Post on 16-Apr-2017
Network Services Orchestration
Praveen Vengalam
Co-Founder, VP of Engineering
Kiran Sirupa
Director, Marketing
Multi-vendor Network Service Orchestration
software for Campus, Branch, Data Center &
Carrier Networks
3
Core focus
Anuta Networks
4
Customers
Production deployments with Fortune 100 Enterprise
& SP & Managed Services Providers
Deployed across Americas, ANZ, Asia-PAC and
EMEA
Our Mission
Model driven agile network services
Deliver Platform & SDK to enable customers & partners
to build Apps
Company
Extensive Experience in Networking and model driven
Architecture
Global Operations - Americas, India, ANZ, Asia-PAC and EMEA
Product
Multi-Vendor YANG driven Software only platform
(35+ Vendors, 100+ Platforms)
Pluggable & Micro services oriented Architecture
Horizontally scalable with Multi-Tenancy
Telco/SP/Fortune 500 Top of the mind
Business Needs S/W Architecture Expectations
• Agile Network Service Delivery
• Business Intent based Service orchestration
• Standardization of network services
• Self-service
• Brownfield Network & Service Discovery
• Migration path to SDN/NFV
• X-Domain, X-Platform, X-Technology, X-Form-Factor
• Visibility into Infrastructure & Service
• Configuration Drift & Compliance
• Role based Access & Tenancy
• Reduce Human errors
• Pluggable
• Highly Available
• Highly Scalable, Micro Services & Federated
• Standards based
• 100% Open APIs
• Horizontally Scalable
• Geo redundant (DR)
• Vendor, Technology & Domain Neutral
• Resilient, Hardened, Enterprise, Telco Grade
Anuta NCX Orchestration Platform
Orchestration for
Multiple
Networking
Domains
Self Serve Portal Service Manager, OSS, BSS
Anuta NCXOrchestration Platform
Anuta NCXVNF Mgr
NCX Portal
Use case and Challenges
Case Study – Branch Automation – Tier-1 MSP in APAC
One of the largest Telco
> 100K CPE or Branch Locations from 1000+ customers
Global Presence
Branch Automation for Managed Services Customer
Automate and manage the Branch Router for customers who avail L3VPN service
Multi-Vendor, Physical, Hybrid and Virtual Network Services
Triggered policy push , Ability to switch over the traffic from primary WAN to
secondary WAN.
Solution
Profile
IETF YANG Based NCX Network Services Platform
ZTD of new Branch
NCX as the orchestrator performs ZTD of new branches and manage the MSP
managed CPE devices.
NCX monitors KPI of the CPE and triggers the traffic over secondary CPE device by
modifying the relevant configurations.
Lab Topology
MSP
Data Center
NCX
Self Service Portal
OSS/BSS
NCX Agent
ESXi
VM NCX
Spoke-2
Spoke-3 HQ
DC/HUB
Spoke-1
vWanOp
FW
R1
R2
Physical
CPE
Hybrid
CPE
Virtual
CPE
vFW
vWanOp
vRouter
NCX Agent
Large Enterprise
MPLS
L3VPN
OpenStack vCenter
Spoke-2
Spoke-3
Spoke-1
Physical
CPE
Hybrid
CPE
Virtual
CPE
vFW
vWanOp
vRouter
OpenStack
vCenter
SME/SMB etc.,
Case Study – Enterprise Connectivity & Managed DC
Profile
70 Data Centers supporting 20,000+ enterprise customers
HPE, Juniper, F5, Cisco, Checkpoint
Orchestration of BGP Peering between Enterprise HQ/DC to MSP
Service spans 8 global sites
Orchestration of Access, Aggregation, Distribution, Core and WAN Edge layers
Challenges
Multi-tenant and Multi-Vendor Managed DC
Manual process to manage and troubleshoot network services
Results
End-to-End orchestration for multi-vendor infrastructure using YANG models
Self-Service Automation dramatically reduces OpEx
Enables MSP to offer value added services to their managed customers
Currently rolling out in 4 DC with a phased approach
Physical Topology-Prod
Compute Node
R1-USTSMWRHPES001
WCL 6804
USTSMWSHPES001
SW1 5900
USTSMTHPES001
SW2 - 5900
R2-USTSML3HPES001
R2-12508
Compute Node
R3-USTSMWRHPES002
WCL 6604
USTSMWSHPES002
SW3 5900
R4-USTSML3HPES002
R4-12508
USTSMTHPES002
SW4- 5900
Mgm
tN
w
CWDM
(Port-Channel)
IP-7
IP-6
IP-5
V2997(VX) V2547(VY)
IP-2
IP-1
IP-3
R1
WCL
R3
WCL
R4
L3- VRF-AR2
L3 VRF-A
V1381
v1382V1381
v1382
R2/R4
L3
VRF-B
V1381(VZ)
V1382(VA)
V1382(VA)
VE
VBVCVD
Tenant Instance /
Logical Network
CSP-2CSP-1
NCX
Case Study – Managed Enterprise Services
Profile
Major Tier1 MSP serving over 7000 managed network customers
and over 120,000 CPE devices
Use case and Challenges
Manual activation of Customer vCPE devices
Activation of new management services takes months
Operator driven instead of Customer self-service driven
Solution
Customer Self-service user service activation/de-activation and
reporting
Differentiated service offering with integration into VMware
vRealize, ScienceLogic
Integration with Infoblox for IPAM, Cisco ACS for Secure
authentication
YANG based Extensible Platform to support future growth and
requirements
End Points – Cisco Catalyst 6500, Cisco ASA-SM, Cisco ACS,
VMware vRealize, ScienceLogic, Infoblox, Juniper CSO
Managed Services
Network Infra
Customer
Site
Anuta NCX NFV
Orchestrator &
VNF Manager
Telstra IPMAN
Network
Customer
Site
Telstra Self-Serve
Portal
Cisco vASA
Cisco Catalyst 6500
Cisco ASA-SM, Cisco ACS
VMware vRA
vCenter
ScienceLogic
Infoblox
Virtual Network
Infra
ArcSight & Other App
VMs for Tenants
Cisco vASA
Telstra Data Center
Tenant Service VMs
& Physical Infra
Use case and Challenges
Case Study - vCPE
Need for a turn-key CPE solution for retail business customers with faster speed to
market
Current deployment model for retail CPEs inefficient due to the geographic spread,
shortage of skilled local engineers and servicing costs of hardware
Profile
Major Tier1 MSP serving over 7000 managed network customers and over 60,000
CPE devices
Looking to fill a key gap in the Retail space with Virtual CPE solution that can be
bought over the counter from MSP outlets
Solution
x86 hardware, Ubuntu Linux and KVM hypervisor
Cisco CSR1kV as vRouter, Juniper vSRX as vFirewall
Openstack as the virtual infrastructure manager
OVS orchestrated via Openstack API
NCX as the VNF Manager and performing end to end orchestration and service
chaining
Nova API
Openstack
vApp Images
KVM Hypervisor
Open
vSwitch
vRouter
vFirewall
Neutron API
NCX
vCPE
Internet
VNF Manager
(Deploy, Destroy,
Scale Up/Down)
To LAN
LTE
LTE
NFV Orchestration,
Service Chaining
Orchestration
Flow
vApp
Images
InternetMSP CMI (Mgmt)
Managed Services
Service Delivery Life Cycle (DevOps View)
Describe/DesignDevelop &
Deploy
Operate,
ConsumeAssurance
Product Manager
Service OwnerDevOps
Operations
Tenants
LOB
Operations
NCX starter kits for
vCPE, SD-WAN, L3
VPNs etc.
Customer Extensions
using SDK
Service Catalogs
and On-demand
Service Provisioning
KPI Model-driven
Assurance and
Reconciliation
How is Network Service intent expressed - Cisco IWAN APP
Deployment Complexity of IWAN
Various Technologies
Virtual CPE
Routing, DMVPN
Wan Optimization
Security
AVC, PFR
2000s of Lines of Configuration per IWAN Domain
1000s of lines of Configuration per Site
1000s Of sites/Devices
Various Service Verification Mechanisms
Diagnostics/Troubleshooting
Existing Mechanism Takes Months to Productize
IWAN – Design, Develop & Deploy IWAN
NCX enables Cisco IWAN CVD to be Productized in less than 2
weeks
Cisco IWANApplication
Deployment
Day0
(SNMP, NTP, Other)
NCX Starter
Kits
Cisco IWANApplication
Deployment
Day0
(SNMP, NTP, Other)
Customer
Extensions
Deploy Service Templates
CPE, Layer 3 VPN,
etc.,
NCX
Cisco IWAN CVD Modeled in
YANG as a Service Template
Publish Services
Customer/Partner/NCX Services + NCX
SDK will help customize
East-West Integration
NCX High level Architecture
Integration & Service Delivery PlatformOperations/Support
NCX Portal
Tenant/ConsumerAdmin/Operator/DevOps/Tenant
Business Process /
Workflow
Business
Portal
X-Domain
Orchestrator
Ticketing
Systems
Service
Assurance
License Mgr
Image Mgr
CMDB
IPAM/DNS/
DHCP
VNF Mgr
PnPOther NMS or Information
Providers
Syslog/
SNMP Rcvr
Service
Assurance
Certificate
Mgr
Analytics
Physical/Virtual Network Infrastructure
NCX Orchestration Platform
Service Inventory
Device
Inventory
Network
Inventory
YA
NG
Data
Sto
re
SNMP CLI REST API/SDK SNMP-TRAP NETCONF SYSLOG YANG
RESTCONF
Service
Manager
Resource &
VNF
Manager
NCX
Platform
services(RBAC, Persistence,
etc.,)
Capacity
Manager
Audit &
Reconcile
Engine
YANG
Model
Engine
ANY Network Service or Application
ANY Technology or Architecture
ANY Vendor, Platform or Device Type
ANY Southbound Interface (CLI, REST, YANG,
NETCONF etc.,)
YANG Model Driven Device, Network and Service
Model Driven, Layered and abstraction
approach helps in delivering vendor neutral,
extensible and maintainable services
• Significant Out-of-the-box support – Device Models,
Vendor Validated Designs/Service Models
• Extensible
> 35 Vendors Supported
> 100+ Device platforms supported
> 10,000+ Device Commands/APIs mapped
Out of the Box Device Models, Model Mappings & Best Practice
Service Models for:
Public Cloud, Private Cloud with SDN Controller
Carrier Core / Mobile backhaul
Branch, Campus, Data Center Interconnect
SD-WAN, Virtual CPE & NFV Use cases
OpenStack or VIM
Mobile Packet Core
Metro Ethernet, Optical
L3VPN / Wholesale Services
Layered Model Driven ArchitectureDevice, Network, Infra, Service & Assurance
Effort – Hours for minor extensions
Days to 2 weeks for a new Device
Anuta routinely publishes Vendor, Platform
& Technology specific models either adapted
from IETF, OpenConfig, or Custom
developed
Device & Infra Models (YANG)
(IETF, OpenConfig or Anuta)
Concrete
Mappings
Service Intent/Model
(YANG)
Mappings & Custom Business Logic
Concrete
Mappings
Legacy Vendor-B
Native Device
Model (YANG)
Juniper
Custom Logic in Java/Python
Effort - Hours to Few days based on Service
KPI Model
(YANG)
Compliance Model
(YANG)
NCX Portal, Code Generation Tools, Other API Tools/Clients
R E S T C O N F A P I
Layer-3 VPN, Layer-2 VPN
Application Container
Load Balancer As a Service
Security as A Service
Find Unused Ports on a Switch
QOS Assessment and remediation
Bulk AAA and User management changes
Security Vulnerability assessment
Network Service ExamplesCLI REST API/SDK NETCONF YANG gRPC SYSLOG SNMP-TRAP SNMP
NCX platform provides automatic UI & API support for any models
deployed. No additional effort required by Customer/Partner.
NCX SDK allows all models to be developed by
Customer, Partner.
Model Driven Service Assurance
Audit & Reconciliation provides basic Service policy
enforcement
Operational data collection and triggers on Certain
thresholds
KPI Model
Watch on Interesting Data Node Changes or other Events [
Interface-up-down, Interface-Errors, IP Address assignment
changed, VLAN Removed etc.,]
Mapped to Device, Network or Service Model attributes
Will encompass – Repetition, Sequence/Ordering, Interval and
build KPI as a state machine
Multiple Triggers can be collated into a KPI Model which include
some of the Performance, Availability and Health metrics
Event driven Service provisioning can be done on following
types of Data:
Configuration
Operational
Statistics
Integration with 3rd Party Assurance & Analytics
platforms
Information
Model
Devices(Assets, Inventory, etc.,)
Resource Groups(Sites, Locations, etc.,)
Other Components(IPAM, DNS, Certificates etc.,)
Service
(Multi-site Branch, L3
VPN, etc.,)
Service Assurance Model
(SLA, Metrics, etc.,)
NCX
Provision
Compliance
Error
Remediate
Infrastructure
Enforce SLA
3rd Party Assurance
Platform
Provision
Monitor
KPI
Monitor KPI
Vendor Support
Vendor Devices Types VNFs
A10 Networks vThunder
Affirmed Networks vEPC vEPC
Alcatel-Lucent 7750 series, 7705 series
Arista Networks 7000 Series
BlueCat BlueCat Address Manager (DNS) & IPAM
Brocade
VDX 8770, FastIron, BigIron series Vyatta 5400, 5600, SteelApp
SteelApp
vEPC vEPC
6900, 8000, VDX 6700 series
Blue Coat ProxySG
Centina Systems Service Assurance Platform
Check Point Checkpoint Provider-1, Security Gateway Checkpoint R77 Virtual Security Gateway
Cisco
ASR 9K, ASR 1K, 7600 series, ASR1000, CSR1000vCisco VSG, Virtual WAAS, Virtual ASA, CSR 1000V, XRV, Virtual
WSA*
Catalyst 2900, 3560, 3600X, 3750, 4K, 6500 Series Switches
ISR Family - 800, 1800, 2800, 2900, 3800 and other
Nexus 1K, 2K, 3K, 5K, 7K, UCS Fabric Interconnect
ASA 5500 series, FWSM, ASA SM, CSR1000v, Virtual ASA, VSG
ACE-Appliance, ACE-Module
VNMC, WAAS, SM-SRE, WAN E-574 to 8541 appliances, WSA
MME*, P/S-GW vEPC
Citrix NetScaler MPX, SDX VPX
Ericsson SSR 8000
F5 NetworksBIGIP-LTM, BIGIP-GTM, 3600, VIPRION 2400 Virtual LTM, GTM
BIG-IQ
Fortinet Fortigate 3140, 3140B Virtual FortiGate
HitachiAlaxala AX-3650, Alaxala – AX1240, AX2530
Apresia 15000, Apresia LightGM124/118/110GT-SS
Vendor Support
Vendor Devices Types VNFs
HP
5800, 5900, 6000 series
12500, 10500, 7500 series VSR 1000
HPE Helion HCG, HP DCN
Huawei NE40-X8, NE40-X3 series
Infoblox IPAM
Juniper
MX-80 series, MX-480, MX-960, VGW, SRX, Virtual SRX Juniper VGW, Juniper vSRX
EX Series Switches
Contrail, JUNOS Space
Microsoft SCVMM
Neustar Neustar DNS Service
Nuage Nuage VSP
Oracle Opus Switches
Palo Alto Networks PA and VM Series
Radware 5412XL, ADC-VX 5412XL, ADC-VX
RedHat OpenStack
Riverbed Virtual and Physical Steelhead Steelhead
ScienceLogic Service Assurance Platform
Splunk Syslog
Venafi Certificate Mgmt
VMWare DVS, vCenter, ESXi, vShield Edge Gateway, vRealize, ESXI, vCenter ESXI, DVS, vShield Edge Gateway, vCNS
CSP Interconnect Amazon AWS, IBM SL, Vmware vCloud Air, Cisco CCS, Microsoft Azure
Cloud Portals OpenStack
Public Cloud/Hybrid Cloud AWS
Demo Use-Case : Cisco SD-WAN Branch Orchestration
Deployment Complexity of IWAN
Various Technologies
Virtual CPE
Routing, DMVPN
Wan Optimization
Security
AVC, PFR
2000s of Lines of Configuration per IWAN Domain
1000s of lines of Configuration per Site
1000s Of sites/Devices
Various Service Verification Mechanisms
Diagnostics/Troubleshooting
Existing Mechanism Takes Months to Productize
IWAN – Design, Develop & Deploy IWAN
NCX enables Cisco IWAN CVD to be Productized in less than
2 weeks
Cisco IWANApplication
Deployment
Day0
(SNMP, NTP, Other)
NCX Starter
Kits
Cisco IWANApplication
Deployment
Day0
(SNMP, NTP, Other)
Customer
Extensions
Deploy Service Templates
CPE, Layer 3 VPN,
etc.,
NCX
Cisco IWAN CVD Modeled in
YANG as a Service Template
Publish Services
Customer/Partner/NCX Services + NCX
SDK will help customize