DGTL Brkens 1100

Download as pdf or txt
Download as pdf or txt
You are on page 1of 99

#CiscoLive

SD-WAN and Network


Functions Service Chaining

Alexey Romanov
Consulting Engineer
DGTL-BRKENS-1100

#CiscoLive
Agenda
• Introduction
• SD-WAN Architecture Overview
• ENCS Platform Overview
• VNF Service Chaining in SD-WAN
• VNF and Network Types
• Virtual Branch Design Scenarios
• Virtual Branch Management
• Automation of Service Chain Deployments
• SD-WAN Operations Cycle
• Takeaways

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
SD-WAN Architecture
Overview
Cisco SD-WAN Architecture
Orchestration Plane Management Plane
vManage
• First point of authentication • Single pane of glass for Day0, Day1
• Distributes list of vSmarts/ and Day2 operations
vManage to all vEdge routers APIs • Multitenant or single-tenant
• Facilitates NAT traversal rd
3 Party • Centralized provisioning,
vBond troubleshooting and monitoring
Automation
• RBAC and APIs
vAnalytics
Data Plane Control Plane
• Physical or virtual vSmart Controllers • Dissimilates control plane
• Zero Touch Provisioning information between vEdges
• Establishes secure fabric MPLS 4G • Distributes data plane policies
• Implements data plane policies • Implements control plane policies
INET
• Exports performance statistics WAN Edge Routers

Cloud Data Center Campus Branch CoLo

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Network-wide Control Plane
Cisco SD-WAN Traditional
Network Control Plane

Data Plane + Local Control Plane Integrated Control and Data Plane
O(n) Control Complexity O(n^2) Control Complexity
High Scale Limited Scale

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Overlay Management Protocol (OMP)
vSmart

• TCP based extensible control plane protocol


• Runs between WAN Edge routers and vSmart
controllers and between the vSmart controllers
- Inside TLS/DTLS connections

vSmart vSmart • Leverages address families to advertise


reachability for TLOCs, unicast/multicast
destinations, service routes, BFD up/down stats
and Cloud onRamp for SaaS probe stats
• Distributes IPSec encryption keys, and data and
app-aware policies
WAN Edge WAN Edge
Note: WAN Edge routers need not connect to all vSmart Controllers

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Transport Locators (TLOCs)
vSmarts advertise TLOCs to
vSmart all WAN Edges*
(Default)

Full Mesh
SD-WAN Fabric TLOCs advertised to vSmarts
(Default)
WAN Edge

Local TLOCs
WAN Edge (System IP, Color, Encap)

WAN Edge

WAN Edge WAN Edge * Can be influenced by the control policies


Transport Locator (TLOC) OMP IPSec Tunnel

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
vManage Demo
ENCS Platform
Overview
What is Enterprise Network Compute System?
Small Office/Home office
SOHO device

+ =

Enterprise Network
Unified + Compute System
Computing
(ENCS)
System Router Switch
(UCS)

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Platform Built for Enterprise NFV
• ENCS 5000 Series for the Branch

Best of Routing Complete Open for Third Party


& Compute Virtualized Services Services and Apps

Enterprise Network Compute System

ENCS 5100 Series

ENCS 5400 Series

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
ENCS 5000 Series - Chassis Options

ENCS5412
ENCS5408 12-Core
ENCS5406 8-Core
ENCS5104 6-Core
4-Core

ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412


CPU 4-core, 3.4GHz 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz
PoE No No 200W 200W
Capacity Guidance ISRv + 1 VM ISRv + 2 VMs ISRv + 3 VMs ISRv + 5 VMs

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
NFV and NFVIS
What and Why Network Function Virtualisation?
Prior to NFV - physical appliance per network function in each branch

Router Firewall WAN optimization Wireless LAN Controller

NFV gives an opportunity to combine multiple network functions in one ENCS device

Virtual WAN vWireless LAN


Virtual Router Virtual Firewall Optimization Controller Third-Party
(ISRv,CSR,vEdge) (ASAv, NGFWv) (vWAAS) (WLC) applications/VNFs

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Purpose built Network Hypervisor
Enterprise NFV Infrastructure Software (NFVIS)
Network Hypervisor Zero-Touch Deployment Security

§ Supports segmentation of virtual § Automatic connection to PnP § Secure Chain of Trust


networks server § Secure overlay for management
§ Abstract CPU, memory, and § Highly secure connection to the and monitoring
storage resources orchestration system § VNF secure boot
§ Easy day-0 provisioning § Role Based Access Control

Lifecycle Management Service Chaining Open API

§ Provisioning and launch of VNFs § Elastic service insertion § Programmable API for
§ Stop and restart services § PNIC tracking and VNIC update service orchestration
§ Dynamically add and remove § Multiple independent service § Rest and NETCONF API
services paths based on applications or § Netconf Notification
§ Failure monitoring and and user profiles
recovery § Host and VM Statistics, Packet
§ VNF Backup Restore Capture

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Network Functions Virtualization Infrastructure
Software (NFVIS)

Virtual WAN vWireless LAN


Virtual Router Virtual Firewall Optimization Controller Third-Party
(ISRv,CSR,vEdge) (ASAv, NGFWv) (vWAAS) (WLC) applications/VNFs

Network Functions Virtualization Infrastructure Software (NFVIS)

Cisco 4000 Series ISR +


UCS® E-Series Enterprise Network Compute System (ENCS)

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
ENCS Demo
VNF Service Chaining
in SD-WAN
VNF and Network
Types
What is Service Chain?

Service-chain with router, firewall and


Single Network Function(service) WAN optimisation device
ENCS
ENCS

Traffic flow

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Where Do We Start With Virtual Branch Design?
• What Virtual Functions do we need?
• What are the bandwidth requirements?
• Single-homed, dual-homed, multi-homed site?
• L2 or L3 connectivity on the LAN side?

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
What SD-WAN Relevant VNFs are Certified?
• Firewalls:
• ASAv, FTDv, Checkpoint Cloud Guard, FortiGate, NETSCOUT vAED, Palo Alto VM
• Routers:
• ISRv, vEdge Cloud
• WAN Optimisation:
• vWAAS and Riverbed SteelHead

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Interface Types
• Open vSwitch(OVS)/virtio - bridges and virtual networks for service
chaining between VMs
• SR-IOV - High performance networks
• DPDK – Data Plane Development Kit skips the Linux kernel by processing
packets directly in the user space.
• PCI Passthrough – dedicating the entire NIC to the VNF directly

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
5400 ENCS Internal Networking
5400 ENCS Platform Data Path

Control Path
VM 1 ISRv VM 2
(NIC aware) (NIC aware)

HW offload for Software


VM-VM traffic switched path
NFVIS
24 SR-IOV LAN
Networks
Internal NIC Cisco® Lights-out
IMC management
(10G)
High-speed
backplane Switch

Cisco
VLAN-aware X86 IMC
NIM
HW switch mgmt
PoE
mgmt

Cellular, T1, Dual-PHY


Dedicated management ports
DSL, LAN, GE WAN GE or LAN uplink

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Data Plane Development Kit (DPDK)

• DPDK skips the Linux kernel by


processing packets directly in the user
space.
• DPDK reserves a CPU that is
constantly polling for new packets.
• Additional resources allocated – 1
CPU and 1 GiB of RAM

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Design Considerations
How to Read the GUI?
Ge0/0 Physical ports Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2 SR-IOV ports
wan-br
wan-br2
Virtual bridges OVS
can be accelerated with DPDK
lan-net

SR-IOV-1 SR-IOV-2 … SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Adding VNF to the Picture
Ge0/0 Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2

wan-br
wan-br2
Connecting VM to
SR-IOV or OVS lan-net

SR-IOV-1 SR-IOV-2 … SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Connecting Multiple VNFs
Ge0/0 Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2

wan-br
wan-br2

inter-vnf-net

SR-IOV-1 SR-IOV-2 SR-IOV-1 … lan-net SR-IOV-1 SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Connecting Multiple VNFs
Ge0/0 Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2

wan-br
wan-br2

SR-IOV-1 SR-IOV-2 SR-IOV-1 … lan-net SR-IOV-1 SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Multi-Homed Site - L3 on the LAN side

Internet

Internet

MPLS
MPLS
Edge Edge
Ge0/0 Ge0/1 Ge0/0 Ge0/1

ENCS Ge1/… Ge1/…


ENCS
Switch Switch

Ge1/… Ge1/…

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
TLOC Extension Options
TLOC Ext

Internet

MPLS
Multiple Subs
on Edge
Edge Edge
Ge0/0 Ge0/1 Ge0/0 Ge0/1

ENCS ENCS
Switch Switch

Ge1/… Ge1/…

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
TLOC Extension Options Cont.

Internet

Internet

MPLS
MPLS
Edge Edge
Ge0/0 Ge0/1 Ge0/0 Ge0/1

ENCS Ge1/… TLOC Ext Ge1/…


ENCS
Switch Switch

Multiple subs or interfaces


on Edge and
Ge1/… Ge1/…
trunk back-to-back
interface

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Spanning Tree Design

Internet

Internet

MPLS
MPLS
• Based on the LAN
Edge Edge
connectivity you might need Ge0/1 Ge0/1
Ge0/0 Ge0/0
to plan L2 domain design
• RSTP is the default
spanning-tree mode
• RPVST is not supported ENCS Ge1/… TLOC Ext Ge1/…
ENCS
• MST is configurable via CLI Switch Switch

Ge1/… RSTP by default Ge1/…

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Using VLANs
Configuring VLANs on Virtual Networks

Access or trunk mode

VLAN configuration

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Configuring VLANs on SR-IOV prior to 3.12
• SR-IOV is configured as trunk by Configure SRIOV port in NFVIS:
default conf t
networks network GE0-0-SRIOV-1
• Configuration changes on SR-IOV trunk true
native-vlan [ 10 ]
should be applied before attaching VM vlan [ 100 200 ]
to SR-IOV port
networks network GE0-0-SRIOV-2
• If you don’t want to change NFVIS trunk false
configuration you can just configure vlan [ 100 ]
sub-interface on the VM

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Configuring VLANs on SR-IOV starting 3.12

Starting 3.12 you can change SRIOV


configuration in:
VM Life Cycle->Networking tab

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Adding VLANs to the Switch

Once you configured


VLAN on the ENCS
Switch port, don’t
forget to add it to VLAN
list

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Image Management
and VNF deployment
VM Image Packaging
• Converting qcow2 and img images into tar.gz
• Adds SR-IOV drivers to images
• ISRv package “.tar.gz” is available on cisco.com
• To create vEdge Cloud package you need build-in tool in the NFVIS GUI or use python script in the CLI

• A tar.gz file containing


• qcow2 disk image (*.qcow)
• Image properties file (Image_properties.xml)
• Package Manifest (package.mf)

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
VM Image Package Files
• Image properties file (Image_properties.xml) <bootstrap_file_1>ovf-env.xml</bootstrap_file_1>
<bootstrap_file_2>iosxe_config.txt</bootstrap_file_2>

VM Type
<custom_property>
• <tech_package>ax</tech_package>
<tech_package>security</tech_package>
<tech_package>ipbase</tech_package>
• Resource requirement (vCPU, Memory etc.,) <tech_package>appx</tech_package>
</custom_property>
<custom_property>

• Profile <?xml version="1.0" encoding="UTF-8"?>


<ngio>enable</ngio>
</custom_property>
<profiles>
<image_properties>
<profile>
<vnf_type>ROUTER</vnf_type>
<name>ISRv-mini</name>
<name>ISRV</name>
<description>ISRv-mini</description>
<version>RELVER</version>
<vcpus>1</vcpus>
<bootup_time>600</bootup_time>
<memory_mb>4096</memory_mb>
<root_file_disk_bus>virtio</root_file_disk_bus>
<root_disk_mb>8192</root_disk_mb>
<root_image_disk_format>qcow2</root_image_disk_format>
</profile>
<vcpu_min>1</vcpu_min>
<profile>
<vcpu_max>8</vcpu_max>
<name>ISRv-small</name>
<memory_mb_min>4096</memory_mb_min>
<description>ISRv-small</description>
<memory_mb_max>8192</memory_mb_max>
<vcpus>2</vcpus>
<vnic_max>8</vnic_max>
<memory_mb>4096</memory_mb>
<vnic_names>vnics:1:GigabitEthernet2</vnic_names>
<root_disk_mb>8192</root_disk_mb>
<vnic_names>vnics:2:GigabitEthernet3</vnic_names>
</profile>
<vnic_names>vnics:3:GigabitEthernet4</vnic_names>
<profile>
<vnic_names>vnics:4:GigabitEthernet5</vnic_names>
<name>ISRv-medium</name>
<vnic_names>vnics:5:GigabitEthernet6</vnic_names>
<description>ISRv-medium</description>
<vnic_names>vnics:6:GigabitEthernet7</vnic_names>
<vcpus>4</vcpus>
<vnic_names>vnics:7:GigabitEthernet8</vnic_names>
<memory_mb>4096</memory_mb>
<root_disk_gb_min>8</root_disk_gb_min>
<root_disk_mb>8192</root_disk_mb>
<root_disk_gb_max>8</root_disk_gb_max>
</profile>
<console_type_serial>true</console_type_serial>
</profiles>
<sriov_supported>true</sriov_supported>
<default_profile>ISRv-small</default_profile>
<sriov_driver_list>igb</sriov_driver_list>
</image_properties>
<sriov_driver_list>igbvf</sriov_driver_list>
<sriov_driver_list>i40evf</sriov_driver_list>
<pcie_supported>true</pcie_supported>
<pcie_driver_list>igb</pcie_driver_list>
<pcie_driver_list>igbvf</pcie_driver_list>
<pcie_driver_list>i40evf</pcie_driver_list>
<monitoring_supported>true</monitoring_supported>
<monitoring_methods>ICMPPing</monitoring_methods>
<low_latency>true</low_latency>
<privileged_vm>true</privileged_vm>
<cdrom>true</cdrom>

