Cisco Enterprise NFV is very useful specially for branch offices where they often use or require multiple physical networking devices to perform network functions such as WAN acceleration, firewall protection, wireless LAN controller, intrusion prevention, collaboration services, and routing and switching. Sometimes these physical devices are deployed with redundancy, further increasing the number of devices installed and operated in the branch. An enterprise typically has multiple branches and the need to manage so many different devices can create many challenges.
The Cisco ENFV solution is a Cisco solution based on the ETSI NFV architectural framework. It reduces the operational complexity of enterprise branch environments by running the required networking functions as virtual networking functions (VNFs) on standard x86-based hosts. In other words, it replaces physical firewalls, routers, WLC, load balancers, and so on with virtual devices running in a single x86 platform. The Cisco ENFV solution provides the following benefits:
Cisco NFV Benefits
- Reduces the number of physical devices to be managed at the branch, resulting in efficiencies in space, power, maintenance, and cooling.
- Reduces the need for truck rolls and technician site visits to perform hardware installations or upgrades.
- Offers operational simplicity that allows it to roll out new services, critical updates, VNFs, and branch locations in minutes.
- Centralizes management through Cisco DNA Center, which greatly simplifies designing, provisioning, updating, managing, and troubleshooting network services and VNFs.
- Enhances network operations flexibility by taking full advantage of virtualization techniques such as virtual machine moves, snapshots, and upgrades.
- Supports Cisco SD-WAN cEdge and vEdge virtual router onboarding.
- Supports third-party VNFs.
Cisco NFV Solution Architecture
Cisco ENFV delivers a virtualized solution for network and application services for branch offices. It consists of four main components that are based on the ETSI NFV architectural framework:
- Management and Orchestration (MANO): Cisco DNA Center provides the VNF management and NFV orchestration capabilities. It allows for easy automation of the deployment of virtualized network services, consisting of multiple VNFs.
- VNFs: VNFs provide the desired virtual networking functions.
- Network Functions Virtualization Infrastructure Software (NFVIS): An operating system that provides virtualization capabilities and facilitates the deployment and operation of VNFs and hardware components.
- Hardware resources: x86-based compute resources that provide the CPU, memory, and storage required to deploy and operate VNFs and run applications.
Main Components of Cisco’s Enterprise NFV Solution
Cisco NFV Management and Orchestration
Cisco DNA Center provides the MANO functionality to the Cisco Enterprise NFV solution. It includes a centralized dashboard and tools to design, provision, manage, and monitor all branch sites across the enterprise NFV infrastructure software NFVIS. Two of the main functions of DNA Center are to roll out new branch locations or deploy new VNFs and virtualized services.
Cisco DNA Center provides centralized policies, which enables consistent network policies across the enterprise branch offices. Centralized policies are created by building network profiles. Multiple network profiles can be created, each with specific design requirements and virtual services. Once they are created, branch sites are then assigned to network profiles that match the branch requirements. Network profiles include information such as the following:
- Configuration for LAN and WAN virtual interfaces
- Services or VNFs to be used, such as a firewall or WAN optimizer, and their requirements, such as service chaining parameters, CPU, and memory requirements
- Device configuration required for the VNFs, which can be customized by using custom configuration templates created through a template editor tool
Virtual Network Functions and Applications
The Cisco Enterprise network functions virtualization NFV solution provides an environment for the virtualization of both network functions and applications in the enterprise branch. Both Cisco and third-party VNFs can be onboarded onto the solution. Applications running in a Linux server or Windows server environment can also be instantiated on top of NFVIS (discussed later in this chapter) and can be supported by DNA Center.
Cisco-supported VNFs include the following:
- Cisco Integrated Services Virtual Router (ISRv) for virtual routing
- Cisco Adaptive Security Virtual Appliance (ASAv) for a virtual firewall
- Cisco Firepower Next-Generation Firewall virtual (NGFWv) for integrated firewall and intrusion detection and prevention
- Viptela vEdge
- cEdge
- Cisco virtual Wide Area Application Services (vWAAS) for virtualized WAN optimization
- Cisco virtual wireless LAN controllers (vWLCs) for virtualized wireless LAN controllers
Third-party VNFs
- ThousandEyes
- Fortinet
- PaloAlto
- InfoVista
- CTERA
- Windows Server
- Linux Server
Network Function Virtualization Infrastructure Software (NFVIS)
NFVIS is based on standard Linux and packaged with additional functions for virtualization, VNF lifecycle management, monitoring, device programmability, and hardware acceleration.
- Linux: Linux drives the underlying hardware platforms (for example, ENCS, Cisco UCS servers, or x86 enhanced network devices) and hosts the virtualization layer for VNFs, virtual switching API interfaces, interface drivers, platform drivers, and management.
- Hypervisor: The hypervisor for virtualization is based on a Kernel-based Virtual Machine (KVM) and includes Quick Emulator (QEMU), Libvirt, and other associated processes.
- Virtual switch (vSwitch): The vSwitch is an Open vSwitch (OVS), and it enables the communication between different VNFs (service chaining) and the outside world.
- VM lifecycle management: NFVIS provides the VIM functionality as specified in the NFV architectural framework through the NFVIS embedded Elastic Services Controller (ESC) Lite. ESC-Lite supports dynamic bringup of VNFs—creating and deleting VNFs and adding CPU cores, memory, and storage. It also includes built-in VNF monitoring capability that allows for auto restart of VNFs when they are down and sending alarms (SNMP or syslogs).
- Plug and Play client: This client automates the bringing up of any NFVIS-based host. The Plug and Play client communicates with a Plug and Play server running in Cisco DNA Center and is provisioned with the right host configuration. It also enables a true zero-touch deployment model (that is, no human intervention) and allows for quick and error-free deployment of network services.
- Orchestration: REST, CLI, HTTPS, and NETCONF/YANG communication models are supported for orchestration and management.
- HTTPS web server: The web server can enable connectivity into NFVIS through HTTPS to a local device’s web portal. From this portal, it is possible to upload VNF packages, implement full lifecycle management, turn services up and down, connect to VNF consoles, and monitor critical parameters, without the need for complex commands.
- Device management: Tools are packaged into NFVIS to support device management, including a resource manager to get information on the number of CPU cores allocated to VMs and the CPU cores that are already used by the VMs.
- Role-based access control (RBAC): Users accessing the platform are authenticated using RBAC.
x86 Hosting Platforms
Cisco Enterprise NFVIS is supported
- Cisco Enterprise Network Compute System (ENCS)
- Cisco Cloud Services Platforms
- Cisco 4000 Series ISRs with a Cisco UCS E-Series blade
- UCS C-Series
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training:
