Intelligent WAN Architecture Enabling the Digital Branch

Transcription

1

2 Intelligent WAN Architecture Enabling the Digital Branch Scott Van de Houten Distinguished Systems Engineer - Global Enterprise Vinay Pande Technical Leader - Enterprise Routing BRKCRS-2000

3 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, cs.co/clus17/#brkcrs Cisco and/or its affiliates. All rights reserved. Cisco Public

4 Agenda Business Drivers and Outcomes IWAN Architecture Overview Orchestration & Automation Product Portfolio Emerging Cloud Centric Designs Closing Why IWAN? 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

5 Why are enterprises thinking about SD-WAN? 50% of Apps accessed via Internet 58% Of IT budgets spent on WAN Connectivity 32.4% Cite management of connectivity at branch as a challenge 48.6% Cite poor application performance and latency as corporate WAN concern Source: IDC Worldwide SD-WAN Survey Special Report (May 2016) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 5

6 IWAN Business Outcomes Insights & Experiences Application Experience App & User Analytics Bandwidth Efficiency Digital Branch Automation & Assurance Agility: Day 0 Automation Zero Touch Deployment Point-n-Click Troubleshooting Security & Compliance Comprehensive Protection: On-prem & Cloud, Users, Devices, and Things BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 6

7 Intelligent WAN (IWAN) Secure SDWAN and Cloud Access Optimized Hybrid WAN Branch MPLS (IP-VPN) 3G/4G-LTE Private Cloud Virtual Private V Cloud Direct Cloud Access Internet Public Cloud 1. IWAN Secure VPN for private and virtual private cloud access Increase WAN transport capacity and app performance cost effectively! 2. Leverage local Internet path for public cloud and Internet access Improve application performance (right flows to right places) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 7

8 Intelligent WAN (IWAN) So What is New Here? Branch Optimized Hybrid WAN Mixed transport WANs with High Reliability MPLS (IP-VPN) Private Cloud Virtual 3G/4G-LTE V Service Levels for Business-Critical Applications Private Cloud Direct Cloud Access Internet Centralized Security Policy for Internet Access Public Cloud 1. IWAN Secure VPN for private and virtual private cloud access Increase WAN transport capacity and app performance cost effectively! Dramatically Lower WAN Costs Without Compromise 2. Leverage local Internet path for public cloud and Internet access Improve application performance (right flows to right places) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 8

9 Common IWAN Deployment Models Dual MPLS Hybrid Dual Internet Internet Public Enterprise Public Enterprise Public MPLS MPLS MPLS+ Internet Internet Internet Branch Branch Branch Highest SLA guarantees Centralized Internet Access Expensive More BW for key applications Balanced SLA guarantees Moderately priced Best price/performance Most flexibility Enterprise responsible for SLAs Consistent VPN Overlay Enables Security Across Transition BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 9

10 Intelligent WAN (IWAN) Architecture Enterprise Unified Branch MPLS Private Cloud 3G/4G-LTE Virtual Private Cloud Internet Public Cloud Management Automation Transport Independence Intelligent Path Control Application Optimization Secure Connectivity Simplified Application Enhanced Application Comprehensive Hybrid WAN Aware Routing Visibility and Performance Threat Defense BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 10

11 Intelligent WAN (IWAN) Architecture Cloud Managed Service Offering IWANaaService Unified Branch MPLS Private Cloud 3G/4G-LTE Virtual Private Cloud Internet Public Cloud vms/nso Management Automation Hybrid WAN Intelligent Path Control Application Optimization Secure Connectivity Simplified Application Enhanced Application Comprehensive Hybrid WAN Aware Routing Visibility and Performance Threat Defense BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 11

12 IWAN: Architectural and Systems Approach IWAN is a Solution Architecture Solves a network problem Use Case Driven Systems Development Approach Prescribed. Tested. Interoperable. Bounded Scope and Complexity Enables Automation and Quality IWAN 2.2 Delivers Business Outcomes Reduce Operational Complexity Reduce WAN costs, Increase bandwidth Improve Application Performance Direct Cloud Access Guest Access Offload BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 12

13 Transport-Independence Virtualizing the Enterprise WAN

14 Flexible Secure IWAN Over Any Transport Transport-Independent Simplifies WAN Design Easy multi-homing with several providers Single routing control plane over the top of provider networks Flexible Dynamic Full-Meshed Connectivity Consistent design over all WAN transport types Scalable Hub-n-spoke with dynamic full mesh topology Secure Proven Robust Security Industry Certified security compliance Scalable high-performance cryptography in hardware Internet WAN ASR 1000 ISR Branch MPLS ASR 1000 Data Center BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 14

15 IWAN Transport Independence Consistent deployment models simplify operations IWAN Dual MPLS IWAN HYBRID IWAN HYBRID/LTE Data Center Data Center Data Center ASR 1000 ASR 1000 ASR 1000 ASR 1000 ASR 1000 ASR 1000 SP A SP B ISP A SP B ISP C SP B DMVPN DMVPN DMVPN DMVPN DMVPN DMVPN MPLS MPLS Internet MPLS 4G/LTE MPLS ISR Branch ISR Branch ISR Branch BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 15

16 IWAN Transport Independent Design with Dynamic Multipoint VPN (DMVPN) Proven IPsec VPN technology Widely deployed, Large scale Standards based IPsec and Routing Adv QOS: hierarchical, per tunnel IWAN HYBRID Flexible & Resilient Over any transport: MPLS, Carrier Ethernet, Internet, 3G/4G,.. Hub-n-Spoke with Dynamic full mesh Topology Multiple encryption, key management, routing options Multiple redundancy options: platform, hub, transports Secure Industry Certified IPsec and Firewall NG Strong Encryption: AES-GCM-256 (Suite B) IKE Version 2 IEEE 802.1AR Secure unique device identifier Simplified IWAN Deployments Prescriptive validated IWAN designs Automated provisioning Prime, IWAN-App, VMS/NSO, Glue ISP A DMVPN Purple Internet Data Center DMVPN Green MPLS SP B Branch BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 16

17 DMVPN How it Works Spokes build a dynamic permanent GRE/IPsec tunnel to the hub, but not to other spokes. They register as clients of the NHRP server (hub) and register their NBMA address Active-Active redundancy model two or more hubs per spoke All configured hubs are active and are routing neighbors with spokes Routing protocol routes are used to determine traffic forwarding A spoke will initially send a packet to a destination (private) subnet behind another spoke via the hub, and the hub will send it an NHRP redirect. The redirect triggers the spoke to send an NHRP resolution request for the data packet destination address behind the destination spoke The destination spoke initiates a dynamic GRE/IPsec tunnel to the source spoke (it now knows its NBMA address) and sends the NHRP reply. The dynamic spoke-to-spoke tunnel is built over the same mgre tunnel interface When traffic ceases then the spoke-to-spoke tunnel is removed Physical: Tunnel1: Routing Protocol / / /24 Dual DMVPN Design Single mgre tunnel on Hub, two mgre tunnels on Spokes /24 Physical: (dynamic) Tunnel0: Tunnel1: /24 Physical: Tunnel0: Physical: (dynamic) Tunnel0: Tunnel1: /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 17

18 Typical IWAN Topology IWAN 2.0 IWAN Domain Group of IWAN sites with common transports and policies 2000 sites per domain, multiple domains for larger scale IWAN POP locations 2+ WAN aggregation locations, also called Transit Sites Each Border Router (BR) is a DMVPN Hub with ibgp or EIGRP routing Summary prefixes with primary and secondary path metrics advertised out to branches Transit routing to other locations with backdoor failover routing between POP locations Dedicated BR per WAN transport IWAN POP / /8 DC / /16 BR11 BR12 BR21 BR22 DMVPN MPLS /8 WAN Core DC2 DMVPN INET IWAN POP / /8 IWAN Branch locations Simple consistent configurations 1 or more BRs connected to each transport Peer with each DMVPN Hub, stub routing BR31 BR41 BR51 BR / / /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 18

19 Highly Redundant Large Scale Topology IWAN 2.1 DC1 DC2 IWAN POP1 DCI WAN Core IWAN POP2 BR11 BR12 BR13 BR14 BR21 BR22 BR23 BR / / /8 Support for multiple BRs per transport Horizontal scaling and redundancy Support for Multiple POPs Different Prefix Common Prefix DMVPN MPLS DMVPN INET BR31 BR41 BR51 BR / / / / / /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 19

20 IWAN 2.2 IWAN Topology with Dual Homed POP Border Routers IWAN POP locations Same design as Typical IWAN Topology with dual homed Border Routers Additional redundancy with fewer BRs Larger BRs required to meet performance targets IWAN POP / /8 DC1 DCI WAN Core DC / /16 BR11 BR12 BR21 BR22 IWAN POP / /8 DMVPN MPLS DMVPN INET BR31 BR41 BR51 BR / / /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 20

21 IWAN Transport Best Practices Private peering with Internet providers Use same Internet provider for hub and spoke sites Avoids Internet Exchange bottlenecks between providers Reduces round trip latency DMVPN Phase 3 Scalable dynamic site-to-site tunnels Separate DMVPN per transport for path diversity Per tunnel QOS NG Encryption IKEv2 + AES-GCM-256 encryption Transport settings Use the same MTU size on all WAN paths Bandwidth settings should match offered rate Routing Overlay ibgp or EIGRP for high scale Single routing process, simplified operations Front-side VRF to isolate provider networks ISP A DMVPN Purple Internet IWAN HYBRID Data Center DMVPN Green MPLS SP B Branch BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 21

22 Intelligent Path Control Improving Application Delivery and WAN Efficiency

23 Getting the Most Out of Your WAN Investment Benefits of Intelligent Path Control Lower WAN Costs Full Utilization of WAN Bandwidth Improved Application Performance Higher Application Availability Enabling Hybrid WANs Efficient Distribution of Traffic Based Upon Load or Path Preference Application Best Path Based on Quality Protection From Carrier Black Holes and Brownouts ASR 1000 ISR Internet Branch MPLS ASR 1000 Data Center BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 23

24 Intelligent Path Control with PfR Voice and Video Use-Case Voice/Video take the best delay, jitter, and/or loss path MPLS Private Cloud Branch Other traffic is load balanced to maximize bandwidth Internet PfR monitors network performance and routes applications based on policy PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth Virtual Private Cloud Voice/Video will be rerouted if the current path degrades below policy thresholds BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 24

25 What is Performance Routing (PfR)? Performance Routing (PfR) provides additional intelligence to classic routing to track and verify the quality of a path over a Wide Area Networking (WAN) to determine the best path for application traffic... Data Center BR MC BR MPLS Internet MC+BR Branch BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 25

26 Protecting Critical Applications While Increasing Link Efficiency High Delay Detected High Jitter Detected Business App Best-Effort Traffic Voice and Video Best-Effort Traffic SP1 (MPLS) ISP (FTTH) SP1 (MPLS) ISP (DSL) Business App and Load-Balancing Policy Multimedia and Critical Data Policy Protect transactional business app from brownouts delay < 250ms Preferred path SP1 (MPLS) Increase WAN bandwidth efficiency by load-sharing traffic over all WAN paths, MPLS + Internet Protect voice and video quality Latency < 150 ms Jitter < 20 ms Protect applications from WAN congestion Loss < 5% Voice and video preferred path SP1 preferred path ISP Increase utilization by load sharing BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 26

27 Load Balancing Maximizing Link Utilization to Increase Available Bandwidth Traffic distributed across all paths to efficiently use all WAN bandwidth Load Balancing based upon link utilization levels External links can have different bandwidth capacities MPLS = 1.5Mbps Internet = 15Mbps 50% 15Mbps = 7.5Mbps Internet WAN ASR 1000 ISR MPLS 50% T1 = 750kbps ASR 1000 Data Center BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 27

28 Performance Routing Components The Policy Controller: Domain Controller (DC) Discover site peers, prefixes and connected networks Advertise policy and services One per domain, collocated with MC DC/MC The Decision Maker: Master Controller (MC) Discover BRs, collect statistics Apply policy, verification, reporting No packet forwarding/inspection required BR MPLS BR Internet The Forwarding Path: Border Router (BR) Does all packet forwarding Visibility in network performance Enforce MC s decision (path enforcement) MC+BR Branch BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 28

29 How PfR Works Key Operations ISR ASR1K MC Traffic Classes Learning Active TCs MC Performance Measurements MC Best Path BR BR BR BR BR BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR BR MC+BR Define Your Traffic Policy Learn the Traffic Measurement Path Enforcement Define Traffic Classes and service level Policies based on Applications or Transport Classifiers Border Routers learn current traffic classes going to the WAN based on classifier definitions Measure the traffic flow and network performance and report metrics to the Master Controller Master Controller commands path changes based on traffic class policy definitions BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 29

30 Large Scale Topology with PfR Controllers DC1 DC2 IWAN POP1 DC/MC DC/MC DCI WAN Core IWAN POP2 MC MC BR11 BR12 BR13 BR14 BR21 BR22 BR23 BR / / / /8 Support for multiple BRs per transport Horizontal scaling and redundancy Support for Multiple POPs Different Prefix Common Prefix DMVPN MPLS DMVPN INET MC+BR MC+BR MC+BR BR / / /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 30

31 Intelligent Path Control Path of Last Resort DC/MC DC/MC DC1 DC2 MC MC Simplifies and speeds up failover routing to a backup only path Granular failover per traffic class policy MPLS2 MPLS INET2 INET LTE MPLS2 MPLS INET2 INET LTE Extends path-preference to include a last-resort path(s) Removes the need for the routing protocol to initiate failover DMVPN MPLS DMVPN INET ASA DMVPN LTE Good choice for cellular, satellite and other backup only paths MC+BR BR R14 Branch Site BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 31

32 Application Optimization

33 Make Your IWAN Application Aware Application Visibility and Control (AVC) Public Cloud AVC AVC Private Cloud Branch DC/Headquarters Application Performance Visibility Smart Capacity Planning Business Objective Enforcement Application inspection with existing routers Better use of costly bandwidth Service Level monitoring per application Cisco AVC Rich data collection using NetFlow v9/ipfix Easy to integrate into many reporting tools Per-branch and perapplication level reporting Better Analytics to adjust network policies to maintain compliance BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 33

34 Performance Collection & Exporting Integrated performance monitoring and advanced metrics for different type of applications and use cases Unified Monitoring Voice and Video Performance (Media Monitoring) Critical Applications Performance (Application Response Time) Basic Monitoring 30% of traffic is voice and video What applications, how much bandwidth, flow direction? (NBAR2 and Flexible Netflow) 40% of traffic is critical applications AVC HTTP HTTP BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 34

35 Application Performance Monitoring for IWAN Track and Report Application Flows and Performance CSR AVC Enterprise Edge AVC WAN NetFlow v9 Private Cloud AVC Branch NetFlow v9 Export/IPFIX Export Exporting Provisioning Collecting Collecting Collecting AVC NetFlow/IPFIX Records (Same provisioning, same format) Traffic statistics records Application Response Time records Media monitoring records (Application, Jitter, Loss, etc) DC/Headquarters Cisco Tools Prime, APIC-EM Partner Tools Ecosystem LiveAction Living Objects Plixer CompuWare CA Technologies BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 35

36 Add WAN Optimization with WAAS + Akamai Speed and Bandwidth Benefits on Top of the IWAN Branch Improving Application Performance DC/POP CSR WAN Private Cloud vwaas AppNav-XE Controller WAVE, vwaas Application Optimization Improved Application performance, delay mitigation, less bandwidth Twice as many Citrix users over same WAN, 70% faster Typical ROI in less than one year, 65% BW cost savings Content Caching & Prepositioning Reduces WAN bandwidth usage, while accelerating applications Intelligent caching of internal and Internet content Prepositioning of data and rich media before it is needed Simple and Scalable Works with existing branch routers Scale out optimizations resources with AppNav Native HA resiliency BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 36

37 WAAS and Akamai Connect Synergy Transparent Cache Dynamic URL Cache AKAMAI Connect Akamai Connected Cache Content Pre-positioning LZ Compression TCP Optimization CISCO WAAS Data De-duplication Application Specific Acceleration BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 37

38 Cisco WAAS Enhancing User Experience and WAN Efficiency Problem Solution Application latency WAN bandwidth inefficiencies Reduce load Data redundancy elimination (DRE), compression, and TCP optimization Application optimization Fewer protocol messages and metadata caching 4 3 Bandwidth (Mbps) Latency (Seconds) 160 Reduction in bandwidth Reduction in latency Application bandwidth natively Application bandwidth with Cisco WAAS 1 40 Application latency natively Application latency with Cisco WAAS 0 0 Application Application Bandwidth Latency BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 38

39 IWAN Application Optimization with Akamai Connect Data Center End-User Akamai Connect integrated into Cisco ISR-AX routers WAAS WAN ISR-AX+AC Akamai Intelligent Platform INTERNET Branch Akamai Connect accelerates HTTP/HTTPS applications, video and content in the branch, while maximizing existing enterprise network bandwidth BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 39

40 Avg. Load Time (sec.) Application Optimization Enhancing User Experience and WAN Efficiency Any Device, Connectivity, Cloud Result Improved Application Response Times Mobile Apps Video Software Downloads Digital Signage Catalogs Guest WiFi ~70+% of HTTP/S data served from cache Data Center WAAS WAN End-User ISR-AX+AC Branch Akamai Connect integrated into Cisco ISR-AX routers Akamai Intelligent Platform INTERNET % reduction load time WAAS + AKC Native WAN BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 40

41 HTTPS Acceleration and Caching for private Cloud/DC applications send session key Client WAAS & Akamai Connect Transparent Secure Channel Server WAAS Client IWAN SSL server SSL Handshake SSL Handshake Original Data -SSL Encrypted Session: client to Optimized server WAAS & Encrypted SSL Optimized Session: DC - WAAS Encrypted to server BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 41

42 Single Sided HTTPS Caching for Direct Internet Access Internet Client WAAS & Akamai Connect SSL Handshake Client SSL Handshake Cached Data - Encrypted INET DMVPN MPLS DMVPN DC/Headquarters BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 42

43 IWAN Secure Connectivity

44 Intelligent WAN: Secure Connectivity Securing the network and users Secure WAN Transport Branch MPLS (IP-VPN) Private Cloud Virtual Private Cloud Secure Internet Access Internet Public Cloud Two areas of concern 1. Protecting the network from outside threats with data privacy over provider networks 2. Protecting user access to Public Cloud and Internet services; malware, privacy, phishing, BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 44

45 Cisco Trustworthy Systems Enterprise Routing Protects the Network Firepower Firepower Management Center Stealthwatch Learning Network License ISE Manager Agent Packet Analysis Platform Integrity Secure Boot Image Signing Counterfeit Protections Hardware Trust Anchor Runtime Defenses OS Validation Modern Crypto Secure Device Onboarding Security Culture Supply Chain Management Open Source Registration Security Training Threat Modeling Product Security Baseline PSIRT Advisories Learn more: BRKARC-1010 Protecting the Device: Cisco Trustworthy Systems & Embedded Security BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 45

46 Cisco Router Security Certifications FIPS Common Criteria NG Strong Crypto 140-2, Level 2 EAL4 AES-GCM-256* Cisco ISR 890 Series P P Cisco ISR 1900 Series P P Cisco ISR 2900 Series P P Cisco ISR 3900 Series P P P Cisco ISR 4000 Series P P P Cisco ASR 1000 Series P P** * RFC 6379 Suite B ** Not supported on older RP1 based ASR 1000s BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 46

47 Securing the IWAN Transport IPSec VPN and Access Control Step 1: Authenticate hardware and software Trust Anchor Module verification Step 2: Secure Transport Proven IPsec VPN overlay Strong Cryptography: IKEv2 + AES-GCM 256 F-VRF to isolate provider networks Step 3: Access Control IOS Zone-based Firewall or ACLs protection Role based access to router w/ logging Minimize exposure Provider assigned addressing to hide routers Don t put tunnel addresses into DNS Data Center ASR 1000 ASR 1000 ISP A ISP C MPLS Internet Branch BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 47

48 Trust Anchor Module (TAM) How do I Know the Hardware is Authentic? Trust Anchor Module Provides Immutable Identity Provides Immutable Identity Standard Standard Identity- Identity- IEEE IEEE 802.1AR 802.1AR (SUDI- X.509 cert) Secure (SUDI- Storage X.509 of cert) Credentials Anti-Theft & Anti-Tamper Chip Design Certifiable Secure Storage Entropy for of Random Credentials Number Generation Anti-Theft & Anti-Tamper Chip Design Certifiable Entropy for Random Number Generation TAM/Secure Identity Verification Checks to Verify as Cisco Genuine Authenticity & License Check Verify Secure Identity Product Security TAM Features & Services Immutable Identity Secure Storage (Keys & Objects) Certifiable Entropy Source Secure Crypto Assist Secure Application Certificates Provides trustworthy hardware identity, secure storage, random number generator and encryption Available in the ISR-4000, newer Catalyst and other Cisco products BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 48

49 Secure Boot How do I Know the Software is Authentic? Ensures only authentic Cisco software boots up on a Cisco Platform Anchored in hardware, as the image is created, the signature is installed & signed with a secure private key As the software boots, the system checks to ensure the installed digital certificate is valid Subsequent hash checks provides continuous monitoring with runtime integrity Power-Up Integrity Check Power On Hardware Anchor Immutable Anchor ensuring hardware integrity and key authenticity Image Signing Secure Microloader Microloader verifies Bootloader and BIOS Secure Boot Process Image Image Signing Signing Signed Bootloader/ BIOS A Signed Bootloader/ BIOS validates Operating System Signed Operating System Launch Operating System Verifies the software has not been altered or tampered since it was signed BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 49

50 Add Network Integrated Threat Defense IOS Zone-Based Firewall Control the Perimeter: External and internal protection: internal network is no longer trusted Protocol anomaly detection and stateful inspection Communicate Securely: Call flow awareness (SIP, SCCP, H323) Prevent DoS attacks Flexible: Split Tunnel-Branch direct Internet access Internal FW addresses regulatory compliances Data Center ASR 1000 ASR 1000 ISP A ISP C Integrated: No need for additional devices, expenses and power Works with other IWAN Services: Umbrella, WAAS, UCS-E, Manageable: APIC-EM, Prime, CLI, SNMP, CCP MPLS Internet Branch BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 50

51 Intelligent WAN Direct Cloud Access ISR-AX ZBFW MPLS (IP-VPN) Private Cloud Virtual Private Cloud Branch Internet Direct Cloud Access Umbrella Public Cloud Leverage Local Internet path for Public Cloud and Internet access Improve application performance (right flows to right places) Solutions On Premise Zone Based Firewall Cloud Based Cloud Umbrella Branch BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 51

52 Cisco Umbrella Branch (a.k.a OpenDNS) Your first layer of defense at branch offices Cisco Umbrella Branch Cisco ISR Block MALWARE C2 CALLBACKS PHISHING Visibility & enforcement at the DNS-layer Block requests to malicious domains and IPs Predictive intelligence: uncover current & emergent threats Protect all devices on your branch network against: o o o Malware Phishing C2 callbacks Devices on branch network BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 52

53 Orchestration and Automation

54 Policy driving the Network 1 Policy Application Policies: AppID, bandwidth, latency, loss, jitter,... Security Policies: Segmentation, access control, privacy/crypto, 3 SDN Controller Controllers collect data from the network and push policy to network 2 Network Network enforces the policies and reports status and event data BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 54

55 Network-Wide Abstractions Simplify the Network Applications Orchestration Automation IWAN Security Virtualization The SDN SDN Ideal: Controller Ideal: as the Application Platform Controller as the Application Platform REST API SOUTHBOUND ABSTRACTION LAYER CATALYST CISCO NEXUS ISR ASR ASA WIRELESS OTHER BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 55

56 Next Generation Branch WAN Controller Models Enterprise Service Provider IWAN APP APIC-EM Automation & Orchestration vms/nso BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 56

57 Cisco IWAN Management Portfolio Covering a broad range of requirements and preferences Full Custom Service Driven Policy Driven Ecosystem Partners Prime Infrastructure NSO IWAN App Full Custom Deployment Customer needs CLI customization with IWAN CVD support. Templatebased Artisan automation, Wizard driven workflows Solution One Assurance across Cisco portfolio Integrated Assurance Service Model Driven Automation Customer wants custom automation and service abstraction Full Requirements consistent with Spectrum prescriptive IWAN Validated Design Offering Fully extensible beyond IWAN Prescriptive Policy Automation Customer wants considerable automation and operational simplicity Fast, Requirements consistent with prescriptive Easy IWAN Validated Design Deployment Limited Extensibility Application Aware Performance Monitoring Advanced Orchestration BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 57

58 APIC-EM IWAN App Network and Policy Orchestration GUI-driven IWAN deployment Zero-touch deployment Deploys best-practice designs Hybrid-WAN Intent Driven IWAN Use cases Monitoring and Troubleshooting Brownfield integration Site-level changes BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 58

59 IWAN App Demo

60 IWAN Orchestration/Management for SPs Network Services Orchestrator (NSO) & Virtual Managed Services (VMS) Service Provider Applications Admin Portal Customer Portal Virtual Managed Services (VMS) Customer Portal Automation Management Orchestration Network Service Orchestrator (NSO) Network Service Orchestrator (NSO) Physical and Virtual Infrastructure ISRv vwaas vwlc ASAv 3rd Party Apps ISR G2 ISR 4000 ASR 1000 CSR 1000V UCS C-Series BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 60

61 Prime Infrastructure for IWAN For Your Reference IWAN workflow wizard with PnP Template-based IWAN configs PfRv3 Domain, MC and BR AVC One-Click provision QoS Provisioning Single or Dual Router Branch CVD-based, Customizable AVC Readiness Assessment AVC, QoS, PfR Visibility Leverages APIC EM services BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 61

62 LiveAction Software For Your Reference An Application-aware Network Performance Management and QoS Control tool Fast, simple, cost effective way to monitor and control application performance leveraging Cisco capabilities LiveAction Components Flow QoS Monitor QoS Configure LAN Routing IP SLA BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 62

63 Living Objects Advanced IWAN plugin Data collection For Your Reference IWAN AVC: Application performance analytics Application. (Nbar2) URL (http extract) TCP metrics (ART) Media Metrics (MMON) Compression ratio (WAAS) PfR events (TCA, route change) PfR measurement WAAS: Acceleration PfR: adaptive application aware routing BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 63

64 Glue Networks IWAN Orchestration For Your Reference Cloud-based SaaS subscription model Eliminates manual building of WANs Automated WAN orchestration and management Quick configuration updates and IOS upgrades Rapidly delivers nextgen and IWAN features Forward compatible with SDN APIs for app aware WANs Broadband and MPLS support for centralized hybrid WAN management for IWAN BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 64

65 Cisco IWAN Product Portfolio

66 Start with Cisco AX Routers IWAN Capabilities Embedded in the Router One Network UNIFIED SERVICES Visibility Control ASR1000-AX ISR4000-AX Optimization Simplify Application Delivery Transport Independent Secure Routing ISR-AX ISRv-AX Cisco AX Routers ISRv ASR 1000 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 66

67 IWAN Branch Services Routers ISR4000 Series - IWAN AX Ready, Next Generation Branch For Your Reference APPLIANCE LEVEL PERFORMANCE Service-Aware Dataplane ISR Gbps Resilient Service Virtualization Multi-gigabit Fabric ISR Mbps/1Gbps APPLICATION CENTRIC App/User policy-driven deployment APIC-EM Automation: deploy in minutes ISR /400Mbps Pay-as-you-grow Up-to-75% cost savings ISR /300Mbps INTEGRATED IWAN SERVICES IOS Firewall, VPN, IPSec, PfRV3, NBAR2, AVC, AppNav, VRF, MPLS Scalable on-chip service provisioning ISR4321 ISR4221 New 50/100Mbps 35/70Mbps BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 67

68 IWAN Aggregation Border Routers ASR IWAN AX Ready, High Performance Routers COMPACT, POWERFUL ROUTER ASR1001-X ASR1001-HX For Your Reference New Line-rate performance 2.5G to 200G+ with services enabled Crypto performance from 2G to 60G+ Flexible I/O: SPAs and Ethernet LCs BUSINESS-CRITICAL RESILIENCY Separate control and data planes Hardware and software redundancy In-service software upgrades INTEGRATED IWAN SERVICES IOS Firewall, VPN, IPSec, PfRV3, NBAR2, AVC, AppNav, VRF, MPLS Scalable on-chip service provisioning 2.5G Upgradeable to 5G, 10G, 20G Up to 8G Crypto Throughput ASR1002-X 5G Upgradeable to 10G, 20G, 36G Up to 4G Crypto Throughput Modular ASR1006-X Modular, Redundant up to 200G Up to 60G Crypto Throughput 40G Upgradeable to 60G 8G or 16G Crypto Throughput ASR1002-HX 44G Upgradeable to 100G 8, 16, 25G Crypto Throughput New New BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 68

69 Introducing Cisco Enterprise NFV Network Services in Minutes, on Any Platform Cisco Enterprise Service Automation (ESA) on APIC-EM Network Services Orchestrator (NSO) Virtual Router (ISRv) Virtual Firewall (ASAv) Virtual WAN Optimization (vwaas) Virtual Wireless LAN Controller (vwlc) Third-Party VNFs Network Functions Virtualization Infrastructure Software (NFVIS) Cisco 4000 Series ISR + UCS E-Series Enterprise Network Compute System (ENCS) Cisco UCS C-Series BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 69

70 Best-of-breed Trusted Services from Cisco Consistent Software Across Physical and Virtual ISRv High performance Rich features End-to-end support Proven software ASAv / FTDv vwaas vwlc Comprehensive protection Full data-center-class featured functionality Designed for NFV Cost-effective with NFV Leader in Gartner MQ #1 unit shipped Superior caching with Akamai Connect Survivability and scale Consistency across the data center and switches Built for small and medium branches BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 70

71 Freedom of Choice Cisco Intelligent Branch Traditional Enterprise NFV Physical Router Physical Router Virtual Services Virtual Router Virtual Services Virtual Router Virtual Services Cisco 4000 Series ISR 4000 Series ISR + UCS E-Series Enterprise Network Compute System (ENCS) UCS C-Series Centralized services Fixed integrated services Conservative Upgradable hardware Deterministic routing performance Elastic routing and services Router / Server Hybrid Elastic routing and services Performance Cisco ONE Access to Ongoing Innovation License Investment Portability Protection BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 71

72 ENCS 5xxx Portfolio For Your Reference ENCS Core ENCS Core ENCS Core ENCS Core ISRv + 3 VNF PoE ISRv + 5 VNF Base Offer Optional LTE ISRv + 2 VNF LAN Ports NIM LTE, DSL, T1 HDD, SSD RAID, HW Crypto Shipping September 2016 Q3 CY17 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 72

73 Cisco UCS-E Series Extend Cloud Services into Branch Infrastructure For Your Reference Platform for WAN Edge Applications Microsoft Windows-Server and Linux Certified Dedicated Blade Management App App OS OS Hypervisor UCS-E Blade CIMC E App App OS OS Hypervisor UCS-E Blade Server Virtualization Cisco UCS Virtualization Powered by NFVIS, VMware, Microsoft, Citrix Multipurpose x86 Blades Cisco Integrated Management Controller Consistent management for UCS family IOS, MGF Backplane Switch Cisco UCS E Series modules House up to four server blades in an ISR Single-Device Network Integration House all services in ISR chassis Multigigabit fabric backplane switch Support on ISR Series Routers BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 73

74 Scalability UCS E-Series Portfolio UCS-E160D-M2 UCS-E180D-M2 UCS-E180D-M3 UCS-E1120D-M3 For Your Reference UCS-E140S-M2 UCS-E160S-M3 6-core, 2.0 GHz 8-core, 1.8 Ghz 96 GB RAM 8-core, 2.0 GHz 12-core, 1.5 Ghz 128 GB RAM UCS-EN140N 4-core, 1.8 GHz, 16 GB RAM 6-core, 1.9 GHz, 64 GB RAM NFVIS VMware, Hyper-V, Citrix certified 4-core, 1.0 GHz, 8 GB RAM Shipping New Performance BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 74

75 Hypervisor and OS Support For Your Reference UCS E-Series: Hypervisors Microsoft Hyper-V 2008 R2, 2012, and 2012 R2 VMware vsphere 5.0, Update 1, 5.1, 5.5, 6.0 and 6.5 Citrix XenServer Release 6.0 Microsoft Windows Windows Server 2008 R2 64-bit Windows Server 2012 and 2012 R2 64-bit Windows Server bit Linux Red Hat Enterprise Linux 6.2 and later SUSE Linux 11, Service Pack 2 and later Oracle Enterprise Linux 6.0, Update 2 and later UCS E-Series NCEs: Hypervisors Microsoft Hyper-V 2012 R2 VMware vsphere 5.5, 6.0 and 6.5 Microsoft Windows Linux Windows Server 2012 and 2012 R2 64-bit Windows Server bit Red Hat Enterprise Linux (RHEL) Release 6.5 and later Note: for the latest supported hypervisors and OS please check the CCO datasheets BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 75

76 Emerging Cloud Centric Designs

77 Improving Cloud User Experience and Security Secure Direct Cloud Access From the DC From the Branch From a Colocation Facility (Colo) From within a Cloud Service (AWS, Azure,..) Colo CloudLock MPLS INET vprivate Cloud V vprivate Cloud V MPLS INET Internet DMZ DC End-to-End application optimization and performance monitoring MPLS Internet Pervasive Security User, transport, cloud, Internet & compliance AVC OpenDNS Umbrella WAAS/AKC R14 Branch Site BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 77

78 Traditional DC Centric WAN Architecture Inter-Region WAN Core Region A DC 1 Region A DC 2 Internet, SaaS vpc Si Si Si Si Internet, SaaS vpc Metro Service IWAN MPLS-1 IWAN INET-1 Metro Service Campus Campus Campus BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 78

79 Secure Agile Exchange Virtualization for Data Centers and Colocations Facilities Customers Colocation Centers Secure Agile Exchange Cloud Customers SaaS Employees Employees Secure Agile Exchange Private Data Center Partners DMZ Private Data Center Applications Partners Public Cloud BRKDCT-2409 Building The Secure Agile Hybrid Cloud Network BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 79

80 Cloud Centric Enterprise IWAN Architecture vprivate Cloud Inter-Region IWAN Core vprivate Cloud V V V V Private Cloud Private Cloud Facebook Yahoo YouTube, Internet Public Cloud Metro Service West Colo Secure Agile Exchange Secure Agile Exchange East Colo Metro Service Facebook Yahoo YouTube, Internet Public Cloud SaaS Direct Cloud Access IWAN MPLS IWAN INET Hybrid SD-WAN Direct Cloud Access SaaS Campus BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 80

81 Why Cisco IWAN?

82 Intelligent WAN Summary Transport Independent Design Highly available Hybrid WAN Intelligent Path Control DC-East DCI WAN Core DC-West Efficient utilization of WAN resources application path optimization and advanced load balancing Application Optimization Internet Application Visibility and Control (AVC) to monitor performance WAAS + Akamai to reduce bandwidth and improve app experience WAAS AVC BR MC 256M FD BR ASR-AX MC BR ASR-AX BR WAAS 512M FD AVC Internet ShowMe$$ Secure Connectivity Secure the network from outside threats Secure users accessing Internet services Mainland MPLS 1.5M FD Island ADSL 20M Dn 2M Up Umbrella Internet IWAN Automation & Orchestration Enterprise IWAN-APP, Prime, LiveAction, GlueWare and Service Provider VMS, NSO, Living Objects and ISR-AX vwaas Branch-1 AVC ISR-AX vwaas Branch-513 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 82

83 IWAN Vision and Strategy INTELLIGENT VIRTUALIZATION AUTOMATION CLOUD INTEGRATION SERVICE VIRTUALIZATION ENTERPRISE DNA Campus/WAN/DC vrouter, vservice and App Orchestration Global Policies, Colo SAEs, Optimization, Cloud Security Secure, Simple, Centralized Policy Automation Secure VPN Overlay, Any Transport, Bandwidth Efficiency, Application SLA BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 83

84 Cisco Digital Network Architecture Network-enabled Applications Cloud Service Management Principles Open APIs Developers Environment Automation Abstraction and Policy Control from Core to Edge Policy Orchestration Open and Programmable Standards-Based Virtualization Analytics Network Data, Contextual Insights Physical and Virtual Infrastructure App Hosting Cloud-enabled Software-delivered Cisco ONE Software Delivered Insights and Experiences Automation and Assurance Security and Compliance BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 84

85 Cisco Digital Network Architecture Deliver DNA with Cisco IWAN Digital Network Architecture Cloud Service Management Cisco Intelligent WAN Automate with policies Automation Analytics Analytics with network insights Virtualization Physical and virtual platforms Faster Innovation Reduce Cost & Complexity Lower Risk & Meet Compliance BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 85

86 Intelligent WAN (IWAN) Branch Optimized Hybrid WAN Mixed transport WANs with High Reliability MPLS (IP-VPN) Private Cloud Virtual 3G/4G-LTE V Service Levels for Business-Critical Applications Private Cloud Direct Cloud Access Internet Centralized Security Policy for Internet Access Public Cloud 1. IWAN Secure VPN for private and virtual private cloud access Increase WAN transport capacity and app performance cost effectively! Dramatically Lower WAN Costs Without Compromise 2. Leverage local Internet path for public cloud and Internet access Improve application performance (right flows to right places) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 86

87 Q & A

88 Recommended Reading Explains all key IWAN technologies and components VIRL labs are available so that you can practice these concepts as you read them in the book Copies are available at the CLUS Cisco Press bookstore Come Meet The Authors Anthony, Brad, David, and Jean-Marc are signing books at Cisco Press bookstore on Weds. 1:30 2 PM BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 88

89 IWAN Information and Resources IWAN Solution Page: IWAN Design & Deployment Pages: IWAN Design & Config Guides: IWAN Docwiki: Enterprise Network Functions Virtualization (ENFV): Recommended IWAN IOS Releases IWAN IOS 15.5(3)M5 ISR 890s, ISR 1900s, ISR 2900s, ISR 3900s IOS-XE 15.5(3)S5 ISR 4000s, ASR 1000s, CSR1000v, ENCS/ISRv IWAN 2.2 IOS 15.6(3)M2 ISR 890s, ISR 1900s, ISR 2900s, ISR 3900s IOS-XE ISR 4000s, ASR 1000s, CSR1000v, ENCS/ISRv BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 89

90 Cisco Live for Enterprise Customers Tue, Jun 27, 1:30pm. BRKRST-3018 Wed, Jun 28, 8:00 a.m. BRKCRS-2007 Tue, Jun 27, 1:30 p.m. BRKCRS-2000 Mon, Jun 26, 1:30 p.m. TECCRS-2004 Sun, Jun 25, 8:00 a.m. - 5:00 p.m. BRKRST-3413 IWAN Serviceability: Deploying, Monitoring, and Operating Understanding and Troubleshooting Intelligent Path Control in IWAN Migrating Your Existing WAN to Cisco's IWAN Breakout Session IWAN Architecture 8 hours Seminar Implementing IWAN LTRRST-3019 Design, Deploy, and Operate IWAN Mon. and Wed. LTRCRS-2005 Building and Migrating to IWAN Wed, Jun 28, 8:00 a.m. PNLCRS-2005 IWAN Panel Thu, Jun 29, 10:30 a.m. CCSRST-2000 IWAN Case Study Tue, Jun 27, 8:00 a.m. Refer to Session Catalog for more: 37 hits for IWAN BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 90

91 Cisco Live for Service Providers Tue, Jun 27, 1:30pm PSOSPG-2003 Wed, Jun 28, 3:30 p.m. - 4:30 p.m. BRKRST-2557 Tue, Jun 27, 1:30 p.m. - 3:30 p.m. BRKCRS-2000 Mon, Jun 26, 1:30 p.m. - 3:30 p.m. TECCRS-2004 Sun, Jun 25, 8:00 a.m. - 5:00 p.m. BRKRST-3413 IWAN Serviceability: Deploying, Monitoring, and Operating Cisco SD WAN for Service Providers IWAN and NFV Orchestration for Managed Service Providers Breakout Session IWAN Architecture 8 hours Seminar Implementing IWAN CCSSP-1000 Cisco + Verizon: VMS Success Story Wed, Jun 28, 9:30 a.m. - 10:30 a.m. LTRRST-3019 Design, Deploy, and Operate an IWAN Network Mon. and Wed. PNLCRS-2005 IWAN Panel Thu, Jun 29, 10:30 a.m. Refer to Session Catalog for more: 37 hits for IWAN BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 91

92 IWAN at Cisco Live Las Vegas 2017 Use different event types to learn more about IWAN Full day Technical Seminar on Sunday IWAN seminars (8 hours) Presentations: 15 IWAN Breakout Sessions - 90 or 120 Min. 2 Customer Success Story presentations - Huntington Bank, Verizon Hands-on labs: 5 IWAN Instructor-led labs (4 hours) 3 IWAN Self-placed walk-in labs (45 Min.) Meet the IWAN Business Unit Experts MTE - Meet the Engineer technical meetings (max. 1 hour) Whisper Suites management level meetings BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 92

93 IWAN Breakout sessions Understanding IWAN Design, Architecture and Building Blocks: BRKCRS-2000 IWAN Architecture BRKRST-2043 IWAN AVC/QoS Design BRKSEC-4054 Advanced Concepts of DMVPN BRKRST-2362 IWAN - Implementing Performance Routing (PfRv3) BRKCRS-2002 IWAN Design and Deployment Workshop IWAN Migration, Operation and Troubleshooting: BRKCRS-2007 Migrating Your Existing WAN to Cisco's IWAN BRKRST-3018 Understanding and Troubleshooting Intelligent Path Control in IWAN BRKRST-3413 IWAN Serviceability: Deploying, Monitoring, and Operating BRKNMS-1040 IWAN and AVC Management using Cisco Prime Infrastructure and APIC-EM IWAN for Service Providers: BRKRST-2557 IWAN and NFV Orchestration for Managed Service Providers PSOSPG-2003 Cisco SD WAN for Service Providers BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 93

94 IWAN Labs Instructor-led ( 4 hours): LTRCRS-2005 Building and Migrating to Cisco's Intelligent WAN (IWAN) LTRRST-3015 Advanced IWAN PfR w/qos Hands on Lab LTRRST-3019 Design, Deploy, and Operate an Intelligent WAN (IWAN) Network Walk-in Self-Placed (45 Min): LABSDN-2005 Introduction to iwan LABRST-2013 DMVPN overlay routing for IWAN deployments LABSDN-2910 iwan deployment with APIC-EM BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 94

95 IWAN Case Studies Enterprise: CCSRST-2000 IWAN Migration Case Study (Huntington Bank) Service Provider: CCSSP-1000 Cisco + Verizon: Virtualized Managed Services (VMS) Success Story BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 95

96 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on Don t forget: Cisco Live sessions will be available for viewing on demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public

97 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 97

98 Thank you

99