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
VM Image Package Files Cont.
• Bootstrap Configuration file (ovf-conf.xml)
• Login username and password
• Mgmt interface
<?xml version="1.0" encoding="UTF-8"?>
<Environment
xmlns:oe="http://schemas.dmtf.org/ovf/environment/1">
<PropertySection>
<Property oe:key="com.cisco.csr1000v.config-version.1" oe:value="1.0"/>
<Property oe:key="com.cisco.csr1000v.enable-ssh-server.1" oe:value="True"/>
<Property oe:key="com.cisco.csr1000v.login-username.1" oe:value="cisco"/>
<Property oe:key="com.cisco.csr1000v.login-password.1" oe:value="ciscoIsrv123!"/>
<Property oe:key="com.cisco.csr1000v.mgmt-interface.1" oe:value="GigabitEthernet1"/>
!!!GigabitEthernet1-nicid(0)-int-mgmt-interface-don't change ip address or don't shutdown
<Property oe:key="com.cisco.csr1000v.mgmt-ipv4-addr.1" oe:value="${NICID_0_IP_ADDRESS}/24"/>
<Property oe:key="com.cisco.csr1000v.mgmt-ipv4-network.1" oe:value=""/>
<Property oe:key="com.cisco.csr1000v.license.1" oe:value="${TECH_PACKAGE}"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0001" oe:value="vrf definition Mgmt-intf"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0002" oe:value="address-family ipv4"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0003" oe:value="exit-address-family"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0004" oe:value="address-family ipv6"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0005" oe:value="exit-address-family"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0006" oe:value="exit"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0007" oe:value="interface GigabitEthernet1"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0008" oe:value="vrf forwarding Mgmt-intf"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0009" oe:value="ip address ${NICID_0_IP_ADDRESS} ${NICID_0_NETMASK}"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0010" oe:value="no shut"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0011" oe:value="exit"/>
<Property oe:key="com.cisco.csr1000v.ios-config-0012" oe:value="ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 ${NICID_0_GATEWAY}"/>
</PropertySection>
</Environment>

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
VM Image Package Files Cont.
• Package Manifest (package.mf)
• Checksum
• File type, name
<!-- sha1sum - for calculating checksum -->
<PackageContents>
<File_Info>
<name>isrv-ucmk9.16.10.2-vga.qcow2</name>
<type>root_image</type>
<sha1_checksum>9a61ef4e7c79fe6f6d6cf9fa5b3651dac7780624</sha1_checksum>
</File_Info>
<File_Info>
<name>image_properties.xml</name>
<type>image_properties</type>
<sha1_checksum>3f78a87d67cfd55e9ba108e7b36b119e0534ef16</sha1_checksum>
</File_Info>
<File_Info>
<name>isrv_ovf_env.xml</name>
<type>bootstrap_file_1</type>
<sha1_checksum>aad802de6ef10dc4b4b4c13d7d5d9991e4d89a8c</sha1_checksum>
</File_Info>
</PackageContents>

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Image Packaging GUI

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Image Packaging GUI Cont.

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Image Packaging GUI Cont.

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Image Packaging CLI
• VM packaging utility located in VM Life Cycle->Image Repository->Browse Datastore->data->intdatastore-
>vmpackagingutility

• The VM packaging utility contains the following


• nfvpt.py — It is a python based packaging tool that bundles the VM raw disk image/s along with VM specific properties.
• image_properties_template.xml — This is the template file for the VM image properties file, and has the parameters with
default values. If the user provides new values to these parameters while creating the VM package, the default values get
replaced with the user-defined values.
• nfvis_vm_packaging_utility_examples.txt — This file contains examples on how to use the image packaging utility to
package a VM image.

• nfvpt.py -o isrv.16.10.04 -i isrv-universalk9.16.10.04.qcow2 -n ISRv.16.10.04 -t ROUTER -r 16.10.04 --


monitored true --privileged true --bootstrap ovf-env.xml:file1,ios-xe.txt:file2 --min_vcpu 2 --max_vcpu 8 --
min_mem 4096 --max_mem 8192 --min_disk 8 --max_disk 8 --vnic_max 8 --optimize true --profile ISRv-
small,"ISRv small profile",2,4096,8192 --profile ISRv-medium,"ISRv medium profile",4,4096,8192 --
default_profile ISRv-small --sriov_list igb,igbvf,i40evf --custom key:PASSWD,val:secret

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
VM Deployment
Deploying VM

Drag and drop


VM type or new
virt/io network
to the area
below

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Deploying VM Cont.

VM name
Image you are going to use
Resource allocation profile or flavour, also defines
maximum performance in terms of tunnels and
throughput
Technology package licence type
NIM support

Management configuration, port forwarding,


internal MGMT bridge and management ip from the
configured subnet

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Deploying VM Cont.

ENCS SR-IOV interface

VM interface

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Deploying VM Cont.

Virtual network name

VM interface

Type of the virtual interface

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
vEdge Cloud and ISRv Flavours
• vEdge Cloud using 1 core for the system and the rest for the forwarding, you can
have 2 flavours 2 cores or 4 cores
• vEdge Cloud gives better performance with 8 Gig of RAM
• ISRv will also take 1 core for OS others for forwarding
• ISRv can allocate additional cores for security features which require use of
containers

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Interface Performance
• SRIOV and DPDK in theory should provide performance close to interface speed, in
reality performance is affected by feature set, DPI, Firewall, IPS etc. it all slows down
the maximum performance and needs to be tested.
• OVS is capable to provide performance up to a few hundred Mbps with same
remarks regarding feature set.
• PCI path-though same as SRIOV and DPDK
• VNF can have performance limitations, also important to look at the datasheet before
deploying high performance interfaces.

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Monitored VM Caveat
• When VM is monitored – it is connected to internal NFVIS management network.
• If this address is not reachable, NFVIS will reload the VM (be careful applying
template from vManage).
• If after 3 reloads VM is not reachable on this management interface, it will be moved
to the error state even being fully operational.
• If VM is not monitored first interface you create will be management interface

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
VM Deployment Demo
High Availability
Design Considerations
LAN Failure

OMP routes
Internet

Internet

OMP routes
MPLS

MPLS
• OMP update time is equal to
routing protocol timers
• BFD is not supported on SD-WAN Ge0/0 Ge0/1 Ge0/0 Ge0/1

VNFs till 20.2/17.3 Edge Edge

• WAN bandwidth can be utilised but OSPF/BGP


Static
OSPF/BGP
Static
traffic is dropped on the remote ENCS ENCS
end Switch Switch

Ge1/… Ge1/…

LAN LAN

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
VRRP LAN Failure

Internet

OMP routes

OMP routes
Internet

MPLS
MPLS
Port tracking is developed to resolve
this issue.
Ge0/0 Ge0/1 Ge0/0 Ge0/1

Configuration example: Edge Edge


conf t Active Standby
switch
interface gi1/… ENCS VRRP ENCS
Switch Switch
track-state <vm_name> <NICID>
Ge1/… Ge1/…

To find NICID: LAN


show vm_lifecycle deployments
<vm_name>

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
VRRP LAN Failure

Internet

OMP routes

OMP routes
Internet

MPLS
MPLS
Port tracking is developed to resolve
this issue.
Ge0/0 Ge0/1 Ge0/0 Ge0/1

Configuration example: Edge Edge


conf t If port Gi1/x is down
shutdown Active Standby
switch configured port on
the VM
interface gi1/… ENCS VRRP ENCS
Switch Switch
track-state <vm_name> <NICID>
Ge1/… Ge1/…

