More Related Content Similar to PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju urządzeń - Network Services Orchestration, Krzysztof Konkowski (20) PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju urządzeń - Network Services Orchestration, Krzysztof Konkowski2. 2© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Operational Complexity Barrier
Why?
Traffic
Time
Operational
Complexity
Feature
Complexity
Time Time
• Manual and error-prone processes
• Multi-vendor networks with stove-pipe solutions
• Closed OSS solutions result in vendor lock-in
3. 3© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Today’s Service Fulfillment Solutions
Service Activation
Order
Management
Inventory BSS/OSS
Ad-hoc
Network Integration
• Complexity barrier from handling failure
scenarios (“software crisis”)
• Stovepipe adaptors
• Scripting
• No portability
• No standardization
4. 4© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Programmability Issues
• Manual, per-device configuration
• Slow and error prone
• Lack of well defined network API
Order
Manageme
nt
Service
Activation
Inventory
5. 5© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Programmability Issues
• Many sources of configuration
• Change driven by individual network
engineers
• 60-90% valid data
Order
Managem
ent
Service
Activation
Inventory
6. 6© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Tail-f At-a-Glance
Swedish Company
§ Privately held
§ Founded in 2005
§ Offices in Stockholm, Sweden and Santa Clara, CA USA
64 employees and >80 customers world-wide
§ 7 of the 10 largest network equipment providers (NEPs)
§ Multiple Tier-1 Service Provider deployments
Software product company
§ NCS – Network Control System
§ ConfD – On-device software, OEM to NEPs
Target markets
§ Communication Service Providers
§ Managed Network & Cloud Providers
§ Enterprises with Large Data Centers
§ Network Equipment Providers
• Transaction Details: Under the terms of the agreement, Cisco has
acquired all shares of Tail-f.
Sp Customers
Tail-f is a leading provider of multi-vendor network
service orchestration solutions for traditional and
virtualized networks.
NEPs
Standards Bodies
7. 7© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco NSO (Network Service Orchestrator)
Virtual Infrastructure
Reference and Demo Architecture
vASAvCSR
Network Services Orchestrator
Orchestrated
Assurance
VNF Manager
Virtualized
Infrastructure
Manager
Cisco ESC
Open Stack
Physical Infrastructure
o Open vSwitch
o Cisco VTS/VPP
Orchestrated
Fulfillment
NFV
Orchestration
Cisco PPM/SME
Active Probes Service Chaining
Performance Monitoring
Activation test + SLA Monitoring
ASR9K
ALU 7750
Juniper MX
F5
ZenOSS
Service Impact
8. 8© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NSO Overview, Zoom 1
• Multi-vendor service-layer SDN controller for
data centers and service providers
• Supports both traditional L2-L7 networking,
virtual devices, and OpenFlow through single
API and single UI
• Single pane of glass for multi-vendor SDN
NETCONF, REST,
Java, WS, Scripts
CLI, WebUI
Network
Engineer
Management
Applications
NSO
9. 9© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NSO Overview, Zoom 1
• Keep accurate copy of network configuration
state in NSO
• Make sure it is synchronized with the network at
all times
• Provide transactional integrity from NSO to the
network to ensure fail-safe operations (“atomic
changes-sets”)
NETCONF, REST,
Java, WS, Scripts
CLI, WebUI
Network
Engineer
Management
Applications
NSO
10. 10© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NSO Overview, Zoom 2
Network
Element
Drivers
OpenFlow Controller
Cluster
Device Manager
Service Manager
OpenFlow
Large Multi-Vendor Networks:
Hardware, Virtual, OpenFlow
NSO
Device
Models
Device
Models
Flowlet
Models
Network-wide CLI, WebUI
Flowlets
Flowlets
Flowlets
Flowlets
NETCONF, CLI, SNMP…
NETCONF, REST, Java
ncs-netsim
Network
Engineer
Management
Applications
Multi-vendor SDN
Transactions
Model-driven
11. 11© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network Services Orchestrator Features
• Logically centralized network services
• Data structure representations of service
and network state
• Data models for data structures
• Mapping service operations to network
state changes
• Transactional integrity
• Multi-vendor & Multi-protocol support
12. 12© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NSO CLI
CLI
Network
Engineer
NSO
• Service-aware
• Network-wide
• Juniper style
• Cisco XR style
• Powertool
• Helps keep the current
domain experts
• Rich editing with tab-
completion for commands,
static elements and dynamic
instances
• History, hints, help
• Extensible with custom/
external commands, wizards
13. 13© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NSO REST
• Relies on verbs of transport
layer:
• HTTP 1.1
• GET : get resources
• PUT : replace existing resource
• POST : create resource
• DELETE : delete resource
• PATCH (RFC5789) : modify existing
resource
• HEAD, OPTIONS
• Stateless, client-server
• Hyperlinked, just like the web
• XML or JSON as data containers
• Links to available data-stores
and operations
REST
Network
Engineer
NSO
$curl –u admin:admin –s http://localhost:8008/api
• /api/running
• /api/candidate
• /api/operations
• /api/operational
• /api/rollback
14. 14© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NETCONF Interface
• IETF RFC 4741/6241
• Full implementation
• All mandatory and all optional
capabilities
• RFC 4742/6242 NETCONF over SSH
• Streams XML over SSH
• Separates operational data from
configuration
• Distributed transactions
• RFC 5277 NETCONF notifications
• NETCONF partial locking
• Open source Java NETCONF client
• https://github.com/tail-f-systems/JNC
<get-config>
<edit-config>
<delete-config>
<lock>
<unlock>
<get>
<close-session>
<kill-session>
<commit>
<discard-
changes>
:writeable-running
:candidate
:confirmed-commit
:rollback-on-error
:validate
:startup
:URL
:XPath
NETCONF
OPERATIONS
NETCONF
CAPABILITIE
S
NETCONF
NSO
Management
Applications
15. 15© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SNMP Agent
• SNMP Machine interface
• Any combination of v1, v2c, v3
• Supports all SNMP operations
• SNMP Notifications (traps)
• Framework MIBs
• RFC-3411 (SNMP-
FRAMEWORK-MIB)
• RFC-3414 (USM)
• RFC-3415 (VACM)
• RFC-3418 (SNMPv2-MIB)
• MIB to YANG translator
• YANG to MIB translator
• Tail-f Alarm MIB with NCS
alarm manager
instrumentation
SNMP
NSO
Management
Applications
16. 16© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MAAPI
• Java
• JavaScript
• UNIX command line
• To build any northbound client
• Access a not yet committed
transaction
• CDB special upgrade
MAAPI
NSO
Management
Applications
17. 17© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Customer Example: Service Chaining
Load
Balancer DPI
Content
Filtering
Video
Optimization
Firewall
Network Element DriversOpenFlow Controller Cluster
Device Manager
Service Manager
Network Services Orchestrator Flowle
t
Model
s
Service
Models
Network-wide CLI, WebUI
Flowlets
Flowlets
Flowlets
NETCONF, REST, Java
Network
Engineer
Management
Applications
Device
Models
A
B
A
B
Internet
Challenge:
§ Thousands of business
customers
§ Dozens of regional POPs
§ Several data centers
§ Tens of thousands of DC
tenants
Results:
§ Quickly provision L4-L7
security services to VPN
customers
§ Generate new revenues from
new security services
18. 18© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Customer Example: VPN Provisioning
Business Challenge:
Fast delivery of various types of VPNs (L2 and L3) and Carrier
Ethernet 2.0 services for traffic separation in a dynamic,
programmatic way.
Benefits with NSO
• Quickly provision complex VPNs spanning
50,000+ devices from multiple vendors
using network-wide, transaction-safe
features
• Juniper MX series core routers
• Cisco for PE
• Overture, Adtran and ADVA for CE
• Develop new VPN services using CLI
templates of Java
• Support provisioning, updating and
removing VPNs using minimal diffs
• API integration with customer self-service
portal, OSS, and analytics systems
19. 19© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SP WAN/VPN
Evolved Programmable
Network
Physical & Virtual
Network, Compute & Storage SP Core
SP DC
End to End Architecture for Service Management
Evolved Services Platform (ESP)
“Business Intent”
Catalogs,
workflows
Service Catalog
Transport Security
Virtual Private
Cloud
Mobility Video/Content
Managed
Services
Routing/VPN
“Execution”
configuration,
Automation,
provisioning
Orchestration Engine
- DC SDN
- WAN Orchestration & Optimization
Service Broker
- Provision WAN services
- Provision NFV in DC
Virtual Network Functions
- Elastic Services Control
- Service Lifecycle management
Cross Domain Service Design, Orchestration, Assurance & Analytics
CarrierClassReliability
andHighAvailability
End to End Service Management and SLA Guarantees
Activate & Place
Cloud/NFV services
Provision WAN/VPN
Services & SLA
Admit Bandwidth
Optimize WAN
NSO
20. 20© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
21. 21© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential21
22. 22© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential22
23. 23© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential23
24. 24© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential24
25. 25© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential25