Evolving your Campus Network with. Campus Fabric. Shawn Wargo. Technical Marketing Engineer BRKCRS-3800

Size: px
Start display at page:

Download "Evolving your Campus Network with. Campus Fabric. Shawn Wargo. Technical Marketing Engineer BRKCRS-3800"

Transcription

1

2 Evolving your Campus Network with Campus Fabric Shawn Wargo Technical Marketing Engineer BRKCRS-3800

3 Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network Segmentation (w/o implementing MPLS) Role-based Access Control (w/o end-to-end TrustSec) Using Cisco technologies available today, you can overcome these challenges and build an Evolved Campus Network to better meet your business objectives. Come to this session to get a deeper insight into the Key Technologies, Designs and Configurations (e.g. LISP with VXLAN, and TrustSec) that bring this evolution to life! We highly recommend that attendees already be familiar with: Enterprise Campus Design (BRKCRS-2031), Location ID Separation Protocol (BRKRST-3045), and Cisco Trust Security (BRKCRS-2891). BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 3

4 Agenda Key Benefits Why do I care? Key Concepts What is a Fabric? Solution Overview How does it work? Putting It Together Where do things go? Take-Away When to get started?

5 Key Benefits Why do I care?

6 Cisco Digital Network Architecture Overview Network-enabled Applications Principles Cloud Service Management Open APIs Developers Environment Automation Abstraction & Policy Control from Core to Edge Policy Orchestration Analytics Network Data, Contextual Insights Insights & Experiences Automation & Assurance Open & Programmable Standards-Based Virtualization Physical & Virtual Infrastructure App Hosting Security & Compliance Cloud-enabled Software-delivered BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 6

7 Cisco Digital Network Architecture APIs Network Enabled Applications UNI GUI Prescriptive Service Definition & Orchestration Model-based Customized UNI Telemetry Intent Service Instantiation Topology Easy QoS Enterprise Controller (Policy Determination) Plug & Play Path Optimization Analytics APIs PEP Branch WAN / Branch WAN Agg PEP Campus PEP Data Center PEP Apps PEP Branch SP PEP Apps Internet PEP PEP Segmentation 1 Segmentation 2 Int. Acc Segmentation 3 PEP Cloud PEP Apps WAN VNFs Campus VNFs DC VNFs Cloud VNFs Localized or network-wide Service Chaining Network Function Virtualization Network Interface (UNI) PEP: Policy Enforcement Point BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 7

8 What is Campus Fabric? Foundational Technologies Programmable Custom ASICs Converged Software Services Industry Leading Wired & Wireless Stacking TrustSec SDN Advanced Functionality Programmable Pipeline Flexibility Recirculation Optimized for Campus Integrated Stacking Visibility Security Future Proofed Long Life Cycle Investment Protection + Network Enabled Applications Collaboration Mobility IoT Security ` Automation and Analytics Controller Visible Programmable Open Virtualization Campus Fabric Segmentation L2 Flexibility Designed for Evolution Strong Foundational Capabilities HA Driving Innovation Through Technology Investment 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

9 Provision Simplified Provisioning Deploy devices using best practice configurations from a simple user interface 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

10 X Segmentation Security Simple Segmentation constructs to build Secure boundaries for users and things 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

11 Mobility Wired and Wireless Host Mobility because your address is no longer tied to your location 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

12 Intelligent Policy Network Wide Policy Enforcement based on your identity, not on your address 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

13 Key Concepts What is a Fabric?

14 What exactly is a Fabric? A Fabric is an Overlay An Overlay is a logical topology used to virtually connect devices, built on top of an arbitrary physical Underlay topology. An Overlay network often uses alternate forwarding attributes to provide additional services, not provided by the Underlay. Examples of Network Overlays GRE or mgre LISP MPLS or VPLS OTV IPSec or DMVPN DFA CAPWAP ACI BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 14

15 What exactly is a Fabric? Why Overlays? Separate the Forwarding Plane from the Services Plane Simple Transport Forwarding Physical Devices and Paths Intelligent Packet Handling Maximize Network Availability Simple and Manageable Flexible Virtual Services Mobility Track End-points at Edges Scalability Reduce core state Distribute state to network edge Flexibility & Programmability Reduced number of touch points BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 15

16 What exactly is a Fabric? Overlay Terminology Overlay Network Overlay Control Plane Encapsulation Edge Device Edge Device Hosts (End-Points) Underlay Network Underlay Control Plane BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 16

17 What exactly is a Fabric? Types of Overlays Hybrid L2 + L3 Overlays offer the Best of Both Worlds Layer 2 Overlays Emulates a LAN segment Transport Ethernet Frames (IP & Non-IP) Single subnet mobility (L2 domain) Exposure to Layer 2 flooding Useful in emulating physical topologies Layer 3 Overlays Abstract IP connectivity Transport IP Packets (IPv4 & IPv6) Full mobility regardless of Gateway Contain network related failures (floods) Useful to abstract connectivity and policy BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 17

18 What is unique about Campus Fabric? Key Components LISP 1. LISP based Control-Plane Routing Protocols = Big Tables & More CPU LISP DB + Cache = Small Tables & Less CPU BEFORE IP Address = Location + Identity Prefix Next-hop Topology + Endpoint Routes Prefix Next-hop Prefix Next-hop Endpoint Routes are Consolidated to LISP DB AFTER Separate Identity from Location Prefix Next-hop Prefix Next-hop Only Local Routes Prefix RLOC Prefix Next-hop Flexible Mapping Database Topology Routes Endpoint Routes BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 18

19 What is unique about Campus Fabric? Key Components VXLAN 1. LISP based Control-Plane 2. VXLAN based Data-Plane ETHERNET IP PAYLOAD ORIGINAL PACKET Supports L3 Overlay ETHERNET ETHERNET IP IP UDP UDP VXLAN LISP ETHERNET IP IP PAYLOAD PAYLOAD PACKET IN LISP PACKET IN VXLAN Supports L2 & L3 Overlay BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 19

20 What is unique about Campus Fabric? Key Components CTS 1. LISP based Control-Plane 2. VXLAN based Data-Plane 3. Integrated Cisco TrustSec VRF + SGT Virtual Routing & Forwarding Scalable Group Tagging ETHERNET IP UDP VXLAN ETHERNET IP PAYLOAD BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 20

21 What is unique about Campus Fabric? Key Differences 1. LISP based Control-Plane 2. VXLAN based Data-Plane 3. Integrated Cisco TrustSec Key Differences L2 + L3 Overlay -vs- L2 or L3 Only Host Mobility with Anycast Gateway Adds VRF + SGT into Data-Plane Virtual Tunnel Endpoints (No Static) No Topology Limitations (Basic IP) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 21

22 Campus Fabric New Terminology Control-Plane Node LISP Map-Server Edge Node LISP Tunnel Router Border Node LISP Proxy Tunnel Router Intermediate Node Non-LISP IP Forwarder BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 22

23 Campus Fabric Control-Plane Nodes A Closer Look Fabric Control-Plane Node is based on a LISP Map Server / Resolver Runs the LISP Host Tracking Database to provide overlay reachability information A simple Host Database, that tracks Endpoint ID to Edge Node bindings, along with other attributes C Host Database supports multiple Endpoint ID lookup keys (IPv4 /32, IPv6 /128 or MAC) Receives prefix registrations from Edge Nodes with local Endpoints Resolves lookup requests from remote Edge Nodes, to locate local Endpoints BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 23

24 Campus Fabric Edge Nodes A Closer Look Fabric Edge Node is based on a LISP Tunnel Router Provides connectivity for Users and Devices connected to the Fabric Responsible for Identifying and Authenticating Endpoints Register Endpoint ID information with the Control-Plane Node(s) Provides Anycast L3 Gateway for connected Endpoints Must encapsulate / decapsulate host traffic to and from Endpoints connected to the Fabric E E E BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 24

25 Campus Fabric Border Nodes A Closer Look Fabric Border Node is based on a LISP Proxy Tunnel Router All traffic entering or leaving the Fabric goes through this type of node Connects traditional L3 networks and / or different Fabric domains to the local domain Where two domains exchange Endpoint reachability and policy information Responsible for translation of context (VRF & SGT) from one domain to another Provides a domain exit point for all Edge Nodes B B BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 25

26 Campus Fabric Overview New Terminology Fabric Domain FD LISP Process Virtual Neighborhood VN LISP Instance VRF Endpoint ID Group EIG Segment SGT Host Pool Dynamic EID VLAN + IP Subnet BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 26

27 Campus Fabric Virtual Neighborhoods A Closer Look Virtual Neighborhood is based on Virtual Routing & Forwarding (VRF) Maintains a separate Routing & Switching instance for each Virtual Neighborhood LISP uses Instance ID to maintain independent VRF topologies ( Default VRF is Instance ID 0 ) LISP adds VNID to the LISP / VXLAN encapsulation Endpoint ID prefixes (Host Pools) are advertised within one (or more) LISP Instance IDs Uses normal vrf definition configuration, along with RD & RT for remote advertisement (Border Node) VN A VN B VN C BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 27

28 Campus Fabric Endpoint ID Groups A Closer Look Endpoint ID Group is based on a Scalable Group Tag (SGT) Each User or Device is assigned to a unique Endpoint ID Group (EIG) CTS uses Endpoint ID Groups to assign a unique Scalable Group Tag (SGT) to Host Pools LISP adds SGT to the LISP / VXLAN encapsulation CTS EIGs are used to manage address-independent Group-Based Policies Individual Edge & Border Nodes use SGT to enforce local Scalable Group ACLs (SGACLs) EIG 2 EIG 1 EIG 3 EIG 5 EIG 4 EIG 6 EIG 8 EIG 7 EIG 9 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 28

29 Campus Fabric Host Pools A Closer Look Host Pool is based on an IP Subnet + VLAN ID Provides the basic IP constructs, including Anycast Gateway for each Host Pool Edge Nodes maintain a Switch Virtual Interface (SVI), with IP Subnet, Gateway IP, etc. for each Host Pool LISP uses Dynamic EID to advertise each Host Pool (within each Instance ID) LISP Dynamic EID allows Host-specific (/32, /128, MAC) advertisement and mobility Pool 2 Pool 1 Pool 3 Pool 5 Pool 4 Pool 6 Pool 8 Pool 7 Pool 9 Host Pools can either be assigned Statically (per port) or Dynamically (using Host Authentication) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 29

30 Technical Overview How does it work? Locator / ID Separation Protocol VXLAN Encapsulation Cisco TrustSec

31 Locator / ID Separation Protocol Location and Identity Separation Device IPv4 or IPv6 Address represents both Identity and Location IP core Traditional Behavior - Location + ID are Combined When the Device moves, it gets a new IPv4 or IPv6 Address for its new Identity and Location Device IPv4 or IPv6 Address represents Identity only IP core Overlay Behavior - Location & ID are Separated When the Device moves, it keeps the same IPv4 or IPv6 Address. It has the Same Identity Location Is Here Only the Location Changes BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 31

32 Locator / ID Separation Protocol LISP Mapping System LISP Mapping System is analogous to a DNS lookup DNS resolves IP Addresses for queried Name Answers the WHO IS question Host [ Who is lisp.cisco.com ]? DNS Server [ Address is , 2610:D0:110C:1::3 ] DNS Name -to- IP URL Resolution LISP resolves Locators for queried Identities Answers the WHERE IS question LISP Router [ Where is 2610:D0:110C:1::3 ]? LISP Map System [ Locator is , ] LISP ID -to- Locator Map Resolution BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 32

33 Locator / ID Separation Protocol LISP Roles & Responsibilities Map System EID a.a.a.0/24 b.b.b.0/24 c.c.c.0/24 d.d.0.0/16 RLOC w.x.y.1 x.y.w.2 z.q.r.5 z.q.r.5 Map Server / Resolver EID to RLOC Mappings Can be distributed across multiple LISP devices Tunnel Router - XTR Edge Devices Encap / Decap Ingress / Egress (ITR / ETR) Proxy Tunnel Router - PXTR Connects between LISP and non-lisp domains Ingress / Egress (PITR / PETR) Non-LISP PXTR EID Space ITR Prefix Next-hop w.x.y.1 e.f.g.h x.y.w.2 e.f.g.h z.q.r.5 e.f.g.h z.q.r.5 e.f.g.h ETR EID = End-point Identifier Host Address or Subnet RLOC = Routing Locator Local Router Address EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 d.d.0.0/16 z.q.r.5 EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 d.d.0.0/16 z.q.r.5 RLOC Space EID Space BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 33

34 Locator / ID Separation Protocol Map Register & Resolution Branch Mapping Cache Entry (on ITR) /16 ( , ) IT R Map Server / Resolver Map-Reply /16 ( , ) Database Mapping Entry (on ETR) /16 ( , ) ETR ETR ETR ETR Database Mapping Entry (on ETR) /16 ( , ) / /16 Campus DC BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 34

35 Locator / ID Separation Protocol Map Database Clustering (Redundancy) Mapping Cache Entry (on ITR) /16 ( , ) Branch IT R No Synchronization Between Map Servers ETRs Must Register with All Map Servers ITRs Anycast Map Requests Map Resolver: (Anycast) Map Server: Mapping DB Map Server: Node Cluster Map-Reply /16 ( , ) Database Mapping Entry (on ETR) /16 ( , ) ETR ETR ETR ETR Database Mapping Entry (on ETR) /16 ( , ) / /16 Campus DC BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 35

36 Locator / ID Separation Protocol How does LISP operate? 1 DNS Entry: D.abc.com A /24 3 Mapping Entry EID-prefix: /24 Locator-set: , priority: 1, weight: 50 (D1) , priority: 1, weight: 50 (D2) Non-LISP Non-LISP Path Preference Controlled by Destination Site 2 Branch S ITR PXTR IP Network Mapping System ETR ETR D Campus / /24 DC BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 36

37 Locator / ID Separation Protocol Forwarding from outside a LISP Domain 1 DNS Entry: D.abc.com A Mapping Entry EID-Prefix: /24 Locator-Set: , priority: 1, weight: 50 (D1) , priority: 1, weight: 50 (D2) S Non-LISP PXTR IP Network Mapping System ETR ETR Campus /24 D /24 DC BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 37

38 Locator / ID Separation Protocol Host Mobility Dynamic EID Migration DC1 D Map Register EID: /32 RLOC: Mapping Database / / / / / / Mapping System Routing Table /24 Local /32 Local /32 LISP0 5 xtr Routing Table /24 LISP /24 Local /32 - Local 3 24 IP Network xtr xtr S / / Campus Bldg 1 Campus Bldg 2 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 38

39 Locator / ID Separation Protocol Host Mobility Refreshing Map-Cache 1. ITRs / PITRs with cached mappings continue to send encapsulated traffic to the old RLOCs, until updated 2. Old ETR sends Solicit Map Request (SMR) messages to any ITRs / PITRs sending traffic to its RLOC for a dynamic EID no longer present (data-triggered) Map Cache: / / / / DC /24 S Mapping System 3. SMR causes the ITR / PITR to initiate a new Map-Request / Reply process 4. New ETR sends Map-Reply to update ITR / PITR map-cache with new location Traffic now flows to the SAME HOST at its NEW location 1 xtr xtr IP Network xtr D /24 Campus Bldg Campus Bldg /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 39

40 Locator / ID Separation Protocol (LISP) Would you like to know more? Suggested Reading: BRKRST LISP - A Next Generation Networking Architecture BRKRST Troubleshooting LISP BRKCRS LISP in Campus Networks Other References: Cisco LISP Site Cisco LISP Marketing Site LISP Beta Network Site or IETF LISP Working Group Fundamentals of LISP BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 40

41 Technical Overview How does it work? Locator / ID Separation Protocol VXLAN Encapsulation Cisco TrustSec

42 Cisco TrustSec Traditional segmentation is extremely complex access-list 102 deny udp gt eq 2165 access-list 102 deny udp lt gt 428 access-list 102 permit ip eq gt 1511 access-list 102 deny tcp gt gt 1945 access-list 102 permit icmp lt eq 116 access-list 102 deny udp eq eq 959 access-list 102 deny tcp eq lt 4993 access-list 102 deny tcp eq lt 848 access-list 102 deny ip eq gt 4878 access-list 102 permit icmp lt eq 1216 access-list 102 deny icmp gt gt 1111 access-list 102 deny ip eq eq 4175 access-list 102 permit tcp lt gt 1462 access-list 102 permit tcp gt lt 4384 Static ACL Routing Redundancy DHCP Scope Address VLAN Limits of Traditional Segmentation Security Policy based on Topology (Address) High cost and complex maintenance Non-Compliant Applications Voice Enterprise Backbone VACL Employee Aggregation Layer Access Layer Supplier BYOD Enforcement IP Based Policies - ACLs, Firewall Rules Propagation Carry Segment context through the network using VLAN, IP address, VRF Classification Static or Dynamic VLAN assignments Quarantine VLAN Voice VLAN Data VLAN Guest VLAN BYOD VLAN BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 42

43 Cisco TrustSec Simplified segmentation with Group Based Policy Enforcement Group Based Policies ACLs, Firewall Rules Shared Services Application Servers Propagation Carry Group context through the network using only SGT Enforcement Enterprise Backbone DC Switch or Firewall ISE Classification Static or Dynamic SGT assignments Campus Switch Campus Switch DC switch receives policy for only what is connected Employee Tag Supplier Tag Non-Compliant Employee Voice Voice Employee Supplier Non-Compliant Non-Compliant Tag VLAN A VLAN B BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 43

44 Sources Cisco Trust Security Identity Services Engine enables CTS NDAC authenticates Network Devices for a trusted CTS domain SGT & SGT Names Centrally defined Endpoint ID Groups Scalable Group ACL Destinations SGACL - Name Table NDAC Network Device Admission Control Cisco ISE SGT & SGT Names Scalable Group Tags 3: Employee 4: Contractors 8: PCI_Servers 9: App_Servers SGACL - Name Table Policy matrix to be pushed down to the network devices ISE dynamically authenticates endpoint users and devices, and assigns SGTs Rogue Device(s) 802.1X Dynamic SGT Assignment Static SGT Assignment BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 44

45 Cisco Trust Security Two ways to assign SGT Dynamic Classification Static Classification L3 Interface (SVI) to SGT L2 Port to SGT MAB Campus Access Distribution Core DC Core DC Access Enterprise Backbone WLC Firewall Hypervisor SW VLAN to SGT Subnet to SGT VM (Port Profile) to SGT BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 45

46 Cisco Trust Security Ingress Classification with Egress Enforcement User Authenticated = Classified as Marketing (5) FIB Lookup = Destination MAC = SGT 20 Destination Classification CRM: SGT 20 Web: SGT 30 SRC: Cat3850 Cat6800 Cat6800 Nexus 7000 Nexus 5500 Nexus 2248 SRC: DST: SGT: 5 WLC5508 Enterprise Backbone 5 5 DST SRC Egress Enforcement (SGACL) CRM (20) Web (30) Marketing (5) Permit Deny BYOD (7) Deny Permit CRM DST: SGT: 20 Web DST: SGT: 30 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 46

47 Cisco Trust Security SGT Propagation & Enforcement Options SXP SXP Heterogeneous L2 / L3 Networks User WAN Switch Switch Router Router Firewall DC Switch Server Classification SGFW Classification SGT over Fabric SGT over VPN SGT over Fabric TrustSec Capable L2 / L3 Networks User WAN (GETVPN, DMVPN Switch Switch Router Router Firewall DC Switch Server Classification SGACL SGACL SGACL SGFW SGACL Classification BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 47

48 Cisco Trust Security (CTS) Would you like to know more? Suggested Reading: BRKCRS Enterprise Network Segmentation with Cisco TrustSec BRKSEC Intermediate - Enabling TrustSec Software-Defined Segmentation BRKSEC Building an Enterprise Access Control Architecture Using ISE and TrustSec Other References: Cisco TrustSec Marketing Site Cisco TrustSec Config Guide CTS Architecture Overview CTS 2.0 Design Guide Fundamentals of TrustSec cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec.html cisco.com/docs/switches/lan/trustsec/configuration/guide/trustsec/arch_over.html cisco.com/td/docs/solutions/enterprise/security/trustsec_2-0/trustsec_2-0_dig.pdf BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 48

49 Technical Overview How does it work? Locator / ID Separation Protocol VXLAN Encapsulation Cisco TrustSec

50 Inner Data-Plane Overview Fabric Header Encapsulation Fabric Data-Plane provides the following: Underlay address advertisement & mapping Automatic tunnel setup (Virtual Tunnel End-Points) Frame encapsulation between Routing Locators Support for LISP or VXLAN header format Nearly the same, with different fields & payload LISP header carries IP payload (IP in IP) VXLAN header carries MAC payload (MAC in IP) Inner Outer Inner Inner Outer Decap Triggered by LISP Control-Plane events ARP or NDP Learning on L3 Gateways Map-Reply or Cache on Routing Locators Encap BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 50

51 LISP & VXLAN Headers Similar Format - Different Payload LISP Header - IP based VXLAN Header - Ethernet based OUTER HEADER 4789 OVERLAY HEADER INNER HEADER BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 51

52 Overlay Underlay VXLAN Header MAC-in-IP Encapsulation Dest. MAC 48 Source MAC 48 Next-Hop MAC Address Src VTEP MAC Address VLAN Type 0x8100 VLAN ID Bytes (4 Bytes Optional) IP Header Misc. Data Protocol 0x11 (UDP) 72 8 Outer MAC Header Ether Type 0x Header Checksum Bytes Outer IP Header Source Port 16 Source IP Dest. IP Src RLOC IP Address Dst RLOC IP Address UDP Header VXLAN Header Dest Port UDP Length Checksum 0x Bytes Hash of inner L2/L3/L4 headers of original frame. Enables entropy for ECMP load balancing. UDP 4789 Inner (Original) MAC Header Inner (Original) IP Header VXLAN Flags RRRRIRRR 8 Allows 64K possible SGTs Original Payload Segment ID VN ID Reserved Bytes Allows 16M possible VRFs BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 52

53 Putting It Together Where do things go?

54 Platform Support Multiple Edge, Border & C-Plane Options Catalyst 3K Catalyst 4K Catalyst 6K Nexus 7K Catalyst 3650 Catalyst 3850 Copper / Fiber IOS-XE Catalyst 4500 Sup8E / 8LE Sup Uplinks IOS-XE 3.9+ Catalyst 6800 Sup2T / 6T 6900 or Newer IOS 15.4SY+ Nexus 7700 Sup2E M3 Only NXOS 7.3DX+ BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 54

55 Campus Fabric Config Control-Plane Nodes /32 Control-Plane Node C / / / /24 IP Network / /24 Host Pool 10 Edge Node 1 Edge Node 2 Host Pool 20 Organize networks into a LISP Site Configure the Authentication Key Add the prefixes to be mapped and accept more specific updates, e.g. /32 Operate as IPv4 Map-Server Operate as IPv4 Map-Resolver router lisp site San_Jose authentication-key San_Jose eid-prefix /24 accept-more-specifics eid-prefix /24 accept-more-specifics exit! ipv4 map-server ipv4 map-resolver exit BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 55

56 Campus Fabric Config Edge Nodes (1) /32 Control-Plane Node C / / / /24 IP Network / /24 Host Pool 10 Edge Node 1 Edge Node 2 Host Pool 20 Organize XTRs into a Locator Set Set LISP to use VXLAN encapsulation Add a Dynamic EID group and associate with an Instance ID Add local prefixes to Dynamic EID and associate with the Locator set Add IPv4 SGT (to VXLAN) Operate as an IPv4 ITR & ETR Designate a Map-Server & Resolver router lisp locator-set campus_fabric ipv4-interface Loopback0 encapsulation vxlan! eid-table default instance-id 0 dynamic-eid Default_10_1_1_0 database-mapping /24 locator-set campus_fabric exit! ipv4 sgt ipv4 itr map-resolver ipv4 itr ipv4 etr map-server key San_Jose ipv4 etr BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 56

57 Campus Fabric Config Edge Nodes (2) /32 Control-Plane Node C / / / /24 IP Network / /24 Host Pool 10 Edge Node 1 Edge Node 2 Host Pool 20 Process is repeated on each XTR Configure any Local prefixes Or, you can simply Copy + Paste on all common XTRs For Host Pools that exist on all XTRs Uses Dynamic EID map updates router lisp locator-set campus_fabric ipv4-interface Loopback0 encapsulation vxlan! eid-table default instance-id 0 dynamic-eid Default_20_1_1_0 database-mapping /24 locator-set campus_fabric exit! ipv4 sgt ipv4 itr map-resolver ipv4 itr ipv4 etr map-server key San_Jose ipv4 etr BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 57

58 Campus Fabric Config Border Nodes /32 Control-Plane Node C / / / /24 IP Network / /24 Host Pool 10 Edge Node 1 Border Node External IP Set LISP to use VXLAN encapsulation Add a Map Cache + Map-Request for Dynamic EIDs trigger a lookup for traffic coming from outside Add IPv4 SGT (to VXLAN) Operate as an IPv4 PITR & PETR Designate a Map-Server & Resolver Configure External Routing * router lisp encapsulation vxlan! eid-table default instance-id 0 map-cache /24 map-request map-cache /24 map-request exit! ipv4 sgt ipv4 proxy-etr ipv4 proxy-itr ipv4 itr map-resolver ipv4 etr map-server key San_Jose exit! ip route BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 58

59 Campus Fabric Config Virtual Neighborhoods /32 Control-Plane Node C / / / / / / /24 IP Network / /24 Edge Node 1 Edge Node /24 Create new VRFs and add RD/RT if necessary Set LISP to use VXLAN encapsulation Create a new LISP Instance ID Add a Dynamic EID group and associate with per-vrf Instance ID Add local prefixes to Dynamic EID overlapping prefixes may require NAT/FW non-overlapping can be advertised natively ip vrf RED ip vrf BLUE ip vrf GREEN! router lisp locator-set campus_fabric encapsulation vxlan! eid-table vrf RED instance-id 10 dynamic-eid RED_20_1_1_0 database-mapping /24 locator-set campus_fabric! eid-table vrf BLUE instance-id 11 dynamic-eid BLUE_20_1_1_0 database-mapping /24 locator-set campus_fabric! eid-table vrf GREEN instance-id 12 dynamic-eid GREEN_20_1_1_0 database-mapping /24 locator-set campus_fabric exit BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 59

60 Campus Fabric Config Endpoint ID Groups Dynamic SGT Identity Services Engine /24 IP Network / /24 Host Pool 10 Edge Node 1 Edge Node 2 Host Pool 20 Enable the AAA new-model Create a RADIUS server group with one or more RADIUS server(s) Enable AAA dynamic-author Enable AAA authorization to use CTS authorization Enable CTS Role-Based Enforcement aaa new-model! aaa group server radius ISE server name ISE! radius server ISE address ipv auth-port 1812 acct-port 1813 key cisco! aaa server radius dynamic-author client server-key cisco! aaa authentication dot1x default group ISE aaa accounting dot1x default start-stop group ISE aaa authorization network cts-list group ISE! cts authorization list cts-list cts role-based enforcement BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 60

61 Campus Fabric Config Endpoint ID Groups Static SGT /24 IP Network / /24 Host Pool 10 Edge Node 1 Edge Node 2 Host Pool 20 Enable CTS Role-Based Enforcement Define a list of VLANs to be use for Role-Based Enforcement Create a new Static SGT-MAP of a VLAN list to SGT tag Or, create a new Static SGT-MAP of a IP Subnet to SGT tag! cts role-based enforcement cts role-based enforcement vlan-list ! cts role-based sgt-map vlan-list 20 sgt 20! cts role-based sgt-map /24 sgt 20! BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 61

62 Campus Fabric Config Host Pools Dynamic Assignment Identity Services Engine /24 IP Network / /24 Host Pool 10 Edge Node 1 Edge Node 2 Host Pool 20 Create a Host VLAN Create a L3 VLAN Interface (SVI) with the Subnet IP address and mask Add LISP mobility (Dynamic EID group) Configure AAA order + priority on Port Configure 802.1X and/or MAB on Port NOTE: Connected Host (User or Device) will be dynamically associated with a VLAN (e.g. 20) after Authentication vlan 20 name Host_Pool_20! interface Vlan20 ip address lisp mobility Default_20_1_1_0! interface GigabitEthernet1/0/1 switchport switchport mode access authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto mab dot1x pae authenticator spanning-tree portfast BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 62

63 Campus Fabric Config Host Pools Static Assignment /24 IP Network / /24 Host Pool 10 Edge Node 1 Edge Node 2 Host Pool 20 Create a Host VLAN Create a L3 VLAN Interface (SVI) with the Subnet IP address and mask Add LISP mobility (Dynamic EID group) Configure the VLAN number on Port vlan 20 name Host_Pool_20! interface Vlan20 ip address lisp mobility Default_20_1_1_0! interface GigabitEthernet1/0/1 switchport switchport mode access switchport access vlan 20 spanning-tree portfast BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 63

64 Campus Fabric - Smart CLI Provisioning & Troubleshooting Made Simple What is Smart CLI? Its a new configuration mode to simplify config and management of Campus Fabric Invoked by a new Global command fabric auto Provides a simple set of easy-to-understand CLI fabric_device(config)# fabric auto Auto-generates all of the equivalent (traditional) LISP, VRF, IP, CTS, etc. CLI commands BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 64

65 Smart CLI Enable Edge Node services Class CLI Description fabric-domain (config-fabric-auto)# [no] domain {default} Exists under (config-fabric-auto) mode Configure default domain Enters domain configuration mode (config-fabric-auto-domain) (config-fabric-auto-domain)# [no] control-plane <ipv4_addr> auth-key <key> (config-fabric-auto-domain)# [no] border <ipv4_addr> Exists under (config-fabric-auto-domain) mode Configures remote control-plane address and authentication key Exists under (config-fabric-auto-domain) mode Configures remote fabric border address neighborhood (config-fabric-auto-domain)# [no] neighborhood name <name> id <ID> Exists under (config-fabric-auto-domain) mode (OPTIONAL) Creates a neighborhood by name and ID host-pool (config-fabric-auto-domain)# [no] host-pool name <name> Exists under (config-fabric-auto-domain) mode Creates a host-pool by name Enters host-pool config mode (config-fabric-auto-domain-hostpool) (config-fabric-auto-domain-host-pool)# vlan <id> (config-fabric-auto-domain-host-pool)# [no] gateway <addr/mask> (config-fabric-auto-domain-host-pool)# [no] neighborhood name <> Exists under (config-fabric-auto-domain-host-pool) mode Configures VLAN ID Exists under (config-fabric-auto-domain-host-pool) mode Gateway Configures Gateway IP/mask (prefix). Neighborhood Attaches host-pool to a neighborhood (config-fabric-auto-domain-host-pool)# [no] use-dhcp <addr> (config-fabric-auto-domain-host-pool)# exit Exists under (config-fabric-auto-domain-host-pool) mode (OPTIONAL) Configures dhcp server address exit sub-mode and apply configurations BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 65

66 Smart CLI Enable Control-Plane Node services Class CLI Description fabric-domain (config-fabric-auto)# [no] domain {default} Exists under (config-fabric-auto) mode Configure default domain Enters domain configuration mode (config-fabric-auto-domain) host-prefix (config-fabric-auto-domain)# [no] control-plane self auth-key <key> (config-fabric-auto-domain)# [no] host-prefix <prefix> [neighborhood name <name> id <ID>] Exists under (config-fabric-auto-domain) mode Configures local control-plane address and authentication key Exists under (config-fabric-auto-domain) mode Enables c-plane service (per-neighborhood) for host-prefix If neighborhood not configured, use default neighborhood (config-fabric-auto-domain-host-pool)# exit exit sub-mode and apply configurations BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 66

67 Smart CLI Border Node Configuration Class CLI Description fabric-domain (config-fabric-auto)# [no] domain {default} Exists under (config-fabric-auto) mode Configure default domain Enters domain configuration mode (config-fabric-auto-domain) (config-fabric-auto-domain)# [no] control-plane <ipv4_addr> auth-key <key> (config-fabric-auto-domain)# [no] border self Exists under (config-fabric-auto-domain) mode Configures remote control-plane address and authentication key Exists under (config-fabric-auto-domain) mode Configures local border address neighborhood (config-fabric-auto-domain)# [no] neighborhood name <name> id <ID> Exists under (config-fabric-auto-domain) mode (OPTIONAL) Creates a neighborhood by name and ID host-prefix (config-fabric-auto-domain)# [no] host-prefix <prefix> [neighborhood name <name> id <ID>] Exists under (config-fabric-auto-domain) mode Enables border services (per-neighborhood) for host prefix If neighborhood not configured, use default neighborhood (config-fabric-auto-domain-host-pool)# exit exit sub-mode and apply configurations BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 67

68 Smart CLI Example Adding a new Edge Node Generate all LISP XTR baseline configs Set up Loopback0 as locator address Creates default neighborhood as instance ID 0 Enables VXLAN encapsulation Adds SGT to VXLAN encapsulation Edge(config)# fabric auto Edge(config-fabric-auto)# domain default Edge(config-fabric-auto-domain)# control-plane auth-key key1 Edge(config-fabric-auto-domain)# border Edge(config-fabric-auto-domain)# exit BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 68

69 Smart CLI Example Show Fabric Domain Edge# show fabric domain Fabric Domain : "default" Role : Edge Control-Plane Service: Disabled Border Service: Disabled Number of Control-Plane Nodes: 1 IP Address Auth-key key1 Number of Border Nodes: 1 IP Address Number of Neighborhood(s): 4 Name ID Host-pools default 0 2 guest 50 1 pcie 60 1 cisco 70 * Shows current domain (default) Shows current Role(s) Shows Control-Plane Node(s) Shows Border Node(s) Shows Neighborhood(s) Associated Host Pool(s) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 69

70 Campus Fabric - Smart CLI Provisioning & Troubleshooting Made Simple More to Come! Underlay Network Configure the Interfaces and Protocols to bring up the Underlay network Endpoint ID Groups Configure the AAA and CTS commands for Static & Dynamic ID fabric_device(config)# fabric auto Group Based Policy Configure SGT and SGACL policies And More BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 70

71 LIVE DEMO

72 Take-Away

73 Session Summary 1. LISP based Control-Plane 2. VXLAN based Data-Plane 3. Integrated Cisco TrustSec BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 73

74 What to do next? Get the necessary Hardware & Software! Catalyst 3650 or New IOS-XE Catalyst 4500 w/ Sup8E or 8LE - New IOS-XE 3.9+ Catalyst 6800 w/ Sup2T or 6T - New IOS 15.4SY+ Nexus 7700 w/ M3 Cards - New NXOS 7.3DX+ Try out Campus Fabric in the Lab! You only need 2 or 3 (+) switches to test this solution At least 1 Control-Plane / Border and 1 Fabric Edge Trial Deployment (Remember: its an Overlay) You can install new C-Plane / Border and Edge Nodes, without modifying your existing (Underlay) network This makes it very easy to deploy! IP Network BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 74

75 Complete Your Online Session Evaluation Give us your session feedback to be entered into a Daily Survey Drawing. One daily winner will receive a $750 Amazon gift card. Complete your session surveys through the Cisco Live - Mobile App, or the Session Catalog on CiscoLive.com/us. Don t Forget: Cisco Live sessions are available for viewing on-demand after the event at CiscoLive.com/Online BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 75

76 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 76

77

Cisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco

Cisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco Cisco Campus Fabric Introduction Vedran Hafner Systems engineer Cisco Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network

More information

Campus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801

Campus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801 Campus Fabric How To Integrate With Your Existing Networks Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o

More information

Tech Update Oktober Rene Andersen / Ib Hansen

Tech Update Oktober Rene Andersen / Ib Hansen Tech Update 10 12 Oktober 2017 Rene Andersen / Ib Hansen DNA Solution Cisco Enterprise Portfolio DNA Center Simple Workflows DESIGN PROVISION POLICY ASSURANCE Identity Services Engine DNA Center APIC-EM

More information

SD-Access Wireless: why would you care?

SD-Access Wireless: why would you care? SD-Access Wireless: why would you care? CUWN Architecture - Centralized Overview Policy Definition Enforcement Point for Wi-Fi clients Client keeps same IP address while roaming WLC Single point of Ingress

More information

Več kot SDN - SDA arhitektura v uporabniških omrežjih

Več kot SDN - SDA arhitektura v uporabniških omrežjih Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements

More information

Software-Defined Access 1.0

Software-Defined Access 1.0 Software-Defined Access 1.0 What is Cisco Software-Defined Access? The Cisco Software-Defined Access (SD-Access) solution uses Cisco DNA Center to provide intent-based policy, automation, and assurance

More information

Mobility and Virtualization in the Data Center with LISP and OTV

Mobility and Virtualization in the Data Center with LISP and OTV Cisco Expo 2012 Mobility and Virtualization in the Data Center with LISP and OTV Tech DC2 Martin Diviš Cisco, CSE, mdivis@cisco.com Cisco Expo 2012 Cisco and/or its affiliates. All rights reserved. 1 Twitter

More information

DNA SA Border Node Support

DNA SA Border Node Support Digital Network Architecture (DNA) Security Access (SA) is an Enterprise architecture that brings together multiple building blocks needed for a programmable, secure, and highly automated fabric. Secure

More information

Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)

Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches) Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches) First Published: 2017-07-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706

More information

Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches)

Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches) Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches) First Published: 2017-07-31 Last Modified: 2017-11-03 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive

More information

DNA Campus Fabric. How to Migrate The Existing Network. Kedar Karmarkar - Technical Leader BRKCRS-2801

DNA Campus Fabric. How to Migrate The Existing Network. Kedar Karmarkar - Technical Leader BRKCRS-2801 DNA Campus Fabric How to Migrate The Existing Network Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching

More information

Cisco SD-Access Policy Driven Manageability

Cisco SD-Access Policy Driven Manageability BRKCRS-3811 Cisco SD-Access Policy Driven Manageability Victor Moreno, Distinguished Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session

More information

Implementing VXLAN in DataCenter

Implementing VXLAN in DataCenter Implementing VXLAN in DataCenter LTRDCT-1223 Lilian Quan Technical Marketing Engineering, INSBU Erum Frahim Technical Leader, ecats John Weston Technical Leader, ecats Why Overlays? Robust Underlay/Fabric

More information

Location ID Separation Protocol. Gregory Johnson -

Location ID Separation Protocol. Gregory Johnson - Location ID Separation Protocol Gregory Johnson - grjohnso@cisco.com LISP - Agenda LISP Overview LISP Operations LISP Use Cases LISP Status (Standards and in the Community) Summary 2 LISP Overview 2010

More information

INTRODUCTION 2 DOCUMENT USE PREREQUISITES 2

INTRODUCTION 2 DOCUMENT USE PREREQUISITES 2 Table of Contents INTRODUCTION 2 DOCUMENT USE PREREQUISITES 2 LISP MOBILITY MODES OF OPERATION/CONSUMPTION SCENARIOS 3 LISP SINGLE HOP SCENARIO 3 LISP MULTI- HOP SCENARIO 3 LISP IGP ASSIT MODE 4 LISP INTEGRATION

More information

Software-Defined Access 1.0

Software-Defined Access 1.0 White Paper Software-Defined Access 1.0 Solution White Paper Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA https://www.cisco.com/ Tel: 408 526-4000 800 553-NETS

More information

Mobility and Virtualization in the Data Center with LISP and OTV

Mobility and Virtualization in the Data Center with LISP and OTV Mobility and Virtualization in the Data Center with LISP and OTV Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases LAN Extensions: OTV LISP + OTV Deployment

More information

Deploying LISP Host Mobility with an Extended Subnet

Deploying LISP Host Mobility with an Extended Subnet CHAPTER 4 Deploying LISP Host Mobility with an Extended Subnet Figure 4-1 shows the Enterprise datacenter deployment topology where the 10.17.1.0/24 subnet in VLAN 1301 is extended between the West and

More information

Software-Defined Access Wireless

Software-Defined Access Wireless Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),

More information

Software-Defined Access Wireless

Software-Defined Access Wireless Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Introduction to The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based

More information

Software-Defined Access Wireless

Software-Defined Access Wireless Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),

More information

Network as an Enforcer (NaaE) Cisco Services. Network as an Enforcer Cisco and/or its affiliates. All rights reserved.

Network as an Enforcer (NaaE) Cisco Services. Network as an Enforcer Cisco and/or its affiliates. All rights reserved. Network as an Enforcer (NaaE) Cisco Services INTRODUCTION... 6 Overview of Network as an Enforcer... 6 Key Benefits... 6 Audience... 6 Scope... 6... 8 Guidelines and Limitations... 8 Configuring SGACL

More information

Cisco SD-Access Hands-on Lab

Cisco SD-Access Hands-on Lab LTRCRS-2810 Cisco SD-Access Hands-on Lab Larissa Overbey - Technical Marketing Engineer, Cisco Derek Huckaby - Technical Marketing Engineer, Cisco https://cisco.box.com/v/ltrcrs-2810-bcn2018 Password:

More information

Locator ID Separation Protocol (LISP) Overview

Locator ID Separation Protocol (LISP) Overview Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address: Endpoint identifiers (EIDs) assigned to end hosts.

More information

Implementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN

Implementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN This module provides conceptual information for VXLAN in general and configuration information for layer 2 VXLAN on Cisco ASR 9000 Series Router. For configuration information of layer 3 VXLAN, see Implementing

More information

Data Center Configuration. 1. Configuring VXLAN

Data Center Configuration. 1. Configuring VXLAN Data Center Configuration 1. 1 1.1 Overview Virtual Extensible Local Area Network (VXLAN) is a virtual Ethernet based on the physical IP (overlay) network. It is a technology that encapsulates layer 2

More information

Cisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer

Cisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer Cisco.Network.Intuitive FastLane IT Forum Andreas Korn Systems Engineer 12.10.2017 Ziele dieser Session New Era of Networking - Was ist darunter zu verstehen? Software Defined Access Wie revolutioniert

More information

Cisco Software-Defined Access

Cisco Software-Defined Access Migration Guide Cisco Software-Defined Access 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 31 Contents Cisco SD-Access... 3 Evolution of Networking

More information

Software-Defined Access Design Guide

Software-Defined Access Design Guide Cisco Validated design Software-Defined Access Design Guide December 2017 Solution 1.1 Table of Contents Table of Contents Cisco Digital Network Architecture and Software-Defined Access Introduction...

More information

VXLAN Overview: Cisco Nexus 9000 Series Switches

VXLAN Overview: Cisco Nexus 9000 Series Switches White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide

More information

Cisco IOS LISP Application Note Series: Access Control Lists

Cisco IOS LISP Application Note Series: Access Control Lists Cisco IOS LISP Application Note Series: Access Control Lists Version 1.1 (28 April 2011) Background The LISP Application Note Series provides targeted information that focuses on the integration and configuration

More information

TTL Propagate Disable and Site-ID Qualification

TTL Propagate Disable and Site-ID Qualification The TTL Propagate Disable feature supports disabling of the TTL (Time-To-Live) propagation for implementing the traceroute tool in a LISP network when RLOC and EID belong to different address-family. The

More information

TrustSec (NaaS / NaaE)

TrustSec (NaaS / NaaE) TrustSec (NaaS / NaaE) per@cisco.com Security on top of the mind for our customers 60% 85% 54% of data is stolen in HOURS of point-of-sale intrusions aren t discovered for WEEKS of breaches remain undiscovered

More information

IP Mobility Design Considerations

IP Mobility Design Considerations CHAPTER 4 The Cisco Locator/ID Separation Protocol Technology in extended subnet mode with OTV L2 extension on the Cloud Services Router (CSR1000V) will be utilized in this DRaaS 2.0 System. This provides

More information

P ART 3. Configuring the Infrastructure

P ART 3. Configuring the Infrastructure P ART 3 Configuring the Infrastructure CHAPTER 8 Summary of Configuring the Infrastructure Revised: August 7, 2013 This part of the CVD section discusses the different infrastructure components that are

More information

LISP Router IPv6 Configuration Commands

LISP Router IPv6 Configuration Commands ipv6 alt-vrf, page 2 ipv6 etr, page 4 ipv6 etr accept-map-request-mapping, page 6 ipv6 etr map-cache-ttl, page 8 ipv6 etr map-server, page 10 ipv6 itr, page 13 ipv6 itr map-resolver, page 15 ipv6 map-cache-limit,

More information

Multi-site Datacenter Network Infrastructures

Multi-site Datacenter Network Infrastructures Multi-site Datacenter Network Infrastructures Petr Grygárek rek 2009 Petr Grygarek, Advanced Computer Networks Technologies 1 Why Multisite Datacenters? Resiliency against large-scale site failures (geodiversity)

More information

Troubleshooting sieci opartej na. Mariusz Kazmierski, CCIE #25082 (R&S, SP) TAC EMEAR Technical Leader Switching

Troubleshooting sieci opartej na. Mariusz Kazmierski, CCIE #25082 (R&S, SP) TAC EMEAR Technical Leader Switching Troubleshooting sieci opartej na architekturze SDA Mariusz Kazmierski, CCIE #25082 (R&S, SP) TAC EMEAR Technical Leader Switching What s on the Network? Overlay Network Control Plane based on LISP Policy

More information

VXLAN Deployment Use Cases and Best Practices

VXLAN Deployment Use Cases and Best Practices VXLAN Deployment Use Cases and Best Practices Azeem Suleman Solutions Architect Cisco Advanced Services Contributions Thanks to the team: Abhishek Saxena Mehak Mahajan Lilian Quan Bradley Wong Mike Herbert

More information

IP Routing: LISP Configuration Guide, Cisco IOS Release 15M&T

IP Routing: LISP Configuration Guide, Cisco IOS Release 15M&T First Published: 2012-07-27 Last Modified: 2013-03-29 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

Choice of Segmentation and Group Based Policies for Enterprise Networks

Choice of Segmentation and Group Based Policies for Enterprise Networks Choice of Segmentation and Group Based Policies for Enterprise Networks Hari Holla Technical Marketing Engineer, Cisco ISE BRKCRS-2893 hari_holla /in/hariholla Cisco Spark How Questions? Use Cisco Spark

More information

APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks

APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks Saurav Prasad Technical Marketing Engineer CTHNMS-1002 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after

More information

Cisco TrustSec 4.0:How to Create Campus and Branch-Office Segmentation

Cisco TrustSec 4.0:How to Create Campus and Branch-Office Segmentation Ordering Guide TrustSec 4.0:How to Create Campus and Branch-Office Segmentation Ordering Guide November 2013 2013 and/or its affiliates. All rights reserved. This document is Public Information. Page 1

More information

LISP Generalized SMR

LISP Generalized SMR The feature enables LISP xtr (ITR and ETR) to update map cache when there is a change in database mapping. Note There is no configuration commands for this feature. This feature is turned on automatically.

More information

LISP. - innovative mobility w/ Cisco Architectures. Gerd Pflueger Consulting Systems Engineer Central Europe Version 0.

LISP. - innovative mobility w/ Cisco Architectures. Gerd Pflueger Consulting Systems Engineer Central Europe Version 0. Version 0.2 22 March 2012 LISP - innovative mobility w/ Cisco Architectures Gerd Pflueger Consulting Systems Engineer Central Europe gerd@cisco.com 2012 Cisco and/or its affiliates. All rights reserved.

More information

Mobility and Virtualization in the Data Center with LISP and OTV

Mobility and Virtualization in the Data Center with LISP and OTV Mobility and Virtualization in the Data Center with LISP and OTV Victor Moreno, Distinguished Engineer Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases

More information

VRF, MPLS and MP-BGP Fundamentals

VRF, MPLS and MP-BGP Fundamentals VRF, MPLS and MP-BGP Fundamentals Jason Gooley, CCIEx2 (RS, SP) #38759 Twitter: @ccie38759 LinkedIn: http://www.linkedin.com/in/jgooley Agenda Introduction to Virtualization VRF-Lite MPLS & BGP Free Core

More information

2012 Cisco and/or its affiliates. All rights reserved. 1

2012 Cisco and/or its affiliates. All rights reserved. 1 2012 Cisco and/or its affiliates. All rights reserved. 1 Policy Access Control: Challenges and Architecture UA with Cisco ISE Onboarding demo (BYOD) Cisco Access Devices and Identity Security Group Access

More information

Contents. Introduction

Contents. Introduction Contents Introduction Prerequisites Requirements Components Used Configure Network Diagram ISE - Configuration Steps 1. SGT for Finance and Marketing 2. Security group ACL for traffic Marketing ->Finance

More information

GETVPN+LISP Lab Guide

GETVPN+LISP Lab Guide GETVPN+LISP Lab Guide Developers and Lab Proctors This lab was created by: Gregg Schudel, TME LISP Development Team Version 1.0: Created by Gregg Schudel Lab proctor: Gregg Schudel (gschudel@cisco.com)

More information

Cisco Trusted Security Enabling Switch Security Services

Cisco Trusted Security Enabling Switch Security Services Cisco Trusted Security Enabling Switch Security Services Michal Remper, CCIE #8151 CSE/AM mremper@cisco.com 2009 Cisco Systems, Inc. All rights reserved. 1 Enter Identity & Access Management Strategic

More information

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV. 2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are

More information

Demand-Based Control Planes for Switching Fabrics

Demand-Based Control Planes for Switching Fabrics Demand-Based Control Planes for Switching Fabrics Modern switching fabrics use virtual network overlays to support mobility, segmentation, and programmability at very large scale. Overlays are a key enabler

More information

Routing Underlay and NFV Automation with DNA Center

Routing Underlay and NFV Automation with DNA Center BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session

More information

LISP Parallel Model Virtualization

LISP Parallel Model Virtualization Finding Feature Information, page 1 Information About, page 1 How to Configure, page 6 Configuration Examples for, page 24 Additional References, page 25 Feature Information for, page 26 Finding Feature

More information

TrustSec Configuration Guides. TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points

TrustSec Configuration Guides. TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points TrustSec Configuration Guides TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points Table of Contents TrustSec Capabilities on Wireless

More information

LISP A Next-Generation Networking Architecture

LISP A Next-Generation Networking Architecture LISP A Next-Generation Networking Architecture LISP Disjointed RLOC Space Technical Details Version 0.8 30 October 2013 LISP Disjointed RLOC Space Details Agenda LISP Disjointed RLOC Space Technical Details

More information

Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN

Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN Ron Fuller CCIE #5851 (R&S/Storage) Technical Marketing Engineer, Nexus 7000 rfuller@cisco.com Agenda The Evolving Data Centre Fabric

More information

Intelligent WAN Multiple VRFs Deployment Guide

Intelligent WAN Multiple VRFs Deployment Guide Cisco Validated design Intelligent WAN Multiple VRFs Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deploying the Cisco IWAN Multiple VRFs...

More information

Policy Defined Segmentation with Cisco TrustSec

Policy Defined Segmentation with Cisco TrustSec Policy Defined Segmentation with Cisco TrustSec Session ID 18PT Rob Bleeker Consulting System Engineer CCIE #: 2926 Abstract This session will explain how TrustSec Security Group Tagging can be used to

More information

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table

More information

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003 Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003 Agenda ACI Introduction and Multi-Fabric Use Cases ACI Multi-Fabric Design Options ACI Stretched Fabric Overview

More information

Cisco SD-Access Building the Routed Underlay

Cisco SD-Access Building the Routed Underlay Cisco SD-Access Building the Routed Underlay Rahul Kachalia Sr. Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the

More information

Cisco IOS LISP Application Note Series: Lab Testing Guide

Cisco IOS LISP Application Note Series: Lab Testing Guide Cisco IOS LISP Application Note Series: Lab Testing Guide Version 3.0 (28 April 2011) Background The LISP Application Note Series provides targeted information that focuses on the integration configuration

More information

Lecture 7 Advanced Networking Virtual LAN. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it

Lecture 7 Advanced Networking Virtual LAN. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Lecture 7 Advanced Networking Virtual LAN Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Advanced Networking Scenario: Data Center Network Single Multiple, interconnected via Internet

More information

OpenFlow: What s it Good for?

OpenFlow: What s it Good for? OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases

More information

Cisco Software Defined Access (SDA)

Cisco Software Defined Access (SDA) Cisco Software Defined Access (SDA) Transformational Approach to Network Design & Provisioning Sanjay Kumar Regional Manager- ASEAN, Cisco Systems What is network about? Source: google.de images Security

More information

Virtual Security Gateway Overview

Virtual Security Gateway Overview This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,

More information

VXLAN Design with Cisco Nexus 9300 Platform Switches

VXLAN Design with Cisco Nexus 9300 Platform Switches Guide VXLAN Design with Cisco Nexus 9300 Platform Switches Guide October 2014 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 39 Contents What

More information

Securing BYOD with Cisco TrustSec Security Group Firewalling

Securing BYOD with Cisco TrustSec Security Group Firewalling White Paper Securing BYOD with Cisco TrustSec Security Group Firewalling Getting Started with TrustSec What You Will Learn The bring-your-own-device (BYOD) trend can spur greater enterprise productivity

More information

Cisco Exam Questions & Answers

Cisco Exam Questions & Answers Cisco 648-375 Exam Questions & Answers Number: 648-375 Passing Score: 800 Time Limit: 120 min File Version: 22.1 http://www.gratisexam.com/ Cisco 648-375 Exam Questions & Answers Exam Name: Cisco Express

More information

Introduction to External Connectivity

Introduction to External Connectivity Before you begin Ensure you know about Programmable Fabric. Conceptual information is covered in the Introduction to Cisco Programmable Fabric and Introducing Cisco Programmable Fabric (VXLAN/EVPN) chapters.

More information

Cisco TrustSec How-To Guide: Central Web Authentication

Cisco TrustSec How-To Guide: Central Web Authentication Cisco TrustSec How-To Guide: Central Web Authentication For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 1

More information

Cisco Nexus 7000 Series NX-OS LISP Command Reference

Cisco Nexus 7000 Series NX-OS LISP Command Reference First Published: 2016-11-24 Last Modified: -- Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax:

More information

Cisco SD-Access: Enterprise Networking Made Fast and Flexible. November 2017

Cisco SD-Access: Enterprise Networking Made Fast and Flexible. November 2017 Cisco SD-Access: Enterprise Networking Made Fast and Flexible November 2017 Executive Summary Enterprise networking remains a lot harder than it needs to be. For far too long, enterprises have wrestled

More information

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

PassTorrent.   Pass your actual test with our latest and valid practice torrent at once PassTorrent http://www.passtorrent.com Pass your actual test with our latest and valid practice torrent at once Exam : 352-011 Title : Cisco Certified Design Expert Practical Exam Vendor : Cisco Version

More information

Cisco Tetration Analytics

Cisco Tetration Analytics Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:

More information

Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13

Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q&A Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q. What is the Cisco Cloud Services Router 1000V? A. The Cisco Cloud Services Router 1000V (CSR 1000V) is a router in virtual

More information

Intuit Application Centric ACI Deployment Case Study

Intuit Application Centric ACI Deployment Case Study Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key

More information

CISCO EXAM QUESTIONS & ANSWERS

CISCO EXAM QUESTIONS & ANSWERS CISCO 648-385 EXAM QUESTIONS & ANSWERS Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 41.0 http://www.gratisexam.com/ CISCO 648-385 EXAM QUESTIONS & ANSWERS Exam Name: CXFF - Cisco

More information

Configuring MPLS and EoMPLS

Configuring MPLS and EoMPLS 37 CHAPTER This chapter describes how to configure multiprotocol label switching (MPLS) and Ethernet over MPLS (EoMPLS) on the Catalyst 3750 Metro switch. MPLS is a packet-switching technology that integrates

More information

CCNA Routing and Switching (NI )

CCNA Routing and Switching (NI ) CCNA Routing and Switching (NI400+401) 150 Hours ` Outline The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that is

More information

Serviceability of SD-WAN

Serviceability of SD-WAN BRKCRS-2112 Serviceability of SD-WAN Chandrabalaji Rajaram & Ali Shaikh Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live

More information

Service Graph Design with Cisco Application Centric Infrastructure

Service Graph Design with Cisco Application Centric Infrastructure White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...

More information

Borderless Networks. Tom Schepers, Director Systems Engineering

Borderless Networks. Tom Schepers, Director Systems Engineering Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action

More information

SD-Access Wireless Design and Deployment Guide

SD-Access Wireless Design and Deployment Guide SD-Access Wireless Design and Deployment Guide Executive Summary 2 Software Defined Access 2 SD Access Wireless 3 SD Access Wireless Architecture 4 Setting up SD-Access Wireless with DNAC 13 SD Access

More information

Cisco Software-Defined Access

Cisco Software-Defined Access Cisco Software-Defined Access Introducing an entirely new era in networking. What if you could give time back to IT? Provide network access in minutes for any user or device to any application-without

More information

TEXTBOOK MAPPING CISCO COMPANION GUIDES

TEXTBOOK MAPPING CISCO COMPANION GUIDES TestOut Routing and Switching Pro - English 6.0.x TEXTBOOK MAPPING CISCO COMPANION GUIDES Modified 2018-08-20 Objective Mapping: Cisco 100-105 ICND1 Objective to LabSim Section # Exam Objective TestOut

More information

Building NFV Solutions with OpenStack and Cisco ACI

Building NFV Solutions with OpenStack and Cisco ACI Building NFV Solutions with OpenStack and Cisco ACI Domenico Dastoli @domdastoli INSBU Technical Marketing Engineer Iftikhar Rathore - INSBU Technical Marketing Engineer Agenda Brief Introduction to Cisco

More information

Locator/ID Separation Protocol (LISP)

Locator/ID Separation Protocol (LISP) Locator/ID Separation Protocol (LISP) Damien Saucez* INRIA Sophia Antipolis FRNOG 18, December 2 th, 2011 * special thanks to Olivier Bonaventure, Luigi Iannone and Dino Farinacci Disclaimer Not a vendor

More information

CCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, ,

CCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, , CCNA Cisco Certified Network Associate (200-125) Exam DescrIPtion: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment

More information

Cisco Certified Network Associate ( )

Cisco Certified Network Associate ( ) Cisco Certified Network Associate (200-125) Exam Description: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that

More information

Configuring Web Cache Services By Using WCCP

Configuring Web Cache Services By Using WCCP CHAPTER 44 Configuring Web Cache Services By Using WCCP This chapter describes how to configure your Catalyst 3560 switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine

More information

Higher scalability to address more Layer 2 segments: up to 16 million VXLAN segments.

Higher scalability to address more Layer 2 segments: up to 16 million VXLAN segments. This chapter tells how to configure Virtual extensible LAN (VXLAN) interfaces. VXLANs act as Layer 2 virtual networks over Layer 3 physical networks to stretch Layer 2 networks. About VXLAN Encapsulation

More information

Identity Based Network Access

Identity Based Network Access Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor

More information

CertKiller q

CertKiller q CertKiller.500-451.28q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 5.3 500-451 Cisco Unified Access Systems Engineer Exam I just passed today with 89%. My sole focus was the VCE.

More information

We re ready. Are you?

We re ready. Are you? We re ready. Are you? Network as a Sensor and Enforcer Matt Robertson, Technical Marketing Engineer BRKSEC-2026 Why are we here today? Insider Threats Leverage the network Identify and control policy,

More information

Exam Topics Cross Reference

Exam Topics Cross Reference Appendix R Exam Topics Cross Reference This appendix lists the exam topics associated with the ICND1 100-105 exam and the CCNA 200-125 exam. Cisco lists the exam topics on its website. Even though changes

More information

LISP. Migration zu IPv6 mit LISP. Gerd Pflueger Version Feb. 2013

LISP. Migration zu IPv6 mit LISP. Gerd Pflueger Version Feb. 2013 Version 0.7 24 Feb. 2013 LISP Migration zu IP mit LISP Gerd Pflueger gerd@cisco.com 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 2011 Cisco and/or its affiliates. All rights reserved.

More information

Provisioning Overlay Networks

Provisioning Overlay Networks This chapter has the following sections: Using Cisco Virtual Topology System, page 1 Creating Overlays, page 2 Creating Network using VMware, page 4 Creating Subnetwork using VMware, page 4 Creating Routers

More information