Principal Engineer, GSSO - Cisco Live

Advanced Performance Management – SDN ++

Michael Geller – Principal Engineer, GSSO

BRKNMS-3043

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKNMS-3043

• Introduction

• IP SLA & Performance Use Cases

• IP SLA – Technical Deep Dive

• Performance Use Cases - SDN

• Conclusion

• Q and A

Agenda


My Personal & Professional Life

• 21 Years in Cisco

• Distinguished Speaker

• Principal Engineer – Security

• Other Cisco Live Session: BRKNMS-3043

• Focus on Cloud and Service Providers for Security

• Areas of focus: MSSP, SDN/NFV, SecOPS

• 2 kids, 1 wife

5BRKSEC-2602


Rules of the Game!

• Silence your phone, pda, pager, mp3 player…

• At CiscoLive! your evaluation is extremely important

• Please remember to wear your badge at all times

• Please visit the World of Solutions

• PLEASE! Ask questions any time

BRKNMS-3043 6


Meet the Engineer

• To make the most of your time at Networkers at Cisco Live 2018, schedule a Face-to-Face Meeting with top Cisco Engineers.

• Designed to provide a "big picture" perspective as well as "in-depth" technology discussions, these face-to-face meetings will provide fascinating dialogue and a wealth of valuable insights and ideas.

• Visit the Meeting Center reception desk located in the Meeting Centre in World of Solutions.

BRKNMS-3043 7


Prerequisites

• Before attending this session, familiarities with Cisco IOS® IP Service Level Agreements (IP SLAs) is essential

• Configuration and generic features will be briefly reviewed

• Only new or advanced topics, as well as design recommendations will be covered

• Some familiarity with Virtualization, SDN and NfV

BRKNMS-3043 8

IP SLA & Performance Use Cases

www.cisco.com/go/ipsla

http://www.cisco.com/go/ipsla


IP SLA “Moving Parts”

IPSLAs

Sender

IPSLAs

Responder

IP Host

Management

(optional)

Router

Targets

- ‘IPSLA Operation’ between

Source and Target

- Target can be another router,

switch or IP Host.

IPSLA- Operation

BRKNMS-3043 10


Cisco IOS IP SLA In A Nutshell

Simple and easy to deploy

- Embedded in Cisco IOS- CLI and SNMP access

Wide Range Coverage

- Multiple protocols - Multiple applications- Multiple operations

Scalable and Performance

- Platform proliferation- Millisecond precision - Microsecond granularity

Build-in intelligence & Flexibility

- Scheduling and reporting- Auto discovery and intelligence- QoS Integration

Customer proven Success

11


Cisco IP SLA’s - The Big Picture

End-to-End Automated Network Health Monitor for IOS, IOS-XR, and Linux

TCP/IP, VoIP, Metro-E, and MPLS Networks

Engine 3

(15.1(1)T)

• VoIP, TCP/IP and Application Operations

• TCP/UDP/ICMP, RTP, HTTP, DNS, G.711, G.729, FTP, DHCP, MoS/ICPIF, Call Setup, Gatekeeper

• IPv6 support on UDP Jitter/Echo, ICMP Echo, TCP Connect)

• TWAMP Responder

• Video Operations

• MPLS OAMOperations

• LSP Health Monitor(Ping and Echo)

• Equal Cost Multi-Path (ECMP) Tree Trace

• LSP for PWE3’s via VCCV Operation

• Metro-Ethernet Operations

• Metro-E 802.1ag Ethernet Ping and Jitter

• MEP VLAN Auto-Discovery and Auto-Scheduling

• Y.1731 is coming soon

IOS Feature Integration

Reliable Static Routing Backup (EoT + IP SLA’s)

PfR(OER) IP core routing w/automated alternate route test via IP SLA’s

EEM Triggers via Syslog MIB

•Intelligent and Flexible Core Values

Dynamic Operations w/Multiple & Random Schedulers

Proactive Threshold Monitoring & Alerts via SNMP

Multiple Reactions per ThresholdThreshold on Single Measurements plus Aggregate and Trend Results for Collection

Endpoint Auto-Discoveryand Auto-Registration

QoS integration

BRKNMS-3043 12


Uses Cases

BRKNMS-3043 13


Use Cases

BRKNMS-3043 14


Monitoring Availability

• IP SLA ICMP Echo Operation

– similar to ICMP Ping

– destination can be any IP host

• IP SLA Path Echo Operation

– Discover hops in path using trace route

– Per hop round trip time

– IP SLA responder not required at hops or destination

• IP SLA UDP Echo Operation

– Round Trip Time

– destination must be Cisco IOS device with IP SLA responder enabled

• IP SLA TCP Connect Operation

– TCP connect time

– Useful in estimating Telnet, SSH, SQL connection time.

BRKNMS-3043 15


Monitoring VOIP

• IP SLA UDP Jitter Operation– Round Trip Time, One way Delay, Cisco SD and DS Jitter, Inter-arrival (RFC 3750) Jitter, Packet Loss, Out

of Sequence Packets, G.107 MOS, G.113 ICPIF

– destination must be Cisco IOS device with IP SLA responder enabled

– supports g729a, g711aLaw and g711ulaw codec simulation

• IP SLA ICMP Jitter Operation– Round trip time, one way delay, Cisco SD and DS jitter, inter-arrival jitter, packet loss

– destination can be any host which supports full ICMP

• IP SLA Post Dial Delay and Gatekeeper registration delay operation

• IP SLA RTP Operation; requires DSP and TDM card on source

BRKNMS-3043 16


Use Cases

BRKNMS-3043 17


Use Cases

BRKNMS-3043 18


Use Cases

BRKNMS-3043 19

IP SLA Technical Deep Dive


IPSLA software architecture

OS

Infra

(Timer,

Queues

…)

QOS

IPSLA Infrastructure (Event Processor, operations store, statistics, reaction)

Ethernet

(Echo/

Jitter)

Various Layer 3-4 services (TCP, SCTP, IP routing, IP, …)

Layer 2 services

CFM

IPSLA-

End

Point

Disc

BGP

Next Hop

/

ECMP

Path

Disc

ICMP

(Echo/

jitter)UDP

(Echo/

Jitter)

TCP HTTP

DNS/

FTP/

DHCP

VOIP

(RTP/

POST-DIAL/

GK Registration)MPLS

(LSP Ping/

LSP Trace/

LSP Group)

Symphony

IPSLA RTP

Application

IP Registry/domain.cMPLS OAM Infra

Vlan

Disc

CFM

IPSLA Infrastrcuture (Component)

IPSLA OLD CLI/MIBIPSLA APIOperation

Generation

Auto IPSLAs CLI/MIB

IPSLA Group Scheduler

Group

Group/Template

IPSLA Infrastructure (Component/Oper)

BRKNMS-3043 21


Cisco IOS IP SLAs Source and Responder

• Source Router•Cisco IOS Software router that sends data from operation

•Cisco IOS Software may or may not be the target

•Some operations require the target to run the IP SLAs responder

•Stores results in MIB

• Responder•Responds to IP SLAs packets at destination

•User defined UDP/TCP ports

•IP SLAs Control Protocol

•MD 5 Authentication

•Accurate measurements

BRKNMS-3043 22


ICMP Echo

• SLA icmp echo is the same as ping.

• Normally, if ping works then IP SLA icmp echo should work

• One packet sent, reports success and round trip time delay

• For icmp-echo in vrf, consider if vrf ping works

• Adjust the threshold and frequency based on the network

ICMP Echo Probe

DestinationSource

BRKNMS-3043 23


icmp echo configuration

ip sla 1

icmp-echo 172.16.17.51

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 20.20.10.2

vrf vrf1

Ip sla schedule 2 life forever start-time now

BRKNMS-3043 24


SLA Sender SLA Responder

Control Message Ask Receiver to Open Port

2020 on UDP

Responder Says OK

Sending Test Packets…

Start

Listening on

UDP Port

2020

UDP, 2020

Done: Stop Listening

Control

Phase

Probing

Phase

IP SLA-Control

IP SLA-probe packets

UDP, 1967

Responder socket is timer based and will

know when to stop listening

25SLA Operation with Responder

BRKNMS-3043 25


TCP Connect Operation

• TCP Connect Operation measures the time taken by the source to perform a TCP connect to the destination device

• Target can be normal host or IP SLA responder

• Useful in simulating Telnet, SSH, SQL, connection time

BRKNMS-3043 26


TCP Connect Operation (Measurement)

Destination

T1

T2

SYN

SYN/ACK

ACK

FIN

The measured connecting time is the

difference between sending the initial SYN and receiving the ACK,

in this case = T2-T1

Source

BRKNMS-3043 27


ip sla 5

tcp-connect 101.101.101.1 80 control disable

ip sla schedule 5 life 60 start-time now

TCP Connect Operation (Example)

If the target host is not running IP SLA,

disable the Control Protocol (optional).

Default: enabled

Connects to TCP Connection to 10.52.132.68 on port 80

BRKNMS-3043 28


TCP Connect Operation (Output)

slaIOU548#sh ip sla stat 5

IPSLAs Latest Operation Statistics

IPSLA operation id: 5

Latest RTT: 2072 milliseconds

Latest operation start time: 22:42:24 PST Sun Jul 24 2011

Latest operation return code: OK

Number of successes: 1

Number of failures: 0

Operation time to live: 0

slaIOU548#

BRKNMS-3043 29


Time Synchronization

To measure One Way statistics between Source and Target devices, using the UDP Jitter Operation, Cisco IP SLAs responder need to be enabled, and it must be time synchronized between Source and Target devices

The time on the Source and Target devices has to be synchronized. The smallest drift in clock synchronization will cause latency measurements in one direction to be smaller than expected, while in the other direction the latency will be measured larger than expected

BRKNMS-3043 30


T2

UDP Echo Operation (With IPSLA Responder)

We have no control of queuing delay on the source and destination, but this is experienced by real traffic too, and must be accounted as such

T5

T4

T3

Processing Delay on the Source: Tps = T5-T4

Processing Delay on the Destination: Tpd = T3-T2

Round Trip Time Delay: T = […] = T2 - T1 + T4 - T3

SenderResponder

T1

BRKNMS-3043 31


UDP Voice Jitter Operation

• Simulating G.711 VoIP call

• Use RTP/UDP ports 16384 and above, the packet size is 172 bytes (160 bytes of payload, 12 bytes for RTP header)

• Packets are sent every 20 milliseconds (interval)

• Marked with DSCP value of 8 (TOS equivalent 0x20)

• Runs every minute (frequency)

ip sla 6

udp-jitter 1.1.1.2 5556

num-packets 1000

request-data-size 172

tos 32


A

B CA = 20 ms

B = 20 s (1000 x 20 ms)

C = 40 s (60 s – 20 s)

BRKNMS-3043 32


HTTP Operation

• Measures HTTP server responsiveness: DNSrequest, TCP connection, time to first byte, HTTP transaction time

• SLA Responder cannot be used, instead need a http server on the destination

• Supports GET requests and custom RAW requests:

• GET request—SLA will format the request based on the URL specified

• RAW—One must specify the entire content of the HTTP request; this gives ultimate flexibility for user to control fields such as authentication

BRKNMS-3043 34


HTTP Operation (Measurement)

DNS REQ

DNS ANS

SYN

SYN/ACK

ACK

GET /…

<HTML>…

…</HTML>

FIN

FIN/ACK

ACK

DNS Server

HTTP Server

IP SLA

Time to

First Byte

TCP RTT

DNS RTT

HTTP RTT

BRKNMS-3043 35


HTTP Operation (GET Example)

• www.cisco.com

ip sla 50

http get http://www.cisco.com/go/ipsla


Options:

cache Enable or Disable download of cached HTTP page

name-server Name Server

proxy Proxy information

source-ipaddr Source Address

source-port Source Port

version Version Number

Simple GET Request to Server

BRKNMS-3043 36


Router#sh ip sla stat 50

Round Trip Time (RTT) for Index 50

Latest RTT: 193 ms

Latest operation return code: OK

Latest operation start time: *18:32:08.279 PST Tue Jun 10 2011

Latest DNS RTT: 4 ms

Latest TCP Connection RTT: 8 ms

Latest HTTP Transaction RTT: 181 ms



Operation time to live: 3593 sec

HTTP Operation (Output)

Total = DNS RTT + TCP RTT + HTTP RTT

BRKNMS-3043 37


IPSLA Video Operation

Is my network

ready for 100 HD

Desktop Cameras,

30 IPVSC and a

new Telepresence

room?

Switch A

Router BRouter C

Switch D

• Convenient for pre-deployment assessment, pre-event testing and post-event troubleshooting.

• More bandwidth needed? Deploy PfR?

• QoS needed?

• Fully integrated with IPSLA control and scheduling framework

• Extension to current IPSLA CLI and MIB interface to allow easy integration with NMS products

BRKNMS-3043 38


Advanced IP SLA Features

• Advanced probes like VoIP Probes using DSP, Ethernet probes

• Auto IP SLA

• Thresholds and Reaction Configurations

• IP SLA integration with EEM

BRKNMS-3043 39


Typical SLA Requirements

Traffic TypeMaximum

Packet Loss

Maximum

One-Way

Latency

Max. Jitter

VoIP (land line quality)

1 % 120 ms 30 ms

Video-

conferencing1 % 200 ms 50 ms

Streaming

video

(one way video)

2 % 5 sN/A

(assuming the receive

buffer is large enough)

BRKNMS-3043 40


Debugging Commands & Steps

Available DEBUG commands:

ipsladev3750e-3#debug ip sla trace

ipsladev3750e-3#debug ip sla error

Sender debug

• This will show both IP SLA debug and platform debug.

• Basic familiarity with IP SLA debug is expected

ipsladev3750e-3#debug ip sla trace 0

ipsladev3750e-3#debug ip slaerror 0

Responder Debug

BRKNMS-3043 41


Cisco IOS IPSLA Uses and Metrics

Data

TrafficVoIP

Service Level

AgreementAvailability

Streaming

Video

Re

qu

irem

en

t

Minimize packet

loss

Maximize

bandwidth

Verify Quality of

Service (QoS)

Minimize delay,

packet loss, jitter

Measure delay,

packet loss, jitter

One-way

Connectivity

testing

Minimize delay,

packet loss

IPS

LA

s

Me

as

ure

me

nt

Packet loss

Latency

per QoS

Jitter

Packet loss

Latency

MOS Voice

Quality Score

Jitter

Packet loss

Latency

One-way

Enhanced

accuracy

NTP

Connectivity

tests to IP

devices

Jitter

Packet loss

Latency

BRKNMS-3043 42

Navigating and Operating the IP SLA CLI


IP SLA CLI Interface

sla3745-3(config)#ip sla 1

sla3745-3(config-ip-sla)#udp-jitter 10.52.130.68 16384

sla3745-3(config-ip-sla-jitter)#tos 0x20

sla3745-3(config-ip-sla-jitter)#frequency 60

sla3745-3(config-ip-sla-jitter)#request-data-size 172

sla3745-3(config-ip-sla-jitter)#exit

sla3745-3(config)#ip sla reaction-config 1

react jitterAvg

threshold-type immediate

threshold-value 16 4

action-type trapOnly

sla3745-2(config)#ip sla schedule 1 start now life

forever

Schedule

Specify reaction

Create

operation

Operation type

BRKNMS-3043 44


Display configuration

sla3745-3#show ip sla conf 11

IP SLAs, Infrastructure Engine-II.

Entry number: 11

Owner:

Tag:

Type of operation to perform: udp-jitter

Target address/Source address: 10.52.130.68/0.0.0.0

Target port/Source port: 16384/0

Request size (ARR data portion): 172

Operation timeout (milliseconds): 5000

Packet Interval (milliseconds)/Number of packets: 20/1000

Type Of Service parameters: 0x20

Verify data: No

Vrf Name:

Control Packets: enabled

BRKNMS-3043 45


Display configuration (contd.)

Schedule:

Operation frequency (seconds): 60 (not considered if

randomly scheduled)

Next Scheduled Start Time: Start Time already passed

Group Scheduled : FALSE

Randomly Scheduled : FALSE

Life (seconds): Forever

Entry Ageout (seconds): never

Recurring (Starting Everyday): FALSE

Status of entry (SNMP RowStatus): Active

Threshold (milliseconds): 5000

Distribution Statistics:

Number of statistic hours kept: 2

Number of statistic distribution buckets kept: 1

Statistic distribution interval (milliseconds): 20

Enhanced History:

sla3745-3#

BRKNMS-3043 46


Display reaction configuration

sla3745-3#show ip sla reaction-config 11

Entry number: 11

Index: 1

Reaction: jitterAvg

Threshold Type: Immediate

Rising (milliseconds): 20

Falling (milliseconds): 20

Threshold CountX: 5

Threshold CountY: 5

Action Type: Trap only

sla3745-3#

BRKNMS-3043 47


Display Statisticssla3745-3#show ip sla statistics 11 details


Latest RTT: NoConnection/Busy/Timeout

Latest operation start time: 14:34:20.771 PDT Wed Aug 3 2005

Latest operation return code: No connection

Over thresholds occurred: FALSE

RTT Values:

Number Of RTT: 0 RTT Min/Avg/Max: 0/0/0 milliseconds

Latency one-way time:

Number of Latency one-way Samples: 0

Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds

Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds

Source to Destination Latency one way Sum/Sum2: 0/0

Destination to Source Latency one way Sum/Sum2: 0/0

Jitter Time:

Number of Jitter Samples: 0

Source to Destination Jitter Min/Avg/Max: 0/0/0 milliseconds

Destination to Source Jitter Min/Avg/Max: 0/0/0 milliseconds

Source to destination positive jitter Min/Avg/Max: 0/0/0 milliseconds

Source to destination positive jitter Number/Sum/Sum2: 0/0/0

Source to destination negative jitter Min/Avg/Max: 0/0/0 milliseconds

Source to destination negative jitter Number/Sum/Sum2: 0/0/0

Destination to Source positive jitter Min/Avg/Max: 0/0/0 milliseconds

Destination to Source positive jitter Number/Sum/Sum2: 0/0/0

Destination to Source negative jitter Min/Avg/Max: 0/0/0 milliseconds

Destination to Source negative jitter Number/Sum/Sum2: 0/0/0

Interarrival jitterout: 0 Interarrival jitterin: 0

(Cont…)


Display Statistics (contd.)

Packet Loss Values:

Loss Source to Destination: 0 Loss Destination to Source: 0

Out Of Sequence: 0 Tail Drop: 0 Packet Late Arrival: 0

Voice Score Values:

Calculated Planning Impairment Factor (ICPIF): 0

Mean Opinion Score (MOS): 0



Operation time to live: Forever

Operational state of entry: Active

Last time this entry was reset: Never

sla3745-3#

BRKNMS-3043 49


Display aggregated statisticssla3745-3#show ip sla statistics agg 11 details


Start Time Index: 14:15:35.919 PDT Wed Aug 3 2005

Type of operation: udp-jitter

Voice Scores:

MinOfICPIF: 0 MaxOfICPIF: 0 MinOfMOS: 0 MaxOfMOS: 0

RTT Values:

Number Of RTT: 0 RTT Min/Avg/Max: 0/0/0 milliseconds

Latency one-way time:

Number of Latency one-way Samples: 0

Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds

Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds

Source to Destination Latency one way Sum/Sum2: 0/0

Destination to Source Latency one way Sum/Sum2: 0/0

Jitter Time:

Number of Jitter Samples: 0

Source to Destination Jitter Min/Avg/Max: 0/0/0 milliseconds

Destination to Source Jitter Min/Avg/Max: 0/0/0 milliseconds

Source to destination positive jitter Min/Avg/Max: 0/0/0 milliseconds

Source to destination positive jitter Number/Sum/Sum2: 0/0/0

Source to destination negative jitter Min/Avg/Max: 0/0/0 milliseconds

Source to destination negative jitter Number/Sum/Sum2: 0/0/0

Destination to Source positive jitter Min/Avg/Max: 0/0/0 milliseconds

Destination to Source positive jitter Number/Sum/Sum2: 0/0/0

Destination to Source negative jitter Min/Avg/Max: 0/0/0 milliseconds

Destination to Source negative jitter Number/Sum/Sum2: 0/0/0

Interarrival jitterout: 0 Interarrival jitterin: 0

BRKNMS-3043 50


Display aggregated statistics (contd.)

Packet Loss Values:

Loss Source to Destination: 0 Loss Destination to Source: 0

Out Of Sequence: 0 Tail Drop: 0 Packet Late Arrival: 0



Failed Operations due to over threshold: 0

Failed Operations due to Disconnect/TimeOut/Busy/No Connection: 0/0/0/52

Failed Operations due to Internal/Sequence/Verify Error: 0/0/0

Distribution Statistics:

Bucket Range: 0-19 ms

Avg. Latency: 0 ms

Percent of Total Completions for this Range: 0 %

Number of Completions/Sum of Latency: 0/0

Sum of RTT squared low 32 Bits/Sum of RTT squared high 32 Bits: 0/0

Operations completed over thresholds: 0

sla3745-3#

BRKNMS-3043 51


Auto IPSLAs

ip sla auto template udp-jitter coke

tos 30

parameters

request-data-size 40

threshold 55000

ip sla auto destination coke

ip-address 1.1.1.1,2.2.2.2,3.3.3.3 port 5000

ip sla auto schedule coke

start-time now

ip sla auto group coke

description Group for Customer Coke

destination template coke

template udp-jitter coke

schedule coke

ip sla auto register 1.1.1.2 group-name coke client-id CustomerCoke

BRKNMS-3043 52

Performance Use Cases –SDN Deployments

Performance Management for SD-WAN With PfR


Intelligent WAN Deployment Models

Dual MPLS

Internet

Highest SLA guarantees

– Tightly coupled to SP

ẋ Expensive

Public

MPLS

Branch

MPLS

More BW for key applications

Balanced SLA guarantees

– Moderately priced

PublicEnterprise

Branch

MPLS+

Internet

Consistent VPN Overlay Enables Security Across Transition

Best price/performance

Most SP flexibility

– Enterprise responsible for SLAs

Internet

Branch

Enterprise Public

Hybrid Dual Internet

BRKNMS-3043 55


Intelligent WAN: Leveraging the InternetSecure WAN Transport and Internet Access

Branch

PrivateCloud

VirtualPrivateCloud

PublicCloud

MPLS (IP-VPN)

Internet



Optimized

Secure Transport

Branch

PrivateCloud

VirtualPrivateCloud

PublicCloud

1. IWAN Secure transport for private and virtual private cloud access

Increase WAN transport capacity and app performance cost effectively!

MPLS (IP-VPN)

Internet



Optimized

Secure Transport

Branch

Direct

Internet

Access

PrivateCloud

VirtualPrivateCloud

PublicCloud

1. IWAN Secure transport for private and virtual private cloud access

2. Leverage local Internet path for public cloud and Internet access

Increase WAN transport capacity and app performance cost effectively!

Improve application performance (right flows to right places)

MPLS (IP-VPN)

Internet


Intelligent WAN Solution Components

MPLS

Branch

3G/4G-LTE

AVC

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloudWAAS PfR

Application Optimization

• Application visibility with

performance monitoring

• Application acceleration

and bandwidth

optimization

Secure Connectivity

• Certified strong encryption

• Cloud Managed Security for

secure direct Internet access

• Comprehensive threat

defense

Intelligent Path Control

• Dynamic Application best

path based on policy

• Load balancing for full

utilization of bandwidth

• Improved availability

TransportIndependent

• Consistent operational model

• Simple provider migrations

• Scalable and modular design

• IPsec routing overlay design

Control & Management with Automation

BRKNMS-3043 59


PfRv3 – How it Works

Path Enforcement

Define path optimization

policies on the Hub MC

load balancing,

path preference, application

metrics

DSCP Based Policies

Application Based Policies

Traffic flowing through the

Border Routers (BRs) that

match a policy are learned

Traffic Classes

Unified Performance

Monitor

Report the measured TC

performance metrics to

the Master Controller for

policy compliance

Unified Performance

Monitor

Master Controller directs

BR path changes to keep

traffic within policy

Route Enforcement

module in feature path

MeasurementLearn the TrafficDefine your Traffic Policy

ISR G2

ASR1K MC

BR BR

MC

BR BR

Performance

MeasurementsMC

BR BR

Learning

Active TCs

Traffic

Classes

TC Path

BRKNMS-3043 60


MPLS

PrivateDC

Internet

CloudServices

(Internet)

.1

.2

.2

.2.2

.2

10.10.4.0.0/24

.2

.1

.1

.2

.2

ENCS4

vEdge

.1

192.168.10.0/24

64.100.1.64/29

PublicCloud

AS

A

.1

.1

.1 .1

.1

.1

.1

ESX1

RWVision

SWFCSMCVMS Control

Plane Services

VMSCP

170.1.1.0/24

.1

.1

.2

ASAv

Qradar

FMC

.6

.1

.1

.2

Mgmt.104

Portal.34

.10

.11

.12

.13 .14

DNS

.73CIMC

CSP1

ENCS5

Mgmt.105

vSmart vBond

.74Mgmt

192.168.200.0/24

.90

RWDPVA

Serv

ices

-17

2.26

.50.

0/24

.15 .17

.36

.91

ISRv .2 .1 vEdge

.1

.1ENCS1

192.168.120.0/24

ISRv .2 .1 vEdge

.1 .1ENCS2

.1

172.16.130.0/24

ISRv .2 .1 vEdge

.1

.1

ENCS3

.101

.102

.103 vEdge

.95

CIMC.204

CIMC.205

.201

.202

.203

CIMC.78

.75CIMC

.72Mgmt

.2

.1

64.1.10.0/24

.1

Services – 172.26.50.0/24

CSP2

vManage

vSmart vBond

.79Mgmt .

.26

.27

.80CIMC

ASAv

.40

.41

NGFWv

ASR 9001

SD-WAN Services 9.9.9.0/24

.15 .17

VLAN 1

VLAN 9

.25

.26

.27

.1

.25

172.16.10.0/24

NGFWv

v100 v170

v200v170

v110

.2.254

HA Portal.35

Lab Services 172.26.2.0/23

NTP

.3.254

.2

.2

Mgmt

CIMC

Mgmt

CIMC

Mgmt

CIMC

.143

.142

.131

.141

.132

.133

.2.3 .3

192.168.251.0/24

.1

WWW

.18

Branch BTenant 1

Branch ATenant 1

Branch CTenant 2

Mobile UserTenant 1

192.168.252.0/24

172.16.253.0/24 192.168.151.0/24

.2.3

.2

.2

172.16.151.0/24

.2.5

DNS

.1

.2170.31..2.0/24

RWDPVA

.251

192.168.150.0/24 172.16.150.0/24.2.2

.3 .3

VMS Internal

.171-.173

192.168.110.0/24

.101

TC

.200

L4-7PC

.100

.101

TC

.200

L4-7PC

.100

.101

TC

.200

L4-7PC

.100

.200-240

.101TC

L4-7

PC .100

Cloud Layer 3 Switch

Private DC Tenant 1Layer 3 Switch

.101TC

L4-7

PC.100

.200-240

.6.5 .5

Tenant 1

(NGFW1)

.20. Branch A/B

LAN

.23 Public Cloud

.24. Private DC

.25 Anyconnect

Tenant 2

(NGFW2)

.30. Branch C

LAN

64.1.10.x PATAddresses

SDN Based VPN – SD-WAN

BRKNMS-3043 61


WAN

Client

WSAv

AMP

Client

vEdge

Internet

Web

Serve

r

PublicCloud

PrivateDC

Web

Serve

r

Web

Serve

r

ISRvUmbrell

a

vEdge

ASAv

NGFWv

AMP

Internet1

3

2

5

6 6

4

6

Consolidated View of Service Chains


WAN

Client

WSAv

AMP

Client

vEdge

Internet

Web

Serve

r

PublicCloud

PrivateDC

Web

Serve

r

Web

Serve

r

ISRvUmbrell

a

vEdge

ASAv

NGFWv

AMP

Internet1

3

2

5

6 6

4

Client

AnyConne

ct

Umbrella

VPN

AMP

1

2

5

3

4

5

56



WAN

Client

WSAv

AMP

Client

vEdge

Internet

Web

Serve

r

PublicCloud

PrivateDC

Web

Serve

r

Web

Serve

r

ISRvUmbrell

a

vEdge

ASAv

NGFWv

AMP

Internet1

Radware

1

2

3

44

3

2

5

6 6

4

Client

AnyConne

ct

Umbrella

VPN

AMP

1

2

5

3

4

5

56



WAN

Client

WSAv

AMP

Client

vEdge

Internet

Web

Serve

r

PublicCloud

PrivateDC

Web

Serve

r

Web

Serve

r

ISRvUmbrell

a

vEdge

ASAv

NGFWv

AMP

Internet1

Radware

1

2

3

44

3

2

5

6 6

4

Client

AnyConne

ct

Umbrella

VPN

AMP

1

2

5

3

4

5

56

Client

ISRvUmbrell

a

vEdge

1

2

3 4


Performance Apps On The SDN Controller


SDN Controller Visibility Application

BRKNMS-3043 67


SDN Controller: QoS Management Application

BRKNMS-3043 68


SP Transformation

Network Abstraction

Transport Optimization

Service Abstraction

Network Simplification


SP Transformation

Network Abstraction


Service Abstraction


Segment Routing



SP Transformation

Network Abstraction


Service Abstraction

XTC



Segment Routing



SP Transformation

Network Abstraction

WAE

Network Abstraction


Service Abstraction

XTC



Segment Routing



SP Transformation

Network Abstraction

WAE

Network Abstraction


Service Abstraction

NSO

Service Abstraction

XTC



Segment Routing



WAN Automation Engine (WAE)

• Multi-layer, multi-vendor network model for path visibility and path computation

• APIs for planning, optimization, forecasting and traffic engineering

• WAE is NOT a controller – but leverages controllers

WAE Network ModelBRKNMS-3043 74


WAE 7 Platform: Key Building Blocks

COLLECT

MODEL

MANAGER

OPM

DEPLOY

NIMO

DESIGN

Collection

• SNMP

• Netflow

• BGP-LS (XTC)

• Telemetry

Deploy

• NSO Device Mgr

• PCEP (XTC)

• Controller plug-in

Optimization and PredictionWAE Design is a core ”app”

BRKNMS-3043 75


An Integrated Solution !!!

WAE

XTC NSO (NEDs)

SNMP NetFlowCLINETCONF/

YANGCLIBGP-LS PCEP

NSO “Service Abstraction” Service models & orchestration

“Network Abstraction”Path computation, Network model

“Device Abstraction”Controllers, Protocols, NED’s

“Protocols”South-bound network protocols

“Network”Equipment and Devices

Segment

Routing

BRKNMS-3043 76


Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKNMS-3043


• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.

Complete Your Online Session Evaluation

http://ciscolive.com/Online

http://www.ciscolive.com/global/on-demand-library/


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Tech Circle

• Meet the Engineer 1:1 meetings

• Related sessions

80BRKNMS-3043

Thank you

Principal Engineer, GSSO - Cisco Live

Documents

Transcript of Principal Engineer, GSSO - Cisco Live