To find NICID: LAN


show vm_lifecycle deployments
<vm_name>

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
VRRP LAN Failure

Internet

OMP routes

OMP routes
Internet

MPLS
MPLS
Port tracking is developed to resolve
this issue.
Ge0/0 Ge0/1 Ge0/0 Ge0/1

Configuration example: Edge Edge


Active
conf t If port Gi1/x is down
shutdown
switch configured on the
VM port
interface gi1/… ENCS VRRP ENCS
Switch Switch
track-state <vm_name> <NICID>
Ge1/… Ge1/…

To find NICID: LAN


show vm_lifecycle deployments
<vm_name>

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Few Caveats For vEdge Cloud
• For vEdge Cloud VRRP on SRIOV is supported starting 19.2 but due to Intel NIC
packet processing, additional fixes in the drivers needed and full support expected
in NFVIS 4.2.1 July 2020
• Port tracking for SRIOV is supported on NFVIS 3.12.3
• DPI supports ~140k flows per CPU.

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Virtual Branch Design
Scenarios
vEdge/ISRv + ASAv + OVS
Ge0/0 Internet Ge0/1 MPLS
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2

wan-br
wan-br2
Interface to Internet Interface to MPLS

Interface Interface
to Edge to ASAv

Inter-vnf-net LAN Interface

SR-IOV-1 SR-IOV-2 … lan-net SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
vEdge/ISRv + ASAv + SRIOV
Ge0/0 Internet Ge0/1 MPLS
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
SR-IOV-2

Interface to Internet Interface to MPLS

Interface to ASAv

Interface to Edge LAN Interface

SR-IOV-1 SR-IOV-2 … SR-IOV-X SR-IOV-Y SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
vEdge/ISRv + ASAv

Internet

MPLS
Ge0/0 Ge0/1

ENCS Ge1/…
Switch

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
vEdge/ISRv + vWAAS/SteelHead In-path + OVS
Ge0/0 MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
SR-IOV-2

wan-br
wan-br2
Interface to MPLS

Interface Interface
to vWAAS to Edge

Inter-vnf-net LAN Interface

SR-IOV-1 SR-IOV-2 … lan-net SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
vEdge/ISRv + vWAAS/SteelHead In-path + SRIOV
Ge0/0 MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2

Interface to MPLS

Interface to Edge

Interface to vWAAS LAN Interface

SR-IOV-1 SR-IOV-2 … SR-IOV-X SR-IOV-Y SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
vEdge/ISRv + vWAAS/SteelHead In-path

MPLS
Ge0/0 Ge0/1

ENCS Ge1/…
Switch

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
ISRv + vWAAS Out-of-path + OVS
Ge0/0 MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2
SR-IOV-2

wan-br
wan-br2
Interface to MPLS
*Supported starting
Interface Interface 20.1/17.2.1 with AppNav-XE
to vWAAS to Edge and full SD-WAN WAAS
integration
LAN Interface Inter-vnf-net

SR-IOV-1 SR-IOV-2 … lan-net SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
ISRv + vWAAS Out-of-path + SRIOV
Ge0/0 MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2

Interface to MPLS

*Supported starting
LAN Interface 20.1/17.2.1 with AppNav-XE
and full SD-WAN WAAS
integration
Interface to vWAAS Interface to Edge

SR-IOV-1 SR-IOV-2 … SR-IOV-X SR-IOV-Y SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
ISRv + vWAAS Out-of-path

MPLS
*Supported starting
Ge0/0 Ge0/1 20.1/17.2.1 with AppNav-XE
and full SD-WAN WAAS
integration

ENCS Ge1/…
Switch

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
vEdge/ISRv + vWAAS/SteelHead In-path + ASAv
+OVS
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2

wan-br
wan-br2
Interface to Internet
Interface to MPLS

Inter-vnf-net2 Inter-vnf-net LAN Interface

SR-IOV-1 SR-IOV-2 … lan-net SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
vEdge/ISRv + vWAAS/SteelHead In-path + ASAv
+ SRIOV
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2
SR-IOV-2 SR-IOV-1
SR-IOV-1 SR-IOV-2

Interface to Internet Interface to MPLS

Interface
to ASAv Interface to Edge

Interface Interface LAN Interface


to Edge to vWAAS

SR-IOV-1 SR-IOV-2 SR-IOV-X SR-IOV-Y … SR-IOV-Z SR-IOV-A SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
vEdge/ISRv + vWAAS/SteelHead In-path + ASAv

Internet

MPLS
Ge0/0 Ge0/1

ENCS Ge1/…
Switch

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
ISRv + vWAAS Out-of-path + ASAv +OVS
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1 SR-IOV-2

wan-br
wan-br2
Interface to Internet
Interface to MPLS
*Supported starting
20.1/17.2.1 with AppNav-XE
Inter-vnf-net and full SD-WAN WAAS
Inter-vnf-net2 integration
LAN Interface

SR-IOV-1 SR-IOV-2 … lan-net SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
ISRv + vWAAS Out-of-path + ASAv + SRIOV
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1
SR-IOV-1 SR-IOV-2

Interface to Internet Interface to MPLS

Interface *Supported starting


to ASAv LAN Interface
20.1/17.2.1 with AppNav-XE
and full SD-WAN WAAS
Interface Interface integration
to vWAAS Interface to Edge
to Edge
SR-IOV-1 SR-IOV-2 SR-IOV-X SR-IOV-Y … SR-IOV-Z SR-IOV-A SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
ISRv + vWAAS Out-of-path + ASAv

Internet

MPLS
*Supported starting
20.1/17.2.1 with AppNav-XE
and full SD-WAN WAAS
integration

Ge0/0 Ge0/1

ENCS Ge1/…
Switch

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
vEdge/ISRv + FTD + ASAv +OVS
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1
SR-IOV-1 SR-IOV-2

wan-br
wan-br2
Interface to Internet
Interface to MPLS

Inter-vnf-net2 Inter-vnf-net LAN Interface

SR-IOV-1 SR-IOV-2 … lan-net SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
vEdge/ISRv + FTD + ASAv + SRIOV
Ge0/0 Internet MPLS Ge0/1
SR-IOV-1 SR-IOV-2 SR-IOV-1
SR-IOV-1 SR-IOV-2

Interface to Internet Interface to MPLS

Interface
to ASAv Interface to Edge

Interface Interface
LAN Interface
to Edge to FTD

SR-IOV-1 SR-IOV-2 SR-IOV-X SR-IOV-Y … SR-IOV-Z SR-IOV-A SR-IOV-24

10 Gig
ENCS Integrated Switch
Gi1/0 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
vEdge/ISRv + FTD + ASAv

Internet

MPLS
Ge0/0 Ge0/1

ENCS Ge1/…
Switch

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Virtual Branch
Management
Automation of Service
Chain Deployments
Software Defined Branch
Deploy Services on Any Platform

vManage / Cisco DNA Center / Network Service Orchestrator/ MSX

Virtual WAN
Virtual Router Virtual Firewall Optimization Third-Party
(ISRv,CSR,vEdge) (ASAv, NGFWv) (vWAAS) applications/VNFs

Network Functions Virtualization Infrastructure Software (NFVIS)

Enterprise Network CSP-5000


Cisco 4000 Series ISR + Select
UCS® E-Series Compute System UCS-M5 C-Series
(ENCS) 3rd Party Hardware

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Orchestrators
• Network Service Orchestrator(NSO)
• Using NETCONF for device configuration
• CLI management and configuration, requires programming skills
• Managed Services Accelerator (MSX)
• Using NSO under the hood
• User friendly Graphical Interface
• DNA Center
• Using REST for configuration
• User friendly Graphical Interface
• vManage (Coming soon)
• Using NSO under the hood
• Build-in SD-WAN solution

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Demo
SD-WAN Operations
Cycle
Virtual Device Onboarding
To add virtual routers like ISRv, CSR, vEdge Cloud to vManage log in to the
Plug and Play portal, click Add Software Devices:

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Virtual Device Day 1 Config

Attach available
token to the
template

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Virtual Device Day 1 Config

Fill all the variables:

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Virtual Device Day 1 Config
Schedule configuration:

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Virtual Device Day 1 Config While provisioning VM
on ENCS you can
apply this bootstrap
config

Generate
bootstrap config

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Decommission WAN Edge
If you need to free previously allocated token use “Decommission WAN Edge”
option, if you choose “Delete WAN Edge” you will have to sync smart account to
use this token once again.

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Takeaways
Takeaways
• Replace multiple devices in the branch with VNF Service Chains
• Plan Virtual Branch based on the performance, throughput and solution
requirements, treat this task as a regular network segment design.
• Use NFVIS build-in failure detection mechanisms for faster convergence
• Automate your virtual branch deployment

#CiscoLive DGTL-BRKENS-1100 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Thank you

#CiscoLive
#CiscoLive

You might also like