Cisco NFVI Network Function Virtualization Infrastructure Naren Narendra, Senior Product Manager

#CLUS Cisco NFVI Network Function Virtualization Infrastructure Naren Narendra, Senior Product Manager

PSOSPG-2012

#CLUS Agenda

• Network Function Virtualization Infrastructure (NFVI) Fundamentals

• Cisco NFVI Components

• Cisco VIM (Virtualized Infrastructure Manager)

• Cisco VIM Unified Management

• Monitoring & Assurance

• Where are we headed?

• Conclusion

Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Events App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#PSOSPG-2012 by the speaker until June 18, 2018.

MANO

OSS/BSS NFV + = NFVI Orchestrator Hardware Software

EM 1 EM 2 EM 3 VNF-M (VNFVNF Managers)Manager VNF 1 VNF 2 VNF 3 • NFVI - Network Function Virtualization Infrastructure is the totality of all hardware NFVI and software components that build the Virtual Virtual Virtual Storage platform in which VNFs are deployed Compute Network Virtualized Virtualization Layer Infrastructur • VIM - Virtualized Infrastructure e Manager Manager Hardware Resources Controls and manages the NFVI compute, Compute Storage Network storage, and network resources. VIM is the NFVI software platform

Fully Disaggregated Vertical NFV Solution Stack Common & Horizontal NFVI (DIY or SI Led) (Use Case Led) (Infrastructure Led)

MANO MANO MANO MANO MANO MANO MANO

VNF VNF VNF VNF VNF VNF VNF VNF VNF VNF VNF VNF

Virtualization Virtualization Virtualization Virtualization Virtualization NFVI Hardwar Hardwar Hardwar Hardware Hardware Hardware e e e • Use-case focused NFV solution • Fully disaggregated approach with • Common, horizontal carrier-grade stacks, each from same or different different elements of the solution NFV infrastructure for multiple use vendors coming from different vendors cases – from one vendor • Pre-integrated, tested and validated • SP is driving Systems Integration – • VNF and MANO packages comes per by vendor with single point of either by self or by appointing a SI use case from the target vendors ownership • Integration overhead is very high • Pre-integrated, tested and validated • Faster time to market • Arbitraging between vendors is NFVI with single point of ownership • However, convergence of platform difficult, no single point of ownership • Faster time to market may be very challenging in future due • Takes longer to deploy – perceived • Convergence of the platform is to platform architecture inconsistency cost benefit may be lost in higher achieved with this platform • May lead to multiple silo’s that are not coordination & slower time to architecture strategy cross-leveraged and more expensive market to manage in longer term

Carrier Class Performance

Use Case Agnostic Infrastructure

Open Standards Based, Modular and Elastic

Easy to use with Unified Management

Integrated Solution with Single Point of Ownership

Multi-level Security

Service Velocity Operational Simplification Open Architecture

North Bound APIs

NFVO, Resource Orchestration & VNF Service Orchestration

NSO – Network Services Orchestrator enabled by Tail-f

Virtual Network Functions (Cisco and 3rd Party) VNF Manager

rd CSR ASAv Ultra VMS Video XRv vWSA 3 Party Cisco ESC

Virtual Infrastructure VIM

API Virtual Compute Virtual Storage Virtual Network Red Hat OSP (RHEL) (Ceph) (OVS, VTF, SR-IOV) Cisco VIM Lifecycle Manager Infrastructure Abstraction with RHEL, KVM/Qemu, Host Packages, vSwitches GUI Cisco Physical Infrastructure

Optional Network VIM Unified Unified Management

Compute (UCS) Network (Nexus) Storage (UCS) (Cisco VTS / Cisco ACI)

Monitoring and Assurance Infrastructure Infrastructure Management

Cisco NFVI Scope

Business Services Mobility Other VNFs 3rd party VNFs (e.g. Cisco MSX) (e.g. Ultra, IOT) (e.g. Media, vPE/vBNG) (e.g. vIMS, vLB)

Open APIs for Platform Consumption

Virtual Infrastructure VIM

API Virtual Compute Virtual Storage Virtual Network Red Hat OSP (RHEL) (Ceph) (OVS, VTF, SR-IOV) LifecycleCisco VIMManager Lifecycle Manager Infrastructure Abstraction with RHEL, KVM/Qemu, Host Packages, vSwitches GUI Cisco Physical Infrastructure

Optional Network VIM Unified Unified Management

Compute (UCS) Network (Nexus) Storage (UCS) (Cisco(SDN VTS Controller) / Cisco ACI)

Monitoring and Assurance Infrastructure Infrastructure Management

Cisco NFVI Scope

Customer Portal OSS/BSS

Network Services NFV Orchestrator Orchestrator

Elastic Services Controller VNF Manager Physical OpenStack CPE API vCPE (VNF)

Existing IP Network Internet

VTS SDN Controller Cisco NFVI Physical CPE https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1896371 #CLUS PSOSPG-2012 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Cisco NFVI Solution Leading Industry Partnerships

Integrated platform Design and Validation Simple Access to Support Certified by Red Hat Single Point Performanceof Contact Acceleration, Joint Engineering Enhanced Platform Awareness

Virtual Infrastructure VIM

Optional Network VIM Unified Unified Management

Compute (UCS) Network (Nexus) Storage (UCS) (Cisco VTS / Cisco ACI)

Monitoring and Assurance Infrastructure Infrastructure Management

Cisco NFVI Scope

Virtual Infrastructure Management Fast Data Plane on x86 Data Models and Orchestration

TOSCA

SR-IOV Netconf/YANG Orchestration/Platform

Infrastructure SDN Controller Chaining and Connectivity

VTS NSH/Service Chaining (BGP/VXLAN) ACI Segment Routing

End-to-End Focus

#CLUS PSOSPG-2012 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 #CLUS PSOSPG-2012 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Cisco NFVI Components Cisco NFVI Components

Business Services Mobility Other VNFs 3rd party VNFs (e.g. Cisco MSX) (e.g. Ultra, IOT) (e.g. Media, vPE/vBNG) (e.g. vIMS, vLB)

Open APIs for Platform Consumption

Cisco VIM Virtual Infrastructure VIM Cisco VIM Platform APIUnified Virtual Compute Virtual Storage Virtual Network Red Hat OSP (RHEL) (OpenStack(Ceph) based)(OVS, VTF, SR-IOV) LifecycleSDNCisco VIMManager Management Lifecycle Manager Infrastructure Abstraction with RHEL, KVM/Qemu, Host Packages, vSwitches GUI Integrations Monitoring & Physical Infrastructure (Optional) Optional Network VIM Unified Unified Management Physical Infrastructure Compute (UCS) Network (Nexus) Storage (UCS) (Cisco(SDN VTS Controller) / Cisco ACI)

AssuranceMonitoring and Assurance Infrastructure Infrastructure Management

Cisco NFVI Scope

OpenStack can be complex to operate:

Complex interactions between services, databases, messaging queues, etc.,

Health and performance of a cloud is difficult to quantified, verify and monitor

Updates/upgrades require extensive human effort and are prone to issues

Unified Management System (Multi-Pod & Multi-Site, Single Pane of Glass, GUI, REST API)

Lifecycle Manager (Day N operations – Pod Mgmt, Update/Upgrades, Reconfig, REST)

Integrated Tools (Benchmarking: Networking, Storage, Compute)

Logging & Assurance (ELK stack, Zenoss, …)

Health Checks & Failure Recovery (CloudPulse, Cloud Recovery, REST) Day N

Control and Data Plane HA (Compute, Network & Storage) Cisco VIM

Turn Key Ubiquitous Security (TLS, SELinux, non-root, RBAC, etc. ) Packaged Software Performance Enhancement (Fast Data Stacks like VPP, tuning – CPU pinning, NUMA and many more) Integrated SDN Controller (VTS, ACI)

Containerized Deployment (OpenStack Services, CI/CD Capable Platform) Day 0 Fully Automated Installer (1-click, Modular, Robust)

Red Hat Enterprise Linux OpenStack Platform (RHEL OSP) Red Hat Ceph Storage Solution OpenStack, Linux & Storage Operating Systems – Red Hat Enterprise Linux (RHEL) and Cisco NX-OS / IOS-XR Distribution

Cisco UCS Cisco Nexus Cisco Cisco H/W Hardware VIC NIC FPGA* GPU* Compute 9000 UCS FI NCS5000* Accelerator*

2HCY ’16 Sep’17 Q3CY ’18 Cisco VIM 1.0 (LA) Cisco VIM 2.2 Cisco VIM 2.4 (R2)

2016 2017 2018

May ’17 Apr ’18 Cisco VIM 2.0 (GA) Cisco VIM 2.4 (R1)

Cisco NFVI follows Cisco VIM release schedule

Software Hardware Data Plane • Newton OSP 10 • Intel X710 NIC • SRIOV with Intel x710 • Mgmt Node Auto Backup • UCS C240 M4 compute • ML2 VPP • VM Cold Migration • Intel v4 (Broadwell) • NFVbench Performance • VM Resizing • Scale up to 20 Storage Benchmarking • Auto Configuration ToR nodes • IP source Filtering • ToR Switches • Keystone V3 • Nexus 9396PX Third Party Integration • Automated SW Upgrade • Nexus 93180YC • SwiftStack Framework • Micropod (TechPreview) • Zenoss • Unified Management UI (TechPreview)

Software Hardware • Cisco VIM Insight GUI • MicroPod GA • Software Upgrade – Liberty to Newton • ML2 VPP & SRIOV for Full and Micropod • VTS Upgrade – 2.3 to 2.5 • VTS 2.5 Integration • ACI/APIC SDN controller Integration • Fluentd Integration • Post Install Enable TLS • Post Install Re-config Provider and Tenant VLAN ranges Data Plane • Post Install CIMC password change • ML2 VPP with L3 and SRIOV • IPv6 support (management and data plane) • NFVbench REST API and visualization • Platform Security • Scale Support for both control and data • LDAP integration with Microsoft AD plane • Disk Maintenance

Software Features Hardware Features • Virtual Machine Live Migration • UCS M5 Micropod w/ X710 10G (CP) • Power Management • UCS M5 Micropod w/ XL710 40G (SR- • CIMC 3.x support for UCS M5 servers IOV) • Coexistence of CIMC 2.0.x and 3.x nodes in • Micropod with Expansion (max. 16) same pod • NCS5500 as TOR • VTS 2.6 Integration • All SSD based Ceph Storage • VTS Upgrade from 2.5 to 2.6 • Compute nodes with SSD boot drives • Post-upgrade or update non-disruptive reboot • Security: No root login, Default deny all IP tables Third Party Integration • Cisco VIM Unified Management with • HP DL360 Gen 9 for Compute Node enhanced UX • NetApp for Storage

ToR Switch 1 ToR Switch 2 Mgmt Switch

Management Node Compute Node 1 Controller Node 1 Cisco VIM Compute Node 2 Controller Node 2 2.4 Compute Node 3 Controller Node 3 C Compute Node 4 Storage Node 1 … Storage Node 2 …

Storage Node 3 … … …

Storage Node 20 Compute Node N*

ToR Switch 1 ToR Switch 2 Mgmt Switch

Management Node Compute Node 1 Controller Node 1 Cisco VIM Compute Node 2 Controller Node 2 2.4 Compute Node 3 Controller Node 3 C Compute Node 4 Comp/Storage 1 … Comp/Storage 2 …

Comp/Storage 3 … … …

Comp/Storage 15* Compute Node N*

Hyperconverged node = Compute + Storage node * Maximum of 15 hyperconverged nodes. Total#CLUS of 64 Control,PSOSPG -Hyperconverged2012 © 2018 Cisco and/or andits affiliates. Compute All rights reserved. nodes Cisco inPublic a pod26 Cisco VIM Micropod

• One management node and three Micropod

converged Micropod nodes ToR Switch 1 ToR Switch 2 Mgmt Switch • Control, Compute and Storage on all 3 converged nodes • Use converged nodes for non-data- Management Node

plane heavy workloads (ESC, UAS, Control Compute Storage SD-WAN, etc.,.) Converged Node 1 • Same HA capabilities as a full pod Control Compute Storage • Same software and hardware Converged Node 2 lifecycle capabilities as full pod • Reduces pod footprint by 60% Control Compute Storage Converged Node 3** compared to full pod

** Ceph storage is restricted to the three converged nodes

Micropod ToR Switch 1 ToR Switch 2 Mgmt Switch • Use converged nodes for non-data- plane heavy workloads (ESC, UAS, Mgmt Node SD-WAN, etc.,.) Compute Node 1 • Add dedicated compute node(s) for Converged Node 1 data plane heavy workloads Compute • UCS M4 Micropod with expansion Node 2 Converged … supports N9k as ToRs Node 2 … • UCS M5 Micropod with expansion Converged Compute supports N9k and NCS5500 as ToRs Node 3 ** Node 16 *

* Maximum of 16 dedicated compute nodes in a Micropod ** Ceph storage is restricted to the three converged nodes #CLUS PSOSPG-2012 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Significant Efficiencies with Pod footprint Use Case: Cisco MSX SD-WAN

Full Pod Micropod

ToR Switch 1 ToR Switch 2 Mgmt Switch ToR Switch 1 ToR Switch 2 Mgmt Switch

Mgmt Node Converged Node 1 Controller 1 Compute 1 Controller 2 Converged Mgmt Node Compute 2 Node 2 Controller 3 Compute 3 Converged Storage 1 Node 3 Storage 2

Storage 3

Container-Based Deployment

NFVI Management Node

Controller Nodes Containers Repo Compute Nodes Storage Nodes

Cisco Customer Controlled

NFVI Controller Nodes Compute Nodes

Docker Storage Nodes Containers Management Repo

Software Packages

Download Plug in to the Admin Management Node

Add and remove of compute nodes to scale the pod on demand

Replacement of control nodes in case of maintenance

Replacement of storage nodes in case of maintenance

Cisco NFVI

Update/upgrade on demand

Update with patches and security updates

Rollback to previous version in case of any error

Cisco NFVI

• API – OpenStack API end points for managing/using the NFVI • External – Link to world beyond the cloud via OpenStack virtual routers (L3 agent) • Management/Provisioning network – PXE boot and Openstack inter-service communication • Provider – Link to existing infrastructure networks • Tenant – Inter VM traffic via OpenStack tenant networks • Storage – Ceph data replication traffic

Provider API Management/Provisioning Tenant

External Storage

VTC Node Compute Management Control Node Storage Node (optional) Node Node Control Host Compute Hos Storage Host Control Host Storage Host

Proactively design & secure the platform

• Cisco Secure Development Lifecycle • Minimum attack surface… (CSDL) compliant • No unnecessary open ports • Cisco Product Security Baseline • No unnecessary software bits installed (PSB) compliant • Passwords management

• Network segmentation • Authenticated and secure access to • SELinux at host and container level APIs and Dashboards

• Immutable containers • Seamless update of security patches

• Containers running as non-root • Bandit security analyzer

• ANSSI review of VPC deployment • File/Process ownership/permissions

Build node Cisco VIM Pod 2 Traffic TOR-SW A TOR-SW B generator Build node 1 Controller 1 Controller 2 Controller 3 5 4 Storage 1 Storage 2 Storage 3 Compute 1 Compute 2 Compute 3 NFVbench 3 Compute i container Compute Compute Compute n

1 Stage VNF chain (OpenStack API) 3 Clear counters in vswitch(es) 5 Traffic flows to the VNF 2 Stitch traffic generator interfaces to VNF chain 4 Start traffic

An integrated network performance benchmarking toolkit, pre-installed on every POD along with a set of best known practices

• Log forwarders on all nodes forward logs to Fluentd-aggregator on Management node • Fluentd-aggregator to forward logs to ElasticSearch database • Kibana dashboard for viewing logs stored in ElasticSearch • Fluentd-aggregator to forward logs to remote Syslog

Management / Provisioning Network Log Forwarder Log Forwarder Log Forwarder Log Aggregator

Logs Logs Logs Kibana Control Node(s) Storage Node(s) Compute Node(s) ElasticSearch

Management Node

Syslog Server

• Kibana visualizes the data stored in Elasticsearch using custom dashboards

• User can add filters or create queries to search through the logs

CLI • Cisco NFVI can be managed through GUI, CLI and REST API interfaces • Unified Management GUI • Multi-pod Cisco • Multi-user NFVI • RBAC • Containerized, lightweight, stateless REST API Unified Mgmt GUI

Intuitive GUI (Intuitive Graphical User Interface)

Ubiquitous Security (TLS, SELinux, non-root, Certificate Management RBAC, etc. )

Highly Scalable (Light Weight , stateless and REST API driven) Cisco VIM Unified Management Multi-User and RBAC (Multiple concurrent sessions and RBAC for security)

Multi-Site and Multi-Pod (Single Pane of Glass to Deploy and Manage Distributed deployments)

Containerized Deployment (Easy to Install , update and upgrade)

Virtualized Infrastructure Manager Cisco VIM

Monitoring . Health and performance monitoring – physical and logical . POD level view of components, Physical to Virtual Co-relation . Ability to monitor multiple NFVI pods

Analysis and Reporting . Service Impact Analysis – Creates accurate models of services and their dependencies on application infrastructure . POD capacity forecast – Alert ahead of time . Generate reports – Device, Performance, Cisco UCS, NFVI reports

Automation . Automate discovery and modeling – POD changes . Automatically checks POD level health . Integrated with CVIM installation (optional)

• Zenoss dispatcher deployed by CVIM control nodes (using software in CVIM Collector #1 Collector #2 repository) • Tight integration with Celiometer and SSH UCS API, SSH & other components. Zenoss lifecycle AMQP managed by the CVIM lifecycle CVIM API manager NFVI POD (s) Control Center NFVI Management Node

Resource Manager #1 NFVI Control Nodes (3x) Ceilometer & Zenoss Dispatcher

Resource Manager #2 NFVI Compute Nodes (2 or more) Ceilometer

Nexus ToR Switches NFVI Storage Nodes (3x)

Advisory Implementation Optimization Managed Technical Training

SP Cloud SP Video SP Mobility Cable Access SP Networking Enterprise

Analytics Automation & Orchestration Security

Cust Access CO Remote DCs Central DCs Co-Lo / Cloud Prem Peering Hosted Nothing is vBNG, vOLT, vCMTS, vPE VPC, SecGW, vIMS, VPC, Gi-LAN, vIMS, vManaged Service, seen Biz Services (vMS), Biz Services (vMS), vBranch, Media xCoding, cDVR, vMS, XaaS delivered Analytics today… vRAN, vPE, vBNG, vCMTS, Media xCoding, cDVR, vCDN, from the Multi- vCDN, Analytics vCDN, Analytics vCDN, vDDoS, Cloud Virtualized RR, Analytics IOT / Fog Computing, Analytics MEC, VPC & VPC & vCDN, Cloud RAN, Online Gaming, Location Fog Apps AR/VR, IOT, Fog, location based Services, AR/VR, based services, Data Analytics Data Analytics

Remote DC Near Edge Co-Lo

DCI Peering Carrier-E / Transport Edge DCI DCI

` Central Data Peering Centers VPN CPE Internet / DCI DCI Partner SP Edge

DCI Peering

Remote DC Co-Lo Cust. Prem Access Aggregation Near Edge Core and Edge Multi-Cloud

Bare Metal / Virtual Cloud-Enabled Cloud-Native

App App App App App App ServiceService App App ServiceService

Web App Web App Database Database .rb .py .go Java Servers Servers Servers Servers

Runtime Micro-services on Physical Infrastructure Local Dedicated Shared Containers

Edge Compute >10s of Virtual >100s of Virtual >1,000s of Virtual workloads >100s of Virtual workloads Latency sensitive apps Workloads, workloads, Production & Backend Production services (MEC, IoT, Edge Analytics) Production Services Production services services

Remote DC Near Edge Co-Lo

DCI Peering Carrier-E / Transport Edge DCI DCI

` Central Data Centers Peering VPN CPE Internet / Partner SP Edge DCI DCI

DCI Peering

Remote DC Co-Lo Cust. Prem Access Aggregation Near Edge Core and Edge Multi-Cloud

Nano Micro Rack(s) Multi-Rack ½ or Full Rack

Modular Cloud Orchestration BM Software Stack

High Performance, Automation, Day 0 – N Lifecycle Management, HA, Consistent Networking Models, Logging, Assurance, Security

Multi-Use Open source Ease of Use Single Point Carrier Grade Joint Case and standards with of Performance, Engineering & Capable, compliant Simplified Accountability HA, Scale & Innovation Cisco & 3rd Manageability & Ownership Security with Partners Party

Evolution to Cloud Native SP Virtualization Integrated platform sold and supported by solution with seamless integration with WAN to Cisco, powered by Intel, fully backed by Red drive true realization of NFV Hat

Complemented with best in class MANO and Industry’s Broadest VNF Portfolio

Give us your feedback to be entered into a Daily Survey Drawing. Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

#CLUS PSOSPG-2012 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 66 Continue Demos in Walk-in Meet the Related your the Cisco self-paced engineer sessions education campus labs 1:1 meetings

• Cisco NFVI demo at World of Solutions

• Cisco Ultra packet core at City Campus IOT

BRKSDN-2411: NFV Performance - Challenges and Solutions

BRKSDN-2410: Carrier-Grade NFV Infrastructure for Service Providers

BRKACI-3620 Case Study of a SP Customer running ACI based SDN Solution for Telecom Datacenter

DEVNET-2068: Exploring the OpenStack Deployment and Management framework for Cisco VIM

PSOSPG-2012 Cisco Network Function Virtualization Infrastructure (NFVI)

BRKRST-3122: Segment Routing: Technology deep-dive and advanced use cases

BRKMPL-3333: EVPN: Network Virtualization Solution for Next Generation Enterprise DCs, DC Interconnections, and SPDCs

TECRST-3684: Cloud Networking with Cisco NFVI

#CLUS #CLUS