Cisco - Deploying and Operating an NFV Cloud

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
this thing on yep okay good morning let's let's try that again good morning welcome to the Cisco sponsored track sessions this is our third session out of four today we're going to be talking about deploying and operating an NFV cloud we've got a couple of great presenters Narender Endura Narinder Endre and Juan Ramon Acosta are going to come up and give their presentation Juan is one of our principal architects neurons in your product manager I've been working with both of them for a while you're in for a great presentation just to save you all the trouble of snapping pictures of the screens during the presentations all of these slides are going to be up on SlideShare within probably 48 hours you can open if you can go right now so there's a general Cisco account on SlideShare where you can go get all of our stuff but the slides from all of our sponsor track sessions will be up certainly before the weekend so you can save yourself a lot of space in your photo library the other thing I just wanted to remind you of is on your way out today we're going to sort of funnel you all out that way stage right don't forget to grab your Cisco runs on OpenStack running Sox let's see yes thank you thank you very much so without any further ado Noren and one and deploying and operating and nfe cloud all right thank you Gary we will have some time for Q&A at the end mining folks hope you are all doing well so about that good morning from Gary if you did not notice about how insistent it can be if you can just look at that slide there you know do you see anything about that little guy on the left hand side there with the glasses on how does he look like you know just look at Gary one more time so anyway soap you guys are all having a great summit here glad to be here glad to be talking to you we have a combination of a presentation today for you in terms of not just deploying a cloud and managing and operating it as well as deploying nfe applications and if we stack on top of it so that you have end-to-end solution runs on OpenStack lives on OpenStack briefs on OpenStack so one's going to be my partner in crime to talk about the second part of it so let's get going so there's a big major transformation going on on the service provider space you know it's primarily driven by open source that's why we are all here lots of different types of open source projects as well as nfe in terms of virtualizing the network functions and Sdn and each of these are not something by themselves they have a whole bunch of ripples in their own accord in terms of you know NFV is not just about virtualizing anybody's network function it's all about being standardized interoperable inter workable and all of that so with all these three forces coming together you know it's basically driving the overall transformation for SPS in terms of you know you name it and that application is being disrupted today in the way that it can be managed deployed operated as well as used for business outcomes so mobility managed services video security general-purpose vnf workloads DHCP DNS whatever you want to call all of them are moving on into this transformation one key aspect about this transformation is while all of this is happening at multiple different levels multiple different areas on the infrastructure side there's a couple of thoughts one is you know infrastructure needs to be kind of completely glued to some of these applications however at the same time such infrastructure needs to be available in a general purrs manner so that I can deploy any kind of workloads providing me different business outcomes on the same infrastructure the infrastructure needs to be flexible enough to accommodate those different workloads as well as be able to accommodate the different needs and capabilities that the infrastructure needs to provide and so there's a bunch of these things that we're going to talk about in many different ways but those are the demands that we are seeing right and why why obviously you know we want to reduce network appliances purpose-built appliances and move towards a more generic infrastructure where things can be easily expandable reusable movable aren't even removable automated service creation so one's going to take you right into it in terms of how quickly you can turn on a service today compared to what it used to be before and self-service personalization again you know infrastructure is one thing but how do you do it do it from the application on top right we're going to cover these two aspects in a lot detail on the second half of this presentation and from an infrastructure point of view again you know if you're used to espy networks espy infrastructure one thing that you always want to have is availability resiliency and you know how do you get that out of an infrastructure you know you want to generalize the infrastructure you want to virtualize everything but can I manage my availability can I manage my downtime to be as minimal as zero or close to zero and how can I achieve that so we'll talk about some of these aspects today a little bit in terms of the approaches being taken in the market so this is away from light trading covering about 120 service providers and you look at this slide I mean the key messages are you know your yellow box is there right there's three are essentially four different types of approaches seen here however you can Club them into three overall one is a do-it-yourself 20% of those customers are looking at how can I pull all of these things together whether it's hardware software orchestration management I'm going to pull it together I'm going to put it all in a manner that it can be usable operate able etc and there is a certain amount of percentage about fifteen or fourteen percent who talk about a la carte in terms of you know I'm going to bring a la carte pieces and figure out how I manage this and there's a good forty percent of these customers out of 120 who said I would rather prefer a pre-integrated solution so what is pre-integrated pre-integrated is something that's you know put together hardware software vnf orchestration management you know vnf management etc all together tested validated so they're you know what you can expect out of the system you know what sort of services you can turn on what are some of the things that you actually cannot achieve and you've got to go for a different option right so that's what I would call pre-integrated and a majority of those customers are in the in that bucket there's a 26% of them you know similar to one of the adoption curves that you would have typically looked at a part of these customers are also waiting to see how things unfold so that again they can follow the leaders and save you know kind of take the safety net if you go so okay so that's what the customers are saying but what exactly is needed for a successful NFV stack a successful NFV outcome right you got to look at this from more than one dimension obviously right so what are some of those key dimensions one is obviously the virtual management or the virtual infrastructure management so we have OpenStack which is the most popular virtual infrastructure manager out there in the container space kubernetes obviously is gaining a lot of ground and it's pretty hard and emerging in terms of a manager the second part is the data plane itself when we talk about networking packet processing packet pushing packet management obviously you know data plane is the most important thing when it comes to actual customer data and customer outcomes so in this regard you know we have DP DK you know bringing in a lot of innovation you've had a sir Iove to give us that wire rate like behavior I want you know I chose the word behavior instead of performance because you've got to do a whole bunch of tuning at different places as well as Fido if you don't know Fido here is Fido F D dot IO is what it's called but it's also referred to popularly as Fido Fido is Cisco's project of vector packet processing that has been open sourced got a big community around it now people you know committing code releasing things month on a monthly basis leverages DP DK and it's proven to provide a amazing performance with certain workload so at the high level do need to work on data plane faster data plane better IO in this world and in terms of configuration and management interactions obviously now you do need to have data models and automation IETF is working on this in a in a very detailed manner you got net confit eyeing a whole bunch of things in that arena so and then operating system is the other one you got to run your stuff on something that's an operating system so that's popularly Linux and then storage self is being very popular for its resiliency and redundancy as well as some of the availability capabilities and docker as an infrastructure as well is gaining momentum in this space from a container point of view so that's the infrastructure but somebody has to manage the networking component in terms of building overlays taking off overlays dynamically configuring networks for a service chain that's coming up so obviously Sdn or Sdn controllers are very important from a Cisco point of view VTS or virtual topology system and ACI application centric infrastructure or two options but over from a generic in a generic perspective Sdn and network integration as well as aggression management is very critical in this space there's a whole bunch of activity going on in so it's chaining connectivity how do I bring up vns how do i chain them how do I connect them how do I take them off yet at the same time get better performance get the you know visibility get the perform the the flexibility that I need so that's where I ETF has been helping us the whole bunch of standardization and of course segment routing is something new that can do some wonders taking your networking all the way down to the top of rack or the compute node and isolating what you know flows for visibility as well as better performance and of all you know intern requirements in terms of standardization you know interoperability across vendors across Stax you know mainly driven by ETSI and OPN EFI so another dimension so we looked at what are the requirements different levels capabilities at the same time when you look at what type of deployments customers want to go with it's not one or two its end-to-end across the network in all places of the network and if you see from here from your left hand side to the right right hand side it starts all the way from the customer edge to the cloud and if you see the footprint the use cases are varied from left to right here however the common ask is an infrastructure that can enable multiple of these things that can be easily uncommon Lee managed across n2n and we monitored the trouble short easily it's a dried signal there's a whole bunch of examples for each one of these places you know these slides are going to be available on SlideShare so we'll leave that for your mic time reading so overall you know we looked at the deployments we looked at what are some of the key components what's going on in the industry in terms of transformations all in all if we had to summarize what are the key required often an espy infrastructure it boils down to these six not only these six but the top six right very common themes that we have heard over and over so one is carrier class infrastructure so you virtualize you give me the flexibility you give me the expansion capabilities etc but don't take away my performance don't take away my availability that I am used to right and the end customers are used to in through which SL A's are written up ASA lays have to be met etcetera etcetera right it's very critical use case agnostic so we see in this there's many use cases many different places but make sure that each one of these use cases by can be enabled by an infrastructure that can do all these things standards-based modular elastic standards-based obviously so that's in there is interoperability one of the key things why we are all here is about open source and reducing the vendor lock-in but as but enable interoperability and better capabilities for the customer right so obviously make sense modular and elastic be able to expand or reduce my infrastructure as well as be able to expand the business workloads that I am running on an infrastructure very easily without tearing down systems and having a multi our downtime or have to install newer sets of capabilities unrelated sort of disjointed from the existing infrastructure etc of course all in all on top of this put a little circle around all your infrastructure and say it's got to be managed by a single unified management system or a set of capabilities where you should be able to monitor the system proactively as well as you know configure operate etc and one of the most important things that we have learned over the last few years interacting with customers is everything is great you know it goes back to that forty percent of the customers we want to have that package solution it comes to this is let's bring all of these together but at the end of the day I would like to have one single vendor as the owner for my support contact so if there's an issue there's one number I call all right and that's always going to be Gary right so if you don't know Gary we will introduce him at the end of the show all right so multi-level security this is another important thing that we kind of drop or ignore very often is is my infrastructure secure when I deploy this in a service provider environment is it capable of avoiding some of the attacks from in inside and outside can I manage my passwords can I manage my file ownerships and a whole bunch of things in ways that it really is a carrier class infrastructure so how are we you know viewing the ETSI and if we framework how are we delivering some of these capabilities through Cisco so here's the HC manner framework very familiar to you folks what we have done here is we have divided this into two fundamental things the bottom half is called the NFB infrastructure and the top half is called the you know Houghton code nfe application layer and in infrastructure basically it's a set of compute storage network hardware I you know virtualized and provided to you as virtualized capabilities of the same with respect OpenStack as the virtual infrastructure manager and in Cisco nfe I you know we have a whim called a Cisco virtualized infrastructure manager we nfe I'm monitoring unified management Sdn controllers and hardware in terms of compute network and storage here's the Cisco nfe architecture you know again bottom half is the infrastructure as we discussed the top half is the vnf manager the network whim as the HDR DHD and controller orchestration and you know resource management with NSO which is stay left and a whole bunch of V and s CSR 1000 and a say V etc that one's going to talk about to you in a minute another important aspect is you know while we do this while we enable all these things that we discussed in the last few minutes we actually do want to do it in an open manner so we have a trifecta of partnership with red hat and Intel along with Cisco to drive innovation to drive open source work in OpenStack in container space in many other spaces like you know chemo etc and also drive some of the projects you know looking at all the common requirements we would like to come back to the community and drive some of these projects with you so that you know all of us benefit from those deliveries use cases let's jump to this right so as we talked about it's the same common infrastructure but can deploy virtual managed services mobile infrastructure mobile applications as well as media and generic SP workloads so it's one single infrastructure which is flexible to enable capabilities for each of these things according to what workload you want to deploy and all of that or most of that is powered by what is called a cisco game cisco virtualized infrastructure manager I'm going to build this out in the interest of time you know it's got a installer and a lifecycle manager which can install your OpenStack cloud in about three to four hours consistently every time with all the configuration that you want to be enabled in the system the control plane is containerized and some of the industry folks are now moving towards this or have plans to it in a bunch of tools and we've open sourced all of these for H a verification else check virtual throughput VM throughput testing as well as others where we have written these tools knowing the requirements from customers and then we open sourced them so that you know the community can benefit from this as well as improve on them depending on their own customer requirements on top of that you enabled some cool capabilities for logging and monitoring of course security is an ingrained piece of work within the Cisco Grimm and it's CICE enabled so that you know things can be delivered as quickly as in less than 24 hours to a customer here's the list of tools I'll leave this to you for perusal later but essentially each one of these addresses a specific part or a specific need in terms of how an infrastructure should be operated or can be operated and proactively managed so with respect to use cases let's double click on this and I'm going to request one to take over and talk about virtual managed services thank you Thank You Aaron good morning everyone um Cisco's um multi-service platform VMs is being thought of taking in consideration some of the service provider requirements I think Narayan says like three capture I think the essence of their motivation to go vnf and that's basically agility how fast and consistently can i deploy very well-known Network constructs for my customers reliably and at the same time be able to do them elastically that means that depending on the demands and depending on my customer requirements I can actually do them without having to ship an army of people in based at all in software so VMs provides you with a group of prepackaged standard functions that we call service packages which are standard connectivity models for an enterprise to connect to the service provider or to provide wide arian access to their entire organization and we are doing all that orchestration and configuration using industry open standards yang models so we're basically our again is the configuration sets that need to be pushed into the network functions we abstract them with the yang we gang models and then we orchestrate them the service providers also can take advantage of the platform to create their own their own value add in different levels one of them is if what the service packs provide to them is enough and they just need based on a customer need a little tweak or an adjustment they can extend what the service packs provide but if they need to build a brand new service they can actually use the VMS SDK that we provide so let's diving a little bit more into what are the managed services for service providers that we we provide so VMs is a cloud ready application being clout ready means is you have to take care of the operations of the service provider in essence you need to be able to build new services create a catalogue of offerings and also be able to make them available to the customer so VMs provides you to create that as an operator as I mentioned using the combination of service packs and the extensibility tools and also provides another control aspect of the platform as an administrator who has access to the system who are we going to be managing or defining as a tenant and what are the resources those tenants are using and the most important is the self-service aspect to be cloud ready you actually need to put all the things that are already known and systematically repeatable and they are well defined put them on our self-service portal so the customer can just make choices and deploy and start working when you look at the VMs service portal you as a customer are going to be able to purchase new services those services that our service provider you put together for that customer where there are customizations of VMs or out-of-the-box you also can define what are your service level agreements that you're going to actually contractually obtain from the service provider as a customer and you're also going to get a monitoring view of how is the health of your services giving you some I will say basic information and telemetrics of how you service is operating from the service provider perspective again for those canonical services that they deploy and they're providing service for they have a viewing to how is the service performing is there any help that I can provide to my customer if there are any deviations from the standard behaviors okay so you at one point have a one-stop shop for basically managing all the network services but the important aspect here is the platform is built based on the promise of OpenStack that is resilient that is flexible and also can elastically deploy virtual network functions at the point of consumption or where the customer needs them but that also brings to the table is the ability for the customer to manage their assets in their information as traveling by defining probably policies or different types of traffic management prioritization that they need when we start looking at the site management from the customer service provider perspective they have the control of their services they are consuming and they don't need to worry about sending up a group of people to actually rack a stack and monitor all that information is collected by the platform over the cloud basically having a constant monitoring of the devices or the network functions that have been deployed for the customer collecting some data and summarizing and presenting them on our easy consumable manner the service packs of function packs that I mentioned earlier are really as I mentioned the well standard connectivity models that across service provider service providers in the world customers are consuming the first use case that we're presenting is cloud VPN which is basically provide a customer and enterprise the ability to connect to the wide area network but also provide them access secure remote access into their organization VMs will provide the ability to select to the customer what level of security they want whether they want to provide remote access for mobile users but also they can define what happy what type of security inspection they want on traffic that is coming but I think most importantly is that they actually select the ability to deploy their wide area access dynamically and they can choose what are the capabilities that that access to the one would be the connectivity to the sites is usually IPSec in a secure manner so all the traffic that is exiting the organization through the service chain is going to be protected end to end another common use case that service providers are dealing with on on the industry is they already have a lot of MPLS network sites deployed and that is a very costly service how would they actually bring those remote offices to consume virtualized network security services into VMs we provide what we are calling the converge edge which in networking terms will be equivalent to a virtual P so the customer does not need to actually redeploy another service chain or another virtual service it just tells VMs I want this endpoint to be connected and converts into my security services the next use case that we are putting forward is the concept of virtualizing the entire branch office what that means in the past you actually have a guy willing in a set of devices rockin stack firewall remote routers and everything so what we are now requesting is deploy this simple or smallest OpenStack deployment and all in one or a KDM as basic exact connected into the service provider network and what VMs will do is provide the customer a choice of catalog how do you want your branch to look like and based on that selection VMs will basically push the flavors and the images to the remote hypervisor configure it and make it available for connectivity if the customer will require access to the wide area network that VMs will also will be taking care of that by who can either converging ioan into the security service access or creating a new IPSec tunnel into the wide area network access okay here VMs still is living and breeding the OpenStack promise which is elastically deploy virtual network functions at the point where the user needed reducing the cost the maintenance and since our VMs a surplus platform is providing the monitoring and the lifecycle neither the customer and the service provider have to spend more than is necessary to lifecycle and maintain those VMs increasing dramatically their service time for example the average time to deploy a full cloud VPN service is in the range of 5 to 10 minutes depending on the location and the latency between the two endpoints the last service that we provide on VMs is basically a network control plane so basically you are controlling and managing your wide area network from the cloud the only thing the customer needs to do is to physically deploy a customer advise on the customer premises point it to the service provider network and zero-touch configuration will basically allow that device to join the wide area network it will allow it to open up connectivity either over the Internet or MPLS using dynamic multi-point of VPN so the customer can actually decide which path the traffic is going to navigate or go through to reach another endpoint within their corporate network going through the service provider network the ability for the service provider to manage the I one or the the wide area network for a customer relies on the fact that the service is constantly monitoring what happens at the endpoints whether there are physical or virtual the manage the management plane will constantly be collecting the information we'll be able to react either to changes or anomalies that happen within the service that is being deployed and Cisco's play for somewhere defined wide area network is basically embodied by the eye one use case that VMS as a function pack is providing on the solution this is like just summarize is what are the advantages that the service provider and the customer bring to the table by using VMs on top of OpenStack thinking that OpenStack will provide all those benefits that we've been talking about just very briefly to close out on the other aspect of VMs VMs provides you with extension points so as we mentioned if you need to extend the service packs you have the ability to actually add on the value that you need in order to make a difference and make the customer happy and you as a business increase your ability to deploy new services we provide ability to extend every single point along the workflow of provisioning a service all the way from the cloud service embodiment which is what you put on your portal and you front-end to one is the configuration that is going to be pushed into the network device all going across the platform you can also build additional services if you as a customer have a very preferred customer I'm sorry vendor of network functions and you don't want to use Cisco we provide the ability for you to insert that network function into the platform and manage it we call it a bake services because if you as a customer want to take advantage of your investment we are just saying in VMs with life cycle and monitor you vnf go at it plug it in and it's up to you as a service provider to provide all the guardrails and monitoring aspects that you need for that BNF to work but be but from the VMS perspective it still is a managed service on the cloud that will be subject to all the constraints and rule that VMS boots for managing virtual network functions on OpenStack if you need to create a brand new service the platform is providing you with an SDK that we actually made available on the Cisco dev net on Cisco dev net you can actually get a step by step tutorial in examples on how to build a brand new virtual managed service that you can plug in and deployed into the VMS management platform okay just to summarize the out-of-the-box as we have on VMs 3 that oh the product great supportive Network functions are listed on our right hand side and for those that are POC which means Cisco will not be able to provide support are the ones showed on the left side and as I was mentioning on the previous slides these are the BNF that if you don't want to use cisco be NFS these are the ones that you can actually play with on VMs on the VMS platform with this we conclude the presentation for VMs we like to open it for some questions we've got about four or five minutes for questions we've got mics on both sides or I can bring you a handheld if my back holds out ok I'm ok if there was a session yesterday afternoon when Verizon