Optimizing Enterprise Networks through SD-AVC (Software Define Application Visibility and Control)

Size: px

Start display at page:

Download "Optimizing Enterprise Networks through SD-AVC (Software Define Application Visibility and Control)"

John Evans
5 years ago
Views:

2 BRKCRS-2502 Optimizing Enterprise Networks through SD-AVC (Software Define Application Visibility and Control) Guy Keinan

Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3.

3 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#brkcrs Cisco and/or its affiliates. All rights reserved. Cisco Public

This is me BRKCRS-2502 2018 Cisco and/or its

8 Agenda Introduction Why? NBAR2 SD-AVC Q&A Homework Wrap up

Unprecedented Demands on the Network Digital Disruption Complexity Security 63 million new devices online every second by 2020 1 3X spend on network operations vs network 2 6 months to detect breach

9 Unprecedented Demands on the Network Digital Disruption Complexity Security 63 million new devices online every second by X spend on network operations vs network 2 6 months to detect breach 3 Lack of Business and IT Insights Slow and Error Prone Operations Unconstrained Attack Surface 1: Gartner Report - Gartner s 2017 Strategic Roadmap for Networking 2. McKinsey Study of Network Operations for Cisco Ponemon Research Institute Study on Malware Detection, Mar Cisco and/or its affiliates. All rights reserved. Cisco Public

Main Operational Challenges 95% 70% 75% Network Changes Performed Manually Policy Violations Due to Human Error OpEx spent on Network Visibility and Troubleshooting

10 Main Operational Challenges 95% 70% 75% Network Changes Performed Manually Policy Violations Due to Human Error OpEx spent on Network Visibility and Troubleshooting Source: 2016 Cisco Study Traditional Networking CANNOT Keep Pace with the Demands of Digital Business 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

11 Cisco Application Recognition SD-AVC/NBAR2 Application Recognition Fuels several core solutions: Cisco SD-WAN Cisco EasyQoS Assurance Security The Network. Intuitive. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 11

12 NBAR2

13 Cisco Application Recognition NBAR2 is a powerful Network Based Application Recognition Engine A complete remake Variety of features: Pack hitless upgrade, attributes, sub-cls & more... Wide Cross pin support (same code everywhere): Routers: ISR4K, ASR1K, CSR1K, ISRv, ISR1100, ISRG2 Switches: Cat3K, Cat9K Wireless: AireOS WLC, IOS Aps 5520/8540, NG Aps 3800/1850 NAM BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 13

14 NBAR2 Classification Main things to keep in mind Stateful classification per session (5 tuple flow) Not only Deep Packet Inspection (DPI) but a combination of different techniques: - DNS snooping - Statistical classification (Machine Learning) - Behavioral classification - Learning of main services and servers - Customization Slow-Path and Fast-Path Model BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 14

16 The Cisco Live US 2017 Challenge

20 Cisco Application Recognition CLUS 17 Less than 1% unknown Less than 1% unclassified encrypted traffic 10G of traffic in less than 14% CPU utilization (ASR1002-HX) Very good classification for encrypted traffic, in pretty good performance BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 20

22 NBAR2 Classification A bit terminology Flow == A session. Identified by 5 tuple (src IP, src Port, dst IP, dst Port, vrf) Socket == Identified by 3 tuple (dst IP, dst Port, vrf). Usually a server FIF == First packet In the Flow Bypass == No processing, just quick forwarding BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 22

23 NBAR2 Classification HL overview Slow Path: Classifies the flow, based on packet processing Potentially first packet (First In Flow FIF classification) Programs the Fast Path with classification result Fast Path: Completely bypasses NBAR2 processing Uses the programmed classification Slow Path (NBAR2) ~5% Fast Path (Flow Table) ~95% BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 23

27 NBAR2 Classification Detailed FIF only (1) L3/L4 Custom IP Cache Socket cache Pre-Flow Cross flow Look- Up Table Flow Table NBAR bypass mng App tracker listener Multiprotocol Multiprotocol Text Parser (MTP) multi-packet (3) Multi-Packet Engine (MPE) (MPE) statistical IANA or VM first payload Only (2) Custom WKPpayload WKP Entry Heuristic logic Single-Packet Single-Packet Engine (SPE) (SPE) on fail success success/fail engine helper WKP = Well Known Packet BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 27

