Campus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801

Size: px

Start display at page:

Download "Campus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801"

Colin Boyd
6 years ago
Views:

1 Campus Fabric How To Integrate With Your Existing Networks Kedar Karmarkar - Technical Leader

2 Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network Segmentation (w/o implementing MPLS) Role-based Access Control (w/o end-to-end TrustSec) Using Cisco technologies available today, you can overcome these challenges and build an Evolved Campus Network to better meet your business objectives. With this Evolution, a key challenge is to be able to support a Distributed Enterprise Infrastructure which is typically spread across Campus, Branch, DC and Cloud. This session focuses on how the Campus Fabric architecture connects campus, branch and DC s across a WAN network and how we enforce end to end policy Cisco and/or its affiliates. All rights reserved. Cisco Public 2

3 Campus Fabric Related Sessions We recommend the following sessions: 1. BRKCRS-1800: DNA Campus Fabric An Introduction 21/02/17 11: hours 2. BRKCRS-3800: DNA Campus Fabric A Look Under the Hood 22/02/17 09:00 2 hours 3. : DNA Campus Fabric - How to Integrate with Your Existing Network 22/02/17 11: hours 4. BRKCRS-2802: DNA Campus Fabric Monitoring & Troubleshooting 22/02/17 14: hours 5. BRKCRS-2803: DNA Campus Fabric Connecting Outside the Fabric 22/02/17 16: hours 6. BRKACI-2400: DNA Campus Fabric Integration with Data Center Architectures 23/02/17 14: hours 7. BRKEWN-2300: Virtualize Your Wired and Wireless Network (w/ Campus Fabric) 24/02/17 09:00 2 hours 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 3

4 Agenda Key Benefits Why do I care? Campus Fabric Overview What is a Fabric? Getting Started What are the Platform/Network considerations? Network Deployment Models Layer-2 Access Takeaway How do I get started?

5 Key Benefits Why do I care?

Insights Insights & Experiences Automation & Assurance Open & Programmable Standards-Based Virtualization Physical & Virtual

6 Cisco Digital Network Architecture Overview Network-enabled Applications Principles Cloud Service Management Open APIs Developers Environment Automation Abstraction & Policy Control from Core to Edge Policy Orchestration Analytics Network Data, Contextual Insights Insights & Experiences Automation & Assurance Open & Programmable Standards-Based Virtualization Physical & Virtual Infrastructure App Hosting Security & Compliance Cloud-enabled Software-delivered 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

7 What is Campus Fabric? Foundational Technologies Programmable Custom ASICs Converged Software Services Industry Leading Wired & Wireless Stacking TrustSec SDN Advanced Functionality Programmable Pipeline Flexibility Recirculation Optimized for Campus Integrated Stacking Visibility Security Future Proofed Long Life Cycle Investment Protection + Network Enabled Applications Collaboration Mobility IoT Security ` Automation and Analytics Controller Visible Programmable Open Virtualization Campus Fabric Segmentation L2 Flexibility Designed for Evolution Strong Foundational Capabilities HA Driving Innovation Through Technology Investment 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

Provision Simplified Provisioning Deploy devices

CLI and Programmability models 2017 Cisco and/or

Mobility Wired and Wireless Host Mobility Always connect to the same L3

X Segmentation Security Simple Segmentation

Intelligent Policy Network Wide Policy Enforcement Based on your Identity, not on

12 Campus Fabric Overview What is a Fabric?

13 What exactly is a Fabric? A Fabric is an Overlay An Overlay is a logical topology used to virtually connect devices, built on top of an arbitrary physical Underlay topology. An Overlay network often uses alternate forwarding attributes to provide additional services, not provided by the Underlay. Examples of Network Overlays GRE or mgre LISP MPLS or VPLS OTV IPSec or DMVPN DFA CAPWAP ACI 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

14 What exactly is a Fabric? Overlay Terminology Overlay Network Overlay Control Plane Encapsulation Edge Device Edge Device Hosts (End-Points) Underlay Network Underlay Control Plane 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

15 What is unique about Campus Fabric? Key Components 1. Control-Plane based on LISP 2. Data-Plane based on VXLAN 3. Policy-Plane based on TrustSec Key Differences L2 + L3 Overlay -vs- L2 or L3 Only Host Mobility with Anycast Gateway Adds VRF + SGT into Data-Plane Virtual Tunnel Endpoints (No Static) No Topology Limitations (Basic IP) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

What is unique about Campus Fabric? Fabric Roles & Terminology User / Group Repository ISE / AD Host DB Control-Plane Nodes User / Group Repository External ID Store device (e.g. ISE or AD) can be leveraged to provide dynamic User / Device to Group mapping.

Border Nodes The L3 Gateway device (Core), that connects External L3 network(s) to Fabric.

16 What is unique about Campus Fabric? Fabric Roles & Terminology User / Group Repository ISE / AD Host DB Control-Plane Nodes User / Group Repository External ID Store device (e.g. ISE or AD) can be leveraged to provide dynamic User / Device to Group mapping. Fabric Domain (Overlay) Fabric Border Nodes Control-Plane Nodes Map System that manages the Endpoint to Gateway (Edge or Border) relationship. Border Nodes The L3 Gateway device (Core), that connects External L3 network(s) to Fabric. Fabric Edge Nodes Fabric Intermediate Nodes (Underlay) Edge Nodes The L3 Gateway device (Access or Distribution), that connects Endpoints to Fabric. Intermediate Nodes Normal L3 (IP) Forwarders in the Underlay Cisco and/or its affiliates. All rights reserved. Cisco Public 16

17 Campus Fabric Control-Plane Nodes A Closer Look Fabric Control-Plane Node is based on a LISP Map Server / Resolver Runs the LISP Host Tracking Database to provide overlay reachability information A simple Host Database, that tracks Endpoint ID to Edge Node bindings, along with other attributes Host Database supports multiple Endpoint ID lookup keys (IPv4 /32, IPv6 /128 or MAC) C Receives prefix registrations from Edge Nodes with local Endpoints Resolves lookup requests from remote Edge Nodes, to locate local Endpoints 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

18 Campus Fabric Edge Nodes A Closer Look Fabric Edge Node is based on a LISP Tunnel Router Provides connectivity for Users and Devices connected to the Fabric Responsible for Identifying and Authenticating Endpoints Register Endpoint ID information with the Control-Plane Node(s) Provides Anycast L3 Gateway for connected Endpoints Must encapsulate / decapsulate host traffic to and from Endpoints connected to the Fabric E E E 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

19 Campus Fabric Border Nodes A Closer Look Fabric Border Node is based on a LISP Tunnel Router All traffic entering or leaving the Fabric goes through this type of node Connects traditional L3 networks and / or different Fabric domains to the local domain Where two domains exchange Endpoint reachability and policy information Responsible for translation of context (VRF & SGT) from one domain to another B B Provides a domain exit point for all Edge Nodes 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

20 Getting Started Platform Considerations

21 Platform Support Fabric Edge Nodes - Options Catalyst 3K Catalyst 4K Catalyst 3K Fixed portfolio Catalyst 4500E Modular options Catalyst 3650 Catalyst 3850 RJ45 IOS-XE Catalyst 4500 Sup8E Sup Uplinks IOS-XE Cisco and/or its affiliates. All rights reserved. Cisco Public 21

Platform Support Fabric Border Nodes - Options Catalyst 3K Catalyst 6K ASR1K & ISR4K Nexus 7K Catalyst 3850 12/24 or 48XS 1/10G (Fiber) IOS-XE 16.3.1+ Catalyst 6800 Sup2T or 6T 6880 or 6840-X IOS 15.

22 Platform Support Fabric Border Nodes - Options Catalyst 3K Catalyst 6K ASR1K & ISR4K Nexus 7K Catalyst /24 or 48XS 1/10G (Fiber) IOS-XE Catalyst 6800 Sup2T or 6T 6880 or 6840-X IOS SY+ ASR1000-X X or HX Series ISR4430 / 4450 IOS-XE Nexus 7700 Sup2E M3 Cards NXOS Cisco and/or its affiliates. All rights reserved. Cisco Public 22

23 Platform Support Fabric Control-Plane - Options Catalyst 3K Catalyst 6K ASR1K & ISR4K Catalyst /24 or 48XS 1/10G (Fiber) IOS-XE Catalyst 6800 Sup2T or 6T 6880 or 6840-X IOS SY+ ASR1000-X X or HX Series ISR4430 / 4450 IOS-XE Cisco and/or its affiliates. All rights reserved. Cisco Public 23

24 Getting Started Network Considerations

Network Considerations - MTU MTU and Overlay VXLAN adds 50 bytes to the Original Ethernet Frame Avoid Fragmentation by adjusting the network MTU Ensure Jumbo Frame support

25 Network Considerations - MTU MTU and Overlay VXLAN adds 50 bytes to the Original Ethernet Frame Avoid Fragmentation by adjusting the network MTU Ensure Jumbo Frame support on switches in the underlay network Underlay Network MTU Encapsulation MTU 1500 Overlay Network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

26 Underlay Networks Campus fabric runs over arbitrary topologies: Traditional 3-tier hierarchical network Collapsed core/aggregation designs Routed access U-topology Ensure that all switches have IP reachability to infrastructure elements Ideal design is routed access allows fabric to extend to very edge of campus network Strong recommendation to follow campus CVDs with routed access L3 L2 3-Tier Hierarchical L2 Collapsed Core L3 Routed Access L2 U-Topology 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

27 Overlay Network Assumption is underlay network provides routing and IP connectivity Campus fabric configuration defines: Overlay IP space Segmentation context VRF and SGT Mobility (map database updates) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27

Source- Interface for Encapsulation 10.10.10.254/32 10.10.10.253/32 10.10.10.0/30 10.10.10.4/30 Overlay Network Underlay Network 10.

28 IP Addressing for Overlay and Underlay Know your IP addressing and IP scale requirements Best to use single Aggregate for all Underlay Links and Loopbacks IPv4 only (today) Fabric uses Loopback as Source- Interface for Encapsulation / / / /30 Overlay Network Underlay Network / Cisco and/or its affiliates. All rights reserved. Cisco Public 28

29 Virtual Networks RLOC/Underlay connectivity in Global Routing Table Loopback interfaces for management in their own VN (Default) Other VNs can be used for segmentation for users, devices, roles, and others Scalable Group Tags (SGTs) can be used for further access control within a VN The CORPORATE VN is being shown in this slide deck as an example. Similar steps can be followed for other VNs shown Fabric scope of management USERS #2 USERS #1 Management Access RLOC/Underlay Border USERS* USERS Default GRT 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29

30 Getting Started Services Location Considerations

required Services may be hosted inside or outside the campus fabric Other infrastructure services include

31 Location of Shared Services Infrastructure Campus fabric leverages traditional infrastructure services IP reachability from underlay/overlay to DNS, DHCP, etc. required Services may be hosted inside or outside the campus fabric Other infrastructure services include AAA, LDAP/AD, syslog server, Netflow collector, 3 rd -party monitoring systems DHCP Server NTP Server 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31

Location of Shared Services Infrastructure Could be in campus distribution block or campus core for small commercial or enterprise deployments Larger deployments have infrastructure services hosted

32 Location of Shared Services Infrastructure Could be in campus distribution block or campus core for small commercial or enterprise deployments Larger deployments have infrastructure services hosted in Data Center Hybrid model also possible (mix of distribution/core/data Center) Infrastructure Services at Distribution Infrastructure Services at Core Infrastructure Services in Data Center Small Commercial / Enterprise Deployment Large Enterprise Deployment 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32