talked about a gap in OpenStack they have another requirement for the our back function rule rules based access control do you recognize that as a gap in OpenStack can you support it in another way do you recognize that whole issue that there is no unless the ever been able to attend that session so you know our back in terms of managing OpenStack or our back in terms of network functions and enabling network functions I mean I can give you a an answer based on the VMS framework so VMs is actually managing the network for you and it's actually on a control environment so the service provider yes will be exposed by that hole on the OpenStack but since the environment at least VMs is on the management protected side of the service provider the service provider and the service provider has controlled to prevent unauthorized access to that that's one side VMs will only allow access to users defined within the authentication control plane of VMs and for accessing any resources direct to OpenStack that is a service account that is never exposed to end-users or administrators this is something that the data center operations team will have under control and very certain will be under the regulations of the security and trust team of the service provider but we don't and also we don't store any clear text passwords so we are at least on that on that front restricting the access from our authentication and relaxants level that we define on VMs so we are kind of a layer on top of OpenStack preventing that anybody else okay you're going to really you're going to make me work for this aren't you so there is a linux foundation sponsored open-source project car or nap so this is a telecom operator leading the effect to I think the the project's cover similar things about the really we whatever you just presented so my question is how the Cisco what advantage our strategy cisco has to you know pursue those VMs and to to convince the operator they will do a not use the open-source one I will choose a Cisco thank you okay yes I mean I actually wouldn't look at it in that manner whether its Cisco or OpenStack right so this is something that VMs is something that's been built and packaged given customer demand and if you see this openness all around in terms of the platform as well as the vnfs and the orchestration and you name it there is a piece of open-source in there that can be integrated with in terms of own app I mean cisco participates in our you know all of these open-source activities right so it's actually not the case of its own app or Cisco it's actually have the collaboration to build the best essentially right um just from the technical perspective some of the things that we do when we get feedback from the open source community is we need we look at what is the standard or the new standard being put forward and we try to either align with them on our roadmap but we just need to keep in mind that the project is started probably later than when we started VMs this has been an evolution so there is going to be a point where we are going to have to converge technically on some aspects to take the best of both worlds but I think some of the executives will be better positioned to comment on what is that is going to happen at this point I think this is the best offer that we can provide based on the current conditions and the current availability okay we will take one more quick one because we got to clear the room for the next presenters and I'll make it a quick follow-up you mentioned that you provide a lot of the layers for security including our pact that the gentleman mentioned that that OpenStack does not provide is this a solution that's probably going to be permanent in VMs okay you see OpenStack at some point providing that later layer and Cisco stepping back and letting OpenStack do that so what we do our own are back from the context of VMs so at least we are indirectly being a stopgap by no means we are replacing OpenStack we are always building on top of OpenStack if there is any new enhancement coming from OpenStack we will take advantage of them but we'll never try to replace them yes just want to follow up on that right so from an infrastructure or OpenStack point of view if you look at it there's a whole bunch of things that we do today in Cisco game in terms of the security measures password management etc etcetera etcetera but it doesn't stop right there in fact for example Barbican is key store the key store project right so the PDL is from Cisco Dave McGowan and so that's a clear example of standardizing things into OpenStack rather than creating these snowflakes outside of it right it's totally unmanageable for everybody for the vendor as well as the customer and the community so all right yes I think people are referring to the problem with Keystone having just as far last time I checked four rolls here ten and like a member I'd mean and to others and of course service provider requires other roles like I don't know what IT administrator can do what HR can do and all that so it's missing but Keystone has that roadmap I'm just that's a good idea okay thank you appreciate that thank you thanks everybody Maran Juan thank you very much as well don't forget grab your runs on OpenStack running socks out stage right we've got another session coming up in just about 10 minutes networking across containers and VMs thank you folks have a great afternoon thank you very much thank you stop by the Cisco booth there are VA v IM n VMS demos going on at the cisco booth
Info
Channel: Open Infrastructure Foundation
Views: 6,318
Rating: 5 out of 5
Keywords: OpenStack, OpenInfra, Open Infrastrucure, Open Source
Id: hZ5G7641HfA
Channel Id: undefined
Length: 41min 49sec (2509 seconds)
Published: Wed May 10 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.