I’ve just returned from Cisco Live 2020. It was my third CL since I first went there in 2018. It is an amazing place to learn new things, discuss problems or issues with TAC engineers to find appropriate solutions, as well as try multiple technologies in lab environment. I’ve attended few breakout sessions this year and just want to post my notes here for my own benefit.
TECSPG-2300: Network Function Virtualization
This techtorial has covered different aspects of NFV architecture, including I/O methods, NUMA, pCPU to vCPU mapping methodologies, etc. To be honest, this was slightly above my head as I’ve never looked into NFV before. Well, we do use some VNFs in our environment, but it was the first time I realized the complications that can be faced as a result of a poor resource allocation. Anyway, my key takeaways are the following
- Understanding IO models/architectures is very important as it directly affects the performance of VNFs (and scalability). SR-IOV is being the most performant. Other options are OVS, OVS-DPDK, PCIe Passthrough
- ENCS5412 can support up to 6 VNFs: 1xISRv and up to 5 custom VNFs.
- ISRv is currently mandatory for all ENCS as physical ports are mapped to this instance, such as E1/T1.
- ENCS HA options are usually Active/Passive and rely on VNFs HA capabilities, example would be ASAv in Active/Passive deployment
- Alternatively, Passive box can be deployed with 0 VNFs which will be spun up once Active box fails.
- HyperFlex offers full virtualization capabilities in the branch including vMotion because storage is also virtualized
- HyperFlex Intersight management platfrom can automate SD-WAN deployment via Zero Touch Provisioning
TECRST-2191: Next-Gen SD-WAN (Viptela) Design, Deployment and Best Practices
This techtorial seminar was more relevant to our environment as we’re currently looking to deploy SD-WAN. However, out of 5 possible vendors we’ve chosen Silver-Peak and one of the main reasons – it supports traditional WAN optimization, which is available on any model, including VNF (ECV). Even though Cisco offers WAN optimziation through their WAAS product, we decided not to build complicated branch environment. In any case, a lot of design considerations apply to any SD-WAN technology as they are more or less similar with few unique things. Here are my key takeaways from this session (including few comparison comments with Silver-Peak).
- Service side VPN IDs can range between 1 and 511:
- VPN0 – reserved for Transport (global routing table)
- VPN512 – reserved for OOBM
- Supports multiple transport colors (public/private WAN)
- Supports cross-connect using carrier-tag
- Cloud-hosted deployment of management platforms is recommended
- Knowledge Base is much more better compared to SilverPeak
- Also offers Cisco Community – great source of information
- Supports BGP/OSPF/EIGRP* (EIGRP is only available in cEdge code)
- Zone-Based Firewall is up to Layer 4 on vEdge and up to Layer 7 on cEdge
- By default incoming traffic is blocked, except Fabric connections and manually configured IPSec/GRE tunnels
- cEdge supports multiple security features, incluing IPS
- Viptela has more scalable architecture than Silver Peak
- OMP (BGP-like) protocol is responsible for route/TLOC exchange
- vSmart is like BGP RR – has full visibility of the network topology. In Silver Peak there’s no single source of trust of routing information – subnets are shared between every pair of ECs
- vSmart controls reachability for every branch. It is possible to load balance between DCs per region, control reachability between branches, control tunnels establishment
- By default vEdges will try to establish IPSec tunnels using all TLOCs ignoring the color
- Cross-connect is a default mode of operation – it can lead to scalability problems as vEdge will attempt to build many tunnels even if this is not desired behavior – this can be fine tuned
- Use TLOC-groups to restrict cross-connect options
- Dynamic tunnels will be introduced in the future release (this will also provide some deterministic quality control – even though the tunnel is not up all the time). This helps to improve scalability of the product
- All sorts of service chaining is possible because VRF segmentation is fully supported
- SGTs are supported end-to-end on cEdge (not supported on vEdge)
- Multi-region Overlay improves scalability. Site ID can be split as XYYYZZZZ, where
- X – continent
- YYY – country
- ZZZZ – site number
Unfortunately, I am unable to share slidedeck for these sessions because it is against Cisco’s policy (these two techtorials are paid ones and are not included into main conference). I will publish my other notes in the next few days, but please take a look at the attached file which reveals learning maps for different Cisco technology tracks.
All sessions presented in these maps will become publicly available after 7th of February and hence you can watch any session and download relevant slidedecks from Cisco On-Demand Library.
I also recommend checking the following resources: