Innovations in Switching

1,516
-1

Published on

Learn about Cisco's latest innovations in ethernet switching. Covering Cisco's major Catalyst switching platforms, this presentation will provide you with an overview of Cisco's latest advancements in switching, and how these capabilities can be applied to solve problems in your network environments.

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,516
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Innovations in Switching

  1. 1. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11© 2012 Cisco and/or its affiliates. All rights reserved.Innovations InSwitchingBorderless Networks – Intermediate LevelDavid Jirku – Technical Solutions Architectdjirku@cisco.comToronto, CanadaMay 30, 2013Follow us on Twitter at #CiscoConnect_TO
  2. 2. © 2011 Cisco and/or its affiliates. All rights reserved. 2Cisco Connect 2© 2012 Cisco and/or its affiliates. All rights reserved.“ Come to this session to learn about Ciscos latestinnovations in Ethernet switching. Covering Ciscosmajor Catalyst switching platforms, this session willprovide you with an overview of Ciscos latestadvancements in switching, and how these capabilitiescan be applied to solve problems in your networkenvironments. Attendees at this session will learn howthey can move their networks, and organizations,forward by leveraging the newest advancements inCiscos switching portfolio. This session is targeted toNetwork Managers, Architects, and Administrators.Session Abstract“ Come to this session to learn about Ciscos latestinnovations in Ethernet switching. Covering Ciscosmajor Catalyst switching platforms, this session willprovide you with an overview of Ciscos latestadvancements in switching, and how these capabilitiescan be applied to solve problems in your networkenvironments. Attendees at this session will learn howthey can move their networks, and organizations,forward by leveraging the newest advancements inCiscos switching portfolio. This session is targeted toNetwork Managers, Architects, and Administrators.
  3. 3. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 3Cisco Innovation StrategyFrom Pioneering Pre-Standard Innovations to Driving Industry Standards1995 19971990 1994 1996 1998 2008 20092002 2010 20111999NetFlow CDPISL Etherchannel/PAgPUplinkfastHSRPTag SwitchingMISTPVSANsLossless10GbEFCOEVN-LinkFEX-LinkFabricPathOverlay TransportVirtualization (OTV)Locator/ID SeparatorProtocol (LISP)Adapter FEXInline Power2004IETFIPFix2005IEEELLDP1999IEEE802.1q2000IEEELACP/802.3ad2001IEEE802.1w1999IETFVRRP2001MPLS2001IEEE802.1s2004ANSIT112010IEEE802.1Qbb2009ANSIT112010IEEE802.1Qbh2009IEEE802.1qbgIETFTRILLIETFeVPNIETFLISPIEEE802.1BR2000IEEE802.3af PoE2004IEEE802.3at PoE+IEEEUPOECisco is committed to Innovation and bringing Cutting-Edge Standards-based Technologies to MarketCisco InnovationsResulting StandardsOn Average, Cisco innovations are 3-5YEARS ahead of standardsIntegration into ASIC and Hardware/Software takes an additional 18 – 24months
  4. 4. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 4© 2012 Cisco and/or its affiliates. All rights reserved. 4•  3rd in total revenue for all Cisco global sales operations;21th in global GDP•  Approximately 1,400 employees nationwide•  Approximately half of Cisco Canadian staff committed toR&D•  Canada’s primary R&D centre located in Kanata, ON!  400 employees develop some of Cisco’s mostinnovative technologies!  Cisco R&D investment in Kanata facility isapproximately $100M annually!  $25 Million committed by the Ontario Governmentover three to create 300 jobs in R&D!  Total Cisco investment : $455 million over 5 years•  Scientific Atlanta R&D operations in Vancouver andToronto – 200 employeesInvesting inInnovation &Canada
  5. 5. Cisco Confidential 5© 2010 Cisco and/or its affiliates. All rights reserved.SecurityAccelerating Cyber ThreatsCost ControlTCO, Operational EfficiencyIT EffectivenessService and NetworkManagementMOBILITYBYODIMMERSIVECOLLABORATIONPervasive VideoCLOUDSaaS | DC/V
  6. 6. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 6DistributionAccessCoreSecuring the Campus InfrastructureWhere to Apply Security PoliciesContext-BasedControlMACsecRouted ACLSecurity Group ACL (SGACL)MACsecRouted and VLAN ACLSecurity Group TagSecurity Group ACLDevice SensorPort and VLAN ACLSecurity Group TagSecurity Group ACL802.1X Innovations:Low Impact: Monitor ModeFlexible AuthenticationSegmentationEasy Virtual Network (EVN)VRF-LiteMPLS VPNEasy Virtual Network (EVN)VRF-LiteMPLS VPNASA-SM ContextsEasy Virtual Network (EVN)VRF-LiteSecure Group Access/SGTProtect NetworkInfrastructureTrustSec NDACHardware CoPPFlexible NetFlowCISTIPv6 First-Hop SecurityTrustSec NDACHardware CoPPFlexible NetFlowFlexible NetFlowIPv6 First-Hop SecurityTrustSec NDACHardware CoPPASA-SM, NAM-3
  7. 7. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 7DistributionAccessCoreCost Control: Operational EfficiencyWhere to Application Visibility and Control FeaturesAssessmentEnhanced Object TrackingIP SLAEnhanced Object TrackingIP SLAClean AirBuilt-in Traffic SimulatorApp Visibility and ControlFlexible NetFlowMicroflow PolicingQoSFlexible NetFlowMicroflow PolicingAVC in WiSM-2QoSFlexible NetFlowMedia Service ProxyDevice SensorMonitoring /TroubleshootingPerformance MonitorMediatraceMini-Protocol AnalyzerPerformance MonitorMediatraceWiresharkDevice SensorSPAN / RSPAN / ERSPANPerformance MonitorMediatraceMini-Protocol AnalyzerNAM-3SPAN / RSPAN / ERSPANWireless Controller AVC
  8. 8. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 8DistributionAccessCoreIT Effectiveness: Service & Network ManagementWhere to Deploy Smart Operations FeaturesTroubleshootingDeployingAutoQoSEEMMedianet 2.2AutoQoSEEMMedianet 2.2MonitoringMini-Protocol AnalyzerGOLDEEMTDRMini-Protocol AnalyzerGOLDEEMTDRWiresharkSmart Call HomeEEMOn-Board Failure LoggingSmart Install MediatraceMediatraceMediatraceSmart InstallFlexible NetFlowIP SLAEEMPerformance MonitorAuto Smart PortsAutoQoSEEMClient LinkSmart InstallFlexible NetFlowIP SLAEEMPerformance MonitorFlexible NetFlowClean AirEEMPerformance Monitor
  9. 9. But… We Only Have 90 Minutes!•  Focusing on 3 areas duringthis session to address all 3of the networking driversdiscussed previously.•  Innovation comes inmultiple forms:-  Features-  Technologies-  ArchitecturesOperational Efficiency toAddress TCOIT EffectivenessConverged Access
  10. 10. Agenda• Operational Efficiency: EnergyWise• IT Effectiveness: Network Automation• Converged Access
