Cisco Catalyst 3850 and 3650 Switchingd2zmdbbm9feqrf.cloudfront.net/2017/usa/pdf/BRKARC-3438.pdf ·...

Cisco Catalyst 3850 and 3650 Switching Architecture

Ravi Jadhav – Technical Marketing Engineer

BRKARC-3438

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Spark

Questions? Use Cisco Spark to chat with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKARC-3438Cisco Spark spaces will be available until July 3, 2017.


Is Your Network Ready for Digitization of Tomorrow?

Does the platform

support new PoE

devices efficiently?

Does the platform

make it easy to

provision

and scale?

Does the platform

support enough

Programmability?

Does the platform

ensure secure

network access?

Does the platform let you

adapt to new connectivity

requirements?

IP CameraPrinter IP PhoneLED LightsIP Display/DMS PC/LaptopAP

Enterprise Trends Driving Digital Transformation

SecurityIoTMobility Programmability

Fabric Enabled Wireless

MultigigabitCoAP / IoT Device profiling

SD Bonjour

Perpetual PoE

AVB

256bit MacSec

Trustworthy Systems

Group based policy

Full Netflow

DevOps Toolkit

Netconf

Yang Models

Streaming telemetry


“The goal of this session is to give you an in depth view of the platform so you can

understand its strength as well as its limitations …”

BRKARC-3438 6

• Introduction & Overview

• Platform Architecture, ASIC & Packet Walks

• High Availability – Data and Power Stacks

• Scale – TCAM , Queues, Scale, ACLs…

• Software

• Wrap-up

Agenda

Introduction to Catalyst 3K Family


Jan

2013

Oct

2013May

2014Jan

2015

Built on Cisco’s Innovative “UADP” ASIC

Catalyst 3850Stackwise-480,

Stackpower

Data/PoE/PoE+/UPoE

FRU Uplinks

Catalyst 3650Stackwise-160,

-

Data/PoE/PoE+/

Fixed Uplinks

Catalyst 3850 SFPStackwise-480,

Stackpower

12 and 24 Port Versions

FRU Uplinks

Catalyst 3850 mGigStackwise-480,

Stackpower

24 and 48 Port Versions

Stacks with any Catalyst 3850

The Catalyst 3K Family

Jun/Aug

2015

Catalyst 3850 SFP+Stackwise-480,

Stackpower

12, 24 and 48 Port Versions

Enabling 10G Aggregation

Jan

2016

Catalyst 3650 MiniStackwise-160,

Data/PoE/PoE+/

Fixed Uplinks

Stacks with any 3650

Catalyst 3650

MgigStackwise-160,

Data/PoE/PoE+/UPOE

Fixed Uplinks

Stacks with any 3650

Oct 2016

BRKARC-3438 9


One Switch – Multiple Deployment scenarios

1 Gigiagbit

Catalyst 3850 Copper

Copper SKUs Data and PoE/UPoE Switches

480G Stacking Capacity


Copper SKUs Data and PoE/UPoE Switches

160G Stacking Capacity

Catalyst 3850 Fiber SFP

Fiber SKUs SFP Versions

Catalyst 3850 Fiber SFP+

Fiber SKUs SFP+ Versions

Enterprise Class Access Layer Smaller Core & Aggregation Option

MultiGigabit

1 Gigabit

48 Port SFP+ Version

No Stackwise 480

Based on a Common ASIC and Software

Mini – Shallow Depth

MultiGigabit

SFP

SFP+

BRKARC-3438 10

Catalyst 3850/3650 -Components


Uplink Module Options on Catalyst 3850

C3850-NM-4-1G

4x1Gig

SFP

C3850-NM-2-10G

2x1Gig+2x10Gig

SFP/SFP+

C3850-NM-4-10G

4x10Gig

SFP/SFP+

C3850-NM-8-10G

8x10Gig

SFP/SFP+

C3850-NM-2-40G

2x40Gig

QSFP

For MultiGigabit and SFP+ Versions only

Flexibility & Investment Protection

BRKARC-3438 12


Fixed Uplink Options on Catalyst 3650

C3850-NM-4-1G

4x1Gig

SFP

C3850-NM-2-10G

2x1Gig+2x10Gig

SFP/SFP+

C3850-NM-4-10G

4x10Gig

SFP/SFP+

C3850-NM-8-10G

8x10Gig

SFP/SFP+

C3850-NM-2-40G

2x40Gig

QSFP

Make Uplink Decision at the time of Purchase

For MultiGigabit Versions only

BRKARC-3438 13


Uplink options on Different Models3850 Models Uplink Module Options 3650 Models Fixed Uplink Options

1Gig Copper SKUs WS-C3850-24T C3850-NM-4-1G, C3850-NM-2-10G WS-C3650-24T 4x1G , 2x1G+2x10G

WS-C3850-24P C3850-NM-4-1G, C3850-NM-2-10G WS-C3650-24P 4x1G , 2x1G+2x10G

WS-C3850-24U C3850-NM-4-1G, C3850-NM-2-10G - -

WS-C3850-48T C3850-NM-4-1G, C3850-NM-2-10G, C3850-NM-4-10G WS-C3650-48T 4x1G , 2x1G+2x10G, 4x10G

WS-C3850-48P C3850-NM-4-1G, C3850-NM-2-10G, C3850-NM-4-10G WS-C3650-48P 4x1G , 2x1G+2x10G, 4x10G

WS-C3850-48F C3850-NM-4-1G, C3850-NM-2-10G, C3850-NM-4-10G WS-C3650-48F 4x1G , 2x1G+2x10G, 4x10G

WS-C3850-48U C3850-NM-4-1G, C3850-NM-2-10G, C3850-NM-4-10G - -

mGig Copper SKUs WS-C3850-24XU C3850-NM-4-10G, C3850-NM-8-10G, C3850-NM-2-40G 24 Port 2x10G

WS-C3850-12X48U C3850-NM-4-10G, C3850-NM-8-10G, C3850-NM-2-40G 48 Port 4x10G, 8x10G, 2x40G

1G SFP SKUs WS-C3850-12S C3850-NM-4-1G, C3850-NM-2-10G - -

WS-C3850-24S C3850-NM-4-1G, C3850-NM-2-10G - -

10G SFP+ SKUs WS-C3850-12XS C3850-NM-2-10G, C3850-NM-4-10G - -

WS-C3850-24XS C3850-NM-4-10G, C3850-NM-8-10G, C3850-NM-2-40G - -

WS-C3850-48XS Fixed 4x40G - -

For YourReference

BRKARC-3438 14


Power SuppliesCatalyst 3850/ Multigigabit 3650 Catalyst 3650

350WAC 440WDC 715WAC 1100WAC 640WDC 1025WAC 250WAC 640WAC

Same as 3750-X—Interchangeable New PIDs

Wider Than 3850/3750-X PSsDifferent Watts Capacity

715WAC 1100WAC

MultiGigabit SKUs Same PS as 3850s

BRKARC-3438 15


Catalyst 3650 Mini – Fixed PS

48 Port 24 Port

Power Supply 975W 640W

Available PoE budget 775W 390W

PoE All 48 ports All 24 ports

PoE+ 24 ports 12 ports

RPS Support for PS

Redundancy

BRKARC-3438 16


48 Port SFP+ Version – 750 WAC PS 4x40G Fixed Uplinks

Line Rate – 640G Switching Capacity

Dual 750 WAC PS

BRKARC-3438 17


Stack–Cables and Components

Catalyst 3850 Catalyst 3650

3 lengths of cable, 0.5 1 and 3 Meters 1 ring in 3650 vs 3 rings in 3850

BRKARC-3438 18


Features /

Scale

Catalyst 3850

Catalyst3850 SFP

Catalyst 3850

MultiGigabit

Catalyst 3850SFP+ (12,24

Ports)

