cisco digital network architecture - csloxinfo digital... · cisco digital network architecture:...
Post on 20-May-2020
37 Views
Preview:
TRANSCRIPT
Cisco Digital Network Architecture:Enabling Enterprise Networks for the Digitalized Business
Therdtoon THEERASASANA
ttheera@cisco.com
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
…And Creating New Priorities for Digital Organization
Transform Processesand Business Models
Innovations
Faster Time to Market
Empower Workforce Efficiency and Innovation
Increased Productivity
Better Retention
Personalize Customer/Citizen Experience
Increased Loyalty
Greater Insight
IoTMobility Analytics CloudMobile traffic will exceed
wired traffic by 2017
IoT devices will triple
by 2020
75% of companies planning
to or investing in big data
80% of organizations will
primarily use SaaS by 2018
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
UPS My Choice
Delivery Control
Personalized Service
Customer Experience
Physical and Virtual
RFID Content
Workforce Efficiency
WIP Inventory and
Part Tracking
American Express
Personalized Service
Through Mobile
Starbucks Apps
Order Ahead
Skip the Line
3
Digital Transformation is Moving IT to the Boardroom
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Unlock the Power that Exists in the Network through
Abstraction, Automation, and Policy Enforcement
Cisco’s Enterprise Strategy
Leverage the Power of Existing
Distributed Systems
Enable Network Wide Fidelity to an Expressed
Intent (Policy)
4
Evolution of the Enterprise Network
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Insights &Experiences
Drive Business
Innovations
Security & Compliance
Real-time and Dynamic
Threat Defense
Automation& Assurance
Speed, Simplicity
& Visibility
The Network Enables Digital Business
Network Requirements for the Digital Organization
5Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 6TECCRS-2700
Insights &Experiences
Security & Compliance
Automation& Assurance
Drive Business
Innovations
Real-time and Dynamic
Threat Defense
Speed, Simplicity
& Visibility
• Visibility into Users behavior, Applications,
Network performances
• Customer has the elements to make
decision faster
Abstraction layer
• Abstraction, Intent, Policy Automation
• Verification of Desired Result Assurance
Wi-Fi Core WAN Cloud
APIC EM
Using the Network as a Sensor for
security threats and then Enforce
Compliancy through Segmentation
Network Requirements for the Digital Organization
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7TECCRS-2700
City OperationsBusiness OperationsCustomer ExperienceWorkforce Experience
• Digital Workforce
• Personalized Workspaces
• Effective Collaboration
• Omnichannel Experience
• Enhanced Points of Service
• Personalized Customer
Experiences
• Business Insights
• Asset Management
• Facility Management
• Citizen and visitor services
• Safety and security
• Ruggedized infrastructure
New Business Capabilities Built on the Network as a Platform
The Network Enables New Experiences
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Open
APIs
Network
Function
Virtualization
Policy
Cloud
Analytics
Controllers
Overlays
Open
Flow
Open
Compute
Standards
How do I delivernew applications?
How do I improve security?
How do I achieve speed & simplicity?
How do I learnnew software skills?
Model
Driven
Cisco Digital Network ArchitectureOpen | Extensible | Software-driven
How does thiscome together?
Evolution of Networking Software
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation
Abstraction & Policy Control
from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Insights &
Experiences
Automation
& Assurance
Security &
Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
9
Cisco Digital Network Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Cisco Digital Network Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation
Abstraction & Policy Control
from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Insights &
Experiences
Automation
& Assurance
Security &
Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Hosting and Hosted Networking Functions
Subtitle
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
vBranch
IP
NFVIS
WAAS
IPS
vSwitch
vBranch
IP
NFVOS
WAAS
IPS
vSwitch
Network Interface (UNI)
PEP: Policy Enforcement Point
VirtualizationPhysical & Virtual Infrastructure | App
Hosting
VPCEnterprise Fabric
Encryption
Encryption
Encryption
PEP
Public
Cloud
VPC
WAN Agg
Apps
Apps
WAAS
IPS
WAAS
IPS
UNI
AWS
VPC
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Software Control: Enterprise NfV
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco’s approach to network functions
virtualization (NFV) delivers the elasticity
to invoke innovative capabilities in an
optimal way – whenever, wherever, and
with whatever capacity they are required.
