Branch Virtualization - d2zmdbbm9feqrf.cloudfront.netd2zmdbbm9feqrf.cloudfront.net/2016/usa/pdf/BRKARC-2014.pdfBranch Virtualization The Evolving NFV Landscape ... I need a tool to

Branch VirtualizationThe Evolving NFV Landscape

Matt Bolick - Technical Marketing Engineer

BRKARC-2014

BRKARC-2014 is all about hosting network functions and applications in branch offices using the network. In some cases this is augmenting server capabilities already present and it others it’s an entirely new way of thinking about appliances and network devices in the branch.

Abstract

• Branch Service Virtualization Motivations

• Enterprise NFV

• UCS E-Series

• Open Service Containers

Agenda

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

The Lean Branch OfficeBalancing IT Efficiency and User Experience

• No local servers

• Full reliance on WAN

• Simplicity, low cost

• No service guarantees

Serverless Branch

Data Center/

Cloud

WAN/Internet

Branch Office

Lean Branch

Data Center/

Cloud

WAN/Internet

Branch Office

• 4-5 local servers

• Full reliance on WAN except for mission-critical applications

• All servers local

• No reliance on WAN

• Complexity, high cost

• Service guarantees

Full-Service Branch

Data Center/

Cloud

WAN/Internet

Branch Office

BRKARC-2014 5


Motivation for Virtualization in the Branch

Physical Branch

Long, Expensive Roll-Outs

Under Utilization

Inflexibility

Virtualized Branch

Service Agility

Efficient Resource Utilization

Opex Savings

BRKARC-2014 6


Increase revenue by accelerating delivery

of new and differentiated services

Provide on-demand service delivery

through customer self-service portals

Reduce Op-Ex & time-to-service from

months to weeks

NFV Benefits

Reduction of network elements to

manage & deploy

Operational efficiencies through

virtualization

Service Elasticity &

Automated Network Operations

Deployment of best-of-breed

Reduce upfront Cap-Ex

Improve Asset Utilization

Enterprise Service Provider

BRKARC-2014 7


Levels of Network Function Virtualization

Integrated Services

• ISR4K + Service Containers (KVM/LXC)

• Native ISR Services + NFV Flexibility

• Reliability with Open Service Hosting

Integrated Services with Dedicated Server

• ISR4K + UCS C/E Series

• Native ISR Services + NFV Hardware

• Separate Administration Domains

Fully Virtualized Branch

• General Purpose X86 Compute

• Full Service Virtualization

• Best-of-Breed Service Options

BRKARC-2014 8


“We use Office 365 and Skype for Business extensively in our company. When we receive trouble tickets from remote branches, we’re left guessing whether the problem is in the cloud, with the SP or with the client. I need a tool to help me quickly get from report, to root cause to resolution.”

Gripe from Customer

MPLS

Unified

Branch

3G/4G-LTE

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloud

BRKARC-2014 9

Enterprise NFV


Cisco Enterprise NFV The First NFV Solution for Enterprise

Central Orchestration

and Management

SDN: APIC-EM | ESA VNF | App Hosting |

3rd Party

Rich

Network Services

NFV Virtualization

Software (NFVIS)ISR 4K | UCS

SW Intelligence

over HW

Platform

Freedom of Choice

Enterprise NFV allows us to innovate

with speed via open programmability and by hosting

virtualized functions and applications wherever,

whenever I need them, network-wide.

Markus Voegele, Sr. Network Architect

IBM Aviation

”

“

IBM

Lower TCO for branch operations

Agility: Quickly roll out new services and

locations

Gives you flexible deployment options

BRKARC-2014 11


Cisco 4000 Series ISR + UCS® E-Series

Cisco® UCS C-Series

Network Functions Virtualization Infrastructure Software (NFVIS)

Cisco Enterprise Service Automation (ESA) on APIC-EM

Introducing Cisco Enterprise NFVNetwork Services in Minutes, on Any Platform

Virtual Router

(ISRv)

Virtual Firewall

(ASAv)

Virtual WAN

Optimization

(vWAAS)

Virtual Wireless

LAN Controller

(vWLC)

Third-Party VNFs

BRKARC-2014 12


• Zero-touch deployment

• Automated orchestration of platform and VNFs

• Service chaining and licensing

• Health monitoring

• Dynamic scaling of services

• Operational SLA management

• Create standard profiles for different types of branches

• Cisco® tested and validated designs

• Embedded approval process and versioning

Automated Orchestration, Management, PolicyCisco Enterprise Service Automation (ESA)

BRKARC-2014 13


ASAv / FTDv vWAAS vWLCISRv

Best-of-breed Trusted Services from CiscoConsistent Software Across Physical and Virtual

High performance

Rich features

End-to-end support

Proven software

Leader in Gartner MQ

#1 unit shipped

Superior caching with

Akamai Connect

Survivability and scale

Consistency across the

data center and switches

Built for small and medium

branches

Comprehensive protection

Full data-center-class

featured functionality

Designed for NFV

Cost-effective with NFV

New!

