cisco network assurance - clnv.s3.amazonaws.com · cs.co/ciscolivebot#psodct-4590 ... candid and...

Cisco Network Assurance EngineThe Power to Predict

Navneet Yadav

Head of Marketing, Network Assurance Engine Team

PSODCT-4590

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#PSODCT-4590


Network Assurance Engine (Candid) @ Cisco Live

Why

Continuous

Assurance Will

Transform

Data Center

Networks

Tuesday, Jan 30

11:15 am to 12:45 pm

[BRKACI-2403]

Making

Predictive

Operations in

Data Center

Networks a

Reality

Wednesday, Jan 31st

1:15 pm to 2:15 pm

[PSODCT-4590]

Increase

Operational

Agility & SLAs

in Modern

ACI Data

Centers

Implementing

Network

Assurance

in

ACI

Environments

Wednesday, Jan 31st

5 pm to 5:45 pm

[DEVNET-1699]

Walk-in Lab

9am-7pm

[LABACI-2030]

PSODCT-4590 4


Networks Are Getting More Complex to Meet New Business Needs

Business Need

Agility SDN Abstractions & Orchestration

Network Evolution

Efficiency L3 Overlay Fabrics

DevOps Model Programmability & APIs

Workload Mobility Dynamic Endpoint Learning

Zero Trust Security Whitelist Model

PSODCT-4590 5


While Still Trying to Satisfy Old Needs ...

Business Need

Security & Compliance Segmentation, ACLs

Existing Network Solution

Security & Compliance Firewalls & Service Insertion

Application Delivery ADCs & Service Insertion

Prioritization QoS

Resiliency High Availability

PSODCT-4590 6


And It’s Architecturally Continuing to Evolve…

SDN

Software Defined

Traditional

Manual

IBNSIntent Based

2012-2013 Early 20172000s

Congratulations !

We have become Software Engineers!

PSODCT-4590 7


We have make changes in live production

without causing

application outages, security risk &

compliance violations

But We’ve Been Set Unfair Standards

Why is this Unfair? …


The network has become more complex

but the only tooling you have

is reactive, age old & rudimentary

Its Unfair Because …

Unfair Compared to What? …

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10PSODCT-4590

Lets Compare: Lifecycle of Network Operations

Change Mgmt. Tools

Reactive

Difficult to Assess Impact

50% Human Error Issues

Live Changes in

Production

Change

Control

Operations Tools

Mostly Reactive

No Root Cause/Fix

Reactive tools such as

SNMP, MIB, Network

Performance Monitoring

Monitoring

Break/Fix Tools

Reactive

No Root Cause/Fix

Reactive tools such as

Traceroute, Ping,

NetFlow, Wireshark

User

Incidents

?


In Contrast: Lifecycle of Application Operations (DevOps)

11PSODCT-4590

Change Mgmt. Tools

Highly Pro-active

Gives Root Cause/Fix

Developer SandBox

QA Testing, A/B Roll Out

Code Coverage, Memory

Profiling, IDEs, Security Analysis

Change

Control

Operations Tools

Highly Pro-active


Deep Dynamic Instrumentation

APM, Dynamic Security Analysis

Vulnerability Scanner

Monitoring

Break/Fix Tools

Pro-active & Re-active


Deep Instrumentation Memory

Dump, Easy Live Debugging

DevOps Model

User

Incidents


Proactively Reduce Human Error Impact

Proactively Reduce Dynamic Issue Impact

The Power of Formal Techniques

Application Operations Tools

use Formal Modeling

Techniques to

Predict Bad Things, Verify

Good Things, Find Bad

Behavior, Root Cause and

Suggest Fixes

Can We Implement These Ideas for Networking?


© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Idea Every device performs a mathematical

transformation on a packet

Leaf1

Spine

Leaf2

Header Data

0110101Header Data

1000101

FW

We Can Build Comprehensive Mathematical Models of Network Behavior

Mathematical Models enable Proactive Network Operations


What Network Behaviors Do We Model?

Health of

Underlay

Protocols

Behavior of

EPs & VMs

Availability of

Resources

Business

Compliance

Health of

Underlay

Protocols

Behavior of

Tenant

Network

Tenant

Security

Correctness

Of Intent

Health of

Overlay

Protocols

PSODCT-4590 14

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15PSODCT-4590

Proactive Workflows in Cisco Network Assurance Engine

Compliance

Security

Forwarding

Dynamic Issues

Change Troubleshooting

Endpoints

Optimization

Proactive NetOps Tools Built With Powerful & Precise Mathematical Models

Your Intelligent Network Assistant


Comprehensive Network

Modeling

Mathematically accurate models

spanning underlay, overlay and

virtualization layers

5000+ domain knowledge-based

error scenarios built-in, codified

remediation steps

Data Collection

Captures all non-packet data:

intent, policy, state across

data center network

Continuous Intelligent

Analysis

Cisco Network Assurance Engine: How It Works

PSODCT-4590 16


5000+behavioral aspects of the data center

network available out of the box!

PSODCT-4590 17


Change

Management

Compliance and

Visualization

Incidence and

Problem Management

Smart Events: What, Where, Why, and How to Fix

User Interface: Centered Around “Smart Events”

PSODCT-4590 18


Transforming Change Management with NAE

PSODCT-4590 19


Candid 2.0(GA) - Feature SummaryFCS: Nov’2017, GA: Feb’2018

IT Use Cases

- Change Mgmt.

- Proactive Incident &

Problem Mgmt.

- Network Search & Visibility

- Data Center Migration

- Resource Optimization

Model Based ACI Assurance

- Policy Assurance

- Forwarding Assurance

- Endpoint Assurance

- Network Security Assurance

- TCAM Optimization

Operator Ease of Use

- Playbook with Next Steps

- Codified Knowledge

- DVR Audit Trail

- Offline Analysis

- Tight ACI Integration

- Search, Sort, Visualizations

Candid and Infra Scale

- ACI based SDN Assurance

- ACI Releases 1.2 to 3.1

- Small Appliance: 50 Leafs

- Medium Appliance: 100 Leafs

- Low Footprint OVA

Use Cases Core Features Other Features Usage Specifications

PSODCT-4590 20


NAE & ACI : Working Together For You

1. Seamless deployment with ACI (no additional sensors)

2. Uses common credentials as APIC

3. RO-only user compatibility with APIC

4. Codified AS/TAC knowledge base into product

5. Enabled deep linking with APIC

6. Integrated workflows with ACI (WIP)

PSODCT-4590 21


NAE & ACI : Predictive Change Analysis (Roadmap)

Change Modeling Workflow

Step 1: Model changes in a workspace

Step 2: Verify with NAE’s predictive change analysis

Step 3: Fix Issues found by NAE in the workspace

Step 4: Configure APIC from NAE

Step 5: Verify with NAE’s real-time change analysis

Repeat as

appropriate

PSODCT-4590 22


Availa

ble

Now ACI Data Center

Fabric

Availa

ble

20

18

Cross-platform

Network Integration Firewal

l

Virtual

Machine

Manager

Integration with

Operations Toolchains Under Certification

Vision : Assurance EverywhereCross Platform, Multi-cloud

PSODCT-4590 23


Cisco Network Assurance Engine

Deployment Model

No sensors

Read only credentials

Time to Value

30 mins. to deploy

60 mins. to value

Form Factors

Software only OVA

Lightweight: 3 VMs (v2.0)

Available Now 30 Day Free Trial Subscription Licensing

PSODCT-4590 24


Pay As

You Scale

Node-based licensing

Single Annual

Subscription License

Includes product

and service;

1/3/5 year options

Pricing

Contact your Account

Team !

$2018

Enterprise Application Software Category for IT Operations

Pricing & Licensing Model

PSODCT-4590 25


Two New Cisco Services Accelerate NAE Deployments

Implementation support, issue interpretation and remediation

advice, and operational impact workshop

Centralized solution-level support and services

onboarding

Cisco Implementation Services for NAE

Cisco Solution Support for NAE

Speed

Implementation &

Adoption

Maximize Value from

ACI Environments

Gain Network Insight

& AnalysisReduce Security Risk

PSODCT-4590 26


Activation

Translation

Assurance

Cisco ACI

Cisco Network

Assurance Engine

Cisco Tetration

Intent-Based Networking for the Data Center

PSODCT-4590 27


Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#PSODCT-4590


• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online.

Complete Your Online Session Evaluation

http://ciscolive.com/Online

CiscoLive.com/Online


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs• Tetration Hands-on Lab from Deployment to Operations [LTRACI-2184]

• Whitelist policy and security enforcement through Tetration Analytics [LABACI-2020]

• An Introduction to Tetration and Policy Deployment [LABDCN-1206]

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions

PSODCT-4590 30

Thank you

cisco network assurance - clnv.s3.amazonaws.com · cs.co/ciscolivebot#psodct-4590 ... candid and...

Documents