Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based networking

696 views

Published on

Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based networking

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based networking

  1. 1. Cisco Connect Toronto Canada • 18 October 2018 Global vision. Local knowledge.
  2. 2. DNA Automation The Evolution to Intent-Based Networking Don Orlik Product Specialist – Digital Network Architecture
  3. 3. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Connect delivers education and inspiration to technology innovators worldwide. • Why an Intent Based solution • Traditional Management vs. Intent Based Networking • What is DNA Center • DNA Center Automation: Using DNA Center for Base Network Automation • DNA Center Automation: Using DNA Center for Application Policy • Key Takeaways AGENDA Lecture & Demo & Comparisons with Prime
  4. 4. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why an Intent Based Solution ?
  5. 5. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The Cost of Doing Business in the Digital World Why are companies spending so much? *McKinsey study conducted for Cisco in 2016 95% 70% 75% OpEx Spent on Network Changes & Troubleshooting Policy Violations Due to Human Error Network Changes Performed Manually $60B Spent on Network Operations Labor and Tools
  6. 6. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential IT Operations Evolution to Intent-based networking IT Ops Maturity Automated segmentation, security and application experience based on policy SD-Access and SD-WAN Simplify troubleshooting and detect malware events in encrypted flows Assurance and Threat Detection Zero touch provisioning, automated software image management Base Automation Manual network configuration and troubleshooting Manual Operations
  7. 7. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Traditional Management vs. Intent Based Networking
  8. 8. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What do we mean by Intent Based Networking? Conventional Model The What “QoS Policy for Branches A-N” The How “Change QoS config in the following elements” Admin Driven System Driven Intent Based Policy Deployment The What “QoS Policy for Branches A-N” The How “Change QoS Config in the following flements” Admin Driven Manual Policy Deployment
  9. 9. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Unlock the Power that Exists in the Network through Abstraction, Automation, and Policy Enforcement Leverage the Power of Existing Distributed Systems The Network you have already built 9 Cisco’s Enterprise IBN Strategy Policy and Intent to Unlock the Power of your Network Enable Network Wide Fidelity to an Expressed Intent (Policy) through Analytics & Assurance
  10. 10. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Feature Configuration vs. Intent Based Networking FEATURE CONFIGURATION
  11. 11. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Feature Configuration vs. Intent Based Networking INTENT BASED NETWORKING
  12. 12. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Deployment Time Savings Policy 6 complex steps reduced to 2 simple clicks Now 5 minutes Before 4 hours Design 12 find and define tasks now auto- discover and import Now 15 minutes Before 2 hours Provision 8 manual configuration steps reduced to select and drop Now 5 minutes Before 5 hours Savings Workflow time per device: Now 25 minutes Before 11 hours
  13. 13. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What is DNA Center?
  14. 14. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DNA Center: Design, Policy, Provision, Assurance A better way to manage your network DNA Center: Design, provision, automate policy and assure services from one place Logical workflow to design, provision, set policy Respond to changes faster Monitor end-to-end network performance Predict and act on problems before they happen Pinpoint problems faster Reduce downtime with an end-to-end view instead of hop by hop Manage hardware and software lifecycles Keep up to date, meet compliance and plan for refresh DN1-HW-APL Current version 1.2.5
  15. 15. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Decouple Policy from Network Topology Industry Best-Practices and Policy Compliance Proactive Issue Identification and Resolution Business Intent driven Network Changes Simplify Day 0 to Day N Changes Monitoring and Troubleshooting Fabric Network Automation Assurance Introducing DNA Center Policy-Based Network Covered in this session
  16. 16. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Decouple Policy from Network Topology Industry Best-Practices and Policy Compliance Proactive Issue Identification and Resolution Business Intent driven Network Changes Simplify Day 0 to Day N Changes Monitoring and Troubleshooting Fabric Network Automation Assurance Introducing DNA Center Policy-Based Network Covered in the afternoon session
  17. 17. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DNA Center Automation: Using DNA Center for Base Network Automation
  18. 18. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Automation Use Cases covered in this session Use Case #4- Wireless Deployment Use Case #2- Software and Image Management Use Case #3- Customized Templates Use Case #5- Application Policy Use Case #1- New device onboarding SITE
  19. 19. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Preparing DNA Center
  20. 20. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Step 1 – Define your network hierarchy
  21. 21. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Step 2 – Define Network Settings and Device Credentials
  22. 22. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Step 3 – Discover existing network
  23. 23. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Step 4 – Check Inventory
  24. 24. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Step 5 (Optional) - Check Topology
  25. 25. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #1 - Network Plug and Play
  26. 26. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Direct Costs • Pre-staging & Shipping costs • Travel costs Complexity • Configuration errors • Different products, IOS Releases Security • 3rd party not secure • Rogue devices Time/Productivity • Manual process • Shipping , Storage, Travel TechnicianStaging Site Manual Installer Deploy device on site Order Equipment Deploy device on site DNA-C Automation With Plug & Play Order Equipment • Drop Ship devices • Centralized device discovery (DHCP, DNS, Cloud) • Non-technical installer at site • Template based configurations • Secure SUDI Authentication ~50% Day 0 OPEX Savings* Network Plug and Play: New Device Onboarding
  27. 27. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Use Case Example Device Deployment in Campus DHCP Server Network Admin Pre- Provisions DNAC Day 0 IP Address 10.11.11.11 DNAC (PnP Server)
  28. 28. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public DNAC (PnP Server) Use Case Example Device Deployment in Campus DHCP Server Switch running PnP Agent <..snip..> CISCO_PNP.pnpserver "5A;B2;K4;I10.11.11.11;J80"; <..snip..> Device validates server’s location and establishes a communication with the server Installer Remote Installer • Mount and cable devices • Power-on Day 1 Network Admin remotely monitors status of install while in progress. Day 1 IP Address 10.11.11.11 Cisco IOS® Config file….
  29. 29. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential PnP Server Discovery Options Redirect ManualAutomated DHCP with options 60 and 43 PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server DNS lookup pnpserver.localdomain resolves to DNA-C IP Address Cloud re-direction https://devicehelper.cisco.com/device-helper Cisco hosted cloud, re-directs to on-prem DNA-C IP Address USB-based bootstrapping router-confg/router.cfg/ciscortr.cfg Manual - using the Cisco® Installer App* iPhone, iPad, Android Routers (ASR, ISR) Switches (Catalyst®) Wireless Access Points 1 2 3 4 5 * DNA-C Support in Roadmap Manual discovery not supported for Access Points
  30. 30. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential CCW order ControllerIP Corporate HQ Cisco® supply chain Installer Device SN Customer Smart Account added as part of ordering Device SN added into customer Smart Account SN per Smart Account available in PnP Connect DNA Center registers its identity with PnP Connect DNA Center downloads SN from PnP Connect Profile mapped to site 1 2 Customer Smart Account 3 Device SN PnP Connect Cloud-based device discovery Instructto contacton-prem ises controller PresentSN Device SN 5 4 6 Label SSL SSL 7 Admin DNA Center Deploy image and configuration Device provisioned upon discovery and association to site 8 SSL Day-0 deployment using PnP Connect
  31. 31. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #1 - Network Plug and Play Demo
  32. 32. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #2 - SWIM
  33. 33. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case: • Ensure Consistency of Software for all network devices (by platform type) • React to PSIRT and bugs fast • Deploy software with confidence Use Case #2: Managing Software Lifecycle Benefits: • Golden Image based workflows drive software consistency • Pre/Post check ensures that software updates do not have adverse effects on the network • Patching provides small updates to react quickly to security fixes
  34. 34. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential But wait! Doesn’t PI have Image Management? Select Golden Image Identify devices to upgrade Create a Change Request Approval of CR Pre-Check validations Distribute Image Activate Image Post Upgrade Validation Close CR Plan a Image Upgrade Steps to Update Software Image Update Select Golden Image Identify devices to upgrade Create a Change Request Approval of CR Pre-Check validations Distribute Image Activate Image Post Upgrade Validation Close CR Plan a Image Upgrade Traditional NMS Software Image Update Select Golden Image Identify devices to upgrade Create a Change Request Approval of CR Pre-Check validations Distribute Image Activate Image Post Upgrade Validation Close CR Plan a Image Upgrade DNA Center Software Image Update Indicates ITSM Process Steps How to interpret the colors Actions outside of NMS, mostly manual Steps covered in NMS Tool Steps covered in DNA-C
  35. 35. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #2 - SWIM Demo
  36. 36. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Software Upgrade Workflow: Recommended Images Recommended Images: • DNA Center can display the Cisco-recommended software images for the devices that it manages (by device type). • Cisco Credentials are required • If the recommended Golden Image is selected as Golden, DNA Center automatically uploads from cisco.com.
  37. 37. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential SMU (Software Maintenance Update) Each device update causes network outage Business Loss & Downtime Reduced IT Staff Slows down software rollouts New Code Requires bug analysis, certification Copy Images to site over slow VPN tunnels Time Consuming Why SMU ? What is SMU ? § Point Fixes for the IOS-XE images (16.x onwards) § Provides the ability to just update what is needed
  38. 38. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential SMUs in DNA Center Step 1: Upload SMU Step 2: SMU is automatically associated with corresponding image Step 3: Mark SMU as Golden
  39. 39. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #3 - Template Editor
  40. 40. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Use Case #3: Customized Configurations Create the Template
  41. 41. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Template Editor Device Type and Software Type selected from a drop down menu• Minimum software version applicable for this template • These are check during provisioning, if there’s a mismatch, provision skips the template
  42. 42. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Template Editor Checks: • Velocity syntax error • Conflicts with blacklisted commands Commit: • Once committed, it becomes read- only version • Commit version is essentially template version control • Only latest commit version can be used for provisioning Content in template uses Velocity TemplateLanguage (VTL). For more information about using VTL: http://velocity.apache.org/engine/devel/vtl-reference.html .
  43. 43. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Customized Network Settings Update How to deploy the template to the devices Template is associated to Network Profile Network Profile assigned to a site PROFILE DESIGN PROVISION SITE DEVICE TEMPLATE DESIGN
  44. 44. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #3 - Template Editor Demo
  45. 45. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #4 - Wireless Deployment
  46. 46. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #4: Wireless Deployment Made Simple SSID RF Profiles Dynamic Interfaces Flex/Centralized PROFILE DESIGN PROVISION SITE WLC & AP SSID DESIGN SSIDs and RF Parameters that represent wireless network Devices ready to deploy
  47. 47. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Advanced RF support Ability to create custom RF profiles with support for: • Data Rates • Dynamic Channel Assignment (DCA) • Tx Power configuration (TPC) • RxSOP • Radio Enable/Disable Now create and edit RF profiles for the wireless network
  48. 48. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential New in DNA Center 1.2 Brownfield Support Phase 1 – In Product Beta Learn Analyze Populate DNAC Designs • Learn from WLC and populate DNAC Designs automatically • Provision new WLC’s using the learnt DNAC Designs
  49. 49. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public New in DNA Center 1.2 Brownfield Support Phase 1 – In Product Beta Learn from WLC and populate DNAC Designs automatically • Network Settings such as AAA, Syslog, DHCP,DNS etc • Wireless Settings such as SSID’s, RF Profiles, Dynamic Interfaces
  50. 50. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #4 - Wireless Deployment Demo
  51. 51. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #5 – Application Policy Automation
  52. 52. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco ONE FoundationApplication Policy Simplifying Deployment of QoS Enterprise Wide Implements QoS in Minutes Enhance Collaboration Experience 300% 50% Reduction in voice jitter Video quality improves Select from Predefined Policies Optimized for Any Infrastructure Select from Predefined Policies Automated Deployment of QoS config Optimized for Any Infrastructure Enhance Application Experience
  53. 53. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Application Policy Wireless AP Trust Boundary PEP 4Q (WMM) Catalyst 3650 Trust Boundary PEP 2P6Q3T Catalyst 4500 1P7Q1T Catalyst 6500 1P3Q4T 1P7Q4T 2P6Q4T … Nexus 7700 F3: 1P7Q1T WLC PEP ASR/ISRs MQC Catalyst 2960-X Trust Boundary PEP 1P3Q3T Wireless AP Trust Boundary PEP 4Q (WMM) Applications can interact with DNA Center via Northbound APIs, informing the network of application- specific and dynamic QoS requirements Southbound APIs translate business-intent to platform- specific configurations Network Operators express high-level business-intent to DNA Center Application Policy DNA Center AnalyticsPolicy Automation
  54. 54. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Application Policy in DNAC will seamlessly interconnect all types of hardware and software queuing models to achieve consistent and compatible end-to-end treatments aligned with the expressed business-intent Catalyst 9300 Application Policy: Deploy End-to-End DSCP Based Queueing Policies DNA Center AnalyticsPolicy Automation
  55. 55. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Solicit Application Business-Relevance Relevant IrrelevantDefault • These applications directly supports business objectives • Applications should be classified and marked according to RFC 4594-based rules • These applications may/may not support business objectives • E.g. HTTP/HTTPS • Alternatively, administrator may not know the application (or how its being used in the org) • Applications in this class should be marked DF and provisioned with a default best-effort service (RFC 2474) • These applications are known and do not directly support any business objectives; this class includes all personal/consumer applications • Applications in this class should be marked CS1 and provisioned with a “less-than-best-effort” service , per (RFC 3662)
  56. 56. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public What Do We Do Under-the-Hood? Apply RFC 4594-based Marking / Queuing / Dropping Treatments Application Class Per-Hop Behavior Queuing & Dropping Application Examples VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729) Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs) Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE Signaling CS3 BW Queue SCCP, SIP, H.323 Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution Default Forwarding DF Default Queue + RED Default Class Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox LiveIrrelevant Default Relevant
  57. 57. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Policy Workflow Based on Business Relevance for the applications
  58. 58. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Policy Workflow Deploy Policy based on Site
  59. 59. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential But wait! Doesn’t PI have QoS Templates? Manually select interfaces in each device
  60. 60. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential But wait! Doesn’t PI have QoS Templates? For each interface and direction decide whether or not you want to do QoS Classification & Marking Set Classification and Queuing Profiles
  61. 61. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Prime Templates provide complete exposure and manipulation of low level QoS configuration
  62. 62. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Policy Workflow Under the Hood - Classification class-map match-all VOICE match protocol attribute traffic-class voip-telephony match protocol attribute business-relevance business-relevant class-map match-all BROADCAST-VIDEO match protocol attribute traffic-class broadcast-video match protocol attribute business-relevance business-relevant class-map match-all REAL-TIME-INTERACTIVE match protocol attribute traffic-class real-time-interactive match protocol attribute business-relevance business-relevant class-map match-all MULTIMEDIA-CONFERENCING match protocol attribute traffic-class multimedia-conferencing match protocol attribute business-relevance business-relevant class-map match-all MULTIMEDIA-STREAMING match protocol attribute traffic-class multimedia-streaming match protocol attribute business-relevance business-relevant class-map match-all SIGNALING match protocol attribute traffic-class signaling match protocol attribute business-relevance business-relevant class-map match-all NETWORK-CONTROL match protocol attribute traffic-class network-control match protocol attribute business-relevance business-relevant class-map match-all NETWORK-MANAGEMENT match protocol attribute traffic-class ops-admin-mgmt match protocol attribute business-relevance business-relevant class-map match-all TRANSACTIONAL-DATA match protocol attribute traffic-class transactional-data match protocol attribute business-relevance business-relevant class-map match-all BULK-DATA match protocol attribute traffic-class bulk-data match protocol attribute business-relevance business-relevant class-map match-all SCAVENGER match protocol attribute business-relevance business-irrelevant policy-map MARKING class VOICE set dscp ef class BROADCAST-VIDEO set dscp cs5 class REAL-TIME-INTERACTIVE set dscp cs4 class MULTIMEDIA-CONFERENCING set dscp af41 class MULTIMEDIA-STREAMING set dscp af31 class SIGNALING set dscp cs3 class NETWORK-CONTROL set dscp cs6 class NETWORK-MANAGEMENT set dscp cs2 class TRANSACTIONAL-DATA set dscp af21 class BULK-DATA set dscp af11 class SCAVENGER set dscp cs1 class class-default set dscp default
  63. 63. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Policy Workflow Under the Hood - Classification Cisco Protocol Pack Library: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html Protocol Pack 28: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp2800/nbar-prot-pack2800.html <protocol> <attributes> <application-group>other</application-group> <business-relevance>business-relevant</business-relevance> <category>business-and-productivity-tools</category> <encrypted>false</encrypted> <p2p-technology>false</p2p-technology> <sub-category>desktop-virtualization</sub-category> <traffic-class>multimedia-streaming</traffic-class> <tunnel>false</tunnel> </attributes> <common-name>Citrix Static</common-name> <enabled>true</enabled> <engine-id>3</engine-id> <global-id>L4:1604</global-id> <help-string>Citrix Static</help-string> <id>1433</id> <ip-version> <ipv4>true</ipv4> <ipv6>true</ipv6> </ip-version> <long-description>Citrix is an application that mediates users remotely to their corporate applications. ICre is a designated protocol for application server system; it is used for transferring data between clients and servers… <name>citrix-static</name> <ports> <tcp>1494,1604,2512,2513,2598</tcp> <udp>1604,2512,2513</udp> </ports> <indicative-ports> <tcp>1494,1604,2512,2513,2598</tcp> <udp>1604,2512,2513</udp> </indicative-ports> <references>http://www.citrix.com/site/resources/dynamic/additional/ICA_Acceleration_0709a.pdf</references> <commonly-used>7</commonly-used> <selector-id>1604</selector-id> <underlying-protocols>tcp,udp</underlying-protocols> </protocol> remark citrix-static permit tcp any any eq 1494 permit tcp any any eq 1604 permit tcp any any range 2512 2513 permit tcp any any eq 2598 - Citrix Static ip access-list extended CONTROLLER-MULTIMEDIA-STREAMING-ACL … permit udp any any eq 1604 permit udp any any range 2512 2513
  64. 64. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Policy Workflow Under the Hood - Classification Cisco Protocol Pack Library: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html Protocol Pack 28: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp2800/nbar-prot-pack2800.html ip access-list extended prm-APIC_QOS_IN#MM_STREAM__acl remark citrix - Citrix permit tcp any any eq 1494 permit udp any any eq 1494 permit tcp any any eq 2598 permit udp any any eq 2598 remark citrix-static - Citrix-Static permit tcp any any eq 1604 permit udp any any eq 1604 permit tcp any any range 2512 2513 permit udp any any range 2512 2513 </snip> exit Application ACLs ! ip access-list extended prm-APIC_QOS_IN#VOICE__acl permit ip host 10.4.81.21 any DSCP ef ! ip access-list extended prm-APIC_QOS_IN#MM-CONF__acl permit ip host 10.4.81.21 any DSCP af41 ! Static Endpoint ACL for Cisco Phone
  65. 65. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Use Case #5 - Application Policy Demo
  66. 66. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Key Takeaways
  67. 67. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Key Takeaways It’s all about efficiency and speed Intent Driven Networking accomplishes drastic simplification Assurance must be outcomes driven and not problem based Network Automation is required Reduce Cost and Remove manual Errors Profile Based Deployment simplifies Day 0 Deployment and Day 2 Change Management

×