1. 4/20/2017
Cisco Live 2014

2. SP Use Cases for NFV and vCPE - Enabling Service Agility via CSR1000V
Cisco Live 2014
4/20/2017
SP Use Cases for NFV and vCPE - Enabling Service Agility via CSR1000V
Leonardo Solano
System Engineer
CCIE#39248
3 Main Messages
CSR 1000v is able to meet SP requirements for virtualization from a feature-richness and performance perspective
vCPE architectures are enabled by Cisco using the vMS solution, where the CSR 1000v offers virtualized CPE functionality in the cloud combined with orchestration
The virtualized IOS XE of the CSR 1000v enables other NfV use-cases like vBRAS, vLNS and thus enables different architectures
Virtualization is about changing the architecture, not simply replacing a hardware system with a software sytem
Content
Short intro to NfV (5 mins) - currently 2 slides
CSR 1000v architecture review (40 mins) – Currently 17 slide
Software architecture
Features
REST
Life of a packet
System architectures and performance
Cloud use-cases
Secure gateway
LISP
vCPE (30 mins)
vMS architecture
TM Deployment use-case
CloudVPN use-case
Multi-tenancy
DSC Orchestration
ESC and NSO Focus
vRR, vBRAS, vLNS (15 mins)
With config snippets
Dedicated server vs. mixing apps on server
Wrap up

3. Abstract
Today, CPE provides a number of network functions such as firewall, access control, nat, policy management and VPN. CSR1000V can help service providers cut down the cost of CPE deployments and reduce their maintenance overhead by implementing selected network functions in software that can run on variety of industry standard servers. CSR1000V also offers NFV functionality leveraging Cisco's IOS-XE already proven, and time-tested deployment of this network OS in the field. The session will go over the fundamentals of virtual IOS-XE and its use cases for NFV and vCPE. The session will focus on virtual layer 3 to 7 features such as virtual Broadband Remote Access Server (vBRAS), virtual Route Reflector (vRR), virtual Carrier Grade NAT (vCGN).

4. Agenda Introduction CSR 1000v System Architecture
Cisco Live 2014
4/20/2017
Agenda
Introduction
CSR 1000v System Architecture
vCPE Network Architectures and the vMS Solution
Virtualizing BRAS, LAC, LNS or Route Reflectors
Conclusion

5. Cisco Live 2014
4/20/2017
Introduction

6. Network Functions Virtualization (NFV)
Announced at SDN World Congress, Oct 2012
AT&T BT
CenturyLink
China Mobile
Colt
Deutsche Telekom
KDDI
NTT
Orange
Telecom Italia
Telstra
Verizon
Others TBA…

7. What is NfV? A Definition
Cisco Live 2014
4/20/2017
What is NfV? A Definition
… NFV decouples the network functions such as NAT, Firewall, DPI, IPS/IDS, WAAS, SBC, RR etc. from proprietary hardware appliances, so they can run in software. ….. It utilizes standard IT virtualization technologies that run on high-volume service, switch and storage hardware to virtualize network functions.. ….. It involves the implementation of network functions in software that can run on a range of industry standard server hardware, and that can be moved to, or instantiated in, various locations in the network as required, without the need for installation of new equipment.
Service
Orchestration
NFV
SDN
X86 compute
Sources:
Network function virtualization
De-couple the network function from the hardware
Its just software, so why does it need to run on a dedicated hardware device
Server resources need to be integrated with AD
Server resources need to be available to the server admins
UCS-E part of Vmware domain?
Don’t mix application server resources with networking function resources
Different requirements
Key Enabler: Cloud technology
Hypervisor & x86 compute hardware
Network Programmability APIs
Network Automation / Orchestration

8. CSR 1000v System Architecture
Cisco Live 2014
4/20/2017
CSR 1000v System Architecture

9. Cisco CSR 1000V – Virtual IOS XE Networking
IOS XE Cloud Edition
IOS XE features for Cloud and NfV Use Cases
CSR 1000V OS
App OS
App RP FP
Rich Network Services
Routing, VPN, App Visibility & Control, DC Interconnect, and more
Hypervisor
VPC/ vDC
Infrastructure Agnostic
Server, Switch, Hypervisor
Server
Single-tenant WAN Gateway
Small Footprint, Low Performance
Virtual Switch
Perpetual, Term, Usage-based Licenses
Elastic Capacity (Throughput)
Programmability
RESTful APIs for Automated Management
Rapid Deployment and Flexibility

10. Architecture (CSR 1000v) - virtualized IOS XE
Forwarding Plane
Control Plane
Virtualized IOS XE
Generalized to work on any x86 system
Hardware specifics abstracted through a virtualization layer
Control Plane and Data Plane mapped to vCPUs
Bootflash: NVRAM: are mapped into memory from hard disk
No dedicated crypto engine – we leverage the Intel AES-NI instruction set to provide hardware crypto assist.
Boot loader functions implemented by GRUB
Packet path within CSR 1000v
Ethernet driver (ingress)
Rx thread
PPE Thread (packet processing)
HQF Thread (egress queueing)
Ethernet driver (egress)
IOS
FFP Client / Driver
Linux Container
Chassis Mgr.
Chassis Mgr.
Forwarding Mgr.
Forwarding Mgr.
FFP code
vCPU
vMemory
vDisk
vNIC
Hypervisor (VMware / Citrix / KVM)
Physical Hardware
CPU
Memory
Disk
NIC
Ctrl
Data 10

11. CSR 1000v Feature Support and Technology Packages
REFERENCE
CSR 1000v Feature Support and Technology Packages
Technology Package
IOS-XE Features
IPBase
Basic Networking: BGP, OSPF, EIGRP, RIP, ISIS, IPv6, GRE, VRF-LITE, NTP, QoS
High Availbility: HSRP, VRRP, GLBP
Addressing: 802.1Q VLAN, EVC, NAT, DHCP, DNS
Basic Security: ACL, AAA, RADIUS, TACACS+
Management: IOS-XE CLI, SSH, Flexible NetFlow, SNMP, EEM, NETCONF
SEC
IPBase Plus…
Multicast: IGMP, PIM
Advanced Security: Zone Based Firewall, IPSec VPN, EZVPN, DMVPN, FlexVPN
AppX
Advanced Networking: L2TPv3, BFD, MPLS, VRF, VXLAN
Application Experience: WCCPv2, AppXNAV, NBAR2, AVC, IP SLA
Hybrid Cloud Connectivity: LISP, OTV, VPLS, EoMPLS AX
ALL FEATURES

12. CSR 1000V Performance-to-Footprint in IOS-XE 3.14
Throughput
IP Base
SEC
AppX AX
10 Mbps
1vCPU/4GB
50 Mbps
100 Mbps
250 Mbps
500 Mbps
1 Gbps
2vCPU/4GB
2.5 Gbps
4vCPU/4GB
5 Gbps
8vCPU/4GB NA
10 Gbps
For each throughput/technology-package combination, the minimum required vCPU and RAM is listed
Performance results based on 1500 Byte packets and VMWare ESXi

13. License Management Overview
With IOS XE 3.13, CSR 1000v package names are now: IPBase, Security, AppX and AX
‘license boot level’ command adjusted accordingly
Old CLI commands are hidden but still accepted (‘[premium | advanced | standard]’)
Smart Licensing
Evaluation licenses can be generated for 60 days using the demo portal (
Require UDI
Two licenses: 50Mbps for AX, 500Mbps for IPBase
After evaluation period expires, throughput will be throttled to 100Kbps
See for license management details
IPBASE
Security
AppX AX BB
CGN 4G
MEM
1 Year
3 Year
Perpetual
Perpetual Only

14. Virtualization and Hypervisor Interactions
UCS
Blade
Hypervisor abstracts and shares physical hardware resources from / among multiple VMs
Scheduling of vCPUs onto physical cores can create non- deterministic behavior
Scheduling of vNICs onto physical ports can lead to packet losses / jitter
Multiple VMWare settings control resource allocations, e.g.
Number of vCPUs per VM
Min cycles per vCPU / pinning
vSwitch loadbalancing settings
Blade
Hypervisor VM VM
CSR
CSR
VNIC
VNIC
vMem Tables
Vswitch
vMem Tables
vCPU
vCPU
port
port
vCPU
vCPU
Scheduler
CPU
Core
CPU
Core
Memory
Phy i/f 14

15. Use Case: Cloud CE/PE Router
Tenant Scale
Use Case: Cloud CE/PE Router
VPC/ vDC
VPC/ vDC
PE WAN Router
Segment A
PE WAN Router
Segment A
Servers
CSR 1000V vCE
Servers
CSR 1000V vPE DC
Fabric DC
Fabric
MPLS
MPLS
Segment B
Segment B
Challenges
Mapping tenant traffic from VRFs to VLANs
Maximum 4,096 VLANs limits scalability
Benefits
More Tenants per Physical Infrastructure
End-to-end Managed Connectivity and SLAs
VLAN
MPLS
IPoVLAN, IPoIP, MPLSoVLAN, MPLSoIP (IP=GRE, VXLAN, etc.)
MP-BGP

16. Use Case: Secure VPN Gateway
Network Services
Use Case: Secure VPN Gateway
Benefit: Scalable, Dynamic, and Consistent Connectivity with the Cloud
Enterprise
Challenges
Inconsistent Security
High Network Latency
Limited Scalability DC
ASR
Cloud Provider’s Data Center
VPC/ vDC
CSR 1000V
Solutions
IPSec VPN, DMVPN, EZVPN, FlexVPN
Routing and Addressing
Firewall, ACLs, AAA
Internet
Branch
WAN Router
ISR
Switches
Benefits
Direct, Secure Access
Scalable, Reliable VPN
Operational Simplicity
Servers
CSR 1000V
Branch
ISR
VPC/ vDC
Public WAN VPN tunnel

17. Use Case: Traffic Control and Management
Network Services
Use Case: Traffic Control and Management
Benefit: Comprehensive Networking Services Gateway in the Cloud
Enterprise
Challenges
Response Time of Apps
Resource Guarantees
Resilient Connectivity DC
Cloud Provider’s Data Center
WAAS
VPC/ vDC
CSR 1000V
ASR
Solutions
AppNav for WAAS
QoS Prioritization
HSRP VPN Failover
WAN
Branch
WAAS
WAN Router
vWAAS
ISR
Switches
CSR 1000V
Benefits
Rich Portfolio of Network Features and Services
Single Point of Control
Servers
Branch
WAAS
HSRP
ISR
VPC/ vDC
Optimized TCP connection

18. vCPE Network Architectures and the vMS Solution
Cisco Live 2014
4/20/2017
vCPE Network Architectures and the vMS Solution

19. Managed CPE Extended Deployment Models
Customer Premise
On-premise Appliances / integrated Services
Router: Routing, ACL, NAT, SNMP..
Switch: port aggregation
Services realized with appliances
Full redundancy
Could be multi-vendor (Best of breed)
CUBE
CUBE
Ethernet Agg
SP Core
F/D/C
WAAS, FW, UC, …
F/D/C
Customer
Premise
L3 or L2 Private-cloud Branch
L3 router remains in branch but performs minimal functions
L4-7 services virtualized in the private cloud
Branch router tightly coupled with virtual router in the private cloud for services
F/D
SP Core
Ethernet Agg
Routing, QoS, FW, NAT..
Customer
Premise
FW, NAT..
Customer
Premise
(v)Router + virtualized L4-7 services
Router: Routing, ACL, NAT, SNMP
Services virtualized on UCS-E: FW, WAAS,
Could be multi-vendor (Best of breed)
Router could be virtualized too!
Ethernet Agg
SP Core
F/D
F/D/C = Fibre / DSL / Copper

20. Why Move Services into the SP Network?
Reduce costs, and consolidate by virtualizing services.
Simple, stateless branch hardware. Ship it, plug it in, done!
Eliminate equipment silos at each site.
Increase managed network functionality, while reduced per-site costs.
Evolve/upgrade managed service offerings without changing CPE devices.
“Slim” cloud CPE hardware portfolio to fit branch locations.
Unified management spanning all branches.
Not a replacement for entire CPE portfolio, but rather a complementary solution (for ‘vanilla’ services)
OPEX reduction
Fewer site visits to maintain and upgrade CPEs (e.g. service changes)
TW Chang (Bell): “I need a device on premise that we do not need to touch for 10 years!”
Leverage cloud orchestration also for NfV use-cases
Not a replacement for entire CPE portfolio, but rather a complementary solution (for ‘vanilla’ services)

21. vCPE Creates Four New Revenue Levers
Expand Cust. Base
Lever 2:
Capture SMB Market
Lever 3:
Reduce Churn
Lever 4:
Increase ARPU
Faster TTM enables more efficient use of resources
SP can reach out and close more deals with existing resources
SMBs need different value proposition and GTM than enterprises
Cloud CPE enables better SMB value proposition and more effective GTM
Cloud CPE improves service experience
Less downtime, faster issue resolution, etc
Happy customers are less likely to churn
Cloud CPE – services are delivered and managed centrally
Easier for customers to order new services
Existing
Customer
Base
(CPE)
New
Cloud CPE
customers
Expanding Customer Base
Current Market
New Market
CPE Churn
Cloud CPE Churn
Layering New Services:
Enterprise
Market
Segment +
SMB
Market

22. vCPE Architecture Building Blocks
Performs some / all of the L3 functions previously executed by an on-premise physical CPE
Location: either in SP PoP or in Data Center
Can be run in single-tenant or Multi-tenant mode
Provide Edge router either switches VLAN locally or tunnels the VLAN to the DC
CPE-Lite
in either L2 or L3 Mode
Minimal functions to reduce operational complexity
SP aggregation network assumed to be Carrier Ethernet
Transparently transports Ethernet frames to the PE
NOTE: CPE-lite and vCPE are tightly coupled through a tunnel
CPE-lite does not selectively forward only subsets of flows to the vCPE
=> Main difference to cloud connector / NfV architecture DC
PoP
VMs
vCPE
VMs
vCPE
Branch
Branch
MSE
MSE
CPE-Lite
SP Core
CPE-Lite
SP Aggregation
SP Aggregation

23. vCPE L2-NID Architecture
Customer Premise
Ethernet Agg
SP Core
Routing, QoS, FW, NAT.. L2
MSP is offering FE/GE port as a demarcation point to multiple customers (e.g. in basement)
Uplinks are FE or GE
NID connectivity to the SP infrastructure is purely based on Gig Ethernet
All traffic transparently sent to SP Infrastructure / vCPE
NID offers feature set:
Connectivity
L2 Security (L2ACL, Storm control, BPDU guard)
IP Manageability (TACACS+, AAA, OAM)
COS
No routing, services (NAT, Firewall, IPSLA, Netflow..), L3 HA
Source:

24. Single-tenant vCPE + L2 CPE-lite Protocol Stack
Ethernet Transport Network:
MPLS/TP
QinQ imposition
VLAN
DC Underlay:
Ethernet /L3 based
QinQ imposition
DC Underlay:
Same DC underlay PE
Decapsulate QinQ (e.g. EVC)
Encap customer VLAN according to DC underlay
Could also be last Eth Agg Switch
vCPE
First L3 hop
vCPE on ‘on-a-stick’ PE
Terminate customer VLANs into VRF or GRT
CPE-lite
Either VLAN or Ethernet Encap
QinQ
UNI
Ethernet/
VLAN
Carrier Ethernet
VRF
ME1200
ASR 9000
L2 DC
UCS/vCPE
L2 DC
ASR 9000 IP IP IP
Eth
Eth
.1Q
.1Q
QinQ
QinQ
.1Q
.1Q
.1Q
.1Q
.1Q
.1Q
.1Q
.1Q
.1Q
Phy
Phy
Phy
Phy
Phy
Phy
Phy
Phy
Phy
Phy
Phy
Phy
Phy
Phy
Phy

25. Reference E2E Functional Architecture for vMS/vCPE
DevNet-1020
Reference E2E Functional Architecture for vMS/vCPE
Extending orchestration to physical devices
WAN Orchestration
Demand Placement
Service Assurance
Analytics
Operations management &
Service Assurance
CFS
RFS
Self Service Portal
Customer Facing Services provide portal access to Catalog offerings including vCPE.
Network Services Orchestrator
CPE Management
Metro/WAN Management
VNF Management & Service Chaining
Meraki
Prime
Overlay SDN
Controller
ESC
Service Config
Day 0 boot-strap
Day 1/Day 2 config
Stats collection (n/w & apps)
Fault management
ISR, Other CPE
WAE
VNFs
Virtual Network Functions provide
CloudVPN and other NFVaaS
Future: provision SP Metro/VPN
WAN Optimization
Meraki MX
PE/DCI
UCS
L2/L3 CPE
(ISR, NID)
WAN/Internet
x86

26. Cisco NfV Orchestration Solution
OSS
Prime Service Catalog
(PSC)
Prime Order Fulfillment
or SP’s OSS/BSS
Service Assurance
User Self-Service Portal
A Framework enabled by multiple products & architecture
REST API
REST API
NFV Orchestrator
Network Services Orchestrator (NSO)
(Foundation Based on Tail-f NCS)
SDN sub-system / SDN
Controller
ESC API
VTM API
VM and Service
Lifecycle Manager
Elastic Services Controller (ESC)
Virtual Topology Controller (VTC)
Netconf/Yang
Or CLI
REST API /
JCloud (Future)
VM & Storage Orchestrator
OpenStack
Restconf
/Yang
MP-BGP
SDN Virtual Forwarder
VNF
VTF
CSR 1000v
OpenStack APIs
DCI
VNF
OVS
x86 Server
SP WAN

27. Cisco NFV Orchestration Solution: Capability Summary
Multi-domain orchestration across compute, storage and network (physical and virtual)
Data model driven design for service profile specification
Customer facing service definition exposed via RESTful API
Service orchestration (across physical and virtual)
Elastic VM Lifecycle management to grow/shrink service on demand
Supports horizontal and vertical scaling of VNFs (scale up/down, scale in/out)
VNF Lifecycle management (on-prem and in the cloud)
YANG based service models
Supports flexible south bound device interfaces (CLI, SNMP, Netconf/YANG, REST)
Service Provisioning
Application driven network policy
Supports rich network topologies and service chains
Integrates cloud service with SP WAN (VPN/Internet)
Automated Network Control
High performance virtual data plane (10Gbps per core)
High availability across infrastructure plane and service plane
Carrier-class performance and reliability
One Touch Install

28. Mapping architecture to ETSI NFV Framework
Service Catalog
SP’s Existing OSS/Catalog
Service, VNF and Infrastructure Description
REST API
NFV Orchestrator
Network Services Orchestrator (Based on Tail-F NCS)
Cisco VNF Manager
VNF Manager
Service Lifecycle Management
Service Provisioning
Service Lifecycle management
(ESC)
OpenStack
Cisco Virtual Topology Controller
VMware
Virtual Infra. Managers (VIM)
(Compute and Storage VIMs)
(Network VIMs)
VNF Library (sample list)
VTF
CSR1kv NF F
3rd Party vNF
ASAv
QvPC SI
QvPC DI
NFV Infra (NFVI)
Currently available (included in 1.0)

29. Service agility: From months…

30. … to minutes 4 3 2 1 IT-light Service Control 3
Self-monitoring,
Self-maintaining
Elastic 4
value 1 2 3
time
minutes
months
present mode
of operation
new mode
days
weeks
Order Auto-orchestrated
in virtualized Multi-Service
Smart Infra Cloud 3
Auto-created design
Based on user inputs 2
User Self-Service : GUI Input
rendering & corrections 1

31. NFV Orchestration Solution: Network Control System (NCS)
Network Element Drivers
Device Manager
Service Manager
Network Control System (NCS)
Service Models
Device Models
Network-wide CLI, Web UI
REST, Java, NETCONF
Network
Engineer
Management
Applications
End-to-End
Transactions
NETCONF, CLI, SNMP, REST, etc.
Controllers
Multi-vendor service orchestrator for existing and future networks
Single pane of glass for:
L2-L7 networking
Hardware Devices
Virtual Appliances
Model Driven Orchestration
Service Data models (declarative)
Device Data Model (for auto config)
All Models are YANG Based
Highly Scalable for large infrastructure
One of the existing deployment is managing 60K devices on the network
Additional orchestration capabilities are being added
Network Services Orchestrator (NSO): Service orchestration system that is built on the newly acquired Tail-F NCS product. NSO provides the infrastructure to define and execute the YANG data models needed to realize a customer service and is responsible for providing the overall lifecycle management at the network service level. It utilizes model-based workflows that enable the design of services based on predefined service elements and the reuse of existing service templates. This allows service providers to rapidly fulfil a large variety of services. The Services Orchestrator provides a northbound interface to a higher-level orchestrator that is responsible for orchestrating across multiple domains to deliver end-to-end services that may rely on both NFV and other network and technology domains.
The Services Orchestrator also provides intelligent workload automation by using real-time analytics and performance monitoring. Based on factors such as hardware and VM utilization data as well as inventory, fault, performance, and analytics data for the deployed VNFs, services can be strategically placed in the most optimal locations across the infrastructure - enhancing service performance and availability while optimizing the use of resources.
NSO also enables policy-driven capacity management, which involves the setting and enforcement of policies and the use of resources based on business considerations, compliance requirements, and SLAs. For example, service providers can set thresholds on the run rate (cost of operations) of implementing an NFV service in aligning with their business objectives. A compliance requirement may include ensuring a level of security provisioned with an NFV to comply with industry or government regulations, while SLAs may require specific bandwidth or quality of service (QoS).

32. Cisco Elastic Services Controller: Customer Benefits
Service Agility
Agentless, multi-vendor VNFs support - no limits
Onboard new applications faster with custom monitoring
Dynamic VNF registration, deployment, and LCM
Modularity, Multi-vendor and Open Platform
Modular architecture- offering choice of multi-vendor – OSS, VNF’s and VIM
Extensible, supports VNF descriptor data models (Yang)
Reduce Opex, Optimal resource consumption
VNF monitoring and elasticity with vertical and horizontal scale
Integrated Intelligent rules based engine
Service auto-recovery and N-way redundancy
Faster Innovation
End to end customizations for specialized applications
Integrate with 3rd Party Orchestration, and Assurance systems

33. ESC - VNF Lifecycle Management, Monitoring and Elasticity
Elastic Services Controller
VNF Provisioning
VNF Configuration
VNF Monitor
Analytic Engine
Rule Engine
Provision VM
Configure
Service
Service
Functional
Service
Overloaded / Underloaded
Custom Script Action
Predefined Action
VM Bootstrap
process VM
alive
Service Bootstrap Process
Service
alive VM
Overloaded / Underloaded
Custom Script Action
Predefined Action
Custom Script Action
Service DEAD
Predefined Action
VM DEAD
Custom Script Action
Predefined Action
Predefined Action
Predefined Action
Custom Script Action
Custom Script Action
Simple Rules
Complex Rules
List of Events
List of Actions
Service Alive => advertise
Service Alive => Advertise, Notify
VM Alive
Service Alive
Upper load threshold crossed
Lower load threshold crossed
Service Dead
VM Dead
Notify (callback)
Advertise Service
Withdraw Service
Restart VM
Scale up (add a VM)
Scale down (remove a VM)
Individually customizable action(s) for every event
VM Dead => withdraw
Upper load => Scale up, Notify, Advertise
Upper load => scale up
Service Dead => Withdraw, Notify, Restart

34. NFV Orchestration Solution: Virtual Transport Function and Controller (VTF & VTC)
VTC – Routing controller based on XRv
VTF - Light weight, high performance software forwarding plane
Provides highly optimized forwarding in x86 environment
Runs once on each server
Contains a unique forwarding context per tenant
Provides per-tenant L3, L2 and PBR forwarding for service chaining
Provides IP routed and L2 P2P transport
Provides DHCP relay, ARP function
Programmed by NSO Controller using YANG over RESTConf
All forwarding controlled centrally
Granular L3 and L2 forwarding entries
N-tuple match
Control
channel
to NSO
Data
to DC Fabric
VM (VTF)
VRF R
VRF Y
VRF G VM VM VM VM VM VM
“CE”
“CE”
“CE”
“CE”
“CE”
“CE”
Server
VNF Manager: Cisco Elastic Services Controller (ESC) – This is the VNF Manager that automated VNF lifecycle management including the creation, provisioning, and monitoring of VNFs. The VNF Manager is also responsible for the scale-up and scale-down of the VNFs based on dynamic and fluctuating service demands. The VNF Manager uses cloud computing resource managers such as OpenStack and VMware at the VIM layer to configure and provision compute and storage resources across multivendor data centre networks. Modularity is a key component of the DSC solution and specifically NSO will have the capability to support multiple different VNF Managers (VNFM) including ESC, Quantum Telco Cloud Manager (Cisco specific Mobility VNFM) and 3rd Party VNFM in the coming releases
DC SDN Controller: This is the component of DSC solution that provides management of the of the data centre infrastructure and connect the virtualized services (a VNF or a set of chained VNFs) to the service provider VPNs, the Internet, or both. This enables rapid deployment of complex virtualized services made out of composite VNFs in multi-tenanted service provider data centres. This also include the role of linking the WAN and DC environment via a DC interconnect (DCI) capability.
In NFV terms the NSO has the capability to integrate and orchestrate different Network VIMs types. It is planned support both Software based Overlay Solutions and Hardware-accelerated Overlay solutions in the future. The Hardware-accelerated Overlay Solution will be based on Cisco Application Centric Infrastructure (ACI) that provides hardware-based segmentation and service chaining, integration with virtual and physical servers and appliances. The ACI solution will also contain an APIC policy controller. The Software Overlay implementation utilizes Cisco Virtual Topology System (VTS). The Virtual Topology Controller (VTC) provides a centralized SDN controller functionality and performs functions such as route and topology calculations while the Virtual Topology Forwarder (VTF) resides on the compute nodes and provides multi-tenant forwarding and also slated to support service-chain creation in the future.

35. CloudVPN Business Services: Use Case 1: CloudVPN with Internet, Firewall (FW), Remote Access (RA)
Cloud IPVPN with FW and Remote Access to Internet
vFW with NAT and Policy
vFW with IPSec/SSL Remote Access including Remote End-Host posture verification
Cloud-Hosted Management
Scalable, elastic, on-demand VR
vFW
Internet Router
CPE
Internet
SP CLOUD
Overlay Packet Tunnels
Keyed IPv6 tunnels - mesh, hub&spoke;
IPSec tunnels – mesh, hub&spoke if keyed IPv6 tunnels not supported;
CPE
CPE

36. CloudVPN with ISR CPE Use Case
Customer Orders VPN Service
Tenant Portal
SP’s OSS/BSS
REST API
REST API
Network Services Orchestrator (NSO)
PnP Server
Provide Day 1 Configuration
Elastic Services Controller (ESC)
Provision
CSR
PnP Functionality
Zero Touch Provisioning
CSR1Kv
Spin up CSR
OpenStack
X86 Server
Establish VPN: IPSec, IP Overlay
(VXLAN, GRE, LISP), L2
ISR CPE
CloudVPN Connectivity up
ISR CPE Shipped to Customer
Site, connected & Powered ON
DCI/PE

37. Adding VNFs in the cloud
Customer Orders VPN Service
Tenant Portal
SP’s OSS/BSS
REST API
REST API
Network Services Orchestrator (NSO)
PnP Server
Provide Day 1 Configuration
Elastic Services Controller (ESC)
Virtual Topology Controller (VTC)
OVS/VTF
PnP Functionality
Zero Touch Provisioning
More scalable and flexible service chaining enabled with VTC & high-performance VTF
OpenStack
Internet Gateway
X86 Server
Establish VPN: IPSec, IP Overlay
(VXLAN, GRE, LISP), L2
ISR CPE
CSR1Kv
ASAv
vESA
CloudVPN Connectivity up
ISR CPE Shipped to Customer
Site, connected & Powered ON
DCI/PE
If more VNFs are needed
for a Service Chain ?

38. NfV Example Workflow Cloud Service Orchestration
Request received
Catalog item
Defines workflow
Workflow calls Service Creation to set up service VMs
Service Creation calls to Openstack to set up VMs
Openstack sets up VMs
Workflow calls to Service Config function to set up services
Service Config configures services
Workflow calls DC network controller
DC network controller configures overlay network
Service monitoring tracks availability and performance of service
Service Creation manages service elasticity and high availability
Cloud Service Orchestration 1
Portal / UI / API
Catalog
Workflow 2 3 4 7 9
Network Service Control
Service Creation
Service Monitoring
Service Config
DC Network Controller
WAN Controller
Control IP … 12 11 5 10 8
VM/Storage Control
Network Control 6
Infrastructure
Physical
Network
Virtual Network
Compute
Storage
Virtual Services

39. Cisco Live 2014
4/20/2017
Conclusion

40. Summary – what we talked about Today
This session reviewed the
CSR 1000v System Architecture
vCPE Network Architectures and the vMS Solution
Virtualizing BRAS, LAC, LNS or Route Reflectors

41. Key Conclusions
Virtualization is maturing fast and enabling new architectural variations
CSR 1000v is able to meet SP requirements for virtualization from a feature- richness and performance perspective
vCPE architectures are enabled by Cisco using the vMS solution, where the CSR 1000v offers virtualized CPE functionality in the cloud combined with orchestration
The virtualized IOS XE of the CSR 1000v enables other NfV use-cases like vBRAS, vLNS and thus enables different architectures
Virtualization is about changing the architecture, not simply replacing a hardware system with a software system
Increased focus on automation and orchestration

42. Cisco Live 2014
4/20/2017

43. 4/20/2017
Cisco Live 2014