Store for future flows statistical IANA Cross flow LUT or VM first payload Only (2) Custom WKPpayload WKP Heuristic logic

28 NBAR2 Classification Detailed Flow FiF FIF only (1) L3/L4 DNS-AS Socket cache L3 LUT Cache Bundle Payload packets Flow Table NBAR bypass mng App tracker Store Set for for current next packets flow multi-packet (3) listner MTP MPE Processing Store for future flows statistical IANA Cross flow LUT or VM first payload Only (2) Custom WKPpayload WKP Heuristic logic SPE on fail success success/fail engine helper BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 28

33 NBAR2 Socket Cache Classification - Example Cache in Socket-Cache Full classification + Learning the socket MySQL :3306 Dst IP Dst Port Application MySQL MySQL Server :3306 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 35

34 NBAR2 Socket Cache Classification - Example No Processing. Using Cache! MySQL :3306 Dst IP Dst Port Application MySQL MySQL Server :3306 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 36

10.10.1 3306 MySQL MySQL Server 10.10.10.1:3306 Re-validate

35 NBAR2 Socket Cache Classification - Example Dst IP Dst Port Application MySQL MySQL Server :3306 Re-validate the socket every time interval BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 37

Classification and Encryption BRKCRS-2502 2018 Cisco

37 NBAR2/SD-AVC Encrypted traffic techniques Outside the organization (usually non collaborative): SSL handshake analysis certificate, Server Name Indication (SNI) DNS traffic analysis Machine learning/statistical classification Inside the organization (usually collaborative): Customization of SSL certificates and DNS domains Server and client discovery based on NBAR2 SD-AVC External Sources (more on this later ) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 39

38 NBAR2 Encryption Classification Automatic (Signature) Custom "(.*[.])?((youtube(-nocookie)? ytimg googlevideo)[.]com) youtu[.]be" cisco(config)#ip nbar custom CCSOC composite server-name "*ccsocdev.net" BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 40

NBAR2 DNS Classification - Example First Packet webex 10.10.10.1 IP Application 10.10.10.1 webex Encrypted Webex 10.

42 NBAR2 Encrypted Traffic Classification Summary Most of the traffic is encrypted traffic and is SSL/TLS Testing shows more than 80% of SSL traffic is classified by NBAR2 All major internet/cloud applications are supported Hundreds of applications NBAR2 classifies both cloud and local encrypted traffic NBAR2/SD-AVC use a variety of techniques to classify encrypted traffic BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 44

Performance BRKCRS-2502 2018 Cisco and/or its

44 NBAR2 Performance Optimization Techniques Optimized C code engines Optimized processing skips most of the traffic Wise caching techniques we ve added many of these NBAR2 Default (Performance-Optimized) Mode: Application Classification Supported on all platforms NBAR2 Fine-Grain Mode: Analytics (Deep DPI) Supported on routers-only BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 46

45 NBAR2 Performance Testing Results Fast Path Validated in real live networks and Tested on Enterprise Traffic Mix (EMIX) benchmark BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 47

NBAR2 Performance Ongoing Improvements 40%

Enterprise Traffic Mix (EMIX) BRKCRS-2502 2018

47 NBAR2 Protocol Discovery Performance Most XE routers: Line rate in working point of 70% CPU utilization 9300: 2000 CPS, 10,000 b-directional flows for each 24 ports. CPU at ~50% (HTTP profile) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 49

48 No. of Apps/Domains Recognized Application Recognition: NBAR Evolution Network Level Analytics External Sources ~1500 Apps ~150 Encrypted Apps DPI, Signatures, Custom Apps Heuristic, Statistical+Behaviorial Standard Port based 100s of Apps DPI, Signatures, Custom Apps Pre-NBAR NBAR Version 1 NBAR Version 2 SD-AVC BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 50

49 Application Recognition at Network Level SD-AVC

50 Why SD-AVC? Useful and easy Application BW monitoring at a network level Better application recognition in asymmetric environments Better application recognition for encrypted applications Better first packet classification for path selection and marking policies Improved performance Automatic protocol pack deployment at a network level Serviceability and troubleshooting tools for application recognition issues Key for Cisco solutions such as SD-WAN, EasyQoS, Assurance. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 52

53 What is SD-AVC? A network service which ensures Application recognition for visibility, Analytics and application based policy solutions. Analytics processing at a network level Synchronizing application state between network nodes Serves as a gateway for external sources, provisioning into Cisco Network Auto-learning and auto-signature algorithms Provides pack update capability at a network level for thousands of devices BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 55

54 What is SD-AVC? Current form factor Hosted on IOS-XE devices using Linux container (LXC) as a virtual-service (Future: DNA-C) 3G RAM and 4 CPUs Serve more than 6K devices BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 56

55 How Does SD-AVC work? (Basics) SD-AVC defines Sensors and Consumers in the network data plane Sensors are network devices (with NBAR2) that produce classification information and export it to the SD-AVC network service Up to 2Kbps for a small branch router Consumers are network devices that consume classification information from the SD-AVC network service A network device can be a sensor, a consumer or both BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 57

56 How Does SD-AVC work? (Basics) Sensors with NBAR2, classify traffic & cache results in the form of Application Rules Application Rule is defined as an L3/L4 to App-ID mapping Application Rule Example: id IP port L4 vrf-id vrf name app-id eng-id sel-id app-name #hits black weight rating ============================================================================================================================== TCP 0 global vnc 1 no 69 1 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 58

57 How SD-AVC works? (Basics) cont. The SD-AVC service compiles application rules received from the different network sensors (as well as external authoritative sources) The service generates an Application Rules Pack Consumers pull the application rules pack from the SD-AVC service and install the application rules in their data-plane On-device classification is enhanced with the newly installed SD-AVC application rules This process is periodic BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 59

58 SD-AVC Asymmetric Webex example branch NBAR2 Classify first flow as Webex (based on Certificate) MPLS NBAR2 Classify first flow upstream as Webex (based on Certificate) Webex br1 hub rtr Corporate Servers Webex DNS br0 Webex br2 mc Path Policy: Webex => MPLS Internet The problem: Webex downstream Is routed via Internet due to bad classification NBAR2 Can t classify flow in the downstream (no certificate) internet BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 60

59 SD-AVC Asymmteric Webex example branch NBAR2 Classify first flow as Webex (based on Certificate) MPLS NBAR2 Classify first flow upstream as Webex (based on Certificate) Webex br1 hub rtr Corporate Servers Webex DNS br0 mc Webex br2 SD- AVC Path Policy: Webex => MPLS Internet The problem: Webex downstream Is routed via Internet due to bad classification NBAR2 Can t classify flow in the downstream (no certificate) internet BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 61

60 Exported sockets: ================= SD-AVC Asymmteric Webex example id IP port L4 vrf-id vrf name app-id eng-id sel-id app-name black =========================================================================================== NBAR TCP 2 Mgt vnc Classify first flow upstream as no branch MPLS Webex (based on Certificate) hub TCP 2 Mgt vnc no TCP 2 Mgt vnc no NBAR2 TCP 2 Mgt webex-meeting no Classify first flow Webex br1 as Webex (based on Certificate) rtr Corporate Servers Webex DNS br0 mc Webex br2 SD- AVC Path Policy: Webex => MPLS Internet The problem: Webex downstream Is routed via Internet due to bad classification NBAR2 Can t classify flow in the downstream (no certificate) internet BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 61

61 Exported sockets: ================= SD-AVC Asymmteric Webex example id IP port L4 vrf-id vrf name app-id eng-id sel-id app-name black =========================================================================================== NBAR TCP 2 Mgt vnc Classify first flow upstream as no branch MPLS Webex (based on Certificate) hub TCP 2 Mgt vnc no TCP 2 Mgt vnc no NBAR2 TCP 2 Mgt webex-meeting no Classify first flow Webex br1 as Webex (based on Certificate) rtr Corporate Servers Webex DNS br0 mc Webex br2 SD- AVC Path Policy: Webex => MPLS Internet The problem: Webex downstream Is routed via Internet due to bad classification NBAR2 Can t classify flow in the downstream (no certificate) internet BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 61

62 SD-AVC Asymmetric Webex example branch NBAR2 Classify first flow as Webex (based on Certificate) MPLS NBAR2 Classify first flow upstream as Webex (based on Certificate) Webex br1 hub rtr Corporate Servers Webex DNS br0 mc Webex br2 SD- AVC Path Policy: Webex => MPLS Internet The problem: Webex downstream Is routed via Internet due to bad classification NBAR2 Can t classify flow in the downstream (no certificate) internet BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 64

63 SD-AVC Asymmetric Webex example Imported sockets: ================= branch NBAR2 Classify first flow br0 MPLS NBAR2 Classify first flow upstream as Webex (based on Certificate) Webex id IP port L4 vrf-id vrf name app-id eng-id sel-id app-name black as Webex ========================================================================================== (based on = Certificate) TCP 2 Mgt vnc no TCP 2 Mgt vnc no TCP 2 Mgt vnc no TCP 2 Mgt webex-meeting no Webex br1 br2 hub rtr mc SD- AVC Corporate Servers Path Policy: Webex => MPLS Webex DNS Internet The problem: Webex downstream Is routed via Internet due to bad classification NBAR2 Can t classify flow in the downstream (no certificate) internet BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 65

64 SD-AVC Asymmetric Webex example branch NBAR2 Classify first flow as Webex (based on Certificate) MPLS NBAR2 Classify first flow upstream as Webex (based on Certificate) Webex br1 hub rtr Corporate Servers Webex DNS br0 mc Webex br2 SD- AVC Path Policy: Webex => MPLS Internet Imported sockets: ================= id IP port L4 vrf-id vrf name app-id eng-id sel-id app-name black =========================================================================================== TCP 2 Mgt vnc no TCP 2 Mgt vnc no TCP 2 Mgt vnc no TCP 2 Mgt webex-meeting no The problem: Webex downstream Is routed via Internet due to bad classification NBAR2 Can t classify flow in the downstream (no certificate) internet BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 66

65 Asymmetric Fixed Webex example - with SD-AVC branch MPLS NBAR2 Classify first flow upstream as Webex (based on Certificate) hub NBAR2 Classify first flow as Webex (based on Certificate) Webex br1 rtr Corporate Servers Webex DNS br0 mc SD- AVC Path Policy: Webex => MPLS br2 Internet Imported sockets: ================= id IP port L4 vrf-id vrf name app-id eng-id sel-id app-name black =========================================================================================== TCP 2 Mgt vnc no TCP 2 Mgt vnc no TCP 2 Mgt vnc no TCP 2 Mgt webex-meeting no Webex Downstream Is routed via MPLS NBAR2 Classify Webex Downstream (based on SD-AVC) internet BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 67

SD-AVC External Sources BRKCRS-2502 2018 Cisco

67 SD-AVC and External sources The SD-AVC service connects with external authoritative sources to enrich application classification dynamically and seamlessly Enables us to: Connect Cisco Security databases Provide real-time Cloud/SaaS information Provision Home-grown Applications Example use cases are: Automatic Enrichment of Cloud/SaaS applications (MS RSS, CASI) Automatic Learning of Enterprise Local or Private apps (Infoblox/ACI/CUCM) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 69

68 SD-AVC Operation (Data Flow) CloudLock 2 Application Rules Pack Generation Network Service SD-AVC 4 MS RSS Infoblox Controller 5 Network Layer 3 Application Rules pack Cached application rules (JSON) Application Rules Pack 3 1 Consumer Sensor & Consumer BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 70

SD-AVC Connectors Microsoft Office 365 contains geolocation and world wide FQDN and URL information (PoC) CASI contains 10,000 applications with domain and

69 SD-AVC Connectors Microsoft Office 365 contains geolocation and world wide FQDN and URL information (PoC) CASI contains 10,000 applications with domain and certificate information - Provides DNS information for home grown applications (PoC) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 71

70 SD-AVC and Microsoft Office365

71 Using Microsoft RSS How does it work? Office 365 URLs and IP address ranges Requires connectivity to the internet (from the SD-AVC service) XML format Huge list of IP addresses and ranges Much more robust list of domains BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 73

73 Using Microsoft RSS How does it work? Imported Data from Microsoft Cisco Protocol Pack Application Data New Domain Information from Microsoft Example: jpn.delve.office.com BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 75

74 Using Microsoft RSS How does it work? Imported Data from Microsoft Cisco Protocol Pack Application Data New Domain Information from Microsoft jpn.delve.office.com BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 76

