1
00:00:01,589 --> 00:00:05,370
Now what is in a V NFI or network functions?

2
00:00:05,370 --> 00:00:11,970
Virtualization is the idea that you've virtualized network devices and network functions.

3
00:00:12,360 --> 00:00:17,820
He has a document explaining and a V and it's very good if you're interested in getting into the details.

4
00:00:18,500 --> 00:00:20,210
This is from the.

5
00:00:21,040 --> 00:00:25,000
SD in an open flow World Congress in 2012.

6
00:00:25,360 --> 00:00:29,170
But you don't need to spend a lot of time going through this document.

7
00:00:29,170 --> 00:00:30,550
That's only of interest.

8
00:00:31,390 --> 00:00:35,500
I'll explain briefly what NFI is for the CNA exam.

9
00:00:36,470 --> 00:00:38,720
Service have been virtualized for years.

10
00:00:38,960 --> 00:00:42,920
So as an example, here I'm running a Cisco core manager.

11
00:00:45,280 --> 00:00:48,550
As a virtual machine in Essex, I.

12
00:00:49,470 --> 00:00:55,980
And I couldn't connect to that server as an example using a web browser and then configure the server.

13
00:00:56,770 --> 00:01:03,040
Servers are now virtualized in the cloud, and I can spin up instances of servers very, very quickly

14
00:01:03,040 --> 00:01:09,730
using Amazon EC2 or Microsoft Azure or the Google Cloud.

15
00:01:10,730 --> 00:01:18,080
The networking, however, has generally in the past sold physical boxes for functions.

16
00:01:18,440 --> 00:01:24,590
So in other words, if you wanted a firewall, you would buy a physical piece of hardware that provides

17
00:01:24,590 --> 00:01:27,550
a function or a set of functions to you.

18
00:01:27,560 --> 00:01:28,910
In this case, firewall.

19
00:01:30,020 --> 00:01:37,820
If you wanted a VPN device in the past, you would buy a VPN concentrator or a device dedicated to creating

20
00:01:37,820 --> 00:01:39,200
VPN connections.

21
00:01:39,880 --> 00:01:46,930
In the past, if you wanted a load balancer, you would buy a physical load balancer or a session border

22
00:01:46,930 --> 00:01:47,650
controller.

23
00:01:47,650 --> 00:01:50,350
You would buy a physical device for that function.

24
00:01:51,010 --> 00:01:55,150
Rudders such as a piranha are physical devices.

25
00:01:55,150 --> 00:01:57,730
If you want a router, you would buy a physical rudder.

26
00:01:58,120 --> 00:02:06,490
Now the idea with network virtualization is we virtualize network devices in the same way that we virtualized

27
00:02:06,490 --> 00:02:07,300
servers.

28
00:02:07,900 --> 00:02:15,190
So we take these physical devices and we run them as a virtual appliances on physical servers.

29
00:02:15,700 --> 00:02:18,580
And he has an example once again of doing that.

30
00:02:18,580 --> 00:02:28,510
I've got a single physical server running iSCSI, but here I've got multiple Cisco CSR routers running.

31
00:02:29,670 --> 00:02:31,500
As a virtual machines.

32
00:02:33,280 --> 00:02:37,510
In Essex if I use the command show ip ospf neighbor.

33
00:02:38,600 --> 00:02:41,180
Notice I see multiple neighbor relationships.

34
00:02:42,070 --> 00:02:46,800
So this device, 19216812 or three is a physical router.

35
00:02:46,810 --> 00:02:52,720
So what I'll do is telnet to that physical router and I'll log in.

36
00:02:52,990 --> 00:03:00,760
Notice this is an 1841, so show version shows me that this is an 1841 physical router show.

37
00:03:00,760 --> 00:03:09,220
Diag, as an example, shows me the physical components in that router, but back on the iSCSI router

38
00:03:09,340 --> 00:03:15,310
show version shows me that this is a CSR rather show diag.

39
00:03:18,470 --> 00:03:20,720
It doesn't show the same information.

40
00:03:28,360 --> 00:03:32,290
Because this is a virtual router, not a physical router.

41
00:03:32,710 --> 00:03:39,910
You can see as an example that it's a CSR 1000 ve so show ip ospf neighbor once again shows me different

42
00:03:39,910 --> 00:03:44,620
neighbor relationships and I could telnet to another router.

43
00:03:48,200 --> 00:03:52,250
This Rada is a 1941.

44
00:03:52,550 --> 00:03:54,590
So this is another physical Rada.

45
00:03:55,880 --> 00:04:01,400
So what's the point rather than running physical rotters?

46
00:04:02,880 --> 00:04:10,500
Why not run multiple virtual routers in the same way that you run the virtual servers?

47
00:04:11,280 --> 00:04:18,510
The concept of having a physical device for every function doesn't make sense in today's world.

48
00:04:19,260 --> 00:04:24,160
As I demonstrated, it only takes a few minutes to spin up a virtual machine.

49
00:04:24,180 --> 00:04:30,720
On Amazon, it's been easy in the past to spin up virtual servers and allocate a virtual disk space

50
00:04:30,720 --> 00:04:31,620
or storage.

51
00:04:32,160 --> 00:04:38,280
But one of the big problems in the past has been that networking required physical devices.

52
00:04:38,880 --> 00:04:46,770
So just like years ago, server administrators no longer have a physical server per application, such

53
00:04:46,770 --> 00:04:49,230
as email or web services.

54
00:04:49,740 --> 00:04:54,150
We now in networking don't have a physical device.

55
00:04:54,820 --> 00:05:05,380
For a physical function, we can run virtual routers and virtual firewalls as virtual machines alongside

56
00:05:05,380 --> 00:05:06,820
our virtual servers.

57
00:05:07,590 --> 00:05:14,010
One of the advantages of doing that as an example is you could run a virtual firewall in front of every

58
00:05:14,010 --> 00:05:16,740
virtual server if you needed to.

59
00:05:16,770 --> 00:05:23,970
You can implement what's called micro segmentation, where you segment your network down into tiny subnets

60
00:05:23,970 --> 00:05:30,810
or tiny segments to reduce broadcasts to implement better security and other benefits.

61
00:05:31,290 --> 00:05:37,620
It doesn't make sense today to have a physical network device for every function.

62
00:05:37,650 --> 00:05:44,130
If you have the requirement for a firewall, it doesn't make sense to buy a physical firewall for your

63
00:05:44,130 --> 00:05:45,150
virtual servers.

64
00:05:45,180 --> 00:05:52,170
In some cases, it makes sense to buy a virtual firewall that you run on the same hypervisor as your

65
00:05:52,170 --> 00:05:53,280
virtual servers.

66
00:05:53,970 --> 00:05:56,980
So this is the idea of network function virtualization.

67
00:05:57,000 --> 00:06:04,440
We firstly virtualize an appliance such as a router or a firewall or a load balancer, but then taking

68
00:06:04,440 --> 00:06:08,520
it a step further, we can also load balance functions.

69
00:06:08,910 --> 00:06:15,900
So if all you need is to implement something such as DRP or HSP, it doesn't make sense to run a full

70
00:06:15,900 --> 00:06:18,810
operating system in the server world.

71
00:06:18,810 --> 00:06:26,310
We have the concept of Docker and the same kind of idea is now starting to happen in networking where

72
00:06:26,310 --> 00:06:29,880
we just run functions rather than entire operating systems.

73
00:06:30,420 --> 00:06:33,220
I've added some videos about Docker to the course.

74
00:06:33,240 --> 00:06:37,710
They are only of interest and are not part of the CCNA exam.

75
00:06:38,160 --> 00:06:42,780
So if you're interested in learning some real world stuff about Docker and newer technologies, have

76
00:06:42,780 --> 00:06:43,980
a look at those videos.