Session Presentation - Cisco Live

Questions? Use Cisco Webex Teams to chat with the speaker after the session

Find this session in the Cisco Live Mobile App

Click “Join the Discussion”

Install Webex Teams or go directly to the team space

Enter messages/questions in the team space

How

Webex Teams will be moderated by the speaker until June 16, 2019.

1

2

3

4

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS

Cisco Webex Teams

cs.co/ciscolivebot#

2

BRKSPG-1000

#CLUS

Imran Shahid, Customer Delivery Architect, @imshahid11893BRKSPG-1000

Network Transformation and Essential Skills for Next Generation Network Engineers

#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4Session ID

WINTER IS COMING

Ref: HBO Game of Thrones


What is Gartner Saying

Data Center Operations Automation30% > in YE18 > 60% by 2023

Enterprises with SD-WAN Solution20% > in YE18 60% by 2024

On-premises data centers will close 80% by 202510% in YE18 >

Salary Premium for Automation Skills10% In 4Q18 > 40% by 2023

Gartner – 2018-19 Strategic Roadmap for Networking

Intent-Based Networking Systems15 In 2Q18 > 1000 by 2020

BRKSPG-1000 5


Agenda

• What is Transforming and Why

• Components of Transformation and Related Skills

• Learning Roadmap

• Key Takeaways

BRKSPG-1000 6


Intent to Outcome is a Blitz

Apps are the new Business

Developers are the new Customers

Multicloud is the new Data Center

Data is the new Currency

7


Transformations

Proprietary CLI Programmable Interfaces (REST, YANG)

Purpose Built Physical Devices Virtual Network Functions

Open Systems(x86 based)Closed System

Hybrid/Open SkillsetNetwork Specific Skillset

Microservices ArchitectureMonolithic Architecture

Integrated Service AssuranceDiscrete Service Assurance

Machine Learning and AIHuman Intelligence

BRKSPG-1000 8

Components of Transformation


Components of Transformation

SDx (Software Defined Anything)

Network Programmability

Virtualization of Network Services

Open Systems (Linux)

Au

tom

atio

n a

nd

Orc

he

stra

tion

Life

Cycle

Ma

na

ge

me

nt

BRKSPG-1000 10

SDN Quick Overview


Software Defined NetworkingSDN Definition (ONF): The physical separation of the network control plane

from the forwarding plane, and where a control plane controls several devices.

Control Plane

DataPlane

In SDN, Not All Processing

Happens Inside Device

Control Plane

DataPlane

Openflow

OF Agent

App-1 App-2 Puppet/ChefOpenstack

/NSO

Control Plane - SDN Controller

Northbound API

Device Device Device

Southbound API

Data Plane – Network Devices

Openflow Netconf Opflex

REST

ServerODL, OSC, VTS

APIC, CONTRAIL,

BRKSPG-1000 12


Transport/Multilayer SDNWithin emerging SDN

architectures multi-

layer SDN controllers are

appearing to optimize the

operation of networks

across optical and IP

layers.

The true power of Transport

SDN can only be realized

when the underlying

transport network is fully

programmable at every

layer, from the packet layer

all the way down to the

optical layer.

BRKSPG-1000 13

https://www.sdxcentral.com/sdn/definitions/sdn-controllers/


How to develop your SDX Skills

Books and E-BooksCertifications

Web Links

SDxCentral

Cisco Software Defined Networking

Cisco Service ProviderSDN

SDN Learning Resources

https://www.opennetworking.org/

ACI Training Resources

Cisco Learning Network ACI-training-videos

Cisco ACI Page

300-560 NPDEDeveloping with Cisco Network

Programmability

300-550 NPDESI Cisco Network Programmability Design

and Implementation Specialist

BRKSPG-1000 14

http://www.sdxcentral.com/

https://www.cisco.com/c/en/us/solutions/software-defined-networking/overview.html

https://www.cisco.com/c/en/us/solutions/service-provider/software-defined-networks-sdn-service-providers/index.html

https://www.opennetworking.org/

https://learningnetwork.cisco.com/community/learning_center/aci-training-videos

https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/index.html


How to develop your SDX SkillsCisco Live Sessions SDN

• Introduction to Software-Defined Networking (SDN) and Network Programmability [BRKRST-1014] Jason Davis. [2019 San Diego]

• Build a Software Defined Enterprise with Cisco SD-WAN and Cisco SD-Access - BRKCRS-2818 [2019 San Diego]

• ACI for Network Engineers - BRKACI-1002, Steve Sharman [2018 Melbourne]

• Your first 7 days of ACI - BRKACI-1001, Joseph Ristaino, Carlo Schmidt, [2019 San Diego]

BRKSPG-1000 15

Network Programmability


Intent Is the New Outcome

BRKSPG-1000 17

#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

Gartner – 2018 Strategic Roadmap for Networking

By 2020, only 40% of network operations teams will use the command line interface (CLI) as their primary interface, which is a decrease from 75% in 2Q18.

18


CLI to API

• Familiar Manual, CLI-driven, device-by-device approach is inefficient

• Increased need for programmatic interfaces which allow faster and automated execution of processes and workflows with reduced errors

• Need for programmatically readable data structures

BRKSPG-1000 19


Controller

Data Plane

Applications

Open APIs

OpenFlow,

PCEP,

I2RS,

Netconf

2a Pure SDN

Vendor

Specific

(e.g. Nexus

API)

Applications

Virtual Switch

Overlays

Overlay

Protocols

(e.g. VXLAN)

Open APIs

3 Overlays Networks

Control Plane

Data Plane

Overlays

Vendor-

specific APIs

Applications

1 Programmable APIs

Control Plane

Data Plane

Vendor

Specific

(e.g. Nexus

API)

Controller

Data Plane

Applications

Open APIs

OpenFlow,

PCEP,

I2RS,

Netconf

Control Plane

2b Hybrid SDN

Vendor

Specific

(e.g. Nexus

API)

Control Plane

Data Plane

CLI,

SNMP,

Netflow,

…

Applications(Network Mgmt,

Monitoring, …)

Network Programmability Options

NSO, ESC etc

BRKSPG-1000 20


Device Programmability Options – No Single Answer!

