Date post: | 29-Nov-2018 |
Category: |
Documents |
Upload: | trinhduong |
View: | 225 times |
Download: | 0 times |
Virtualizing Cisco Service Provider Wi-Fi core
BRKSPM2006
Ravi Shankar & Piyush Patel
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Cisco Intercloud Strategy
Enterprise Private Clouds
Public Clouds
Partner Clouds Cloud Services
& Applications
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Cisco Cloud Portfolio Cisco Cloud Enablement Products and Solutions
Cisco Powered
Architectures for
Cloud Providers
Integrated
Infrastructure Network
Function
Virtualization
(NFV)
Intercloud
Fabric
Application Centric Infrastructure
Cloud Consulting Services
Cisco Cloud Enablement Platform
Service Catalog
Orchestration and Automation
Infrastructure Controller
Cisco Cloud
Applications
Application Enablement Platform & APIs
Platform & Infrastructure Services
Application Centric Infrastructure
On Premise
Hybrid
Managed
Customer’s
Private Cloud
Cisco
Cloud
Apps
Partner &
ISV Apps
IoE &
Vertical
Apps
OpenStack Cloud Libraries
Draft – awaiting final back
from graphics tune up
4
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Agenda
• Virtualizing existing architecture
– Service instances
– Subscriber experience and provider highlights
• Hospitality case study
• 3G/4G integration options
• Scaling and orchestration
– Openstack
– Elastic Services controller
– Prime fulfillment
5
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
WiFi end to end solution architecture: ISG
6
UCS
ISG
CAPWAP
WLAN
Controller
Internet Backhaul
Session management
L4 Redirection
Transparent Auto Logon
Policy enforcement
Accounting start / stop
Legal Intercept
WLAN Policy
RRM
WiFi Mobility
EAP Authentication
Rouge AP detection
Client Link
Band Select
Hotspot 2.0
WiFi security
Flexconnect
Cleanair
Location
information
DHCP relay / proxy
Gratuitous ARP
WLAN / VLAN
bridging
Subscriber
management
Subscriber
authentication
Service authorization
Web portals
Policy definition
Roaming
Address assignment
Accounting / Billing
Whitelisting
Location awareness
Network Analytics
WLAN
Access
Core
Network
802.11 a/b/g/n
NAT
Firewall
DPI
Video optimization
L2 / L3 L3
Portal DNS
PCRF DNS SUM
DHCP
AAA PI MSE
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
What to virtualize?
7
UCS
ISG
CAPWAP
WLAN
Controller
Internet Backhaul
Session management
L4 Redirection
Transparent Auto Logon
Policy enforcement
Accounting start / stop
Legal Intercept
WLAN Policy
RRM
WiFi Mobility
EAP Authentication
Rouge AP detection
Client Link
Band Select
Hotspot 2.0
WiFi security
Flexconnect
Cleanair
Location
information
DHCP relay / proxy
Gratuitous ARP
WLAN / VLAN
bridging
Subscriber
management
Subscriber
authentication
Service authorization
Web portals
Policy definition
Roaming
Address assignment
Accounting / Billing
Whitelisting
Location awareness
Network Analytics
WLAN
Access
Core
Network
802.11 a/b/g/n
NAT
Firewall
DPI
Video optimization
L2 / L3 L3
Portal MSE
PCRF DNS SUM
DHCP
PI
DNS AAA
DNS service
Authentication
Accounting
Management
Subscriber management
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Virtualized WiFi instance
8
Internet
WLAN Policy
RRM
WiFi Mobility
EAP Authentication
Rouge AP detection
Client Link
Band Select
Hotspot 2.0
WiFi security
Flexconnect
Cleanair
Location information
DHCP relay / proxy
Gratuitous ARP
WLAN / VLAN
bridging
WLAN
Access
AAA
Web portals
Policy definition
Roaming
Address assignment
Whitelisting
Location awareness
Network Analytics
BBX – Ad insertion
Session management
L4 Redirection
Transparent Auto Logon
Policy enforcement
Accounting start / stop
Legal Intercept
DNS service
Authentication
Accounting
Management
Subscriber management
ISG
CAPWAP
WLAN
Controller
Backhaul
Core
Network
UCS Portal
DNS
DHCP
PI
MSE
L2 / L3 L3
NAT
NAT
Firewall
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Virtualized WiFi Service Instances
9
ISG
CAPWAP
WLAN
Controller
Internet
Backhaul
WLAN Access Core
Network
Portal DNS
DHCP
PI
AAA
MSE
802.11 a/b/g/n L2 / L3 L3
NAT
ISG
CAPWAP
WLAN
Controller
Backhaul
WLAN Access Core
Network
UCS
Portal DHCP MSE
802.11 a/b/g/n L2 / L3 L3
NAT
Service Instance - 1
Service Instance - 2
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Virtual WiFi
SP Network
VL
-1093
VL
-1094
ISC DHCP
(V4 & V6) MSE
Backhaul VL-61
VL-62
Web
Portal
DNS
V4 & V6
AAA
V4 & V6
Cisco
PI
DNS
vISG
CSR1000KV
vNAT
CSR1000KV
vWLC-1
vWLC-2
10
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Out of band management access
SP Network
VL
-1093
VL
-1094
MSE
Backhaul VL-61
VL-62
Web
Portal
DNS
V4 & V6
AAA
V4 & V6
Cisco
PI
vISG
CSR1000KV
vNAT
CSR1000KV
vWLC-2
Service Provider Management Network
DNS
ISC DHCP
(V4 & V6)
vWLC-1
11
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Differences between service instances
• IP addresses for all components on the SP management network
• Public IP addresses for virtual WLC’s
• NAT pool for each service instance
• VLAN’s must be unique per service instance within a cluster
Everything else remains the same across ALL service instances
12
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Multiple Instances
Backhaul
DHCP
DNS
vWLC
vNAT
vISG
Portal
MSE
Se
rvic
e P
rovid
er
Ma
nag
em
en
t N
etw
ork
Backhaul
DHCP
DNS
vWLC
vNAT
vISG
Portal
MSE
Backhaul
DHCP
DNS
vWLC
vNAT
vISG
Portal
MSE
UCS
DNS
V4 & V6
AAA
V4 & V6
Cisco
PI
13
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Virtual WiFi service – feature mapping
WLAN Policy
RRM
WiFi Mobility
EAP
Authentication
Rouge AP
detection
Client Link
Band Select
Flexconnect
Cleanair
Location
information
Hotspot 2.0
WiFi security
Web portals
Policy definition
Roaming
Address assignment
Whitelisting
Location awareness
Network Analytics
Ad insertion
Session management
L4 Redirection
TAL
Policy enforcement
Accounting start / stop
NAT / FW
DNS service
Authentication
Accounting
Authorization
Management
Subs management
WLAN Policy
RRM
WiFi Mobility
EAP
Authentication
Rouge AP
detection
Client Link
Band Select
Flexconnect
Cleanair
Location
information
Hotspot 2.0
WiFi security
Web portals
Policy definition
Roaming
Address assignment
Whitelisting
Location awareness
Network Analytics
Ad insertion
Session management
L4 Redirection
TAL
Policy enforcement
Accounting start / stop
NAT / FW
WiFi
Presence
Service Instances
(UCS based)
Common Services
(All Instances)
UCS
14
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Layer 2 Connectivity with Nexus 1000v
15
vSphere
Nexus
1000V
VEM
vSphere
Nexus
1000V
VEM
Nexus
1000V VSM
ESXi host 1
Physical Switches
vWLC vISG MSE DHCP vNAT Portal vWLC vISG MSE DHCP vNAT Portal
Virtual Machines
L2 Trunks
ESXi host 2
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Service Instances across a cluster
DHCP
DNS vWLC vNAT vISG Portal MSE
DHCP
DNS vWLC vNAT vISG Portal MSE
DHCP
DNS vWLC vNAT vISG Portal MSE
VEM
N1000KV
VMWare Cluster
ESXi Host - 1 ESXi Host - 3 ESXi Host - 2 ESXi Host - 4
Service
Instance 1
Service
Instance 2
Service
Instance 3
VEM
N1000KV
VEM
N1000KV
VEM
N1000KV
16
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Fault tolerance for service instances
DHCP
DNS vWLC vNAT vISG Portal MSE
DHCP
DNS vWLC vNAT vISG Portal MSE
VEM
N1000KV
VMWare Cluster
ESXi Host - 1 ESXi Host - 3 ESXi Host - 2 ESXi Host - 4
Service
Instance 1
Fault
Tolerance
VEM
N1000KV
VEM
N1000KV
VEM
N1000KV
• Only VM’s with a single vCPU can be made fault tolerant
• Virtual hard disk should be set up as Thick eager zeroed
• Only 4 Fault Tolerant VM’s per ESXi host
17
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Service Instance: subscriber experience
• VLAN based (Location based) portals
• User name / password based web authentication
• Transparent auto logon
• 3 Tiers of service (URANIUM, PLATINUM, TITANIUM)
• Support for dual-stack clients (IPv4 and IPv6)
• Policy enforcement on ISG (Downstream and upstream BW)
• Session management and AAA based accounting
• Location based Advertisement insertion
18
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Service Instance: Provider feature highlights
• License based solution (No actual hardware other than UCS)
• Rapid deployment of service instances – reduced risk
• On demand service replication with feature consistency
• Common accounting / authorization / authentication
• Common management of multiple instances
• Isolation between service instances (Separate external policy – DPI)
• VMWare cluster based service redundancy
• Consistent subscriber experience across all service instances
• Opportunity to customize service instances if required
• Monetization potential (Analytics, Ad insertion)
Reduced TCO
19
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Other Verticals
Service
Instance 1
Service
Instance 2
Service
Instance 3
Service
Instance 4
AA
A /
PI
Service
Instance 1
Service
Instance 2
Service
Instance 3
Service
Instance 4
AA
A /
PI
Service
Instance 1
Service
Instance 2
Service
Instance 3
Service
Instance 4
AA
A /
PI
Service
Instance 1
Service
Instance 2
Service
Instance 3
Service
Instance 4
AA
A /
PI
VMWare Cluster(s)
Retail Transportation Healthcare Education
20
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Multi tenancy, single cluster
21
VMWare Cluster(s)
Consistent features and subscriber experience within vertical
Common authentication / accounting within vertical
Monetization potential and location awareness per instance
Traffic management and reporting isolation within vertical
Service
Instance 1
Service
Instance 2
Service
Instance 3
Service
Instance 4
AA
A /
PI
Retail
Service
Instance 1
Service
Instance 2
Service
Instance 3
Service
Instance 4
AA
A /
PI
Transportation
Service
Instance 1
Service
Instance 2
Service
Instance 3
Service
Instance 4
AA
A /
PI
Education
Service
Instance 1
Service
Instance 2
Service
Instance 3
Service
Instance 4
AA
A /
PI
Healthcare
Hospitality Case Study
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Hospitality case study – requirements 1 • Wireless Access
– Open SSID for guests with Web-portal authentication
– Hotel-only hidden SSID for staff with 802.1X based authentication
– On demand conference SSID
• Wired Access
– Guest VLAN has limited access to local resources
– Staff / Hotel VLAN is protected by 802.1X (MAB – MAC authentication bypass)
• Transport
– All guest traffic (Wired and wireless) backhauled to SP NOC
– All hotel traffic (Wired and wireless) is locally switched
• Policy enforcement
– QoS applied locally on switch ports and ISR for hotel staff
– Guest QoS centrally enforced by SP
– Per SSID QoS for conference SSID
23
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Hospitality case study – requirements 2 • Authentication
– Central AAA interface to on property PMS (Wired and Wireless guest access)
– 802.1X (MAB – MAC authentication bypass) for hotel-only wired access
• Billing and accounting
– Centralized billing / accounting and reporting
• Management
– All WiFi routing and switching assets on property are centrally managed by SP