33 Know What is Connecting to the Existing Network Deploy ISE and StealthWatch Turn on device sensor on switches, Flexible NetFlow Turn on profiling on ISE What devices connect to the network What should they be doing What are they actually doing From where do they connect into the network This data will be useful in determining Segmentation policy in Campus Fabric 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33

34 Deployments

36 Campus Network DDI MPLS MPLS I-NET Branch IWAN DC IWAN Internet WAN Block DC Block Internet Block Services Block Layer-2 Link Super Core Layer-3 Link Core Core Aggregation Layer Aggregation Layer Aggregation Layer 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36

39 Parallel Install Option Conditions and Advantages May work in Branch deployments Sufficient cable runs exist in the current networking plan Sufficient power and outlets exist in the current power plan Existing brownfield network has legacy hardware Upgrade most of the wired network Option of redesigning IP networks from scratch instead of continuing the complexities of legacy network Advantage lies in testing users on entire new network prior to full migration of entire site During migration, users with problems but immediate access needs can be moved back to old network allowing them to continue their work, while troubleshooting can be performed on the SDA network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39

40 Migrate One Switch At A Time Option Conditions and Advantages Works in both Campus and Branch deployments Needs an extra couple fiber runs to the distribution switch Sufficient power and couple outlets needed in the current power plan Existing brownfield network has legacy hardware Upgrade some of the wired network Switch by Switch upgrade of certain layers of the network is possible Legacy IP design has to be continued for reducing downtime During migration, users with problems but immediate access needs can be moved back to old network allowing them to continue their work, while troubleshooting can be performed on the SDA network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40

43 Hardware Refresh Software Reconfigure Two scenarios for migration to Campus Fabric Hardware Refresh: Existing network consists of switches that need hardware upgrade since they do not support Campus Fabric Example: 3750X, 2960X, 4500E SUP7-E in the access Software Reconfigure: Existing network consists of switches that are compatible with Campus Fabric and just need software upgrade and reconfiguration Example: 3850, 4500E SUP-8E in the access 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43

44 Access Network Designs

46 Layer-2 Access Network DDI MPLS MPLS I-NET Branch IWAN DC IWAN Internet WAN Block DC Block Internet Block Services Block Super Core 4 Core 3 Core Aggregation Layer 2 Aggregation Layer Aggregation Layer Cisco and/or its affiliates. All rights reserved. Cisco Public 46

47 Connecting the Fabric External Border Current Core platform supports Fabric External Border functionality Convert one of the Core switches as External Border Current Core platform does not support Fabric functionality Strong desire not to touch the Core layer in the existing network Add a Border platform switch and connect it to the Core layer Choose a platform that will be re-purposed to a dedicated Control Plane Node (if needed) In this example, we will add a Fabric External Border switch and connect it to the Core layer 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47

48 Connecting the first Fabric Edge Depends on across which layer in the network the VLANs are being spanned Aggregation Core Or sometimes even SuperCore The Fabric Edge switch connects to where the VLANs are being aggregated Example If VLANs are NOT being spanned across Core layer, connect first Fabric Edge switch at Aggregation; if the VLANs ARE being spanned across Aggregation layer, connect the first Fabric Edge switch at Core, and so on. In this example, we will assume that VLANs are being spanned across Access layer, so Fabric Edge switch is attached to the aggregation switch Cisco and/or its affiliates. All rights reserved. Cisco Public 48

49 Getting Started Steps / /32 C Edge Node IP Network Border/Control Plane Node External Network Connect a switch to the Core layer that will act as the External Border Host the Control Plane function on the External Border for simplicity Add a switch in the access layer that will act as the Fabric Edge Integrate the switch in the existing network in Routed Access design. IS-IS is the recommended option for Fabric networks, but any IGP could do. APIC-EM PnP can be used for Day Zero operations to integrate the switch Cisco and/or its affiliates. All rights reserved. Cisco Public 49

51 Prepping the Switch / /32 Edge Node IP Network External Network Do not forget to set following on the Edge node and other nodes in the underlay: Set MTU to 9100 on the switch and the existing network. Configure ip routing Set username and password for device access Configure VTY and console lines for device access Configure NTP Configure SNMP, syslog Configure Loopback0 (/32) for RLOC, another interface for Management and underlay IP addresses C Border/Control Plane Node 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51

52 Fabric Configuration on Edge node / /32 C Edge Node IP Network Border/Control Plane Node External Network router lisp encapsulation vxlan locator-table default locator-set rloc_sjc18 IPv4-interface Loopback0 priority 10 weight 10 exit! disable-ttl-propagate ipv4 sgt ipv4 use-petr ipv4 itr map-resolver ipv4 itr ipv4 etr map-server key cisco ipv4 etr exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52

53 Border and Control Plane Configuration / /32 C Edge Node IP Network router lisp encapsulation vxlan locator-table default locator-set border IPv4-interface Loopback0 priority 10 weight 10 exit! disable-ttl-propagate ipv4 map-server ipv4 map-resolver ipv4 sgt ipv4 proxy-etr ipv4 proxy-itr ipv4 itr map-resolver ipv4 etr map-server key cisco ipv4 etr exit Border/Control Plane Node router lisp site site_uci authentication-key cisco exit ipv4 map-server ipv4 map-resolver exit External Network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53

54 VRF Configuration on Edge and Border / /32 C Edge Node IP Network Border/Control Plane Node External Network ip vrf CORPORATE rd 1:1 route-target export 1:1 route-target import 1: Cisco and/or its affiliates. All rights reserved. Cisco Public 54

55 Configure L2 VLAN and SVI at Edge Node / /32 C Edge Node IP Network vlan 3 name Corporate_Users! ip dhcp snooping ip dhcp snooping vlan 3! device-tracking tracking Border/Control Plane Node External Network interface Vlan3 ip vrf forwarding CORPORATE ip dhcp relay source-interface Loopback0 ip address ip helper-address global no ip redirects ip local-proxy-arp ip route-cache same-interface logging event link-status load-interval 30 lisp mobility CORPORATE_10_2_3_0 shutdown 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 55

56 Adding EID space on Edge node / /32 C Edge Node IP Network Border/Control Plane Node External Network router lisp locator-table default locator-set rloc_sjc18_01 eid-table vrf CORPORATE instance-id 10 dynamic-eid CORPORATE_10_2_3_0 database-mapping /24 locator-set rloc_sjc18 exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 56

57 Adding EID space on Border/Control Plane node / /32 C Edge Node IP Network Border/Control Plane Node External Network router lisp eid-table vrf CORPORATE instance-id 10 map-cache /24 map-request exit! site site_uci authentication-key cisco eid-prefix instance-id /24 accept-more-specifics exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57

58 Exporting Fabric Prefixes to External Network / /32 C Edge Node IP Network Border/Control Plane Node External Network Only export Fabric prefixes (overlay) to the External network No need to import External prefixes into Fabric since Border acts as default to unknown destinations External network needs a route to direct traffic back to the Fabric prefixes. Recommended choice of exchanging routing information is BGP 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58

59 Advertising Fabric Prefixes to External Network - OSPF / /32 IP Network C Edge Node Border/Control Plane Node External Network router lisp locator-table default! eid-table vrf CORPORATE instance-id 10 ipv4 route-export site-registrations ipv4 map-cache site-registration exit! router ospfv3 123! address-family ipv4 unicast vrf CORPORATE summary-prefix /24 redistribute lisp metric 10 exit-address-family interface Vlan4090 ip vrf forwarding CORPORATE ip address ip ospf network point-to-point ip ospf mtu-ignore ipv6 enable ospfv3 123 ipv4 area 0 end Use route-filter in the global instance to filter incoming fabric prefixes routes This will prevent underlay from learning fabric prefixes 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 59

60 Advertising Fabric Prefixes to External Network - OSPF / /32 C Edge Node IP Network Border/Control Plane Node External Network interface GigabitEthernet0/0/ encapsulation dot1q 4090 ip address ip ospf network point-to-point ip ospf mtu-ignore ipv6 enable ospfv3 123 ipv4 area 0 end! router ospfv3 123! address-family ipv4 unicast exit-address-family 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60

61 Advertising Fabric Prefixes to External Network - BGP / /32 C Edge Node IP Network Border/Control Plane Node External Network router lisp locator-table default! eid-table vrf CORPORATE instance-id 10 ipv4 route-export site-registrations ipv4 map-cache site-registration exit! router bgp address-family ipv4 vrf CORPORATE redistribute lisp metric 10 aggregate-address summary-only neighbor remote-as neighbor activate exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61

62 Why BGP? BGP has built-in loop prevention features like AS_PATH to break loops Simple to keep routes distributed between Global Routing and Virtual Networks If IGP is used then route-maps, distribute-lists, IP ACLs need to be maintained Failure to maintain the above might cause routing loops in the network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 62

63 Layer-2 Connection from Existing Network Layer-2 connection between existing VLAN and VLAN in Fabric / /32 Edge Node Distribution Switch IP Network C Border/Control Plane Node External Network Connect the Edge node and existing Distribution switch on a Trunk Port Allow only VLAN003 for now 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 63

64 Layer-2 Connection from Existing Network Layer-2 connection between existing VLAN and VLAN in Fabric / /32 Edge Node Distribution Switch SVI X VLAN003 IP Network C Border/Control Plane Node External Network Shut down the SVI of VLAN003 on Aggregation switches in existing network Cisco and/or its affiliates. All rights reserved. Cisco Public 64

65 Layer-2 Connection from Existing Network Layer-2 connection between existing VLAN and VLAN in Fabric / /32 Edge Node Distribution Switch SVI VLAN003 IP Network C Border/Control Plane Node External Network No shutdown on the SVI VLAN3 on Fabric Edge switch Cisco and/or its affiliates. All rights reserved. Cisco Public 65

66 Layer-2 Connection from Existing Network Layer-2 connection between existing VLAN and VLAN in Fabric / /32 Edge Node Distribution Switch SVI VLAN003 IP Network C Border/Control Plane Node External Network L2 Network VLAN003 gets integrated into the fabric. All ingress traffic from endpoints in VLAN003 now enters the fabric via the Edge node and exits via the Border node Cisco and/or its affiliates. All rights reserved. Cisco Public 66

67 Layer-2 Connection from Existing Network Layer-2 connection between existing VLAN and VLAN in Fabric / /32 Edge Node Distribution Switch SVI VLAN X IP Network C Border/Control Plane Node External Network L2 Network Perform similar configuration of other VLANs, and SVIs on the Fabric Edge node Shutdown the SVI of the other VLANs in existing Distribution switches No shutdown the respective SVI on Fabric Edge to funnel all VLAN traffic to it 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67

68 Layer-2 Connection from Existing Network / /32 New Edge Node Distribution Switch C IP Network Border/Control Plane Node External Network Existing L2 switch Add a new Fabric Edge switch in the access layer Connect it to the Distribution layer with Routed Access with its own Loopback0 Copy the Fabric Edge configuration from previous Fabric Edge including the VLAN X/SVI X configuration as is, and paste onto the new Fabric Edge switch 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68

69 Layer-2 Connection from Existing Network / /32 Edge Node Distribution Switch C X IP Network Border/Control Plane Node External Network Configure the access ports in their VLANs similar to the legacy switch Move all the physical connections from legacy switch to new Fabric Edge Decommission the legacy switch from existing network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69

