27
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

© 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

  • Upload
    others

  • View
    11

  • Download
    0

Embed Size (px)

Citation preview

Page 1: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Page 2: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Delivering Intent for Data Center Networking

Joseph Yap

ASEAN DC Switching Sales Lead - Cisco Systems

Page 3: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

What If ?

Page 4: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

The Autonomous Vehicle

Automation

Analyze

Assurance

A P P

Page 5: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Data Centers Are Undergoing Rapid TransformationDigitization, Cloud, Mobile Creating New Demands of IT

Scale 10Ks VMs, 100s of Apps, distributed apps, 1M+ policies

Complexity Multi-DC, multi-tenant, hybrid, virtualized, heterogeneous

Rate of

ChangeVM mobility, app migration, dynamic scaling, self service portals

Page 6: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Intent LifecycleAutomation

Intent

Assurance

Configuration Analysis

Analytics

Traffic Analysis

“Lots of Data”

Guarantees

Compliance

Consistency

Policy &

Automation

ADM

Monitoring

Forensics

Tetration AnalyticsNetwork

Assurance Engine

Application Centric

Infrastructure (ACI)

Page 7: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Application Centric Infrastructure (ACI)

Automation and Programmability

Centralized Provisioning and Visibility

Simplification / Abstraction

App

Agility

ACI

Security

Page 8: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Service Profile

Network Policy

Storage Policy

Compute Policy

SIM Cards and Application Profiles

SIM Card

Identity for a Phone

Service Profile

Identity for Compute

Application Profile

Identity for the Network

Page 9: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Remote PoD Multi-Pod / Multi-Site Hybrid Cloud Extension

ACI AnywhereAny Workload, Any Location, Any Cloud

ACI Anywhere

IP

WAN

IP

WAN

Remote Location Public CloudOn Premise

Security Everywhere Policy EverywhereAnalytics Everywhere

Page 10: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

ACI / N9k - Strong Momentum in the Marketplace

ECOSYSTEM PARTNERS

Nexus 9K

Customers Globally

ACI

Customers

Ecosystem

Partners

13,000+ 65+4,700+

Business

Run Rate

$3B

10

Page 11: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

Intent LifecycleAutomation

Intent

Assurance

Configuration Analysis

Analytics

Traffic Analysis

“Lots of Data”

Guarantees

Compliance

Consistency

Policy &

Automation

ADM

Monitoring

Forensics

Tetration AnalyticsNetwork

Assurance Engine

Application Centric

Infrastructure (ACI)

Page 12: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Problem: DC Paradigms Are Fundamentally Reactive

Intent Frequently

Breaks …

Operational Troubleshoot

We Always React …

An Inability to

Assure Intent

Proactively

Leaving Us With …

Security Scramble to fix it

Compliance Fail audits

Change Undo changes

Page 13: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

...Creating a Major Assurance Gap

VM

Controllers How do I have confidence that I don’t have

errors due to my changes?1

How do I rapidly analyze the network to

identify issues?3

How do I easily understand the state of my

entire infrastructure?2

Intent

Infrastructure

Page 14: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Intent Assurance

Intent Encompasses Data Center Operations

Configs, Changes, Routing, VMs, Security, … Compliance, Audits

The confidence that the

infrastructure is doing what you

intended it to do

Page 15: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Comprehensive, Intelligent, Continuous

Based on mathematical models of

the network

Continuously verifies and validates

the entire network

Proactively delivers the confidence

that the network is operating

correctly

Introducing Cisco Network Assurance Engine

Page 16: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Idea Networks devices fundamentally are

deterministic

Leaf1

Spine

Leaf2

Header Data

0110101Header Data

1000101

FW

We Can Build Comprehensive Mathematical Models of Network Behavior

Core Technology

Page 17: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Fortunately These Problems Have Been Solved

Chip Design

Functional and Physical

Design Verification, Lint,

Timing Analysis

Software Verification

Semantic Checks, Dynamic

Testing, Memory Profiling

Mars Rover

Mars Rover (B) Still

Operational After 14 yrs

with Formal Verification

Formal Methods Assure Intent

Page 18: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Cisco Network Assurance Engine: How It Works

Comprehensive

Network Modeling

Mathematically accurate models

spanning underlay, overlay and

virtualization layers

5000+ domain knowledge-based

error scenarios built-in, codified

remediation steps

Data

Collection

Captures all non-packet data:

intent, policy, state across data

center network

Intelligent

Analysis

Page 19: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

• Make faster changes

• Minimize human errors

• Accelerate migrations

PREDICT THE IMPACT OF CHANGES

• Ensure connectivity

• Proactively eliminate potential network outages or vulnerabilities

• Enhance SLAs

PROACTIVELY VERIFY NETWORK-WIDE BEHAVIOR

• Reduce security risk

• Continuous compliance

ASSURE NETWORK SECURITY POLICY AND COMPLIANCE

Transformational Use CasesAchieving Higher Operational Maturity, Faster

Page 20: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

PREDICT THE IMPACT OF CHANGES

Challenge

• Mainframe misconfiguration

in DR site

Potential Impact

• Mainframe cluster inaccessible

in case of fail-over event

Benefit

• Identify latent misconfigurations

before outages happen

• Avoid $$ in lost revenue

PROACTIVELY VERIFY NETWORK-WIDE

BEHAVIOR

Challenge

• Overlapping subnets due to

routes leaked across VRFs

Potential Impact

• Connectivity loss for Skype VoIP

and Video users

Benefit

• Continuous & proactive network-

wide dynamic state analysis

• Save days in downtime

ASSURE NETWORK SECURITY POLICY AND

COMPLIANCE

Challenge

• TCAM utilization hitting capacity,

inefficient security policy

definitions

Potential Impact

• Degraded security posture &

inability to deploy policies

Benefit

• Identified 17K+ redundant policies

• Surfaced opportunity for 20-70%

TCAM optimization

Stories from Customer Trials

Page 21: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

User Interface: Centred Around “Smart Events”

Change Management Compliance and

Visualisation

Incidence and

Problem Management

Smart Events: What, Where, Why, and How

Page 22: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

What Makes us Different?

Comprehensive

Capture, analyze and correlate

entire network state: across

security policies, forwarding,

end-points, TCAM utilization,

controller policies

Intelligent

5000+ built-in failure

scenarios, 30+ years of

Cisco Operational

knowledge

Continuous

Runs Continuously

Near real-time: collection,

modeling, analysis

Page 23: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Cisco Network Assurance Engine

Deployment Model

No sensors

Read only credentials

Time to Value

30 mins to deploy

60 mins to value

Form Factors

Software only OVA

Lightweight: 3 VMs (v2.0)

Available Now 30 Day Free Trial Subscription Licensing

Page 24: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Early Customers: Impact & Feedback

Customer Fabrics

Analyzed

Critical / Major

Issues Found

Potential Outages

Detected Proactively

40+

1500+

35+

“ The User Interface is

professional and easy to use.”

“The ease of getting started is

pretty fantastic.”

“…quickly pointed out things we

should resolve. …very impressed...”

Page 25: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

CISCO CONNECT 2018 . IT’S ALL YOU

Availa

ble

Now

ACI Data Center

Fabric

Availa

ble

20

18 Cross-platform

Network Integration Firewal

l

Virtual

Machine

Manager

Building a Rich Ecosystem Around Open API

Integration with

Operations Toolchains CWOM

Page 26: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Constantly Protecting

Constantly Adapting

Constantly Learning

INTENTBasedData

Center

Page 27: © 2017 Cisco and/or its affiliates. All rights reserved ... · © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What If ?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential