2014 BRKSPG-2722 SDN Asr9k

Deploying SDN on ASR 9000
BRKSPG-2722
Rob Piasecki, Solutions Architect

Joel Roberts, Network Consulting Engineer
Agenda
EPN: Business Drivers & Overview
SP SDN Concepts & Use Cases
ASR9000 SDN Enabled Platform
One Platform Kit (OnePK)
OpenFlow
Path Computation Element Protocol (PCEP)
NETCONF/YANG
Services & NFV
Summary & Roadmap
BRKSPG-2722 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Business Drivers & Overview
Service Provider Networking: An Industry in Change
Emergence of M2M and Internet of Everything
Significant Traffic Growth, Driven by Video
50 Billion Connected Things
140.0 Web/Data (24.2%, 18.9%)
File Sharing (15.7%, 8.1%) Connected Things Growing 5X
120.0 Managed IP Video (21.8%, 21.0%)
Faster than
Exabytes per Month
100.0
Internet Video (38.3%, 52.0%)
23% Global by 2020 Mobile Devices
80.0
CAGR
60.0
40.0
More than 22% of all
20.0 networked events will be
0.0
2012 2013 2014 2015 2016 2017 Machine Driven by 2017
Technological Inflections Industry Consolidation
Virtualized +
Software 4K Video + +
Acquires 45%
of Verizon
Wireless from +
LTE Cloud-based +
NFV + SDN +
Service Provider Key Challenges
Cost Scaling Faster Cost of operations on the rise,
Traffic Growth than Revenue TCO Profitability under pressure
Training &
Agility Time to market is slow due
to lack of automation
Complexity Operational
Expenses
Speed of Unable to catch Market Transitions

Innovation Market transitions Competition New Agile, Nimble
Players
Goal = Lean SP + Rapid / Rich Innovation
Evolved Programmable Network Architecture
Addressing Todays and Tomorrows Challenges
Automated
On-Demand Policy
Services Anywhere
Always ON Services
Orchestration
Fully
Virtualized
Dynamic
Intelligent
Scale Open and
Convergence
Real-Time Analytics
Programmable Video
ACCELERATE
Application Seamless
Interaction Experience
VM CDN VM
Core
M2M
Application
OPTIMIZE APIs Edge

VM
Service
OrchestrationApps
Unified
ServiceCatalog
Access
VM/ Storage
Control
Cloud
CORE
NCS NCS EDGE Orchestration
$
APIs UA
MONETIZE
Mobility
EPN
Evolved Programmable Network Phases
IP + Optical Convergence Convergence

and Network De-Layering to
Reduce CapEx
IP Network Evolved
Consolidation Programmable
of Mobile, Network (EPN) Programmability and Control Programmable
Business, and Driven by Need via SDN with End-to-End Orchestration

Consumer for Increased Enables Simplification to Reduce OpEx
Networks Bandwidth plus
Embedded
Intelligence Virtualized Software Virtualized
for Dynamic Service Delivery and Scale
to Enable Faster Time to Revenue Growth
IP Everywhere EPN: Built for IoE

Scope of This Conversation
SDN Concepts & Use Cases
Headlines Google revamps networks with OpenFlow
ZDnet
Prediction: OpenFlow Is Dead by 2014; SDN Reborn in

Network Management
Mike Fratto, Network Computing
Will OpenFlow commoditize networks? Impact Cisco margins?

Several media publications, Bloggers
.We share a more pragmatic view, noting Cisco (for example) is

likely to view SDN as a TAM expansion opportunity Deutsche
Bank Research note, Wired, April 2012
Hype around SDN/OpenFlow getting way out of Control. Where have I seen this
before Ethereal mind, Blogger
SDN needs a bigger definition

Lippis report, 2012
Service Provider Hybrid Control Plane
Traditional Control Plane Collaborative Control Plane SDN Control Plane Architecture
Architecture Architecture (Centralized)
(Distributed)
Distributed Components Functions tightly coupled to data plane Application

Distributed Control Plane
Centralized Components Functions where a holistic/abstracted
view is required Centralized Control Plane
Data Plane
Existing distributed control plane ->Augmented by centralized
control plane function APIs
Service Provider SDN Use Cases
CPE Metro and Access Edge Core Data Centre
Metro DWDM Long Haul DWDM
CPE Agg and Access Edge Core Infrastructure Data Center

Infrastructure
NFV NFV Bandwidth calendaring Virtualized n/w
Services Automated configuration Services Virtual 2 virtual n/w
Demand engineering / PCE interconnect
Provisioning Service definition Provisioning
Single/multi layer optimization Service chaining
Analytics Subscriber Ctl appliances
Service assurance
Analytics Analytics collection
Ciscos SP Open Networking Architecture
Architectural Layering
Applications
SP Applications OSS/BSS, Portals, Inventory, etc.
Applications Applications
End User Applications
External ISPs / Content Providers
Controller NB APIs
Evolved Services Platform
Evolved Services Platform
X Domain
Policy Optimization
Orchestration Control Application Orchestration and Function Specific
Controllers Network, Compute, and Storage
Compute & Storage Service Network
Controllers Provisioning Controllers Service Provisioning Configuration and Management
Device/Network Level APIs

Network
Simplified Distributed Control Plane
Compute Storage Network Augmented by Central Control
Evolved Programmable Network Packet/Optical/Virtual
EPN Infrastructure Components
Device Level APIs
Baseline Architecture is Unified MPLS
Programmable Unified MPLS Cloud

+
NFV
Simplification
Packet Network
Virtualization and Cloud
nLight: IP Optical Integration
IP/Optical Integration
Optical
Simplification
Protocol
Setup and Service
Deployment Models
Apps Apps Apps
AND AND
APIs Controller Virtual Overlays

Other
Agents Physical
and
Virtual
OpenFlow Device w/ Device
Network Device OpenFlow Network
Cisco Approach: Flexibility to ChooseThe Power of AND
Choice of Programmable Layer
BI Collaboration ERM
Business
Applications Analytics Infrastructure S/W Service Management
IT Software Infra Orchestration Management Policy & Compliance
abstract
Controller
Network Device Plug-Ins
Device detail
There are Many Options for Programmability
PCEP Puppet
BGP-LS Chef
OpenFlow SNMP
Netconf NetFlow
Yang CLI
I2RS Syslog
BGP-FlowSpec Others...
ReST
onePK
Are there Too Many?
Cisco intends to be Protocol Agnostic
Support those that make sense for our customers
Respect existing / deployed protocols
Many are under development in various standards bodies
Cisco is actively leading development
Different Options Address Different Needs
Configure - Operate
Device Extension
DevOps Integration
Device Programmability Interfaces Portfolio
Automate your environment
Application Frameworks, Management Systems, Controllers, ...
C/Java Python NETCONF REST OpenFlow ACI Fabric OpenStack Puppet Protocols
RESTful
Management Puppet
Orchestration Neutron
Protocols
Network Services BGP, PCEP,...
Control OpFlex
Forwarding OpenFlow
YANG JSON onePK Plug-Ins

Device API and Data Models
Operating Systems IOS / NX-OS / IOS-XR
Programmability Interfaces - Segmentation
Configure Device DevOps
Operate Extension Integration
NETCONF
YANG
Cisco
Python API BGP
Flowspec
BGP-LS Cisco OpFlex

PCEP Python API
Examples of Use-Cases
Leveraging APIs and logically centralized control plane components
Custom Routing (based on business logic)

Online Traffic Engineering
Custom Traffic Processing

Automation of
(Analytics, Encryption) Network Control
Consistent Policy for Network, and Configuration
Security, & Threat Mitigation (Fulfillment and Assurance)
Virtual & Physical
Virtualization and Customer Domain Isolation
(Device/Appliance/Network)
Example #1: Custom Routing
Routing for Dollars: Application Driven Routes Installed in the Network
Example #2: Custom Traffic
Challenge: Customers want action on specific traffic types based on analytics
Example: Punt traffic of interest, modify, and re-inject.
1. Policy APIs on ingress router interface to 1

punt http traffic to application
onePK application
2. Application correlates location & URL to http
flow 2
3. Advertisement injected to subscribers
default web page. http://foo.com
Example #3: Service Chaining
ASR 9000 OnePk/
Flexible Service Workflow Management
OF
App /
OnePK Layer SDN Ctrl.
VSM Services External Service Appliance

Virus/Malware
IPSec Analytics DPI
Scan
CGN Security CDN SBC
Residential Customer Group A DPI Virus/Malware Scan Firewall
Residential Customer Group B CGN Firewall
Business Internet CGN DDOS Protection Firewall
Business VPN Corp X IPSec Virus/Malware Scan SBC
Flexible Ordering of
Easy to Deploy True Multi-Service
Services
ASR 9000 SDN Enabled Platform
Cisco ASR 9000 Portfolio Evolution
New
New
New
ASR 9001-S
ASR 9001 ASR9904 ASR 9006 ASR 9010 ASR9912 ASR 9922
Size 2RU 6RU 10RU 21RU 30RU 44RU
# of I/O Slots 2 MPAs 2 4 8 10 20
Air Flow Side to side Side to side Side to back Front to back Front to back Front to back
Fabric BW/slot N/A 770G/385G 440G/220G 440G/220G 770G/660G 770G/660G
Chassis
120Gbps 2Tbps 880Gbps 880Gbps 2Tbps 2Tbps
scalability/slot
Total Chassis BW 120Gbps 8Gbps 3.5 Tbps 7.0 Tbps 20Tbps 40Tbps
ASR9K SDN Enabled Platform & Strategy
Applications
Analytics Policy Servers OSS/BSS User App
4
SDN Controllers
Can be hosted on external
Orchestration servers or VSM service blade
Other OpenFlow OnePK Applications
Controllers Controller
3
Network Function Virtualization
VSM
VSM
Other protocols
OpenFlow
(e.g BGP-LS, PCEP, OneP API
NETCONF) Protocol
2
Common APIs and SDK
OpenFlow OnePK Agent
Other
Agent OpenFlow Agent
OnePK API Layer

Harvest 1 Program
Network Management E-PBR Data Plane SDN Enabled Data Plane: Policies for
Intelligence Plane
Control Plane Flexible, programmable, Optimized
Policy Based Forwarding
Policy Fwd Flows
(PBR, Flow mgmt.) Experience
ASR 9000
ASR9000: One Platform Kit (OnePK)
OnePK Architecture
Application That C,
CanJAVA, Python Program
Application Speak to Router
onePK API Presentation
Communication
Channel
onePK API Infrastructure

Router
IOS / XEThat Can
Speak to ISR,
(Catalyst, Application NXOS IOS XR
ASR1K) (Nexus Platforms) (ASR 9K, CRS)
ASR9000 OnePK Service Sets (IOS XR 5.1.1)
Base Service Set Description
Data Path (DPSS) Provides packet delivery service to application: Copy, Punt, Inject
Provides filtering (ACL), classification (Class-maps, Policy-maps), actions

Policy (Marking, Policing, Queuing, Copy, Punt) and applying policies to interfaces
on network elements
Routing Read RIB routes, add/remove routes, receive RIB notifications

Get element properties, CPU/memory statistics, network interfaces, element
Element and interface events
Discovery L2 topology and local service discovery

Syslog events notification, Path tracing capabilities (ingress/egress and
Utility interface stats, next-hop info, etc.)
Debug capability, CLI extension which allows application to extend/integrate
Developer applications CLIs with network element
OnePK Example
Action: Packet Capture
Analyze TenG0/1/0/1 In
# dynamic packet capture config

(Router)Address=10.99.8.8;
Orchestration
Incoming_intf=TenGigE0/1/0/1;
# dpss.conf (server)
Program OnePK API
LOCAL_IP 192.168.96.2
Continuous Collection
LOCAL_PORT 9999
& Profiling GROUP_NAME cisco
ASR9K
USER_NAME cisco
OnePK Layer
ONEP_SENDER_ID 3
TenGigE0/1/0/1
CE
Getting Started: OnePK & ASR9000
1. Install OnePK Software Development Kit (SDK) - Orchestration Server
2. Certificate Authority (TLS)
3. Router Configuration
4. Application Development
OnePK SDK
1. Download/Install SDK
Cisco DevNet*
All-In-One-VM
C/Java/Python SDK
* https://developer.cisco.com/site/networking/one/onepk/getting-started/
OnePK (Server) TLS
# sample python code
2. Certificate Authority sessConf = SessionConfig(SessionConfig.SessionTransportMode.TLS)
Root Certificate (e.g. cacert.pem) ne = NetworkElement(elementIP, appname)
sessConf.ca_certs = /home/onep/tlscert/cacert.pem
Router (e.g. asr9k-04-4.pem)
con = ne.connect(user, pwd, sessConf)
*easiest to get started:
1-way authentication (router certificate)
Transport Type Configured OnePK Application Requirements Python Sample Application Arguments
transport type tls disable-remotecert-validation CA Certificate -R <path to root cert> (required)

(1-way authentication)
ASR9K Configuration
3. Image: IOS-XR 5.1.1 crypto ca trustpoint onepCA
asr9k-k9sec-px.pie (required) crl optional
4. Generate RSA Keys subject-name CN=ASR9K-04-
4.cisco.com
crypto key generate rsa
enrollment url terminal
5. Create trustpoint: crypto ca trustpoint <trustpoint-name>
6. Import CA certificate: crypto ca authenticate <trustpoint-name>
7. Enroll CA: crypto ca enroll <trustpoint>
Will generate router certificate request
Sample XR crypto ca enroll <trustpoint>
-----BEGIN CERTIFICATE REQUEST-----
MIICHTCX7AABYCAQAwdjEdMBsGA1UEAxMUQVNSOUstMDYtNC5jaXNjby5jb20xJTAj
BgkqhkiG9w0BCQIWFkFTUjlLLUFHMDYtNC5jaXNjby5jb20xHDAaBgkqhkiG9w0B
CQgTDTE3Mi4xOC4xNTIuNTAxEDCDEBgNVBAUTBzM2ODNiNWEwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAPUlBJvv+8sfC66QlThRh3wKc4z3dNDE/pk9XWh251Fr
FnPDXrNRm9wbIx9YKrd5hqlOHPEZy7YZuEF0YFLaULYfVINTSLyvFbCzrrg5eerT
tHUTZWEin7y8OnvXCIOaPgMwKcRk4VvsGfXg5HIwQeo/3X3dcLtjimAWOKAIAbDr
AgMBAAGgZzAXBgkqhkiG9w0BCQcxChMIY2lzY28xMjMwTAYJKoZIhvcNAQkOMT8w
PTAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEEBQADgYEAM84I7m61msyINmgFF4/V
GGAAIqqt7KXf3/gRkW8+8uba1L0/JPqTRv0GOhroUZEnJCvnLHnxg2hfT4vf5UCs
ZURtdB/0TqHV5/Cgs4R+s+fVi4MSmplYbRTxZ7BMp/CL6ZM+DH+LltSnCbIFdEqN
HQ1LNcQkqkEalA2F0BuFXas=
-----END CERTIFICATE REQUEST-----
ASR9K Configuration (cont.)
8. Create & Sign router certificate (on certificate authority)
9. Import Certificate: crypto ca import <trustpoint-name> certificate
10. Configure OnePK (1-way authentication):
onep
transport type tls localcert onepCA disable-remotecert-validation
!
Verification OnePK Status
RP/0/RSP0/CPU0:ASR9K-AG04-4#show onep status
Wed May 21 19:50:20.833 UTC
Status: enabled
Version: 1.1.0
Transport: tls; Status: running; Port: 15002
localcert: onepCA; remotecert: onepCA
<snip>
Service Set: Base State: Enabled Version 1.1.0

Service Set: Vty State: Disabled Version 0.1.0
Sample One-Way TLS (python)
user@orch:~/onePK/python/tutorials/element$ ./NetworkElementTutorial.py -a
172.16.1.2 -R ~/.certs/cacert.pem
CA Certificate
INFO:onep:NetworkElementTutorial:Reading arguments...
Enter Username : lab
Enter Password :
INFO:onep:NetworkElementTutorial:Connecting to Network Element...
INFO:onep:BaseTutorial:We have a NetworkElement :
NetworkElement [ 172.16.1.2 ]
INFO:onep:BaseTutorial:Successful connection to NetworkElement -

INFO:onep:NetworkElementTutorial:Done
INFO:onep:NetworkElementTutorial:NetworkElement parent NetworkElementTutorial
ASR9000: OpenFlow
OpenFlow (OF)
Open Network Foundation (ONF)
Layer 2 Communication Protocol:
Access to forwarding plane
Switch or Router
OF Controller: Control Plane
OF Agent (device): Forwarding Plane
OpenFlow Agent/Plugin
Implements standard OpenFlow switch Availability: Available* IOS-XR, IOS and
model. Universal IOS-XE, NX-OS
Speaks standard OpenFlow protocol

Native dedicated CLI for
troubleshooting User Experience: Common code, base features and CLI
Consistent
Leverages OnePK API across platforms
Deployment:
Across SP, Data Center,
End-to-end Campus
* Please check roadmap for details on supported platforms & timelines
OpenFlow: ASR9000
Agent of ONE-PK:
OpenFlow is an application running on top of OnePK OpenFlow Controller
Runs on RSP
Connects to external OpenFlow Controller OpenFlow Agent
Converts OF messages to corresponding ONE-PK API
OnePK
Support starts IOS XR 5.1.1
Management E-PBR Data Plane
OpenFlow version 1.3 Plane
Control Plane
Policy Fwd Flows
Interface Types: ASR9K
Gig/TenG/HunG and sub-interfaces
Bundle and sub-interfaces
BVI (only for L3_V4, L3_DS)
Pseudo-wire head end sub-interfaces (only L2 and L2_L3)
ASR9K OpenFlow Mode: Hybrid vs. Pure
Pure Mode:
OpenFlow only
All packets processed by OpenFlow pipeline
ASR9K as pure OpenFlow Switch
*Hybrid Mode
OpenFlow and XR forwarding
OpenFlow as a policy based routing (PBR) type of feature.
Can provide fine-tuning on incoming traffic based on OpenFlow rule matching and rule actions
Ability to take advantages of both XR features and OpenFlow flexibility
* Recommended
ASR9000 OpenFlow Tables
Table Header Matches Actions Ingress Interface
L2 Only L2 header L2 Actions Only L2 Interface
L2_L3 L2 & L3 (v4 or v6) L2 Actions Only L2 Interface

header
L3_V4 L3 IPv4 header L3 Actions Only L3 Interface
L3_DS L3 v4 & v6 (Dual Stack) L3 Actions Only L3 Interface
Flow Table: header
Consists of a set of flows

Each flow contains a set of matches and actions.
Can be applied to a set of targets (similar to policy-map)
Applied only in ingress direction
OpenFlow Matches
Supported on ingress port and various packet headers depending on packet type
Priority: Highest priority flow entry that matches packet gets selected
Lowest priority is zero and highest is 32768
Some examples (reference documentation for complete list):
OpenFlow Switch Types supported on ASR9000
Open Flow Matches
Applied L2 Bridge Applied L3 or L3 VRF
Domain Interface
OXM Flow match field type for OF basic Description L2 Only L2_L3 L3_V4 L3_DS
class
OFPXMT_OFB_IN_PORT Switch input port Yes Yes Yes Yes
OFPXMT_OFB_ETH_DST Ethernet Yes Yes No Yes

destination addr
OFPXMT_OFB_IPV4_SRC IPv4 SRC Addr No Yes Yes Yes
OFPXMT_OFB_IPV4_DST IPv4 DST Addr No Yes Yes Yes
OpenFlow Actions
Packet forwarding and modification types of actions are supported
List of actions are immediately applied to the packet
Some examples (reference documentation for complete list):
OpenFlow Switch Types supported on

ASR9000
Open Flow Actions & Set Field Actions
Domain Interface
OXM Flow action field type for OF Description L2 L2_L3 L3_V4 L3_DS
basic class Only
OFPAT_PUSH_VLAN Push new VLAN Yes Yes No No
tag
OFPXMT_OFB_IPV4_DST IPv4 DST Addr No No Yes Yes
OpenFlow Cisco Extension Actions
Additional OpenFlow features on ASR9000/IOS XR 5.1.1
OpenFlow Switch Types supported on
ASR9000
Cisco Added Actions
Domain Interface
Action Description L2 L2_L3 L3_V4 L3_DS
Only
Set IPv4 Next Hop Set IPv4 Nexthop No No Yes Yes
Address
Set IPv6 Next Hop Set IPv6 Nexthop No No No Yes
Address
Set Forward Class ID Set Forward Class ID No No Yes Yes
Netflow Enable/Disable Enable/Disable Netflow No No Yes Yes
OpenFlow Example Action:
Match SRC 10.201.7.43
Analyze Set Forward-Class ID 2
Orchestration OpenFlow Controller:

table description: L3 IPv4 & IPv6
Program OF Controller match ethertype ipv4
Collect-OnePK match source-address 10.201.7.43
set forward-class 2
ASR9K
OnePK Layer
TenGigE0/1/0/1
CE
10.201.7.43
ASR9000 OpenFlow Configuration
IOS XR Images
asr9k-mini-px.vm
asr9k-mpls-px.pie (required for L3VPN, L2VPN)
asr9k-k9sec-px.pie (required for TLS)
OnePK Configuration (Mandatory)
onep
datapath transport vpathudp sender-id 1
Default port TCP 6653

Any physical interface for OF controller
OpenFlow L2 Switch Cisco IOS XR 5.1.1
interface TenGigE0/0/0/3
l2transport L2 Only Switch
!
l2vpn
bridge group SDN-1 Openflow Switch attached to
bridge-domain OF-1 bridge-domain
!
openflow
switch 7 pipeline 129 OpenFlow Controller
tls trust-point local openfCA remote openfCA
bridge-group SDN-1 bridge-domain OF-1
controller ipv4 172.16.1.45 port 6653 security tls
!
!
OpenFlow L2 + L3 Switch Cisco IOS XR 5.1.1
l2transport L2 + L3 Switch
!
l2vpn
bridge group SDN-2
bridge-domain OF-2 Openflow Switch attached to
interface TenGigE0/0/0/4 bridge-domain
!
openflow
switch 9 pipeline 130
tls trust-point local openfCA remote openfCA
OpenFlow Controller
bridge-group SDN-1 bridge-domain OF-1
!
!
OpenFlow L3_V4 Switch Cisco IOS XR 5.1.1
openflow All interfaces in VRF become
part of OpenFlow Switch
vrf ONE
L3_V4 Switch
openflow
interface Bundle-Ether2.1 Specify L3
interface GigabitEthernet0/1/0/7 Interfaces
interface GigabitEthernet0/0/0/0/4.1301
OpenFlow Netflow Cisco IOS XR 5.1.1
Cisco extension to OpenFlow
Used to enable/disable NETFLOW on Layer 3 Interfaces
openflow
switch 100 netflow
flow monitor mmap sample smap
interface Bundle-Ether3
/dev/innovate Beta
A Half-Rack of Awesome, Delivered to Your Door.
/dev/innovate is Ciscos new innovation acceleration program. It includes a
comprehensive product kit of hardware, software, use-cases and documentation,
coupled with technical support, community and business development resources.
Create, innovate & develop new solutions smarter & faster with the latest
technologies, products and applications on the most widely used infrastructure
platform on the market today. The kit comes ready-to-use and pre-configured with
OpenStack, new beta technologies and multiple software solutions that you can test-
drive and develop on, complete with Cisco-staffed community support.
One Kit. Endless Possibilities. www.dev-innovate.com
Get Started Today! @DevInnovate
Go to www.dev-innovate.com to get more information on the program

1 & solutions. You can also ask questions via our website and were
adding information and solutions weekly.
Apply for Beta via an easy online form were currently accepting
applications and will broaden our scope soon! Well follow-up with an
2 email that includes more detail on the program and answer any
questions you may have.
Youre in! In about 3 weeks youll get a fully configured Kit delivered
to your door. Were in beta so were taking a limited number of users
3 but expanding scope quickly. Feedback welcome; please give us the
details we need to make the program better!
ASR9000 Path Computation Element
Protocol
Overview BGP Link-State
PCE
BGP may be used to advertise link state and
link state TE database of a network (BGP-LS)
LSP DB
Provides a familiar operational model to easily
aggregate topology information across TED
domains
New link-state address family BGP-LS
Support for distribution of OSPF and IS-IS link Domain 0 RR

state databases
BGP-LS
Topology information distributed from IGP into BGP-LS
BGP (only if changed)

Support introduced in IOS XR 5.1.1 Domain 1 Domain 2
BGP Link State Configuration Cisco IOS XR 5.1.1
router ospf 1
Distribute link state
distribute bgp-ls instance-id 1
database into BGP-LS
router-id 10.99.8.8
area 0
router bgp 65000

bgp router-id 10.99.8.8
address-family link-state link-state
Enable address-family
!
link-state
neighbor 192.168.96.2
remote-as 65000
update-source Loopback0
address-family link-state link-state
! Specify BGP-LS peer
!
BGP-LS *OpenDaylight Sample Configuration
<type xmlns:prefix="urn:opendaylight:params:xml:ns:yang:controller:bgp:rib:impl">prefix:rib-impl</type>
<name>example-bgp-rib</name>
<rib-id>example-bgp-rib</rib-id>
<local-as>65000</local-as> OpenDaylight Controller
<bgp-id>192.168.96.2</bgp-id>
<bgp>
<type
xmlns:prefix="urn:opendaylight:params:xml:ns:yang:controller:bgp:listener">prefix:listener</type>
<name>example-bgp-peer</name>
<host>10.99.8.8</host>
</bgp> BGP-LS peer (ASR9000)
* Approximately Lines 55 to 67 of <install-path-hydrogen1.0>/opendaylight/configuration/initial/41-bgp-sample.xml

BGP Link State Prefixes For Your
Reference
BGP-LS prefix string has the following general format

[NLRI-Type][Area][Protocol-ID][Local node descriptor][Remote node
descriptor][Attributes]/prefix-length
Node descriptors and attributes consists of potentially multiple TLVs

Node descriptors and attributes are shown as
[X[TLV1][TLV2]]
Where X identifies object (e.g. local node, remote node, link, etc.)
TLVs are shown in the format
[yVALUE]
Where y identifies field type (e.g. AS number, interface address, etc.)
BGP Link State Verification Cisco IOS XR 5.1.1
RP/0/RSP0/CPU0:ASR9K-4#sh bgp link-state link-state
Tue May 6 00:09:45.523 UTC Prefix codes
BGP router identifier 10.99.8.8, local AS number 100
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Prefix codes: E link, V node, T IP reacheable route, u/U unknown
I Identifier, N local node, R remote node, L link, P prefix
L1/L2 ISIS level-1/level-2, O OSPF, D direct, S static
a area-ID, l link-ID, t topology-ID, s ISO-ID, Node
c confed-ID/ASN, b bgp-identifier, r router-ID,
i if-address, n nbr-address, o OSPF Route-type, p IP-prefix
d designated router address
Network Next Hop Metric LocPrf Weight Path Link
*> [V][O][I0x1][N[c100][b10.99.8.8][a0.0.0.0][r10.99.1.1]]/376
0.0.0.0 0 i
*>
[E][O][I0x1][N[c100][b10.99.8.8][a0.0.0.0][r10.99.1.1]][R[c100][b10.99.8.8][a0.0.0
.0][r10.99.2.2]][L[i192.168.192.2][n192.168.192.3]]/792
0.0.0.0 0 i
RESTCONF* Sample OpenDaylight BGP LS Topology
{ "topology": [
{ "link": [
{ "link-id": "bgpls://Ospf:1/type=link&local-as=100&local-
domain=174262280&local-area=0&local-router=174261509&remote-as=100&remote-
domain=174262280&remote-area=0&remote-router=174261766&ipv4-iface=192.168.128.0&ipv4-
neigh=192.168.128.1",
"l3-unicast-igp-topology:igp-link-attributes": {
"ospf-topology:ospf-link-attributes": {
"ospf-topology:ted": {} },
"l3-unicast-igp-topology:metric": 10 },
"destination": {
"dest-node":
"bgpls://Ospf:1/type=node&as=100&domain=174262280&area=0&router=174261766",
"dest-tp": "bgpls://Ospf:1/type=tp&ipv4=192.168.128.1},
"source": {
"source-tp": "bgpls://Ospf:1/type=tp&ipv4=192.168.128.0",
"source-node":
"bgpls://Ospf:1/type=node&as=100&domain=174262280&area=0&router=174261509}
* http://localhost:8080/restconf/operational/network-topology:network-topology/topology/example-linkstate-topology
Path Computational Element
Path computation in large, multi-domain and multi-layer networks
Path computation element (PCE) HELLO
Computes Network Paths my name is
May reside on network node or Out of Network Server PCE

May initiate path creation
Path computation client (PCC)
May send path computation requests to PCE
May send path state updates to PCE
PCC and PCE communicate via Path Computation Element Protocol (PCEP)
Stateless and Stateful PCE
Stateless
Stateful PCE
PCE has no knowledge of previously established
paths
LSP DB
Stateful
Synchronization between PCCs and PCEs TED
PCC maintains state synchronization with PCE
PCC may delegate LSP control to PCE PCEP
Either PCE or PCC can initiate LSP setup
PCC always owns LSP state
PCC
PCE-initiated
LSP
Cisco PCE Models
Inter-Area MPLS TE WAN Orchestration
(Stateless PCE) (Stateful PCE)
Stateful PCE
Stateless PCE
(WAE)
Application LSP DB
Path
Request
TED TED
Area
Stateless PCE 0
PCEP Stateless PCE
(ABR) (ABR)
PCEP BGP-LS / PCEP BGP-LS /
PCEP SNMP / CLI SNMP / CLI
Area 0
Stateless PCC Area 1 Area 2
Stateful
PCC-initiated PCC
LSP
PCE-initiated
Stateless LSP
Area 1 Area 2
PCC
PCC-initiated
LSP
ABRs act as stateless PCEs Out-of-network, stateless PCE server Out-of-network, Stateful PCE server
ABRs implement backward recursive PCE-Based PCC initiates LSPs PCE always initiates LSPs
Computation Introduced in IOS XR 3.5.2 Introduced in IOS XR 5.1.1
Introduced in IOS XR 3.5.2 IOS XR 5.1.1 introduces PCEP RFC-
IOS XR 5.1.1 introduces PCEP RFC-compliance compliance
PCE-Initiated Tunnels in Cisco IOS XR 5.1.1
Treated as dynamically created tunnels (auto- Stateful PCE
tunnel)
LSP DB
Tunnel number allocated from user defined range
Router does NOT verify or compute path that TED
PCE provides (treated as verbatim path)
PCEP
Router does not attempt local LSP re-optimization
Initiate /
PCE responsible for LSP re-optimization Create
PCE sends an PCEP Update when a better path

exists PCC
Tunnels may be inter-area

Only PCE-initiated LSPs can be delegated
PCC Configuration - Cisco IOS XR 5.1.1
!
ipv4 unnumbered mpls traffic-eng Loopback0 Required for
! auto-tunnel
mpls traffic-eng
pce PCE server
peer ipv4 172.16.255.3
stateful-client
Allow PCE-
instantiation
initiated LSP
!
!
auto-tunnel pcc User defined
tunnel-id min 7000 max 9999 tunnel number
! range.
!
Verification PCE Peer IOS XR (5.1.1)
RP/0/RSP0/CPU0:ASR9K-4#show mpls traffic-eng pce peer
Tue May 6 03:21:17.216 UTC
Address State Learned From

--------------- ------------ --------------------
192.168.96.2 Up Static config
PCE Add-LSP (OpenDaylight) Sample
REST URL: http://localhost:8080/restconf/operations/network-topology-pcep:add-lsp
Method: POST Content-Type:application/xml
<input>
<node>pcc://10.99.8.8</node> PCC
<name>update-tunel</name>
<arguments>
Source
<endpoints-obj><ipv4>
<source-ipv4-address>10.99.8.8</source-ipv4-address>
<destination-ipv4-address>10.99.6.6</destination-ipv4-address> Destination
</ipv4></endpoints-obj>
</arguments>
<network-topology-ref xmlns:topo="urn:TBD:params:xml:ns:yang:network-
topology">/topo:network-topology/topo:topology[topo:topology-id="pcep-
topology"]</network-topology-ref>
</input>
Verification PCE Tunnel IOS XR (5.1.1)
RP/0/RSP0/CPU0:ASR9K-AG04-4#show mpls traffic-eng pce tunnels
Mon May 19 17:36:20.237 UTC
Tunnel : tunnel-te7004
Destination : 10.99.6.6
State : down
PCE Update LSP (OpenDaylight) Sample
URL: http://localhost:8080/restconf/operations/network-topology-pcep:update-lsp
<input>
<node>pcc://10.99.8.8</node> <name>update-tunel</name>
<network-topology-ref xmlns:topo="urn:TBD:params:xml:ns:yang:network-topology">/topo:network-
topology/topo:topology[topo:topology-id="pcep-topology"]</network-topology-ref>
<arguments>
<operational xmlns:stateful02="urn:opendaylight:params:xml:ns:yang:pcep:crabbe:stateful:02">true</operational>
<ero>
<subobject><loose>false</loose><ip-prefix><ip-prefix>192.168.64.4/32</ip-prefix></ip-prefix></subobject>
</ero>
</arguments>
</input> Explicit-Route Object (ERO)
RP/0/RSP0/CPU0:ASR9K-AG04-4#show mpls traffic-eng pce tunnels
Mon May 19 17:39:38.550 UTC
Tunnel : tunnel-te7004
Destination : 10.99.6.6
State : up
Current path option : 10
PCE Remove LSP (OpenDaylight) Sample
URL: http://localhost:8080/restconf/operations/network-topology-pcep:remove-lsp
<input>
<node>pcc://10.99.8.8</node>
<name>update-tunel</name>
<network-topology-ref xmlns:topo="urn:TBD:params:xml:ns:yang:network-
topology">/topo:network-topology/topo:topology[topo:topology-id="pcep-
topology"]</network-topology-ref>
</input>
RP/0/RSP0/CPU0:ASR9K-AG04-4#sh mpls traffic-eng pce tunnels
Mon May 19 17:43:35.610 UTC
No PCE tunnels.
Show Commands in Cisco IOS XR
New commands
show mpls traffic-eng auto-tunnel pcc []
Modified Commands
show mpls traffic-eng pce peer [ all|ipv4 <addr>|node-id <id>|stateful|stateless]
Other useful commands
show mpls traffic-eng pce tunnels <id>
show mpls traffic-eng pce trace []
Traffic Steering into PCE-Initiated Tunnels
Two approaches
Autoroute announce
Policy-based tunnel selection (forwarding class id)
PCE can specify autoroute announce and forwarding class id during LSP creation /
instantiation or update
Policy Based Tunnel Selection
Local mechanism at head-end
Input policy matches
traffic based on ACL
PBR policy sets forwarding class for and sets forwarding
incoming traffic class
PE1 Tunnel-te1000
Traffic switched to tunnel with matching Forwarding class 1
forwarding class PE2
Tunnel-te2000
Seven forwarding classes supported (1- Forwarding class 0

(default)
7)
One forwarding class reserved as
default (0)
PCE Example
Tunnel-te1000
ASR9K-1 Forwarding ASR9K-2
TenGigE0/1/0/1
CE OnePK Layer class 1 OnePK Layer
Tunnel-te2000
10.201.7.43 Set Forward ClassID 2
Forwarding
class 0 (default)
Tunnel-te7000 ASR9K-3
PCE Initiated LSP OnePK Layer
Forwarding class 2
ASR9000 NETCONF/YANG
NETCONF
Network Configuration Protocol (NETCONF)
XML based interface between network device and NMS
Mechanism to manage, configure, and monitor network device
Published RFC 4741 (Dec 2006)
Updated RFC 6241 (Jun 2011)
Overcome SNMP Limitations
2003 IAB Network Management Workshop (RFC3535)
Comparing SNMP and NETCONF
SNMP NETCONF
Data Models Defined in MIBs Defined in YANG modules (or

XML schema documents)
Data Modeling Language Structure of Management YANG (and XML schema)
Information (SMI)
Management Operations SNMP NETCONF
RPC Encapsulation Basic Encoding Rules (BER) XML
Transport Protocol UDP TCP (reliable transport)
NETCONF Layers
Content
Configuration and Notification Data
Operations
Defines base operations invoked as RPC methods with XML encoded parameters
Remote Procedure Call (RPC)
Simple, transport-independent mechanism for encoding messages and notifications.
Transport Protocol
Reliable communication between client and server
NETCONF Operations IOS XR
NETCONF supported from IOS XR Agent:
TTY NETCONF session:
Logon through telnet and then enter netconf command
SSH NETCONF session:
Logon through SSH and then enter netconf command
*IANA-assigned TCP port 830 for NETCONF SSH is not supported
NETCONF Configuration (XR 5.1.1)
NETCONF TTY Agent:
hostname ASR9K-R1
netconf agent tty domain name cisco.com
Enable NETCONF SSH Agent: !
netconf agent tty
ssh server v2
!
netconf agent tty ssh client vrf default
Session verification: ssh server v2
ssh server vrf default
show netconf session
NETCONF Data Stores-IOS XR
Running Candidate
Data stores are named containers that may hold an entire copy of the configuration
IOS XR Supported Datastores:
<running>
<candidate>
*XR two stage commit (no startup datastore)
IOS XR Supported Configuration:
Candidate Configuration Capability
urn:ietf:params:netconf:capability:candidate:1.0
NETCONF Action:
Match SRC 10.201.7.43
Set Forward ClassID 2
Analyze
Orchestration NETCONF Edit-Config:

<PBR>
<ServicePolicy>
Program NETCONF
Collect-OnePK <Input>PBTS</Input>
</ServicePolicy>
ASR9K </PBR>
OnePK Layer
TenGigE0/1/0/1
CE
10.201.7.43
Starting SSH NETCONF Session
nms$ ssh l lab 10.99.8.8 netconf echo format
cisco@10.99.8.8's password:
Tue Apr 1 03:00:24.199 UTC
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:notification:1.0</capability>
</capabilities>
<session-id>285212672</session-id>
</hello>
NETCONF Operation <hello>
Used to exchange capabilities
Initiated by the NETCONF Server
Must be acknowledged by client before client can send any other messages
IOS XR 5.1.1:
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:notification:1.0</capability>
</capabilities>
<session-id>285212672</session-id>
</hello>
NETCONF Operations - <edit-config>
Modify configuration of particular data store
Can only be used on writable data store
Support on IOS XR:
Candidate Configuration Capability
urn:ietf:params:netconf:capability:candidate:1.0
NETCONF Operation <edit-config> interface TenGigE0/3/0/0
description NETCONF CONFIG
<?xml version="1.0" encoding="UTF-8" ?> ipv4 address 10.223.1.1 255.255.255.0
<rpc message-id="106" xmlns="urn:ietf:params:netconf:capability:candidate:1.0">

<edit-config>
<target><candidate/></target> Datastore
<config>
<Configuration><InterfaceConfigurationTable><InterfaceConfiguration><Naming>
<Active>act</Active>
<InterfaceName>TenGigE0/3/0/0</InterfaceName> Interface
</Naming>
<Description>NETCONF CONFIG</Description>
Add interface
<IPV4Network><Addresses><Primary> description
<Address>10.223.1.1</Address>
<Netmask>255.255.255.0</Netmask>
</Primary></Addresses></IPV4Network>
</InterfaceConfiguration></InterfaceConfigurationTable> IPv4 Address
Netmask
</Configuration></config>
</edit-config> </rpc> ]]>]]>
NETCONF Operations <edit-config> (cont)
<rpc-reply message-id="106" xmlns="urn:ietf:params:netconf:capability:candidate:1.0">
<ok/>
</rpc-reply> rpc-reply
]]>]]>
<?xml version="1.0" encoding="UTF-8" ?>
<commit/>
</rpc> Commit
]]>]]> Configuration

<ok/>
</rpc-reply>
rpc-reply
]]>]]>
NETCONF Operations - <get-config>
Used to retrieve all or portions of configuration
Subtree filtering support:
Attribute Match Expression
Can only be specified in Table classes (e.g. <InterfaceName Match=TenGig.*/> )
Containment Nodes:
Filtering is by specifying container classes (e.g. <InterfaceConfigurationTable/> )
Selection Node:
Filtering by specific selection (e.g. <InterfaceName>Loopback0</InterfaceName>
NETCONF Operation <get-config>(Attribute match)
<get-config>
Datastore
<source><running/></source>
<filter>
<Configuration>
<InterfaceConfigurationTable> Attribute match: all TenGigE interfaces
<InterfaceConfiguration>
<Naming>
<InterfaceName Match=TenGigE.*/>
</Naming>
</InterfaceConfiguration>
</InterfaceConfigurationTable>
</Configuration>
</filter>
</get-config>
</rpc> ]]>]]>
NETCONF Operation <get-config>(Containment node)
<get-config>
Datastore
<filter>
<Configuration>
Containment: all interfaces
<InterfaceConfigurationTable/>
</Configuration>
</filter>
</get-config>
</rpc> ]]>]]>
NETCONF Operations <get-config> (selection node)
<get-config>
Datastore
<filter>
<Configuration>
<InterfaceConfigurationTable>
<InterfaceConfiguration> Selection: Loopback0 only
<Naming>
<InterfaceName>Loopback0</InterfaceName>
</Naming>
</InterfaceConfiguration>
</InterfaceConfigurationTable>
</Configuration>
</filter>
</get-config>
</rpc> ]]>]]>
NETCONF Operations <get-config> (rpc-reply)
<?x<?xml version="1.0" encoding="UTF-8"?>
<data><Configuration>
<InterfaceConfigurationTable MajorVersion="5" MinorVersion="3">
<InterfaceConfiguration> <Naming><Active>act</Active>
<InterfaceName>Loopback0</InterfaceName>
</Naming>
<InterfaceVirtual>true</InterfaceVirtual> Tagged Configuration
<IPV4Network MajorVersion="6" MinorVersion="3">
<Addresses><Primary>
<Address>10.99.8.8</Address>
<Netmask>255.255.255.255</Netmask>
</Primary></Addresses></IPV4Network>
</InterfaceConfiguration></InterfaceConfigurationTable>
</Configuration></data>
</rpc-reply> ]]>]]>
Closing SSH NETCONF Session
<rpc message-id="106" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<close-session>
</close-session>
</rpc> ]]>]]> RPC close-session

<rpc-reply message-id="106" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply> RPC-Reply
]]>]]>
Connection to 10.99.8.8 closed by remote host.
odl-1$ Connection Closed
YANG
Modeling language defined in RFC 6020
Used by NETCONF to define objects and data in requests and replies
Models configuration, operational, and RPC data
Provides semantics to better define NETCONF data
Provides common data model:
In order for NETCONF to be useful as network-wide protocol
To consume NETCONF data from any network device
YANG modules are for NETCONF what MIBs are for SNMP
YANG XR / ASR9000 Support
YANG data modules still being developed with standards drafts being proposed
and under review
IOS XR Support for YANG being taken in phased approach based on YANG
modules being developed by Cisco and industry standardization
First phase for general release being targeted for XR 5.3.0*
First phase targeting management, core, access, and services based functions
YANG models available as SMU for ASR9K in controlled availability. Contact
your account team for further details.
* DISCLAIMER: Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to
change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.
Services & NFV
ASR9K Service Architecture Vision
The Service Enabled Programmable Network
Analytics: Internal External
Security: Mobility: DPI: Enterprise:WAN Ecoystem Custom Ecosystem
Topology
FW, IPSec, IPS, SIPTO Parental Ctrl, Aggr, Unified App. Custom App.
Real Time Traffic
Virus IPSec advanced Communication/
stats
DDOS classification Collab
Cloud Virtualization Layer

SDN Open API
SDN
VSM
SDN
VSM SDN UCS
VSM
VSM
Cisco ASR Virtualized Services Model (VSM)

Enabling Services and Analytics
Network Services
Applications Services delivered at L4-L7

and | or
Functions that are not traditional core
functions of a router
SBC WLC
DHCP | DNS IPS
CDN
IDS NAT | CGN
Mobile SecGW dDOS
Caching
Firewall Encryption DPI
Network function Virtualization
NfV = Transition of network infrastructure services to run on virtualized compute platforms
typically x86
Services Delivery Options
S1 S2 S3
Bare-Metal Appliances
Dedicated one-trick-ponies
Legacy
Provider Edge
Service Blades
Legacy -> dedicated one-trick-ponies
S1 S2 S3
VSM Virtualized on generalized compute blades

Provider Edge
Cloud based
S1 S2 S3
Virtualized on generalized compute data
center infrastructure
Provider Edge
Services Delivery Options
S1 S2 S3
Bare-Metal Appliances
Dedicated one-trick-ponies
Legacy
Provider Edge
S2
Service Blades
Hybrid
Legacy -> dedicated one-trick-ponies
S1 S2 S3
S3
Two or more of the above options involved
S1
VSM Virtualized on generalized compute blades
VSM Most complex setup
Provider Edge
Cloud based
S1 S2 S3
Virtualized on generalized compute data
center infrastructure
Provider Edge
Services Deployment Evolution
The Advantage of Virtualization
Standalone appliances Service blades Application Virtualization
Hardware + Software + Hardware + Software + Shared Hardware; True pay as
Cost Maintenance Maintenance you grow
High consumption and Lower consumption but still Low consumption and non-linear
Power & Space increases linearly increases linearly scaling
Increases linearly Very Little Very Little

Cabling
OPEX High Medium Low
Each unit needs to be managed Each blade needs to be Manage multiple units as one
Scalability independently managed independently
ASR 9000
VSM Service Blade Overview
ASR 9000 VSM
3rd
Party 3rd
Party
IPSec CGN
VPAT Q1 2014
H
VPATH VPATH Data Center Compute: 4 x Intel 8-core x86 CPU
VM-4 VM-3
VM-1 VM-2 2 Typhoon NPU for hardware network processing
VMM 120 Gbps of Raw processing throughput
Crypto Support
OS / Hypervisor
40 Gbps of hardware assisted Crypto

throughput
8k Tunnels
Virtualization Hypervisor
Services Chaining
SDN SDK for 3rd Party Apps (OnePK)
VSM Virtualized Services VM Management Modes
XR Managed (@FCS)
IOS XR XR manages service VMs
On VSM
S1 S2 S3
VSM DC Orchestration
Provider Edge
Cloud managed (Future)

S2 S3
Virtualized on generalized compute S1
VSM
data center infrastructure
Key Advantages of Virtualized Service Infrastructure
App + App App App
Hypervisor Hypervisor Hypervisor Hypervisor
VSIM VSIM VSIM VSIM
Regular Line Card
Regular Line Card
Regular Line Card
Regular Line Card
Regular Line Card

Route Processor
Route Processor
ASR
Service Card
Service Card
Service Card
Regular Line Card

Regular Line Card
Regular Line Card
Regular Line Card
Regular Line Card

Route Processor
Route Processor
Service Card
Service Card
Service Card
9000 ASR
9000
On-Demand Performance Scaling

Incremental Blades Add Compute Capacity to a Common Application Load Balancing
Managed Services Complex Traffic Diversion Between Apps & Blades
Firewall CGv6 DPI App App App

Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor
VSIM VSIM VSIM VSIM VSIM
Regular Line Card
Regular Line Card
Regular Line Card
Regular Line Card
Regular Line Card
Regular Line Card

Regular Line Card
Regular Line Card
Regular Line Card
Regular Line Card

Route Processor
Route Processor
Route Processor
Route Processor
ASR
Service Card
Service Card
Service Card
Service Card
Service Card
Service Card
ASR
9000 9000
Service Chaining Service High Availability

Inter-VM Traffic Direction Auto Failure Detection and Traffic Redirection
ASR9000 Service Chaining
ASR 9000 OnePk/
Flexible Service Workflow Management
OF
App /
OnePK Layer SDN Ctrl.
VSM Services External Service Appliance

Virus/Malware
IPSec Analytics DPI
Scan
CGN Security CDN SBC
Residential Customer Group A DPI Virus/Malware Scan Firewall
Residential Customer Group B CGN Firewall
Business Internet CGN DDOS Protection Firewall
Business VPN Corp X IPSec Virus/Malware Scan SBC
Flexible Ordering of
Easy to Deploy True Multi-Service
Services
Cisco ASR 9000 Service Architecture Vision
Flexible NfV Placement for Optimal Service Delivery
Transparent Virus Malware

Analytics DPI NAT Firewall vRouters CDN
Cache Protection
Vmware/kvm Vmware/kvm Vmware/kvm Vmware/kvm Vmware/kvm Vmware/kvm Vmware/kvm Vmware/kvm
Decide per NfV function

Where to place it based
on service logic requirements
Low Latency SDN Elastic Scale
Simplified Service VSM High Throughput
Chaining SDN
VSM
SDN
Simplified UCS
Management Plane VSM VSM
Cisco ASR 9000 Virtualized Services Model (VSM)

Enabling Services and Analytics
Summary & Roadmap
ASR 9000 SDN and Services Roadmap
OnePK (Phase 1) CA OnePK (Phase 2) CA OnePK (Phase 3) GA OnePK (Phase 4)
Element SS Policy SS Policy SS Enh. BGP SS,
Interface SS Datapath SS DPSS L2 Support LISP SS
Routing SS Topology SS Tunnel SS
Discovery SS OpenFlow 1.3 GA NAT SS
AAA SS OpenFlow 1.3 (Ph. 1 EFT)
Utility SS OF 1.3 Protocol E-PBR (Phase 3) OpenFlow 1.3 (Phase 2+)
V6 match Support Tag Infra Support
ASR 9000 E-PBR (Phase 1) Cisco Extensions BGP AS Steering Netconf/Yang
PBTS/CBTS Set Next Hop
Set Forwarding Class ID BGP Flowspec
E-PBR (Phase 2)
Policy Based Forwarding
PCE Integration
BGP-LS API
PCEP
Q3CY13 Q4CY13 Q2CY14

Future
XR 5.1.0 XR 5.1.1 XR 5.2.0
DISCLAIMER: Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to
VSM Roadmap
- VSM Hardware - Dynamic Load Balancing or

-Support for TPM (Trusted
- OnePK Support Application Defined Load
Platform Module)
- Static Load Balancing Balancing
- Service Enablement
- Service Enablement Architecture HA - Cisco PRIME Support
Architecture Enhancements - Customer Built OnePK
- Service Redirect on - Service Chaining (E-PBR Applications
Failure Rule Setting) - Firewall Application
- Security Gateway for - IPSec Phase 1 - Anti-DDoS Application
Mobile - 3rd Party Apps
- Multi-Apps per VSM
- CGN for NAT44 (Phase 1)
Q4CY13 Q2CY14 Future

XR 5.1.1 XR 5.2.0
DISCLAIMER: Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to
BRKSPG-2722 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 115 * Not committed
Cisco Developer Resources
onePK - http://www.onepkdeveloper.com
SDLC - https://developer.cisco.com/site/networking/one/sdlc/overview/
EEM - https://supportforums.cisco.com/community/netpro/network-infrastructure/eem
ONE Forums - https://developer.cisco.com/site/devnet/forums/index.gsp#L2CiscoONE
ODL - http://www.opendaylight.org/
XNC -
http://software.cisco.com/download/release.html?mdfid=285963706&softwareid=28597896
7&release=1.0.0&relind=AVAILABLE&rellifecycle=&reltype=latest
APIC-EM - https://developer.cisco.com/site/networking/one/apic/enterprise-module/
APIC-DC
APIs - https://developer.cisco.com/site/networking/routers-switches/nexus9000/documents/
GitHub - https://github.com/datacenter/nexus9000
Cisco Live SDN and Network Programming Resources
Monday, May 19, 8:00-9:30 - BRKOPT-2102 - Software Innovations and Control Plane Evolution in the new SDN Transport
Architectures - Loukas Paraschis
Monday May 19, 9:00-09:30 - DevNet Presentation - onePK: The Swiss Army Knife of Developer Tools - Nathan Sowatskey
Monday, May 19, 10:00-12:00 - BRKRST-2117 - The Hitchhiker's Guide to onePK - Shelly Cadora
Monday, May 19, 12:00-12:30 DevNet Presentation - Enabling DevOps in an SDN World Akshat Sharma
Monday, May 19, 13:00-15:00 - BRKSDN-1014 - Introduction to Software-Defined Networking (SDN) and Network Programmability -
Jason Davis
Monday, May 19, 13:00-15::00 - BRKNMS-3021 - Advanced Cisco IOS Device Instrumentation - Joe Clarke
Tuesday, May 20, 8:00-9:30 - BRKSDN-2777 - Open Network Environment (ONE) Software Development Lifecycle (SDLC) - Nathan
Sowatskey
Tuesday, May 20, 12:30-14:30 - BRKRST-2051 - SDN From Concepts To Reality - Frank Brockners
Wednesday, May 21, 8:00-17:00 - LTRNMS-3601 Advanced Network Programming and Automation - Joe Clarke, Nathan
Sowatskey, Bruno Klauser, Jason Pfeifer
Thursday, May 22, 8:00-10:00 - BRKSPG-2722-SDN deployment in ASR9000 - Joel Roberts, Robert Piasecki
Thursday, May 22, 12:30-14:00 - BRKCRS-3090 - Implementing Network Programming and Automation - Bruno Klauser
Thursday, May 22, 14:30-16::00 - BRKCDN-2303 - DevOps in Programmable Network Environment - Faisal Hasan, Azeem Suleman
Complete Your Online Session Evaluation
Give us your feedback and you
could win fabulous prizes. Winners
announced daily.
Complete your session evaluation
through the Cisco Live mobile app
or visit one of the interactive kiosks
located throughout the convention
center.
Dont forget: Cisco Live sessions will be available

for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education
Demos in the Cisco Campus
Walk-in Self-Paced Labs
Table Topics
Meet the Engineer 1:1 meetings
Reference Slides
OpenFlow L3_DS Switch Cisco IOS XR 5.1.1
Using VRF:
openflow All interfaces in VRF become part of
switch 10 pipeline 132 OpenFlow Switch
vrf ONE
openflow
interface Bundle-Ether2.1 Using L3 Interfaces
interface GigabitEthernet0/1/0/7
OpenFlow Show Commands (XR 5.1.1)
show openflow switch <>
show openflow switch <> controllers | stats
show openflow switch <> ports
show openflow switch stats
show openflow switch flows | brief/summary
show openflow interface switch <>
show openflow hardware capabilities pipeline <>
show table-cap table-type <>
OpenFlow Show Commands (XR 5.1.1)
Show policy-map commands:
show policy-map transient list type pbr
show policy-map transient type pbr pmap-name <>
show policy-map transient targets summary
PBR platform show commands
show pbr-pal ipolicy [<policy_name> | all ] location <loc>
show pbr-pal ipolicy <policy_name> iclass [<iclass_handle> | all ] vmr-info location <loc>
show pbr-pal ipolicy <policy_name> iclass [<iclass_handle> | all] stats [clear-on-read] location <loc>
show prm server tcam entries <table> vmr-id <> 100 np0 loc <>
show prm server tcam summary <table> PBR all loc <>
OpenFlow Debug (XR 5.1.1)
Debug for OpenFlow Agent:
debug openflow switch ovs module ofproto level debug
debug openflow switch ovs module ofproto-plif level debug
debug openflow switch ovs module plif-onep level debug
debug openflow switch ovs module plif-onep-util level debug
debug openflow switch ovs module plif-onep-wt level debug
Debug for Policy Manager

debug policymgr all
debug policymgr trace
debug policymgr lib all
debug policymgr lib trace
Debug for PBR: debug pbr-pal all loc
PCE-Initiated LSP (Multiple PCEs)
PCC synchronizes LSP state over all Stateful PCE A Stateful PCE B
open stateful PCEP sessions
LSP DB LSP DB
When a PCE creates / initiates an LSP
PCC will report LSP state to all stateful TED TED
PCEs
PCEP
PCC will only delegate LSP to originating
PCE PCEP
LSP may be re-delegated if originating

PCE disconnects or renounces Stateful
PCC
delegation
LSPs may be re-delegated to a stateful
PCE sending a matching LSP creation /
initiation before LSP cleanup timeout
Sample PCEP Show Command-IOS XR 5.1.1
RP/0/RSP0/CPU0:ASR9K-4#sh mpls traffic-eng pce lsp-database delegated
Tue May 6 03:18:50.686 UTC
Symbolic name: update-tunel
Session internal LSP ID: 7001
Created by: node-id: Not set ip: 192.168.96.2
Delegated to: node-id: Not set ip: 192.168.96.2
Delegatable: TRUE
Destination: 10.99.6.6 Source: 10.99.8.8
LSP Object:
Operational: FALSE
Identifiers: Not set
LSP Path Object: Not set
Vendor Specific Information:
Forward-Clsss: 0
Load Share: 0
IGP instance: 0
PBTS Configuration-IOS XR
ipv4 access-list IPV4_SRC
10 permit ipv4 host 10.201.7.43 any
!
class-map type traffic match-any IPV4_SRC
match access-group ipv4 IPV4_SRC
end-class-map Use PBR policy to
! set forwarding class
policy-map type pbr PBTS
class type traffic IPV4_SRC
set forward-class 2
!
end-policy-map
Apply PBR policy to
!
set forwarding class
ipv4 address 172.16.0.5 255.255.255.254
service-policy type pbr input PBTS
!BRKSPG-2722 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
NETCONF Operation <edit-config>
<edit-config>
Datastore
<target><candidate/></target>
<config>
<Configuration><InterfaceConfigurationTable><InterfaceConfiguration><Naming>
<InterfaceName>TenGigE0/3/0/1</InterfaceName> Interface
</Naming>
<PBR>
<ServicePolicy>
<Input>PBTS</Input> Apply PBR Input Policy PBTS
</ServicePolicy>
</PBR>
</InterfaceConfiguration></InterfaceConfigurationTable>
</Configuration></config>
</edit-config> </rpc> ]]>]]>

2014 BRKSPG-2722 SDN Asr9k

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

2014 BRKSPG-2722 SDN Asr9k

Încărcat de

Drepturi de autor:

Formate disponibile

Deploying SDN on ASR 9000

Rob Piasecki, Solutions Architect

Technological Inflections Industry Consolidation

Speed of Unable to catch Market Transitions

Goal = Lean SP + Rapid / Rich Innovation

OPTIMIZE APIs Edge

IP + Optical Convergence Convergence

Business, and Driven by Need via SDN with End-to-End Orchestration

IP Everywhere EPN: Built for IoE

Prediction: OpenFlow Is Dead by 2014; SDN Reborn in

Will OpenFlow commoditize networks? Impact Cisco margins?

.We share a more pragmatic view, noting Cisco (for example) is

SDN needs a bigger definition

Distributed Components Functions tightly coupled to data plane Application

Metro DWDM Long Haul DWDM

CPE Agg and Access Edge Core Infrastructure Data Center

Device/Network Level APIs

Programmable Unified MPLS Cloud

APIs Controller Virtual Overlays

Cisco Approach: Flexibility to ChooseThe Power of AND

YANG JSON onePK Plug-Ins

BGP-LS Cisco OpFlex

Custom Routing (based on business logic)

Custom Traffic Processing

1. Policy APIs on ingress router interface to 1

VSM Services External Service Appliance

Residential Customer Group A DPI Virus/Malware Scan Firewall

Residential Customer Group B CGN Firewall

Business Internet CGN DDOS Protection Firewall

Business VPN Corp X IPSec Virus/Malware Scan SBC

OnePK API Layer

onePK API Infrastructure

Provides filtering (ACL), classification (Class-maps, Policy-maps), actions

Routing Read RIB routes, add/remove routes, receive RIB notifications

Discovery L2 topology and local service discovery

# dynamic packet capture config

transport type tls disable-remotecert-validation CA Certificate -R <path to root cert> (required)

Service Set: Base State: Enabled Version 1.1.0

INFO:onep:BaseTutorial:Successful connection to NetworkElement -

Speaks standard OpenFlow protocol

* Please check roadmap for details on supported platforms & timelines

L2 Only L2 header L2 Actions Only L2 Interface

L2_L3 L2 & L3 (v4 or v6) L2 Actions Only L2 Interface

L3_DS L3 v4 & v6 (Dual Stack) L3 Actions Only L3 Interface

Flow Table: header

Consists of a set of flows

OFPXMT_OFB_ETH_DST Ethernet Yes Yes No Yes

OFPXMT_OFB_IPV4_DST IPv4 DST Addr No Yes Yes Yes

OpenFlow Switch Types supported on

Netflow Enable/Disable Enable/Disable Netflow No No Yes Yes

Orchestration OpenFlow Controller:

Default port TCP 6653

Go to www.dev-innovate.com to get more information on the program

Support for distribution of OSPF and IS-IS link Domain 0 RR

BGP (only if changed)

router bgp 65000

* Approximately Lines 55 to 67 of <install-path-hydrogen1.0>/opendaylight/configuration/initial/41-bgp-sample.xml

BGP-LS prefix string has the following general format

Node descriptors and attributes consists of potentially multiple TLVs

May reside on network node or Out of Network Server PCE

PCE sends an PCEP Update when a better path

Tunnels may be inter-area

Address State Learned From