Automatisierung im LAN - DFN · Automatisierung im LAN September 2017 Der Start in eine neue Ära des Networkings Thomas Spiegel ... Fabric Wireless Controller – Wireless Controller

Automatisierung im LAN

September 2017

Der Start in eine neue Ära des Networkings

Thomas SpiegelConsulting Systems Engineer

Cisco Roadmap Disclaimer.Some of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document

Cisco Disclaimer

Next generation Workspace

Enterprise Network

Internet of Things

Explosion of User devices

Easier to manage, flexible network solutions

Enterprise Network Trends – Digital Transformation

Seamless Mobility, Consistent User Policy

End to End Network Segmentation

Device onboarding, segmentation, mobility, policy

Device Abstractions, Northbound APIs Controller Based Networking

Manage an Increased Threat Landscape

• SDN & Network Programmability

• SD-Access & DNA Center

• neue LAN Switches

Agenda

SDN & Network Programmability

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

What is Software-Defined Networking (SDN)?

• An approach and architecture in networking where control and data planes are decoupled and intelligence and state are logically centralized

• An enabling technology where underlying network infrastructure is abstracted from the applications [network virtualization]

• A concept that leverages programmatic interfaces to enable external systems to influence network provisioning, control and operations

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Control plane learns/computes forwarding decisionsData plane acts on the forwarding decisions

The Traditional Network…

CP DP CP DP

CP DP CP DP

CP DP CP DP CP DP CP DP

Control Plane (CP)

Data Plane (DP)

Control and Data Plane resides

within Physical Device

7


Control plane becomes centralizedPhysical device retains Data plane functions only

The Network As It Could Be…to an SDN ‘Purist’

8

CP DP CP DP

CP DP CP DP


CP

Control Plane (CP)

Data Plane (DP)


The Network As It Could Be…In a ‘Hybrid SDN’

CP DP CP DP

CP DP CP DP


Controller

A Controller is centralized and separated from the Physical Device,but devices still retain a localized Control plane intelligence

CP

9


• Centralized configuration, management/control, monitoring of network devices (physical or virtual)

• Ability to override traditional forwarding algorithms to suite unique business or technical needs

• Allowing external applications or systems to influence network provisioning and operation

• Rapid and scalable deployment of network services with life-cycle management

SDN Addresses Needs for…

10


Change to Programmatic Interfaces

• Familiar Manual, CLI-driven, device-by-device approach is inefficient

• Increased need for programmatic interfaces which allow faster and automated execution of processes and workflows with reduced errors

• Need for a ‘central source of truth’ and touch-point

12


So…Are All Network Engineers Becoming Programmers?

var myQuestion = { ”question":”All Engineers Becoming Programmers?", ”answer":[true,false] };


What Skills Are Helpful to aNetwork Engineer Branching Out?

• Basic Programming constructs (conditionals, loops, data structures)

• Basic Python / Perl

• REST / Web Services

• Regular Expression

• Data encoding - XML / XSLT; JSON

• Basic SQL

• Basic shell scripting - grep

• #1 - Communicating Effectively with Programmers

16

The Thinker, Auguste Rodin


Network Programmability Cisco Education Offerings

Course Description Cisco CertificationDeveloping with Cisco Network Programmability (NPDEV)

Provides Application Developers with comprehensive curriculum to develop infrastructure programming skills;Addresses needs of software engineers who automate network infrastructure and/or utilize APIs and toolkits to interface with SDN controllers and individual devices

Cisco Network Programmability Developer (NPDEV) Specialist Certification

Designing and Implementing Cisco Network Programmability (NPDESI)

Provides network engineers with comprehensive soup-to-nuts curriculum to develop and validate automation and programming skills;Directly addresses the evolving role of network engineers towards more programmability, automation and orchestration

Cisco Network Programmability Design and Implementation (NPDESI) Specialist Certification

Programming for Network Engineers (PRNE) Learn the fundamentals of Python programming – within the context of performing functions relevant to network engineers. Use Network Programming to simplify or automate tasks

Recommended pre-requisite for NPDESI and NPDEV Specialist Certifications

Cisco Digital Network Architecture Implementation Essentials (DNAIE)

This training provides students with the guiding principles and core elements of Cisco’s Digital Network Architecture (DNA) architecture and its solution components including; APIC-EM, NFV, Analytics, Security and Fabric.

None

For more details, please visit: http://learningnetwork.cisco.comQuestions? Visit the Learning@Cisco Booth


http://https://developer.cisco.com

Dev

Net

18

What Are Cisco's SDN solutions?


Cisco SDN solutions

• Data Center: Application Centric Infrastructure

• WAN: SD-WAN / NFV Solutions

• LAN / WLAN: SD-Access & DNA Center

• Open NX-OS Release for Nexus Platforms

• Open IOS-XE Release for Catalyst & ISR4k/ASR1k Platforms

20


APIC-EMApplication Policy Infrastructure Controller - Enterprise Module

• A purpose-built, easy to use SDN controller

• Does NOT require programming experience [but does have REST NBI]

• Does NOT require HW/SW upgrades to take advantage of controller model (but depending on intended network solution)

• Has specific applications built-in to address common network needs (Base Automation): Enterprise Service Automation (ESA), Intelligent WAN (IWAN), Plug-and-play (PnP), Path Trace, Easy QoS, SD-Bonjour-App, CAA- Life Cycle Management

• Is the Base System for the DNA Center in the SD-Access Solution

• Focus: Enterprise Customers with Few to No Programming Resources that desires a Commercially-supported solution that preserves existing investment and doesn’t require HW/SW upgrades (depending on intended network solution)


Software Defined Networkis here today

SDA Design

SDA – Simplified Management

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

SDA – Segmentation & Policies


SD-Access - Two Level Hierarchy

Building Management VN

Network

Campus Users VN

First level Segmentation that ensures zero Communication between Building Management and Campus Users

1 Virtual Network (VN) VRF

Second level Segmentation ensures role based access control between two groups within a Virtual Network

Scalable Group SGT/SGACL

1

22

Group Policy


SDA – Assurance *

* Roadmap


Know What Is Happening

Outcome based insights

End user on-boarding and connectivity insights

Application visibility and performance

Configuration compliance*

Network health and status

*Post FCS

GUI

NDP: Roadmap* Campus Fabric: = Fabric-Protokolle (VXLAN, LISP, SGT) auf IOS-Level** SD-Access: Automatisierung der Campus Fabric mittels „DNA Center“ auf Basis APIC-EM

*

**

ISE / AD NDP

Control-Plane Nodes – Map System that manages Endpoint ID to Device relationships

Edge Nodes – A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SD-Access Fabric

Border Nodes – A Fabric device (e.g. Core) that connects External L3 network(s) to the SD-Access Fabric

Group Repository

Intermediate Nodes (Underlay)

Fabric Mode WLC

Fabric Edge Nodes

DNA Controller

Analytics Engine

CControl-Plane

Nodes

BB

Fabric Wireless Controller – Wireless Controller (WLC) that is fabric-enabled

Fabric Mode APs

Fabric Mode APs – Access Points that are fabric-enabled.

Fabric Border

DNA Center

APIC-EM

Roles and TerminologySD-Access Architecture

Intermediate Nodes – Underlay

Overlay – Endpoint traffic carried within VXLAN frames between Fabric Edges and between Fabric Edges and Border Nodes

VXLAN Overlay


SD-Access Platform SupportA single fabric for your digital ready network

WirelessRoutingSwitching

AIR-CT5520

AIR-CT8540

Wave 2 APs (1800, 2800,3800)

Wave 1 APs* (1700, 2700,3700)

Catalyst 9400

Catalyst 9300

Catalyst 9500

Catalyst 4500E Catalyst 6K Nexus 7700

Catalyst 3850 and 3650

AIR-CT3504

*with Caveats**Future

NEW

NEW

NEWNEW

SDA Extension

Catalyst Digital Building

Catalyst 3560-CX

NEW

IE Switches** (2K/3K/4K/5K)

ASR-1000-X

ASR-1000-HX

ISR 4430

ISR 4450

ENCS 5400**

ISR 4351

ISR 4331

CSRv

SD-Access• Weiterentwicklung der Campus Switching Infrastruktur• L3-basiertes & “best practise” Underlay• L2 & L3 Overlay• Wireless integriert• integrierte Segmentierung• integriertes Policy-Management User/Devices

Unified Access Data Plane: Foundational Technology for DNA FabricUnified IOS-XE 16.x Software: Foundational Technology for DNA FabricDNA Center (APIC-EM): The FINAL Piece of the Puzzle – Orchestration Software

Zusammenfassung

neue LAN Switches:Catalyst 9000

Catalyst 9K Family – One ASIC, OS & Licensing

Converged OSOpen IOS-XE

ConvergedLicensing Catalyst 9300

Lead Fixed Access

Catalyst 9400Lead Modular Access

Catalyst 9500Lead Fixed Core

The Catalyst 9K Family is built on common attributes

Converged ASICUADP 2.0

• DNA – Digital Network Architecture• Lösungen für die Anforderungen an Netzwerke heute & morgen

• APIC-EM• der Cisco SDN Policy Controller für die Vereinfachung des Netzwerkbetriebes, LAN/WLAN/WAN• APIC-EM Controller Software 1.5 und Basis-Apps kostenfrei und noch verfügbar – heute beginnen!• APIC-EM Controller Software 2.0 nicht mehr kostenfrei (inkludiert in Switch DNA Lizenzen)

• Software Defined Access• Next Generation Campus Switching Infrastruktur• automatisiert über die DNA-Center App auf dem APIC-EM

• Switching-Komponenten• bei der Auswahl beachten, ob SDA-Readiness gegeben sein soll• bevorzugt C9500 bzw. C6800 im Core/Distribution, alternativ N7700• bevorzugt C3650/C9300/C9400 im Access, alternativ C4500E, C2960X

Zusammenfassung

Documents

Automatisierung im LAN - DFN · Automatisierung im LAN September 2017 Der Start in eine neue Ära des Networkings Thomas Spiegel ... Fabric Wireless Controller – Wireless Controller