Documente Academic
Documente Profesional
Documente Cultură
Managed Service
BRKRST-2558
BRKRST-2558
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
• SD-WAN as a Service – Introduction
• Orchestration for MSPs
• NSO, MSX
• Deploying Controllers
- Cloud or On-Prem
- Use NSO/MSX to deploy
• Device On-Boarding
- Global PnP - Bootstrap File
- Use NSO/MSX
• Deploying uCPE
• NFVIS – Use NSO/MSX to deploy
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Introduction
Network-as-a-Service: SD-WAN Offering
NSO
Internet
… 3rd
Party (or)
4G/LTE IaaS VPC/VNET
X86 5
Gateways
uCPE
Transport independent
0
WAN Fabric
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Connectivity and Overlay
Transports Managed by SD-WAN MSP Expand Business VPN service over the last mile
But some/all could also be from another SP(s) MSP may not own the transport
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
MSP SD-WAN Architecture Public
Internet
Shared
(MSP) Middle Mile Backbone Resources
MSP MSP
PE PE
POP POP
Inter MSP Datacenter
Regions
GW GW MPLS
Migration VPN
vControllers
Virtual Infrastructure
Virtual Infrastructure
Legacy CPEs Virtual Infrastructure
ENCS
NFVIS
SD-WAN CPE
Appliance - VNFs uCPE
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Steps in Deploying SD-WAN Fabric
1 2 3
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Smart Account (SA) / Virtual Account (VA)
Virtual
Customer3
Account
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Global Deployment Process Overview
Device
If hosted, controllers
Cisco Config
1 instantiated by Cisco
CloudOps CloudOps
Device
Ordering Using vManage
SA/VA Controllers to org-name Provisioning
be deployed vBond File
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Orchestration
MSP Service Orchestration for Cisco SD-WAN
SP Data Center SP Data Center
7 Migration – MPLS/SD-WAN
Tenant 1 Tenant 2 Tenant 3 Instantiate
Managed Services
Accelerator (MSX)
Configuration
Network Service
Orchestrator (NSO)
Policies
1 vControllers
6 PnP Connect Portal
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Network APIs - Transactions
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Service Orchestration – Various Requirements
NETCONF NETCONF
Cisco
ENCS vEdge cEdge ESC ENCS vEdge – cEdge Cisco ENCS vEdge
SD-WAN
NFVIS Appliance Appliance OpenStack NFVIS Appliance Router NFVIS Appliance
Appliance
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Multi Domain Orchestration is also Required
OSS/BSS
UI/API
MSX
Platform
MSX Common framework for service integration, catalog, delivery and operation.
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
NSO Architecture
• Model-driven, end-to-end
service lifecycle and customer
experience focused
• Seamless integration
with northbound tooling
• Loosely-coupled and modular
architecture leveraging open APIs
and standard protocols
• Orchestration across multi-
domain and multi-layer for
network-wide, centralized policy
and services
• Multivendor abstraction
through NEDs
• Multiple interfaces including CLI,
REST, Java Python
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
NEDs tame multi-vendor complexity
• Abstracts underlying
protocol and data-models
NED
Computes the • Normalizes error-handling
ordered
sequence of across vendors
device-specific
commands to go
from current to • Eliminates the device
desired state
adapter problem
• Removes complex device
logic from the service logic
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Core Function Packs for Cisco NSO
vBranch Core FP
Public
Cloud SAE Core FP
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
SDWAN Core Function Pack Architecture
SD-WAN Core Function Pack
vBranch Core
PnP NFVO
vManage
NED NED NED
NED
VNF VNF
Manager Manager
(ESC-Lite) (ESC)
NETCONF
SDWAN
NSO CFP Using NSO CLI
NETCONF
VNF
Manager
(ESC)
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Managed Service Accelerator (MSX)
MSX Platform
• MSX is a Cloud-Native Platform
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
MSX Pre-Built Service Packs
SD-Branch (vBranch x86 based)
Cisco SD-WAN
• Speeds deployment of multi-tenant SD-WAN environments based
on Cisco Viptela technology
• Coordinates with vBranch service pack to deploy virtual vEdge on
ENCS
Managed Device
• Quickly on-board new devices with Cisco Plug-and-Play
technology
• Simply create custom templates for ANY managed service
• Rapidly deploy and manage new devices simply from the MSX Clo
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Cisco SD-WAN powered by MSX
MSX provides multi-tenancy, multi-services, operational simplicity, and scale,
for many SD-WAN devices…securely from the MSX Cloud
2 MSX creates and manages SD-WAN Control Planes for 100’s of tenant
4 MSX manages Virtual Branches (ENCS) and Cloud Gateways running SD-WAN services
5 MSX simplifies site provisioning for 100’s of tenants (templates and CSV files)
6 MSX provides simplified Self-Service config changes for the most requested SD-WAN services
1 2 3 4 5 6
MSX Multi-tenant Platform 100’s SD-WAN Controllers Many Device types x86 Virtual Branch Template Site Customer Self-Service
and Cloud Provisioning
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Deploying
Controllers
Controller Tenancy – Single Tenancy
Dedicated VPN Tenancy
(No)Tenancy
TenantA
TenantA TenantB
TenantB
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Controller Tenancy – Multi-Tenant Control Plane
Multi-Tenant Control Plane
vSmart
• Multi-Tenant vManage
vManage vBond
• Data Isolation in the DB TenantA TenantA
TenantA
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
vManage, vBond, vSmart
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
vManage Cluster
• There are various reasons do deploy a vManage
cluster, including:
VPN512 - High availability and redundancy for fault tolerance
- Managing greater than 2000 vEdges
VPN0
- Distributing NMS service loads
Out of Band
• The vManage cluster consists of at least three
vManage devices
• Besides the interfaces used for VPN 0 and VPN
512, a separate dedicated interface will be used
for communication between the vManage
devices.
VPN0 Tunnels
• The bandwidth between the vManage devices on
this interface should be at least 1 Gbps, and the
latency should be less than 5 ms for a small or lab
ESXi, KVM, AWS, MS Azure deployment. A 10 Gbps interface is recommended
for production.
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Disaster Recovery for vManage
Arbitrator
Datacenter1 Datacenter2
MPLS
• Introduced in 19.2
• vManage scales horizontally using Clustering
- Add more vManage nodes to cluster in DC for Scale and local HA
• Add standby Cluster for Disaster Recovery
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Controller Deployment Models
Cisco Cloud Ops SP Ops Team Enterprise IT
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Transport Colors and Control Connections
Local Color: Public Local Color: Private Local Color: Private
Controller Color: Public Controller Color: Public Controller Color: Private
Use: Public IP Use: Public IP Use: Private IP
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
On-Prem Controllers Hybrid Deployment
• Controllers can support hybrid Private /
Public transport connections
Private
A B C • Private transport using private IPs for
IP/Port
DMZ (NAT
communication. Prefix advertised in
1:1)
DMZ (NAT 1:1)
private domain
A B C
• Public transport using public IPs,
generally assigned by provider
2
• Multi-homed WAN Edge capable of
INET MPLS supporting both models concurrently
1 4 3
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
The ETSI NFV Reference Architecture
MANO
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Cisco NFV Solution Architecture
North Bound APIs
CSR ASAv Ultra MSX Video XRv vWSA 3rd Party Cisco ESC
API Virtual Compute Virtual Storage Virtual Network Red Hat OSP
