Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
www.lightleading.com
REPORT
MARCH 2015
TESTING
PARTNER:
PARTICIPATING
COMPANY:
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
REPORT
TESTING
PARTNER:
MARCH 2015
PARTICIPATING
COMPANY:
contents
www.lightleading.com
Introduction
EANTC Heads to San Jose
Step 1: The CSP Evaluation and Proof of Concept Stage
Step 2: The Deployment Stage Cisco Service Provider SDN Deployment Tools
WAN Automation Engine: Maintenance Planning
Cisco WAN Automation Engine Disjoint Tunnel Creation
Cisco WAN Automation Engine Bandwidth On Demand
Cisco WAN Automation Engine Bandwidth Calendaring
Cisco WAN Automation Engine Tunnel Split/Merge Manager
WAN Automation Engine Summary
Cisco Network Service Orchestrator enabled by Tail-f
Cisco Network Service Orchestrator Service Provisioning
Cisco Network Service Orchestrator Service Modification
Cisco Network Service Orchestrator Service Restoration
Cisco Network Service Orchestrator Service Restoration Due to Node Failure
Cisco Network Service Orchestrator Device Management
Cisco Network Service Orchestrator Service Model Modification
Cisco Network Service Orchestrator (NSO) Tests Summary
Step 3: The Cloud Services Creation and Delivery Stage, Cisco Cloud Managed VPN Solution for Virtual Managed Services
Cisco Cloud VPN: Behind the scenes
Cisco Cloud VPN Solution Life Cycle Conclusion
Production Environment Application Demonstrations Project Squared and Mobility IQ
Conclusion: Meaningful Developments
02
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
TESTING
PARTNER:
MARCH 2015
Introduction
many of the same techniques were used in this engagement with Cisco,
right now is: How can I build and run a programmable, intelligent,
responsive, efficient, flexible, secure yet open network that has a
high degree of automation, enables me to configure and activate new
services quickly, makes best use of emerging cloud capabilities, meets
customers needs and helps me make money?
EANTC found itself faced not so much with a set of boxes that needed to
enabling architecture and environment that could be functionally
explored and put through its paces.
What they found is that a number of complex provisioning and fault
management aspects of service provider networks can be automated
and programmed on demand, and that services can be rolled out
much more quickly and easily than with traditional configuration and
activation tools.
Yes, its a major challenge but its not insurmountable. There are
many smart innovators in the global communications and networking
solutions every day. What CSPs need to know is whether these new,
T
he Light Reading team and Jambi I. Ganbar, Senior Technical
PARTICIPATING
COMPANY:
important questions.
Once such experiments are over and CSPs understand the possibilities,
Cisco can then support their customers with development tools that
will help them create the cloud solution that best suits them, as well as
03
Step 3:
The Cloud Services Creation and Delivery Stage
Cisco offers the capabilities to manage and run network services and
applications using cloud-enabled data centers. This is a long-term play
-- a cloud service based on Ciscos expertise in networking and the
H
ow can communications service providers (CSPs) comprehend the
myriad possibilities the new world of virtualization and softwaredefined networks brings?
How can CSPs develop and offer new services with the same speed
and flexibility as web services/OTT players such as Google, Amazon
and Netflix?
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
MARCH 2015
04
TESTING
PARTNER:
The pod also has enough rack space to host any additional
components, enabling the CSP to incorporate additional systems from
Cisco or even from other vendors.
The aim of the pod is to enable a CSPs R&D team to directly interact
with that CSPs operations group in order to address questions around
scalability, security, high availability, and so on. It has other benefits
too, as it could shorten the time needed to get from concept to service
development and creation and bring CSPs closer to a web speed
development timeframe.
All of this is part of Ciscos efforts to help CSPs speed up the
decision-making and development processes as they consider their
virtualization strategies.
The next logical step, following the evaluation stage, is for a CSP to
move to the deployment process.
Step 2:
The Deployment Stage Cisco Service
Provider SDN Deployment Tools
PARTICIPATING
COMPANY:
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
TESTING
PARTNER:
MARCH 2015
PARTICIPATING
COMPANY:
extra protection against packet loss. As the Cisco team noted, this
is particularly important when the content is video and the content
provider does not want to lose any packets in case failure occurs.
Once the tunnel disjoint command ran, we logged back into the routers
to find a very different configuration than the simple one line that was
used to create the LSPs previously.
So, how can a CSP guarantee that two transport paths are diverse
enough so that the content provider is not risking the loss of any
packets in the case of a single link or node failure?
We then waited five minutes and verified that the links were being
used based on the Ixia N2X tester traffic streams we configured in
the network. We checked to see that the configuration was installed
on both Cisco and the third party router. At that point we increased
the rate of the test traffic and monitored that the colors of the lines
changed based on utilization (the tool uses colors to symbolize link
utilization that made for a nice visual effect over time).
In essence the WAE software function was clear: Verify that two MPLS
transport tunnels, entering the network at different locations but
exiting the network at the same location, do not share any link or node
in the path.
To verify that this function works, we used the MATE tool to build a
pair of LSP (label-switched path) tunnels between the R30 and R35
nodes (the latter node being a third-party router, not a Cisco device).
We generated test traffic and verified via device CLI (command line
interface) that the traffic was passing over the two tunnels.
devices, with the software predicting that the link utilization on the
following routes would be up to 98.7% but would not exceed 100% in
any instance.
With those details as our guide, we decided to put the network, and the
MATE Live softwares predictions, to the test. The Cisco team informed
us that initiating the procedure would generate a paper trail that
would show whether MATE Live provided an accurate prediction.
So while test traffic was running in the network, we entered the lab
and took down the identified RP2 interface to disturb the networks
topology. We then compared the bandwidth predicted by MATE Live
with the actual bandwidth and found them to be almost identical
EANTC -- the application was only 1.04 Mbit/s out).
05
But before we dive deeper into NSO, we still had other WAE functions
we needed to verify.
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
TESTING
PARTNER:
MARCH 2015
PARTICIPATING
COMPANY:
between the browser and the application and confirmed that REST
communications with WAE were being made.
The first application we tested was Bandwidth on Demand. This tool
allows the CSP to dynamically add service capacity between network
As one of the Cisco managers who attended the process noted, this
is a little bit like an autopilot on a plane -- you still need a pilot that
really knows what he is doing on the plane to operate it.
to add bandwidth for those weeks -- and only for those weeks -- all
these engineers we are hosting will enjoy faster download times and
will have an easier time collaborating with their developer colleagues
who are often located in faraway locations.
Label Switch Path), between two nodes (R35 and R30) and sent traffic
at 762 Mbit/s. Since the link capacity in the lab was 1 Gbit/s for the
majority (but not all) of the path, the GUI displayed the link utilization
in yellow for the GigE links and green for the 10GigE link.
Since we did not specify any hop limit or specific latency, we were
The colors signify certain levels of network utilization and are used
to warn CSPs of the likelihood of congestion: The CSP can set the
capacity for our service. The solution was a network route that most
likely would not have been selected by a human engineer, with the
and yellow above a certain level. The system can also display links in
red, which signifies that an even higher threshold has been breached.
06
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
TESTING
PARTNER:
MARCH 2015
EANTC played the role of the enterprise in this process by using a web
interface to order more bandwidth. Such a capability is a great way
to facilitate speedy off-site backups and database synchronization
-- enterprise IT activities that happen infrequently and require a lot of
bandwidth for a short period of time.
In order to really verify that the system was functioning as expected,
we started a 100Mbit/s test stream across the service. Since our
initial service parameter included just 10 Mbit/s, we recorded 90Mbit/s
traffic loss. We then used the Bandwidth Calendaring web GUI to
increase our capacity to 100 Mbit/s for a duration of 10 minutes.
We clicked the go button and almost immediately the traffic
generator stopped reporting traffic loss.
This speedy reaction from the network, something that an enterprise
customer could immediately use, is a great way for service providers
to improve their service offerings and revenue streams.
There is another element to this tool that is worth noting. As the web
interface shows how this application will run in an international telecom
network, and not in confined test lab, we noted that the nodes were
geographically spread on a map and that latency was an element that
could be configured when making the bandwidth calendaring request.
Since we did not have an impairment generator in the lab, which would
have allowed us to simulate different link latencies, we could not verify
latency constraints would have worked, but we expect this evaluation
to be part of a follow-up test.
PARTICIPATING
COMPANY:
Application Interface
Cisco explained that latency could be taken from geographical
locations, based on latitude and longitude parameters, as well as by
using the Cisco Prime network management tool (which was not part
of the test) to monitor the network and actually add measurement data
to WAEs database.
07
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
TESTING
PARTNER:
MARCH 2015
PARTICIPATING
COMPANY:
-- we were not on the routers CLI, but on the NSO command prompt.
five Customer Edge (CE) routers, connected to two provider edge routers
from Cisco and two Provider Edge routers from another major vendor.
In the core of the lab network we had an IP router. Our goal was to
Cisco IOS-XR.)
the CE routers to send traffic between CE1 and CE2. Since the service
model included a 600Mbit/s shaper, we asked the Cisco team to
The second layer faces southbound, towards the network, and is called
increase the traffic rate to 700 Mbit/s and looked for dropped packets.
that the bandwidth limiter part of the service model was working.
a CLI interface.
Figure 11: Network Topology as Discovered by Ciscos NSO
device manager. Using these two pieces of software, NSO has the
the NSO configuration database (CDB) with the device. We noted that
Cisco was using two different interfaces to the devices: The Cisco
6020) which is, as the IETF RFC 6020 explains, a data modeling
devices used the CLI module, while NSO connected to the third-party
them in a live network today, adding that NETCONF could just have
easily been used to connect the Cisco gear and CLI used to connect to
08
CLI, JSON-RPC, REST, and so on. This layer faces the network operator
from CE1 to PE1 and from CE2 connection to PE2. The activity looked
We now had a topology that included two CE routers and two PEs
routers, all from Cisco -- so we added two third-party routers to
the topology. This time the new service (one CE-to-PE connection)
required six lines of configuration in the NSO CLI interface and
resulted in 191 lines of device configuration and a functioning service.
The Cisco team explained that the devices were already discovered
simply by dragging the CE router onto a PE. Again, we sent tester
traffic to check that the new device was really added to the service.
The results of this initial test were impressive for a few reasons. First,
the NSO CLI we were using felt like a Cisco CLI, which was familiar and
comfortable. Thats because the NSO is able to mimic vendor CLIs:
If a network engineer is more comfortable with another vendors CLI,
NSO can adapt to behave like the other CLI, making it easier to use. As
a result, multi-vendor networks (once service and device models are
applied) could be operated using a single CLI.
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
TESTING
PARTNER:
MARCH 2015
PARTICIPATING
COMPANY:
09
Figure 13: Resulting IP/MPLS L3VPN service (note CE4 re-homed by NSO)
network prior to the issue with the CE router. The NSO reported that a
involved in the service has failed. This time we modified the shaper
team explained, NSO then compares the service model that should
run command again and were provided with a report highlighting the
have been on the device with the current configuration and applies
figure below.
We verified that the service was indeed back to normal operations and
moved on to the next test scenario.
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
TESTING
PARTNER:
MARCH 2015
PARTICIPATING
COMPANY:
seconds, all nine routers were configured with SNMP read-only access
brownfield deployment as well as being very much in line with the drive
towards SDN. In fact, the creation of services through templates looked
a lot more like programming the network than configuring the network.
Figure 15: NSO Commit dry-run output with future changes highlighted
Before applying the configuration, we shut down one of the routers
involved in the service. Now our commit command was rejected by NSO
on the basis that it could not connect one of the devices in the service.
Both service restoration tests showed that Ciscos NSO software is
able to react to changes in the network and save an operator from his
or her own mistakes. The software also demonstrated mechanisms
to allow the operator to easily control the activities that the software
intends to perform.
10
Cisco presented us with a system it created for one of its Tier 1 CSP
device configuration.
customers. The service was completely branded with said CSPs logos
and other corporate identity, which is why the figures we display in this
Of course, we cannot attest to the efforts involved in the creation
section are actually taken from dCloud: The same service exists as an
of the service and device models: That might be a good topic for a
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
TESTING
PARTNER:
MARCH 2015
PARTICIPATING
COMPANY:
At this point Cisco explained that the speed is actually part of the
Our question to the vendor was simple: How will this work? Cisco
license. This meant that the virtual router that will be associated with
explained that once the service is ordered, its Web Security Virtual
where could imagine that small and medium businesses would run
into difficulties. What is SSL VPN and why would I need it? That would
be the first question that would come to mind. In this case, since
we did not know what SSL VPN was, we agreed with the most basic
lot of money. Since we had two sites and the devices also included
recommendation, using the logic, If you dont know what it is, you
WiFi Access Point function, we felt that our caf could benefit from
these elements and we moved on to the next panel. The latter was
an Amazon-like shipping address system that allowed us to send a
Cisco explained that the SSL VPN connection was actually part of the
router to each of our cafs. We then received a nice thank you for your
secure connection to the cloud and that it was required to secure the
purchase panel and, with this, the Cloud VPN service for Lakshmis
After this step was complete, we understood the point of some of the
This is really where the service began to take shape and the power
questions. The price for the basic service was displayed on the first
page. Based on the company profile, additional bandwidth could be
added, at cost, to the service. Cisco uses the company profile data to
recommend what they think will be appropriate for the customer size.
We decided to stick with the recommendations (remember, we are a caf
owner here, not network engineers) and moved on to the next page.
11
Figure 22: Cisco Cloud VPN URL Filtering Shipping Address Panel
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
TESTING
PARTNER:
MARCH 2015
used for management (connected to NSO) and the second tunnel was
used for user data. The logic behind this is that Cisco assumes that
everything is over-the-top, which means NSO and other management
access will have to take place, possibly, over the Internet (hence the
management IPSec tunnel).
Last, but not least, we took two more actions: We added the second
caf to the service and at the end, deleted one of the sites from the
service. We performed both activities from the web interface and used
Ciscos NSO to verify both.
Virtualized Infrastructure
Manager (VIM)
VNF Manager
Orchestrator
not least, we verified there were two IPsec tunnels established using
the CLI of the two routers. Cisco explained that one IPsec tunnel was
PARTICIPATING
COMPANY:
provider, is that they actually just run -- service providers do not have to
spend capex on components to create the service.
As Reinhardt was walking us through the whole production system,
which included Ciscos own data centers as well as public cloud access
and CSP clouds, we noted that a node just came up in one of the
Interclouds service providers. It is no secret that Cisco signed several
included not only connectivity, but also services. Remaining with the
same perspective, we measured 20 minutes to get the whole service
are very different than in the US. For example, a service provider such
cloud, the various automation tools we already tested and open source
more sites, would actually require the same amount of time, since
live and recommended that such tests should be done at a later date.
they only differ from each other by licensing initially. This will be an
see that the following elements map nicely to the NFV architecture:
12
PREVIOUS
TABLE OF CONTENTS
NEXT
LightReading
www.lightleading.com
REPORT
TESTING
PARTNER:
MARCH 2015
were about to see were created by Cisco as a way for CSPs to further
Synergy Research places Ciscos WebEx as the global leader for SaaS
search and encryption), so did the resources they consume. For most
networked enterprises, collaboration tools are also mission-critical,
adhere to the NFV architecture. We also verified that the Cisco solution
works with at least one third-party device and uses free software and
available on the web as well as in the iTunes Store and Google Play.
because Squared is running over multiple clouds, when the recent Xen
giant. Chapeau.
We can confirm that Project Squared is real and so can you, by simply
Cisco, based on the web-based management system they showed us, has
As the concepts of NFV started taking flight, the ISGs CSP members
downloading the applications and using them. We can also confirm that
PARTICIPATING
COMPANY:
testing we could spend more time and delve into this infrastructure.
that provided an overview of the various KPIs and allowed the CSP
The interesting aspect for us, other than the details of how this works,
Cisco has just released Mobility IQ. This SaaS application is designed
was the claim that Cisco made about the way it hopes the service will
to offer deep visibility into small cell and WiFi access. The app is
and perform the whole integration, while service providers will only
And what does the service bring? Well, Cisco was careful to pick
Again, since the system was live, we could not gain access to such
point failure. We can confirm that the system appears to be real and
13
PREVIOUS
TABLE OF CONTENTS
NEXT