introducing cisco network - clnv.s3.amazonaws.com · cs.co/ciscolivebot#brkaci-2403 ... network...
TRANSCRIPT
Introducing Cisco Network Assurance Engine
Sundar Iyer, Distinguished Engineer Head Cisco Network Assurance Engine Team
Dhruv Jain, Director of Product Marketing Data Center Switching Business Unit
BRKACI-2403
Intent Based Networking for Data Centers
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to communicate with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#BRKACI-2403
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Assurance Engine (Candid) @ Cisco Live
Why
Continuous
Assurance Will
Transform
Data Center
Networks
Tuesday, Jan 30
11:15 am to 12:45 pm
[BRKACI-2403]
Making
Predictive
Operations in
Data Center
Networks a
Reality
Wednesday, Jan 31st
1:15 pm to 2:15 pm
[PSODCT-4590]
Increase
Operational
Agility & SLAs
in Modern
ACI Data
Centers
Implementing
Network
Assurance
in
ACI
Environments
Wednesday, Jan 31st
5 pm to 5:45 pm
[DEVNET-1699]
Walk-in Lab
9am-7pm
[LABACI-2030]
BRKACI-2403 4
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2403
Problem: DC Paradigms Are Fundamentally Reactive
Intent Frequently Breaks …
Operational Troubleshoot
We Always React …
An Inability to Assure Intent Proactively
Leaving Us With …
Security Scramble to fix it
Compliance Fail audits
Change Undo changes
5
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2403
... Creating a Major Assurance Gap
VM
Controllers How can I have confidence that I
haven’t made an error?
How do I rapidly analyze the
network to identify issues?
How do I easily understand the
state of my entire infrastructure?
Intent
Infrastructure
6
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2403
Intent Assurance
The guarantee that the
infrastructure is doing what
you intended it to do
Intent Encompasses Data Center Operations
Configs, Changes, Routing, VMs, Security, … Compliance, Audits
7
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2403
Introducing Cisco Network Assurance Engine
Comprehensive, Intelligent, Continuous
Based on mathematical models
of the network
Continuously verifies and validates
the entire network
Delivers the confidence that
the network is operating correctly
8
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Drive change agility
• Minimize human errors and eliminate configuration drift
• Accelerate migrations
PREDICT THE IMPACT OF CHANGES
• Ensure connectivity
• Proactively eliminate potential network outages or vulnerabilities
• Enhance SLAs
PROACTIVELY VERIFY NETWORK-WIDE BEHAVIOR
• Reduce security risk
• Achieve provable compliance by design, continuously
ASSURE NETWORK SECURITY POLICY AND COMPLIANCE
Use Case & BenefitsAchieving Higher Operational Maturity, Faster
BRKACI-2403 9
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Comprehensive Network
Modeling
Mathematically accurate models
spanning underlay, overlay and
virtualization layers
5000+ domain knowledge-based
error scenarios built-in, codified
remediation steps
Data Collection
Captures all non-packet data:
intent, policy, state across
data center network
Intelligent Analysis
Cisco Network Assurance Engine: How It Works
BRKACI-2403 10
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
PREDICT THE IMPACT OF CHANGES
Challenge
• Mainframe misconfiguration
in DR site
Potential Impact
• Mainframe cluster inaccessible
in case of fail-over event
Benefit
• Identify latent misconfigurations
before outages happen
• Avoid $$ in lost revenue
PROACTIVELY VERIFY NETWORK-WIDE BEHAVIOR
Challenge
• Overlapping subnets due to
routes leaked across VRFs
Potential Impact
• Connectivity loss for Skype VoIP
and Video users
Benefit
• Continuous & proactive network-
wide dynamic state analysis
• Save days in downtime
ASSURE NETWORK SECURITY POLICY AND COMPLIANCE
Challenge
• TCAM utilization hitting capacity,
inefficient security policy
definitions
Potential Impact
• Degraded security posture &
inability to deploy policies
Benefit
• Identified 17,000 unused policies
• Surfaced opportunity for 20-70%
TCAM optimization
Stories from Customer Trials
BRKACI-2403 11
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Change
Management
Compliance and
Visualization
Incidence and
Problem Management
User Interface: Centered Around “Smart Events”
Smart Events: What, Where, Why, and How
BRKACI-2403 12
Demo: Network Security Policy Assurance
1. Use Case: Visualization, Search, Filters (Radial View, Green Arc)
2. Use Case: Compliance: Isolation (Disjointed Arcs)
3. Use Case: Incident Management: (Needle in the Haystack” – Red Arc)
4. Smart Events: with Human Readable Next Steps
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Assure Network Security Policies & Compliance
BRKACI-2403 14
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
IdeaEvery device performs a mathematical
transformation on a packet
Leaf1
Spine
Leaf2
Header Data
0110101Header Data
1000101
FW
We Can Build Comprehensive Mathematical Models of Network Behavior
Core Technology
BRKACI-2403 15
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Policies, TCAM Rules
x1
x2 x2
x3 x3
0 1
d
Reduced Order
Binary Decision Diagrams
Questions You Can Ask
• Who all can EPG-A talk to?
• Can EPG-A talk to EPG-B?
• Are any policies conflicting?
• Are policies aliased?
• Did upgrade to a new version change my
existing security policy enforcement?
• Are the configured policies compliant?
• Which exact policy is violated ?
Analyze millions of policies, answer questions in real-time
What can a Model Answer?Example : Tenant Security
BRKACI-2403 16
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Change
Management
Compliance and
Visualization
Incidence and
Problem Management
User Interface: Centered Around “Smart Events”
Smart Events: What, Where, Why, and How
BRKACI-2403 18
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Interface: Dashboard with “Smart Events”
19
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Interface: Dashboard with “Smart Events”
20
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Interface: Dashboard with “Smart Events”
21
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Interface: Dashboard with “Smart Events”
22
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Interface: Dashboard with “Smart Events”
23
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
User Interface: Dashboard with “Smart Events”
24
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Transforming Change Management with NAE
BRKACI-2403 25
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automated Gold Standard
Faster Approval Cycles
Dramatically Reduce #
of Changes Reqd.
Reduce Risk of Outage
Faster, Confident
Change Cycles
Drastically Reduce Outages
ROADMAP
Make Changes
in Test Env.
Verify Instantly
with Candid
Present Report
to CAB
Make Changes
in ProductionVerify Instantly
with Candid
Model Changes
in Candid
Multiple Changes,
Long WindowsShrink Change
Windows
Long CAB
Approval Process
Analyze Configs,
Verify in CandidPush Changes
to Production
De-Risk Changes, Increase Change Agility
BRKACI-2403 26
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Analyze • Static configurations of VLANs, IPs, MACs ..
• Dynamic EP Learning, Mobility, …
• EP Connectivity, Communication …
• Common issues found• Duplicate IPs: human error, NIC teaming, migrations, …
• DHCP errors
• EPs deployed against leafs without BD subnet
• EP table consistency across fabric …
Tenant End-point Assurance
BRKACI-2403 27
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Tenant Forwarding Assurance
BRKACI-2403 28
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Audit Trail with Candid TimelineDVR for Network State, Connectivity, Issues
BRKACI-2403 29
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Comprehensive
Capture, analyze and correlate
entire network state: switch
configurations + hardware
data-plane state
Intelligent
5000+ built-in failure
scenarios, powering
Smart Events with
remediation steps
Continuous
Runs Continuously
Near real-time: collection,
modeling, analysis
What Makes Us Different?
BRKACI-2403 30
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Customer Fabrics
Analyzed
Critical / Major
Issues Found
Potential Outages
Detected Proactively
40+
1500+
35+
“ The User Interface is
professional and easy to use.”
“The ease of getting started is pretty
fantastic.”
“…quickly pointed out things we
should resolve. …very impressed...”
Early Customers: Impact & Feedback
BRKACI-2403 31
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Availa
ble
Now ACI Data Center
Fabric
Availa
ble
20
18
Cross-platform
Network Integration Firewall
VirtualMachine Manager
Vision : Assurance EverywhereCross Platform, Multi-cloud
Integration with
Operations Toolchains Under Certification
BRKACI-2403 32
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Network Assurance Engine
Deployment Model
No sensors
Read only credentials
Time to Value
30 mins to deploy
60 mins to value
Form Factors
Software only OVA
Lightweight: 3 VMs (v1.0)
Available Now 30 Day Free Trial Subscription Licensing
BRKACI-2403 33
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intent
Assurance
Configuration Analysis
“Very Large State-Space”
Analytics
Traffic Analysis
“Lots of Data”
Guarantees
Compliance
Consistency
Policy
ADM
Monitoring
Forensics
Tetration
Network
Assurance Engine
Intent-Based Data Center
Policy
BRKACI-2403 34
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to communicate with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#BRKACI-2403
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Please complete your Online Session Evaluations after each session
• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt
• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.
Complete Your Online Session Evaluation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs• Tetration Hands-on Lab from Deployment to Operations [LTRACI-2184]
• Whitelist policy and security enforcement through Tetration Analytics [LABACI-2020]
• An Introduction to Tetration and Policy Deployment [LABDCN-1206]
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
BRKACI-2403 48