Cisco Confidential© 2016 Cisco and/or its affiliates. All rights reserved. 1
Cisco
Connect
NFV/SDN Platform for
Orchestrating Cloud and
vBranch Managed Services
R. Wayne Ogozaly Technical Lead Engineer Cisco Systems
October 12th , 2017

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• What’s driving the NFV / SDN Business Transformation?
• Critical Elements of a Next-gen NFV / SDN Solution
• What’ possible today…Cisco Virtual Managed Services (VMS) Demo
• Services Overview…VNFs running in Clouds and Virtual Branches
• Network Services Orchestration…Yang Models, VNF Lifecycles, and Zero Touch
Provisioning for Cisco and 3rd Party devices (physical and virtual)
• Conclusions

What is Network Functions Virtualization (NFV)?
In NFV, network functions run as software modules
on x86 servers. An NFV infrastructure, or NFVI,
provides the underlying compute, storage, and
network resources required for NFV.
• New elastic services
• Decoupling of hardware and software
• Automating everything and simplifying network
operations
• Reducing OpEx (not transferring cost)
• Increasing service revenue
Standards based frameworks…ETSI…NFV and MANO
MANONFV Framework
European Telecommunications Standards Institute (ETSI)
NFV Industry Specifications Group
Management and Orchestration (MANO) Framework
BRKARC-2259 3

What is Software Defined Networking (SDN)?
In an SDN architecture, the control and data
planes are decoupled, network intelligence and
state are logically centralized, and the
underlying network infrastructure is abstracted
from the applications…
• Separation of Control and Forwarding plane
• Centralized Management – Global view
• Automating everything and simplifying
network operations
• Reducing OpEx (not transferring cost)
• Increasing service revenue
BRKARC-2259 4

What’s driving the NFV / SDN
Business Transformation?

Markets are Poised for Epic Opportunity
IoT will drive zettabytes of data and billions of new connections. Ratio of machine
communications to human communications will be 30:1 by 2020
CapGemini, 2015
5G will generate $247B in service revenue by 2025
ABI Research
Gaming to grow 7-fold and account for 4% percent of fixed consumer internet
by 2020; currently 2% of average and 10% of peak traffic
Cisco VNI
By 2021, mobile traffic will represent 20% of total IP traffic (up from 8% in 2016)
Cisco VNI Mobile, 2017
Business Internet traffic will grow 4X faster than IP WAN. Global VPN grows 56%
over the next 2 years from $45B to $70B by 2019
80% of user workloads moved to Cloud by 2019
BRKARC-2259 6

Enterprise customers require better IT solutions
*AMI-Cisco ITaaS Research of 350 business in 11 countries
Global business IT priorities*
Global
SDN/NFV market
is expected to
reach $6B by
2020 (IDC)
BRKARC-2259 7

Is your Network ready for the Digital Transformation?
The WAN Connects Branch Sites to the rest of the world
of employees and customers are
served in branch offices
80%
of our applications are
accessed via the Internet
50%
Cite poor application
performance and latency
as a corporate concern
48%
Have either 2 or 3 WAN
connections per branch
70%
How can SPs
deliver better
branch services,
at a lower cost,
over any
connection?
BRKARC-2259 8

Transform with a combo SDN, NFV, and traditional Network Products
Cisco is leading Service Provider Transformation
Virtualize
Simplify
Automate
Service
Focus
SP OutcomesSP Drivers Cisco Strategy
• Bandwidth is growing;
revenue is not
• Web-scale breaks
current cost &
design models
• Need to grow new
compelling services
• Need reductions in
both CAPEX and
OPEX, not a transfer
• Customer retention
& relationship critical
• Reduce TCO
• Transform operations
• Accelerate speed to market
• Generate new revenue
• Improve customer experience
• Mitigate risk
• Application-led, not
infrastructure
• Network as platform for
retention and new services
BRKARC-2259 9

Critical Elements of a Next-gen
NFV / SDN Solution

Disruptive Technologies unlock new Services
Allowing Industry to Address new Market Opportunities
Efficiency through automation and
self-service fulfillment
Orchestration
Flexibility with the transformation of
solution architectures and operations
Network Functions
Virtualization
Agile service delivery via
cloud-enabled services and
management
Cloud Native
Dynamic market services via tight
application and network interaction
Software-Defined
Networking
Convergence of multiple disruptive technologies has created massive opportunity
Service
Orchestration
Cloud Managed
Services
NFVSDN
Virtual
Managed
Services
Router FW Web IPS
BRKARC-2259 11

