architectural approach innovations clle-2014
DESCRIPTION
TRANSCRIPT
Local Edition
Architectural Approach –Innovations across Wired, Wireless, and WAN
Joel A. Cochran, CCIE# 5448
Product Manager, Market Strategy
Enterprise Networking Group
© 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco PublicLocal Edition
Agenda
• Introduction
• Industry Trends
• Unified Access Architecture
• Technology Enablers
• Summary
2
© 2014 Cisco and/or its affiliates. All rights reserved. 3
Before we begin…Discussion Time
• What challenges are you facing today?
• How many devices do you see on your network?
- What is growth rate of these devices?
• Do you have visibility of applications running on your network?
- If so, which application is most common in your network?
• What percentage of your network traffic is video?
• How much time are you spending troubleshooting?
• What’s the impact if your network goes down?
…In the end, it is not about features but how the solution will help overcome your challenges
© 2014 Cisco and/or its affiliates. All rights reserved. 4
Deliver an Uncompromised User Experience
on Any Workspace
I T R e q u i r e m e n t
Evolving User Workspace
Mobility• Seamless roaming• Optimal client performance• Cloud access/VXI
Video• Multicast streaming• Video conferencing• Reliable performance
BYOD• Secure access• Customized experience• Guest access
© 2014 Cisco and/or its affiliates. All rights reserved. 5
Wireless Standards – Past, Present, and Future
Early 2000 2002 2004 2006 2008 2010 2012 2014 2016
CL
IEN
TS
/ B
AN
DW
IDT
HMedia Rich ApplicationsPervasive Mission CriticalNice to Have
10Gbps
11Mbps
802.11n450 Mbps
802.11a, 802.11b11 Mbps
802.11g54 Mbps
802.11ac-11 Gbps
802.11ac-23.5 Gbps
Future
© 2014 Cisco and/or its affiliates. All rights reserved. 6
Unified Access
Unified Access
LAN/WLAN
LAN/WLAN
LAN/WLAN
BYOD, Unified Policy & Network
Management
Location,Application
Prioritization, High
Availability
802.3 Gigabit
Ethernet
802.11b Autonomous
Access Points
802.310 Gigabit
Ethernet and 13 Watt PoE
802.11abg, Controller-
Coordinated Access Points
802.325 Watt PoE and Energy
Efficient Ethernet
802.11abgn, Advanced RF Management
802.3100 Gigabit
Ethernet
Internet of Things,
Software-Defined Networks
1X Network Devices Than People
2X Network Devices Than People
5.0 GHz 2.4 GHz
802.340 Gigabit Ethernet
Gigabit Wi-Fi, Controller
as a Function
20151997 2012
Unified Access: IT Trends
© 2014 Cisco and/or its affiliates. All rights reserved. 7
IT Top of Mind
Is Your Network Ready?
Can I offer secure, mission critical wired/wireless access services?
2
Am I investing in an architecture future-proofed for scale?
3
1 How do I manage complexity toreduce costs?
© 2014 Cisco and/or its affiliates. All rights reserved. 8
Cisco Vision of Enterprise Network
The Intelligent Platform for a Connected World
Connecting People
Connecting Clouds
Connecting Things
Simple
Secure
LowerTCOSimple
Secure
LowerTCO
© 2014 Cisco and/or its affiliates. All rights reserved. 9
Traditional Overlay Network with Mgmt Applications
• Traditional deployment
Centralized WLC
Multiple mgmt apps
• Wireless traffic CAPWAP tunneledto WLC
Wireless ControlSystem
Access ControlServer
LAN MgmtSolution
Identity Mgmt
NACProfiler
GuestServer
InternalResources
Cisco Firewall
Cisco Access Point
Catalyst Switch
Corporate Network Internet
Cisco Wireless
LAN Controller
© 2014 Cisco and/or its affiliates. All rights reserved. 10
One Policy and One Management
• ISE and Cisco Prime simplify the management
Wireless ControlSystem
Access ControlServer
LAN MgmtSolution
Identity Mgmt
NACProfiler
GuestServer
InternalResources
Cisco Firewall
Cisco Access Point
Catalyst Switch
Corporate Network Internet
One ManagementPrime
One PolicyISE
Cisco Wireless
LAN Controller
© 2014 Cisco and/or its affiliates. All rights reserved. 11
One Network Converged Wired / Wireless • Wired and Wireless
data traffic converge at the access.
• AP mgmt traffic separated fromdata traffic
• WLC - distributed,or centralized
• Enables scaling wireless devicesand bandwidth
Wireless ControlSystem
Access ControlServer
LAN MgmtSolution
Identity Mgmt
NACProfiler
GuestServer
InternalResources
Cisco Firewall
Cisco Access Point
Catalyst Switch
Corporate Network Internet
One ManagementPrime
One PolicyISE
Cisco WirelessLAN Controller
Converged Access Mode• Integrated wireless
controller
• Distributed wired/wireless data plane (CAPWAP termination on switch)
One Network
© 2014 Cisco and/or its affiliates. All rights reserved. 12
Cisco Unified Access PortfolioRobust Converged Wired and Wireless Solution
Cisco Unified Access
Controllers and Access Switches
Access Points
Identity Services Engine (ISE)
Prime Infrastructure
One Policy
1600
Small-Mid Enterprise
2600
Feature-OptimizedEnterprise
3600
Mid-LargeEnterprise
3700 W/ HDX
High-DensityEnterprise
1530
LowProfile
1550
Larger Deployments
8500, 5760, 5508
WirelessControllers
Backbone Switches
Catalyst 4500
Converged Access Switches
Catalyst3650
Catalyst3850
One Network
MDM/MAM SIEM
Catalyst 6800Catalyst 6500Catalyst 2960-X
AccessSwitch
One Management
© 2014 Cisco and/or its affiliates. All rights reserved. 13
End-User Devices
Access Infrastructure
Management and Troubleshooting
IT Focus
Policy Enforcement
LAN Wireless Security
Wired Policies Wireless Policies Guest / VPN Policies
LAN Mgmt. Wireless Mgmt. Identity Mgmt.
Access SwitchAccess Switch Wireless Controller
Access Point
Wireless Controller
Access Point
Wired Devices Laptops Mobile Phones Tablets BYOD Growth
Before Unified Access
Access Point Access Point
Application Mgmt.
© 2014 Cisco and/or its affiliates. All rights reserved. 14
One Unified Access Security
Access Point
End-User Devices
Access Infrastructure
Management and Troubleshooting
IT Focus
Policy Enforcement
LAN Wireless
LAN Mgmt. Wireless Mgmt. Identity Mgmt.
Access SwitchAccess Switch Wireless Controller
Access Point
Wireless Controller
Wired Devices Laptops Mobile Phones Tablets BYOD Growth
With Cisco Unified Access
One Policy
Prime Infrastructure
One Management
Catalyst 3850One Network
IT Focus to Business InnovationsIT Focus on Business Innovation
Wired Policies Wireless Policies Guest / VPN PoliciesCisco ISE
Access PointAccess Point
Access Point
Application Mgmt.
IT
End-User
Simplified BYOD
Lower TCO
New Innovative Services
New Connected Experiences
Increased Productivity
© 2014 Cisco and/or its affiliates. All rights reserved. 15
What Technologies are critical in the network
• High Availability – because the network is mission critical
• Network Visibility and Control – Because one can’t control what one can’t see
• Scale / Performance – Always need for more speed and scalability
• Management – Need to do more with less resources. Work Smarter
• Security – Provide secured access any where, any place, any time
© 2014 Cisco and/or its affiliates. All rights reserved. 16
What Technologies are Critical in The Network
• High Availability – because the network is mission criticalHow to build a resilient network in the wired and wireless network
• Network Visibility and Control – Because one can’t control what one can’t see
• Scale / Performance – Always need for more speed and scalability
• Management – Need to do more with less resources. Work Smarter
• Security – Provide secured access any where, any place, any time
© 2014 Cisco and/or its affiliates. All rights reserved. 17
Access Points (AP)
• RF design to ensure single AP failure does not create WiFi hotspots
Resilient Infrastructure Design
Access Switching
•No architectural resiliency in this layer – ensure system level HA (SSO)
•Spread AP across stack-members/line-cards to avoid WiFi hotspots
•ISSU for hitless software upgrades
Backbone Switching
•VSS for Multi Chassis Etherchannel (MEC)
•Intra-Chassis: SSO, Multicast HA, EFSU
•Resiliency Protocols: Fast-UDLD, BFD, NSF, VRRP, HSRP, MPLS-HA
WLAN Controller
•AP and Client SSO for sub-second recovery
•No client re-authentication & on-boarding required
© 2014 Cisco and/or its affiliates. All rights reserved. 18
Cisco Confidential
Wireless Controller High Availability
Sub-Second Recovery of WLAN
WLAN Sub Second Recovery/Convergence
Client Application Session Maintained
1:1 SSO—AP Stateful
Switchover
L3 Network AP State Sync
N:1 Redundancy
L3 NetworkAP Failover
HA Controller
Primary Controller’s
AP SYNC
Primary Controller
HA Controller
(Release 7.5 ) 1:1 SSO—AP and *Client* Stateful
Switchover State Sync Over Any L2 Network
L3 Network
AP SYNC
AP and Client State Sync
Primary Controller
HA Controller
L2 Network
Client State SYNC
• Needs only 1 set of AP Licenses
• Fastest recovery time in the industry
• Seamless Recovery through
– Share security keys (PMK)
– Share RF information
© 2014 Cisco and/or its affiliates. All rights reserved. 19
Catalyst 3850/3650: Fixed Access High Availability
• Improved Stack Bandwidth:
•480 Gbps with spatial reuse (160Gbps on 3650)• Stateful Switch Over (SSO):
• Faster Convergence (vs 3750-X)
• Active-Standby model
• Central synch on Active Switch for Wired/Wireless• Tunnel SSO ensures AP & MA-MC
connectivity during failover
• Dual power supply with Power Resiliency
HA “pool of power” available to all stack members • Provides “Zero-footprint” RPS
Power supply redundancy without an RPS• Intelligent power shedding
Turn off low priority PoE devices in the event of apower supply failure
Stackwise-480 StackPower (Only on 3850)
Cisco Confidential Sub-Second Recovery of LAN
© 2014 Cisco and/or its affiliates. All rights reserved. 20
In Service Software Upgrade (ISSU)• Comprehensive, non-intrusive software upgrade
• Transparent to end users — no loss of user sessions
• Upgrades at anytime — even during business hours!
• Image Roll-Back < 200ms
Cisco ConfidentialSub-Second Recovery of LAN with In Service Software Upgrade (ISSU)
Redundant Power
Supplies
“Transparent” line card design
Dual Supervisors with SSO & NSF
Power Circuit Redundancy
Pwr Rail 1 Pwr Rail 2
X
Redundant Fans
Unique redundant uplinksAll uplinks (active & standby Sup.)
active, even when a Sup. fails
Lin
e C
ard
Lin
e C
ard
Lin
e C
ard
AC
TIV
E
STA
ND
BY
Redundant Supervisors
Sub Second ISSU
AC
TIV
E
Catalyst 4500E: Modular Access High Availability
© 2014 Cisco and/or its affiliates. All rights reserved. 21
Backbone Switching High Availability
Only onCatalyst 6500 and 6807-XL
Catalyst 6500 & 6807-XLCatalyst 6880
Catalyst 4500E/X
VSS
LACP or PagP LACP
MonitoringServer
Access Switch orToR or Blades
10GE
SSO Sync
VSS Quad-Sup SSODeterministic and Automated recovery
- Maximize throughput even after failure
- HA for single and dual attached devices
- Together with EFSU offers industry leading HA in campus backbone
100%
50%
Avai
labl
e Ba
ndw
idth
Time
200ms
Sup Failure
VSS Simplified Network Design
- Spanning tree and FHRP Eliminated
- Maximize b/w utilization with MEC
- Single touch-point manageability
- VSS with EFSU guarantees 50% b/w during s/w upgrades
Avai
labl
e Ba
ndw
idth
100%
50%
Time
Sup Failure
Maximize LAN B/W Utilization with Sub-Second Recovery
© 2014 Cisco and/or its affiliates. All rights reserved. 22
What Technologies are Critical in The Network
• High Availability – because the network is mission critical
• Network Visibility and Control – Because one can’t control what one can’t see• Application Visibility & Control
• Flexible Netflow on wired
• Nbar 2 on wireless
• Bonjour Services
• Scale / Performance – Always need for more speed and scalability
• Management – Need to do more with less resources. Work Smarter
• Security – Provide secured access any where, any place, any time
© 2014 Cisco and/or its affiliates. All rights reserved. 23
When Users Complain About Application Problem
Wireless Network Issue
Increased Latency
WAN Network Issue
Application Problem
Server Problem
User Problem
Your network is so slow I cannot
get any work done today
I do not see anything wrong
End Users
Network Admin
What users see What network admins see What can happen
ping – OKshow ip route - OKtraceroute - OKshow interface - OK
© 2014 Cisco and/or its affiliates. All rights reserved. 24
How Can My Network Infrastructure Help Me?Granularly identify the applications
Understand the user experience
Understand the network condition and capacity
Deliver consistent performance to critical applications
Maximize use of available resources
Control unwanted traffic
© 2014 Cisco and/or its affiliates. All rights reserved. 25
What do we want to monitor?
Traffic Statistics
• Application Usage per client IP/subnet/site
• Top clients per application
Application Response Time
• Per-application end-to-end latency
• Application response time & transaction time
• Application processing time
• Top conversation per application
Media Performance
• Per-stream jitter and packet loss
• RTP conversations
URL Visibility
• Most visited web-site
• Per-URL application response time
© 2014 Cisco and/or its affiliates. All rights reserved. 26
High
Med
Low
Reporting Tools
NFv9/IPFIX
Application Visibility and Control
Advanced reporting tool aggregates and reports application
performance
App Visibility & User Experience Report
Management Tool
Perf. Collection & Exporting
Collect application performance
metrics, and export to management tool
Identify applications using L3 to L7 information
ApplicationRecognition
Control application network usage to
improve application performance
Control
App BWTransaction
Time…
SAP 3M 150 ms …
Sharepoint 10M 500 ms …
What is needed
© 2014 Cisco and/or its affiliates. All rights reserved. 27
High
Med
Low
Reporting Tools
NFv9/IPFIX
Application Visibility and Control
Advanced reporting tool aggregates and reports application
performance
App Visibility & User Experience Report
Management Tool
Perf. Collection & Exporting
ApplicationRecognition Control
App BWTransaction
Time…
SAP 3M 150 ms …
Sharepoint 10M 500 ms …
Cisco Prime Infrastructure
Unified MonitoringTraffic StatisticsResponse Time
Voice/Video MonitoringURL Collection
NBAR2Metadata
QoS (w/ NBAR2)PfR
Enabled Technologies
© 2014 Cisco and/or its affiliates. All rights reserved. 28
AVC (NBAR2) Across Cisco Portfolio
Branch Headend Campus
IOS 15.2(2)T1 IOS XE RLS 3.4S
ISR G2 ASR 1000 Cisco Wireless Controllers
7.4
Catalyst 65xx Series NAM Blade (NAM3)
NAM 2300 Series Appliance
Cisco Prime NAM for ISR G2 SRE
NAM Product Portfolio
© 2014 Cisco and/or its affiliates. All rights reserved. 29
Control withEEM Integration
Visibility
CapabilitiesBenefits
Flexible NetFlow - Unprecedented Application Visibility
Lower CAPEX• Better insight for capacity planning, network upgrade
Lower OPEX• Better service and user experience• Increased IT staff productivity
IP, PortsTCP
FlagsL2
MACL2
VLANUDP Flags
IPv6IP
OptionsMulticast …
Day0 Attacks
Detect Anomaly
Compliance
SLA
App. M&T
Capacity Planning
Mobility, Unified Communications, Network Virtualization
Flexible NetFlow
CampusBranch
Collector Ecosystem
• Unprecedented visibility w/ new L2~7 fields
• Scalable, flexible flow monitors
• On-box Customizable policy action w/ EEM
• Broad collector partner ecosystem
Available across Catalyst 6K/4K/3K, Wireless & Routing Portfolio
© 2014 Cisco and/or its affiliates. All rights reserved. 30
New Flexible NetFlow Solution
Non-Cisco Catalyst 4500E/3850
$50
$12
76%
Per Port Cost of Collector Application Solution with LeadingNetFlow Collectors
© 2014 Cisco and/or its affiliates. All rights reserved. 31
Bonjour Protocol
What is it?Bonjour is a discovery protocol used by Apple devices
• Relies on multicast DNS (mDNS, RFC 6762)
• Apple devices use 224.0.0.251 (IPv6 FF02::FB) to announce or discover services
CAPWAP Tunnel
Apple TVVLAN X
AP WLC L2 Switch
Anyone doing Airprint?
224.0.0.251
I do Airplay
224.0.0.251
VLAN X
© 2014 Cisco and/or its affiliates. All rights reserved. 32
Bonjour Protocol
So what are we really trying to solve?• 224.0.0.251 (IPv6 FF02::FB) is multicast…
• And cannot be routed (belongs to the ‘non-routable’ part of multicast,as per RFC 5771 defining multicast addresses)
– No cross-subnet discovery
CAPWAP Tunnel
Apple TVVLAN X
AP WLC L3 Switch
VLAN Y
© 2014 Cisco and/or its affiliates. All rights reserved. 33
In 8.0 you can create groups: users (roles and identity), devices, services
And then you decide how these groups interact
Bonjour Service ControlOrganize by using policies
Policy Components
Location Device Type
Student
Teacher
Admin
John
User-Role Identity
Bonjour Devices
WLC
© 2014 Cisco and/or its affiliates. All rights reserved. 34
Teacher Student
Location
Device Type
User-Role
Classroom
iPad
StudentTeacher
Bonjour Service Control
Policy Example
© 2014 Cisco and/or its affiliates. All rights reserved. 35
Open Discussion on Bonjour
• Are you using the Bonjour protocol?
• What are your typical deployments?
• What challenges do you see?
• How do you manage Bonjour advertisements on the wired?
• What would like to see from Cisco?
© 2014 Cisco and/or its affiliates. All rights reserved. 36
What Technologies are critical in the network
• High Availability – because the network is mission critical
• Network Visibility and Control – Because one can’t control what one can’t see
• Scale / Performance – Always need for more speed and scalabilityWireless driving higher scale requirements in your infrastructure
• Management – Need to do more with less resources. Work Smarter
• Security – Provide secured access any where, any place, any time
© 2014 Cisco and/or its affiliates. All rights reserved. 37
• >50% of enterprise traffic will originate on Wi-Fi by 2017
• 50% of all new Wi-Fi devices in 2014 will be 802.11ac capable (ABI Research)
• Wave 1 802.11ac has 5+ years of affectivity for Smartphones and Tablets
• Wave 1 802.11ac improves battery efficiency by 2X for Smartphones, Tablets, and Laptops
2007200319991997 20152013
802.11 802.11n802.11b 802.11a/g802.11acWave 1
802.11acWave 2
Std
Max
Pro
duct
M
ax
Typi
cal
Minimum
1 SpatialStream
3Spatial
Streams
8Spatial
Streams
2 G
iga
bit
E
the
rnet
Up
lin
ks
211
54
24
65
600
450
300
6900**
1300*
870*
290* 290*
6900**
3500**
2340**
**Assuming 160 MHz Is Available and Suitable
Gig
ab
it
Eth
ern
et U
pli
nk
1730** 2 SpatialStream
4Spatial
Streams
4SS Desktops
3SS Desktops / Laptops
2SS Laptops / Tablets
1 SS Tablets / Smartphones
*Assuming 80 MHz Is Available and Suitable
Gigabit Wi-Fi as Primary ConnectivityGigabit Ethernet as fallback
© 2014 Cisco and/or its affiliates. All rights reserved. 38
Cisco Aironet 3700 Access Point Series
Best-in-Class 802.11ac
with Integrated 802.11ac (4x4:3SS)
• Industry’s first 4x4 MIMO:3 SS 802.11ac AP
• 3X performance of 802.11n 5Ghz Wi-Fi • Higher performance at a greater distance
• RF Excellence enabled in hardware
• High Density Experience Technology • Higher Client density, scale and performance
• Future proofed design• Modular Architecture = investment protection• Security, 3G Small Cell or Wave 2 802.11ac
module options
*Assuming 160 MHz is available and suitable
© 2014 Cisco and/or its affiliates. All rights reserved. 39
Cisco AP Design
DRAM(512Mb)
CPU(800 MHz)
384 MHz CPU
Radio – 2.4GHz
4x4 Antennas for Reliability
On-Radio Cache for Speed
Competitor’s AP Design
DRAM(512Mb)
CPU(800 MHz)
Radio – 2.4GHz
Radio – 5GHz
3x3 Antennas
Cisco: Custom Radio Firmware with additional memory results in total capacity of 90,000 packets per second (because of Host CPU
and Radio CPU working together)
DRAM (128Mb)
512 MHz CPU
DRAM (128Mb)
Radio – 5GHz
© 2014 Cisco and/or its affiliates. All rights reserved. 40
Cisco Aironet 2700 Access Point Series
Enterprise Class 802.11ac
• Industry’s first 3x4 MIMO:3 SS 802.11ac AP
• 3X performance of 802.11n 5Ghz Wi-Fi • Higher performance at a greater distance
• RF Excellence enabled in hardware
• High Density Experience Technology • Higher Client density, scale and performance
• 2 Gig Gigabit Ethernet Uplink ports
*Assuming 160 MHz is available and suitable
© 2014 Cisco and/or its affiliates. All rights reserved. 41
802.11ac ready interference detection
PREDICTABLITY PERFORMANCE
Beam forming for 802.11a/g/n/ac
UNMATCHED SCALE
Optimized for high density performance
High Density Experiences = Solve for BYOD at Scale
CLEAN AIR CLIENT LINK
TURBO BOOST
n
n
AP
ac
ac
n
ac
High Density Experiences
© 2014 Cisco and/or its affiliates. All rights reserved. 42
Cisco Aironet 700W Access Point SeriesWall Mount, Dual Radio with 4 (four) integrated GbE ports
• Enterprise class RF performance, integrated antennas, Dual Radio 2x2:2
• 4x GbE local ports with 1x PoE out• Sleek design in a small form factor • Purpose-built bracket for ease of mounting
to numerous wall-box standards• Physical security enhancements: Torx
screw or Kensington lock• Designed for in-room Wi-Fi coverage –
Hospitality, Education, Multi-dwelling units
Near Future: Basic wired port management
© 2014 Cisco and/or its affiliates. All rights reserved. 43
Tomorrow Starts Here on the 3850 and 4500EUni f ied Access Data Plane (UADP) ASIC
F i r s t A S I C f o r W i r e d a n d W i r e l e s s Tr a f f i c P r o c e s s i n g
C i s c o O N E ( O p e n N e t w o r k E n v i r o n m e n t ) R e a d y
P r o g r a m m a b l e f o r f a s t f e a t u r e r o l l o u t
© 2014 Cisco and/or its affiliates. All rights reserved. 44
Tomorrow Starts Here on the 3850 and 4500EIOS-XE
D e c o u p l e s I O S c o m p o n e n t s f o r i n c r e a s e d e f f i c i e n c y
M o d u l a r a n d o p t i m i z e d f o r m u l t i -c o r e C P U s
D e s i g n e d t o h o s t 3 r d p a r t y a p p l i c a t i o n s l i k e W i r e s h a r k
S D N r e a d y
© 2014 Cisco and/or its affiliates. All rights reserved. 45
• Traditional Controllers can continue to terminate APs centrally and be used as MC for Converged Access switches
• Catalyst 3650/3850 can play the role of both MA and MC• Valid for Branch and small-medium campus type
deployments
• Distributing only the CAPWAP termination (MA) to the Catalyst 3850/3650 helps with:• Improved Scalability – larger mobility domains • Increased wireless bandwidth• Uniform wired/wireless policy enforcement
AP Capwap Tunnels Mobility Tunnels
ISE Prime
Access Points
Catalyst 3850/3650
Catalyst 3750
5760, 5508, WISM2 with SW upgrade to 7.5
MA
MC
Capwap Termination
Better Scale and Bandwidth with Converged Access Separation of MA and MC
© 2014 Cisco and/or its affiliates. All rights reserved. 46
Tbps
Gbps
Wireless Scalability with Converged AccessSmall Campus or Branch (192
users)
Total Wireless Bandwidth (Gbps)
Number of Switches: 4
UA 3850
46Employee Guest
Total Wireless Bandwidth (Tbps)
Campus (3840 users)
Number of Switches: 80
Future Proof ing your Network for 802 .11ac and beyond
Max scale without 5760 WLC: 250 APs,16k clientsMax scale with 5760 WLC: 72k APs, 864k clients
© 2014 Cisco and/or its affiliates. All rights reserved. 47
802.11ac Wave2 & Key Switch Requirements
Standard Compliant 10G Copper for >1G, Needs Cat6a minimum for 100m
POE+Cisco Innovation over 10GT Standard to support POE+
Maintain Switch to AP Length Reach100m of reach
Infrastructure Investment Protections Support Cat 5e cabling
Catalyst 3850Catalyst 4500E
Architected to see you through this transitionInvestment Protection: No Rip & Replace
Cisco-on-Cisco: No Infrastructure Upgrade
© 2014 Cisco and/or its affiliates. All rights reserved. 48
Catalyst Switches Built with Scale
Access Aggregation Core
Feature Catalyst
3850
Catalyst 4500E
(SUP8E)
Catalyst 6880
Catalyst 6807
Line Card Slots /
Boxes per stack
9 members / stack
8 Slots 4 Slots 5 Slots
Number of Ports (GE)
432 (GE) 384 (GE) 80 (10GE)240(GE) / 84 (10GE)
Switching Bandwidth
480G Stack + 56G
System928G 400G 400G
Slot Bandwidth
56G / per switch
48G 80G880G
Capable
IPv4 Routes
24K 256K 2M 1M
ACL Entries
3K 128K 256K 64K
Buffer 12MB 32 MB 72MB / port256MB /
port
Key Trends Requirements Catalyst Switching Scale
Mobility (802.11ac)
• Line-rate access• High density 10G in backbone
• 40G Wireless Bandwidth • 96 x 10G Ports
BYOD• ACL Scale to set policies per
user/device/location• VLAN/Route scalability
• 256K ACL Entries supported • 4K VLANs
User Experience
• High Bandwidth for application support
• Per port QoS Support
• 480G Stack Bandwidth• 8 Queues per port in HW
Collaboration• Multicast replication rate• Deep packet buffering to absorb
bursty traffic
• 1M Multicast Routes • 256MB of Packet Buffer
Infrastructure consolidation
(BMS)
• Access port scalability• Virtualization scale
• 432 GE Access Ports• 4K VRFs / VLANs
Security• High ACL Scale to set policies per
user• MACSec support in Hardware
• 256K ACL Entries• Line Rate MACSec in
Hardware
Application Visibility &
Control
• Netflow Support and ability to do Deep Packet Inspection
• QoS Support
• Flexible Netflow in HW, 1M flows support
Manageability • CPU Scale to support features like
PnP • Quad CPU Support
