Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Cisco Catalyst SE
René Andersen & Per Jensen
Catalyst Januar 2017Cisco Switch Tech update
TRADITIONAL ACCESS
CONVERGED ACCESS
Catalyst 3650
Catalyst 3850
Catalyst 2960-XCatalyst 2960-XR
Catalyst 6800/6500
Catalyst 4500E Sup 8
New Catalyst platforms for campus
Cisco Catalyst portefolio overview
Wired/Wireless
Convergence
For Entry Level
Stackable Switch
Wired/Wireless
Convergence
for High End
Stackable Switch
Double everything Greenest Switch Ever
Catalyst 6800/6500
Industry Leading Campus Backbone Platform
Wired/Wireless Convergence
for Chassis Based Switch
Catalyst 3850 10G SFP+12 Port and 24 Port
C3850-NM-4x10G
C3850-NM-8x10G
C3850-NM-2x40G
UADP ASIC Converged Access` StackWise-480 StackPower1+1 Power
RedundancyLine-Rate
C3850-NM-4x10G
WS-C3850-24XS
WS-C3850-12XS
640GB Line-Rate
UADP ASIC
• New 750W AC Power Supplies
• 1+1 Power Supply Redundancy
• Front-to-Back and Back-to-Front Fan options
48 x SFP+ Fixed
UADP ASICConverged
AccessLine-Rate Virtual stacking
1+1 Power Redundancy
Front-to-Back & Back-to-Front Fans and Power Supplies
*No StackWise or StackPower on 48p SKU
4 x QSFP Fixed
Catalyst 3850 10G: 48 Port
Common Infrastructure / HA
Management Interface
Module Drivers
Kernel
IOS XE EvolutionSame Look & Feel, More Powerful Architecture
IOS
IOS
Common Infrastructure / HA
Management Interface
Module Drivers
Kernel
IOS XE 3.7.x(SE)
Features Components
Hosted AppsIOSd
FeaturesComponents
WCM
Wireshark
IOS XE Polaris 16.x
Hosted AppsIOSd
FeaturesComponents
LXC*
LXC*
Crimson DB
Common Infrastructure / HA
Management
Interface
Module Drivers
Kernel
WCM
Wireshark
BRKARC-3438 5
• MPLS
• Application Visibility and Control
• Programmability
• COAP
• POE Innovations
• Enterprise Media Networks - AVB
• WCM Sub package upgrade
• MACSEC 256
• ERSPAN
Some Important Features Released in 16.3.1
• Campus fabric (VXLAN, LISP)
• Virtual Stackwise (Beta) til 3850-48XS (Kommer i final 16.3.3 til feb)
• Switch#conf t
• Switch(config)#stackwise-virtual
• Stackwise Virtual enabled. WARNING (Not TAC supported)
• Configure Stackwise Virtual interfaces and reboot to form the stack
• Switch(config-stackwise-virtual)#exit
• Switch(config)#int range FortyGigabitEthernet1/1/1-4
• Switch(config-if-range)#stackwise-virtual link 1
• WARNING: All the extraneous configurations will be removed for FortyGigabitEthernet1/1/1 on reboot
• Switch(config-if-range)#end
Some Important Features Released in 16.3.2
SW-1 SW-2
WS-C3850-48XS WS-C3850-48XS40G/10G
Core
StackwiseVirtual
EFT Starting 16.3.2
40G/10G VSL Link
Dual Active DetectionFast Hello
ePAgP*
16.3.3Feb17
AVC with DEMO
0 1 0 0 1 0 1 0 0 1 1 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 1 1 0 0 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 1 1 1 1 0 0 1 0 1 0 1 0 1 0 1 0 0 0 0 1 1 1 1 0 0 0 1 0 1 0 1 1 0 1 0 0 1 1 0 1 0 1 1
0 1 0 0 1 0 1 0 0 1 1 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 1 1 0 0 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 1 1 1 1 0 0 1 0 1 0 1 0 1 0 1 0 0 0 0 1 1 1 1 0 0 0 1 0 1 0 1 1 0 1 0 0 1 1 0 1 0 1 11 0 0 0 1 1 1 1 0 1 0 1 0 1 0 0 0 1 0 1 0 0 1 0 1 0 0 1 0 0 0 0 1 0 1 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 0 0 1 0 1 0 0 1 0 0 1 0 0 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 0 1 0 1 0 0 0 0 1 0 0 1
Do You Really Know what’s in your Network?
Routers/ Switches/ WLC/ Converged
Access
Your Business may be losing MONEY!!!
© 2016 Cisco and/or its affiliates. All rights reserved
Challenges
HTTP
FTP
POP3
IMAP
HTTPS
SMTP
80
20/21
110
143
443
25
Yesterday’s Applications Today’s ApplicationsL7
L6
L5 AV
C
L4
L3
L2
L1
Netflo
w
© 2016 Cisco and/or its affiliates. All rights reserved
Know, Monitor & Control Your ApplicationsGranular Detection, Advanced Monitoring & Business Logic Based Policies
Monitor Your ApplicationsKnow Your Applications Control Your Applications
Prioritized Applications Bandwidth Management
Fault Isolation, TroubleshootingPerformance Assessment
Granular App DetectionEncrypted Application
© 2016 Cisco and/or its affiliates. All rights reserved
NBARPP Signatures
Advanced Classification Techniques
Native IPv4/ IPv6 Classification
Advanced Field Extraction
Custom Signature Builder
Can be used with MQC (Modular QoS CLI) to control the traffic patterns in the network
Supported devices: Catalyst 3850/3650, ISR-G2 (86x, 88x, 89x, 19xx, 29xx, 39xx), 44xx, ASR1k, CSR1kV, WLC (2508, 8500, 7500, 55xx)
Protocol Pack allows adding more applications without upgrading or reloading IOS
Use heuristic algorithms to recognize encrypted traffic
And …
Recognizes~1500 Apps
~140 Encrypted Apps
Network Based Application RecognitionBRKCRS-1510 18
Application Recognition Techniques
• Pre Defined Apps
Metadata on DNS
Server
• Lightweight &
authoritative
• Identify most
Applications
• Detects ENCRYPTED
apps
• Custom Apps
• IOS XE 3.9.0E (Cat4K)
IOS XE 16.7 (Cat3K)*
• IOS 15.2.5E2 (Cat2K)*
.
DNS-AS
• 1500 Apps • Initial packets copied
to CPU• Good for most app
except evasive app like bittorrent
• Available in IOS XE 16.3.2 (3650/3850)
NBAR2 (Performance
Optimized)
NBAR2DPI
• 1500 Apps• Fine Grain DPI• Mostly on Routers,
InternalNetwork
DNS-AS Operation
1) Client requests a DNS Lookup
2) Access Switch examines the DNS request
3) Internal DNS Server returns a DNS response (A-Record)
4) Access Switch requests application metadata information by generating its own DNS query
5) Internal DNS Server returns application metadata (A-Record + TXT Record)
6) Access Switch maintains a Binding Table of application metadata
DNS Server App Server
DNS Lookup:
mail.timco.com
DNS A-Record:
mail.timco.com is 172.16.0.7
DNS Lookup + TXT Record Request:
mail.timco.com
TXT Record:
172.16.0.7
mail.timco.com
App ID = 378
App Class: BULK-DATA
Business Relevance: YES
IP Address PTR App-ID App-Class Business-Relevance
172.16.0.7 mail.timco. 378 Bulk Data YES21
Enabling and Monitoring AVC – CLI - License : IP Base
CLI
switch# show run int g1/0/23
Building configuration...
interface GigabitEthernet1/0/23switchport access vlan 193ip nbar protocol-discoveryend
switch# show ip nbar protocol-discovery top-n
GigabitEthernet1/0/23 Input Output ----- ------
Protocol Packet Count Packet Count Byte Count Byte Count 5min Bit Rate (bps) 5min Bit Rate (bps) 5min Max Bit Rate (bps) 5min Max Bit Rate
------------------------ ------------------------ ------------------------youtube 356 187
264713 25603 0 0 6000 3000
bing 2741 2384 493258 423925 0 0 3000 3000
© 2016 Cisco and/or its affiliates. All rights reserved
Enabling AVC ServicesWebUI interface
AVC MonitoringWebUI - Easy and Simple Visibility
POE Innovations
Cisco Innovations in PoE deliver a robust low voltage infrastructure
2-event classification
Super Fast power negotiation without LLDP
Physical layer negotiation < 1s based on Class/Type
Uninterrupted POE power during control plane reboot
Bypasses IOS control plane boot
Restores power to Powered Device within 30sec of power resumption
Perpetual POE Fast POE
© 2016 Cisco and/or its affiliates. All rights reserved
Cisco mGig
mGig – Value to our Customers
Maintain Switch to AP Reach at Higher SpeedsAdaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G) Future proofed for higher speeds
Infrastructure Investment Protection Supports 100m distance with Cat5e/Cat6 cabling up to 5G speeds for BrownfieldSupports Cat6a cabling for Greenfield deployments for higher speeds
POE/POE+/UPOE Cisco Innovation over 10GT Standard to support high end point power needs
Standards Compliant 1G and 10G BaseT IEEE standards, IEEE P802.3bz 2.5/5GBASE-T standardization in progress
NBASE-TTM going Standard802.3bz Standard in October 2016
Cisco continues to drive standards forward
802.3bz
MultiGigabit Use Cases
GigE Vision over NBASE-T
high-performance industrial cameras
BioScience Research & Tools
Servers Connectivity at Higher Speeds
11ac Wave2 APs Uplinks for Access Extension
3800 APs C3560-CX mGig NIC
The NEW Cisco Catalyst Multigigabit Product Family
• NG Workspace switch
• Multigigabit in smallest form factor
• POE/POE+
• Instant Access support
• Industry leading Fixed Access
• 24 & 48 Port Stackable Switches
• 24 & 12 Multigigabit Ports
• New Uplinks
• Best In Class Modular Access
• New 48 Ports Line Card
• 12 Ports of Multigigabit per slot
• Up to 96 multigigabit ports per system
4500E 3850 3560CX
Innovation in multiple form factors!!
The New Catalyst 3650 Multigigabit Switches
Stackable with all 3650 & 3650 Mini Switches
Competitive 48-port Mgig Entry Level 24 port mGig
# of mGigPorts
PortCapabilities
Uplinks
12 mGig ports 8 mGig ports
UPOE & PoE+ SKU’s, EEE, MACsec
UPOE & PoE+ SKU’s, EEE, MACsec
2x10G, 4x10GNew 2x40G and 8x10G
2x10GNew 4x10G
Cisco Catalyst 2960X
Backwards compatible stacking with the 2960-S
FlexStack-Plus with 80Gbps bandwidth
Netflow-Lite on all ports
4 or 8 queues per port(2960-XR)
EEE downlinks
FRU Dual Power Supplies(2960-XR)
Dual Core CPU
MacSec Ready 4 MB Buffers
Power SavingSwitch Hibernation Modes
2 x10G or 4 x 1G uplinks
L3 Features(2960-XR)
Signed IOS images
Cisco Catalyst 2960-X Series
Catalyst 2k
E x t e n d i n g U n i f i e d A c c e s s
2 k f a m i l y j u s t g o t 2 x b e t t e r
NetFlow Lite with 2960-X & -XRBuilt-in sampled NetFlow
Flexible NetFlowConfigurable key fields including L2, L3, L4
ASIC-based captureAt line-rate with minimal CPU impact
Covers all portsNorth-South and East-West traffic
Detect anomalies
Identify top users and applications
Catalyst 2960-X NetFlow Lite
• v9 Export• 16K flows• Sampled
• Random• Deterministic from 1:1022 to 1:32
Catalyst 2k
This is Roadmap and could possibly change, but the Catalyst 2960-X/XR could possibly get full Flexible Netflow capabilities. ...looks like C1 Foundation will be required…still waiting on solid information.
2960X / 2960XR
User traffic
flows
User traffic
flows
Flow
records
Flow
collector
StealthWatch
consoleOn Prem / Virtual
appliance
• Full Ingress NetFlow on 2960X/XR
• Switch supports 8k flows / ASIC
• NetFlow collection done in hardware with Minimum impact to CPU
• NetFlow version 9 and version 5export
• Full NetFlow supported on stacked and standalone 2960X/XR
NaaS on 2960 X/XR C1 for Full Netflow/NAAS ShippingFeb17
Cisco Catalyst 2960-L Series Switches
More Use CasesPowering Small Networks with Quietness and Simplicity
Often used in:
Bank branchesHotel buildingsSchool buildingsRetail storesOffice buildings
Common ask:
Low-priced GE modelSimple managementLow energy consumptionLow-budget PoE+802.1X and web authenticationSmall form factorOut-of-wiring-closet designBasic Layer 2, QoS, and IPv6Enterprise-grade quality and support
Addressing Business TransformationNew Unified Access Cisco Catalyst Switching Solution
Bu
sin
ess
Co
nti
nu
ity
Business Agility
Green Intelligent ServicesComprehensive
SecurityEase of Operations
and Simplicity
Mission-Critical Performance
Scale and Resilience
Entry-Level Cisco Catalyst
C2960-L Lan Lite
New
Converged L2 Services
C2960-X LAN Base
Resilient L2 andConverged L3 Services
C2960-XR IP Lite
Introducing Cisco Catalyst 2960-L SeriesEntry-Level Cisco Catalyst GE Switches
IOS LANLite image
2 x 1G or 4 x 1GEEE
downlinks
Operational temperature-5 to 55°C
Cisco EnergyWise™ management
Type-A USB for storage and Bluetooth dongle
Persistent PoE (FCS+1)
Shallow depthUp to 11.5” 4 Egress queues
per port
2 MB per ASIC
Up to 370W PoE+
Versatile Form Factor Noiseless Cisco TAC Support Energy Efficiency Simplified Management
Enterprise-class
• CLI, web GUI, mobileapp (FCS+1)
• Cisco IOS® Software
• Cisco Catalyst® brand
• ELLW
• Fanless operation
• High MTBF
• Cisco® lifecyclemanagement
Bluetooth-ready
800 MHzCPU
The New Cisco Catalyst 2960 Family
Ease of Use Robust Security Enhanced Lifetime Warranty Energy Efficiency Lower TCO
Feature Leadership and Cisco Quality at Competitive Prices
Cisco Catalyst® 2960-PlusStandalone FE switch with
basic Layer 2
FCS May 2013
Fast Ethernet
Cisco® Catalyst 2960-LLowest-priced Cisco® Catalyst® GE
with basic Layer 2Simple + Noiseless
FCS September 2016
Cisco Catalyst 2960-X/XRGlobal share fighter
with advanced Layer 2/3Stackable + Resilient
FCS August 2013
Gigabit Ethernet
New
Simple Management: Web UI
Catalyst 6800 FamilyThe Next Generation Campus
Backbone Portfolio is here!
Architectural SolutionLeverage aggressive services and
bundle pricing to beat competition.
Nonstop InnovationStrong hardware and software
roadmap with a lot more to come
Introducing Supervisor 6TTaking Catalyst 6800 to a New Level
Scalability &
Performance
Feature Parity with Sup2T from Day 1: 3000+ Features
UCIReady
SUP2T SUP6T
6807-XL Bandwidth 220G /Slot 440G /Slot
6500-E Bandwidth 80G /Slot 80G /Slot
RP CPU1.5Ghz
MPC85722.5Ghz
X86 Dual Core
CPU PerformanceCEF – 250Kpps
Process: 26Kpps
CEF – 600KppsProcess: 80Kpps
Memory2 - 4GB
DDR2 667Mhz4 GB
DDR3 1333Mhz
Uplinks2 x 10G (X2) &
3 x 1G (SFP)2 x 40G (QSFP) &8 x 1/10G (SFP+)
Uplinks Advanced Features
VSS,MACSEC, SGT
VSS, IA, MACSEC, SGT, LISP, UCI
Bootdisk Compact Flash(2GB) eUSB(4GB)
Mgmt PortRJ45 CMP
RJ45 / SFP Mgmt0
Power Consumption(Non XL/XL)
436/451W 341/353
High-Performance
Control Plane
with 2.5GHz CPU
2 x 40G (QSFP) and 8 x
10G (SFP+) Uplinks Support
for IA, LISP, etc
Fiber / Copper
Management Ports
Improved Fabric Provides
440G/slot in C6807-XL
* No CFC or Service Module Support
QSFP-40G-SR4
QSFP-40G-CSR4
QSFP-40G-SR-BD
QSFP-40G-LR4
QSFP-40G-ER4
Future Proofing with 10G to 40G Adapter
C6800-8P-10G
Phase I - 15.3(1) SY w Sup6T
C6800-16P-10G
C6800-32P-10G
Reverse SFP to QSFP Adapter Can Upgrade Your 10G Ports to 40G
40G Adapter
QSFP
SFP+
Phase II - 15.3(1)SY1 w Sup2T
Automation
Abstraction & Policy Control from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data, Contextual Insights
Network-enabled Applications
Cloud-enabled | Software-delivered
What’s New: Cisco DNA Innovations
New!
Enterprise NFV
Branch Service VirtualizationControlled Availability, March 2016
New!
New!
Available on DNA-Ready Infrastructure through Cisco ONE Software
APIC-EM Automation PlatformCompletely New PlatformAvailable Now
Base Automation: Plug and PlayAvailable Now
Policy Services: IWAN App & EasyQoSAvailable Now |
Integration for ISE & Prime
CMX CloudPresence Analytics and ConnectAvailable Now in US, April 2016 for ROW
WAN
ISR | ASR | ISRv
DNA Innovations Mapping to Cisco ONE Software
Threat Defense for WAN
Advanced Security
WAN Collaboration
Advanced Application
Foundation for WANPnP, Easy QoS, IWAN App
Dynamic QoS*, Smart Troubleshooting*, PnP Cloud*
Foundation
AP | WLC | WLCv
Advanced
Mobility ServicesCMX Cloud
Wireless service Assurance*
Foundation for WirelessPnP, Easy QoS
Dynamic QoS*, Smart Troubleshooting*, PnP Cloud, StealthWatch*
Catalyst
Policy & Threat Defense for Access
Campus Fabric DNA Secure Access
Foundation for SwitchingPnP, Easy QoS, Network as a
Sensor/StealthWatch* Dynamic QoS*, Smart Troubleshooting*, PnP
Cloud*
Access
Platforms
New! New!
New!
New!
New!New!
Automation & Assurance
E-NFV/Enterprise Service Automation*
Cross domain Policy Orchestration*
New!
New!
Continuous Innovation, Continuous Delivery
Select Software Capabilities1
Cisco ONE™Foundation
Cisco ONE Simplifies DNA Software Purchasing
Wireless | Switching | Routing
Physical | Virtual
Select Platform2
Traditional
Subscription
Enterprise Agreement
SelectPurchasing Model
3
Advanced Application
Advanced Security
Summary: Cisco ONE Release, December 2016
Change Description Domain Change Type
Benefits
1 year subscription of Stealthwatch added into Cisco ONE foundation suite of Cat3K fiber and Cat4K (Go Live – 1/7/2017)
Access Switching
New software capability
• Network as a Sensor (NaaS) capability available to Cat3K- fiber and Cat4K customers.
Cisco ONE offer for Catalyst 3650 – 24 port and 48 port mGig switches
Access Switching
New Offer • Cisco ONE benefits of license portability, new software capabilities extended to Catalyst 3K mGig, Nexus 3524 and ASR1001-HX customers.
Cisco ONE offer for Nexus3524 DC Switch DC Networking
Cisco ONE offer for ASR1001-HX WAN
Add on Cisco ONE Performance license for ISR4K WAN Offer optimization
• Cisco ONE Performance licenses can be ported to another ISR4K device.
Add on Cisco ONE WAAS and Akamai connect license for ISR4K
WAN Offer optimization
• Customer can purchase additional connections of WAAS and Akamai Connect on top of connections available in Cisco ONE suite.
Access: Stealthwatch inclusion into Cat3K and Cat4K suitesChange Summary: Stealthwatch inclusion into Cat3K & Cat4K, Cisco ONE- Foundation suite
Cisco ONE Domain Access-Switching
Offer Update details • Enable broad adoption of Network as a Sensor (NaaS) by including
Stealthwatch into Foundation for Cat 3K- Fiber and Cat4K Switches
• 100 flows/second– 1 year term license added to Cisco ONE foundation suite
for Cat4K non-aggregation switches
• 150 flows/second – 1 year term license added to Cisco ONE foundation suite
for Cat3K and Cat4K aggregation switches
• Stealthwatch flow collector and management software included in Cisco
ONE Foundation suite
Price Changes Yes, foundation software suite price increase of $300 to $500
No change to software support (SWSS) price
Customer benefit Additional software feature available to Cat3K and Cat4K customers at a small
incremental cost
Go Live –
1/7/2017