The Building Blocks of Cisco eNFV with Matthias Falkner

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right good Moines welcome everybody my name is Matt falkner I'm a distinguished technical marketing engineer in Cisco I've been with Cisco for 17 years so not quite as long as Mark and some of my other colleagues I held various positions in the field and in product management but lately have really been interested in virtualization so what I want to talk to you about in the next 20 30 minutes is about our enterprise network function virtualization solution Tony introduced it briefly already but the scenario is really this so imagine you run an enterprise network and you have hundreds maybe thousands of branches and today you deploy a bunch of routers often also additional layer 47 services firewalls IP SIDS Waze and in an alliance based world you have an appliance there and so it's not uncommon that you actually have quite a big rack and stack of hardware that sits in these branches and that is then multiplied by hundreds of thousands of times of how many other than many branches you have and then your service department comes along and says I want to introduce a new service because I have direct indirect access now need a different firewall or some something goes wrong with the hardware and you have to truck roll a new new equipment out of these branches so these the fact that that the branch and arm is highly distributed is also generating a lot of cost for enterprise customers and what we're trying to do is basically to say can we not collapse at least the layer 4 to 7 functionality on top of x86 and leverage the virtualization to be more flexible and to reduce the the hardware rack and stack that we have in these branches therefore taking cost out increasing automation making making Bakic basically life easier in a branch environment so that's what we're we're trying to do and to that effect we've introduced the recently the Cisco Enterprise NFV solution that Tony just quickly talked about it and I'm really excited about this solution in the context of DNA because I it actually offers a number of those tenants that we talked about also in the morning so we're leveraging in the solution automation tight interactions you'll see with the controllers we're leveraging virtualization of course to give us the flexibility to roll out functions quickly within minutes even in many cases we we have flexibility from a hardware perspective so many of the tenants tenets that are part of DNA are actually part of this solution for the branch Enterprise NFV has four main components in the stack at the bottom we have an x86 hardware layer so you always need hardware and you've heard that from Dave and Peter this morning hardware is essential here we're leveraging x86 and will give us flexibility Tony also said won't get those speeds and feeds that we get from the from the switching side that's ok because we're doing a different use case here so that's the first component the second component is an operating system we call it the network function virtualization infrastructure software and it basically give it gives us the virtualization capabilities the ability to run virtual machines on top of a standard Linux environment third layer are the VNS themselves the the network functions like virtual routers firewalls wireless LAN controllers and then at the top we have the orchestration and management to help us with the automation and deployment in such a highly distributed environment so let's look at some of these layers in detail one of the things we've been trying to do with the nfe is to provide a systems integrated solution but at the same time offer flexibility and flexibility is important in this environment because I'm making a choice about how much cost to incur initially and in the sense of how many x86 cores do I want to ship out the more I ship out the more flexibility I have in the future to add on new software new phone and that's what we have actually a suite of product on the hardware side but Mohamed and Dave and Peter talked about virtualization in iOS 6 e itself represented that on the slide just for completeness what we're focusing on here the nfe is really standard x86 virtualization based on three main platforms one is the is our series routers with UC se that gets a lot of attention because a lot of our customers have deployed ISR for Kay's recently and are still wanting to a virtualized certain layer 47 functions so the one embarked on this during a virtualization but really happy with the foundational routing aspects and for those customers we basically insert a UCS e-series x86 compute blade and the eyesores then we have customers that are really quite advanced and aggressive about their journey towards virtualization and sometimes they even have a data center grade servers out in those branches already with lots and lots of scores to spare because they do application hosting point-of-sale some other apps that you may have out there and so in those environments we're actually supporting also full data center grade UCS e-series as a virtualization option the third platform you see here on the slide is the enterprise network compute system and that's what we've really innovated as part of the nfe we basically brought to market a system that has online side branch environmental conditions and form factors but on the other hand is really and truly an x86 compute system so we're going to that in a little more detail the NCS right now gives you a choice of four different platforms we came out with a six and eight and a 12 core and just this week we're launching the four core version the number of cores as I said is important because you have to decide how much flexibility you want in the future in order to roll out additional functionality and the trade-off here so one of cost the four core version is cheaper of course more cost optimized right now we get a lot of attention from a managed service providers for the smaller version the enterprise's are happy to deploy more higher core versions in order to have that flexibility then the NCS is built with the for the branch so it's got a branch form factor in terms of size power and cooling not everybody is able to deploy a datacenter grade server in a branch environment so cost is often space is often a constraint and so that's something that we're offering here with the NCS the really cool thing about a NCS is this little blade here it's an M slots so imagine today in standard data center servers you bound to Ethernet for the most part but in branch environments we still have many many customers with branches that are not Ethernet yet they have t1d ones around sometimes still 3G 4G very popular as a second media for the LAN and so this new slot gives us the capability to also offer different options from Al and connectivity perspective in particular for 3G 4G so that's a really interesting characteristic of this box the last one I wanted to highlight here is really the built-in switch that we've integrated in the NCS that switch is capable one to deliver power of Ethernet so if you have small branches maybe make me lots of them you can hang your access points directly of those NCS boards and power them therefore again reducing your footprint also and to be honest to me more interestingly is we use the NIC card in the Box in order to do virtual machine to virtual machine switching so one of the challenges that we often have when we try to virtualize functions is we'll passing packets inside a server between two VMs and with standard virtualization technology like open B switches you one fit a bottleneck very at some point right now things around 3/4 gig plus or minus but these researchers