4. Cloud Data Centre
Consumer
DPI CGN WWW
FW CDN IPS
Virtual Private Cloud
Enterprise NfV Services
CPE DPI WAAS
FW NAM IPS
SP IP/MPLS
Network
SP
DC Fabric
Guaranteed Network SLA Cloud SLA
Service Chaining
NSO / VTS / Elastic
Service Controller
Cisco WAE
4
CPE
CPE
PE
DCI
vCPE
SDN – Сквозное управление услугой
Централизованный контроль ресурсов и обеспечение SLA
5. Инфраструктура сегодня:
управляется раздельно и сложно
Data
Center
Customers
Wide Area Network Cloud
Optical
IP/MPLS
Software Engineering (Applications)
System Engineering
(Compute, Storage, Virtual
Machines)
Network Engineering
(WAN Services, NfV)
Enterprise
Virtual
5
6. Новый подход к управлению инфратсруктурой
Data
Center
Customers
Wide Area Network Cloud
Optical
IP/MPLS
Software Engineering (Applications)
System Engineering
(Compute, Storage, Virtual
Machines)
Network Engineering
(WAN Services, NfV)
Enterprise
Virtual
Physical and Virtual
API’s
Orchestration
API’s
Applications
6
7. Место SDN в новом подходе
Data
Center
Access/Customers
Wide Area Network Cloud
Optical
IP/MPLS
DC/Cloud
SDN
Enterprise
SDN
Applications DC-WAN X-Domain OrchEnt-SP WAN X-Domain Orch
SP SDN
(e.g WAN Orchestration)
7
8. Data
Center
Access/Customers Wide Area Network Cloud
Optical
IP/MPLS
DC/Cloud
SDN
Enterprise
SDN
Applications DC-WAN X-Domain OrchEnt-SP WAN X-Domain Orch
SP SDN
(e.g WAN Orchestration)
8
APIC
EM
APIC
DC
Место SDN в новом подходе
9. SDN: Большой выбор платформ
9
“Купить” “Разработать”
Tail-F
NCS
Оркестрация
NETCONF PCEP BGP-LS NETFLOW SNMP CLI
Множество опций управления Физическими и Виртуальными устройствами
11. Оркестрация – Раньше и Теперь
OSS/BSS
WANCPE Data Center
CPE
Prov
WAN
Prov
DC
Prov
OSS/BSS
WANCPE Data Center
Orchestration
Platform
YANG
Service
Models
YANG
Device
Models
REST, Netconf, …
Customized BSS/OSS and
Provisioning Systems Model-driven Network and Service
Orchestration
13. ASR 9001 ASR9904 ASR 9006 ASR 9010 ASR9912 ASR 9922
Размер 2RU 6RU 10RU 21RU 30RU 44RU
Кол-во I/O слотов 2 MPAs 2 4 8 10 20
Вентиляция Side to side Side to side Side to back Front to back Front to back Front to back
Произв. / слот N/A 770G/385G 440G/220G 440G/220G 770G/660G 770G/660G
Произв. шасси /
слот
120Gbps 2Tbps 880Gbps 880Gbps 2Tbps 2Tbps
Произв. всего
шасси
120Gbps 8Gbps 3.5 Tbps 7.0 Tbps 20Tbps 40Tbps
Cisco ASR 9000
Virtual
XR DP
IOS XRv 9000
14. Поддержка SDN на ASR 9000
Controller
OpenFlow
OpenFlow
Agent
Приложения
Policy Servers OSS/BSS User AppAnalytics
Оркестрация
Control Plane
Management
Plane
Controller
Контроллеры3
Программные
политики
BGP-LS
API и Протоколы
OpenFlow Agent ,
BGP-LS, PCEP,
NETCONF
2
SDN Enabled Data
Plane
1
E-PBR Data Plane
Policy Fwd Flows
ASR 9000
SDN Платформы
Orchestration,
Analytics, Services, etc
4
VSM
Эффект
Интеллек-
туальной
сети
Controller
PCEP
Приложения5
15. Различные инструменты для тестирования
OpenDaylight (ODL)
https://wiki.opendaylight.org/view/Getting_started
http://www.opendaylight.org/software/downloads
REST Client:
Chrome: Postman REST Client
Firefox: REST Client
Wireshark: https://www.wireshark.org/
IOS XR 5.2.2 with physical routers and
Virtual Internet Routing Lab (VIRL): virl.cisco.com
For Your
Reference
15
17. Обнаружение и сбор данных по топологии сети
• Традиционные:
§ Methods: SNMP, SNMPCollect (polling), Netflow, CLI Parsing
§ Platforms: Network Management Systems (NMS)
§ Are and will continue to be used…
• Недостатки:
§ Delay in topology changes to NMS
— E.g. delay based on polling intervals
§ Unreliable transport
— e.g. missed SNMP traps
• Требуют наращивания по мере роста сети и информации о ее состояниях
17
18. Обзор BGP Link-State (BGP-LS)
Use BGP to advertise LSDB and TED of a network
§ New link-state address family
Support for OSPF and ISIS LSDB
Advantages
§ Single upstream topology feed (BGP)
§ IGP isolated from external entities
§ Leverage well-known BGP security,
transport and policy knobs
§ Enables operator control
Support introduced in IOS XR 5.1.1
Implementations: WAN Automation Engine (WAE),
OpenDaylight (ODL)
Domain 1 Domain 2
Domain 0
BGP-LS
BGP-LS BGP-LS
RR
PCE
TED
LSP DB
18
22. BGP-LS Пример* Topology Visualization
22
*Посетите DevNet чтобы скачать пример программы визуализации BGP-LS
