Reducing Cost with DNA Automation

Karl-Etienne St-Pierre & Nigel Gocan
Systems Engineer
Nov10, 2016
DNA Automation and Evolved Campus Networks

Cisco Vision, Strategy, & Digital Transformation
Digital Network Architecture – Overview and Components
DNA in Action – Programmable Hardware
Catalyst platforms
DNA in Action – Network Fabrics
Summary
Agenda

Transform our customers’ businesses
through powerful yet simple networks.
Why
How What
Cisco’s Vision
Cisco’s Enterprise Networking Vision
Overview

Why
do networks need to change?

*Cisco VNI Study 2012
of “things” are unconnected
99%
… but could be!
Traffic Growth
4X
Transition to Cloud*
Mobility
Wi-Fi 50%
of Traffic
(Video over Mobile Devices)*
The Network
MUST Change
to accommodate these trends
Intelligent
Device Growth
2.5/Person
BYOD
Programmable
Simple
Network Trends
Connecting the Previously Unconnected, Growth, and Change

Overview – Enterprise Networks Today
LOTS of Functionality …
BUT
LOTS of Complexity …
Can we make Enterprise Networks
simpler, with a similar – or greater –
level of functionality?

Source: 2016 Cisco Study
Policy Violations
Due to Human Error
Network Changes
Performed Manually
95%
OpEx spent on
Network Visibility and
Troubleshooting
Traditional Networking CANNOT Keep Pace with the Demands of Digital Business
…and Have multiple Operational Challenges
70% 75%

How
can we change the way
we do networking?
Intelligent
Programmable
Simple

Strategy
We create solutions built on
intelligent networks that
solve our customers'
challenges
Vision
Change the way the world
works, lives, plays, and learns
Cisco
Vision and Strategy

Unlock the Power that Exists
in the Network through
Abstraction, Automation,
and Policy Enforcement
Leverage the
Power of Existing
Distributed Systems
Enable Network Wide
Fidelity to an Expressed
Intent (Policy)
Cisco’s Enterprise Strategy
Overview

Country Digitization is Improving Citizen Lives
Increase The Country’s GDP, Reduce Spending and Create Jobs With A Cutting-edge Digital
Foundation
Employment &
Social Inclusion
Public Safety
& Security
Smart City Services
Environmental
Sustainability
Innovation Opportunities
GDP Growth
Peace Keeping
Cyber Security

Cisco Vision and Strategy
Digital Transformation
Digital Network Architecture – Overview and Components
DNA in Action – Programmable Hardware
Catalyst platforms
DNA in Action – Network Fabrics
Summary
Agenda

Insights &
Experiences
Drive Business
Innovations
Security &
Compliance
Real-time and Dynamic
Threat Defense
Automation
& Assurance
Speed, Simplicity
& Visibility
The Network Enables Digital Business
Network Requirements for the Digital Organization
Overview

Insights &
Experiences
Security &
Compliance
Automation
& Assurance
Drive Business
Innovations
Real-time and Dynamic
Threat Defense
Speed, Simplicity
& Visibility
• Visibility into Users behavior,
Applications, Network performance
• Customer has the elements
to make decisions faster
Abstraction layer
• Abstraction, Intent, Policy  Automation
• Verification of Desired Result  Assurance
Wi-Fi Core WAN Cloud
APIC EM
Using the Network as a Sensor for
security threats and then Enforce
Compliancy through Segmentation
Network Requirements for the Digital Organization
Overview
Intent Telemetry

Automation
Abstraction & Policy Control from
Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Insights &
Experiences
Automation
& Assurance
Security &
Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
Cisco Digital Network Architecture (DNA)
Overview

vBranch
IP
NFVIS
WAAS
IPS
vSwitch
vBranch
IP
NFVOS
WAAS
IPS
vSwitch
Network Interface (UNI)
PEP: Policy Enforcement Point
Virtualization
VPCEnterprise Fabric
Encryption
Encryption
Encryption
PEP
Public
Cloud
VPC
WAN Agg
Apps
Apps
WAAS
IPS
WAAS
IPS
UNI
AWS
VPC
Hosting and Hosted Network Functions

Advanced, Multi-Core,
Feature-Rich Routing Silicon
QFP
QuantumFlow Processor
Fully Programmable: leveraging
the many features of IOS-XE with hardware
performance
Scalable: Massive number of CPU cores
(40/64), abilityto cascade multiple QFPs =
consistent high performance
Advanced on-chip QoS: 100,000+
hardware-based queues, sophisticated traffic
shaping and control
Secure: linkage to high-performance crypto
capability for secure
WAN transport
Extensible Architecture:
ability to scale both up and down—the
foundation for a long-lived family of
high-performance, flexible routing silicon
UADP
Unified Access Data Plane
Flexible, Programmable,
High-Performance Switching Silicon
Fully Programmable:
excellent flexibility, ability to handle
new encaps (VXLAN, GPE, etc.) –
hardware speed, with software elasticity
Scalable: Massive recirculation bandwidth and
low recirculation latency provide excellent
tunneling and services support for traffic flows
Advanced on-chip QoS:
client–level granularity, sophisticated
bandwidth shaping, with integrated
on-chip NetFlow for visibility
Secure: integrated on-chip support
for MACsec encryption (AES-128, CBC)
Extensible Architecture:
ability to scale both up and down –
the foundation for a long-lived family of
high-performance, flexible switching silicon
Virtualization
“People that are really serious about software should build their own hardware”
100% Cisco-developed programmable silicon: unlocking the power of DNA at hardware speeds
Operational and Services Uniformity:
Routing, Switching,
and Wireless consistency
New Foundational Capabilities:
HA and operational leadership, state
decoupling, net database…
Speed of Innovation Velocity:
“Code once and Re-use Many” across
multiple places in the network
Foundation for Virtualization: providing
for network hosting and integration of
virtualized functions
(VNFs, containers)
Platform for the Future:
the “software stage” for the
next wave of Cisco innovation…
IOS-XE
The Evolution of IOS
Taking the Proven Strengths
of IOS to the Next Level
Building on a Strong Foundation
of Hardware and Software Innovation

• Express Business Intent
• Translate into device specific policy/configuration
• Leverage Abstraction (the controller knows about the device specifics)
• Automate the Deployment across the Network
• Insure Fidelity to the Expressed Intent (keep everything in sync)
User policy based on user identity
and user-to-group mapping
Employee
(managed asset)
Employee
(Registered BYOD)
Employee
(Unknown BYOD)
ENG VDI System
PERMIT
PERMIT
DENY
DENY
DENY
DENY
DENY
PERMIT
PERMIT
PERMIT
PERMIT
PERMIT
Production Servers Development Servers Internet Access
Protected Assets
Source
De-coupling of
User Identity and Topology
Much easier to translate business
objectives to network functionality—
Lowers TCO
Configuration
Controller-based AutomationToday
Traditional Traditional
Policy
Traditional
Policy Policy
Policy based Configuration—
Dynamic, able to be automated by the Controller
Over time—Policy grows, static shrinks
Automation
Controller-Led
Networking Deployment
Evolution to a Policy Model

Any given “custom”
configuration has a very high
probability of not being tested
exactly as deployed
“individually—as a one off…”
which introduces
potential issues…
Risk Bugs
Uncertainty Problems
Combinatorial Issues…
Trust
Automation
Controller-Led Networking Deployment
The automated configuration deployed by the controller will have gone through…
• Joint development by the Cisco Product Teams, the Architects developing
Best Practices, and the Controller Team – “Blessed Configurations”
• Testing by Cisco’s Solution, System, and Devtest teams
against the deployment use cases developed jointly, above
• And will be deployed by 1000’s, with any unforeseen situations
addressed ASAP due to widespread and standardized deployment
Greatly increased
probability of success
Controller-Led Networking
Bridging the Gap to Increased Success in Network Deployment and Use

Analytics
Instrumentation Telemetry Correlation
Measure and Adjust
Click here to Correct
Always Correct this way
(and never ask me again)
Applications
Automated Deployment
Network
Endpoints
Run Reports
Discover user insights
Deliver relevant content
APIC EM
Analytics
Network Data, Contextual Insights
Deploy, Report, Measure, Adjust, Repeat

Plug & Play
CMX
Business
Analysis
Branch TeleworkerCampus/HQ
Telemetry
Continuous Innovation
Cloud-based Audits
Cloud Connected
Simplicity | Speed
Branch
TeleworkerCampus/HQ
Hybrid Cloud
AWS | Rackspace| Azure|
Cisco Intercloud
CSR1000V
VPC / vDC
vASA
FTDv
StrataWatch
WAN
Cloud Delivered
Innovation | Insights
Cloud Edge
IaaS Scale | Flexibility
Branch TeleworkerCampus/HQ
Cloud-Enabled Networking
Overview

jafrazie$ ssh admin@172.27.230.76
admin@172.27.230.76's password:
cho# conf t
Enter configuration commands, one per line. End with CNTL/Z.
cho(config)#
Task
Oriented
Human
Friendly
Easy To
Replay
No
Special
Tools
Software
Unfriendly
Syntax/format
changes
No Common Data
Model
No Error Reporting
Configuration Management
Today

Other vendors…
RESTCONF NETCONF gRPC
Data Model
Configuration
Standard
Device
Specific
Device Features
Interface BGP QoS ACL …
Operational
Standard
Device
Specific
Open Device Programmability
Physical and Virtual Network Infrastructure
AutomateSet Get
Open Device Programmability
Overview

Devops
Orchestration
Automation
tcollector
Monitoring/
Analytics
Embracing Tools

Traditionally the pipeline is
FIXED
ASIC Processing Pipeline

Modify processing behavior
without incurring re-spin
ASIC Programmable Pipeline
BRKCRS-2700 35© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

MPLS
VXLAN
LISP
TRILL*
SPB*
and more…
Possible Future UADP Use Cases
* Not Committed
BRKCRS-2700 36

The Solution – Cisco Multigigabit Technology
Powered by NBASE-T
Delivers up to 5X Speeds in Enterprise without replacing Cabling Infrastructure
2.5-5G!
Cat 5e Cables
WiFi > 1G
Multigigabit
Switch
Multigigabit
Capable AP
Is a game-changing technology
allowing enterprise networks to
evolve beyond 1G
Enables 2.5 and 5 Gbps up to
100m on legacy cables
Supports all PoE standards
up to 60W
Cisco Multigigabit with

10G SFP+1G SFP
1/10G 1RU Aggregation
Catalyst 4500-X
• Fixed 10G Aggregation
• 16p & 32p Base Units
• 8 port 10G Network
Module
• Front-to-Back and
Back-to-Front Fans
and Power Supplies
1G 1RU Aggregation
Catalyst 3850
1G Fiber
• Stackable
• 12p and 24p SKU
• 10G Network Module
Catalyst 6880-X
• Fixed Supervisor
with 16 10G ports
• Up to 4 x 16 port 10G
Network Modules for
80 10G ports
• Best-in-Class Core
Feature-set
• BGP, MPLS, VSS,
Instant Access
1/10G 1RU Aggregation
Catalyst 3850
10G Fiber
• 12p, 24p & 48p SKU
• Stackable (12p/24p)
• 10G & 40G Network
Module
1/10G 5RU Core
Catalyst 6840-X
• Fixed 10G Core & Agg
• 16p & 32p 10G SKU
• 24p & 40p 10/40G SKU
• Front-to-Back Fans
and Power Supplies
• Best-in-Class Core
Feature-set
• BGP, MPLS, VSS,
Instant Access
1/10G 2RU Core & Agg.
Catalyst Fixed Backbone PortfolioScale/Features
NEW

Catalyst 3850 10G SFP+ Switches
WS-C3850-24XS
WS-C3850-12XS
WS-C3850-48XS

Cisco Stackwise Virtual
L2/L3Dist-1 Dist-2VSLSW-1 SW-2
Phase 1 - Aggregation
 Unified Control and
Management plane
 Simplified L2/L3
network designs
 Inherits all proven VSS
architectural benefits
 High-performance 10G
Aggregation block
 Non-oversubscribe :
o 96 x 10G Ports
o 8 x 40G Ports
 Fully Distributed
Forwarding
 Non-stop business
communication with
Cisco NSF/SSO
 Proven 1+1 HA
architecture
 Next-gen In-service
Software upgrade ready
 Etherchannel – up to 4p
(8p future)
 Flexible design on all
next-gen UADP based
systems
 Elastic topology
design – Hub/spoke,
Ring, Chain
 Simplification across
multiple network
layers
 Based on next-gen OS
– IOS XE Denali
 Rich IOS feature sets –
L2/L3, Routing,
Multicast, QoS, etc.
ACTIVE HOT-STANDBY
SW-1
WS-C3850-48XS | 96 x 10 Gigabit Ethernet | 8 x 40 Gigabit Ethernet
Simple Scale Resilient Flexible Advance
Distributed stacking will support 16.1 feature parity during FCS. Please check release notes for compete details.

Use best-practices, policy-
based provisioning across the
network
Look at the entire wired,
wireless and WAN network
that is managed as a single
entity
Quickly enable services by
using open APIs across a
services ecosystem
Fabric Key Benefits
Ensure Policy Compliance
Find Any User or Device
with a Network Search
Launch Secure
Services Faster
Secure, Policy-based
Segmentation &
Automation
Complete Network
Control & Assurance
Fast Easy Service
Enablement
Assure performance of
mission-critical applications

A Fabric is an Overlay
An “Overlay” is a logical topology used to virtually connect devices, built
on top of an arbitrary physical “Underlay” topology.
An “Overlay” network often uses alternate forwarding attributes to provide
additional services, not provided by the “Underlay”.
• GRE or mGRE
• MPLS or VPLS
• IPSec or DMVPN
• CAPWAP
• LISP
• OTV
• DFA
• ACI
Examples of Network Overlays
What Exactly is a Fabric?
BRKCRS-2700 46

Controller-based Management
Fabric Orchestration and Visibility
Single User Interface for Fabric Management
Cisco Fabric Vision
Underlay, Overlay, and Controller
APIC-
EM
Programmable Overlay
Connects Users and Devices to each
other, w/ policy control
Standards-based control plane (LISP)
Standards-based data plane (VXLAN)
Prescriptive Underlay
Connects the network elements to each other
Automated, standardized deployment and operation
Leverages existing network topologies
(not restricted to spine/leaf)
Cisco Internal Use Only – Do Not Distribute Externally without NDA

Summary
Benefits of Fabric Deployment in Networks
Collabora on Security
Endpoints
APIC
EM
Branch
Business
Agility
Automated
Enterprise
Consistent
Policy
Investment
Protec on
Integrated
Mobility
Analy cs
48

Automation
Abstraction & Policy Control from
Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Analytics
Network Data,
Contextual Insights
Network-enabled Applications
Cloud-enabled | Software-delivered
New!
Enterprise NFV
Branch Service Virtualization
Controlled Availability, March 2016
New!
New!
Available on DNA-Ready Infrastructure through Cisco ONE Software
APIC-EM Automation Platform
Completely New Platform
Available Now
Base Automation: Plug and Play
Available Now
Cloud version Controlled Availability, May 2016
Policy Services: IWAN App & EasyQoS
Available Now | March 2016, respectively
CMX Cloud
Presence Analytics and Connect
Available Now in US, April 2016 for ROW
Available Now / Soon – Cisco DNA Innovations

Base
Automation
Immediate value to
existing network
Policy
Services
Active control for critical
use cases: Network,
Collaboration
Advanced
Security
Network as a Sensor
and Enforcer
Complete
Software Control
End-to-end policy-
based automation
Digital
Services
Support lines of business:
analytics, IoT
Cisco ONE Foundation Cisco ONE Adv. Applications Cisco ONE ELA
Cisco DNA –
The Journey Starts Now

Reducing Cost with DNA Automation

Reducing Cost with DNA Automation

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (17)

Similar to Reducing Cost with DNA Automation

Similar to Reducing Cost with DNA Automation (20)

More from Cisco Canada

More from Cisco Canada (20)

Recently uploaded

Recently uploaded (20)

Reducing Cost with DNA Automation