Service Driven Network Automation Powered by Tail-f
Bilal Alam Solutions Architect, Software Sales Management and Network Orchestration (MANO) Current State
Customer Orders
Provisioning B Provisioning D Provisioning A Activation Activation C E NMS NMS
CLI EMS CLI CLI CLI EMS EMS CLI CLI
Metro and Access WAN Data Center Cross-Domain Multi-Vendor Hybrid Service Gateway services between VPN and Internet Physical server Datacenter Remote Virtual server Access Physical Appliance
Internet Access Internet VPN
Network Web Security Mail Security Server
・SSL VPN ・Web Filtering ・Virus Check ・Mail/Web ・UTM ・HTTP Virus Check ・Spam Prevention ・Airwatch GW ・Load balancer ・Proxy ・Mail Archive ・RADIUS Going Forward
Changing customer Execution at the speed Rapidly changing behavior of software business models
. Service Innovation . INSTANT Activation . Cloud, Virtualization, . Agility & DevOps . Self-Service Portal Programmable Networks . NFV & SDN . New ecosystems and value chains
All of this requires flexible automation.. Current State - Pain Points
Customer Orders
• Complex & Expensive
Provisioning TAX B Provisioning D • Slow & Error prone Provisioning A Activation Activation • Always the bottleneck C E
NMS INTEGRATION NMS
CLI EMS CLI CLI CLI EMS EMS CLI
CLI
TAX ADAPTER
Metro and Access WAN Data Center Multi-Vendor Environment Network Services
It should ALWAYS be about the SERVICES • Time to Market
• Order to Activation L2VPN L3VPN NFV SECURITY BOD Service X • Configuration Data Quality
Metro and Access WAN Data Center Agenda
Service Driven Network Automation
1. Orchestration Platform Architecture
2. Diverse Customer Use Cases
3. Data Model Driven Approach
4. Open & Modular Platform
5. Demo NSO Overview
• Orchestration Platform Architecture - Any Service across any network, any topology, any vendor, any device Orchestration Platform Architecture
VNF-M NMS
Domain EMS SDNc Controller
Metro and Access WAN Data Center Orchestration Platform Architecture
• Introducing the Network Element Driver (NED) NSO Platform Network Abstraction – YANG Data Models
VNF-M NMS
Domain EMS SDNc Controller
Metro and Access WAN Data Center South-Bound Integration - NEDs (1/6)
Vendor Device/Platform Vendor Device/Platform A10 Networks AX Series Ciena 3000 Family Thunder Series 5000 Family ESM Adtran Total Access 900 Series Total Access 5000 Series Cisco Application Policy Infrastructure Controller Data Adva Carrier Ethernet FSP 150CC Series Center (APIC-DC)
Affirmed Networks Acuitas Service Management System ASA ASA 1000V Cloud Firewall Alcatel-Lucent 7210 Service Access Switch 7450 Ethernet Service Switch ASA 5500-X Series Next-Generation Firewalls 7705 Service Aggregation Router Adaptive Security Virtual Appliance 7750 Service Router 7950 Extensible Routing System IOS 800 Series Routers Arista 7048 Series 1800 Series Integrated Services Routers 7050 Series 1900 Series Integrated Services Routers 7150 Series vEOS 2500 Series Routers 2600 Series Multiservice Platforms Brocade NetIron CES 2000 Series 2800 Series Integrated Services Routers NetIron MLXe Series 2900 Series Integrated Services Routers NetIron XMR Series 3800 Series Integrated Services Routers ServerIron ADX Series South-Bound Integration - NEDs (2/6)
Vendor Device/Platform Vendor Device/Platform Cisco IOS/IOSXE Cisco Catalyst 6900 Series Ethernet Interface Module 3900 Series Integrated Services Routers for Cisco Catalyst 6500 Series Switches 7200 Series Routers Cloud Services Router 1000V Series 7600 Series Routers ME 3400 Series Ethernet Access Switches Catalyst 2900 Series Switches ME 3600X Series Ethernet Access Switches Catalyst 2960 Series Switches ME 3800X Series Carrier Ethernet Switch Routers Catalyst 2960-X Series Switches ME 4900 Series Ethernet Switches Catalyst 3550 Series Intelligent Ethernet Switches uBR10000 Series Universal Broadband Routers Catalyst 3750 Metro Series Switches Catalyst 3850 Series Switches ASR 900 Series Aggregation Services Routers Catalyst 4500 Series Switches ASR 1000 Series Aggregation Services Routers Catalyst 4500E Series cBR Series Converged Broadband Routers • Supervisor Engine 7-E Cloud Services Router 1000V Series • Supervisor Engine 8-E RF Gateway Series Catalyst 4500-X Series Fixed 10 Gigabit Ethernet Aggregation Switch IOS XR Catalyst 4900 Series Switches 12000 Series Routers Catalyst 6500 Series ASR 9000 Series • 10 Gigabit Ethernet Modules Carrier Routing System • Mixed Media Gigabit Ethernet Modules IOS XRv Router • Supervisor Engine 2T • Switches Catalyst 6500-E Series Chassis South-Bound Integration - NEDs (3/6)
Vendor Device/Platform Vendor Device/Platform Cisco NX OS F5 Networks BIG-IP 1600 Nexus 1000v Series Switches BIG-IP 3600 Nexus 3000 Series Switches BIG-IP 3900 Nexus 5000 Series Switches BIG-IP 6400 Nexus 6000 Series Switches BIG-IP 8900 Nexus 7000 Series Switches BIG-IP Virtual Edition Nexus 9000 Series Switches Viprion Chassis Nexus 9300 Platform Switches
Policy Suite (CPS/QPS)
StarOS ASR 5000 Series Fortinet FortiGate 200 Series Quantum Virtualized Packet Core (QvPC-SI/-DI) FortiGate 500-300 Series FortiGate 800-600 Series Web Security Appliance (WSA) FortiGate 1000 Series FortiGate 3000 Series FortiGate Virtual Appliances Citrix Netscaler 1000v South-Bound Integration - NEDs (4/6)
Vendor Device/Platform Vendor Device/Platform Huawei ATN Series Overture 1400 NetEngine40E Series Universal Service Router 2200 NetEngine5000E Cluster Router 5000 Quidway S3300 Series Switches 5100 6000
Palo Alto PA-2000 Series Networks PA-3000 Series PA-5000 Series Virtualized Firewalls Juniper EX Series Ethernet Switches Firefly Perimeter (Virtual SRX) Procera PacketLogic 9000 Platform M Series Multiservice Edge Routers Networks MX Series 3D Universal Edge Routers QFX Series Quagga Quagga Routing Software Suite (BGP module) SRX Series Services Gateways South-Bound Integration - NEDs (5/6)
Vendor Device/Platform Vendor Device/Platform
Accedian High Performance Service Assurance MetroNID Cisco ME-1200 Networks ME-4600 Alcatel-Lucent 5620 Service Aware Manager Meraki
Allied Telesis x210 Series NCS2k (CTC)
Prime Network Registrar (PNR) Amazon Amazon Web Services UCS Manager Avaya ERS 4000 Series Clavister cOS Core SR 8000 Series Eagle Series Coriant 8600 Smart Router Series VSP 9000 Series Datacom DM2100-EDD Family Brocade Vyatta 5400 vRouter (Vyatta VSE) DM4000 Family
Dell Force10 Networking S-Series CableLabs Converged Cable Access Platform Ericsson EFN324 Series SE family South-Bound Integration - NEDs (6/6)
Vendor Device/Platform Vendor Device/Platform F5 Networks BIG-IQ OpenDaylight Controller Lithium H3C S5800 series Openstack Cloud Operating System Infinera DTN-X Multi-Terabit Packet Optical Network Identity (Keystone) Platform Networking Service (Neutron) Image Service (Glace) Juniper Contrail Controller Compute (Nova)
MRV Master-OS Pulsecom SuperG Communications OptiSwitch 9000 series Riverbed Steelhead Series Silver Peak VXOA Virtual Appliance NEC iPASOLINK family Sonus SBC 5000 Series Netfilter Iptables (Linux) Telco Systems BiNOX Nominum DCS T-Marc Family
OneAccess OneOS for Routers VMware vSphere One540 ZenOSS Service Dynamics Open vSwitch OVSDB (shell) ZTE xPON OLT Orchestration Platform Architecture
Customer Orders • Concept to production in weeks.
• Instant Activation L2VPN L3VPN NFV SECURITY BOD Service X • Surgical precision Services Orchestration Platform Network Abstraction - YANG Data Models
VNF-M NMS
Domain EMS SDNc Controller
Metro and Access WAN Data Center NSO Overview
• Orchestration Platform Architecture - Any service across any network, any topology, any vendor, any device
• Diverse Customer Use Cases Multi-Vendor L2VPN NSO
Juniper
Cisco
ALU
Cisco
Huawei Multi-Vendor L3VPN NSO NFV Bump in the Wire ESC
API openstack CLI WEB
NSO
AS 200
DCI-PE Inter-AS PE1 PE3
ASBR Volvo Volvo Ford AS 100 PE2
Volvo
Honda Cross-Domain Self-Service Portal Orchestration Service Lifecycle APIs
DC + WAN NSO
Internet GW APIC SP Core Customer VM ASR-9k Network Workloads ASR-9k MPLS ACI Fabric L3VPN
Customer VM WorkLoads Customer Site
Multi-vendor Palo-Alto Multi-vendor VNFs F5 Multi-vendorVNFs VNFs Fortinet Manual To PCxF Policy Coordination Security as a Service
Traffic IPS and Content WAN Firewall Shaper IDS Filtering Acceleration
A A
B B
Use case Scale • Provisioning of Layer 4-7 security • Thousands of business customers services to VPN customers • Dozens of regional points of purchase Business case (POPs) • Incremental revenue from new business • Several data centers • Tens of thousands of data center tenants NSO Overview
• Orchestration Platform Architecture - Any service across any network, any topology, any vendor, any device.
• Diverse Customer Use Cases • Data Model Driven Approach Model-Based Architecture
BSS
Service Models No hard-coding of: Tail-f NSO • Network services Device • Network architecture Models • Network devices Instead: • Data models for everything
Multivendor Layer 2, Layer 3, and Layer 4-7 Network Service Model examples augment /ncs:services { container vpn { list l2vpn { list l3vpn { key name; key name; leaf name { leaf name { } }
list endpoint { leaf as-number { key device; }
leaf device { list endpoint { } key "id"; leaf id{ leaf intf-number { } } leaf ce-device { } leaf remote-ip { leaf ce-interface { } } } leaf ip-network { } leaf pw-id { leaf bandwidth { } } } } } } } Network Element Driver (NED)
Cisco IOS Device Model ... Cisco IOS // interface GigabitEthernet * YANG list GigabitEthernet { Model NED Engine tailf:info "GigabitEthernet IEEE 802.3z"; tailf:cli-allow-join-with-key { tailf:cli-display-joined; } tailf:cli-mode-name "config-if"; tailf:cli-suppress-key-abbreviation; key name; leaf name { type string { pattern "[0-9]+.*"; } } uses interface-common-pre-grouping; uses interface-ethernet-pre-grouping; uses interface-switch-grouping; uses interface-ethernet-grouping; uses interface-common-grouping; uses interface-zone-member-grouping; South Bound } Protocol: CLI Huawei VRP Device Model ... Juniper// interface Junos Device GigabitEthernet Model * Device Models ...list GigabitEthernet { ALU-SRgrouping Device top Model-configuration { ... tailf:info "GigabitEthernet interface"; Cisco IOS Device Model leaftailf:cli version- full{ -command; list porttype { string; ... tailf:infokey name; "Configure physical ports"; // interface GigabitEthernet * description "Software version information"; key }port-id; list GigabitEthernet { leaf portleaf- idname { { container} system { tailf:info "GigabitEthernet IEEE 802.3z"; } description "System parameters"; tailf:cli-allow-join-with-key { leaf descriptionuses juniper {-system; tailf:cli-display-joined; } // interface GigabitEthernet * / description } uses interface-description; } containerlist logical access- systems{ { tailf:cli-mode-name "config-if"; } key "name"; container// interface egress GigabitEthernet{ * / vlan-type tailf:cli-suppress-key-abbreviation; descriptionuses interface "Logical-vlan- type;systems"; } uses juniper-logical-system; key name; container ingress { leaf name { } // interface GigabitEthernet * / speed }container chassis { type string { } leaf speed { description} "Chassis configuration"; pattern "[0-9]+.*"; containeruses ethernetchassis- type;{ } leaf mode { } // interface GigabitEthernet * / duplex } }container interfaces { containerleaf duplex access { { uses interface-common-pre-grouping; description} "Interface configuration"; uses interface-ethernet-pre-grouping; } uses apply-group; container autonegotiate { uses interface-switch-grouping; uses apply-macro; } // interface GigabitEthernet * / mtu uses interface-ethernet-grouping; listuses picinterface-set { -mtu; uses interface-common-grouping; key "name"; leaf dot1qordered-etype-by user;{ uses interface-zone-member-grouping; } // interface GigabitEthernet * / ip } leafcontainer duplex { ip { } } container efm-oam { } Service-Model to Device-Model Mapping Service CREATION mapping
A UPDATE, DELETE and REDEPLOY INFERRED
FASTMAP Service-Model to Device-Model Mapping Service CREATION mapping
A UPDATE, DELETE and REDEPLOY INFERRED B
FASTMAP Slow - Traditional Workflow
ANY Service Change
ANY Infra-structure Change Service
How many workflows do you need? Complexity growths exponentially Focus on how Model Based State-Convergence
ANY Service Change
• One Single Definition • Complexity growths linearly • Arbitrarily complex scenarios • Focus on what, intent ANY Infra-structure Change Service
Service Data-Model
Single Mapping: “intent” Convergence Algorithm Device Data-Model
Constant (iterative) Convergence Precision & Traceability
Volvo
A
access-list 101 permit ip any 10.1.1.0 0.0.0.255
NED ENGINE
FASTMAP Precision & Reverse Traceability
Volvo
A
access-list 101 permit ip any 10.1.1.0 0.0.0.255
NED ENGINE
FASTMAP Transactional Guarantees
BSS
Transactional guarantees Tail-f NSO Automatic rollback
Transactional Integrity
Multivendor Layer 2, Layer 3, and Layer 4-7 Network APITail-f ,NSO WEBUI, Overview CLI Auto-Generation
Management Network Applications Engineer
REST, NETCONF, JSON-RPC, Java… Networkwide CLI and Web UI
Tail-f NSO Service Models Service Manager
Device Manager
Device Modes NSO Overview
• Orchestration Platform Architecture - Any service across any network, any topology, any vendor, any device.
• Diverse Customer Use Cases • Data Model Driven Approach
• Open & Modular Platform – Speed & Agility OpenTail-f NSO & Overview Modular Platform
Management Network Applications Engineer
REST, NETCONF, JSON-RPC, Java… Networkwide CLI and Web UI
Tail-f NSO Service Models Service Manager Utility Models
Device Manager
Device Network Element Drivers Models
NETCONF, CLI, SNMP, REST, etc. Runtime Package Directory
• EMS • Applications • Controllers Utility Packages
1. Discovery
2. Plug-and-Play
3. Resource Manager • ID Allocator (VLAN, RD etc.) • IP Address Allocator
4. Virtual-Machine Manager NSO Overview
• Orchestration Platform Architecture - Any service across any network, any topology, any vendor, any device.
• Diverse Customer Use Cases • Data Model Driven Approach
• Open & Modular Platform – Speed & Agility
• Start on SDN/NFV journey now! Demo Q & A Complete Your Online Session Evaluation Give us your feedback and receive a Cisco 2016 T-Shirt by completing the Overall Event Survey and 5 Session Evaluations. – Directly from your mobile device on the Cisco Live Mobile App – By visiting the Cisco Live Mobile Site http://showcase.genie-connect.com/ciscolivemelbourne2016/ – Visit any Cisco Live Internet Station located throughout the venue Learn online with Cisco Live! T-Shirts can be collected Friday 11 March Visit us online after the conference for full access to session videos and at Registration presentations. www.CiscoLiveAPAC.com Thank you