https://developer.cisco.com/site/devnetlabs/bgp/
24. Path Computational Element (PCE)
Определение
• Traffic Engineering Database (TED)
§ Содержит топологию и информацию
о ресурсах
§ Основывается на IGP LSDB
• PCE Server (PCE)
• Path Computation Client (PCC)
§ Агент на маршрутизаторе, который
взаимодействует с PCE Server
• PCE Protocol (PCEP)
§ Протокол работающий между PCC
на маршрутизаторе и PCE server
24
Основная функция расчитать путь (напр. MPLS TE LSP)
в MPLS/GMPLS сети
25. • Stateless
• PCE не имеет информации о ранее построенных LSP
• Stateful
• Синхронизация PCC и PCE
• PCC пересылает изменение состояний на PCE
• PCC может делегировать упр-е LSP на PCE
• PCE или PCC могут инициировать настройку
LSP
• PCC всегда отслеживает состояние LSP
Stateless и Stateful PCE
25
PCEP
Stateful PCE
TED
LSP DB
PCC
PCE-initiated
LSP
26. Stateful PCE
• LSP Database
§ Contains info/status on active LSPs
communicated by PCCs in LSP state
report messages
• Active Stateful PCE
§ References LSP DB for path
computations
§ Programs LSP state in network
• PCC reports LSP status to PCE
• PCE may reprogram an existing LSP
• LSP Delegation
§ PCC delegates LSP control
responsibility to PCE
LSP=Label Switch Path
26
27. ASR9000 туннели инициированные PCE
• Treated as dynamically created tunnels
(auto-tunnel)
• Router does NOT verify or compute path
that PCE provides
§ treated as verbatim path
• PCE responsible for LSP re-optimization
• PCE sends an PCEP Update when a better
path exists
• Tunnels may be inter-area
• *PCE Initiated tunnel does not appear in
configuration
§ “show mpls traffic-eng tunnels”
PCEP
Initiate /
Create
Stateful PCE
TED
LSP DB
PCC
27
32. ASR9000 проверка PCE тунеля
RP/0/RSP0/CPU0:ASR9K-AG04-4#show mpls traffic-eng pce tunnels
Mon May 19 17:39:38.550 UTC
Tunnel : tunnel-te7004
Destination : 10.99.6.6
State : up
Current path option : 10
32
33. ASR9000 команды проверки состояния
• New commands
§ show mpls traffic-eng auto-tunnel pcc […]
• Modified Commands
§ show mpls traffic-eng pce peer [ all|ipv4 <addr>|node-id <id>|stateful|stateless]
• Other useful commands
§ show mpls traffic-eng pce tunnels <id>
§ show mpls traffic-eng pce trace […]
§ show mpls traffic-eng tunnels tabular
33
34. Traffic Steering into PCE-Initiated Tunnels
Возможные методы:
• Autoroute announce
• Policy-based tunnel selection (forwarding class id)
34
35. Policy Based Tunnel Selection
• Local mechanism at head-end
• PBR policy sets forwarding class for
incoming traffic
• Traffic switched to tunnel with matching
forwarding class
• Seven forwarding classes supported (1-7)
• One forwarding class reserved as default (0)
PE1
PE2
Tunnel-te1000
Forwarding class 1
Tunnel-te2000
Forwarding class 0
(default)
Input policy matches
traffic based on ACL
and sets forwarding
class
35
36. Traffic Steering PCE Initiated Tunnel
Tunnel-te1000
Forwarding
class 1
Tunnel-te2000
Forwarding
class 0 (default)
Tunnel-te7000
PCE Initiated LSP
Forwarding class 2
ASR9K-1
CE
TenGigE0/1/0/1
10.201.7.43
ASR9K-2
ASR9K-3
Set Forward ClassID 2
36
37. Orchestra?on
RESTful APIs
PCEP Programming
Пример: PCE Initiated LSP
WAN
R1
R2
R3
Data Center #1 Data Center #2
4
3
Service Request
1
Analytic to determine LSP
2
PCCreate LSP
3
Traffic steering onto LSP
6
10.201.7.43
2
6
TE LSP Signaling
4
Delegate & LSP State Report
5
5
39. Традиционноый подход - CLI
• Generally a majority of today’s
configuration
• Device Specific
• Human Friendly
• Manual (challenging to automate)
• Developer un-friendly
§ Such parsing CLI screen scrape
• No Common Data Model
• No Built-In Error Reporting
[joerober@rtp-odl ~]$ ssh lab@10.99.1.1
lab@10.99.1.1's password:
RP/0/RSP0/CPU0:ASR9K-AG04-1#configure terminal
Tue Jan 6 17:18:58.350 EST
RP/0/RSP0/CPU0:ASR9K-AG04-1(config)#
39
40. NETCONF
• Network Configuration Protocol (NETCONF)
§ XML based interface between network device and NMS
§ Mechanism to manage, configure, and monitor network device
• Published RFC 4741 (Dec 2006)
• Updated RFC 6241 (Jun 2011)
• RFC 6242 (Jun 2011) Using the NETCONF Protocol over Secure Shell
• Overcome SNMP Limitations
§ 2003 IAB Network Management Workshop (RFC3535)
40
41. YANG
• Modeling language defined in RFC 6020
• Used by NETCONF to define objects and data in requests and replies
• Models configuration, operational, and RPC data
• Provides semantics to better define NETCONF data
• Provides common data model:
§ In order for NETCONF to be useful as network-wide protocol
§ To consume NETCONF data from any network device
• YANG modules are for NETCONF what MIBs are for SNMP
41
42. Сравнение SNMP и NETCONF
SNMP NETCONF
Data Models Defined in MIBs Defined in YANG modules (or
XML schema documents)
Data Modeling Language Structure of Management
Information (SMI)
YANG (and XML schema)
Management Operations SNMP NETCONF
RPC Encapsulation Basic Encoding Rules (BER) XML
Transport Protocol UDP TCP (reliable transport)
42
43. NETCONF Уровни
• Content
§ Configuration and Operational Data
• Operations
§ Defines base operations
§ What clients do to servers
• Messages/Remote Procedure Call (RPC)
§ Transport-independent mechanism for encoding messages
§ RPC, RPC-Reply
• Transport
§ Reliable communication between client and server
Content
Operations
Messages
Transport
43
44. ASR9000 NETCONF Транспорт и операции
SSH NETCONF (1.1) session:
§ IOS XR 5.3.1
§ On client utilize ssh with –s to request invocation of subsystem on server (router)
— ssh lab@172.18.152.20 -p 830 -s netconf
Transport
Messages
Operations
Content
Client Server
<rpc>
<rpc-reply>
44
45. NETCONF Операции
45
Operation Description
<get-config> Retrieve all or part of specified configuration datastore
<edit-config> Loads all or part of a configuration to the specified configuration
datastore
<get-schema> Retrieve YANG-based XML Data
<commit> Copy candidate datastore to running datastore
<get> Retrieve running configuration and device state information
<lock> / <unlock> Lock or unlock the entire configuration datastore system
<close-session> Graceful termination of NETCONF session
<kill-session> Forced termination of NETCONF session
Complete List Protocol Operations: https://tools.ietf.org/html/rfc6241
Transport
Messages
Operations
Content
46. ASR9000 NETCONF Data Stores
§ Target of NETCONF Operations
§ Data stores are named containers that may hold an entire copy of the configuration
§ IOS XR Supported Datastores:
§ <running>
§ <candidate>
§ *XR two stage commit (no startup datastore)
Running Candidate
Transport
RPC
Operations
Content
46
47. YANG XR 5.3.1 Data Models
• YANG data modules are part of the software image.
• Models can be retrieved from router using <get-schema> operation.
• YANG Model file for each configuration module
§ For example, to configure CDP, the relevant yang model is Cisco-IOS-XR-cdp-cfg
• 5.3.1 Data Models:
http://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r5-3/security/
configuration/guide/b-syssec-cg53x-crs/
Implementing_the_Network_Configuration_Protocol.pdf#unique_8
47
48. ASR9000 NETCONF 1.1 Configuration (XR 5.3.1)
• Pre-requisite:
§ k9sec pie must be installed
§ Crypto keys must be generated
• Enable NETCONF Agent:
• ssh server netconf port 830
• netconf-yang agent ssh
• Session verification:
• show netconf-yang clients
• show netconf-yang statistics
! IOS XR 5.3.1
hostname ASR9K-R1
domain name cisco.com
!
ssh server v2
ssh server vrf default
ssh server netconf port 830
netconf-yang agent
ssh
!
48
49. XR 5.3.1 Sample NETCONF/YANG Workflow
49
ASR9000
Orchestration Platform
NETCONF Client
1 XR Image contains YANG
2 Client (application) retrieves
models with <get-schema>
3 Client installs and processes
YANG models
YANG
Data Model
1
YANG
Data Model
3
4 Client sends operation request
Using YANG-based XML data
5 Router understands YANG-based
XML data & is configured
accordingly
2 <get-schema>
<edit-config>4
Candidate Running5 6 Client-router interaction continues
Until network configured as desired
54. Заключение
ASR 9000 под управлением операционной системы IOS-XR поддерживает
широкий набор SDN протоколов: BGP LS, PCEP, Netconf /YANG, OpenFlow,
Restconf/XML
В IOS-XR 6.X и выше этот функционал еще более расшириться, вплоть до
хостинга сетевых приложений
Благодаря активному участию Cisco в разработке как своих платформ
оркестрации и контроллеров, так и со свободным исходным кодом, внедряя
ASR 9000 наши клиенты получают отлаженное решение для инфраструктуры
программируемой сети
54