BRKARC-2014 14


Packaged for NFVIS

Branch-Specific Features

Branch-Specific Pricing

Look-and-feel of an ISR 4000

Not available separately

Cloud and VDC Deployments

Aggregation Use-Cases

Flexible Pricing & Packaging

Virtual ASR 1000 Series

Available on multiple platforms

ISRv and CSR

Integrated Services Router - Virtual Cloud Services Router

BRKARC-2014 15


Enterprise NFV Solution Architecture

X86 Hardware

Enterprise NFVIS

ISRv ASAv vWAAS vFirePower VNFn App1 AppnApp2

ESA or NSO

… …

Various Host

options for different

Branch Sizes

Common OS that

supports

virtualization

VNF and Application

hosting with 3rd

party support

Common

Orchestration and

Management across

virtual & physical

network

BRKARC-2014 16


Power in SoftwareNFVIS Software Stack

LinuxPlatform

Drivers

Interface

Drivers

NFVIS

Virtualization Layer – Hypervisor & vSwitch

Orchestration

APIHTTPS

Plug-n-Play

Client

Plug-n-Play

Server

Console

/SSHYANG

APIC-

EM/Prime

CLI NETCONF REST

Health Monitor

Device Web

Portal

BRKARC-2014 17


NFVISThe POWER under the hood

Virtualization

Network Function Virtualization Infrastructure Software

API

Interface

Platform Management KVM

Virtualized Service

Virtualized Service

Virtualized Service

vSwitch

Linux

PnP

Client br2 br1

Int-1 Int-2 Int-3

• Kernel Virtual Machine (KVM) to abstract service functions from hardware

• Virtual switching provides connectivity between service functions and to physical interfaces

BRKARC-2014 18© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public


NFVISThe POWER under the hood

REST (HTTPS) and NETCONF (SSH)

Network Function Virtualization Infrastructure Software

API

Interface

Platform Management KVM

Virtualized Service

Virtualized Service

Virtualized Service

vSwitch

Linux

PnP

Client br2 br1

Int-1 Int-2 Int-3

• Register and deploy services

• Configure platform

• Gather monitoring statistics

PnP client for ZTD

Platform Management

• Controlling hardware specifics such as storage, memory, network interface connectivity

• Hardware performance such as SR-IOV

VF

PF = Physical Function

VF = Virtual Function

VF

BRKARC-2014 19© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public


Solving the Customer Gripe

MPLS

Unified

Branch

3G/4G-LTE

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloud

1. Deploy Enterprise NFV with support for 3rd party virtual machines.

2. Use ESA Orchestration tool to deploy a troubleshooting VM.

3. Using open-source tools like Wireshark and NTop analyze application flows directly within the branch to find the root cause.** Other Cisco, open source and 3rd party analytic tools exist and are options.

BRKARC-2014 20

UCS E-Series


Cisco End-to-End SolutionCisco UCS B-Series and C-Series for Data Center; UCS E-Series for Branch

Location-Suitable Form Factors, Consistent Device Management

Cisco UCS® B- and C-Series

This unified compute platform offers infrastructure consolidation in the data center. These servers offer innovative virtualization, memory, provisioning, I/O, and management capabilities.

Cisco® UCS E-Series Servers

This residual compute platform offers all-in-one device convergence that facilitates centralization of branch applications into thedata center.

WAN/Internet

Branch Office

Data Center/Cloud

Address WAN-induced performance, availability, and compliance challenges.

Consolidate Infrastructure

Centralize Applications

Support User Experience

BRKARC-2014 22


Cisco UCS E-Series DC-class Servers

Cisco® UCS E160D

Double-Wide Service Module

VMware, Hyper-V,

Citrix certified

Intel E5 6 core processor

96GB DRAM

Cisco UCS E180D

Double-Wide Service Module

VMware, Hyper-V,

Citrix certified


96GB DRAM

Cisco UCS® E140S

Service module

VMware, Hyper-V,

Citrix certified


16GB DRAM

Performance

Scala

bili

ty

Cisco UCS® E160S

Single-Wide Service module

VMware, Hyper-V,

Citrix certified

Intel Broadwell 6 core

processor

32GB DRAM

USB 3.0 & 10Gb Interface

Intel Broadwell

Intel Ivy Bridge

Intel Ivy Bridge

Intel Ivy Bridge

BRKARC-2014 23


Cisco UCS E-Series Single-Wide Blade Compact Blade Housed in Cisco ISR G2 and 4000 Series ISR Chassis - Cisco UCS E140S M2 and E160S M3

Up to 2 SATA, SAS, or SSD hard drives

Configuration and management

through CIMC/IMC SUP or

UCSD

Intel® 4 Core Xeon® E3 family

quad-core processor

6 Core Broadwell

Onboard hardware RAID 0/1 with hot-

swappable capability

One external 10/100/1000

and two internal GE ports

USB 2.0 or 3.0 port for external

device connectivity

8, 12, 16 GB and 32 GB

DRAM options

Maximum 65 W power draw

80 percent less than server

Wire-free, plug-and-play modularity,

low shipping weight (2.5 lb/1.1 kg)

Remote and

schedulable power

management

KVM console connector

10/100 Ethernet

management port

Two SD cards: One for the CIMC

and temporary storage of OS and

one as a blank virtual drive

No SD card on M3. UCS Flex Flash

BRKARC-2014 24


Cisco UCS E-Series Double-Wide BladePowerful Blade Housed in ISR G2 and 4000 Series ISR Chassis - UCS E160D M2, UCS E180D M2

Up to 3 SATA, SAS, SSD hard drives

Out-of-band

configuration and

management

through CIMC/ IMC Sup

or UCSD

Onboard hardware RAID 0, 1, and 5 configuration

options with hot-swappable capabilityTwo external and two internal GE ports

with TCP/IP acceleration

Front-panel VGA, 2 USB, and serial

console connectors

8 GB - 96 GB

DRAM options

Maximum 130 W power draw,

80 percent less than server

Wire-free, plug-and-play modularity, low shipping weight

(7 lb/3.2 kg)

Remote and schedulable

power management

Two SD cards: One for the CIMC

and temporary storage of OS

and one as a blank virtual drive

Intel® Xeon® E5-2400 6-core, 8-core

processor

BRKARC-2014 25


Hardware Comparison Matrix(Cisco UCS E-Series)

Reference

UCS E140S M2 UCS E160D M2 UCS E180D M2

ProcessorIntel® Xeon® E3-1105C v2

(1.8 GHz)Intel Xeon E5-2418L v2 (2.0 GHz) Intel Xeon E5-2428L v2 (1.8 GHz)

Core/vCPU 4/8 6/12 8/16

Memory 8 - 16 GB 8 - 96 GB 8 - 96 GB

StorageUp to 3.6 TB (2 HDD bays)

SATA, SAS, SED, SSD

Up to 5.4 TB (3 HDD bays)

SATA, SAS, SED, SSD

Up to 5.4 TB (3 HDD bays)

SATA, SAS, SED, SSD

RAID RAID 0 and RAID 1 RAID 0, RAID 1, and RAID 5 RAID 0, RAID 1, and RAID 5

Network portInternal: 2 GE ports

External: 1 GE port

Internal: 2 GE ports

External: 2 GE ports


External: 2 GE ports

Platforms4451-X, 4351, 4331, 2911, 2921,

2951, 3925, 3945, 3925E, 3945E

4451-X, 4351, 2921, 2951, 3925,

3945, 3925E, 3945E 4451-X, 4351, 2951, 3925, 3945,

3925E, 3945E

BRKARC-2014 26


Cisco UCS E-Series Network Compute Engine

Cisco® UCS EN140N

NIM network compute module

Virtualization enabled

Network compute applications -

FirePower, vWAAS

Cisco UCS EN120S

Service module

VMware and

Hyper-V certified

Network compute

applications - FirePower, vWAAS

Cisco UCS® EN120E

Enhanced HWIC

Virtualization enabled

Network compute applications -

FirePower, vWAAS

Performance

Scala

bili

ty

Supported on ISR-G2

Supported on ISR4000

BRKARC-2014 27


Cisco UCS E-Series Network Compute EngineCompact, Multipurpose Blade Housed in 4000 Series ISR -Cisco UCS EN140N M2

Up to 8 GB RAM

Intel® Atom

quad-core processor

One 2GB SD card

for CIMC

50, 100, 200 GB mSATA

SSD options

Dedicated

management port

One external Gigabit

Ethernet port/ Two

internal Gigabit

Ethernet ports

KVM console

connectorUSB 2.0 port for

external device

connectivity

BRKARC-2014 28


Cisco UCS E-Series Servers Support Model

Hardware Support Provided by Cisco

Cisco UCS® E-Series hardware supported under ISR G2 SMARTnet® at no additional cost

Hypervisor and OS supported by hypervisor and OS vendor

ISR

Cisco® UCS E-Series Server Module

Hypervisor

Supported by Cisco SMARTnet

Attached to ISR G2

Supported by OS / hypervisor vendor

Purchased separately

29BRKARC-2014



MPLS

Unified

Branch

3G/4G-LTE

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloud

1. Deploy UCS-E hardware in branch ISR.

2. Use Orchestration tools (Vsphere, etc) to deploy a troubleshooting VM.

3. Using open-source tools like Wireshark and NTop analyze application flows directly within the branch to find the root cause.** Other Cisco, 3rd party and paid analytic tools exist and are options.

