Reducing Cost with DNA Automation

Karl-Etienne St-Pierre & Nigel Gocan

Systems Engineer

Nov10, 2016

DNA Automation and Evolved Campus Networks

Cisco Vision, Strategy, & Digital Transformation

Digital Network Architecture – Overview and Components

DNA in Action – Programmable Hardware

Catalyst platforms

DNA in Action – Network Fabrics

Summary

Agenda

Transform our customers’ businesses through powerful yet simple networks.

Why

How What

Cisco’s Vision

Cisco’s Enterprise Networking VisionOverview

Whydo networks need to change?

*Cisco VNI Study 2012

of “things” are unconnected99%

… but could be!

Traffic Growth

4XTransition to Cloud*

Mobility

Wi-Fi 50% of Traffic

(Video over Mobile Devices)*

The Network MUST Change

to accommodate these trends

Intelligent

Device Growth

2.5/PersonBYOD

Programmable

Simple

Network TrendsConnecting the Previously Unconnected, Growth, and Change

Overview – Enterprise Networks Today

LOTS of Functionality …BUT

LOTS of Complexity …

Can we make Enterprise Networkssimpler, with a similar – or greater –

level of functionality?

Source: 2016 Cisco Study

Policy Violations Due to Human Error

Network Changes Performed Manually

95%

OpEx spent on

Network Visibility and

Troubleshooting

Traditional Networking CANNOT Keep Pace with the Demands of Digital Business

…and Have multiple Operational Challenges

70% 75%

Howcan we change the way

we do networking?

Intelligent

Programmable

Simple

StrategyWe create solutions built on

intelligent networks that solve our customers'

challenges

VisionChange the way the world

works, lives, plays, and learns

CiscoVision and Strategy

Unlock the Power that Exists in the Network through

Abstraction, Automation, and Policy Enforcement

Leverage the Power of Existing

Distributed Systems

Enable Network Wide Fidelity to an Expressed

Intent (Policy)

Cisco’s Enterprise StrategyOverview

Country Digitization is Improving Citizen LivesIncrease The Country’s GDP, Reduce Spending and Create Jobs With A Cutting-edge Digital

Foundation

Employment &

Social Inclusion

Public Safety

& Security

Smart City Services

Environmental

Sustainability

Innovation Opportunities

GDP Growth

Peace Keeping

Cyber Security

Cisco Vision and Strategy

Digital Transformation



Catalyst platforms


Summary

Agenda

Insights &Experiences

Drive Business Innovations

Security & Compliance

Real-time and Dynamic Threat Defense

Automation& Assurance

Speed, Simplicity & Visibility

The Network Enables Digital Business

Network Requirements for the Digital OrganizationOverview

Insights &Experiences



Drive Business Innovations

Real-time and DynamicThreat Defense

Speed, Simplicity & Visibility

• Visibility into Users behavior,Applications, Network performance

• Customer has the elementsto make decisions faster

Abstraction layer

• Abstraction, Intent, Policy Automation• Verification of Desired Result Assurance

Wi-Fi Core WAN Cloud

APIC EM

Using the Network as a Sensor for security threats and then Enforce

Compliancy through Segmentation

Network Requirements for the Digital OrganizationOverview

Intent Telemetry

Automation

Abstraction & Policy Control from Core to Edge

Open & Programmable | Standards-Based

Open APIs | Developers Environment

Cloud Service Management

Policy | Orchestration

Virtualization

Physical & Virtual Infrastructure | App Hosting

Analytics

Network Data, Contextual Insights

Insights & Experiences



Network-enabled Applications

Cloud-enabled | Software-delivered

Principles

Cisco Digital Network Architecture (DNA)Overview

Automation






Virtualization


Analytics







Principles


vBranch

IP

NFVIS

WAAS

IPS

vSwitch

vBranch

IP

NFVOS

WAAS

IPS

vSwitch

Network Interface (UNI)

PEP: Policy Enforcement Point

VirtualizationPhysical & Virtual Infrastructure | App Hosting

VPCEnterprise Fabric

Encryption

Encryption

Encryption

PEP

Public Cloud

VPC

WAN Agg

Apps

Apps

WAAS

IPS

WAAS

IPS

UNI

AWS

VPC

Hosting and Hosted Network Functions

Advanced, Multi-Core, Feature-Rich Routing Silicon

QFPQuantumFlow Processor

Fully Programmable: leveraging the many features of IOS-XE with hardware performance

Scalable: Massive number of CPU cores (40/64), abilityto cascade multiple QFPs = consistent high performance

Advanced on-chip QoS: 100,000+ hardware-based queues, sophisticated traffic shaping and control

Secure: linkage to high-performance crypto capability for secure WAN transport

Extensible Architecture:ability to scale both up and down—the foundation for a long-lived family of high-performance, flexible routing silicon

UADPUnified Access Data Plane

Flexible, Programmable, High-Performance Switching Silicon

Fully Programmable:excellent flexibility, ability to handlenew encaps (VXLAN, GPE, etc.) –hardware speed, with software elasticity

Scalable: Massive recirculation bandwidth and low recirculation latency provide excellent tunneling and services support for traffic flows

Advanced on-chip QoS:client–level granularity, sophisticatedbandwidth shaping, with integratedon-chip NetFlow for visibility

Secure: integrated on-chip supportfor MACsec encryption (AES-128, CBC)

Extensible Architecture:ability to scale both up and down –the foundation for a long-lived family ofhigh-performance, flexible switching silicon

VirtualizationPhysical & Virtual Infrastructure | App Hosting

“People that are really serious about software should build their own hardware”100% Cisco-developed programmable silicon: unlocking the power of DNA at hardware speeds

Operational and Services Uniformity: Routing, Switching, and Wireless consistency

New Foundational Capabilities: HA and operational leadership, state decoupling, net database…

Speed of Innovation Velocity:“Code once and Re-use Many” acrossmultiple places in the network

Foundation for Virtualization: providing for network hosting and integration of virtualized functions (VNFs, containers)

Platform for the Future:the “software stage” for thenext wave of Cisco innovation…

IOS-XEThe Evolution of IOS

Taking the Proven Strengthsof IOS to the Next Level

Building on a Strong Foundationof Hardware and Software Innovation

Automation






Virtualization


Analytics







Principles


• Express Business Intent

• Translate into device specific policy/configuration

• Leverage Abstraction (the controller knows about the device specifics)

• Automate the Deployment across the Network

• Insure Fidelity to the Expressed Intent (keep everything in sync)

User policy based on user identity and user-to-group mapping

Employee (managed asset)

Employee (Registered BYOD)

Employee (Unknown BYOD)

ENG VDI System

PERMIT

PERMIT

DENY

DENY

DENY

DENY

DENY

PERMIT

PERMIT

PERMIT

PERMIT

PERMIT

Production Servers Development Servers Internet Access

Protected Assets

Sou

rce

De-coupling ofUser Identity and Topology

Much easier to translate business objectives to network functionality—

Lowers TCO

Co

nfi

gura

tio

n

Controller-based AutomationToday

Traditional Traditional

Policy

Traditional

Policy Policy

Policy based Configuration—Dynamic, able to be automated by the Controller

Over time—Policy grows, static shrinks

AutomationController-Led

Networking Deployment

Evolution to a Policy Model

Any given “custom” configuration has a very high probability of not being tested exactly as deployed “individually—as a one off…” which introduces potential issues…

Risk BugsUncertainty Problems

Combinatorial Issues…

Trust

AutomationController-Led Networking Deployment

The automated configuration deployed by the controller will have gone through…

• Joint development by the Cisco Product Teams, the Architects developing Best Practices, and the Controller Team – “Blessed Configurations”

• Testing by Cisco’s Solution, System, and Devtest teams against the deployment use cases developed jointly, above

• And will be deployed by 1000’s, with any unforeseen situations addressed ASAP due to widespread and standardized deployment

Greatly increasedprobability of success

Controller-Led NetworkingBridging the Gap to Increased Success in Network Deployment and Use

Analytics

Instrumentation Telemetry Correlation

Measure and Adjust

Click here to Correct

Always Correct this way (and never ask me again)

Applications

Automated Deployment

Network

Endpoints

Run Reports

Discover user insights

Deliver relevant content

APIC EM

AnalyticsNetwork Data, Contextual Insights

Deploy, Report, Measure, Adjust, Repeat

Automation






Virtualization


Analytics







Principles


Plug & PlayCMX

Business Analysis

Branch TeleworkerCampus/HQ

TelemetryContinuous Innovation

Cloud-based Audits

Cloud ConnectedSimplicity | Speed

Branch

TeleworkerCampus/HQ

Hybrid CloudAWS | Rackspace| Azure|

Cisco Intercloud

CSR1000V

VPC / vDC

vASAFTDvStrataWatch

WAN

Cloud DeliveredInnovation | Insights

Cloud EdgeIaaS Scale | Flexibility

Branch TeleworkerCampus/HQ

Cloud-Enabled NetworkingOverview

Automation






Virtualization


Analytics







Principles


jafrazie$ ssh [email protected]

[email protected]'s password:

cho# conf t

Enter configuration commands, one per line. End with CNTL/Z.

cho(config)#

Task Oriented

Human Friendly

Easy To Replay

No Special Tools

Software Unfriendly

Syntax/format changes

No Common Data Model

No Error Reporting

Configuration ManagementToday

mailto:[email protected]

Other vendors…

RESTCONF NETCONF gRPC

Data Model

Configuration

StandardDevice Specific

Device Features

Interface BGP QoS ACL …

Operational

StandardDevice Specific

Open Device Programmability

Physical and Virtual Network Infrastructure

AutomateSet Get

Open Device ProgrammabilityOverview

DevopsOrchestration

Automation

tcollector

Monitoring/ Analytics

Embracing Tools

Automation






Virtualization


Analytics







Principles






Catalyst platforms


Summary

Agenda

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Programmable Custom ASICs

Industry Leading

Wired & Wireless | Stacking | TrustSec | SDN

Advanced Functionality

Programmable Pipeline | Flexibility | Recirculation

Optimized for Campus

Integrated Stacking | Visibility | Security

Future Proofed

Long Life Cycle | Investment Protection

`

Network Enabled Applications

Collaboration | Mobility | IoT | Security

Automation and Analytics

Controller | Visible | Programmable | Open

Virtualization

Segmentation | L2 Flexibility

Designed for Evolution

Strong Foundational Capabilities | HA

Converged Software Services

+

Driving Innovations Through Technology Investments

Foundational PillarsFor the Digital Network Architecture

Traditionally the pipeline is

FIXED

ASIC Processing Pipeline

ASIC Re-Spin (if needed)


Modify processing behavior

without incurring re-spin

ASIC Programmable Pipeline

BRKCRS-2700 35© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public


MPLS

VXLAN

LISP

TRILL*

SPB*

and more…

Possible Future UADP Use Cases

* Not Committed

BRKCRS-2700 36

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKCRS-2700 37© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKCRS-2700 38





Catalyst platforms


Summary

Agenda

The Solution – Cisco Multigigabit Technology Powered by NBASE-T

Delivers up to 5X Speeds in Enterprise without replacing Cabling Infrastructure

2.5-5G!

Cat 5e Cables

WiFi > 1G

Multigigabit

SwitchMultigigabit

Capable AP

Is a game-changing technology

allowing enterprise networks to

evolve beyond 1G

Enables 2.5 and 5 Gbps up to

100m on legacy cables

Supports all PoE standards

up to 60W

Cisco Multigigabit with

10G SFP+1G SFP

1/10G 1RU Aggregation

Catalyst 4500-X

• Fixed 10G Aggregation

• 16p & 32p Base Units

• 8 port 10G Network

Module

• Front-to-Back and

Back-to-Front Fans

and Power Supplies

1G 1RU Aggregation

Catalyst 3850

1G Fiber


• Stackable

• 12p and 24p SKU

• 10G Network Module

Catalyst 6880-X

• Fixed Supervisor

with 16 10G ports

• Up to 4 x 16 port 10G

Network Modules for

80 10G ports

• Best-in-Class Core

Feature-set

• BGP, MPLS, VSS,

Instant Access

1/10G 1RU Aggregation

Catalyst 3850

10G Fiber


• 12p, 24p & 48p SKU

• Stackable (12p/24p)

• 10G & 40G Network

Module

1/10G 5RU Core

Catalyst 6840-X

• Fixed 10G Core & Agg

• 16p & 32p 10G SKU

• 24p & 40p 10/40G SKU

• Front-to-Back Fans

and Power Supplies

• Best-in-Class Core

Feature-set

• BGP, MPLS, VSS,

Instant Access

1/10G 2RU Core & Agg.

Catalyst Fixed Backbone PortfolioS

ca

le /

Fea

ture

s

NEW

Catalyst 3850 10G SFP+ Switches

WS-C3850-24XS

WS-C3850-12XS

WS-C3850-48XS

Cisco Stackwise Virtual

L2/L3Dist-1 Dist-2VSLSW-1 SW-2

Phase 1 - Aggregation

Unified Control and

Management plane

Simplified L2/L3

network designs

Inherits all proven VSS

architectural benefits

High-performance 10G

Aggregation block

Non-oversubscribe :

o 96 x 10G Ports

o 8 x 40G Ports

Fully Distributed

Forwarding

Non-stop business

communication with

Cisco NSF/SSO

Proven 1+1 HA

architecture

Next-gen In-service

Software upgrade ready

Etherchannel – up to 4p

(8p future)

Flexible design on all

next-gen UADP based

systems

Elastic topology

design – Hub/spoke,

Ring, Chain

Simplification across

multiple network

layers

Based on next-gen OS

– IOS XE Denali

Rich IOS feature sets –

L2/L3, Routing,

Multicast, QoS, etc.

ACTIVE HOT-STANDBY

SW-1

WS-C3850-48XS | 96 x 10 Gigabit Ethernet | 8 x 40 Gigabit Ethernet

Simple Scale Resilient Flexible Advance

Distributed stacking will support 16.1 feature parity during FCS. Please check release notes for compete details.





Catalyst platforms


Summary

Agenda

Use best-practices, policy-

based provisioning across the

network

Look at the entire wired,

wireless and WAN network

that is managed as a single

entity

Quickly enable services by

using open APIs across a

services ecosystem

Fabric Key Benefits

Ensure Policy ComplianceFind Any User or Device

with a Network Search

Launch Secure

Services Faster

Secure, Policy-based

Segmentation &

Automation

Complete Network

Control & Assurance

Fast Easy Service

Enablement

Assure performance of

mission-critical applications


A Fabric is an OverlayAn “Overlay” is a logical topology used to virtually connect devices, built on top of an arbitrary physical “Underlay” topology.

An “Overlay” network often uses alternate forwarding attributes to provide additional services, not provided by the “Underlay”.

• GRE or mGRE

• MPLS or VPLS

• IPSec or DMVPN

• CAPWAP

• LISP

• OTV

• DFA

• ACI

Examples of Network Overlays

What Exactly is a Fabric?

BRKCRS-2700 46

Controller-based ManagementFabric Orchestration and Visibility

Single User Interface for Fabric Management

Cisco Fabric VisionUnderlay, Overlay, and Controller

APIC-EM

Programmable Overlay

Connects Users and Devices to each other, w/ policy control

Standards-based control plane (LISP)

Standards-based data plane (VXLAN)

Prescriptive Underlay

Connects the network elements to each other

Automated, standardized deployment and operation

Leverages existing network topologies(not restricted to spine/leaf)

Cisco Internal Use Only – Do Not Distribute Externally without NDA


SummaryBenefits of Fabric Deployment in Networks

Collabora on Security

Endpoints

APICEM

Branch

BusinessAgility

AutomatedEnterprise

ConsistentPolicy

InvestmentProtec on

IntegratedMobility

Analy cs

48





Catalyst platforms


Summary

Agenda

Automation






Virtualization


Analytics




New!

Enterprise NFV

Branch Service VirtualizationControlled Availability, March 2016

New!

New!

Available on DNA-Ready Infrastructure through Cisco ONE Software

APIC-EM Automation PlatformCompletely New PlatformAvailable Now

Base Automation: Plug and PlayAvailable Now Cloud version Controlled Availability, May 2016

Policy Services: IWAN App & EasyQoSAvailable Now | March 2016, respectively

CMX CloudPresence Analytics and ConnectAvailable Now in US, April 2016 for ROW

Available Now / Soon – Cisco DNA Innovations

BaseAutomation

Immediate value to existing network

PolicyServices

Active control for critical use cases: Network,

Collaboration

AdvancedSecurity

Network as a Sensor and Enforcer

Complete Software Control

End-to-end policy-based automation

Digital Services

Support lines of business: analytics, IoT

Cisco ONE Foundation Cisco ONE Adv. Applications Cisco ONE ELA

Cisco DNA –The Journey Starts Now