70 Add Second External Border/Control Plane node / /32 C Edge Node IP Network Border/Control Plane Node /32 C External Network Border/Control Plane Node Add or upgrade a second switch or a router as the Border/Control Plane node for redundancy. Modify the configurations on all the Fabric Edge nodes to add the second Border/Control Plane node Cisco and/or its affiliates. All rights reserved. Cisco Public 70

72 Add Internal Border nodes as necessary / /32 IP Network Edge Node Internal Border/s WAN Branch /32 Internal Border/s Datacenter WAN Add or upgrade Internal Border nodes in the Fabric Cisco and/or its affiliates. All rights reserved. Cisco Public 72

73 Campus Fabric Border Nodes Internal Border: Connects Campus Fabric to Known networks i.e. other fabric or nonfabric domain in same company network. These known networks generally are the WAN, DC, Shared Services etc Responsible for advertising prefixes from and to the local fabric domain and external domain. External Border: Connects Campus Fabric to Un- Known networks. These Un-known networks generally is the Internet and Cloud. Responsible for only advertising prefixes from the local fabric domain to external domain Cisco and/or its affiliates. All rights reserved. Cisco Public 73

74 Why Internal Border? / /32 Edge Node Distribution Switch C IP Network External Border Control Plane Node External Network WAN Branch Datacenter WAN 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74

75 Why Internal Border? / /32 Edge Node Distribution Switch IP Network C External Border External Network Internal Border WAN Branch Internal Border Datacenter WAN 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 75

76 Why Internal Border? Flexibility in designing different platforms for Border functionality different than External Border Can have any number of Internal borders than External borders (depends on network design) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76

77 Routing on the Internal Borders / /32 IP Network Edge Node Internal Border/s WAN Branch Routing needs to be configured on the Internal Borders to Advertise Fabric overlay prefixes outside to the rest of the network Known network prefixes to be redistributed into the fabric Use route-filter in the global instance to filter incoming fabric prefixes routes This will prevent underlay from learning fabric prefixes or VRFs from learning other VRF s routes /32 Internal Border/s Datacenter WAN 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 77

78 Internal Border Routing Importing from OSPF in LISP / /32 IP Network Edge Node Internal Border/s WAN Branch router lisp locator-set int_border locator-table default! eid-table vrf CORPORATE instance-id 10 ipv4 route-import database ospfv3 123 locator-set int_border ipv4 distance site-registrations 250 exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 78

79 Internal Border Routing Importing from EIGRP in LISP / /32 IP Network Edge Node Internal Border/s WAN Branch router lisp locator-set int_border locator-table default! eid-table vrf CORPORATE instance-id 10 ipv4 route-import database eigrp locator-set int_border ipv4 distance site-registrations 250 exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 79

80 Internal Border Routing Advertise from LISP into OSPF / /32 IP Network Edge Node Internal Border/s WAN Branch router lisp locator-table default! eid-table vrf CORPORATE instance-id 10 ipv4 route-export site-registrations ipv4 distance site-registrations 250 ipv4 map-cache site-registration exit! router ospfv3 123! address-family ipv4 unicast vrf CORPORATE summary-prefix /24 redistribute lisp metric 10 distribute-list 2 in exit-address-family 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 80

81 Internal Border Routing Advertise from LISP into BGP / /32 IP Network Edge Node Internal Border/s WAN Branch router lisp locator-table default! eid-table vrf CORPORATE instance-id 10 ipv4 route-export site-registrations ipv4 distance site-registrations 250 ipv4 map-cache site-registration exit! router bgp address-family ipv4 vrf CORPORATE redistribute LISP metric 10 aggregate-address summary-only neighbor remote-as neighbor activate exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 81

82 Shared Resources / /32 DDI IP Network Edge Node Internal Border/s ISE/AD router lisp encapsulation vxlan locator-set int_border exit! eid-table vrf CORPORATE instance-id 10 ipv4 route-import database eigrp locator-set border ipv4 route-export site-registrations ipv4 distance site-registrations 250 ipv4 map-cache site-registration exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 82

83 Shared Resources / /32 DDI IP Network Edge Node Internal Border/s ISE/AD router eigrp 65535! address-family ipv4 vrf CORPORATE redistribute lisp metric network autonomous-system exit-address-family! 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 83

85 Distribute Control Plane Node from External Border Control /32 Plane /32 C /32 B Edge Node IP Network Control Plane /32 C External Border/s router lisp encapsulation vxlan locator-table default locator-set msmr IPv4-interface Loopback0 priority 10 weight 10 exit! eid-table vrf CORPORATE instance-id 10 ipv4 route-export site-registrations ipv4 distance site-registrations 250 exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 85

86 Distribute Control Plane Node from External Border Control /32 Plane /32 C /32 B Edge Node IP Network Control Plane /32 C External Border/s site site_uci description map-server configured from apic-em authentication-key uci eid-prefix instance-id /0 accept-more-specifics eid-prefix instance-id /24 accept-more-specifics exit! ipv4 map-server ipv4 map-resolver exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 86

87 Distribute Control Plane Node from External Border Control /32 Plane /32 Edge Node /32 C IP Network Set up ibgp connection between the Control Plane node and External Border C /32 B External Border/s Control Plane router bgp bgp log-neighbor-changes neighbor remote-as neighbor update-source lo0! address-family vpnv4 neighbor activate neighbor send-community both exit-address-family! address-family ipv4 vrf CORPORATE aggregate-address summary only redistribute lisp metric 10 exit-address-family 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 87

88 Distribute Control Plane Node from External Border Control /32 Plane /32 C /32 B Edge Node IP Network Control Plane /32 C External Border/s router lisp encapsulation vxlan locator-set border IP-v4-interface Loopback 0 priority 10 weight 10 exit! eid-table vrf CORPORATE instance-id 10 ipv4 route-import map-cache bgp exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 88

89 Distribute Control Plane Node from External Border Control /32 Plane /32 C /32 B Edge Node IP Network Control Plane /32 C External Border/s router lisp ipv4 proxy-etr ipv4 proxy-itr ipv4 itr map-resolver ipv4 itr-map-resolver ipv4 map-server key cisco ipv4 map-server key cisco ipv4 etr exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 89

90 Distribute Control Plane Node from External Border Control /32 Plane /32 Edge Node /32 C IP Network Set up ibgp connection between the External Border and Control Plane nodes C /32 B External Border/s Control Plane router bgp bgp log-neighbor-changes neighbor remote-as neighbor update-source Loopback0 neighbor remote-as neighbor update-source Loopback0! address-family vpnv4 neighbor activate neighbor send-community both neighbor activate neighbor send-community both exit-address-family 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 90

91 Distribute Control Plane Node from External Border Control /32 Plane /32 C /32 B Edge Node IP Network Control Plane C External Border/s /32 Redistribute BGP into IGP at the external router to advertise fabric prefixes to external network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 91

92 Distribute Control Plane Node from External Border Control /32 Plane /32 C /32 B Edge Node IP Network Control Plane C External Border/s B / /32 If multiple Borders are used to redistribute fabric prefixes into external, recommend to use ebgp connection to break loops dynamically Else use distribute-lists, with IP ACLs that have a maintenance overhead 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 92

93 Redistribution From LISP to ibgp LISP Database Routing Information Base (RIB) Border Gateway Protocol (ibgp) Border Gateway Protocol (ibgp) Control Plane Node Border Node 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 93

94 Redistribution from ibgp to ebgp to IGP Border Gateway Protocol (ebgp) Border Gateway Protocol (ebgp) Routing Information Base (RIB) External Network Protocol Border Node External Router 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 94

95 Redistribution from IGP to ebgp Internal Border Border Gateway Protocol (ebgp) Border Gateway Protocol (ebgp) Routing Information Base (RIB) External Network Protocol Border Node External Router 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 95

Redistribution from IGP to ebgp Internal Border LISP Database Border Gateway Protocol (ibgp)

97 Work Simplified View DDI MPLS MPLS I-NET Branch IWAN DC IWAN Internet Internal Borders External Borders Control Plane Node Control Plane Node Fabric Edge Nodes 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 97

98 Replace Legacy Access Switches in the Network Use the same procedure outlined in the last three slides (67-68) to add Fabricenabled Edge switches While replacing legacy switches in the network After all the legacy switches in that Distribution block are replaced with Fabricenabled Edge switches, Remove the Fabric Edge connected to the Distribution switch, Use it to migrate the second Distribution block, Following the same procedure as outlined previously (61-66) Cisco and/or its affiliates. All rights reserved. Cisco Public 98

100 Routed Access Designs

102 Considerations for Migrating Routed Access Easier to migrate Routed Access designs to Campus Fabric Supporting infrastructure (DHCP mainly) is already setup Routed Access is the building block for Campus Fabric Loopback subnet that forms the RLOC address needs to be factored in IS-IS is the preferred routing protocol, and can be cut-over later keeping existing IGP Opportunity exists to consolidate existing subnets into lesser larger subnets once Campus Fabric is deployed 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 102

105 Simplified View C / /32 IP Network C Edge Node Border/Control Plane Node External Network Access switch as the Fabric Edge node Intermediate network reduced to IP Network Fabric Border node is the Router connecting to Internet services Control Plane node can be one of the network devices or a CSR1Kv, IPreachable 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 105

106 Getting Started Steps / /32 C Edge Node IP Network Border/Control Plane Node External Network Upgrade software on one of the routers acting as Border node Co-locate the Control Plane node function on the Border for simplicity Upgrade software on the access switch IS-IS is the recommended option for Fabric networks, but any IGP could do Cisco and/or its affiliates. All rights reserved. Cisco Public 106

107 Prepping the Switch / /32 C Edge Node IP Network Border/Control Plane Node External Network Do not forget to set following on the Edge node: Set MTU to 9100 on the switch and the existing network. Configure Loopback0 (/32), and underlay IP addresses 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 107

108 Fabric Configuration on Edge node / /32 C Edge Node IP Network Border/Control Plane Node External Network router lisp encapsulation vxlan locator-table default locator-set rloc_sjc18 IPv4-interface Loopback0 priority 10 weight 10 exit! disable-ttl-propagate ipv4 sgt ipv4 use-petr ipv4 itr map-resolver ipv4 itr ipv4 etr map-server key cisco ipv4 etr exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 108

109 Border and Control Plane Configuration / /32 C Edge Node IP Network Border/Control Plane Node External Network router lisp encapsulation vxlan locator-table default exit! disable-ttl-propagate ipv4 map-server ipv4 map-resolver ipv4 sgt ipv4 proxy-etr ipv4 proxy-itr ipv4 itr map-resolver ipv4 etr map-server key cisco ipv4 etr exit router lisp site site_uci authentication-key cisco exit ipv4 map-server ipv4 map-resolver exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 109

110 VRF Configuration on Edge and Border / /32 C Edge Node IP Network Border/Control Plane Node External Network ip vrf CORPORATE rd 1:1 route-target export 1:1 route-target import 1: Cisco and/or its affiliates. All rights reserved. Cisco Public 110

111 Two options for defining Endpoint ID space / /32 C Edge Node IP Network Border/Control Plane Node External Network Retain same subnets as of today Use net new subnets 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 111

112 Considerations of Retaining Existing EID structure / /32 C Edge Node IP Network Border/Control Plane Node External Network No changes to existing DHCP scope and subnet size No changes to existing firewall or other policies that are based on IP-ACL Old network design is retained for familiarity Need to revert changes on existing interfaces (SVIs) if moving back to old network in case of issues 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 112