also consume cores now remember that we're an environment where we cost the constrained cost optimized in the branch a lot of customers one want to really have very very cheap system there and so what we were able to do here is we're able to do switching in Hardware between various VM so as we virtualize a router via as a firewall and if those are capable of SR IV in particular we can leverage the NIC card in order to do the service chaining inside NCS therefore not burning a core for switching and that means we can deploy more V&S so really boils down to an immediate total cost of ownership advantage by doing the VM to VM traffic in hardware and we thought about that and and with the combination of n Feis and Ian says we're able to actually pick the most optimum path in order to do VM to VM switching the in cs50 104 is something we're launching at this show it's the smaller brother of the larger series in this case we've integrated the 4G LTE one in order to cost optimize the system but other than that exactly the same functionality as the other platforms so talk a little bit more about the second component the second layer and the solution n Feis n Feis is based on a standard Linux in DNA we talked about openness and standards so we've chosen here to use a standard Linux distribution therefore leveraging KDM as our Itemizer technology in order to abstract the physical CPU memory and storage and present virtual CPU memory and storage up to the VMS but here - we've done some additional enhancements in order to make the deployment and operation of a virtualized environment a lot simpler so let me make a point out a few of these these really cool enhancements the first one is viewer touch deployment and plug-and-play when you have thousands of branches that you want to roll out in an automated manner plug-and-play it becomes critical so the scenario that we are providing here is that you ship out a system with nfe is somebody plugs in the power cables it up and it then automatically calls home - it's a PKM controller the APM controller has a profile that knows this branch should be deployed with an iso v router with two cores maybe a firewall awaaz and we automatically download the software bring up the virtual machines network them internally according to the profile and basically get it all that up and running in an automated way based on plug-and-play so really helps with the automation of a large number of branches the whole branches just plug in and work oh the whole brat but not the switching side so we've got of course you get if you hang up a whole layer of switching that's where Dave and Peter come in here but when you when we talk about those virtualized networking functions they would all just come up and be networked on that a UCS e-series or in a fee awesome so we fully automated that the second and actually if we requisite for that function is the lifecycle manager so one of the functions we've integrated in FB is is the ability to spin up those VMs monitor them so taking heartbeats being able then to also react upon events so if VM fails we can say please restart it or send a syslog or something off so we have a lifecycle manager that really watches all of our virtualized Network functions and make sure they're they're operating as expected can tear them down another function that you don't typically find in a standard Linux distribution and you see here are some other additional functions that we've nf ENS with the goal to really make deployment and operation of such virtualized branch environments as easy as possible the third component are the VNS themselves and we honestly typically don't really talk a lot about that in in my presentations because what we've done is essentially we've taken the same software that runs on the hardware based systems made sure that they don't have any hardware dependencies and running them in a virtual machine so when you bring up an ISO Vee router once it's up and running and you console in you do a confit it looks and smells like any other iOS XE router you have the same feature functionality available and that's actually really important a lot of our customers from a migration perspective because we can offer with the this approach feature and operational consistency so if you already have your back-end processes set up for let's say an i/o 6e virtual router system in general or firewall all of that stays the same tops with the migration towards a virtualized environment one thing I'm going to elaborate on the next 20 minutes is the openness that's a often and becoming an increasing discussion topic now is can you run other vendors vns or even applications so because we we built nfe is on the standard Linux in leveraging KVM we can do that and I'll elaborate on it often also customers are seeking that capability to run containers or their own applications and again that's something that is supported and final layer in this quick overview is the automation you'll hear a lot more about our automation as part of DNA this afternoon I just wanted to draw your attention here to ESA that's our Enterprise Services automation tool that helps us in this design phase of ENFP so here we have the capability to for an architect let's say to say I want to standardized and such-and-such templates and you present with a canvas as shown here you can drag and drop the x86 across drag and drop the VNS across and specify the internal networking that you want to see save all that in template with actual details as well and that's then what is used in the plug-and-play process if the box then actually comes online in order to do the actual configuration so we can do all that in an automatic manner automated manner using rest halls down in order to get the system's going alright any questions on and if we so far but if I two of these can I do anything like a KVM live migration at the ends between the two that is currently not supported so one of the issues we seeing is that networking functions have a slightly different characteristic than typical application workloads we're trying to keep those up and running off of the time in order to make sure that traffic passes so right now our AJ solution is a box box redundant design where you would have an active in the standby with the respective vnfs configured and they would you stand at networking techniques in order to provide the high availability functionality you're done at the VM or application alright we're doing it at the VM level yet and is there anything like s RI of e that pins the VM to the appliance so that so for performance reasons we're taking care of that so this is now more of a question about performance how much throughput can I get out if a VM is capable of SR IV and that would be specified in the metadata of the VM we are able to srid it and pin the i/o to a certain interface in fact that is shown here in my slide you see that the i/o so V as the slack line is s or IV to the gig interface that gives us superior performance we're also pinning the virtual CPUs to the Wars again again in order to optimize the performance of get more throughput action any additional you had a question one is going back to the APM where are we on multi-tenancy for that yet so right now in this release not support it that's something we're looking at for the future okay thank you because this looks to have some very good MSP applications yes yes

Info

Channel: Tech Field Day

Views: 2,430

Rating: 5 out of 5

Keywords: Tech Field Day, TFD, Tech Field Day Extra, TFDx, Cisco Live US, Cisco Live, Cisco Live US 2017, CLUS17, Cisco, Matt Falkner, eNFV, NFV, virtualization

Id: d9uPJTOTrEY

Channel Id: undefined

Length: 18min 37sec (1117 seconds)

Published: Thu Jun 29 2017