BRKARC-2014 30


Hardware Comparison Matrix(Cisco UCS E-Series NCE)

UCS EN120S M2 UCS EN140N (4000 ISR Only) UCS EN120E (ISR G2 Only)

ProcessorIntel Pentium

B925C (2.0 GHz)

Intel Atom C2518

(1.7 GHz)

Intel Atom C2358

(1.7 GHz)

Core/vCPU 2/4 4/4 2/2

Memory 8 - 16 GB 8 GB 8 GB

Storage500 GB- 2 TB (2 HDD)

SATA, SAS50 GB – 200 GB 50 GB – 200 GB

RAID RAID 0 and RAID 1 NA NA

Network portInternal: 2 GE ports

External: 1 GE port


External: 1 GE port


External: 1 GE port

Platforms

2911, 2921, 2951, 3925, 3945,

3925E, 3945E, 4451-X,

4351, 4331

4451, 4431, 4351, 4331, 43211921, 1941, 2901, 2911, 2921, 2951,

3925, 3945, 3925E, 3945E

Reference

BRKARC-2014 31

KVM Hosting on IOS-XE RoutersISR 4K, ASR1K, CSR1Kv


Native Process

•Very Tight Integration

•Best Performance

LXC

•Strict Kernel Requirements

•Good performance with some security

Docker

•Emerging Industry Standard

•Future Support

KVM

•Any OS

•Complete separation

•Linux host OS normally – Type 2 hypervisor

Type 1 Hypervisor

•Service Module Only

•VMWare, HyperV, Zen…

Application Hosting SpectrumDifferent models for different application needs.

BRKARC-2014 33


Native Process

•Very Tight Integration

•Best Performance

LXC

•Strict Kernel Requirements

•Good performance with some security

Docker

•Emerging Industry Standard

•Future Support

KVM

•Any OS

•Complete separation

•Linux host OS normally – Type 2 hypervisor

Type 1 Hypervisor

•Service Module Only

•VMWare, HyperV, Zen…

Cisco Service ContainersLinux ContainersOpen Service Containers

Application Hosting Spectrum

BRKARC-2014 34


What are Cisco platforms doing?

Support RPM package installation directly to the system.

IOS XR

Support for 3rd party LXC containers. Support for Guest Shell LXC. Future support for

Docker containers.

Nexus OS

Open to any 3rd party or custom KVM application on routing platforms. Future plans for

Docker support and alignment with IOX. Ultimate flexibility with UCS-E module.

IOS XE

IOX program provides an IOT focused “app store” for KVM applications and scripts as well

as Fog Director GUI manager.

Classic IOS

BRKARC-2014 35


What is a Service Container?Service Containers use virtualization technology

(LXC and KVM) to provide a hosting environment

on Cisco routers/switches for applications which

may be developed and released independent of

platform release cycles.

Virtualized environment on a cisco device.

Use Case Cisco Virtual Services:

• Work/Appliance Consolidation

• Lightweight Application Hosting

• Example: ISR4451X-WAAS

Use Case Third Party Services:

• KVM Hosted Applications

Container

Network OS

Virtual Service

Service Containers

BRKARC-2014 36


Linux OS

KVM/LXC

IOS-XE Software Architecture

IOSd

Control Plane

Cisco Apps (WAAS, Snort)Customer and 3rd Party

Applications

Platform-Specific Data Plane AppNav

Internal Services Blade

(UCS® E-Series)

External Services Blade

(UCS)

Virtual Ethernet

BRKARC-2014 37


Cisco ISR 4400 Series Architecture

Control Plane (1

core) and Services

Plane (3 cores)

Data Plane

(6 or 10 cores)

Multigigabit

Fabric

FPGE

ISC

SM-X

NIMService Plane

(control plane CPU)

KVM - Hypervisor

Service Container

Service containers

live here:

75% CPU

IOS-XE

25% CPU

BRKARC-2014 38


Cisco ISR 4300 Series Architecture

Service Plane (control plane CPU)

KVM - Hypervisor

Service Container

IOS

Service Container

Multigigabit

Fabric

FPGE

ISC

SM-X

NIM

Data Plane Cores

Note:4321 uses 2DP, 1CP & 1SC cores

BRKARC-2014 39


Cisco WAASImprove application performance and user experience

Virtual WAAS

• Application acceleration from

Private/Virtual Private Cloud

• VMWare ESX/ESXi and UCS

deployments

• Agile, elastic, multi-tenant deployment

• vCM: common virtualized management

for physical/virtual WAAS

ISR-WAAS on ISR 4K

• Integrated on platform

• Full Feature Parity

• Software on-demand provisioning

• No fork lift upgrade

WAAS Appliance

• Application acceleration

• Virtual blades in branch offices

• Scalable platforms for range of

deployments

BRKARC-2014 40


Introducing

Product Overview

Open source intrusion prevention system for real-time traffic analysis

Lightweight threat defense for price sensitive customers

Integrated in ISR 4K service container

IPS/IDS functionality with an IOS IPS look and feel

BRKARC-2014 41


Positioning IPS/IDS Solution for the WAN

ISR 4321Up to 50 Mbps

ISR 433160 – 140 Mbps

ISR 4351 75 – 170 Mbps

ISR 4451 115 – 270 Mbps

Regulatory/ PCI

Compliance

Internet guest

access

MSSP

Direct Internet access to partner sites or public cloud

(i.e. Office365, Salesforce.com)

Full DIA

Full DIA

BRKARC-2014 42


StealthWatch Learning Network-SLN

HQISE

SC

A

Branch 1Branch 2

DLA

ISR

DLA

ISR

Distributed Learning Agent

• Data collection. Netflow, DPI

(control and data plane, local

states)

• Analytics and Learning

• Edge Mitigation

programmed/autonomous

(police, shape, recolor,

redirect) etc.)

• G2 -> UCS-E blade

• 4K -> container-based

SLN Control Agent

• Orchestration and interaction with

remote DLAs

• Advanced visualizations

• Centralized policy

Se

cu

rity

Ma

na

ge

me

nt

Pri

va

te/P

ub

lic

Netw

ork

Ne

two

rk E

dg

e

Admin

• Reputation

• IoCs

• ThreatGRID

PCAP/Honeypot

Context

ISE pxGrid

BRKARC-2014 43


Common KVM Use Cases

General purpose virtual machine with custom and open-source troubleshooting tools.

(Wireshark, Speedtest, etc.)

Troubleshooting VM

Common network functions such as Print Server, Domain Controller, File Storage, etc.

Network Functions

Network Analysis and Application Performance Monitoring without a dedicated probe.

Analytics

Augment the capabilities of the host platform in some way. (Custom encryption, business-

based routing, specialized API interface)

Device Customization

BRKARC-2014 44



MPLS

Unified

Branch

3G/4G-LTE

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloud

1. Deploy sufficient Memory & Storage for future Service Containers

2. Use scripts, CLI, PI, Fog Director or other Orchestration tools to deploy a troubleshooting VM.

3. Using open-source tools like Wireshark and NTop analyze application flows directly within the branch to find the root cause.** Other Cisco, open source and 3rd party tools exist and are options.

BRKARC-2014 45


ThousandEyesView Across Internal and External Networks

Hosting / SaaS Provider

3 App Delivery:Website, CDN, DNS, ISP

4 Internet Security: DNS, BGP, DDoS

EnterpriseAgents

Branch

Data Center

Internet

Consumers

Cloud Agent

1 Network Ops: WAN, VoIP, DCs

2 Cloud Migration:SaaS and IaaS

BRKARC-2014 46


ThousandEyesTroubleshoot, Monitor, Resolve

• Hop-by-hop path visualization from

monitoring agents to cloud hosted or

internal services

• Actively monitor and troubleshoot

any network including branch

offices, data centers

• Visualize network and application

performance to detect trends and

anomalies

BRKARC-2014 47


STORAGE

POWER & COOLING

SERVER

NETWORK

DATABASE

CLOUD

USER EXPERIENCE

APPLICATION

MONITOR

• Predictive Analytics

• SLA Compliance

• Dashboards &

Reporting

• Intelligent Alerts

VIRTUALIZATION

BIG DATA MAINFRAME

A unified view and architecture to manage

your internal and external infrastructure .

CA Unified Infrastructure ManagementUnified IT Monitoring Providing Broad Coverage

BRKARC-2014 48


CA Unified Infrastructure Management Multi-Site Deployment

Relay Hub

Servers w/ Robots

Relay Hub

Servers w/ Robots

Remote Site 2Remote Site 1

Primary Datacenter

Primary Hub

Secondary Hub

Data Repository

UNIFIED MONITORING OF PUBLIC AND PRIVATE IT ENVIRONMENTS

BRKARC-2014 49


UIM Reference Architecture

KVM

Relay

Hub

KVM

Polling

Robot

ISR 4400/4300

KVM

Relay

Hub

KVM

Polling

Robot

ISR 4400/4300

KVM

Relay

Hub

KVM

Polling

Robot

ISR 4400/4300

Location 1 Location 2 Location 3

Servers

w/RobotsNetwork

Infrastructure

Servers

w/RobotsNetwork

Infrastructure

Servers

w/RobotsNetwork

Infrastructure

UIM CORE

UIM

Portal

UIM

DB

UIM

Primary HUB

Recommended Probe

Technologies included with

ISR UIM OVAs:

• CDM/RSP

• SNMPC

• UCS

• URL Response

• Net Connect

• DNS Response

• XenApp

• e2e appmon

Virtual Image Requirements:

• Relay Hub: 1 CPU – Quad

Core, 8GB Memory.

Redhat/CentOS 6 or 7.

• Polling Robot: 1 CPU –

Quad Core, 8GB Memory.

Redhat/CentOS 6 or 7.

BRKARC-2014 50


• Network Discovery, Operation and Management

• Open application built without any Cisco involvement.

• Terrific option for low-footprint branch management.

Ned.io – Open Source Service Containerhttp://www.nedi.ch/running-nedi-on-a-cisco-router/

BRKARC-2014 51


ISR4K Services Core SpecificationsPlatform Service Cores

Speed

(GHz)

Relative Compute

Power

Min Additional

DRAM

Min Additional

SSD

Min Additional

HDD

ISR4451

(Gladden)3 2 6P 4GB 200GB 1TB

ISR4431

(Gladden)3 1 3P 4GB 200GB 1TB

ISR4351

(Rangeley)3 2.4 3 P 4GB 50GB 1TB

ISR4331

(Rangeley)3 2.0 2.5 P 4GB 50GB 1TB

ISR4321

(Rangeley)1 2.4 P 4GB 50GB 1TB

UCS-E NIM 4 1.6 2.6 P N/A N/A N/A

UCS-E EHWIC 2 1.6 1.3 P N/A N/A N/A

Normalize to Rangley 2.4 GHz core = 1P

Gladden 1GHz = Rangley 2.4 GHz

For YourReference

BRKARC-2014 52


What do I need to add to an ISR4K system?

• Service Containers (currently) REQUIRE additional DRAM beyond the 4GB system default

• Additional DRAM beyond 4GB will be available to a KVM application

• Example: 8GB DRAM will have 4GB available to Service Containers

• Example: 16GB DRAM will have 12GB available to Service Containers

Memory

• No storage is included by default and applications do not have access to bootflash.

• Options include internal MSATA SSD on 4300 Series, NIM-SSD or NIM-HD on all ISR4K.

• Smaller sizes and lower reliability SSD options at lower price will be available in CY15.

Storage

Note: ASR1K/CSR requirements will be different.BRKARC-2014 53


NIM-SSD:

• 1 or 2 hot-swappable 200GB SSD drives

• 100GB and 400GB options

SSD-MSATA-50G & SSD-MSATA-200G :

• Doesn’t consume a NIM slot!

• Embedded 50GB/200GB SSD storage

• Not available on 4431/4451

Storage Options

54BRKARC-2014


Unique Requirements for IOS XE Service Containers

• YAML (derived from LibVirt XML) header file(s) within the OVA• Outlines the resource requirements for the application so the system knows

what to do with it.

• Memory, storage, CPU shares, CDROM ISO, etc.

• Properly formatted disk image• Supported formats are qcow2, raw and raw with Cisco capacity XML tag

• IDE virtio driver within the VM kernel for disk access

• Optional TTY0 and TTY1 specification for console/aux connection

BRKARC-2014 55


• YAML Descriptor File Defining:• Number of VCPUs and Share of CPU cycles

• Memory

• Disks including size and source image if applicable

• Virtual NICs

• Console/Aux connectivity

• Disk Image – One or more disk image files. • ISO: Supported for read-only file systems like a CDROM.

• RAW: Supported for read-write file systems.

• QCOW2: Supported for read-write with compression. Longer initial install time but much smaller disk images as a result of compression. Generally the recommended format for standard disk images.

• Manifest File – Simple text file with the SHA1 hash for all files in the OVA.

• Version File – Simple text file with application version number.

Mandatory Service Container OVA Contents

BRKARC-2014 56


Example YAML File

disk:

- target dev: hdc

file: montavista.iso

- target dev: sda

file: kvm_storage_4000MB.img

upgrade-model: ha-sync

interfaces:

- target-dev: net1

alias: net1

- target-dev: net2

type: management

serial:

- serial

- console

# Specify runtime and startup

startup:

runtime: kvm

boot-dev: cdrom

manifest-version: 1.0

info:

name: kvm_prof_2

description: "KVM Montavista Test Distro

version: 1.0

author-name: Cisco Systems, Inc.

author-link: "http://www.cisco.com"

app:

# Indicate app type (vm, paas, lxc etc.,)

apptype: vm

resources:

cpu: 6

memory: 262144

vcpu: 1

App Info &

Definition

Memory/CPU

Reservation

Disk(s) Definition

Ethernet Interfaces

Serial Devices

Boot Details

BRKARC-2014 57


Example libvirt.xml File <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0' id='1'>

<name>ubuntuserver</name>

<uuid>cdc7b1e3-4a61-8452-98cd-2932f8d781da</uuid>

<memory>262144</memory>

<currentMemory>262144</currentMemory>

<vcpu>1</vcpu>

<os>

<type arch='x86_64' machine='pc-0.12'>hvm</type>

<bootdev='hd'/>

</os>

<features>

<acpi/>

<pae/>

</features>

<clock offset='localtime'/>

<on_poweroff>destroy</on_poweroff>

<on_reboot>restart</on_reboot>

<on_crash>destroy</on_crash>

<devices>

<emulator>/usr/bin/qemu-kvm</emulator>

<disk type='file' device='disk'>

<driver name='qemu' type='qcow2'/>

<source file='UbuntuServer.qcow2'/>

<target dev='hdb' bus='virtio'/>

<alias name='virtio-0-0-4'/>

<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>

</disk>

<controller type='ide' index='0'>

<alias name='ide0'/>


</controller>

<interface type='network'>

<mac address='52:54:00:89:c4:96'/>

<source network='default'/>

<target dev='net1'/>

<model type='virtio'/>

<alias name='net1'/>


</interface>

<serial type='tcp'>

<source mode='bind' host='' service='4444'/>

<target port='0'/>

<protocol type='telnet'/>

<alias name='serial0'/>

</serial>

<serial type='tcp'>

<source mode='bind' host='' service='4445'/>

<target port='1'/>

<protocol type='telnet'/>


</serial>

<serial type='unix'>

<source mode='bind' path='syslog'/>

<target port='2'/>


</serial>

<serial type='unix'>

<source mode='bind' path='logger'/>

<target port='3'/>


</serial>

</devices>

<qemu:commandline>

<qemu:arg value='-cpu'/>

<qemu:arg value='host'/>

<qemu:arg value='-device'/>

<qemu:arg value='usb-tablet'/>

</qemu:commandline>

</domain>

Potential Security

Holes

Same VM Definition

as Previous Slide

BRKARC-2014 58


Useful Open Source Tools for Developers

virt-manager – GUI Linux tool for creating and managing VMs.

qemu-img – Useful tool for converting disk images

Example: qemu-img convert -p -c -f raw -O qcow2 <raw.img> <qcow2.img>

openssl – Generates manifest file.

Example: openssl sha1 *.qcow2 *.ver *.yaml > vm.mf

tar – An OVA is nothing more than a tar file with a fancy name.

Example: tar -cvf VM.ova vm.qcow2 platform.xml 4300.xml 4400.xml vm.mf

create_ova.sh – Cisco script to help build an ova in one step.

BRKARC-2014 59


Service Container Install/Monitor Commands

Virtual-Service Install/Monitor:ISR4K# virtual-service install name testapp package bootflash:testapp.ova

ISR4K# show virtual-service list

ISR4K# show virtual-service detail name testapp

ISR4K# virtual-service connect name testapp aux|console

Install an OVA to disk

Show current status including

application install progress

Connect a virtual terminal to the

application serial port (if supported)

BRKARC-2014 60


Service Container Configure & Activate Commands

Virtual-Service Configuration:virtual-service

signing level unsigned

!

interface virtualportgroup 1

ip address 10.0.0.1 255.255.255.0

!

virtual-service testapp

vnic gateway virtualportgroup 1

guest ip address 10.0.0.2

activate

New Global-Level Structure

Single command to disable signing

Up to 32 virtual interfaces to OVS

Application Instance Configuration

One or more interfaces per application

Optional guest interface configuration

Activate an installed & configured App

BRKARC-2014 61


Easy to use•Simplified application lifecycle management

•Stand Alone UI or may be integrated into 3rd party applications

restful APIs

Managing Application Resources•Tracks IOx resource utilization (CPU, Memory, BW)

•Display per application and per device historical trends

•Establish per application status frequency from the onboard

agent

Manage Application Lifecycle•Stage the application image within the local application catalog

•Push changes to end-points

•Detailed application rollout tracking

Cisco Fog Director: App Life Cycle Management, App Management & Monitoring at Scale

BRKARC-2014 62


Cisco Fog Director: Application Dashboard

View of installed

Apps

Instant status of

Apps running

Resource consumption

dashboard

Apps that are ready

to deploy

Apps that have not

cleared deployment

readiness yet

Enables management of application deployment to the edge devices at scale

BRKARC-2014 63


Cisco Fog Director: Application Dashboard

Drilling down on deployed applications

BRKARC-2014 64


Cisco Fog Director: Application Monitoring view

App Deployed on

devices

Apps Success &

Failure view

App Device monitor

Monitor deployed applications at scale

Apps resource

monitor

BRKARC-2014 65


Cisco Fog Director: Trouble shootingDrilling down in to devices and application logs

BRKARC-2014 66


Cisco Fog Director: Device-centric Dashboard

Device Resource

view

Last heard status

Device IP &

Configuration

Device View and

association

Adding new devices

BRKARC-2014 67


Open Service Container Support Model

Linux OS

KVM/LXC

IOSd

Control Plane

WAASCustomer and 3rd

Party Applications

Platform-Specific Data Plane

Virtual Ethernet

Cisco Support:

Call TAC and they’ll help you out.Third Party & Community Support:

TAC will redirect you.

Cisco Devnet Provides:

• Community support for developers

• Documentation

• Developer Tools

• Access to Cisco Engineers

• Sample open source VMs

• Share open source projects

• Examples from Cisco Engineers

BRKARC-2014 68


Future Development

• RAM Disks – will allow apps with low storage requirements to keep their

disk images on bootflash

• Default DRAM – Support for lightweight applications in default 4GB memory.

• VM Configuration – User can overwrite the VM specifications from the YAML

file (CPU, DRAM, NICS, etc) through configuration commands.

• Docker – Support standard Docker containers in addition to KVM.

• Fog Director – Support the same app-store model and deployment GUI as

IOX applications in IOS XE 16.3.

• VBO/NSO Orchestration – Integration with Elastic Service Controller and

NSO for consistent orchestration with other Cisco NFV products.

• Layer 2 Redirect/Chaining – Bridging/Redirect from data plane interfaces as

well as L2 VLAN switching between Service Containers.

BRKARC-2014 69


ISR 4000 Series

with Container

ISR 4000 Series

with UCS-EENCS 5400 Series

ArchitectureEmbedded IOS-XE Container for light-

weight applicationsDedicated x86 blade server for applications

Shared x86 platform for Routing &

hosted applications

Legacy WAN Multiple Multiple Single

4G / LTE Support Yes Yes Yes

TDM Voice Yes Yes No

Switch-ports 72 64 8

Routing Throughput 2 Gbps 2 Gbps 1 Gbps

Resources for Applications

CPU Cores 1-3 8 9

RAM 12 GB 96 GB 64 GB

Disk 800 GB 6 TB4 TB disks +

400 GB SSD

OS / Hypervisors IOS-XE with embedded KVMVMware ESXi, Microsoft HyperV &

Citrix XenServer and more…NFVIS with embedded KVM

Product Specifications ComparisonFor Your

Reference

BRKARC-2014 70


More Information Cisco DevNet

• Online community for developers

• Direct access to Cisco Engineers and Product Teams

• Repository of how-to guides, best practices and sample code

• This will be the primary source for Service Container information and sample OVAs

• Due to Cisco support requirements, VMs will not be posted to Cisco.com directly.

• Keep an eye out for a Service Container Hackathon with fabulous prizes!

71

https://developer.cisco.com/site/kvm

BRKARC-2014


LinksWAY MORE INFO:

What the Heck is a Service Containers? (blog)

http://cs.co/9006BnlDC

An Introduction to Service Containers (Presentation)

http://cs.co/9005BnlD7

Fundamentals of Service Containers (Techwise Video)

http://cs.co/9004BnlDA

Wireshark on the Catalyst 4500

http://cs.co/9002BnlD4

Virtual Service Container Config Guide (NXOS &IOSXE)

http://cs.co/9001BnlDN

BRKARC-2014 72

http://blogs.cisco.com/enterprise/what-the-heck-is-a-service-container

http://www.cisco.com/web/learning/le21/le39/docs/tdw_202_presentation.pdf

https://www.youtube.com/watch?v=jEhO6NUUais

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1/XE_330SG/configuration/guide/config/wireshrk.html

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sdn/configuration/b_openflow_agent_nxos/b_openflow_agent_nxos_chapter_010.html


Other Sessions

BRKARC-3001 Cisco Integrated Services Router - Architectural Overview Monday 1:30PM

BRKARC-3111 Deploying Cisco Smart Software Licensing Enabled Products Monday 1:30PM

LTRRST-3003 Dr. Evil's secret VIRL hands-on Lab Tuesday 1PM

BRKRST-2041 WAN Architectures and Design Principles Wednesday 8AM

BRKCRS-2006 Creating the Virtual Edge: Cisco Enterprise NFV Wednesday 8AM

BRKCRS-3447 Network Function Virtualization for Enterprise Networks Thursday 8AM

BRKARC-2091 Emerging Trends in Branch Office Architectures Thursday 10:30AM

BRKRST-3336 WAN Virtualization Using Over-the-Top (OTP) Thursday 10:30AM

BRKARC-2014 73


Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.

BRKARC-2014 74

CiscoLive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/us

http://ciscolive.com/us

Thank you

Documents

Branch Virtualization - d2zmdbbm9feqrf.cloudfront.netd2zmdbbm9feqrf.cloudfront.net/2016/usa/pdf/BRKARC-2014.pdfBranch Virtualization The Evolving NFV Landscape ... I need a tool to