Professional Documents
Culture Documents
BRKDCN 2498
BRKDCN 2498
Build Intent-based
Networks with NSO
and Programmable
NXOS
Shankar Varanasy, Product Manager DCN
Aseem Srivastava, Product Manager CPSG
BRKDCN-2498
#CLUS
Who we are?
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda 1 Introduction
2 Solution Overview
3 Building Intent-based
Service Definition
4 Use Cases
5 Demo
6 Summary
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Introduction
What is “Intent” of this Session
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Intent(What) and Prescriptive(How)
Intent (Declarative) Prescriptive(Imperative)
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
“Intent-based networking allows
the network team to simply
describe, in plain language, (what)
they want to accomplish and the
network then makes it happen
(how).”
The Journey to Intent-based Networking
Enterprise Strategy Group (ESG)
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Intent - Real Life scenario
Honey!! Can you get
me a healthy bread on Whole Wheat?
Multi-grain?
your way home ? Is it within Budget?
Store/Location ?
Intent
Mobile conversation
Prescriptive
Store
Employee
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Traditional Networking
Gap between Business Needs and IT Execution
Improved IT Processes
Customer
Growing
Business
Experience
GAP
Security
IT
Improved Threats IT
Operational Infrastructure
Business
Efficiency
Agility IT Budget
Intent
Store
Employee
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Intent-based Infrastructure
Business Intent: Bridging the Gap between Business and IT
Improved IT Processes
Business Intent
Customer
Growing
Business
Experience
Security
IT
Improved Threats IT
Operational Infrastructure
Business
Efficiency
Agility IT Budget
Business Intent
• Capture business Intent
• Translate to Policies Translation Policy & Compliance
• Check Integrity
• Continuous verification
• Insights and Visibility
IT operations
• Corrective actions
Activation Assurance
• Orchestrate Polices
& Automate Systems
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Cisco NSO & NX-OS
CLI
Config
Operational NX-OS
N9000/3000
NETCONF/YANG
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Intent-based Networking solution
With Cisco NSO and Programmable NXOS Application SLAs
Business Intent
NSO
Activation Assurance
• Orchestrate Polices
& Automate Systems NX-OS
** Other systems can also be part of this solution #CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Traditional Networks – Simple Intent Example
Intent: Block Guest users access to company servers
SSH
172.10.0.0/24 Allow
Employee Corporate
Network SSH
Deny
DCI
Guest Network
10.1.0.0/24
Guests
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Traditional Networks – Simple Intent Example
Intent: Block Guest users access to company servers
SSH Allow
10.1.0.0/24
DCI Guest Network
Guests
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Intent-based Networking Example - With NSO & NXOS
Intent: Block Guest users access to company servers SSH
Allow
172.10.0.0/24 SSH
Corporate Deny
Translates
Employee
Intent: Block SSH
Network
Guests
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Intent-based Networking Example - With NSO & NXOS
Intent: Block Guest users access to company servers SSH
Allow
SSH
172.10.0.0/24
Deny
Employee Corporate
Network HumanTroubleshooting
During Error: During
Troubleshooting process ”deny
process ”deny ACLs” were
ACLs” were removed but forgot
NSO
overridden with other
to put them back ACLs
10.1.0.0/24
DCI Guest Network
Guests
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Intent-based Networking Example - With NSO & NXOS
Intent: Block Guest users access to company Servers SSH
Allow
172.10.0.0/24
Continuous verification SSH
Deny
Employee Corporate
Network 1. Does Resync by “sync-from”
10.1.0.0/24
DCI Guest Network
Guests
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
NX-OS Programmability
NXOS Programmability
• Open NXOS architecture
• NXOS-Programming Models
• NXOS Sandbox
• NXOS native YANG Repository
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Cisco Data Center Networks
Providing Choice in Automation and Programmability
Application Centric
Programmable Fabric Programmable Network
Infrastructure
Connection
Creation Expansion
VTS
Reporting Fault Mgmt
DB DB
NX-OS
CLI YANG Processor
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Model-Driven Programmability
Data Modeling, Transport and Protocol
Model-Driven
Configuration
Datastore Model-Driven
State Info
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Models
Native
• NETMOD working • Informal working • Vendor driven
group (RFC 6020 group (multiple- (e.g. Cisco, Juniper,
published in Oct network operators) etc..)
2010)
• Data Model • Compiling a set of • Augmenting a model
decoupled from Vendor-Neutral with extended
Protocol & Encoding Models from features
(XML, JSON) multiple network
operators
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
NXOS – Programming Models
OpenConfig
Model
NX-OS
N9000/3000
Focus of
Native YANG this session
Model
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
YANG Model (RFC 6020)
• Modeling language for network devices
• Main node types:
• Leaf – node with name and value of certain
type (no children)
• Leaf list – sequence of leafs
• Container – groups nodes and has no value
• List – Sequence of records with key leafs
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
CLI & YANG - Example
YANG
list interface {
key ”intf-name";
NX-OS CLI leaf intf-name {
interface Ethernet0/0 type string;
}
ip address 10.1.1.1/24 list address {
no shutdown key "ip-address";
leaf ip-address {
type yang:ip-address;
}
}
leaf admin-status {
type admin-status;
}
}
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Model and Encoding <interface> XML
<name>eth0</name>
Example: YANG, XML and JSON <admin-status>up</admin-status>
<address>
list interface { YANG <ip>192.0.2.1</ip>
key "name";
</address>
leaf name {
</interface>
type string;
} “interface”: [ JSON
leaf admin-status { {
type admin-status; “name”: ”eth0”,
} ”admin-status” : “up”
list address { “address”: [
key "ip"; {
leaf ip { “ip”: “192.0.2.1”
type yang:ip-address; }
} ]
} }
} ]
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
NXOS Sandbox –YANG model & XML Encoding
YANG Model
XML Encoding
Sandbox https://<dev-ip>/
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
NXOS Sandbox – YANG Model & JSON Encoding
YANG Model
JSON Encoding
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Where to find NXOS native YANG Models
GITHUB : https://github.com/YangModels/yang/tree/master/vendor/cisco/nx
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Benefits of Model-Driven Programmability
Data Modeling, Transport and Protocol
010101
Choice of Transport,
Abstract & Simplify
Protocol and Encoding
010101
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Cisco Network Service
Orchestrator (NSO)
Orchestrator Key Requirements
Service Manager
Service
Model Seamless
Device
Package
Manager
integration with
CDB
OSS/BSS
Model
Device Manager
Multi-domain Networks
Multi-domain
Orchestration
NED- Network Element Driver
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Model-based Architecture
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Programmable Network Interface
IT/OSS/BSS Features:
Operations
Network Engineer
• Network-wide CLI and REST
• Transaction-safe operations
Multi-domain Networks
• Minimizing manual fallouts
Fixes these chronic issues: • Device Configuration Management and
• Lack of automation, Managing device configuration Accurate network configuration state
• Quality issues in delivery
• Inflexibility to change existing configuration (create • Golden Configs
and delete only)
• Compliance Reporting
• CLI Scripting—inflexible and high fallout
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Network Service Abstraction
Operations
IT/OSS/BSS Additional Features with Service
Network Engineer
Models:
Service
Model • Full Service automation Lifecycle
Package
CDB Manager • Network run-time modifications
Device
Model • Create, Modify, delete
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Multivendor Abstraction Through NEDs
A NED abstracts
Network Engineering Ops and Provisioning Service Developer • Underlying protocol and data-
models
NSO • Error-handling
Service Manager
Package
The NED computes the ordered
Device Manager
CDB Manager sequence of device-specific
commands to go:
Device Abstraction ESC (VNFM)
• from current configuration state
NED NED NED
VNF Lifecycle VNF Service • to desired configuration state
Manager Monitoring
Key benefits include:
Multi-domain Networks
• removes the device adapter problem
• decouples complex device logic
from the service logic
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
The Industry’s Broadest Multivendor Support