Catalyst 3850SFP+ (48Port)

Catalyst 3650

Catalyst 3650Mini

Catalyst 3650MultiGigabit

ASIC UADP 1.0 UADP 1.0 UADP 1.1 UADP 1.1 UADP 1.1 UADP 1.0 UADP 1.1 UADP 1.1

Stacking BW 480G / 9 480G / 9 480G / 9* 480G / 9* NA 160G / 9 160G / 9* 160G / 9*

StackpowerStackpower,

XPSStackpower,

XPSStackpower,

XPSStackpower,

XPSNo No No No

UplinksModular Uplinks

Modular Uplinks

Modular Uplinks

Modular Uplinks

Fixed UplinksFixed

uplinksFixed Uplinks Fixed Uplinks

Wireless 100 AP max 100 AP max 100 AP max 100 AP max 100 AP max 50AP max 50AP max 100 AP max

Stacking Module

Built-in Built-in Built-in Built-in N/A Optional Optional Optional

Memory/Flash 4GB /2GB 4GB /2GB 4GB /4GB 4GB /4GB 8GB /8GB 4GB /2GB 4GB /2GB 4GB / 4GB

Power Dual (FRU)Dual (FRU)

Dual (FRU) Dual (FRU) Dual (FRU) Dual (FRU)Single (Fixed),

RPS 2300Dual (FRU)

MACSEC 128 bit 128 bit 256 bit 256 bit 256bit 128 bit 256 bit 256 bit

HA SSO SSO SSO SSO,SSO,

StackwiseVirtual

SSO SSO SSO

Catalyst 3850/3650 VersionsSimilarities & Differences

For YourReference

BRKARC-3438 19

Looking Inside the Switch


Power Stack Conn (x2) Redundant Power Supplies

Fan FRU (x3)Back Stack Conn (x2)

Ethernet And Console Port

Cavium CPU

UADP ASICs

Ampere / Stack Power Controller

PoE+ Controllers (x2)

FRU Uplink Module

Catalyst 3850: Under the Covers…

Downlink Phys (x12)

BRKARC-3438 21

ASICs are a Pillar of Cisco Innovation…


Traditional ASIC Pipeline

Fixed Pipeline

MAC

Look

up

IPv4

Look

up

ACL

Look

up

QoS

Look

up

Fixed Parser

…

Look

up

…

Look

up

ACL

Look

up

QoS

Look

up

Fast Memory Lookup Tables

Traditional ASIC

Parses & Understands Fixed number of Bytes

Can lookup these Fields

IP PayloadEther

net

GREIPEthern

etIP Payload

Ethern

et

VXLA

NUDPIP

Ether

netIP Payload

Ether

net

LabelEthern

etIP Payload

GRE

VXLAN

MPLS

Not Supported in Hardware

BRKARC-3438 23


Cisco Innovation

In 2013 Cisco Introduced a new family of switches called Catalyst 3850

Based on UADP ASIC

(Unified Access Data Plane)

Future proofed for the technologies of tomorrow

BRKARC-3438 24


Some of the Key Capabilities of UADP ASIC

Flex Parser (256 Bytes)

&

Programmable Pipeline

(15 Ingress and 7

Egress)

Recirculation

Capability

(upto 16 times)

Micro Engines

(Fragmentation

Encryption

e.g, Macsec 256

bit)

No Compromise on Performance

BRKARC-3438 25


S

t

a

g

e

#

1

S

t

a

g

e

#

2

S

t

a

g

e

#

3

S

t

a

g

e

#

4

S

t

a

g

e

#

.

.

S

t

a

g

e

#

.

.

S

t

a

g

e

#

1

5

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

S

t

a

g

e

#

1

S

t

a

g

e

#

2

S

t

a

g

e

#

3

S

t

a

g

e

#

4

S

t

a

g

e

#

5

S

t

a

g

e

#

6

S

t

a

g

e

#

7

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

Ingress Programmable Pipeline

Egress Programmable Pipeline

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

Flex Parser

Flex Parser

IGR

EGR

SQSAQM

Egress Q Scheduler

Stack

Interface

RRE, SEC

Q

QQ

Q

RRE = Reassembly SEC = Crypto

AQM = Active Queue Management module

SQS = Stack Queues and Scheduler

Ingress

FIFO

Egress

FIFO

Rewrite

Block

Packet

Buffer

Ingress

Forwarding

Controller

Egress

Forwarding

Controller

Ingress Q

Scheduler

24 + 2

Ports

CPU

UADP ASIC – Block Diagram

S

t

a

g

e

#

1

S

t

a

g

e

#

2

S

t

a

g

e

#

3

S

t

a

g

e

#

4

S

t

a

g

e

#

.

.

S

t

a

g

e

#

.

.

S

t

a

g

e

#

1

5

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

S

t

a

g

e

#

1

S

t

a

g

e

#

2

S

t

a

g

e

#

3

S

t

a

g

e

#

4

S

t

a

g

e

#

5

S

t

a

g

e

#

6

S

t

a

g

e

#

7

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e



L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

Flex Parser

Flex Parser

IGR

EGR

Egress Forwarding Controller

(EFC)

Ingress Forwarding Controller

(IFC)

BRKARC-3438 26


Lets take a look at the Programmable Pipelines

Stage

#1

Stage

#2

Stage

#3

Stage

#4

Stage

#..

Stage

#..

Stage

#15

Lookup

TableLookup

Table

Stage

#1

Stage

#2

Stage

#3

Stage

#4

Stage

#5

Stage

#6

Stage

#7

Lookup

Table

Lookup

Table



Lookup

TableLookup

Table

Lookup

TableLookup

Table

Flex Parser

Flex Parser

IGR

EGR

15 Ingress Stages

7 Egress Stages

TCAM, SRAM

256 B Header

BRKARC-3438 27


Micro Code

ASIC

Micro Code

Software Features

OSPF MPLS ACLsL3/L

2

Look

up

MC

Look

up

span

Look

up

Polic

y

Look

up

Stag

e

#..

Tunn

eling

#..

NF

Look

up

PLC

ACL

Polic

y

Look

up

NF

Look

up

Stag

e

#3

Stag

e

#4

Stag

e

#5

Sec.

Look

up

Span

Look

up

PSE

NFC



QoS

FSE

FIBExM

Flex Parser

Flex Parser

IGR

EGR

Programmed to

understand

VXLAN

Programmed to

understand

MPLS

BRKARC-3438 28

UADP Variants


UADP 1.0External Name

First Generation of UADP ASIC


Catalyst 3650

Catalyst SFP Fiber

1G/10GEthernet

240GStacking Capacity

6MB

Packet Buffer

128 BitEncryption

24KNetflow Records

56G Bandwidth

First Programmable ASIC

BRKARC-3438 30


UADP 1.1External Name

Enhanced Version of UADP 1.0 ASIC

Catalyst 3850 Multigigabit

Catalyst 3850 SFP+

Catalyst 3650Multigigabit

1G/10G/40GEthernet

240GStacking Capacity

6MB x2

Packet Buffer

256 BitMACSEC Encryption

24K x2Netflow Records

148GEBandwidth

Catalyst 3650 Mini

Dual Core

Running @ 500MHz

1588

IEEE

Enhanced Power & Security Capability

BRKARC-3438 31


Common Infrastructure / HA

Management Interface

Module Drivers

Kernel

IOS XE EvolutionSame Look & Feel, More Powerful Architecture

IOS

IOS

Common Infrastructure / HA

Management Interface

Module Drivers

Kernel

IOS XE 3.7.x(SE)

Features Components

Hosted AppsIOSd

Features

Components

WCM

Wireshark

Open IOS XE 16.X

Hosted AppsIOSd

Features

Components

LXC*

LXC*

Crimson

DB

Common

Infrastructure / HA

Management

Interface

Module Drivers

Kernel

WCM

Wireshark

BRKARC-3438 32


UADP ASIC & Open IOS-XE Enables…

2.5-5G!

Cat 5e

Cables

WiF

i >

1G

MultiGigabit

SwitchMultiGigabit

Capable AP

Multigigabit

MPLS AVC

Campus Fabric Stackwise Virtual

Programmability

SW-1 SW-2

WS-C3850-48XS WS-C3850-48XS40G/10G

Core

CEP

PE

PE

P

PCE P

PE

PE

CE

CE

MPLS Domain

Label switched path

LDP session

BRKARC-3438 33


Most Importantly : Software Defined - Access

Insights & Telemetry Single Network FabricIdentity-based Policy & Segmentation

Decoupled security policy definition

from VLAN and IP Address to

enable rapid policy updates

Automation across wired and

wireless for optimized traffic flows,

and workflow-based management

provide consistency at scale

Analytics and insights into User

and application behavior for

proactive issue identification and

resolution

Industry’s first policy-based automation from the Edge to the Cloud


BRKARC-3467 : Cisco Enterprise Silicon - Delivering Innovation for Advanced Routing and Switching Thursday, Jun 29, 10:30 a.m. - 12:00 p.m. | Level 2, Lagoon I

BRKCRS-3300 : IOS XE : Enabling the Digital Network ArchitectureTuesday, Jun 27, 4:00 p.m. - 5:30 p.m. | Level 2, Breakers CD

TECCRS-2900: From the Gates to the GUI – Innovations in Enterprise Networking, Catalyst Switching,

and Beyond!Monday, Jun 26, 1:00 p.m. - 5:00 p.m. | MGM Grand, Level 3, Room 320

UADP ASIC Related Sessions

For YourReference

BRKARC-3438 35

Platform Architecture & Layouts


Catalyst 3850/3650—24 Port Layout

480G STACK INTERFACE

Packet Buffer

Forwarding Controller

Ingress

FIFO

Reassembly

Crypto

Egress

FIFO

Network Interface

24 x 1G 10/100/1000

24 Port PoE+

Octal PHY

MACSec*

Octal PHY

MACSec*

Octal PHY

MACSec*

Dual PHY

MACSec

Dual PHY

MACSec

800 MHz Quad-

Core CPU

ConsoleEMP

USB

FPGA

SDRAM

4GB

Flash

2GB

2 x 10G, 2 x 1G / 4 x 1G

UADP ASIC

Clock - 375 MHz /

56Gbps

BRKARC-3438 37



Catalyst 3850/3650—48 Port Layout

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Dual PHY

MACSec

Dual PHY

MACSec

800 MHz Quad-

Core CPU

ConsoleEMP

USB

FPGA

SDRAM

4GB

Flash

2GB

2 x 10G, 2 x 1G / 4 x 1G

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

UADP ASIC

Clock - 375 MHz /

56Gbps

24 x 1G 10/100/1000

24 Port PoE+

Octal PHY

MACSec*

Octal PHY

MACSec*

Octal PHY

MACSec*

24 x 1G 10/100/1000

24 Port PoE+

Octal PHY

MACSec*

Octal PHY

MACSec*

Octal PHY

MACSec*

Reassembly

Crypto

Reassembly

Crypto

BRKARC-3438 38


Catalyst 3850 MultiGigabit — 24 Port Layout

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Dual PHY

MACSec

Dual PHY

MACSec

Octeon-2

1.3 GHz

6-Core CPU

ConsoleEMP

USB

FPGA

SDRAM

4GB

Flash

2GB

2x40G, 8x10G, 4x10G,

2x1G 2x10G, 4x1G12 x 10G 100M/1G/2.5G/5G/10G

12 Port UPoE

10GB PHY

MACSec

10GB PHY

MACSec

10GB PHY

MACSec

UADP ASIC

Clock – 500 MHz / 80Gbps


12 x 10G 100M/1G/2.5G/5G/10G

10GB PHY

MACSec

10GB PHY

MACSec

10GB PHY

MACSec

Reassembly

Crypto

Reassembly

Crypto

Reassembly

Crypto

Reassembly

Crypto

12 Port UPoE

Core 1 Core 0 Core 1 Core 0

ASIC1 ASIC0

BRKARC-3438 39


12 Port UPoE

Catalyst 3850/3650 MultiGigabit—48 Port Layout

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

USB

FPGA

SDRAM

4GB

Flash

2GB

UADP ASIC

Clock – 500 MHz / 80Gbps


Dual PHY

MACSec

Dual PHY

MACSec

2x40G, 8x10G, 4x10G,

2x1G 2x10G, 4x1G12 x 10G 100M/1G

36 Port UPoE

OctalPHY

MACSec*

12 x 10G 100M/1G/2.5G/5G/10G

10GB PHY

MACSec

10GB PHY

MACSec

10GB PHY

MACSec

ConsoleEMP

Octeon-2

1.3 GHz

6-Core CPU

Reassembly

Crypto

Reassembly

Crypto

Reassembly

Crypto

Reassembly

Crypto

OctalPHY

MACSec*

OctalPHY

MACSec*

OctalPHY

MACSec*OctalPHY

MACSec*


ASIC1 ASIC0

BRKARC-3438 40


C3850-12XSArchitecture Overview

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Dual PHY

MACSec

Cavium

1.3 GHz

6-Core CPU

ConsoleEMP

USB

FPGA

SDRAM

4GB

Flash

4GB

4x10G, 2x1G 2x10G,

4x1G

UADP ASIC

Clock – 500 MHz / 80 Gbps


10G PHY

MACSec

10G PHY

MACSec

Reassembly

Crypto

Reassembly

Crypto


UADP

ASIC0

1x6 10G SFP+1x6 10G SFP+

BRKARC-3438 41


Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Packet Buffer


Ingress

FIFO

Egress

FIFO

Network Interface

Dual PHY

MACSec

Dual PHY

MACSec

Cavium

1.3 GHz

6-Core CPU

ConsoleEMP

USB

FPGA

SDRAM

4GB

Flash

4GB

2x40G, 8x10G, 4x10G1x6 10G SFP+

10G PHY MACSec 10G PHY MACSec

UADP ASIC



Reassembly

Crypto

Reassembly

Crypto

Reassembly

Crypto

Reassembly

Crypto


UADP

ASIC1

UADP

ASIC0

1x6 10G SFP+ 1x6 10G SFP+

10G PHY MACSec

1x6 10G SFP+

C3850-24XSArchitecture Overview

BRKARC-3438 42


Packet Buffer

Forwarding

Controller

Ingr

ess

FIF

O

Egr

ess

FIF

O

Network Interface

Packet Buffer

Forwarding

Controller

Ingr

ess

FIF

O

Egr

ess

FIF

O

Network Interface

Reass

embly

Crypt

o

Reass

embly

Crypt

o

Catalyst 3850 SFP+ 48 Port – Block Diagram

Dual PHY

MACSec

Dual PHY

MACSec

Cavium

1.3 GHz

6-Core CPU

ConsoleEMP

USB

FPGA

SDRAM

8GB

Flash

8GB

2x40G, 8x10G, 4x10G2 x 12 10G SFP+

10G PHY

MACSec

10G PHY

MACSec

10G PHY

MACSec

UADP ASIC



2 x 12 10G SFP+

10G PHY

MACSec

10G PHY

MACSec

10G PHY

MACSec

Packet Buffer

Forwarding

Controller

Ingr

ess

FIF

O

Egr

ess

FIF

O

Network Interface

Packet Buffer

Forwarding

Controller

Ingr

ess

FIF

O

Egr

ess

FIF

O

Network Interface

Reass

embly

Crypt

o

Reass

embly

Crypt

o

Packet Buffer

Forwarding

Controller

Ingr

ess

FIF

O

Egr

ess

FIF

O

Network Interface

Packet Buffer

Forwarding

Controller

Ingr

ess

FIF

O

Egr

ess

FIF

O

Network Interface

Reass

embly

Crypt

o

Reass

embly

Crypt

o

Packet Buffer

Forwarding

Controller

Ingr

ess

FIF

O

Egr

ess

FIF

O

Network Interface

Packet Buffer

Forwarding

Controller

Ingr

ess

FIF

O

Egr

ess

FIF

O

Network Interface

Reass

embly

Crypt

o

Reass

embly

Crypt

o

ASIC 0

Core 0 Core 1

ASIC 1

Core 0 Core 1

ASIC 2

Core 0 Core 1

ASIC 3

Core 0 Core 1

BRKARC-3438 43


Number of ASICs in different versions of Switches

Product Version UADP Version Number of ASIC Cores Clock Speed Total Bandwidth

Available

24 Port 3850/3650 1.0 1 375 MHz 56 G

48 Port 3850/3650 1.0 2 375 MHz 112 G

12/24 Port 3850 SFP 1.0 1 375 MHz 56 G

12 Port 10G 3850 1.1 2 500 MHz 160 G

24/48 Port mGig 3850s 1.1 4 500 MHz 320 G

24 Port mGig 3650 1.1 4 500 MHz 160 G

48 Port mGig 3650 1.1 4 500 MHz 320 G

24 Port 10G 3850 1.1 4 500 MHz 320 G

48 Port 10G 3850 1.1 8 500 MHz 640 G

For YourReference

BRKARC-3438 44


Port Mappings – Platform Level Command

Cat3850-2#show platform port-asic ifm mappings local-port switch 1

Mappings Table

LPN ASIC Port Interface IIF-ID Active

1 1 7 Te1/0/1 0x010096000000000e Y

2 1 6 Te1/0/2 0x0104c20000000010 Y

3 1 5 Te1/0/3 0x0106e34000000012 Y

4 1 4 Te1/0/4 0x0102258000000014 Y

5 0 4 Te1/0/5 0x010263c000000016 Y

6 0 5 Te1/0/6 0x0101884000000018 Y

7 0 6 Te1/0/7 0x01061c400000001a Y

8 0 7 Te1/0/8 0x010319000000001c Y

9 1 0 Te1/0/9 0x0103430000000053 Y

...

...

...

For YourReference

BRKARC-3438 45

Packet Walks


A

Q

M

Egress Q Scheduler

S

Q

S

Stack

InterfaceRRE

SEC


Ingress

FIFO

Egress

FIFO

Packet

Rewrite

Packet

Buffer

Ingress

Forwarding

Controller

Egress

Forwarding

Controller

Ingress Q

Scheduler

24 + 2

Ports

En-QueueDe-Queue

Local Switching - Across Ports Within an ASIC

BRKARC-3438 47


A

Q

M

Egress Q Scheduler

S

Q

S

Stack

InterfaceRRE

SEC


Ingress

FIFO

Egress

FIFO

Packet

Rewrite

Packet

Buffer

Ingress

Forwarding

Controller

Egress

Forwarding

Controller

Ingress Q

Scheduler

24 + 2

Ports

En-Queue De-Queue

Remote Switching: Ingress Switch Across ASICs/Stack Members

BRKARC-3438 48


A

Q

M

Egress Q Scheduler

S

Q

S

Stack

InterfaceRRE

SEC


Ingress

FIFO

Egress

FIFO

Packet

Rewrite

Packet

Buffer

Ingress

Forwarding

Controller

Egress

Forwarding

Controller

Ingress Q

Scheduler

24 + 2

Ports

En-QueueDe-Queue

Remote Switching: Egress Switch Across ASICs/Stack Members

BRKARC-3438 49


AQ

M

Egress Q Scheduler

SQ

S

Stack

InterfaceRRE

SEC


Ingress

FIFO

Egress

FIFO

Packet

Rewrite

Packet

Buffer

Ingress

Forwarding

Controller

Egress

Forwarding

Controller

Ingress Q

Scheduler

24 + 2

Ports

En-QueueDe-Queue

Multicast Local Replication: Within the ASIC

BRKARC-3438 50


A

Q

M

Egress Q Scheduler

S

Q

S

Stack

InterfaceRRE

SEC


Ingress

FIFO

Egress

FIFO

Packet

Rewrite

Packet

Buffer

Ingress

Forwarding

Controller

Egress

Forwarding

Controller

Ingress Q

Scheduler

24 + 2

Ports

En-Queue De-Queue

Multicast Remote Replication: Across the ASIC - Ingress

BRKARC-3438 51


A

Q

M

Egress Q Scheduler

S

Q

S

Stack

InterfaceRRE

SEC


Ingress

FIFO

Egress

FIFO

Packet

Rewrite

Packet

Buffer

Ingress

Forwarding

Controller

Egress

Forwarding

Controller

Ingress Q

Scheduler

24 + 2

Ports

En-QueueDe-Queue

Multicast Remote Replication: Across the ASIC - Egress

BRKARC-3438 52


Future Proofed for 802.11ac and beyond

64 B Line Rate (56

Gbps)

84 Mpps Switching Capacity

1/10G Ethernet

Minimal added

latency with Recirculation

(1/2 us)

Downlinks24G

64 B Frame BW – 56G/ASIC

Uplinks20G

CPU2G

Recirculation10G

Catalyst 3850 / 3650 –UADP Performance – 375 MHz Clock Speed

BRKARC-3438 53


Future Proofed for 802.11ac and beyond

64 B Line Rate (80

Gbps)

84 Mpps Switching Capacity

1/10G/40G Ethernet

Minimal added

latency with Recirculation

(1/2 us)

Downlinks + Uplinks68G

64 B Frame BW – 56G/ASIC

CPU2G

Recirculation10G

Catalyst 3850 / 3650 –UADP Performance – 500 MHz Clock Speed

BRKARC-3438 54

Stacking Architecture


The Stack Ring480 Gbps capacity

Stack Interfaceof UADP

ASIC

Stack Interface of UADP ASIC

6 Rings in the Stack

UADP ASIC

Assuming 4 x 24-port 3850 Switches

• 6 rings in total

• 3 rings go East

• 3 rings go West

• Each ring is 40Gbps

• 240Gbps uni-direction

• Spatial Reuse= 480Gbps

BRKARC-3438 56


Unicast Packet Path on the Stack Ring

Creating Segments

Re-ordering segments

13Assuming4 x 24-port3850 Switches

42

Packet segmented into 256 bytes

Packet travels half the ring for unicast traffic

Segments reordered at destination stack port

Destination strips the packet off the stack ring

BRKARC-3438 57


Stack Ring Spatial Reuse

13

13

Assuming4 x 24-port3850 Switches

42

42

Credit based system on the Stack Ring

Multiple stack ports grab the ring that is free and they have credits on to transmit

Increases the stack ring bandwidth to 480Gbps

BRKARC-3438 58


Multicast Packet Path on Stack Ring

13Assuming4 x 24-port3850 Switches

42

One copy of the source packet is placed on the rings

Interested Stack Ports grab the segments when they see them

Packet segments travel the whole ring back to source

The source strips these segments off the ring (Source Stripping)

Results in efficient replication of multicast traffic for multiple Stack Port receivers

BRKARC-3438 59


Resiliency – StackWise-160

• Modular Stacking (Optional)

• New stack adapters

• New connectors and copper cables

• Stack Bandwidth

• 80 Gbps bi-directional

• 160 Gbps with spatial reuse

• Stateful Switch Over (SSO)

• Faster Convergence (vs 3750-X)

• Active-Standby model

• Improved Central synchronization on

Active Switch for Wired+Wireless

• Tunnel SSO ensures AP, MA-MC

connectivity during failover

Assuming 4 x 24-port 3650 Switches

BRKARC-3438 60


How many Can I stack together?

Up to 9

Enforced by Software Limited in ASIC

Up to 32

Cores

BRKARC-3438 61

High Availability


Catalyst 3850 Stack vs. Catalyst 6500

• Active and Standby Members run IOSd, WCM, etc.

• Synchronize information

• Active controls Data plane programing for all members

• Member switches act as Line cards–connected via the Stack Cable

A

S

• Active and Standby Supervisors

• Run IOS on Supervisors

• Synchronize information

• Active programs all DFCs

• DFCs run a subset of IOS for LCs

AS

BRKARC-3438 63


CPU/Memory

Forwarding ASIC

Front Panel

Ports

CPU/Memory

Forwarding ASIC

Front Panel

Ports

CPU/Memory

Forwarding ASIC

Front Panel

Ports

Centralized Control Plane – Scalable Distributed Data Plane

Active Processor

Switch

Standby Processor

Switch

Line Card Member

Switch

Catalyst 3850 System Architecture

BRKARC-3438 64


Stack Interfaces brought online

Infra and LC Domains boot in parallel

Stack Discovery Protocol discovers Stack topology – broadcast, followed by neighborcast

In full ring, discovery exits after all members are found.

In half ring, system waits for 2mins

Active Election begins afterDiscovery exits

InfraLC

InfraLC

InfraLC

InfraLC

Stack port 1 cable is connected and the link is up

Stack port 2 cable is connected and the link is up

Waiting for 120 seconds for other switches to boot

%IOSXE-1-PLATFORM: process stack-mgr: %STACKMGR-1-DISC_START: Switch 3 is starting stack discovery.

##All switches in the stack have been discovered

Switch number is 3

%IOSXE-1-PLATFORM: process stack-mgr: %STACKMGR-1-DISC_DONE: Switch 3 has finished stack discovery.

%IOSXE-1-PLATFORM: process stack-mgr: %STACKMGR-1-SWITCH_ADDED: Switch 3 has been added to the stack.

Stack Discovery

BRKARC-3438 65


1) The stack (or switch) whose member

has the higher user configurable

priority 1–15

2) The switch or stack whose member

has the lowest MAC address

A

%IOSXE-1-PLATFORM: process stack-mgr: %STACKMGR-1-ACTIVE_ELECTED: Switch 3 has been elected ACTIVE.

Stack Active Election

BRKARC-3438 66


RP InfraLC

RP Infra

InfraLC

InfraLC

SLC

Active starts RP Domain (IOSd, WCM, etc) locally

Programs hardware on all LC Domains

Traffic resumes once hardware is programmed

Starts 2min Timer to elect Standbyin parallel

Active elects Standby

Standby starts RP Domain locally

Starts Bulk Sync with Active RP

Standby reaches “Standby Hot”

A

2min timer

%STACKMGR-1-STANDBY_ELECTED: 3 stack-mgr: Switch 2

has been elected STANDBY.

GUIDELINE#show switch

Switch/Stack Mac Address : 2037.0652.a580 - Local Mac Address

Mac persistency wait time: Indefinite

H/W Current

Switch# Role Mac Address Priority Version State

------------------------------------------------------------

1 Member 2037.0653.ca80 5 P6A Ready

2 Standby 2037.0653.db00 10 P6A HA sync in progress

*3 Active 2037.0652.a580 15 V01 Ready

GUIDELINE#show switch

Switch/Stack Mac Address : 2037.0652.a580 - Local Mac Address

Mac persistency wait time: Indefinite

H/W Current

Switch# Role Mac Address Priority Version State

------------------------------------------------------------

1 Member 2037.0653.ca80 5 P6A Ready

2 Standby 2037.0653.db00 10 P6A Ready

*3 Active 2037.0652.a580 15 V01 Ready

Stack Initialization


A

S

Power up the first Switch that you want to make it as Active

Configure Priority of the switch (1-15) – 1 by default – the higher the better

Power up the second member that you want to make as Standby & then power up rest of the members

To add a member to an existing stack plug in the stack cable first, then power up the switch

Avoid stack Merge & Stack split if possible

Catalyst3850#switch 1 priority 15




HA Best Practices & Recommendations

BRKARC-3438 68


Stack discovery initiated and completed

Plug in the member, completing full ring

Power up the member

Stack Discovery process runs and completes immediately afterdiscovery happens

Active detects the new addition, and programs the hardware of the member

Active is not pre-empted by powering on another member even if it wasHigh Priority

InfraLC

A

S

RP

RP

Stack Member Addition

BRKARC-3438 69


A

S

Stack discovery initiated and completed

Active detects member removal – and

Clean up process is initiated

Clean-up involves removing TCAM

entries referencing removed member,

MAC addresses, CDP tables – more

like all ports on the member are

shutdown

Configuration is moved to

Pre-Provisioned state

Stack Member Deletion

BRKARC-3438 70


A

S

Stack speed is reduced by half because ofthe half ring

The top side of the split remains stable,Active initiating Clean up for themembers data

Lower Side of the Stack reboots - Active election is held on the lower side of the split

Active starts RP domain locally and programs local hardware as well as that of the member

Active elects Standby (after 2 min timer), and signals Standby to start its RP Domain

Active and Standby perform Bulk Sync aspart of HA – where lower member isStandby-Hot

A

S

RP

RP

Stack Split – Double Failure – Scenario #1

BRKARC-3438 71


A

S

Full ring is restored

Stack Discovery runs to build Stack topology with broadcast and neighborcast packets

HA detects there are two Active switches (1 and 2) in Stack

Whole Stack reboots

Stack initialization happens as before

Configuration of the Active elected is downloaded on all members

A

S

RP

RP

RP

RP

RP S

1

2

3

4

Stack Merge – Two Active members in one Stack

BRKARC-3438 72

Stackwise Virtual


StackWise Virtual Architecture

• Cisco StackWise Virtual extends proven back-panel technology over front-panel network ports

• Cisco StackWise Virtual simplifies the Distribution-Layer with two common 3850-48XS series chassis into single logical entity

SW-1

SW-2

WS-C3850-48XS

SW-1

SW-3

SW-4

SW-5

SW-6

SW-7

SW-8

SW-9

SW-2

WS-C3850-48XS

Access-1

Dist-1

40G/10G

Extending StackWise Architecture

BRKARC-3438 74


StackWise Virtual Architecture

• StackWise Virtual supports Unified control and management plane architecture

• StackWise Virtual supports fully distributed forwarding architecture

• Complex network designs gets simplified with Multi-Chassis EtherChannels (MEC)

Distribution

SW-1 SW-2

WS-C3850-48XS WS-C3850-48XS40G/10G

Access

Core

Core

Unified Forwarding Architecture

BRKARC-3438 75


CTHCRS-1300 : Advances in High Availability for the Campus Monday, Jun 26, 2:00 p.m. - 2:30 p.m. | Level 3, Palm Foyer

TECCRS-2001 : Intermediate - Enterprise High Availability Design and Architecture Sunday, Jun 25, 8:00 a.m. - 5:00 p.m. | Level 2, Breakers L

High AvailabilityRelated Sessions

For YourReference

BRKARC-3438 76

Stack Power


StackPower - Overview“Zero-Footprint” RPS deployment

• Provides RPS functionality with Zero RPS Footprint

• Pay-as-you-grow architecture – similar to the Data Stack

• 1+N Redundancy with Inline Power

• Up to 4 Switches in a StackPower Ring

• Multiple StackPower Possible within one Data Stack

• Up to 9 Switches in a star topology with XPS

BRKARC-3438 78


Power Budget Modes

2530W – 30W

715 W

715 W

1100 W

2530W-1100W – 30W

715 W

715 W

1100 W

Power Sharing Mode Redundant Mode

• The Default Mode - Pools Power from All PS

• Total POE Budget = Sum of All PS – 30W

• User Configurable – Reserves the Largest PS

• Total POE Budget = Sum of All PS – Largest PS - 30W

Global StackPower Reserve = 30 ~ 60W

BRKARC-3438 79


How StackPower Works?

715 W

StackPower

Switch 1

Switch 2

Switch 3

Switch 4

1100W AC

715W AC

Power Sharing Mode – Default Mode

WS-C3850-24U#sh stack-power

Power Stack Stack Stack Total Rsvd Alloc Unused Num Num

Name Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS

-------------------- ------ ------- ------ ------ ------ ------ --- ---

MDF SP-PS Ring 5115 55 1010 4050 4 5

BRKARC-3438 80


How StackPower Works?

715 W

StackPower

Switch 1

Switch 2

Switch 3

Switch 4

1100W AC

715W AC

Redundant Mode

WS-C3850-24U#sh stack-power detail

Power Stack Stack Stack Total Rsvd Alloc Unused Num Num

Name Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS

-------------------- ------ ------- ------ ------ ------ ------ --- ---

MDF SP-R Ring 5115 1135 1010 2970 4 5

3850(config)#stack-power stack MDF

3850(config-stackpower)#mode redundant

BRKARC-3438 81


System Power Reserved

Catalyst3850/3650 Version System Power

Reserved

Catalyst3850/3650 Version System Power

Reserved

24 Port 3850 Copper (Data/PoE/PoE+/UPoE) 200 48 Port 3850 Fiber SFP+ 280

48 Port 3850 Copper (Data/PoE/PoE+/UPoE) 280 24 Port 3850 mGig 520

12 Port 3850 Fiber SFP 200 48 Port 3850 mGig 470

24 Port 3850 Fiber SFP 200 24 Port 3650 200

12 Port 3850 Fiber SFP+ 300 48 Port 3650 280

24 Port 3850 Fiber SFP+ 410

For YourReference

• 30~60W StackPower Reserve

• System Power is Reserved based on different PIDs

BRKARC-3438 82

Scale - TCAM, Queues, Memory, ACLs…


S

t

a

g

e

#

1

S

t

a

g

e

#

2

S

t

a

g

e

#

3

S

t

a

g

e

#

4

S

t

a

g

e

#

.

.

S

t

a

g

e

#

.

.

S

t

a

g

e

#

1

5

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

S

t

a

g

e

#

1

S

t

a

g

e

#

2

S

t

a

g

e

#

3

S

t

a

g

e

#

4

S

t

a

g

e

#

5

S

t

a

g

e

#

6

S

t

a

g

e

#

7

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e



L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

Flex Parser

Flex Parser

IGR

EGR

SQSAQM

Egress Q Scheduler

Stack

Interface

RRE, SEC

Q

QQ

Q


Ingress

FIFO

Egress

FIFO

Rewrite

Block

Packet

Buffer

Ingress

Forwarding

Controller

Egress

Forwarding

Controller

Ingress Q

Scheduler

24 + 2

Ports

CPU

UADP ASIC – Block Diagram

S

t

a

g

e

#

1

S

t

a

g

e

#

2

S

t

a

g

e

#

3

S

t

a

g

e

#

4

S

t

a

g

e

#

.

.

S

t

a

g

e

#

.

.

S

t

a

g

e

#

1

5

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

S

t

a

g

e

#

1

S

t

a

g

e

#

2

S

t

a

g

e

#

3

S

t

a

g

e

#

4

S

t

a

g

e

#

5

S

t

a

g

e

#

6

S

t

a

g

e

#

7

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e



L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

L

o

o

k

u

p

T

a

b

l

e

Flex Parser

Flex Parser

IGR

EGR

Egress Forwarding Controller

(EFC)

Ingress Forwarding Controller

(IFC)

SRAM/TCAM

BRKARC-3438 84


TCAM and SRAM

12 K TCAM

SRAM

Switch#show platform hardware fed switch act fwd-asic resource tcam utilization

CAM Utilization for ASIC Instance [0]

Table Max Values Used Values

--------------------------------------------------------------------------------

Unicast MAC addresses 32768/512 15/21

L3 Multicast groups 4096/512 0/7

L2 Multicast groups 4096/512 0/9

Directly or indirectly connected routes 16384/7168 2/18

QoS Access Control Entries 2560 88

Security Access Control Entries 3072 114

...

...

Netflow ACEs 768 15

Input Security Associations 256 4

Output Security Associations and Policies 256 5

OUTPUT_GROUP_LE 6144 0

Macsec SPD 256 2

Switch#

BRKARC-3438 85


3MB-4MB EQC

Packets to Egress Port Queues

0.75MB-1MB SQS

Packets from the Stack And Locally Switched Packets

0.6MB

Packet Holding Buffer

0.5MB-1MB IQS

Packets going to Stack

6MB Packet Buffer

BRKARC-3438 86


TAQs 3 & 4

Reserved for

Security ACLs

1

5

3

6

E

n

t

r

i

e

s

256 Bits Entries Each (512

for IPv6 Entries)

RACL Region

PACL

Region

VACL

Region

GACL

Region

Regions are flexible BUT cannot span across TAQs

ACL Resources

IPv4 Entries 3000 Entries

IPv6 Entries Half the IPv4

One type of IPv4 ACL (RACL,

PACL, VACL, GACL*)

1500 Entries

L4OPs/Label 8 L4OPs

Ingress VCUs 196

Egress VCUs 92

• GACL (Group Client ACL) – Any dot1x client attached features like dACL,

QoS, Filter ID, Per User ACLs are in GACL region

• Order of Processing : GACL PACL VACL RACL

• TAQ – ACL TQD (TCAM Quads)

• VCU = Value Comparison Unit

Catalyst 3850 – TCAM & ACL Scale

BRKARC-3438 87


FnF fully integrated in the ASIC – NO performance impact

Ingress & Egress FnF supported on all ports, VLANs & SSIDs

System Scalability: 24K flows / ASIC

IPv4 & IPv6 capable

Catalyst 3850 – Netflow Scale

Configuring FNF involves 4 major steps:

BRKARC-3438 88


QoS Scale Numbers

Class-maps (Ingress) 1024

Class-maps (egress) 512

Table-maps (ingress) 16

Table-maps (egress) 16

Aggregate Policers 2000

Microflow Policers (wireless) 24000

Wired Queues/port 8 queues

Wireless Queues/port 4 queues

Buffer/ASIC Core 6 MB

Catalyst 3850 – QoS Scale

BRKARC-3438 89


Key Differences – Catalyst 3850/3650 vs 3750-X/E

• MQC

• Trust by Default

• 8 Queues 1P7Q3T OR 2P6Q3T

• 6 MB Buffer per ASIC

• HQoS – 2 Level Hierarchical Policy

• MLS QoS

• Untrust by Default

• 4 Queues Per Port – 1P3Q3T

• 2 MB Buffer per ASIC

• No HQoS

Catalyst 3750-XCatalyst 3850

BRKARC-3438 90


Network

Interface

Catalyst 3850/3650 – QoS Model

Policing

WTD

Trust (By

Default)

Classification

Unconditional

Marking

Conditional

Marking

1P7Q3T

2P6Q3T

Q0

Q1

Q2

Q3

Q4

Q5

Q7

WTD

WTD

WTD

WTD

WTD

WTD

WTD

Scheduler

Q6

PolicingConditional

Marking

Unconditional

Marking

BRKARC-3438 91


Policing

Action

B<Tc

Conform Exceed

CBS

CIR

Yes

No

Action

Packet ofSize B

Action

B>Tp

Violate

PBS

PIR

Yes

No

Packet ofSize B

Action

B>Tc

Exceed

CBS

Yes

No

Conform

Action

CIR

police cir 100000000 bc 3125000 conform-

action set-dscp-transmit af41 exceed-action

drop

police cir percent 10 pir percent 50

conform-action transmit exceed-action set-

dscp-transmit af11 violate-action drop

1 Rate 2 Color 2 Rate 3 Color

BRKARC-3438 92


Catalyst 3650/3850 Campus QoS DesignWired Port Egress Queuing (2P6Q3T with WTD) Model

BWR =

Bandwidth

Remaining

WTD =

Weighted

Tail

Drop

PQ Level 2 (20%)

Network Management

Signaling

Realtime Interactive

Transactional Data

Multimedia Conferencing

Bulk Data

AF2

CS3

CS4

AF4

CS2

AF1

Scavenger CS1

Best Effort DF

Multimedia Streaming AF3

Broadcast Video

VoIP

Application

CS5

EF

Internetwork Control CS6

DSCP

Network Control (CS7)

2P6Q3T

PQ Level 1 (10%)EF

CS5

CS4

Q6

(BWR 10%)

CS7 & CS6

CS3 & CS2

Q5

(BWR 10% + WTD)

Q4

(BWR 10% + DSCP-Based WTD)

Q3


Q2


Q1 (BWR 25%)DF

AF1

CS1

AF2

AF3

AF4

BRKARC-3438 93


Catalyst 3850 – SD-Access Scale

Fabric Constructs Maximum Supported

Fabric Edge Relevant Scale

Virtual Networks 64

Groups (SGTs) 4096

SGACLs (Security ACEs) 1500

Fabric Border Relevant Scale

Virtual Networks 64

Groups (SGTs) 4096

SGACLs (Security ACEs) 1500

Fabric Control Plane Entries 4096

IPv4 Routes 8K

IPv4 Host Entries 16K

BRKARC-3438 94

Catalyst 3850/3650 Software


Organizations can no longer rely on perimeter

devices to protect the network from cyber

intrusions… There has never been a greater

need to improve network infrastructure security.

Alert TA16-251A, September 2016

Holistic Approach Security Expertise

and Innovation

Built for

Today’s Threats

Evidence of Trust

Trustworthy SystemsSecure by Design


MacSec

Encryption

Secure Hardware

Development

Anti-Counterfeit

Phase 2 (ACT2)

Secure Storage

Secure UDI

HW Entropy

Data at Rest Encryption Boot Code

Hardening

Secure Hardware Development – ACT2 Chip

BRKARC-3438 97

http://www.lynxnetworks.co.uk/images/uploaded/cisco_hologram.3773649.jpg

http://www.lynxnetworks.co.uk/images/uploaded/cisco_hologram.3773649.jpg


Secure Software Development – Secure Boot

ROMMON

ROMMON

1 2 3 4

BRKARC-3438 98


Trustworthy Systems - Features Supported

Feature Cat 3k

Image Signing Yes

Secure Boot Yes

Anti-Counterfeit Check Yes

Trust Anchor Module Yes

PnP SUDI Support Yes

Run Time Defenses Yes

X.509v3 SSH Authentication Yes

BRKARC-3438 99


Software-Defined Access

APIC-EMNetwork Data Platform Identity Services Engine

Routers Switches Wireless AP WLC

DNA Center

DESIGN PROVISION POLICY ASSURANCE

DNA Center:

Simple Workflows

Solution Components


CTHCRS-1800 : DNA SD-Access - Building the Fabric DemonstrationTuesday, Jun 27, 9:30 a.m. - 10:00 a.m.

INSCRS-1006 : Redefining Access and Campus NetworksTuesday, Jun 27, 12:00 p.m. - 12:30 p.m.

PSOCRS-2003 : A Revolutionary New Way to Build and Manage Digital Ready NetworksTuesday, Jun 27, 5:00 p.m. - 6:00 p.m.

CCP-2001 : DNA SD-Access - RoadmapWednesday, Jun 28, 4:00 p.m. - 5:30 p.m.

LTRCRS-2810 : DNA SD-Access - Hands-On LabWednesday, Jun 28, 1:00 p.m. - 5:00 p.m.

Thursday, Jun 29, 8:00 a.m. - 12:00 p.m.

Software Defined Access Related Sessions

For YourReference

BRKARC-3438 101


LTRCRS-2450 : DNA Campus Fabric - Programmability LabTuesday, Jun 27, 8:00 a.m. - 12:00 p.m.

BRKCRS-2410 : Cisco Network Data Platform for Campus NetworksTuesday, Jun 27, 1:30 p.m. - 3:30 p.m.

Wednesday, Jun 28, 8:00 a.m. - 10:00 a.m.

BRKMPL-2114 : Integrating Campus / DC fabrics with MPLSWednesday, Jun 28, 8:00 a.m. - 10:00 a.m.

BRKSDN-2314 : Declarative Policy Models for Agile Network ConsumptionWednesday, Jun 28, 4:00 p.m. - 5:30 p.m.

BRKCRS-2700 : Evolution of the Enterprise Network: Cisco Digital Network Architecture Wednesday, Jun 28, 8:00 a.m. - 10:00 a.m.

BRKCRS-2893 : Choice of Segmentation and Group based Policies for Enterprise NetworksThursday, Jun 29, 10:30 a.m. – 12:00 p.m.

BRKARC-3467 : Cisco Silicon - Delivering Innovation for Advanced Routing and SwitchingThursday, Jun 29, 10:30 a.m. – 12:00 p.m.

Software Defined Access Related Sessions

For YourReference

BRKARC-3438 102


Programmability & Data Models

NETCONF

RESTCONF*

gRPC*

Device Features

Interface BGP QoS ACL …

Data Model

NETCONF RESTconf gRPC(YANG) Data Model

Open

Models

Native

Models

Open

Models

Native

Models

Configuration Operation Data

Models

* = Roadmap

BRKARC-3438 103


Network Device Lifecycle

Install

Configure

Optimize

Upgrade

Goal:

Apply configuration to the

device

Tools:

Data Models

Programmable Interfaces

Python Scripting

Goal:

Continuously upgrade

network, incrementally

and safely

Tools:

Patching

Config/Replace

Goal:

Get devices into an operational state

Provisioning Automation Tools:

PXE, ZTP, PnP

Python Scripting

Goal:

Add dynamic services,

optimize behavior and

trouble shooting

Tools:

Telemetry

BRKARC-3438 104


Cisco MultiGigabit – Now IEEE 802.3bz

2.5-5G!

Cat 5e Cables

WiFi > 1G

MultiGigabitSwitch

MultiGigabitCapable AP

Cisco MultiGigabit enables various use cases

Server in a

BranchDigital Imaging High Definition

Cameras

Uplink Extension 802.11ac wave 2

APs


Cisco POE Innovations

Delivering robust and resilient power infrastructure

Fast POE

Perpetual POE

2-event classification

Fast power negotiation without LLDP

Physical layer negotiation < 1s

(config-if)#power inline port 2-event

Uninterrupted POE power during control plane reboot

(config-if)#power inline port poe-ha

Bypasses IOS control plane boot

Restores power to PD within 30sec of power restore

(config-if)#power inline port poe-ha


Constrained Application Protocol (CoAP)

Made for millions of nodes operating in the constrained environment

Based on REST (GET PUT POST)

Lets ‘You’ chose the date Model

Open IETF Standard (RFC

7252)

Secure

• Endpoints need to talk to each other

• Endpoint are low on memory and code space

• Need a light weight protocol for the endpoints to communicate

• Standard should be open and support APIs for Industry acceptance

RES

T


Challenges of Today’s Network

HTTP

FTP

POP3

IMAP

HTTPS

SMTP

80

20/21

110

143

443

25

Yesterday’s Applications Today’s ApplicationsL7

L6

L5 AV

C

L4

L3

L2

L1

Netflo

w

BRKARC-3438 108


Enabling and Monitoring AVC – CLI

CLI

switch# show run int g1/0/23

Building configuration...

interface GigabitEthernet1/0/23

switchport access vlan 193

ip nbar protocol-discovery

end

switch# show ip nbar protocol-discovery top-n

GigabitEthernet1/0/23

Input Output

----- ------

Protocol Packet Count Packet Count

Byte Count Byte Count

5min Bit Rate (bps) 5min Bit Rate (bps)

5min Max Bit Rate (bps) 5min Max Bit Rate

------------------------ ------------------------ ------------------------

youtube 356 187

264713 25603

0 0

6000 3000

bing 2741 2384

493258 423925

0 0

3000 3000


• Filter Monitoring Over

Ingress/Egress interfaces

and direction

• Identify Top Talkers

• Monitor Data over 2, 24

or 48 hours

• Monitor percentage

Bandwidth usage

WebUI – Monitoring AVC

BRKARC-3438 110


Line of business – BU segmentation Payment Card Industry Hospital Network

Bring-Your-Own-Device (BYOD) Mergers and Acquisitions Multi-Tenancy

POS

Network Other

NetworkDoctor Staff

Medical Device

MPLS Enables Network Segmentation in Campus

INTERNET

BRKARC-3438 111

Wrap up…


Catalyst 3850/3650 is built on Robust Architecture

+UADP IOS 16.x

The Combination of UADP and IS-XE 16.x Makes your Network Ready and Future proofed

BRKARC-3438 113


2013 20172015

Future proofed for the technologies of tomorrow


Secure IoTConvergence

Mobility Cloud Energy Efficient

Investment Protection

Industry’s First (Enterprise):• X86 CPU

• 100% Model Driven

• Software Patching

Future Proofed:• NG-Wifi (IEEE 802.11ax)

• 802.3bt Ready

• 25G Ethernet

Industry’s Unmatched:• HA

• Multi-gigabit density

• UPoE scale

Catalyst 9000 Family

Converged OS

Open IOS-XE

Converged ASIC

UADP 2.0

Converged

Licensing

Packaging

Catalyst 9300 Lead Fixed Access

Catalyst 9400Lead Modular Access

Catalyst 9500Lead Fixed Core

BRKARC-3438 115


BRKARC-2035 - The Catalyst 9000 Switch Family - An Architectural ViewWednesday, Jun 28, 4:00 p.m. - 5:30 p.m. | Level 2, Lagoon H

BRKARC-3863 - Catalyst Fixed Access Switching Architecture (9300)Thursday, Jun 29, 10:30 a.m. - 12:00 p.m. | Level 3, Palm D

BRKARC-3873 Catalyst Modular Access Switching Architecture (9400)Monday, Jun 26, 8:00 a.m. - 9:30 a.m. | Level 2, Lagoon IThursday, Jun 29, 10:30 a.m. - 12:00 p.m. | Level 3, South Seas C

Catalyst 9000 Related Sessions

For YourReference

BRKARC-3438 116


What to Do Next?

Get SD-Access Capable Devices

with DNA Advantage OS License

Get DNA Center Appliances

with DNA Center Software

Cisco Services can help you

to Test - Migrate - Deploy

Refresh your

Hardware and Software

Deploy the

DNA Center

SD-Access

Capable

Engage

Cisco Services

DNA

Center

Cisco

Services

Advisory

Implementation

Technical

Optimization Training

Managed

BRKARC-3438 117


• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card.

• Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

http://www.ciscolive.com/us

http://ciscolive.com/Online

http://ciscolive.com/Online

http://www.ciscolive.com/Online


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions

BRKARC-3438 119

Thank you

Date post:	09-May-2018
Category:	Documents
Upload:	buithuan
View:	385 times
Download:	11 times

Cisco Catalyst 3850 and 3650 Switchingd2zmdbbm9feqrf.cloudfront.net/2017/usa/pdf/BRKARC-3438.pdf ·...

Documents