Cisco DNA Data Center

BRKSDN-3005
DNA Center
Network Automation easy,
fast, reliable for everyone
Markus Harbeck – Consulting Systems Engineer
CCIE #8087
CCDE #20130015
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#BRKSDN-3005
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Warm Up
• What is DNA Center
• Get Started
• Apps in Action
• Summary and Conclusion
Short Hint:
My English might be bad but

although sexy
“Source: Henning Bornemann -Thank you for Deutsche Bahn”
Transforming from CLI to automation let you focus on
“what really matters”
Mobility in the past Mobility with cars
Autonomous driving
Horse drawn today
Source: www. pinterest.de Source: www.zeit.de
Source: www.welt.de
Note Who had / has control?
BRKSDN-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Who is Markus Harbeck ???
Personal:
 Location: Eschborn, Germany (near Frankfurt) but lives in Bavaria
 Other Interests: My family, 2 kids, Horse back riding, motor cycling
My Background:
 CLI Junkie since 1996 for all Routing and Switching
 Joined CISCO October 2010
 Before; 12 years, operations, engineering, application engineering
at Lufthansa Systems
 Drives DNA Center, Automation and Analytics in EMEAR and loops
in the development team and Business Unit
Current Projects:
 DNA Center
 Analytics, Assurance
 Network Transformation
Copyright by Hanna
 Network Automation
 SDA, ITSM
My Kids view on DNA Center and

Network Design
Copyright by Saskia
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
For Your
Reference
How to get the PDF and Video ?
PDF and all Demo Videos here:

https://cisco.box.com/v/BRKSDN3005
Or PDF:
http://www.ciscolive.com/online
Note: The PDF contains all detailed Slides

from the Demo’s for your reference !!!
Why Video Demo’s
 Risk of broken Internet Connectivity
 Risk of LAB Failure
 Videos are available after the session

 FOR YOU !
Note: I produced all demo’s myself !
Source: http://www.mysweety.eu
Session expectations
Technical Level
High Level
Low Level t
Session progress
That is not a TCP Session!
We will work from the “INTENT”, which is high level down to the “HOW”
which is low level!
Note: TCP Slow Start is part of the congestion control algorithms put in
place by TCP to help control the amount of data flowing through to a
network. Source: https://www.keycdn.com/support/tcp-slow-start/
Warm Up:
Introduction to Cisco SDN
and
DNA Center
SDN – Still Don’t kNow – Stanford Defined Networking
• The Promise of OF/SDN had been “Decoupling Policy from Configuration”
“An open solution for customized flow “A platform for “With SDN I can develop solutions to my problems far faster –
forwarding control in the Data-Center” “at software speeds”. I don’t have to work with my network
developing new control planes” vendor or go through length standardization”
“A way to reduce the

CAPEX of my network “A way to avoid lock-in to a
and leverage commodity single networking vendor” “A means to do traffic engineering without
switches” MPLS”
“An open solution for VM mobility in “A solution to build a very large scale layer-2
the Data-Center” network”
“A means to scale my fixed/mobile gateways “A way to build my own security/encryption

and solution, avoiding RSA”
optimize their placement” “A way to define virtual networks with specific
“A solution to build virtual topologies with topologies for my multi-tenant Data-Center”
optimum multicast forwarding behavior”
“A way to scale my firewalls
“A way to configure my entire network as and loadbalancers”
“A way to distribute policy/intent, e.g. for DDoS
prevention, in the network” a whole rather than individual devices”
“A solution to get a global view of the
“A way to optimize link utilization in my network, through
new multi-path algorithms” network – topology and state”
Physical
forwarding control in the Data-Center” developing new control planes”
Managing the Whitebox routing
“at software speeds”. I don’t have to work with my network
vendor or go through length standardization”
separation of the
“A way to reduce and switching
CAPEX of my network
control andcommodity network through
“A way to avoid lock-in to a
single networking vendor”
and leverage “A means to do traffic engineering without
data plane switches” abstractions MPLS”
ve
“A means to scale my fixed/mobile gateways
Packet and
Running
“A way to build my own security/encryption
solution, avoiding RSA”
“A way to define virtual networks with specific
forwarding
optimize their placement” on
networks in agile
x86 compute
You can’t just buy SDN. DEV-OPS model
It’s an aarchitecture
prevention, in the network” whole rather than individual which
devices” you
have to embrace and“Alife
new multi-path algorithms”
solution to get a global view of the
network – topology and state”
Physical
forwarding control in the Data-Center” developing new control planes”
Managing the Whitebox routing
“at software speeds”. I don’t have to work with my network
vendor or go through length standardization”
separation of the
“A way to reduce and switching
CAPEX of my network
control andcommodity network through
“A way to avoid lock-in to a
single networking vendor”
and leverage “A means to do traffic engineering without
data plane switches” abstractions MPLS”
ve
“A means to scale my fixed/mobile gateways
Packet and
Running
“A way to build my own security/encryption
solution, avoiding RSA”
“A way to define virtual networks with specific
forwarding
optimize their placement” on
networks in agile
x86 compute
You can’t just buy SDN. DEV-OPS model
It’s an aarchitecture
prevention, in the network” whole rather than individual which
devices” you
have to embrace and“Alife
new multi-path algorithms”
solution to get a global view of the
network – topology and state”
Cisco SDN Domain specific Controller‘s
Data Center Enterprise
REST API REST API
Application Centric Infrastructure (ACI) DNA
APIC
APIC DNA Center

(for Data Center) (formerly APIC-EM)
(Nexus 9000) (Catalyst, ISR, ASR, WLAN,
Nexus 7k, NfV)
The Journey from APIC-EM to DNA Center
 Building SDN foundation

Since 2015
 PnP, Easy QoS, CAA, IV
0.9  1.6
APIC-EM New Name

1.x  2.x DNA Center
 Based on APIC-EM 2.x

 Design, Policy, Provision &
DNA Center 1.0 since Assurance
August 2017
 Application Policy, Security
(1.1.2 today)
Contracts, Troubleshooting Policies
 Feature Parity by March 2018 – 1.2
APIC-EM proofed the value of Policy and SDN Automation – DNA Center now closes the gaps
APIC-EM & DNA Center started the journey
Intent (Automation) Context (Assurance & Analytics)
Infrastructure Secure Policy Based Analytics Intent-based

Readiness Foundation Automation and Assurance Network
Open and Rapid threat detection Simplify, scale network End-to-end view of the Constantly learning,
Programmable and mitigation deployment for Cloud, network with full context adapting, protecting
Mobile, IoT through data and
insights
What is network about?
Source: google.de images
Security
Cloud
Video
IOT
Voice Mobility
Data
Source: google.de images
In the past... Today... What really matters !!!

DNA Center View
DNA Software Capabilities
Cloud Service Management

Automation
& Assurance
Automation Analytics
Security &
Virtualization Compliance
Insights &
DNA-Ready Physical and Virtual infrastructure
Actions
Security
DNA-Center Focus Areas
Network and security
LEARNING Automation services automation aligned
with the IT Process
Proactive and predictive insights

Analytics to assure service experience
INTENT CONTEXT DNA-C API standardization and

as a monetization for app dev and
programmability
Platform
Cross Automation and Analytics

Integration with offers from Edge
Domain to Cloud including Security
SECURITY
DNA-C Cloud and hybrid deployment
of DNA-C to address different
Cloud markets
Before and after – was that all?
1990s Today
hq>enable
hq# config terminal
hq(config)# interface fastethernet 1/1
hq(config-if)# ip address Catalyst>enable Catalyst(config)# router eigrp Test1
1.1.1.1 255.255.255.0 Catalyst# config terminal Catalyst(config)# interface
hq(config-if)# no shutdown Catalyst(config)# interface Te 1/1
hq(config-if)# exit Gigabitethernet 1/1/1 Catalyst(config-if)# ip router
hq(config)# router eigrp Catalyst(config-if)# no switchport eigrp Test1
hq(config-router)# network 1.1.1.0 Catalyst(config-if)# ip address Catalyst(config-if)# no shutdown
hq(config-router)# exit 1.1.1.1 255.255.255.0 Catalyst(config-if)# end
hq(config)# exit Catalyst(config-if)# no shutdown Catalyst# copy run start
hq# copy run start Catalyst(config-if)# exit
28 Years!
Top 5 advantages
DNA Center supports Brownfield
Day 0 and Day N Supported (PnP, and Day 2 Day)
Simplification through abstraction
Open – REST API Northbound, SDK (Beta) Southbound
Combines Automation and Assurance or in other words:

INTENT and CONTEXT
What is DNA Center ?
Do you know this?
There is no time to repair Return to

the fence... PROACTIVE
...because we always network
have to catch the chicken!
operations
Source: google.de images (unknown)
The challenges for the Network Operations! 1.x
 Simplification
 Network can not be the bottleneck
 Roll out 100s of devices in minutes

Copyright by Saskia
 Change configurations quick and reliable
 Reduce complexity and keep the configuration consistent
 Know the real impact of an Incident
 Know the Root Cause
 Know the state of the network and your policies  predictability!
DNA Center - Platform Architecture
DNA Center INTENT: Design – Provision – Policy – Assurance DNA Center
Applications PNP Template Topology Device 360 Client 360 Applications
DNA Center Controller

