Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Delivering Intent for Data Center Networking
Joseph Yap
ASEAN DC Switching Sales Lead - Cisco Systems
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What If ?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
The Autonomous Vehicle
Automation
Analyze
Assurance
A P P
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Data Centers Are Undergoing Rapid TransformationDigitization, Cloud, Mobile Creating New Demands of IT
Scale 10Ks VMs, 100s of Apps, distributed apps, 1M+ policies
Complexity Multi-DC, multi-tenant, hybrid, virtualized, heterogeneous
Rate of
ChangeVM mobility, app migration, dynamic scaling, self service portals
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Intent LifecycleAutomation
Intent
Assurance
Configuration Analysis
Analytics
Traffic Analysis
“Lots of Data”
Guarantees
Compliance
Consistency
Policy &
Automation
ADM
Monitoring
Forensics
Tetration AnalyticsNetwork
Assurance Engine
Application Centric
Infrastructure (ACI)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Application Centric Infrastructure (ACI)
Automation and Programmability
Centralized Provisioning and Visibility
Simplification / Abstraction
App
Agility
ACI
Security
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Service Profile
Network Policy
Storage Policy
Compute Policy
SIM Cards and Application Profiles
SIM Card
Identity for a Phone
Service Profile
Identity for Compute
Application Profile
Identity for the Network
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Remote PoD Multi-Pod / Multi-Site Hybrid Cloud Extension
ACI AnywhereAny Workload, Any Location, Any Cloud
ACI Anywhere
IP
WAN
IP
WAN
Remote Location Public CloudOn Premise
Security Everywhere Policy EverywhereAnalytics Everywhere
ACI / N9k - Strong Momentum in the Marketplace
ECOSYSTEM PARTNERS
Nexus 9K
Customers Globally
ACI
Customers
Ecosystem
Partners
13,000+ 65+4,700+
Business
Run Rate
$3B
10
Intent LifecycleAutomation
Intent
Assurance
Configuration Analysis
Analytics
Traffic Analysis
“Lots of Data”
Guarantees
Compliance
Consistency
Policy &
Automation
ADM
Monitoring
Forensics
Tetration AnalyticsNetwork
Assurance Engine
Application Centric
Infrastructure (ACI)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Problem: DC Paradigms Are Fundamentally Reactive
Intent Frequently
Breaks …
Operational Troubleshoot
We Always React …
An Inability to
Assure Intent
Proactively
Leaving Us With …
Security Scramble to fix it
Compliance Fail audits
Change Undo changes
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
...Creating a Major Assurance Gap
VM
Controllers How do I have confidence that I don’t have
errors due to my changes?1
How do I rapidly analyze the network to
identify issues?3
How do I easily understand the state of my
entire infrastructure?2
Intent
Infrastructure
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Intent Assurance
Intent Encompasses Data Center Operations
Configs, Changes, Routing, VMs, Security, … Compliance, Audits
The confidence that the
infrastructure is doing what you
intended it to do
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Comprehensive, Intelligent, Continuous
Based on mathematical models of
the network
Continuously verifies and validates
the entire network
Proactively delivers the confidence
that the network is operating
correctly
Introducing Cisco Network Assurance Engine
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Idea Networks devices fundamentally are
deterministic
Leaf1
Spine
Leaf2
Header Data
0110101Header Data
1000101
FW
We Can Build Comprehensive Mathematical Models of Network Behavior
Core Technology
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Fortunately These Problems Have Been Solved
Chip Design
Functional and Physical
Design Verification, Lint,
Timing Analysis
Software Verification
Semantic Checks, Dynamic
Testing, Memory Profiling
Mars Rover
Mars Rover (B) Still
Operational After 14 yrs
with Formal Verification
Formal Methods Assure Intent
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Cisco Network Assurance Engine: How It Works
Comprehensive
Network Modeling
Mathematically accurate models
spanning underlay, overlay and
virtualization layers
5000+ domain knowledge-based
error scenarios built-in, codified
remediation steps
Data
Collection
Captures all non-packet data:
intent, policy, state across data
center network
Intelligent
Analysis
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Make faster changes
• Minimize human errors
• Accelerate migrations
PREDICT THE IMPACT OF CHANGES
• Ensure connectivity
• Proactively eliminate potential network outages or vulnerabilities
• Enhance SLAs
PROACTIVELY VERIFY NETWORK-WIDE BEHAVIOR
• Reduce security risk
• Continuous compliance
ASSURE NETWORK SECURITY POLICY AND COMPLIANCE
Transformational Use CasesAchieving Higher Operational Maturity, Faster
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
PREDICT THE IMPACT OF CHANGES
Challenge
• Mainframe misconfiguration
in DR site
Potential Impact
• Mainframe cluster inaccessible
in case of fail-over event
Benefit
• Identify latent misconfigurations
before outages happen
• Avoid $$ in lost revenue
PROACTIVELY VERIFY NETWORK-WIDE
BEHAVIOR
Challenge
• Overlapping subnets due to
routes leaked across VRFs
Potential Impact
• Connectivity loss for Skype VoIP
and Video users
Benefit
• Continuous & proactive network-
wide dynamic state analysis
• Save days in downtime
ASSURE NETWORK SECURITY POLICY AND
COMPLIANCE
Challenge
• TCAM utilization hitting capacity,
inefficient security policy
definitions
Potential Impact
• Degraded security posture &
inability to deploy policies
Benefit
• Identified 17K+ redundant policies
• Surfaced opportunity for 20-70%
TCAM optimization
Stories from Customer Trials
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
User Interface: Centred Around “Smart Events”
Change Management Compliance and
Visualisation
Incidence and
Problem Management
Smart Events: What, Where, Why, and How
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
What Makes us Different?
Comprehensive
Capture, analyze and correlate
entire network state: across
security policies, forwarding,
end-points, TCAM utilization,
controller policies
Intelligent
5000+ built-in failure
scenarios, 30+ years of
Cisco Operational
knowledge
Continuous
Runs Continuously
Near real-time: collection,
modeling, analysis
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Cisco Network Assurance Engine
Deployment Model
No sensors
Read only credentials
Time to Value
30 mins to deploy
60 mins to value
Form Factors
Software only OVA
Lightweight: 3 VMs (v2.0)
Available Now 30 Day Free Trial Subscription Licensing
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Early Customers: Impact & Feedback
Customer Fabrics
Analyzed
Critical / Major
Issues Found
Potential Outages
Detected Proactively
40+
1500+
35+
“ The User Interface is
professional and easy to use.”
“The ease of getting started is
pretty fantastic.”
“…quickly pointed out things we
should resolve. …very impressed...”
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CISCO CONNECT 2018 . IT’S ALL YOU
Availa
ble
Now
ACI Data Center
Fabric
Availa
ble
20
18 Cross-platform
Network Integration Firewal
l
Virtual
Machine
Manager
Building a Rich Ecosystem Around Open API
Integration with
Operations Toolchains CWOM
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Constantly Protecting
Constantly Adapting
Constantly Learning
INTENTBasedData
Center
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential