Upload
cisco-canada
View
190
Download
0
Embed Size (px)
Citation preview
Karl-Etienne St-Pierre & Nigel Gocan
Systems Engineer
Nov10, 2016
DNA Automation and Evolved Campus Networks
Cisco Vision, Strategy, & Digital Transformation
Digital Network Architecture – Overview and Components
DNA in Action – Programmable Hardware
Catalyst platforms
DNA in Action – Network Fabrics
Summary
Agenda
Transform our customers’ businesses through powerful yet simple networks.
Why
How What
Cisco’s Vision
Cisco’s Enterprise Networking VisionOverview
Whydo networks need to change?
*Cisco VNI Study 2012
of “things” are unconnected99%
… but could be!
Traffic Growth
4XTransition to Cloud*
Mobility
Wi-Fi 50% of Traffic
(Video over Mobile Devices)*
The Network MUST Change
to accommodate these trends
Intelligent
Device Growth
2.5/PersonBYOD
Programmable
Simple
Network TrendsConnecting the Previously Unconnected, Growth, and Change
Overview – Enterprise Networks Today
LOTS of Functionality …BUT
LOTS of Complexity …
Can we make Enterprise Networkssimpler, with a similar – or greater –
level of functionality?
Source: 2016 Cisco Study
Policy Violations Due to Human Error
Network Changes Performed Manually
95%
OpEx spent on
Network Visibility and
Troubleshooting
Traditional Networking CANNOT Keep Pace with the Demands of Digital Business
…and Have multiple Operational Challenges
70% 75%
Howcan we change the way
we do networking?
Intelligent
Programmable
Simple
StrategyWe create solutions built on
intelligent networks that solve our customers'
challenges
VisionChange the way the world
works, lives, plays, and learns
CiscoVision and Strategy
Unlock the Power that Exists in the Network through
Abstraction, Automation, and Policy Enforcement
Leverage the Power of Existing
Distributed Systems
Enable Network Wide Fidelity to an Expressed
Intent (Policy)
Cisco’s Enterprise StrategyOverview
Country Digitization is Improving Citizen LivesIncrease The Country’s GDP, Reduce Spending and Create Jobs With A Cutting-edge Digital
Foundation
Employment &
Social Inclusion
Public Safety
& Security
Smart City Services
Environmental
Sustainability
Innovation Opportunities
GDP Growth
Peace Keeping
Cyber Security
Cisco Vision and Strategy
Digital Transformation
Digital Network Architecture – Overview and Components
DNA in Action – Programmable Hardware
Catalyst platforms
DNA in Action – Network Fabrics
Summary
Agenda
Insights &Experiences
Drive Business Innovations
Security & Compliance
Real-time and Dynamic Threat Defense
Automation& Assurance
Speed, Simplicity & Visibility
The Network Enables Digital Business
Network Requirements for the Digital OrganizationOverview
Insights &Experiences
Security & Compliance
Automation& Assurance
Drive Business Innovations
Real-time and DynamicThreat Defense
Speed, Simplicity & Visibility
• Visibility into Users behavior,Applications, Network performance
• Customer has the elementsto make decisions faster
Abstraction layer
• Abstraction, Intent, Policy Automation• Verification of Desired Result Assurance
Wi-Fi Core WAN Cloud
APIC EM
Using the Network as a Sensor for security threats and then Enforce
Compliancy through Segmentation
Network Requirements for the Digital OrganizationOverview
Intent Telemetry
Automation
Abstraction & Policy Control from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data, Contextual Insights
Insights & Experiences
Automation& Assurance
Security & Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco Digital Network Architecture (DNA)Overview
Automation
Abstraction & Policy Control from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data, Contextual Insights
Insights & Experiences
Automation& Assurance
Security & Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco Digital Network Architecture (DNA)Overview
vBranch
IP
NFVIS
WAAS
IPS
vSwitch
vBranch
IP
NFVOS
WAAS
IPS
vSwitch
Network Interface (UNI)
PEP: Policy Enforcement Point
VirtualizationPhysical & Virtual Infrastructure | App Hosting
VPCEnterprise Fabric
Encryption
Encryption
Encryption
PEP
Public Cloud
VPC
WAN Agg
Apps
Apps
WAAS
IPS
WAAS
IPS
UNI
AWS
VPC
Hosting and Hosted Network Functions
Advanced, Multi-Core, Feature-Rich Routing Silicon
QFPQuantumFlow Processor
Fully Programmable: leveraging the many features of IOS-XE with hardware performance
Scalable: Massive number of CPU cores (40/64), abilityto cascade multiple QFPs = consistent high performance
Advanced on-chip QoS: 100,000+ hardware-based queues, sophisticated traffic shaping and control
Secure: linkage to high-performance crypto capability for secure WAN transport
Extensible Architecture:ability to scale both up and down—the foundation for a long-lived family of high-performance, flexible routing silicon
UADPUnified Access Data Plane
Flexible, Programmable, High-Performance Switching Silicon
Fully Programmable:excellent flexibility, ability to handlenew encaps (VXLAN, GPE, etc.) –hardware speed, with software elasticity
Scalable: Massive recirculation bandwidth and low recirculation latency provide excellent tunneling and services support for traffic flows
Advanced on-chip QoS:client–level granularity, sophisticatedbandwidth shaping, with integratedon-chip NetFlow for visibility
Secure: integrated on-chip supportfor MACsec encryption (AES-128, CBC)
Extensible Architecture:ability to scale both up and down –the foundation for a long-lived family ofhigh-performance, flexible switching silicon
VirtualizationPhysical & Virtual Infrastructure | App Hosting
“People that are really serious about software should build their own hardware”100% Cisco-developed programmable silicon: unlocking the power of DNA at hardware speeds
Operational and Services Uniformity: Routing, Switching, and Wireless consistency
New Foundational Capabilities: HA and operational leadership, state decoupling, net database…
Speed of Innovation Velocity:“Code once and Re-use Many” acrossmultiple places in the network
Foundation for Virtualization: providing for network hosting and integration of virtualized functions (VNFs, containers)
Platform for the Future:the “software stage” for thenext wave of Cisco innovation…
IOS-XEThe Evolution of IOS
Taking the Proven Strengthsof IOS to the Next Level
Building on a Strong Foundationof Hardware and Software Innovation
Automation
Abstraction & Policy Control from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data, Contextual Insights
Insights & Experiences
Automation& Assurance
Security & Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco Digital Network Architecture (DNA)Overview
• Express Business Intent
• Translate into device specific policy/configuration
• Leverage Abstraction (the controller knows about the device specifics)
• Automate the Deployment across the Network
• Insure Fidelity to the Expressed Intent (keep everything in sync)
User policy based on user identity and user-to-group mapping
Employee (managed asset)
Employee (Registered BYOD)
Employee (Unknown BYOD)
ENG VDI System
PERMIT
PERMIT
DENY
DENY
DENY
DENY
DENY
PERMIT
PERMIT
PERMIT
PERMIT
PERMIT
Production Servers Development Servers Internet Access
Protected Assets
Sou
rce
De-coupling ofUser Identity and Topology
Much easier to translate business objectives to network functionality—
Lowers TCO
Co
nfi
gura
tio
n
Controller-based AutomationToday
Traditional Traditional
Policy
Traditional
Policy Policy
Policy based Configuration—Dynamic, able to be automated by the Controller
Over time—Policy grows, static shrinks
AutomationController-Led
Networking Deployment
Evolution to a Policy Model
Any given “custom” configuration has a very high probability of not being tested exactly as deployed “individually—as a one off…” which introduces potential issues…
Risk BugsUncertainty Problems
Combinatorial Issues…
Trust
AutomationController-Led Networking Deployment
The automated configuration deployed by the controller will have gone through…
• Joint development by the Cisco Product Teams, the Architects developing Best Practices, and the Controller Team – “Blessed Configurations”
• Testing by Cisco’s Solution, System, and Devtest teams against the deployment use cases developed jointly, above
• And will be deployed by 1000’s, with any unforeseen situations addressed ASAP due to widespread and standardized deployment
Greatly increasedprobability of success
Controller-Led NetworkingBridging the Gap to Increased Success in Network Deployment and Use
Analytics
Instrumentation Telemetry Correlation
Measure and Adjust
Click here to Correct
Always Correct this way (and never ask me again)
Applications
Automated Deployment
Network
Endpoints
Run Reports
Discover user insights
Deliver relevant content
APIC EM
AnalyticsNetwork Data, Contextual Insights
Deploy, Report, Measure, Adjust, Repeat
Automation
Abstraction & Policy Control from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data, Contextual Insights
Insights & Experiences
Automation& Assurance
Security & Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco Digital Network Architecture (DNA)Overview
Plug & PlayCMX
Business Analysis
Branch TeleworkerCampus/HQ
TelemetryContinuous Innovation
Cloud-based Audits
Cloud ConnectedSimplicity | Speed
Branch
TeleworkerCampus/HQ
Hybrid CloudAWS | Rackspace| Azure|
Cisco Intercloud
CSR1000V
VPC / vDC
vASAFTDvStrataWatch
WAN
Cloud DeliveredInnovation | Insights
Cloud EdgeIaaS Scale | Flexibility
Branch TeleworkerCampus/HQ
Cloud-Enabled NetworkingOverview
Automation
Abstraction & Policy Control from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data, Contextual Insights
Insights & Experiences
Automation& Assurance
Security & Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco Digital Network Architecture (DNA)Overview
jafrazie$ ssh [email protected]
[email protected]'s password:
cho# conf t
Enter configuration commands, one per line. End with CNTL/Z.
cho(config)#
Task Oriented
Human Friendly
Easy To Replay
No Special Tools
Software Unfriendly
Syntax/format changes
No Common Data Model
No Error Reporting
Configuration ManagementToday
Other vendors…
RESTCONF NETCONF gRPC
Data Model
Configuration
StandardDevice Specific
Device Features
Interface BGP QoS ACL …
Operational
StandardDevice Specific
Open Device Programmability
Physical and Virtual Network Infrastructure
AutomateSet Get
Open Device ProgrammabilityOverview
DevopsOrchestration
Automation
tcollector
Monitoring/ Analytics
Embracing Tools
Automation
Abstraction & Policy Control from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data, Contextual Insights
Insights & Experiences
Automation& Assurance
Security & Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco Digital Network Architecture (DNA)Overview
Cisco Vision and Strategy
Digital Transformation
Digital Network Architecture – Overview and Components
DNA in Action – Programmable Hardware
Catalyst platforms
DNA in Action – Network Fabrics
Summary
Agenda
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Programmable Custom ASICs
Industry Leading
Wired & Wireless | Stacking | TrustSec | SDN
Advanced Functionality
Programmable Pipeline | Flexibility | Recirculation
Optimized for Campus
Integrated Stacking | Visibility | Security
Future Proofed
Long Life Cycle | Investment Protection
`
Network Enabled Applications
Collaboration | Mobility | IoT | Security
Automation and Analytics
Controller | Visible | Programmable | Open
Virtualization
Segmentation | L2 Flexibility
Designed for Evolution
Strong Foundational Capabilities | HA
Converged Software Services
+
Driving Innovations Through Technology Investments
Foundational PillarsFor the Digital Network Architecture
Traditionally the pipeline is
FIXED
ASIC Processing Pipeline
ASIC Re-Spin (if needed)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Modify processing behavior
without incurring re-spin
ASIC Programmable Pipeline
BRKCRS-2700 35© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
MPLS
VXLAN
LISP
TRILL*
SPB*
and more…
Possible Future UADP Use Cases
* Not Committed
BRKCRS-2700 36
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKCRS-2700 37© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKCRS-2700 38
Cisco Vision and Strategy
Digital Transformation
Digital Network Architecture – Overview and Components
DNA in Action – Programmable Hardware
Catalyst platforms
DNA in Action – Network Fabrics
Summary
Agenda
The Solution – Cisco Multigigabit Technology Powered by NBASE-T
Delivers up to 5X Speeds in Enterprise without replacing Cabling Infrastructure
2.5-5G!
Cat 5e Cables
WiFi > 1G
Multigigabit
SwitchMultigigabit
Capable AP
Is a game-changing technology
allowing enterprise networks to
evolve beyond 1G
Enables 2.5 and 5 Gbps up to
100m on legacy cables
Supports all PoE standards
up to 60W
Cisco Multigigabit with
10G SFP+1G SFP
1/10G 1RU Aggregation
Catalyst 4500-X
• Fixed 10G Aggregation
• 16p & 32p Base Units
• 8 port 10G Network
Module
• Front-to-Back and
Back-to-Front Fans
and Power Supplies
1G 1RU Aggregation
Catalyst 3850
1G Fiber
• Fixed 1G Aggregation
• Stackable
• 12p and 24p SKU
• 10G Network Module
Catalyst 6880-X
• Fixed Supervisor
with 16 10G ports
• Up to 4 x 16 port 10G
Network Modules for
80 10G ports
• Best-in-Class Core
Feature-set
• BGP, MPLS, VSS,
Instant Access
1/10G 1RU Aggregation
Catalyst 3850
10G Fiber
• Fixed 10G Aggregation
• 12p, 24p & 48p SKU
• Stackable (12p/24p)
• 10G & 40G Network
Module
1/10G 5RU Core
Catalyst 6840-X
• Fixed 10G Core & Agg
• 16p & 32p 10G SKU
• 24p & 40p 10/40G SKU
• Front-to-Back Fans
and Power Supplies
• Best-in-Class Core
Feature-set
• BGP, MPLS, VSS,
Instant Access
1/10G 2RU Core & Agg.
Catalyst Fixed Backbone PortfolioS
ca
le /
Fea
ture
s
NEW
Catalyst 3850 10G SFP+ Switches
WS-C3850-24XS
WS-C3850-12XS
WS-C3850-48XS
Cisco Stackwise Virtual
L2/L3Dist-1 Dist-2VSLSW-1 SW-2
Phase 1 - Aggregation
Unified Control and
Management plane
Simplified L2/L3
network designs
Inherits all proven VSS
architectural benefits
High-performance 10G
Aggregation block
Non-oversubscribe :
o 96 x 10G Ports
o 8 x 40G Ports
Fully Distributed
Forwarding
Non-stop business
communication with
Cisco NSF/SSO
Proven 1+1 HA
architecture
Next-gen In-service
Software upgrade ready
Etherchannel – up to 4p
(8p future)
Flexible design on all
next-gen UADP based
systems
Elastic topology
design – Hub/spoke,
Ring, Chain
Simplification across
multiple network
layers
Based on next-gen OS
– IOS XE Denali
Rich IOS feature sets –
L2/L3, Routing,
Multicast, QoS, etc.
ACTIVE HOT-STANDBY
SW-1
WS-C3850-48XS | 96 x 10 Gigabit Ethernet | 8 x 40 Gigabit Ethernet
Simple Scale Resilient Flexible Advance
Distributed stacking will support 16.1 feature parity during FCS. Please check release notes for compete details.
Cisco Vision and Strategy
Digital Transformation
Digital Network Architecture – Overview and Components
DNA in Action – Programmable Hardware
Catalyst platforms
DNA in Action – Network Fabrics
Summary
Agenda
Use best-practices, policy-
based provisioning across the
network
Look at the entire wired,
wireless and WAN network
that is managed as a single
entity
Quickly enable services by
using open APIs across a
services ecosystem
Fabric Key Benefits
Ensure Policy ComplianceFind Any User or Device
with a Network Search
Launch Secure
Services Faster
Secure, Policy-based
Segmentation &
Automation
Complete Network
Control & Assurance
Fast Easy Service
Enablement
Assure performance of
mission-critical applications
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
A Fabric is an OverlayAn “Overlay” is a logical topology used to virtually connect devices, built on top of an arbitrary physical “Underlay” topology.
An “Overlay” network often uses alternate forwarding attributes to provide additional services, not provided by the “Underlay”.
• GRE or mGRE
• MPLS or VPLS
• IPSec or DMVPN
• CAPWAP
• LISP
• OTV
• DFA
• ACI
Examples of Network Overlays
What Exactly is a Fabric?
BRKCRS-2700 46
Controller-based ManagementFabric Orchestration and Visibility
Single User Interface for Fabric Management
Cisco Fabric VisionUnderlay, Overlay, and Controller
APIC-EM
Programmable Overlay
Connects Users and Devices to each other, w/ policy control
Standards-based control plane (LISP)
Standards-based data plane (VXLAN)
Prescriptive Underlay
Connects the network elements to each other
Automated, standardized deployment and operation
Leverages existing network topologies(not restricted to spine/leaf)
Cisco Internal Use Only – Do Not Distribute Externally without NDA
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
SummaryBenefits of Fabric Deployment in Networks
Collabora on Security
Endpoints
APICEM
Branch
BusinessAgility
AutomatedEnterprise
ConsistentPolicy
InvestmentProtec on
IntegratedMobility
Analy cs
48
Cisco Vision and Strategy
Digital Transformation
Digital Network Architecture – Overview and Components
DNA in Action – Programmable Hardware
Catalyst platforms
DNA in Action – Network Fabrics
Summary
Agenda
Automation
Abstraction & Policy Control from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data, Contextual Insights
Network-enabled Applications
Cloud-enabled | Software-delivered
New!
Enterprise NFV
Branch Service VirtualizationControlled Availability, March 2016
New!
New!
Available on DNA-Ready Infrastructure through Cisco ONE Software
APIC-EM Automation PlatformCompletely New PlatformAvailable Now
Base Automation: Plug and PlayAvailable Now Cloud version Controlled Availability, May 2016
Policy Services: IWAN App & EasyQoSAvailable Now | March 2016, respectively
CMX CloudPresence Analytics and ConnectAvailable Now in US, April 2016 for ROW
Available Now / Soon – Cisco DNA Innovations
BaseAutomation
Immediate value to existing network
PolicyServices
Active control for critical use cases: Network,
Collaboration
AdvancedSecurity
Network as a Sensor and Enforcer
Complete Software Control
End-to-end policy-based automation
Digital Services
Support lines of business: analytics, IoT
Cisco ONE Foundation Cisco ONE Adv. Applications Cisco ONE ELA
Cisco DNA –The Journey Starts Now