The Networking Field Day Exclusive one-day event with Cisco’s Service Provider business unit definitely exceeded my expectations, and I believe showcased a different approach to technology and their customers than we might have seen from the Cisco Systems of four or five years ago.
The topic-du-jour was definitely Segment Routing, and Cisco delivered great presentations on both SR-TE (Segment Routing – Tunnel Engineering) with SR Flexible Algorithm, and SRv6 (Segment Routing for IPv6).
SR FlexAlgo effectively allows a network to calculate metric- and constraint-based primary and backup paths on demand and in a distributed fashion. For example, a policy might be that traffic to a given prefix should follow the lowest latency path using only MACSEC encrypted links, or perhaps the lowest cost path while staying within a particular geographical region. Cool stuff, and while it won’t fix every problem, conceptually I can see this as a relatively accessible way into Segment Routing, and one which could deliver tunnel engineering in a way that would be highly complex or impossible using RSVP-TE and a constraint-based IGP calculation.
I had not looked at SRv6 before, and it’s a fascinatingly different beast to regular IPv4-based Segment Routing, finally putting the extensible IPv6 header to good use. SRv6 offers some very interesting use cases including using the internet (or any other third party network) as a segment, even though it is unaware that it’s a segment and doesn’t run Segment Routing. Additionally, SRv6 opened up an option to enable service chaining, and the demonstration of this in real time was pretty impressive.
EVPN was also highlighted as a solution which can offer a fairly broad range of applications including, ultimately, replacing vPC, VSS, and HSRP/VRRP in the network. This is a protocol with much more to it than the standard context of VXLAN + BGP EVPN as a fabric, and one which deserves more attention.
Zero Touch Provisioning
I am a big fan of ZTP, and it’s good to see it in IOS XR as well. I’ve written about my positive experience with NXOS ZTP, and the IOS XR ZTP follows a very similar mechanism. Now, however, the on-box capabilities have been expanded to support multiple scripting languages as well as to take advantage of the root access given on the devices to permit container creation and other script/executable functions. A more recent addition is the idea of Golden ISO concept where software image downloaded to the device already has key elements like RPM installation and a base configuration already completed, minimizing the number of steps that have to be taken during the ZTP boot process.
One of the questions that ZTP raises is who and what you can trust when booting a newly-installed device, and Cisco’s Dan Backman led us down Paranoia Lane from the network operating system all the way down to the CPU and BIOS in order to try and figure out whether we trusted the people who made each component, and the impact that penetration of a low-level component can have. This concept sounded familiar to me as I had previously written about Skyport Systems, a company whose aim was to provide a trusted compute platform. Guess who Cisco bought last year, and where Mr Backman was working at that time? The relevance to Cisco is the Hardware-Anchored Secure Boot architecture which attempts to protect Cisco hardware from low-level compromise.
Just as I thought OpenConfig was going totally dark (perhaps the 3-year-out-of-date website is partly to blame for that opinion), Cisco presented all the fun stuff that can be done on the IOS XR platform using gRPC. I discussed OpenConfig on this site about three years ago, and had great hopes for it as a means of configuration, monitoring and telemetry. It seems that it is beginning to do exactly that, using gNMI (gRPC Network Management Interface) as a means to monitor and subscribe to telemetry streaming on IOS XR devices. I am super-excited to see this is getting traction, and looking forward to hearing about more in this area.
Fabrics, Fabrics, Fabrics
Everybody loves a good network fabric, and Cisco’s Phil Bedard looked at three kinds: metro fabric, core fabric and peering fabric, all guided by the concept of simplifying the network, making it scalable, secure and automatable. For a relatively simple topic, this presentation covered a lot of ground and will be worth another watch when the video is posted.
The theme I got through this event was of a consistent support for the ideas of making things easier, making them more accessible, and of support where possible for open standards. Cisco is even providing some support for IOS XR on whitebox (for a limited few customers, currently) which may lead to good things for a wider audience in the future. Automation, visibility, openness and operational simplicity came up time and time again throughout the presentations.
I had expected GoodNotes things from NFDx with Cisco’s Service Provider BU, but they really did deliver more than I had expected and I think on the whole the presenters did an outstanding job. I have a lot to think about, and I will be posting more in the coming weeks, and will provide links to the videos when they have been posted.
This was really a very good one-day event and I’m delighted that I could be here to take part.