Deploy Validated
Designs in Minutes
“
”
Cisco ONE Foundation
March 2016Controlled Availability:
General Availability
in Cisco ONE June 2016
New!
Full Software Stack to Increase Branch Agility
Central Orchestration ManagementSDN: APIC-EM with Enterprise Service Automation
Freedom of ChoiceHardware: Cisco UCS® E- and C-Series | COTS
Software Intelligence over Hardware
Virtualization Layer: NFV Infrastructure Software
Consistent, trusted network
servicesVirtual Network Functions (VNFs): Cisco® and
Third Party
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Advanced, Multi-Core, Feature-Rich Routing Silicon
QFPQuantumFlow Processor
Fully Programmable: leveraging the many features of IOS-XE with hardware performance
Scalable: Massive number of CPU cores (40/64), abilityto cascade multiple QFPs = consistent high performance
Advanced on-chip QoS: 100,000+ hardware-based queues, sophisticated traffic shaping and control
Secure: linkage to high-performance crypto capability for secure WAN transport
Extensible Architecture:ability to scale both up and down—the foundation for a long-lived family of high-performance, flexible routing silicon
UADPUnified Access Data Plane
Flexible, Programmable, High-Performance Switching Silicon
Fully Programmable:excellent flexibility, ability to handlenew encaps (VXLAN, GPE, etc.)—hardware speed, software elasticity
Scalable: Massive recirculation bandwidth and low recirculation latency provide excellent tunneling and services support for traffic flows
Advanced on-chip QoS:client–level granularity, sophisticated bandwidth shaping, with integrated on-chip NetFlow for visibility
Secure: integrated on-chip support for MACsec encryption (AES-128, CBC)
Extensible Architecture:ability to scale both up and down—the foundation for a long-lived family of high-performance, flexible switching silicon
VirtualizationPhysical & Virtual Infrastructure | App
Hosting
“People that are really serious about software should build their own hardware”100% Cisco-developed programmable silicon: unlocking the power of DNA at hardware speeds
Operational and Services Uniformity: Routing, Switching, and Wireless consistency
New Foundational Capabilities: HA and operational leadership, state decoupling, net database…
Speed of Innovation Velocity: “Code once and Re-use Many” across multiple places in the network
Foundation for Virtualization:providing for network hosting and integration of virtualized functions (VNFs, containers)
Platform for the Future:the “software stage” for the next wave of Cisco innovation…
IOS-XEThe Evolution of IOS
Taking the Proven Strengthsof IOS to the Next Level
Building on a Strong FoundationOf Hardware and Software Innovation
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Cisco Digital Network Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation
Abstraction & Policy Control
from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Insights &
Experiences
Automation
& Assurance
Security &
Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Evolution to a Policy Model
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Express Business Intent
• Translate into device specific policy/configuration
• Leverage Abstraction (the controller knows about the device specifics)
• Automate the Deployment across the Network
• Insure Fidelity to the Expressed Intent (keep everything in sync)
User policy based on user identity
and user-to-group mapping
Employee
(managed asset)
Employee
(Registered BYOD)
Employee
(Unknown BYOD)
ENG VDI System
PERMIT
PERMIT
DENY
DENY
DENY
DENY
DENY
PERMIT
PERMIT
PERMIT
PERMIT
PERMIT
Production Servers Development Servers Internet Access
Protected Assets
So
urc
e
De-coupling of
User Identity and Topology
Much easier to translate business
objectives to network functionality—
Lowers TCO
Con
figu
ration
Controller-based AutomationToday
Traditional Traditional
Policy
Traditional
Policy Policy
Policy based Configuration—Dynamic, able to be automated by the Controller
Over time—Policy grows, static shrinks
AutomationController-Led
Networking Deployment
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Any given “custom”
configuration has a very
high probability of not being
tested exactly as deployed
“individually—as a one off…”
which introduces
potential issues…
Risk BugsUncertainty Problems
Combinatorial Issues…
Trust
AutomationController-Led Networking Deployment
The automated configuration deployed by the controller will have gone through…
• Joint development by the Cisco Product Teams, the Architects developing
Best Practices, and the Controller Team—“Blessed Configurations”
• Testing by Cisco’s Solution, System, and Devtest teams
against the deployment use cases developed jointly, above
• And will be deployed by 1000’s, with any unforeseen situations
addressed ASAP due to widespread and standardized deployment
Greatly increasedprobability of success
Controller-Led NetworkingBridging the Gap to Increased Success in Network Deployment and Use
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Deploy, Report, Measure, Adjust, Repeat
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Analytics
Instrumentation Telemetry Correlation
Measure and Adjust
Click here to Correct
Always Correct this way
(and never ask me again)
Applications
Automated Deployment
Network
Endpoints
Run Reports
Discover user insights
Deliver relevant content
APIC EM
AnalyticsNetwork Data, Contextual
Insights
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Cisco Digital Network Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation
Abstraction & Policy Control
from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Insights &
Experiences
Automation
& Assurance
Security &
Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Cloud-Enabled Networking
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Plug & Play
CMX
Business
Analysis
Branch TeleworkerCampus/HQ
• Telemetry
• Continuous Innovation
• Cloud Enabled Audits
Cloud ConnectedSimplicity | Speed
Branch
TeleworkerCampus/HQ
Hybrid Cloud
AWS | Rackspace| Azure|
Cisco Intercloud
CSR1000V
VPC/ vDC
vASA
FTDv
StrataWatch
WAN
Cloud DeliveredInnovation | Insights
Cloud EdgeIaaS Scale | Flexibility
Branch TeleworkerCampus/HQ
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation
Abstraction & Policy Control
from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Insights &
Experiences
Automation
& Assurance
Security &
Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
20
Cisco Digital Network Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Configuration Management Today
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
jafrazie$ ssh admin@172.27.230.76
admin@172.27.230.76's password:
cho# conf t
Enter configuration commands, one per line. End with CNTL/Z.
cho(config)#
Task
Oriented
Human
Friendly
Easy To
Replay
No
Special
Tools
Software Unfriendly Syntax/format changesNo Common Data
ModelNo Error Reporting
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Open Device Programmability
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Other vendors…
RESTCONF NETCONF gRPC
Data Model
Configuration
StandardDevice Specific
Device Features
Interface BGP QoS ACL …
Operational
StandardDevice Specific
Open Device Programmability
Physical and Virtual Network Infrastructure
AutomateSet Get
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Embracing Tools
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
DevopsOrchestration
Automation
tcollector
Monitoring/ Analytics
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Cisco Digital Network Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation
Abstraction & Policy Control
from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Insights &
Experiences
Automation
& Assurance
Security &
Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Digital Network Architecture – Vision
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
APIs
APIs
WAN VNFs Campus VNFs DC VNFs Cloud VNFs
UNI UNI
IntentTelemetry
Service Definition & Orchestration
Enterprise Controller
(Policy Determination)
Cloud
Data Center
Internet
PEPCampus
Int. Acc
PEP
PEP
PEP
PEP
PEP
PEP
PEP
WAN / Branch
PEPPEP Apps
Apps
Apps
SP
WAN AggBranch
Branch
Network Interface (UNI)
PEP: Policy Enforcement Point
Cloud Service ManagementPolicy | Orchestration
Enterprise Fabric
Network Function Virtualization
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Common Policy and Orchestration – Vision
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
APIs
APIs
WAN VNFs Campus VNFs DC VNFs Cloud VNFs
UNI UNI
IntentTelemetry
Service Definition & Orchestration
Enterprise Controller
(Policy Determination)
Cloud
Data Center
Internet
PEPCampus
Int. Acc
PEP
PEP
PEP
PEP
PEP
PEP
PEP
WAN / Branch
PEPPEP Apps
Apps
Apps
SP
WAN AggBranch
Branch
Network Interface (UNI)
PEP: Policy Enforcement Point
Network Enabled
Applications
Enterprise Fabric
Network Function Virtualization
GUI
Prescriptive
Customized
Model-based
Topology
Easy QoS Plug & Play
Path
Optimization
Service
Instantiation
Analytics
Segmentation 1
Segmentation 2
Segmentation 3
Localized or
network-wide
Service Chaining
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation
Abstraction & Policy Control
from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Insights &
Experiences
Automation
& Assurance
Security &
Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
27
Cisco Digital Network Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 27Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation
Abstraction & Policy Control
from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Network-enabled Applications
Cloud-enabled | Software-delivered
New!
Enterprise NFV
Branch Service VirtualizationControlled Availability, March 2016
New!
New!
Available on DNA-Ready Infrastructure through Cisco ONE Software
APIC-EM Automation Platform
Completely New PlatformAvailable Now
Base Automation: Plug and PlayAvailable Now
Cloud version Controlled Availability, May 2016
Policy Services: IWAN App & EasyQoSAvailable Now | March 2016, respectively
CMX Cloud
Presence Analytics and ConnectAvailable Now in US, April 2016 for ROW
What’s New: Cisco DNA Additions
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automation: Cisco APIC-EM PlatformIndustry-Leading Network Controller
Complete Lifecycle | Consistent End to End
“Unlike other SDN solutions, APIC-EM can be
deployed on our existing infrastructure so we can
move quickly with minimum risk and maximum
investment protection.
CJ Singh, Chief Technology Officer
Backcountry.com
”
Open and
Extensible
Enterprise Scale
and Resiliency
Automation and
Services
“The inherent programmability of Cisco APIC-EM
allows us to drive innovation and improve on user
experience on a world-class infrastructure. It is a
solid foundation to embark on a journey to SDN.
Raj Gulani, Director Product Management
Citrix
”Open
APIs
Group-based
Policy
Clustering
Technology
Cloud Connected
Telemetry
Complete
Abstraction
Cisco APIC-EM
1000sOf DevNet
Developers
160+Customers
Deployments
running up to
4000 devices
Customer MomentumIOS ASIC
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Automation: Plug and Play
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ONE
Foundation
PnP Available Now
PnP Cloud May 2016 (controlled availability)
Lower deployment costs
79%
”
Plug and play means no more IT
engineers in the field – faster time to
market and dramatically lowered costs.
“
New!
Eliminates
Staging Truck Roll
Cloud-Based Plug and Play
Plug in and
Cloud Provision
Order Controller-Based
Management
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Plug & Play
Enterprise-wide scale
Automated workflow
79% lower deployment costs
Pre-provision1 Discovery2 Secure Deployment3
Discovery1 Un-claimed Devices2 Secure Deployment3
Network PnP app pre-provisioned
with device SR number
Configure device discovery
• DHCP Option-43 or DNS
• Installer powers on devices
• Devices download image and
configuration
• Installer powers on devices
• Devices securely connect
to APIC-EM server, waiting
to be ‘claimed’
• Network admin claims devices
based on device information
• Device downloads image
and configuration
Configure device discovery
• DHCP Option-43 or DNS
Network PnP app on APIC-EM
AdminEM
DHCPServer
DNSServer
OR
PnP-Agent PnP-Agent
EM
Device Authentication
Download Image and Configure
Installer
Network PnP app on APIC-EM
AdminEM
DHCPServer
DNSServer
OR
PnP-Agent PnP-Agent
EM
Device Authentication
Download Image and Configure
Installer
PnP: Pre-provisioning and Discover Workflows
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Policy Service: IWAN Automation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Optimal Branch Experience Made Easy
Faster deployments85%
”
IWAN automation eliminates tedious
configuration tasks for advanced networking
features. I can configure IWAN with just 10 GUI
clicks.
“IWAN Momentum
Cisco ONE
Foundation
Available Now
Intelligent Path Control
Highly Secure Connectivity
Application Optimization
Transport-Independent
Zero-TouchRollout
Set Application Policy
Gain Visibility and Tune
Point and Click Troubleshoot
Simple Workflows
200+deployments running up to
2500 sites
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN (IWAN) Architecture
MPLS
Unified
Branch
3G/4G-LTE
Internet
PrivateCloud
VirtualPrivateCloud
PublicCloud
Application Optimization
Enhanced Application
Visibility and Performance
Secure Connectivity
Comprehensive
Threat Defense
Intelligent Path Control
Application
Aware Routing
TransportIndependence
Simplified
Hybrid WAN
Management Automation
33Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN Deployment Models
Dual MPLS
Internet
Highest SLA guarantees
– Centralized Internet Access
– Expensive
Public
MPLS
Branch
MPLS
More BW for key applications
Balanced SLA guarantees
– Moderately priced
PublicEnterprise
Branch
MPLS+
Internet
Consistent VPN Overlay Enables Security Across Transition
Best price/performance
Most flexibility
– Enterprise responsible for SLAs
Internet
Branch
Enterprise Public
Hybrid Dual Internet
Internet
34Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Policy Service: EasyQoS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Implements QoS in 250 ms
Enhance Collaboration Experience
300% 50%Reduction in
voice jitter
Video quality
improves
Improved Application Experience
with No Operator Intervention
”
The EasyQoS App reduces deployment times
for network-wide QoS dramatically. We can now
respond to changing application needs via
policy-based automation within minutes or even
seconds.
“
Cisco ONE
Foundation
March 2016General Availability in
Cisco ONE May 2016
New!
Select from
Predefined Policies
Automated Deployment
of QoS config
Optimized for Any
Infrastructure
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application
Class
Per-Hop
Behavior
Queuing &
Dropping
Application
Examples
VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)
Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV
Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE
Signaling CS3 BW Queue SCCP, SIP, H.323
Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Default Forwarding DF Default Queue + RED Default Class
Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live
Apply RFC 4594-based Marking / Queuing / Dropping Treatments
Irrelevant
Default
Relevant
36
What Do We Do Under-the-Hood?
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
New: APIC-EM QoS Automation with EasyQoS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Applications can ALSO interact with APIC-EM
via Northbound APIs, informing the network of
application-specific and dynamic QoS requirements
Southbound APIs translate
business-intent to
platform-specific configurations
Southbound APIs translate
business-intent to
platform-specific configurations as
they are needed
STATIC QoSDYNAMIC QoSAPIC EM
Network Operators express high-level
business-intent to APIC-EM EasyQoS
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Software Control: Enterprise NfV
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco’s approach to network functions
virtualization (NFV) delivers the elasticity
to invoke innovative capabilities in an
optimal way – whenever, wherever, and
with whatever capacity they are required.
Deploy Validated
Designs in Minutes
“
”
Cisco ONE Foundation
March 2016Controlled Availability:
General Availability
in Cisco ONE June 2016
New!
Full Software Stack to Increase Branch Agility
Central Orchestration ManagementSDN: APIC-EM with Enterprise Service Automation
Freedom of ChoiceHardware: Cisco UCS® E- and C-Series | COTS
Software Intelligence over Hardware
Virtualization Layer: NFV Infrastructure Software
Consistent, trusted network
servicesVirtual Network Functions (VNFs): Cisco® and
Third Party
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco 4000 Series ISR + Cisco UCS® E-Series
Cisco® UCS C-Series Cisco ENCS
Network Functions Virtualization Infrastructure Software (NFVIS)
Cisco Enterprise Service Automation (ESA) on APIC-EM
Introducing Cisco Enterprise NFVNetwork Services in Minutes, on Any Platform
Virtual Router
(ISRv)
Virtual Firewall
(ASAv)
Virtual WAN
Optimization
(vWAAS)
Virtual Wireless
LAN Controller
(vWLC)
Third-Party VNFs
Cisco DNA
NEW
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Customized Network Services for Your Network
APIC-EM with
Enterprise
Service
Automation
vRouter
vFirewall
vWAN optimization
vWLAN controller
Third-party services
Cisco® ISR, UCS® E-Series
Cisco UCS C-Series
x86 server
Select your
network functions1
Select your preferred
platform2
Orchestrate and
automate services3
IT Agility
Run on Any PlatformElastic Services Deploy in Minutes
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Cisco Enterprise Network Compute System (ENCS)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Cisco ENCS 5400 Series
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
ENCS541212-CoreENCS5408
8-CoreENCS54066-Core
ENCS5406 ENCS5408 ENCS5412
CPU 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz
PoE No 200W 200W
Capacity Guidance ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Digital Services: CMX Cloud
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ConnectDrag-and-drop
customizable portal on
demand
Data on Storefront
Conversion
FrictionlessGuest Onboarding
Presence
Analytics
Zone-based
location analytics
”
Customer Insights and Engagement
CMX Cloud has helped us quickly gain
business insights, so we can enhance the
shopper experience at Santana Row with
easy Wi-Fi onboarding, increased customer
data, and improved customer engagement.
“
Cisco ONE Advanced
Available now.General Availability
in Cisco ONE June 2016
New!
Cisco DNA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inside Cisco CMX Cloud
Gain Insights and
Engage Customers
SaaS consumption
No MSEhardware required
Deploy in less than 20 minutes
Subscribe to Cisco® CMX Cloud and point to wireless infrastructure1
Collect analytics on user behavior2
Set up customized captive portal for guest onboarding3
• Easy templates
• Multiple languages support
• Social logins
• Easily add logo and image
• Send relevant offers
• Capture user information
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
APIC-EM Path Trace Application
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
User Trouble Ticket IT Path Trace
NETWORK
Open
Architecture
Network,
Applications
Monitoring
Simple Workflow
BENEFITS
SDN
Easy visual discovery of trouble spots in the
communication path based on 5-tuple info
OpEx for ticket processing decreased by 98%
from 1.6 hours to 1 minute
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Path Trace App: Application Flow Visibility
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
46Cisco DNA
`
Link Source InformationStats: Device, Interface, QoS, PerfmonACL CheckCAPWAP Tunnel
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Security: StealthWatch and ISE
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
Extend Security Everywhere
Infrastructure-Enforced Policy
Network as an Enforcer:Software-defined segmentation with
TrustSec® for assurance and compliance
Network as a Sensor:Real-time situational awareness
and rapid threat detection everywhere
”
The network touches every element
of the digital enterprise – every business
process, device, customer, employee –
and therefore has the unique ability to
detect, analyze, and prevent new forms of
attack by flagging unusual network behavior.
“
Wi-Fi Core WAN Cloud
Rapid Threat Containment
Quickly detect and stop threats
Scales to handle dramatic threat increase
General Availability in
Cisco ONE
Cisco ONE
Adv. Security
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Analytic: Conversational Flow Record
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
• Highly scalable (enterprise class) collection
• High compression Long term storage• Months of data retention
When Who
Where
What
Who
Security Group
More Context
How
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
NaaS: StealthWatch Labs Intelligence Center (SLIC)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
The StealthWatch FlowCollector
collects and analyzes data from
various flow sources
Correlated flow data collected
in (1) with a global threat
feed (SLIC)
Additional threat context by
revealing what infected hosts
are doing within the network
Enrichment with Global
Threat IntelligenceCollection and Behavior Analysis Superior Threat Protection
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
How TrustSec Simplifies Network Segmentation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco DNA
Access Layer
Enterprise
Backbone
Voice
VLAN
Voice
Data
VLAN
Employee
Aggregation Layer
Supplier
Guest
VLAN
BYOD
BYOD
VLAN
Non-Compliant
Quarantine
VLAN
VLAN
Address
DHCP Scope
Redundancy
Routing
Static ACL
VACL
Security Policy based on Topology
High cost and complex maintenance
Voice
VLAN
Voice
Data
VLAN
Employee Supplier BYODNon-Compliant
Use existing topology and automate
security policy to reduce OpEx
ISE
No VLAN Change
No Topology Change
Central Policy Provisioning
Micro/Macro Segmentation
Employee Tag
Supplier Tag
Non-Compliant Tag
Access Layer
Enterprise
Backbone
DC Firewall / Switch
DC Servers
Policy
TrustSecTraditional Segmentation
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384access-list 102 permit icmp 136.237.66.158 255.255.255.255 eq 946 119.186.148.222 0.255.255.255 eq 878access-list 102 permit ip 129.100.41.114 255.255.255.255 gt 3972 47.135.28.103 0.0.0.255 eq 467
Network as an Enforcerwith TrustSec
Traditional Security Policy
TrustSec Security Policy
Security Control Automation
Simplified Access Management
Improved Security Efficacy
Network Fabric
Switch Router DC FW DC SwitchWireless
Flexible and Scalable Policy Enforcement
segmentationsoftware defined
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Minimize
Costs
IT
Priorities
Increase
ROI
Avoid
Delays
Reduce
Complexity
Mitigate
Risks
Business
Goals
Maximize
Performance
What does my business need?
How can I save time and money?
How do I ensure performance?
Cisco and our Partners can help.
Architecture
Strategy
Where Do You Start?
Thank you
top related