Branch VirtualizationThe Evolving NFV Landscape

Matt Bolick - Technical Marketing Engineer

BRKARC-2014

BRKARC-2014 is all about hosting network functions and applications in branch offices using the network. In some cases this is augmenting server capabilities already present and it others its an entirely new way of thinking about appliances and network devices in the branch.

Abstract

Branch Service Virtualization Motivations

Enterprise NFV

UCS E-Series

Open Service Containers

Agenda

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

The Lean Branch OfficeBalancing IT Efficiency and User Experience

No local servers

Full reliance on WAN

Simplicity, low cost

No service guarantees

Serverless Branch

Data Center/

Cloud

WAN/Internet

Branch Office

Lean Branch

Data Center/

Cloud

WAN/Internet

Branch Office

4-5 local servers

Full reliance on WAN except for mission-critical applications

All servers local

No reliance on WAN

Complexity, high cost

Service guarantees

Full-Service Branch

Data Center/

Cloud

WAN/Internet

Branch Office

BRKARC-2014 5

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Motivation for Virtualization in the Branch

Physical Branch

Long, Expensive Roll-Outs

Under Utilization

Inflexibility

Virtualized Branch

Service Agility

Efficient Resource Utilization

Opex Savings

BRKARC-2014 6

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Increase revenue by accelerating delivery

of new and differentiated services

Provide on-demand service delivery

through customer self-service portals

Reduce Op-Ex & time-to-service from

months to weeks

NFV Benefits

Reduction of network elements to

manage & deploy

Operational efficiencies through

virtualization

Service Elasticity &

Automated Network Operations

Deployment of best-of-breed

Reduce upfront Cap-Ex

Improve Asset Utilization

Enterprise Service Provider

BRKARC-2014 7

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Levels of Network Function Virtualization

Integrated Services

ISR4K + Service Containers (KVM/LXC)

Native ISR Services + NFV Flexibility

Reliability with Open Service Hosting

Integrated Services with Dedicated Server

ISR4K + UCS C/E Series

Native ISR Services + NFV Hardware

Separate Administration Domains

Fully Virtualized Branch

General Purpose X86 Compute

Full Service Virtualization

Best-of-Breed Service Options

BRKARC-2014 8

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

We use Office 365 and Skype for Business extensively in our company. When we receive trouble tickets from remote branches, were left guessing whether the problem is in the cloud, with the SP or with the client. I need a tool to help me quickly get from report, to root cause to resolution.

Gripe from Customer

MPLS

Unified

Branch

3G/4G-LTE

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloud

BRKARC-2014 9

Enterprise NFV

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Enterprise NFV The First NFV Solution for Enterprise

Central Orchestration

and Management

SDN: APIC-EM | ESA VNF | App Hosting |

3rd Party

Rich

Network Services

NFV Virtualization

Software (NFVIS)ISR 4K | UCS

SW Intelligence

over HW

Platform

Freedom of Choice

Enterprise NFV allows us to innovate

with speed via open programmability and by hosting

virtualized functions and applications wherever,

whenever I need them, network-wide.

Markus Voegele, Sr. Network Architect

IBM Aviation

IBM

Lower TCO for branch operations

Agility: Quickly roll out new services and

locations

Gives you flexible deployment options

BRKARC-2014 11

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco 4000 Series ISR + UCS E-Series

Cisco UCS C-Series

Network Functions Virtualization Infrastructure Software (NFVIS)

Cisco Enterprise Service Automation (ESA) on APIC-EM

Introducing Cisco Enterprise NFVNetwork Services in Minutes, on Any Platform

Virtual Router

(ISRv)

Virtual Firewall

(ASAv)

Virtual WAN

Optimization

(vWAAS)

Virtual Wireless

LAN Controller

(vWLC)

Third-Party VNFs

BRKARC-2014 12

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Zero-touch deployment

Automated orchestration of platform and VNFs

Service chaining and licensing

Health monitoring

Dynamic scaling of services

Operational SLA management

Create standard profiles for different types of branches

Cisco tested and validated designs

Embedded approval process and versioning

Automated Orchestration, Management, PolicyCisco Enterprise Service Automation (ESA)

BRKARC-2014 13

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

ASAv / FTDv vWAAS vWLCISRv

Best-of-breed Trusted Services from CiscoConsistent Software Across Physical and Virtual

High performance

Rich features

End-to-end support

Proven software

Leader in Gartner MQ

#1 unit shipped

Superior caching with

Akamai Connect

Survivability and scale

Consistency across the

data center and switches

Built for small and medium

branches

Comprehensive protection

Full data-center-class

featured functionality

Designed for NFV

Cost-effective with NFV

New!

BRKARC-2014 14

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Packaged for NFVIS

Branch-Specific Features

Branch-Specific Pricing

Look-and-feel of an ISR 4000

Not available separately

Cloud and VDC Deployments

Aggregation Use-Cases

Flexible Pricing & Packaging

Virtual ASR 1000 Series

Available on multiple platforms

ISRv and CSR

Integrated Services Router - Virtual Cloud Services Router

BRKARC-2014 15

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Enterprise NFV Solution Architecture

X86 Hardware

Enterprise NFVIS

ISRv ASAv vWAAS vFirePower VNFn App1 AppnApp2

ESA or NSO

Various Host

options for different

Branch Sizes

Common OS that

supports

virtualization

VNF and Application

hosting with 3rd

party support

Common

Orchestration and

Management across

virtual & physical

network

BRKARC-2014 16

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Power in SoftwareNFVIS Software Stack

LinuxPlatform

Drivers

Interface

Drivers

NFVIS

Virtualization Layer Hypervisor & vSwitch

Orchestration

APIHTTPS

Plug-n-Play

Client

Plug-n-Play

Server

Console

/SSHYANG

APIC-

EM/Prime

CLI NETCONF REST

Health Monitor

Device Web

Portal

BRKARC-2014 17

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

NFVISThe POWER under the hood

Virtualization

Network Function Virtualization Infrastructure Software

API

Interface

Platform Management KVM

Virtualized Service

Virtualized Service

Virtualized Service

vSwitch

Linux

PnP

Client br2 br1

Int-1 Int-2 Int-3

Kernel Virtual Machine (KVM) to abstract service functions from hardware

Virtual switching provides connectivity between service functions and to physical interfaces

BRKARC-2014 18 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

NFVISThe POWER under the hood

REST (HTTPS) and NETCONF (SSH)

Network Function Virtualization Infrastructure Software

API

Interface

Platform Management KVM

Virtualized Service

Virtualized Service

Virtualized Service

vSwitch

Linux

PnP

Client br2 br1

Int-1 Int-2 Int-3

Register and deploy services

Configure platform

Gather monitoring statistics

PnP client for ZTD

Platform Management

Controlling hardware specifics such as storage, memory, network interface connectivity

Hardware performance such as SR-IOV

VF

PF = Physical Function

VF = Virtual Function

VF

BRKARC-2014 19 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Solving the Customer Gripe

MPLS

Unified

Branch

3G/4G-LTE

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloud

1. Deploy Enterprise NFV with support for 3rd party virtual machines.

2. Use ESA Orchestration tool to deploy a troubleshooting VM.

3. Using open-source tools like Wireshark and NTop analyze application flows directly within the branch to find the root cause.** Other Cisco, open source and 3rd party analytic tools exist and are options.

BRKARC-2014 20

UCS E-Series

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco End-to-End SolutionCisco UCS B-Series and C-Series for Data Center; UCS E-Series for Branch

Location-Suitable Form Factors, Consistent Device Management

Cisco UCS B- and C-Series

This unified compute platform offers infrastructure consolidation in the data center. These servers offer innovative virtualization, memory, provisioning, I/O, and management capabilities.

Cisco UCS E-Series Servers

This residual compute platform offers all-in-one device convergence that facilitates centralization of branch applications into thedata center.

WAN/Internet

Branch Office

Data Center/Cloud

Address WAN-induced performance, availability, and compliance challenges.

Consolidate Infrastructure

Centralize Applications

Support User Experience

BRKARC-2014 22

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco UCS E-Series DC-class Servers

Cisco UCS E160D

Double-Wide Service Module

VMware, Hyper-V,

Citrix certified

Intel E5 6 core processor

96GB DRAM

Cisco UCS E180D

Double-Wide Service Module

VMware, Hyper-V,

Citrix certified

Intel E5 8 core processor

96GB DRAM

Cisco UCS E140S

Service module

VMware, Hyper-V,

Citrix certified

Intel E3 4 core processor

16GB DRAM

Performance

Scala

bili

ty

Cisco UCS E160S

Single-Wide Service module

VMware, Hyper-V,

Citrix certified

Intel Broadwell 6 core

processor

32GB DRAM

USB 3.0 & 10Gb Interface

Intel Broadwell

Intel Ivy Bridge

Intel Ivy Bridge

Intel Ivy Bridge

BRKARC-2014 23

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco UCS E-Series Single-Wide Blade Compact Blade Housed in Cisco ISR G2 and 4000 Series ISR Chassis - Cisco UCS E140S M2 and E160S M3

