Coming soon)
• Using NSO under the hood
• Build-in SD-WAN solution
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Demo
SD-WAN Operations
Cycle
Virtual Device Onboarding
To add virtual routers like ISRv, CSR, vEdge Cloud to vManage log in to the
Plug and Play portal, click Add Software Devices:
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Virtual Device Day 1 Config
Attach available
token to the
template
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Virtual Device Day 1 Config
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Virtual Device Day 1 Config
Schedule configuration:
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Virtual Device Day 1 Config While provisioning VM
on ENCS you can
apply this bootstrap
config
Generate
bootstrap config
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Decommission WAN Edge
If you need to free previously allocated token use “Decommission WAN Edge”
option, if you choose “Delete WAN Edge” you will have to sync smart account to
use this token once again.
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Takeaways
Takeaways
• Replace multiple devices in the branch with VNF Service Chains
• Plan Virtual Branch based on the performance, throughput and solution
requirements, treat this task as a regular network segment design.
• Use NFVIS build-in failure detection mechanisms for faster convergence
• Automate your virtual branch deployment
#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Thank you
#CiscoLive
#CiscoLive