BRKACI-2403 Introducing Cisco Network Assurance Engine Intent Based Networking for Data Centers Sundar Iyer, Distinguished Engineer Head Cisco Network Assurance Engine Team Dhruv Jain, Director of Product Marketing Data Center Switching Business Unit
Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#brkaci-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Assurance Engine (Candid) @ Cisco Live Why Continuous Assurance Will Transform Data Center Networks Making Predictive Operations in Data Center Networks a Reality Increase Operational Agility & SLAs in Modern ACI Data Centers Implementing Network Assurance in ACI Environments Tuesday, Jan 30 11:15 am to 12:45 pm [BRKACI-2403] Wednesday, Jan 31 st 1:15 pm to 2:15 pm [PSODCT-4590] Wednesday, Jan 31 st 5 pm to 5:45 pm [DEVNET-1699] Walk-in Lab 9am-7pm [LABACI-2030] BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Problem: DC Paradigms Are Fundamentally Reactive Intent Frequently Breaks We Always React Leaving Us With Operational Security Compliance Change Troubleshoot Scramble to fix it Fail audits Undo changes An Inability to Assure Intent Proactively BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
... Creating a Major Assurance Gap Intent Controllers How can I have confidence that I haven t made an error? Infrastructure How do I easily understand the state of my entire infrastructure? VM How do I rapidly analyze the network to identify issues? BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Intent Assurance The guarantee that the infrastructure is doing what you intended it to do Intent Encompasses Data Center Operations Configs, Changes, Routing, VMs, Security, Compliance, Audits BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Introducing Cisco Network Assurance Engine Based on mathematical models of the network Continuously verifies and validates the entire network Delivers the confidence that the network is operating correctly Comprehensive, Intelligent, Continuous BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Use Case & Benefits Achieving Higher Operational Maturity, Faster PREDICT THE IMPACT OF CHANGES Drive change agility Minimize human errors and eliminate configuration drift Accelerate migrations PROACTIVELY VERIFY NETWORK-WIDE BEHAVIOR Ensure connectivity Proactively eliminate potential network outages or vulnerabilities Enhance SLAs ASSURE NETWORK SECURITY POLICY AND COMPLIANCE Reduce security risk Achieve provable compliance by design, continuously BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Cisco Network Assurance Engine: How It Works Data Collection Captures all non-packet data: intent, policy, state across data center network Comprehensive Network Modeling Mathematically accurate models spanning underlay, overlay and virtualization layers Intelligent Analysis 5000+ domain knowledge-based error scenarios built-in, codified remediation steps BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Stories from Customer Trials PREDICT THE IMPACT OF CHANGES PROACTIVELY VERIFY NETWORK-WIDE BEHAVIOR ASSURE NETWORK SECURITY POLICY AND COMPLIANCE Challenge Mainframe misconfiguration in DR site Potential Impact Mainframe cluster inaccessible in case of fail-over event Benefit Identify latent misconfigurations before outages happen Avoid $$ in lost revenue Challenge Overlapping subnets due to routes leaked across VRFs Potential Impact Connectivity loss for Skype VoIP and Video users Benefit Continuous & proactive networkwide dynamic state analysis Save days in downtime Challenge TCAM utilization hitting capacity, inefficient security policy definitions Potential Impact Degraded security posture & inability to deploy policies Benefit Identified 17,000 unused policies Surfaced opportunity for 20-70% TCAM optimization BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
User Interface: Centered Around Smart Events Change Management Compliance and Visualization Incidence and Problem Management Smart Events: What, Where, Why, and How BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Demo: Network Security Policy Assurance 1. Use Case: Visualization, Search, Filters (Radial View, Green Arc) 2. Use Case: Compliance: Isolation (Disjointed Arcs) 3. Use Case: Incident Management: (Needle in the Haystack Red Arc) 4. Smart Events: with Human Readable Next Steps
Assure Network Security Policies & Compliance BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Core Technology Idea Every device performs a mathematical transformation on a packet Header 0110101 Data Header 1000101 Data Spine Leaf1 Leaf2 FW We Can Build Comprehensive Mathematical Models of Network Behavior BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
What can a Model Answer? Example : Tenant Security Policies, TCAM Rules Questions You Can Ask Who all can EPG-A talk to? d x1 x2 x2 x3 x3 0 1 Can EPG-A talk to EPG-B? Are any policies conflicting? Are policies aliased? Did upgrade to a new version change my existing security policy enforcement? Reduced Order Binary Decision Diagrams Are the configured policies compliant? Which exact policy is violated? Analyze millions of policies, answer questions in real-time BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Demo: Network Assurance Engine Comprehensive Intelligent Continuous
User Interface: Centered Around Smart Events Change Management Compliance and Visualization Incidence and Problem Management Smart Events: What, Where, Why, and How BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
User Interface: Dashboard with Smart Events 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
User Interface: Dashboard with Smart Events 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
User Interface: Dashboard with Smart Events 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
User Interface: Dashboard with Smart Events 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
User Interface: Dashboard with Smart Events 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
User Interface: Dashboard with Smart Events 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Transforming Change Management with NAE BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
De-Risk Changes, Increase Change Agility Automated Gold Standard Make Changes in Test Env. Verify Instantly with Candid Present Report to CAB Faster Approval Cycles Make Changes in Production Verify Instantly with Candid Shrink Change Windows Multiple Changes, Long Windows Dramatically Reduce # of Changes Reqd. Reduce Risk of Outage ROADMAP Long CAB Model Changes Approval Process in Candid Analyze Configs, Verify in Candid Push Changes to Production Faster, Confident Change Cycles Drastically Reduce Outages BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Tenant End-point Assurance Analyze Static configurations of VLANs, IPs, MACs.. Dynamic EP Learning, Mobility, EP Connectivity, Communication Common issues found Duplicate IPs: human error, NIC teaming, migrations, DHCP errors EPs deployed against leafs without BD subnet EP table consistency across fabric BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Tenant Forwarding Assurance BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Network Audit Trail with Candid Timeline DVR for Network State, Connectivity, Issues BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
What Makes Us Different? Comprehensive Intelligent Continuous Capture, analyze and correlate entire network state: switch configurations + hardware data-plane state 5000+ built-in failure scenarios, powering Smart Events with remediation steps Runs Continuously Near real-time: collection, modeling, analysis BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Early Customers: Impact & Feedback 40+ Customer Fabrics Analyzed The User Interface is professional and easy to use. 1500+ Critical / Major Issues Found The ease of getting started is pretty fantastic. 35+ Potential Outages Detected Proactively quickly pointed out things we should resolve. very impressed... BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Available Now Available 2018 Vision : Assurance Everywhere Cross Platform, Multi-cloud Cross-platform Network Integration Firewall Virtual Machine Manager Integration with Operations Toolchains Under Certification ACI Data Center Fabric BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Cisco Network Assurance Engine Deployment Model No sensors Read only credentials Time to Value 30 mins to deploy 60 mins to value Form Factors Software only OVA Lightweight: 3 VMs (v1.0) Available Now 30 Day Free Trial Subscription Licensing BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Intent-Based Data Center Intent Policy Policy Network Assurance Engine Tetration Assurance Configuration Analysis Very Large State-Space Guarantees Compliance Consistency ADM Monitoring Forensics Analytics Traffic Analysis Lots of Data BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Thank you
Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#brkaci-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tetration Hands-on Lab from Deployment to Operations [LTRACI-2184] Whitelist policy and security enforcement through Tetration Analytics [LABACI-2020] An Introduction to Tetration and Policy Deployment [LABDCN-1206] Tech Circle Meet the Engineer 1:1 meetings Related sessions BRKACI-2403 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Thank you