Up to 2 SATA, SAS, or SSD hard drives

Configuration and management

through CIMC/IMC SUP or

UCSD

Intel 4 Core Xeon E3 family

quad-core processor

6 Core Broadwell

Onboard hardware RAID 0/1 with hot-

swappable capability

One external 10/100/1000

and two internal GE ports

USB 2.0 or 3.0 port for external

device connectivity

8, 12, 16 GB and 32 GB

DRAM options

Maximum 65 W power draw

80 percent less than server

Wire-free, plug-and-play modularity,

low shipping weight (2.5 lb/1.1 kg)

Remote and

schedulable power

management

KVM console connector

10/100 Ethernet

management port

Two SD cards: One for the CIMC

and temporary storage of OS and

one as a blank virtual drive

No SD card on M3. UCS Flex Flash

BRKARC-2014 24

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco UCS E-Series Double-Wide BladePowerful Blade Housed in ISR G2 and 4000 Series ISR Chassis - UCS E160D M2, UCS E180D M2

Up to 3 SATA, SAS, SSD hard drives

Out-of-band

configuration and

management

through CIMC/ IMC Sup

or UCSD

Onboard hardware RAID 0, 1, and 5 configuration

options with hot-swappable capabilityTwo external and two internal GE ports

with TCP/IP acceleration

Front-panel VGA, 2 USB, and serial

console connectors

8 GB - 96 GB

DRAM options

Maximum 130 W power draw,

80 percent less than server

Wire-free, plug-and-play modularity, low shipping weight

(7 lb/3.2 kg)

Remote and schedulable

power management

Two SD cards: One for the CIMC

and temporary storage of OS

and one as a blank virtual drive

Intel Xeon E5-2400 6-core, 8-core

processor

BRKARC-2014 25

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Hardware Comparison Matrix(Cisco UCS E-Series)

Reference

UCS E140S M2 UCS E160D M2 UCS E180D M2

ProcessorIntel Xeon E3-1105C v2

(1.8 GHz)Intel Xeon E5-2418L v2 (2.0 GHz) Intel Xeon E5-2428L v2 (1.8 GHz)

Core/vCPU 4/8 6/12 8/16

Memory 8 - 16 GB 8 - 96 GB 8 - 96 GB

StorageUp to 3.6 TB (2 HDD bays)

SATA, SAS, SED, SSD

Up to 5.4 TB (3 HDD bays)

SATA, SAS, SED, SSD

Up to 5.4 TB (3 HDD bays)

SATA, SAS, SED, SSD

RAID RAID 0 and RAID 1 RAID 0, RAID 1, and RAID 5 RAID 0, RAID 1, and RAID 5

Network portInternal: 2 GE ports

External: 1 GE port

Internal: 2 GE ports

External: 2 GE ports

Internal: 2 GE ports

External: 2 GE ports

Platforms4451-X, 4351, 4331, 2911, 2921,

2951, 3925, 3945, 3925E, 3945E

4451-X, 4351, 2921, 2951, 3925,

3945, 3925E, 3945E 4451-X, 4351, 2951, 3925, 3945,

3925E, 3945E

BRKARC-2014 26

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco UCS E-Series Network Compute Engine

Cisco UCS EN140N

NIM network compute module

Virtualization enabled

Network compute applications -

FirePower, vWAAS

Cisco UCS EN120S

Service module

VMware and

Hyper-V certified

Network compute

applications - FirePower, vWAAS

Cisco UCS EN120E

Enhanced HWIC

Virtualization enabled

Network compute applications -

FirePower, vWAAS

Performance

Scala

bili

ty

Supported on ISR-G2

Supported on ISR4000

BRKARC-2014 27

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco UCS E-Series Network Compute EngineCompact, Multipurpose Blade Housed in 4000 Series ISR -Cisco UCS EN140N M2

Up to 8 GB RAM

Intel Atom

quad-core processor

One 2GB SD card

for CIMC

50, 100, 200 GB mSATA

SSD options

Dedicated

management port

One external Gigabit

Ethernet port/ Two

internal Gigabit

Ethernet ports

KVM console

connectorUSB 2.0 port for

external device

connectivity

BRKARC-2014 28

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco UCS E-Series Servers Support Model

Hardware Support Provided by Cisco

Cisco UCS E-Series hardware supported under ISR G2 SMARTnet at no additional cost

Hypervisor and OS supported by hypervisor and OS vendor

ISR

Cisco UCS E-Series Server Module

Hypervisor

Supported by Cisco SMARTnet

Attached to ISR G2

Supported by OS / hypervisor vendor

Purchased separately

29BRKARC-2014

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Solving the Customer Gripe

MPLS

Unified

Branch

3G/4G-LTE

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloud

1. Deploy UCS-E hardware in branch ISR.

2. Use Orchestration tools (Vsphere, etc) to deploy a troubleshooting VM.

3. Using open-source tools like Wireshark and NTop analyze application flows directly within the branch to find the root cause.** Other Cisco, 3rd party and paid analytic tools exist and are options.

BRKARC-2014 30

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Hardware Comparison Matrix(Cisco UCS E-Series NCE)

UCS EN120S M2 UCS EN140N (4000 ISR Only) UCS EN120E (ISR G2 Only)

ProcessorIntel Pentium

B925C (2.0 GHz)

Intel Atom C2518

(1.7 GHz)

Intel Atom C2358

(1.7 GHz)

Core/vCPU 2/4 4/4 2/2

Memory 8 - 16 GB 8 GB 8 GB

Storage500 GB- 2 TB (2 HDD)

SATA, SAS50 GB 200 GB 50 GB 200 GB

RAID RAID 0 and RAID 1 NA NA

Network portInternal: 2 GE ports

External: 1 GE port

Internal: 2 GE ports

External: 1 GE port

Internal: 2 GE ports

External: 1 GE port

Platforms

2911, 2921, 2951, 3925, 3945,

3925E, 3945E, 4451-X,

4351, 4331

4451, 4431, 4351, 4331, 43211921, 1941, 2901, 2911, 2921, 2951,

3925, 3945, 3925E, 3945E

Reference

BRKARC-2014 31

KVM Hosting on IOS-XE RoutersISR 4K, ASR1K, CSR1Kv

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Native Process

Very Tight Integration

Best Performance

LXC

Strict Kernel Requirements

Good performance with some security

Docker

Emerging Industry Standard

Future Support

KVM

Any OS

Complete separation

Linux host OS normally Type 2 hypervisor

Type 1 Hypervisor

Service Module Only

VMWare, HyperV, Zen

Application Hosting SpectrumDifferent models for different application needs.

BRKARC-2014 33

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Native Process

Very Tight Integration

Best Performance

LXC

Strict Kernel Requirements

Good performance with some security

Docker

Emerging Industry Standard

Future Support

KVM

Any OS

Complete separation

Linux host OS normally Type 2 hypervisor

Type 1 Hypervisor

Service Module Only

VMWare, HyperV, Zen

Cisco Service ContainersLinux ContainersOpen Service Containers

Application Hosting Spectrum

BRKARC-2014 34

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

What are Cisco platforms doing?

Support RPM package installation directly to the system.

IOS XR

Support for 3rd party LXC containers. Support for Guest Shell LXC. Future support for

Docker containers.

Nexus OS

Open to any 3rd party or custom KVM application on routing platforms. Future plans for

Docker support and alignment with IOX. Ultimate flexibility with UCS-E module.

IOS XE

IOX program provides an IOT focused app store for KVM applications and scripts as well

as Fog Director GUI manager.

Classic IOS

BRKARC-2014 35

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

What is a Service Container?Service Containers use virtualization technology

(LXC and KVM) to provide a hosting environment

on Cisco routers/switches for applications which

may be developed and released independent of

platform release cycles.

Virtualized environment on a cisco device.

Use Case Cisco Virtual Services:

Work/Appliance Consolidation

Lightweight Application Hosting

Example: ISR4451X-WAAS

Use Case Third Party Services:

KVM Hosted Applications

Container

Network OS

Virtual Service

Service Containers

BRKARC-2014 36

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Linux OS

KVM/LXC

IOS-XE Software Architecture

IOSd

Control Plane

Cisco Apps (WAAS, Snort)Customer and 3rd Party

Applications

Platform-Specific Data Plane AppNav

Internal Services Blade

(UCS E-Series)

External Services Blade

(UCS)

Virtual Ethernet

BRKARC-2014 37

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco ISR 4400 Series Architecture

Control Plane (1

core) and Services

Plane (3 cores)

Data Plane

(6 or 10 cores)

Multigigabit

Fabric

FPGE

ISC

SM-X

NIMService Plane

(control plane CPU)

KVM - Hypervisor

Service Container

Service containers

live here:

75% CPU

IOS-XE

25% CPU

BRKARC-2014 38

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco ISR 4300 Series Architecture

Service Plane (control plane CPU)

KVM - Hypervisor

Service Container

IOS

Service Container

Multigigabit

Fabric

FPGE

ISC

SM-X

NIM

Data Plane Cores

Note:4321 uses 2DP, 1CP & 1SC cores

BRKARC-2014 39

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco WAASImprove application performance and user experience

Virtual WAAS

Application acceleration from

Private/Virtual Private Cloud

VMWare ESX/ESXi and UCS

deployments

Agile, elastic, multi-tenant deployment

vCM: common virtualized management

for physical/virtual WAAS

ISR-WAAS on ISR 4K

Integrated on platform

Full Feature Parity

Software on-demand provisioning

No fork lift upgrade

WAAS Appliance

Application acceleration

Virtual blades in branch offices

Scalable platforms for range of

deployments

BRKARC-2014 40

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Introducing

Product Overview

Open source intrusion prevention system for real-time traffic analysis

Lightweight threat defense for price sensitive customers

Integrated in ISR 4K service container

IPS/IDS functionality with an IOS IPS look and feel

BRKARC-2014 41

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Positioning IPS/IDS Solution for the WAN

ISR 4321Up to 50 Mbps

ISR 433160 140 Mbps

ISR 4351 75 170 Mbps

ISR 4451 115 270 Mbps

Regulatory/ PCI

Compliance

Internet guest

access

MSSP

Direct Internet access to partner sites or public cloud

(i.e. Office365, Salesforce.com)

Full DIA

Full DIA

BRKARC-2014 42

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

StealthWatch Learning Network-SLN

HQISE

SC

A

Branch 1Branch 2

DLA

ISR

DLA

ISR

Distributed Learning Agent

Data collection. Netflow, DPI

(control and data plane, local

states)

Analytics and Learning

Edge Mitigation

programmed/autonomous

(police, shape, recolor,

redirect) etc.)

G2 -> UCS-E blade

4K -> container-based

SLN Control Agent

Orchestration and interaction with

remote DLAs

Advanced visualizations

Centralized policy

Se

cu

rity

Ma

na

ge

me

nt

Pri

va

te/P

ub

lic

Netw

ork

Ne

two

rk E

dg

e

Admin

Reputation

IoCs

ThreatGRID

PCAP/Honeypot

Context

ISE pxGrid

BRKARC-2014 43

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Common KVM Use Cases

General purpose virtual machine with custom and open-source troubleshooting tools.

(Wireshark, Speedtest, etc.)

Troubleshooting VM

Common network functions such as Print Server, Domain Controller, File Storage, etc.

Network Functions

Network Analysis and Application Performance Monitoring without a dedicated probe.

Analytics

Augment the capabilities of the host platform in some way. (Custom encryption, business-

based routing, specialized API interface)

Device Customization

BRKARC-2014 44

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Solving the Customer Gripe

MPLS

Unified

Branch

3G/4G-LTE

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloud

1. Deploy sufficient Memory & Storage for future Service Containers

2. Use scripts, CLI, PI, Fog Director or other Orchestration tools to deploy a troubleshooting VM.

3. Using open-source tools like Wireshark and NTop analyze application flows directly within the branch to find the root cause.** Other Cisco, open source and 3rd party tools exist and are options.

BRKARC-2014 45

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

ThousandEyesView Across Internal and External Networks

Hosting / SaaS Provider

3 App Delivery:Website, CDN, DNS, ISP

4 Internet Security: DNS, BGP, DDoS

EnterpriseAgents

Branch

Data Center

Internet

Consumers

Cloud Agent

1 Network Ops: WAN, VoIP, DCs

2 Cloud Migration:SaaS and IaaS

BRKARC-2014 46

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

ThousandEyesTroubleshoot, Monitor, Resolve

Hop-by-hop path visualization from

monitoring agents to cloud hosted or

internal services

Actively monitor and troubleshoot

any network including branch

offices, data centers

Visualize network and application

performance to detect trends and

anomalies

BRKARC-2014 47

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

STORAGE

POWER & COOLING

SERVER

NETWORK

DATABASE

CLOUD

USER EXPERIENCE

APPLICATION

MONITOR

Predictive Analytics

SLA Compliance

Dashboards &

Reporting

Intelligent Alerts

VIRTUALIZATION

BIG DATA MAINFRAME

A unified view and architecture to manage

your internal and external infrastructure .

CA Unified Infrastructure ManagementUnified IT Monitoring Providing Broad Coverage

BRKARC-2014 48

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

CA Unified Infrastructure Management Multi-Site Deployment

Relay Hub

Servers w/ Robots

Relay Hub

Servers w/ Robots

Remote Site 2Remote Site 1

Primary Datacenter

Primary Hub

Secondary Hub

Data Repository

UNIFIED MONITORING OF PUBLIC AND PRIVATE IT ENVIRONMENTS

BRKARC-2014 49

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

UIM Reference Architecture

KVM

Relay

Hub

KVM

Polling

Robot

ISR 4400/4300

KVM

Relay

Hub

KVM

Polling

Robot

ISR 4400/4300

KVM

Relay

Hub

KVM

Polling

Robot

ISR 4400/4300

Location 1 Location 2 Location 3

Servers

w/RobotsNetwork

Infrastructure

Servers

w/RobotsNetwork

Infrastructure

Servers

w/RobotsNetwork

Infrastructure

UIM CORE

UIM

Portal

UIM

DB

UIM

Primary HUB

Recommended Probe

Technologies included with

ISR UIM OVAs:

CDM/RSP

SNMPC

UCS

URL Response

Net Connect

DNS Response

XenApp

e2e appmon

Virtual Image Requirements:

Relay Hub: 1 CPU Quad

Core, 8GB Memory.

Redhat/CentOS 6 or 7.

Polling Robot: 1 CPU

Quad Core, 8GB Memory.

Redhat/CentOS 6 or 7.

BRKARC-2014 50

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Network Discovery, Operation and Management

Open application built without any Cisco involvement.

Terrific option for low-footprint branch management.

Ned.io Open Source Service Containerhttp://www.nedi.ch/running-nedi-on-a-cisco-router/

BRKARC-2014 51

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

ISR4K Services Core SpecificationsPlatform Service Cores

Speed

(GHz)

Relative Compute

Power

Min Additional

DRAM

Min Additional

SSD

Min Additional

HDD

ISR4451

(Gladden)3 2 6P 4GB 200GB 1TB

ISR4431

(Gladden)3 1 3P 4GB 200GB 1TB

ISR4351

(Rangeley)3 2.4 3 P 4GB 50GB 1TB

ISR4331

(Rangeley)3 2.0 2.5 P 4GB 50GB 1TB

ISR4321

(Rangeley)1 2.4 P 4GB 50GB 1TB

UCS-E NIM 4 1.6 2.6 P N/A N/A N/A

UCS-E EHWIC 2 1.6 1.3 P N/A N/A N/A

Normalize to Rangley 2.4 GHz core = 1P

Gladden 1GHz = Rangley 2.4 GHz

For YourReference

BRKARC-2014 52

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

What do I need to add to an ISR4K system?

Service Containers (currently) REQUIRE additional DRAM beyond the 4GB system default

Additional DRAM beyond 4GB will be available to a KVM application

Example: 8GB DRAM will have 4GB available to Service Containers

Example: 16GB DRAM will have 12GB available to Service Containers

Memory

No storage is included by default and applications do not have access to bootflash.

Options include internal MSATA SSD on 4300 Series, NIM-SSD or NIM-HD on all ISR4K.

Smaller sizes and lower reliability SSD options at lower price will be available in CY15.

Storage

Note: ASR1K/CSR requirements will be different.BRKARC-2014 53

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

NIM-SSD:

1 or 2 hot-swappable 200GB SSD drives

100GB and 400GB options

SSD-MSATA-50G & SSD-MSATA-200G :

Doesnt consume a NIM slot!

Embedded 50GB/200GB SSD storage

Not available on 4431/4451

Storage Options

54BRKARC-2014

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Unique Requirements for IOS XE Service Containers

YAML (derived from LibVirt XML) header file(s) within the OVA Outlines the resource requirements for the application so the system knows

what to do with it.

Memory, storage, CPU shares, CDROM ISO, etc.

Properly formatted disk image Supported formats are qcow2, raw and raw with Cisco capacity XML tag

IDE virtio driver within the VM kernel for disk access

Optional TTY0 and TTY1 specification for console/aux connection

BRKARC-2014 55

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

YAML Descriptor File Defining: Number of VCPUs and Share of CPU cycles

Memory

Disks including size and source image if applicable

Virtual NICs

Console/Aux connectivity

Disk Image One or more disk image files. ISO: Supported for read-only file systems like a CDROM.

RAW: Supported for read-write file systems.

QCOW2: Supported for read-write with compression. Longer initial install time but much smaller disk images as a result of compression. Generally the recommended format for standard disk images.

Manifest File Simple text file with the SHA1 hash for all files in the OVA.

Version File Simple text file with application version number.

Mandatory Service Container OVA Contents

BRKARC-2014 56

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Example YAML File

disk:

- target dev: hdc

file: montavista.iso

- target dev: sda

file: kvm_storage_4000MB.img

upgrade-model: ha-sync

interfaces:

- target-dev: net1

alias: net1

- target-dev: net2

type: management

serial:

- serial

- console

# Specify runtime and startup

startup:

runtime: kvm

boot-dev: cdrom

manifest-version: 1.0

info:

name: kvm_prof_2

description: "KVM Montavista Test Distro

version: 1.0

author-name: Cisco Systems, Inc.

author-link: "http://www.cisco.com"

app:

# Indicate app type (vm, paas, lxc etc.,)

apptype: vm

resources:

cpu: 6

memory: 262144

vcpu: 1

App Info &

Definition

Memory/CPU

Reservation

Disk(s) Definition

Ethernet Interfaces

Serial Devices

Boot Details

BRKARC-2014 57

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Example libvirt.xml File

ubuntuserver

cdc7b1e3-4a61-8452-98cd-2932f8d781da

262144

262144

1

hvm

destroy

restart

destroy

/usr/bin/qemu-kvm

Potential Security

Holes

Same VM Definition

as Previous Slide

BRKARC-2014 58

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Useful Open Source Tools for Developers

virt-manager GUI Linux tool for creating and managing VMs.

qemu-img Useful tool for converting disk images

Example: qemu-img convert -p -c -f raw -O qcow2

openssl Generates manifest file.

Example: openssl sha1 *.qcow2 *.ver *.yaml > vm.mf

tar An OVA is nothing more than a tar file with a fancy name.

Example: tar -cvf VM.ova vm.qcow2 platform.xml 4300.xml 4400.xml vm.mf

create_ova.sh Cisco script to help build an ova in one step.

BRKARC-2014 59

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Service Container Install/Monitor Commands

Virtual-Service Install/Monitor:ISR4K# virtual-service install name testapp package bootflash:testapp.ova

ISR4K# show virtual-service list

ISR4K# show virtual-service detail name testapp

ISR4K# virtual-service connect name testapp aux|console

Install an OVA to disk

Show current status including

application install progress

Connect a virtual terminal to the

application serial port (if supported)

BRKARC-2014 60

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Service Container Configure & Activate Commands

Virtual-Service Configuration:virtual-service

signing level unsigned

!

interface virtualportgroup 1

ip address 10.0.0.1 255.255.255.0

!

virtual-service testapp

vnic gateway virtualportgroup 1

guest ip address 10.0.0.2

activate

New Global-Level Structure

Single command to disable signing

Up to 32 virtual interfaces to OVS

Application Instance Configuration

One or more interfaces per application

Optional guest interface configuration

Activate an installed & configured App

BRKARC-2014 61

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Easy to useSimplified application lifecycle management

Stand Alone UI or may be integrated into 3rd party applications

restful APIs

Managing Application ResourcesTracks IOx resource utilization (CPU, Memory, BW)

Display per application and per device historical trends

Establish per application status frequency from the onboard

agent

Manage Application LifecycleStage the application image within the local application catalog

Push changes to end-points

Detailed application rollout tracking

Cisco Fog Director: App Life Cycle Management, App Management & Monitoring at Scale

BRKARC-2014 62

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Fog Director: Application Dashboard

View of installed

Apps

Instant status of

Apps running

Resource consumption

dashboard

Apps that are ready

to deploy

Apps that have not

cleared deployment

readiness yet

Enables management of application deployment to the edge devices at scale

BRKARC-2014 63

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Fog Director: Application Dashboard

Drilling down on deployed applications

BRKARC-2014 64

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Fog Director: Application Monitoring view

App Deployed on

devices

Apps Success &

Failure view

App Device monitor

Monitor deployed applications at scale

Apps resource

monitor

BRKARC-2014 65

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Fog Director: Trouble shootingDrilling down in to devices and application logs

BRKARC-2014 66

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Fog Director: Device-centric Dashboard

Device Resource

view

Last heard status

Device IP &

Configuration

Device View and

association

Adding new devices

BRKARC-2014 67

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Open Service Container Support Model

Linux OS

KVM/LXC

IOSd

Control Plane

WAASCustomer and 3rd

Party Applications

Platform-Specific Data Plane

Virtual Ethernet

Cisco Support:

Call TAC and theyll help you out.Third Party & Community Support:

TAC will redirect you.

Cisco Devnet Provides:

Community support for developers

Documentation

Developer Tools

Access to Cisco Engineers

Sample open source VMs

Share open source projects

Examples from Cisco Engineers

BRKARC-2014 68

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Future Development

RAM Disks will allow apps with low storage requirements to keep their

disk images on bootflash

Default DRAM Support for lightweight applications in default 4GB memory.

VM Configuration User can overwrite the VM specifications from the YAML

file (CPU, DRAM, NICS, etc) through configuration commands.

Docker Support standard Docker containers in addition to KVM.

Fog Director Support the same app-store model and deployment GUI as

IOX applications in IOS XE 16.3.

VBO/NSO Orchestration Integration with Elastic Service Controller and

NSO for consistent orchestration with other Cisco NFV products.

Layer 2 Redirect/Chaining Bridging/Redirect from data plane interfaces as

well as L2 VLAN switching between Service Containers.

BRKARC-2014 69

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

ISR 4000 Series

with Container

ISR 4000 Series

with UCS-EENCS 5400 Series

ArchitectureEmbedded IOS-XE Container for light-

weight applicationsDedicated x86 blade server for applications

Shared x86 platform for Routing &

hosted applications

Legacy WAN Multiple Multiple Single

4G / LTE Support Yes Yes Yes

TDM Voice Yes Yes No

Switch-ports 72 64 8

Routing Throughput 2 Gbps 2 Gbps 1 Gbps

Resources for Applications

CPU Cores 1-3 8 9

RAM 12 GB 96 GB 64 GB

Disk 800 GB 6 TB4 TB disks +

400 GB SSD

OS / Hypervisors IOS-XE with embedded KVMVMware ESXi, Microsoft HyperV &

Citrix XenServer and moreNFVIS with embedded KVM

Product Specifications ComparisonFor Your

Reference

BRKARC-2014 70

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

More Information Cisco DevNet

Online community for developers

Direct access to Cisco Engineers and Product Teams

Repository of how-to guides, best practices and sample code

This will be the primary source for Service Container information and sample OVAs

Due to Cisco support requirements, VMs will not be posted to Cisco.com directly.

Keep an eye out for a Service Container Hackathon with fabulous prizes!

71

https://developer.cisco.com/site/kvm

BRKARC-2014

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

LinksWAY MORE INFO:

What the Heck is a Service Containers? (blog)

http://cs.co/9006BnlDC

An Introduction to Service Containers (Presentation)

http://cs.co/9005BnlD7

Fundamentals of Service Containers (Techwise Video)

http://cs.co/9004BnlDA

Wireshark on the Catalyst 4500

http://cs.co/9002BnlD4

Virtual Service Container Config Guide (NXOS &IOSXE)

http://cs.co/9001BnlDN

BRKARC-2014 72

http://blogs.cisco.com/enterprise/what-the-heck-is-a-service-containerhttp://www.cisco.com/web/learning/le21/le39/docs/tdw_202_presentation.pdfhttps://www.youtube.com/watch?v=jEhO6NUUaishttp://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1/XE_330SG/configuration/guide/config/wireshrk.htmlhttp://www.cisco.com/c/en/us/td/docs/switches/datacenter/sdn/configuration/b_openflow_agent_nxos/b_openflow_agent_nxos_chapter_010.html

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Other Sessions

BRKARC-3001 Cisco Integrated Services Router - Architectural Overview Monday 1:30PM

BRKARC-3111 Deploying Cisco Smart Software Licensing Enabled Products Monday 1:30PM

LTRRST-3003 Dr. Evil's secret VIRL hands-on Lab Tuesday 1PM

BRKRST-2041 WAN Architectures and Design Principles Wednesday 8AM

BRKCRS-2006 Creating the Virtual Edge: Cisco Enterprise NFV Wednesday 8AM

BRKCRS-3447 Network Function Virtualization for Enterprise Networks Thursday 8AM

BRKARC-2091 Emerging Trends in Branch Office Architectures Thursday 10:30AM

BRKRST-3336 WAN Virtualization Using Over-the-Top (OTP) Thursday 10:30AM

BRKARC-2014 73

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Complete Your Online Session Evaluation

Dont forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.

BRKARC-2014 74

CiscoLive.com/Onlinehttp://ciscolive.com/Onlinehttp://ciscolive.com/Onlinehttp://ciscolive.com/ushttp://ciscolive.com/us

Thank you