Watch the Orchestrated Assurance demo video here.

Consumers of telecommunications services today care about three things: 1) when I have ordered a new service, I expect it to be delivered to me quickly, 2) when that service is *finally* delivered, it should certainly be working correctly, and 3) if any issues occur throughout the life of my service, they should be found and fixed immediately (the *finally* reflects the ever-increasing expectations that consumers demand from their network operators and communications service providers [CSPs]).

This article explains the concept of Orchestrated Assurance through a Business VPN use case, and it accompanies a short video highlighting the same topic which you can find here. Orchestrated Assurance, which was originally coined by Cisco and Netrounds in ETSI NFV PoC #36, is our response to helping operators and CSPs meet these rising service quality expectations from end users in a software-based and automated fashion.

But first, the pain points we are solving in black and white    

  1. When a new service is delivered, is it working as expected?
  2. How can I find and fix issues before my customers are impacted negatively and report them to me?
  3. How can I accelerate root cause analysis with remote troubleshooting and intelligent issue isolation?

How does Orchestrated Assurance meet these three demands?

Network functions virtualization (NFV) and the increasing degree of software definition in today’s networks certainly provides operators with opportunities to deliver services at the speed of software and begin automating processes that were previously time-consuming and manual. It enables a certain level of flexibility and agility previously incomprehensible in traditional network architectures. What is another key benefit of automation? Cutting out human error. According to a 2016 global study completed by Dimensional Research, an astounding 97% of percent of outages can be linked to human factors.

Cisco’s Network Services Orchestrator (NSO) is the market leader for fully automated network configuration in multi-domain and multi-vendor environments. NSO is the backbone of Orchestrated Assurance – the software tool that allows you to deliver new services quickly and efficiently.

But once you deliver those services, how do you know that they are working correctly and delivering the end-to-end service quality that your end users expect? Or that your Gold-level SLAs that your enterprise customers have contracted from you?

To answer this question, Netrounds has teamed up with Cisco to add software-based active testing and monitoring to the equation. Netrounds, a Cisco SolutionsPlus Partner, is the only pre-integrated solution with Cisco NSO that brings you automated service activation testing combined with active, ongoing service quality monitoring. Once Cisco NSO has provisioned a new service, Netrounds active Test Agents automatically initiate a service activation test, ensuring that the service is delivered correctly the first time. After successful activation testing, those same Test Agents will also continuously monitor your network services, alerting you to any SLA-violations or threshold breaches in real time, which makes it possible for Cisco NSO to automatically heal the service, for instance, through service redeployment.

Business VPN use case demonstration

We have chosen to demonstrate Orchestrated Assurance in a business VPN use case, which can also be viewed in the accompanying video. Layer 2 and Layer 3 business VPNs are two of the more predominant use cases for Orchestrated Assurance among our customer base today – they are also use cases with a very clear return on investment.

Imagine that in this demo we have already provisioned the headquarters site with a Netrounds Test Agent, so we could begin by provisioning a new branch office site to the VPN. This would be followed by a service activation test, which, after successful completion, prompts ongoing monitoring to begin using the same Test Agents used for the activation test. Cisco NSO automates all of these testing and monitoring activities by orchestrating the Netrounds Control Center and Test Agents.

An important part of adding the branch office site is the definition of the configuration parameters for the end-point, including the QoS policy. This policy determines how traffic is prioritized and it is important to test this end-to-end, both at time of delivery and continuously as many factors can affect end-to-end service quality, regardless of whether network technicians are actively making changes and updates or not. It is important to note that changing QoS also affects which Netrounds templates are used for activation tests and monitoring. These templates are pre-defined by network engineers using the interactive point-and-click test builder in Netrounds.

Once NSO has all the parameters related to the new branch site, we would prompt NSO to configure the network devices and the Netrounds Control Center, followed by a look at the dry run of the configuration. The dry run shows various parts of the configuration for the branch office CPE, including IP addressing, access control lists and class maps corresponding to the chosen QoS profile. NSO may also enable built-in test and monitoring capabilities such as TWAMP or Y.1731.

What does NSO configure?

For the Netrounds Control Center, Cisco NSO configures:

  • which testing and monitoring templates should be used
  • which Test Agents to include
  • which reflectors are available in the network

Commit and configure

It would now be time to commit the configuration to the network devices and the Netrounds Control Center. The provisioning of the branch office has been automated, as well as the initiation of the test and monitoring functions. First, an activation test will be prompted.

In most VPNs, your customers access applications at the headquarters location and in the cloud. So, activation tests should include traffic-types to test the following:

  • service response times and performance towards application servers
  • data throughput across the VPN
  • video streaming performance, and
  • SIP call and signaling quality

For a deeper look, we could view the activation test results for the new branch office in the Netrounds Control Center GUI. In the list of the executed activation tests in the Netrounds Control Center dashboard, you can view completed activation tests and whether they have a passed or failed outcome. To see more detailed results, you can click a completed activation test and look more closely at the sequence of tests that were executed. Each step can contain a mix of different traffic types, data plane layers and protocols.

In this scenario, we look more closely at the DNS traffic test step. Using the test report, we could draw conclusions based on the test outcomes – in this demo, we conclude that the response time shows spikes, but it is still within the defined SLA thresholds.

Generate an activation test report

This report summarizes the outcome of all the test steps and shows detailed information for each step, such as SLA levels, KPI charts, and errored second indicator bars. Our customers find that this report is useful as a proof-point that the service was delivered right the first time and that it worked correctly at the time of delivery.

So, as we have automated the provisioning of the service, as well as the activation testing, we can move ahead to enabling active monitoring. For the active monitoring, it is important to note that we reuse the same Netrounds Test Agents that we used for the activation test. Less resources needed, less time, less hassle.

Enabling active monitoring in the new branch office in normally automated in the real world, but for demo purposes, we would manually enable the active monitoring in the NSO dashboard. The real-time SLA is fed from Netrounds to NSO over NETCONF notifications. Clicking the SLA in the NSO dashboard takes us to the Netrounds real-time view where we could view the real time monitor of the SLA plus a time bar indicating any threshold violations, or errored seconds as we call them. We also have the option to change the time interval to better understand long-term performance and behavior.

Drilling down into the details of the active monitor

Looking into the details of the ongoing active monitor for the Business VPN use case, we would see that the active monitor is performing UDP measurements in two different classes – a Best Effort class and a Best Effort Plus class. Choosing the Best Effort Plus class, we could directly view how the link from the branch towards the headquarters is performing.

To find out even more about how this service is performing, you would choose which KPIs to graph. For a UDP stream, examples of KPIs are loss, jitter and delay. For other monitors, like video quality, different KPIs are available. To find out more about Netrounds Test and Monitors, navigate through our interactive Netrounds testing capabilities diagram here.

You can also zoom in to specific sections of the graph to better understand what is causing your threshold violations. Netrounds will automatically filter out what’s relevant for you – in this demonstration, we would see that packet loss is the source of our violation.

A single view for test results and live monitoring for your VPN service

To summarize, our Netrounds real-time dashboard provides you with a single viewpoint for your business VPN service all activation test results and real time live monitoring.

After turning on the active monitoring, we have completed all three steps required to make your customer happy – provisioning a new service quickly, ensuring that it work correctly before delivering it to your customers, and continuously assuring that the VPN service meets SLAs throughout its entire lifetime.

Ensure your agile network services reach their full revenue-generating potential

In addition to meeting your customer’s three demands, with Orchestrated Assurance you will:

  • have the power to automatically verify that you network services are delivered right the first time
  • use automation to reduce manual work and field test efforts
  • ensure that services work without problems and receive notifications and alarms in real time should any issues be experienced, plus enable automatic healing through service redeployment
  • improve visibility and solve any network problems faster

To learn more about Orchestrated Assurance, please visit or If you are interested in scheduling a demo to discuss your network needs, email

Unleash the full potential of network automation. Get started easily today.