16.1 release

per@cisco.com

Technical Capabilities

Distributed

Database

Maximizes Scale,

Separation of state

Information from process

Object/Eve

nt Tracing

Easier Troubleshooting &

Debugging

Application

Platform

Deploy Containers, Run

on X86,

Developer/Operator

Views

Selective

Sensors

Pervasive Security

Across the Network

Control &

Data Plane

Separation

Enables Scale & Best of

Breed Deployment

Polaris Architecture

Object/Event Tracing

Conditional

Debugging based on

IP or MAC generates

a UUID

Filtering Logs with

UUID reveals only

relevant debug

messages

Polaris#debug platform condition ?both Simultaneous ingress and egress debugegress Egress only debugfeature For a specific featureingress Ingress only debuginterface Set interface for conditional debugipv4 Debug IPv4 conditionsipv6 Debug IPv6 conditionsmac Debug MAC conditionsmpls Debug MPLS conditionsstart Start conditional debugstop Stop conditional debug

Polaris#debug platform condition

Application PlatformConfiguration

Management

Network

Monitoring

Network

Analytics

Kernel Support for Multiple Containers

exist in Polaris Phase-I

Depending on the Platform Capabilities,

Apps can run in Containers

netconf/restconf/yang/rest-api Interfaces

Life Cycle ManagementIOSIOS

OS/LinuxOS/Linux

IOSIOS

NW DevicesNW Devices

OS/LinuxOS/Linux

NW DevicesNW Devices

ContainerContainer

Cisco Signed apps “Open Packages”

Cisco + 3rd-party packages

AVC will be available

for

Wired & Wireless

Different Levels

of Application

Recognition

Application Recognition Techniques

Pre Defined Apps

on

DNS-AS Server

Jabber, Lync,

Cisco Telepresence, etc.

DNS-AS &

Server

Based

Signaling

1500 Apps – initial

few packets

NBAR2 with

Socket

Caching

(Performance

Optimized)

Full NBAR2

with

DPI

1500 Apps

Leveraging the

work from Routing

Platforms

Mostly on Routers,

Deep Packet

Inspection

12

• DNS is pervasively used - why not have those servers provide App Metadata?

• Use the TXT record of DNS servers for police metadata and then let router or switches snoop client DNS request and request an Authoritative Answer from the DNS server

Using DNS as an Authoritative Source (DNS-AS)

BR

DNS Server

AVC Framework & CLI

AVC Technique can vary

from platform to platform,

depending on the system

capabilities. However,

Framework and CLI

remains the same

What do we have in Polaris Phase 1 (16.1)?

Sub Package Upgrade

for WCM

WebUI

Day0, Day1Faster Device Onboarding

Radioactive Tracing for

Wired & WirelessSmart Licensing

Targeted for 16.2

MACSEC

CISP/NEAT

SGT over FNF

Feature Parity with 3.7*

Targeted for 16.3

CTS Dot1X

Critical Auth

Deprectated

Medianet

Flexlink

Traces

Path

Quickly

Administrator Cisco SupportLicense Service

Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.