  11. 11. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11Aus.IrelandSouth Atlantic OceanSouth Pacific OceanNorth Pacific OceanNorth Atlantic OceanIndian OceanArctic Ocean Arctic OceanArctic OceanNorth Pacific OceanUnited States of AmericaU.S.A.CanadaMexicoBrazilU. S. A.French Polynesia (Fr.)ArgentinaUruguayParaguayChileBoliviaPeruEcuadorColombiaVenezuelaFrench Guiana (Fr.)SurinameGuyanaThe BahamasCubaDominican RepublicPanamaCosta RicaNicaraguaHondurasGuatemalaEl SalvadorTrinidad and TobagoJam.HaitiPuerto Rico (US)Greenland (Den.)IcelandMadagascarSouth AfricaLesothoSwazilandMozambiqueTanzaniaBotswanaNamibia ZimbabweAngolaZaireZambiaMalawiBurundiKenyaRwandaUgandaCongoGabonSomaliaEthiopiaSudanDjiboutiBelizeEgyptLibyaChadNigerAlgeriaMaliTunisiaNigeriaCameroonC. A. R.BeninTogoGhanaBurkina FasoBarbadosDominicaCôte D IvoireLiberiaSierra LeoneGuineaGuinea-BissauSenegalThe GambiaMauritaniaWestern Sahara (Mor.)MoroccoNorwaySwedenRomaniaTurkeyHung.ItalyPortugalFranceSpainUnited KingdomCyp.YemenOmanSaudi ArabiaU. A. E.QatarIranIraqSyriaJordanIsrael ChinaMongoliaRussiaAfghanistanPakistanIndiaSri LankaMaldivesNepalBhu.Myanmar (Burma)Bang.Andaman Islands (India)ThailandIndonesiaMalaysiaBruneiPhilippinesTaiwanCambodiaVietnamLaosAustraliaPapua New GuineaNew ZealandFijiNew CaledoniaSolomon IslandsKiribatiMarshall IslandsFederated States of MicronesiaGuam (USA)N. KoreaS. KoreaKuril IslandsWrangel IslandAleutian Islands (USA)New Siberian IslandsSevernaya ZemlyaNovaya ZemlyaFranz Josef LandSvalbard (Nor.)Jan Mayen (Nor.)Banks IslandVictoria Island Baffin IslandEllesmere IslandIsland of NewfoundlandAntarcticaÎles Crozet (France)TasmaniaSouth Georgia (adm. by UK, claimed by Argentina)Falkland Islands (Islas Malvinas) (adm. by UK, claimed by Argentina)KuwaitCanary Islands (Sp.)Sao Tome & PrincipeSingaporeEq. GuineaFaroe Is. (Den.)KazakhstanBelarusUkraineGeorgiaArmeniaAzerbaijanTurkmenistanUzbekistanKyrgyzstanEritreaTajikistanHawaiian IslandsGalapagos Islands (Ecuador)MauritiusSeychelles60°EU EuP Directive – energy using products,including set top boxes; Data Center Code ofCoductJapan –networkingequipmentCanada Energy Efficiency Act –external power supplies, batterychargers, TV set top boxes, anddigital TV adaptersUS HR 3221 – external power supplies, promote energy efficient data centers.HR 6 – energy efficiency labeling for set top boxes and DVR products.Australia – DVD playersand recorders, hard diskrecorders, AV receivers,other audio / videoequipmentUS Energy Policy Act of 2005 –battery chargers and externalpower supplies; EnergyStar forServers, Storage, UPS, andData CentersChina –TV receivers, settop boxes, and DVDplayersMexico evaluating efficiencystandards for electronicproductsRegulatory Pressures11
  12. 12. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 12•  Regulatory compliance•  Government mandates•  Company requirements•  Rising energy costs•  IT device proliferation•  Video applicationsCost Savings Sustainability MandatesSource: BOMA 2006, EIA 2006, AIA 2006Source: UK Energy Efficiency Best Practice Program; Energy Consumption Guide 19: Energy Use in OfficesSource: Gartner Dataquest, Forecast of IT Hardware Energy Consumption, Worldwide, 2005-2012.Manufacturing50%PCs, Laptops& Monitors31.5%Enterprise/SMBComm. 13.3%Printers14.5%Servers 16.2%WiredTelecom11.1%WirelessInfrastructure7.3%ConsumerCommunications6.1%ITEquipmentHandheldDevices0.5%Total EnergyConsumptionEnterpriseBuildingsBuildings25%Transportation25%Lighting11%Heating, Cooling,and Ventilation58%Other 6%IT Equipment25%Energy Usage12
  13. 13. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 13"  Use the network to measure, monitor and manage energy."  Allow the network to be the command and control plane for powermanagement"  Cisco Switch or Router is an arbiter or timer for energy management"  Use the network to aggregate power usage reporting"  Allow the network to provide secure, reliable energy management"  Develop a partner eco-system to manage anything connecting to thenetwork."  Realize the network effect to provide services like location, presence forenergy management."  No Technology Religion – Everything that draws power using lowestcommon denominatorCisco EnergyWise Goals13
  14. 14. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 14Cisco EnergyWise Architecture14Unifies Device EnergyManagementBuilding ManagementSystemsEnergy ManagementApplicationsMANAGEMENT APPLICATIONSBuilding DevicesEnergyWise Management APINetwork ManagementApplicationsCatalyst Switching Network GatewaysCisco and Partner DevicesEnergyWise SDK / APIs POE / POE+ / UPOEPOE Powered DevicesBuilding ProtocolsSDKAPIIT DEVICES BUILDING FACILITIES
  15. 15. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 15EnergyWise Lowers IT Operational Costs*Estimates 65% desktops, 35% laptops, 1 AP for every 20 employees, everyone has an IP PhoneResults vary based on what, if any, energy management solution is previously in place; Assumes $0.12 per kWh (kilowatt-hour).** Assumes ROI across 5 years; modeled on a 250 employee campusSaves up to $65 per Switch Port**$95$35$30$10$510–35%10–15%10–15%40–65%30–50%$50,000 – 175,000$20,000 – 30,000$15,000 – 25,000$20,000 – 35,000$10,000 – 15,000PCs: DesktopLaptopPC MonitorsAPs using POEIP PhonesAnnual Energy Cost by Device EW Annual Savings EW Annual SavingsAcross 5,000 Employees Working 9 Hours a Day, 5 Days a Week…Up to 30%Savings in IT!
  16. 16. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 16Cisco EnergyWise Product PortfolioCatalyst 4500, 4500-X 4900 Catalyst 6500/6500ECatalyst 2960 and 2975Catalyst 2960-SCatalyst 3750-E, 3750, 3850*Catalyst 3560-E and3560Catalyst 3750-X / 3560-XCisco IP PhonesCisco Prime LMSVDI Phone Backpackand TowerIntegrated Services Routers(ISR i.e. 1900/2900/3900) G2Catalyst 2960-C / 3560-CCompact16
  17. 17. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1717Management Applications•  Global visibility for all devices, not just EnergyWise domains•  Graphical reporting: far beyond just numeric values•  Policy management: set scheduled on/off•  Savings accounting: know when you save and when you don’t•  Energy baselining and trending: how am I doing versus last month?•  Access Control: distribute responsibilities, protect assets•  Programmable Actions: turn on a user’s equipment when badging•  What are they useful for?
  18. 18. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1818Policy management•  Most devices don’t need to stay on 24/7 andmost are easy to shut down.•  PoE Phones, access-points, camera can beshut down easily.•  Servers can be spin down (power capped and/or use conservative frequency governor)•  New generation of devices coming up (UPoElights)•  New devices easier to power manage withEnergyWise integration (Xerox for example)
  19. 19. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1919Savings accounting•  Savings are no fun when no one’scounting.•  Mapping between policies andsavings•  Reporting by type of device, location,business unit and no on.•  Perfect for incentivizing teams, aswell as cross charging when needed.
  20. 20. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 2020Programmable Actions•  Policies are great, butprogrammable actions are morepowerful.•  Trigger based on external event(energy price, user inactivity,badge access, and so on).•  Enables location-based energyservices (using phone for location).•  Example: when a UPS kicks in,start shutting down non essentialequipment after a few minutes.JEMScript ExampleiPhone Application
  21. 21. •  DomainGrouping of devices (domain members &endpoints)•  Name, Role, and KeywordsTag devices with labels to filter the search (viaquery)•  Power LevelsIndicates the power state of an endpoint (0-10)•  ImportanceA mechanism to assign how critical devicesare within the domain (1-100)•  QueryThe search, command, and controlmechanism (collect, sum, set)•  RecurrenceA Time of Day scheduling mechanism tochange PoE power statesNetwork/PowerManagementApplicationEnergyWise Concepts Review
  22. 22. Cisco Confidential 22© 2010 Cisco and/or its affiliates. All rights reserved.Configuring a DomainBegin by Creating an EnergyWise Domain. This Activates EnergyWise on the Switch:Verify that EnergyWise Is Active, and Report Total Available PowerEWbackbone# config tEWbackbone(config)# energywise domain EWdomain1 secret 0 mySecret protocol udp port43440 ip 10.16.194.200Switch(config)# exitEWbackbone#show energyModule/Interface Role Name Usage Category Lvl Imp Type--------- ---- ---- ----- -------- --- --- ----backbone-switch EWbackbone 151.0 (W) consumer 10 100 moduleEWbackbone#show energy domainName : EWbackboneDomain : EWdomain1Protocol : udpIP : 10.16.194.200Port : 43440EWbackbone#For YourReference22
  23. 23. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 23EnergyWise Versions and Compatibility•  As EnergyWise specifications change over time,please be aware that some incompatibilities may ariseensure that the EnergyWise specifications are compatible before deploying a new device•  Refer to EnergyWise IOS release notes for versions and compatibility noteshttp://www.cisco.com/en/US/docs/switches/lan/energywise/version2_8/ios/release/notes/ol23554.htmlUpgrading IOS versions:CLI that was changed is automatically updated in the running-configAre generally backward compatible•  How to know what EnergyWise version your switch is running:EWbackbone#show energy versionEnergyWise is EnabledIOS Version: 12.2(58)SE2EnergyWise Specification: (rel2_7)4.0.2823
  24. 24. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 24Endpoint Initiation Process•  This is the console output of a proper endpoint discoverysw16#term monsw16#debug energywise endpointEndpoint debug debugging is onsw16#show energywise childrenModule/Interface Role Name Usage Category Lvl Imp Type--------- ---- ---- ----- -------- --- --- ----access-switch sw16-1 55.0 (W) consumer 10 100 moduleGi1/0/22 FSB3510 FST_Cisco 5.0 (W) consumer 10 1 endpointTotal Displayed: 2 Usage: 60.0sw16#Apr 27 04:01:27.018: NRGYZ:ENDPOINT:New nanny vector 0x0 for endpoint VMR3Apr 27 04:01:27.018: NRGYZ:ENDPOINT:New discovery packet from endpoint VMR3(10.16.194.197)Apr 27 04:01:27.029: NRGYZ:ENDPOINT:Endpoint socket opened, fd 1Apr 27 04:01:27.034: NRGYZ:ENDPOINT:Successfully sent 32 bytes of endpoint data fd=1Apr 27 04:01:27.034: NRGYZ:ENDPOINT:Successfully sent 216 bytes of endpoint data fd=1Apr 27 04:01:27.034: NRGYZ:ENDPOINT:Closing socket, fd 1Apr 27 04:01:27.102: NRGYZ:ENDPOINT:New discovery packet from endpoint VMR3(10.16.194.197)Apr 27 04:01:27.102: NRGYZ:ENDPOINT:Endpoint socket opened, fd 1Apr 27 04:01:27.107: NRGYZ:ENDPOINT:Successfully sent 32 bytes of endpoint data fd=1Apr 27 04:01:27.107: NRGYZ:ENDPOINT:Successfully sent 216 bytes of endpoint data fd=1Apr 27 04:01:27.107: NRGYZ:ENDPOINT:Closing socket, fd 1For YourReference24
  25. 25. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 25Endpoint Initiation Process (Cont.)•  Endpoint discovery continues every 3 minutes thereaftersw16#show energywise childrenModule/Interface Role Name Usage Category Lvl ImpType--------- ---- ---- ----- -------- --- -------access-switch sw16-1 55.0 (W) consumer 10 100moduleGi1/0/22 FSB3510 FST_Cisco 5.0 (W) consumer 10 1endpointGi1/0/23 endpoint VMR3 6.0 (W) consumer * *endpointTotal Displayed: 3 Usage: 66.0sw16#Apr 27 04:04:27.405: NRGYZ:ENDPOINT:New discovery packet from endpointVMR3(10.16.194.197)Apr 27 04:04:27.405: NRGYZ:ENDPOINT:Endpoint socket opened, fd 1Apr 27 04:04:27.405: NRGYZ:ENDPOINT:Successfully sent 32 bytes of endpoint data fd=1Apr 27 04:04:27.405: NRGYZ:ENDPOINT:Successfully sent 216 bytes of endpoint data fd=1Apr 27 04:04:27.411: NRGYZ:ENDPOINT:Closing socket, fd 1Apr 27 04:07:27.698: NRGYZ:ENDPOINT:New discovery packet from endpointVMR3(10.16.194.197)Apr 27 04:07:27.704: NRGYZ:ENDPOINT:Endpoint socket opened, fd 1Apr 27 04:07:27.704: NRGYZ:ENDPOINT:Successfully sent 32 bytes of endpoint data fd=1Apr 27 04:07:27.704: NRGYZ:ENDPOINT:Successfully sent 216 bytes of endpoint data fd=1Apr 27 04:07:27.704: NRGYZ:ENDPOINT:Closing socket, fd 1For YourReference25
  26. 26. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 26Empowering Search•  Names, Roles, and Keywords empower search• Use unique endpoint names to avoid duplicates• Roles group devices by function• Keywords allow multiple logical finds•  Partner SDK Implementation Philosophies vary:• Provide minimal EW configuration, use Management Application to push out EWNames, Roles, Keywords (and Importance)• Provide full GUI(or CLI) EW configuration, use Management Application to pushout updates26
  27. 27. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 27Empowering Search (Cont.)•  Example: PDU•  PDU Names are kept unique: VMR1, VMR2, epower1, etc•  Outlet Names have a convention: Outlet_epower1_1, Outlet_epower1_2, etc•  Role groups device by function: PDU (at the PDU level), Outlet (at the Outlet level)•  Keywords: server,payroll,primary27
  28. 28. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 28Empowering Search (Cont.)•  PDU’s are given unique namesEWstack1#energy query imp 100 name VMR* collect usage allEnergyWise query, timeout is 6 seconds:Host Name Usage Level Imp---- ---- ----- ----- ---10.16.194.189 VMR5 6.0 (W) 10 5010.16.194.207 VMR1 6.0 (W) 10 510.16.194.190 VMR4 6.0 (W) 10 50Queried: 3 Responded: 3 Time: 4.48 seconds!•  Wildcard searches group similar devicesFor YourReference28
  29. 29. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 29Empowering Search (Cont.)•  Unique outlet names allow the collecting outlet data of a particular PDUEWstack1#energy query imp 100 name Outlet_VMR1* collect usage allEnergyWise query, timeout is 6 seconds:Host Name Usage Level Imp---- ---- ----- ----- ---10.16.194.207 Outlet_VMR1_1 0.0 (W) 10 5010.16.194.207 Outlet_VMR1_2 104.0 (W) 10 5010.16.194.207 Outlet_VMR1_3 0.0 (W) 10 5010.16.194.207 Outlet_VMR1_4 0.0 (W) 10 5010.16.194.207 Outlet_VMR1_5 69.0 (W) 10 5010.16.194.207 Outlet_VMR1_6 116.0 (W) 10 5010.16.194.207 Outlet_VMR1_7 0.0 (W) 10 5010.16.194.207 Outlet_VMR1_8 104.0 (W) 10 50Queried: 8 Responded: 8 Time: 4.854 secondsEWstack1#For YourReference29
  30. 30. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 30Empowering Search (Cont.)•  Keywords group the outlets of multiple PDU’s by vertical functionEWstack1#energy query imp 100 keyword finance collect usage allEnergyWise query, timeout is 6 seconds:Host Name Usage Level Imp---- ---- ----- ----- ---10.16.194.207 Outlet_VMR1_8 104.0 (W) 10 10010.16.194.189 Outlet_VMR5_2 99.0 (W) 10 100Queried: 2 Responded: 2 Time: 4.47 secondsEWstack1#For YourReference30
  31. 31. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 31Know Your Colors•  EnergyWise colors are different than IT colors•  Know which colors Partner Products useCategory Color Code Color Level LabelFF0000 Red 10 Full9 HighOperational (1) FFFF00 Yellow 8 Reduced7 Medium00FF00 Green 6 Frugal5 Low0000FF Blue 4 ReadyStandby (0) 3 StandbyA52A2A Brown 2 Sleep1 HibernateNon-Operational (-1) 000000 Black 0 ShutCategory Color Code ColorOperational 00FF00 GreenWarning FFFF00 YellowFailed FF0000 RedCommon ITApplicationColorsEnergyWiseApplicationColorsSame Color HasDifferent Context31
  32. 32. An Agentless mechanism for control of SNMP devices•  Many ITC devices are notEnergyWise enabled or PoEPowered.Problem : Incomplete coverage of IT assets.Solution : Translate other protocols toEnergyWiseEnergyWise SNMP TranslatorCisco IOS® Software Release 15.0(2)SE
  33. 33. •  Map EnergyWise and SNMP Data Models – Translation file – load in flash.•  SNMP endpoints become transparently managed as if they were native EWendpoints.•  Sample translation files available at Cisco.comEnergyWise ValueName (fn_get_name)Unit (fn_get_units)Power Level (fn_get_level)Translation Filefn_get_name <-> sysNamefn_get_units = WATTSfn_get_levelSNMP OIDssysName (1.3.6.1.2.1.1.5.0)1.3.6.1.4.1.253.8.53.13.2.1.6.1.111.6EnergyWise SNMP Translator Behavior
  34. 34. Verification•  If everything has been configured properly, you should see:switch#show energywise children!Module/!Interface Role Name Usage Category Lvl Imp Type!--------- ---- ---- ----- -------- --- --- ----!WS-C3560G-48PS NRGYZ-TB-11 130.0 (W) consumer 10 1 parent!Gi0/1 Endpoint saturn-lnx1 100.0 (W) consumer 10 1 endpoint!Gi0/5 IP Phone 7960 SEP0003E3864795 6.3 (W) consumer 10 1 PoE!Gi0/11 IP Phone 7970 SEP00192FB9CAA5 6.3 (W) consumer 10 1 PoE!Gi0/12 Xerox WorkCentre Printer_Floor1_Lobby 300.0 (W) consumer 10 1 proxy!!Subtotals: (Consumer: 542.6 (W), Meter: 0.0 (W), Producer: 0.0 (W))!Total: 542.6 (W), Count: 5!•  New command introduced to check what SNMP proxies are currently running:NRGYZ-TB-11#show energywise proxies!Interface Host Role Name Protocol Mapping!--------- ----- ---- ---- -------- ------!Gi0/12 2.2.2.11:161 Xerox Workcentre Printer_Floor1_Lobby snmp v2c Xerox !Gi0/13 2.2.2.12:161 Xerox Workcentre Printer_Floor2_Lobby snmp v2c Xerox!Gi0/14 2.2.2.20:161 Ricoh Printer_Floor3_Lobby snmp v2c Ricoh!!For YourReference
  35. 35. Cisco Confidential 35© 2010 Cisco and/or its affiliates. All rights reserved.Cisco IP Phones*Windows with VerdiemAgentPDUs PDUs Fieldserver gatewayPrime LMS 4.1 Joulex JEM 2.6 Verdiem Surveyor 6 CA EcoMeter*Requires Call Manager 8.5 and abovePDUs Torana GatewayLenovo Laptops
  36. 36. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 360$ Limited Functionality Partner Management Application SKU’sallow hands-on use of EnergyWiseNew Bundle with every 3K / 4K PoE Switch#  SKU appears in GPL#  Features vary with partner#  Announcement at CiscoLive US 2012(EW-JX-50SW) (EW-VER-50SW) (EW-CA-50SW)Features of Bundle (Varies based on partner)#  Monitoring for Free#  Limited Control for Free#  Upgrade path available36
  37. 37. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 37Device&Types&Visibility&(Monitoring)&Basic&Control&&(Time&Based)&Advanced&Control&and&Repor=ng*&Cisco&Switches&and&Routers& √" √" UpgradeWireless&access&points& √" √" UpgradeVoIP&phones& √" √" UpgradeEnergyWiseGenabled&devices& √" √" UpgradeWindows&PCs/Laptops& √" Upgrade UpgradeMonitors,&Printers&& √" Upgrade UpgradeAll&other&campus&and&data&center&devices&Upgrade Upgrade UpgradeDevice Types& Visibility(Monitoring)&Basic Control(Time Based)&AdvancedControl*&PoE& Unlimited devicesforever&Unlimited devices1 Year&Unlimited devices1 Year&Cisco Switches& Unlimited devicesforever&Unlimited devices1 Year&Unlimited devices1 Year&PC/Laptops& Unlimited devices1 Year1000 devices1 Year&1000 devices1 Year&Note: entire Nimsoft functionality that will support EnergyWise as well asother Nimsoft functionality will be provided for 90 days free of charge.0$ SKU ComparisonFor YourReference37
  38. 38. Call To Action:Management-friendly Video & Savings Calculatorhttp://youtube.googleapis.com/v/hGf6DADO468&hl=en_US&fs=1&
  39. 39. Agenda•  Operational Efficiency: EnergyWise•  IT Effectiveness: Network Automation•  Converged Access
  40. 40. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 40Highly motivated individualsFull control over every single detailTowards: Collaborative operations of a partially autonomic systemFrom: Detailed control by a single central authorityAn AnalogyHighly skilled and trained crewHuman brain in every control loopSpecialized distributed crewReasonable control within boundaries40
  41. 41. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 41"  Flexible NetFlow"  Auto IP SLA—delay, jitter,packet loss,"  IP OAM—Ping, Trace, "  Config CLI"  IP OAM—Ping, Trace, BFD,ISG per session"  802.3ah—Link monitoringand remote fault indication"  802.1 ag—Continuitycheck, L2 ping, trace, AIS"  MPLS OAM—LSP ping,LSP trace, VCCV"  EEM—Embedded EventManager"  EVENT-MIB—OID-basedtriggers, events, or SNMPSet, IETF DISMON"  EXPRESSION-MIB—OIDexpression-based triggers,IETF DISMON"  …"  Config CLI—diff, logging,lock, replace, rollback"  E-LMI—parameter andstatus signaling"  E-DI—Enhanced DeviceInterface, CLI, Perl, IETFNetconf"  EMM — Embedded MenuManager"  NETCONF—IETFNETCONF XML PI"  CNS and WSMA"  TR-069"  KRON—commandscheduler"  AutoInstall—bootstrapping"  IOS.sh —IOS Shell"  SmartInstall"  Auto SmartPorts"  …"  Flexible NetFlow—IETF IPFIX"  BGP policy accounting –includes AS information"  Periodic MIB bulk datacollection and transfer"  …"  Auto IP SLA—delay, jitter,loss probability"  CBQoS MIB—class-basedQoS"  NBAR"  RMON"  EPC – Embedded PacketCapture"  ERM—EmbeddedResource Manager"  GOLD—Generic OnlineDiagnosis"  Smart Call Home—preventive maintenance"  VidMon—Video Monitoring"  …Fault Configuration AccountingPerformance" Auto Secure—one-touchdevice hardening" LDP Auth—messageauthentication" Routing Auth—MD5authentication, BGP, OSPF" …SecurityCisco IOS® Device Manageability Instrumentation (DMI)Fault Configuration AccountingPerformanceSecurityHeadquartersDCDevice Manageability Instrumentation Has Evolved SignificantlyDevice Manageability Instrumentation41
  42. 42. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 42Smart Operations Feature Support – Switching PortfolioFeature Catalyst 6500 Catalyst 4500 Catalyst 3xx0 Catalyst 2xx0Smart Install (Director) "   "   "   "  Auto Smartports "   "   "   "  AutoQoS "   "   "   "  Flexible NetFlow "   "   "   "  IP SLAs "   "   "   "  EEM "   "   "   "  Smart Call Home "   "   "   "  GOLD "   "   "   "  SPAN/RSPAN "   "   "   "  ERSPAN "   "   "   "  Protocol Analyzer / Wireshark "   "   "   "  TDR "   "   "   "  January 2013* Specific hardware required C3KX-SM-10G*Responderonly42For YourReference
  43. 43. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 43Embedded EventManagerSyslogemailnotificationSNMP setCounterCLIAppletsSNMPgetSNMPnotificationApplicationspecificTCLPoliciesReload orswitch-overEEM Appletsmulti-event-correlationIOS.shPoliciesActionsEvent DetectorsSyslogEventProcessSchedulerDatabaseInterfaceDescriptorBlocksSyslogEDWatchdogEDInterfaceCounterEDCLIEDOIREDERMEDEOTEDRFEDnoneEDGOLDEDXMLRPCEDSNMPEDsRemote:• NotificationLocal:• Notification• Get/SetNetFlowEDIPSLAEDRouteEDTimerEDs• Cron• CountdownHWEDs• Fan• Temp• Env• ...CDPLLDPED802.1xEDMACEDEmbedded Event Manager (EEM)43
  44. 44. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 44Embedded Event Manager – Applet EvolutionsEEM Version Release Applet Modifications Peanut Gallery Comments1.012.0(26)S12.3(4)T2 Events: Syslog, SNMPActions: Log, CNS event, Reload, SwitchoverInitial VersionLimited benefits2.02.12.212.3(14)T112.2(18)SXF512.4MNo structure changesVarious New event detectorsNew actions: cli, info, mail, policy, SNMP trap, Modify counters,Publish application events,Read/set tracked objectsMany new actionsPopular CLI / mailActions run linear2.3 12.4(11)Tmaxrun supportpattern parameter for CLI actionsMaxrun support ==securityCan handle CLI prompts2.4 12.4(20)T multi-event supportBoolean correlationof events withinapplet.3.012.4(22)T12.2(33)SERedesign of action mechanismProgram counter addedLoops, conditionals, regexps,context save, error handlingApplets now rock!Programming languagefeel.3.1/3.2 - No changes -4.0 15.2(2)TApplet file actionsTLS/SSL support for SMTP actionsCustom port for SMTP actionsFile manipulation handy!44For YourReference
  45. 45. Real-WorldExampleProblem: None in ParticularSolution: Have fun exploring EEM Applet capabilitiesSee also: http://www.99-bottles-of-beer.net/language-cisco-ios-embedded-event-manager-applet-2909.htmlevent manager applet 99-bobdescription written by bklauser inspired by http://www.99-bottles-of-beer.netevent noneaction 100 set b 99action 110 while $b gt 1action 120 puts "$b bottles of beer on the wall, $b bottles of beer."action 130 decrement baction 140 puts "Take one down, pass it around, "action 150 puts "$b bottles of beer on the wall.n"action 160 endaction 170 puts "$b bottle of beer on the wall, $b bottle of beer."action 180 puts "Take one down, pass it around, "action 190 puts "no more bottles of beer on the wall.n"action 200 puts "No more bottles of beer on the wall, "action 210 puts "no more bottles of beer."action 220 puts "Go to the store and buy some more, "action 230 puts "99 bottles of beer on the wall.n"!alias exec sing event manager run 99-bobSetting a VariableDecrementing a VariableReferencing a VariableWhile Loop – {While Loop – }Using an Alias to run ourAppletExample: EEM Applets – Loops, Variables45
  46. 46. Value to BusinessMaturity andInnovationNetwork Automation AdoptionType IIAutomate New TaskBenefits:- OPEX $- CAPEX $- Quality %- Reactive & ProactiveType III – Automationas Integral Part ofSolution DesignBenefits:- Revenue enabler- OPEX $- CAPEX $- Quality %- Reactive & Proactive- Corporate Learning enablerType IAutomate Existing TaskBenefits:- OPEX $- Quality %46
  47. 47. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 47Cisco ONE Platform Kit (onePK)Any CiscoRouter orSwitchYOURApplicationsonePKC, JAVA ProgramAPI PresentationAPI InfrastructureCatalyst NexusASRISRonePK IPC ChannelNetwork ProgrammingEnvironment to:•  Innovate•  Extend•  Automate•  Customize•  Enhance•  Modify47
  48. 48. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 48Cisco ONE Platform Kit (onePK)onePK Provides•  Abstractions (Service Sets)•  Programmatic Interfaces (C, Java, (REST) …)•  Software Development Kit (SDK)Anatomy of a onePK Application•  Software Application (currently C and Java)•  Interfaces and Abstractions (Service Sets)•  Communication Bus (Thrift IDL)•  Connected-Apps Agent in Network OS•  Network OS Features and Embedded Automations Write once run anywhereService Set DescriptionData Path Provides packet delivery service to application: Copy, Punt, InjectPolicyProvides filtering (NBAR, ACL), classification (Class-maps, Policy-maps), actions (Marking, Policing, Queuing, Copy, Punt) and applyingpolicies to interfaces on network elementsRouting Read RIB routes, add/remove routes, receive RIB notificationsElementGet element properties, CPU/memory statistics, network interfaces,element and interface eventsDiscovery L3 topology and local service discoveryUtilitySyslog events notification, Path tracing capabilities (ingress/egressand interface stats, next-hop info, etc.)DeveloperDebug capability, CLI extension which allows application to extend/integrate application’s CLIs with network element48
  49. 49. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 49Portfolio of API, Languages and AbstractionsNetwork Programming with onePK and Embedded Network AutomationNativeNetwork OSEmbeddedAutomationEvent-/Expression-MIB, PfR, IPSLAThresholds,Embedded EventManager Applets, …AdvancedNetwork OSEmbeddedScriptingTcl, Python,Embedded EventManager, EASy, …Structured APIonePK CObject OrientedAPIonePK JavaHigher-LevelAbstractions /InterfacesonePK LibrariesREST, XMPP, DesignPatterns, OMNIControllers, …Choice and Flexibility of ImplementationNetwork Automation – Embedded Automations49
  50. 50. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 50resource policypolicy my-erm-policy-1 type iosprocesssystemcpu totalcritical rising 90 interval 15 falling 20 interval 10 globalmajor rising 70 interval 15 falling 15 interval 10 globalminor rising 60 interval 15 falling 10 interval 10 global!Feb 17 13:32:18.283: %SYS-4-CPURESRISING: System is seeing globalcpu util 62% at total level more than the configured minor limit 60%Monitoring ResourcesProblem: During the planning cycle, we would like to understand if totalCPU usage reaches critical levelsSolution: Define an ERM policy to notify upon resource depletion  If Total CPU usage count rises above 90% at an interval of 15s, aCritical Up notification is sent50
  51. 51. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 51resource policypolicy my-login-policy type iosprocesssystemcpu processcritical rising 30 interval 10 falling 20 interval 10major rising 20 interval 10 falling 10 interval 10minor rising 10 interval 10 falling 5 interval 10user group my-login-group type iosprocessinstance "SSH Process"instance "SSH Event handler“:policy my-login-policy*Aug 25 12:56:26.089: %SYS-4-CPURESRISING: Resource group my-login-group is seeing local cpuutil 16% at process level more than the configured minor limit 10%*Aug 25 12:56:41.089: %SYS-6-CPURESFALLING: Resource group my-login-group is no longer seeinglocal high cpu at process level for the configured minor limit 10%, current value 0%Monitoring Multiple ProcessesProblem: In order to detect resource consumption caused by brute force loginattempts, we want to keep an eye on CPU utilization by the login processesSolution: Define an ERM policy to notify upon critical / suspicious levels& Syslog if Group CPU Usage Count Rises Above 10% at an Interval of 10sReal-WorldExample51
  52. 52. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 52A Network “Top”•  Use onePK to build a live process monitorsimilar to UNIX top•  The same app can connect to multipledevices to display the top processes acrossthe entire networkReal-WorldExample52
  53. 53. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 53Problem: Sometimes we need data from one or multiple MIBs, but- we may not want to (re-)configure an NMS- don’t want to constantly poll- need to gather data during temporary loss of connectivitySolution: Use Bulk File MIB to define the data we need and periodically transfer it to aconvenient location- group data from multiple MIBs- single, common polling interval- buffer data- transfer using RCP, FTP, TFTP- format ASCII or BinaryFeature Name: Periodic MIB Data Collection and Transfer MechanismAvailable from: IOS 12.0(24)S, 12.2(25)S, 12.3(2)T, IOS XE 2.1, IOS XR 3.2Platforms: ASR1k, x8xx ISR, x900x ISR, 72xx, 73xx, 76xx, 10xxx, ME3400, C4k, C6k, …See: http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.2.1.2Quickly export SNMP Statistics?53
  54. 54. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 54What Data am I interested in?Where and when do I want to poll Data?How do I want to export Data?Router(config)# snmp mib bulkstat object-list my-if-dataRouter(config-bulk-objects)# add ifIndexRouter(config-bulk-objects)# add ifDescrRouter(config-bulk-objects)# add ifAdminStatusRouter(config-bulk-objects)# add ifOperStatusRouter(config-bulk-objects)# exit1. Define Lists of relevant OIDs (Names for IF-MIB, ASN.1 for all others)2. Specify Polling Schema3. Configure the Transfer Mechanism – and enable it !Router(config)# snmp mib bulkstat schema my-if-schemaRouter(config-bulk-sc)# object-list my-if-dataRouter(config-bulk-sc)# poll-interval 1Router(config-bulk-sc)# instance exact interface FastEthernet0Router(config-bulk-sc)# exitRouter(config)# snmp mib bulkstat transfer my-fa0-transferRouter(config-bulk-tr)# schema my-if-schemaRouter(config-bulk-tr)# transfer-interval 5Router(config-bulk-tr)# url primary tftp://10.10.10.10/folder/Router(config-bulk-tr)# retain 30Router(config-bulk-tr)# buffer-size 4096Router(config-bulk-tr)# enableFor YourReferenceConfiguration – Example54
  55. 55. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 55Key Fields Packet 1Source IP 3.3.3.3Destination IP 2.2.2.2Source Port 23Destination Port 22078Layer 3 Protocol TCP - 6TOS Byte 0Input Interface Ethernet 0SourceIPDest.IPSourcePortDest.PortProtocolTOSInputI/F… Pkts3.3.3.3 2.2.2.2 23 22078 6 0 E0 … 1100Traffic Analysis CacheFlowMonitor1TrafficSourceIPDest.IPInput I/FFlag… Pkts3.3.3.3 2.2.2.2 E0 0 …11000Security Analysis CacheNon-Key FieldsPacketsBytesTimestampsNext Hop AddressFlowMonitor2Key Fields Packet 1Source IP 3.3.3.3Dest IP 2.2.2.2Input Interface Ethernet 0SYN Flag 0Non-Key FieldsPacketsTimestampsFlexible NetFlow (FNF) – Recap55
  56. 56. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 56IPv4IP (Source orDestination)Payload SizePrefix (Sourceor Destination)PacketSection(Header)Mask (Sourceor Destination)PacketSection(Payload)Minimum-Mask(Source orDestination)TTLProtocolOptionsbitmapFragmentationFlagsVersionFragmentationOffsetPrecedenceIdentification DSCPHeader Length TOSTotal LengthInterfaceInputOutputFlowSampler IDDirectionSource MACaddressDestinationMAC addressDot1q VLANSource VLANLayer 2IPv6IP (Source orDestination)Payload SizePrefix (Source orDestination)Packet Section(Header)Mask (Source orDestination)Packet Section(Payload)Minimum-Mask(Source orDestination)DSCPProtocolExtensionHeadersTraffic Class Hop-LimitFlow Label LengthOption Header Next-headerHeader Length VersionPayload LengthDest VLANDot1q priorityFor YourReferenceFlexible NetFlow (FNF) – Key Fields – 1/256
  57. 57. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 57MulticastReplicationFactor*RPF CheckDrop*Is-MulticastInput VRFNameBGP Next HopIGP Next Hopsrc or dest ASPeer ASTraffic IndexForwardingStatusRouting TransportDestination Port TCP Flag: ACKSource Port TCP Flag: CWRICMP Code TCP Flag: ECEICMP Type TCP Flag: FINIGMP Type* TCP Flag: PSHTCP ACK Number TCP Flag: RSTTCP Header Length TCP Flag: SYNTCP Sequence Number TCP Flag: URGTCP Window-Size UDP Message LengthTCP Source Port UDP Source PortTCP Destination Port UDP Destination PortTCP Urgent PointerApplicationApplication ID**: IPv4 Flow onlyFor YourReferenceFlexible NetFlow (FNF) – Key Fields – 2/257
  58. 58. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 58Where do I want my data sent?What data do I want to meter?How do I want to cache Information?On which Interface do I want to monitor?Router(config)# flow exporter my-exporterRouter(config-flow-exporter)# destination 1.1.1.11. Configure the ExporterRouter(config)# flow record my-recordRouter(config-flow-record)# match ipv4 destination addressRouter(config-flow-record)# match ipv4 source addressRouter(config-flow-record)# collect counter bytes2. Configure the Flow Record3. Configure the Flow Monitor4. Apply to an InterfaceRouter(config)# flow monitor my-monitorRouter(config-flow-monitor)# exporter my-exporterRouter(config-flow-monitor)# record my-recordRouter(config)# interface s3/0Router(config-if)# ip flow monitor my-monitor inputFor YourReferenceFlexible NetFlow (FNF) – Configuration58
  59. 59. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 59Router# show flow monitor <monitor> cacheaggregate ipv4 source addresssort highest counter bytes top 10Router# show flow monitor <monitor> cachefilter ipv4 destination address 10.10.10.0/24aggregate ipv4 destination addresssort highest counter bytes top 5Router# show flow monitor <monitor> cacheaggregate datalink dot1q vlan outputsort lowest counter bytes top 5"  Top five destination addresses to which were routing most trafficfrom the 10.10.10.0/24 prefix"  Top ten IP addresses that are sending the most packets"  5 VLANs that were sending the least bytes to:"  Top 20 sources of 1-packet flows:Router# show flow monitor <monitor> cachefilter counter packet 1aggregate ipv4 source addresssort highest flow packet top 20Flexible NetFlow (FNF) – Top Talkers59
  60. 60. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 60Problem: We want to know about low-TTL trafficSolution: Use Flexible Netflow and Embedded Event Manager 3.0 to detecttraffic flows with TTL < 5flow record <my-record>match ipv4 ttlmatch ipv4 source addressmatch ipv4 destination address:flow monitor <my-monitor>record <my-record>:1. Configure flexible Netflow to match on TTL, Source- and Destination Address2. Configure the Netflow Event Detector in EEM to notify upon a new flow recordevent manager applet my-ttl-appletevent nf monitor-name "my-ttl-monitor" event-type create event1entry-value "5" field ipv4 ttl entry-op ltaction 1.0 syslog msg “Low-TTL flow from $_nf_source_address"*Dec 2 17:39:31.221: %HA_EM-6-LOG: my-ttl-applet: Low-TTL flow from 192.168.2.2483. Syslog message and/or use show flow monitor <my-monitor> cache command- Top (unexpected) Talkers with low-TTL traffic ?- Deviation from Normal ?- Senders with many low-TTL flows ?- Take Actions (block suspicious senders) ?Real-WorldExampleFlexible NetFlow and EEM – Low TTL60
  61. 61. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 6161Son: Dad, why are there always2 Pilots?Dad: One has to prevent theother from doing stupid thingsSon: Which one is doing thestupid things?
  62. 62. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 62"  Contextual configuration diff utility (from 12.3(4)T, 12.2(25)S)Easily show differences between running and startup configurationCompare any two configuration files"  Config change logging and notification (from 12.3(4)T, 12.2(25)S)Tracks config commands entered per user, per sessionNotification sent indicating config change has taken place—changes can be retrieved viaSNMP"  Configuration replace and rollback (from 12.3(7)T, 12.2(25)S)Replace running config with any saved configuration (only the diffs are applied) to return toprevious stateAutomatically save configs locally or off boxConfig Rollback Confirmed Change (from 12.4(23)T, 12.2(33)S)"  Configuration locking (from 12.3(14)T, 12.2(25)S)Ensures exclusive configuration change accessCLI ‘Safety’ and Quality Features62
  63. 63. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 63router# config terminal revert time 2Rollback Confirmed Change: Backing up current running config to flash:bk-2Enter configuration commands, one per line. End with CNTL/Z.:... your Config Change work here ...:router# hostname oopsoops(config)# endoops# Rollback Confirmed Change: Rollback will begin in one minute. Enter"configure confirm" if you wish to keep what youve configuredExample: Config RevertProblem: critical config change to a remote router may result in loss of connectivity, requiring areloadSolution: revert the running configuration after two minutes – unless the change made is confirmedAvailable from: IOS 12.4(23)T, 12.2(33)Soops# Rollback Confirmed Change: rollingto:flash:bk-2Total number of passes: 1Rollback Donerouter#oops# config confirmoops#or63
  64. 64. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 64•  Auto Smart Ports are powered by EEM•  Pre-built port configuration templates for simplify user experience and minimize configurationerror•  Automatic event detection (CDP/LLDP/MAC) triggers auto configuration•  Authentication (802.1x, MAB) and authorization can be conducted before port configurationapplied•  Automatic notification can be sent to NMS system to help with asset tracking•  Plug-n-play device deployment lowers overall management costCDPMAC AddrRadius Server802.1xLLDPNMS stationProblem: How to trigger custom event-based port configurationsSolutions: Use Embedded Event Manager (EEM)Event-Based Configurations – Beyond ASP64
  65. 65. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 65Example: When a printer is added to the network, use an EEM applet to create a new ASPeventevent manager applet dectect-printerevent neighbor-discovery interface regexp FastEthernet.* cdp addaction 001 regexp ".*LasterJet.*" "$_nd_cdp_platform"action 002 if $_regexp_result eq 1action 003 cli command "enable"action 004 cli command "config t"action 005 cli command "interface $_nd_local_intf_name"action 006 cli command "switchport access vlan $printer_vlan"action 007 cli command "switchport mode access"action 008 cli command "switchport port-security"action 009 cli command "switchport port-security violation restrict"action 010 cli command "switchport port-security aging time 2"action 011 cli command "switchport port-security aging type inactivity"action 012 cli command "spanning-tree portfast"action 013 cli command "spanning-tree bpduguard enable"action 014 cli command "end"action 015 syslog msg "New printer added: $_nd_cdp_entry_name , type:$_nd_cdp_platform"action 016 endEvent-Based Configurations – Beyond ASP65
  66. 66. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 66POST (Power-On Self-Test) is great ...... but some errors you prefer to know whilethe system is up and running ...... and: can you afford to power-cycle afterOIR just for POST to run ?66
  67. 67. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 67"  Bootup Diagnostics (upon bootup and OIR)"  Periodic Health Monitoring (during operation)"  OnDemand (from CLI)"  Scheduled Testing (from CLI)"  Test Types include:–  Packet switching tests–  Memory Tests–  Error Correlation Tests"  Complementary to POSTGood Practice: schedule allnon-disruptive testsperiodicallyAvailable from: CatOS 8.5(1), IOS 12.2(14)SXPlatforms: CBS 3xxx, Cat 3560, 3750, 6500, ME6524, 72xx, 10k, CRSProblem: How to detect wear and tear issues before they cause an outage?Hardware aging as well as repeated insertion and removal of modules canlead to wear and tear damage on connectors. This can cause failures – howdo you find out during operation, without power-cycling the box ?Solution: Use GOLD to verify functionality of amis-behaving moduleGeneric Online Diagnostics (GOLD)67
  68. 68. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 68Device Manageability Instrumentation (DMI) www.cisco.com/go/instrumentation"  Embedded Event Manager (EEM): www.cisco.com/go/eem"  Cisco Beyond – EEM Community: www.cisco.com/go/ciscobeyond"  Embedded Menu Manager (EMM): http://tinyurl.com/emm-in-124t"  Embedded Packet Capture (EPC): www.cisco.com/go/epc"  Flexible NetFlow: www.cisco.com/go/netflow and www.cisco.com/go/fnf"  GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html"  IPSLA (formerly SAA, formerly RTR): www.cisco.com/go/ipsla"  Network Analysis Module: http://www.cisco.com/go/nam"  Network Based Application Recognition (NBAR): www.cisco.com/go/nbar"  Security Device Manager (SDM): http://www.cisco.com/go/sdm"  Smart Call Home: www.cisco.com/go/smartcall"  Web Services Management Agents (WSMA): http://tinyurl.com/wsma-in-150M"  Cisco Configuration Engine (CCE): www.cisco.com/go/ciscoce"  Feature Navigator: www.cisco.com/go/fn"  MIB Locator: www.cisco.com/go/mibsFor YourReferenceReferences – Instrumentation and Automation68
  69. 69. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 69Network Automation and Programming withCisco Open Networking Environment …… provides Choice and Flexibility of- APIs and Abstractions- Architectures- Deployment Models… closes the gap between Applications and Networks… enables Operational Savings and New Opportunities… puts YOU in controlWhat will YOU program ?Key Takeaways69
  70. 70. Agenda•  Operational Efficiency: EnergyWise•  IT Effectiveness: Network Automation•  Converged Access
  71. 71. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 71Wireless Standards – Past, Present, and FutureEarly 2000 2002 2004 2006 2008 2010 2012 2014 …CLIENTS/BANDWIDTHMedia Rich ApplicationsPervasive Mission CriticalNice to Have10Gbps11Mbps802.11n450 Mbps802.11a, 802.11b11 Mbps802.11g54 Mbps802.11ac-11 Gbps802.11ac-23.5 GbpsFuture
  72. 72. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 72Wireless ControlSystemAccess ControlServerLAN MgmtSolutionIdentityMgmtNACProfilerGuestServerCisco WirelessLAN ControllerInternalResourcesCisco FirewallCiscoAccess PointCatalystSwitchCorporateNetwork InternetOne ManagementPrimeOne PolicyISEOne Network with Converged AccessConverged Access Mode•  Integrated wireless controller•  Distributed wired/wirelessdata plane (CAPWAPtermination on switch)One NetworkCatalyst 3850
  73. 73. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 73Change in Catalyst Access Switching PortfolioTraditionalWorkspaceU n i f i e d W o r k s p a c e•  Scale & Performance•  Security•  Lower TCOCatalyst 2960-SVoiceDataMobilityBYOD VideoCatalyst 4500E* - Shipping on Catalyst 3850, Roadmap on Catalyst4500ECatalyst 3850Catalyst 3kSeriesS c a l e & P e r f o r m a n c eT r u s t S e cA p p l i c a t i o n V i s i b i l i t yE n e r g y M a n a g e m e n t a n d G r e e nL o w e r T C OCatalyst 3750-XC O N V E R G E D A C C E S S *Distributed Intelligent Access Services
  74. 74. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 74Converged Wired/Wireless Access – BenefitsScale with distributedwired and wirelessdata plane480G stack bandwidth;40G wireless/switch;efficient multicastMaximum resiliencywith fast statefulrecoveryLayered network highavailability design withstateful switchoverSingleplatform for wiredand wirelessCommon IOS, sameadministration point,one releaseUnified Access - One Policy | One Management | One NetworkNetwork widevisibility forfastertroubleshootingWired and wirelesstraffic visible atevery hopConsistent securityand quality of servicecontrolHierarchical bandwidthmanagement anddistributed policyenforcement
  75. 75. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 75B u i l t & o n & C i s c o ’ s & I n n o v a = v e & “ U A D P ” & A S I C & &WirelessCAPWAPTermina/onUpto50APs/2000clientsperstack,and40GperswitchUpto2000ClientsperStack40GbpsUplinkBandwidth(Modular)StackpowerLineRateonAllPortsMul/ICoreCPU480GbpsStackingBandwidthFullPOE+FRUFans,PowerSuppliesIHAGranularQoS/FlexibleNetFlowCatalyst 3850 - Platform Overview
  76. 76. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 76300+ Person-Years$100M+ R&D InvestmentScalable and Programmable ASIC – Foundation forCisco ONEU n i f i e d A c c e s s D a t a P l a n e ( U A D P ) A S I CFirst Access ASIC for Wired and Wireless Traffic ProcessingFuture integration with Cisco ONE (Open Network Environment)Programmable: Fast Feature Rollout with Investment Protection
  77. 77. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 77Known Deployment ModelUnderstanding Current Deployment ModelThe Wireless LAN Controller•  Wireless is an Overlay Network•  Software components within the WLC today:•  Mobility Agent (MA) is responsible for:–  AP CAPWAP termination–  Maintaining client database–  Policy enforcement•  Mobility Controller (MC) is responsible for:–  Client Mobility–  Radio Resource Management (RRM)–  WiPS, Spectrum ManagementAccessPoints5508 5508Inter--Controller EoIP/CAPWAP tunnelAP-Contoller CAPWAP tunnelISE PrimeMC MA
  78. 78. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 78ISE PrimeAccessPoints•  Traditional Controllers continue to play MA and MC•  Catalyst 3850 can play the role of both MA and MC•  Valid for Branch and small-medium campus typedeployments•  Moving the MA only to the Catalyst 3850 (typically in largecampus) helps with:•  Improved Scalability – larger mobility domains•  Increased wireless bandwidth•  Uniform wired/wireless policy enforcementAP Capwap Tunnels Mobility TunnelsCatalyst37505508 orWISM2 withSW Upgradeor new 5760NewCatalyst3850MCMAMCMABetter Scale and Bandwidth with Converged AccessSeparation of MA and MC
  79. 79. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 79ISE PrimeAccessPointsWired TrafficCatalyst3850Catalyst3850Unicast with Traditional Deployments•  All wired-wireless ( and vice-versa) conversionhappens at the controller.•  Leads to hair-pinning•  Entire network traversed even for peer-to-peer traffic(wired-wireless or wireless-wireless) on the sameswitchUnicast Optimization with Converged Access•  Wired-wireless conversion (and vice versa)happens at the 3850 switch•  Reduces the number of streams in the network andavoids hair-pinning - OptimizedBetter Network Utilization with Unicast OptimizationWired –wireless andvice-versaconversionhappens atthe access -OptimizedJabber callbetweenlaptop andIpadWireless TrafficHair pinningof traffic at thecontroller -inefficient
  80. 80. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 80ISE PrimeAccessPointsWired Multicast TrafficCatalyst3850Catalyst3850Multicast with Traditional Deployments (Multicast-Multicast mode)•  Wired Multicast Replication happens at the switch•  Wireless Multicast Replication happens at theControllerMulticast Optimization with Converged Access•  Wired and Wireless Multicast Replication happensat the 3850 switch•  Reduces the number of streams for the same traffictype in the networkMulticastServerScalable Multicast DeploymentsReplicationhappens atthe 3850switch for allclientsMulticastwired andwirelessreceivers Wireless Multicast TrafficMultipleReplicationsat differentpoints forwired andwireless
  81. 81. Cisco Confidential 81© 2010 Cisco and/or its affiliates. All rights reserved.Cisco Innovation Summary• Manage complexity andreduce costs?• Offer secure, missioncritical services?• Future proofed for scale?IT Top of MindCisco’s Unified Access StrategyOne PolicyOne ManagementOne NetworkConverged Access• Distributed wired/wirelessdata plane with new CiscoCatalyst 3850• Benefits of single platform,visibility, control, resiliency,and scale
  82. 82. Complete Your Paper“Session Evaluation”Give us your feedback and you could win1 of 2 fabulous prizes in a random draw.Complete and return your paperevaluation form to the room attendantas you leave this session.Winners will be announced today.You must be present to win!..visit them at BOOTH# 100
  83. 83. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 83Thank you.Be sure to follow us on Twitter at #CiscoConnect_TO

×