Catalyst 3K Catalyst 4500E Catalyst 6880 Catalyst 6807
© 2014 Cisco and/or its affiliates. All rights reserved. 49
What Technologies are critical in the network
• High Availability – because the network is mission critical
• Network Visibility and Control – Because one can’t control what one can’t see
• Scale / Performance – Always need for more speed and scalability
• Ease of Use/Management – Need to do more with less resources. Work Smarter– Speeding Up Installations & Configuration
– Troubleshooting
– Simplified management across wired, wireless, and VPNs
– SDN / Openflow
• Security – Provide secured access any where, any place, any time
© 2014 Cisco and/or its affiliates. All rights reserved. 50
Director – Catalyst 6K, 4K, or 3K
Access Switches
Smart Operations - Increase Productivity, Lower TCO
Sleep Sleep Sleep
Zero Touch Deployments and Maintenance
New Switch Connected• Software image
downloaded;• Wired + Wireless
Configuration automatically applied
• On-going Image Update and Configuration Back-up
Smart Install
New Device Attached• Port Configuration:
Applied• QoS Policy:
Enforced• Security Policy:
Enforced
Plug and Play for End Devices
Auto Smart Ports
Anomaly Detected• Packet Capture for Wired
and Wireless• Proactive diagnostics• Real time Alerts• Web-based reports• Routed to TAC team
Monitor & Troubleshoot
Smart Call HomeIPSLA, WireShark
• Ability to take custom actions based on syslogs/triggers
• Enhanced Flexibility and control
Control Your Network
EEM, XML Programmability
• EEE ready• Energywise – Time of
the day policy based on/off of access devices
• 0 $ SKUs for energy management
Reduced Energy Consumption
Energywise and EEE
Please refer to the Software Roadmap for the list of features supported at FCS and upcoming releases
© 2014 Cisco and/or its affiliates. All rights reserved. 51
Optimize Troubleshooting with Wireshark
• Built-in packet sniffer for remote troubleshooting
• Real-time packet capture and decode for wired/wireless*
• Capture and Display Data and Control Packets
• PCAP Storage options SD card or USB
*Roadmap H2CY14 on Sup8E
Switch# show monitor capture file bootflash:nflow.pcap detailedFrame 2: 880 bytes on wire (7040 bits), 880 bytes captured (7040 bits) Arrival Time: Nov 2, 2011 03:21:13.992382490 Universal<..SNIP..> Frame Number: 2 Frame Length: 880 bytes (7040 bits) Capture Length: 880 bytes (7040 bits)<..SNIP..> [Protocols in frame: eth:ip:udp:data]Ethernet II, Src: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f), Dst: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Destination: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a) Address: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)
CLI Packet Capture
© 2014 Cisco and/or its affiliates. All rights reserved. 52
What Does Cisco EnergyWise Suite do?
Note: No facilities focused interfaces to building management systems (BMSs); enabling BMS partners to reach into IT assets
Energy Intelligence • Energy cost• Energy use• Energy reduction• Carbon emissions
• Date and time• Location cost center• Energy-use simulation• ROI modeling
SEE
Measure
Manage
IT EnergyManagement
On-premises and cloud-based software for IT energy management
Cisco EnergyWise™: Energy management based on Cisco IOS® Software
1 2
• Software for energy management and analytics focused on IT assets
The network: Routing, switching, and access points
Distributed enterprise networks: PCs, Macs, VoIP phones, copiers, printers, etc.
Data centers: Physical and virtual servers, routers, switches, storage, etc.
• Use the network to measure, monitor, and manage energy.
• Allow the network to be the command and control plane for power management
• Use the Cisco® switch or router as the arbiter or timer for energy management
• Use the network to aggregate power-use reporting
• Allow the network to provide secure, reliable energy management
© 2014 Cisco and/or its affiliates. All rights reserved. 53
Time-Based Data Center Location BasedEvent Based
Example: Example: Example: Example:
Power management of devices VoIP phones , PCs , printer servers, etc. based on work patterns
• Response to external triggers: Respond to energy events with policies
• Systems management: Integration with systems management tools and user-authentication events
• Smartphone location coupled with badge management app
• Access control triggers office environment to power on
• Data center infrastructure management
• Capacity management of power and device lifecycle in data centers
• Ties physical to logical environment
What Does Cisco EnergyWise Suite Do?
© 2014 Cisco and/or its affiliates. All rights reserved. 54
PnP – Solving the Scale Issue
Good News!!!
Refresh Switches have arrived
Bad News
Rack and Install process begins
Good News!!!
Smart Install is on the team!!
Solving the repetitive tasks!!
© 2014 Cisco and/or its affiliates. All rights reserved. 55
Network Deployment – Challenges
Direct Costs• Shipping and preparing costs for staging• Travel costs of IT staff or hiring of highly
skilled installers at branch locations
Complexity• Copy-pasting configs results in errors• Different products - Routers, switches,
Wireless need to be handled
Security• Configs with sensitive info handled by 3rd
party• Rouge devices joining the network• Unavailability of trusted partners, installers
Time/Productivity• Manual process X number of devices X
locations, slows deployment• Additional shipping and staging results in
longer lead time for 1st day of operational network
Today’s Process Business Challenges
Site-1
IT Admin Customer Staging facility• Install OS• Install base config
Installer
Ships Equipment
Re-Ships equipment
Reseller/Partner
Site-2 Site-3
© 2014 Cisco and/or its affiliates. All rights reserved. 56
Next Gen Plug and Play Solution :Customer experience overview
Pre Provision Projects/Sites• Policies• Match Rules • Configs/Image• IP Addressing
IT Admin
Site 1Installer
1
23
PnP Server
IT Admin
Unskilled Installer Connects Device on-site
Under the Hood1. New device is pre-provisioned in PnP
server2. Installer connects the cables and
powers on the device3. Device discovers PnP server and
sends it’s SUDI certificate4. PnP server authenticates the device.
A secure communication channelis created
5. PnP server sends the right configuration, image, licenses andfiles to the device
6. Device reloads executes post install actions (script or CLI)
7. Install success/failure notifications are sent by the PnP server as needed.
IT Admin Checks Status
© 2014 Cisco and/or its affiliates. All rights reserved. 57
Cloud PnP Redirection
Service
4
PnP App for Installer
2
Next Gen Plug and Play Solution :Architecture
Prime Infrastructure
ENG Controller
Third PartyApplications
Internet
3G/4G access to NOC
PnP Agent1
PnP Server in DMZ (PnP gateway + UX)
3
Options for PnP Server
Console/Bluetooth access to device
Unskilled Installer
GUI Based
Consistent for devices & PIN(Campus/Branch)
SecureRMA Use
CaseGreenfield
& Brownfield
© 2014 Cisco and/or its affiliates. All rights reserved. 58
Auto Smartports –What It Is
Auto Smartports: Dynamically Configures Ethernet Ports Based on the Device Type Detected
Problems? Solutions
Manual configuration of every port• Devices move
Configuration moves with device
Wasted Ports – pre-configured dedicated interfaces and no device
Interfaces in ready state waiting for adevice to attach.• More efficient use of valuable ports
Unsure how to mix multiple features together Cisco Best Practices for mixing interfacelevel configurations
Not knowing what is connected• Which interface has the printer?
Device classification. What is attached onevery interface
© 2014 Cisco and/or its affiliates. All rights reserved. 59
Challenge: Managed Nodes Explosion
• 94 Total Devices for Image and Configuration Management
• 168 Access Trunks/Port-Channels
• 4032 User Ports
Considerations:• STP Loop Prevention• FHRP Tuning• CAM/ARP Tuning• PIM Tuning/DR priority• Routing Protocol Tuning
• 94 Separate Configurations of SNMP, NTP, TACACS, Banner, vty, VLAN DB, Mgmt IP/GW, Hostname
SiSi SiSi
SiSi SiSi SiSi SiSi SiSi SiSi SiSi SiSi
Building 1 Building 2 Building 3 Building 4
Core
© 2014 Cisco and/or its affiliates. All rights reserved. 60
Benefits
Operational Simplicity with Catalyst Instant Access
RE
DU
CE
D T
CO
A Single Image to deploy and manage across Distribution POD
Agile Infrastructure to add new features uniformly across Access Layer
Highly Fault Tolerance with Quad-Sup-VSS SSO
Consistent Features at Access
Single Point Of Management, Configuration and troubleshooting
Cisco Prime Managed Devices =
20+Managed Devices = 1
ISE
1000 Port Campus Distribution POD
SiSi SiSi
© 2014 Cisco and/or its affiliates. All rights reserved. 61
One Management with Cisco Prime Infrastructure
Integrated Wired/Wireless Lifecycle and Assurance Management
• Regulatory and best practice policies
• Automated audit and reporting
• Centralized remediation
PrimeInfrastructure
User Productivity
Regulatory & Operational Compliance
Operational ProductivityUser, Site & App Experience
• Application performance visibility
• User & site-level visibility
• Proactive monitoring
• Real-time troubleshooting
• “Prime 360” diagnostic views
Automated Best Practices
• Wired/wireless, Branch/WAN
• Integrated lifecycle
• Cisco best practices built in
• “Day 1” device support
© 2014 Cisco and/or its affiliates. All rights reserved. 62
Many Purpose-Built Architectures
SWITCHING, ROUTING, WIRELESS
Unique Services
Purpose-Built ASICs
IOS Variants
Custom HW
Unique Services
Purpose-Built ASICs
IOS Variants
Custom HW
Unique Services
Purpose-Built ASICs
IOS Variants
Custom HW
Unique Services
Purpose-Built ASICs
IOS Variants
Custom HW
Unique Services
Purpose-Built ASICs
IOS Variants
Custom HW
Unique Services
Purpose-Built ASICs
IOS Variants
Custom HW
Unique Services
Purpose-Built ASICs
IOS Variants
Custom HW
Multiple Products on Common Architecture
SIMPLE, SECURE, REDUCED TCO
UADP and USCP ASIC
Standard Platforms
Common Services
IOS-XE
Cisco ONE Architecture
AGILE SOFTWARE MODEL
Software-Defined Services
Management and Policy
Standard Platforms
UADP and USCP ASIC
IOS-XE
Cisco ONE
Yesterday Today Tomorrow
Cisco's Enterprise Networks Strategy for SDN
© 2014 Cisco and/or its affiliates. All rights reserved. 63
Introducing:Cisco ONE Enterprise Network Controller
• Open Daylight SDNController Architecture
• Consistent API to all Cisco Controllers
• North: RESTful, OSGI
• South: CLI, OpenFlow, OnePK
• Runs on Any Physical x86 or Virtual Server
• Offered as Software Solutionor Dedicated Appliance
• New Agile Continuous Integration Model
Physicalor Virtual
Open
• No Programming Skills Required
• Simplify Complex/Tedious Configuration Tasks
• Integrated Analytics and Business Intelligence
• Greenfield and Brownfield Networks (CLI)
• Supports Catalyst Switches, ISR and ASR Routers
Investment Protection
Easy
Mask Network Complexity, Expose Network Intelligence
© 2014 Cisco and/or its affiliates. All rights reserved. 64
Cisco ONE Platform Enabling Fast IT
Physical and Virtual
Common Policy Engine
Network WideSecurity and
Services
Investment Protection
Flexible Licensing
CISCO ONE PLATFORMConsistent Policy-Based Management and Security
DC
Cisco Application Policy Infrastructure Controller (APIC) Cloud InterCloud
Northbound APIs (ONE DevKit)
WAN
Southbound APIs (OpenFlow, onePK, CLI)
NEW
NEW
ACCESS
NEW
DC Module Enterprise Module NEW
© 2014 Cisco and/or its affiliates. All rights reserved. 65
•Easy QoS
•Follow Me QoS
•Compliance Assurance
•Network-Wide Rapid Threat Detection and Mitigation (Sourcefire)
•ACL Management Automation
QoSProvisioning
Solving the Most Pressing, Complex and Tedious IT Problems
•Automated Performance Routing (PfR) Configuration
•Automated WAN Policy Compliance Assurance
QoS
SecurityAutomation
IWAN: Path Optimization
Cisco APIC - Enterprise Module :Initial Deployment Scenarios
© 2014 Cisco and/or its affiliates. All rights reserved. 66
Effective Management
Exceptional Control
Comprehensive Visibility
• Data Center• Intranet• Internet• Security Zones
• Remote VPN• Wireless/Guest• Employee• VM Client• IP Devices
Identity andContext Aware Infrastructure
One Policy with Identity Services Engine (ISE)Securely Enables Your Business and BYOD with Policy-Based Access Control
Leverage Network to Secure AccessYour Critical Resources
• Policy-Based Access Control
• Enforcement through: VLANs, Access Control Lists,Secure Group Tags, MACSec Encryption
Centralized Managementof Secure Access Services and Scalable Enforcement• ISE enables centralized management and enforcement
• Security Group Tags managed by user type,regardless of IP address or location
BYOD - Comprehensive Contextual Awarenessof the Who, What, Where, When, How
with flexibility, monitor mode, and support for VDI
• Guest Access• Profiling• Posture• WebAuth
• MAC Auth Bypass
© 2014 Cisco and/or its affiliates. All rights reserved. 67
Summary
• Trends impacting your network– BYOD
– Mobility
– Video
• Critical Technologies to enable your network– High Availability – because the network is mission critical
– Network Visibility and Control – Because one can’t control what one can’t see
– Scale / Performance – Always need for more speed and scalability
– Management – Need to do more with less resources. Work Smarter
– Security – Provide secured access any where, any place, any time
© 2014 Cisco and/or its affiliates. All rights reserved. 68
Technologies Critical in Your Network
• High Availability – because the network is mission critical
• Network Visibility and Control – Because one can’t control what one can’t see
• Scale / Performance – Always need for more speed and scalability
• Management – Need to do more with less resources. Work Smarter
• Security – Provide secured access any where, any place, any time
© 2014 Cisco and/or its affiliates. All rights reserved. 69
Industry LeadershipMarket Leadership
Cisco Unified Access = Market Leadership
• 20+ years of market share leadership
• 400,000+ mobility customers
• 1,000,000+ switch customers
• Broadest mobility portfolio in the industry
• Broadest switching portfolio in the industry
• 95% Fortune 1000 have selected Cisco
• 10+ years of Gartner MQ leadership
• Leader in new Unified Access Gartner MQ
• Ongoing IEEE, IETF, Wi-Fi Alliance leadership
• Largest patent portfolio in the industry
• Largest development team in the industry
• FIPS, Common Criteria, PCI-certified
Local Edition