(RHEL) (Ceph) (OVS, VPP, SR-IOV)
Cisco VIM
Lifecycle Manager
Infrastructure Abstraction with RHEL, KVM/Qemu, Host Packages, vSwitches
GUI
Cisco Physical Infrastructure
Optional Network VIM
Compute (UCS/3rd P) Network (N9k/NCS5k) Storage (UCS) (Cisco ACI / Cisco VTS)
Cisco NFVI
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
CVIM – POD Types
Full POD Hyper-Converged POD Micro POD Edge POD
Inter-
location
Network
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Using NSO SDWAN Core Function Pack
SD-WAN Core
vBranch Core
PnP NFVO
NED
NETCONF
1 2
Add ESC to NSO VNF
Manager Spin Up
Device Tree (ESC)
Controllers
Virtualized Infrastructure Manager
(OpenStack – VMWare)
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Add ESC to Device Tree
<config xmlns="http://tail-f.com/ns/config/1.0">
<devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>esc1</name>
<address>10.60.23.200</address>
<port>830</port>
<authgroup>esc-auth</authgroup>
Using NETCONF <device-type>
Payload used <netconf>
</netconf>
</device-type>
<state>
<admin-state>unlocked</admin-state>
</state>
</device>
</devices>
</config>
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Create the Provider with root-cert
<config xmlns="http://tail-f.com/ns/config/1.0">
<provider-infrastructure xmlns="http://com/cisco/corefpcommon">
<provider>ProviderA</provider>
<ca-cert xmlns="http://com/cisco/nso/corefp/sdwan/vedge">-----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIBATANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJVUzEL
[SNIP]
pHYqJD27D4KBakKzDX94fLBQ97Br9XmHrWRatglsUc9Njta1Zr/zNvVJYP7qOg==
-----END CERTIFICATE-----</ca-cert>
<catalog xmlns="http://cisco.com/ns/branch-infra-common">Gold</catalog>
<catalog xmlns="http://com/cisco/corefpcommoncatalog">CatalogEsc</catalog>
<vbond-ipaddress xmlns="http://com/cisco/nso/corefp/sdwan">172.23.80.43</vbond-ipaddress>
<vbond-port xmlns="http://com/cisco/nso/corefp/sdwan">12345</vbond-port>
<alias xmlns="http://com/cisco/nso/corefp/sdwan/vedge">ADT Labs Paris</alias>
</provider-infrastructure>
</config>
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
NDU – Mapping Controllers vNIC / Network
<config xmlns="http://tail-f.com/ns/config/1.0">
<ndus xmlns="http://com/cisco/nso/corefp/sdwan">
<name>sdwan_ESC_vController_ndu</name>
<network>
vControllers NDU <name>flat-provider-network</name>
</network>
private <network>
<name>private</name>
</network>
<nic>
<id>0</id> eth0 – vpn512
<network>flat-provider-network</network>
</nic>
flat-provider-network <nic>
<id>1</id> ge0/0 – vpn0
<network>private</network>
</nic>
</ndus>
</config>
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Spin up vManage, vBond, vSmart one by one
<config xmlns="http://tail-f.com/ns/config/1.0">
<sdwan-site xmlns="http://com/cisco/nso/corefp/sdwan">
<site-name>vmanage-site</site-name>
<provider>ProviderA</provider>
<infrastructure>
<type>esc</type>
<esc> <vController>
<name>esc1</name> <personality>vManage</personality>
</esc> <system-ip>10.10.10.4</system-ip>
</infrastructure> <site-id>720</site-id>
<member-vnfs> </vController>
<vnf>esc-vmanage123</vnf> <ndu>
<type>vController</type> <ndu-id>sdwan_ESC_vController_ndu</ndu-id>
<username>admin</username> <management>0</management>
<password>admin</password> </ndu>
<deployment>vManageDeployment</deployment> </member-vnfs>
<vnfd>vManage</vnfd> </sdwan-site>
<vdu>vManage</vdu> </config>
<ip>172.23.80.40</ip>
<mask>255.255.255.0</mask>
<gtw>172.23.80.1</gtw>
<host-name>iamvmanage</host-name>
<day-0>
<cfg-file>vmanage_day0_template.cfg</cfg-file>
</day-0>
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Controllers Provisioning
Value added services provided by
Network Service Orchestrator (NSO) sdwan
Viptela callback
activity
Define SDWAN Service on
Core FP 1
(SDWAN) OpenStack Virtual device infra
External System
2
6 • 1) Define SDWAN Service payload
3
7
CA
• 2) vManage instantiated with day-0 file and added to the device tree
4
• 3) vBond instantiated with day-0 file and added to vManage
5 • 4) vSmart instantiated with day-0 file and added to vManage
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Add vManage Device into the Device Tree
<devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>vmanage-1</name>
<address>10.60.23.133</address>
<port>8443</port>
<authgroup>vmanage-auth</authgroup>
<device-type>
<generic>
<ned-id xmlns:viptela-vmanage-id="http://tail-f.com/ned/viptela-vmanage-id">viptela-vmanage-id:viptela-vmanage</ned-id>
</generic>
</device-type>
<connect-timeout>30</connect-timeout>
<read-timeout>30</read-timeout>
<write-timeout>30</write-timeout>
<trace>raw</trace>
<ned-settings>
<viptela-vmanage xmlns="http://tail-f.com/ned/viptela-vmanage/meta">
<connection>
<ssl>
<accept-any/>
</ssl>
<api-base-url>/dataservice</api-base-url>
</connection>
</viptela-vmanage>
</ned-settings>
<state>
<admin-state>unlocked</admin-state>
</state>
</device>
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Plug and Play Connect Portal
https://software.cisco.com/#module/pnp Smart Account (SA) Virtual Account (VA)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
MSX creates and manages SD-WAN Control
Planes for 100’s of tenants
Tenant1
MSX Dashboard vManage
vSmart
vBond
Tenant2
vManage
vSmart
vBond
Tenant1
• MSX creates SD-WAN control plane VMs for each tenant Tenant3
• MSX provides single-sign-on and RBAC for each tenant vManage
• MSX provides SD-WAN OSS/BSS interface for each tenant vSmart
vBond
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Launch vManage for a specific Tenant
Simply with a single click from MSX
MSX Tenants are simply mapped to Viptela Controllers:
vManage, vSmart, vBond
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Attach to an existing SD-WAN Control Plane
Tenant1 SD-WAN service up and
running, bring Tenant1 under MSX mgt
Tenant1
vManage
vSmart
vBond
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
On Boarding using Global PnP - Overview
MSX NSO • vManage REST API
Device added to PnP:
• Device Template Configuration – Pushed to vManage 0 • Ordering process
1 • Instructs vManage to attach templates to selected • Manually
devices
• Instructs vManage to deploy device configurations
PnP
MPLS INET Servers
5
3
!
!
! Organization Name, vBond information,
interface GigabitEthernet0/0/0
no shutdown etc.) is fed into the PnP process
ip address 192.168.10.10 255.255.255.0
exit
connect to vBond
https://sdwan-
docs.cisco.com/Product_Documentation/Getting_Started/Hardware_and_
Software_Installation/On-Site_Bootstrap_Process_for_SD-WAN_Devices
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Notes on CLI Template
• Always create a Device Template (even a basic one) and apply to the device UUID
you want to deploy
• CLI Templates:
• CLI Templates can be attached to vEdge/cEdge routers
• Variables are used for rapid bulk configuration rollout with unique per-device settings
• Local configuration changes are not allowed
• For cEdge
• vEdge like CLI style with documentation for comparable cEdge configuration
• IOS-XE CLI Template support coming (March CY20)
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
cEdge Configuration – vManage Interfaces
Intent Driven
Workflow vManage
Intent Driven
Policy, Workflows, NW Design Templates
CFS Yang
Device / Feature Templates CLI templates
NEW – 20.1
CFS Yang Models Device Yang
CLI templates
(supports IOSd Yang CLI templates)
Translation
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Using NSO – Create Device Template
<sdwan-template xmlns="http://com/cisco/nso/corefp/sdwan/template">
<id>nso-vedge-branch</id>
<provider>Provider-Customer1</provider>
<tenant>SingleTenant</tenant>
• Create a Device Template <description>vEdge Branch</description>
<configuration>system
host-name {{HOSTNAME}}
• Pushed to vManage using system-ip
site-id
{{SYSTEM_IP}}
{{SITE_ID}}
vManage NED (REST API) admin-tech-on-failure
no route-consistency-check
sp-organization-name "{{SPORGNAME}}"
organization-name "{{ORGNAME}}"
vbond 10.60.23.134
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
[SNIP]
</configuration>
<alias>nso-vedge-branch</alias>
</sdwan-template>
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
NSO – Attach Device Template
<sdwan-apply-template xmlns="http://com/cisco/nso/corefp/sdwan/template">
<id>vEdgeParis</id>
<provider>Provider-Customer1</provider>
<tenant>SingleTenant</tenant>
• Attach Device Template to a <uuid>01ee8315-415d-5030-b58b-ef3db0a63fef</uuid>
device using its UUID <template>nso-vedge-branch</template>
<variables>
<name>HOSTNAME</name>
• Pushed to vManage using <value>vEdgeParis</value>
</variables>
vManage NED (REST API) <variables>
<name>SYSTEM_IP</name>
<value>10.0.0.91</value>
</variables>
<variables>
<name>SITE_ID</name>
<value>9</value>
</variables>
<variables>
<name>ORGNAME</name>
<value>ADT Labs Paris</value>
</variables>
<variables>
<name>SPORGNAME</name>
<value>ADT Labs Paris</value>
</variables>
</sdwan-apply-template>
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
MSX - on-board SD-WAN devices
Physical and virtual
MSX Dashboard
• On-board SD-WAN physical devices
• On-board SD-WAN VNFs in virtual branches
• On-board SD-WAN VNFs in the Cloud
• Manage licenses, images, secure mgt tunnels
vEdge VNF
Cloud CSR-1000 VNF
Gateway
ISR 1K
ISR 4K
Campus ASR 1K
vEdge 1000
vEdge 2000
vEdge 5000
MSX CSV template provisioning Data Center ISR 4K
Minutes
MSX simplifies instead of
multi-tenant weeks provisioning
SD-WAN and monthsfrom the Cloud
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
MSX Device Templates ”Blueprints”
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Migrating Legacy Site to SD-WAN
Managed SD-WAN
Device Edge
Migrate
Running Running
IOS-XE IOS-XE SD-WAN
VNFs
LB Hypervisor
Server
Router Firewall Wan Opt Load Balancer
Cisco’s Virtualization is available for both Traditional Routing as well as SD-WAN routing
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Network Services on Any Platform
Cisco’s Virtualization stack
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
NFVIS Software Stack
NFVIS
PnP Agent
• PnP Agent must automatically configure WAN Interface
• Must download platform Profile
PnP Console/ Local Device
NSO DNA-C
Server SSH
Lifecycle Management (ESC Lite) Web Portal
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
SDWAN Core Function Pack Architecture
SD-WAN Core
vBranch Core
PnP NFVO
NED vManage
NED
NETCONF
1 REST
VNF
Add ENCS/NFVIS to Manager
(ESC-Lite) 2
NSO Device Tree
Virtualized Infrastructure Manager
(NFVIS)
Spin Up VMs,
including vEdgeCloud
Compute Platforms (ENCS, UCS, CSP) or ISRv for SD-WAN
Branch
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Networks and Service Chaining Definition
GE 0/0 GE 0/1
SRIOV-1 SRIOV-2 SRIOV-1 SRIOV-2
wan-br
Management port
192.168.1.1
wan-net wan-net2
mgmt-br
cEdge
service-net
int-mgmt-net
FW
lan-net
lan-br
SWITCH
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
NSO - Network Deployment Unit (NDU)
Mapping vNIC / Network
ndus sdwan_NFVIS_vEdge_ndu {
network int-mgmt-net;
network lan-net;
network service-net {
bridge service-br;
}
network wan-net; sdwan_NFVIS_vEdge_ndu
eth0 – vpn512 nic 0 {
network wan-net; wan-net
} ge0/0
eth/0
ge0/0 nic 1 {
network wan-net; ge0/1
service-net
}
ge0/1 nic 2 {
network service-net;
}
ge0/2 – vpn511 nic 3 {
network int-mgmt-net;
}
}
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
NSO vEdge day0 configuration – Example
vpn 0
interface ge0/0 This is NIC1 in NDU
ip address ${IP}
!
no shutdown
!
ip route 0.0.0.0/0 ${GW}
!
vpn 512
interface eth0 This is NIC0 in NDU
ip dhcp-client
no shutdown
!
!
vpn 511
interface ge0/2 This is NIC3 in NDU - used
ip address ${NICID_3_IP_ADDRESS}/${NICID_3_CIDR_PREFIX} for NFVIS VM monitoring
no shutdown
!
./cpe-day0/cfg/vedge_day0_template.cfg
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
NSO SD-WAN Site
1
sdwan-site Paris {
provider ProviderA;
location { 2
name Paris;
member-vnfs vEdgeCloudParis {
}
type vEdge-cloud;
infrastructure {
username admin;
type nfvis;
password admin; 3
nfvis {
ip 10.60.23.14; member-vnfs asav1 {
nfvis-serial FGL214280GD;
mask 255.255.255.0; type generic;
shared-branch-office;
gtw 10.60.23.254; deployment ASA-Unmanaged;
branch-office UCPE1;
day-0 { vnfd vBranch-ASA-1.0;
device-on-boarding pnp-unmanaged;
cfg-file vedge_day0_template.cfg;
vdu ASA;
nfvis-device-name UCPE1;
} username admin;
}
vedge-cloud { password admin;
}
system-ip 10.8.0.83; sec-password admin;
site-id 10; ip 192.168.1.2;
} mask 255.255.255.0;
ndu { gtw 192.168.1.254;
ndu-id sdwan_NFVIS_vEdge_ndu; ndu {
} ndu-id sdwan_NFVIS_asa_ndu;
} }
} }
}
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
NSO - On Boarding ENCS/NFVIS
NSO with the vBranch
Function Pack
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
vEdge Cloud Provisioning / Activation
NSO with the SDWAN
Function Pack
7
3 Full Registration and
Configuration
6
4
VNFs instantiated and loaded with WAN Edge
Bootstrap Configuration cloud-init file.
Chaining of VNFs occurred if Virtual Networks
requested. (ENCS)
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Loading 3rd VNF
NSO with the vBranch
Function Pack
XMP PAYLOAD
Network Service Orchestrator (NSO)
VNF Definitions
NETWORK Definitions Core FP (vBranch)
VNF
PnP VNFM
NFVIS VM loaded
Note: VNFs are loaded in parallel
ENCS
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
MSX - On Boarding ENCS/NFVIS
With Zero Touch Provisioning
Cisco Plug and Play Connect
Massive savings in OPEX and Logistics!
No need for Device pre-staging
No Day-1 configs required for Devices
Simply ship clean devices to sites
Call Home 1
Internet
“devicehelper.cisco.com”
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Examples of
MSX vBranch
Service Templates
• Dual WAN Links
• Protected with a Firewall
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Virtualized
Gateways
Multi-Region Overlay
Shared
(MSP) Middle Mile Backbone Resources
Public
Internet
MSP MSP
PE PE
POP POP
GW GW MPLS
VPN
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
SDN-POPs – Hosting Virtualized Gateways
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
SDWAN Core Function Pack Architecture
SD-WAN Core Function Pack
vBranch Core
PnP NFVO
NED
NETCONF
Spin Up
ESC in NSO VNF
Manager vEdgeCloud/CSR1000v
Device Tree (ESC)
Optionally 3rd Party VNF
like Firewall
Virtualized Infrastructure Manager
(OpenStack – VMWare)
<member-vnfs>
1 <vnf>esc-cedge</vnf>
<type>vedge-CSR-1000v</type>
<deployment>cEdgeESCDeployment</deployment>
<vnfd>cEdge-Openstack</vnfd>
<config xmlns="http://tail-f.com/ns/config/1.0"> <vdu>cEdge-Openstack</vdu>
<sdwan-site xmlns="http://com/cisco/nso/corefp/sdwan"> <username>admin</username>
<site-name>pdx-58</site-name> <password>admin</password>
<provider>ProviderA</provider> <ip>10.195.72.195</ip>
<tenant>SingleTenant</tenant> <mask>255.255.255.0</mask>
<infrastructure> <gtw>10.195.72.1</gtw>
<type>esc</type> <day-0>
<esc> <cfg-file>cedgeCSR_day0_template.cfg</cfg-file>
<name>esc1</name> </day-0>
<vim-tenant>sd-wan</vim-tenant> <vedge-CSR-1000v>
</esc> <system-ip>25.25.23.17</system-ip>
</infrastructure> <site-id>6599</site-id>
</vedge-CSR-1000v>
<ndu>
<ndu-id>sdwan_ESC_cEdge</ndu-id>
<management>0</management>
</ndu>
</member-vnfs>
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Multi-Region Overlay
Definitions and Dependencies
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
OMP Route Types and Prominent Attributes
vSmart
TLOC Routes
OMP Routes MPLS INET
Site-ID
TLOC System-IP
Label Encap-Auth
VPN-ID vEdge Public IP/Port
Tag
Preference Private IP/Port
Origin Tag
Connected Preference
Protocol Service Weight
Origin Metric Static
Side
Dynamic (OSPF/BGP)
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Control Policy Case Study
Reachability Information Distribution Requirements
US EMEA APAC
Inbound TLOC Advertisement Inbound TLOC Advertisement Inbound TLOC Advertisement
US Region – All Colors EMEA Region – All Colors APAC Region – All Colors
US Gateways – All Colors EMEA Gateways – All Colors APAC Gateways – All Colors
EMEA Gateways– All Colors US Gateways – All Colors EMEA Gateways – All Colors
APAC Gateway – All Colors APAC Gateways – All Colors US Gateways – All Colors
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
For Your
Control Policy - Lists Reference
policy
lists
policy
site-list US_branch_sites
lists
site-id 60010000-60018999
tloc-list US_gateway_tlocs
!
tloc 1.1.1.1 color mpls encap ipsec preference 100
site-list US_gateway_sites
tloc 1.1.1.1 color biz-internet encap ipsec preference 100
site-id 60019000-60019999
tloc 2.2.2.2 color mpls encap ipsec preference 50
!
tloc 2.2.2.2 color biz-internet encap ipsec preference 50
site-list EMEA_branch_sites
!
site-id 50010000-50338999
tloc-list EMEA_gateway_tlocs
site-id 50340000-59999999
tloc 3.3.3.3 color mpls encap ipsec preference 100
!
tloc 3.3.3.3 color biz-internet encap ipsec preference 100
site-list EMEA_gateway_sites
tloc 4.4.4.4 color mpls encap ipsec preference 50
site-id 50339000-50339999
tloc 4.4.4.4 color biz-internet encap ipsec preference 50
!
!
tloc-list APAC_gateway_tlocs
site-list APAC_branch_sites
tloc 5.5.5.5 color mpls encap ipsec preference 100
site-id 30010000-30668999
tloc 5.5.5.5 color biz-internet encap ipsec preference 100
site-id 30670000-39999999
tloc 6.6.6.6 color mpls encap ipsec preference 50
!
tloc 6.6.6.6 color biz-internet encap ipsec preference 50
site-list APAC_gateway_sites
!
site-id 30669000-30669999
!
!
!
!
!
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
For Your
Control Policy – TLOC - Applied to US Sites Reference
policy
• Policy Logic control-policy US_DOMAIN
sequence 10
Sequence 10: Advertise US Branch TLOCs match tloc
site-list US_branch_sites
Sequence 20: Advertise US GW TLOCs !
action accept
Sequence 30: Advertise EMEA GW TLOCs !
!
Sequence 40: Advertise APAC GW TLOCs sequence 20
TLOC match tloc
site-list US_gateway_sites
Default: Drop … (accept)
sequence 30
match tloc
site-list EMEA_gateway_sites
… (accept)
sequence 40
match tloc
site-list APAC_gateway_sites
!
… (accept)
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
For Your
Control Policy – Routes - Applied to US Sites Reference
sequence 50 sequence 90
match route
• Policy Logic site-list US_branch_sites
match route
site-list APAC_branch_sites
! !
Sequence 50: Advertise US Branch action accept action accept
routes ! set
tloc-list APAC_gateway_tlocs
Sequence 60: Advertise US GW sequence 60 !
match route !
routes site-list US_gateway_sites !
… (accept)
Sequence 70: Advertise EMEA sequence 100
Branch routes w/ NH of EMEA GW sequence 70 match route
match route site-list APAC_gateway_sites
Sequence 80: Advertise EMEA GW site-list EMEA_branch_sites !
! action accept
routes action accept !
set !
Sequence 90: Advertise APAC tloc-list EMEA_gateway_tlocs
Branch routes w/ NH of APAC GW ! default-action accept
!
Sequence 100: Advertise APAC GW !
sequence 80
Routes match route ROUTES
site-list EMEA_gateway_sites
… (accept)
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
For Your
Control Policy – Applying on vSmart Reference
apply-policy
site-list US_branch_sites
control-policy US_DOMAIN out
Apply policy on vSmart !
site-list US_gateway_sites
Advertisements OUT control-policy US_DOMAIN out
!
!
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Centralized
Policies
Centralized Policies Support
REST API
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Deploying Policies using NSO SDWAN Core FP
SDWAN
NSO CFP Centralized
vManage Policy
NED
REST API
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Using MSX
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Key Takeaways
Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Continue your education
Demos in the
Walk-In Labs
Cisco Showcase
BRKRST-2558 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Thank you