75 Using Microsoft RSS How does it work? (Second step) 1. Find the correct application for the new domains 2. Using machine learning based on the previous learning set of Office 365 and existing host mappings supplied by Cisco NBAR2 Protocol Pack Algorithm: Given a the previous learning set and a new domain that we want to map it to an application: host1 host2 host3 app1 app2 app3 jpn.delve.office.com ms-office365??? BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 77

76 Using Microsoft RSS How does it work? (Third Step) Compile a new pack with the new signature and make it available for the devices The secondary pack is installed along side with Cisco NBAR2 protocol-pack New domains are now supported automatically SD-AVC BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 78

77 Demo

78 What we ll show in the Demo We will demonstrate how complete asymmetric devices can teach each other with classification information, using SD-AVC. We will show how external sources can enhance application recognition We will show these new automatic signatures help the application recognition in an asymmetric scenario with SD-AVC BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 80

79 Microsoft Office365 RSS SD-AVC Pull Application Rules Data Analytics (JSON) Pull Application Rules Data Analytics (JSON) CSR1Kv CSR-Demoupstream Down Stream Down Stream CSR1Kv csr-demodownstream Upstream Trex Traffic Generator Upstream BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 81

80 Demo Script Note: We expedited some of the timers, this may lead to skew in status indications 1. Downstream Setup Not connected to SD-AVC 2. Connect Downstream to the SD-AVC Network Service First level of Asymmetry fix 3. Enrich the devices with a Secondary Pack based on MS Office365 Cloud Info 4. Downstream Setup classifies based on the MS Info using SD-AVC Second level of Asymmetry fix BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 82

81 SD-AVC and Cloudlock CASI

82 SD-AVC and Cloudlock CASI Why? Database synchronization between Cloudlock SaaS Security Index and SD-AVC/NBAR Better SaaS application recognition leveraging on Cloudlock Security Cloud infrastructure Better response time to the application and domain changes Cloudlock Shadow IT visibility leveraging SD-AVC on Cisco enterprise network BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 84

83 SD-AVC and Cloudlock Self-Learning Network Application database & Shadow-IT Cloudlock Analysis & Feedback SD-AVC Learning Network Device BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 85

87 How it works #2? Cloudlock CASI 2 Enterprise Network SD-AVC 1 Update CASI with offline application information from NBAR/CASI R&D BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 89

88 SD-AVC Delivery Plan

89 SD-AVC Delivery plan Phase 1 (FCS- Oct 2017) IWAN 2.2.1: SD-AVC hosted on XE Container Improved application recognition in Hub Asymmetric Routing environment Improved first packet classification decision Application recognition function serviceability Protocol Pack automatic update Phase 2 (FCS Jan 2018) Cloud/SaaS automatic signatures push (MS RSS) High scale of SD-AVC sensors (6K) support asymmetrical routing in branch routers Support IWAN 2.3 DCA (Direct Cloud Access) FCS March 2018 Furture Unknown and Generic Traffic Discovery High scale custom application support (1000+) Viptela vmanage integration DNA-C App-Policy/EasyQoS use cases Wireless & Switching BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 91

90 Q&A

91 Homework

16 and up - Cat3K/9K supported 16.6.1 and up - Download and install SD-AVC on a router (network level

92 What you can do? - Use Application Visibility on WebUI (Device level visibility) - XE routers supported 3.16 and up - Cat3K/9K supported and up - Download and install SD-AVC on a router (network level visibilty) - Enlist to NBAR2/SD-AVC announcements send an with SUBSCRIBE to cisco-nbar2-pp-announcement@cisco.com BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 94

93 Wrap up - NBAR2 has evolved and matured to tackle today s networks challenges - SD-AVC introduces new innovation and advances to network level using analytics and external sources - The evolution Cisco application recognition technology unleashes great capabilities both in the device side and controller side, to provide application based solutions like SD-WAN, EasyQoS, Assurance and Security BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 95

95 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#brkcrs Cisco and/or its affiliates. All rights reserved. Cisco Public

Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All

96 Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public

98 Thank you

105

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018 Cisco SD-WAN Intent-based networking for the branch and WAN Carlos Infante PSS EN Spain March 2018 Aug-12 Oct-12 Dec-12 Feb-13 Apr-13 Jun-13 Aug-13 Oct-13 Dec-13 Feb-14 Apr-14 Jun-14 Aug-14 Oct-14 Dec-14