#CiscoLive

Deploy and Manage SD-Branch

uCPE Onboarding/Provisioning Simplified

Ramesh Kalimuthu
Technical Marketing Engineer
BRKENT-2105

#CiscoLive
Agenda
• Need for virtualization and automation
• Key Use-cases
• SD-Branch Architecture and components
overview
• SD-Branch Design, Provision and Manage
• Conclusion

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
What Software Defined Branch Can Do For You

Quickly roll out new services and locations

Simple and easy
to design, provision,
Gives you flexible deployment options manage the trusted
services that are critical
to your business
Simplify day to day operations

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Virtualization Offers Flexibility, Simplicity, Savings
VNFs

LB Hypervisor

Server
Router Firewall Wan Opt Load Balancer

Physical Branch Virtual Branch

Why Virtualization?
• Flexibility • Service Agility
• Less Devices, More VNFs • Efficient Resource Utilization
• Quick Rollout Time • OpEx Savings

Cisco’s Virtualization is available for both Traditional Routing as well as SD-WAN routing

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Cisco Software Defined Branch - Summary
Controller lead, modular architecture that allows for use of
SD-Branch is an
best-of-breed network function service chain in Enterprise
architectural choice Branch.

Turn-key automation Cisco SDWAN controllers are used for automation,

of Enterprise management and orchestration, though Cisco SDWAN
service-chains is not a requirement

• SDWAN migrations
Can be used to • Security / Compliance
address a number • Hardware consolidation and Branch Virtualization
of use-cases • Local file, Print and DDI (DHCP, DNS, IPAM) services
• SP hosted multitenant routing service
Built on
Catalyst 8200 uCPE, Enterprise Network Compute System(ENCS 5000)
Cloud Services Platform(CSP5000)
UCSE(in ISR4K, Catalyst 8K) with NFVIS

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Cisco’s virtualization portfolio
Network services on any platform, anywhere - branch or data center

Centralized Orchestration and

vManage MSX/NSO Management

Consistent, trusted network

services across all the
platforms
Virtual Router Virtual Firewall Virtual Wireless LAN
Virtual Network Functions (VNFs)
App QoE Third-party VNFs
(IOS-XE,SDWAN) (ASAv, NGFWv) Controller (vWLC)

Hardware and software

Network Functions Virtualization Infrastructure Software (NFVIS) independence
Virtualization layer (Hypervisor)

Colocation
Freedom of choice
Small/Lean Enterprise Hardware platforms for any
Branch Branch Data Center location in the network

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Platform and
Use-cases
 Orchestration
Network Functions

Cisco’s Virtualization Platform Portfolio NFVIS

Platform

Small/Lean SD-Branch Enterprise Virtualization DC, Hub and Colocation

Catalyst 8200 Series Edge uCPE ENCS 5400 Series CSP 5200 & 5400 Series
8 cores 6 to 12 cores 16 to 56 cores

* NFVIS on UCSE module can be used with ISR4K or Catalyst 8000

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
 Cisco Catalyst 8200 Edge uCPE

System Status
• Status LED LTE WAN PIM Slot Physical Security
Network Modules • Kensington lock
• FAN LED USB Storage • CAT 4/6/18 PIM • NIM slot
• Power LED • USB 3.0

Management Interface Data Interfaces (FPGE) Storage Storage

• RJ 45 Console • 4 RJ45 GE WAN • USB M.2 (32GB) • SATA/SSD(2TB/4TB)
• 2 SFP WAN • NVMe SSD M.2 (600GB, 2TB)

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
 Flexible and Converged SD-Branch Solution
SD-WAN Migrations WAN diversity: LTE, DSL,
T1/E1
Hardware consolidation and Best-of-breed Cisco & 3rd
Branch Virtualization Catalyst 8000V Party VNFs
Cisco
Security/Compliance Umbrella Port Segmentation
Virtual Switch / SRIOV
Local file, Print and DDI Hypervisor / Cloud
(DHCP, DNS, IPAM) services Deployment Automation

SD-WAN

C8200uCPE or ENCS 5406 or 5408 ENCS 5412

Unit-1: SD-WAN for Unit-2: SD-WAN + Firewall
vBranch + WAAS

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
SD-WAN (IPSec) Throughput Performance with
QoS, DPI and Netflow/cFlow on SD-Branch Platforms
2000 1731 1792

Mbps 1500 1346

Low Range 1000

Access 637 671
490 486
500
133
0
C8200uCPE-2vCPU ENCS5406-2vCPU ENCS5408-2vCPU ENCS5412-2vCPU
All Results are based on
1889 1889 1889 Cisco’s Unified Throughput
2000
Test Methodology
1500 1132
Mid-High 1054
966
Mbps

Range 1000 837 Ø BiDirectional 1 to Many Flows

Access
500 255 Ø PDR = 0.01% Packet Drop
Tolerance
0
C8200uCPE-4vCPU ENCS5406-4vCPU ENCS5408-4vCPU ENCS5412-4vCPU
Ø Based on RFC 2544

Large Packets

IMIX - 352 Byte Avg. Packet Size

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Monitor WAN Edge Connectivity with
ThousandEyes Agent
SaaS

Monitoring Catalyst
Agent 8000V
Internet
NFVIS
IaaS

Monitor Critical Determine the health of

Troubleshoot Issues
Enterprise Apps your infrastructure

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
SD-Branch High Availability Design Connections
ENCS
ENCS MPLS ENCS
Broadband
ENCS

uCPE-Left WAN ISP1

uCPE-Right WAN
Pt-to-Pt

Untrust

WLC WLC

Mgmt HA Links Mgmt

Trust Trust

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
SD-Branch High Availability design
MPLS Broadband
AN
ISP1

AN
W

W
uCPE-Left uCPE-Right

WLC WLC

NFVIS NFVIS

High Availability Validated Design Template Zero Touch provision

Managed Services

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
NFVIS
Network Function Virtualization
Infrastructure Software
 Orchestration
Network Functions

Cisco Network Function Virtualization Infrastructure NFVIS

Software (NFVIS) Platform

Purpose built hypervisor designed specifically for hosting VNFs

Run Cisco or third-party vendor Secure Boot, Secure Chain of Trust

VNFs Open source Secure Secure overlay for management
KVM based and monitoring

Programmable API for service Purpose-built OVS DPDK & SR-IOV to accelerate
orchestration: REST, Netconf API & GUI network traffic
for
interface
Device-local GUI as well as Networking PnP ZTD, Native support for BGP
integration with vManage and MSX
Lifecycle management, Upgrades,
Snapshots, Role Based Access Control

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
NFVIS Architecture
Not Just KVM, Power in software
PnP vManage Console Portal
Server NSO SSH

NFVIS NETCONF CLI REST

Image Plug-n- vDaemon Web VM Life Cycle * Cluster

Management Confd Manager Management
Play Server/Portal

Storage Resource Service Host Statistics

Health Monitor AAA
Management Manager Chaining Management Collector

Hardware
libvirt Open vSwitch Qemu Collectd Syslogd Snmpd
Management

CentOS Linux 7.6 + KVM + Kernel Drivers

* Roadmap

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
VNF Services
 Orchestration

Network Services from Cisco Network Functions

NFVIS

Consistent software across physical and virtual Platform

C8000V ASAv/FTDv vWAAS eWLC

High Performance Full DC-Class Application Built for small and
Featured Functionality Optimization medium branches
Rich Features

Windows Server Linux 3rd Party

Active Directory, File Network Services
Custom Applications
Share, Server Management &
DNS/DHCP
Applications Monitoring

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
 Orchestration
Network Functions

Virtual Router Convergence

NFVIS
Platform

VNF Convergence Approach IOS-XE IOS-XE SD-WAN

‘Autonomous ‘Controller’
17.1.x and earlier 17.2/17.3 17.4.1 Mode mode

Catalyst 8000V
ISRv ISRv ISRv on ENCS
Virtual Router Unified
IOS XE XE SD- Unified
WAN

Catalyst 8000V
Unified

CSR 1000V CSR 1000V CSR 1000V

IOS XE XE SD-WAN Unified

// 3rd
vEdge Cloud vEdge Cloud vEdge Cloud Party
Viptela OS Viptela OS Viptela OS

Network Consistency

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Open ecosystem for 3rd party VNFs
Customers can call Cisco support for certified 3rd party VNFs

Run 3rd-party VNFs, regardless of certification

3rd party vendors can submit for certification

http://cisco.com/go/enfv

Certified

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Orchestrator
 Orchestration
Network Functions

vManage orchestration for SD-Branch

NFVIS
Platform

Single pane of glass operations

• Unified life-cycle management of

device and SD-WAN

• Monitoring, assurance and

troubleshooting

• Centralized image repository and

VNF packaging tools
• Cisco and 3rd party VNFs

Automated service Zero-touch Cloud delivered Validated network

chaining provisioning orchestrator design templates

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
SD-Branch User Experience
Select Network Provision SD-Branch
Connect Branch
Design Use Full Service
uCPE Device
In vManage Branch

vManage
Control and Policy
Elements

NFVIS

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
SD-Branch
Design,
Provision and
Manage
vManage SD-Branch automation workflow
Plan Deploy Monitor and Manage

Manufacturing Monitoring and

configured PnP Assurance
and vManage NFVIS Device
sync Monitoring
For controller and Build network design VNF Monitoring
devices Define branch Device setup
Edit profile (WAN, LAN,
Mgmt) Call-home
Add service - select from Registration
template Provisioning
Attach ENCS
Build or upload Schedule / Push-now Upgrades
VNF packages in NFVIS
vManage VNFs

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Network Design Procedure in vManage
Attach/Detach
Network Design Add Branch Add Services Device to/from
Branch

Global Settings Branch & Device Select Validated Provision ENCS

Profile Network Design

AAA Circuit, WAN, LAN, Customize Network With Site specific

NTP Management and Services as bootstrap information
Syslog required for Services

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
vManage SD-Branch Workflow

1 2 3 4 5 6

NFVIS 4.2.1 PnP Upload VNF Network Monitoring Edit Existing

release on workflow Software Design and and Design or
ENCS packages to Deployment Dashboards Re-provision
vManage Workflow Device
NFVIS 4.4.1
release on
C8200uCPE

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
uCPE Onboarding steps

devicehelper.cisco.com vBond vManage

2 3 4

1 WAN Transport
NFVIS
Internet

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
uCPE Onboarding steps (contd.)

devicehelper.cisco.com

GE 0/0 GE 0/1 uCPE

SRIOV-1 SRIOV-2 SRIOV-1 SRIOV-2

wan-br wan2-br

wan-net wan2-net

DHCP VPN0
mgmt-br
DTLS vEdge
PNP Management Port
NFVIS NFVIS
ASAv
lnt-mgmt-net lan-net
lan-br
SRIOV-1 SRIOV-2 SRIOV-3 … SRIOV-23 SRIOV-24

GE 1/0 GE 1/1 GE 1/2 GE 1/3 GE 1/4 GE 1/5 GE 1/6 GE 1/7

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Video
SD-Branch Design, Provision, Manage
Demo Video

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
vManage SD-Branch

FY
I
Planning Step Actions

Step 1 Step 2 Step 3

uCPE Release Prerequisite uCPE and vSDWAN Device list VNF Image repository

Option A 1. Login to vManage

1. Power-on ENCS
1. Manufacturing populates uCPE 2. Goto Maintenance->SW Image
2. Connect WAN to SP device serial numbers into smart repository
virtual account, ready to authenticate 3. Upload Cisco VNF image
3. Configure system settings to
device SUDI. packages for vbranch from CCO
enable CIMC access 2. Smartsync to vManage
Alternately, build the VNF package
4. Upload NFVIS image to CIMC
Option B using vManage
5. Host-map ISO image 1. Download CSV template, Update and
Upload CSV file with list of device
6. Power-cycle server through
serial numbers and device cert ID
CIMC 2. Smartsync to vManage

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
vManage SD-Branch

FY
I
Design, Provision, Manage Actions
Step 4 Step 5 Step 6
Network Design and Provision Device Manage and Monitor Day N Changes

1. Goto Configuration->Network Design 1. Use dashboard for monitoring connections

2. Click Manage Network Design -> Global 1. Click Attach device->click branch
2. Device and VNF monitoring
Parameters->CEDGE->Cisco AAA->change admin site ->Detach device
a.Goto Monitor ->
password 2. Using add-on CLI, edit device
Network ->
3. Click Manage Network Design -> Add WAN circuit configuration
Choose device ->
4. Click Manage Network Design -> Create Branch site 3. Template push for ISRv Day-N
Select available options
-> select WAN circuits, add LAN segments configuration
5. Click branch site -> Create profile -> add 4. Re-attach device
configuration for WAN, LAN and management Note : Use primary and backup ND
6. Click branch site -> Add service templates for adding ND on ENCS (no
a. Select Topology
Platform/NFVIS Software service changes)
b. Use pre-defined network mapping Upgrade
c. Customize network topology via Add/Edit
services/Network New Provisioning of existing device
7. Click branch site -> Add CLI configuration for NFVIS
8. Click Attach device -> click Branch Site -> click Add Simulate offline device -> Invalidate -> Delete
devices . -> Factory reset
a. Update device variables manually or via csv, Simulate online device->Detach ->Factory
b. preview config reset
c. click configure device
8.Click Notepad icon on top right corner to Monitor
task status
uCPE device at remote site could arrive at a later
date and will onboard zero touch due to pre-
staging actions in vmanage.

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
 FY
Validated Use-cases

I
Single Service
Router Single WAN

Router Dual WAN

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
 FY
Validated Use-cases

I
Multiple Services
Router + Firewall

Router + Firewall Best Perf Router + Firewall + WAAS

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
 FY
I
Visual Topology View

vNIC sequence
and
connection clarity

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
 FY
Network Design Customization

I
Add
Network(s)
Add
Service(s)

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
 FY
I
Addon CLI Template
NFVIS configuration generated via ND and add-on CLI template is Create
merged and device configuration is generated.
Addon CLI
•
•
Add-on CLI must be used in conjunction with Network design
It is recommended to be used only for configurations not natively
Template
supported in ND
• Supported add-on CLI configs for following features –
• track-state
• speed
• duplex
• native vlan
• Global vlan
• QOS
• ACL
• SNMP
• STP enable/disable under switch GE interface
• Banner
Preview of Merged
• MOTD
• Static routes
Config after
• Default gateway Device Attach
• PNIC tracking for WAN interfaces
• Bootup_time
• TACACS
• AAA auth-order

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
vManage SD-Branch features
Supported features
VNF Packaging Tool Cisco and Thirdparty
Network Design(ND) Single/Dual Device
ND Global Settings AAA, NTP, Syslog
ND Device Configuration WAN, LAN, Mgmt
ND Device->Services Configuration Router
Router+Firewall
Router+Firewall+WAAS
AND
Other service/network customization
Addon CLI Template
Visual Topology representation

Supported Device ENCS5400, C8200 uCPE

Zero Touch Provisioning SUDI Device Auth and Day0 Configuration
Monitoring VNF and Device Health

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
SD-Branch Key takeaways
• Cisco offers complete solution across all four components
• Hardware, Network Hypervisor, VNF, Orchestrator

• NFVIS4.4.1 on C8200uCPE, ENCS enables zero-touch integration with

vManage

• Virtual form factor SD-WAN on C8200 uCPE, ENCS is a production-

ready alternative to physical router SDWAN deployment

CCO Document reference

NFVIS 4.x Configuration Guide
SD-Branch Deployment Guide

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Why Cisco SD-Branch?

Purpose Built superior quality uCPE hardware and

software

Cisco Validated Designs, Best of breed networks with

NFV ecosystem support

Programmability and Automation, Security, Serviceability,

Solution level TAC support

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Continue your education

Demos in the Cisco campus

Meet the engineer 1:1 meetings

Walk-in labs

Related sessions

#CiscoLive BRKENT-2105 © 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Thank you

#CiscoLive
#CiscoLive