Disruptive Technologies unlock new Service Models
Efficiency through automation and self-service fulfillment
Orchestration
Flexibility with the transformation of solution architectures and operations
Network Functions
Virtualization
Agile service delivery via cloud-enabled services and management
Cloud Native
Dynamic market services via tight application and network interaction
Software-Defined
Networking
Virtual and Physical
devices,
Cisco and 3rd Party
VNF Lifecycle Mgt
and
Service Orchestration
Simple service models
and device models
(YANG, XML)
Web Scale design,
Multi-tenant 1,000s,
Service Orientation
Central Device Mgt,
Secure ID (RBAC),
Zero Touch Provision
VNFs run in the Cloud
or
Virtual Branch (x86)
Runs in any cloud,
public or private
(VIM Independent)
Micro-services, Docker
Containers, Kubernetes,
Geo-redundancy
VNF Smart Licensing
and Pay-as-you-Grow
Pricing Models
Service Creation
capable, including
analytics & monitoring
REST APIs to
OSS/BSS for
billing and SLAs
Config Roll back,
Service Extensions,
100,000 Devices
Tenant Self-Service,
Monetized offers,
Auto Rendered UI,
Network Elements
Drivers, Conf-D,
and CLI
Self-healing Networks,
Configuration Guard
Rails
VNF Certification of
Cisco and 3rd Party
VNFs
BRKARC-2259 12

What’s possible today…
Cisco Virtual Managed Services (VMS)
Live Demo

Cisco and Verizon SDN / NFV
Running Cisco Virtual Managed Services (VMS)
getsdwan.com
https://getsdwan.com/?utm_source=mrpdb&utm_medium=email&utm_campaign=visitsdwangeni
nfo&login=CV3655315889&elqTrackId=fdab2eea85914a6e876740e048848635&elq=fc084ed17
5084de8947d7ea1ef8a7a65&elqaid=2205&elqat=1&elqCampaignId=897
BRKARC-2259 15

Cisco VMS SDN/NFV - Optimized for ease of Management
Perfect for distributed customers looking for
lower cost and self-managed SDN/NFV options
WAN created with Zero Touch Provisioning,
validated Service Packs (NSO), 1000’s devices
Automated end-to-end SDN/NFV Services
managed from the Verizon Cloud
Secure multi-tenant Cloud Managed platform,
simplified orchestration & tenant self-service
Rapidly create new monetized services,
modify existing services instantly from Cloud
BRKARC-2259 16

Identify Prioritize Accelerate &
Secure
See 1000+ apps
on your network
with NBAR
Map apps to links using
business policies with
Performance Routing
Boost app performance
over secure overlays
Cisco SD-WAN running on VMS
SD-WAN Made Easy With VMS
Secure, Reliable Application Experience for Enterprises and SMBs
MPLS, Internet, LTE links
Secure VPN Overlays
Lower Cost, Higher Capacity
New Branch
Extensions
MPLS
Internet
LTE
Public/Private Cloud
Microsoft Office 365
BRKARC-2259 17

Why Verizon choose Cisco VMS SDN/NFV
Business Challenge / Need
• Need to deploy new SDN/NFV faster
• DIY too costly, need resources per tenant
• Scale customers without exponential costs
• Increase total addressable market
• Leverage existing IT investments
Verizon Business Outcomes
• Reduced Time to market, deploy SD-WAN in
minutes
• Reduced risk/cost via full service support
• Saved CAPEX & OPEX, pay you grow model
• Leveraged Cisco Sales & Cisco installed base
• Used open APIs to integrate existing IT tooling
BRKARC-2259 18

VMS Architecture - Simplified Cloud Management
VMS Operator/Admin Service
Secure Multi-tenant Cloud management,
Service creation platform for Enterprises & SMBs
VMS Customer Service
Self-service portal for service selection, device
analytics, traffic usage, and service configuration
[ OPTIONAL ]
Open REST APIs and SDKs
Develop new Services using rich APIs,
Service SDKs, and world-class NSO
Customer equipment (On-premise and In-cloud)
SERVICE PROVIDER | CUSTOMER
ISRs &
ASRs
vBranch
VNFs
Multi-
VendorSecurity
BRKARC-2259 19

VMS Demo based on Customer SD-WAN PoC
(1) WAN Hub using three ASR-1001s
(4) WAN Branches using ISR 2911s and 2951s
MPLS and Internet links for all sites
DMVPNs and VMS Mgt Tunnels
SP team deployed this IWAN tenant in 34 minutes:
 Tenant creation
 User creation
 Service creation
 WAN Hub site deployment
 WAN Branch deployments
 PnP Device Registration
BRKARC-2259 20

Demo
Virtual Managed Services running
Cisco an SDN Service

From Service Concept to Service Activation…in minutes
VMS WAN Service Example
SERVICE MANAGER
Yang Service Models
SERVICE ACTIVATION LOGIC
Mapping Code
(Java/Templates)
DEVICE MANAGER
Yang Device Models
Network Element Drivers
WAN Service Models
represent the IWAN Service
intention
• Written in Yang
• Includes service validation logic
Service Activation processes
the Customer Intent
• Maps Service Model options to the
Device Model for each customer
WAN Device Model abstracts
Device specifics from the
Service
• Supports different devices thru the
use of Network Element Drivers
• Creates an WAN instance based on
Customer choices and topology
Network Services Orchestrator
(NSO)
VMS WAN
Service Model
VMS WAN
Device Model
vBranch (x86) VNFs
Physical Devices
VMS Service Activation
across Diverse Devices and many Locations
Real Customer,
Real WAN Service
in only 30 Minutes!
VMS WAN
Service Package
VMS Models the
Service Options
BRKARC-2259 22

User SDN selections activated through NSO service models
Simple, secure, and scalable management of diverse devices
Service
Activation
or Change
With a single click,
updates are pushed to
many sites
VMS User Selections
(VMS User Interface or APIs)
NSO Atomic transactions,
over secure links
Cisco ISR 899
Cisco ISR 4431
Cisco ISR 2901
VMS
VMS WAN
Service Model
VMS WAN
Device Model
vBranch (x86) VNFs
Physical Devices
VMS WAN
Service Package
Network
Element Drivers
NSO
Device
Specific
Configs
NSO creates configs to
match Branch Devices
Secure
Branch Updates
User makes a policy choice,
Portal / APIs provide guard rails
NSO processes User intent
thru Service & Device models
Device specific configs
and updates are created
BRKARC-2259 23

Simple Implementation of SDN/NFV using VMS
From Network Complexity to Simplicity and Automation
Service Oriented
Self-Service
Automated Provisioning
Scalability
Plan It Design It Where Can
We Put It?
Procure It Install It Configure It Secure It Is It
Ready?
Manual
From Months to Minutes
Automated Self- Service On-Demand
Plan It Design It Is It Ready?
BRKARC-2259 24

 VMS SDN/NFV Service Packages unlock many Cloud Managed
Services from a single platform
 NSO Service Models and Device Models simply the orchestration
of new services and multi-vendor devices (90% less code)
 SPs can create new Cloud Managed Services rapidly using the
VMS Software Development Kit (SDK)
Your
Service
Here

SPs need a Multi-Service Platform
Cloud based Service Creation …Many Services…One Platform…for Enterprises and SMBs
VMS SDN/NFV Service Packages simplify…
vRouter vFirewall vWAAS
How to create and
monetize a service
How to orchestrate
and activate a service
How to monitor and
modify a service
How to collect analytics
and bill a service
How to boot and
manage virtual and
physical devices
NSO Service Models
Multi-Vendor
NSO Device Models
Many Service Packages
offered from the SP Cloud
BRKARC-2259 25

Services Overview…
VNFs running in Clouds and
Virtual Branches

Cisco Integrated Services Virtual Router (ISRv)
• The Cisco® Integrated Services
Virtual Router (ISRv) is a virtual
form-factor Cisco IOS® XE
Software router that delivers
WAN gateway and network
services functions into virtual
environments.
• Using industry-leading Cisco
IOS XE Software networking
capabilities (the same features
present on Cisco 4000 Series
ISRs and ASR 1000 Series
physical routers)
Cisco ISRv Positioned as a Branch WAN Services Router
BRKARC-2259 28

Typical Use Cases
for the Cisco ISRv
Cisco ISRv:
Highly Secure VPN Gateway
Cisco ISRv:
Traffic Control Point
BRKARC-2259 29

Differences between the:
Cisco ISRv and Cisco CSR 1000v
ISRv
• The Cisco ISRv runs on server platforms running the Cisco NFVIS virtualization software only.
• It can support the network interface module (NIM) when running on a Cisco ENCS hardware platform
and can also accelerate VM-to-VM traffic using the hardware-based switching on Cisco ENCS
platforms.
CSR 1000v (Cloud Service Router)
• The Cisco CSR1000v does not have these capabilities.
• The Cisco CSR 1000v will continue to be supported across multiple hypervisors (VMware vSphere,
Microsoft Hyper-V, Citrix XEN, RHEL KVM, Ubuntu KVM, Amazon AWS, and Microsoft Azure).
The Cisco CSR 1000v and Cisco ISRv will maintain Cisco IOS XE feature parity
BRKARC-2259 31
Cisco ENCS or UCS or Whitebox with NFVIS

Cisco Adaptive Security Virtual Appliance (ASAv)
• This Security appliance
brings the power of ASA to
the virtual domain and
cloud environments.
• It runs the same software
as the physical ASA to
deliver proven security
functionality. You can use it
to protect virtual workloads
within your data center,
Public / Private Clouds, or
virtual branches.
http://www.cisco.com/c/en/us/products/security/virtual-adaptive-security-appliance-firewall/index.html
BRKARC-2259 33

Cisco ASAv:
Features,
Performance,
and Resource
Requirements
BRKARC-2259 34

Cisco
FirePower
Next-Gen
Firewall
(NGFW)

Foundational Functionality
Built-in firewall services to provide base protection and connect with other security solutions
Stateful Firewalling VPN Capabilities
Policy Enforcement Point
for ISE
FirePOWER Services
Subscription services that run on the ASA and provide enhanced levels of threat protection and network visibility
Advanced Malware
Protection
Next-Generation
Intrusion Prevention
System
URL Filtering
Application
Visibility and Control
Advanced Security services to help defend your network
Foundational Internet Security
Built-in firewall services to provide base protection and connect with other security solutions
Stateful Firewalling VPN Capabilities
Policy Enforcement Point
for ISE
Next-Gen Firewall Security
Subscription services that run on FTDv and provide enhanced levels of threat protection and network visibility
Advanced Malware
Protection
Next-Generation
Intrusion Prevention
System
URL Filtering
Application
Visibility and Control
Cisco Firepower Next-Gen Firewall Virtual (NGFWv)
BRKARC-2259 36

Cisco Firepower Next-Gen Firewall Virtual (NGFWv)
• Cisco Firepower NGFWv is available on VMware, KVM,
Amazon Web Services (AWS) and Microsoft Azure environments
for virtual, public, private, and hybrid cloud environments.
http://www.cisco.com/go/ngfw
BRKARC-2259 37

Cisco vWLC
Wireless LAN
Controller

Cisco vWLC
Virtual Wireless LAN Controller
Virtual form-factor controller for any x86 server with VMware Hypervisor
ESXi 4.x or 5.x
• Supports up to 3000 access points and 32000 clients across 200 branches
• Supports 100 access points per branch
• Co-resides with other virtualized network services, including Cisco Identity Services
Engine (ISE), Cisco Prime™ Infrastructure, and Cisco Mobility Services Engine (MSE)
• Entry-level 802.11n, 802.11ac controller application for small to medium-sized
enterprises and branch offices
• Pay as you grow licensing starting at support for five access points
BRKARC-2259 39

Cisco vWLC: Virtual Wireless LAN Controller
BRKARC-2259 40

Freedom of Choice from VMS
Cisco Intelligent Branch
Virtual Router
Virtual Services
UCS C-Series
Branch and Campus NFV
Physical Router
Virtual Services
4000 Series ISR +
UCS® E-Series
Traditional
Physical Router
Cisco® 4000 Series ISR
Centralized services
Fixed integrated services
Conservative
Upgradable hardware
Deterministic routing
performance
Elastic routing and services
Performance
Early adopter
Virtual Managed
Services for SPs
License
Portability
Investment
Protection
Access to Ongoing
Innovation
Elastic routing and services
Router / Server Hybrid
Virtual Router
Virtual Services
Enterprise Network
Compute System (ENCS)

Cisco 4000 Series ISR +
UCS® E-Series
Cisco® UCS
C-Series
Enterprise Network Compute
System
(ENCS)
Network Functions Virtualization Infrastructure Software (NFVIS)
Virtual Managed Services (VMS & NSO for SPs)
Introducing Cisco NFV managed by VMS
Network Services in Minutes
Virtual Router
(ISRv / vEdge)
Virtual Firewall
(ASAv, FTDv)
Virtual WAN
Optimization
(vWAAS)
Virtual Wireless
LAN Controller
(vWLC)
Third-Party VNFs

Platform Built for Branch/Campus NFV
ENCS 5000 Series for the Branch
Enterprise Network Compute System
Best of Routing
& Compute
Complete
Virtualized Services
Open for Third Party
Services and Apps
ENCS 5400 Series
ENCS 5100 Series

ENCS 5000 Series - Chassis Options
ENCS5412
12-CoreENCS5408
8-CoreENCS5406
6-Core
ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412
CPU 4-core, 3.4 GHz 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz
PoE No No 200W 200W
Capacity Guidance ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs
ENCS5104
4-Core

ENCS 5400 Series – I/O Side
6, 8, or 12-Core
Intel Xeon-D
16 - 64 GB
DRAM
8 Integrated LAN Ports
with Optional POE
Network Interface Module
for LTE & WAN
Dedicated Board
Management Controller
2 HDD or SSD
RAID 0 & 1
Internal
M.2 Storage
64 – 400 GB
USB 3.0
Storage
2 Onboard Gigabit
Ethernet ports
with SFP
Optional Hardware
RAID Controller
Integrated
Power Supply
Hardware Acceleration for
VM Traffic
Shipping Now
Roadmap

ENCS 5100 Series - I/O Side
4-Core AMD
CPU
16 & 32 GB
DRAM
Optional
4G / LTE WAN
(Roadmap)
M.2 Storage
64 – 400 GB
2 x USB 3.0
Storage
4 GE ports
with 2 SFPs
Integrated
Power Supply
Size: 1 RU
13” x 10”
Console
& MGMT
Q3 CY 2017

ENCS 5100 & 5400 Series Comparison
5100 Series 5400 Series
CPU Vendor / Model AMD Merlin Falcon, RX-421ND Intel Xeon Broadwell D-1500 Series
CPU Cores / Frequency 4-core @ 3.4 GHz 6, 8, 12-core with Hyper-threading @ 1.5 – 2.0 GHz
CPU L2 Cache Size 2 MB 1.5 MB per core
Memory 16 – 32 GB 16 – 64 GB
Storage (M.2 SATA) 64 – 400 GB 64 – 400 GB
Storage (SFF) - 2 disks with RAID (SATA, SAS, SED, SSD)
Dimensions 12.7” x 10” x 1RU 17.5” x 12” x 1RU
WAN Options 4 x GE, Cellular 2 x GE, Cellular, T1, DSL, Serial
LAN - 8 port Switch with Optional PoE
Hardware Offload - VM – VM Traffic, Crypto
Lights-out Management - Built-in CIMC
ISRv Performance 500 Mbps 2.5 Gbps

ENCS 5400 NIM Support
Managed simply by VMS
Category Description Availability on ENCS
WAN 4G LTE (CAT3) USA, Canada, Europe, Australia & selected LATAM / APAC Now
WAN 4G LTE (CAT6) USA, Canada, Europe, Australia & selected LATAM / APAC Now
WAN T1/E1 1, 2, 4 & 8 ports Now
Serial Asynchronous Serial: 16 & 24 ports Q1 CY18
WAN xDSL Multi-mode VDSL2 / ADSL Annex A, B & M Q1 CY18
WAN Ethernet Dual-PHY: 1 & 2 ports Q1 CY18
LAN Ethernet Switches: 4 & 8 ports Q2 CY18
WAN Serial Synchronous Serial: 1, 2 & 4 ports Roadmap
Voice T1/E1, FXS, FXO Roadmap

Demo
on a Virtual Branch x86 device

Network Functions simply managed from VMS
Cisco and 3rd Party Virtual Network Functions (VNFs)
LinuxWindows Server
Active Directory,
File Share,
Server Applications
Custom Applications
DNS/DHCP
3rd Party
Network Services
Management & Monitoring
Viptela vEdge
SD-WAN
High Performance
Rich Features

• Dual WAN Links
• Protected with a Firewall
• Add an Linux Server
BRKARC-2259 52
Example VMS
vBranch templates
SPs can create

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53BRKARC-2259
Viptela vEdge VNF running on a VMS vBranch
vEdge VNF is directly connected via GE port to the WAN Network
VMS vBranch
WAN
(GE)
vEdge
Viptela

ISRv providing CUBE Voice Service for Viptela vEdge
Running on a VMS vBranch
vEdge is directly connected via GE port to the WAN Network
vEdge VNF is connected via GE port to an
ISRv that’s providing a CUBE Unified Communication Service

The Power of VMS vBranch…
Many vendors, Many services…One Branch
VMS vBranch
Firewall
& IPS
ISRv
SD-WAN
vWAAS
NFVIS
Internet
lan-br2
wan-br1
GE0-0
GE1-2
lan-br1
GE1-0
Branch Clients
55
Viptela vEdge SD-WAN Service
Cisco vWAAS WAN acceleration
Cisco ISRv IOS-XE routing and mgt
Palo Alto FW WAN firewall +
Intrusion Protection Service (IPS)
Cisco NFVIS vBranch service chaining
and VNF Lifecycle mgt
VMS Services

Branches managed
from VMS running
in the SP Cloud
Many Service options,
defined by the SP,
created & managed by VMS
Zero touch provisioning
over secure mgt tunnels
Diverse Branch
topologies, defined
with VMS templates
Real-time analytics
service assurance,
site and device status
from VMS
SP Managed Service Options
Branch Templates manage Physical (ISRs), Virtual (vBranch), and 3rd Party devices
BRKARC-2259 57

NFVIS (Linux + ESC Lite+ PnP+CLI Agent)
VNF vAPPvAPPVNF VNFVNF
NIC NIM BMCSwitch
X86 Processor
VMS Orchestration and Management
Plug-n-Play
VM Lifecycle Management
Provisioning of VNFs
NIC
Increased performance using SRIOV
Mirroring of traffic between VNFs
Switch
8 Port Integrated Switch (only on Low)
Optional UPOE Support
NFVIS
Lifecycle Management (ESC Lite)
• Provide Northbound interface for Management/Orchestration
• Provide System level information
• Provide VNF management - Create, Modify, Delete
• Provide interface with onboard LAN switch
• Performance Monitoring of VNF’s
PnP Agent
• PnP Agent must automatically configure WAN interface
• Must download platform Profile
CLI/WebUI Agent
• Interface to configure onboard switch
• Provide Cisco® CLI wrapper
• Agnostic to switch vendor selected
Server Monitoring Agent
• Agent to interact with Orchestration system
• Web GUI Interface for Management and Configuration
Drivers, Firmware, and Agents
• NIC and interface drivers
• Optional Crypto support
Onboard Storage
M.2 SSD Default Storage
VMS vBranch Architecture
BRKARC-2259 58

Optimized for Network Services
NFV Infrastructure Software (NFVIS)
Network Hypervisor
Supports segmentation of
virtual networks
Abstract CPU, memory,
and storage resources
Zero-Touch Deployment
Automatic connection to PnP server
Highly secure connection to the
orchestration system
Easy day-0 provisioning
Lifecycle Management
Provisioning and launch of VNFs
Failure and recovery monitoring
Stop and restart services
Dynamically add and
remove services
Service Chaining
Elastic service insertion
Multiple independent service
paths based on applications or
user profiles
Open API
Programmable API for
service orchestration
REST and NETCONF API
BRKARC-2259 59

VMS managed ENCS advantages
over white box server
• Hardware acceleration of VM-to-VM traffic
flow
• WAN module support
• 4G/LTE
• T1/E1
• xDSL
• Enterprise class grade components
(comparable to an ISR)
• Branch Form factor
• Shock, vibration, acoustic
• Secure Management of all VNFs from a single
multi-tenant, multi-service platform (VMS)
• Support for Cisco and 3rd Party VNFs, securely
managed by VMS
• Crypto hardware offload
• Secure VNF Lifecycle management
• BMC/CIMC – Lights out (server) management
• Support for Software and Hardware RAID on 12”
chassis
• LTE modules can support Dying gasp support that
is available on NIMs.
• Remote recovery of system over LTE modules
• Ability for increasing switch port density with NIMs.
Superior Hardware Engineering Superior Operational Platform

NSO 3rd Party Integrations…managed simply by VMS
Open Platform with the Broadest Multi-vendor support, and Vendor Qualification
Network Services Orchestrator (NSO) - Over 100 Vendors Supported
Cisco Vendor Qualification Program
3rd Party VNFs
available through VMS
BRKARC-2259 61

NSO 3rd Party Integrations…managed simply by VMS
Open Platform supporting BOTH Lifecycle Mgt AND Orchestration of 3rd Party products
VNF Lifecycle Mgt
Select VNF
(Fortinet)
Select Cloud
(SP or AWS or vBranch)
VNF Lifecycle Functions
 Allocate VNF Resource
 Locate / Boot Image
 Load Day 0 Config
 Monitor VNF / Analytics
 VNF High Availability
 Add / Delete VNFs
VNF Service Orchestration
VNF (or Device) Service Orchestration
 Secure mgt connection
 Create / Provision VNF Service
 Monitor VNF Service
 Collect Service Analytics
 Add / Delete / Change Service
 Multi-tenant, 1000’s of ServicesFortinet VNF boot
Fortinet VNF
provision
Monetize the
Service
Fortinet VNF
Service
Selection
1
3
2
BRKARC-2259 62

Demo
CloudVPN demo

VMS Cloud VPN Service Package
Internet
Access
L3 InterfaceCSRv
Cloud
Router
IPSec
VPN
WSAv
Web
Security
Enterprise
Remote
Access VPN
Users
Service Provider Cloud
Branch 1
Branch 2
AWS Branch
Headquarters
Managed
CPE
ASAv
Firewall
Security
Internet
Cloud Services made easy with
Virtual Network Functions:
• VPNs and Routing
• Web Security
• Internet Firewall
CSRv
BRKARC-2259 66

Firepower NGFW Cloud Security Service Use Case
Internet
Access
L3 InterfaceCSRv
Cloud Services
Router
Services
IPSec VPN
Firewall
BGP
Branch 1
Branch 2
Branch 3
IPSec
VPN
NGFW
Firepower
Services
Intrusion Protection (IPS)
Application Visibility Control (AVC)
Geographic IP Control
Advanced Malware Protection (AMP)
URL Filtering
Internet Firewall
Remote Access VPN
FMC
Firepower
Management Center
Services
Multi-tenant Sensor Mgt
Per Tenant Threat Reporting
Enterprise
Internet
Remote Access
VPN
Service Provider
CloudHeadquarters
Managed
CPE
Managed
CPE
Managed
CPE
Managed
CPE
BRKARC-2259 67

Demo
Virtual Managed Services extensions
to Viptela Services

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Better Together: Providing Better Outcomes
Leading Routing &
SD-WAN Platforms
Goal: Building next generation SD-WAN solutions
Together, helping businesses and IT to innovate faster, securing and delivering
better customer outcomes, while reducing costs and lowering risk
Cloud-managed &
Feature-rich SD-WAN

100+ Global Enterprise Customers Across Verticals
ManufacturingMANUFACTURING
TechnologyTECHNOLOGYRetail RETAIL Other IndustriesOTHER INDUSTRIES
FinServ FINSERV Healthcare / PharmaHEALTHCARE / PHARMA

Viptela Integration Plan
Phase 2 (9-12 mo)
Platform Integration
Phase 1
No Integration
Phase 3 (12-mo +)
Management Integration
Platform:
• As-is
Management:
• vManage
Platform:
• vEdge capabilities integrated into all IOS-XE
platforms (ISR, CSR, ENCS, ASR1K)
Management:
• vManage for SD-WAN capabilities on IOS-XE
Management:
• Cloud hosted DNA Center-SP integrates
vManage capabilities
• Full DNA Center-SP capabilities (Assurance,
Integrated workflows for SD-Access and
SD-WAN)
Support and Scale the current
sales motion
Viptela SD-WAN on strategic
ISR platform
Deliver end-to-end experience
with full DNA & DNA-SP
integration
DeploymentScenariosBenefitsDetails
vEdge ISR4K + vEdge SW
DNA Center
+ SD-WAN
ISR4K + vEdge SW
vManage
vEdge
vManage
vEdge

Viptela Secure Extensible Network
Data Center Campus Branch Home Office
Control Plane
(Containers or VMs)
Data Plane
(Physical or Virtual)
Management Plane
(Multi-tenant or Dedicated)
Orchestration Plane
vManage
vSmart
vBond
vEdge
vOrchestrator
API
4GINTERNET MPLS
CONTROL
ANALYTICS ORCHESTRATION
MANAGEMENT
Cloud

Simplified Management and Operations
Single Pane Of Glass Operations Rich Analytics

vEdge 1000
vEdge-1000 and vEdge-2000 Routers
 1 Gbps AES-256
 1RU, standard rack mountable
 8x GE SFP (10/100/1000)
 TPM chip
 3G/4G via USB (or) Ethernet
 Security, QoS
 Dual Power supplies (external)
 Low power consumption
vEdge 2000
 10 Gbps AES-256
 1RU, standard rack mountable
 4x Fixed GE SFP (10/100/1000)
 2 Pluggable Interface Modules
 8 x 1GE SFP (10/100/1000)
 2 x 10GE SFP+
 TPM chip
 3G/4G via USB (or) Ethernet
 Security, QoS
 Dual power supplies (internal)
 Redundant fans

vEdge-100 Routers
 100 Mbps AES-256
 1RU
 5x 1000Base-T
 1x POE port
 2G/3G/4G LTE
 Internal AC PS
 1x USB-3.0
 TPM Board-ID
 Kensington lock
 Low power fan
 GPS
 100 Mbps AES-256
 1RU
 5x 1000Base-T
 1x POE port
 2G/3G/4G LTE
 802.11a/b/g/n/ac
 Internal AC PS
 1x USB-3.0
 TPM Board-ID
 Kensington lock
 Low power fan
 GPS
vEdge 100m vEdge 100mw
 100 Mbps AES-256
 5x 1000Base-T
 TPM chip
 Security, QoS
 External AC PS
 Kensington lock
 Fan-less
 9” x 1.75” x 5.5”
 GPS
vEdge 100

Extending Viptela with VMS
Viptela
Customer Sites
(vEdge)
Viptela
vEdge
ASAv
FTDv
3rd Party
VNFs
SP OSS/BSS
vSmart & vBond
vManage
Security and Cloud Services
SP
Services
SP Data Center
VMS vBranch (ENCS)
Public Cloud
Cloud
Services
Internet
Hosted Collaboration,
Security, Storage…
Interconnects with
installed Networks
4GINTERNET MPLS
2
3
4
5
VMS
Tenant 4
vEdge
Viptela SD-WAN
Controllers
VMS
VMS
Tenant 1
VMS
Tenant 2
VMS
Tenant 3
1
1 VMS Multi-tenancy, Viptela Controller on-boarding
2 Public Cloud, VMS on-boarding Viptela service
3 VMS vBranch support, Viptela vEdge VNFs
4 VMS Cloud based Service Extensions
5 VMS Service Interconnects, installed networks
6 VMS OSS/BSS APIs (VMS micro-service)
6
SP Data Center
Viptela
SD-WAN Fabric

