Customer Data Center€¢Sensor generates telemetry based on the data-plane traffic •Horizontally...

Customer Data Center Insights using Tetration

Robert Bukofser, Solution Architect

BRKACI-2509

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKACI-2509

• Introduction

• Accessing Tetration Data

• Data at our Fingertips

• Use Cases - Application Upgrades and Migrations

• Use Cases – Security

• Use Cases – Exploratory Analysis

• Conclusion

Agenda

• Flow Analysis

• Tetration Overview

• Sensors

• Data Flow

• Data Access

• Data Security

Introduction

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

Mobile Devices in 2014

BRKACI-2509

Introduction

IoT Devices in 2018 Iot Devices in 2020

Source: https://www.gsmaintelligence.com/ Source: https://www.gartner.com/newsroom/id/3598917

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7BRKACI-2509

Cisco TetrationArchitecture overview

Software sensor and

enforcement

Embedded network

sensors(telemetry only)

ERSPAN sensors(telemetry only)

Analytics engine

Web GUI REST API Event notification Cisco Tetration apps

Third-party

sources(configuration data)

Data collection layer

Access mechanism

Bring your own

data(streaming telemetry)


Cisco Tetration Data Sources

Main features

Low CPU overhead (SLA enforced)

Low network overhead

New: Enforcement point (software agents)

Highly secure (code signed and authenticated)

Every flow (no sampling) and no payload

*Note: No per-packet telemetry; not an enforcement point

Software sensors

Universal*(basic sensor for other OS)

Linux servers(virtual machine and bare metal)

Windows servers(virtual machines and bare metal)

Windows Desktop VM(virtual desktop infrastructure only)

Cisco Nexus 9300 EX

Cisco Nexus 9300 FX

Network sensors

Next-generation Cisco Nexus® Series Switches

Third-party sources

Asset tagging

Load balancers

IP address

management

CMDB

…

Third-party data sourcesAvailable today

BRKACI-2509 8

ERSPAN


Cisco Tetration Telemetry: ERSPAN Option

• Dedicated virtual machines on each host with 4 software sensors in each virtual machine

• Each sensor binds to a separate vNIC

• ERSPAN terminates on the virtual machine vNIC

• Each sensor terminates one ERSPAN session

• Sensor generates telemetry based on the data-plane traffic

• Horizontally scalable

Layer 3 connection

ERSPAN

Layer 3 switch

Expanded telemetry

collection option

• Augment telemetry from

other parts of the network

• Useful when software

sensor or hardware sensor

is not feasible

Cisco Tetration

telemetry

Cisco Tetration™

platform

Production

network

Production

network

BRKACI-2509 9


Introduction

• Concepts

• Pipeline – Fed by collectors moves/copies data to the appropriate places

• Serving Layer – An Optimized store of flow data for rapid UI queries

• Data Lake - Storage of all data flows, configuration and statistics

10BRKACI-2509

Collectors Pipeline

Serving

Layer

Data Lake

User Interface

OpenAPI

Data Platform

Sensors

Cisco Tetration™

platform


Rest API

• Cisco Tetration

flow search

• Sensor management

Push notification

• Out-of-the-box events

• User-defined events

Cisco Tetration

applications

• Access to data lake

• Write your

own application

Cisco Tetration Analytics: Open API

Northbound

application

Programmatic interface

Rest API

Kafka

broker

Northbound

consumers

Northbound

consumers

Message publish

Cisco

Tetration

Analytics™

platform

Kafka

Cisco Tetration™

applications

BRKACI-2509 11


Role Based Access Control via Scopes

Roles Users

Users

Assigned to roles

Scopes

Used to group together

assets and/or endpoints

Roles

Define access to

scopes; set of

capabilities

Scopes

Scopes, Roles and Users

• OpenAPI

• DataPlatform

Accessing Tetration Data


OpenAPI

Representational state transfer(REST) or RESTful web services are a way of providing interoperability between computer systems on the Internet. REST-compliant Web services allow requesting systems to access and manipulate textual representations of Web resources using a uniform and predefined set of stateless operations

Via: https://en.wikipedia.org/wiki/Representational_state_transfer

BRKACI-2509 14

https://en.wikipedia.org/wiki/Web_service

https://en.wikipedia.org/wiki/Internet

https://en.wikipedia.org/wiki/Web_resource

https://en.wikipedia.org/wiki/Stateless_protocol



• REST interface via https

• Role Based Access Control based self generated keys

• Keys and hash required for each transaction

• Queries current data

• Leverages same underlying components as the User Interface

OpenAPI


Data Platform

The Tetration Data Platform allows code to be created and run on the Tetration Appliance. Users can interact with large datasets and harness the power of the analytics appliance without having to migrate the data to an additional platform.

16BRKACI-2509



• Security

• Role Based Access Control• Data Platform Access

• Data via Scope

• Documentation

• User Guide

• App Options

• Samples

Data Platform User Applications


Tetration

Analytics

User Data

Data Platform

18BRKACI-2509

Accessing Tetration DataData Platform User Applications

Kafka

OpenAPIData

Lake Dashboard

http://jupyter.org/index.html

• Flows

• Software Agents

• Annotation

• Scopes

• Other

Data via OpenAPI


OpenAPI Endpoints

Scope

Applications

User Defined

Annotations

VRFsSwitches

Collection

RulesInventory

Filters

Software

Agents

Enforcement

Roles Users

Inventory

Flow

Configuration

Flow referenced

Flow record

Legend


Data at our fingertips

• Requires

• API Key

• Scope

• Timestamp

• Flow observations are aggregated on a 1 minute interval

• Queries can be for any day

• Individual records contain flow information

Open API - Flows

• Information Availability

• Most recent from pipeline

• Same as Web UI

• Filterable

• Time

• Dimension

• Aggregates such as:

• Raw

• TopN

• count


Flow Fields v 2.2.x

• dst_address

• dst_hostname

• dst_port

• dst_scope_name

• fwd_bytes

• fwd_pkts

• Proto

• rev_bytes

• srtt_usec

• start_timestamp

• Timestamp

• total_network_latency_usec

• total_perceived_latency_usec

• vrf_id

• vrf_name

• 40+ more…

• rev_pkts

• server_app_latency_usec

• server_stack_latency_usec

• src_address

• src_hostname

• src_port

• src_scope_name

• srtt_available

iFor

Reference



• Requires API Key

• Restrictions

• Actions

• List Software Agents

• Get a Software Agent

• Creating Configuration Intents

• Order Intents

• Apply / Alter Intent Configuration

Open API – Software Agent

• Contains Software Agent

• OS version

• Configuration

• Agent Status

• Interfaces

• Netmasks



• Restrictions


• Obtains a CSV list of all the application tags for the Tetration system.

• Actions

• Add/Delete/Update specific tags

• Query the annotated facets

• Flush all annotations

Open API - Annotations

IP VRF Department

10.10.127.15 PCI Finance

10.10.192.3 Default HR

10.10.172.215 Default IT

10.10.127.15 PCI Finance

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2509


• Restrictions


• Obtains the attributes of all Scopes

• Actions:

• List

• Get

• Create

• Update

• Delete

• Commit

OpenAPI - Scopes Field Example

filter_type AppScope

id 5a06be0b755f023888

1fbe9a

name Tetration

query "type": "eq",

"field": "vrf_id",

"value": 676767

vrf_id 676767

parent_app_scope_id

child_app_scope_ids 5a0e0a47755f025afc8

eda27

25



• Roles

• Users

• Inventory Filters

• Inventory

• Applications

• Create/Update/Delete

• Enforce/Disable

OpenAPI - Other

• Enforcement

• Switches

• Collection Rules

• VRFs

• Orchestrators

• Flows

• Shallow Flows

• Machine Info

• Inventory

Data Lake via Data Platform



• Longer duration

• Up to last complete hour

Data Platform - Flows



• Includes Universal sensors

• Aggregated rows on

• ephemeral port

• start_timestamp

Data Platform - Shallow Flows



• Operating System information

• Transmit aggregates

• Receive aggregates

Data Platform - Machine Info

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKACI-2509


• Each Interface

• Transmit aggregates

• Receive aggregates

• User Annotations

• VRF

• Scope

• Application Policy Groups

Data Platform - Inventory

31


Use Case: Locate rouge integrations via Data Platform

• A customer was undergoing an application upgrade core to the business. This application was leveraged by multiple departments, and the upgrade included schema changes that would/could effect any integrations or automatic reports that were generated off of the databases.

• The customer generated a list of all the database clients and found two that were department controlled servers leveraging this infrastructure. This was not previously known to the IT team.


Use Case: Data Platform and Kafka Broker

• A customer was looking to monitor the SRTT and assure that all transactions were completed in a defined interval

• The User applications on Data platform they could custom define what was being monitored how often and what the thresholds were.

• With the Data Tap they were notified via Kafka to their event management system

Understand Upgrade Latency Impacts


Use Case: Security

• How can I keep my User & Role based access control in sync with on-boarding processes?

• What rules are getting used? Is the order efficient?

• Did the last firewall rule change effect latency on any application? Which one?


Use Case: Reporting via OpenAPI

35BRKACI-2509


Use Case: Visualizations via OpenAPI


Use Case: Visualizations via OpenAPI (continued)



• Where are my configurations different?

• Are there single points of failure

• redundancy is configured is everyone using it




Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKACI-2509


• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.

Complete Your Online Session Evaluation

http://ciscolive.com/Online

http://www.ciscolive.com/global/on-demand-library/


Related Sessions to Continue Your Education

43BRKACI-2509

Session id Description

LTRACI-2184 Tetration Hands-on Lab from Deployment to Operational Support

PSOACI-4591 Tetration overview

BRKACI-2040 Tetration Analytics – Network Analytics & Machine Learning

Enhancing Data Center Security Operations

TECDCT-1757 Technical Seminar for Tetration Analytics

DEVNET-1722 Exploring Tetration APIs

BRKCOC-2006 Inside Cisco IT: ACI & Tetration Analytics

BRKACI-2060 Cisco Tetration: Data Center Analytics Deployment and Use Cases

Wrap up

Thank you

Date post:	10-Jul-2018
Category:	Documents
Upload:	phamnhan
View:	216 times
Download:	0 times

Customer Data Center€¢Sensor generates telemetry based on the data-plane traffic •Horizontally...

Documents