Cisco Enterprise Silicon
|
|
- Janice Summers
- 6 years ago
- Views:
Transcription
1
2 Cisco Enterprise Silicon Delivering Innovation for Advanced Routing and Switching Dave Zacks Peter Jones BRKARC-3467 Distinguished System Engineer #HighBitRate
3 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, cs.co/ciscolivebot#brkarc Cisco and/or its affiliates. All rights reserved. Cisco Public
4 By Way of Introduction Dave is a Distinguished System Engineer, and has been with Cisco for 17 years. As a DSE within the Enterprise Networks Architecture team, Dave works primarily on capabilities and solutions that are anywhere from 12 to 36+ months out, helping to define these projects and then assisting as they progress towards and through design, development, and solution introduction. Dave has a strong background in, and focus on, customer requirements, and integrating these into the products and solutions Cisco builds. Dave has a special interest in Flexible Hardware and Fabric architectures. Dave Zacks Distinguished System Engineer
5 By Way of Introduction Peter is a Software Principal Engineer, and has been with Cisco for over 10 years. Peter works on System Architecture (ASIC, hardware & software) for Cisco Campus switching, with extensive experience with the Catalyst 3850 / 3650 platform as well as the UADP ASIC. As well, Peter is heavily involved in the standardization of 2.5G / 5G BASE-T Ethernet as NBASE-T Alliance chair and in IEEE Peter Jones Principal Engineer
6 Cisco Enterprise Silicon Delivering Innovation for Advanced Routing and Switching BRKARC-3467 Session Overview and Objectives Come to this session to learn about the latest advances in Cisco Enterprise silicon development ASIC (Application Specific Integrated Circuit) hardware which provides a key foundational element of Cisco's Enterprise Networking portfolio, and which support key industry trends such as SDN. Attendees at this session will gain a greater insight into how ASICs are created showcasing the advanced capabilities and functionality delivered by two of Cisco's latest switching and routing silicon innovations UADP (Unified Access Data Plane) and QFP (QuantumFlow Processor). By developing custom silicon, and leveraging this advanced hardware within our Enterprise portfolio, Cisco has always provided differentiating capabilities and compelling customer value across many platforms. In this session, we will explore the capabilities and advantages provided by custom Cisco silicon, provide greater insight into the functionality delivered by existing Cisco Enterprise ASICs, and explore the new capabilities and solutions enabled by Cisco's latest generation of Enterprisefocused programmable switching and routing chipsets UADP and QFP. BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 Agenda BRKARC-3467 Cisco Enterprise Silicon Delivering Innovation for Advanced Routing and Switching Need for Network Innovation Primer How ASICs are Designed & Built The Importance of Flexible Silicon UADP Flexible Switching Silicon QFP Flexible Routing Silicon APs Flexible Wireless Silicon Leveraging Flexible Silicon for Encrypted Traffic Analytics Leveraging Flexible Silicon for Software Defined Access and Summary Dave Dave Peter
8 This is an ambitious presentation BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 We are going to try to cover Cisco Innovation from The Gates to the GUI BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 No, I don t mean this Gates 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 I mean these gates SILICON Gates BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 From Innovations in Silicon and Software to Innovations in Platforms and Solutions BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 And Why These Innovations Matter BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 It s going to be Quite a Ride BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 So Buckle Up, and Let s Get Started! BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Overview The Need for Network Innovation
17 Innovation in the network BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 New Cisco DNA Introductions Built on Cisco Digital Network Architecture Open DNA Center Cloud Service Management Automation and Assurance Principles Automation Analytics Programmable SD-Access and Virtualization Assurance Security and Compliance API Driven Programmable Physical and Virtual infrastructure Catalyst 9000 Security Encrypted Traffic Analytics Insights and Experiences Software Subscription Licensing DNA Advisory, Technical, Support Services BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 David Goeckeler Cisco SVP, Security and Networking Cisco Live Las Vegas 2016 Innovation in the network EISG Architecture Team ASICs are a pillar of Cisco innovation BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 Let s Talk About ASICs BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 What is an ASIC? An Application Specific Integrated Circuit is an integrated circuit customized for a particular use, rather than intended for general purpose use BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 Why talk ASICs? BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 Hardware and Software Building on a Strong Foundation QFP QuantumFlow Processor Advanced, Multi-Core, Feature-Rich Routing Silicon IOS-XE The Evolution of IOS Taking the Proven Strengths of IOS to the Next Level UADP Unified Access Data Plane Flexible, Programmable, High-Performance Switching Silicon Fully Programmable Scalable Advanced on-chip QoS Secure Extensible Architecture Operational Uniformity New Foundational Capabilities Speed of Innovation Velocity Foundation for Virtualization Platform for the Future Fully Programmable Scalable Advanced on-chip QoS Secure Extensible Architecture People that are really serious about software should build their own hardware 100% Cisco-developed Flexible Silicon Unlocking the Power of DNA at Hardware Speeds 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
25 Quick Primer How Networking Silicon is Designed and Built
26 How is an ASIC built? BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 ASICs From Definition to Deployment Then, it starts with coding Verilog VHDL Synthesis Process Converts code into logical gate constructs (Netlist) BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 ASICs From Definition to Deployment Floor Planning & Placement Then, it starts with coding Verilog VHDL Floor planning Arrange and interconnect constructs, connect power, minimize crosstalk, etc Synthesis Process Converts code into logical gate constructs (Netlist) BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 Imprint design on Silicon Wafer 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
30 mostly 22nm and above mostly 16nm and below Discrete transistor MOSFET (metal oxide semiconductor field effect transistor) FinFET (fin field effect transistor) which, when we put millions of them together on a silicon die, produce a chip! NAND gate AND Gate XOR Gate Universal Gates OR Gate NOT Gate XNOR Gate which can be used to build any of the other logic gates NOR Gate BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 mostly 28nm and above mostly 22nm and below Discrete transistor MOSFET (metal oxide semiconductor field effect transistor) FinFET (fin field effect transistor) UADP M gates NAND gate Catalyst 3850 mgig AND Gate XOR Gate Universal Gates UADP M gates Catalyst 9300, 9400, 9500 OR Gate NOT Gate XNOR Gate which can be used to build any of the other logic gates NOR Gate BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Fun Fact! Apollo Guidance Computer We put a man here using this which was built from nothing but that 4100 ICs, each of which contained a single 3-input NOR gate In other words we put a man on the moon with less than 10,000 transistors It takes 7.46 billion transistors to route your packets! With the appropriate security, segmentation, QoS, encryption, fragmentation, etc, etc BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 We are talking transistors and how many we can pack in an ASIC die Transistor Width measured in Nanometers Nanometer = One Billionth of a Meter The number of transistors incorporated into a chip will approximately double every months Moore s Law BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 A Perspective A human hair is ~100,000 nanometers in width BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 Single human hair How SMALL is SMALL? ONE NANOMETER less than 1/4 th of an inch! about the same thickness as three pennies on this scale and then we come to this little pinprick over here Red blood cell (7,000 nm) rises to 10 th floor ~ 100,000 nm Empire State Building = 1454 feet to tip = 443 meters and we build transistors measured in nanometers BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 Latest Developments Transmission electron microscopy images of the stages of building a GAAFET Credit: ARS Technica UK, BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 Use of smaller technology leads to benefits Lower Price Lower Power Higher Performance BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 SiO2 layer Silicon substrate Photoresist Similar cycle repeated to lay down metal links between transistors Prepared silicon wafer Projected light Mask Lens How Long Does It Take to Manufacture a Wafer? Metal connector New photoresist spun on wafer, steps 2 4 repeated Ions shower etched areas, doping them Patterns projected onto wafer Doped region Exposed photoresist removed Exposed areas etched by gases About a month the same time it takes to make one of these BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40 ASIC Re-Spin (if needed) BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41 Catalyst 9300 / 9400 / ASICs From Definition to Deployment UADP 2.0: 7.46B transistors! 2,160,000 lines of code New! Catalyst 3850 Circa M transistors (Latest version: 3 BILLLION transistors) 1,490,000 lines of code Catalyst 3750 All Cisco-developed silicon Circa 2008 Catalyst 3550 Circa M transistors 86,220 lines of code Driving the benefits of vertical integration Hardware and software working together! 60M transistors 47,226 lines of code Just like some other famous examples BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Or Looked At Another Way UADP B Transistors UADP 1.1 3B Transistors UADP B Transistors One transistor for Everyone in the world! One transistor for everyone in India One transistor for everyone in India, China, US & Canada BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43 Why Does Cisco Develop Our Own Silicon? BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 Why Does Cisco Develop Our Own Silicon? Simpler Deployment Options Better Insight and Optimization Increased Security Most Appropriate Scalability Flexibility and Investment Protection via Programmability BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 Traditional Fixed ASIC Processing Pipeline Traditionally the ASIC processing pipeline is IPv6 IPv4 FIXED BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 45
46 Traditional Fixed ASIC Processing Pipeline and has challenges handling NEW MPLS PROTOCOLS BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 Industry Trends SDN Evolution of Business Flexibility in Networking disconnect with traditional fixed ASIC processing. BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 47
48 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 48
49 The Big Question So where can Flexible ASICs help us? BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 49
50 Overview The Importance of Flexible Silicon
51 DNA Flexible Infrastructure Programmable ASIC Silicon BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52 Flexible ASIC Processing Pipeline... we could probably handle it via the Programmable Pipeline! Flex Parser Flex Rewrite Stage 1 Stage 2 Stage 3 Stage n If IPv7 were invented tomorrow Flexible, Programmable Processing Pipeline Flex Counters Programmable ASICs IPv7 deliver IPv6 MPLS IPv4 VXLAN GRE FLEXIBILITY BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 52
53 Flexible ASIC Processing Pipeline a task at which Cisco s Programmable, Flexible ASICs excel! Tunnelled traffic requires RECIRCULATION Flex Parser Flex Rewrite Stage 1 Stage 2 Stage 3 Flexible, Programmable Processing Pipeline Stage n VXLAN IPv4 High-performance, low-latency recirculation path Flex Counters Programmable ASICs provide support for IPv4 TUNNELLING BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 53
54 Network Innovation Flexible Switching Silicon Unified Access Data Plane (UADP) Peter Jones
55 Latest version 7.46 BILLION transistors BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 55
56 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 56
57 UADP Designed for Flexibility UADP provides an unparalleled degree of Flexibility in an Access Switch Excellent for encapsulations, which often need recirculation Parse depth of 256 Bytes Ability to handle current and future protocols extremely flexible and capable 15 programmable stages Up to 250 frames across stages at one time BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 57
58 VXLAN as a protocol had not even been invented when UADP 1.0 was designed Dest. MAC 48 Next-Hop MAC Address Src VTEP MAC Address Yet UADP forwards VXLAN in hardware, at high performance in IOS-XE thanks to Flexibility! Source MAC 48 Underlay Outer MAC Header Outer IP Header VLAN Type 0x8100 VLAN ID Ether Type 0x Bytes (4 Bytes Optional) IP Header Misc. Data Protocol 0x11 (UDP) 72 8 in Overlay UDP Header VXLAN Header Inner (Original) MAC Header Inner (Original) IP Header VXLAN is a complex Original Payload protocol Parse depth of 256 Bytes Source Port 16 VXLAN Port UDP Length Checksum 0x Bytes Header Checksum 20 Bytes programmable Src RLOC IP Address stages Source IP Dest. IP 16 UDP Dst RLOC IP Address Hash of inner L2/L3/L4 headers of original frame. Up to 250 frames across Enables entropy for ECMP load balancing. Allows 64K stages at one time VXLAN Flags RRRRIRRR 8 possible SGTs Segment ID 16 8 Bytes VN ID 24 Allows 16M possible VRFs Reserved Cisco and/or its affiliates. All rights reserved. Cisco Public 58
59 UADP Unparalleled Functionality BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 59
60 GRE ERSPAN CAPWAP MPLS VXLAN VXLAN-GPE*, NSH*, and more * Not Committed Current, and Possible Future, UADP Use Cases BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 60
61 Enabled by UADP 2.0 Catalyst 9300 / 9400 / 9500 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 61
62 1G/10G Ethernet 128 Bit Encryption 24K Netflow Records UADP G Stacking Capacity 6MB Packet Buffer 56G Bandwidth First Generation of UADP ASIC Catalyst 3850 Copper Catalyst 3650 Catalyst SFP Fiber First Flexible, Programmable ASIC designed for Campus BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 62
63 Dual Core 500MHz 1G/10G/40G Ethernet 256 Bit MACSEC Encryption 24K x2 Netflow Records UADP IEEE 240G Stacking Capacity 6MB x2 Packet Buffer 160GE Bandwidth First Generation of UADP ASIC with Enhancements Catalyst 3850 Multigigabit Catalyst 3850 SFP+ Catalyst 3650 Mini Catalyst 3650 Multigigabit Enhanced Performance, Capabilities & Security BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 63
64 UADP Programmable ASIC Family UADP B Transistors UADP 1.1 3B Transistors UADP B Transistors 1G/10G Ethernet 24K Netflow 1G/10G/40G Ethernet Dual Core 500MHz Shared Lookup Up to 64K x2 Netflow Records 240G Stacking 56G Bandwidth 1588 IEEE 160GE Bandwidth Up to 2X to 4X Tables Up to 240GE Bandwidth BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 64
65 UADP 2.0 Next Generation of ASIC Innovation Investment Protection Flexible Pipeline Universal Deployments Adaptable Tables Enhanced Scale/Buffering Multicore resource share Up to 384K Flex Counters Shared Lookup Up to 240GE Bandwidth Up to 2X to 4X forwarding + TCAM Embedded Microcontrollers Up to 32MB Packet Buffer Up to 64K x2 Netflow Records BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 65
66 UADP 2.0 Turns Catalyst 9K into a Swiss Army Knife Role Specific ASIC Templates for Deployment Flexibility SRAM / TCAM 64K 16K 32K 32K 48K 8K 64K MAC IPv4/IPv6 VACL PACL RACL SGACL QoS NAT SPAN CoPP Client Scale Flexible ASIC Templates Core-Border Template L3 & Cross Domain Policy Aggregation Template Mix of L2/L3 Capabilities Collapsed Core- WAN Template L3 & NAT Customized table size for each function based on the place in the network FIB (48K) SGT (16K) Host (32K) SRAM MCAST (16K) IGMP (32K) Access-Edge Template MAC (80K) Internal Resources SEC ACL (18K) Tunnels (1K) Access-Edge Template TCAM QoS ACL (18K) LISP (1K) Others NAT (2K) Internal Resources FIB (64K) Host (32K) SRAM MCAST (48K) IGMP (16K) SGT (32K) MAC (32K) Internal Resources SEC ACL (18K) Tunnels (1K) Core-Border Template TCAM QoS ACL (3K) NAT (16K) Others LISP (1K) Internal Resources Table Sizes Can be Tailored to Support Multiple Use Cases 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
67 UADP 2.0 Ingress and Egress Processing Stages Final Decision on Packet s Future 17 Ingress Stages IGR Flex Parser Flex Parser 256 B Stage #17 Lookup Table Lookup Table Lookup Table Lookup Table Stage #1 Ingress Programmable Pipeline Stage #.. Stage #.. Lookup Table Lookup Table Lookup Table Lookup Table Lookup Table Lookup Table Lookup Table Lookup Table Stage #2 Stage #.. Egress Programmable Pipeline Stage #2 Stage #1 Flex Parser Lookup Table Lookup Table Lookup Table Lookup Table Lookup Table Lookup Table TCAM/ SRAM Lookup Table Lookup Table EGR Stage #.. Stage #N 8+ Egress Stages Flex Parser 256 B At each stage, 2 simultaneous lookups Final Decision on Packet s Future BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 67
68 Catalyst 9K Family Introduction Catalyst 9400 Catalyst 9300 Catalyst 9500 Stackable Access Modular Access Fixed Aggregation Built on Cisco s Innovative UADP ASIC & Open IOS-XE BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 68
69 Network Innovation Flexible Routing Silicon QuantumFlow Processor (QFP)
70 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 70
71 QFP Overview BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 71
72 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 72
73 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 73
74 40 PPEs (1 st Gen); 64 PPEs (2 nd Gen) Four hardware threads per PPE PPEs operate at 1.2GHz speed Extensive hardware assists: ACL, TBMlookup, WRED, Flow Locks BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 74
75 Distributor Assigns Each Packet to a PPE / Context QFP is not doing flow-based loadbalancing among processors Distribution is to any eligible PPE/Context Hardware locks for ordering and mutual exclusion BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 75
76 High Performance Memory TCAM4: 200 M searches / second with QFP DRAM: 1.6 billion cache line accesses per second 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
77 Buffering, Queuing, and Scheduling (BQS) HQF/MQC compatible 128K queues Flexible allocation of schedule resources 5+ levels of scheduling hierarchy BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 77
78 QFP Platforms and Feature Velocity Over 2600 features QFP is the foundation for modern Enterprise Routing Aggregation and Policy infrastructures BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 78
79 Network Innovation Flexible Wireless Silicon Cisco Access Points, RF Capabilities
80 Self Optimizing Network With Radio Role Flexibility 2.4 GHz and 5 GHz on the same silicon Allows serving of either 2.4 GHz or 5 GHz channel Allows Serial scanning of all 2.4 and 5 GHz channels Role selection is manual or Automatic RRM 5GHz Serving 2.4GHz Serving 5GHz Serving 5GHz Serving BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 80
81 AP 2800 / 3800 Dual Band With Radio Role Flexibility Single 5 GHz cell 5GHz Serving 2.4GHz Serving Channel Utilization = 60% The further a client is from the AP, the lower the data rate will used -75 dbm -71 dbm Data Rate is a function of SNR -68 dbm -51 dbm -58 dbm The higher the SNR The higher the Data Rate will be -63 dbm Capacity is the sum of all clients within the cells Air Time -73 dbm -60 dbm -63 dbm = Client RSSI at AP BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 81
82 AP 2800 / 3800 Macro / Micro Cell Dual 5 GHz Creating two RF diverse 5 GHz cells Doubles the Air Time available Macro / Micro 5 GHz cell -75 dbm -71 dbm 5GHz Serving 5GHz Serving CU Chnl 36 = 20%! CU Chnl 108 =24%! Optimizing Connections (Macro vs Micro) keeps like performing clients together, rather than have one drag down the other -68 dbm -63 dbm -51 dbm -58 dbm RRM will optimize, based on received RSSI -73 dbm -60 dbm Channel Utilization TOTAL = 44% a much more efficient use of spectrum! Less waiting, fewer retransmits, etc -63 dbm = Client RSSI at AP BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 82
83 Cisco Wireless Hardware Innovation Proven Results BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 83
84 Network Innovation Leveraging Flexible Silicon for Encrypted Traffic Analytics
85 Network Threats are Evolving to Leverage Encryption BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 85
86 Encrypted Traffic Analytics Malware Detection and Visibility without Decryption Malware in Encrypted Traffic Is the payload within the TLS session malicious? End to end confidentiality Channel integrity during inspection Adapts with encryption standards Cryptographic Compliance How much of my digital business uses strong encryption? Audit for TLS policy violations Passive detection of Ciphersuite vulnerabilities BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 86
87 Sequence of Packet Lengths and Times (SPLT) Malware Behavior Communication with command control server Write to the disk Network Behavior Sequence of packet lengths Time interval between packet BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 87
88 Initial Data Packet Client: I support crypto! Server: I support that crypto, and I m me! Client: Take this secret and let s encrypt! Server: Your secret looks good; let s encrypt! Client/Server: encrypted data! TLS field (in ClientHello) Offered Cyphersuites Extensions Inference Browsers prefer heavy weight and more secure encryption algorithms, Mobile applications prefer efficient encryption BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 88
89 Detecting Malware by Behavior SPLT, IDP, and Machine Learning Google Search Bestafera C2 Message Initial Page Load Autocomplete Page Refresh Data Exfiltration Self-Signed Certificate BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 89
90 Flexible Silicon A Strong Foundation for DNA
91 What does all of this mean for me? BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 91
92 Cisco Programmable Hardware equals FLEXIBILITY ADAPTABILITY Enabling Network Evolution a critical requirement for DNA BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 92
93 Leveraging Flexible Silicon for Next-Gen Network Architectures Software Defined Access Dave Zacks
94 Policy in Today s Networks Network Policy Enterprise Network QoS Security Redirect/copy Traffic engineering etc. SRC DST PAYLOAD DATA DSCP PROT IP SRC IP DST PORT PORT Policy is based on 5 Tuple Only Transitive information Survives end to end BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 94
95 What is the Problem? Policy in Today s Networks Network Policy access-list 102 deny udp gt eq 2165 access-list 102 deny udp lt gt 428 access-list 102 permit ip eq gt 1511 access-list 102 deny tcp gt gt 1945 access-list 102 permit icmp lt eq 116 access-list 102 deny udp eq eq 959 access-list 102 deny tcp eq lt 4993 access-list 102 deny tcp eq lt 848 access-list 102 deny ip eq gt 4878 access-list 102 permit icmp lt eq 1216 access-list 102 deny icmp gt gt 1111 access-list 102 deny ip eq eq 4175 access-list 102 permit tcp lt gt 1462 Enterprise Network access-list 102 permit tcp gt lt 4384 SRC DST PAYLOAD DATA DSCP PROT IP SRC IP DST PORT PORT IP ADDRESSES Locate you Identify you Drive treatment Constrain you IP Address meaning OVERLOAD VLAN 20 VLAN 30 SSID D SSID C User/device info? SSID A VLAN 10 VLAN 40 SSID B BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 95
96 What is the Problem? Group Policy Rollout Today Production Servers Developer Servers Multiple Steps and Touch Points LAN Core L3 Switch Trunk WLAN 4. Implement Policy What Trunks if You Need to Add Another Define Group ACLs & Policy? Apply ACLs L2 Switch One SSID AAA DHCP AD 1. Define Groups in AD 2. Define Policies VLAN/subnet based 3. Implement VLANs/Subnets Create VLANs Define DHCP scope Create subnets and L3 interfaces Routing for new subnets Map SSID to Interface/VLAN 5. Many different User Interfaces. AAA WLC Devices CLI BYOD Employee Contractor BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 96
97 But What If we could make the IP address just be a LOCATOR for you, and provide other ways to group users / devices to apply POLICY? Key Assertion If we could break the dependence between IP addressing and policy, we could greatly simplify networks and make networks much more functional. BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 97
98 You could build and run your network in a simpler way Apply Policy irrespectively of network constructs (VLAN, subnet, IP address) Easily implement Network Segmentation (w/o implementing MPLS) Provide L2 and L3 flexibility (w/o stretching VLANs) With a Fabric we could make the IP address just be a LOCATOR for you, and provide other ways to group users / devices to apply POLICY? Key Assertion If we could break the dependence between IP addressing and policy, we could greatly simplify networks and make networks much more functional. BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 98
99 What is a Fabric?
100 What Exactly is a Fabric? Network Overlays A Fabric is an Overlay An Overlay is a logical topology used to virtually connect devices, built on top of some arbitrary physical Underlay topology. An Overlay network often uses alternate forwarding attributes to provide additional services, not provided by the Underlay. Examples of Network Overlays GRE or mgre MPLS or VPLS IPSec or DMVPN CAPWAP LISP OTV DFA ACI BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 100
101 Why Use an Overlay? Separate the Forwarding Plane from the Services Plane IT Challenge (Business): Network Uptime IT Challenge (Employee): New Services The Boss YOU The User Simple Transport Forwarding Redundant Devices and Paths Keep It Simple and Manageable Optimize Packet Handling Maximize Network Reliability (HA) Flexible Virtual Services Mobility - Map Endpoints to Edges Services - Deliver using Overlay Scalability - Reduce Protocol State Flexible and Programmable BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 101
102 What Exactly is Campus Fabric? Key Components 1. Control-Plane based on LISP 2. Data-Plane based on VXLAN 3. Policy-Plane based on TrustSec Key Differences L2 + L3 Overlay -vs- L2 or L3 Only Host Mobility with Anycast Gateway Adds VRF + SGT into Data-Plane Virtual Tunnel Endpoints (No Static) No Topology Limitations (Basic IP) BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 102
103 LISP in 30 Seconds Control Plane LISP Mapping System Software Control Plane The LISP Mapping System is analogous to a DNS lookup DNS resolves IP Addresses for a queried Name Answers the WHO IS question Host [ Who is lisp.cisco.com ]? [ Address is , 2610:D0:110C:1::3 ] DNS Server DNS Name -to- IP URL Resolution LISP resolves Locators for a queried Identity Answers the WHERE IS question LISP Router [ Where is 2610:D0:110C:1::3 ]? [ Locator is , ] LISP Map System LISP ID -to- Locator Map Resolution BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 103
104 What Exactly is a Fabric? Data Plane VXLAN 1. Control Plane based on LISP Hardware Data Plane 2. Data Plane based on VXLAN ETHERNET IP PAYLOAD ORIGINAL PACKET Supports L3 Overlay ETHERNET IP UDP LISP IP PAYLOAD PACKET IN LISP Supports L2 & L3 Overlay ETHERNET IP UDP VXLAN ETHERNET IP PAYLOAD PACKET IN VXLAN BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 104
105 What Exactly is a Fabric? Policy Plane VRF and SGT Transport 1. Control Plane based on LISP 2. Data Plane based on VXLAN 3. Policy Plane based on TrustSec VRF + SGT Virtual Routing & Forwarding Scalable Group Tagging Integrated Security ETHERNET IP UDP VXLAN ETHERNET IP PAYLOAD BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 105
106 Cisco TrustSec in 30 Seconds Segmentation Based on Groups Integrated Security Enforcement Group Based Policies ACLs, Firewall Rules Shared Services Application Servers Propagation Carry Group context through the network using only SGT Enforcement Enterprise Backbone DC Switch or Firewall ISE Classification Static or Dynamic SGT assignments Campus Switch Campus Switch DC switch receives policy for only what is connected Employee Tag Supplier Tag Non-Compliant Employee Voice Voice Employee Supplier Non-Compliant Non-Compliant Tag VLAN A VLAN B BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 106
107 Software Defined Access (SDA) Bringing It All Together
108 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 108
109 What is SD-Access? Campus Fabric + Automation & Assurance (DNAC) ISE / AD APIC-EM 1.X 2.0 DNA Center NDP / PI SD Access NEW! GUI approach provides automation of all Campus Fabric configurations, management and group-based policy. Leverages DNA Center to integrate external Service components, and orchestrate your entire LAN, WLAN and WAN network. B B Campus Fabric Shipping since 2016 Campus Fabric C CLI or API form of the new Overlay Fabric solution for your Enterprise Campus networks. CLI approach provides backwards compatibility and customization, Box-by-Box. API approach provides central automation via NETCONF. APIC-EM, ISE, NDP are all separate. BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 109
110 sioning BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 110
111 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
112 SD-Access Roles and Terminology Identity Services Fabric Border Nodes Intermediate Nodes (Underlay) Fabric Edge Nodes ISE B APIC-EM B Campus Fabric NDP C A Strong Foundation, Enabled by Cisco Flexible Silicon! DNA Controller Analytics Engine Fabric Wireless Controller Control-Plane Nodes DNA Controller Enterprise SDN Controller provides GUI management and abstraction via Service Apps, that share information Identity Services External ID Systems (e.g. ISE) are leveraged for dynamic Endpoint to Group mapping and Policy definition Analytics Engine External Data Collectors (e.g. NDP) are leveraged to analyze Endpoint to App flows and monitor fabric status Control-Plane Nodes Map System that manages Endpoint to Device relationships Fabric Border Nodes A Fabric device (e.g. Core) that connects External L3 network(s) to the SDA Fabric Fabric Edge Nodes A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SDA Fabric Fabric Wireless Controller A Fabric device (WLC) that connects Wireless Endpoints to the SDA Fabric BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 112
113 SD-Access Platform Support Switching Routing Wireless Subtended NEW Catalyst 9400 NEW Catalyst 9300 ASR-1000-X AIR-CT5520 NEW NEW ASR-1000-HX AIR-CT8540 NEW CDB Catalyst 9500 AIR-CT3504 ISR 4430 Catalyst 4500E Catalyst 6K Nexus 7700 ISR 4450 Wave 2 APs (1800, 2800,3800) 3560-CX Catalyst 3850 and 3650 CSRv Wave 1 APs* (1700, 2700,3700) *with Caveats BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 113
114 SD-Access Solution At a Glance Architecture for the Digital Enterprise Policy Mobility with no Topology Dependence Identity & Policy Identity Services Engine (ISE) Automation App Policy Infra Control (APIC-EM) Assurance Network Data Platform (NDP) Contextual Visibility and Troubleshooting SD-Access Fabric Stretched Subnets Group 1 Group 2 Employees Virtual Network Group 3 Group 4 IoT Virtual Network BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 114
115 SD-Access Fabric Wireless Integration Fabric Enabled WLC is integrated into Fabric for SDA Wireless clients Ctrl: CAPWAP Connects to Fabric via Border (Underlay) Data: VXLAN Fabric Enabled APs connect to the WLC (CAPWAP) via dedicated Host Pool (Overlay) Fabric Enabled APs connect to the Edge via VXLAN Known Networks B C B Unknown Networks Wireless Clients (SSIDs) use regular Host Pools for forwarding and policy (same as Wired) Fabric Enabled WLC registers Clients with the Control-Plane (connected to local Edge + AP) BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 115
116 SD-Access From Protocols to Solutions VXLAN LISP TrustSec / SGTs VRFs BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 116
117 SD-Access DNA Center DNA Center Simple Workflows DESIGN PROVISION POLICY ASSURANCE DNA Center Identity Services Engine APIC-EM Network Data Platform Routers Switches Wireless Controllers Wireless APs BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 117
118 Assure Assure Assure Assure Provision Assure BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 118
119 Software Defined Access Cisco Live Session Map Monday (June 26) Tuesday (June 27) Wednesday (June 28) Thursday (June 29) 8:00 10:00 AM 1:30-3:30 PM 4:00-5:30 PM 8:00 10:00 AM 1:30-3:30 PM 4:00-5:30 PM 8:00 10:00 AM 1:30-3:30 PM 4:00-5:30 PM 8:00 10:00 AM 1:00-2:30 PM 4:00-5:30 PM BRKEWN-2020 Wireless BRKDCN-2489 DC Integration BRKCRS-3811 Policy BRKCRS-2810 (1) Solution BRKCRS-2811 (1) External Connect BRKCRS-2810 (2) Solution BRKCRS-2811 (2) External Connect BRKCRS-2812 Migration BRKCRS-2813 Monitor & T shoot BRKCRS-2814 Assurance BRKARC
120 Cisco Flexible Silicon Summary
121 Critical Role of Flexible Silicon BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 121
122 DNA Flexible Infrastructure Supporting Fabric Evolution and Software Defined Access Separation of the Forwarding and Services Planes Overlay Overlay encapsulation Devices Overlay control plane Employee Supplier Fabric Overlay is the Services Plane Connects Users and Devices Leverages standard technologies Address Independent End-to-End Policy Underlay Fabric Underlay is the Forwarding Plane Connects Network Devices Leverages existing topologies Simple, best-practice deployment Cisco Flexible Silicon allows for Flexibility Key to Supporting the Evolution to Network Fabrics BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 122
123 Innovation All The Way Up The Stack Hardware, Software, and Solution to the Software and Protocols, with Integrated Security From the Hardware Integrated Security to the Whole Solution From the Gates to the GUI Cisco Innovations In Hardware, Software, and Solutions Tie It All Together BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 123
124 Cisco Flexible Silicon Want to Know More? Cisco Enterprise ASICs Discussion with Dave Zacks and Peter Jones Cisco Live Berlin Programmable ASICs for Cisco Catalyst Switches with Muhammad Imam Cisco Live Berlin BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 124
125 Cisco Flexible Silicon Information Sheet BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 125
126 Cisco Enterprise Silicon Delivering Innovation for Advanced Routing and Switching Did How We Achieve Did We Do? Our Objectives? Do You Have a Better Understanding of how ASICs are designed and built of why Flexibility in ASIC Hardware is key and how you can leverage Flexible ASICs in your own network designs? Don t Forget to fill out your evaluations! BRKARC Cisco 2017 Cisco and/or and/or its affiliates. its affiliates. All rights All rights reserved. Cisco Public 126
127 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on Don t forget: Cisco Live sessions will be available for viewing on demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public
128 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 128
129 Thank you
130
SD-Access Wireless: why would you care?
SD-Access Wireless: why would you care? CUWN Architecture - Centralized Overview Policy Definition Enforcement Point for Wi-Fi clients Client keeps same IP address while roaming WLC Single point of Ingress
More informationCisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco
Cisco Campus Fabric Introduction Vedran Hafner Systems engineer Cisco Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network
More informationCisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer
Cisco.Network.Intuitive FastLane IT Forum Andreas Korn Systems Engineer 12.10.2017 Ziele dieser Session New Era of Networking - Was ist darunter zu verstehen? Software Defined Access Wie revolutioniert
More informationTech Update Oktober Rene Andersen / Ib Hansen
Tech Update 10 12 Oktober 2017 Rene Andersen / Ib Hansen DNA Solution Cisco Enterprise Portfolio DNA Center Simple Workflows DESIGN PROVISION POLICY ASSURANCE Identity Services Engine DNA Center APIC-EM
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationCisco SD-Access Hands-on Lab
LTRCRS-2810 Cisco SD-Access Hands-on Lab Larissa Overbey - Technical Marketing Engineer, Cisco Derek Huckaby - Technical Marketing Engineer, Cisco https://cisco.box.com/v/ltrcrs-2810-bcn2018 Password:
More informationEvolving your Campus Network with. Campus Fabric. Shawn Wargo. Technical Marketing Engineer BRKCRS-3800
Evolving your Campus Network with Campus Fabric Shawn Wargo Technical Marketing Engineer BRKCRS-3800 Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility
More informationCisco Software Defined Access (SDA)
Cisco Software Defined Access (SDA) Transformational Approach to Network Design & Provisioning Sanjay Kumar Regional Manager- ASEAN, Cisco Systems What is network about? Source: google.de images Security
More informationCampus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801
Campus Fabric How To Integrate With Your Existing Networks Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o
More informationCisco Enterprise Silicon Delivering Innovation for Advanced Routing and Switching
Cisco Enterprise Silicon Delivering Innovation for Advanced Routing and Switching Rohan Saldanha - Systems Engineer #clmel Cisco Enterprise Silicon Delivering Innovation for Advanced Routing and Switching
More informationAPIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks
APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks Saurav Prasad Technical Marketing Engineer CTHNMS-1002 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after
More informationCisco Enterprise Silicon:
Cisco Enterprise Silicon: Delivering Innovation for Advanced Routing and Switching Carl Solder Dave Zacks Director, Engineering Distinguished Engineer Cisco Enterprise Silicon: Delivering Innovation for
More informationCisco SD-Access Building the Routed Underlay
Cisco SD-Access Building the Routed Underlay Rahul Kachalia Sr. Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationSoftware-Defined Access 1.0
Software-Defined Access 1.0 What is Cisco Software-Defined Access? The Cisco Software-Defined Access (SD-Access) solution uses Cisco DNA Center to provide intent-based policy, automation, and assurance
More informationRouting Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationTHE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017
THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017 The Network. Intuitive. Constantly learning, adapting and protecting. L E A R
More informationCisco SD-Access Policy Driven Manageability
BRKCRS-3811 Cisco SD-Access Policy Driven Manageability Victor Moreno, Distinguished Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Introduction to The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based
More informationSoftware-Defined Access 1.0
White Paper Software-Defined Access 1.0 Solution White Paper Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA https://www.cisco.com/ Tel: 408 526-4000 800 553-NETS
More informationTransforming the Network for the Digital Business
Transforming the Network for the Digital Business Driven by Software Defined Platforms Hugo Padilla Prad Enterprise Networks Digital Acceleration Team CCIE Emeritus #12444 Cisco Forum Kiev, November 14
More informationCisco Software-Defined Access
Migration Guide Cisco Software-Defined Access 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 31 Contents Cisco SD-Access... 3 Evolution of Networking
More informationNetwork as an Enforcer (NaaE) Cisco Services. Network as an Enforcer Cisco and/or its affiliates. All rights reserved.
Network as an Enforcer (NaaE) Cisco Services INTRODUCTION... 6 Overview of Network as an Enforcer... 6 Key Benefits... 6 Audience... 6 Scope... 6... 8 Guidelines and Limitations... 8 Configuring SGACL
More informationDNA Campus Fabric. How to Migrate The Existing Network. Kedar Karmarkar - Technical Leader BRKCRS-2801
DNA Campus Fabric How to Migrate The Existing Network Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching
More informationCisco Exam Questions & Answers
Cisco 648-375 Exam Questions & Answers Number: 648-375 Passing Score: 800 Time Limit: 120 min File Version: 22.1 http://www.gratisexam.com/ Cisco 648-375 Exam Questions & Answers Exam Name: Cisco Express
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationNext Gen Enterprise Management and Operations with Cisco DNA
Next Gen Enterprise Management and Operations with Cisco DNA Ramit Kanda Director PM, Enterprise Network Transformation Prakash Rajamani Director PM, Enterprise Network Transformation BRKNMS 1601 Cisco
More informationImplementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN
This module provides conceptual information for VXLAN in general and configuration information for layer 2 VXLAN on Cisco ASR 9000 Series Router. For configuration information of layer 3 VXLAN, see Implementing
More informationNext generation branch with SD-WAN and NFV
Next generation branch with SD-WAN and NFV Kiran Ghodgaonkar, Senior Manager, Enterprise Marketing Mani Ganeson, Senior Product Manager PSOCRS-2004 @ghodgaonkar Cisco Spark How Questions? Use Cisco Spark
More informationDNA Automation Services Offerings
DNA Automation Services Offerings Jamie Owen, Solutions Architect, Cisco Advanced Services Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationAutomatisierung im LAN Der Start in eine neue Ära des Networkings
Automatisierung im LAN Der Start in eine neue Ära des Networkings Thomas Spiegel Consulting Systems Engineer September 2017 Cisco Disclaimer Cisco Roadmap Disclaimer. Some of the products and features
More informationP ART 3. Configuring the Infrastructure
P ART 3 Configuring the Infrastructure CHAPTER 8 Summary of Configuring the Infrastructure Revised: August 7, 2013 This part of the CVD section discusses the different infrastructure components that are
More informationOpenFlow: What s it Good for?
OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases
More informationSoftware-Defined Access Design Guide
Cisco Validated design Software-Defined Access Design Guide December 2017 Solution 1.1 Table of Contents Table of Contents Cisco Digital Network Architecture and Software-Defined Access Introduction...
More informationIntelligent WAN Multiple VRFs Deployment Guide
Cisco Validated design Intelligent WAN Multiple VRFs Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deploying the Cisco IWAN Multiple VRFs...
More informationCisco Software-Defined Access
Cisco Software-Defined Access Introducing an entirely new era in networking. What if you could give time back to IT? Provide network access in minutes for any user or device to any application-without
More informationNetwork Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016
Network Automation and Branch Agility The Network Helps Enable Digital Business Rajinder Singh Product Sales Specialist June 2016 Agenda WAN Market Drivers Cisco Intelligent WAN (IWAN) Cisco Intelligent
More informationMigration Guide from Cisco Catalyst 3850 Series to 9300 Series
Migration Guide from Cisco Catalyst 3850 Series to 9300 Series The new Cisco Catalyst 9000 switching family is the next generation in the legendary Cisco Catalyst family of enterprise LAN access, aggregation,
More informationCloud Mobility: Meraki Wireless & EMM
BRKEWN-2002 Cloud Mobility: Meraki Wireless & EMM Emily Sporl Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile
More informationBuilding Service-Aware Networks
Building Service-Aware Networks The Next-Generation WAN/MAN Muhammad Afaq Khan, CCIE No. 9070 Cisco Press 800 East 96th Street Indianapolis, IN 46240 Building Service-Aware Networks: The Next-Generation
More informationCISCO CATALYST 4500-X SERIES FIXED 10 GIGABIT ETHERNET AGGREGATION SWITCH DATA SHEET
CISCO CATALYST 4500-X SERIES FIXED 10 GIGABIT ETHERNET AGGREGATION SWITCH DATA SHEET ROUTER-SWITCH.COM Leading Network Hardware Supplier CONTENT Overview...2 Appearance... 2 Key Features and Benefits...2
More informationPSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco
PSOACI-4592 Why ACI: An overview and a customer (BBVA) perspective TJ Bijlsma César Martinez Joaquin Crespo Technology Officer DC EMEAR Cisco Lead Architect BBVA Lead Architect BBVA Cisco Spark How Questions?
More informationCisco DNA. Digital Network Architecture. https://twitter.com/rbrasfer https://pt.linkedin.com/in/ruibrasfernandes
Cisco DNA Digital Network Architecture Rui Brás Fernandes rbrasfer@cisco.com https://twitter.com/rbrasfer https://pt.linkedin.com/in/ruibrasfernandes Cisco Vision and Strategy Vision Change the way the
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationCisco SD-WAN and DNA-C
Cisco SD-WAN and DNA-C SD-WAN Cisco SD-WAN Intent-based networking for the branch and WAN 4x Improved application experience Better user experience Deploy applications in minutes on any platform with consistent
More informationCampus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)
Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches) First Published: 2017-07-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationEnterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.
2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are
More informationPerforming Path Traces
About Path Trace, page 1 Performing a Path Trace, page 13 Collecting QoS and Interface Statistics in a Path Trace, page 15 About Path Trace With Path Trace, the controller reviews and collects network
More informationDeploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)
Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC) COURSE OVERVIEW: Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationCampus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches)
Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches) First Published: 2017-07-31 Last Modified: 2017-11-03 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive
More informationData Center Configuration. 1. Configuring VXLAN
Data Center Configuration 1. 1 1.1 Overview Virtual Extensible Local Area Network (VXLAN) is a virtual Ethernet based on the physical IP (overlay) network. It is a technology that encapsulates layer 2
More information2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
2018 Cisco and/or its affiliates. All rights reserved. Cisco Public PSODCN-1030 Intent Based Systems Deliver Automation Dave Malik Cisco Fellow and Chief Architect Advanced Services @dmalik2 2018 Cisco
More informationIWAN APIC-EM Application Cisco Intelligent WAN
IWAN APIC-EM Application Cisco Intelligent WAN René og Per Cisco DK SE s Feb 23 th 2016 AVC MPLS Private Cloud 3G/4G-LTE Virtual Private Cloud Branch WAAS PfR Internet Public Cloud Control, Management,
More informationCisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab
Cisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab Ali Shaikh Technical Leader Faraz Shamim Sr. Technical Leader Mossaddaq Turabi Distinguished ENgineer Cisco Spark How Questions?
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 648-385 EXAM QUESTIONS & ANSWERS Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 41.0 http://www.gratisexam.com/ CISCO 648-385 EXAM QUESTIONS & ANSWERS Exam Name: CXFF - Cisco
More informationAssure the Health of Your Network
DNA Center Assurance Overview, on page 1 Monitor and Troubleshoot the Overall Health of Your Enterprise, on page 4 Monitor and Troubleshoot the Health of Your Network, on page 7 Monitor and Troubleshoot
More informationCloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN
BRKCRS-2113 Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN Sumanth Kakaraparthi Product Leader SD-WAN Manan Shah Director Of Product Management Cisco Spark How Questions? Use Cisco Spark
More informationIntuit Application Centric ACI Deployment Case Study
Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key
More informationThe Transformation of Media & Broadcast Video Production to a Professional Media Network
The Transformation of Media & Broadcast Video Production to a Professional Media Network Subha Dhesikan, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after
More informationServiceability of SD-WAN
BRKCRS-2112 Serviceability of SD-WAN Chandrabalaji Rajaram & Ali Shaikh Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live
More informationCisco ASR 1000 Series Aggregation Services Routers: QoS Architecture and Solutions
Cisco ASR 1000 Series Aggregation Services Routers: QoS Architecture and Solutions Introduction Much more bandwidth is available now than during the times of 300-bps modems, but the same business principles
More informationDisruptive Innovation in ethernet switching
Disruptive Innovation in ethernet switching Lincoln Dale Principal Engineer, Arista Networks ltd@aristanetworks.com AusNOG 2012 Ethernet switches have had a pretty boring existence. The odd speed increase
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationSecuring BYOD with Cisco TrustSec Security Group Firewalling
White Paper Securing BYOD with Cisco TrustSec Security Group Firewalling Getting Started with TrustSec What You Will Learn The bring-your-own-device (BYOD) trend can spur greater enterprise productivity
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationGet Hands On With DNA Center APIs for Managing Intent
DEVNET-3620 Get Hands On With DNA Center APIs for Managing Intent Adam Radford Distinguished Systems Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationVRF, MPLS and MP-BGP Fundamentals
VRF, MPLS and MP-BGP Fundamentals Jason Gooley, CCIEx2 (RS, SP) #38759 Twitter: @ccie38759 LinkedIn: http://www.linkedin.com/in/jgooley Agenda Introduction to Virtualization VRF-Lite MPLS & BGP Free Core
More informationPradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc.
Pradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc. March 4 th, 2014 2012 2010 Cisco and/or its affiliates. All rights reserved. 1 2012 Cisco and/or
More informationImplementing VXLAN in DataCenter
Implementing VXLAN in DataCenter LTRDCT-1223 Lilian Quan Technical Marketing Engineering, INSBU Erum Frahim Technical Leader, ecats John Weston Technical Leader, ecats Why Overlays? Robust Underlay/Fabric
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationSD-Access Wireless Design and Deployment Guide
SD-Access Wireless Design and Deployment Guide Executive Summary 2 Software Defined Access 2 SD Access Wireless 3 SD Access Wireless Architecture 4 Setting up SD-Access Wireless with DNAC 13 SD Access
More informationResilient WAN and Security for Distributed Networks with Cisco Meraki MX
Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Daghan Altas, Director of Product Management BRKSEC-2900 Agenda Problem Cisco CNG Live network creation demo (45m) Product Brief
More informationCOMP211 Chapter 4 Network Layer: The Data Plane
COMP211 Chapter 4 Network Layer: The Data Plane All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith Ross
More informationCertKiller q
CertKiller.500-451.28q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 5.3 500-451 Cisco Unified Access Systems Engineer Exam I just passed today with 89%. My sole focus was the VCE.
More informationIP Mobility Design Considerations
CHAPTER 4 The Cisco Locator/ID Separation Protocol Technology in extended subnet mode with OTV L2 extension on the Cloud Services Router (CSR1000V) will be utilized in this DRaaS 2.0 System. This provides
More informationExam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.
Exam Code: 700-303 Number: 700-303 Passing Score: 800 Time Limit: 120 min File Version: 41.2 http://www.gratisexam.com/ Exam Code: 700-303 Exam Name: Advanced Borderless Network Architecture Systems Engineer
More informationCisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003
Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003 Agenda ACI Introduction and Multi-Fabric Use Cases ACI Multi-Fabric Design Options ACI Stretched Fabric Overview
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More informationTrustSec (NaaS / NaaE)
TrustSec (NaaS / NaaE) per@cisco.com Security on top of the mind for our customers 60% 85% 54% of data is stolen in HOURS of point-of-sale intrusions aren t discovered for WEEKS of breaches remain undiscovered
More informationCisco Exam Questions & Answers
Cisco 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.4 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF - Cisco
More informationTechnology Overview. Overview CHAPTER
CHAPTER 2 Revised: July 29, 2013, This overview of AVC technology includes the following topics: Overview, page 2-1 AVC Features and Capabilities, page 2-2 AVC Architecture, page 2-4 Interoperability of
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 2: Software-Defined Networks (SDN) Chapter 2. Chapter goals:
Managing and Securing Computer Networks Guy Leduc Chapter 2: Software-Defined Networks (SDN) Mainly based on: Computer Networks and Internets, 6 th Edition Douglas E. Comer Pearson Education, 2015 (Chapter
More informationCisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide
Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide Introduction This is the first of a series of documents on the design and implementation of a wireless
More informationCisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002
Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?
More informationPUSHING THE LIMITS, A PERSPECTIVE ON ROUTER ARCHITECTURE CHALLENGES
PUSHING THE LIMITS, A PERSPECTIVE ON ROUTER ARCHITECTURE CHALLENGES Greg Hankins APRICOT 2012 2012 Brocade Communications Systems, Inc. 2012/02/28 Lookup Capacity and Forwarding
More informationBefore configuring standard QoS, you must have a thorough understanding of these items:
Finding Feature Information, page 1 Prerequisites for QoS, page 1 QoS Components, page 2 QoS Terminology, page 3 Information About QoS, page 3 Restrictions for QoS on Wired Targets, page 41 Restrictions
More informationIntroduction to Cisco SD- WAN (Viptela)
LTRCRS-2005 Introduction to Cisco SD- WAN (Viptela) Brad Edgeworth, Systems Engineer, CCIE#31574 Dustin Schuemann, Solutions Architect Madhavan Aruanchalam, Technical Marketing Engineer Cisco Spark How
More informationCisco Software-Defined Access
F Cisco Software-Defined ccess What is Cisco Software-Defined ccess? Cisco Software-Defined ccess (SD-ccess) is a central part of the Cisco Digital Network rchitecture (Cisco DN ) solution and represents
More informationFundamentals and Deployment of Cisco SD-WAN Duration: 3 Days (24 hours) Prerequisites
Fundamentals and Deployment of Cisco SD-WAN Duration: 3 Days (24 hours) Prerequisites The recommended knowledge and skills that a learner must have before attending this course are as follows: Knowledge
More informationCisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018
Cisco SD-WAN Intent-based networking for the branch and WAN Carlos Infante PSS EN Spain March 2018 Aug-12 Oct-12 Dec-12 Feb-13 Apr-13 Jun-13 Aug-13 Oct-13 Dec-13 Feb-14 Apr-14 Jun-14 Aug-14 Oct-14 Dec-14
More informationCisco ONE Software Overview. October 2017
Cisco ONE Software Overview October 2017 Agenda Why Cisco ONE Software and the Outcome Offers and Use Case Access (Wireless and Switching) WAN Cloud and Compute DC Networking Smart Accounts Resources Cisco
More informationIntelligent WAN : CVU update
Intelligent WAN : CVU update Deliver enhanced mobile experience at the branch with Intelligent WAN Soren D. Andreasen (sandreas@cisco.com) Technical Solution Architect CCIE# 3252 Agenda IWAN 2.0/2.1 overview
More informationNetwork Design and Architecture Boot camp Do you want to become an Architect?
Network Design and Architecture Boot camp Do you want to become an Architect? The one and only boot camp in the market today - focusing on designing campus, service provider and data center architectures.
More informationFundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security
Fundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services
More informationCisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13
Q&A Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q. What is the Cisco Cloud Services Router 1000V? A. The Cisco Cloud Services Router 1000V (CSR 1000V) is a router in virtual
More informationCISCO QUAD Cisco CCENT/CCNA/CCDA/CCNA Security (QUAD)
Our Learning Exclusive Custom exam prep software and materials Exam delivery in classroom with 98% success Course specific thinqtank Learning publications to promote fun exciting learning Extended hours
More informationChoice of Segmentation and Group Based Policies for Enterprise Networks
Choice of Segmentation and Group Based Policies for Enterprise Networks Hari Holla Technical Marketing Engineer, Cisco ISE BRKCRS-2893 hari_holla /in/hariholla Cisco Spark How Questions? Use Cisco Spark
More information