© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to communicate with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#BRKCOC-2493
• Current snapshot
• Business Challenges & Industry Trends
• Strategy & architecture
• Technology
• Core
• Branch
• Network Management
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco at a Glance
10,690UCS Servers
76,136Virtual Machines
28.1MW
Data Center
Capacity
85PBOverall Usable
Storage
72,354Employees
434Offices
94Countries
6,243Routers
8,415LAN Switches
133,361Connected
Stakeholders
192,770Connected
User Devices
100
Services
SJC
45%RTP
14%
AM Other
6%
EU/EM 7%
India
21%
AP Other
7%
Global
Distribution
of IT Staff
7.6 Billion
DNS Requests
per day
Data as of January 2018
BRKCOC-2493 5
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
28 BillionNetflows analyzed /day (StealthWatch)
2.5 MillionEmail transactions blocked /day(ESA)
2.0 MillionWeb transactions blocked (WSA)
47 TBInternet Traffic inspected
1.2 TrillionSIEM Events / day across network
7.6 BillionDNS requests / day (Umbrella)
17KFiles analyzed/day (ThreatGrid/AMP)
Scope Agents Results
1232 Devices Deployed
For detection & prevention
295InfoSec Team members
Data Analytics
(4TB/day)
& Security
Services1.85 MPhish emails sent to Cisco employees through PhishPond
(since April 2013)
Phish
5-10% Click Rate• Reduced from 30%,
• Repeat Clickers Reduced
From 12% to 1%
13.4 MillionIntrusion alert/day (NG-IPS)
6.25 MillionDNS requests blocked (Umbrella)
Security
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise Networks
6,243Routers
8,415LAN Switches
30,481Cisco Virtual
Office
932Wide Area
Application (WAE) Engines
403ASA
72Cache Engines
313Call Managers
433MDS
639Wireless LAN
Controllers
101,289Virtual Private
Network
Global Tier 1 Global WAN Backbone
BRKCOC-2493 7
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Network: Total Cost of Ownership
2014-15 Gartner Benchmark (‘15) 2016-2017
Transmission/ Circuits 52% 61% 59%
Hardware depreciation 19% 17% 12%
Headcount (inc managed
services)21% 17% 21%
Software Licensing 1% 3% 6%
Facilities costs 7% 2% 2%
% of Total Costs
BRKCOC-2493 8
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Challenges in managing a large enterprise network
ApplicationAssurance
Cloud Consumption
DisjointedSecurity
SimplifiedOperations
Transport Flexibility &
Segmentation
TimeTo Capability
Challenges
Decouple under/overlay
transport
Controller based operations
Optimised Cloud Connectivity
Automation & Orchestration
Centralised Policy Servers
Data Analytics platforms
BRKCOC-2493 10
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
#1 World of Cloud
• Growth and success of Public cloud has changed WAN traffic patterns
• Large proportion of Cisco employee applications are now served by public cloud SaaS providers
• Challenge in demarcation for network troubleshooting
• End to End network SLA not possible to guarantee for Public Cloud SaaS apps – focus on Quality of Experience
• Very inefficient if left unchanged
Public Cloud
Private Cloud
BRKCOC-2493 11
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
#2 Cost of Internet versus WAN
Data from Telegeography – monthly costs DIA: Direct Internet Access (not asymmetric Broadband)
BRKCOC-2493 12
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
#3 Programmable infrastructure
1day? 1hour? near real time?
ProgrammaticScripting/ProgrammableCLI Telemetry
Over 20,000 Network devices in Cisco IT Network!
BRKCOC-2493 13
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
#4: Network Function Virtualisation
Physical Appliances Virtual + Physical Appliances
• Specific Applications that require speed & reliability >> ASIC/TCAM
• Generalised Applications that require an agile & flexible platform>> X86
BRKCOC-2493 14
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15BRKCOC-2493
#5: Segmented Overlay Networks
Overlay Control Plane
Underlay Control PlaneUnderlay Network
Hosts
(End-Points)
Edge DeviceEdge Device
Overlay Network
Encapsulation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17BRKCOC-2493
What is digitisation?
digitised systemAnalytics & Data Insights
Controllers & Orchestrators
Smart Networked Resources
People & Outcomes
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18BRKCOC-2493
Intent Based Network System
Intent Based Network System
Analytics & Data Insights
Controllers & Orchestrators
Business Intent
Virtualised Network Infrastructure
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco IT: DNA Architecture
Global
Backbone
Home &
Remote
Partners &
Aquistions
Branch
Office
VirtualisedNetwork Infrastructure
Network Programmability & Overlay Networking
Automation &
OrchestrationData
Analytics
Service
Management
Abstraction
Layer
Data:Security Threats
PerformanceBusiness
Cloud Automation Partners
Intent Driven
Network
Network
Services
Fast ServiceDelivery
Faster Innovation
Simplicity/Experience
Quality & Assurance
Trust, SecurityAccountability
IT
Outcomes
Speed & Agility(Mode 2)
Performance & Reliability(Mode 1)
Private DC /
Public Cloud
Service Contracts
Exposed APIs/ Dashboard
Underlay Connectivity
WAN/LAN/Internet
BRKCOC-2493 19
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtual
WAN
Service
Control
Physical
Platform
LAN
Analytics
Assurance, Capacity
Performance, Reliability
Programming of
Infrastructure
Cisco IT DNA solution framework
On Prem
Network
Infrastructure
Outcome
Core/Cloud
based
Service
Feedback Control Loop
Enterprise Fabric (SDA) SD WAN (Viptela)
Routing (ISR) Switching(9k) Wireless(TBD) VNF NFV-IS UCS
Programmable Network Operating System (IOS-XE 16.x) NETCONF/YANG/REST
DNA-C NSO
Resource
Management
3rd PartyWireless
Assurance
Stealth
watch
Fast Service Delivery
Faster Innovation
Simplicity/Experience
Quality & Assurance
Trust, SecurityAccountability
Performance
Management
Cost/expense
Management
New Business
ModelsSecurity
Management
ISE
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Solution Development Life CycleAccelerating the speed at which we experiment in IT
pass
0-1% 3-4% 90%
Feedback Feedback Feedback Feedback
pass pass pass
ETE/ISV(Alpha)
Solutions Verification Lab (SVL)
Pilot(Beta)
Limited Deployment
General Deployment
Initial standalone product/solution
test
HW Integration/ SW regression
testing
Beta test with limited production
users
Small scale limited production
deployment
Full scale production
deployment
Retire
Small Teams
= small, agile teamsBRKCOC-2493 21
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Faster experimentation & whilst managing risk
SSID: Cisco
• PoC: Dev Environment
• Feedback not cases
• Incentivise users to join
• Failure scenario
• Agile development through release planning
• Downsides?
Production Network
SDA Fabric
SSID: Cisco-Beta
DNA-C/ISE
PoC Network
BRKCOC-2493 22
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Global Enterprise Network
Cisco Cloudport hubs
Internet
Cloud Defence Layer
CanadaNorth
America
South
AmericaEuropeAfrica
Middle
EastChinaIndia
Australia
& NZRest of
AsiaJapanUK & I
1000+ Regional WAN Networks (Production & Partner)
24BRKCOC-2493
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
DC
Internet Cisco Cloud
Interconnect
Direct
Peering
Private
WAN
Cloudport: Strategically positioned global
Internet Carrier Neutral Facilities allowing
optimal access to Cloud Providers
Acquisitions &
Biz Partners
(consumers)
Internet
Applications
Business
Applications
(suppliers)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26BRKCOC-2493
Carrier Neutral Facilities
‘a facility which allows interconnection between multiple telecommunication carriers and/or colocation providers. Network neutral data centres exist all over the world and vary in size and power’
Benefits:
• Access to some of the largest Cloud Providers
• Carrier Neutral encourages Competition leading to better pricing & services
• Simpler to switch between suppliers
• Time to connectivity is Fast
CNF Partners:
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Partners
Cloudport building blocks
DMZ Backbone
DMZ DC
DMZ DC
DMZaaS
Edge (ISP,IXP)
DC
Media/SIP
Regional WAN
Customers
Partners
Acquisitions
Cloud SaaS
Employees
Home VPNMobile
VPN
CCIGlobal DMZ Backbone
Global Corporate Backbone
Cloudport
DMZ Backbone
Corp Backbone
BRKCOC-2493 27
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloudport building blocks
DMZ Backbone
DMZ DC
DMZ DC
Public Edge
(Internet)
DC
Customers PartnersSuppliers Cloud SaaS Employees
Global DMZ Underlay
Global Corporate Underlay
Cloudport
Cisco Cloud Interconnect (CCI)
Think of consumers as any entity that needs to initiate access to inside Cisco –Branch Offices, Partners, Home users, Customers etc
Private Edge
(Telecom)
Segmented secure overlay connections
A B
CService Insertion
DMZ Backbone
Corp Backbone
BRKCOC-2493 28
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Direct Connect from AWS via the Cloud Exchange
VLAN Y
VLAN X
Virtual private cloud 1
Virtual private cloud 2
Virtual private cloud N
…
Public endpoints
Region
Private VIF 1
VLAN Z
VLAN N
Cisco CSR or
AWS Direct
Connect router
Cisco Cloud
Interconnect
(CCI)
Equinix Cloud Exchange
Pass Multiple VPC Connections on Individual Virtual Circuits
BRKCOC-2493 29
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Defense System
To Internet
Trusted
Cloud/
Supplier
Global
Corporate
Network
From
Cisco
Customers
Regional
DC
DMZ DCGlobal DMZ
Network
1st line of defense: Internet Edge
Access-Control, IP Bogons, BGP Black
hole, Netflow
2nd line of defense: DDoS Detect/Mitigation
Arbor Treat Detection/Mitigation (DDOS), NAM
3rd line of defense: Deep Packet Inspection
Passive IDS, Passive DNS, DPI, Malware, Tap …
4rd line of defense: EnforcementPrevention
Firewall (Access-Control & Inspection) Web
Security Appliance (Transparent Cache) Network
Address Translation, BGP Blackhole
Internet Edge
DDoSDetect/Mitigate
DMZ Backbone Taps
Prevention Systems
Corporate FW
Cloud Interconnect FW
DMZ DC to DC FW
Application FW
Cisco Cloud Interconnect
BRKCOC-2493 30
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multicloud Ready Backbone
IBGP Cluster
IBGP Cluster
IBGP Cluster
IBGP Cluster
Regional WAN:
Asia PacificRegional WAN:
EMEAR
Cloud Ready Backbone
Regional WAN:
Americas
31BRKCOC-2493
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
ISP ISP ISP ISP ISP ISP
Cisco
AS109
0/0
DMZ
DC
DC
Americas EMEAR APJC
10.10.x.x /16
144.254.0.0/24
Community: US
AS Prependx2
144.254.0.0/24
Community: US
AS Prepend x4
144.254.0.0/24
Community: US
AS Prepend x1
144.254.0.0/24
Community: US
196.43.145.0/24: AS1
196.43.145.0/24
Local Pref:200
196.43.145.0/24
Local Pref:150196.43.145.0/24
Local Pref: 100
Cloud App
0/0 0/0
10.20.x.x /16 10.30.x.x /16
iBGP mesh
Inside the Cloud Ready Backbone
32BRKCOC-2493
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33BRKCOC-2493
Direct Peering to Cloud SaaS providers
AS4
AS1
AS2
AS3
ISP GW
Internal ProdNetwork
AS4
ISP GW
AS1
AS2
AS3
IXP
Backup paths Primary Paths
Internal ProdNetwork
Carrier Neutral Facility
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34BRKCOC-2493
San Jose Texas RTP London Amsterdam Singapore Tokyo Sydney
Akamai
Box.net
Hurricane Electric
Microsoft
Apple
Akamai
Netflix
Apple
Microsoft
Charter
Akamai
Salesforce
Microsoft
Apple
Charter
< In Progress > Google
Akamai
Microsoft
OVH
Panther
Akamai
Apple
GTC
Amazon
Edgecast
LimeLight
…
Akamai
Microsoft
Apple
Amazon
All IXC routes
(I,e, Google, Akamai
MS etc)
Cloudport hubs
Cisco Global Defense Layer
Internet
Cloud Services
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Monitoring
C l o u d D e f e n s e S ys t e m
Internet
San Jose Texas Raleigh London Amsterdam Bangalore Singapore Hong Kong Tokyo Sydney
Latency
Packet Loss
JitterSL
A fo
r S
aa
S A
pp
Internet
CustomersCloud
Partners EmployeesCloud XaaS
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enabling agile connections
Cloud
Consumers(Employees,
Acquisitions,
Partners)
Network + Security Services
Public Cloud Suppliers
Cloudport
Network
Fabric
Secure Connections
Private
Cloud(ACI &
Traditional
DC)
ACI
ACI
DC
Device Manager
Service Manager
NETCONF REST CLI WebUI SNMP JAVA/JavaScript
Network Element Driver (NED) NED NED NED
Device Models
Service Models
CDBFASTMAP
Mapping Logic
Templates
Core Engine
Package Manager
Script API
Alarm Manager
Developer API
Notification Receiver ...
NETCONF REST CLI OpenFlow etc.
Au
tom
ate
&
Orc
he
str
ate
Fu
nctio
n
Vir
tua
lisa
tio
n
Cisco Secure Agile Exchange
Se
rvic
e P
ort
al
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Regional Branch Network
Cisco Cloudport
Internet
Cloud Defence Layer
CanadaNorth
America
South
AmericaEuropeAfrica
Middle
EastChinaIndia
Australia
& NZRest of
AsiaJapanUK & I
1000+ Regional WAN Networks (Production & Partner)
WAN via Cloudport(MPLS L2VPN)
Direct Cloud via local Internet access
38BRKCOC-2493
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Target solution: Cisco IT Branch Office Solution
• Secure SD WAN (Viptela / IOS-XE)
• Network Compute Platform (ENCS)
• Direct Internet for SaaS (Viptela Cloud Express)
• Application assurance (Thousand Eyes/Viptela)
SD WAN
• LAN Fabric (DNA-C/VXLAN/LISP/9K)
• Policy based segmentation (ISE + SGT)
• Wireless assurance (AP)
• Business performance WiFi (3800AP/5Ghz)
SD Access
• Cloud/Centralised Control & Management (DNA-C)
• Cloud/Centralised Data Analytics (DNA-C)
• Cloud/Centralised Security Policy Management (ISE)
• Direct Internet / WAN Bandwidth on Demand (SP)
Cloud
Ready
NOTE: Not actual topology. Only for Illustration of technology options
Cloud Services
MPLS
Cloudport/HQ
DMVPN over Internet
Secure Direct Internet Access
DMVPN over MPLS
Internet Access
Stacked 3850
MPLS Internet
Modular 4500
3850
3700+WSM+HALO
3700+WSM+HALO
4451
Controller & Orchestrtion Platform
4451
Co
ntr
ol &
Ma
na
ge
me
nt
Analytics Platform
Ins
igh
ts &
An
aly
tics
Policy / SLA
Modular
9400/9500Stacked
9300
LAN Fabric
9300
APAP
ENCS
Path 1Path 2Path 3
DNA-CDNA-C
ISE
WAN Fabric
BRKCOC-2493 39
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Access &
Local ServicesOOB
Gig-E Gig-E Gig-E Gig-E Gig-E Gig-E Gig/Fast-E Fast-E Fast-E
PSTNOOB
100%100% 100%100% 100% 25% 100% 25% 100%
What Min Bandwidth
to order*
ba
cku
p
ba
cku
p
50%50% 50%50% 80% 80% 60%When to alert for
upgrade✝
2A+
HC: 1001/
Business Critical
Higher cost, Higher SLA
Engineered for Resiliency & Performance
Lower cost, Lower SLA
Engineered for Cost
* Based on total site demand as define by the BW Calculator; ✝ sustained utilisation for at least 10% of business hours
2A
HC: 301-
1000
2Bi
HC: 26-300
or >80Mb/s
2C+
HC: 26-300
or >40Mb/s
2Ci
HC: 2-25
or >ANY Mb/s
Target: WAN Service CatalogueUnderlay network
Initial HC Index &
Bandwidth
requirement criteria
P2P Technology
MPLS (L2VPN)
Internet
Cisco Hub
Manage risk/reward by setting SLA expectation
Load balancing optional WAN: Load balanced WAN: Not load balanced WAN: Not load balancedWAN:
SP1:P2P SP2: L2VPN L2VPN L2VPN L2VPN L2VPN L2VPN Internet L2VPN
SIP SIP SIP SIP SIP
Cisco Office
Voice (PSTN/SIP)
MPLS (L2VPN) (backup)
Internet (backup/active
SDWAN Future
DIA/4G)
Modular
Services
Offered over
LAN Fabric
Events Acquisition IoTGuest
NetworkLab’s
Customer
Demo’s
Smart
Building
Direct
InternetDirect
Internet
Direct
Internet
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
C5 C4 C3 C2 C1
0-25 2C 2C 2C+ 2C+ 2B
26-100 2C 2C+ 2C+ 2B 2A
101-300 2C+ 2B 2B 2B 2A
301-1000 2C+ 2B 2B 2A 2A+
1000 + 2B 2A 2A 2A+ 2A+
Step 1: Define Topology
Solutions
Site Criticality Index
Supply Chain
Contact Centre
EBC/CBC
Engineering Lab
Customer Lab
Employee
Data Centre
C1 C2 C3 C4 C5
Supply Chain
Contact Centre
EBC/CBC
Engineering Lab
Customer Lab
Employee
Contact Centre
EBC/CBC
Engineering Lab
Customer Lab
Employee
EBC/CBC
Engineering Lab
Customer Lab
Employee
Engineering Lab
Customer Lab
Employee
Site Criticality Index
Site
Fu
nctio
n
Topology selection
2C
2C+
2B
2A
2A+
Single Circuit (Internet)
Dual Circuit (Internet + Internet)
Dual Circuit (MPLS + Limited MPLS)
Dual Circuit (MPLS + MPLS)
Dual Circuit (MPLS + Private Line)
$$
$$$
$$$$
$$$$$
$$$$$$
Circuit Resiliency Cost
WAN Service Catalogue
2D Open Internet (AnyConnect) $
Step 2: Understand Site
criticality
Step 3: Understand scale of
users/devices
Headcount
Technology driven solutions ranging from
highly resilient to low cost
Talk to the business, gain better understanding of site functions and then
classify them.
What is the scale of users or devices connecting to
that sites network?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco SD-WAN using Viptela
Data Center Campus Branch Home Office
Control Plane (Containers or VMs)
Data Plane(Physical or Virtual)
Management Plane(Multi-tenant or Dedicated)
Orchestration Plane
vManage
vSmartvBond
vEdge
vOrchestrator
API
4GINTERNET MPLS
CONTROL
ANALYTICSORCHESTRATION
MANAGEMENT
vOrchestrator
BRKCOC-2493 42
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Viptela Confidential14
Technology Use Cases – M&A, Line-of-business separation, Partner networkSegmentation & Multi-Topology
MPLS
• Independent and isolated virtual topologies operating at the same time
Internet
Virtual Fabric
User Traffic
Video Traffic
Viptela vEdge
Data Center
VPN1
VPN2
VPN1
VPN2
VideoVideo
User
User
Site A
Site B
Viptela Confidential12
Fully Managed WAN With Centralized Control
WAN
NAC & MDMDC
CoLo
Enterprise NOC & Access Control
Data Center
CoLo & DMZ
Public Cloud & Network Services
Branch routing & switching
Unified Communications
Enterprise Wireless
WAN Opt & caching
Use Cases & DeploymentsSupporting a diverse set of topologies and architectures @ scale
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Function Virtualisation
IOS
ASIC
IOS
ASIC
IOS
ASIC
IOS
ASIC
NFV-IS
Controller
x86 HW
NFV-IS
x86 HW
3rd
Box1 Box2 Box3 Box4
Box5 Box6
Box1 Box2
• Software defined network platform
• Deploy Network Functions at will
• Reduced real-estate/minimise site visits
BRKCOC-2493 45
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Compute Platform: ENCS 5400 Series
6, 8, or 12-Core
Intel Xeon-D
16 - 64 GB
DRAM
8 Integrated LAN Ports
with Optional POE
Network Interface Module
for LTE & legacy WAN
Dedicated Board
Management Controller
2 HDD, SSD or
SAS
RAID 0 & 1
Internal
M.2 Storage
USB 3.0
Storage
2 Onboard Gigabit
Ethernet ports
with SFP
Integrated
Power Supply
Optional Hardware
Crypto Module
Hardware Acceleration for
VM Traffic
BRKCOC-2493 46
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NFV Migration strategy
Gradual & phased migration
Current Interim Target
Benefits
• Less hardware Infrastructure
• Fast & Agile service delivery
• Improved performance for Fog
compute applications
BRKCOC-2493 47
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
APIC-EM
ISE NDP
Control Plane Nodes – Map System that manages Endpoint to Device relationships
Fabric Edge Nodes – A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SDA Fabric
Identity Services – External ID System(s) (e.g. ISE) are leveraged for dynamic Endpoint to Group mapping and Policy definition
Fabric Border Nodes – A Fabric device (e.g. Core) that connects External L3 network(s) to the SDA Fabric
Identity
Services
Intermediate
Nodes (Underlay)
Fabric Border
Nodes
Fabric Edge
Nodes
DNA Controller – Enterprise SDN Controller (e.g. DNA Center) provides GUI management and abstraction via Apps that share context
DNA
Controller
Analytics Engine – External Data Collector(s) (e.g. NDP) are leveraged to analyze Endpoint to App flows and monitor fabric status
Analytics
Engine
CControl Plane
Nodes
B
What is SD-Access?Fabric Roles & Terminology
48BRKCOC-2493
B
Fabric Wireless Controller – A Fabric device (WLC) that connects Wireless Endpoints to the SDA Fabric
Fabric Wireless
Controller
Campus
Fabric
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Segmented Overlay networks
Site1 Site2 Site3S
ite
lo
cal o
ve
rlay
WAN
Fab
ric w
ide o
ve
rlay
Underlay FabricControl Plane & Mapping Server
Overlay Data Plane: VXLAN
Control Plane: LISP
BRKCOC-2493 49
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Fabric wide virtual networks
VN Fabric wide virtual network
0 Guest Users + Devices
9 IOT Employee User Devices
8 LAB / Demo devices
7 Partner Devices
6 Employee Devices
5 Alphas
4 Shared community devices
3 WPR/Building devices
2 Datacenter
1 IT Infrastructure devices
InfraManagement
Building Controls
Media Services
CorporateServices
Internet
Lab Networks
Extranet Partners
IoT
BRKCOC-2493 50
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What benefits do we see?
51© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
1. Control-Plane based on LISP
2. Data-Plane based on VXLAN
3. Policy-Plane based on TrustSec
What is unique about Campus Fabric?Key Components
Key Differences
• L2 + L3 Overlay -vs- L2 or L3 Only
• Host Mobility with Anycast Gateway
• Adds VRF + SGT into Data-Plane
• Virtual Tunnel Endpoints (No Static)
• No Topology Limitations (Basic IP)
BRKACI-2400 12
Central Control & assurance
Programmability & Automation
Enhanced Threat Analytics
Host mobility & Segmentation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
21% 18% 23% 17%
78% 82% 77% 82%
BLDK RTP7/8/9 TKY7 STLD1
LAPTOP CONNECTION PREFERENCE
Wired Wireless
• Target 80% desktop environment to go wireless only
• Meeting rooms still retain wired connections
• Doubled the density of AP’s across floor
• Moving clients to 5GHz Spectrum – less interference / more bandwidth
• Desktop Video & IP Phones running on Wireless
• Enhanced RF site surveys & continuous RF airspace monitoring
• Enabled for Apple Fastlane (prioritisation and enhanced client mobility)
• Switching infrastructure transitions to Digital Ceiling
Access Evolution: Wireless as primary access
BRKCOC-2493 52
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Access Evolution ProposalCurrent
Floor
Distribution
(FD)
Proposed
Desk area APR TPFree standing
enclosure
increased
desk spaceReduced
cable runs
Increase number of
AP on 5Ghz only
Deploy in-ceiling
Cisco switches Wireless Printers
APR’s and Meeting rooms to
retain wired connectivity
DC
Wireless IP Phone Wired Security Camera
& Badge ReadersDC
FD
Wired Emergency
Phones
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Evolve Floor Distribution + Switch density
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Floor port: Reduced
• Cable run: Reduced
• Switchport: Reduced
• Distribution frame: Reduced
• Switch real-estate: Reduced
• Rack real-estate: Reduced
• Power + Cooling: Reduced
• UPS: Reduced
• Comms room real-estate: Reduced
Business case considerations
• Wireless Infrastructure (AP’s + WLC)
• Wireless Monitoring: Investment required
• Wireless IP Phones: Investment required
• Increased initial support
• New Floor + Network design
• Training: Wireless troubleshooting
• Wireless printers/security cameras?
• Rigorous Wireless certification testing on most
popular devices
Target sites: Greenfield & Retrofit sites
Saving’s Opportunity Investment Required:
BRKCOC-2493 55
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Programmable Platform (IOS 16.x)
Automation Manager Deployment model
DNA-C/
NSO
Home &
Remote
25000
PartnersBranch
400-500
Network Infrastructure
DC
28
Network Connectivity
WAN/Internet/Cloud
APIC
Automation
Workflow
Controller Platform
Prescriptive
WorkflowDevelopment Platform
Feature 1 Feature 2 Feature 3 Feature 4
Core
20
Network Feature
NSODNA-C/
NSONSO
• Prescriptive Workflow: target DNA-C
• Bespoke Workflow: target NSO
• Controllers segmented based on network function
• Home & Extranet environment based on mix of scripted and bespoke operation
• Controllers extend beyond network infrastructure: (Unified Comms/Telecom etc)
BRKCOC-2493 57
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Controller & Automation platform
ISE DNA-C NSO
Developer Platform Production Platform
ISE DNA-C NSO
58BRKCOC-2493
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Automation & Orchestration
1. Define what the service is
2. What are the infrastructure elements/devices that need to be changed as
part of this service
An example is Basic Wireless Service:
Wireless Service
Gateway Configuration WLC Configuration Switch Configuration Other / 3rd Party
Infrastructure Devices
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Automation & Orchestration (NSO)
Connect LAN Spin VM Spin NFV Connect WAN
Automation & Orchestration Controller
Services
Services (described as YANG Data Models)Intent Driven Services
Devices/Infra
Switching ComputeNFV based virtual office
3rD Party
e.g. Create partner or cloud connection
e.g. N7K, ASR, Compute, API’s etc
Translation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Service Model
Service Instance 1
Device 1 Device 2
Service Instance 2
Device 3 Device 4
NSO Service Manager & Models
NSO Manages Network Services through the Service Model Construct:
Service Instance 1: Prioritise all Sales Applications for 2 weeks prior to quarter end
Service Instance 2: Enable network to optimise traffic flow to Cloud based Video service for company meeting
EXAMPLE USE CASE’s
BRKCOC-2493 61
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Digital journey
FY17 FY18-19 FY19+
: Secure programmable network infrastructure & services
Cloud or On-prem controllers for infra management
Virtualised Infrastructure & Transport
Transition to self driving intent based networks
Control
Software defined
Intent Based Networking
Foundational
Actionable insights from Security, Business, NetworkAnalytics
BRKCOC-2493 62
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63BRKCOC-2493
Come talk to our Cisco IT Experts!
CollaborationAppDynamics
ACI & TA
NSOvBranch
World of Solutions
Cisco on Cisco will have 5 demo booths placed around the Cisco Campus showcasing how Cisco IT designs, deploys, and manages our own solutions. Through these IT success stories you’ll see how Cisco solutions are driving transformational business benefits.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to communicate with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#BRKCOC-2493
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Please complete your Online Session Evaluations after each session
• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt
• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.
Complete Your Online Session Evaluation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
66BRKCOC-2493