LTRSDN 2713

LTRSDN-2713
Branch & SDWAN

Orchestration and Automation with NSO CFP
Rebecca Zhu, Sr. Technical Leader

Nandakumar Arunachalam, Sr. Technical Leader
Andrew Horrigan, CPSG TME
Agenda
• Welcome
• Introduction to NFVIS & vBranch
• What is SD-WAN?
• Introduction to NSO & Core Function Packs
• Overview of the SD-WAN CFP
Lab (~3.5hr)
LTRSDN-2713 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#LTRSDN-2713
Branch & Service Management
Traditional Model
WAN
Router Order Line Install Router Delivery Router Install Router Online
WAN
Service Order Appliance Delivery Appliance Install Appliance Online
vBranch Model
WAN
Zero Touch Provisioning
Router Order Line Install Server Delivery Server Install
WAN
Model Driven Orchestration
Self-Service
Introduction to
NFVIS & vBranch
NFVIS Software Stack
PnP Console/ Cisco Local Device
NSO
Server SSH DNA-C Web Portal
NFVIS
CLI NETCONF REST
PnP Health Orchestration Host

RBAC HTTPS
Client Monitoring (VM Lifecycle) Management
Virtualization Layer – Hypervisor and vSwitch
Interface Platform
Drivers Linux Drivers
ENCS 5000 Series
More CORES = more SERVICES
ENCS5412
ENCS5408 12-Core
ENCS5406 8-Core
ENCS5104 6-Core
4-Core
ENCS 5104 ENCS 5106 ENCS 5408 ENCS 5412
CPU 4-core, 3.4 GHz 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz
PoE No No 200W 200W
Capacity
ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs
Guidance
What is
SD-WAN?
Cisco SD-WAN Solution Roles and
Responsibilities
Orchestration Plane Management Plane
• First point of authentication vManage • Single pane of glass for Day0, Day1
• Distributes list of vSmarts/ and Day2 operations
vManage to all vEdge routers APIs • Multitenant or single-tenant
• Facilitates NAT traversal 3rd Party • Centralized provisioning,
vBond troubleshooting and monitoring
Automation
• RBAC and APIs
vAnalytics
Data Plane Control Plane
vSmart Controllers
• Physical or virtual • Dissimilates control plane
• Zero Touch Provisioning information between vEdges
• Establishes secure fabric 4G • Distributes data plane policies
MPLS
• Implements data plane policies • Implements control plane policies
INET
• Exports performance statistics vEdge Routers
Cloud Data Center Campus Branch CoLo
What is
NSO & CFP?
NSO Main Features
• Configuration Data Structures are Model-Based and logically centralized and stored
in the Configuration Database (CDB)
• There are structured data representations of:
• Service Instances
• Network Configurations
• Network State
• Service Models map service operations to network configuration changes

• NSO provides Transactional Integrity between network configuration changes
• NEDs allow NSO to provide multiprotocol and multivendor support
Network Services Orchestrator (NSO)
• Model-driven end-to-end
service lifecycle and
OSS/BSS Network Engineer EMS/NMS
customer experience in
ConfD focus
NSO NETCONF REST CLI WebUI SNMP JAVA/JavaScript
Northbound APIs
• Seamless integration
End- to- End
Service
Models
Service Management Layer
Service View with existing and future
OSS/BSS environment
Device Device Management Layer Global Device • Loosely-coupled and
Models View
modular architecture
Network Element Driver (NED) NED NED NED Southbound APIs leveraging open APIs and
standard protocols
Multi- Vendor
Physical/Virtual • Orchestration across
Device Environment
multi-domain and multi-
layer for centralized policy
and services across
entire network
NSO Packages
Service NSO Model
• Group of related (YANG models
Template Service Model
(YANG)
Template
(XML) and code) NSO Services,
Actions, Data Connectors, Data
Structures, etc.
Service NSO Model Code
• Packaged as a directory or
Code + Template Service Model
(YANG)
Template
(XML)
(JAVA or
PYTHON) tar.gz file and placed into the
NSO Packages Directory
• Services and Actions come in
Service Code
different flavors, which can be
Action Model
(YANG)
(JAVA or
PYTHON) combined
NSO Network Element Drivers (NEDs)
NED (major components) • Developed and provided by Cisco
Service Model (YANG) • Built and maintained in an agile manner
• Customers/Vendors can build their own
NETSIM
Program
• Features for each NED are driven by
(optional)
customer and vendor requirements
Communication Code (JAVA/Python)
• Customers are provided full and open
access to source models
NETCONF, REST, SNMP, CLI, etc
• Cisco creates “Core” Function Packs
• VNFM for different Cisco offerings – such as
• Controller Apps Secure Agile Exchange!
• EMS and NMS
Physical Networks Virtual Networks Network Apps
What is a Core Function Pack?
• Ready-Made Implementations for specific features & designs
e.g. NFVO, ENFV, SDWAN, SAE, etc.
• Productized – Based on Cisco Validated Designs
• TAC-Supported
• 80/20 Rule – Reduces Implementation Cost and TTM
vBranch Core Function Pack
Other Function Packs
Virtual Branch
Core FP
Automation of Virtual Branch
deployments through NSO
Automation of Networks Domains or

Multi-Vendor Deployments through NSO
Cross-Domain Interworking between

vBranch and other networks domains or
Multi-Vendor Deployments
Virtual Branch with mix of virtual Other network domains or
and physical network devices third-party devices
SDWAN Core Function Pack
Other Function Packs
Virtual Branch
Core FP
Automation of SDWAN through
vManage
vManage
Automation of Networks Domains or
Multi-Vendor Deployments (including
vBranch) through NSO
Cross-Domain Interworking between

vBranch and other networks domains or
Multi-Vendor Deployments
Virtual Branch with mix of virtual Other network domains or
and physical network devices third-party devices
SD-WAN CFP
vBranch & SDWAN CFP Architecture
NSO/vManage Integration
Cisco and 3rd party VNFs
Service Abstraction APIs
OSS/BSS
REST/NETCONF REST
Potential SP Model
NSO vManage
REST/NED
SDWAN
CFP
SDWAN Function Pack
vBranch
CFP
NETCONF NETCONF
vBranch Function Pack
ENCS Cisco vEdge
NFVIS Appliance Appliance
• NSO (vBranch, vManage NED) to instantiate VNFs NED NED NED

NSO CFP
(including 3rd party VNFs) and activate vEdge-Cloud
Cisco
• vManage to configure vEdge-Cloud for day-n service ASAv vEdge WaaS
Customer
vBranch & SDWAN CFP Hierarchy
vmanage
sdwan-site
branch-cpe vEdge/vnf sdwan-template sdwan-policy
Device Definition Catalog Definition
branch-infra
branch-cpe catalog
vnf network cpe config nfvo

branch-cpe deployment
vnfd vnfd
vdu vdu
nfvis
SDWAN Packaging
SDWAN-SITE • 1) SDWAN-SITE Service could be used as a top service to
Service to deploy vEdge deploy vEdge Cloud and other VNFs with service chaining.
Cloud along with other VNFs • 2) vBranch onboards ENCS and then creates all of the VNFs
and perform service chaining
SDWAN-SITE
• 3) SDWAN-SITE monitors vManage/vEdge Cloud sync status
1 3 • Notes:
• In this deployment, SDWAN-SITE Service could be a top service itself
(ready-out-of-the-box for SDWAN onboarding use case) and provides
vBranch a single set of API to NB to bring up vEdge Cloud and other VNFs in a
service chain. It focuses on the simplicity (for SDWAN use case), hides
away the complexity of vBranch and offers one integrated view of all
2 VNFs deployment.
• On the other hand, SDWAN-SITE does not expose all of the gut (and
bell & whistle) of vBranch in which an expert user of vBranch is able to
do.
VNFM
NFVIS
NSO with the SDWAN
Function Pack
vEdge Cloud Provisioning / Activation

vManage Control and Policy
Network Service Orchestrator (NSO) 2 Elements
Core FP Core FP Get the unclaimed vEdge Cloud

(vBranch) (SDWAN-SITE)
router list from vManage. Get
Bootstrap Configuration file (cloud-init
Define SDWAN Service on config file) which contains cloud-
1 ENCS (VNF and Chaining) config (bootstraps) and cloud-
boothook (day0) sections
5
7
3 Full Registration and
Configuration
6
4
VNFs instantiated and loaded with vEdge
Bootstrap Configuration cloud-init file.
Chaining of VNFs occurred if Virtual Networks
requested. (ENCS)
VNFD and VDU admin@ncs% show nfvo vnfd vEdge-VNFD virtual-compute-descriptor vEdge-compute {
provider Cisco; virtual-memory {
version 1.0; virtual-memory-size 2.0;
product-info-description "vEdge Appliance"; }
vdu vEdge-VDU { virtual-cpu {
VNFDs internal-connection-point-descriptor mgmt {
external-connection-point-descriptor mgmt; }
number-of-virtual-cpus 2;
layer-protocol IPv4; }
• source image, • disk type nfvo-nfvis:interface-id 0; virtual-storage-descriptor vEdge-storage {
type-of-storage root;
• network connections • CPU }
virtual-compute-descriptor vEdge-compute; size-of-storage 8;
• day-0 file attribute • RAM virtual-storage-descriptor [ vEdge-storage ]; }
virtual-link-descriptor mgmt {
software-image-descriptor {
container-format bare; connectivity-type {
disk-format qcow2; layer-protocol IPv4;
VNFD: ISRv image http://10.81.125.72/images/Viptela-18.3.3.tar.gz; }
image-name viptela-edge; }
nfvo-nfvis:additional-setting disk_bus { external-connection-point-descriptor mgmt {
value virtio; virtual-link-descriptor mgmt;
VDU: ISRv } layer-protocol IPv4;
nfvo-nfvis:additional-setting low_latency { nfvo-nfvis:management;
value false; }
VNFD: ASAv-VNFD } deployment-flavor vEdge-VNFD {
nfvo-nfvis:additional-setting serial_console { vdu-profile vEdge-VDU {
value true; min-number-of-instances 1;
VDU: ASAv-VDU } max-number-of-instances 1;
} }
flavor-name vEdge; instantiation-level vEdge-VNFD {
nfvo-nfvis:day0 /openstack/latest/user_data; vdu-level vEdge-VDU {
VNFD: vEdge-VNFD } number-of-instances 1;
}
}
default-instantiation-level vEdge-VNFD;
VDU: vEdge-VDU }
VNFD (VNF Descriptor) and VDU (Virtual Deployment Unit) definitions (ETSI MANO) Pre defined on installation
admin@ncs% show branch-infra-common:catalog CiscoLive branch-cpe NFVIS
physical false;
Catalog
read-timeout 90;
write-timeout 90;
enable-commit-queue false;
branch-cpe-template pnp-map-vCPE;
nfvis-tenant admin;
password $8$ocM+U5xJQiClfE7JV962Q8daNpMebihVy4+Wk2UR4M8=;
Catalog day0 {
file nfvis_day0.cfg;
(Gold, Bronze…. CiscoLive ) cfg-common-ref base-vcpe;
}
cpe-onboarding {
device-type netconf;
Platforms port 830;
}
network LAN-1;
ENCS-54xx network LAN-2;
network LAN-3;
network Mgmt;
NFVIS network WAN-1;
network WAN-2;
network int-mgmt-net;
network lan-net;
network wan-net; admin@ncs% show branch-infra-common:catalog CiscoLive deployment
Supported Deployment config banner-motd { deployment vEdge-Dep {
cfg-template brcpe-banner-motd; bootup-time 120;
} recovery-wait-time 0;
config brcpe-system { vnfd vEdge-VNFD {
ISR cfg-template brcpe-system; vdu vEdge-VDU;
} }
config mgmt-wan-vlan { polling-frequency 3;
cfg-template mgmt-wan-vlan; vnf-port 22;
ASA-Dep } port-start-range 22327;
supported-interfaces eth0; port-end-range 22327;
supported-interfaces eth1; intangible;
supported-interfaces eth2; day0-url /openstack/latest/user_data {
vEdge-Dep supported-interfaces eth3; url http://10.81.125.72/day0/vedge_cloudinit.cfg;
supported-interfaces eth4; var HOSTNAME {
val CL-vEdge;
}
}
Pre defined on installation
Provider Infrastructure
provider-infra (SP Name)
provider-infrastructure ProviderA
admin@ncs% show provider-infrastructure
provider-infrastructure ProviderA {
tenant-infrastructure TenantB tenant-infrastructure TenantA {
branch-infra-common:catalog Silver;
}
Catalog Gold tenant-infrastructure TenantB;
branch-infra-common:catalog Gold;
core-fp-common-catalog:catalog CatalogEsc;
vmanage vmanage-1 vmanage vmanage-1;
}
provider-infrastructure CiscoLive-Provider {
provider-infrastructure CiscoLive-Provider tenant-infrastructure CiscoLive-Tenant {
branch-infra-common:catalog CiscoLive;
}
branch-infra-common:catalog CiscoLive;
tenant-infrastructure CiscoLive-Tenant vmanage vmanage-1;
}
Catalog CiscoLive
Check vManage is mapped to a Provider
vmanage vmanage-1 Add authgroup for vMange if not using the default
Pre defined on installation

admin@ncs% show branch-infra:branch-infra branch-cpe CL-Branch-CPE
Branch CPE
provider CiscoLive-Provider;
type NFVIS;
serial CL-NFVIS;
device-on-boarding pnp-unmanaged;
device-name CL-NFVIS;
network LAN-1 {
Branch CPE & Devices trunk false;
bridge lan-br;
vlan [ 1110 ];
}
network LAN-2 {
Branch cpe trunk false;
bridge lan-br;
vlan [ 1210 ];
}
Configuration network WAN-1 {
bridge wan-br-1;
}
Provider CiscoLive-Provider network WAN-2 {
bridge wan-br-2;
}
Device CL-NFVIS network wan-net {
bridge wan-br;
}
IP Address
Device Type netconf admin@ncs% show devices device CL-NFVIS

address 10.1.60.110;
port 830;
authgroup authgroup NFVIS_autgroup;
device-type {
netconf;
}
Networks trace pretty;
out-of-sync-commit-behaviour accept;
state {
admin-state unlocked;
Customer Premise Equipment (CPE) }
NDU admin@ncs% show ndus vEdge-ndu
network LAN-1 {
pre-existing-network;
}
NDUs network LAN-2 {
}
network WAN-1 {
}
ASA-ndu network WAN-2 {
}
network network int-mgmt-net;
network wan-net {
}
nic nic 0 {
network wan-net;
}
nic 1 {
vEdge-ndu network WAN-1;
}
nic 2 {
network WAN-2;
network }
nic 3 {
network LAN-1;
nic }
nic 4 {
}
NDU Network Deployment Unit, define network and NICs of the VNF, for service chaining.
Onboarding VNF on sdwan-site
admin@ncs% show sdwan-site CL-SDWAN-Site
provider CiscoLive-Provider;
infrastructure {
sdwan-site type nfvis;
nfvis {
nfvis-serial CL-NFVIS;
type NFVIS;
sdwan-site CL-SDWAN-Site shared-branch-office;
branch-office CL-Branch-CPE;
device-on-boarding pnp-unmanaged;
Provider CiscoLive-Provider nfvis-device-name CL-NFVIS;
}
}
member-vnfs CL-vEdge {
type vEdge-cloud;
Infrastructure branch-cpe deployment vEdge-Dep;
vnfd vEdge-VNFD;
vdu vEdge-VDU;
username admin;
Member-vnfs CL-vEdge password $8$pbONbd1HvsZRZiSjDUsAPGIc9Lr4uv1blPwikg0gk9I=;
ip 11.11.11.152;
mask 255.255.255.0;
gtw 11.11.11.1;
VNFD, VDU day-0 {
cfg-file 11b.vedge_day0_template.cfg;
variable HOSTNAME {
deployment catalog value CL-vEdge;
}
variable Mgmt_GW {
config-template value 10.1.60.1;
…….
vedge-cloud {
system-ip 10.1.60.152;
ndu site-id 112;
}
ndu {
ndu-id vEdge-ndu;
Onboarding vEdge and chaining VNFs on branch-cpe }
Lab Walkthrough
• Setup NSO CFP Container
• Docker Install NSO CFP
• On-Boarding VNF’s
• Define and Build the VNF Devices – ASAv,
Lab vEdge (Branch-CPE Devices)
Objectives
• Validate Branch2DC Traffic
• Establish host communication from Branch
client devices to Datacenter.
• Apply policy to Branch-vEdge (vManage)

• Revalidate the Branch2DC Traffic
Physical Lab-Topology
Cisco Live Network Cisco Lab Network Cisco Lab Network (DC)
DC Network Devices LTRSDN-2713
Branch & SDWAN
Orchestration & Automation with NSO CFP
DC-vEdge
vManage
Cisco VPN Any-Connect
vSmart
vBond
Student-20 Setup pre-configured

Docker
WAN-1 WAN-2
CentOS
ESXi
Student-20
Student-1
Docker vEdge vEdge
CentOS LAN-1 LAN-1
ASAv ASAv
ESXi NFVIS LAN-2 NFVIS LAN-2
Student-1
Branch Client Host Devices Branch Client Host Devices
Student-1 Student-20
Logical Lab-Topology
172.17.XX.100 172.18.XX.100
DC Networks LTRSDN-2713
Branch & SDWAN
Orchestration & Automation with NSO CFP
Internet
vManage 10.1.60.61
vSmart 10.1.60.62
DC-vEdge 10.1.60.89
vBond 10.1.60.63
Internet MPLS
10.1.60.XX
WAN-1 WAN-2
10.1.60.XX vEdge
LAN-1
10.1.60.XX ASAv
10.1.60.XX NFVIS LAN-2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1
2
3
4
LS
CISCO NEXUS N9K-C9332PQ
LAN Management Switch
Branch Client Devices

10.1.60.90
XX=Student POD
XML Configuration Files
XML File Name
01a.vnfd_ASA.xml
01b.vnfd_vEdge.xml
02.catalog-global.xml
03.catalog-CPE.xml
04a.catalog-deployment_ASA.xml
04b.catalog-deployment-vEdge.xml
05.provider.xml
06a.authgroup_NFVIS.xml
06b.authgroup_vmanage.xml
06c.authgroup_default.xml
07a.device_NFVIS.xml
07b.device_vmanage.xml
08.branch-cpe.xml
09a.ndus_ASA.xml
09b.ndus_vEdge.xml
10a.sdwan-site_ASA.xml
10b.sdwan-site_vedge.xml
Lab Guide
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#LTRSDN-2713
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations
Don’t forget: Cisco Live sessions will be available for viewing

on demand after the event at ciscolive.cisco.com
Continue Your Education
Demos in Meet the Related

Walk-in
the Cisco engineer sessions
self-paced
Showcase labs 1:1
meetings
Thank you
Cloud Datacenter Campus CoLo
vBond
vManage
MPLS 4G
INET
Core
vSmart Function
Pack
vEdge vEdge vEdge
VNFs VNFs VNFs
Branch Branch Branch

LTRSDN 2713

Uploaded by

Copyright:

Available Formats

LTRSDN 2713

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LTRSDN 2713

Uploaded by

Copyright:

Available Formats

LTRSDN-2713

Branch & SDWAN

Rebecca Zhu, Sr. Technical Leader

PnP Health Orchestration Host

Virtualization Layer – Hypervisor and vSwitch

ENCS 5104 ENCS 5106 ENCS 5408 ENCS 5412

PoE No No 200W 200W

Cloud Data Center Campus Branch CoLo

• Service Models map service operations to network configuration changes

Physical Networks Virtual Networks Network Apps

Automation of Networks Domains or

Cross-Domain Interworking between

Cross-Domain Interworking between

• NSO (vBranch, vManage NED) to instantiate VNFs NED NED NED

branch-cpe vEdge/vnf sdwan-template sdwan-policy

Device Definition Catalog Definition

vnf network cpe config nfvo

vEdge Cloud Provisioning / Activation

Core FP Core FP Get the unclaimed vEdge Cloud

Pre defined on installation

Device Type netconf admin@ncs% show devices device CL-NFVIS

• Apply policy to Branch-vEdge (vManage)

Student-20 Setup pre-configured

Branch Client Host Devices Branch Client Host Devices

CISCO NEXUS N9K-C9332PQ

LAN Management Switch

Branch Client Devices

Don’t forget: Cisco Live sessions will be available for viewing

Demos in Meet the Related

vEdge vEdge vEdge

VNFs VNFs VNFs

Branch Branch Branch

You might also like