Teccrs 3006

Cisco Enterprise NFV Deep
Dive and Hands-On Lab

TECCRS-3006
Will Allison – Solutions Architect

Ramesh Kalimuthu – Technical Marketing
Ryan Shoemaker – Solutions Architect
Software Defined Branch

Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
TECCRS-3006 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
TECCRS-2014
SD-WAN Technical Deep Dive 8 Hours
TECRST – 2191
SD-WAN design, deploy and best 4 Hours
practices
TECCRS-3006
ENFV Deep Dive and Hands on Lab 8 Hours
Cisco SD-WAN
#CLEMEA
Tectorials
BRKRST-2791
Building and using Policies with Cisco SD-
BRKRST-2377 WAN
08:00
SD-WAN Security 08:00 BRKRST-2560
Keynote 09:30
SD-Wan Machine Analytics, Machine
08:00
Learnings and IA
BRKCRS-1579 BRKRST-2096
SD-Wan Proof Of Concept
11:00
SD-WAN Powered by 11:00 BRKRST-2095 BRKRST-2093
Meraki SD-WAN Routing 16:00 Deploy, monitor and troubleshoot
11:00 BRKRST-2091
BRKRST-2041 Migration
BRKARC-2012 SD-WAN Datacenter and Branch 09:00
WAN Architecture 11:00 ENFV Architecture, Configuration and
11:00 Integration Design
troubleshooting
and Design Principal
BRKRST-2559
BRKCRS-2110 3 Steps to design SD-WAN On Prem
14:00
Delivering Cisco Next 14:00 BRKRST-3404 BRKRST-2097 BRKOPS-2826
gen SD-WAN with How to choose the 16:00 Conquer the Cloud with SD-WAN SD-WAN as Managed Services 11:00
14:45
Viptela correct branch device BRKRST-2095
SD-WAN Routing Migrations
16:45
BRKCRS-2113 Keynote 17:00
Cloud Ready WAN for 17:00 Cisco Live
IAAS and SAASA with Celebration
Cisco SD-WAN 18:30
SD-WAN
#CLEMEA
Breakouts
Agenda
• Intro to SD Branch
• Platforms (ENCS, CSP5K, UCS E-Series)
• VN Functions – Network Services
• NFVIS – Virtualization Layer
• Lab Modules 1 & 2
• VNF Packaging
• Deploying VNFs with the GUI
• Monitoring and Troubleshooting a Virtual Environment
• Lab Module 5
• Leveraging APIs to Deploy VNFs
• Lab Module 6
• Network PnP
• Orchestration – Cisco DNA Center
• Orchestration – NSO and vManage
• Conclusion and Use Cases
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Who We Are
Will Allison Ramesh Kalimuthu Ryan Shoemaker

• Technical Solutions Specialist • Technical Marketing Engineer • Technical Solutions Architect
• Joined Cisco 2013 • CCIE #3881 • CCIE #7405
• Based in San Jose, California • Joined Cisco 1998 • Joined Cisco 2000
• Was part of dCloud solution team • Based in San Jose, California • Based in Chicago, Illinois
working on eNFV Solution since Part of EN Sales organization focused
solution introduction • Part of Business Entity responsible for •
direction of eNFV solution on LAN & WAN solutions

• Now part of innovations team focused
on Cisco DNA Center and ISE
The branch and WAN cannot keep up…
▪ Delays enabling new connectivity

Poor user experience ▪ Inconsistent application performance
▪ Difficult to manage multiple network

Complex to operate ▪
devices
Increasing bandwidth demands
Difficult to secure ▪
▪
Support non-traditional devices
Can’t use the internet for SaaS
Why Virtualize? Motivations for the Enterprise
CAPEX OPEX
• Deploy on standard x86 servers • Deployment Flexibility
• Economies of scale • Reduction of number of network elements
• Service Elasticity • Reduction of on-site visits
• deploy as needed Simpler architectural paradigm • Deployment of standard on-premise hardware
• High availability • Simplification of physical network architecture
• Best-of-breed • Leveraging Virtualization benefits

• Hardware oversubscription, Fault Tolerance
• Increased potential for automated network

operations
• Re-alignment of organizational boundaries
What is Software Defined Branch ?
“A single hardware platform that supports SD-WAN,
Services routing, integrated security and LAN/Wi-Fi functions
that can all be managed centrally.”1
“(It) is a way of extending software-defined principles

to a branch location. It is characterized by a simple
Simplicity hardware ecosystem, remote centralized management,
and automation through programmability.”2
“Consolidate hardware network functions into a single

Speed software platform that can deploy business-critical
services in minutes.”3
1NetworkWorld 2SDXCentral 3Cisco
Benefits of Cisco Software Defined Branch
Simplified Management
Simplify day to Quickly roll out new Consistent network policies

day operations services and locations through the entire enterprise
network to the cloud
Use vManage, Cisco DNA Center, MSX/NSO to manage your Branch

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Software Defined Branch - Summary
Controller lead, modular architecture that allows for use of

SD-Branch is an
best-of-breed network function service chain in Enterprise
architectural choice Branch.
Turn-key automation Cisco SD-WAN controllers are used for automation,

of Enterprise management and orchestration, though Cisco SD-WAN
service-chains is not a requirement
Can be used to • SD-WAN migrations

• Security / Compliance
address a number • Hardware consolidation and Branch Virtualization
of use-cases • Local file, Print and DDI (DHCP, DNS, IPAM) services
Built on Enterprise Network Compute System (ENCS 5000)

Cloud Services Platform (CSP5000), UCSE (in ISR4K) with NFVIS
BRKRST-2097 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
What is Software Defined Branch Architecture?
Solution Oriented Approach
Centralized Orchestration and Management

SDN Applications
Consistent, trusted network services across all the platforms

Network Services and Applications
Hardware and software independence

Virtualization Layer
Freedom of choice
Hardware platform
Software Defined Branch
Deploy Services on Any Platform
vManage / Cisco DNA Center / Network Service Orchestrator/ MSX
Virtual WAN eWLC

Virtual Router Virtual Firewall Optimization Third-Party
(ISRv, CSR, vEdge) (9800-CL)
(ASAv, NGFWv) (vWAAS) applications/VNFs
Network Functions Virtualization Infrastructure Software (NFVIS)
Enterprise Network CSP-5000 Select

Cisco 4000 Series ISR +
UCS® E-Series Compute System UCS-M5 C-Series 3rd Party Hardware
(ENCS)
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
SD Branch
Components
Hardware
Enterprise Network
Compute System
Platform Built for Enterprise NFV
ENCS 5000 Series for the Branch
Best of Routing Complete Open for Third Party

& Compute Virtualized Services Services and Apps
Enterprise Network Compute System
ENCS 5100 Series
ENCS 5400 Series
ENCS 5000 Series - Chassis Options
ENCS 5412
ENCS 5408 12-Core
ENCS 5406 8-Core
ENCS 5104 6-Core
4-Core
ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412

CPU 4-core, 3.4 GHz 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz
LAN PoE No No 200W 200W
Capacity Guidance ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs
ENCS 5400 Series – I/O Side
Dedicated Lights- (Optional) Internal

Integrated 16 - 64 GB 6, 8, or 12-Core
out Management Hardware RAID M.2 Storage
Power Supply DRAM Intel Xeon-D
(CIMC) Controller 64 – 400 GB
8 Integrated LAN Ports USB 3.0 Network Interface 2 HDD or SSD

with Optional POE Storage Module for LTE & WAN RAID 0 & 1
Hardware 2 Onboard Gigabit

Acceleration for VM Ethernet ports with SFP
Traffic
ENCS 5100 Series - I/O Side
Size: 1 RU 16 & 32 GB 4-Core AMD M.2 Storage

12.7” x 10” DRAM CPU 64 – 400 GB
Integrated Console 4 GE ports 2 x USB 3.0

Power Supply & MGMT with 2 SFPs Storage
ENCS 5100 & 5400 Series Comparison Reference
5100 Series 5400 Series
CPU Vendor / Model AMD Merlin Falcon, RX-421ND Intel Xeon Broadwell D-1500 Series
CPU Cores / Frequency 4-core @ 3.4 GHz 6, 8, 12-core with Hyper-threading @ 1.5 – 2.0 GHz
CPU L2 Cache Size 2 MB 1.5 MB per core
Memory 16 – 32 GB 16 – 64 GB
Storage (M.2 SATA) 64 – 400 GB 64 – 400 GB
Storage (SFF) - 2 disks with RAID (SATA, SAS, SED, SSD)
Dimensions 12.7” x 10” x 1RU 17.5” x 12” x 1RU
WAN Options 4 x GE 2 x GE, Cellular, T1, DSL, Serial
LAN - 8 port Switch with Optional PoE
Hardware Offload - VM – VM Traffic, Crypto
Lights-out Management - Built-in CIMC
ISRv Performance 500 Mbps 2.5 Gbps
ENCS 5400 Series – Built-in Switch
• 8-port Gigabit Ethernet Layer 2 Switch

• Optional Universal PoE (Power over Ethernet)
• 60W per port. Total = 200W
• ENCS 5408 and ENCS 5412 only
• Managed through NFVIS – API, CLI & GUI
• Monitoring through Device GUI
ENCS 5400 Power Supply
• Single Integrated Power Supply Unit

• 250W for regular PSU
• 500W for POE PSU (ENCS5408 & ENCS5412 only)
• Universal POE on built-in LAN ports (Up to 60W)

• Total limit of 200W
• Field-replaceable unit
ENCS 5400 NIM Support
Category Description Minimum NVFIS Version
WAN 4G LTE (CAT3) USA, Canada, Europe, Australia & selected LATAM / APAC 3.6.1
WAN 4G LTE (CAT6) USA, Canada, Europe, Australia & selected LATAM / APAC 3.6.1
WAN T1/E1 1, 2, 4 & 8 ports 3.6.1
Voice T1/E1 1, 2, 4 & 8 ports 3.9.1
Async NIM 16 and 24 ports 3.8.1
WAN xDSL Multi-mode VDSL2 / ADSL Annex A, B & M 3.9.1
WAN Ethernet Dual-PHY: 1 & 2 ports 3.9.1
https://www.cisco.com/c/en/us/td/docs/routers/nfvis/install/encs-hig/CSX-HIG_chapter_01.html
ENCS 5400 CPU Allocation Planning
• 1 core = 1 vCPU = 1 physical core
Windows VM
ISRv / vEdge
• 1-core allocation for NFVIS to
Linux VM
vWAAS
NFVIS
ASAv
cover OS, Hypervisor & vSwitch
functions
• 2-core minimum allocation for ISRv

or vEdge
1 2 3 4 5 6 7 8 9 10 11 12
Cores
• Multiple VNF profiles target specific

performance
12-core Intel CPU
(Hyper-threading enabled) • Cisco VNFs will be pinned to
respective cores for performance.
ENCS 5100 CPU Allocation Planning
• 1 core = 1 vCPU = 1 physical core
ISRv / vEdge
• 1-core allocation for NFVIS to cover OS,
VNF 1
VNF 2
NFVIS
Hypervisor & vSwitch functions
• 1-core minimum allocation for ISRv or vEdge

Cores
1 2 3 4 • Multiple VNF profiles target specific

performance
4-core AMD CPU • Cisco VNFs will be pinned to respective cores

for performance.
ENCS 5000 Storage Summary
Motherboard M.2 2 External Drive Bays

SATA Slot (ENCS 5400 only)
USB Slot(s)
NFVIS Primary
(Optional) Install Partition (Optional) VNF
~20 GB Data Store 2
• Can be used
as boot disk • HW RAID option
• Copy files to VNF • SATA, SAS, SSD
other stores Data Store1
• Upgrade VNF storage without
reinstalling OS
• Easy external access for
maintenance / upgrades
VNF Connections on Hypervisors
There are multiple ways a VNF can connect to a physical NIC of the
underlying server/hardware
• Virtual switch - introduced by the hypervisor
• SR-IOV - by connecting the VNF directly to the physical NIC
• PCI Passthrough* – dedicating the entire NIC to the VNF directly
• DPDK – (Data Plane Development Kit) set of libraries to accelerate packet processing
workloads by offloading to a CPU
*Not supported on NFVIS, intent is for multiple services to leverage I/O options
Data Path
ENCS 5400 Internal Networking Control Path
ENCS 5400 Series
ISRv
VNF 1 VNF 2
(NIC aware)
(or XE SD-WAN)
(NIC aware)
HW offload for
VM-VM traffic
Software
switched path
24 SR-IOV LAN X86 / NFVIS
…
Networks
10GE Lights-out
High-speed
Internal NIC CIMC management
backplane 10GE
Switch
VLAN-aware HW
X86 CIMC
Switch NIM
POE MGMT MGMT
ISRv or XE SD- HW offload for Dual-PHY Dedicated

WAN Required for VM-PHY WAN GE or LAN management
for NIM Support traffic uplink ports
NFVIS Compare Networking Options
SR-IOV DPDK-OVS OVS
Performance Flexibility
Service Chain Service Chain throughput Service Chain throughput near Service chain
Throughput better than DPDK/OVS SR-IOV, better than non-DPDK throughput lower than
OVS DPDK and SR-IOV
NFVIS Default 1 core < 16core system 1+1 CPU <=16 core system 1 core < 16core
Cores + 2 cores >= 16 core system 2+2 >16 core system system
Additional CPU 1+1GB mem in <=32GB system 2 cores >= 16 core
1+2GB mem in > 32GB system system
Driver SR-IOV NO NO
requirements in Virtio required Virtio required
VNF
Supported ENCS54xx igb, igbvf, i40evf Yes 3.10.1 onwards Supported
capability in UCSEM3 front_10G ixgbvf Yes 3.12.1 onwards
platforms *** UCS5K, CSP5K i40evf, ixgbvf Yes 3.12.1 onwards
***Default LAN-VF increase from 6-to-16 in NFVIS 3.12.1 onwards
***Dynamic VF addition in CSP5K, UCSM5 in NFVIS 3.12.1 onwards
ENCS NFVIS Compare
SR-IOV Packet Flow
Networking Options
DPDK-OVS Packet Flow OVS Packet Flow
Service Chain throughput better than DPDK/OVS Service Chain throughput near SR-IOV, better than non-DPDK Service chain throughput Slower than DPDK and SR-IOV
NO additional CPU required for NFVIS OVS NO additional CPU allocated for NFVIS
SR-IOV driver support dependency on VNF +1 CPU required for NFVIS NO additional driver dependency on VNF
NO additional driver dependency on VNF
VM
VM Other VM ISRV VM Virtio Front-End
vNIC QEMU
QEMU
DPDK-OVS Shared Memory to pass pak Shared
pak memory are
directly map to VM, In user space between VMs, no pak copying Memory
there is no extra
copying Pulling pak from interface, no interrupt, no
context switching between user mode and NFVIS Linux vHost-net Kernel
OVS kernel mode, no extra pak coping Kernel Thread
NFVIS Linux Kernel

TAP
OVS
NFVIS Linux Kernel Driver
Physical
NIC IGB Kernel
Driver
VF VF
PF
GE0/0 GE0/0
NIC NIC
GE0/0 TECCRS-3006 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Performance Dependencies
Individual performance of a VNF depends on

• The underlying platform, the number of cores and the type and speed of the
processor used
• The resources available for the VNF
• How the VM connects to the physical NICS – SR-IOV, DPDK, or OVS
• Finally The VNF itself. VNF must also be optimized to run in a virtual environment
• In case of a Multi-VNF environment, the net chained VNF performance also
depends on
• The weakest-link VNF
• Use of virtual switches to copy packets from ingress to egress vNICs
Cloud Services
Platform 5K
CSP 5216/5228
8 SSD or HDD Slots1
2 PCIe Slots:2x10G X520 or 4x10G X710
1RAID10 used disks in multiple of 4, only 8 used out of 10 slots

RAID 10 reduces the available storage by half 2x10G Ethernet CIMC / OOB LOM
CSP 5436/5444/5456
24 SSD or HDD Slots
6 PICe slots: 2x10G X520 or 4x10G X710
2x10G Ethernet CIMC / OOB LOM
CSP 5000 SKUs:
CSP 5216 CSP 5228 CSP 5436 CSP 5444 CSP 5456
Rack 1RU 2RU
CPU Cores 16 28 36 44 56
Mem(16GB/32GB) (128GB Minimum)

(12x2 DIMM Slot) 384GB-768 GB Total Capacity
PCIe NIC Slots 2 6

On Board NICs (LOM) 2x10 GbE SFP+
VIC 4x10/25 GbE SFP28

1GbE (i350) Y (Optional Add-in) 4x1GbE RJ45
i520(2x10GbE SFP+) Y
I710(4x10GbE SFP+) Y
Max NIC ports 14 (2x4+4+2) 30(6x4+4+2)
Min-Max BW 164GbE -200 GbE 324GbE-360GbE
Disk slot(small form) 10 (useable 8) 24
Disk Capacity 1.2*8/2=4.8TB(HDD)/3.8TB(SSD) 14.4 T(HDD)/11.5TB(SSD)

Power 2 slots (AC) 1540 W(2x770) 2100W (2x1050)
NFVIS on CSP5K
• Supported with release 3.11 and Higher

• CSP5K can be ordered with either CSP-OS or NFVIS
• CSP-OS is used in Secure Agile Exchange solution and positioned for DC
virtualization strategies
• NFVIS is vBranch solution and is used in Cloud On-Ramp for CoLo
• Replaces older CSP2100 Series Models

• More details can be found here:
Installing NFVIS on CSP
UCS E-Series
Cisco UCS E-Series
Intel Broadwell
Intel Ivy Bridge Cisco UCS E180D M3/

Intel Broadwell 1120D M3
Cisco® UCS E160D
Intel Ivy Bridge ▪ Double-Wide Service Module
Cisco UCS® E160S M3 ▪ NFVIS, VMware, Hyper-V,
▪ Double-Wide Service Citrix certified
Cisco UCS® E140S Module ▪ Intel E5 8 core processor
▪ Single-Wide Service
module ▪ NFVIS, VMware, Hyper-V, ▪ 96GB DRAM
Scalability
▪ Single-Wide Service Citrix certified

▪ NFVIS, VMware, Hyper-V,
module Citrix certified ▪ Intel E5 6 core processor
▪ NFVIS, VMware, Hyper-V, ▪ Intel Broadwell 6 core ▪ 96GB DRAM
Citrix certified processor
▪ Intel E3 4 core processor ▪ 32GB DRAM
▪ 16GB DRAM ▪ USB 3.0 & 10Gb Interface
Performance
Cisco UCS E-Series Single-Wide Blade Reference
Compact Blade Housed in Cisco ISR 4000 Series ISR Chassis

- UCS E140S M2 and E160S M3
Maximum 65 W power draw Intel® 4 Core Xeon® E3 family
80 percent less than server quad-core processor
8, 12, 16 GB and 32 6 Core Broadwell
GB DRAM options
Configuration and
management through
Remote and CIMC/IMC SUP or UCSD
schedulable power
management
Two SD cards: One for the CIMC

One external and temporary storage of OS and
10/100/1000 and two one as a blank virtual drive
internal GE ports No SD card on M3. UCS Flex Flash
10/100 Ethernet Up to 2 SATA, SAS, or SSD hard drives
management port
USB 2.0 or 3.0 port for
KVM console connector
external device connectivity
Wire-free, plug-and-play modularity, Onboard hardware RAID 0/1 with hot-
low shipping weight (2.5 lb/1.1 kg) swappable capability
Cisco UCS E-Series Double-Wide Blade Reference
Server Blade Housed in ISR 4000

– UCS-E140D/UCS-E160D/UCS-E180D/UCS-E1120D
Maximum 130 W power draw, Intel Xeon Quad Core/Six-
8 GB – 128GB 80 percent less than server Core/Eight-Core/12-Core iSCSI initiator
DRAM options Processor hardware offload
Remote and
schedulable power Out-of-band
management with super configuration and
capacitors management through
CIMC
Front-panel VGA, 2 USB 3.0, and
serial console connectors
Up to 4 SATA, SAS, SSD hard drives or
Two SD Cards: one for the CIMC 2 HDD and a PCIe card
and temporary storage of OS
and one for a blank virtual drive On-board hardware RAID 0, 1,
and 5 configuration options
with hot-swappable capability
Two external and two internal
GE(10GE) ports with TCP/IP Wire-free, plug-and-play modularity,
acceleration low shipping weight (7 lb / 3.2 kg)
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Virtual Network
Functions
Network Services from Cisco Orchestration
Network Functions
Consistent software across physical and virtual NFVIS
Platform
ISRv/SD-WAN ASAv/FTD vWAAS eWLC

High Performance Application
Full DC-Class Built for small and
Optimization and
Rich Features Featured Functionality medium branches
Akamai Connect
Windows Server Linux 3rd Party

Active Directory, File Network Services
Custom Applications
Share, Server Management &
DNS/DHCP
Applications Monitoring
Enterprise NFV Open Ecosystem
• Customers have flexibility to run third-party VNF of their choosing.
• Third-Party vendors may choose to submit their VNF for certification.
• No admission restrictions; third party may be complimentary to Cisco, or competitive.

Requirements are the same regardless.
• Irrespective of certification, customers have flexibility to run third-party VNF of their choosing.
• More information: http://cs.co/3nfv
https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/enterprise-network-
functions-virtualization-nfv/nfv-open-ecosystem-qualified-vnf-vendors.pdf
Third party VNF Certification Resources Reference
Third-Party VNF Ecosystem Submission Process
Certification Program at DevNet, http://cs.co/3nfv
Vendor Status (Dec ‘19)
Certified Currently Testing Ready to Test
Netscaler
Expected Engaged
CloudBridge
VNF Support Reference as of NFVIS 3.12.1*
VNF Version
vEdge 18.4.1
ISRv 16.10.2
16.11.1b
16.12.1
cEdge 16.10.2
ASAv 9.12.1
vWAAS 6.4.3b-b-53
NGFWv 6.3.0-83
ThousandEyes Agent 1.27.4
Fortinet Fortigate 5.6.2
Palo Alto PAN-OS 8.0.5
InfoVista Ipanima v9.1.6.6
CTERA 6.0.4
*These images have been solution tested. Other images may function as well.
VNF Vendor – NFVIS InterOp Documentation
• Riverbed – Steelhead on ENCS

https://support.riverbed.com/bin/support/static/f61qbecfce2t3gqfm3m28bdqi1/html/kbjj2jgpeosmda1rhfqcr7g
6n1/sh_v_9.9_icg_html/index.html#page/sh_v_9.9_icg_html/sh_v_encs_install.html
• SilverPeak – EdgeConnect on ENCS

https://www.silver-peak.com/documentation/silverpeak-edgeconnect-cisco-encs
• Palo Alto – VM Series Firewall on ENCS

https://docs.paloaltonetworks.com/vm-series/8-1/vm-series-deployment/set-up-the-vm-series-firewall-on-
cisco-encs.html
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
NFVIS
Purpose built Network Hypervisor
Enterprise NFV Infrastructure Software (NFVIS)
Network Hypervisor Zero-Touch Deployment Security
▪ Supports segmentation of virtual ▪ Automatic connection to PnP ▪ Secure Chain of Trust

networks server ▪ Secure overlay for management
▪ Abstract CPU, memory, and ▪ Highly secure connection to the and monitoring
storage resources orchestration system ▪ VNF secure boot
▪ Easy day-0 provisioning ▪ Role Based Access Control
Lifecycle Management Service Chaining Open API
▪ Provisioning and launch of VNFs ▪ Elastic service insertion ▪ Programmable API for
▪ Stop and restart services ▪ PNIC tracking and VNIC update service orchestration
▪ Dynamically add and remove ▪ Multiple independent service ▪ Rest and NETCONF API
services paths based on applications or ▪ Netconf Notification
▪ Failure monitoring and and user profiles
recovery ▪ Host and VM Statistics, Packet
▪ VNF Backup Restore Capture
NFVIS Architecture
Not Just KVM, Power in software
PnP vManage Console DNA Center Portal
Server NSO SSH
NFVIS NETCONF CLI REST
Image Plug-n- Web VM Life Cycle * Cluster

vDaemon Confd
Management Play Server/Portal Manager Management
Storage Resource Service Host Statistics

Health Monitor AAA
Management Manager Chaining Management Collector
Hardware
libvirt Open vSwitch Qemu Collectd Syslogd Snmpd
Management
CentOS Linux 7.6 + KVM + Kernel Drivers
* Roadmap
Default System Configuration on ENCS
ENCS5400
Hypervisor (KVM)
wan-net wan2-net lan-net int-mgmt.-net
NFVIS
vSwitch
wan-br wan2-br lan-br Int-mgmt-br
VF VF VF VF VF VF
VF VF VF VF MGMT
NFVIS LAN Backplane
GE0/0 GE0/1 Port NIM
Default - DHCP for NFVIS on Default ENCS Integrated Switch

WAN-NET and WAN2-NET 192.168.1.1/24
GE1/0 GE1/1 GE1/2 GE1/3 GE1/4 GE1/5 GE1/6 GE1/7
• NFVIS can be accessed by default via the FP GE WAN ports or via the dedicated Management port
• NFVIS 3.10+ Default association: GE0-0 to wan-br, GE0-1 to wan2-br. Both wan-br and wan2-br are enabled for DHCP by default.
DHCP is attempted(cycle between GE0-0, GE0-1) until one of the ports acquire DHCP address. PnP will be attempted over the wan
facing network with path to default gateway. Pre-NFVIS 3.10, no wan2-br created by default, no dhcp by default via GE0-1.
• The Management port on ENCS is set to to 192.168.1.1 to access NFVIS
• All Switch ports – GE 1/0 to GE1/7 is associated to LAN bridge
• An internal management network (int-mgmt-net) and a bridge (int-mgmt-br) is created and is internally used for system monitoring.
DPDK Improves Throughput of VNFs
• Enable DPDK if SR-IOV drivers not available on VNF
• DPDK is enabled globally on ENCS
• Cannot be disabled once enabled (requires reimaging or factory reset ENCS)
• Some monitoring tools (SPAN and Packet Capture) will no longer function
with DPDK
DPDK Enabled Globally

on Networking Page
Trustworthy Technologies for Enterprise Networking
Built-in security features that defend against today’s threats
Hardware Anchored Trust Anchor Module Hardware Authenticity
Image Signing (TAm) Check
Secure Boot
Creates a unique digital signature Helps ensure that code is authentic A tamper-resistant chip featuring Uses a X.509 SUDI certificate to
for a block of code. Signed images and unmodified. Anchors the nonvolatile secure storage, SUDI, verify hardware authenticity. Runs
may be checked at runtime to microloader in immutable and crypto services including RNG, only after the secure boot process
verify that software has not been hardware, to prevent Cisco key store, and crypto engine. has completed and software has
modified. devices from executing tainted
been verified to be trusted.
software.
HW Assisted SUDI for Cisco

Virtualization Plug & Play
Process and Memory The Secure Unique Identifier (SUDI)
segmentation for data isolation and is an X.509 certificate that provides
protection with better performance. factory-installed device identity.
Enables secure remote on-boarding
of devices.
Cisco ENCS 5000 Series
Secure Development
SE Linux Modern Cryptography Factory Reset Lifecycle (SDL)
Fine-grained system level access Provides secure, up-to-date One command to reset the device to A repeatable, measurable process
control to better protect against encryption so that encrypted data factory-original settings to protect designed to reduce vulnerabilities
privilege escalation attacks communications in-transit and at- sensitive data when the device is out and enhance the security and
rest remains confidential. of direct control. resilience of Cisco solutions.
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Security embedded at all layers of software
• CPU, Memory, Network and Storage Isolation

• Traffic Segmentation
Infrastructure • Passwords protection - stored on non reversible form using a
hashing algorithm
• Avoid issues related to overlapping names in user-mgmt,
• Can be accessed via secure authenticated interfaces

Access Layer • Encrypted, hashing and key exchange algorithms for SSH
and SSL
Linux/KVM • Image Tamper Protection

• Use of firewall rules to block unauthorized ports
• Strong SSH/SSL/TLS Configs
• SELinux
Security: Chain of trust
Host Secure Boot VNF Secure Boot
KVM Kernel verifies
module signature
NFVIS
Kernel
Kernel hardened
Kernel for protection
VNF
Grub.efi uses
shim.efi to verify
shim.efi Grub.efi uses
kernel
Trust Chain
shim.efi to verify
Grub-efi kernel Grub-efi
UEFI uses UEFI uses
shim.efi shim.efi to verify shim.efi to verify
grub.efi grub.efi
UEFI Trust anchor
NFVIS
verifies UEFI
firmware
OVMF UEFI
Hardware Trust Anchor
Microloader
Secure Overlay for OOB
management
Target Deployment Models using Secure Tunnels
Use case 1: Secure Overlay – NAT CPE Use Case 2: Secure Overlay – DHCP WAN IP Use Case 3: Secure Overlay – Static WAN
w/o NAT CPE IP w/o NAT CPE
Router - Private IP from NAT GW NFVIS – Initially uses WAN IP. Will move to Private IP NFVIS – Initially uses WAN IP. Will move to Private IP
NFVIS –Private IP from NAT GW. Tunnel Overlay IP Router – Will be spun up and assigned WAN IP Router – Will be spun up and assigned WAN IP
Solution – Hypervisor Management Overlay
Orchestrator
MSX
S/N Day 0 mapping
NSO
Mgmt-Hub
PnP Headend System-IP
Headend Interface IP
2
1 Day 0 config
Call Home
WAN-IP NFVIS Interface IP

NFVIS System IP
3
NFVIS 4
vBranch
Solution – Overlay and Single Public IP
Orchestrator
MSX
NSO
Mgmt-Hub
PnP
Headend System IP
WAN-IP
7
NFVIS Interface IP
NFVIS System IP
8
NFVIS 9
vBranch
Solution – Single Public IP Failover
Orchestrator
MSX
NSO
Mgmt-Hub
PnP Headend System IP
X
WAN-IP NFVIS Interface IP
NFVIS System IP
2
NFVIS 3
vBranch
Backup and Restore
NFVIS Backup Restore
BACKUP
rbac monitoring
API
rbac monitoring
API
pnp snmp mgmt rbac monitoring
API
pnp snmp mgmt
SR- ovs ovs pnp snmp mgmt
IOV SR- ovs ovs
IOV SR- ovs ovs
IOV
or
vnf1 … vnfN or
vnf1 … vnfN vnf1 … vnfN
or or
Mgmt
connectivity Mgmt
connectivity Mgmt
connectivity
vBranch Topology
DEPLOYED Optional Per VNF vs
Complete Topology Backup RESTORE
Restore from No-VNF-disk-Backup will

result in Re-Deploy of VNF.
VNF License is subject to change.
VNF package reqd in image repository.
Backup/Restore CLIs
Use-cases enabled with NFVIS 3.12 features
High Availability Design

• PNIC tracking for OVS and SR-IOV LAN/WAN interface on ENCS
• Validated with VRRP/HSRP designs
Performance Improvement
• OVS-DPDK performance improvement across supported platforms ENCS, CSP5K, UCSC-M5,
UCSE
Horizontal VNF scaling and multitenant design
• Configurable SR-IOV VFs for VNF scale for CSP platform. LAN VFs increased from 6 to 24 on
ENCS platforms.
NFVIS PNIC Tracking, VNIC Update
ENCS5400 UPDATE UPDATE UPDATE
ISRv NGFW
Hypervisor (KVM)
wan-net wan2-net service-net lan-net int-mgmt.-net

NFVIS
vSwitch
wan-br wan2-br service-br lan-br Int-mgmt-br
VF VF VF VF VF VF
VF VF VF VF NIM
MGMT LAN Backplane
GE0/0 GE0/1
TRACK TRACK
ENCS Integrated Switch
GE1/0 GE1/1 GE1/2 GE1/3 GE1/4 GE1/5 GE1/6 GE1/7
• PNIC tracking works for ports associated with OVS, works on LAN and WAN facing ports. Available starting NFVIS 3.10.1 release.
• PNIC tracking is useful in High Availability Designs. HSRP, VRRP like stateful features depend on interface status to switch between
ACTIVE and STANDBY modes.
• PNIC state can be propagated to multiple vnics based on association
ENCS vBranch Design
Device, Service, Link Redundancy
Validated VRRP/HSRP Design with PNIC Tracking
Physical Port Gig 1-4 Status == vNIC

Status
OVS, OVS-DPDK
or SR-IOV
Horizontal VNF scaling and multitenant design
Dynamic SR-IOV
• Allow user to delete and create SR-IOV networks

• Allow user to configure a PNIC to disable SR-IOV / enable SR-IOV with
specified number of VFs and switch mode
• Use cases
• expand number of SR-IOV networks on high capacity PNICs and support
deploying more VMs attaching to SR-IOV networks
• support DPDK PNIC
• PNIC SR-IOV in NFVIS fresh installation is not changed
• Each of PNIC has default number of VFs created
• Default SR-IOV networks are created
VNF Storage IO Optimization
Problem
Disk space allocation and initialization consume additional time, leading to
slow Disk IO.
Solution
For the VNF services, Pre-allocate storage via Thick-provision and Initialize
sectors at the time of deployment
How
Create VNF package with following meta-data. NO additional actions
required to enable Storage optimization, deploy the VNF
• Thick Disk Provisioning with Eager Zero<thick_disk_provisioning>true</thick_disk_provisioning>
• <eager_zero>true</eager_zero>
API enhancements
Features Description
Configurable vcpu topology Some of the thirdparty VNF (ex. Aruba WLC) require
Socket, Core and Thread specified in addition to the
number of cores. Default is to allocate the number of
cores and Socket, Core, Thread definitions is
populated by system.
AAA auth order, include local When AAA is configured, users defined local will be
used first and subsequent step is to look up AAA
server. Prior to this release, when AAA enabled, local
user database is not used until AAA server reachability
is lost.
APC UPS support with power level notifications During AC power loss, when switched to using UPS,
available power level (amount of time) is notified via
syslog.
SNMP support for per core CPU usage
GUI session timeout configurable
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Introduction to the
Lab
Lab Topology
Lab Overview
• Access the lab through AnyConnect and Microsoft Remote Desktop (RDP)
• Reference Sheet has your credentials
• Sharing head-end infrastructure
Accessing the Lab
- Walkthrough
Lab Modules 1 & 2
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
VNF Packaging
Why Package?
• Better Scalability
• Provides a way to distribute and deploy VNFs consistently
• Same package used for multiple VNF sizes
• Simplification
• Available with packaging utility or GUI
• VNFs instantiate already configured
• Customization
• Set key parameters such as console access, core pinning, driver support and disk pre-
provisioning
• Implement your configuration
VNF format support on NFVIS
• NFVIS is based on a Linux distribution with KVM
• Can deploy any VNF with a QCOW2 extension (standard KVM file format)
• However, NFVIS can also support additional file formats
• .ISO, .IMG, .RAW
• Has ability to convert a VMDK file into QCOW2 using NFVIS CLI
nfvis# image-convert myimage.vmdk myimage.qcow2
• NFVIS provides users flexibility by creating a package to deploy on NFVIS

• Similar to creating an “OVA”
VM Packaging Utility
• Downloaded from NFVIS

• File is
“nfvisvmpackagingtool.tar”
• Unpack for files:
• nfvpt.py
• image_properties_template.xml
• nfvis_vm_packaging_utility_exam
ples.txt
Packaging Utility Details
• Process uses Python and nfvpt.py utility with a combination of parameters

to package the VM.
• The VM packaging utility contains the following
• nfvpt.py—It is a python-based packaging tool that bundles the VM raw disk
image/s along with VM specific properties.
• image_properties_template.xml—This is the template file for the VM image
properties file and has the parameters with default values. If the user provides new
values to these parameters while creating the VM package, the default values get
replaced with the user-defined values.
• nfvis_vm_packaging_utility_examples.txt—This file contains examples on how to
use the image packaging utility to package a VM image.
Using nfvpt.py Packaging Tool
Required Fields Optional Fields*
-o Package filename (will make it .tar.gz) --console Console port available (true or false)
-i Disk image (multiple images separated by comma) --eager_zero Pre-provision disk space (default is false)
-t VNF Type (e.g. ROUTER, FIREWALL) --SR-IOV Support for SR-IOV drivers (true or false)
-n VNF Name --SR-IOV_list Supported SR-IOV drivers (igb,igbvf,i40evf)
-r VNF Version --bootstrap List of files to bootstrap VNF during provisioning
--monitored Monitored by NFVIS (default is false) --profile Flavors possible with list of resources required
(e.q. ISRv-Small,”ISRv small profile”,2,4096,8192)
--optimize Dedicate/Pin cores for function (default is false)
--custom Key / Value pairs for configuration variables (listed
as key:[KEY_NAME],val:[VALUE_NAME}
Example (ISRv):
python nfvpt.py -o ISRv-16.12 -i isrv-universalk9.16.12.01a-vga.qcow2 -n "Cisco IOS-XE Virtual Router" -t ROUTER -r 16.12.01 --monitored
true --console true --eager_zero true --SR-IOV true --SR-IOV_list igb,igbvf,i40evf --bootstrap ovf-env.xml:ovf-env.xml --bootstrap
iosxe_config.txt:iosxe_config.txt --min_vcpu 2 --max_vcpu 8 --min_mem 4096 --max_mem 8192 --min_disk 8 --max_disk 8 --vnic_max 8 --
optimize true --profile ISRv-small,"ISRv small profile",2,4096,8192 --profile ISRv-medium,"ISRv medium profile",4,4096,8192 --default_profile
ISRv-small --custom key:HOST_NAME,val:"" --custom key:LOOPBACK_IP,val:""
*Not the entire list
vEdge VM Packaging using the Package Utility
(nfvpt.py)
Input parameters Packaging Utility Final Package
image_properties_template.xml
./nfvpt.py -o vedge17.3.2 -i viptela-edge-genericx86-64.qcow2 -n

vedge.17.03.02 -t ROUTER -r 17.03.02 --monitored false --
cloudinit.cfg privileged true --bootstrap
/dir/latest/user_data:cloudinit.cfg,/dir/latest/meta_data.json:met
a_data,/dir/latest/vendor_data.json:vendor_data --min_vcpu 2 --
max_vcpu 8 --min_mem 4096 --max_mem 8192 --min_disk 8 --max_disk 8
--vnic_max 8 --optimize true --nocloud true --profile vEdge- vedge-17.3.2.tar.gz
meta_data small,"vEdge small profile",2,4096,8192 --profile vEdge-
Standard,"vEdge Standard profile",4,4096,8192 --default_profile
vEdge-Standard --custom ORGNAME, --custom OTP, --custom UUID, --
custom SYSTEM_IP, --custom VBOND,
vendor_data
• cloudinit.cfg: mounted as /openstack/latest/user_data

viptela-edge-genericx86-
64.qcow2
• meta_data: mounted as /openstack/latest/meta_data.json
• vendor_data: mounted as /openstack/latest/vendor_data
Creating a Package using the NFVIS GUI
Access the utility from VM Life Cycle -> Image Repository -> Image Packaging
Create a new VM Package
Upload the QCOW2 binary and Day 0 config
Upload qcow2 binary
Upload bootstrap file(s)
Define Flavors
• Flavors set the CPU, Memory, Storage requirements for a VNF
• Helps with one-click automated deployment
Define Flavors and Select Default
Create Package, Download or Register
• Once the package is created, you can then download it and reuse it on other NFVIS
systems
• Register the VNF within NFVIS to deploy it
Register new Package so that it appears

under Image registration (image and profiles)
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Deploying a VNF
on NFVIS using the
GUI
Deploying VNFs Using NFVIS GUI
Image Profiles
Resource footprint for VNF deployment
Memory allocated to VM
Number of CPUs allocated to
during deployment
VNF. Dedicated or Shared
Disk space allocated during deployment,
based on Package properties
Choose specific disk during deployment
Dedicated CPUs vs. Hyperthreading vs. pinning
Best Practice :
1vCPU = 1 logical CPUs

For predictable
1vCPU = 2 logical CPUs
Dedicated core, Pinned
Shared Core, Pinned performance, Dedicate
Core for Virtual Network
Functions like vRouters,
vFirewall, etc.
Lightweight Compute
Applications based on TCP
could share cores, host
more applications
NFVIS
Bridges and Networks OVS vSwitch

service
Access
NetworkA
Trunk
Trunk
wan
bridge
NetworkC
bridge NetworkB
Access
NetworkD
Access
lan Net 10
Trunk
bridge lan-net Physical
port
L2 Switch
broadcast domains
Moving from LAN Bridge

Access Access Linux VM
VLAN 20 VLAN 10
Physical switch Server1
to Virtual switch
Network Linux VM
Trunk
VLAN10,20 Net10 Server2
Access vlan 10
Network
lan-net
Trunk vlan 10, 20
vRouter
Trunk
VLAN [10, 20]
Internet Access
VLAN 20
Internet
Bridges & Networks (Contd.)
vNIC VM vNIC vNIC VM vNIC
SR-IOV vnic
Trunk or Access via CLI.
Mode
network network network Trunk /
bridge bridge bridge
Access
Network (lan-net, wan-net) is logical

representation of like group (Trunk or
Access) of ports in vswitch (lan-br, wan-br).
NFVIS Management Network
• int-mgmt-net predefined in NFVIS

wan-br
• Used to connect to VMs
Management port wan-net
10.20.0.X/24 • Also used to monitor VMs
mgmt-br • If the VM fails to respond to heartbeat
from the NFVIS, after 3 attempts of re-
lan-net launching the VM, the Status will report
Int-mgmt-net
'Error’.
lan-br
• Uses 10.20.0.X/24 by default

• Can be modified with CLI command
SWITCH
vm_lifecycle networks network int-mgmt-net subnet
int-mgmt-net-subnet address ip-
addressgateway gateway-ip-
addressnetmask netmaskdhcp { true | false }
NFVIS Built-in Recovery
• NFVIS can monitor deployed VNF for failure
• On VNF failure detection, NFVIS can auto-

ISRv WAAS ASAv Windows Linux
restart the VNF Hypervisor (KVM)

mgmt-net
wan-net inet-net service-net lan-net
NFVIS
vSwitch
• Downtime experienced will depend on the wan-br inet-br service-br lan-br mgmt-br
VNF boot up time
• Can still run the branch off one hardware VF

WAN PF WAN 8-Port GE Switch
NIC NIM
NIC
GE0 GE1 GE2 GE3 GE4 GE5 GE6 GE7 GE8 GE9
• VNF would use the same license again
The first interface of the deployed VM will be used for internal monitoring.
• By default local portal attaches vNIC0 of the monitored VM to int-mgmt-net.
• If the VM fails to respond to heartbeat from the NFVIS, after 3 attempts of re-launching the VM, the Status
will report 'Error'
How to connect a VM to LAN Ports
VM interface is a trunk VM interface is untagged
• Connect VM to LAN-SR-IOV-x • Connect VM to LAN-SR-IOV-x or lan-net.
• Or lan-net. • Create a new network for it to connect to
• Set network to access mode with the desired
vlan
• Set bridge to lan-br.
VM VM
trunk untagged
lan-net new-lan-net
lan-br lan-br
SR-IOV- SR-IOV- SR-IOV- SR-IOV- SR-IOV- SR-IOV- SR-IOV- SR-IOV- SR-IOV- SR-IOV- SR-IOV- SR-IOV-
1 2 3 4 5 6 1 2 3 4 5 6
SWITCH SWITCH
LAN Ports
• LAN Ports (GE1/0 - 7 on ENCS 54xx, GE0/2 and GE0/3 on
ENCS 5104)
• Interfaces intended to be used for LAN access.
• ENCS 54xx, ports are part of an 8-port switch

• connects to Intel XL710 NIC, which then connects to NFVIS.
• Means that individual physical interfaces from the switch are not exposed to NFVIS, we
essentially just have a trunk from NFVIS to the switch. Unlike the WAN ports, you can't create a
network that maps directly to a physical port on the L2 switch. You must send appropriately
tagged traffic to the L2 switch, and it will then be sent out in accordance with the switchport
configs.
• OVS connectivity is provided from the XL710 to the default lan-br. lan-br is a member of lan-
net, which by default is in trunk mode.
• On the 5104, GE0/2 and GE0/3 are mapped to lan-br. This is strictly an OVS bridge,
not an L2 hardware switch like the 54xx.
Access the VNF Console from NFVIS
NFVIS - shows list of VM names NFVIS - console request to a deployed VM
vbo-UCPE1# vmConsole 1511257222.vEdgeCloud

vbo-UCPE1# show system deployments Connected to domain 1511257222.vEdgeCloud
NAME ID STATE Escape character is ^]
------------------------------------
1511257222.vEdgeCloud 7 running viptela 17.2.0
vbo-UCPE1# vedge login: admin

Password:
Welcome to Viptela CLI
admin connected from 127.0.0.1 using console on vedge
vedge#
Notes:
• VNF must be packaged with “Serial” console as enabled while using the VNF packaging tool
• ISRv must have “platform console serial” configured (requires a reboot of ISRv)
• ASAv must have a file on Disk0 called use_ttyS0 (requires a reboot of ASAv)
https://community.cisco.com/t5/firewalls/can-t-access-isrv-or-asav-console-from-nfvis-on-cisco-encs/td-p/3308862
Accessing VNF using Port Forwarding from
NFVIS
During VM Deployment:
Three Key Fields:

Port Number - what port on VM to forward to for SSH
External Port Range – What port to use on NFVIS
Source Bridge – What IP of NFVIS to use
• wan-br
• wan2-br
• MGMT
Caveats:
- VNF package must have ”console” parameter enabled
- NFVIS uses internal management network to forward
- Source bridge set to reachable IP for NFVIS
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Lab Modules 3 & 4
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Monitoring and
Troubleshooting a
Virtual
Environment
Enterprise NFV Monitoring
VNF NetFlow EEM Scripts

Syslog and SNMP Show CLI
ISRv CPU Utilization Memory Utilization Interface Stats
• NFVIS supports REST and NETCONF APIs that can be used to export all Host and VNF specific information
Hypervisor
• CLIs are also available to monitor and export data
NFVIS • All data is exported via NETCONF. Need a NETCONF client to receive data
• Host and Interface SNMP MIBS
• Exporting to external Syslog Server
Hardware • Monitoring via Cisco Integrated Management Controller for Platforms that support it.
ENCS • CIMC supports an exhaustive list of MIBS which can be used to monitor every aspect of the underlying
hardware
• CPU, Memory, Interface and Disk Stats
ENCS Monitoring Capabilities
• NFVIS
• Syslog Messages & Netconf Notifications
• SNMP Traps
• SNMP MIBs
• API for environment monitoring (Hardware)
• API for host resource usage (CPU, disk, memory, port)
• API for VNF resource usage (vCPU, disk, memory, port)
• CIMC
• SNMP Traps
• Syslog Messages
• Event Log
• APIs for hardware information
NFVIS Syslog/Notifications Messages
• Network Connectivity
• Login/Authentication
• Host/Disk Management
• NFVIS Upgrade
• NFVIS VMLC Message
• NFVIS Secure Overlay/DPDK Messages
• NFVIS Certificate Management
• CIMC Management
NFVIS Monitoring Documentation
• Documentation
• https://www.cisco.com/c/en/us/td/docs/routers/nfvis/user_guide/b-api-
reference-for-cisco-enterprise-nfvis.html
• https://www.cisco.com/c/en/us/td/docs/routers/nfvis/config/3-12-1/nfvis-
config-guide-3-12-1.html
• CIMC - https://www.cisco.com/c/en/us/support/servers-unified-
computing/ucs-e-series-servers/products-installation-and-configuration-
guides-list.html
CIMC Management MIBS Reference
CISCO-UNIFIED-COMPUTING-EQUIPMENT-MIB ITU-ALARM-TC-MIB
CISCO-UNIFIED-COMPUTING-FAULT-MIB SNMPv2-MIB
CISCO-UNIFIED-COMPUTING-MIB SNMPv2-CONF-MIB
CISCO-UNIFIED-COMPUTING-MEMORY-MIB SNMPv2-SMI-MIB
CISCO-UNIFIED-COMPUTING-NOTIFS-MIB SNMPv2-TC-MIB
CISCO-UNIFIED-COMPUTING-PROCESSOR-MIB SNMP-FRAMEWORK-MIB
CISCO-UNIFIED-COMPUTING-STORAGE-MIB INET-ADDRESS-MIB
CISCO-UNIFIED-COMPUTING-TC-MIB CISCO-SMI
CISCO-TC
▪ Memory, processor, and storage MIBS used for SNMP query for memory, CPU, and disk/controller
(SNMPGET, SNMPWALK)
▪ Notifications and fault generate trap events
CLIs for Monitoring
Stats: content for graphical display
show system-monitoring host [cpu | disk | memory | port] stats

show system-monitoring vnf [cpu | memory] stats
Table: summary (e.g. min / max / average)
show system-monitoring host [cpu | disk | memory | port] table
Default collecting duration is 5min

Query for a specific collecting duration via API / CLI.
NFVIS Notifications for Monitoring and Troubleshooting
• NFVIS sends notifications for
• vmlcEvents (VM Lifecycle)
• nfvisEvents (NFVIS)
• Use NFVIS CLI or GUI to query notifications
nfvis# show notification stream vmlcEvent

notification
eventTime 2017-02-17T22:27:20.292+00:00
vmlcEvent
status SUCCESS
status_code 200
status_message Image creation completed successfully.
image isrv-universalk9.16.03.01.tar.gz
vmlcEvent vm_source
!
vmlcEvent vm_target
!
vmlcEvent event
type CREATE_IMAGE
!
NFVIS Notification Events
• VM Life Cycle Events

CREATE_IMAGE VM_STOPPED
DELETE_IMAGE VM_STARTED
CREATE_FLAVOR VM_REBOOTED
DELETE_FLAVOR VM_MONITOR_UNSET
VM_DEPLOYED VM_MONITOR_SET
VM_ALIVE VM_RECOVERY_CANCELLED
VM_UPDATED VM_RECOVERY_REBOOT
VM_UNDEPLOYED
VM_RECOVERY_INIT
VM_RECOVERY_COMPLETED
• NFVIS System Events

WAN_DHCP_RENEW NETWORK_CREATE
INIT_STATUS_CHANGE NETWORK_UPDATE
NETWORK_DELETE
SNMP Support on NFVIS
• NFVIS supports versions 1 and 2 of SNMP
• Configuration can be done via Portal, CLI, and API
• NFVIS currently supports these standard MIBS
• SNMPv2 MIB
• Object ID (OID): 1.3.6.1.2.1.1
• http://www.oidview.com/mibs/0/SNMPv2-MIB.html
• IFMIB (interface data)
• OID: 1.3.6.1.2.1.2
• http://www.oidview.com/mibs/0/IF-MIB.html
• Entity MIB (entity data)
• OID: 1.3.6.1.2.1.47
• http://www.oidview.com/mibs/0/ENTITY-MIB.html
Syslog in NFVIS
• NFVIS can send Syslog messages to Syslog servers

• Syslogs are sent for NETCONF notifications from NFVIS
• This feature is used to configure the remote logging servers
• Configuration can be done via Portal, CLI and API
• Syslog messages have the following format:
<Timestamp> hostname %SYS-<Severity>-<Event>: <Message>
2019 Jan 16 15:36:12 nfvis %SYS-6-CREATE_FLAVOR: Profile created: ISRv-small
2019 Jan 16 15:36:12 nfvis %SYS-6-CREATE_FLAVOR: Profile created: ISRv-medium
2019 Jan 16 15:36:13 nfvis %SYS-6-CREATE_IMAGE: Image created: ISRv_IMAGE
Syslog Server Configuration
• A maximum of 4 remote syslog servers can be configured.

• Server configuration parameters are:
• Remote server’s address
(IPv4 / IPv6 / DNS Name)
• Protocol to be used for sending the syslogs
(TCP or UDP, default is UDP)
• Port of the syslog server
For UDP, the default port is 514
For TCP, the default port is
Syslog severity Configuration
• By default, the logging severity of syslogs is ‘informational’

• i.e. All syslogs at ‘informational’ severity and higher will be logged.
• The logging severity can be changed to one of:
• debug
informational
notice
warning
error
critical
alert
emergency
Troubleshooting
Exposed low level Linux show commands without having to go to root
• Low level Show commands under “Support” keyword
• Provides stats from OVS, provides TCP data dump and output from virsh commands
Example: How to verify if the Day 0 configuration is attached to the VNF when instantiated by NFVIS?
Step1: Get the list of VNFs running on NFVIS

nfvis# support virsh list
Id Name State
----------------------------------------------------
19 1509553386.ROUTER running
Step 2: Next check if there is a config drive generated with the day 0 configuration you added to the package
nfvis# support show config-drive 19
-rw-r--r--. 1 qemu qemu 397312 Nov 1 16:23 /cisco/esc/esc_database/nodejs/VM/ae828bab-3e90-4a53-ba97-
14aa0db258f2/ae828bab-3e90-4a53-ba97-14aa0db258f2-hdd.config
Step 3: Once verified that config drive is present, next look at the contents of the drive by using
nfvis# support show config-drive content 19
At the tail end you should see the configuration that you packaged with the VNF
Troubleshooting
Example 2 : How to verify if your VM is actually enabled for serial console?
Step1: Use the support virsh dumpxml <id>

nfvis# support virsh dumpxml 19
The virsh dumpxml command lists out exactly how the VNF was deployed on NFVIS. It lists out the properties that was
enabled as well
For the above example by using the virsh dumpxml command look for key word Serial, if you see the following in the
output then you know the VNF was enabled for Serial Console on NFVIS.
<serial type='pty'>
<source path='/dev/pts/0'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
Troubleshooting (specific to config drive)
Issue Cause Debug Fix
Image registration fails if package is not *.tar.gz Look at the error message on Repackage using local portal
(doesn’t have the required files portal/API response code. or packaging tool
on slide#27 Also look at ESCManager.log
NFVIS#show log
/var/log/esc/escmanager.log |
include Image_name
Image registration fails Checksum is not correct - Look at the error message on Repackage using local portal
maybe packaging tool /local portal/API response code. or packaging tool
portal not used to package the Also look at ESCManager.log
VM NFVIS#show log
include Image_name
VM deployment fails VM is monitored VM. VM is not Look at the API response Undeploy VM
attached to int-mgmt-net (it code. Re-Deploy using local portal or
can be attached to any nic) Also look at ESCManager.log using API attach int-mgmt-net
when deployed using API. By NFVIS#show log to one of the nics
default local portal attaches /var/log/esc/escmanager.log |
nic0 of the monitored VM to include vm_dep_name
int-mgmt-net.
Troubleshooting (contd…)
Issue Cause Debug Fix
VM deployment fails VM is a monitored VM and Look at the error message on Re-deploy using local portal
bootup_time is not specified in portal/API response code. (default bootup_time is local
the payload Also look at ESCManager.log portal is 600 seconds)
bootup_time is boot time NFVIS#show log Or deploy using API and specify a
required for VM to boot in /var/log/esc/escmanager.log | reasonable, positive value for the
seconds (+ve value) include vm_dep_name VM to boot in seconds.
Some MSX need longer time to
boot.
VM deployment fails VM is a monitored VM and Look at the error message on Re-deploy using local portal
kpi_data is not provided in the portal/API response code. (it attaches kpi_data)
payload Also look at ESCManager.log Or deploy using API and specify a
NFVIS#show log kpi_data
include vm_dep_name
VM deployment fails Bootstrap config file is tokenized Look at the API response code. Use a different unused ip address
and the key, value pairs are Also look at ESCManager.log for the int-mgmt-net.
passed during deployment using NFVIS#show log
API. But static ip address is used /var/log/esc/escmanager.log |
through the deployment payload include vm_dep_name
for this VM for int-mgmt-net
which was already assigned by
the system for other MSX.
SPAN and Packet Capture
• SR-IOV or OVS vnic can be spanned (port replicated) to a Packet capture VM
• TCPdump can be done via GUI or CLI on OVS vnics
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Lab Module 5
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Deploying a VNF
on NFVIS using
APIs
What is an API?
“It’s a way for two pieces of software to talk to

each other.”
Application Programming Interface (API)
API Examples
Representational State Transfer (REST)
• API framework intended to build

simpler web services than SOAP
• Another use for the HTTP protocol
• Popular due to performance, scale,
simplicity, and reliability
• Technically an API framework
NETCONF (NETwork CONFiguration) Protocol
• Designed as replacement for SNMP

• Standardized in 2006 / Updated 2011
• Leverages SSH and XML
• Defines transport and communication
• Titled coupled to YANG for data
RESTCONF Protocol
• Provide REST API like interface to

network
• Standardized in 2017
• Supports XML and JSON
• Defines transport and communication
• Titled coupled to YANG for data
Let’s Look a Bit
More at REST
Rest
How does it work
Client Request
API Service
Do Something
Response
Client Action
The URI – What are You Requesting?
http://maps.google.com/maps/api/geocode/json?address=sandiego
Server Resources Parameters
• http:// or https:// • Resource

• Define whether secure or open • The location of the data or object
http of interest on the server
• Server or Host • Parameters

• Resolves to the IP and port to • Details to scope, filter, or clarify a
connect to request. Often optional.
HTTP Methods: What to do?
HTTP Verb Typical Purpose (CRUD) Description

Used to create a new object, or resource.
POST Create Example: Add new book to library
Retrieve resource details from the system.
GET Read Example: Get list of books from the library
Typically used to replace or update a resource. Can be used to modify
PUT Update or create.
Example: Update the borrower details for a book
Used to modify some details about a resource.
PATCH Update Example: Change the author of a book
Remove a resource from the system.
DELETE Delete Example: Delete a book from the library.
REST – Request with NFVIS
• Client Request
• Header:
• Content-Type: application/json or application/xml
• Authorization: basic username and password
• Action
• Get: Retrieve Data.
• Post: Create new Record.
• Put: Update a Record, if it does not exist, Create it.
• Delete: Remove Record.
Response Status Codes: Did it work?
Status Code Status Message Meaning

200 OK All looks good
201 Created New resource created
400 Bad Request Request was invalid
401 Unauthorized Authentication missing or incorrect
403 Forbidden Request was understood, but not allowed
404 Not Found Resource not found
500 Internal Server Error Something wrong with the server
503 Service Unavailable Server is unable to complete request
Headers: Details and meta-data
Header Example Value Purpose

Content-Type application/json Specify the format of the data in the body
Accept application/json Specify the requested format for returned data
Authorization Basic dmFncmFudDp2YWdyYW50 Provide credentials to authorize a request
Date Tue, 25 Jul 2017 19:26:00 GMT Date and time of the message
• Used to pass information between client and server
• Included in both REQUEST and RESPONSE
• Some APIs will use custom headers for authentication or other purpose
JSON Data Format
• Basic JSON
• Flat JSON
• JSON Array
Example: Calling a REST API
method
URL
Response Body
Determining How to Use NFVIS APIs
• Understanding NFVIS REST calls –

begin at documentation
• NFVIS REST Guide
• Navigate to Appropriate API Section URL
• Examine details of REST call of

interest
• Method required
• URL method
• Additional data needed in body
Using APIs
• Option 1: CURL Command in CLI
• cURL (Client URL) – Command line tool to transfer data by using URL based syntax.
curl -k -i -u admin:Cisco#123 -H Accept:application/vnd.yang.data+xml -H content-type:application/vnd.yang.data+xml -X

POST https://201.0.0.157/api/config/vm_lifecycle/tenants/tenant/admin/deployments --data
'<deployment><name>ISRv_SW_dep</name><vm_group><name>VM_GROUP_1</name><image>ISRv_IMAGE</image><flavor>ISRv-
small</flavor><bootup_time>600</bootup_time><recovery_wait_time>0</recovery_wait_time><recovery_policy><action_on_recovery>REBOOT_ONL
Y</action_on_recovery></recovery_policy><interfaces><interface><nicid>0</nicid><network>int-mgmt-
net</network><port_forwarding><port><type>ssh</type><protocol>tcp</protocol><vnf_port>22</vnf_port><external_port_range><start>20022</start
><end>20022</end></external_port_range></port><port><type>telnet</type><protocol>tcp</protocol><vnf_port>23</vnf_port><external_port_rang
e><start>20023</start><end>20023</end></external_port_range></port></port_forwarding></interface><interface><nicid>1</nicid><network>GE0-
0-SR-IOV-1</network></interface><interface><nicid>2</nicid><network>GE0-1-SR-IOV-
1</network></interface></interfaces><scaling><min_active>1</min_active><max_active>1</max_active></scaling><kpi_data><kpi><event_name>VM
_ALIVE</event_name><metric_value>1</metric_value><metric_cond>GT</metric_cond><metric_type>UINT32</metric_type><metric_collector><type
>ICMPPing</type><nicid>0</nicid><poll_frequency>3</poll_frequency><polling_unit>seconds</polling_unit><continuous_alarm>false</continuous_ala
rm></metric_collector></kpi></kpi_data><rules><admin_rules><rule><event_name>VM_ALIVE</event_name><action>ALWAYS
log</action><action>TRUE servicebooted.sh</action><action>FALSE recover
autohealing</action></rule></admin_rules></rules><config_data><configuration><dst>bootstrap_config</dst><variable><name>TECH_PACKAGE</na
me><val>security</val></variable><variable><name>ngio</name><val>enable</val></variable></configuration></config_data></vm_group></deploym
ent>
Using APIs
• Option 2: Postman
• Postman is GUI based tool to simplify using REST calls.
Postman
Easy to Learn, API Development Tool
Method
API
Get VNF Inventory List Using Postman
Use API to
Get
Inventory
Fill in
Authentication
Credentials
Then Click
Send
Will Get 200

And Results
of REST Call
More Efficient Use of Postman
• Variables – used to quickly change values in saved REST calls

• Environment
• Collection
• Scripts – used to execute code against returned data

• Javascript
• Set Variables
Variables in Postman
• Rather than change dynamically changing objects, use variables to

complete
• Variables can be set in Environment or Global
• Can then be called for API tests
Why Environment Variables
If we look at this API call…
What happens if we change the NFVIS we’re using?
Not a big deal to change this value for one or a few API calls…
But what if there are dozens of calls?
Simple Environment Variable Example
3
4
Using Environment Variable
We Can Use Output to Assign Variables
Postman Function Tests:

• Allow execution of Javascript coding to
perform actions after information is returned by
the API call.
• Can be used to populate Environment or Global
Variables.
Then Use New Variable in Future API Call
How About Deploying a VNF?
We can use a REST API call for that too…
What Can We Do With All This?
Combine API’s with Programming Languages

• Python - becoming defacto language for network
programming
• Go
• Ruby
• Others
Allows more powerful methods of automating

deployment
Example:
www.github.com/rshoemak/NFVIS-coding
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Lab Module 6
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Network PnP
PnP Solution Components
1 DNA-C (PnP Server)
Auto-provision device w/
images & configs.
DNA Center
SSL
PnP Connect
Cloud-based device Policy Automation Analytics
discovery Customer On-Premise
SSL
PnP Connect
4 Redirects devices to SSL
On-Prem DNA-C
PnP Protocol
3 HTTPs/XML based Open
Schema protocol
SUDI Capable devices
2 PnP Agent PnP Helper App*

5
Cisco® switches, routers, Delivers bootstrap status
and wireless AP and troubleshooting checks
* DNA-C Support in Roadmap
PnP Overview
• Cisco Network Plug-and-Play solution provides
• Simple, secure and unified approach to provision devices with zero-touch deployment
• Designed for users to instantiate a device into network, provision it without manual
intervention.
• PnP Agent
• Runs on NFVIS device
• Auto-discover PnP server
• Provides device UDI (Serial Number, PID) to server
• Bulk provisioning of user credentials
• When NFVIS platform is powered on, Cisco Network PnP agent discovery
process starts. This, in turn, discovers the IP address of the PnP Server.
PnP Server Discovery Options
DHCP with option 43
1 PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server
Automated
DNS lookup
2
pnpserver.<your domain> resolves to Cisco DNA Center IP Address
Cloud re-direction https://devicehelper.cisco.com/device-helper

3 Redirect
Cisco hosted cloud, re-directs to on-prem Cisco DNA Center IP Address
Manual
4 CLI or NVFIS Local Portal GUI configuration
PnP DHCP with option 43
The Cisco PnP agent automatically discovers the IP address of the Cisco Network PnP server specified in the
DHCP option 43 string.
Example of DHCP options 43 configs on DHCP server:
ip dhcp pool P_ENCS_18375

host 172.19.183.75 255.255.255.0
hardware-address 00f2.8bc3.4a54 //* mac address of NFVIS WAN Bridge
default-router 172.19.183.1
domain-name cisco.com
dns-server 172.19.183.147
option 43 ascii "5A;B2;K4;I172.19.152.41;J80”
PnP DHCP with option 43
option 43 ascii "5A1D;B2;K4;I172.19.152.41;J80”
I: PnP Server IP J80: Remote Server Port 80
K4: Protocol HTTP
B2: Address type IPv4
5A1D: PnP DHCP ID, version 1 and debug on

For more details on DHCP option 43 for PnP please see:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-and-Play/solution/guidexml/b_pnp-solution-guide.html
Old DevNet article archive & Best reference for PnP Option 43 syntax)
https://d1nmyq4gcgsfi5.cloudfront.net/site/open-plug-n-play/learn/learn-open-pnp-protocol/
PnP DHCP options 43 - CLI Reference
nfvis# show system settings-native wan dhcp
system settings-native wan dhcp enabled

system settings-native wan dhcp offer true
system settings-native wan dhcp interface wan-br
system settings-native wan dhcp fixed_address 172.19.152.252
system settings-native wan dhcp subnet_mask 255.255.255.0
system settings-native wan dhcp gateway 172.19.152.1
system settings-native wan dhcp lease_time 86400
system settings-native wan dhcp message_type 5
system settings-native wan dhcp name_servers 172.19.152.221
system settings-native wan dhcp server_identifier 172.19.152.221
system settings-native wan dhcp renewal_time 43200system settings-native wan dhcp rebinding_time 75600
system settings-native wan dhcp vendor_encapsulated_options "5A;B2;K4;I172.25.217.8;J80”
system settings-native wan dhcp domain_name NA
system settings-native wan dhcp renew 2017-01-20T09:44:42-00:00
system settings-native wan dhcp rebind 2017-01-20T21:14:13-00:00
system settings-native wan dhcp expire 2017-01-21T00:14:13-00:00
PnP DHCP options 43 - CLI Reference
nfvis# show pnp

pnp status response "PnP Agent is running\n server-connection\n status: Success\n
time: 20:55:13 Sep 28\nbackoff\n status: Success\n time: 20:55:13 Sep 28\n"
pnp status ip-address 172.19.152.41
pnp status port 443
pnp status transport https
pnp status created_by dhcp_opt43
pnp status dhcp_opt43 1
pnp status dns_discovery 0
pnp status cco_discovery 0
pnp status timeout 60
nfvis#
PnP DHCP options 43 – Local UI Reference
1 2
3
PnP DHCP options 43 UI Reference
PnP DNS Lookup
Construct a fully qualified domain name (FQDN), using the preset hostname "pnpserver”,
based on the network domain name configured on the DHCP server.
Example of DNS lookup configurations on DHCP server:

host 172.19.183.75 255.255.255.0
hardware-address 00f2.8bc3.4a54
dns-server 172.19.183.147
ip host pnpserver.cisco.com 172.19.152.41
ip dns server
PnP DNS Lookup – Local UI
2 3
• Click Edit, Select Method : Automatic and Options : DNS Discovery
• Click Save. A new PnP DNS Discovery starts.
Verify PnP DNS Lookup - CLI
nfvis# show pnp
pnp status response "PnP Agent is running \n server-connection\n
status: Success\n time: 02:41:17 Sep 29\nbackoff\n status: Success\n
time: 02:41:17 Sep 29\n"
pnp status port 443
pnp status created_by dns_discovery
nfvis#
PnP Cloud Redirect
• This method uses the Cisco Cloud Device Redirect tool
available in the Cisco Software Central.
• User needs to have a Cisco CCO and Smart Account in advance.
Example of Cloud Redirect configurations on DHCP server:

host 172.19.183.75 255.255.255.0
hardware-address 00f2.8bc3.4a54
dns-server 172.19.183.147
ip host devicehelper.cisco.com 64.101.32.10
ip dns server
PnP Cloud Redirect – Cisco Account
In order to use Cisco Cloud Device Redirect tool, user needs to have a Cisco Account in advance.
Launch Cisco Software Central at https://software.cisco.com in browser and Click “Login In”
PnP Cloud Redirect (cont’d)
Verify PnP Cloud Redirect
nfvis# show pnp
pnp status response "PnP Agent is running \n redirection\n status: Success\n
time: 13:32:29 Sep 29\nserver-connection\n status: Success\n time:
13:34:49 Sep 29\nbackoff\n status: Success\n time: 13:34:49 Sep 29\n"
pnp status port 443
pnp status created_by cco_discovery
nfvis#
PnP Static Discovery
1
2
3
4
5
6
• Provide PnP Server IP (e.g. 100.64.0.101) and Port 80
• Click Save. A new PnP static http discovery starts.
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Orchestration
Cisco DNA Center
Cisco DNA Automation Cisco ONE
Simplified Deployment of Physical/Virtual Branches Foundation
Onboard WAN devices &

Services via 3 easy steps
ISE
ISRv/ENCS DHCP
WAN
Cisco
Office Site Network Services DC
APs DNAC
1. Configure Network Settings, Service Provider & IP Pools
Branch Deployment in Minutes 2. Design a Routing & NFV Network Profile
3. Assign to Sites & Provision Network Devices
Provisioning Process Flow
Design
Provide Create Profile

Specify Provide SP
Network Design Define IP Pools and Attach
Credentials Settings
Settings Profile to Site
Provision
Claim/Assign
PnP or Discover Add device to Specify Input
Device to a Provision Device
Devices Inventory parameters
Site
ENCS based Virtual Branch Profile
Router WAN Router LAN
1 Configuration
2 Configuration 3 Integrated Switch
Configuration
4 Custom CLI
Configuration
Virtual Services using Cisco Validated Designs
Support for 3rd party Services and App Hosting
Add LAN Configurations
Add Additional Integrated Switch Configuration
Custom Configuration Templates
Assign the Profile to a Site
Provision Router
Add LAN Parameters
Preview Summary
SD-WAN
Integration
vEdge Cloud Provision Workflow in Cisco DNA Center
vEdge – Input
Provision vEdge
Select ENCS and Parameters Connect vEdge to
on ENCS with Day
Map to Site Obtained from vManage
0 config
vManage
vEdge Cloud Onboarding through Cisco DNA
Center
vManage Properties for Integration

• IP Address
• Username/ Password
• Port Details
• vBond information
• Organization Name
• Certificate for onboarding vEdge*
*Only needed if SD-WAN management deployment is using on-

prem system with on-prem CA for PKI
Virtual vEdge On-boarding on ENCS
Provisioning Flow
Integration via APIs to vManage

• One Time Password
• UUID
• Service Chain vEdge with other
services
• Day 1 registration of vEdge with
vManage
vEdge Cloud and NFVIS Reference
Interface Mapping
vEdge Cloud vEdge Cloud NIC Map

KVM
vEdge Cloud NIC Map
NFVIS
eth0 vNIC1 vNIC0
ge0/0 vNIC2 vNIC1
ge0/1 vNIC3 vNIC2
ge0/2 vNIC4 vNIC3
KVM NIC starting at 1 and NFVIS NIC starting at 0
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Lab Modules 7 - 8
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
Network Service
Orchestrator
Network Service Orchestrator (NSO) for Service
Providers
• Model-driven end-to-end
Network Engineering Ops and Provisioning Service Developers
service lifecycle and
customer experience in
focus
NSO
• Seamless integration
Service Manager with existing and future
Package
OSS/BSS environment
CDB Manager
Device Manager • Loosely-coupled and
modular architecture
Device Abstraction ESC (VNFM)
leveraging open APIs and
standard protocols
VNF Lifecycle VNF Service
NED NED NED • Orchestration across
Manager Monitoring
multi-domain and multi-
layer for centralized policy
and services across
Multi-domain Networks
entire network
• Ready-made
implementations for
specific features
• E.g. NFVO, ENFV, SD-
WAN
Core Function • Productized, TAC
Packs supported
• 80/20 rule – reduce
implementation cost and
TTM
Current Core Function Packs
SD-WAN
vBranch
NFVO
NFV Orchestration
with NSO NFVO
NFV Orchestration Challenges
Lessons Learned
CISCO’S NFVO PROVIDES… …TO AVOID
A flexible software platform with open and Proprietary technologies with specialized
ETSI-aligned architecture and interfaces tooling driving long integration projects
Lessons Learned
A fully multi-vendor stack to accelerate VNF Hard-coded assumptions on VNF design

onboarding to smallest effort possible and behavior requiring fundamental updates
Lessons Learned
A fully multi-vendor stack to accelerate VNF Hard-coded assumptions on VNF design

onboarding to smallest effort possible and behavior requiring fundamental updates
An integrated set of lifecycle operations on Procedural operations leading to expensive

network service and VNF-level change life cycle
NFVO High Level Architecture
VNFD Catalogue
OSS/BSS RFS Services
NSD Catalogue
NFV Orchestrator (NFVO)
NSRs and VNFRs
EM EM EM NFVI Resources
Or-Vnfm
(Or-Vi)
VNF VNF VNF VNF Manager (VNFM)
NFV Infrastructure (NFVI) Virtual Infrastructure Manager (VIM)
Service Lifecycle VNF Lifecycle
NFVO: High Level Architecture Mapping
RFS Services
RFS Provisioning and Activation VNFD, NSD Catalogue NFV Orchestrator (NFVO)
Cisco NSO NSRs and VNFRs NSO NFVO Component
NFVI Resources
Or-Vnfm
(Or-Vi)
VNF Manager (VNFM)
VNF VNF VNF
Cisco ESC
NFV Infrastructure (NFVI) Virtual Infrastructure Manager (VIM)
Service Lifecycle VNF Lifecycle
NSO vBranch
Core Function
Pack
for ENFV
Automation
ENFV Automated Operations - I
Branch CPE fully operational in minutes
Customer 1. Pre-provision CPE

or Operator Select branch template
and enter device serial#
Portal
NSO w
vBranch
4. PnP
request
CFP
2. Configure PnP
Enter PnP server IP
5+. Configure
CPE and
VNFs
3. Restart
ENFV Automated Operations - II
Branch CPE fully operational in minutes
Customer 1. On-board CPE

or Operator 2. Provision CPE
Select branch template
Portal
NSO w
vBranch
CFP
3. Configure
CPE and
VNFs
• Bootstrap configuration (Day-0)
• e.g. IP/credentials/license
• Set once
• Base configuration (Day-1)

Golden configuration – best
Definitions:
•
practices for device role
Configuration • Set once
Service configuration (Day-2/n)

Types •
• Configuration that changes over
device lifetime, e.g. ACL, firewall
rules, etc.
• Create/Modify/Delete multiple times
Recent Release
Enhancements
vManage NFV Automation workflow for SDWAN Mar
2020
Target
Minimum Releases Required Define ENCS device profile with services (vEdge Router) through ND workflow
1
vManage NFVIS SDWAN Upload Serial File from Viptela Operations. Associate Template to vEdge UUID.
vManage
20.1.1 4.1.1 19.2.1 vedge-cloud
Control and Policy
17.1.1 ISRv Elements
vBond 8 9
5 6
vEdge control connection

Device control connection
As part of device Initial vEdge
4
configuration, vManage configuration
ENCS Device connects to vBond. pushes device settings from default
vBond validates the ENCS device along with service configs. template from
and sends the vManage IP. If service is a vedge, it vManage
generates and downloads
the cloud-init config file
Redirect which contains UUID, vManage Capabilities for NFV
vBond IP, System IP, Org-
name and OTP. Image Repository
Server
vEdge Service instantiated and loaded with
Bootstrap Configuration cloud-int file. 7
Network Design
Chaining of VNFs occurs if requested. VNF design
ENCS/NFVIS Device contacts cisco
2 cloud redirect service NFVIS Deploy
devicehelper.cisco.com.
Device Serial Number is matched in Upgrade/Maintenance
3
Smart Account and redirected to vBond
via PnP
Platform and VNF Monitoring
DEMO TIME
Agenda
• VNF Packaging
• Lab Module 5
• Lab Module 6
• Network PnP
White box or not a
White box
White Box - what could possibly go wrong?
All Cisco Stack vs White Box Stack
White Box Stack consists of… “quality?”
“licensing cost?”
“reliability?”
“compatibility with
• COTS Hardware “support?”
hardware?”
• Unrelated hypervisor “support?” (again)
• Disparate VNF collection “cross component compatibility/duplication?”

“support?” (again) (multiple touch points now!)
• Orchestration?
“what’s the glue?”