– Guest access is validated against local PMS entries (Room No: and last name)
– Wired access (MAB) for printers and other devices preconfigured by SP
• Same IP address range across all properties
• Guest portal customized per property
24
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
WIRED Users – MAB (MAC Auth Bypass)
RADIUS-Access Request (MAB)
RADIUS-Access Reject
Option 2: MAC is Unknown and MAB Fails
RADIUS-Access Request (MAB)
RADIUS-Access Accept
Guest Policy
Unknown MAC. Apply Guest Policy
Option1: MAC is Unknown but MAB “Passes”
• AAA server determines policy for unknown endpoints (e.g. network access levels, re-authentication policy)
• Good for centralized control & visibility of guest policy (VLAN, ACL)
• No Access
• Switch-based 802.1X auth
• Guest VLAN
25
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Hospitality: Wired Access for approved devices
26
L2 Switch ISR AAA CSR1KV DHCP PORTAL Client
Connection (1)
Any Packet(3) Access-Request (4)
DHCP Offer (5)
DHCP Request / ACK (6)
EAPoL (Req Identity)
DNSMasq
Access-Accept (5)
DHCP Discover (6)
Switch port assigned
To HOTEL VLAN
L2TPv3 L2 / 802.1X
RADIUS
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Hospitality: Web-Auth with DNS redirect
27
AP WLC AAA DHCP ISG PORTAL Client
Association (1)
DHCP Discover (3) DHCP Relay (4)
DHCP Offer (5)
DHCP Request / ACK (6)
HTTP Response (11) – Web Login page
HTTP Request (10)
DNS Query (7)
DNS REDIRECT (8)
Unauthenticated
Session
Association (2)
DNS Response (9) – Portal IP address
User Login (12)
RADIUS CoA (13) RADIUS Auth (14)
DNSMasq
CoA Ack (15)
Authenticated Session
DNS redirection
removed
User profile
Cached
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
WiFi service instance for hospitality
SP Network
Gu
est
VL
AN
DHCP MSE
Backhaul
Web
Portal
AAA
Cisco
PI
DNS
vISG
CSR1000KV
vNAT
CSR1000KV
vWLC-1
L2TPv3
CSR1000KV
DNS HOSPITALITY
AP’s Switches ISR / FW
WiFi Access
RRM
WiFi Mobility
Rouge AP
detection
Client Link
Band Select
Flexconnect
Cleanair
Location
information
Wired Access
L2TPv3
PMS
MAB
Customized web portals
Address assignment
Whitelisting
Location awareness
Network Analytics
Session management
L4 Redirection
TAL
Policy enforcement
Accounting
NAT
Billing
L2TPv3
Asset management
Authentication
DNS resolution
Whitelisting
Policy definition
Subscriber management
Service authorization
28
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
SP Network
Hospitality - WiFi service instances
AAA
Cisco
PI DNS
HOSPITALITY
Backhaul
VMWare Cluster
ESXi
Host1 ESXi
Host2
ESXi
Host3 ESXi
Host4
Service Instance - 1
HOSPITALITY
HOSPITALITY
• Consistent subscriber experience
• Centralized asset management
• Customized portal experience
• Shared IP address space
• Separate administration domain
• Custom billing / reporting
Service Instance - 2
Service Instance - 3
• Centralized asset management
• Fault isolation / troubleshooting
• Rapid “cookie cutter” deployment
• Opportunity to customize
• Self service management portals
• License based solution
29
3G / 4G integration options
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
3G integration with iWAG
31
vIWAG
vWLC
SP
Network
GGSN
GTPv1
802.11 a/b/g/n
Portal MSE DHCP
vNAT
DNS/DHCP
AAA
HLR
PI
CAPWAP
GTPv1 for WiFi Offload
IP traffic for Web-auth users
RADIUS for authentication / accounting
Virtualized
Service
Instance
• Separate SSID for EAP-SIM
• EAP-SIM subscribers anchored on GGSN
• Web-auth subscribers anchored on iWAG
L2
EAP-AKA
RADIUS
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
4G integration with iWAG
32
iWAG
vWLC
SP
Network
PGW
GTPv2
802.11 a/b/g/n
Portal MSE DHCP
vNAT
DNS/DHCP
AAA
HSS
PI
CAPWAP
GTPv2 for WiFi Offload
IP traffic for Web-auth users Virtualized
Service
Instance
• Separate SSID for EAP-AKA
• EAP-AKA subscribers anchored on PGW
• Web-auth subscribers anchored on ISG
L2
RADIUS for authentication / accounting
EAP-AKA
RADIUS
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
4G WiFi offload with WLC-MAG
33
vISG
vWLC
SP
Network
PGW
LMA
PMIPv6
802.11 a/b/g/n
Portal MSE DHCP
vNAT
DNS/DHCP
AAA
HSS
PI
CAPWAP
PMIPv6 for WiFi Offload (WLC-MAG to PGW-LMA)
IP traffic for Web-auth users Virtualized
Service
Instance
• Separate SSID for EAP-AKA
• EAP-AKA subscribers anchored on PGW
• Web-auth subscribers anchored on ISG
L2
RADIUS for authentication / accounting
EAP-AKA
RADIUS
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
4G integration with LMA
34
ASR5K
LMA vWLC SP
Network
PGW
LMA
PMIPv6
EAP-AKA
802.11 a/b/g/n
Portal MSE DHCP
OCS
HSS
PI
CAPWAP
PMIPv6 for WiFi Offload (WLC-MAG to PGW-LMA)
IP traffic for Web-auth users Virtualized
Service
Instance
• Separate SSID for EAP-AKA
• EAP-AKA subscribers anchored on PGW / LMA
• Web-auth subscribers anchored on ASR5K / LMA
• Common Policy / Billing
L3 PCRF
PMIPv6
Gx
Gy
Gx for Web auth and common policy
Gy for common billing / accounting
AAA
RADIUS
RADIUS for EAP authentication
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
4G integration with SAMOG
35
ASR5K
SAMOG vWLC SP
Network
PGW
LMA
PMIPv6
EAP-AKA
802.11 a/b/g/n
Portal MSE DHCP
OCS
HSS
PI
CAPWAP
GTPv2 over S2a fpr WiFi Offload
Local breakout
Virtualized
Service
Instance
• Separate SSID for EAP-AKA
• EAP-AKA subscribers anchored on PGW with GTPv2 over S2a
L3 PCRF
PMIPv6
3GPP
AAA
RADIUS
STa for EAP – AKA authentication
GTPv2 (S2a)
STa
EoGRE
EoGRE
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
3G / 4G integration summary
36
Virtualized
Service
Instance Sta - EAP – AKA authentication
RADIUS – EAP Authentication
RADIUS - Web authentication
Gx based Web auth
AAA HLR/HSS
Portal AAA
3GPP AAA HSS
Portal
Gx - policy
RADIUS - policy
PCRF
AAA
GTPv1
GTPv2 over S2a
PMIPv6 over S2a
Local breakout
GGSN
PGW
PGW
IP Router
Gy - accounting
RADIUS - accounting AAA
OCS
Transport
Options
Policy
Billing
Authentication
Options
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Sample stadium deployment
• All MSP subscriber data traffic offloaded with EAP-AKA
• MSP subscribers can use their login credentials when using non-SIM devices
• Subscribers will receive service consistent with their subscription level
• All guests will be use open SSID
• Guests will be required to enter voucher based credentials for authentication
• Guest authentication uses local AAA service
• Guest traffic is locally switched (Not backhauled to the provider)
37
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Customized service instance
38
ASR5K
SAMOG
vWLC
SP Network
PGW
LMA
802.11 a/b/g/n
OCS
HSS
PI
PCRF PMIPv6
3GPP
AAA Portal MSE DHCP
L2
NAT ISG
AAA Local auth and
offload
• Local authentication
• Billing (Voucher
based)
• Offload
• EAP-AKA
authentication
• Seamless WiFi offload
• Subscription based
svcs
• Consistent subscriber
experience
Guest traffic
Subscriber traffic
Scaling and Orchestration
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Scaling the virtualized WiFi core
• Elasticity
– On demand expansion or contraction of the number of instances of a single function or service
• Orchestration
– Automation, provisioning, coordination and management of physical, virtual and network resources across multiple data centers
• Programmability
– Dynamically program network functions based on policy
40
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
What is Openstack?
• A community driven cloud operating system that turns datacenters into pools of resources – the next evolution from server virtualization
• Provides a framework for controlling, automating, and efficiently allocating these resources
• Empowers operators, sys admins and end users via self-service portals
• Gives developers the capability to build cloud-aware applications via standard APIs
41
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Openstack components • Object Store (Swift)
– Store and retrieve files using commercial storage services
• Image (Glance)
– Provides a catalog and repository for virtual disk images
• Compute (Nova)
– Provides virtual servers on demand
• Dashboard (Horizon)
– Web based GUI for all Openstack services
• Identity (Keystone)
– Catalogs Openstack services and provides authentication and authorization
• Network (Quantum)
– Abstracts the network as a service providing connectivity between Openstack services
• Block Storage (Cinder)
– Persistent block storage to guest VM’s
42
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Open Stack functional diagram
43
Dashboard
Object
Storage Image Compute
Identity
Network
Block
Storage
Stores disk files
Stores images
Provides UI services
Provides Auth services
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Attaching compute nodes
44
UCS with Openstack
OpenStack
UCS with Openstack
OpenStack
Openstack on
Forge blade
Multiple UCS blades running OpenStack connected
via a network to a single 10GB port on the ASR9k
• Minimizes number of data ports needed on the ASR9k
• Lower network bandwidth services
Each UCS chassis (running OpenStack) directly
connected to a 10G port on the ASR9K
• Requires a dedicated data port per UCS
• Higher network bandwidth services
OpenStack running on the Forge Blade (VSM)
• Takes up a service blade slot
• Suitable for small number of services that
• benefit from being connected to the ASR9K fabric
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Elastic Services controller
45
OpenStack
Prime Fulfillment
Elastic Services Controller
Portal
Physical
Network
Virtual
Network
Compute
Storage
Virtual Services
Network control
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
ESC Functions
46
Provision
Virtual
Machine(s)
Provision
Virtual
Network
Monitor all
Components
Configure
Physical
Network Advertise
Service
(BGP)
Parse
Service
XML
Makes API calls out to the VM
Orchestration Layer (eg.
Openstack, Vmware)
Configure
Virtual
Machine(s) Passes the VM Configuration
data to the VM at provisioning
time (so it can self configure)
Uses the VM Orchestration
system to create virtual network
(Openstack: Quantum/OVS)
Uses the Openstack Quantum
plugins for Physical devices
Uses a BGP service advertiser to
publish/withdraw network routes
to the given service
Service Definition is an XML
Document
Uses an Open Source tool called
Ganglia for monitoring each VM
and the application within the VM
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Elastic Services Controller
NFV Orchestration
47
Physical
Network
Virtual
Network
Compute
Storage
Virtual Services
OpenStack Nova Quantum
OpenStack provides both virtual machine
and simple network orchestration
Virtual life cycle management
One ESC per DC
Provides abstraction for top level orchestrator
Prime Fulfillment REST
Top level workflow based orchestration,
service creation / catalog
product life cycle management
Portal PSA
Admin / Self service portal
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Openstack example
48
UCS-3 – OpenStack Compute-2 OpenStack Control UCS-3 – OpenStack Compute-1 ESXi – Utility Server
E0
UE
(Win
do
ws
8)
VMWare ESXi 5.1
Op
enSt
ack
Bu
ild
No
de
Ubuntu 12.04 LTS
Openstack Control
E0
Net
wo
rk N
od
e
(Qu
antu
m)
Das
hb
oar
d
(Ho
rizo
n)
Iden
tity
Sto
re
(Key
sto
ne)
Ubuntu 12.04 LTS
Openstack Compute Node
E1 E0
UCS C220 UCS C250 UCS C220
Management VLAN OpenStack VLAN
Pri
me
Fulf
illm
ent
Blo
ck S
tora
ge
(Cin
der
)
Imag
e St
ore
(G
lan
ce)
WLC
-1
NAT
-1
ESC
Base metal OS / Hypervisor
OpenStack Components OpenStack functions
(code name) WiFi core – 4G integration
Management (Orchestration) WiFi core – instance 1
ISG
-1
Port
al1
DH
CP
-1
MSE
-1
Ubuntu 12.04 LTS
E1 E0
MSE
-2
Port
al2
LMA
-2
WLC
-2
Openstack Compute Node
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Session ID Title Room Start Time End Time
Monday, May 19, 14
BRKSPM2013 High Density WiFi for Stadiums and Large Public Venues Moscone West 3016 8:00 AM 9:30 AM
BRKSPM2005 Cisco Small Cell Solutions Moscone South 307 10:00 AM 12:00 PM
BRKSPM-2007 Small Cell Backhaul Moscone West 2022 1:00 PM 3:00 PM
Tuesday, May 20, 14
BRKSPM2011 Cisco Quantum Policy Suite Moscone West 3010 8:00 AM 9:30 AM
BRKSPM2010 Cisco Quantum Self Optimizing Network Moscone North 114 12:30 PM 2:30 PM
PNLSPM-2000 Under the Top: The Mobile Operator Advantage Moscone West 2010 3:00 PM 4:30 PM
Wednesday, May 21, 14
BRKSPM3004 Cisco Quantum Service Bus Moscone North 113 1:30 PM 3:30 PM
BRKSPM2001 GiLAN and Service Chaining Moscone North 114 4:00 PM 5:30 PM
BRKSPM3002 Cisco Virtual Mobile Packet Core Moscone South 308 4:00 PM 5:30 PM
BRKSPM2012 SP Mobility Analytics – Transforming Big Data into Bigger Profits Moscone North 112 4:00 PM 5:30 PM
Thursday, May 22, 14
BRKSPM2008 Unified MPLS Design and Deployment Case Study for Mobile Service Provider Moscone North 125 8:00 AM 10:00 AM
BRKSPM2009 ASR5500 Next Gen Architecture Moscone North 113 12:30 PM 2:00 PM
BRKSPM2003 SDN for Service Provider Moscone North 123 12:30 PM 2:00 PM
BRKSPM2006 Virtualized SP WiFi Core Moscone North 113 2:30 PM 4:00 PM
World of Solution - Walk-in Self Paced Labs
WSPSPM2014 SP Wi-Fi integration into PMIPv6-based 4G Evolved Packet Cores Hands-lab (World of solution – Cisco Booth)
WSPSPM2017 SP Wi-Fi integration into 3G GTP-based Mobile Packet Cores Hands-lab (World of solution – Cisco Booth)
49
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Complete Your Online Session Evaluation
• Give us your feedback and you could win fabulous prizes. Winners announced daily.
• Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center.
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
50
© 2014 Cisco and/or its affiliates. All rights reserved. BRKSPM-2006 Cisco Public
Continue Your Education
• Demos in the Cisco Campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
51