113 Considerations of Net new Endpoint ID structure / /32 C Edge Node IP Network Border/Control Plane Node External Network Changes to existing DHCP scope and subnet size Changes to existing firewall or other policies that are based on IP-ACL Re-IP the network based on Fabric Campus design less, but larger subnets Reverting back to old network is as easy as re-assigning VLANs on Access ports less impacting 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 113

114 Configure L2 VLAN and SVI at Edge Node / /32 C Edge Node IP Network Border/Control Plane Node External Network vlan 3 name Bldg18_1_Users! interface Vlan3 ip vrf forwarding CORPORATE ip dhcp relay source-interface Loopback0 ip address ip helper-address global no ip redirects ip local-proxy-arp ip route-cache same-interface logging event link-status load-interval 30 lisp mobility CORPORATE_10_2_3_ Cisco and/or its affiliates. All rights reserved. Cisco Public 114

115 Adding EID space on Edge node / /32 C Edge Node IP Network Border/Control Plane Node External Network router lisp locator-table default eid-table vrf CORPORATE instance-id 10 dynamic-eid CORPORATE_10_2_3_0 database-mapping /24 locator-set rloc_sjc18 exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 115

116 Adding EID space on Border/Control Plane node / /32 C Edge Node IP Network Border/Control Plane Node External Network router lisp locator-table default eid-table vrf CORPORATE instance-id 10 map-cache /24 map-request exit! site site_uci authentication-key cisco eid-prefix instance-id /24 accept-more-specifics exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 116

117 Considerations of Net new Endpoint ID structure / /32 C Edge Node IP Network Border/Control Plane Node External Network Re-configure the other VLANs and SVIs as shown in previous slides Add those subnets are EIDs in Fabric Edge, and the Border/Control Plane node All VLANs on Edge node are now part of Campus Fabric 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 117

118 Exporting Fabric Prefixes to External Network / /32 C Edge Node IP Network Border/Control Plane Node External Network Only export Fabric prefixes (overlay) to the External network No need to import External prefixes into Fabric since Border acts as default to unknown destinations External network needs a route to direct traffic back to the Fabric prefixes. Preferred choice of exchanging routing information is BGP 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 118

119 Advertising Fabric Prefixes to External Network - OSPF / /32 C Edge Node IP Network Border/Control Plane Node External Network router lisp locator-table default! eid-table vrf CORPORATE instance-id 10 ipv4 route-export site-registrations ipv4 map-cache site-registration exit! router ospfv3 123! address-family ipv4 unicast vrf CORPORATE summary-prefix /24 redistribute lisp metric 10 exit-address-family interface Vlan4090 ip vrf forwarding CORPORATE ip address ip ospf network point-to-point ip ospf mtu-ignore ipv6 enable ospfv3 123 ipv4 area 0 end 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 119

120 Advertising Fabric Prefixes to External Network - OSPF / /32 C Edge Node IP Network Border/Control Plane Node External Network interface GigabitEthernet0/0/ encapsulation dot1q 4090 ip address ip ospf network point-to-point ip ospf mtu-ignore ipv6 enable ospfv3 123 ipv4 area 0 end! router ospfv3 123! address-family ipv4 unicast exit-address-family 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 120

121 Advertising Fabric Prefixes to External Network - BGP / /32 C Edge Node IP Network Border/Control Plane Node External Network router lisp locator-table default! eid-table vrf CORPORATE instance-id 10 ipv4 route-export site-registrations ipv4 map-cache site-registration exit! router bgp address-family ipv4 vrf CORPORATE redistribute lisp metric 10 aggregate-address summary-only neighbor remote-as neighbor activate exit 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 121

122 Repeat Slides Add second Control Plane/External Border node Add Internal Borders for WAN, Datacenter and Shared Resources connectivity Configure routing on Internal Borders to advertise fabric prefixes to external network; and register known external prefixes within the fabric Distribute Control Plane and External Border functions to respective switches 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 122

123 Routed Access Network DDI MPLS MPLS I-NET Branch IWAN DC IWAN Internet Internal Borders External Borders Control Plane Node Control Plane Node Fabric Edge Nodes 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 123

124 Upgrade and provision other Fabric Edge nodes / / /32 Edge Node /32 Edge Node Control Plane Control Plane /32 C C IP Network IP Network External Border /32 External Border External Network Upgrade other switches in the access layer as Fabric-Edge nodes in a similar fashion Copy paste fabric (except Loopback and couple other) and EID space configuration from the first switch to the others B B 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 124

126 Wireless

128 Where do I connect WLCs and APs WLC connect outside the fabric to Internal Border or outside the fabric APs can connect to in the overlay EID space in fabric Leverage stretched wired subnets to create one VLAN across fabric for all APs 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 128

129 Centralized Wireless and Campus Fabric / /32 Management IP /24 Campus Fabric IP Network Edge Node Internal Border/s / /24 WLCs connect behind Internal Border in the Underlay Internal Border advertises WLC Management subnet to the Fabric Internal Border advertises Fabric prefixes to the WLC Management network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 129

130 Centralized Wireless and Campus Fabric / /32 Management IP /24 Campus Fabric IP Network Edge Node Internal Border/s /21 Wireless Clients Subnet Wireless SSIDs are mapped to VLAN/Subnet at WLC in the form of dynamic interfaces Internal Border advertises Wireless client subnets to the Fabric 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 130

131 Centralized Wireless and Campus Fabric AP VLAN / / /32 Campus Fabric IP Network Edge Node / /32 AP VLAN /20 Internal Border/s /20 Edge Node Access Points are in overlay space on Fabric Edge switches One subnet for APs across the entire Fabric in Campus APs get registered in the Host Tracking Database (HTDB) running on Control node Simplified IP design for the network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 131

132 Centralized Wireless and Campus Fabric / /32 Management IP /24 Campus Fabric IP Network Edge Node Internal Border/s CAPWAP is built from the AP to the WLC When this traffic hits the Fabric Edge switch, it encapsulates CAPWAP in VXLAN and forwards it to Internal Border The outer VXLAN header is removed by the Internal Border, and underlying CAPWAP packet is forwarded to the WLC 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 132

133 Impact of Multiple Encapsulations to Frame size ETHERNET IP PAYLOAD ETHERNET IP UDP CAPWAP ETHERNET IP PAYLOAD ETHERNET IP UDP VXLAN ETHERNET IP UDP CAPWAP ETHERNET IP PAYLOAD 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 133

134 Centralized Wireless and Campus Fabric: AP Join / /32 Management IP /24 Campus Fabric IP Network Edge Node Internal Border/s WLC discovery by AP happens the same as of today. Layer-3 CAPWAP, Locally configured Controller IP Address, DHCP Server discovery via Option 43, DNS Discovery AP sends a frame padded to 1485 bytes with DF=1 Edge encapsulates frame in VXLAN that takes it above 1500 bytes 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 134

135 Centralized Wireless and Campus Fabric: AP Join / /32 Management IP /24 Campus Fabric IP Network Edge Node Internal Border/s Fabric Edge drops the packet and sends an ICMP error back to AP AP drops frame size to 576 bytes and Joins WLC successfully AP tries to find the optimum frame size by stepping up to 1000 bytes, 1300 bytes and 1485 bytes again Increase MTU to 9100 of existing network interfaces in the underlay to avoid fragmentation challenges 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 135

136 Centralized Wireless and Campus Fabric AP VLAN / /32 Client VLAN /21 Campus Fabric IP Network /20 Internal Border/s /21 Clients are authenticated and on-boarded by WLC Wireless clients are external to fabric in this case 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 136

137 Centralized Wireless and Campus Fabric AP VLAN / /32 Client VLAN /21 Campus Fabric IP Network /20 Wired VLAN /20 Internal Border/s / /20 Communication from a wired host in Fabric to Wireless Client outside fabric will occur through Internal Border JUST LIKE TODAY!! For the fabric, it is a fabric host communicating to a known destination external to the fabric 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 137

138 Centralized Wireless and Campus Fabric Over-The-Top (OTT) Wireless Consider increasing MTU on transit switches to prevent fragmentation issues Least impact to wireless since fabric is just a transport Supports all the APs that are supported by the WLC release software Leverage common subnet for AP across campus No changes to wireless roaming performance All the other features of Wireless such as AVC, Location services, QoS, Bonjour, mdns, RRM and others will work EXACTLY like they work today Managed by Cisco Prime Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 138

139 Take Away

What to do next? 1. Update your Hardware and Software! Catalyst 3650 or 3850 - New IOS-XE 16.3+ Catalyst 4500 w/ Sup8E - New IOS-XE 3.9+ Catalyst 6807, 6880 or 6840 - New IOS 15.

141 What to do next? 1. Update your Hardware and Software! Catalyst 3650 or New IOS-XE Catalyst 4500 w/ Sup8E - New IOS-XE 3.9+ Catalyst 6807, 6880 or New IOS 15.4SY+ Nexus 7700 w/ M3 Cards - New NX-OS ASR1000-X or ISR New IOS-XE Try out Campus Fabric in your Lab! You only need 2 or 3 (+) switches to test this solution At least 1 Control-Plane + Border and 1 Fabric Edge 3. Trial Deployments (Remember: its an Overlay) You can install new C-Plane, Border and Edge Nodes without modifying your existing (Underlay) network IP Network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 141

Campus Fabric CVD on Cisco.com http://www.cisco.

Coming Soon Secure, Policy-based Automation Complete Visibility and Assurance Faster Service Enablement Policy-based Automated Network Provisioning across ALL network domains.

143 Coming Soon Secure, Policy-based Automation Complete Visibility and Assurance Faster Service Enablement Policy-based Automated Network Provisioning across ALL network domains. Monitor the entire Wired, Wireless and WAN network as a Single Entity. Quickly enable services using open APIs across a Services Ecosystem Cisco and/or its affiliates. All rights reserved. Cisco Public 143

Campus Fabric Related Sessions We recommend the following sessions: 1. BRKCRS-1800: DNA Campus Fabric An Introduction 21/02/17 (Tuesday) @ 11:15 1.5 hours 2.

144 Campus Fabric Related Sessions We recommend the following sessions: 1. BRKCRS-1800: DNA Campus Fabric An Introduction 21/02/17 11: hours 2. BRKCRS-3800: DNA Campus Fabric A Look Under the Hood 22/02/17 09:00 2 hours 3. : DNA Campus Fabric - How to Integrate with Your Existing Network 22/02/17 11: hours 4. BRKCRS-2802: DNA Campus Fabric Monitoring & Troubleshooting 22/02/17 14: hours 5. BRKCRS-2803: DNA Campus Fabric Connecting Outside the Fabric 22/02/17 16: hours 6. BRKACI-2400: DNA Campus Fabric Integration with Data Center Architectures 23/02/17 14: hours 7. BRKEWN-2300: Virtualize Your Wired and Wireless Network (w/ Campus Fabric) 24/02/17 09:00 2 hours 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 144

Complete Your Online Session Evaluation Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday)

145 Complete Your Online Session Evaluation Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 145

146 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 146

147 Q & A

148 Thank You

149

DNA Campus Fabric. How to Migrate The Existing Network. Kedar Karmarkar - Technical Leader BRKCRS-2801

DNA Campus Fabric. How to Migrate The Existing Network. Kedar Karmarkar - Technical Leader BRKCRS-2801 DNA Campus Fabric How to Migrate The Existing Network Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching