Cisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer

Similar documents
THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017

Transforming the Network for the Digital Business

Več kot SDN - SDA arhitektura v uporabniških omrežjih

Next Gen Enterprise Management and Operations with Cisco DNA

Cisco SD-Access Hands-on Lab

Cisco Software Defined Access (SDA)

Automatisierung im LAN Der Start in eine neue Ära des Networkings

SD-Access Wireless: why would you care?

Cisco Software-Defined Access

Cisco Software-Defined Access

Cisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco

Cisco Software-Defined Access

Software-Defined Access 1.0

Tech Update Oktober Rene Andersen / Ib Hansen

Cisco ONE Software Overview. October 2017

Problem: Traditional network management tools are limited and do not address network needs

Campus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801

Cisco SD-Access Building the Routed Underlay

Software-Defined Access 1.0

Software-Defined Access Wireless

Borderless Networks. Tom Schepers, Director Systems Engineering

Routing Underlay and NFV Automation with DNA Center

Network Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016

Software-Defined Access Wireless

Software-Defined Access Wireless

Digital Network Architecture

P ART 3. Configuring the Infrastructure

Licenses & Networking for everybody: DNA

APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks

Extensive Secure Borderless Network Cisco and/or its affiliates. All rights reserved. 1

Cisco SD-WAN. Securely connect any user to any application across any platform, all with a consistent user experience.

Software-Defined Access Design Guide

Cisco DNA. Digital Network Architecture.

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Next generation branch with SD-WAN and NFV

Cisco ONE for Access Wireless

Identity Based Network Access

DNA Automation Services Offerings

Cisco Digital Network Architecture The Network Helps Enable Digital Business. Aleksandar Stepancev, EN PSS Balkan October 2016

DNA Assurance. Predict Network Failures Before They Become Issues

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Wide Area Bonjour Solution Overview

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)

Cisco SD-Access Policy Driven Manageability

Cisco SD-WAN and DNA-C

Evolving your Campus Network with. Campus Fabric. Shawn Wargo. Technical Marketing Engineer BRKCRS-3800

Ciprian Stroe Senior Presales Consultant, CCIE# Cisco and/or its affiliates. All rights reserved.

Assure the Health of Your Network

Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches)

IWAN APIC-EM Application Cisco Intelligent WAN

Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)

Cisco SD-Access: Enterprise Networking Made Fast and Flexible. November 2017

Automating Enterprise Networks with Cisco DNA Center

Exam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.

DNA Campus Fabric. How to Migrate The Existing Network. Kedar Karmarkar - Technical Leader BRKCRS-2801

Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks

Cisco ONE. Roland Köster & Markus Kremser Enterprise Networking Group. Mobility Sales Germany September 2015

One Management Realized, with Cisco Prime Infrastructure Manage Complexity. Manage Effectively. Manage Intelligently. Closing

Cisco Application Centric Infrastructure

Distributed Branch Deployment Costs

Cisco DNA Center Assurance and Analytics

Cisco Exam Questions & Answers

Cisco Network Admission Control (NAC) Solution

Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access

Networking in the Digital Era

DCCS Business Breakfast. Walter Greiner Systems Engineer Sales März 2018

The Next Opportunity in the Data Centre

Cisco Universal Wi-Fi Solution 7.0

WHITE PAPER ARUBA SD-BRANCH OVERVIEW

Cisco Prime for Enterprise Innovative Network Management

Cisco SP Wi-Fi Solution Support, Optimize, Assurance, and Operate Services

Cisco ONE New Way Buying & Consuming Cisco NW Software! Thomas Latzer Enterprise Networking Lead Cisco Systems

2018 Cisco and/or its affiliates. All rights reserved.

SD-Access Wireless Design and Deployment Guide

Design Guide for Cisco ACI with Avi Vantage

Cisco Digital Network Architecture The Network Enables Digital Business. Rene Andersen Cisco DK

Simplify and automate your network with Cisco DNA

From Zero Touch Provisioning to Secure Business Intent

P ART 2. BYOD Design Overview

Cisco ONE for Access Wireless

Cisco Borderless Networks Value Proposition

Mute As a courtesy to all participants you are muted during the presentation to alleviate background noise

2012 Cisco and/or its affiliates. All rights reserved. 1

Delivering Enterprise SDN. Now. Simplify and Automate Your Network for Digital Transformation

Network as an Enforcer (NaaE) Cisco Services. Network as an Enforcer Cisco and/or its affiliates. All rights reserved.

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Securing BYOD with Cisco TrustSec Security Group Firewalling

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Cisco Digital Network Architecture

Cisco Configuration Assistant

Cisco DNA Center FAQ

Cisco IWAN Application 2.2 on DNA Center, Quick Start Guide

Design Your Network. Design A New Network Infrastructure. Procedure

Cisco Enterprise Silicon

Q&As. Advanced Borderless Network Architecture Sales Exam. Pass Cisco Exam with 100% Guarantee

CTO PoV: Enterprise Networks (Part 2) Security for IoT & Cloud

SUB-TITLE WLAN Management-as-a-Service

CertKiller q

Converged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3

Transcription:

Cisco.Network.Intuitive FastLane IT Forum Andreas Korn Systems Engineer 12.10.2017

Ziele dieser Session New Era of Networking - Was ist darunter zu verstehen? Software Defined Access Wie revolutioniert SDA das Netzwerk der Zukunft Wie kann ich das Netzwerk als Sensor nutzen und Analyse und Assurance Funktionalitäten mich dabei unterstützen 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

THE NETWORK. INTUITIVE. Software Defined Access (For existing and next-gen infrastructure) Cisco DNA Center Encrypted Traffic Analytics Catalyst 9000 Portfolio with Programmable ASICs Assurance with Network Data Platform

The Network. Intuitive. Powered by Intent. Informed by Context. Programmable Integrated Secure Intent-based Network Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

The Network. Intuitive. Powered by Intent. Informed by Context. DNA-Center Policy Automation Analytics Intent-based Network Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

The New Way Made simple by The Network. Intuitive. INTENT 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Cisco Digital Network Architecture Software Defined Access 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

DNA Programmability and Automation Cloud Services and Management Network-enabled Applications Principles Open APIs Developers Environment Automation Abstraction & Policy Control from Core to Edge Policy Orchestration Open & Programmable Standards-Based Infrastructure Analytics Network Data, Contextual Insights Physical Virtual Programmable App Hosting Insights & Experiences Automation & Assurance Security & Compliance Cloud-enabled Software-delivered

A new era of Networking begins - Software Defined Access DNA Center: Simple Workflows DESIGN PROVISION POLICY ASSURANCE DNA Center Controller Analysis/Assurance (Network Data Platform) Automation (APIC-EM 2.0) Policies & Segmentation (Identity Services Engine 2.3) Fabric Routers Switches Wireless AP WLC

Software Defined Access Mobility Collaboration Security APIC EM Secure Segmentation Flexible User/Device Grouping Basic Segmentation Micro Segmentation Simplified Provisioning Device Onboarding Automated Workflows Consistent Policy Endpoints Branch Monitoring & Troubleshooting Easy Management Proactive Network Health Monitoring Contextual Analytics 11

Software Defined Access (SD-Access) Bringing Everything Together DNA Center Controller-based Management Programmable Overlay Simplified L3 Underlay

Campus Fabric Key Components LISP based Control-Plane VXLAN based Data-Plane Platform for seamless TrustSec integration Key Differences L2 + L3 Overlay vs. L2 or L3 Only Adds VRF + SGT into Data-Plane Host Mobility with Anycast Gateway Virtual Tunnel Endpoints (No Static) No Topology Limitations (Basic IP) Policy and Logical Grouping

Secure, Policy Based Automation Easy Segmentation & Policy Enforcement 1 Employee 2 Guest 3 Contractor 4 Isolated Add Policy -- Search for policy -- Employee Policy Details Default Access Permit Voice Priority Medium Bandwidth Limit Disabled Internet Access Enabled Add Policy Entry Drag policy to apply Neighborhoods Employees Lighting Building Security Employee Neighborhood 1 1 1 Marketing Finance 1 1 1 1 Sales HR Operations Strategy Facilities Old Way VLAN & IP address based Isolate employees from, systems (i.e. Building Mgt.) Deal with policies, users & policy violations manually Software Defined No IP address dependency with Anycast Gateway & SGT Define Policy once: LAN, WLAN and WAN IP and Policy follows User

Authenticate & Authorize (AAA) ISE integration in DNA Center DNA-UX Identity Services Engine DNA Center (APIC-EM) users Groups & Policy Policy Authoring Workflows Fabric Management things Network

SD-Access Architecture Roles and Terminology Group Repository Fabric Border VXLAN Overlay Intermediate Nodes (Underlay) ISE / AD B DNA Center APIC-EM B NDP C DNA Controller Analytics Engine Fabric Mode WLC Control-Plane Nodes Fabric Edge Nodes Fabric Mode APs Control-Plane Nodes Map System that manages Endpoint ID to Device relationships Border Nodes A Fabric device (e.g. Core) that connects External L3 network(s) to the SD-Access Fabric Edge Nodes A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SD-Access Fabric Fabric Wireless Controller Wireless Controller (WLC) that is fabric-enabled Fabric Mode APs Access Points that are fabric-enabled. Intermediate Nodes Underlay Overlay Endpoint traffic carried within VXLAN frames between Fabric Edges and between Fabric Edges and Border Nodes

Produktupdate Catalyst 9K

SD-Access Platform Support A single fabric for your digital ready network Switching Routing Wireless SDA Extension NEW Catalyst 9400 NEW NEW Catalyst 9300 ASR-1000-X ASR-1000-HX ISR 4430 AIR-CT5520 AIR-CT8540 NEW NEW Catalyst Digital Building Catalyst 9500 ISR 4450 AIR-CT3504 ISR 4351 Wave 2 APs (1800, 2800,3800) Catalyst 3560-CX Catalyst 4500E Catalyst 6K Nexus 7700 ISR 4331 Catalyst 3850 and 3650 CSRv ENCS 5400** Wave 1 APs* (1700, 2700,3700) IE Switches** (2K/3K/4K/5K) *with Caveats **Future

New Era in Networking Beyond Days of Convergence Software Defined Access (SD-Access) Video Security (9K Series) Voice Data IOT Cloud Mobility Previous Era SD-Access New Era - Policy Based Automation from Edge to Cloud

UADP 2.0 - Next Generation of ASIC Innovation Investment Protection Flexible Pipeline Universal Deployments Adaptable Tables Enhanced Scale/Buffering Multicore resource share 384K Flex Counters Shared Lookup Up to 240GE Bandwidth Up to 2X to 4X forwarding + TCAM Embedded CPUs Up to 32MB Packet Buffer Up to 64K x2 Netflow Records

Produktupdate Analytics & Assurance

What we are announcing Software Subscription Licensing DNA Advisory, Technical, Support Services DNA Center Built-in expertise to manage and deploy end-to-end network services with a central management (July 2017) Network Data Platform for Assurance Analytics collects data from users, devices, and applications and uses machine learning to proactively identify problems (Nov 2017) Software-Defined Access Dynamically adapt to changing needs with policy-based management of the network fabric (Jul 2017) Enhanced Network as a Sensor Uncover threats hidden in encrypted traffic without decryption (Sept 2017) Catalyst 9000 Series Switches First infrastructure devices purposely designed for DNA 9500 (Jun 2017), 9400 (August 2017), 9300 (June 2017)

Components of DNA Assurance Primary focus areas for DNA Assurance and analytics 1. End-to-end visibility: Insights correlated to across network: WAN, WLAN, LAN, network services, etc. 2. Insights to drive proactive operations: Deep insights generated through machine learning and correlation 3. Predict performance: Sensor-based insights predict how the network will perform: get ahead of the problem 4. Streaming telemetry: Insights derived from high-fidelity data on the order of seconds vs. traditional data source on the order of minutes 5. Closed-loop automation: Integration with controller

NDP Data Correlation and Analysis netflow AVC DDI ISE Topology NDP Stream Processing Correlation, Complex Event Processing, Clustering, Machine Learning Location Device

Network quality is a complex, end-to-end problem Affects Join/Roam Affects Quality/Throughput Client firmware WAN Uplink usage Affects Both* Affects Both*... Client density AP coverage Affects Both* Affects Quality/Throughput Affects Quality/Throughput End-User services Affects Both* Configuration Affects Join/Roam Affects Both* WLC Capacity WAN QoS, Routing,... Authentication RF Noise/Interf. Affects Join/Roam Addressing CUCM ISE WAN DHCP Mobile clients APs Office site Local WLCs Network services DC Cisco Prime * Both = Join/roam and quality/throughput

Generating Value in the Data Economy Different entities generate data relevant to their operation. How fast do we need access to the data and which data? Proactive Correlation & Deep Learning needs larger time windows Which data points to pick to get the most accurate analytics? AP / Switch / Router / End Point Thresholds/Pull/Push Netflow/SNMP/Syslog/Stream Telemetry Topology/Location/Device Type/Timing Variety Velocity Volume Veracity

Analytics: Korrelation von Context- Informationen Netflow Group: Marketing User: George Baker AVC Access: Applications DDI ISE Topology DNA-C Stream Proces sing Owns: endclient s Source IP: 1.1.1.2? Dest Port: 80 Dest Port: 80 Dest IP: 2.2.2.2? Location Device Building 24 1 st Floor? Connect: Devices Dest IP: 3.2.2.2

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback