Upload
cisco-data-center-sdn
View
1.723
Download
7
Tags:
Embed Size (px)
Citation preview
Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 1
Catalyst 4500 InnovationsEnables BYODSachin BansalSr. Product Manager, Catalyst 4K/3K/2K
12th June 2012
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Basic Connectivity Unified Access
Device Onboarding and Guest Access
OnePolicy
One Management
OneNetwork
Uncompromised Experience for Any WorkspaceUnified Access
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
GAME/PRINTER THIN/VIRTUALCLIENTS
DESKTOP/NOTEBOOKSTABLETS
SMARTPHONES
ISE
CiscoPrime
Unified Policy
Unified Management
Scalable, Resilient AccessUnmatched Performance for Wired and Wireless
Context-aware Security
WiredWireless Unified Network
Application Optimization
SmartOperations
• Profile devices, identify users
• Develop device, user, location, role & application context
• Apply policy based on context, everywhere
• Segment user or application groups
• Simulate application traffic
• Locate performance problems
• Analyze directly in the network
• Store for trending and capacity planning
• Plug-n-play switches
• Dynamically configure ports
• Automatically diagnose and report faults
• Program event based actions
One Network – Secure Access, Uncompromised User ExperienceUnified Network
CoreNetwork
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
SINGLE BUSINESS POLICYWired, Wireless, and VPN -- Managed & BYOD assets
With MDM integration
CONTEXT-BASED CONTROL Central access to authorize access based on who, what, when, where – with advanced segmentation
USER-SPECIFIC SERVICESSelf-service on-boarding, with lifecycle guest handling
and context-based monitoring
One PolicyIdentity Services Engine
Identityand Policy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
CDPLLDPDHCPMAC
CDPLLDPDHCPMAC
DEVICE CLASSIFICATION
LAPTOP Video Phone
Laptop Policy
[place on VLAN X]
Video Phone Policy
[restricted access]
ISE
POLICY
Collection—Switch collects device related data and sends report to ISE
Classification—ISE classifies device, collects flow information and provides device usage report
Authorization—ISE executes policy based on user and device
The Solution Deployment Scenario with Cisco Device SensorDevice Profiling + Device Sensor
Context Aware Security with Device SensorAutomated Device Profiling
AccessPoint
Profiling for both wired and wireless devices
CoreNetwork
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Traditional Policies using ACLs
Context Aware Policy EnforcementSecurity Group Role Based Access
Security Group Based Policy Table
Resources
D1 (10.156.78.100)
Patient Records
D3 (10.156.54.200)
EmailIntranet
D5(10.156.100.10)
FinanceD6
D4
D2
Permissions
Intranet Portal
Email Server
Financial Servers
Patient Records
Doctor Web IMAP No Access Web File Share
Finance Web IMAP Web No Access
IT Admin Web, SQL, SSHFull
AccessSQL SQL
Policy Matrix
Web File Share
permit tcp S1 D1 eq httpspermit tcp S1 D1 eq 8081deny ip S1 D1…………permit tcp S4 D6 eq httpspermit tcp S4 D6 eq 8081deny ip S4 D6
Time ConsumingManualError Prone
SimpleFlexibleBusiness Relevant
permit tcp dst eq 443permit tcp dst eq 80permit tcp dst eq 445permit tcp dst eq 135deny ip
Doctor - Patient Record ACL
Doctors
Finance
IT Admins
S1 (10.10.24.13)
S2 (10.10.28.12)
S3 (10.10.36.10)
S4 (10.10.135.10)
Individual Users
CoreNetwork
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Built-in Traffic SimulatorVideo Deployment Network Readiness
Traffic simulator built into switch; no extra appliance needed
IT can monitor and test remotely
The SolutionAutomate Network
Readiness
Deployment Scenario—Cisco Catalyst 3K/4K Series Switch
Includes a scheduler to run periodic test over extended durations
SiSi SiSi
SiSi SiSi
Remote ITPrime
Scheduler (Traffic Simulator based on IPSLA)
CoreNetwork
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Mediatrace automatically traces the mediapath
Hop by hop statistics collected to find the problem node; enabled remotely
Allows easy recreation of problems with built-in traffic simulator, yielding time and resource savings
The SolutionAutomate Monitoring and
Troubleshooting
SiSi
SiSi
SiSi
SiSi
IT
?
?
? ?
? ? ?
Prime
Deployment Scenario
MediaTraceDiagnostics, Logs
MediatraceMonitor and Control
CoreNetwork
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Catalyst 4500E CapabilitiesBenefits
ControlWith EEM Integration
Unprecedented Application VisibilityFlexible NetFlow
• Lower CAPEX• Better insight for capacity planning, network upgrade
• Lower OPEX• Better service and user experience• Increased IT staff productivity
IP, PortsTCPFlags
L2 MAC
L2VLAN
UDP Flags
IPv6IP
OptionsMulticast …
Day0 Attacks
Detect Anomaly
Compliance
SLAApp. M&T
Capacity Planning
Mobility, Unified Communications, Network Virtualization
Catalyst 4500E Flexible NetFlow
CampusBranch
Collector Ecosystem
• Unprecedented visibility w/ new L2~7 fields
• Scalable, flexible flow monitors
• On-box Customizable policy action w/ EEM
• Broad collector partner ecosystem
Visibility
CoreNetwork
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Catalyst 4500-E Does Apps “Wireshark”
• Built-in packet sniffer for remote troubleshooting
• Real-time capture and decode on Sup7-E
• Capture and Display Data and Control Packets
• Storage options SD card or USB.
• Various display options
• Lightweight Text version “T-Shark”
FeaturesComponents
Wireshark
Hosted Apps IOSd
Shipping
Common Infrastructure / HA
Management Interface
Module Drivers
Kernel
SIMPLIFIED TROUBLESHOOTING
Switch# show monitor capture file bootflash:nflow.pcap detailedFrame 2: 880 bytes on wire (7040 bits), 880 bytes captured (7040 bits) Arrival Time: Nov 2, 2011 03:21:13.992382490 Universal<..SNIP..> Frame Number: 2 Frame Length: 880 bytes (7040 bits) Capture Length: 880 bytes (7040 bits)<..SNIP..> [Protocols in frame: eth:ip:udp:data]Ethernet II, Src: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f), Dst: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Destination: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Address: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)
CoreNetwork
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Cost Savings: $15,000 (or 230 Hours) per 100 Switches*
ISR or 3K (“Director”), 4K, 6K Roadmap
AccessSwitches
Zero Touch Deployments and Maintenance
New Switch is Connected
Software image downloaded; Configuration automatically applied
Smart Install
New Device Attached
Port Configuration: AppliedQoS Policy: EnforcedSecurity Policy: Enforced
Plug and Play for End Devices
Auto Smart Ports
Anomaly Detected
Proactive diagnosticsAlert created in real-timeWeb-based reportsRouted to correct TAC teamRemediation initiated with EEM
Quickly Identify and Resolve Network Issues
Smart Call Home
CoreNetwork
Smart OperationsAutomate Network Provisioning and Diagnostics
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Catalyst 4500E Leadership
Lead Modular Access PlatformPrice/Performance Distribution
100M+ Ports Sold
700K+ Systems
70% PoE/PoEP Port share
70% Adoption by Top Cisco Customers (GET, Enterprise)
MARKET LEADERSHIP INDUSTRY LEADERSHIP
48G/slot
Flexible Netflow
IOS-XE (3rd Party Apps)
In Service Software Upgrade
EEE/ Cisco UPOE
Strategic Campus Platform
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
“Catalyst 4500” LifeCycleUnprecedented Switching Lifecycle
All Linecards Can Be Reused With Newer Supervisor
Cisco Catalyst 4000 Maintain Support
Cisco Catalyst 4500 (non-E) Maintain Support
EOS EQL
Cisco Catalyst 4500 E-Series
1999 201020072004 2015 2020
11 Years
EOS
14 Years
EQL
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
48G
24G
Data PoE
Catalyst 4500E Campus Portfolio
High Densi
ty
Low Densi
ty
1G 10G
4503-E
4507R+E
4510R+E
4506-E
WS-X4624-SFP-EWS-X4748-UPOE+E
Supervisor Engine 7-E
Optimized for Large Campus848Gbps Switching Capacity4 x SFP+/SFP uplinks384 10/100/1000 Ports100 10G SFP+
WS-X4748-RJ45-E
WS-X4612-SFP-E WS-X4606-X2-EWS-X4648-RJ45V+EWS-X4648-RJ45-E
Supervisor Engine 7L-E
Optimized for Small/Mid Size Campus520Gbps Switching Capacity2 x 10G SFP+/SFP uplink 240 10/100/1000 Ports62 10G SFP+
PWR-C45-1300ACV PWR-C45-2800ACV PWR-C45-6000ACVPWR-C45-4200ACV PWR-C45-9000ACV
2HCY12
• UPOE 60W, IEEE 802.3az• 30W/port on all 48 ports
• 30W/port on 24 ports
WS-X4712-SFP+E
• SFP+/SFP
Fiber LinecardsCopper Linecards
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
In-Service Software Upgrade (ISSU)Software Upgrades—w/o Service Interruption
• Comprehensive, non-intrusive softwareupgrade solution
• Transparent to end users — no loss ofuser sessions
• Upgrades can be scheduled at anytime— even during business hours!
Seamless
Lin
e
Ca
rd
Lin
e
Ca
rd
Lin
e
Ca
rd
Redundant Supervisors
STA
ND
BY
AC
TIV
E
STA
ND
BY
AC
TIV
E
“Instead of having to prepare for two weeks for a planned outage, software updates with the Cisco Catalyst 4500 ISSU features in the new emergency department are absolutely transparent. We no longer have any downtime at all.”
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Leadership in Power Over EthernetA Historical Perspective
2000 2003 2007 2009 2011
Industry Standard:
IEEE 802.3af (15W PoE)
Industry Standard:IEEE 802.3at (30W
PoE+)
7WInline Power
15W (PoE)
30W(PoE+)
60W(UPOE)
All specifications subject to change without notice
Cisco Innovations Drive Industry Standards
Thank you.