“Can it ‘see’ my hardware?” so. many.
questions.
wobbling stack of uncertainty™
All Cisco Stack vs White Box Stack
All Cisco White Box
vBranch is the key to How well can a single
MSX Non-Cisco
success for the Cisco
vBranch + SD-WAN Orchestration (Ericsson, etc..)
orchestrator support
stack. Pre-defined multiple underlying
templates are fully components?
tested and supported
VNFs are on their own.
Palo Alto
Riverbed
vWAAS
Fortinet
Juniper
strengthen the
vEdge
vWLC
Cisco
ASAv
ISRv
Inconsistent licensing,
VNF
overall offer. VNFs hypervisor support, etc.
weaken the stack.
Opportunity to
highlight synergies
How well does each
between products Non-Cisco
NFVIS Hypervisor VNF work with the
throughout the entire (KVM, Openstack, etc.) chosen hypervisor?
solution stack.
No Cisco product in
An integrated stack
Advantech
the white box space.
offers single vendor
Cisco ?
Juniper
ENCS and UCSE do
Dell
sourcing, and ENCS Hardware not fit into white box
consistent cross- model (pricing or
solution support. technology)
Example: Cisco Stack vs Dell VEP ‘white box’
vCenter?
The SD-WAN vendor’s?
Good Luck! (you’re going to need it)
RedHat’s? (CloudForm? OpenStack Platform Director?)
Some other vendor or open source*?
Versa VeloCloud Silver Peak Choice?: Three (only) vendors. SD-WAN only.
hypervisor Extra cost: VMWare ESX isn’t free if you want to manage it,
VMWare or RedHat RedHat isn’t free. Both require support.
Single platform only, Ethernet only, Intel Xeon D2100
‘up to’** 16 cores, ‘up to’ 64 RAM, max 1TB storage
Two expansion slots, but nothing for them
Summary of ENCS advantages over Competition Reference
Superior Hardware Engineering Superior Operational Platform
• Flexible, Expandable platform: • Integrated switch with 8 ports with PoE

4, 6, 8, 12 Core Options
Up to 64MB RAM upgrades • Hardware acceleration of VM-to-VM traffic flow
Up to 4 TB SATA, 1.2 TB SET, 1.8 TB SAS (~30% performance improvement than our
Disk Storage competitors for multiple VNFs)
Upgradable in the Field !
• Support for Hardware RAID on 12” chassis for
• Support Multiple VNFs including those with Redundancy
high storage demand like vWAAS, vNAM,
Windows Servers, Log Servers • Secure boot and BMC/CIMC Lights Out Server
Management
• NIMs/WAN module support
- 4G/LTE (without loosing integrated • LTE modules can support Dying Gasp support that
WAN ports) is available on NIMs. (SMS messaging)
- T1/E1 (Up to 8 ports, no SFP with
VNF/Core usage req’d as others) • Enterprise class grade components (comparable
- xDSL* to an ISR)
- Voice T1/E1, FXS, FXO*
• Purpose built HW with > 7 Years lifetime versus
general white box with ~ 3 Years
* Roadmap TECCRS-3006 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 230
NFVIS – True Network Hypervisor Reference
• Designed Specifically for Enterprise • Zero touch deployment

deployments • Embedded PnP Client in NFVIS enables true Zero Touch
• Targeted for Networking teams in Enterprise Deployment model without any human intervention
organizations • Allows for quick and error free deployment of network
services
• Optimized for the deployment and
monitoring of Virtual Network Functions • Automatic Resource Optimization for improved
network performance
• Built-in VM monitoring capability allows for
auto restart of VNFs when down • Optimized use of CPU, Memory and Storage for
maximum performance of the different VNFs.
• Avoids expensive truck rolls to remote sites
• Management GUI bundled in with NFVIS
• Rich Open APIs • Easy to use GUI eliminates complexity of dealing with
• Industry standard API that allows integration the underlying hypervisor
with any Orchestration system • Provides ability to draw network topology and instantiate
• APIs available for both RESTConf and a virtual branch
NETConf
• Open Architecture Software stack
• APIs support includes
• Allows for easy onboarding of any 3rd party software
• VM deployment
• VM health monitoring • Secure and Trusted Infrastructure Software
• System resource (compute/memory/storage) • Security tested and certified
management
• FIPS and Common Criteria Certifications on Roadmap
Customer Use
Cases
Straumann
• Global leader in tooth replacement and From: 1 Routers, 1 FW and 1 vWAAS
orthodontic solutions with 5000 employees
across 5 continents
• Straumann currently deploys two Cisco
2951s, 1 Palo Alto Firewall and Riverbed
for Wan Optimization across 70 locations.
• Converted them from a Riverbed customer
to a vWAAS customer To: 1 Router, 1 FW and 1 vWAAS all in one platform
• Preferred choice of FW vendor is PAN
• Want automation.
• DNA Center addresses automation
capabilities by adding editable topology,
support for generic 3rd party VNF, adding
custom networks etc.
Investment Trust Company in Ethernet Transport vEdge
NY LTE Transport ISRv
WAN Opt vWAAS
• Two major use case driving this VNF Orchestration DNA Center
• Redesign their WAN SD-WAN Management vManage
• Refresh their existing ISRs (2911s)
• As part of their WAN transformation they evaluated

Cisco SD-WAN and other vendors
• Cisco SD-WAN - Liked ease of manageability and
feature
• Liked the the ability to consolidate and host
additional functions leveraging the Cisco SD-
Branch/virtualization platform
• This Cisco x86 platform also provided them with
capability for backup connectivity to the sites with
4G-LTE
• Consolidated SD-WAN, WAN optimization and Firewall

• The solution also provided them with High Availability
between VNFs
Multitenancy use-case with
CSP5000
CSP5000 10GE port
LAN Side
SR-IOV
• vEdge VNFs connects to SR-IOV bridge on the lan side
connections
• LAN side SR-IOV bridge also connects to physical vEdges
interface
……..
• dot1q connection from vEdge to lan interface
• Customer local network is on the lan side
vEdge TLOCs and ISRv LAN

vEdge 10Gig
• Each vEdge TLOC connects to SR-IOV TLOCs backplane
• ISRv has a dot1q interface for each transport inside
separate VRFs connecting to SR-IOV bridge
• On SR-IOV, connection towards vEdge is configured
SR-IOV
as access while its configured as trunk towards ISRv connections
ISRv Transport ISRv
• ISRv is connected to 4XGE ports for WAN

SR-IOV down to
• QoS is done on the ISRv interfaces
physical NIC
connected to WAN uplinks
• Each WAN uplink interface is configured in 1GE port 1GE port 1GE port 1GE port
the different VRFs
Bank in EMEA Why ENFV?
• Automation has been key
• Cisco chosen after beating out the
• Bank has been exploring
competition for 246 branches. Initial order
virtualization for a year now
for 165 branches.
• Bank initially were engaged with
• Key Requirements other vendors. However no vendor
• Consolidation, Automation and Quickly was able to provide an end to end
isolate and troubleshoot problems. solution that included automation.
• Security is paramount with the bank. • After running pilots at multiple
branches and saw how easy it was
• Analyzed every component of the solution till
it met their standards to automate and spin up new sites,
the customer was convinced with
• Two key promises made by Cisco the Cisco solution.
• Continue to invest in the solution
• They were able to eliminate
• Complete Common Criteria certification multiple Windows workstations at
every branch by virtualizing them
• Chose the ENCS for its
compactness
Large Bank in Canada Why ENFV?
• Hardware consolidation
Bank’s strategic investment is on Mobile
Banking – Load the bank in a truck and drive • Integrated switch with POE
it from location to location to grow their capabilities
customer base • Dual 4G primary WAN access
Wanted a solution that fits the following • IWAN Solution Integration
requirements • Automation
• IWAN enabled WAN router.
• Run routing, security and banking
applications in a virtual environment
• 4G-LTE for WAN connectivity
• Hardware that can accommodate the
above requirements and fits into the
space available in the mobile trucks
Orange Business Services
Opens up new revenue models
• OBS has been one of the first
customers to work closely with Cisco Use Ciena Blue Plant as the
to launch their uCPE solution orchestrater.
• Looking to further strengthen their Use NFVIS NETCONF APIs for

SD-WAN offering and is part of its integration
strategy to move to software-defined Positioning ISRv with 3rd party
networks (SDN) and intent-based VNFs
networking.
https://www.businesswire.com/news/home/20
180206005830/en/Orange-Business-
Services-Cisco-Bring-SD-WAN-Network
R&S related Cisco education offerings
Course Description Cisco Certification

CCIE R&S Advanced Workshops (CIERS-1 & Expert level trainings including: instructor led workshops, self CCIE® Routing & Switching
CIERS-2) plus assessments, practice labs and CCIE Lab Builder to prepare candidates
Self Assessments, Workbooks & Labs for the CCIE R&S practical exam.
• Implementing Cisco IP Routing v2.0 Professional level instructor led trainings to prepare candidates for the CCNP® Routing & Switching
• Implementing Cisco IP Switched CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in
Networks V2.0 self study eLearning formats with Cisco Learning Labs.
• Troubleshooting and Maintaining
Cisco IP Networks v2.0
Interconnecting Cisco Networking Devices: Builds on ICND1 to provide capabilities needed to configure, implement CCNA® Routing & Switching
Part 2 (or combined) and troubleshoot a small enterprise network. Including: understanding of
Quality of Service (QoS), how virtualized and cloud services interact and
impact enterprise networks, along with an overview of network
programmability and the related controller types and tools that are
available to support software-defined network architectures.
Also available in self study eLearning format with Cisco Learning Lab.
Interconnecting Cisco Networking Devices: Understand layer 2 and layer 3 networking fundamentals needed to CCENT® Routing & Switching
Part 1 install, configure, and provide basic support of small/branch networks.
Covers network device security and IPv6 basics. Also available in self
study eLearning format with Cisco Learning Lab.
For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth
Design Cisco education offerings

Designing Cisco Network Service Architectures Provides learner with the ability to perform conceptual, intermediate, CCDP® (Design Professional)
(ARCH) Version 3.0 and detailed design of a network infrastructure that supports desired
capacity, performance, availability required for converged Enterprise (Available Now)
network services and applications.
Designing for Cisco Internetwork Solutions Instructor led training focused on fundamental design methodologies CCDA® (Design Associate)
(DESGN) Version 3.0 used to determine requirements for network performance, security,
voice, and wireless solutions. Prepares candidates for the CCDA (Available Now)
certification exam.

Wireless Cisco education offerings
• Designing Cisco Wireless Enterprise Professional level instructor led trainings to prepare candidates to CCNP® Wireless
Networks conduct site surveys, implement, configure and support APs and
• Deploying Cisco Wireless Enterprise controllers in converged Enterprise networks. Focused on 802.11 and
Networks related technologies to design, deploy, troubleshoot as well as secure
• Troubleshooting Cisco Wireless Enterprise Wireless infrastructure. Course also provide details around Cisco
Networks mobility services Engine, Prime Infrastructure and wireless security.
• Securing Cisco Wireless Enterprise Networks
Implementing Cisco Unified Wireless Network Prepares candidates to design, install, configure, monitor and conduct CCNA® Wireless
Essential basic troubleshooting tasks of a Cisco WLAN in Enterprise installations.
Understanding of the Cisco Unified Wireless Networking for enterprise
deployment scenarios. In this course, you will learn the basics of how to
Deploying Basic Cisco Wireless LANs (WDBWL) install, configure, operate, and maintain a wireless network, both as an 1.2
add-on to an existing wireless LAN (WLAN) and as a new Cisco Unified
Wireless Networking solution.
The WDAWL advanced course is designed with the goal of providing
learners with the knowledge and skills to successfully plan, install,
Deploying Advanced Cisco Wireless LANs configure, troubleshoot, monitor, and maintain advanced Cisco wireless
LAN solutions such as QoS, “salt and pepper” mobility, high density 1.2
(WDAWL)
deployments, and outdoor mesh deployments in an enterprise customer
environment.
Deploying Cisco Connected Mobile Experiences WCMX will prepare professionals to use the Cisco Unified Wireless
Network to configure, administer, manage, troubleshoot, and optimize 2.0
(WCMX) utilization of mobile content while gaining meaningful client analytics.

Cybersecurity Cisco education offerings

Understanding Cisco Cybersecurity The SECFND course provides understanding of CCNA® Cyber Ops
Fundamentals (SFUND) cybersecurity’s basic principles, foundational knowledge,
and core skills needed to build a foundation for
understanding more advanced cybersecurity material &
skills.
Implementing Cisco Cybersecurity This course prepares candidates to begin a career within a CCNA® Cyber Ops
Operations (SECOPS) Security Operations Center (SOC), working with
Cybersecurity Analysts at the associate level.
Cisco Security Product Training Official deep-dive, hands-on product training on Cisco’s
Courses latest security products, including NGFW, ASA, NGIPS,
AMP, Identity Services Engine, Email and Web Security
Appliances, and much more.
For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com

Cybersecurity Cisco education offerings

CCIE Security 5.0 CCIE® Security
Implementing Cisco Edge Network Configure Cisco perimeter edge security solutions utilizing Cisco CCNP® Security
Security Solutions (SENSS) Switches, Cisco Routers, and Cisco Adaptive Security Appliance
(ASA) Firewalls
Implementing Cisco Threat Control
Solutions (SITCS) v1.5 Implement Cisco’s Next Generation Firewall (NGFW), FirePOWER
NGIPS (Next Generation IPS), Cisco AMP (Advanced Malware
Protection), as well as Web Security, Email Security and Cloud
Implementing Cisco Secure Access Web Security
Solutions (SISAS)
Deploy Cisco’s Identity Services Engine and 802.1X secure
Implementing Cisco Secure Mobility network access
Solutions (SIMOS)
Protect data traversing a public or shared infrastructure such as
the Internet by implementing and maintaining Cisco VPN
solutions
Implementing Cisco Network Security Focuses on the design, implementation, and monitoring of a CCNA® Security
(IINS 3.0) comprehensive security policy, using Cisco IOS security features
For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com
Data Center / Virtualization Cisco education
offerings
Introducing Cisco Data Center Networking (DCICN) Get job-ready foundational-level certification and CCNA® Data Center
Introducing Cisco Data Center Technologies (DCICT) skills in installing, configuring, and maintaining
next generation data centers.
Implementing Cisco Data Center Unified Computing (DCUCI) Obtain professional level skills to design, CCNP® Data Center
Implementing Cisco Data Center Infrastructure (DCII) configure, implement, troubleshoot next
Implementing Cisco Data Center Virtualization and Automation generation data center infrastructure.
(DCVAI)
Designing Cisco Data Center Infrastructure (DCID)
Troubleshooting Cisco Data Center Infrastructure (DCIT)
Product Training Portfolio:DCAC9K, DCINX9K, DCMDS, DCUCS, Gain hands-on skills using Cisco solutions to
DCNX1K, DCNX5K, DCNX7K, CACND, DSACI, HFLEX configure, deploy, manage and troubleshoot
UCSDF, UCSDACI, DCUCCEN unified computing, policy-driven and virtualized
data center infrastructure.
Designing the FlexPod® Solution (FPDESIGN) Learn how to design, implement and administer Cisco and NetApp Certified
Implementing and Administering the FlexPod® Solution (FPIMPADM) FlexPod® solutions FlexPod® Specialist
Designing the VersaStack Solution (VSDESIGN) Learn how to design, implement and administer
Implementing and Administering the VersaStack Solution (VSIMP) VersaStack solutions

Network Programmability Cisco education
offerings
Developing with Cisco Network Provides Application Developers with comprehensive curriculum to Cisco Network Programmability
Programmability (NPDEV) develop infrastructure programming skills; Developer (NPDEV) Specialist
Addresses needs of software engineers who automate network Certification
infrastructure and/or utilize APIs and toolkits to interface with SDN
controllers and individual devices
Designing and Implementing Cisco Network Provides network engineers with comprehensive soup-to-nuts Cisco Network Programmability
Programmability (NPDESI) curriculum to develop and validate automation and programming skills; Design and Implementation
Directly addresses the evolving role of network engineers towards more (NPDESI) Specialist Certification
programmability, automation and orchestration
Programming for Network Engineers (PRNE) Learn the fundamentals of Python programming – within the context of Recommended pre-requisite for
performing functions relevant to network engineers. Use Network NPDESI and NPDEV Specialist
Programming to simplify or automate tasks Certifications
Cisco Digital Network Architecture This training provides students with the guiding principles and core
Implementation Essentials (DNAIE) elements of Cisco’s Digital Network Architecture (DNA) architecture and
its solution components including; APIC-EM, NFV, Analytics, Security
and Fabric.

Cloud Cisco education offerings

Learn how to perform foundational tasks related to
Understanding Cloud Fundamentals (CLDFND)
Cloud computing, and the essentials of Cloud CCNA® Cloud
Introducing Cloud Administration (CLDADM)
infrastructure, administration and operations
Implementing and Troubleshooting the Cisco Cloud Infrastructure

(CLDINF) Obtain professional level skills to design,
Designing the Cisco Cloud (CLDDES) automate, secure, provision and manage private CCNP® Cloud
Automating the Cisco Enterprise Cloud (CLDAUT) and hybrid Clouds
Building the Cisco Cloud with Application Centric Infrastructure (CLDACI)
Product Training Portfolio:
CloudCenter: CLDCTR* Gain in-depth hands-on skills using Cisco
UCS Director: UCSDF, UCSDACI solutions to configure, deploy, manage and
Prime Service Catalog: PSCF, PSCI, PSCD troubleshoot Cloud deployments
MetaPod: MPODF20
*Available Q3FY18

Collaboration Cisco education offerings

CCIE Collaboration Advanced Workshop (CIEC) Gain expert-level skills to integrate, configure, and troubleshoot CCIE® Collaboration
complex collaboration networks
Implementing Cisco Collaboration Applications Understand how to implement the full suite of Cisco collaboration CCNP® Collaboration
(CAPPS) applications including Jabber, Cisco Unified IM and Presence, and Cisco
Unity Connection.
Implementing Cisco IP Telephony and Video Learn how to implement Cisco Unified Communications Manager, CCNP® Collaboration
Part 1 (CIPTV1) CUBE, and audio and videoconferences in a single-site voice and video
network.
Implementing Cisco IP Telephony and Video
Part 2 (CIPTV2) Obtain the skills to implement Cisco Unified Communications Manager
in a modern, multisite collaboration environment.
Troubleshooting Cisco IP Telephony and Video
(CTCOLLAB) Troubleshoot complex integrated voice and video infrastructures
Implementing Cisco Collaboration Devices Acquire a basic understanding of collaboration technologies like Cisco CCNA® Collaboration
(CICD) Call Manager and Cisco Unified Communications Manager.
Implementing Cisco Video Network Devices Learn how to evaluate requirements for video deployments, and
(CIVND) implement Cisco Collaboration endpoints in converged Cisco
infrastructures.

Service Provider Cisco education offerings

Deploying Cisco Service Provider Network Routing SPROUTE covers the implementation of routing protocols (OSPF, IS-IS, BGP), CCNP Service Provider®
(SPROUTE) & Advanced (SPADVROUTE) route manipulations, and HA routing features; SPADVROUTE covers advanced
routing topics in BGP, multicast services including PIM-SM, and IPv6;
Implementing Cisco Service Provider Next-
Generation Core Network Services (SPCORE) SPCORE covers network services, including MPLS-LDP, MPLS traffic
engineering, QoS mechanisms, and transport technologies;
Edge Network Services (SPEDGE) SPEDGE covers network services, including MPLS Layer 3 VPNs, Layer 2 VPNs,
and Carrier Ethernet services; all within SP IP NGN environments.
Building Cisco Service Provider Next-Generation The two courses introduce networking technologies and solutions, including OSI CCNA Service Provider®
Networks, Part 1&2 (SPNGN1), (SPNGN2) and TCP/IP models, IPv4/v6, switching, routing, transport types, security, network
management, and Cisco OS (IOS and IOS XR).
Implementing Cisco Service Provider Mobility UMTS The three courses (SPUMTS, SPCDMA, SPLTE) cover knowledge and skills Cisco Service Provider Mobility
Networks (SPUMTS); required to understand products, technologies, and architectures that are found CDMA to LTE Specialist;
Implementing Cisco Service Provider Mobility CDMA in Universal Mobile Telecommunications Systems (UMTS) and Code Division Cisco Service Provider Mobility
Networks (SPCDMA); Multiple Access (CDMA) packet core networks, plus their migration to Long- UMTS to LTE Specialist
Implementing Cisco Service Provider Mobility LTE Term Evolution (LTE) Evolved Packet Systems (EPS), including Evolved Packet
Networks (SPLTE) Core (EPC) and Radio Access Networks (RANs).
Implementing and Maintaining Cisco Technologies Service Provider/Enterprise engineers to implement, verification-test, and Cisco IOS XR Specialist
Using IOS XR (IMTXR) optimize core/edge technologies in a Cisco IOS XR environment.

Internet of Things (IoT) Cisco education offerings
Managing Industrial Networks for An associate level instructor led lab based training CCNA® Industrial
Manufacturing (IMINS2) focuses on common industrial application protocols,
security, wireless and troubleshooting designed to
prepare you for the CCNA Industrial certification
Managing Industrial Networks with This instructor led lab based training addresses Cisco Industrial
Cisco Networking Technologies (IMINS) foundational skills needed to manage and administer Networking Specialist
networked industrial control systems for today's
connected plants and enterprises. It helps prepare plant
administrators, control system engineers and traditional
network engineers for the Cisco Industrial Networking
Specialist certification.
Control Systems Fundamentals For IT and Network Engineers, provides an introduction to Pre-learning for IMINS,
for Industrial Networking (ICINS) industry IoT verticals, automation environment and an IMINS2 training &
overview of industrial control networks (E-Learning) certifications
Networking Fundamentals For Industrial Engineers and Control System Technicians, Pre-learning for IMINS,
for Industrial Control Systems (INICS) covers basic IP and networking concepts, and IMINS2 training &
introductory overview of Automation industry Protocols. certifications

Data and Analytics Cisco education offerings
Course Description
ANDMB – Data Management, Architecture and Applications Provides hands on training with a technical mix of application, compute, storage and
networking topics concerning the deployment of Big Data clusters.
ANDMA – Advanced Data Management, Architecture and Covers major architecture design to cater to different needs of the application, data center
Applications or deployment requirements. It provides architectural designs and advanced hands-on
training on topics covering Scaling of cluster to thousands of nodes and management, Data
Life Cycle management with HDFS tiered storage, and different approaches for Multi-tenant
Hadoop cluster deployments with Openstack
Data and Analytics training page: http://www.cisco.com/c/en/us/training-events/resources/learning-services/technology/data-analytics.html

Digital Business Transformation
Cisco education offerings
For Technology Sellers:
Adopting the Cisco Business Architecture Builds skills to discover and address technology needs using a Cisco Business Architecture
Approach business-focused, consultative sales approach, broadly applicable and Analyst
targeted to prepare for the digital transformation journey that is
demanded across the business world.
Applying Cisco Business Architecture Provides tools and skills training to prepare the learner to use a business Cisco Business Architecture
Techniques led approach to technology solutions sales and deployments. This Specialist
continues the journey begun with the Adopting the Cisco Business
Architecture Approach above
Mastering the Cisco Business Architecture Builds skills, and proven, real-world techniques to prepare for a Cisco Business Architecture
Discipline Business architect leadership role in the sales and deployment of Practitioner
transformative technology solutions.
Cisco Customer Success Manager Specialist Prepares for the crucial role that drives adoption and enablement, Cisco Certified Customer
ensuring that customers achieve their expected business outcomes, and Success Manager
reduces churn/increases renewal for services and subscription based
products.

Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.
Cisco Live sessions will be available for viewing on

demand after the event at ciscolive.com.
Session ID © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 252
Continue your education
Demos in the
Walk-In Labs
Cisco Showcase
Meet the Engineer

Related sessions
1:1 meetings
Presentation © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 253
Thank you

Teccrs 3006

Uploaded by

Copyright:

Available Formats

Teccrs 3006

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Teccrs 3006

Uploaded by

Copyright:

Available Formats

Cisco Enterprise NFV Deep

Dive and Hands-On Lab

Will Allison – Solutions Architect

Software Defined Branch

Will Allison Ramesh Kalimuthu Ryan Shoemaker

direction of eNFV solution on LAN & WAN solutions

▪ Delays enabling new connectivity

▪ Difficult to manage multiple network

• High availability • Simplification of physical network architecture

• Best-of-breed • Leveraging Virtualization benefits

• Increased potential for automated network

“(It) is a way of extending software-defined principles

“Consolidate hardware network functions into a single

1NetworkWorld 2SDXCentral 3Cisco

Simplify day to Quickly roll out new Consistent network policies

Use vManage, Cisco DNA Center, MSX/NSO to manage your Branch

Controller lead, modular architecture that allows for use of

Turn-key automation Cisco SD-WAN controllers are used for automation,

Can be used to • SD-WAN migrations

Built on Enterprise Network Compute System (ENCS 5000)

Centralized Orchestration and Management

Consistent, trusted network services across all the platforms

Hardware and software independence

vManage / Cisco DNA Center / Network Service Orchestrator/ MSX

Virtual WAN eWLC

Network Functions Virtualization Infrastructure Software (NFVIS)

Enterprise Network CSP-5000 Select

Best of Routing Complete Open for Third Party

Enterprise Network Compute System

ENCS 5100 Series

ENCS 5400 Series

ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412

Dedicated Lights- (Optional) Internal

8 Integrated LAN Ports USB 3.0 Network Interface 2 HDD or SSD

Hardware 2 Onboard Gigabit

Size: 1 RU 16 & 32 GB 4-Core AMD M.2 Storage

Integrated Console 4 GE ports 2 x USB 3.0

5100 Series 5400 Series

• 8-port Gigabit Ethernet Layer 2 Switch

• Single Integrated Power Supply Unit

• Universal POE on built-in LAN ports (Up to 60W)

WAN T1/E1 1, 2, 4 & 8 ports 3.6.1

Voice T1/E1 1, 2, 4 & 8 ports 3.9.1

Async NIM 16 and 24 ports 3.8.1

WAN xDSL Multi-mode VDSL2 / ADSL Annex A, B & M 3.9.1

WAN Ethernet Dual-PHY: 1 & 2 ports 3.9.1

• 1 core = 1 vCPU = 1 physical core

• 1-core allocation for NFVIS to

• 2-core minimum allocation for ISRv

• Multiple VNF profiles target specific

• 1 core = 1 vCPU = 1 physical core

Hypervisor & vSwitch functions

• 1-core minimum allocation for ISRv or vEdge

1 2 3 4 • Multiple VNF profiles target specific

4-core AMD CPU • Cisco VNFs will be pinned to respective cores

Motherboard M.2 2 External Drive Bays

• Virtual switch - introduced by the hypervisor

• SR-IOV - by connecting the VNF directly to the physical NIC

• PCI Passthrough* – dedicating the entire NIC to the VNF directly