How to transform your Business…
Conclusions

VMS Disruptive Technologies unlock new Services
Orchestration
Network Functions
Virtualization
Cloud Native
Software-Defined
Networking
Virtual and Physical
devices,
Cisco and 3rd Party
VNF Lifecycle Mgt
and
Service Orchestration
Simple service models
and device models
(YANG, XML)
Web Scale design,
Multi-tenant 1,000s,
Service Orientation
Central Device Mgt,
Secure ID (RBAC),
Zero Touch Provision
VNFs run in the Cloud
or
Virtual Branch (x86)
Runs in any cloud,
public or private
(VIM Independent)
Micro-services, Docker
Containers, Kubernetes,
Geo-redundancy
VNF Smart Licensing
and Pay-as-you-Grow
Pricing Models
Service Creation
capable, including
analytics & monitoring
REST APIs to
OSS/BSS for
billing and SLAs
Config Roll back,
Service Extensions,
100,000 Devices
Auto Rendered UI,
Tenant Self-Service,
Monetized offers
Network Elements
Drivers, Conf-D,
and CLI
Self-healing Networks,
Configuration Guard
Rails
VNF Certification of
Cisco and 3rd Party
VNFs
BRKARC-2259 78

Why do SPs want VMS VNF/SDN Services?
Simplify service activation, management,
and assurance for 1000’s of devices/tenants
More cost effective WAN options with better
performance and greater capacity
Bring up new tenants and services in minutes
Simplify
service creation while
delivering better app
experiences over any
branch connection.
Cisco NFV/SDN made easy with Virtual Managed Services
Rapid Time to Market, Proven Scale and Security
“Cisco VMS is helping
us to deliver secure,
high-performance
virtualized services
with agility to our
clients.”
BRKARC-2259 79

6
5
4
3
2
1
VMS CPE Onboarding
Zero Touch Provisioning using Cloud Plug and Play (PnP) server
Secure management tunnels using Network Service Orchestrator (NSO)
MPLS
Border
Router
INET
Border
Router
VMS in a
Service Provider
Datacenter
Customer IWAN Hub Site
Branch
CPE #15
Onboard new branch CPE to NSO with specific identifier
(Serial #) and wait for CPE to be booted
CPE calls home using HTTPS (with Crypto/Cert) to the
VMS PnP Server. CPE Identity based on CPE Serial #
PnP Delivers CPE Day 0 config including Mgt Keys
to form secure FlexVPN Mgt Tunnel (IKEv2)
Secure FlexVPN Mgt Tunnel is created for subsequent
CPE configurations, analytics, and monitoring
NSO sends tenant configuration to the CPE device
NSO creates DMVPN Tunnels between CPE and
Hub devices and completes service activation
DMVPN
MPLS
DMVPN
INET
IWAN
Master
Controller
PnP
Server
VMS
Mgt Hub
2
3
4
5
5
6 6
NSO1
CPE #15
BRKARC-2259 83

Cisco
Smart Software
Licensing

Cisco ESC Smart Licensing
• VNF Licensing is another core task in virtualized environments that typically
requires manual processes to activate the VNF license.
• Cisco’s new “pay-as-you-go” Smart licensing model, on supported VNFs.
• With Smart Licensing, instead of having to manually activate licenses for each
virtual machine, the virtual machine registers itself with a centralized licensing
server on boot-up, tracks how the resource is used, and bills on a consumption
basis.
• This setup provides important flexibility for elastic environments, allowing you to
expand and contract as needed, in a completely automated fashion, while
paying only for the resources you actually consume.
BRKARC-2259 85

Smart Licensing Example – More Flexible with PAYG
• Cisco Smart Software Licensing
makes it easier to buy, deploy,
track, and renew Cisco licenses.
• Simpler purchase and activation of
the VM, Pay-as-you-grow (PAYG)
• Easier license management and
reporting of virtual appliances
due to license pooling
• Automatic license activation when
the virtual appliance is provisioned
• Customers can view product
entitlements and services in the
Cisco Smart Software Manager.
BRKARC-2259 86

REST APIs and Software Development Kits
Simple to use, simple to create new SP Services
• All VMS Services are
configurable via
REST APIs
• New Services can be
created through the
Software Development
Kit (SDK)
BRKARC-2259 88

Here are the key steps demonstrated in the Cisco VMS demo:1. The service provider team created a new multi-tenant SD-WAN tenant using the Cisco VMS portal. 2. They provisioned hub and branch routers across multiple sites using zero-touch provisioning from the cloud. This included ISR and ASR devices.3. MPLS and internet links were configured at each site to establish the WAN connectivity. 4. DMVPNs and management tunnels were set up to connect all the sites. 5. Critical applications like Office 365 were identified and prioritized using Cisco SD-WAN capabilities like NBAR. 6. The entire SD-WAN tenant consisting of

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Mehr von Cisco Canada

Mehr von Cisco Canada (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)