Northbound REST APIs
Discovery, Design & Analytics,

Topology
DNA Center Inventory Provision Assurance
DNA Center
Services Services
Template Policy, Image Path Trace,
Repository
Telemetry
Manager Context
South Bound CLI SNMP

Netconf* SDK*
Abstraction (SSH, Telnet) v2c, v3
Addresses
Scale Out
Maglev Elastic Service Infrastructure
and HA
Requirements
*Roadmap
Note: Services and Apps listed are an extract BRKSDN-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
DNA Center - open and extensible
Extensions Integrations Enablement

Extension points across Integration with Enablement for
automation and analytics complementary platforms developer community
APIs Cisco assets

ACI Meraki Tetration
SDK
DNAC as a
Connectors Industry integrations Platform
Firehose
Controller in Action !
Controller creates and enforces Policies:

The “WHAT”  Intent
The horse takes care of:

The “HOW”
Transforming from CLI to automation let

you focus on “what really matters”
Source: http://www.mysweety.eu
Abstraction
Do You
know Tic
Tac Toe?
O X O
Think O X O
outside
X O X The Box
X BRKSDN-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Get Started
DNA Center components
DNA Center
Policy Design
Provision Assurance
Automation
Cisco® Identity Services Engine
Assurance
DNA Center Appliance
The Network (Brownfield)
Switch Router Wireless LAN Access

Controller Point
DNA Center – 5 step installation
Config Wizard:
Enter IP Change NTP and Finalize

Boot
address Credentials Service Net Installation
Enter DNA Shell and UI Enter NTP IP Finalize
Center IP Username and and Service / installation and
(Subnet / Def GW / PWD and Cluster IP bring up
Static Routes)
optional Proxy Subnet controller
Note: Single Wizard for DNA Center BRKSDN-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
How to use DNA Center
Foundation / Basement
1. Discover
2. Inventory & Role assignment  Analytics
3. SWIM (Software & Image Management)
4. Network Profile & Template
Operations / day to day tasks

5. Design
6. Provision
7. Policy
8. Assurance
Demo Time !
DNA Center Overview
Download Demo Video here:

DNA Center
Some Useful hints !!!
Ensure connectivity
 Network connectivity
 NTP server connectivity – must be reachable
 To modify basic server settings use “sudo maglev-config update” to change
the configuration. – Be careful using this command on production device.
 If you have multiple Ethernet Interface – set one with a default gateway and the
others with static routes
 Do NOT change anything using Linux Shell!
Note: Be careful with config wizard syntax especially for the sub netmask
Note2: All Parameters will be validated – e.g. DNS Server reachability
Special Settings information
Description Example
Services Subnet Used internally of DNA Center 10.60.0.0/21,

DNA Center use in The minimum size of the subnets is /21 bits; the 10.60.8.0/21
managing its own recommended size is /20 bits to /16 bits. There is no default.
services Note: Must not conflict or overlap with any other subnets in
use in the enterprise network
Cluster Services Used internally of DNA Center 10.100.0.0/16
Subnet
DNA Center to use in The default is 10.100.0.0/16
managing its clustering Note: Must not conflict or overlap with any other subnets in
services. use in the enterprise network
NTP, DNS , Def GW etc Will be validated during installation – therefore need to be
reachable!
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-1/install/b_dnac_install_1_1_0P1/b_dnac_install_1_1_0P1_chapter_00.html
Root Cause Analysis
 SSH into DNA Center
ssh -l maglev –p2222 <dnac-ip>
 Collects important:
 log files
 configuration files
 output of various commands
 Creates a compressed tar ball containing the
above information which can be sent to
developers for further debugging and analysis
  Can be sent to support team!
<…snip…>
Note: Please use Port 2222 for SSH and SCP
Note that happens all the time
Server in the past Transformed server
Source: www.novell.com Source: www.

guidebookgallery.org
Brief excurse into the REST API and
programmability
API: VERBS + NOUNS + Syntax
GET JSON Syntax:

/host
{
"policyOwner": "Admin",
POST /link "networkUser":
{"userIdentifiers":["40.0.0.15"],
/network-device "applications":[{"raw": "12340;UDP"}]
PUT
}
}
/interface Header: Content-Type: Application/JSON
DELETE
https://<dnacenter-ip>/api/v1/network-device GET/POST
Demo Time !
REST API

Apps in Action
Network Plug and Play (PnP) – Components
PnP Agent PnP Protocol DNA Center (pnpserver)
 Embedded in IOS / AirOS Runs between Service in DNA Center
 Requests for IP and DNA Center Address Agent and DNA Manages sites, devices,
 Authenticates Center images, licenses, workflow
 Creates a PnP Profile Provides Northbound REST
 Opens on http APIs
 Operates on https / tcp !
 Secure and reliable
Routers Switches Wireless

(ISR, ASR) (Catalyst®) Access Points
PnP – Discovery Options
DHCP DHCP with options 60 and 43

1 Server PnP string: 5A1D;B2;K4;I172.19.45.222;J80
Wireless Access Points DNS DNS lookup

2 Server pnpserver.localdomain ---- 172.19.45.222 (PnP Server)
Cloud re-direction
Routers (ISR, ASR)
3 https://devicehelper.cisco.com/device-helper re-directs to 172.19.45.22
(PnP Server)
4 USB-based bootstrapping
Switches (Catalyst®)
Manual - using the Cisco® Installer App
5 iPhone, iPad, Android
Others
X
Any other manual or automated discovery method – Scripting, AN, EEM, NAP, etc.
Software and Image Management
(SWIM)
1 2 3
Intent based Network Upgrades Upgrade Pre/Post Checks Patching Support
Intent based network upgrades Pre and post checks allows Patches are supported in
allows for image standardization, network admins more DNAC from intent to pre-
much desired by all network control and visibility over post checks in same way we
admins. network upgrades manage regular images
SMU: Software Maintenance

Upgrade
Demo Time !
LAN Automation with PnP

Demo Time !
Software and Image

Management

Our dog “Bessi” at break
Transforming from CLI to automation let
you focus on “what really mattes”
Exhausted ?
You need a break ?
We still have cool things to see!
And yes she sleeps only ! And
transforms in her dreams 
Demo Time !
Design - Intent

Demo Time !
Provision Intent

Demo Time !
”Policy Protected”
Template Programmer

What can a policy be? (an extract there are many more)
Authentication & Authorization

Access 802.1x, static assignment – which group
Allow or decline access
DB
Who can access what?
Access Control Rules for x-group access
✓ Permit/deny group to group
Mirror Traffic (ERSPAN)

Traffic Copy Employee
Configures ERSPAN for specific endpoint and traffic
Finance Servers
1
Edge Switch (source and destination SGT)
Quality of Experience Assign Application QoS relevance

Categorize applications (Relevant – Irrelevant – Default)
(Application)
Apply QoS config network wide
Demo Time !
Policy Intent

Solicit Application Business-Relevance
Relevant Default Irrelevant

• These applications directly • These applications may/may not • These applications are known
supports business objectives support business objectives and do not directly support any
business objectives; this class
• Applications should be classified • E.g. HTTP/HTTPS
includes all personal/consumer
and marked according to RFC • Alternatively, administrator may not applications
4594-based rules
know the application (or how its
• Applications in this class should
being used in the org)
be marked CS1 and provisioned
• Applications in this class should be with a “less-than-best-effort”
marked DF and provisioned with a service , per (RFC 3662)
default best-effort service (RFC
2474)
CVD: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Dec2017/APIC-EM-EasyQoS-DesignGuide-Dec2017.html
Or short link: http://cs.co/apicem14easyqos
Applications can interact with DNA Center via
Application Policy Northbound APIs, informing the network of application-
specific and dynamic QoS requirements
REST API
Network Operators express high-level
business-intent to DNA Center
Application Policy Southbound APIs translate
business-intent to platform-
specific configurations
CUCM
WAN
Service
Application
Network services DC
APs Office site
Local WLCs
Access Switch Core Switch

AP PEP 4500: 1P7Q1T WLC WAN 6500: 1P3Q4T Nexus 7700
4Q (WMM) 3650: 2P6Q3T PEP MQC 1P7Q4T F3: 1P7Q1T
2960X: 1P3Q3T 2P6Q4T
What Do We Do Under-the-Hood?
Apply RFC 4594-based Marking / Queuing / Dropping Treatments
Application Per-Hop Queuing & Application
Class Behavior Dropping Examples
VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)
Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV
Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Business
Relevant Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE
Signaling CS3 BW Queue SCCP, SIP, H.323
Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Default Best Effort DF Default Queue + RED Default Class

Business Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, Bit Torrent, Xbox Live
Irrelevant
Demo Time !
Application Policy (QoS)

How will it work in my Network?
REST API
CUCM
WAN
Service
Application
Network services DC
APs Office site Local WLCs
Note: Provisioning End-to-End DSCP-Based Queuing BRKSDN-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Do you know or recognize your Network ?
1.x
Did you ever asked yourself:

Can I switch OFF one of my
Core switches at NO risk?
…the view from my

Copyright by Saskia 4 year old daughter !
DNA Center Assurance
Automation
Design Provision Policy Assurance
• Global settings • Fabric domains • Virtual networks • Issues and trends

• Site profiles • Device on-boarding • ISE, AAA, Radius • Performance
• DDI, SWIM, PNP • Device inventory • Access control • Proactive
• User access • Host on-boarding • Application control troubleshooting
Planning, installation and migration

Proactive and predictive network, client and application assurance
One License for Intent and Context! Either Essentials or Advantage
Assurance Affects Join/Roam
Affects Quality/Throughput
Client firmware Affects Both*

WAN Uplink usage End-User services
Client density AP coverage Configuration
WLC Capacity WAN QoS, Routing, ... Authentication

RF Noise/Interf.
Addressing
CUCM
ISE
WAN
DHCP
APs
Office site What is the problem?
Network services DC
Cisco Prime™
There are 100+
Mobile clients
Local WLCs
points of failure
Where is the problem?* Both = Join/roam and quality/throughput
between user
and app
How can I fix the problem fast? 62
BRKSDN-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
360
Cisco Context
Time 360-degree Visibility

Users Network
Devices Applications
Data Granularity
Location Historical, Real-time, Future
Context = know that your Policy works
Demo Time !
Assurance

Summary
&
Conclusion
The answer for network Operations!
1.x
 Simplification because of abstraction
Copyright by Hanna
 The network becomes agile and predictable
 Easy Roll Out and RMA in Minutes
 Changes and configurations predictable, policy protected
 Complexity reduction because of abstraction and policies
 Integration of Assurance and Analytics

 Know that your policy works, get guidance
 Know the Impact and the Root Cause
How we get to an SDN “controlled network…!"
Do you remember? Business Intelligent
1.x 1.x
Copyright by Saskia Copyright by Hanna
Transforming …!
My Call to action !
You can start totally RISK free !!!

Monitoring / Analytics LAB and Pilot for
automation
 Use DNA Center just for Analytics &  Use DNA Center in the LAB to see
Assurance (Read Only) automation in action
 Have a quick win information in the  Build a small pilot
first 30 Minutes
 Pick and identify your use case
 Get up to date visibility PnP, SWIM…
 Proof value of DNA Center
Session close to the end…
Technical Level
High Level
Low Level t
Have a drink on me !
Session progress
After the long journey
BUT PLS
ONE MORE SLIDE!!!!
Note: that happens all the time – now you make it happen !!!
Traditional networking DNA Center
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#BRKSDN-3005
• Please complete your Online Complete Your Online
Session Evaluations after each
session
Session Evaluation
• Complete 4 Session Evaluations
& the Overall Conference
Evaluation (available from
Thursday) to receive your Cisco
Live T-shirt
• All surveys can be completed via
the Cisco Live Mobile App or the
Communication Stations
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
www.ciscolive.com/global/on-demand-library/.
Thank you !
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you
APPENDIX
Taking pictures?
Manual, no automation, high risk,
Expensive, complex
High Skill level needed
A lot of fun !
Automated, lower risk
Average Skill needed for 1st / 2nd Level
Still a lot fun ! And space for more!

Cisco Rewriting the Networking Playbook
Historicaly Digital-Ready Network
Hardware Centric Software Driven
Manual (eg CLI) Automated
Silo’ed Security Integrated Security
Network Monitoring Analytics and Insights
You Need a Network that Drives your Digital Business

Independent App
APIC-EM into DNA Center Embedded Capability
APIC-EM 1.6
Inventory Discovery Topology Easy QoS IWAN App
Command Integrity
Path-trace Plug and Play SD Bonjour
Runner Verification
DNA Center Nov 2017 Jan 2018 Mar 2018

Plug and Play
Inventory Discovery Topology App
IWAN App
Command Integrity
Path-trace Easy QoS
Runner Verification SD Bonjour
1.0 1.1 1.1.1 1.2
System Monitoring
System Status
and Monitoring
Service Status
Service Status
App and System Management
Downloading Update
Update ready to install
Available Update
Note:
Updates come from the cloud http://www.ciscoconnectdna.com/
Proxy configuration available
Logging Level
 Default Log Level is Info
 To change the Logging level

 From Main Menu  System
Settings 
Settings Logging Levels
 Select the appropriate service
and
Debug Logging Level
 Set the timeout for logging level
to 15 / 30 / 60 minutes or forever
DNAC 1.1 Platform: Scale and Hardware specification
• Centralized deployment, cloud tethered

• 1 RU Small form factor
• 2 x 10Gbps Data links
• Built in Network Telemetry collection (FNF,
Scale: Single Node SNMP, Syslog)
• Built in Contextual connectors (ISE/PxGrid,
IPAM, Location)
5,000 -> 4K Aps + 1K Network Devices*
• HA (3 Node, Automation),
25,000 -> Clients/Hosts*
• RBAC, Backup/Restore, Scheduler, APIs
• 64-bit x86 Processors

• Solid State Disks in RAID10
• Hardware MRAID Controller
*Scale will increase in the next releases • Dual PSU
Single Appliance for DNAC (Automation + Assurance)

DNA Center Authentication via REST API
APIC-EM DNAC
Authenticat POST JSON Basic Auth

ion request Body
Response ["response"] ["Token"]
["serviceTicket"]
Roles:
DNA Center Tools
DNA Center Work Flow
 Site Hierarchy  Virtual Networks

 Network Settings and  Contracts & SGT
Credentials  Microsegmentation
 IP address mgmt  Application Policy (QoS)
 SWIM  Traffic Copy Policies
 Wireless
 Network Profiles
ISE
 Base Provisioning  Overall, Network, Client &

 SDA Provisioning Application Health
 Image Patch & Upgrade  Analytics Device and Client
 Profile Provisioning 360
(Templates)  Troubleshooting
 Issues and Trends
© 2018Root Cause
Cisco and/or Analysis
its affiliates. All rights reserved. Cisco Public
PnP Connect: End to End Workflow (With PnP App)
Cisco Supply Chain Device SN# Device SN#
PnP Connect
Cloud based device discovery
Device SN SN per SA available

DNA-C< downloads
added into in PnP Connect
SN from PnP Connect
Customer SA Device SN#
DNA-C registers
it’s identity w/
PnP Connect
Config to SN
CCW Order
Config to SN
Deploy Image & Configuration
DNA
Center Templates Config to SN
Device provisioned
Customer Smart
upon discovery
Account added as Corporate HQ
part of ordering Installer Templates
Admin mapped to device
SN
PnP Connect: End to End Workflow (With Profiles)
Cisco Supply Chain Device SN# Device SN#
PnP Connect
Cloud based device discovery
Device SN SN per SA available

DNA-C downloads SN
added into in PnP Connect
from PnP Connect
Customer SA Device SN#
DNA-C registers
it’s identity w/
PnP Connect
Config to SN
CCW Order
Config to SN
Deploy Image & Configuration
DNA Config to SN
Center Proffile
Device provisioned
Customer Smart
upon discovery
Account added as Corporate HQ
part of ordering Installer Profile mapped to Site
Admin &
SN mapped to Site
Use Case#2: Customized Network Settings Update
Use Case:
• Deploy customized configuration to
devices in the network
Core Capabilities:
• Will ensure policy CLI cannot be
programmed
• Auto-complete gnome parser
• Provisioning: Form Viewer
• Mapped to profile to be deployed to the
network
TECSDN-3600 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Customized Network Settings Update
Create the Template
Use Case #3: Wireless Deployment Made Simple
Automation
o Discover WLC
o Create Site(s) with Buildings and Floors
o Design Wireless Profiles
o Provision WLC and AP
o Connect wireless client
Use Case #4: Managing Software Lifecycle
Use Case:
• Ensure Consistency of Software

for all network devices (by
platform type)
• React to PSIRT and bugs fast
• Deploy software with confidence
Benefits:
• Golden Image based workflows

drive software consistency
• Pre/Post check ensures that
software updates do not have
adverse effects on the network
• Patching provides small updates
to react quickly to security fixes
Design
 Set up sites, buildings and floor areas to mimic your network
Site Setup topology.
 Import floor maps and place access points.
 Standardize DNS, DHCP, servers across sites.

 Standardize device credentials.
Global Settings  Manage IP address pools effectively.
 Override global settings with site-specific settings.
 Standardize configurations for network devices and sites.

Network Profiles  Create once and use multiple times.
 Tag images and their corresponding patches as “golden”.

Software Image and  Do automatic compliancy checks against the golden images.
Patch Management  Update software images and patches on network devices.
 Perform pre- and postchecks for image deployment.
Provision
 When approved, associate the profiles to sites.

Network Profiles  Deploy the profiles.
 Create fabric domains across your network.

 Associate the devices to sites.
Fabric Domain  Add the SDA-capable devices to the fabric domain and assign
roles.
 Onboard routers, switches, and access points using PnP.

Plug and Play  Claim the devices that have been discovered with PnP and
associate them to the respective sites.
DNA Center Wireless Configuration Workflow
WLC Mapped to AP Mapped to Wireless

Create SSID Map Profile to
Sites Site (Floor) Profile
Site
Map sites that APs inherits the SSIDs and RF SSIDs and RF Devices ready to
WLC will manage properties of the Profile Parameters that Parameters that deploy
associated to site represent wireless represent wireless
network network
Policy
 Offers option to import groups from ISE (or AD groups)
Scalable Groups  Offers option to create groups through static mapping
 Enables SGT ID on SDA-enabled devices
 A “default” virtual network is created automatically

Virtual Networks  Offers option to add or remove new virtual networks
 Enables VN ID on SDA-enabled devices
 Groups provide native SGT-based segmentation.

Manag grups and VN  Intra-VN policies are set to Default Permit or Deny
Policies  VNs provide native VRF network segmentation.
 Inter-VN policies are mapped to firewall instances.
Assurance
Global maps to depict the state of the network
Network Visualization Health scores to color-code the areas needing attention
Ability to drill down to a particular site, building, or floor
 Health scores to gauge the criticality of the network

Health Scores  Health scores for clients, network devices, and applications
 Detailed 360 views for routers, switches, WLC, APs

 Automatic troubleshooting scripts run to pinpoint key concerns
360 views  Assurance-enhanced path trace to provide relevant path
analytics and statistics across nodes in the path
Overall Health
• Quick drill down to a site or

Toggle between Geo, List or
Topology View
• Where in the world and on

which site most serious
issues are happening
• Overall health summary

of network and clients
• Top 10 Global Insights

Network Client Health
• Client Health Summary • Network Health Summary

• Onboarding, RF and Client Profile info • Control, Data, Policy Plane and Health info
360 view Users and Devices
• Single location for all user

information and every user device
• History of performance for each
user device
• Proactive identification of any
issues affecting user’s experience
• Single location for all user device

related user information
• Connectivity graph with
health score of all device on
the path
• Application performance
• Device KPIs
Time Travel
• History shows critical events • Rewind time to when the issue

• Identifies when issues occurred! occurred
• All the information on the user
or network device 360 changes
to the selected time!
Path Trace
• Run pathtrace from source to

destination to quickly get key
performance statistics for
each device along the
network path
• Identify ACLs that may be

Blocking or affecting the
traffic flow
Insights with Guided Remediation Actions
• Detailed drill downs to identify the

impact quickly
• Guided Actions to help remediate

issues quickly BRKSDN-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Apple Insights
1 2 3
Device Profile Wi-Fi Analytics Assurance
Client shares these details Client shares these details Client shares these details
1. Model e.g. iPhone 7 1. BSSID Error code for why did it
2. OS Details e.g. iOS 2. RSSI previously disconnected
11 3. Channel #
Support per device-group Insights into the clients Provide clarity into the
Policies and Analytics view of the network reliability of connectivity Disassociation
Reason
Dis-associated
from AP
Session
Duration
Time Location – Building
Flr
DHCP Failure AP1 23min 10sec 23:30:15 – Dec-2-2018 SJC24 / 1F
Device internal AP1 10min 10sec 23:30:15 – Dec-2-2018 SJC24 / 1F

state reset
Captive Portal AP2 52sec 23:30:15 – Dec-2-2018 SJC24 / 2F

failure
Captive Portal AP2 2min 10sec 23:30:15 – Dec-2-2018 SJC24 / 2F

failure
Miscellaneous AP2 30min 10sec 23:30:15 – Dec-2-2018 SJC24 / 1F

Reasons
Proactive Insights - Senor
Create sensor test schedule and • Sensor tests raise issues/insights

define the applications and test to run • Detailed results shown at the floor level
Execute Path Trace
Daphine said she was not able to
use a printer with her PC
Let’s run a Path Trace to the

printer specific IP address and
port to understand where is the
problem
Check Path Trace
Path Trace reports an ACL

Denying traffic to the Printer
DNA+ITSM enable faster remediation
ITSM Ecosystem Integration The result?
• Actionable insights
Visibility into points of
failure in network • Agility for changing needs of the network
Client Metrics
Health Scores
Network Data
Proactive incident and

change management DNA ITSM Tool
Scheduling
CMDB
Correlation
Integrated IT value chain Association
across operations, services
and support Most relevant issue routed to create an ITSM
incident or change request with enriched data
Transforming network operations through actionable insights and simplicity

DNA v1.1 Essentials and Advantage (Automation)
Wireless Switching Routing

• Fabric Enabled Wireless • SD-Access • SD-WAN integration
• Sensors – Lifecycle Mgmt • Access Policy
• Virtual Network
Advantage
• SD Bonjour • SWIM: Patching Support
• EasyQoS (NBAR Based)
• Centralized and Flex • Automated Underlay • Router underlay design and

• Zero Touch WLC and AP • Non-fabric – Profile based provisioning
provisioning customizable • ENFV
• Guest with ISE
Essentials • Inventory • Integrity Verification • Neighbor topology

• Discovery • Software Update • EasyQoS (DSCP Based)
• Topology • Network Settings Update
• Search • Policy Protected CLI Template
DNA v1.1 Essentials and Advantage (Assurance)
Wireless Switching Routing

• Apple device insights • SD-Access Assurance • TBD pending SD-WAN
• Sensors • Control plane integration
• Heat maps • Data plane
• Policy plane
Advantage
• Trends • App 360
• Global issues (across multiple devices) • App performance in client/device 360s (Jitter,
• Situational dashboard loss, latency – collected from a Router)
• Client 360 • Floor Maps • Switch 360 • Router 360

• WLC 360 • Non-fabric insights • Router underlay insights
• AP 360 • ENFV • ENFV
Essentials • Landing page • 360 pages • App visibility

• Drill-down geo maps • Health score • KPIs
• Topology • Time series • Context info
• Network health • Issues (device level) • Reports
• Client health • Neighbor topology
• Search • Path Trace
DNA Assurance supports both SDA and Non-SDA
Non-SDA SDA
• Traditional WLAN, LAN, • Adds fabric assurance

and WAN (non fabric) (control-plane troubleshooting)
• Client wired and wireless service • Fabric overlay
assurance • Fabric policy monitoring
• Sensors for wireless and troubleshooting
• Application experience
• WAN nonfabric (non-SD-WAN)
• ENFV and WAAS
DNA Center in dCloud http://dcloud.cisco.com
DNA Center on DevNet http://developer.cisco.com
https://learninglabs.cisco.com/tracks/programming-dna
https://developer.cisco.com/docs/sda/#sd-access-integrations
Some References
DNA Center – BRKSDN-3005
CL Session PDF and Demo Video Download http://cs.co/BRKSDN3005
DNA Center Demo Video’s incl. Audio http://cs.co/apicemvideo
DNA Center on Facebook https://www.facebook.com/groups/apicem/

http://gblogs.cisco.com/de/category/DNA
German Blog
Center/
DevNet and Download https://developer.cisco.com/site/DNA Center/
DNA Center on YouTube http://cs.co/video-apicem

Cisco DNA Data Center

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Cisco DNA Data Center

Caricato da

Copyright:

Formati disponibili

BRKSDN-3005

Markus Harbeck – Consulting Systems Engineer

My English might be bad but

Source: www. pinterest.de Source: www.zeit.de

Note Who had / has control?

My Kids view on DNA Center and

PDF and all Demo Videos here:

Note: The PDF contains all detailed Slides

 Risk of LAB Failure

 Videos are available after the session

That is not a TCP Session!

“A way to reduce the

“A means to scale my fixed/mobile gateways “A way to build my own security/encryption

Application Centric Infrastructure (ACI) DNA

APIC DNA Center

 Building SDN foundation

APIC-EM New Name

 Based on APIC-EM 2.x

Infrastructure Secure Policy Based Analytics Intent-based

Source: google.de images

In the past... Today... What really matters !!!

Cloud Service Management

Proactive and predictive insights

INTENT CONTEXT DNA-C API standardization and

Cross Automation and Analytics

DNA Center supports Brownfield

Day 0 and Day N Supported (PnP, and Day 2 Day)

Simplification through abstraction

Open – REST API Northbound, SDK (Beta) Southbound

Combines Automation and Assurance or in other words:

There is no time to repair Return to

Source: google.de images (unknown)

 Network can not be the bottleneck

 Roll out 100s of devices in minutes

 Reduce complexity and keep the configuration consistent

 Know the real impact of an Incident

 Know the Root Cause

 Know the state of the network and your policies  predictability!

DNA Center Controller

Discovery, Design & Analytics,

South Bound CLI SNMP

Extensions Integrations Enablement

APIs Cisco assets

Controller creates and enforces Policies:

The horse takes care of:

Transforming from CLI to automation let

The Network (Brownfield)

Switch Router Wireless LAN Access

Enter IP Change NTP and Finalize

Operations / day to day tasks

DNA Center Overview

Download Demo Video here:

Note2: All Parameters will be validated – e.g. DNS Server reachability

Services Subnet Used internally of DNA Center 10.60.0.0/21,

ssh -l maglev –p2222 <dnac-ip>

Server in the past Transformed server

Source: www.novell.com Source: www.

GET JSON Syntax:

Download Demo Video here:

Routers Switches Wireless

DHCP DHCP with options 60 and 43

Wireless Access Points DNS DNS lookup

Intent based Network Upgrades Upgrade Pre/Post Checks Patching Support

SMU: Software Maintenance