Spawar tech day

APIC-EM: The evolution from traditional management to SDN-led, policy-based

automationKedar Karmarkar CCIE# 6724 (R&S, Wireless LAN)

[email protected]

Technical Leader– Enterprise Switching, Cisco Systems

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

• SDN in Enterprise Networks

• Introduction to APIC-EM

• Transition to SDN-Led Management

• SDN Led Troubleshooting

• SDN Led Provisioning

• SDN Led Automation

• PI and APIC-EM Integration

• SDN Led QoS

• SDN Controller – Core Applications

Agenda

2


SDN in Enterprise Networks

3

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 4

Myriads of Technologies

Today’s Network is Unprepared for the SD-Digital Enterprise

Low Elasticity to Changing Business

needs

Low App Visibility & Awareness

Box by Box Management


Opportunity Cost of Traditional Enterprise IT

Time IT spends on operations CEOs are worried about IT strategy not supporting business growth80% 57%

0

100%

Source: Forrester

CAPEX OPEX

33% 67%

0 10 100 1000

Computing Networking

Seconds

Source: Open Compute Project

“…While other components of the IT infrastructure have become more programmable and allow for faster, automated provisioning,

installing network circuits is still a painstakingly manual process...” —Andrew Lerner, Gartner Research

Network Expenses Deployment Speed


Transformation Innovation

Manual Automated

Device by device Network-wide

Configuration Policy

Closed Systems Open and Programmable

Network Data Business Intelligence

New Installations Legacy + New Installations

Dimensions of SDN-Led Network Change

Enterprise Networks Become More Agile, Effective, and Efficient to Operate


Conventional Model

The What“Security Policy for

Branches A-N”

The How“Change ACLs in

the following elements”

Admin Driven

System Driven

Controller Led Policy Deployment

The What“Security Policy for

Branches A-N”

The How“Change ACLs in

the following flements”

Admin Driven

Manual Policy Deployment

Manual to Systemic Policy Deployment


Abstraction

Zero touch deploymentDay 0 to Day N

Lower TCO

Published NB API’sCisco and Partner Apps

Openness

Benefits of Enterprise SDN

ControlAutomation

Brownfield and Greenfield

Embedded best practicesMassive Simplicity

Programmability

Centralized policyNetwork wide deploymentDynamic Network Agility

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

APIC-EM: Application Policy Infrastructure Controller Enterprise

Module


Agnostic SB interface supporting multiple protocols

APIC-EM: Cisco Enterprise SDN

Software or ApplianceBased NB RESTful APIs

Existing and New Device Support

Cisco, Partner or Customer Developed Apps

Open, Programmable App Platform for Enterprise Network Transformation

EM


North Bound APIs

SECURITY COLLABORATION ORCHESTRATIONSERVICES WAN

Cisco APIC Enterprise Module Architecture

Network Element Layer

Policy Infrastruc

tureAutomati

on

Network Information Database

South Bound APIs CLI, SNMP

Abstracts Network Devices to Mask Complexity

Treat Network as a System

Exposes Network Intelligence

For Business Innovation


APIC-EM Applications at GAJourney towards simplification via abstraction

Public Cloud

Enterprise Network

PLUG-AND-PLAYZero touch deployment of routers / switches / APs

Accelerated roll-out: Eliminates tech visits and shrinks deployment from months to minutes

Cisco IWAN (SDWAN)Guided, fast auto-provisioning of IWAN solution

From 250 CLI commands to 5 GUI clicks per branch: 1000% IWAN deployment acceleration

Path VisualizationDiscover path between two end points based on 5 tuple

Rapidly troubleshoot congestion and ACL issues and lower Opex for trouble ticket processing by 500%

BRANCH


APIC-EM New Applications at GA.1EasyQoS for Static and Dynamic QoS

Config.

Cisco Validated Design- Based Templates

Enterprise Network

3945/ISRG2

3945/ISRG2

Cat 3750

CollaborationApp

SessionPolicy

AP

Pre-QOS change – Default ClassificationQoS Changes

Post QoS change - Video

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=ln_0goqaJV_MOM&tbnid=fbpPXIoFBe-8DM:&ved=0CAUQjRw&url=http://www.engageselling.com/training/sales-mastery-home-action-kit.php&ei=A992UruEBOjSiAL1poCAAw&psig=AFQjCNGEdyJtQSH_IxOVNaDM1Ky7EL_ReQ&ust=1383608435713168


Transition to SDN-Led Management


Software Defined Network Led Management

Management(NMS)

NE NE NE NE

Customer developed provisioning tools, manual CLI

changes, and run book automation for IT Operations

support

Controller(Policy and Control)

Management(Provisioning and Assurance)

Automation(Workflow / Orchestration)

NE NE NE NE

Customer input on business / service intent

Traditional Management SDN Led Management

Feature Configuration

Policy Automation


Evolution to Policy Automation will Take Time

policy

feature

conf

igur

atio

n

feature

policy policy

feature

Policy based Automation:• Dynamic• Business intent to

network intent• Executed by

APIC-EM Apps• Prescriptive• Business driven

feature

policy

Oct 2015 +36 monthsIncreasing policy coverage through more apps

and services

Steady State:• Cisco leads

market adoption so that a large majority of Enterprises adopt policy based automation

• A small set of larger enterprises or MSP’s will continue to leverage customizable feature configuration

Feature based Configuration:• Static• Focused on

configuration• Executed by Prime

Infrastructure• Customizable• Expert Led


System Components for SDN Led IT Ops

Network Infra

Owns the communication to/from the network and drives programmability

Stores, processes and visualizes all historical data for monitoring

and network change

Captures business intent policy and assures network orchestration

and execution


Deployment Modes for SDN led Provisioning

APIC-EM(Discovery, Inventory, Topology, PnP, PKI…)

Common Controller Services Across the Enterprise

FEATURE CONFIGURATION WITH PRIME INFRA

Customer, Partner or 3rd

party developed

Automation

Custom apps utilizing feature programmability via Prime NB APIs for

configuration and data

POLICY PRESCRIPTIVE APPS on APIC-EM

App App App ..

App App App ..

Cisco developed modular, policy automated management apps with common UI/UX framework with and

embedded service automation

Customer, Partner or 3rd

party developed

Apps

Custom apps utilizing policy programmability

via APIC-EM NB REST APIs

Device Scope A Device Scope B

Prime Infrastructure

Prime Infra NMS integrated with APIC-EM providing full GUI based configuration and FCAPS management leveraging Network

automation like PnP/PKI


APIC-EM + Apps• Real-time System of Change

• Policy Automation

• Prescriptive

• Policy monitoring, troubleshooting and compliance

• Domain focus (e.g. IWAN)

• Historical System of Record• Feature Configuration• Customizable• Feature level monitoring,

troubleshooting and compliance

• End-to-End Assurance

Prime Infrastructure


SDN Led ProvisioningZero Touch Deployment

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031

Network Plug-n-Play – for Zero Touch Deployment

Unskilled Installer GUI Based Consistent for devices &

PIN(Campus/Branch) Secure Greenfield & Brownfield

Central Staging Facility

Site-1

• Install OS• Install base

configNetwork

Admin

Installer

Site-3

Today’s Process

Site-2 Site(s)

Network PnPPre Provision Projects/Sites

Network Admin

1

Install & Power-on devices

2

Installer

Monitor device installation

3

Network Admin

Reseller/Partner

Ships equipment

23


PnP Server

Use Case ExampleDevice Deployment in Campus

DHCP Server

Pre Provision Projects/Sites• Policies• Match Rules • Configs/Image• IP Addressing

Network Admin

Day 0Pre-provision DHCP Server• IP address• option 43


PnP Server

Use Case ExampleDevice Deployment in Campus

DHCP Server

Switch running PnP Agent

<..snip..> CISCO_PNP.pnpserver "5A;B2;K4;I10.11.11.11;J80";<..snip..>

Device validates server’s location and establishes a communication with the server

Installer

Remote Installer• Mount and cable

devices • Power-on

Day 1

Network Admin remotely monitors status of install while in progress.

Day 1

IP Address 10.11.11.11

Cisco IOS®

Config file….


SDN Led AutomationIWAN App

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031

Intelligent WAN

WAN Transport

Branch

MPLS

$$$

Low Cost Circuit,Internet, 4G

$

PrivateCloudVirtual

Private Cloud

Direct Internet Access

Internet backhaul

Cisco Cloud Web

Security Public Cloud

Secure WAN transport across MPLS and/or Internet for private cloud / DC access

Increase WAN Capacity Improve App Performance Scale Security at the Branch

Leverage Low Cost path for public cloud and Internet access

27


Cisco Intelligent WAN App for APIC-EM

IT Admin

Business Policy:

App SLA

DMVPNSLAQoSSecurityPath Selection

Access ApplicationNetwork Profile

NETWORK

SDN

Simple Workflow Templates

Plug and Play Business Level Policies

Open Architecture

Network, Applications Monitoring

Business Policy Dictates Network Action

IWAN is a Prescriptive Solution

APIC-EM

IWAN APP


SDN Led Troubleshooting

29


Why Use Path Visualization?

• Problem• Inspection, Interrogation, and Remediation of Network Problems rely on manual techniques

today to process. THIS IS A SLOW AND EXPENSIVE PROCESS• Solution

• Path Visualization focuses on automating inspection and some interrogation• Inspection – ability to find user path in seconds• Interrogation – ability to visualize key statistics to help determine cause of failure

(performance and system statistics, ACLs for the path…)

Case Number 12345

User Cannot Connect to…..


Path Visualization

APIC EM Returns A Path Based on a 5 Tuple Input


SDN Led QoS


EasyQoS AppNo more Box-by-Box configuration

Config.

Cisco Validated Design- Based Templates

Con

trol

Tran

sact

ion

al D

ata

Rea

ltim

eB

est E

ffort

Cisco Validated Design {CVD}

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=ln_0goqaJV_MOM&tbnid=fbpPXIoFBe-8DM:&ved=0CAUQjRw&url=http://www.engageselling.com/training/sales-mastery-home-action-kit.php&ei=A992UruEBOjSiAL1poCAAw&psig=AFQjCNGEdyJtQSH_IxOVNaDM1Ky7EL_ReQ&ust=1383608435713168


Levels of QoS Policy AbstractionStrategic vs Tactical

• Strategic QoS Policy (The WHY / WHAT you want to do)• reflects business intent • is not constrained by any technical or administrative limitation• is end-to-end

• Tactical QoS Policy (The HOW is it to be done)• adapts the strategic business intent to the maximum of platform’s capabilities• is limited by various tactical constraints, including:

• PIN-specific constraints• Platform constraints• Interface constraints• Role constraints


Converting Business Intent to Tactical Policies

Wireless APTrust Boundary

PEP4Q (WMM)

Catalyst 3650Trust Boundary

PEP2P6Q3T

Catalyst 4500Trust DSCP

1P7Q1T

Catalyst 6500Trust DSCP

1P3Q4T1P7Q4T2P6Q4T

…

Nexus 7700Trust DSCPF3: 1P7Q1T

WLCPEP

ASR/ISRsTrust DSCP

HQoSMQC

Catalyst 2960-XTrust Boundary

PEP1P3Q3T

Wireless APTrust Boundary

PEP4Q (WMM)

EM

• the principle goal of the tactical QoS policy is to express the strategic QoS policy with maximum fidelity

• QoS design best practices will be used to generate platform-specific configurations

• QoS features will be selectively enabled if they directly contribute to expressing the strategic policy on a given platform


Dynamic QoS Classification for Jabber Video/MS Lync

Enterprise Network

3945/ISRG23945/ISRG2

3945/ISRG2

Cat 3750

Cat 3750

Single policy request produces automated change across all network elements enabling high quality user experience

QoS Changes

CollaborationApp

SessionPolicy

AP

Pre-QOS change – Default ClassificationPost QoS change - Video


Wrap-Up & Key Takeaways


Cisco SDN for Enterprise Networks with APIC-EMKey Takeaways

Automation

+

Simplification

PI + APIC-EMIntegration

Brownfield

+

Greenfield

Thank you


104

Technology

Spawar tech day