Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Jerome Henry
jerhenry@cisco.com
June 2016
OpenStack
Fog
Architecture
Cisco
NetFlow
& Big
Data
Analytics
https://learningnetwork.cisco.com/community/archived_events/ccie-community-events
http://mkto.cisco.com/CCIE-Opt-In.html
Automation
Principles
Insights &
Experiences
Analytics
Network Data,
Contextual Insights
Virtualization
Physical & Virtual Infrastructure | App Hosting
Cloud-enabled | Software-delivered
Automation
& Assurance
Security &
Compliance
New!
Enterprise NFV
Branch Service Virtualization
Controlled Availability, March 2016
Network-enabled Applications
Automation
Abstraction & Policy Control
from Core to Edge
Analytics
Network Data,
Contextual Insights
Virtualization
New!
CMX Cloud
Presence Analytics and Connect
Available Now, globally as local laws permit
Cloud-enabled | Software-delivered
Automation
Controller-Led
Networking Deployment
Source
De-coupling of
User Identity and Topology
Production Servers
Development Servers
Internet Access
Employee
(managed asset)
PERMIT
DENY
PERMIT
Employee
(Registered BYOD)
PERMIT
DENY
PERMIT
Employee
(Unknown BYOD)
DENY
DENY
PERMIT
DENY
PERMIT
PERMIT
Configuration
Protected Assets
Traditional
Controller-based Automation
Policy
Policy
Traditional
Traditional
Policy
Controller-Led Networking
Bridging the Gap to Increased Success in Network Deployment and Use
Any given custom
configuration has a very
high probability of not being
tested exactly as deployed
individuallyas a one
off which introduces
potential issues
The automated configuration deployed by the controller will have gone through
Automation
Controller-Led Networking Deployment
Bugs
Trust
Risk
Uncertainty
Problems
Combinatorial Issues
Greatly increased
probability of success
Analytics
Network Data, Contextual Insights
Run Reports
Deliver relevant content
Applications
Network
Analytics
Endpoints
Automated Deployment
Embracing Tools
tcollector
Devops
Orchestration
Automation
Monitoring/
Analytics
Hardware is specialized
SW is tailored for specialized
HW and functions
Each device, each function is
configured individually (and
manually)
Yesterday
Controller
Virtualized
Service
Virtualized
Service
Virtualized
Service
Virtualization
brn
br1
Int-n
Int-1
OS
Tomorrow
DNA Under-the-Hood
Cisco ONE
Foundation
New!
79%
Order
Controller-Based
Management
Plug in and
Cloud Provision
Eliminates
Staging
Truck Roll
Lower
deployment
costs
2. Discovery
3. Secure Deployment
Device Authentication
DHCP
EM
Admin
Server
OR
Download Image
and Configure
DNS
EM
Server
PnP-Agent PnP-Agent
Installer
1. Discovery
2. Un-claimed Devices
3. Secure Deployment
Device Authentication
DHCP
Server
OR
DNS
Download Image
and Configure
EM
Server
EM
PnP-Agent PnP-Agent
Installer
Admin
1. Pre-provisioning
Step 1a: Create Site
Step 1a. The network
admin creates a site for
any new deployment on
the Cisco APIC-EM
PnP app
1. Pre-provisioning
Step 1b: Upload IOS Image File
1. Pre-provisioning
Step 1c: Upload Configuration File
Configurations tab allows to
upload/manage the
configurations for
the devices.
`
All available configurations,
previous uploads, and new
uploads will be listed here.
1. Pre-provisioning
Step 1d: Create device entry
Step 1d.
Name of device
Device type
Serial Number
of device
3. Device Deployment
Step3a: DHCP based server discovery
DHCP Server
PnP Server
Switch running
PnP Agent
Remote Installer
Mount and cable devices
Power on
3. Device Deployment
Step3a: Optional - DNS based server discovery
DNS Server
PnP Server
Remote Installer
Mount and cable devices
Power on
3. Device Deployment
Step3b: Monitor device installation
Step 3b. Verify installation
of devices
Click on Details to see full
workflow details in APIC-EM
`
Once devices get config, image,
and certificates, the APIC-EM will
show the device as provisioned.
BRANCH
Public
Cloud
Day 0
Day 1
Day 2
Plug-and-Play App
EM
STATIC QoS
DYNAMIC
QoS
calls APIC-EM
2. CUCM
to setup Policy
REST API
Dynamic QoS in
250 ms
Reduce voice jitter
by 300%
50% improvement
for video traffic
1. Calls End
on network device
REST API
Optimal
Experience
Relevant
These applications directly
support business objectives
Applications should be
classified, marked and
treated marked according to
industry best-practice
recommendations
RFC 4594
Default
Irrelevant
RFC 2474
RFC 3662
EasyQoS GUI
Step 1: Select a Scope for Policy Application
EasyQoS GUI
Step 1: Select a Scope for Policy Application
EasyQoS GUI
Step 2: (Optional) Change Application Business-Relevance
EasyQoS GUI
Step 3: (Optional) Add Custom Applications
Cisco ONE
Adv. Security
General Availability in
Cisco ONE May 2016
Core
WAN
Cloud
Network as a Sensor:
Real-time situational awareness
and rapid threat detection everywhere
Infrastructure-Enforced Policy
Network as an Enforcer:
Software-defined segmentation with
TrustSec for assurance and compliance
The network
Unmatched Threat
Protection
Additional threat context by
revealing what infected hosts
are doing within the network.
Configure Exporter
Where to Send
This is usually IP Address of
StealthWatch FlowCollector
Router(config)# flow
exporter my-exporter
Router(config-flowexporter)# destination
172.27.1.1
What to Send
Traffic flow record can be
Customized to include certain
fields from flow record
Router(config)# flow
record my-record
Router(config-flowrecord)# match ipv4
destination address
Router(config-flowrecord)# match ipv4
source address
Router(config-flowrecord)# collect counter
bytes
Configure Monitor
Apply to Send
Router(config)# flow
monitor my-monitor
Router(config-if)# ip
flow monitor my-monitor
input
View Flows
NaaE (TrustSec)
Device Type: Apple iPAD
User: Mary
Group: Employee
Corporate Asset: No
ISE Profiling
Policy provisioned
automatically on demand
Classification Result:
Company
asset
AP
SGT
Security
Group
Policy
DC Resource
Access
NetFlow
DCHP
DNS
HTTP
OUI
RADIUS
NMAP
SNMP
Wireless LAN
Controller
Restricted
Internet Only
Employee
Distributed
Enforcement
based on
Security
Group
Personal asset
Classify
Propagate
Enforce
Mobility
Mobile traffic will Exceed
wired traffic by 2017
IoT
IoT Devices will
triple by 2020
Analytics
Cloud
Multiple Devices
Difficult to Manage
Costly to Operate
ESA
ESA
ESA
Virtual Router
(ISRv)
Virtual Firewall
(ASAv)
Virtual WAN
Optimization
(vWAAS)
Virtual Wireless
LAN Controller
(vWLC)
UCS C-Series
COTS
Freedom of Choice
Cisco Intelligent Branch
Traditional
Physical Router
Centralized Services
Fixed Integrated Services
Conservative
Cisco ONE
Enterprise NFV
Physical Router
Virtual Services
Virtual Router
Virtual Services
UCS C-Series/COTS
Upgradable H/W
Deterministic Routing Performance
Late Adopter
Access to Ongoing
Innovation
License
Portability
Investment
Protection
Power in Software
NFVIS Software Stack
Plug-n-Play
Server
Console
/SSH
YANG
APICEM/Prime
CLI
NETCONF
REST
Device Web
Portal
NFVIS
Plug-n-Play
Client
Health Monitor
HTTPS
Interface
Drivers
Linux
Platform
Drivers
Orchestration
API
Zero-touch deployment
Automated orchestration of platform and VNFs
Service chaining and licensing
Health monitoring
Dynamic scaling of services
Operational SLA management
Prescriptive or customized
templates
ISRv
ASAv
API
Interface
WAAS
vWLC
Platform
Management
vNAM
NFVIS
3rd
VNFn
Upload Devices to
be shipped
Map to
Branch(s)
App2
Hypervisor
ISR-4K + x86 on
UCS-E
Custom Design a
Profile
App1
Virtual
Switching
UCS x86
Server
Select functions
Associate the
templates & attributes
Pick validated
topologies
7
6
Appn
Cisco ONE
New!
Advanced
Available Now
Data on Storefront
Conversion
Frictionless
Presence
Analytics
Guest Onboarding
Zone-based
location analytics
Connect
Drag-and-drop customizable
portal on demand
CMX Cloud
WLAN Controller
nmsp
https
(10.x)
Connector
(Proxy)
Presence
Analytics Data
CMX Cloud
WLAN Controller
https
Presence
Analytics Data
http://www.cisco.com/go/designzone
Enable
Technology Tracks
Integrate
DevNet membership
Learning Paths
350,000+
DevNet Zone
300+ Network
Partners and Growing
DevNet Express
Structured Training
eLearning
Instructor-Led
Sample Applications
Community and
Pay-for Developer Support
40+
9800+ Developers
Developer
Sandboxes
4400+ Companies
1500+ Solutions
250+ Compatible
Network Solutions
Cisco Professional Services
2500+ Partners Strong
Questions