Over 100 Supported NEDs—Customization Available
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
NFV Orchestration: Reactive Fastmap
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
ServiceNow Ansible and
Business
Clear separation between automation intent
applications and automation platform NSO Automation applications
Ansible Playbooks
NSO
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Benefits of Cisco NSO
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Build Intent-based Service
Definition using NSO & NXOS
Use Case
Intent: Block access to Crypto Mining Websites
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Service Intent Example
Intent: Block access to Crypto Mining websites
172.10.0.0/24
Corporate Network
Mining website1
NSO
Internet
Campus
Infrastructure
Mining website2
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Block Crypto-Mining Website Access
Mining Websites IP
address list/network
NETCONF/YANG
Config Operational
NX-OS
N9000/3000
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Build Intent-based Service Definition
1 Build Custom NXOS Network Element Driver
(NED)
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
NSO Pioneer Tool
Collection of Tools for NETCONF YANG NED building & troubleshooting
Package build: Using make command Pioneer package is compiled and build
(make -C packages/pioneer/src/ clean all)
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
1.1 Build NXOS NED (NETCONF/YANG)
Download Cisco-NX-OS-
1 Download NXOS native device.yang from github into temp
YANG file directory
Using “ncs-make-package” to
generate the NED package &
2 Generate NED Package compile with Make command
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
1.2 Verify the NXOS Package is loaded
#packages reload
reload-result
{
package cisco-nx-nc
result true
}
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Demo Video:
Build NX-OS NETCONF Custom NED
2.1 Device Management using NSO
• Configure devices in NSO using the NSO CLI/GUI
Add authgroup (login credentials) for the device in NSO
Add device(s) to NSO
Generate SSH keys for the NSO to communicate to devices
• If above operations are successful (result is “true”) then you are good to
use the NED package for building the Service
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Demo Video:
Device Management using NSO
3 Build Service Definition
Create Template Generate XML Load and Verify
Service Package Template for the Package
Service
Service Package Package is compiled
with folders Service XML created and loaded in NSO
containing YANG from NXOS Sandbox
and XML Templates based on
configuration
XPATH mapping
Define YANG between XML
Model for Service and YANG
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
3.1- Create Template Service Package
Create an empty Service Package using “ncs-make-package” tool
(Template based)
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
3.2 – Define Service model (YANG)
service “blk-crypt”
Device List
Port
IP address List
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
3.3 –Generate XML Template for Service
• Create Service Template
using below command
XPath mapping
with YANG
definition
defintion
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
3.4 XPATH mapping between XML & YANG
module vxlan-evpn {
<config-template xmlns="http://tail-f.com/ns/config/1.0" namespace "http://com/example/vxlanevpn";
servicepoint="vxlan-evpn">
prefix vxlan-evpn;
<devices xmlns="http://tail-f.com/ns/ncs" foreach="{device}" >
…….
<device> leaf l2-vlan-id {….
<name>{/device}</name>
}
<config tags="merge" >
…..
<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device"> leaf l3-vlan-id {
<bd-items>
YANG model
……
XML Template
<bd-items>
}
<BD-list> leaf l2-vni-id {
<fabEncap>vlan-{l2-vlan-id}</fabEncap>
……
<pcTag>1</pcTag>
}
<accEncap>vxlan-{l2-vni-id}</accEncap> leaf vni-id {
</BD-list>
……
<BD-list>
}
<fabEncap>vlan-{l3-vlan-id}</fabEncap> …….
<pcTag>1</pcTag>
leaf device {
<accEncap>vxlan-{vni-id}</accEncap>
type leafref {
</BD-list> path "/ncs:devices/ncs:device/ncs:name";
</bd-items>
}
</bd-items>
}
………… …….
}//end of module
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
3.5 –Load and Verify the Package
1. Compile the Package (using make)
2. Login to NSO CLI
• $ncs_cli–u admin -C
• admin@ncs# packages reload
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Demo Video:
Build Service Definition using
YANG & Template
Declarative - Block Crypto websites access
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Prescriptive (Website List)
<System>
Config Pushed to Device
<acl-items>
<ipv4-items>
<name-items>
<ACL-list>
<name>BLOCK</name>
ip access-list BLOCK
<seq-items>
<ACE-list>
10 deny ip 74.125.197.0/24 any
<seqNum>100</seqNum>
<action>permit</action>
20 deny ip any 74.125.197.0/24
<dstPrefix>0.0.0.0</dstPrefix>
<protocol>0</protocol>
30 deny ip 108.177.98.0/24 any
<srcPrefix>0.0.0.0</srcPrefix>
</ACE-list>
40 deny ip any 108.177.98.0/24
<ACE-list>
<seqNum>60</seqNum>
60 deny ip 54.191.11.0/24 any
<action>deny</action>
<dstPrefix>0.0.0.0</dstPrefix>
70 deny ip any 54.191.11.0/24
<protocol>0</protocol>
<srcPrefix>54.191.11.0</srcPrefix>
80 deny ip 52.43.226.0/24 any
<srcPrefixLength>24</srcPrefixLength>
</ACE-list>
90 deny ip any 52.43.226.0/24
……
</seq-items>
100 permit ip any any
</ACL-list>
</name-items>
</ipv4-items>
</acl-items>
</System>
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Prescriptive (Ports) Config Pushed to Device
<System>
<acl-items>
<ipv4-items>
<policy-items>
<ingress-items>
<intf-items> interface Ethernet1/20
<If-list>
<name>eth1/20</name> ip access-group BLOCK in
<acl-items>
<name>BLOCK</name> ip access-group BLOCK out
</acl-items>
</If-list>
</intf-items>
</ingress-items>
<egress-items>
<intf-items>
<If-list>
<name>eth1/20</name>
<acl-items>
<name>BLOCK</name>
</acl-items>
</If-list>
</intf-items>
</egress-items>
</policy-items>
</ipv4-items>
</acl-items>
</System>
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
NSO/NXOS Integration
Use Cases
Intent-Based Network Automation Journey
2. Automated configuration 4. Cross-Domain Intent-
management Based Automation
Automate configuration management with Automate cross-domain
centralized APIs / interfaces to entire network business intent
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
NSO API’s and Use Case Integration Template
IPAM
(e.g. Infoblox)
OSS/BSS Network EMS/NMS
Engineer
NETCONF
External DB
REST CLI Web UI SNMP JAVA/Javascript
(e.g. CMDB)
YANG
NSO Service Manager
Service
Provisioning OS
Maintenance
Windows
Compliance
Manager Service Ticketing
Upgrades
Models (e.g. Remedy)
Script
API Mapping
Templates
Package Logic
AAA Core REST, NETCONF, JSON-RPC, VNFM
Manager
Engine Java/Python, Web Services (e.g. ESC)
Developer Fast Map
API YANG
Alarm Manager Notification Receiver Device Manager Device Other
Models Controllers
(e.g. WAE, ACI)
Network Element Drivers Network Controllers
Assurance
NETC SNMP REST CLI EMS (e.g. ZenOSS,
ONF Moogsoft)
SNMP/
Multi-Vendor Network Syslog Manager of
Managers
(e.g. Netcool)
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
What Others Are Doing With
1
Cisco NSO
Examples of Customer-Developed Automation Use Cases
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
The Configuration Data Store
Intent: Full configuration backup and restoration options
Configuration Management:
Network Engineering Ops and Provisioning Service Developer
• Gather, store configurations,
NSO
track changes from network
devices
Service Manager
Package Audit
CDB Manager
Device Manager
• Tracking Network/Service
Device Abstraction ESC (VNFM) configuration changes and
checking for policy and
VNF Lifecycle VNF Service Compliance
NED NED NED
Manager Monitoring
Service Layer Visibility
• Tracking Service Layer events and
Multi-domain Networks resource requirements
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
NSO: NFVO Resource Orchestration
Intent: VNF lifecycle management and provisioning
RFS Services
RFS Provisioning and Activation VNFD, NSD Catalogue NFV Orchestrator (NFVO)
Cisco NSO NSRs and VNFRs NSO NFVO Component
NFVI Resources
Or-Vnfm
Or-Vi
VNF Manager (VNFM)
VNF VNF VNF
Cisco ESC
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Network-wide CLI
Intent: Management point abstraction for network
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Templates and Compliance Reporting
Intent: Network policy compliance and security management
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Service Insight
Intent: Visibility into the network service status and events
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Orchestrated Assurance
Intent: Proactive service monitoring and assurance
• Allows us to…
- Automate activation tests and service
assurance
- Provide service-level assurance in hybrid
networks
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Network Device Upgrade and OS Migration
Intent: Device/Service migration from legacy to new
NSO Enabled by Tail-f
Service Manager
Device Manager
Service 1
Service 1
Service 2
Existing Service Configuration Service 2
Service Migration on new Device
Use Cases NSO Functionality Benefits
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Pre-built Function Packs
Core Function Packs for Cisco NSO Commercially packaged
automation applications for
key Cisco use cases (CVDs)
SD-WAN
Data
Center
SAE
Public
Cloud
Campus Fabric
SD-Access
Campus / WAN SAAS SaaS
Branch
Cloud Virtual Branch
Edge
Internet
Direct Internet Access
vManage
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
SAE Core Function Pack
Other Function Packs
Cloud Edge
Core FP Automation of Cisco Secure Agile Exchange
(SAE) through NSO
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
SD-Access Core Function Pack
Other Function Packs
SD-Access
Core FP
Automation of SD-Access through
DNA-Center
DNA-C
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Virtual Branch Core Function Pack
Other Function Packs
Virtual Branch
Core FP
Automation of Virtual Branch deployments
through NSO
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Cisco AS - Packaged Service Offerings
Base Package Simple Medium Complex Custom
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Customer Deployment
Case Studies
Case study Focus
Global financial institution Release the burden from Operations teams who struggled to
keep up to date with maintaining configurations across
thousands of network devices in compliance.
Use Cases
• Automation of QoS policy across branches, campuses,
core, datacenters
• Automated lockdown service for datacenters
• Automated provisioning of extranet partners
• Automated migration of Branch routers and switches to
new devices
• Orchestrating the creation/renewal and delivery of SSL
certificates to network devices
• Orchestrating the monitoring and provisioning of
EVPN/VXLAN connections used for Co-Lo connectivity
(internal and external connections)
• Orchestrating the provisioning of NFV for virtualized B2B
infrastructure (routers, firewalls, load balancers)
BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Global Financial Institution – NSO Automation
Efficiency gain
Efficiency gain
Efficiency gain
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Use Case: Cisco IT
Data as of January 2018 #CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Cisco IT Experience on NSO
Benefits
Areas for Investment
Strong Partnership & Product Support: 5. DC: Transition config model to services (AAA,
DNS, NTP, Syslog etc.
- Good breadth of product support (IOS, NX-OS, ASA,
Citrix, APIC-DC) Great Information on Cisco IT deployment model and 5 day Training
- Good support from the BU on NED enhancements (2 https://github.com/NSO-developer
weeks SLA) https://github.com/NSO-developer/nso-5-day-training
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Cisco IT – NSO Automation
52,000 100%
Automated ACL enforcement: errors
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Demo Video:
Intent-based Network Compliance Service
using NSO and NXOS
Demo – Golden Config Compliance
Intent: Devices should be in-compliance to the baseline
configuration.
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Summary
Summary
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
THE OPEN, SCALABLE Today’s network operations do not
XXX
PLATFORM FOR support new IT models that are
rapidly evolving
NETWORK AUTOMATION
Cisco NSO is the market-leading
network automation solution for
multi-vendor networks at scale
Open
XXX platform supports both pre-
built Cisco automation use cases and
your custom automation use cases
BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Complete a technical architecture
assessment of the ‘as-is’ and
recommended ‘to-be’ network
Let
XXXus collaborate with you on a
proof-of-concept project to
validate the benefits
DevNet Sandbox
Developer Tools
Learning Track
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
The NSO Digital Ecosystem: NSO DevNet
The one place to use for sharing, finding and collaborating on NSO public
knowledge!
External
(Open for all)
www.cisco.com/go/nsodevnet
DevNet
Cisco Got a
customers, question,
partners ask! We will
NSO Developer Hub (Jive) open
and DevNet open for
Learning Labs
GitHub open for for all registered Cisco employees, help ensure
open for all
employees
all
registered users
all Cisco partners & Cisco customers a fast
all have response
access Selected
Selected Training
Training
Shared
Sharedcode
code
Community and main repository of
Content
Content material
material content and Q&A
#CLUS BRKDCN-2498 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Thank you
#CLUS
#CLUS