campus fabric - cisco.com · campus fabric 25. januar 2017 accelerating the digital transformation...
TRANSCRIPT
Campus Fabric
25. Januar 2017
Accelerating the Digital Transformation
Thomas SpiegelConsulting Systems Engineer
Cisco Roadmap Disclaimer.Some of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document
Cisco Disclaimer
• APIC Enterprise Module
• DNA Campus Fabric
• Portfolio LAN Campus Switches
Agenda
Non-Prescriptive Topology (Too many variations)
Complex Addressing(IP Address tied to topology)
Disruptive Device Growth(IOT and mobility)
Static Resource Allocation
Manual Processes
Complex Provisioning
Rigid Policies(Policy based on IP Address)
Enterprise Networks Today
APICEM
Enterprise Networks Tomorrow
Services
Orchestration and Policy
Infrastructure
Endpoints
SecurityCollaboration
ServicesMobility Mobility
Seamless roaming
Elastic WLC
CollaborationQuality of experience (QoE)
Voice/Video performance
SecurityIdentity, NAC, Encryption
Device OnboardingBranch
Fabric
Cisco Digital Network Automation Innovations
Available on DNA-Ready Infrastructure through Cisco ONE Software
New! Programmable HardwareQuantum Flow Processor (QFP)Unified Access Dataplane (UADP)
New!
APIC-EMBase Automation: Plug and PlayPolicy Services: IWAN App & Easy QoSSoon: DNA Fabric
Programmable SoftwareUnified IOS-XE 16.xAPIs
New!
Unified Access Data Plane (UADP)Industry’s first programmable ASIC
RAFA(Run any feature
anywhere)
Feature Velocity across Platforms MPLS Application Visibility & Control Netconf / Restconf / Yang / …
Enhanced WebUI
Unified IOS-XE 16.x (Polaris)One Release Train
Operational Efficiency, Consistency in Control Plane
Behavior,
Patch UpdatesWCM/SANET/etc sub
package upgrade, Peach of mind for Customers
Applicationsvia Service Containers
64 Bit ASLR, Mandatory Access Control for
Processes
Comprehensive Programmability
Object based model, Netconf/REST Interfaces
APIC-EM
`
APIC-EM Delivers IT Flexibility
Enabling Automation Through Innovative Management Principles
OPENStatic Programmable
Expert CLI Policy + GUI
Greenfield Brownfield + Greenfield
SIMPLE
A B
Manual Automated
Box-Centric Network-wide
Provision in Months Hours Runs on a Server
Cisco APIC Enterprise Module for LAN/WANArchitecture
Abstracts Network Devices to mask Complexity
Treat Network as a System
Exposes Network Intelligence for Business Innovation
Cisco APIC Enterprise Module
Cisco and Third Party Applications
Network DevicesCatalyst, ASR, ISR
Inventory Manager
Topology Services
further Services
Northbound API (REST)
Southbound Interface: CLI, Netconf
Topology Visualizer / PathTrace / QoS / Policy / IWAN / …
Controller Layer
Network Element Layer
Controller Aware Applications
Policy Services
`
Cisco APIC-EMAn Application Platform for Enterprise WAN and Access Networks
• Virtual (ISO VM) or appliance-based• Provides user policy abstraction and automation• Simplification of complex network configuration with
Cisco® application best practices• Existing and new installations (Catalyst®, ISR, ASR, WLC)
Ready-to-deploy applications (March 2016): Path Trace (free)Plug-n-Play (free)EasyQoS (free)IWAN (with a license)
BENEFITS:Brownfield support
Ready-to-use-applicationsOpen, northbound API
… more to follow
APIC-EM – Inventory & Topology
User Defined Group Tagging Allows Applications to Segment Analysis and Control (not shown here)
APIC-EM Northbound REST API
47
Problem: How to get started with a Controller API?
Solution: Explore
Example:
1) In the APIC-EM User Interface,click on [API]
2) Navigate to the desired APIin our example:/network-device/count
Problem: How to get started with a Controller API?
Solution: Explore
Example:
1) In the APIC-EM User Interface,click on [API]
2) Navigate to the desired APIin our example:/network-device/count
3) “Try it out” and note Request URLhttps://<APIC-EM IP>/api/v0/ +/network-device/count
4) Prototype in Chrome/Postman5) Code in your App (Python, Java, …)
APIC-EM Northbound REST API
48
APIC-EM Path Trace ApplicationAccelerate Trouble-Ticket Processing
User Trouble Ticket IT Path Trace
NETWORK
Open Architecture
Network, ApplicationsMonitoring
Simple Workflow
BENEFITS
SDN
Easy visual discovery of trouble spots in the communication path based on 5-tuple info
OpEx for ticket processing decreased by 98%from 1.6 hours to 1 minute
`
Path Trace App: Enhanced ApplicationFlow Visibility
CAPWAP TunnelVisualization
Accuracy Note (in a percentage)
Link SourceInformation
Ingress/EgressInterface
Path Trace App: Topology View
`
`
Path Trace App: Enhanced Application Flow Visibility
Reverse Path Lookup
You have the ability to visualize the bi-directional path in a single view
EasyQoS Solution
Wireless APTrust Boundary
PEP4Q (WMM)
Catalyst 3650Trust Boundary
PEP2P6Q3T
Catalyst 45001P7Q1T
Catalyst 65001P3Q4T1P7Q4T2P6Q4T
…
Nexus 7700F3: 1P7Q1T
WLCPEP
ASR/ISRsMQC
Catalyst 2960-XTrust Boundary
PEP1P3Q3T
Wireless APTrust Boundary
PEP4Q (WMM)
EM
Applications can interact with APIC-EM via Northbound APIs, informing the network of application-specific and dynamic QoS requirements
Southbound APIs translate business-intent to platform-specific configurations
Network Operators express high-level business-intent to APIC-EM EasyQoS
EasyQoS App 2.0
What Do We Do Under-the-Hood?Apply RFC 4594-based Marking / Queuing / Dropping Treatments
Application
Class
Per-Hop
Behavior
Queuing &
Dropping
Application
Examples
VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)
Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV
Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE
Signaling CS3 BW Queue SCCP, SIP, H.323
Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Default Forwarding DF Default Queue + RED Default Class
Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox LiveIrrelevant
Default
Relevant
Automation: Plug and PlayPnP Available Now
PnP Cloud May 2016 (controlled availability)
Lower deployment costs
79%
”Plug and play means no more IT engineers in the field – faster time to market and dramatically lowered costs.
“Eliminates
Staging Truck Roll
Cloud-Based Plug and Play
Plug in and Cloud Provision
Order Controller-Based Management
Cisco ONE Foundation
SWIIM
New!
Network Plug and Play (PnP) – Components
PnP AgentRuns on Cisco® switches, routers, and wireless access pointsAutomates the deployment process
PnP ServerCentral Server on APIC-EMManages sites, devices, images, licenses, workflowProvides Northbound REST APIs
PnP ProtocolRuns between Agent and ServerOpen Schema
PnP Helper App[ Optional ]Delivers bootstrap, status and troubleshooting checks
Redpark RJ45Apple 30pin
Redpark RJ45Apple 8pin
GetConsoleAirconsole2.0
Bluetooth Adapter
Cloud Redirect Service[ Optional ] Roadmap Phase 2
ZusammenfassungAPIC-EM:• ist Cisco‘s SDN-Plattform für das Campus-LAN, WLAN und WAN• ist hochskalierbar• Installation entweder direkt auf dediziertem Server oder auf VMware ESXi• einige Anwendungen (Apps) sind bereits verfügbar
• Path Trace• Plug and Play• Easy QoS
• weitere Anwendungen werden sukzessive zur Verfügung gestellt• von Cisco selbst• durch Drittanbieter, die die API nutzen
• eine wichtige zukünftige Anwendung wird die App für die Campus Fabric sein• alle Dienste können über die API genutzt werden, d.h. ein Kunde kann eigene Apps
schreiben oder die Dienste in vorhandene Systeme integrieren• die APIC-EM Software und Basis-Apps sind kostenfrei; Solution-Apps kostenpflichtig
Campus Network EvolutionCampus Fabric
STP based “Tiered” Design
Classis STP Limitation50% of all Links not utilizedComplex to Harden
VSS based Design
No STP Blocked PortsFull Links Utilization, Faster ConvergenceProprietary two-way Fabric
Standards based Programmable Fabric
No STP blocked ports, L2/L3 ECMPStandards based programmable VxLAN for L2/L3 servicesAutomated Underlay with Group based PoliciesDesigned to handle 802.11ac wave2 and beyond speeds
Paving the way for a Converged Campus/DC Fabric …Delivering Campus features at ‘DC’ like performance !
1999 - 2007 2008 - 2016 2017 – next decade
Campus Network Fabric EvolutionTarget
Q2CY17
Network Controller
Network Fabric Designs
Provide automated and prescriptive network deployment
Provide seamless L2 and L3 connectivity,across the network (stretched subnets)
Provide integrated segmentation
Provide identity-based security and QoS,incl. Host Mobility (users and devices)
Link policy end-to-end between the DC, Campus, WAN, and Branch
And do it all simply?
Underlay
Overlay
Overlay
Overlay
Overlay
Underlay – Automatically builds a simple, prescriptive,redundant network topology
Overlay – Implements value-added serviceson top of the underlay
Emerging Network Designs – Network Fabrics
Controller-based ManagementFabric Orchestration and VisibilitySingle User Interface for Fabric Management
Campus FabricUnderlay, Overlay, and Controller
APIC-EM Programmable OverlayConnects Users and Devices to each other, w/ policy controlStandards-based control plane (LISP)Standards-based data plane (VXLAN)
Prescriptive UnderlayConnects the network elements to each otherAutomated, standardized deployment and operationLeverages existing network topologies(not restricted to spine/leaf)
Cisco Internal Use Only – Do Not Distribute Externally without NDA
Target: Q2 2017
PAYLOADETHERNET IPVXLANUDPIPETHERNET
1. LISP based Control-Plane2. VXLAN based Data-Plane3. Integrated Cisco TrustSec
What is unique about Campus Fabric?Key Components – CTS
VRF + SGT
Virtual Routing & ForwardingScalable Group Tagging
BRK 5
Understanding the WorkflowUser Interface Methods
Controller GUI Standard APIs Smart CLI
• HTTP GUI Apps• Cross-App Data APIs• Automated Workflows
• RestConf/NetConf APIs• Puppet/Chef/Ansible• Automated Workflows
• CLI Config Templates• Simple User Inputs• Customized Workflows
Demo
SD-Access controlled & managed by APIC-EM• Fabric Expansion• Host Onboarding• Secure Segmentation• Group Policies
Catalyst 3K Catalyst 6K
• Catalyst 3650• Catalyst 3850• Copper / Fiber• IOS-XE 16.3+
• Catalyst 6800• Sup2T / 6T• 6900 or Newer• IOS 15.4SY+
Nexus 7K
• Nexus 7700• Sup2E• M3 Only• NXOS 7.3DX+
Catalyst 4K
• Catalyst 4500• Sup8E / 8LE• Sup Uplinks• IOS-XE 3.9+
Platform SupportMultiple Edge, Border & Control Plane Options
Shipping Shipping ShippingShipping
Campus Fabric• Weiterentwicklung der Campus Switching Infrastruktur• L3-basiertes & “best practise” Underlay• L2 & L3 Overlay• integrierte Segmentierung• integriertes Policy-Management User/Devices
Unified Access Data Plane: Foundational Technology for DNA FabricPolaris Software: Foundational Technology for DNA FabricDNA Center (APIC-EM): The FINAL Piece of the Puzzle – Orchestration Software
Zusammenfassung
Portfolio LAN Campus SwitchesCore & Aggregation
Campus Small & Fixed Core Positioning
Other Networks
Catalyst 3K
Catalyst 3K
Campus Fabric Domain
Campus Fabric
Other Networks
Catalyst 3K
Catalyst 3K
2-Tier Campus
1st Choice:
Catalyst 3850 for Campus Aggregation and Fixed Core
Campus Small & Fixed Core
2nd Choice:Catalyst 6800 for specific agg features
UADP ASIC
* No StackWise or StackPower
Catalyst 3850 10G: 48 Port SFP+
UADP ASIC
Converged Access Line-Rate No Stacking Front-to-Back & Back-to-Front
Fans and Power Supplies1+1 Power
Redundancy
4 x QSFP Fixed48 x SFP+ Fixed
Front-to-Back and Back-to-Front Fan options
New 750W AC Power Supplies
1+1 Power Supply Redundancy
Dimensions (H x W x D): 4,45 cm x 44,5 cm x 51,1 cm* Will support VSS as part of “Virtual Stackwise”, Target Q2 CY17
UADP ASIC Converged Access StackWise-480 StackPower Line-Rate
Catalyst 3850 10G: 12 and 24 Port SFP+
1+1 Power Redundancy
C3850-NM-4x10G
C3850-NM-2x40G
C3850-NM-8x10G
C3850-NM-4x10G
UADP ASIC
Uplink Module SlotSFP+ Fixed
UADP ASIC
Uplink Module SlotSFP+ FixedDimensions (H x W x D): 4,45 cm x 44,5 cm x 45,0 cmfor both WS-C3850-12XS and WS-C3850-24XSWill support VSS as part of “Virtual Stackwise”, Target Q2 CY17
Campus Modular Core Positioning
N7K as lead for collapsed Campus Fabric border OR WAN EdgeSoftware: Campus Fabric, Multicast, VRF, WCCP, PBR, MPLS,
VPLS, LISP, IPv6, SGT/TrustSecHardware: Buffering, TCAM Scale (FIB/ACL), MACSec
N9K as lead CoreHigh 40G & 100G Port density
Internet / WAN
Nexus 7700
Catalyst 3K
Catalyst 3K
Campus Fabric Domain OR Collapsed Edge
CampusFabric
Internet / WAN
Nexus 9500
Catalyst 3K
Catalyst 3K
3-Tier Campus
Router
1st Choice:
Nexus 7K/M3 for Campus Fabric, MPLS,
Deep buffers, Trustsec, …
Nexus 9K for IP Transport
Campus Modular Core
2nd Choice:Catalyst 6800 for customer stickiness with Cat6K, and 1G/10G
Cisco Nexus® 770010-Slot
Cisco Nexus® 770018-Slot
Cisco Nexus® 77006-Slot
Cisco Nexus® 77002-Slot
Nexus-7700Nexus 7K For Modular Campus Core
Hardware • Multiple Form factors • Highly Available Architecture
Fabric, Sup & Power Redundancy Online Insertion & Removal
• Best in Class Scale & Performance
• Dense 10G/40G/100G Densities 1.32Tbps per LC slot M & F Series of LCs
• Front to Back Airflow• FIPS & Common Criteria
certified
Advanced NX-OS • Modular OS Architecture• 64-bit kernel• Support for ISSU• Graceful Insertion & Removal• Support for Patching individual
Modules• Up to 8 Virtual Switches per
H/w with Virtual Device Context (VDC)
• Campus Fabric, Multicast, VRF, WCCP, PBR, MPLS, VPLS, , LISP, IPv6, SGT/TrustSec, Buffering, TCAM Scale
Universal Core Platform supporting multiple fabric technologies
Nexus 7000 Modular Series / M3
Nexus 7700 M3 100G Modules
12x 100G QSFP28 Ports 375MB per 100G port
Nexus7000 48p 10G,& 24p 40G M3 Line Cards
48x 1/10G SFP+ Ports 31.25MB Buffer per 10G port
24x 40G QSFP Ports 125MB Buffer per 40G/port
48x 1/10G SFP+ Ports 31.25MB Buffer per 10G port
24x 40G QSFP Ports 125MB Buffer per 40G/port
AC Input: 110V to 305V DC Input: 192V to 400V Output: 3500W
Nexus7700 M3 10G & 40G Modules Large Table Size & Packet Buffers -
2M FIB (1M @ FCS), 128K ACL/QoS
384K MAC (128K @ FCS)
MACSEC 256-bit AES
Superset of all Features on previous M & F Cards
NEWQ2’CY16
Nexus 7700 & 7004 High Voltage AC/DC Power
Supply
Target FCS2H’CY16
+
In EFTShipping!
Portfolio LAN Campus SwitchesAccess
Catalyst DNA innovations – LAN Access
Catalyst 2960-X/XR
• Base DNA Automation
• Secure, reliable access
• Low TCO and energy-efficient
• Base NaaS
Competitive Feature Set at Compelling Prices
Scale
Cap
abilit
ies
TRADITIONAL WORKSPACE
VoiceData
UNIFIEDWORKSPACE
VideoIOT Mobility
Access Switching FIXED SWITCH
Cisco Catalyst 3850/3650
Upto 480G Stacking
MODULAR SWITCHCisco Catalyst 4500-E
928G Backplane
• Performance: mGig, 1/10G uplink, 40G uplinks (3K)• Full NaaS with ETTA, Single and Multi-Context NaaE• PoE Leadership: UPOE, Fast/Perpetual PoE• High Availability: NSF/SSO, VSS/ISSU (Cat4K)• MPLS on Catalyst 3K• Converged Access with up to 100AP
WORKSPACE TRANSFORMATION
Outside the Wiring Closet
Catalyst Compact
mGIG /10G capable
• Low TCO and energy-efficient
DNA Capabilities: Secure Access, PnP, Programmability, Easy QoS
Network & Security Services: AVC, NaaS/Enforcer, MACSEC, FnF
Programmability (3K/4K only): Netconf/RestConf, Yang models, Python
The New Catalyst 3850 Multigigabit Switches
Mini 3650 – Depth 295mm
(29,5 cm)
Addressing Customer Choices
Catalyst 3650Stackable access,
wired-wireless convergence, PoE+
*Software Update Middle CY2014
160 Gbps50 AP WLCRedundant PSUsStateful SwitchoverFlexible NetFlowWiresharkTrustSec (Macsec, SGT)
Catalyst 2960-XStackable access,
PoE+
Catalyst 3850Stackable access,
wired-wireless convergence,UPOE / PoE+
Catalyst 4500EModular access,wired-wireless convergence, UPOE / PoE+
480 Gbps, 100 AP WLCRedundant PSUsStateful SwitchoverFlexible NetFlowWiresharkTrustSec (Macsec, SGT)StackPowerCisco UPOEModular UplinksmGIGMixed Stacking Fiber, Copper, 10G-T
928 Gbps100 AP WLCRedundant PSUsStateful Switchover Flexible NetFlowWiresharkTrustSec (Macsec, SGT)Cisco UPOEVSSISSUmGIGLinecards Investment Protection
160 Gbps50 AP WLCRedundant PSUsStateful SwitchoverFlexible NetFlowWiresharkTrustSec (Macsec, SGT)
**Roadmap
2960-XR: Redundant PSUs
Sampled NetFlow802.1xSGT: SXP
• DNA – Digital Network Architecture• Lösungen für die Anforderungen an Netzwerke heute & morgen
• APIC-EM• der Cisco SDN Policy Controller für die Vereinfachung des Netzwerkbetriebes, LAN/WLAN/WAN• APIC-EM Controller Software und Basis-Apps kostenfrei – heute beginnen!
• DNA Campus Fabric• Weiterentwicklung der Campus Switching Infrastruktur• Zukünftig verwaltet über eine App auf dem APIC-EM Cisco Live! Sommer 2017
• Switching-Komponenten• bei der Auswahl beachten, ob Campus Fabric Readiness gegeben sein soll• bevorzugt C3850 bzw. N7700 im Core, alternativ C6800• bevorzugt C3650/3850 im Access, alternativ C4500E, 2960X
Zusammenfassung
Join us in Berlin for 5 days of education, training, and networking
Choose from 500+ sessions Network with Cisco technical experts
and your peers Visit 140+ exhibitors and the Cisco
Campus in the World of Solutions Listen to inspiring Keynotes Get hands on in the DevNet Zone
Learn more and register at ciscolive.com/emea