Application Frameworks, Management Systems, Controllers, ...

Forwarding

Control

Network Services

Orchestration

Management

…

…

OpenFlow

OpenFlow

Operating Systems – IOS / NX-OS / IOS-XR

API and Data Models

OpenStack PuppetC/Java

Puppet

Neutron

“Protocols”BGP, PCEP,...

ProtocolsPython NETCONF REST ACI Fabric

OpFlex

RESTful

YANG JSON

BRKSPG-1000 21

Related Concepts and Essential Skills


What is NETCONF?

• NETCONF is an IETF standard (RFC 6241) network management protocol. Provides:

• Distinction between configuration and state data

• Multiple configuration data stores (candidate, running, startup, Files://…)

• In Some cases Running Config may not be writable. (Capability Exchange)

• Configuration change transactions

• Selective data retrieval with filtering

• Event notifications

• Extensible remote procedure call mechanism

Startup Running Candidate Files… / URLs…

NETCONF Data Stores

BRKSPG-1000 23


NETCONF: Protocol Stack

Device API

Netconf (ssh) –secure, reliable connection

(TCP)

Messages: RPC

<get> - operational

<get-config> - data-store

<edit-config> - data-store

Etc..

Config / Operational Data Structured as YANG Model in XML

e.g. </interfaces>

BRKSPG-1000 24


The YANG Language

• Human readable and easy to learn

• Hierarchical configuration data models

• Reusable types and groupings (structured types)

• Extensibility through augmentation

• Formal constraints for configuration validation

• Data modularity through modules and sub-modules

• Well defined versioning rules

A Data Modeling Language for Networking

Why you should care:

YANG is a full, formal contract language with rich syntax and semantics to build applications on

BRKSPG-1000 25


typedef HsrpState {type enumeration {enum "initial" {value "1";

}enum "learn" {value "2";

}enum "listen" {value "3";

}enum "speak" {value "4";

}enum "standby" {value "5";

}enum "active" {value "6";

}}description"The current state of the HSRP protocol for a givenHSRP group entry.";

}

+--rw interfaces

| +--rw interface* [name]

| +--rw name string

| +--rw description? string

| +--rw type identityref

| +--rw enabled? boolean

| +--rw link-up-down-trap-enable? enumeration

+--ro interfaces-state

+--ro interface* [name]

+--ro name string

+--ro type identityref

+--ro admin-status enumeration

+--ro oper-status enumeration

+--ro last-change? yang:date-and-time

+--ro if-index int32

+--ro phys-address? yang:phys-address

+--ro higher-layer-if* interface-state-ref

+--ro lower-layer-if* interface-state-ref

+--ro speed? yang:gauge64

+--ro statistics

+--ro discontinuity-time yang:date-and-time

+--ro in-octets? yang:counter64

+--ro in-unicast-pkts? yang:counter64

+--ro in-broadcast-pkts? yang:counter64

+--ro in-multicast-pkts? yang:counter64

+--ro in-discards? yang:counter32

+--ro in-errors? yang:counter32

+--ro in-unknown-protos? yang:counter32

YANG Example

BRKSPG-1000 26


REST Follows a Familiar Model

HTTP GET

HTML

Describes how data

should be displayed to

please human viewer

HTTP GET

JSON/XML

Describes data in a format

applications can understand

{"ids":[303776224, 19449911, 607032789,

86544242, 2506725913, 17631389],

"next_cursor":0, "next_cursor_str":"0",

"previous_cursor":0, "previous_cursor_str":"0"}

Web Browsing REST API

GET POST PUT DELETE

BRKSPG-1000 27


Git

• Git is much different than your typical revision control systems, such as perforce , RCS, etc.

• Non Git version control systems store information as a list of file-based changes

• Git stores changes as snapshots of a miniature file system

• GitHub is a web-based Gitrepository hosting service

• It is a powerful collaboration, code review and code management hub

• Hosting public projects are free whereas private projects cost money

• Huge repository of open source projects are available at GitHub

BRKSPG-1000 28


Scripting and ProgrammingFROM NETWORK ENGINEER’S POINT OF VIEW

Linux Shell Scripting

Python

HTML/XML/JSON

SCRIPTING

CONFIGS

OUTPUTS/

LOGS

REPOSITORY

TOOLS

BRKSPG-1000 29


CODE

BUILD

TEST

RELEASE

DEPLOY

OPERATE

MONITOR

PLAN

Dev Ops Model From a Network Engineer’s point of view

LOCAL DEVELOPMENT

CENTRAL REPOSITORY

BRKSPG-1000 30


How to develop your Network Programmability SkillsCisco Live Sessions - Programmability

• Coding 1001 - Intro to APIs and REST [DEVNET-1897], Anne Gentle

• Coding 1002 - Getting Started with Python - DEVNET-1893

• Introduction to Catalyst Programmability [BRKCRS-1450] 2019 Barcelona

• Programmability and Automation on Cisco Nexus Platforms [DEVNET-1467]

• DevNet Workshop - Fun with IOS-XE Programmability - DEVWKS-3886

• DevNet Workshop - NetDevOps for Network Peeps - How to get started with APIs and Ansible. - DEVWKS-1002

• From Zero to Network Programmability in 120 minutes – Cisco DNA Center, RESTCONF, NETCONF, Webex Teams [BRKNMS-2935]

BRKSPG-1000 31


How to develop your Network Programmability Skills

Books and E-Books CertificationsWeb Linkshttps://developer.cisco.com/site/devnet/lear

ningLabs/overview.gsp

https://developer.cisco.com/site/devnet/ho

me/index.gsp

http://www.sdnskills.com/learn/devnet01/

https://learningnetworkstore.cisco.com/

Programming for Network

Engineers (PRNE) v1.0

Cisco Network

Programmability Developer

Specialist300-560 NPDEV Developing with

Cisco Network Programmability

BRKSPG-1000 32

https://learningnetworkstore.cisco.com/

http://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/300-560-npdev.html


YANG• Tutorials and documents

• https://www.youtube.com/watch?v=33VBb6N4yOY

• http://www.yang-central.org

• Tools

• Pyang (python) https://code.google.com/p/pyang/

• Commercial YANG browsers – MG-Soft, Segue Soft

• http://rob.sh/post/209 (pyangbind)

• References

• RFC 6020 (YANG) : http://tools.ietf.org/html/rfc6020

• RFC 7223 (Interface Model) http://www.ietf.org/rfc/rfc7223.txt

• https://github.com/YangModels/yang/tree/master/experimental/openconfig(OpenConfig)

• https://github.com/YangModels/yang/tree/master/vendor/cisco (Cisco)

How to develop your Network Programmability Skill continued….

NETCONF

• Tutorials:

• https://www.youtube.com/watch?v=Vr4kB1_6fLQ

• https://www.youtube.com/watch?v=xoPZO1N-x38

• http://www.netconfcentral.org/

• Tools:

• Ncclient: https://github.com/leopoul/ncclient/

• Confd Netconf-console: http://www.tail-f.com/management-agent/

• References

• RFC 6241 https://tools.ietf.org/html/rfc6241

• RFC 6242 https://tools.ietf.org/html/rfc6242

BRKSPG-1000 33

https://www.youtube.com/watch?v=33VBb6N4yOY

http://www.yang-central.org/twiki/bin/view/Main/YangTutorials

https://code.google.com/p/pyang/

http://rob.sh/post/209

http://tools.ietf.org/html/rfc6020

http://www.ietf.org/rfc/rfc7223.txt

https://github.com/YangModels/yang/tree/master/experimental/openconfig

https://github.com/YangModels/yang/tree/master/vendor/cisco

https://www.youtube.com/watch?v=Vr4kB1_6fLQ

https://www.youtube.com/watch?v=xoPZO1N-x38

http://www.netconfcentral.org/

https://github.com/leopoul/ncclient/

http://www.tail-f.com/management-agent/

https://tools.ietf.org/html/rfc6241

https://tools.ietf.org/html/rfc6242


Additional Resources

PYTHON

• Google Python Class

https://developers.google.com/edu/python/

• Codecademy Python Class

http://www.codecademy.com/en/tracks/pytho

n

• LearnPython.org Python Tutorials

http://www.learnpython.org/

• Python programming from Coursera (Thanks

to Valentin Filippov):

https://www.coursera.org/course/pythonlearn

https://developers.google.com/fit/rest/v1/get-started

http://www.restapitutorial.com/

https://services.github.com/resources/

Misc

BRKSPG-1000 34

https://developers.google.com/edu/python/

http://www.codecademy.com/en/tracks/python

http://www.learnpython.org/

https://www.coursera.org/course/pythonlearn

https://developers.google.com/fit/rest/v1/get-started

http://www.restapitutorial.com/

https://services.github.com/resources/

Virtualization of Network Services


Network Functions Virtualization: Why, How, When?

Disaggregation of Network Functions from the underlying Hardware

Network Functions running inside VM on

x86 Server Platform (Virtual Network Functions)

NAT

VM

Firewall

VM

SBC

VM

dDOS

VM

Virus Scan VM

IPS

VM

DPI

VM

CGN

VM

Portal

VM

PCRF

VM

DNS

VM

DHCP

VM

BRAS

VM

SDN Control

VM

RaaS

VM

WLC

VM

WAAS

VM

CDN

VM

Caching

VM

NMS

VM

Hardware(x86 Server)

Cloud Operating System

Virtual Network Functions

Existing Hardware / Appliance

based Network Functions (PNFs)

Hardware(ASIC/NPU/GPU)

Operating System

Apps (e.g. Routing)

How?Why?

• Hypervisor & cloud technology• Improving x86 h/w performance• Automation and orchestration

• Speed and Agility• Monetization with new services• Reduced total cost of

ownership

When?

• Performance Requirements• Physical Design Requirements• Economics of on-boarding

Depends On

Purpose built appliances

BRKSPG-1000 36


The 4 Layers of a virtualized System Architecture

ISR 4000 + UCS E-Series

CSP-2100 /UCS C-Series

Enterprise Network Compute System

Network Functions Virtualization Infrastructure Software (NFVIS), vCenter

Automation / Orchestration/Life Cycle Management (ESC, NSO,DNAC)

Virtual Router(ISRv,CSR)

Virtual Firewall(ASAv, NGFWv)

Virtual WAN Optimization

(vWAAS)

Virtual Wireless LAN Controller (vWLC)

3rd Party VNFs

1

2

3

4

BRKSPG-1000 37


(MANO)

Virtualized Network Function, actual NF application (ex. vFR,

vCPE,vLB)

Traditional Element Manager

Virtualisation layer, Server (hypervisor), Network, Storage

Physical hardware

Resource Mgr, Operations

Lifecycle mgmt for VNFs (upgrade,

scale, termination, etc.)

Orchestration of overall solution

Deployment templates, forwarding graph, service-

related information

OSS (CMDB, Monitoring, Alarming,

IPAM/DNS/DHCP)BSS (CRM, Billing, Order

Mgmt)

ETSI NFV Reference Architecture

BRKSPG-1000 38


Network VirtualizationVIRTUAL NETWORKS DECOUPLED from underlying hardware

NATIVE OS

HYPERVISOR

CPU MEMORY STORAGE

Container

VM

Container

DHCP

BGP ROUTE REFLECT

PACKET CORE

X86

VM Container

VNF Container

BRKSPG-1000 39


Cisco Cloud Services Router (CSR) 1000VCisco IOS Software in Virtual Form-Factor

• IOS XE Cloud Edition

• Selected features of IOS XE based on targeted use cases

• Infrastructure Agnostic

• Not tied to any server or vSwitch, supports ESXi, KVM, Xen, AMI

• Throughput Elasticity

• Delivers 10 Mbps to 10 Gbps throughput, consumes 1 to 8 vCPU

• Multiple Licensing Models

• Term, Perpetual, Hourly

• Programmability

• RESTful APIs for automated management

Server

Hypervisor

Virtual Switch

OS

App

OS

App

CSR 1000V

Enterprise-class Networking with Rapid Deployment and Flexibility

BRKSPG-1000 40


The Top 5 use-cases for Enterprise VirtualizationVirtualizedBranch

IP

WAAS

IPS

NFVIS

EnterpriseFabric

ThinBranch SPPoP - vCPE

ThinCPE

WAAS

IPS

LB

NFI/NFVIS

DC/PrivateCloud

Apps

WAAS

IPS

LB

NFVIS

CoLo

Apps

WAAS

IPS

LB

NFVIS

EnterpriseFabric

VPC

AWS

Apps

IPS

WAAS

LB

BRKSPG-1000 41


RouterIntegratedVirtualizedBranch

L4-7 virtualizedBranch

Fully virtualized Branch

Virtualization of Branch L3-7 Services (Enterprise NFV)

VM1 VMn

VM1 VMn

VM1 VMn

WAN

Router + virtualized L4-7 services

• Router performs transport functions (Routing, ACL, NAT,

SNMP..)

• Services virtualized on external server

• VNFs Could be multi-vendor (Best of breed)

Fully virtualized Branch

• Physical router replaced by x86 compute

• Both transport and network services virtualized

• Optional redundancy

• VNFs could be multi-vendor (Best of breed)

Router + integrated L4-7 services

• E.g. ISR4K + UCS-E

• Router performs transport functions

• Services (Firewall, WAAS..) virtualized on UCS-E

Management and Orchestration

BRKSPG-1000 42


Standardize and Virtualized Data Center Examples

Provider Access ChainsConsumer Access Chains

RTRRTR

RTR

WOC

RTRFW VPN

GW FW

RTR FWVPN GW FW

RTR FWVPN GW

FW

RTR

SLBWAF

FW

SLBWEB

FW

FW

FPCSLB

SSLDLP

FW

RTRFW

FW

RTRFWIPS

RTRFWIPS

SLB

RoutedCore

Trusted VRFs

Provisioned / de-provisioned dynamically using orchestration tools

VNF Based Service chains built on x86 platform

BRKSPG-1000 43

Related Skills and Concepts


Server Virtualization and Virtual Networking

Application

Guest OS

Virtual

Hardware

Application

Guest OS

Virtual

Hardware

Application

Guest OS

Virtual

Hardware

Hypervisor –(Hyper-V, Xen, ESX Server, KVM

Hardware –(CPU, memory, NIC, Disk

BRKSPG-1000 45


DPDK: Data Plane Development Kit

• DPDK is an Open Source BSD licensed project.

• DPDK is a set of libraries and drivers for fast packet processing.

• It was designed to run on any processors knowing Intel x86 has been the first CPU to be supported.

• DPDK is not a networking stack and does not provide functions such as Layer-3 forwarding, IPsec, firewalling, etc.

Sources: www.dpdk.org, DPDK Summit (Sept. 2014)

BRKSPG-1000 46

http://www.dpdk.org/

VNF Design Considerations


Network Design ConsiderationsFeature Comparison

Feature OVS-DPDK with ML2 Plugin (RHOSP10)

VPP with ML2 Plugin(Cisco VIM 2.0)

VPP with Cisco VTS (Cisco VIM 2.0)

SR-IOV

Flat Layer 2 Network

VLAN Layer 2 Network

VXLAN Layer 2 Network

VLAN Aware VNFs [1]

Security Groups [2] [3]

QoS [4]

Neutron Agent communication

rabbitMQ etcd netconf NA

Neutron Agent communication security

NA

Note: OVS-DPDK not currently supported with Cisco VIM. [1] Support from RHOSP 11 onwards

[2] No official support. Only in Tech Preview

[3] Remote Group-id not supported with current release

[4] DSCP Marking supported

BRKSPG-1000 48


Network Design ConsiderationsFeature Comparison

Feature OVS-DPDK (RHOSP10) VPP with(Cisco VIM 2.0)

VPP with Cisco VTS(Cisco VIM 2.0)

SR-IOV

Layer 3 NA

Distributed Layer 3Gateway

Port Aggregation STATIC/LACP STATIC STATIC NA

Link Layer Protocol LLDP CDP CDP NA

vHost Reconnect NA

Host Agent Restart NA

Live Migration

Note: OVS-DPDK not currently supported with Cisco VIM.

BRKSPG-1000 49


How to develop your NFV Skills

Cisco Live Sessions NFV

Branch Virtualization - The Evolving NFV Landscape [BRKARC-2014] Barcelona 2018

Cisco Network Function Virtualization Infrastructure (NFVI) [PSOSPG-2012] Orlando 2018

NFV Performance - Challenges and Solutions [BRKSDN-2411]

Network Function Virtualization (NFV) using IOS-XR [BRKSPG-2724]

Carrier-Grade NFV Infrastructure for Service Providers [BRKSDN-2410]

Deploy Network Services in Minutes on any Platform with Cisco Enterprise Network Functions Virtualization (NFV) [BRKRST-2112]

Network Function Virtualization for Enterprise Networks [BRKCRS-3447]

Inside Cisco IT: DevOps Network Automation & Programability with Cisco NSO [BRKCOC-2024]

BRKSPG-1000 50


How to develop your NFV Skills

Books and E-Books CertificationsWeb Links

ETSI

Telecomlighthouse NFV Mind Map

300-560 NPDEV Developing with

Cisco Network Programmability

300-550 NPDESI Cisco Network Programmability Design and

Implementation Specialist

Openvswitch

CiscoLive On Demand

Library

Cisco NFV Page

Cisco Enterprise NFV

BRKSPG-1000 51

http://www.etsi.org/

http://www.telecomlighthouse.com/

http://openvswitch.org/features/

https://www.ciscolive.com/global/on-demand-library/?#/

https://www.cisco.com/c/en/us/solutions/service-provider/network-functions-virtualization-nfv/index.html

https://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-functions-virtualization-nfv/index.html

Automation &Orchestration


Service Catalogs

BRKSPG-1000 53


Service OrchestrationAutomation, provisioning and interworking

of physical and virtual resources

NFVNetwork functions and software running on any open standards-based hardware

SDNControl & Data Plane separation…Centralized

Control…abstraction & programmability

ServiceOrchestration

Traditional

NFVSDN

TraditionalDistributed control plane components, physical

entities

Cisco Architectural VisionSDN/NFV and Orchestration enable change

BRKSPG-1000 54


• OpenStack is an Infrastructure As A Service (IaaS) cloud

computing project

• Open Stack is the cloud operation system that is used to

manage the cloud infrastructure

“…provides a means to control (administer) compute, storage, network and

virtualization technologies…”

= Cloud Operating System

BRKSPG-1000 55


OpenStackOpen Source Software for Creating Private and Public Clouds

Compute (Nova)

Self-service provisioning of virtual machines through a software API

Object Storage (Swift)

Massively scalable, distributed object store

Network Service (Neutron)

For tenant created, virtual isolated networks and subnets, and services

Your Application

www.openstack.org

BRKSPG-1000 56


Cisco (VIM)OpenStack Platform (Mercury) Introduction• Mercury is a Cisco OpenStack platform built on top of an underlying OpenStack Distribution like Red Hat to build a

carrier grade platform integrated with Cisco HW & SW

• Mercury provides a set of tools including an automated installer, containerized OpenStack services, logging/monitoring, health check tools and plugins for Cisco HW and SDN controllers

Redhat Enterprise Linux OpenStack Platform (RHEL OSP7)

Compute Networking Storage

Nova

Automated

Installer

Cisco OpenStack Platform (Mercury)

Proven HA

Architecture

Health Checks

ASR1k ACI

OSC

Nx9k

Redhat

VTSLogging /

Monitoring

Containerised

Components

OVS / Linux Bridge

Cisco

Integrated Test

Suite

Neutron

Plugins / Drivers

Cinder / Glance

Ceph

Goal of Mercury is to provide a reliable, highly available & easily upgradeable OpenStack platform for SP deployment

CI/CD

Release

System

Automated

System Test

Cisco GIT

Repository

BRKSPG-1000 57


Network Services Orchestrator (NSO)

• Enabled by tail-f

• Multi-vendor service orchestrator for existing and future networks

o Includes distributed (multi-device) service configuration management, transaction integrity, validation and rollback

• Single pane of glass for:

o L2-L7 networking

o Hardware Devices

o Virtual Appliances

• YANG Model Driven Orchestration

o Service Data models (declarative)

o Device Data Model (for auto config)

o Fastmap engine translates models to device configuration including CLI

• Highly Scalable for large infrastructure

o One of the existing deployment is managing 60K devices on the network

Network Element Drivers

Device Manager

Service Manager

Network Services Orchestrator (NSO) Service

Models

Device

Models

Network-wide CLI, Web UIREST, Java, NETCONF

Network Engineer

ManagementApplications

End-to-EndTransactions

NETCONF, CLI, SNMP, REST, etc.

• Applications

• Controllers

BRKSPG-1000 58


•

•

•

•

•

•

•

•

•

Cisco DNA CenterAutomation and Assurance Solution for the Network

BRKSPG-1000 59


List of Events• VM Alive

• Service Alive• Upper load threshold

crossed

• Lower load threshold crossed

• Service Dead

• VM Dead

List of Actions

• Notify (callback)

• Advertise Service• Withdraw Service• Restart VM

• Scale up (add a VM)• Scale down (remove a VM)• Individually customisable

action(s) for every event

Simple Rules

Service Alive => advertise

VM Dead => withdraw

Upper load => scale up

Complex Rules

Upper load => Scale up, Notify, Advertise

Service Dead => Withdraw, Notify, Restart

Service Alive => Advertise, Notify

Elastic Services Controller

ProvisionVM

VM Bootstrapprocess

Service Bootstrap Process

Servicealive

VMalive Service

Functional

ServiceOverloaded / Underloaded

VNFProvisioning

VNF MonitorVNF

Configuration

ConfigureService

Service DEAD

VM DEAD

Custom Script Action

VMOverloaded / Underloaded

Predefined Action


Predefined Action


Predefined Action


Predefined Action


Predefined Action


Predefined Action

Analytic Engine Rule Engine

Elastic Services Controller (ESC)VNF Lifecycle Management, Monitoring and Elasticity

BRKSPG-1000 60


Public Cloud Orchestrators

Google Cloud Deployment ManagerAWS Cloud

Formation

Azure Automation

BRKSPG-1000 61


• Set Governance Policies• Manage Users, Applications, and Clouds

• Create Application Profiles

GUI

API

CLI

Cisco CloudCenter (formerly CliQr)Any Application. Any Cloud. One Platform.

BRKSPG-1000 62

Related Skills and Concepts


CODE

BUILD

TEST

RELEASE

DEPLOY

OPERATE

MONITOR

PLAN

Dev Ops Model From a Network Engineer’s point of view

BRKSPG-1000 64


Puppet

• It is a power configuration management tool

• Extensibly used in IT operations

• With Puppet you can automate the entire data center without needing to write enormous scripts

• Enormous reduction in time in rolling out new releases –From weeks to hours!!

• Puppet is written in Ruby language.

• Expert knowledge of Ruby is not required to use Puppet but some basics are needed

BRKSPG-1000 65


Chef

• Like Puppet, Chef is also widely used in the cloud infrastructure automation

• It operates in Client-Server model

• Each chef-client has cookbook which tells how each node in your organization should be configured

• The Chef-Server stores cookbooks , the policies that are applied to the nodes

• Using Chef-Client, Nodes asks the Chef Server for configuration details

BRKSPG-1000 66


Ansible

• Just like Chef and Puppet Ansible is also a configuration management tool

• Unlike Puppet and Chef , Ansible does not use Ruby

• Ansible is implemented using Python

• Currently it is only available on Linux and Unix platforms

• Excellent security using SSH/SSH2

• Still fairly new tool, not tried and tested as Chef and Puppet

BRKSPG-1000 67


How to develop your Orchestration Skills

Cisco Live Sessions - Orchestration

Service Orchestration with Cisco Network Services Orchestrator - BRKNMS-1100

Introduction to Automating ACI with Ansible [LABACI-1013]

Introduction to CLI Automation with Ansible [LTRRST-1954]

Real World Automation In the Enterprise [BRKDCN-1789]

Cisco SD-WAN as a Managed Service [BRKRST-2558]

Introduction to Cisco Network Service Orchestrator (NSO) –[LABNMS-1011]

Building Intent-Based Networks with NSO and programmable NXOS [BRKDCN-2498]

BRKSPG-1000 68


How to develop your Orchestration SkillsBooks and E-Books CertificationsWeb Links

• Jenkins

• Puppet

• Chef

• Ansible

• Openstack

Jenkins tutorialJenkins Doc

Puppet Resources

Edureka Tutorial

Puppet Learning VM

Chef Documentation

Learn Chef

Free Tutorial - EdurekaChef on Udemy

Ansible up and Running- Book PDFAnsible On-Demand Webinar

httpsOpenStack Documentation

Red Hat Certified Architect: DevOps

Certified OpenStack

Administrator (COA)

Cisco NSO for Network Engineers

BRKSPG-1000 69

https://www.tutorialspoint.com/jenkins/index.htm

https://jenkins.io/doc/

https://puppet.com/resources

https://www.youtube.com/watch?v=0yVJhb2VkVk

https://puppet.com/download-learning-vm?ls=paid-search&ccn=OSP-PMG-2016&pub=google&cid=701G0000001ZCnE&utm_medium=cpc&utm_campaign=OSP-PMG-2016&utm_source=google&utm_content=learning-vm&gclid=CKWqxq7ShdQCFc5bfgodTywL8w

https://docs.chef.io/chef_automate.html

https://learn.chef.io/#/

https://www.youtube.com/watch?v=LTIjUJEehDA

https://www.udemy.com/chef-essentials/

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0ahUKEwjdmonhz9zUAhVN9mMKHUrfBNcQFgg1MAM&url=https://ipfs.io/ipfs/QmTJaLdhUW6jTdXGFoqv7wZe5KguBi5F2u4ihBdrUMVPhw&usg=AFQjCNHvitBd7A_p9N3CLK970huj53OKNA

https://ipfs.io/ipfs/QmTJaLdhUW6jTdXGFoqv7wZe5KguBi5F2u4ihBdrUMVPhw

https://www.ansible.com/webinar-on-demand-ansible-introduction-windows

https://docs.openstack.org/

https://www.youtube.com/watch?v=MrFjpLuU1QA

Open Systems (Linux)


Why Linux is Essential for Network Engineers

Router

L2/L3 Switch

Blade Switch

Servers

BRKSPG-1000 71


Why is Linux Essential for Network EngineersRouter

L2/L3 Switch

Blade Switch

Servers

vSwitch

VM/VNF

HYPERVISOR

Lbr Lbr

IP-T

Linux Bridges

IP Tables

C C C C C CContainers

BRKSPG-1000 72


Why is Linux Essential for Network Engineers

Router

L2/L3 Switch

Blade Switch

Servers

HYPERVISOR

vSwitch

VM/VNF

Lbr Lbr

IP-T

Linux Bridges

IP Tables

C C C C C CContainers

X86 server

K V M

BRKSPG-1000 73


Relevant Linux Domains for Network Engineers

BRKSPG-1000 74

Linux Security


Security Considerations

Remove or Disable unwanted services‘chkconfig‘ command to find out services which are running on runlevel 3.

# chkconfig serviceName off

RPM package manager such as “yum” or “apt-get” tools to list and remove

installed packages

# yum –y remove package-name

# sudo apt-get remove package-name

Check Listening Network Ports‘netstat‘ networking command to view all open ports and associated programs.

‘chkconfig‘ command to disable all unwanted network services from the system.

#netstat -tulpn

Security Monitoring and Managementtripwire to monitor system file integrity and to audit changes.

Setup a central syslog server (syslog-ng) and a log analyzer, such as logcheck.

monitoring system using Nagios or Argus on your network.

BRKSPG-1000 76

Linux Containers


Linux Containers

• A container is a Group of Processes on a Linux machine.

• Those processes form an Isolated Environment.

• Inside the container, it (almost) looks like a VM.

• Outside the container, it looks like normal processes running on the machine.

• It looks like a VM, but it is more efficient: Containers = Lightweight Virtualization

Zones

BRKSPG-1000 78


Containers and Virtual Machines

App A

Bins/Libs

Hypervisor (Type 2)

Host OS

Server

Host OS

Server

App A’

Bins/Libs

Guest OS

App B

Bins/Libs

Guest OS

Bins/Libs Bins/Libs Co

nta

iner

Co

ntr

ol

App A

App A’

App B

App B’

App C’

App C’

VM

Container

Containers are isolated but share OS and where

appropriate bins/libraries

Guest OS

BRKSPG-1000 79


Why containers – CLOUD NATIVE APPLICATIONS

Run in cloud computing environments

Infrastructure Agnostic

Simple, discoverable, re-useable services such as Microservices.

BRKSPG-1000 80


Container Networking

BRKSPG-1000 81


Docker, Kubernetes and Contiv• Frameworks for Container Implementations

• Major Design Considerations from Networking Perspective

Feature Docker Kubernetes

Abstraction Container Pod

Standard Container Network Model (CNM)

Container Network Interface (CNI)

Service Discovery Embedded DNS Kube-DNS

Internal Load Balancing Iptables and IPVS Iptables and Kube-Proxy

External Load Balancing Routing Mesh Nodeport

External Plugins Weave, Calico, Contiv Flannel, Weave, Calico,Contiv

BRKSPG-1000 82

Learning Resources


How to develop your Container Skills

Cisco Live Sessions - Containers

Introduction to Containers and Container Networking [BRKSDN-2115]

• Kuber-what?! Learn about Kubernetes - DEVNET-1999 Matthew Johnson

• Kubernetes Container Networking [BRKDCN-2390]

• Run containers in your Cat9K? Yes you can! - DEVNET-2202Containers and Microservices: A Survival Guide [BRKSPV-1110]

• Demystifying Container Networking DEVNET 1195 and DEVNET-2892

• Cisco Container Platform: Architecture of a new Multi-Cloud Kubernetes Platform [BRKCLD-2676]

BRKSPG-1000 84


How to develop your Linux Skills

Books and E-Books Certifications

• Linux Foundation Linux Certification: https://training.linuxfoundation.org/certification

• Linux Foundation Certified System Administrator: https://training.linuxfoundation.org/certification/lfcs

Web Links

• An overview of Red Hat OpenStack Platform: https://www.redhat.com/en/services/training/cl010-red-hat-openstack-technical-overview

• Linux Academy – Linux & Cloud Training: https://linuxacademy.com

• Introduction to Linux: https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux

• Network Programmability Users Group.

• Following Linux Education Webex Series are available @ http://www.npug.net/past-events/

Linux Network Administrators Guide:

http://www.tldp.org/LDP/nag2/nag2.pdf

BRKSPG-1000 85

https://training.linuxfoundation.org/certification

https://training.linuxfoundation.org/certification/lfcs

https://www.redhat.com/en/services/training/cl010-red-hat-openstack-technical-overview

https://linuxacademy.com/

https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux

http://www.npug.net/past-events/

http://www.tldp.org/LDP/nag2/nag2.pdf

Putting It All Together


Underlay Technologies

Virtualization & Overlay

(include VNFs)

VIM and Overlay/SDN

Controllers

(Network VIM)

Management & Orchestration

(ETSI NFV MANO)

Services Consumptions

SDN & NFV Solutions

Business Outcomes

Compute: Physical

(servers), Linux OS

Network: Physical (Routers &

Switches), Routing, Switching,

Network Device OS/Firmware

Storage: Physical

(disks), OS, FCOE

Compute

Virtualization:

Hypervisor (KVM)

Network Virtualization:

VXLAN, OpenFlow,

MPLS, EVPN, OVSDB

Storage

Virtualization:

CEPH, Swift

Cloud VPN/

VMS, vCPE, vEPC

User Web Portal, Admin

Portal, Ticketing System,

Billing/BSS, UCS Director

Top

Three

Cisco NSO

VNF Manager:

Elastic Controller

OSS/Management

VTS

BRKSPG-1000 87

Learning Roadmap


Solutions Architect

Solution Deployment

Solution Developer

Solution Operator

Architecture skills, industry standard understanding, technology and product roadmaps, consulting skill, broad knowledge of VNFs, network and solutions assessment and business acumen.

SDN/NFV skills necessary to perform installation of solution components (Infrastructure, Virtualization and Linux skills), configuration of functionality , Automation and Orchestration

tools, troubleshooting skills, testing skills, documentation skills.

SDN/NFV advanced skills to install, configure and customize components of solution. Skills in programming (Python, Java, API , Web etc.) and software development with Agile/Scrum

SDN/NFV skills necessary for optimizing and troubleshooting the solution, focused on usability, operation and troubleshooting. ( Controllers, Analytics, NFV Components life cycle mgmt.

Begin with End in Mind: Which Role Will You Be?

BRKSPG-1000 89


CISCO NETWORKING

OPEN SYSTEMS [LINUX]

SDN

PROGRAMMABILITY

PYTHON/SCRIPTING

ORCHESTRATION

AUTOMATION

LIFE CYCLE MANAGEMENT

VIRTUALIZATION

SOLUTIONS ARCHITECTURE

Complete Novice

Domain ExpertHands on

Done some reading

Self Assessment and Gap AnalysisSelf Assessment and Gap Analysis

BRKSPG-1000 90


Define Target Performance

BRKSPG-1000 91


Underlay Technologies

Virtualization & Overlay

(include VNFs)

VIM and Overlay/SDN

Controllers

(Network VIM)

Management & Orchestration

(ETSI NFV MANO)

Services Consumptions

SDN & NFV Solutions

Business Outcomes

Compute: Physical

(servers), Linux OS

Network: Physical (Routers &

Switches), Routing, Switching,

Network Device OS/Firmware

Storage: Physical

(disks), OS, FCOE

Compute

Virtualization:

Hypervisor (KVM)

Network Virtualization:

VXLAN, OpenFlow,

MPLS, EVPN, OVSDB

Storage

Virtualization:

CEPH, Swift

Cloud VPN/

VMS, vCPE, vEPC

User Web Portal, Admin

Portal, Ticketing System,

Billing/BSS, UCS Director

Top

Three

Cisco NSO

VNF Manager:

Elastic Controller

OSS/Management

VTS

Te

ch

nic

al S

kill

De

ve

lop

me

nt

So

lvin

g B

usin

ess P

rob

lem

s

BuildLearning Path

BRKSPG-1000 92


Get with the Program!!

www.opennetworking.org/certification/skills

•

•

Required Exams

Recommended Training

300-460CLDINF

Implementing and Troubleshootingthe Cisco Infrastructure (CLDINF)

300-465CLDDES

Designing the Cisco Cloud(CLDDES)

300-470CLDAUT

Automating the Cisco EnterpriseCloud (CLDAUT)

300-475CLDACI

Building the Cisco Cloud withApplication Centric Infrastructure(CLDACI)

Cisco Network Programmability Developer Specialist

CCNP Cloud

Required Exams


210-451 CLDFND

Understanding Cisco Cloud Fundamentals (CLDFND)

210-455 CLDADM

Introducing Cisco Cloud Administration (CLDADM)

CCNA Cloud

Required Exams


300-560 NPDEV

Developing with Cisco Network Programmability (NPDEV)

Required Exams


300-550 NPDESI

Designing and Implementing Cisco Network Programmability (NPDESI)

Cisco Network Programmability Design and

Implementation Specialist

BRKSPG-1000 93


How Much Time Investment Required?

20% = 1 Day / Week = 4-5 Days / Month

It Depends on existing back ground, the sense of urgency you feel opportunities available at work and many other factors

All Engineers are not made the same

This is a general guestimate

BRKSPG-1000 94


Start

Month 1

Data Center and Network Virtualization.

SDN Controllers

Linux for Network Engineers

Server and NF Virtualization

Python for Network Engineers

Cloud certification

Month 2

Month 3-4

Month 6-8

Beyond SDN/NFV

20% Time Investment for Skill TransformationFrom Legacy Network Engineer to SDN/NFV Ready in 6-8 months

SDN/NFV use cases

Month 5

BRKSPG-1000 95

Key Takeaways


Wrap Up

• The Transformation is Real

• Segment your Learning

• Learn Virtualization

• Learn Linux/ Containers

• Learn Scripting and Programming

• Familiarize yourself with a public or private cloud implementation.

• Start Using commercial Open Stack before mastering how to Install open source version.

• Understand Orchestration Tools

• Always keep the Big Picture in mind

• Your Target Role

• Use cases

• If you do not have Rotation Program available then get into a certification program

• With All the above Technologies Blend Analytics

• Security is as strong as the the weakest link has a new meaning now !!!!

BRKSPG-1000 98

Questions? Use Cisco Webex Teams to chat with the speaker after the session

Find this session in the Cisco Live Mobile App

Click “Join the Discussion”

Install Webex Teams or go directly to the team space

Enter messages/questions in the team space

How

Webex Teams will be moderated by the speaker until June 16, 2019.

1

2

3

4


Cisco Webex Teams

cs.co/ciscolivebot#

99

BRKSPG-1000

Complete your online session evaluation

• Please complete your session survey after each session. Your feedback is very important.

• Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live water bottle.

• All surveys can be taken in the Cisco Live Mobile App or by logging in to the Session Catalog on ciscolive.cisco.com/us.

Cisco Live sessions will be available for viewing on demand after the event at ciscolive.cisco.com.

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS BRKSPG-1000 100

http://ciscolive.cisco.com/us

https://ciscolive.cisco.com/


Continue your education

Related sessions

Walk-in labsDemos in the Cisco campus

Meet the engineer 1:1 meetings

BRKSPG-1000 101

Thank you

#CLUS

Session Presentation - Cisco Live

Documents

Transcript of Session Presentation - Cisco Live