Sei sulla pagina 1di 118
BRKCRS-2814 Cisco SD-Access Assurance and Analytics Dave Zacks, DTME

BRKCRS-2814

Cisco SD-Access Assurance and Analytics

Dave Zacks, DTME

BRKCRS-2814 Cisco SD-Access Assurance and Analytics Dave Zacks, DTME
BRKCRS-2814 Cisco SD-Access Assurance and Analytics Dave Zacks, DTME
cs.co/ciscolivebot#BRKCRS-2814
cs.co/ciscolivebot#BRKCRS-2814
cs.co/ciscolivebot#BRKCRS-2814 Cisco Webex Teams Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the

Cisco Webex Teams

cs.co/ciscolivebot#BRKCRS-2814 Cisco Webex Teams Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the

Questions?

Use Cisco Webex Teams (formerly Cisco Spark)

to chat with the speaker after the session

How

1
1

Find this session in the Cisco Events Mobile App

2
2

Click “Join the Discussion”

3
3

Install Webex Teams or go directly to the team space

4
4

Enter messages/questions in the team space

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

3

Agenda

Agenda Cisco Live 2019 - Barcelona  Cisco DNA Architecture Overview  Cisco SD-Access Brief Recap

Cisco Live 2019 - Barcelona

Agenda Cisco Live 2019 - Barcelona  Cisco DNA Architecture Overview  Cisco SD-Access Brief Recap

Cisco DNA Architecture Overview

Cisco SD-Access

Brief Recap

DNA Architecture Overview  Cisco SD-Access Brief Recap BRKCRS-2814 Cisco Software-Defined Access – Assurance

BRKCRS-2814

Cisco

Software-Defined

Access Assurance and Analytics

Cisco DNA Assurance Overview, Getting Started, Capabilities

Cisco DNA Assurance for SD-Access Overview and Deeper Dive Wired and Wireless

The Role of Streaming Telemetry

Cisco DNA Center Platform

Take-Away Summary and Next Steps

Center – Platform  Take-Away Summary and Next Steps Presenter: Dave Zacks BRKCRS-2814 © 2019 Cisco

Presenter:

Dave Zacks

 Take-Away Summary and Next Steps Presenter: Dave Zacks BRKCRS-2814 © 2019 Cisco and/or its affiliates.

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

4

By Way of Introduction …

I am a Distinguished Engineer, and have been with Cisco for 19 years.

As a DTME within the Enterprise Networks Business team, I work primarily

on capabilities and solutions that are anywhere from 12 to 36+ months out,

helping to define these projects and then assisting as they progress

towards and through design, development, and solution introduction.

I have a strong background in, and focus on, customer requirements,

and integrating these into the products and solutions Cisco builds.

I have a special interest in Flexible Hardware, Network Fabrics, and Assurance.

in Flexible Hardware, Network Fabrics, and Assurance . Dave Zacks Distinguished Technical Mktg. Engineer

Dave Zacks

Distinguished Technical Mktg. Engineer

dzacks@cisco.com

@DaveZacks

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco DNA Architecture Overview

Cisco DNA – Architecture Overview
Cisco DNA – Architecture Overview

Innovation in

the network

Innovation in the network BRKCRS-2814 © ©© 20192019 2019 Cisco and/or its affiliates. All rights reserved.
Innovation in the network BRKCRS-2814 © ©© 20192019 2019 Cisco and/or its affiliates. All rights reserved.

BRKCRS-2814

©

©© 20192019

2019

Cisco and/or its affiliates. All rights reserved.

CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

Cisco Public

CiscoCisco PublicPublic

7

The Network. Intuitive.

Based on Cisco DNA

P e r f o r m

L E A R N I N G

Cisco DNA Center Policy Automation Analytics
Cisco DNA Center
Policy
Automation
Analytics
A R N I N G Cisco DNA Center Policy Automation Analytics E x p r

E x p r e s s

I N T E N T

I m p l e m e n t

w i t h

S E C U R I T Y

Cloud Service Management Analytics Automation Virtualization Programmable Physical and Virtual infrastructure
Cloud Service Management
Analytics
Automation
Virtualization
Programmable Physical and Virtual infrastructure
Security
Cisco DNA
Digital Network
E x t r a c t
Architecture

C O N T E X T

Intent-based Network Infrastructure

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

8

The Network. Intuitive.

Principles of Intent-Based Networking

The Network. Intuitive. Principles of Intent-Based Networking Cisco DNA Center Intent-Based Networking portfolio Open

Cisco DNA Center

Intent-Based Networking portfolio
Intent-Based Networking portfolio
Open programmable architecture
Open programmable architecture
Built-in security, streaming telemetry and rich analytics
Built-in security, streaming telemetry
and rich analytics
APIs
APIs

Applications

Domain Controllers

Powered by IOS-XE

Physical and

Virtual

Infrastructure

ASIC

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

9

The Network. Intuitive.

Moving from Manual to Automated

Basic

Advanced

Automated Deployment

Step 1

Network admin

previsions devices in

Cisco Network Plug and Play applications

Step 2

Onsite installer with

mobile app installs and

powers on devices,

triggers deployment,

checks status

Step 3

New devices contact

Cisco Network Plug and

Play application to get

provisioned

Plug and Play,

Day 0 Deployment Admin HTTP Proxy Internet Installer
Day 0 Deployment
Admin
HTTP
Proxy
Internet
Installer

Exists Today

Network admin can

remotely monitor

install status

Consistent Across Network Fabric

Configure once and deploy

everywhere - SD-Access

Cisco DNA Center SD-Access Fabric
Cisco
DNA
Center
SD-Access
Fabric

New

Self-Driving Automation

Closed Loop through Network

Analytics and Machine Learning

Cisco DNA Center B B SD-Access Fabric
Cisco DNA
Center
B
B
SD-Access
Fabric

Future

Learning Cisco DNA Center B B SD-Access Fabric Future One Point of Management – All from

One Point of Management All from Cisco DNA Center

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco SD-Access Brief Recap

Cisco SD-Access – Brief Recap
Cisco SD-Access – Brief Recap

What is the Problem?

Network Policy Today

Enterprise Network SRC DST PAYLOAD DATA DSCP PROT IP SRC IP DST PORT PORT Policy
Enterprise Network
SRC
DST
PAYLOAD DATA
DSCP
PROT
IP SRC
IP DST
PORT
PORT
Policy is based on “5 Tuple”

Only Transitive information

Survives end to end

Network Policy

information • Survives end to end Network Policy BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco
information • Survives end to end Network Policy BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco
information • Survives end to end Network Policy BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco

BRKCRS-2814

©©© 201920192019 CiscoCiscoCisco and/orand/orand/or itsitsits affiliates.affiliates.affiliates. AllAllAll rightsrightsrights reserved.reserved.reserved.

CiscoCiscoCisco PublicPublicPublic

12

What is the Problem?

Network Policy Today

access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165 access-list 102 deny
access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165
access-list 102 deny udp 32.124.217.1 255.255.255.255 lt 907 11.38.130.82 0.0.31.255 gt 428
access-list 102 permit ip 64.98.77.248 0.0.0.127 eq 639 122.201.132.164 0.0.31.255 gt 1511
access-list 102 deny tcp 247.54.117.116 0.0.0.127 gt 4437 136.68.158.104 0.0.1.255 gt 1945
access-list 102 permit icmp 136.196.101.101 0.0.0.255 lt 2361 90.186.112.213 0.0.31.255 eq 116
access-list 102 deny udp 242.4.189.142 0.0.1.255 eq 1112 19.94.101.166 0.0.0.127 eq 959
access-list 102 deny tcp 82.1.221.1 255.255.255.255 eq 2587 174.222.14.125 0.0.31.255 lt 4993
access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848
access-list 102 deny ip 32.15.78.227 0.0.0.127 eq 1493 72.92.200.157 0.0.0.255 gt 4878
Enterprise Network
access-list 102 permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216
access-list 102 deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111
access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175
access-list 102
permit tcp
37.85.170.24 0.0.0.127 lt
3146 77.26.232.98 0.0.0.127 gt 1462
access-list 102
permit tcp
155.237.22.232 0.0.0.127
gt 1843 239.16.35.19 0.0.1.255 lt 4384
SRC
DST
PAYLOAD DATA
DSCP
PROT
IP SRC
IP DST
PORT
PORT
SSID C
VLAN 20
VLAN 10
User/device info?
SSID A
VLAN 30
VLAN 40
SSID B

Network Policy

info? SSID A VLAN 30 VLAN 40 SSID B Network Policy IP ADDRESSES  Locate you

IP

ADDRESSES

Locate you

Identify you

Drive “treatment”

Constrain you

Identify you  Drive “treatment”  Constrain you BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco

BRKCRS-2814

©©© 201920192019 CiscoCiscoCisco and/orand/orand/or itsitsits affiliates.affiliates.affiliates. AllAllAll rightsrightsrights reserved.reserved.reserved.

CiscoCiscoCisco PublicPublicPublic

13

But What If … … we could make the IP address just be a LOCATOR

But What If …

But What If … … we could make the IP address just be a LOCATOR for

… we could make the IP address just be a LOCATOR for you, and provide other ways

to group users / devices to apply POLICY?

other ways to group users / devices to apply POLICY? Key Assertion If we could “break
Key Assertion If we could “break the dependence” between IP addressing and policy, we could
Key Assertion
If we could “break the dependence”
between IP addressing and policy, we
could greatly simplify networks – and
make networks much more functional.

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

14

You could build and run your network in a simpler way …

Apply Policy irrespectively of network constructs (VLAN, subnet, IP address) Easily implement Network Segmentation (w/o implementing MPLS) Provide L2 and L3 flexibility (w/o stretching VLANs)

MPLS) Provide L2 and L3 flexibility (w/o stretching VLANs) WITH A FABRIC… … we could make

WITH A FABRIC…

and L3 flexibility (w/o stretching VLANs) WITH A FABRIC… … we could make the IP address

… we could make the IP address just be a LOCATOR for you, and provide other ways

to group users / devices to apply POLICY?

other ways to group users / devices to apply POLICY? Key Assertion If we could “break
Key Assertion If we could “break the dependence” between IP addressing and policy, we could
Key Assertion
If we could “break the dependence”
between IP addressing and policy, we
could greatly simplify networks – and
make networks much more functional.

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

15

What is Unique about Software-Defined Access?

Fabric brings Policy Simplification

Fabric breaks the dependency between IP address and Policy.

In Fabric Polices are tied to User/Device Identity

Overlay Supplier Overlay control plane (LISP) Employee
Overlay
Supplier
Overlay
control plane
(LISP)
Employee

Overlay encapsulation (VXLAN)

plane (LISP) Employee Overlay encapsulation (VXLAN) Devices Underlay Cisco DNA Center – Automation and

Devices

Underlay
Underlay
Employee Overlay encapsulation (VXLAN) Devices Underlay Cisco DNA Center – Automation and Assurance •

Cisco DNA Center Automation and Assurance

Single User Interface for Fabric Management & Orchestration

Policy definition based on User, Device or App Group

Design, Deploy and Monitoring and Troubleshooting

Fabric Overlay Services plane

Dynamically connects Users/Devices/Things

IP is an ID not used for traffic forwarding

End to End Policies and Segmentation

Fabric Underlay Forwarding plane

Connects the network elements to each other

Optimized for traffic forwarding (scalability, performance)

Networking constructs like IP, VLANs, live here

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

16

Cisco Software-Defined Access

The Power of the Fabric

Cisco Software-Defined Access The Power of the Fabric Separate the “Forwarding Plane” from the “Services Plane”

Separate the “Forwarding Plane” from the “Services Plane”

the “Forwarding Plane” from the “Services Plane” IT Challenge (Business): Network Uptime IT Challenge

IT Challenge (Business): Network Uptime

“Services Plane” IT Challenge (Business): Network Uptime IT Challenge (Employee): New Services The Boss Y O

IT Challenge (Employee): New Services

Network Uptime IT Challenge (Employee): New Services The Boss Y O U The User Underlay –

The Boss

YOU

The User

Challenge (Employee): New Services The Boss Y O U The User Underlay – Simple Transport Forwarding
Challenge (Employee): New Services The Boss Y O U The User Underlay – Simple Transport Forwarding

Underlay Simple Transport Forwarding

Redundant Devices and Paths

Keep It Simple and Manageable

Optimize Packet Handling

Maximize Network Reliability (HA)

Packet Handling • Maximize Network Reliability (HA) Overlay – Flexible Virtual Services • Mobility - Map

Overlay Flexible Virtual Services

Mobility - Map Endpoints to Edges

Services - Deliver using Overlay

Scalability - Reduce Protocol State

Flexible and Programmable

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

17

Cisco Software-Defined Access

Integrated Segmentation

2 Custom Deny Default Permit
2
Custom Deny
Default Permit
Integrated Segmentation 2 Custom Deny Default Permit Group 3 Group 4 Group 5 IoT Virtual Network
Group 3
Group 3
Group 4
Group 4
Group 5 IoT Virtual Network
Group 5
IoT Virtual Network

Default Deny

1
1
Group 4 Group 5 IoT Virtual Network Default Deny 1 Group 1 Group 2 Employee Virtual
Group 1
Group 1
Group 2
Group 2

Employee Virtual Network

Deny 1 Group 1 Group 2 Employee Virtual Network Routers Switches Wireless AP WLC 1 Virtual
Routers Switches Wireless AP WLC

Routers

Switches

Wireless AP

WLC

1
1

Virtual Networks

Routers Switches Wireless AP WLC 1 Virtual Networks First level Segmentation that ensures zero Communication

First level Segmentation

that ensures zero Communication

between Building systems and Users

2
2

Groups

Second level Segmentation

within a Virtual Network that

ensures role based access control

between Two Groups

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco Software-Defined Access

Simplified Connectivity

Cisco Software-Defined Access Simplified Connectivity Stretched Subnets No Spanning Tree ECMP Distributed Anycast +
Stretched Subnets No Spanning Tree ECMP Distributed Anycast + No STP + Equal Cost Default
Stretched
Subnets
No Spanning
Tree
ECMP
Distributed Anycast
+ No STP
+
Equal Cost
Default Gateway
Multi-Path
No HSRP / VRRP
Limit Broadcast Domain
Routed Access
SD-Access Fabric
10.1.0.0/16
BRKCRS-2814
©© 20192019
© 2019
Cisco and/or its affiliates. All rights reserved.
CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

Cisco Public

CiscoCisco PublicPublic

and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved. Cisco Public CiscoCisco PublicPublic 19

19

Cisco Software-Defined Access

Roles and Terminology

Cisco DNA
Cisco DNA
Identity Services
Identity Services
Controller Analytics Engine
Controller
Analytics Engine

Cisco DNA Center

ISE Fabric Wireless Fabric Border LAN Controller Nodes B B Control-Plane CP Nodes Fabric Edge
ISE
Fabric Wireless
Fabric Border
LAN Controller
Nodes
B B
Control-Plane
CP
Nodes
Fabric Edge
Intermediate
Nodes
Nodes (Underlay)
Nodes Fabric Edge Intermediate Nodes Nodes (Underlay) BRKCRS-2814  Cisco DNA Controller – Enterprise SDN

BRKCRS-2814

Edge Intermediate Nodes Nodes (Underlay) BRKCRS-2814  Cisco DNA Controller – Enterprise SDN Controller

Cisco DNA Controller Enterprise SDN Controller

provides GUI management and abstraction via

multiple Service Apps, that share information

Identity Services External ID Systems (e.g. ISE)

are leveraged for dynamic User or Device to Group

mapping and Policy definition

Analytics Engine External Data Collectors (e.g.

NDP) are leveraged to analyze User or Device to

App flows and monitor fabric status

Control-Plane Nodes Map System that manages

Endpoint ID to Device relationships

Border Nodes A Fabric device (e.g. Core) that

connects External L3 network(s) to the SDA Fabric

Edge Nodes A Fabric device (e.g. Access

or Distribution) that connects Wired Endpoints

o the SDA Fabric

Fabric Wireless Controller A Fabric device (WLC)

that connects Wireless Endpoints to the SDA Fabric

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

20

Missed One? Sessions are available online @ CiscoLive.com

Cisco Software-Defined Access

Cisco Live Barcelona 2019 Session Map

You Are Here
You Are Here

Tuesday (Jan 29)

Wednesday (Jan 30)

Thursday (Jan 31)

Friday (Feb 01)

08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00
08:00-11:00
11:00-13:00
13:00-15:00
15:00-18:00
08:00-11:00
11:00-13:00
13:00-15:00
15:00-18:00
08:00-11:00
11:00-13:00
13:00-15:00
15:00-18:00
08:00-11:00
11:00-13:00
13:00-15:00
15:00-18:00
BRKCRS-2821 SD-Access Integration
BRKCRS-2821
SD-Access Integration
BRKCRS-2825 SD-Access Scale
BRKCRS-2825
SD-Access Scale
BRKCRS-2812 SD-Access Migration
BRKCRS-2812
SD-Access Migration
BRKCLD-2412 BRKCRS-3811 Cross-Domain Policy SD-Access Policy BRKCRS-1449 BRKCRS-1501 ISE & SD-Access Validated
BRKCLD-2412
BRKCRS-3811
Cross-Domain
Policy
SD-Access Policy
BRKCRS-1449
BRKCRS-1501
ISE & SD-Access
Validated Design
BRKCRS-3810
BRKCRS-2815
BRKCRS-2814
BRKARC-2020
SD-Access
Connect
SD-Access
Troubleshoot
Deep Dive
SD-Access Sites
Assurance
SD-Access
LTRACI-2636 ACI + SD-Access Lab
LTRACI-2636
ACI + SD-Access Lab
LTRCRS-2810 SD-Access Lab
LTRCRS-2810
SD-Access Lab
BRKEWN-2021 SD-Access Demo
BRKEWN-2021
SD-Access Demo
BRKEWN-2020 SD-Access Wireless
BRKEWN-2020
SD-Access Wireless
BRKCRS-2810 SD-Access Solution
BRKCRS-2810
SD-Access Solution
SD-Access Wireless BRKCRS-2810 SD-Access Solution BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

21

Cisco DNA Assurance for SD-Access

Cisco DNA Assurance for SD-Access
Cisco DNA Assurance for SD-Access

The Cost of Troubleshooting

Overview

Typical troubleshooting issues for an enterprise network with 800 users (wired and wireless)

Issue/task

DNA Center™

Traditional CLI

Savings

Occurrences

Hours saved

Days saved

per week

per Week

per Year

Traceroute

Instantaneous

6 minutes

6 minutes

25

2.5 hours

15

Slow onboarding

2

minutes

17

minutes

15

minutes

20

5

hours

30

Device RPA failure

Instantaneous

20

minutes

20

minutes

6

2

hours

12

Radio channel analysis

5 minutes

25 minutes

20 minutes

6

2 hours

12

Issue replication

5

minutes

65

minutes

60

minutes

2

2

hours

12

Site visit

Not required

180 minutes

180 minutes

0.5

1.5 hours

9

 

Total:

15 hours

90

90 What would YOU do with 90 extra productive Days per Year? BRKCRS-2814 ©© 20192019
90 What would YOU do with 90 extra productive Days per Year?
BRKCRS-2814
©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.
CiscoCisco PublicPublic
23

Why SD-Access Assurance?

Example

Why SD-Access Assurance? Example Fabric Border Nodes Intermediate Nodes (Underlay) Fabric Edge Nodes Cisco DNA Center
Why SD-Access Assurance? Example Fabric Border Nodes Intermediate Nodes (Underlay) Fabric Edge Nodes Cisco DNA Center
Fabric Border Nodes Intermediate Nodes (Underlay) Fabric Edge Nodes
Fabric Border
Nodes
Intermediate
Nodes (Underlay)
Fabric Edge
Nodes
Nodes Intermediate Nodes (Underlay) Fabric Edge Nodes Cisco DNA Center Need to Troubleshoot user red

Cisco DNA Center

Need to Troubleshoot

user red connectivity

to a App server

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

24

Why SD-Access Assurance?

Example

CLI is the most common troubleshooting tool.

It’s just a very bad troubleshooting tool.

show ip dhcp snooping binding

show ip vrf interfaces | inc 1021

show lisp vrf Campus | i IID

show lisp instance-id 4099 ipv4 map-cache

show ip cef vrf Campus 50.0.0.1 internal

traceroute 192.168.130.2

ping 192.168.10.1

show cdp nei g1/0/22

Cisco DNA Center

192.168.10.1  show cdp nei g1/0/22 Cisco DNA Center BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits
192.168.10.1  show cdp nei g1/0/22 Cisco DNA Center BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits
192.168.10.1  show cdp nei g1/0/22 Cisco DNA Center BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

25

Why SD-Access Assurance?

Example

ping 192.168.130.2

Success rate is 0 percent (0/5)

show ip route 192.168.130.2

show cdp nei g1/0/23

show run int g1/0/23

Cisco DNA Center

cdp nei g1/0/23  show run int g1/0/23 Cisco DNA Center BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or
cdp nei g1/0/23  show run int g1/0/23 Cisco DNA Center BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or
cdp nei g1/0/23  show run int g1/0/23 Cisco DNA Center BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

26

Why SD-Access Assurance?

Example

interface GigabitEthernet1/0/23

description border_cp g1/0/15

no switchport

ip address 192.168.15.1 255.255.255.252

ip router isis

ip access-group test out

Extended IP access list test 10 deny ip host 192.168.120.1 host 192.168.130.2

Cisco DNA Center

ip host 192.168.120.1 host 192.168.130.2 Cisco DNA Center BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits
ip host 192.168.120.1 host 192.168.130.2 Cisco DNA Center BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits
ip host 192.168.120.1 host 192.168.130.2 Cisco DNA Center BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits
ip host 192.168.120.1 host 192.168.130.2 Cisco DNA Center BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

27

Network Quality

A Complex, End-to-End Problem

Affects join/roam Client firmware WAN uplink usage End-user services Affects both* Client density AP coverage
Affects join/roam
Client firmware
WAN uplink usage
End-user services
Affects both*
Client density
AP coverage
Configuration
WLC capacity
WAN QoS, routing,
RF noise/interf
Authentication
Cisco® Unified
Cisco
CM
ISE
100+ points of failure
between user and app
With 50,000+
What is the problem?
WAN
DHCP
Where is the problem?
Office site
Network services
Cisco Prime®
Access
data center

Mobile clients

permutations!

points
points

Affects quality/throughput

Addressing
Addressing

Local WLCs

points Affects quality/throughput Addressing Local WLCs How can I fix the problem fast? * Both =

How can I fix the problem fast?

* Both = Join/roam and quality/throughput

the problem fast? * Both = Join/roam and quality/throughput BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

28

Today’s Tools

Too Limited, and Do Not Address Network Needs

Today’s Tools Too Limited, and Do Not Address Network Needs Too Many Tools Fragmented visibility Closed

Too Many Tools

Fragmented visibility Closed interfaces / Silo’d views

Devices queried multiple times Different protocols/mechanisms

queried multiple times Different protocols/mechanisms Rigid Reactive Systems Always playing catch up Not designed

Rigid

queried multiple times Different protocols/mechanisms Rigid Reactive Systems Always playing catch up Not designed for

Reactive Systems

Always playing catch up Not designed for analytics

Inconsistent API architecture Specialized knowledge required

Closed/Proprietary

BRKCRS-2814

knowledge required Closed/Proprietary BRKCRS-2814 Limited Insights Limited data that is not actionable My

Limited Insights

Limited data that is not actionable My report vs your report

No view of state changes Lacking context or feedback loop

Lack of Intelligence

CiscoCisco PublicPublic

29

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

Cisco DNA Center

Overview

Cisco DNA Center Overview Cisco DNA Center Policy Provision Design Assurance Cisco DNA Center Appliance Physical

Cisco DNA Center

Policy Provision Design Assurance
Policy
Provision
Design
Assurance
Cisco DNA Center Appliance Physical and virtual infrastructure Cisco and third party
Cisco DNA Center Appliance
Physical and virtual infrastructure
Cisco and third party

Complete network

management system

Single pane of glass for all devices

End-to-end health information in real time

Granular visibility

Simplified workflows

Analytics for assurance

Verify intent of network settings

Proactively resolve issues

Reduce time spent troubleshooting

Automation for provisioning

Zero-touch deployment

Device lifecycle management

Policy enforcement

Platform for extensibility

Integrate APIs with third-party solutions

Integrate and customize ServiceNow

Evolve operational tools and processes

ServiceNow • Evolve operational tools and processes BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

30

Cisco DNA Assurance

Part of Cisco DNA Center

Automation

Design

Provision

Policy

DNA Center Automation Design Provision Policy Planning, installation and migration Analytics Assurance

Planning, installation and migration

Analytics

Assurance

Planning, installation and migration Analytics Assurance Proactive and predictive network, client and application
Planning, installation and migration Analytics Assurance Proactive and predictive network, client and application
Planning, installation and migration Analytics Assurance Proactive and predictive network, client and application
Planning, installation and migration Analytics Assurance Proactive and predictive network, client and application

Proactive and predictive network, client and application assurance

and predictive network, client and application assurance BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

31

Event Processing

Overview

Event Processing Overview “Event Processing is a method of tracking and analyzing streams of information about
Event Processing Overview “Event Processing is a method of tracking and analyzing streams of information about

“Event Processing is a method

of tracking and analyzing

streams of information about

things that happen (events), and deriving a conclusion from

them.“

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

32

Context is Key Time Users Network Devices Applications Location
Context is Key
Time
Users
Network
Devices
Applications
Location

Cisco Context

360-degree Visibility

Cisco Context 360-degree Visibility Data Granularity Historical, Real-time, Future

Data Granularity

Cisco Context 360-degree Visibility Data Granularity Historical, Real-time, Future

Historical, Real-time, Future

Data Granularity Historical, Real-time, Future Rich Context Increase Business Productivity and Frees Up IT

Rich Context Increase Business Productivity and Frees Up IT Time

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

33

Complex Event Processing

Overview

Complex Event Processing Overview “CEP is event processing that combines data from multiple sources to infer

“CEP is event processing that combines data from multiple sources to infer events or patterns that suggest more complicated circumstances. The goal … is to identify

meaningful events

The goal … is to identify meaningful events ” BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

34

Delivering Context for Network Troubleshooting

Use Case Example

Cisco DNA

Center

Analytics

Engine

ISEISE
ISEISE
Case Example Cisco DNA Center Analytics Engine ISEISE IPAM NetFlow AVC Topology Location Device G r
IPAM
IPAM
Example Cisco DNA Center Analytics Engine ISEISE IPAM NetFlow AVC Topology Location Device G r o
NetFlow
NetFlow
Cisco DNA Center Analytics Engine ISEISE IPAM NetFlow AVC Topology Location Device G r o u
AVC
AVC
DNA Center Analytics Engine ISEISE IPAM NetFlow AVC Topology Location Device G r o u p
Topology
Topology
Center Analytics Engine ISEISE IPAM NetFlow AVC Topology Location Device G r o u p :
Location
Location
Analytics Engine ISEISE IPAM NetFlow AVC Topology Location Device G r o u p : M
Device
Device
Engine ISEISE IPAM NetFlow AVC Topology Location Device G r o u p : M a
Engine ISEISE IPAM NetFlow AVC Topology Location Device G r o u p : M a

Group: Marketing

User: George Baker

o u p : M a r k e t i n g User: George Baker

MAC: 60:F4:45:78:96:9F

k e t i n g User: George Baker MAC: 60:F4:45:78:96:9F MAC: B8:8D:12:36:15:22 An unhappy user

MAC: B8:8D:12:36:15:22

An unhappy user calls in

to report a problem with his WebEx experience

Step 1: Identity Services

Engine integration provides Cisco DNA

Center with the user’s

information, group-

policies and device information

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

35

Delivering Context for Network Troubleshooting

Use Case Example

Cisco DNA

Center

Analytics

Engine

ISEISE
ISEISE
Case Example Cisco DNA Center Analytics Engine ISEISE IPAM IPAM NetFlow AVC Topology Location Device G
IPAM IPAM
IPAM
IPAM
Cisco DNA Center Analytics Engine ISEISE IPAM IPAM NetFlow AVC Topology Location Device G r o
NetFlow
NetFlow
DNA Center Analytics Engine ISEISE IPAM IPAM NetFlow AVC Topology Location Device G r o u
AVC
AVC
Center Analytics Engine ISEISE IPAM IPAM NetFlow AVC Topology Location Device G r o u p
Topology
Topology
Analytics Engine ISEISE IPAM IPAM NetFlow AVC Topology Location Device G r o u p :
Location
Location
Engine ISEISE IPAM IPAM NetFlow AVC Topology Location Device G r o u p : M
Device
Device
ISEISE IPAM IPAM NetFlow AVC Topology Location Device G r o u p : M a
ISEISE IPAM IPAM NetFlow AVC Topology Location Device G r o u p : M a

Group: Marketing

User: George Baker

o u p : M a r k e t i n g User: George Baker

MAC: 60:F4:45:78:96:9F

k e t i n g User: George Baker MAC: 60:F4:45:78:96:9F MAC: B8:8D:12:36:15:22 Source IP: 1.1.1.2

MAC: B8:8D:12:36:15:22

Source IP: 1.1.1.2

Step 2: IP Address

Management (IPAM) integration supplies Cisco

DNA Center with the

DHCP addresses bound

to the user’s device(s)

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

36

Delivering Context for Network Troubleshooting

Use Case Example

Cisco DNA

Center

Analytics

Engine

ISEISE
ISEISE
Case Example Cisco DNA Center Analytics Engine ISEISE IPAM DDI NetFlow NetFlow AVC Topology Location Device
IPAM DDI
IPAM DDI
Cisco DNA Center Analytics Engine ISEISE IPAM DDI NetFlow NetFlow AVC Topology Location Device Step 3:
NetFlow NetFlow
NetFlow
NetFlow
Center Analytics Engine ISEISE IPAM DDI NetFlow NetFlow AVC Topology Location Device Step 3: Cisco DNA
AVC
AVC
Analytics Engine ISEISE IPAM DDI NetFlow NetFlow AVC Topology Location Device Step 3: Cisco DNA Center
Topology
Topology
Engine ISEISE IPAM DDI NetFlow NetFlow AVC Topology Location Device Step 3: Cisco DNA Center filters
Location
Location
ISEISE IPAM DDI NetFlow NetFlow AVC Topology Location Device Step 3: Cisco DNA Center filters NetFlow
Device
Device
IPAM DDI NetFlow NetFlow AVC Topology Location Device Step 3: Cisco DNA Center filters NetFlow records
IPAM DDI NetFlow NetFlow AVC Topology Location Device Step 3: Cisco DNA Center filters NetFlow records

Step 3: Cisco DNA

Center filters NetFlow

records by the Source IP

of the client’s device

Group: Marketing

User: George Baker

o u p : M a r k e t i n g User: George Baker

MAC: 60:F4:45:78:96:9F

Dest IP: 2.2.2.2

Dest Port: 80 ?
Dest Port: 80
?
? Dest Port: 80
?
Dest Port: 80

Dest IP: 3.2.2.2

MAC: B8:8D:12:36:15:22

Source IP: 1.1.1.2

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

37

Delivering Context for Network Troubleshooting

Use Case Example

Cisco DNA

Center

Analytics

Engine

ISEISE
ISEISE
Case Example Cisco DNA Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC Topology Location
IPAM DDI
IPAM DDI
Cisco DNA Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC Topology Location Device Step
NetFlow Netflow
NetFlow
Netflow
Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC Topology Location Device Step 4: Application
AVC AVC
AVC AVC
Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC Topology Location Device Step 4: Application Visibility
Topology
Topology
Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC Topology Location Device Step 4: Application Visibility and
Location
Location
ISEISE IPAM DDI NetFlow Netflow AVC AVC Topology Location Device Step 4: Application Visibility and Control
Device
Device
IPAM DDI NetFlow Netflow AVC AVC Topology Location Device Step 4: Application Visibility and Control identifies
IPAM DDI NetFlow Netflow AVC AVC Topology Location Device Step 4: Application Visibility and Control identifies

Step 4: Application

Visibility and Control

identifies which of the

flow-records were for

WebEx traffic

Group: Marketing

User: George Baker

o u p : M a r k e t i n g User: George Baker

MAC: 60:F4:45:78:96:9F

Dest IP: 2.2.2.2

Dest Port: 80 ?
Dest Port: 80
?
? Dest Port: 80
?
Dest Port: 80

MAC: B8:8D:12:36:15:22

Source IP: 1.1.1.2

Dest IP: 3.2.2.2

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

38

Delivering Context for Network Troubleshooting

Use Case Example

Cisco DNA

Center

Analytics

Engine

ISEISE
ISEISE
Case Example Cisco DNA Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopology Topology
IPAM DDI
IPAM DDI
Cisco DNA Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopology Topology Location
NetFlow Netflow
NetFlow
Netflow
Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopology Topology Location Location Device
AVC AVC
AVC AVC
Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopology Topology Location Location Device Device
TopologyTopology Topology
TopologyTopology
Topology
IPAM DDI NetFlow Netflow AVC AVC TopologyTopology Topology Location Location Device Device Step 5: Cisco DNA
Location Location
Location
Location
AVC AVC TopologyTopology Topology Location Location Device Device Step 5: Cisco DNA Center contextually
Device Device
Device
Device
TopologyTopology Topology Location Location Device Device Step 5: Cisco DNA Center contextually correlates where
TopologyTopology Topology Location Location Device Device Step 5: Cisco DNA Center contextually correlates where

Step 5: Cisco DNA

Center contextually

correlates where the

user-device attaches to

the network and which

network-devices the flow

traverses

Group: Marketing

User: George Baker

MAC: B8:8D:12:36:15:22 Source IP: 1.1.1.2
MAC: B8:8D:12:36:15:22
Source IP: 1.1.1.2

MAC: 60:F4:45:78:96:9F

Dest Port: 80
Dest Port: 80
Source IP: 1.1.1.2 MAC: 60:F4:45:78:96:9F Dest Port: 80 Dest Port: 80 Dest IP: 3.2.2.2 BRKCRS-2814 ©
Dest Port: 80
Dest Port: 80

Dest IP: 3.2.2.2

Dest Port: 80 Dest Port: 80 Dest IP: 3.2.2.2 BRKCRS-2814 © 2019 Cisco and/or its affiliates.
Dest Port: 80 Dest Port: 80 Dest IP: 3.2.2.2 BRKCRS-2814 © 2019 Cisco and/or its affiliates.

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

39

Delivering Context for Network Troubleshooting

Use Case Example

Cisco DNA

Center

Analytics

Engine

ISEISE
ISEISE
Case Example Cisco DNA Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopologyTopology
IPAM DDI
IPAM DDI
Cisco DNA Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopologyTopology Location
NetFlow Netflow
NetFlow
Netflow
Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopologyTopology Location Location Device
AVC AVC
AVC AVC
Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopologyTopology Location Location Device Step 6:
TopologyTopologyTopology
TopologyTopologyTopology
IPAM DDI NetFlow Netflow AVC AVC TopologyTopologyTopology Location Location Device Step 6: Location services Group:
Location Location
Location
Location
Netflow AVC AVC TopologyTopologyTopology Location Location Device Step 6: Location services Group: Marketing User:
Device
Device
AVC AVC TopologyTopologyTopology Location Location Device Step 6: Location services Group: Marketing User: George
Step 6: Location services Group: Marketing User: George Baker contextually-correlate the geographic locations of the
Step 6: Location services
Group: Marketing
User: George Baker
contextually-correlate the
geographic locations of
the
user/network devices
Dest IP: 2.2.2.2
MAC: B8:8D:12:36:15:22
Source IP: 1.1.1.2
Dest Port: 80
MAC: 60:F4:45:78:96:9F
Dest Port: 80
Building 24 1 st Floor
Dest IP: 3.2.2.2

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

40

Delivering Context for Network Troubleshooting

Use Case Example

Cisco DNA

Center

Analytics

Engine

ISEISE
ISEISE
Case Example Cisco DNA Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopologyTopology
IPAM DDI
IPAM DDI
Cisco DNA Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopologyTopology
NetFlow Netflow
NetFlow
Netflow
Center Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopologyTopology LocationLocation Device
AVC AVC
AVC AVC
Analytics Engine ISEISE IPAM DDI NetFlow Netflow AVC AVC TopologyTopologyTopology LocationLocation Device Device
TopologyTopologyTopology
TopologyTopologyTopology
IPAM DDI NetFlow Netflow AVC AVC TopologyTopologyTopology LocationLocation Device Device Step 7: Network Group:
LocationLocation
LocationLocation
Netflow AVC AVC TopologyTopologyTopology LocationLocation Device Device Step 7: Network Group: Marketing User:
Device Device
Device
Device
AVC TopologyTopologyTopology LocationLocation Device Device Step 7: Network Group: Marketing User: George Baker
Step 7: Network Group: Marketing User: George Baker telemetry is used to identify, isolate and
Step 7: Network
Group: Marketing
User: George Baker
telemetry is used to
identify, isolate and root-
cause issues
Dest IP: 2.2.2.2
MAC: B8:8D:12:36:15:22
Source IP: 1.1.1.2
Dest Port: 80
MAC: 60:F4:45:78:96:9F
Dest Port: 80
Building 24 1 st Floor
Dest IP: 3.2.2.2
No Layer 2 QoS
marking for Webex

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

41

What is Machine Learning?

Machine learning is an application of artificial intelligence (AI) that provides systems the ability to

automatically learn and improve from experience without being explicitly programmed to do so

The process of learning begins with observations of data, and looking for patterns within the data so as

to make increasingly better correlations, inferences and predictions

The primary aim is

to allow these systems

to learn automatically

without human intervention

or assistance and adjust

actions accordingly

intervention or assistance and adjust actions accordingly BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits
intervention or assistance and adjust actions accordingly BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

42

Reasons for Data Patterns

Coincidence Correlation

Causation

Patterns • Coincidence • Correlation • Causation Statistics 101: Correlation does not necessary mean

Statistics 101:

Correlation does not necessary mean Causation

101: Correlation does not necessary mean Causation BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

43

Machine Learning

Many Data Inputs

Machine Learning Many Data Inputs RF & EDCA behavioral metrics, Application metrics, user feedback, failure rate,
RF & EDCA behavioral metrics, Application metrics, user feedback, failure rate, Queuing, Dropping, WRED
RF & EDCA
behavioral
metrics,
Application metrics, user
feedback, failure rate,
Queuing, Dropping, WRED
behavioral metrics…
WAN & core
network metrics
WRED behavioral metrics… WAN & core network metrics Device type, OS release, behavioral metrics, CUCM ISE

Device type, OS release,

behavioral metrics,

CUCM

metrics Device type, OS release, behavioral metrics, CUCM ISE and more APs Mobile Clients Office Site

ISE

and more

type, OS release, behavioral metrics, CUCM ISE and more APs Mobile Clients Office Site WAN DHCP
APs
APs

Mobile Clients

behavioral metrics, CUCM ISE and more APs Mobile Clients Office Site WAN DHCP Network Services DC
behavioral metrics, CUCM ISE and more APs Mobile Clients Office Site WAN DHCP Network Services DC

Office Site

WAN

DHCP

Network Services DC

Local WLCs

Office Site WAN DHCP Network Services DC Local WLCs BRKCRS-2814 © 2019 Cisco and/or its affiliates.

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

44

Cisco DNA Center

Analytics Architecture

Data collection and ingestion

   
   
   
   
   
 

Router

Switch

WLC

Sensor

Network

telemetry
telemetry
telemetry
telemetry

telemetry

telemetry

SNMP NetFlow

Syslog

Streaming

 

telemetry

 
NetFlow Syslog Streaming   telemetry   ISE AAA Topology Location PxGrid DNS DHCP
NetFlow Syslog Streaming   telemetry   ISE AAA Topology Location PxGrid DNS DHCP
NetFlow Syslog Streaming   telemetry   ISE AAA Topology Location PxGrid DNS DHCP
NetFlow Syslog Streaming   telemetry   ISE AAA Topology Location PxGrid DNS DHCP
NetFlow Syslog Streaming   telemetry   ISE AAA Topology Location PxGrid DNS DHCP

ISE

AAA

Topology

Location

PxGrid

ISE AAA Topology Location PxGrid
  telemetry   ISE AAA Topology Location PxGrid DNS DHCP Inventory Policy IPAM
  telemetry   ISE AAA Topology Location PxGrid DNS DHCP Inventory Policy IPAM
  telemetry   ISE AAA Topology Location PxGrid DNS DHCP Inventory Policy IPAM
  telemetry   ISE AAA Topology Location PxGrid DNS DHCP Inventory Policy IPAM
  telemetry   ISE AAA Topology Location PxGrid DNS DHCP Inventory Policy IPAM

DNS

DHCP

Inventory

Policy

IPAM

Contextual data

Data correlation and analysis

Analytics Engine

Data visualization and action

Network assurance

Network assurance
Engine Data visualization and action Network assurance Collector and analytics pipeline SDK Data models and restful

Collector and analytics pipeline SDK

Data models and restful APIs

Time series analysis

System management portal

APIs Time series analysis System management portal BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

45

Cisco DNA Center

The Power of Automation and Analytics Working in Sync

Cisco DNA Center

Automation

Automation

Telemetry, alerts,

violations

Cisco DNA Center Automation Telemetry, alerts, violations Network inventory, topology, and configuration Assurance and

Network inventory,

topology, and

configuration

Assurance and Analytics

Assurance and

Analytics

topology, and configuration Assurance and Analytics Network and telemetry configuration BRKCRS-2814 Streaming
topology, and configuration Assurance and Analytics Network and telemetry configuration BRKCRS-2814 Streaming
topology, and configuration Assurance and Analytics Network and telemetry configuration BRKCRS-2814 Streaming
topology, and configuration Assurance and Analytics Network and telemetry configuration BRKCRS-2814 Streaming
topology, and configuration Assurance and Analytics Network and telemetry configuration BRKCRS-2814 Streaming

Network and telemetry

configuration

BRKCRS-2814

Analytics Network and telemetry configuration BRKCRS-2814 Streaming telemetry & network data ©© 20192019

Streaming telemetry

& network data

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

46

Getting Started Workflow

Getting Started Workflow
Getting Started Workflow

Cisco DNA Assurance

Getting Started Workflow

Cisco DNA Center Install
Cisco DNA
Center
Install
On-Premise Single Node Cloud Tethered for App Updates
On-Premise
Single Node
Cloud Tethered
for App Updates
On-Premise Single Node Cloud Tethered for App Updates Network Device Discovery CDP IP Address Range Loopback
Network Device Discovery
Network
Device
Discovery
CDP IP Address Range Loopback as Preferred Management IP
CDP
IP Address Range
Loopback as
Preferred
Management IP
CDP IP Address Range Loopback as Preferred Management IP Network Design & Provision Create Network Hierarchy
Network Design & Provision
Network
Design &
Provision
Preferred Management IP Network Design & Provision Create Network Hierarchy (Sites) Assign Device to Sites
Create Network Hierarchy (Sites) Assign Device to Sites Provision Telemetry Configuration
Create Network
Hierarchy (Sites)
Assign Device to
Sites
Provision
Telemetry
Configuration
Ready for SD-Access Assurance !
Ready for
SD-Access
Assurance !

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

48

Getting Started Workflow Network Discovery

1 BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.
1
BRKCRS-2814
©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

49

Getting Started Workflow Assign Devices to Sites

Getting Started Workflow – Assign Devices to Sites BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits
Getting Started Workflow – Assign Devices to Sites BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

50

Getting Started Workflow Provision

SD-Access requires Provision

1 2
1
2
Workflow – Provision SD-Access requires Provision 1 2 BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

51

Getting Started Workflow Telemetry Configuration

Getting Started Workflow – Telemetry Configuration BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits
Getting Started Workflow – Telemetry Configuration BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

52

Enabling SD-Access Assurance

Configuring SNMP Collector

Enable all the metrics. LISP, CLISP and RTTMON are not enabled by default for SD-Access fabric

Change the polling timer from 15 mins to 10 mins using the slider

(Only required in versions prior to 1.2)

Input a unique name

Save the configuration

1.2 )  Input a unique name  Save the configuration BRKCRS-2814 Connect Wired ©© 20192019

BRKCRS-2814

ConnectInput a unique name  Save the configuration BRKCRS-2814 Wired ©© 20192019 CiscoCisco and/orand/or itsits

Wiredunique name  Save the configuration BRKCRS-2814 Connect ©© 20192019 CiscoCisco and/orand/or itsits

name  Save the configuration BRKCRS-2814 Connect Wired ©© 20192019 CiscoCisco and/orand/or itsits

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

4
4

Getting Started Workflow

Getting Started Workflow BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll
Getting Started Workflow BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

54

Cisco DNA Assurance Capabilities

Cisco DNA Assurance Capabilities
Cisco DNA Assurance Capabilities

Cisco DNA Assurance

Overall Health

Toggle Overview

Cisco DNA Assurance Overall Health Toggle Overview Topology | Map | List Health Summary • Network

Topology | Map | List

Health Summary

• Network Health • Client Health • Application Health • Compliance
Network Health
Client Health
Application Health
Compliance

Top 10 Issues

• Application Health • Compliance Top 10 Issues ©© 20192019 CiscoCisco and/orand/or itsits
• Application Health • Compliance Top 10 Issues ©© 20192019 CiscoCisco and/orand/or itsits

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco DNA Assurance

Health Scores

Site Health Score

Client Health Score

function ( Client Health Score, Device Health Score ) ( Client Health Score, Device Health Score )

function ( Onboarding Score, Connectivity Score ) ( Onboarding Score, Connectivity Score )

Score ) function ( Onboarding Score, Connectivity Score ) Device Health Score function ( System Health

Device Health Score

function ( System Health Score, Control Plane Score, Data Plane Score ) ( System Health Score, Control Plane Score, Data Plane Score )

System Health Score, Control Plane Score, Data Plane Score ) Application Health Score function ( Traffic

Application Health Score

Application Health Score
Plane Score, Data Plane Score ) Application Health Score function ( Traffic Class, Latency, Packet Loss)

function ( Traffic Class, Latency, Packet Loss)

Score function ( Traffic Class, Latency, Packet Loss) BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

57

Network Time Travel

“Go Back In Time” to Understand the Network State when the Issue Occurred

to Understand the Network State when the Issue Occurred • History shows critical events • Identifies
to Understand the Network State when the Issue Occurred • History shows critical events • Identifies

History shows critical events

Identifies when issues occurred!

BRKCRS-2814

Rewind time to when the issue

occurred

All the information on the user

or network device 360 changes to the selected time!

©©© 201920192019 CiscoCiscoCisco and/orand/orand/or itsitsits affiliates.affiliates.affiliates. AllAllAll rightsrightsrights reserved.reserved.reserved.

CiscoCiscoCisco PublicPublicPublic

58

58

Cisco DNA Assurance

Network Health

Time Travel

Cisco DNA Assurance Network Health Time Travel Toggle Overview Topology | Map | List Health Summary

Toggle Overview

DNA Assurance Network Health Time Travel Toggle Overview Topology | Map | List Health Summary Health

Topology | Map | List

Health Summary

Travel Toggle Overview Topology | Map | List Health Summary Health by Role • Wireless vs

Health by Role

Overview Topology | Map | List Health Summary Health by Role • Wireless vs Wired •

Wireless vs Wired

Core vs Access

Data vs Control

etc

Quick Filters

Core vs Access • Data vs Control • etc Quick Filters ©© 20192019 CiscoCisco and/orand/or itsits

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco DNA Assurance

Network Health

Cisco DNA Assurance Network Health Time Travel Travel to Time of Issue Health Summary • Routers

Time Travel

Cisco DNA Assurance Network Health Time Travel Travel to Time of Issue Health Summary • Routers

Travel to Time of Issue

Health Summary

Health Time Travel Travel to Time of Issue Health Summary • Routers • Switches • APs

Routers

Switches

APs and WLCs

etc

• Routers • Switches • APs and WLCs • etc BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

60

Cisco DNA Assurance

Client Health

Time Travel

Cisco DNA Assurance Client Health Time Travel Toggle Overview Map | List Health Summary • Wireless

Toggle Overview

Cisco DNA Assurance Client Health Time Travel Toggle Overview Map | List Health Summary • Wireless

Map | List

Health Summary

Health Time Travel Toggle Overview Map | List Health Summary • Wireless vs Wired • Onboarding

Wireless vs Wired

Onboarding Times

RSSI

etc

Quick Filters

Wired • Onboarding Times • RSSI • etc Quick Filters ©© 20192019 CiscoCisco and/orand/or itsits

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco DNA Assurance

Client 360 (1/3)

Client Devices

Cisco DNA Assurance Client 360 (1/3) Client Devices Time Travel Client Issues • Correlated • Integrated

Time Travel

DNA Assurance Client 360 (1/3) Client Devices Time Travel Client Issues • Correlated • Integrated with

Client Issues

Client 360 (1/3) Client Devices Time Travel Client Issues • Correlated • Integrated with ITSM Local

Correlated

Integrated with ITSM

Local Topology

• Correlated • Integrated with ITSM Local Topology • Health Summary • Devices Summry • Device

Health Summary

Devices Summry

Device 360 Links

etc

Summary • Devices Summry • Device 360 Links • etc ©© 20192019 CiscoCisco and/orand/or itsits

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco DNA Assurance

Client 360 (2/3)

Application Experience

Cisco DNA Assurance Client 360 (2/3) Application Experience • Business Relevant vs. Default vs. Irrelevant •

Business Relevant vs.

Default vs. Irrelevant

Bandwidth and Usage

App 360 Links

Device Details

• Bandwidth and Usage • App 360 Links Device Details • Hardware / Firmware • RF

Hardware / Firmware

RF Details

Apple iOS Analytics

Hardware / Firmware • RF Details • Apple iOS Analytics ©© 20192019 CiscoCisco and/orand/or itsits

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco DNA Assurance

Client 360 (3/3)

Cisco DNA Assurance Client 360 (3/3) Apple iOS Analytics • Cisco – Apple Partnership • RF

Apple iOS Analytics

Cisco DNA Assurance Client 360 (3/3) Apple iOS Analytics • Cisco – Apple Partnership • RF

Cisco Apple Partnership

• RF Client’s View

Client Side Behavior

Partnership • RF Client’s View • Client Side Behavior ©© 20192019 CiscoCisco and/orand/or itsits

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco DNA Assurance

Application Health

Health Summary

Cisco DNA Assurance Application Health Health Summary By Relevance Top 10 Usage App Experience • By

By Relevance

Top 10 Usage

App Experience

Health Summary By Relevance Top 10 Usage App Experience • By Application • Filter / Sort

By Application

• Filter / Sort • etc
• Filter / Sort
• etc

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco DNA Assurance

Issue Details

Issue Summary

• Description • Impact • Locations • Clients
• Description
• Impact
Locations
Clients

Context Information

• Impact • Locations • Clients Context Information Guided Resolution • Step by Step • Automation

Guided Resolution

• Clients Context Information Guided Resolution • Step by Step • Automation on managed Devices ©©

Step by Step

Automation on managed Devices

• Step by Step • Automation on managed Devices ©© 20192019 CiscoCisco and/orand/or itsits

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Cisco DNA Assurance

Issue Details

Issue Summary

• Description • Impact • Locations • Clients
• Description
• Impact
Locations
Clients

Context Information

• Impact • Locations • Clients Context Information Guided Resolution • Step by Step • Automation

Guided Resolution

• Clients Context Information Guided Resolution • Step by Step • Automation on managed Devices ©©

Step by Step

Automation on managed Devices

• Step by Step • Automation on managed Devices ©© 20192019 CiscoCisco and/orand/or itsits

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

Path Trace

Troubleshoot Issues Along the Network Path

© © ©
©
© ©

Run pathtrace from source to

destination to quickly get key

performance statistics for

each device along the

network path

Identify ACLs that may be

Blocking or affecting the

traffic flow

ACLs that may be Blocking or affecting the traffic flow Cisco Public 2019 Cisco and/or its
ACLs that may be Blocking or affecting the traffic flow Cisco Public 2019 Cisco and/or its

Cisco Public

2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

2019 Cisco and/or its affiliates. All rights reserved. Cisco Public

2019 Cisco and/or its affiliates. All rights reserved.

68

Path Trace

How Does It Work?

Cisco DNA Center NIB Cisco DNA Center NIB Cisco DNA Center NIB Cisco DNA Center
Cisco DNA
Center NIB
Cisco DNA
Center NIB
Cisco DNA
Center NIB
Cisco DNA
Center NIB
Cisco DNA
Center NIB
Center NIB Cisco DNA Center NIB Cisco DNA Center NIB BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

69

Cisco DNA Assurance for SD-Access

Cisco DNA Assurance for SD-Access
Cisco DNA Assurance for SD-Access

Cisco SD-Access Assurance

Quick Isolation of Network Issues

Cisco DNA Center

BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco and/orand/orand/or itsitsits affiliates.affiliates.affiliates. AllAllAll
BRKCRS-2814
©©© 201920192019 CiscoCiscoCisco and/orand/orand/or itsitsits affiliates.affiliates.affiliates. AllAllAll rightsrightsrights reserved.reserved.reserved.
CiscoCiscoCisco PublicPublicPublic
7171

Cisco SD-Access Assurance

Root-Cause Issues in a Few Clicks

Cisco SD-Access Assurance Root-Cause Issues in a Few Clicks Cisco DNA Center BRKCRS-2814 ©©© 201920192019
Cisco SD-Access Assurance Root-Cause Issues in a Few Clicks Cisco DNA Center BRKCRS-2814 ©©© 201920192019

Cisco DNA Center

BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco and/orand/orand/or itsitsits affiliates.affiliates.affiliates. AllAllAll
BRKCRS-2814
©©© 201920192019 CiscoCiscoCisco and/orand/orand/or itsitsits affiliates.affiliates.affiliates. AllAllAll rightsrightsrights reserved.reserved.reserved.
CiscoCiscoCisco PublicPublicPublic
72
CiscoCiscoCisco PublicPublicPublic 7373 Cisco SD-Access Assurance BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco

CiscoCiscoCisco PublicPublicPublic

7373

Cisco SD-Access Assurance

PublicPublicPublic 7373 Cisco SD-Access Assurance BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco
PublicPublicPublic 7373 Cisco SD-Access Assurance BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco

BRKCRS-2814

©©© 201920192019 CiscoCiscoCisco and/orand/orand/or itsitsits affiliates.affiliates.affiliates. AllAllAll rightsrightsrights reserved.reserved.reserved.

Cisco SD-Access Assurance

End-to-End Visibility

Cisco SD-Access Assurance End-to-End Visibility Cisco DNA Center BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco

Cisco DNA Center

SD-Access Assurance End-to-End Visibility Cisco DNA Center BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco
SD-Access Assurance End-to-End Visibility Cisco DNA Center BRKCRS-2814 ©©© 201920192019 CiscoCiscoCisco

BRKCRS-2814

©©© 201920192019 CiscoCiscoCisco and/orand/orand/or itsitsits affiliates.affiliates.affiliates. AllAllAll rightsrightsrights reserved.reserved.reserved.

CiscoCiscoCisco PublicPublicPublic

7474

Cisco SD-Access Fabric Assurance

Wired Use Cases

Cisco SD-Access Fabric Assurance Wired Use Cases Clients Network Infrastructure Applications Services Broad Client

Clients

Cisco SD-Access Fabric Assurance Wired Use Cases Clients Network Infrastructure Applications Services Broad Client
Cisco SD-Access Fabric Assurance Wired Use Cases Clients Network Infrastructure Applications Services Broad Client

Network Infrastructure

Applications

Wired Use Cases Clients Network Infrastructure Applications Services Broad Client Control Plane Data Plane Policy

Services

Cases Clients Network Infrastructure Applications Services Broad Client Control Plane Data Plane Policy Plane

Broad

Client Control Plane Data Plane Policy Plane Device Onboarding Border and Edge Edge to Control
Client
Control Plane
Data Plane
Policy Plane
Device
Onboarding
Border and Edge
Edge to Control Plane
ISE connectivity
Client / Device DHCP
CPU, Memory
connectivity
Border to Control Plane
Border node policy
Client / Device DNS
TCAM Tables
NEW
Border node health
NEW
Edge node policy
Client Authentication
Modules
Edge node health
CP performance
NEW
Client Authorization
Temperature
Routing protocols
Device to Services
(DHCP, DNS, AAA)
Power (POE)
(OSPF, ISIS, EIGRP and
Interface High
BGP)
NEW
NEW
Utilization, Flaps
Deep
Gateway Connectivity
Application
Performance
BRKCRS-2814
©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.
CiscoCisco PublicPublic
75

Fabric Device 360

2
2

Click on the Fabric tab to see how Fabric metrics are going

1.

Select Both options

2.

Reachability tests are being performed in the Fabric Underlay and Overlay. Test results below

1
1

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

76

Fabric Assurance

Path Trace Fabric Wired Client to Wired Client

Path Trace – Fabric Wired Client to Wired Client BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits
Path Trace – Fabric Wired Client to Wired Client BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

77

Fabric Assurance

IP SLA

IP SLA tests are run in the network fabric to

verify connectivity between Control Plane, Fabric Border, and Fabric Edge nodes.

IP SLA analyzes basic IP service levels for

common IP services, to reduce downtime

and lower operational costs

Includes path trace capability as part of troubleshooting steps

ISE (AAA) CP B B E E E IPSLA traffic initiated from Edges
ISE (AAA)
CP
B
B
E
E
E
IPSLA traffic initiated from Edges

Automated via Cisco DNA Center

ip sla 1

icmp-echo 192.168.110.1 source-ip 192.168.120.1

threshold 3

ip sla schedule 1 life forever start-time now

threshold 3 ip sla schedule 1 life forever start-time now BRKCRS-2814 © 2019 Cisco and/or its

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

78

Fabric Assurance

IP SLA

IP SLA tests are run in the network fabric to

verify connectivity between Fabric Border and external services

Monitor external services from fabric in the

underlay and overlay network

(IPAM, DHCP ,DNS)

Includes path trace capability as part of troubleshooting steps

Example

CP B B VN Campus E E E ` IPSLA traffic
CP
B
B
VN Campus
E
E
E
`
IPSLA traffic
steps Example CP B B VN Campus E E E ` IPSLA traffic ip sla 3

ip sla 3

icmp-echo 50.0.0.1 source-ip 7.1.1.5

vrf Campus

threshold 3

ip sla schedule 3 life forever start-time now

BRKCRS-2814

© 2019 Cisco and/or its affiliates. All rights reserved.

Cisco Public

79

Fabric Assurance

Control Plane CP B B • Fabric nodes query Control Plane to resolve host locations,
Control Plane
CP
B
B
• Fabric nodes query Control Plane to resolve
host locations, if they don’t have an entry in
their local database
• After receiving a map-reply, each fabric node
stores those entries in its cache database
10.2.120.3
• Fabric Assurance tracks the number of
requests and state of active cache entries to
E
E
E
provide proactive alerts
Example
FE1# show ip lisp map-cache instance-id 4098
LISP IPv4 Mapping Cache for EID-table vrf Campus (IID 4098), 5 entries
10.2.1.89/32, uptime: 00:05:16, expires: 23:57:59, via map-reply, complete
Locator
Uptime
State
Pri/Wgt
10.2.1.89/32
10.2.120.3 00:04:23 up
10/10
BRKCRS-2814
©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.
CiscoCisco PublicPublic
80

Fabric Assurance

Health Scores

CP B B E E E
CP
B
B
E
E
E

Collect relevant Key Performance Indicators

(KPIs) to determine Device Health

For example: Resources (CPU, DRAM, etc),

Link state and errors, Protocol state and

errors, Reachability to Control Plane, etc

Fabric Device Health has 3 Categories:

Control Plane

Data Plane

System Health

Fabric Device Score is the

Lowest of all Scores

Health Fabric Device Score is the Lowest of all Scores Example 3850-SJC24-3 5 System Health 10

Example

3850-SJC24-3

5

System Health

10

Data Plane

10

Control Plane

5

5 System Health 10 Data Plane 10 Control Plane 5 BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

81

Fabric Assurance

Health Scores

CP B B E E E
CP
B
B
E
E
E

Fabric Health score is the percentage of

healthy devices in the domain

Category Score is the percentage of healthy

devices in the category

Fabric Network Health has 4 Categories:

Fabric Edge

Fabric Border

Fabric Control Plane

Fabric Wireless

Fabric Domain Score is the

No. of healthy devices /

Total devices

Domain Score is the No. of healthy devices / Total devices Fabric Network Health 60% Fabric

Fabric Network Health

60%

Fabric Edge

100%

Fabric Border

50%

Fabric Wireless

70%

Fabric Control Plane

100%

Example

50% Fabric Wireless 70% Fabric Control Plane 100% Example BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

82

Fabric Assurance

What’s New in Cisco SD-Access 1.2.5?

SD-Access for Distributed Campus • Hierarchy view of fabric sites/domains • Network Health for each
SD-Access for Distributed Campus
• Hierarchy view of fabric sites/domains
• Network Health for each fabric site/domain
• Network Health for SD-Access transit
SD-Access for Distributed Campus
• Hierarchy view of fabric sites/domains
• Network Health for each fabric site/domain
SD-Access
IP Transit
Transit
for each fabric site/domain SD-Access IP Transit Transit SD-Access WLC to Control Plane Monitoring • Monitoring
SD-Access WLC to Control Plane Monitoring • Monitoring WLC connectivity to (CP) nodes • Network
SD-Access WLC to Control Plane Monitoring
• Monitoring WLC connectivity to (CP) nodes
• Network Health for fabric WLC to CP nodes
SD-Access End-Host Path trace
• Pathtrace for SD-Access Wired and Wireless
hosts, with L2 extension
BRKCRS-2814
©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.
CiscoCisco PublicPublic
83
SD-Access
Path Trace
Wireless

Cisco SD-Access for Distributed Campus

Monitoring Network Health for Individual Fabric Sites

SD-Access Assurance provides Network Health for each Fabric site and Transit

Fabric hierarchy is carried from Automation into Assurance to give granular visibility

CP

Automation into Assurance to give granular visibility CP B CP Fabric SJC4 SD-Access 1.2.5 CP B

B

CP Fabric
CP
Fabric

SJC4

SD-Access 1.2.5
SD-Access 1.2.5
CP B B Fabric
CP
B
B
Fabric

SJC3

SD-Access

Transit

B

CP Fabric
CP
Fabric

SJC-24

CP B B Fabric SJC3 SD-Access Transit B CP Fabric SJC-24 BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

84

Cisco SD-Access Assurance

Monitoring Network Health for Individual Fabric Sites

Monitoring Network Health for Individual Fabric Sites Aggregated view across all SD-Access Fabric Domains &
Monitoring Network Health for Individual Fabric Sites Aggregated view across all SD-Access Fabric Domains &
Monitoring Network Health for Individual Fabric Sites Aggregated view across all SD-Access Fabric Domains &

Aggregated view across all

SD-Access

Fabric Domains & Sites

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

85

Cisco SD-Access Fabric Assurance

Wireless Use Cases

Client Onboarding

Association failures

Authentication failures

IP address failure

Client Exclusion

Excessive on-boarding

time

Excessive authentication

time

Excessive IP addressing time

AAA, DHCP reachability

Client Side Analytics (Apple

Insights) Deep
Insights)
Deep

Client Experience

Throughput analysis

Roaming pattern analysis

Sticky client

Slow roaming

Excessive roaming

RF, Roaming pattern

Dual band clients prefer

2.4GHz

Excessive interference

Broad

Network Coverage

Network Device

Application

& Capacity

Monitoring

Performance

Coverage hole

AP License Utilization

Client Capacity

Radio Utilization

Availability

Crash, AP Join Failure

High Availability

CPU, Memory

Flapping AP, Hung Radio

Power supply failures

Sensor Tests:

Web: HTTP & HTTPS

Email: POP3, IMAP, Outlook Web Access

File Transfer: FTP & TFTP

Application Experience

(Packet Loss, Latency,

Jitter)

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

86

Cisco SD-Access Assurance

Monitoring WLC Connectivity for Enterprise Guest Control Plane

WLC Connectivity for Enterprise Guest Control Plane Fabric WLC to Fabric CP Issue BRKCRS-2814 ©© 20192019
WLC Connectivity for Enterprise Guest Control Plane Fabric WLC to Fabric CP Issue BRKCRS-2814 ©© 20192019

Fabric WLC to Fabric CP Issue

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

87

Cisco SD-Access Assurance

Monitoring WLC Connectivity for Enterprise Guest Control Plane

Issue occurred during this time window Timeline View Detail description and hostnames of WLC and
Issue occurred
during this time
window
Timeline View
Detail description and hostnames
of WLC and control plane node
description and hostnames of WLC and control plane node BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

88

Fabric Assurance

Path Trace Fabric Wireless Client to Wired Client

Path Trace – Fabric Wireless Client to Wired Client BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits
Path Trace – Fabric Wireless Client to Wired Client BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

89

Cisco DNA Assurance

Sensor Everywhere

Test Your Network Anywhere at Any time at Real-world Client Level

Aironet 1800S Active Sensor • 2x2 with 2 spatial streams • Multiple powering options -
Aironet 1800S Active Sensor
• 2x2 with 2 spatial streams
• Multiple powering options
- PoE Power
- USB Type “C” power
- Direct AC Power Plug
• Integrated BLE
• Ultra compact form factor
AP as a Sensor (1800/2800/3800/4800) Purpose-built Hardware for Analytics In-line monitoring to DNA for analytics
AP as a Sensor
(1800/2800/3800/4800)
Purpose-built Hardware for Analytics
In-line monitoring to DNA for analytics
and insights while serving clients
to DNA for analytics and insights while serving clients Onboarding & Configure Tests Global Issue Dynamic
Onboarding & Configure Tests Global Issue Dynamic Sensor SLA Dashboard Services Tests Remotely Creation Test
Onboarding &
Configure Tests
Global Issue
Dynamic Sensor
SLA Dashboard
Services Tests
Remotely
Creation
Test Trigger
Dashboard Services Tests Remotely Creation Test Trigger BRKCRS-2814 ©© 20192019 CiscoCisco and/orand/or itsits

BRKCRS-2814

©© 20192019 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved.

CiscoCisco PublicPublic

90

Wireless Sensors