SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)

2. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Agenda • Introduction • VMS Services • IWAN • Cloud VPN • Cloud VCE • VMS Technology Drivers • VMS Definition • VMS Demo • Conclusion

4. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Digital Innovation Overwhelming the Branch OS Updates HD Video Omni-channel Apps Mobile Apps Online Training SaaS Enterprise Apps Social Media Guest WiFi Digital Displays Branch Office *Tech Target, Branch Office Growth Demands New Devices., 2013 **Gartner, Forecast Analysis: Worldwide Enterprise Network Services, Q2 2014 Update *** Gartner: “Bring Branch Office Network Security Up to the Enterprise Standard, Jeremy D’Hoinne, 26 April. 2013. 20-50% Of employee and customers are served in branch offices* 73% 80% 30% More Users More Apps More Risk Increase in Enterprise bandwidth per year through 2018** Of advanced threats will target branch offices by 2016 (up from 5%) ** More Devices Growth in in mobile devices from 2014 - 2018**

5. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Next generation network characteristics are more dynamic than in the past Hybrid DC, Cloud WAN Connectivity On-demand Multiple Carriers New Traffic Patterns One Large Global WAN One Carrier Static Application Flow 5

6. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 What Are These New Traffic Patterns? InternetMPLS NetworkTraditional traffic Public Cloud MPLS Network Internet New traffic 6

7. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 MPLS is 5x the transport cost for traffic that ends up on the Internet anyway 7 $1,000 97% 84% $2.34 Zone of Enlightenment

10. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Definition: ONUG* (Large Enterprise User Group) has specified 10 requirements for an SD-WAN ONUG SD-WAN Requirements Cisco 1 CPE: physical or virtual form factor ✔ 2 Zero Touch Deployment: agility in provisioning and deployment ✔ 3 Secure Hybrid WAN: Dynamic traffic engineering across Internet & private WAN based on application policy, and aware of network availability/degradation ✔ 4 Active-Active Architecture: Sites connect to applications through Internet & private WAN ✔ 5 High Availability & Resiliency: Optimal for client user experience ✔ 6 Layer 2 & 3 Interoperability: With directly connected switch and/or router ✔ 7 Visibility, Prioritization & Steering Applications: Specifically business critical and real-time applications per security, corporate governance and compliance ✔ 8 Management Dashboard/Portal: By site, Application and VPN performance level ✔ 9 Controller with open APIs: For access and management, forward specific log events ✔ 10 FIPS 140-2 Validation Certification: Encryption with automated certificate life cycle management ✔ *ONUG: Open Networking User Group (Large Enterprises)

11. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 What are the VMS services? •Many and varied •Starts with Cloud VPN •Adds virtual service attachment •Supports IWAN •Real deployments will require aspects of each

12. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 vRouter (CSR1Kv) Internet Full Cloud VPN Internet I-VRF Internet PE DC SW UCS CPE CloudVPN (IPSec) Firewall (ASAv) BR- INSIDE-01- VMS Web Security (WSAv)

13. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 vRouter (CSR1Kv) Internet Full Cloud VPN + vCE on CSR1Kv Internet I-VRF Internet PE DC SW UCS CPE CloudVPN (IPSec) Firewall (ASAv) BR- INSIDE-01- VMS MPLS VPN CustX- VRF VLAN 85 10.193.1.0/24 AS 65001 AS 65010 BR-vCE-PE-CustX Web Security (WSAv)

14. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Public Cloud Virtual Private Cloud MPLS Private Cloud Internet Branch ISR4K VMS IWAN as we know it A DMVPN cloud per transport between branch and enterprise hub All security implemented at hub before going out to Internet Multiple independent broadband circuits Internet DMVPN today: ISR branch today: Inet and MPLS DMVPN MC1

15. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Public Cloud Virtual Private Cloud MPLS Private Cloud Internet Branch ISR4K VMS IWAN with CPE Based Split Tunneling Efficient access to SaaS, guarantees branch gets closest resource Direct Internet Access Local breakout direct to Internet for Specific SaaS apps. Needs ZBF and ACL for security on CPE Internet Inet and MPLS DMVPN MC1

16. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Public Cloud MPLS Private Cloud Internet Branch ISR4K VMS IWAN with service provider security services Revenue opportunity to offer virtual services to IWAN connected customers SP Data Center Virtual Security Services Internet Inet and MPLS DMVPN

17. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 17 Cisco Intelligent WAN Solution Components Intelligent Path Control Load Balancing Policy-Based Path Selection Network Availability Secure Connectivity Scalable, Strong Encryption App-Aware Threat Defense Cloud Web Security Application Optimization Application Visibility App Acceleration Intelligent Caching Transport Independent Provider Flexibility Modular Design Common Operational Model AX Router

18. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 The Challenge with IWAN: New Complexity MPLS (IP-VPN) Internet PoP Data Center • Stateful firewall • DNS logging • URL Black listing • AV in the cloud • URL logging • Netflow Collection • IDS / IPS • Anti-Malware • Full Packet Capture • Intellectual Property Protection • Web Proxy logging for compliance Internet Public Cloud Virtual Private Cloud e.g. Cisco: 16 IPoPs serving ~500 branch offices Today’s Enterprise WAN (e.g Cisco) 18

19. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Scaling Security Posture “How do I capture IWAN savings with this operational model?” Internet PoP Data Center • Stateful firewall • DNS logging • URL Black listing • AV in the cloud • URL logging • Netflow Collection • IDS / IPS • Anti-Malware • Full Packet Capture • Intellectual Property Protection • Web Proxy logging for compliance Internet ? “16 becomes 500”MPLS (IP-VPN) “It would be great if an SP could help us with this challenge” - John Manville, SVP Cisco IT 19

20. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Intelligent WAN (IWAN) A Hybrid WAN Solution - Built Exclusively for the Enterprise. Reduce Access Costs Internet Branch Branch Branch Enterprise Hub IPSec Tunnel Direct to Hub InternetInternetInternet MPLS VPN Direct to SP Enterprise HQ Achieve Network Diversity 20 Intelligent path allocation Visibility, control and optimization

22. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 • The second half of the chessboard dynamics of processing power • Why Netconf and Yang are game-changers • Simplicity of user experience rules VMS Market Drivers Why Are Things Different This Time Around? 22

23. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 What We’ve Learned From Exponential Growth Second half of chessboard makes experience of first half irrelevant 53” 45” 7.3” 16 ft2 57.45 ft3 5,500 lbs 9.5” 0.48 ft2 0.013 ft3 1.3 lbs iPad2 has more computing power than the Cray2 Supercomputer, at fraction of power consumption Watson AI is reaching human levels in some fields 15

25. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Automated Self-Service On-Demand Architect It Design It Where Can We Put It? Procure It Install It Configure It Secure It Is It Ready? Manual Why Netconf and YANG are important From Complexity to Simplicity and Automation FROM WEEKS TO MINUTES* Service Oriented Self-Service Automated Provisioning Elasticity (Capacity-on-Demand) 20

26. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Determining Business Relevance How Important is an Application to Your Business? Relevant IrrelevantDefault • These applications directly support business objectives • Applications should be classified, marked and treated marked according to industry best-practice recommendations • These applications may/may not support business objectives (e.g. HTTP/HTTPS/SSL) • Applications of this type should be treated with a Default Forwarding service • These applications do not support business objectives and are typically consumer-oriented • Applications of this type should be treated with a “less-than Best Effort” service RFC 4594 RFC 2474 RFC 3662

27. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 What Do We Do Under-the-Hood?Apply RFC 4594-based Marking / Queuing / Dropping Treatments Application Class Per-Hop Behavior Queuing & Dropping Application Examples VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729) Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs) Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE Signaling CS3 BW Queue SCCP, SIP, H.323 Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution Default Forwarding DF Default Queue + RED Default Class Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox LiveIrrelevant Default Relevant

28. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Simplicity of user experience 28 • Anticipate user needs • Click and drill • Intelligently guide user • User manual not required

29. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Multiple Innovations Required For Big Leaps Example: Internet IP Created HTML Invented Telco’s Deploy Broadband Internet Simplified Overlay Networks Service Oriented Management Computing power Service Delivery Framework Virtual Managed Services: 29

32. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 To get simplicity for the users, we need more intelligence in the system • Separate intent from instantiation • What is intent? • What is instantiation? • How do we tie instantiation to configuration? 32

33. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 Orchestration From instantiation to deployment YANG Model Instantiation for Site 1 Instantiation for Site 2 Combine with template Feed through NED Deliver via NETCONF 33

34. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 VMS Network Services Orchestrator PnP Server Transaction Database Open PnP Service Manager Device Manager Network Element Drivers x86 Virtual Service Model Service Model Service Model Zero Touch Deployment Open Method for ZTD Access Supported by Netconf Service Manager Interprets Service Intent with Service Instantiation Rules and derives configuration Device Manager manages derived and validated configurations in a transaction manner towards infrastructure. Network Element Drivers Abstract the interfaces to the devices allowing 3rd party infrastructure to participate in Service Instantiation Service Models written in Yang Abstract Service from underlying physical devices 23

35. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 True Zero Touch for devices with Internet Connections New device is powered on and gets IP and internet connectivity from ISP New device invokes web service API call to PnP Server and registers its UDI (serial number). Management channel established 1 2 PnP server matches serial numbers and downloads the configuration 4 Assumptions: New device has internet connectivity (from the ISP) PnP server URL is hard coded User Activates Desired device (branch or hub router) 3 Customer branch PnP Server 1 2 3 4 35

36. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 VMS Orchestration Component Mapping NSO Orchestrator ESC Life Cycle Manager OpenStack Virtualization VNFs CFS RFS Service APIs Infrastructure 25

37. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 VMS Elastic Service Controller Confd Service Monitor Custom DHCP SNMP Ganglia Service Provisioning Scale Up/Down Elasticity Custom Day 0 Config VM Provisioning & Configuration Module VNS Bring-up & Initial Configuration Application. Multi-vendor Support. Allows Modular Communication with NCS. Data Model Driven. Affinity Rules and Scale Requirements for the VNF components ESC uses multidimensional approach to VNF Monitoring/Restartability Elastic Services Controller Netconf 26

39. Thank you.

SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)

Estás leyendo una previsualización.

Eche un vistazo a continuación

SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)

Más Contenido Relacionado

Presentaciones para usted (20)

Similares a SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN) (20)

Más de Cisco Canada (20)

Más reciente (20)