Overview of Cisco NFVIS SD-Branch Solution

Enterprise and service providers, are consolidating network services from dedicated hardware appliances into virtualized on-demand applications. These applications run on branch office softwares with a centralized orchestration and management. The branch office softwares eliminates the dependency on hardware for each function at the branch, simplifies configurable tasks, reduces time and centralizes operations and management. This increases the ability of operators to deploy Network Function Virtualization (NFV) services with greater speed and flexibility.

Cisco Software-Defined Branch (SD-Branch) solution is a combination of simplified hardware, software and virtualized services that can be deployed in a short time. Cisco SD-Branch solution allows you to select from a list of cisco validated designs templates and deploy full-service branch in a matter of minutes.

With centralized orchestration and WAN network management, Cisco SD-Branch solution provides the ability to configure and manage initial deployment, change and add new services to your IT environment from a single location, and eliminates the time taken to visit each individual branch office. The orchestration manages existing SD-Branch services, new network service on-boarding, virtual network function (VNF) packages, network services lifecycle management, global resource management, and validation and authorization of SD-Branch infrastructure resource requests, from a single point.

Cisco SD-Branch solution includes the following orchestration functions:

  • Service coordination and instantiation: The orchestration software communicates with the underlying Cisco SD-Branch platform to instantiate a service, creating the virtual instance of a service on the platform.

  • Service chaining: Connects network services like routing, firewalls and WAN optimization in a virtual chain and optimizes the use of network resources while improving the application performance.

  • Scaling services: Manages sufficient resources to deliver the service when there is an increase in the number of services.

  • Service monitoring: Tracks the performance of the platform and resources to ensure that they are adequate to provide a good service.

This document provides design and deployment instructions for NFVIS SD-Branch solution and focuses on how to deploy ENCS 5400 uCPE WAN Edge device and other virtualized network services or applications in a branch environment.

Cisco SD-Branch Solution Components

The various components of Cisco SD-branch solution are:

  • Hardware Components:

    • Cisco 5000 Enterprise Network Compute System - The Cisco 5000 Enterprise Network Compute System (ENCS) is a line of compute appliances designed for the Cisco SD-Branch and Enterprise Network Functions Virtualization (ENFV) solution. The 5000 ENCS is a hybrid platform that combines the best attributes of a traditional router and a traditional server and offers the same functionality with a smaller infrastructure footprint. Offered with the Cisco Integrated Services Virtual Router (ISRv) and NFV Infrastructure Software (NFVIS) as the hosting layer, the platform offers a complete solution for a simplified deployment.

      NFVIS 4.2.1, Cisco vManage 20.3.1 and later releases on ENCS 5400 devices are supported on Cisco SD-Branch solution.

    • Cisco Catalyst 8200 Series Edge Universal CPE - The Cisco Catalyst 8200 Edge uCPE is the next generation of Cisco Enterprise Network Compute System 5100 Series that combines routing, switching and application hosting into a compact one rack unit device for the small and Medium Virtualized Branch. These platforms are designed to allow customers to run virtualized network functions and other applications as virtual machines on the same hardware platform powered by Cisco NFVIS hypervisor software.

      NFVIS 4.4.1, Cisco vManage 20.4.1 and later releases on Catalyst 8200-UCPE Edge Series devices are supported on Cisco SD-Branch solution.

    • Cisco Catalyst 8300 Series Edge Universal CPE - The Cisco Catalyst 8300 Series Edge Universal Customer Premises Equipment (uCPE) is a purpose-built x86 platform that is designed for branch virtualization. It enables device consolidation across network and security functions, improves operational flexibility and service agility, simplifies network operations, and results in reduced deployment times and fewer truck rolls for delivery of add-on services.


      Note

      When you use Cisco Catalyst Edge uCPE 8300 for high throughput requirements, we recommend that you use NVME based storages (M.2 NVME or U.2 NVME) or E1.S based.

  • Cisco Network Function Virtualization Infrastructure Software - The Cisco Network Function Virtualization Infrastructure Software (NFVIS) software is used as the base virtualization infrastructure software running on the x86 compute platform. The Cisco NFVIS software provides VM lifecycle management, VM service chaining, VM image management, platform management, PNP for bootstrapping a device, AAA features, syslog, and SNMP server. The NFVIS software provides programmable REST and netconf APIs for all the mentioned functionalities.

  • Virtual Network Functions - The Cisco SD-branch solution supports both Cisco-developed and third-party Virtual Network Functions (VNFs). The following table includes the validated VNFs and their versions:

    Cisco Virtual Network Functions (VNFs)

    Versions

    Cisco ISRv

    17.2.1

    16.12.1a

    16.11.1b

    Cisco ASAv

    9.13.1

    Cisco vWAAS

    6.4.3c-b-42

    Cisco vEdge

    20.1

    19.2.1

    Third Party Virtual Network Functions (VNFs)

    Versions

    Fortinet®

    v5.4.1,build9317,161003

    PaloAlto®

    8.1.3

    Riverbed®

    9

    CheckPoint®

    77.30

    SilverPeak®

    7.3.9.0

  • Orchestration through Cisco SD-WAN Manager - The Cisco SD-WAN Manager is used for orchestrating the Cisco SD-branch solution. Cisco SD-WAN Manager and Cisco SD-WAN Validator version 20.1.1 or later are supported on Cisco SD-branch solution. The orchestrator provides the following functionalities:

    • Cisco SD-WAN Validator—The Cisco SD-WAN Validator provides Cisco SD-WAN Manager information to the network elements that may be running behind Network Address Translation (NAT). It performs initial authentication and authorizes the network elements to provide the Session Traversal Utilities for NAT (STUN) server functionality.

    • Cisco SD-WAN ManagerCisco SD-WAN Manager is an SDN controller that provides centralized configuration management, monitoring, and troubleshooting of the SD-branch solution.

Key Tasks Before you Begin

Ensure that the following prerequisites are met before you get started:

  • Cisco SD-WAN Control Components like Cisco SD-WAN Manager, Cisco SD-WAN Validator, and Cisco SD-WAN Controller are already deployed with valid certificates in cloud or on-prem.

  • NFVIS WAN Edge device has reachability to the Cisco SD-WAN Validator and other Cisco SD-WAN Control Components which are reachable through public IP addresses across the WAN transports.