Cisco Virtual Topology System (VTS) Overlay Management Solution for Physical and Virtual Data Centers DP Ayyadevara, Sr. Product Manager, Cloud and Virtualization Group Feb 2015
Agenda! Cisco s Open Network Architecture o Mapping architecture to ETSI NFV Framework! Challenges with existing Datacenters! Cisco Virtual Topology System introduction! VTS Key Attributes! VTS Use cases! Summary 2
The New Era of Telecommunications Software-Defined Networking (SDN) and Network Function Virtualization (NFV) for Increased Monetization, Enhanced Agility, and Reduced Costs 3
Market Demands Bring Service Provider Opportunities Enterprise! Moving investment from IT to core business! Consumerization of IT: New business models! Looking to use cloud models Consumer! Anywhere, anytime personalized services through clouds! Increased expectations for consistent experiences Barriers to innovation! Network rigidity slows speed! Soaring integration costs! Complexity hinders new self-serve models BSS OSS BSS OSS BSS OSS Integration costs Video Integration costs INTEGRATION COSTS Wireline Integration costs Silos, Manual Intervention, and Vendor Limitations Hamper Cloud Service Delivery INTEGRATION COSTS Mobile 4
Business Transformation Technologies Service Orchestration Orchestration Automation, provisioning, and interworking of physical and virtual resources SDN NFV NFV Network functions and software running on any open standardsbased hardware SDN Separation of control and data plane 5
Cisco s Open Network Architecture Applications Business Services Mobility Video Consumer Evolved Services Platform Open Extensible Elastic Service Profile Operational Intent Service Broker Business Intents Orchestration Engine Catalog of Network Functions Cisco Services Evolved Programmable Network VNFs PNFs Compute Storage Network 6
Mapping architecture to ETSI NFV Framework Service Catalog REST API SP s Existing OSS/Catalog Service, VNF and Infrastructure Description Network Services Orchestrator (Based on Tail-F NCS) NFV Orchestrator Cisco VNF Manager Service Lifecycle Service Lifecycle management Service Provisioning Management (ESC) 3 rd party VNFM VNF Manager CSR1kv CSR1kv CSR1kv OpenStack ASAv ASAv ASAv VMware (Compute and Storage VIMs) VNF Library (sample list) QvPC SI QvPC QvPC SI SI QvPC DI QvPC QvPC DI DI 3 rd Party vnf F NF Cisco Virtual Topology Controller (Network VIMs) APIC Cisco Virtual Topology Forwarder OVS/ 3 rd party 3 rd Party SDN Virtual Infra. Managers (VIM) NFV Infra (NFVI) 7
Virtual Topology System
Challenges with existing datacenters Physical Isolation for Multitenancy Under Utilized Capacity Manual Provisioning Greenfield & Brownfield integration 9
Introducing Cisco Virtual Topology System Overlay Provisioning and Management Solution for Physical and Virtual DataCenters Improved Network Utilization Multitenant Overlay Solution Policy-based & Scalable Deployment Felxibilty VTS Service Velocity Automated Provisioning Open, Multi- Vendor & Hypervisor Agnostic Investment Protection 10
The Architectural Vision Legacy DC DC with VTS L3 VPN Public Internet L3 VPN Internet Aggregation ASA- VPN Service- Core WAN Edge (NGN PE) * * ASA- FW Aggregation * * * AS 109 AS 65522 Front-end VRF Firewall Outside VLAN Back-end VRF Firewall Inside, ACE outside VLAN RP RP Server VLANS Compute Shared/public VLAN L3 VPN Edge VRF embgp * (NGN-PE) VRF VRF * L3 VPN Edge (DC-PE) ASA- VPN * ASA- FW Tennant L3 Edge (VRF-CE) * * ebgp + static redist. vace vace VSG Public Zone o o n n (DMZ) Protected FE Zone 1 Zone 2 e Zone e 3 Front-end Zones ASA1000v VPN vace Back-end Zones Virtualized Simple, Agile, Compute Scalable, and DC overlay Flexible, Elastic 11 S u ḇ Z o n Se Wu ḇ Z S u ḇ Z o n Se X u ḇ Z
The traditional Data Center Segmented, static, inflexible Physical Network DC Interconnect (e.g.: ASR 9000) 12
Building an Overlay Physical Network 13
Connecting VMs to VPNs Physical Network 14
Multi-tenanted Overlays Physical Network 15
The result A multi-tenanted virtual network that enables simplicity, flexibility, & elasticity for greenfield and brownfield datacenters 16
Key Attributes of the Cisco VTS Solution Multi-tenanted Extends multi-tenancy to the host server. Capable of hosting VMs and virtual networks from multiple tenants on a server with full traffic isolation between tenants Underlay network & server/os agnostic Suitable for brown-field datacenters with existing server/os and DC switches Hypervisor agnostic A user space solution that is fully agnostic of the underlying hypervisor Programmable RESTful northbound APIs for integration with external orchestration systems Secure and Stable Running the Forwarder in user mode without touching the kernel will simplify the operations and increase the stability of the virtualized environment. Open, standard protocols VTS SDN leverages widely adopted and well understood standard protocols such as BGP and MPLS-over-GRE to integrate seamlessly with existing networking infrastructure 17
Virtual Topology System 1.0 REST External Orchestration System (Openstack, vcenter or 3 rd party) MP-BGP Virtual Topology Controller (VTC) XRv Service Routing (SR) DCI YANG Virtual Topology Fwder (VTF) Virtual Topology Fwder (VTF) Virtual Topology Fwder (VTF) C1 C2 C3 Cust1 VM1 Cust2 VM1 Cust3 VM1 C1 C2 C3 Cust1 VM2 Cust2 VM2 Cust3 VM2. C1 C2 C3 Cust1 VM3 Cust2 VM3 Cust3 VM3 Server 1 Server 2 Server n 18
Customer Examples and Use Cases 19
FSI Use case In FSI, customers have used the separated or isolated infrastructures for the sake of compliances. Firewall INET1: Investment Banking For example, a large US FSI has the following three infrastructures: Investment Banking Intranet (INET1) Corporate Financing Intranet (INET2) Global IT Intranet (INET3) The hardware resource waste resulted from three sets of infrastructures is horrendous. Leveraging Cisco s software overlay SDN will allow them to tap into the unused compute capacity and significant capex/opex reduction after avoiding hardware acquisition. Global Transport Internet (The Backbone) Firewall INET1 Campus Firm-Wide Campus INET1 Compute Farm INET3 Global IT Intranet Firm-Wide Compute Farm INET2: Corp Fin Intranet INET2 Campus INET2 Compute Farm 20
The Cisco Solution using Cisco VTS SDN VTF L2/L3 VRF FIB L3 INET1 MPLS-over-GRE tunnels MPLS-over-GRE tunnels DNS1 INET1 DNS2 INET3 NDS3 INET2 ASR 9001 Server-1 INET2 ASR 9001 DCI nodes a pair of ARS 9001s INET1 VRF INET2 VRF INET3 VRF VTF L2/L3 VRF FIB NDS4 INET1 DNS5 INET3 Server-2 L3 NDS6 INET2 ASR 9001 IP Backbone Distributed IOS- XR SDN Controller INET3 Confidential & Internal Use Only Colocation Site 21
End result A multi-tenanted, virtualized environment that meets the customers compliance requirements VTF L2/L3 VRF FIB L3 INET1 MPLS-over-GRE tunnels MPLS-over-GRE tunnels INET1 VM INET1 VM ASR 9001 ASR 9001 INET1 VRF VTF L2/L3 VRF FIB Server-1 L3 INET2 VM INET2 INET2 VM DCI nodes a pair of ARS 9001s INET2 VRF INET3 VRF Server-2 INET3 ASR 9001 IP Backbone Distributed IOS- XR SDN Controller 2013-2014 INET3 Cisco and/or INET3 its affiliates. All rights reserved. VM VM Confidential & Internal Use Only NDS Colocation Site 22
CloudVPN with ISR CPE Use Case Customer Orders VPN Service Tenant Portal SP s OSS/BSS REST API REST API PnP Server Network Services Orchestrator (NSO) PnP Functionality Zero Touch Provisioning Provide Day 1 Configuration Elastic Services Controller (ESC) Spin up CSR Provision CSR OpenStack ISR CPE ISR CPE Shipped to Customer Site, connected & Powered ON Establish VPN: IPSec, IP Overlay (VXLAN, GRE, LISP), L2 CloudVPN Connectivity up DCI/PE X86 Server CSR1Kv 23
Adding VNFs in the cloud Customer Orders VPN Service Tenant Portal SP s OSS/BSS REST API REST API PnP Server Network Services Orchestrator (NSO) PnP Functionality Zero Touch Provisioning ISR CPE Provide Day 1 Configuration ISR CPE Shipped to Customer Site, connected & Powered ON Establish VPN: IPSec, IP Overlay (VXLAN, GRE, LISP), L2 Elastic Services Controller (ESC) OpenStack CloudVPN Connectivity up DCI/PE X86 Server CSR1Kv ASAv vesa If more VNFs are needed for a Service Chain? Virtual Topology Controller (VTC) OVS/ VTF Internet Gateway More scalable and flexible service chaining enabled with VTC & high-performance VTF 24
Thank you.