Architectural approach   innovations clle-2014
 

Architectural approach innovations clle-2014

on

  • 340 views

 

Statistics

Views

Total Views
340
Views on SlideShare
340
Embed Views
0

Actions

Likes
0
Downloads
32
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • One Policy provides context-based central policy across the entire network with visibility of who and what is on the network—wired, wireless, or VPN. It simplifies the design, implementation, and enforcement of security policies.One Management provides comprehensive lifecycle management, performance assurance, and compliance for wired and wireless networks, simplifying network management.One Network converges wired and wireless networks into one physical infrastructure with greater networkwide intelligence, performance, and integration through Cisco ONE.Identity Services Engine: Cisco Identity Services Engine (ISE) is a security policy management and control platform. It automates and simplifies access control and security compliance for wired, wireless, and VPN connectivity. Cisco ISE is primarily used to provide secure access and guest access, support BYOD initiatives, and enforce usage policies in conjunction with Cisco TrustSec.Prime Infrastructure: Cisco Prime Infrastructure empowers IT departments to more effectively manage their networks and the services they deliver. This scalable, integrated solution tightly couples end-user awareness and application performance visibility with comprehensive lifecycle management of wired and wireless access, campus and branch networks.Unified Access:Based on One Policy, One Management, and One Network, the Cisco Unified Access solution delivers an integrated and simplified intelligent network platform that serves as the foundation for the Cisco BYOD Smart Solution. Cisco Unified Access allows IT to spend less time running the network and more time promoting innovation that can differentiate and transform the business. It allows organizations to empower their users to work their way.Cisco Unified Access, as part of the Cisco Open Network Environment (ONE) Enterprise Networks Architecture, is an intelligent network platform that promotes connected experiences and operational efficiencies. It is the business foundation to support bring-your-own-device (BYOD) and the Internet of Everything (IoE). Now you can connect people, processes, data, and things with greater intelligence, security, and efficiency than ever before.
  • Look up terms for Fast-UDLD, BFD, NSF, VRRP, HSRP, MPLS-HA
  • ----- Meeting Notes (2/28/14 16:03) -----Increased HA with 4500E modular access
  • For the 4500E, 7E
  • Challenge: Network admin is reactive because the lack of tool to proactively monitor network and application performanceWhen users call to complain about problem with the application, network admin starts troubleshooting the networkIn reality, problem may or may not be in the network. It will get worse when we start using cloud services which is off premiseWhat can we enable in the network to help the network admin better get the handle of network and application performance
  • ----- Meeting Notes (2/28/14 16:03) -----Transition to What Cisco can provide to you
  • In CCW, when you check out the 3K and 4K switches, you can add free 90 days license or purchase them at a reduce price. A voucher is providedWith Cisco Prime, it is free but keep in mind the number of devices you’ll be managing
  • Bonjour Portal
  • Wireless have definitely taken off! You may be asking that I already have wireless so why should I care. According to “The Smarter Balanced Technology Strategy Framework and Testing Device Requirements” document, stated that connections using 802.11g access point can reliably support a maximum of 20 workstations and for a 802.11n access points, up to 40 802.11n devices can be reliably supported. Depending on your classroom size, this can very well be one access point per classroom. 802.11ac wave 1 is now out and there are definitely benefits. First, increased bandwidth capacity, This means you can provide more bandwidth to more users. Since 802.11ac operates in 5 GHz, there is greater number of non-overlapping channels and it will avoid some of the common RF interferences we see in 2.4 GHz (microwaves, Bluetooth, etc). Second, more and more devices are being release with 802.11ac support. Third, battery life is better on 802.11ac devices since the device can quickly transfer data.Some may wondering or holding out for 802.11ac wave 2. Cisco is one step ahead and has introduced 802.11ac accept points that are modular and will support wave 2 by simply attaching a module.
  • Since Cisco develops their own silicon, We can provide advanced technology. For instance, Cisco CleanAir technology enhanced with 80MHz Channel Support, provides proactive, high-speed spectrum intelligence across 20-, 40-, and 80-MHz-wide channels to combat performance problems due to wireless interference.Cisco ClientLink 3.0 technology to improve downlink performance to all mobile devices, including one-, two-, and three-spatial-stream devices on 802.11ac while improving battery life on mobile devices such as smartphones and tablets.Turbo boost is an advanced scheduler that uses the built in memory on the radio to provide scalable multi client performance. In other words, improved airtime fairness
  • Feature below benefitEnergywise 0$ SKU
  • ----- Meeting Notes (2/28/14 08:10) -----In this scenario, lets presume there are 21 switches per building which equates to (84) 1 tier devices plus (8) 2 tier devices and (2) 3 tier devices totally 94 devicesPresuming that the access switches will have two access trunks going to the distribution layer, we will have 168 access trunks to manageFinally, if these are 48 port switches, then we're looking at 4032 user ports to manage
  • TOM
  • Improve operational efficiency and consistencyNetwork-centric infrastructure, as platform to deliver applications end-to-end
  • Initial Cisco APIC - Enterprise Module Fast IT Deployment Models Software Defined Networks Beyond Just Switches & Flow Management

Architectural approach   innovations clle-2014 Architectural approach innovations clle-2014 Presentation Transcript

  • Local Edition Architectural Approach – Innovations across Wired, Wireless, and WAN Joel A. Cochran, CCIE# 5448 Product Manager, Market Strategy Enterprise Networking Group
  • © 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco Public Local Edition Agenda • Introduction • Industry Trends • Unified Access Architecture • Technology Enablers • Summary 2
  • © 2014 Cisco and/or its affiliates. All rights reserved. 3 Before we begin… Discussion Time • What challenges are you facing today? • How many devices do you see on your network? - What is growth rate of these devices? • Do you have visibility of applications running on your network? - If so, which application is most common in your network? • What percentage of your network traffic is video? • How much time are you spending troubleshooting? • What‟s the impact if your network goes down? …In the end, it is not about features but how the solution will help overcome your challenges
  • © 2014 Cisco and/or its affiliates. All rights reserved. 4 Deliver an Uncompromised User Experience on Any Workspace IT Requirement Evolving User Workspace Mobility • Seamless roaming • Optimal client performance • Cloud access/VXI Video • Multicast streaming • Video conferencing • Reliable performance BYOD • Secure access • Customized experience • Guest access
  • © 2014 Cisco and/or its affiliates. All rights reserved. 5 Wireless Standards – Past, Present, and Future Early 2000 2002 2004 2006 2008 2010 2012 2014 2016 CLIENTS/BANDWIDTH Media Rich ApplicationsPervasive Mission CriticalNice to Have 10Gbps 11Mbps 802.11n 450 Mbps 802.11a, 802.11b 11 Mbps 802.11g 54 Mbps 802.11ac-1 1 Gbps 802.11ac-2 3.5 Gbps Future
  • © 2014 Cisco and/or its affiliates. All rights reserved. 6 Unified Access Unified Access LAN/WLAN LAN/WLAN LAN/WLAN BYOD, Unified Policy & Network Management Location, Application Prioritization, Hig h Availability 802.3 Gigabit Ethernet 802.11b Autonomous Access Points 802.3 10 Gigabit Ethernet and 13 Watt PoE 802.11abg, Co ntroller- Coordinated Access Points 802.3 25 Watt PoE and Energy Efficient Ethernet 802.11abgn, Advanced RF Management 802.3 100 Gigabit Ethernet Internet of Things, Software -Defined Networks 1X Network Devices Than People 2X Network Devices Than People 5.0 GHz2.4 GHz 802.3 40 Gigabit Ethernet Gigabit Wi- Fi, Controller as a Function 20151997 2012 UnifiedAccess: IT Trends
  • © 2014 Cisco and/or its affiliates. All rights reserved. 7 IT Top of Mind Is Your Network Ready? Can I offer secure, mission critical wired/wireless access services? 2 Am I investing in an architecture future-proofed for scale? 3 1 How do I manage complexity to reduce costs?
  • © 2014 Cisco and/or its affiliates. All rights reserved. 8 Cisco Vision of Enterprise Network The Intelligent Platform for a Connected World Connecting People Connecting Clouds Connecting Things Simple Secure Lower TCO Simple Secure Lower TCO
  • © 2014 Cisco and/or its affiliates. All rights reserved. 9 Traditional Overlay Network with Mgmt Applications • Traditional deployment Centralized WLC Multiple mgmt apps • Wireless traffic CAPWAP tunneled to WLC Wireless Control System Access Control Server LAN Mgmt Solution Identity Mgmt NAC Profiler Guest Server Internal Resources Cisco Firewall Cisco Access Point Catalyst Switch Corporate Network Internet Cisco Wireless LAN Controller
  • © 2014 Cisco and/or its affiliates. All rights reserved. 10 One Policy and One Management • ISE and Cisco Prime simplify the management Wireless Control System Access Control Server LAN Mgmt Solution Identity Mgmt NAC Profiler Guest Server Internal Resources Cisco Firewall Cisco Access Point Catalyst Switch Corporate Network Internet One Management Prime One Policy ISE Cisco Wireless LAN Controller
  • © 2014 Cisco and/or its affiliates. All rights reserved. 11 One Network Converged Wired / Wireless • Wired and Wireless data traffic converge at the access. • AP mgmt traffic separated from data traffic • WLC - distributed, or centralized • Enables scaling wireless devices and bandwidth Wireless Control System Access Control Server LAN Mgmt Solution Identity Mgmt NAC Profiler Guest Server Internal Resources Cisco Firewall Cisco Access Point Catalyst Switch Corporate Network Internet One Management Prime One Policy ISE Cisco Wireless LAN Controller Converged Access Mode • Integrated wireless controller • Distributed wired/wireless data plane (CAPWAP termination on switch) One Network
  • © 2014 Cisco and/or its affiliates. All rights reserved. 12 Cisco Unified Access Portfolio Robust Converged Wired and Wireless Solution Cisco Unified Access Controllers and Access Switches Access Points Identity Services Engine (ISE) Prime Infrastructure One Policy 1600 Small-Mid Enterprise 2600 Feature-Optimized Enterprise 3600 Mid-Large Enterprise 3700 W/ HDX High-Density Enterprise 1530 Low Profile 1550 Larger Deployments 8500, 5760, 5508 Wireless Controllers Backbone Switches Catalyst 4500 Converged Access Switches Catalyst 3650 Catalyst 3850 One Network MDM/MAM SIEM Catalyst 6800Catalyst 6500 Catalyst 2960-X Access Switch One Management
  • © 2014 Cisco and/or its affiliates. All rights reserved. 13 End-User Devices Access Infrastructure Management and Troubleshooting IT Focus Policy Enforcement LAN Wireless Security Wired Policies Wireless Policies Guest / VPN Policies LAN Mgmt. Wireless Mgmt. Identity Mgmt. Access SwitchAccess Switch Wireless Controller Access Point Wireless Controller Access Point Wired Devices Laptops Mobile Phones Tablets BYOD Growth Before Unified Access Access Point Access Point Application Mgmt.
  • © 2014 Cisco and/or its affiliates. All rights reserved. 14 One Unified Access Security Access Point End-User Devices Access Infrastructure Management and Troubleshooting IT Focus Policy Enforcement LAN Wireless LAN Mgmt. Wireless Mgmt. Identity Mgmt. Access SwitchAccess Switch Wireless Controller Access Point Wireless Controller Wired Devices Laptops Mobile Phones Tablets BYOD Growth With Cisco Unified Access One Policy Prime Infrastructure One Management Catalyst 3850 One Network IT Focus to Business InnovationsIT Focus on Business Innovation Wired Policies Wireless Policies Guest / VPN PoliciesCisco ISE Access PointAccess Point Access Point Application Mgmt. IT End-User Simplified BYOD Lower TCO New Innovative Services New Connected Experiences Increased Productivity
  • © 2014 Cisco and/or its affiliates. All rights reserved. 15 What Technologies are critical in the network • High Availability – because the network is mission critical • Network Visibility and Control – Because one can‟t control what one can‟t see • Scale / Performance – Always need for more speed and scalability • Management – Need to do more with less resources. Work Smarter • Security – Provide secured access any where, any place, any time
  • © 2014 Cisco and/or its affiliates. All rights reserved. 16 What Technologies are Critical in The Network • High Availability – because the network is mission critical How to build a resilient network in the wired and wireless network • Network Visibility and Control – Because one can‟t control what one can‟t see • Scale / Performance – Always need for more speed and scalability • Management – Need to do more with less resources. Work Smarter • Security – Provide secured access any where, any place, any time
  • © 2014 Cisco and/or its affiliates. All rights reserved. 17 Access Points (AP) • RF design to ensure single AP failure does not create WiFi hotspots Resilient Infrastructure Design Access Switching • No architectural resiliency in this layer – ensure system level HA (SSO) • Spread AP across stack-members/line-cards to avoid WiFi hotspots • ISSU for hitless software upgrades Backbone Switching • VSS for Multi Chassis Etherchannel (MEC) • Intra-Chassis: SSO, Multicast HA, EFSU • Resiliency Protocols: Fast-UDLD, BFD, NSF, VRRP, HSRP, MPLS-HA WLAN Controller • AP and Client SSO for sub-second recovery • No client re-authentication & on-boarding required
  • © 2014 Cisco and/or its affiliates. All rights reserved. 18 Cisco Confidential Wireless Controller High Availability Sub-Second Recovery of WLAN WLAN Sub Second Recovery/Convergence Client Application Session Maintained 1:1 SSO—AP Stateful Switchover L3 Network AP State Sync N:1 Redundancy L3 Network AP Failover HA Controller Primary Controller’s AP SYNC Primary Controller HA Controller (Release 7.5 ) 1:1 SSO—AP and *Client* Stateful Switchover State Sync Over Any L2 Network L3 Network AP SYNC AP and Client State Sync Primary Controller HA Controller L2 Network Client State SYNC • Needs only 1 set of AP Licenses • Fastest recovery time in the industry • Seamless Recovery through – Share security keys (PMK) – Share RF information
  • © 2014 Cisco and/or its affiliates. All rights reserved. 19 Catalyst 3850/3650: Fixed Access High Availability • Improved Stack Bandwidth: •480 Gbps with spatial reuse (160Gbps on 3650) • Stateful Switch Over (SSO): • Faster Convergence (vs 3750-X) • Active-Standby model • Central synch on Active Switch for Wired/Wireless • Tunnel SSO ensures AP & MA-MC connectivity during failover • Dual power supply with Power Resiliency HA “pool of power” available to all stack members • Provides “Zero-footprint” RPS Power supply redundancy without an RPS • Intelligent power shedding Turn off low priority PoE devices in the event of a power supply failure Stackwise-480 StackPower (Only on 3850) Cisco Confidential Sub-Second Recovery of LAN
  • © 2014 Cisco and/or its affiliates. All rights reserved. 20 In Service Software Upgrade (ISSU) • Comprehensive, non-intrusive software upgrade • Transparent to end users — no loss of user sessions • Upgrades at anytime — even during business hours! • Image Roll-Back < 200ms Cisco Confidential Sub-Second Recovery of LAN with In Service Software Upgrade (ISSU) Redundant Power Supplies ―Transparent‖ line card design Dual Supervisors with SSO & NSF Power Circuit Redundancy Pwr Rail 1 Pwr Rail 2 X Redundant Fans Unique redundant uplinks All uplinks (active & standby Sup.) active, even when a Sup. fails LineCard LineCard LineCard ACTIVE STANDBY Redundant Supervisors Sub Second ISSU ACTIVE Catalyst 4500E: Modular Access High Availability
  • © 2014 Cisco and/or its affiliates. All rights reserved. 21 Backbone Switching High Availability Only on Catalyst 6500 and 6807-XL Catalyst 6500 & 6807-XL Catalyst 6880 Catalyst 4500E/X LACP or PagP LACP Monitoring Server Access Switch or ToR or Blades 10GE SSO Sync VSS Quad-Sup SSO Deterministic and Automated recovery - Maximize throughput even after failure - HA for single and dual attached devices - Together with EFSU offers industry leading HA in campus backbone 100 % 50% AvailableBandwidth Time 200ms Sup Failure VSS Simplified Network Design - Spanning tree and FHRP Eliminated - Maximize b/w utilization with MEC - Single touch-point manageability - VSS with EFSU guarantees 50% b/w during s/w upgrades AvailableBandwidth 100 % 50% Time Sup Failure Maximize LAN B/W Utilization with Sub-Second Recovery
  • © 2014 Cisco and/or its affiliates. All rights reserved. 22 What Technologies are Critical in The Network • High Availability – because the network is mission critical • Network Visibility and Control – Because one can‟t control what one can‟t see • Application Visibility & Control • Flexible Netflow on wired • Nbar 2 on wireless • Bonjour Services • Scale / Performance – Always need for more speed and scalability • Management – Need to do more with less resources. Work Smarter • Security – Provide secured access any where, any place, any time
  • © 2014 Cisco and/or its affiliates. All rights reserved. 23 When Users Complain About Application Problem Wireless Network Issue Increased Latency WAN Network Issue Application Problem Server Problem User Problem Your network is so slow I cannot get any work done today I do not see anything wrong End Users Network Admin What users see What network admins see What can happen ping – OK show ip route - OK traceroute - OK show interface - OK
  • © 2014 Cisco and/or its affiliates. All rights reserved. 24 How Can My Network Infrastructure Help Me? Granularly identify the applications Understand the user experience Understand the network condition and capacity Deliver consistent performance to critical applications Maximize use of available resources Control unwanted traffic
  • © 2014 Cisco and/or its affiliates. All rights reserved. 25 What do we want to monitor? Traffic Statistics • Application Usage per client IP/subnet/site • Top clients per application Application Response Time • Per-application end-to-end latency • Application response time & transaction time • Application processing time • Top conversation per application Media Performance • Per-stream jitter and packet loss • RTP conversations URL Visibility • Most visited web-site • Per-URL application response time
  • © 2014 Cisco and/or its affiliates. All rights reserved. 26 High Med Low Reporting Tools NFv9/IPFIX Application Visibility and Control Advanced reporting tool aggregates and reports application performance App Visibility & User Experience Report Management Tool Perf. Collection & Exporting Collect application performance metrics, and export to management tool Identify applications using L3 to L7 information Application Recognition Control application network usage to improve application performance Control App BW Transaction Time … SAP 3M 150 ms … Sharepoint 10M 500 ms …
  • © 2014 Cisco and/or its affiliates. All rights reserved. 27 High Med Low Reporting Tools NFv9/IPFIX Application Visibility and Control Advanced reporting tool aggregates and reports application performance App Visibility & User Experience Report Management Tool Perf. Collection & Exporting Application Recognition Control App BW Transaction Time … SAP 3M 150 ms … Sharepoint 10M 500 ms … Cisco Prime Infrastructure Unified Monitoring Traffic Statistics Response Time Voice/Video Monitoring URL Collection NBAR2 Metadata QoS (w/ NBAR2) PfR
  • © 2014 Cisco and/or its affiliates. All rights reserved. 28 AVC (NBAR2) Across Cisco Portfolio Branch Headend Campus IOS 15.2(2)T1 IOS XE RLS 3.4S ISR G2 ASR 1000 Cisco Wireless Controllers 7.4 Catalyst 65xx Series NAM Blade (NAM3) NAM 2300 Series Appliance Cisco Prime NAM for ISR G2 SRE
  • © 2014 Cisco and/or its affiliates. All rights reserved. 29 Control with EEM Integration Visibility CapabilitiesBenefits Flexible NetFlow - UnprecedentedApplication Visibility Lower CAPEX • Better insight for capacity planning, network upgrade Lower OPEX • Better service and user experience • Increased IT staff productivity IP, Ports TCP Flags L2 MAC L2 VLAN UDP Flags IPv6 IP Options Multicast … Day0 Attacks Detect Anomaly Compliance SLA App. M&T Capacity Planning Mobility, Unified Communications, Network Virtualization Flexible NetFlow Campus Branch Collector Ecosystem • Unprecedented visibility w/ new L2~7 fields • Scalable, flexible flow monitors • On-box Customizable policy action w/ EEM • Broad collector partner ecosystem Available across Catalyst 6K/4K/3K, Wireless & Routing Portfolio
  • © 2014 Cisco and/or its affiliates. All rights reserved. 30 New Flexible NetFlow Solution Non-Cisco Catalyst 4500E/3850 $50 $12 76% Per Port Cost of Collector Application Solution with Leading NetFlow Collectors
  • © 2014 Cisco and/or its affiliates. All rights reserved. 31 Bonjour Protocol What is it? Bonjour is a discovery protocol used by Apple devices • Relies on multicast DNS (mDNS, RFC 6762) • Apple devices use 224.0.0.251 (IPv6 FF02::FB) to announce or discover services CAPWAP Tunnel Apple TV VLAN X AP WLC L2 Switch Anyone doing Airprint? 224.0.0.251 I do Airplay 224.0.0.251 VLAN X
  • © 2014 Cisco and/or its affiliates. All rights reserved. 32 Bonjour Protocol So what are we really trying to solve? • 224.0.0.251 (IPv6 FF02::FB) is multicast… • And cannot be routed (belongs to the „non-routable‟ part of multicast, as per RFC 5771 defining multicast addresses) – No cross-subnet discovery CAPWAP Tunnel Apple TV VLAN X AP WLC L3 Switch VLAN Y
  • © 2014 Cisco and/or its affiliates. All rights reserved. 33 In 8.0 you can create groups: users (roles and identity), devices, services And then you decide how these groups interact Bonjour Service Control Organize by using policies Policy Components Location Device Type Student Teacher Admin John User-Role Identity Bonjour Devices WLC
  • © 2014 Cisco and/or its affiliates. All rights reserved. 34 Teacher Student Location Device Type User-Role Classroom iPad StudentTeacher Bonjour Service Control Policy Example
  • © 2014 Cisco and/or its affiliates. All rights reserved. 35 Open Discussion on Bonjour • Are you using the Bonjour protocol? • What are your typical deployments? • What challenges do you see? • How do you manage Bonjour advertisements on the wired? • What would like to see from Cisco?
  • © 2014 Cisco and/or its affiliates. All rights reserved. 36 What Technologies are critical in the network • High Availability – because the network is mission critical • Network Visibility and Control – Because one can‟t control what one can‟t see • Scale / Performance – Always need for more speed and scalability Wireless driving higher scale requirements in your infrastructure • Management – Need to do more with less resources. Work Smarter • Security – Provide secured access any where, any place, any time
  • © 2014 Cisco and/or its affiliates. All rights reserved. 37 • >50% of enterprise traffic will originate on Wi-Fi by 2017 • 50% of all new Wi-Fi devices in 2014 will be 802.11ac capable (ABI Research) • Wave 1 802.11ac has 5+ years of affectivity for Smartphones and Tablets • Wave 1 802.11ac improves battery efficiency by 2X for Smartphones, Tablets, and Laptops 2007200319991997 20152013 802.11 802.11n802.11b 802.11a/g 802.11ac Wave 1 802.11ac Wave 2 1 Spatial Stream 3 Spatial Streams 8 Spatial Streams 2Gigabit EthernetUplinks 2 11 54 24 65 600 450 300 6900** 1300* 870* 290* 290* 6900** 3500** 2340** **Assuming 160 MHz Is Available and Suitable Gigabit EthernetUplink 1730** 2 Spatial Stream 4 Spatial Streams 4SS Desktops 3SS Desktops / Laptops 2SS Laptops / Tablets 1 SS Tablets / Smartphones *Assuming 80 MHz Is Available and Suitable Gigabit Wi-Fi as Primary Connectivity Gigabit Ethernet as fallback
  • © 2014 Cisco and/or its affiliates. All rights reserved. 38 Cisco Aironet 3700 Access Point Series Best-in-Class 802.11ac with Integrated 802.11ac (4x4:3SS) • Industry’s first 4x4 MIMO:3 SS 802.11ac AP • 3X performance of 802.11n 5Ghz Wi-Fi • Higher performance at a greater distance • RF Excellence enabled in hardware • High Density Experience Technology • Higher Client density, scale and performance • Future proofed design • Modular Architecture = investment protection • Security, 3G Small Cell or Wave 2 802.11ac module options *Assuming 160 MHz is available and suitable
  • © 2014 Cisco and/or its affiliates. All rights reserved. 39 Cisco AP Design DRAM (512Mb) CPU (800 MHz) 384 MHz CPU Radio – 2.4GHz 4x4 Antennas for Reliability On-Radio Cache for Speed Competitor‟s AP Design DRAM (512Mb) CPU (800 MHz) Radio – 2.4GHz Radio – 5GHz 3x3 Antennas Cisco: Custom Radio Firmware with additional memory results in total capacity of 90,000 packets per second (because of Host CPU and Radio CPU working together) DRAM (128Mb) 512 MHz CPU DRAM (128Mb) Radio – 5GHz
  • © 2014 Cisco and/or its affiliates. All rights reserved. 40 Cisco Aironet 2700 Access Point Series Enterprise Class 802.11ac • Industry’s first 3x4 MIMO:3 SS 802.11ac AP • 3X performance of 802.11n 5Ghz Wi-Fi • Higher performance at a greater distance • RF Excellence enabled in hardware • High Density Experience Technology • Higher Client density, scale and performance • 2 Gig Gigabit Ethernet Uplink ports *Assuming 160 MHz is available and suitable
  • © 2014 Cisco and/or its affiliates. All rights reserved. 41 802.11ac ready interference detection PREDICTABLITY PERFORMANCE Beam forming for 802.11a/g/n/ac UNMATCHED SCALE Optimized for high density performance High Density Experiences = Solve for BYOD at Scale CLEAN AIR CLIENT LINK TURBO BOOST n n AP ac ac n ac High Density Experiences
  • © 2014 Cisco and/or its affiliates. All rights reserved. 42 Cisco Aironet 700W Access Point Series Wall Mount, Dual Radio with 4 (four) integrated GbE ports • Enterprise class RF performance, integrated antennas, Dual Radio 2x2:2 • 4x GbE local ports with 1x PoE out • Sleek design in a small form factor • Purpose-built bracket for ease of mounting to numerous wall-box standards • Physical security enhancements: Torx screw or Kensington lock • Designed for in-room Wi-Fi coverage – Hospitality, Education, Multi-dwelling units Near Future: Basic wired port management
  • © 2014 Cisco and/or its affiliates. All rights reserved. 43 Tomorrow Starts Here on the 3850 and 4500E Unified Access Data Plane (UADP) ASIC Fir s t ASIC for W ir ed and W ir eles s Tr affic Pr oc es s ing C is c o ON E ( Open Network Envir onment) R eady Pr ogr ammable for fas t feature rollout
  • © 2014 Cisco and/or its affiliates. All rights reserved. 44 Tomorrow Starts Here on the 3850 and 4500E IOS-XE D ec ouples IOS c omponents for inc reas ed effic ienc y Modular and optimiz ed for multi - c or e C PU s D es igned to hos t 3 r d par ty applic ations lik e W ir es har k SD N r eady
  • © 2014 Cisco and/or its affiliates. All rights reserved. 45 • Traditional Controllers can continue to terminate APs centrally and be used as MC for Converged Access switches • Catalyst 3650/3850 can play the role of both MA and MC • Valid for Branch and small-medium campus type deployments • Distributing only the CAPWAP termination (MA) to the Catalyst 3850/3650 helps with: • Improved Scalability – larger mobility domains • Increased wireless bandwidth • Uniform wired/wireless policy enforcement AP Capwap Tunnels Mobility Tunnels ISE Prime Access Points Catalyst 3850/ 3650 Catalyst 3750 5760, 5508, WISM2 with SW upgrade to 7.5 MA MC Capwap Termination Better Scale and Bandwidth with ConvergedAccess Separation of MA and MC
  • © 2014 Cisco and/or its affiliates. All rights reserved. 46 Tbp s Gbp s Wireless Scalability with ConvergedAccess Small Campus or Branch (192 users) Total Wireless Bandwidth (Gbps) Number of Switches: 4 UA 3850 46 Employee Guest Total Wireless Bandwidth (Tbps) Campus (3840 users) Number of Switches: 80 Future Proofing your Network for 802.11ac and beyond Max scale without 5760 WLC: 250 APs,16k clients Max scale with 5760 WLC: 72k APs, 864k clients
  • © 2014 Cisco and/or its affiliates. All rights reserved. 47 802.11ac Wave2 & Key Switch Requirements Standard Compliant 10G Copper for >1G, Needs Cat6a minimum for 100m POE+ Cisco Innovation over 10GT Standard to support POE+ Maintain Switch to AP Length Reach 100m of reach Infrastructure Investment Protections Support Cat 5e cabling Catalyst 3850 Catalyst 4500E Architected to see you through this transition Investment Protection: No Rip & Replace Cisco-on-Cisco: No Infrastructure Upgrade
  • © 2014 Cisco and/or its affiliates. All rights reserved. 48 Catalyst Switches Built with Scale Access Aggregation Core Feature Catalyst 3850 Catalyst 4500E (SUP8E) Catalyst 6880 Catalyst 6807 Line Card Slots / Boxes per stack 9 members / stack 8 Slots 4 Slots 5 Slots Number of Ports (GE) 432 (GE) 384 (GE) 80 (10GE) 240(GE) / 84 (10GE) Switching Bandwidth 480G Stack + 56G System 928G 400G 400G Slot Bandwidth 56G / per switch 48G 80G 880G Capable IPv4 Routes 24K 256K 2M 1M ACL Entries 3K 128K 256K 64K Buffer 12MB 32 MB 72MB / port 256MB / port Key Trends Requirements Catalyst Switching Scale Mobility (802.11ac) • Line-rate access • High density 10G in backbone • 40G Wireless Bandwidth • 96 x 10G Ports BYOD • ACL Scale to set policies per user/device/location • VLAN/Route scalability • 256K ACL Entries supported • 4K VLANs User Experience • High Bandwidth for application support • Per port QoS Support • 480G Stack Bandwidth • 8 Queues per port in HW Collaboration • Multicast replication rate • Deep packet buffering to absorb bursty traffic • 1M Multicast Routes • 256MB of Packet Buffer Infrastructure consolidation (BMS) • Access port scalability • Virtualization scale • 432 GE Access Ports • 4K VRFs / VLANs Security • High ACL Scale to set policies per user • MACSec support in Hardware • 256K ACL Entries • Line Rate MACSec in Hardware Application Visibility & • Netflow Support and ability to do Deep Packet Inspection • Flexible Netflow in HW, 1M flows support Catalyst 3K Catalyst 4500E Catalyst 6880 Catalyst 6807
  • © 2014 Cisco and/or its affiliates. All rights reserved. 49 What Technologies are critical in the network • High Availability – because the network is mission critical • Network Visibility and Control – Because one can‟t control what one can‟t see • Scale / Performance – Always need for more speed and scalability • Ease of Use/Management – Need to do more with less resources. Work Smarter – Speeding Up Installations & Configuration – Troubleshooting – Simplified management across wired, wireless, and VPNs – SDN / Openflow • Security – Provide secured access any where, any place, any time
  • © 2014 Cisco and/or its affiliates. All rights reserved. 50 Director – Catalyst 6K, 4K, or 3K Access Switches Smart Operations - Increase Productivity, Lower TCO Sleep Sleep Sleep Zero Touch Deployments and Maintenance New Switch Connected • Software image downloaded; • Wired + Wireless Configuration automatically applied • On-going Image Update and Configuration Back-up Smart Install New Device Attached • Port Configuration: Applied • QoS Policy: Enforced • Security Policy: Enforced Plug and Play for End Devices Auto Smart Ports Anomaly Detected • Packet Capture for Wired and Wireless • Proactive diagnostics • Real time Alerts • Web-based reports • Routed to TAC team Monitor & Troubleshoot Smart Call Home IPSLA, WireShark • Ability to take custom actions based on syslogs/triggers • Enhanced Flexibility and control Control Your Network EEM, XML Programmability • EEE ready • Energywise – Time of the day policy based on/off of access devices • 0 $ SKUs for energy management Reduced Energy Consumption Energywise and EEE Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases
  • © 2014 Cisco and/or its affiliates. All rights reserved. 51 Optimize Troubleshooting with Wireshark • Built-in packet sniffer for remote troubleshooting • Real-time packet capture and decode for wired/wireless* • Capture and Display Data and Control Packets • PCAP Storage options SD card or USB *Roadmap H2CY14 on Sup8E Switch# show monitor capture file bootflash:nflow.pcap detailed Frame 2: 880 bytes on wire (7040 bits), 880 bytes captured (7040 bits) Arrival Time: Nov 2, 2011 03:21:13.992382490 Universal <..SNIP..> Frame Number: 2 Frame Length: 880 bytes (7040 bits) Capture Length: 880 bytes (7040 bits) <..SNIP..> [Protocols in frame: eth:ip:udp:data] Ethernet II, Src: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f), Dst: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Destination: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Address: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) CLI Packet Capture
  • © 2014 Cisco and/or its affiliates. All rights reserved. 52 What Does Cisco EnergyWise Suite do? Note: No facilities focused interfaces to building management systems (BMSs); enabling BMS partners to reach into IT assets Energy Intelligence • Energy cost • Energy use • Energy reduction • Carbon emissions • Date and time • Location cost center • Energy-use simulation • ROI modeling Manage IT Energy Management On-premises and cloud-based software for IT energy management Cisco EnergyWise™: Energy management based on Cisco IOS® Software 1 2 • Software for energy management and analytics focused on IT assets ̶ The network: Routing, switching, and access points ̶ Distributed enterprise networks: PCs, Macs, VoIP phones, copiers, printers, etc. ̶ Data centers: Physical and virtual servers, routers, switches, storage, e tc. • Use the network to measure, monitor, and manage energy. • Allow the network to be the command and control plane for power management • Use the Cisco® switch or router as the arbiter or timer for energy management • Use the network to aggregate power-use reporting • Allow the network to provide secure, reliable energy management
  • © 2014 Cisco and/or its affiliates. All rights reserved. 53 Time-Based Data CenterLocation BasedEvent Based Example: Example: Example: Example: Power management of devices VoIP phones , PCs , printer servers, etc. based on work patterns • Response to external triggers: Respond to energy events with policies • Systems management: Integration with systems management tools and user- authentication events • Smartphone location coupled with badge management app • Access control triggers office environment to power on • Data center infrastructure management • Capacity management of power and device lifecycle in data centers • Ties physical to logical environment What Does Cisco EnergyWise Suite Do?
  • © 2014 Cisco and/or its affiliates. All rights reserved. 54 PnP – Solving the Scale Issue Good News!!! Refresh Switches have arrived Bad News Rack and Install process begins Good News!!! Smart Install is on the team!! Solving the repetitive tasks!!
  • © 2014 Cisco and/or its affiliates. All rights reserved. 55 Network Deployment – Challenges Direct Costs • Shipping and preparing costs for staging • Travel costs of IT staff or hiring of highly skilled installers at branch locations Complexity • Copy-pasting configs results in errors • Different products - Routers, switches, Wireless need to be handled Security • Configs with sensitive info handled by 3rd party • Rouge devices joining the network • Unavailability of trusted partners, installers Time/Productivity • Manual process X number of devices X locations, slows deployment • Additional shipping and staging results in longer lead time for 1st day of operational network Today’s Process Business Challenges Site-1 IT Admin Customer Staging facility • Install OS • Install base config Installer Ships Equipment Re-Ships equipment Reseller/Partner Site-2 Site-3
  • © 2014 Cisco and/or its affiliates. All rights reserved. 56 Next Gen Plug and Play Solution : Customer experience overview Pre Provision Projects/Sites • Policies • Match Rules • Configs/Image • IP Addressing IT Admin Site 1 Installer 1 2 3 PnP Server IT Admin Unskilled Installer Connects Device on-site Under the Hood 1. New device is pre-provisioned in PnP server 2. Installer connects the cables and powers on the device 3. Device discovers PnP server and sends it‟s SUDI certificate 4. PnP server authenticates the device. A secure communication channel is created 5. PnP server sends the right configuration, image, licenses and files to the device 6. Device reloads executes post install actions (script or CLI) 7. Install success/failure notifications are sent by the PnP server as needed. IT Admin Checks Status
  • © 2014 Cisco and/or its affiliates. All rights reserved. 57 Cloud PnP Redirection Service 4 PnP App for Installer 2 Next Gen Plug and Play Solution : Architecture Prime Infrastructure ENG Controller Third Party Applications Internet 3G/4G access to NOC PnP Agent 1 PnP Server in DMZ (PnP gateway + UX) 3 Options for PnP Server Console/Bluetooth access to device Unskilled Installer GUI Based Consistent for devices & PIN(Campus/Branch) Secure RMA Use Case Greenfield & Brownfield
  • © 2014 Cisco and/or its affiliates. All rights reserved. 58 Auto Smartports – What It Is Auto Smartports: Dynamically Configures Ethernet Ports Based on the Device Type Detected Problems? Solutions Manual configuration of every port • Devices move Configuration moves with device Wasted Ports – pre-configured dedicated interfaces and no device Interfaces in ready state waiting for a device to attach. • More efficient use of valuable ports Unsure how to mix multiple features together Cisco Best Practices for mixing interface level configurations Not knowing what is connected • Which interface has the printer? Device classification. What is attached on every interface
  • © 2014 Cisco and/or its affiliates. All rights reserved. 59 Challenge: Managed Nodes Explosion • 94 Total Devices for Image and Configuration Management • 168 Access Trunks/Port- Channels • 4032 User Ports Considerations: • STP Loop Prevention • FHRP Tuning • CAM/ARP Tuning • PIM Tuning/DR priority • Routing Protocol Tuning • 94 Separate Configurations of SNMP, NTP, TACACS, Banner, vty, VLAN DB, Mgmt IP/GW, Hostname SiSi SiSi SiSi SiSi SiSi SiSi SiSi SiSi SiSi SiSi Building 1 Building 2 Building 3 Building 4 Core
  • © 2014 Cisco and/or its affiliates. All rights reserved. 60 Benefits Operational Simplicity with Catalyst Instant Access REDUCEDTCO A Single Image to deploy and manage across Distribution POD Agile Infrastructure to add new features uniformly across Access Layer Highly Fault Tolerance with Quad-Sup- VSS SSO Consistent Features at Access Single Point Of Management, Configuration and troubleshooting Cisco Prime Managed Devices = 20+ Managed Devices = 1 ISE 1000 Port Campus Distribution POD SiSi SiSi
  • © 2014 Cisco and/or its affiliates. All rights reserved. 61 One Management with Cisco Prime Infrastructure Integrated Wired/Wireless Lifecycle and Assurance Management • Regulatory and best practice policies • Automated audit and reporting • Centralized remediation Prime Infrastructure User Productivity Regulatory & Operational Compliance Operational Productivity User, Site & App Experience • Application performance visibility • User & site-level visibility • Proactive monitoring • Real-time troubleshooting • “Prime 360” diagnostic views Automated Best Practices • Wired/wireless, Branch/WAN • Integrated lifecycle • Cisco best practices built in • “Day 1” device support
  • © 2014 Cisco and/or its affiliates. All rights reserved. 62 Many Purpose-Built Architectures SWITCHING, ROUTING, WIRELESS Unique Services Purpose- Built ASICs IOS Variants Custom HW Unique Services Purpose- Built ASICs IOS Variants Custom HW Unique Services Purpose- Built ASICs IOS Variants Custom HW Unique Services Purpose- Built ASICs IOS Variants Custom HW Unique Services Purpose- Built ASICs IOS Variants Custom HW Unique Services Purpose- Built ASICs IOS Variants Custom HW Unique Services Purpose- Built ASICs IOS Variants Custom HW Multiple Products on Common Architecture SIMPLE, SECURE, REDUCED TCO UADP and USCP ASIC Standard Platforms Common Services IOS-XE Cisco ONE Architecture AGILE SOFTWARE MODEL Software-Defined Services Management and Policy Standard Platforms UADP and USCP ASIC IOS-XE Cisco ONE Yesterday Today Tomorrow Cisco's Enterprise Networks Strategy for SDN
  • © 2014 Cisco and/or its affiliates. All rights reserved. 63 Introducing: Cisco ONE Enterprise Network Controller • Open Daylight SDN Controller Architecture • Consistent API to all Cisco Controllers • North: RESTful, OSGI • South: CLI, OpenFlow, OnePK • Runs on Any Physical x86 or Virtual Server • Offered as Software Solution or Dedicated Appliance • New Agile Continuous Integration Model • No Programming Skills Required • Simplify Complex/Tedious Configuration Tasks • Integrated Analytics and Business Intelligence • Greenfield and Brownfield Networks (CLI) • Supports Catalyst Switches, ISR and ASR Routers Mask Network Complexity, Expose Network Intelligence
  • © 2014 Cisco and/or its affiliates. All rights reserved. 64 Cisco ONE Platform Enabling Fast IT CISCO ONE PLATFORM Consistent Policy-Based Management and Security DC Cisco Application Policy Infrastructure Controller (APIC) Cloud InterCloud Northbound APIs (ONE DevKit) WAN Southbound APIs (OpenFlow, onePK, CLI) NEW NEW ACCESS NEW DC Module Enterprise Module NEW
  • © 2014 Cisco and/or its affiliates. All rights reserved. 65 •Easy QoS •Follow Me QoS •Compliance Assurance •Network-Wide Rapid Threat Detection and Mitigation (Sourcefire) •ACL Management Automation Solving the Most Pressing, Complex and Tedious IT Problems •Automated Performance Routing (PfR) Configuration •Automated WAN Policy Compliance Assurance QoS Cisco APIC - Enterprise Module : Initial Deployment Scenarios
  • © 2014 Cisco and/or its affiliates. All rights reserved. 66 Effective Management Exceptional Control Comprehensive Visibility • Data Center • Intranet • Internet • Security Zones • Remote VPN • Wireless/Guest • Employee • VM Client • IP Devices Identity and Context Aware Infrastructure One Policy with Identity Services Engine (ISE) Securely Enables Your Business and BYOD with Policy-Based Access Control Leverage Network to Secure Access Your Critical Resources • Policy-Based Access Control • Enforcement through: VLANs, Access Control Lists, Secure Group Tags, MACSec Encryption Centralized Management of Secure Access Services and Scalable Enforcement • ISE enables centralized management and enforcement • Security Group Tags managed by user type, regardless of IP address or location BYOD - Comprehensive Contextual Awareness of the Who, What, Where, When, How with flexibility, monitor mode, and support for VDI • Guest Access • Profiling • Posture • WebAuth • MAC Auth Bypass
  • © 2014 Cisco and/or its affiliates. All rights reserved. 67 Summary • Trends impacting your network – BYOD – Mobility – Video • Critical Technologies to enable your network – High Availability – because the network is mission critical – Network Visibility and Control – Because one can‟t control what one can‟t see – Scale / Performance – Always need for more speed and scalability – Management – Need to do more with less resources. Work Smarter – Security – Provide secured access any where, any place, any time
  • © 2014 Cisco and/or its affiliates. All rights reserved. 68 Technologies Critical in Your Network • High Availability – because the network is mission critical • Network Visibility and Control – Because one can‟t control what one can‟t see • Scale / Performance – Always need for more speed and scalability • Management – Need to do more with less resources. Work Smarter • Security – Provide secured access any where, any place, any time
  • © 2014 Cisco and/or its affiliates. All rights reserved. 69 Industry LeadershipMarket Leadership Cisco Unified Access = Market Leadership • 20+ years of market share leadership • 400,000+ mobility customers • 1,000,000+ switch customers • Broadest mobility portfolio in the industry • Broadest switching portfolio in the industry • 95% Fortune 1000 have selected Cisco • 10+ years of Gartner MQ leadership • Leader in new Unified Access Gartner MQ • Ongoing IEEE, IETF, Wi-Fi Alliance leadership • Largest patent portfolio in the industry • Largest development team in the industry • FIPS, Common Criteria, PCI-certified
  • Local Edition