cisco it: digital enterprise networks · •current snapshot • business challenges & industry...

Cisco IT: Digital Enterprise Networks

Dipesh Patel: Enterprise Network Architect

BRKCOC-2493

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKCOC-2493

• Current snapshot

• Business Challenges & Industry Trends

• Strategy & architecture

• Technology

• Core

• Branch

• Network Management

Agenda


Cisco at a Glance

10,690UCS Servers

76,136Virtual Machines

28.1MW

Data Center

Capacity

85PBOverall Usable

Storage

72,354Employees

434Offices

94Countries

6,243Routers

8,415LAN Switches

133,361Connected

Stakeholders

192,770Connected

User Devices

100

Services

SJC

45%RTP

14%

AM Other

6%

EU/EM 7%

India

21%

AP Other

7%

Global

Distribution

of IT Staff

7.6 Billion

DNS Requests

per day

Data as of January 2018

BRKCOC-2493 5

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

28 BillionNetflows analyzed /day (StealthWatch)

2.5 MillionEmail transactions blocked /day(ESA)

2.0 MillionWeb transactions blocked (WSA)

47 TBInternet Traffic inspected

1.2 TrillionSIEM Events / day across network

7.6 BillionDNS requests / day (Umbrella)

17KFiles analyzed/day (ThreatGrid/AMP)

Scope Agents Results

1232 Devices Deployed

For detection & prevention

295InfoSec Team members

Data Analytics

(4TB/day)

& Security

Services1.85 MPhish emails sent to Cisco employees through PhishPond

(since April 2013)

Phish

5-10% Click Rate• Reduced from 30%,

• Repeat Clickers Reduced

From 12% to 1%

13.4 MillionIntrusion alert/day (NG-IPS)

6.25 MillionDNS requests blocked (Umbrella)

Security


Enterprise Networks

6,243Routers

8,415LAN Switches

30,481Cisco Virtual

Office

932Wide Area

Application (WAE) Engines

403ASA

72Cache Engines

313Call Managers

433MDS

639Wireless LAN

Controllers

101,289Virtual Private

Network

Global Tier 1 Global WAN Backbone

BRKCOC-2493 7


Cisco Network: Total Cost of Ownership

2014-15 Gartner Benchmark (‘15) 2016-2017

Transmission/ Circuits 52% 61% 59%

Hardware depreciation 19% 17% 12%

Headcount (inc managed

services)21% 17% 21%

Software Licensing 1% 3% 6%

Facilities costs 7% 2% 2%

% of Total Costs

BRKCOC-2493 8

Challenges & Trends


Challenges in managing a large enterprise network

ApplicationAssurance

Cloud Consumption

DisjointedSecurity

SimplifiedOperations

Transport Flexibility &

Segmentation

TimeTo Capability

Challenges

Decouple under/overlay

transport

Controller based operations

Optimised Cloud Connectivity

Automation & Orchestration

Centralised Policy Servers

Data Analytics platforms

BRKCOC-2493 10


#1 World of Cloud

• Growth and success of Public cloud has changed WAN traffic patterns

• Large proportion of Cisco employee applications are now served by public cloud SaaS providers

• Challenge in demarcation for network troubleshooting

• End to End network SLA not possible to guarantee for Public Cloud SaaS apps – focus on Quality of Experience

• Very inefficient if left unchanged

Public Cloud

Private Cloud

BRKCOC-2493 11


#2 Cost of Internet versus WAN

Data from Telegeography – monthly costs DIA: Direct Internet Access (not asymmetric Broadband)

BRKCOC-2493 12


#3 Programmable infrastructure

1day? 1hour? near real time?

ProgrammaticScripting/ProgrammableCLI Telemetry

Over 20,000 Network devices in Cisco IT Network!

BRKCOC-2493 13


#4: Network Function Virtualisation

Physical Appliances Virtual + Physical Appliances

• Specific Applications that require speed & reliability >> ASIC/TCAM

• Generalised Applications that require an agile & flexible platform>> X86

BRKCOC-2493 14

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15BRKCOC-2493

#5: Segmented Overlay Networks

Overlay Control Plane

Underlay Control PlaneUnderlay Network

Hosts

(End-Points)

Edge DeviceEdge Device

Overlay Network

Encapsulation

Network Design& Architecture


What is digitisation?

digitised systemAnalytics & Data Insights

Controllers & Orchestrators

Smart Networked Resources

People & Outcomes


Intent Based Network System

Intent Based Network System

Analytics & Data Insights

Controllers & Orchestrators

Business Intent

Virtualised Network Infrastructure


Cisco IT: DNA Architecture

Global

Backbone

Home &

Remote

Partners &

Aquistions

Branch

Office

VirtualisedNetwork Infrastructure

Network Programmability & Overlay Networking

Automation &

OrchestrationData

Analytics

Service

Management

Abstraction

Layer

Data:Security Threats

PerformanceBusiness

Cloud Automation Partners

Intent Driven

Network

Network

Services

Fast ServiceDelivery

Faster Innovation

Simplicity/Experience

Quality & Assurance

Trust, SecurityAccountability

IT

Outcomes

Speed & Agility(Mode 2)

Performance & Reliability(Mode 1)

Private DC /

Public Cloud

Service Contracts

Exposed APIs/ Dashboard

Underlay Connectivity

WAN/LAN/Internet

BRKCOC-2493 19


Virtual

WAN

Service

Control

Physical

Platform

LAN

Analytics

Assurance, Capacity

Performance, Reliability

Programming of

Infrastructure

Cisco IT DNA solution framework

On Prem

Network

Infrastructure

Outcome

Core/Cloud

based

Service

Feedback Control Loop

Enterprise Fabric (SDA) SD WAN (Viptela)

Routing (ISR) Switching(9k) Wireless(TBD) VNF NFV-IS UCS

Programmable Network Operating System (IOS-XE 16.x) NETCONF/YANG/REST

DNA-C NSO

Resource

Management

3rd PartyWireless

Assurance

Stealth

watch

Fast Service Delivery

Faster Innovation

Simplicity/Experience

Quality & Assurance

Trust, SecurityAccountability

Performance

Management

Cost/expense

Management

New Business

ModelsSecurity

Management

ISE


Solution Development Life CycleAccelerating the speed at which we experiment in IT

pass

0-1% 3-4% 90%

Feedback Feedback Feedback Feedback

pass pass pass

ETE/ISV(Alpha)

Solutions Verification Lab (SVL)

Pilot(Beta)

Limited Deployment

General Deployment

Initial standalone product/solution

test

HW Integration/ SW regression

testing

Beta test with limited production

users

Small scale limited production

deployment

Full scale production

deployment

Retire

Small Teams

= small, agile teamsBRKCOC-2493 21


Faster experimentation & whilst managing risk

SSID: Cisco

• PoC: Dev Environment

• Feedback not cases

• Incentivise users to join

• Failure scenario

• Agile development through release planning

• Downsides?

Production Network

SDA Fabric

SSID: Cisco-Beta

DNA-C/ISE

PoC Network

BRKCOC-2493 22

Cloud Ready Backbone


Global Enterprise Network

Cisco Cloudport hubs

Internet

Cloud Defence Layer

CanadaNorth

America

South

AmericaEuropeAfrica

Middle

EastChinaIndia

Australia

& NZRest of

AsiaJapanUK & I

1000+ Regional WAN Networks (Production & Partner)

24BRKCOC-2493


DC

Internet Cisco Cloud

Interconnect

Direct

Peering

Private

WAN

Cloudport: Strategically positioned global

Internet Carrier Neutral Facilities allowing

optimal access to Cloud Providers

Acquisitions &

Biz Partners

(consumers)

Internet

Applications

Business

Applications

(suppliers)


Carrier Neutral Facilities

‘a facility which allows interconnection between multiple telecommunication carriers and/or colocation providers. Network neutral data centres exist all over the world and vary in size and power’

Benefits:

• Access to some of the largest Cloud Providers

• Carrier Neutral encourages Competition leading to better pricing & services

• Simpler to switch between suppliers

• Time to connectivity is Fast

CNF Partners:


Partners

Cloudport building blocks

DMZ Backbone

DMZ DC

DMZ DC

DMZaaS

Edge (ISP,IXP)

DC

Media/SIP

Regional WAN

Customers

Partners

Acquisitions

Cloud SaaS

Employees

Home VPNMobile

VPN

CCIGlobal DMZ Backbone

Global Corporate Backbone

Cloudport

DMZ Backbone

Corp Backbone

BRKCOC-2493 27


Cloudport building blocks

DMZ Backbone

DMZ DC

DMZ DC

Public Edge

(Internet)

DC

Customers PartnersSuppliers Cloud SaaS Employees

Global DMZ Underlay

Global Corporate Underlay

Cloudport

Cisco Cloud Interconnect (CCI)

Think of consumers as any entity that needs to initiate access to inside Cisco –Branch Offices, Partners, Home users, Customers etc

Private Edge

(Telecom)

Segmented secure overlay connections

A B

CService Insertion

DMZ Backbone

Corp Backbone

BRKCOC-2493 28


Direct Connect from AWS via the Cloud Exchange

VLAN Y

VLAN X

Virtual private cloud 1

Virtual private cloud 2

Virtual private cloud N

…

Public endpoints

Region

Private VIF 1

VLAN Z

VLAN N

Cisco CSR or

AWS Direct

Connect router

Cisco Cloud

Interconnect

(CCI)

Equinix Cloud Exchange

Pass Multiple VPC Connections on Individual Virtual Circuits

BRKCOC-2493 29


Cloud Defense System

To Internet

Trusted

Cloud/

Supplier

Global

Corporate

Network

From

Cisco

Customers

Regional

DC

DMZ DCGlobal DMZ

Network

1st line of defense: Internet Edge

Access-Control, IP Bogons, BGP Black

hole, Netflow

2nd line of defense: DDoS Detect/Mitigation

Arbor Treat Detection/Mitigation (DDOS), NAM

3rd line of defense: Deep Packet Inspection

Passive IDS, Passive DNS, DPI, Malware, Tap …

4rd line of defense: EnforcementPrevention

Firewall (Access-Control & Inspection) Web

Security Appliance (Transparent Cache) Network

Address Translation, BGP Blackhole

Internet Edge

DDoSDetect/Mitigate

DMZ Backbone Taps

Prevention Systems

Corporate FW

Cloud Interconnect FW

DMZ DC to DC FW

Application FW

Cisco Cloud Interconnect

BRKCOC-2493 30


Multicloud Ready Backbone

IBGP Cluster

IBGP Cluster

IBGP Cluster

IBGP Cluster

Regional WAN:

Asia PacificRegional WAN:

EMEAR

Cloud Ready Backbone

Regional WAN:

Americas

31BRKCOC-2493


ISP ISP ISP ISP ISP ISP

Cisco

AS109

0/0

DMZ

DC

DC

Americas EMEAR APJC

10.10.x.x /16

144.254.0.0/24

Community: US

AS Prependx2

144.254.0.0/24

Community: US

AS Prepend x4

144.254.0.0/24

Community: US

AS Prepend x1

144.254.0.0/24

Community: US

196.43.145.0/24: AS1

196.43.145.0/24

Local Pref:200

196.43.145.0/24

Local Pref:150196.43.145.0/24

Local Pref: 100

Cloud App

0/0 0/0

10.20.x.x /16 10.30.x.x /16

iBGP mesh

Inside the Cloud Ready Backbone

32BRKCOC-2493


Direct Peering to Cloud SaaS providers

AS4

AS1

AS2

AS3

ISP GW

Internal ProdNetwork

AS4

ISP GW

AS1

AS2

AS3

IXP

Backup paths Primary Paths

Internal ProdNetwork

Carrier Neutral Facility


San Jose Texas RTP London Amsterdam Singapore Tokyo Sydney

Google

Akamai

Box.net

Hurricane Electric

Microsoft

Apple

Google

Akamai

Facebook

Netflix

Apple

Microsoft

Charter

Google

Akamai

Salesforce

Microsoft

Apple

Charter

Facebook

< In Progress > Google

Akamai

Microsoft

OVH

Panther

Google

Akamai

Facebook

Apple

GTC

Amazon

Edgecast

LimeLight

…

Google

Akamai

Microsoft

Apple

Amazon

Facebook

All IXC routes

(I,e, Google, Akamai

MS etc)

Cloudport hubs

Cisco Global Defense Layer

Internet

Cloud Services


Cloud Monitoring

C l o u d D e f e n s e S ys t e m

Internet

San Jose Texas Raleigh London Amsterdam Bangalore Singapore Hong Kong Tokyo Sydney

Latency

Packet Loss

JitterSL

A fo

r S

aa

S A

pp

Internet

CustomersCloud

Partners EmployeesCloud XaaS


Enabling agile connections

Cloud

Consumers(Employees,

Acquisitions,

Partners)

Network + Security Services

Public Cloud Suppliers

Cloudport

Network

Fabric

Secure Connections

Private

Cloud(ACI &

Traditional

DC)

ACI

ACI

DC

Device Manager

Service Manager

NETCONF REST CLI WebUI SNMP JAVA/JavaScript

Network Element Driver (NED) NED NED NED

Device Models

Service Models

CDBFASTMAP

Mapping Logic

Templates

Core Engine

Package Manager

Script API

Alarm Manager

Developer API

Notification Receiver ...

NETCONF REST CLI OpenFlow etc.

Au

tom

ate

&

Orc

he

str

ate

Fu

nctio

n

Vir

tua

lisa

tio

n

Cisco Secure Agile Exchange

Se

rvic

e P

ort

al

Branch Edge


Regional Branch Network

Cisco Cloudport

Internet

Cloud Defence Layer

CanadaNorth

America

South

AmericaEuropeAfrica

Middle

EastChinaIndia

Australia

& NZRest of

AsiaJapanUK & I

1000+ Regional WAN Networks (Production & Partner)

WAN via Cloudport(MPLS L2VPN)

Direct Cloud via local Internet access

38BRKCOC-2493


Target solution: Cisco IT Branch Office Solution

• Secure SD WAN (Viptela / IOS-XE)

• Network Compute Platform (ENCS)

• Direct Internet for SaaS (Viptela Cloud Express)

• Application assurance (Thousand Eyes/Viptela)

SD WAN

• LAN Fabric (DNA-C/VXLAN/LISP/9K)

• Policy based segmentation (ISE + SGT)

• Wireless assurance (AP)

• Business performance WiFi (3800AP/5Ghz)

SD Access

• Cloud/Centralised Control & Management (DNA-C)

• Cloud/Centralised Data Analytics (DNA-C)

• Cloud/Centralised Security Policy Management (ISE)

• Direct Internet / WAN Bandwidth on Demand (SP)

Cloud

Ready

NOTE: Not actual topology. Only for Illustration of technology options

Cloud Services

MPLS

Cloudport/HQ

DMVPN over Internet

Secure Direct Internet Access

DMVPN over MPLS

Internet Access

Stacked 3850

MPLS Internet

Modular 4500

3850

3700+WSM+HALO

3700+WSM+HALO

4451

Controller & Orchestrtion Platform

4451

Co

ntr

ol &

Ma

na

ge

me

nt

Analytics Platform

Ins

igh

ts &

An

aly

tics

Policy / SLA

Modular

9400/9500Stacked

9300

LAN Fabric

9300

APAP

ENCS

Path 1Path 2Path 3

DNA-CDNA-C

ISE

WAN Fabric

BRKCOC-2493 39


Access &

Local ServicesOOB

Gig-E Gig-E Gig-E Gig-E Gig-E Gig-E Gig/Fast-E Fast-E Fast-E

PSTNOOB

100%100% 100%100% 100% 25% 100% 25% 100%

What Min Bandwidth

to order*

ba

cku

p

ba

cku

p

50%50% 50%50% 80% 80% 60%When to alert for

upgrade✝

2A+

HC: 1001/

Business Critical

Higher cost, Higher SLA

Engineered for Resiliency & Performance

Lower cost, Lower SLA

Engineered for Cost

* Based on total site demand as define by the BW Calculator; ✝ sustained utilisation for at least 10% of business hours

2A

HC: 301-

1000

2Bi

HC: 26-300

or >80Mb/s

2C+

HC: 26-300

or >40Mb/s

2Ci

HC: 2-25

or >ANY Mb/s

Target: WAN Service CatalogueUnderlay network

Initial HC Index &

Bandwidth

requirement criteria

P2P Technology

MPLS (L2VPN)

Internet

Cisco Hub

Manage risk/reward by setting SLA expectation

Load balancing optional WAN: Load balanced WAN: Not load balanced WAN: Not load balancedWAN:

SP1:P2P SP2: L2VPN L2VPN L2VPN L2VPN L2VPN L2VPN Internet L2VPN

SIP SIP SIP SIP SIP

Cisco Office

Voice (PSTN/SIP)

MPLS (L2VPN) (backup)

Internet (backup/active

SDWAN Future

DIA/4G)

Modular

Services

Offered over

LAN Fabric

Events Acquisition IoTGuest

NetworkLab’s

Customer

Demo’s

Smart

Building

Direct

InternetDirect

Internet

Direct

Internet


C5 C4 C3 C2 C1

0-25 2C 2C 2C+ 2C+ 2B

26-100 2C 2C+ 2C+ 2B 2A

101-300 2C+ 2B 2B 2B 2A

301-1000 2C+ 2B 2B 2A 2A+

1000 + 2B 2A 2A 2A+ 2A+

Step 1: Define Topology

Solutions

Site Criticality Index

Supply Chain

Contact Centre

EBC/CBC

Engineering Lab

Customer Lab

Employee

Data Centre

C1 C2 C3 C4 C5

Supply Chain

Contact Centre

EBC/CBC

Engineering Lab

Customer Lab

Employee

Contact Centre

EBC/CBC

Engineering Lab

Customer Lab

Employee

EBC/CBC

Engineering Lab

Customer Lab

Employee

Engineering Lab

Customer Lab

Employee

Site Criticality Index

Site

Fu

nctio

n

Topology selection

2C

2C+

2B

2A

2A+

Single Circuit (Internet)

Dual Circuit (Internet + Internet)

Dual Circuit (MPLS + Limited MPLS)

Dual Circuit (MPLS + MPLS)

Dual Circuit (MPLS + Private Line)

$$

$$$

$$$$

$$$$$

$$$$$$

Circuit Resiliency Cost

WAN Service Catalogue

2D Open Internet (AnyConnect) $

Step 2: Understand Site

criticality

Step 3: Understand scale of

users/devices

Headcount

Technology driven solutions ranging from

highly resilient to low cost

Talk to the business, gain better understanding of site functions and then

classify them.

What is the scale of users or devices connecting to

that sites network?


Cisco SD-WAN using Viptela

Data Center Campus Branch Home Office

Control Plane (Containers or VMs)

Data Plane(Physical or Virtual)

Management Plane(Multi-tenant or Dedicated)

Orchestration Plane

vManage

vSmartvBond

vEdge

vOrchestrator

API

4GINTERNET MPLS

CONTROL

ANALYTICSORCHESTRATION

MANAGEMENT

vOrchestrator

BRKCOC-2493 42


Viptela Confidential14

Technology Use Cases – M&A, Line-of-business separation, Partner networkSegmentation & Multi-Topology

MPLS

• Independent and isolated virtual topologies operating at the same time

Internet

Virtual Fabric

User Traffic

Video Traffic

Viptela vEdge

Data Center

VPN1

VPN2

VPN1

VPN2

VideoVideo

User

User

Site A

Site B

Viptela Confidential12

Fully Managed WAN With Centralized Control

WAN

NAC & MDMDC

CoLo

Enterprise NOC & Access Control

Data Center

CoLo & DMZ

Public Cloud & Network Services

Branch routing & switching

Unified Communications

Enterprise Wireless

WAN Opt & caching

Use Cases & DeploymentsSupporting a diverse set of topologies and architectures @ scale


Network Function Virtualisation

IOS

ASIC

IOS

ASIC

IOS

ASIC

IOS

ASIC

NFV-IS

Controller

x86 HW

NFV-IS

x86 HW

3rd

Box1 Box2 Box3 Box4

Box5 Box6

Box1 Box2

• Software defined network platform

• Deploy Network Functions at will

• Reduced real-estate/minimise site visits

BRKCOC-2493 45


Network Compute Platform: ENCS 5400 Series

6, 8, or 12-Core

Intel Xeon-D

16 - 64 GB

DRAM

8 Integrated LAN Ports

with Optional POE

Network Interface Module

for LTE & legacy WAN

Dedicated Board

Management Controller

2 HDD, SSD or

SAS

RAID 0 & 1

Internal

M.2 Storage

USB 3.0

Storage

2 Onboard Gigabit

Ethernet ports

with SFP

Integrated

Power Supply

Optional Hardware

Crypto Module

Hardware Acceleration for

VM Traffic

BRKCOC-2493 46


NFV Migration strategy

Gradual & phased migration

Current Interim Target

Benefits

• Less hardware Infrastructure

• Fast & Agile service delivery

• Improved performance for Fog

compute applications

BRKCOC-2493 47


APIC-EM

ISE NDP

Control Plane Nodes – Map System that manages Endpoint to Device relationships

Fabric Edge Nodes – A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SDA Fabric

Identity Services – External ID System(s) (e.g. ISE) are leveraged for dynamic Endpoint to Group mapping and Policy definition

Fabric Border Nodes – A Fabric device (e.g. Core) that connects External L3 network(s) to the SDA Fabric

Identity

Services

Intermediate

Nodes (Underlay)

Fabric Border

Nodes

Fabric Edge

Nodes

DNA Controller – Enterprise SDN Controller (e.g. DNA Center) provides GUI management and abstraction via Apps that share context

DNA

Controller

Analytics Engine – External Data Collector(s) (e.g. NDP) are leveraged to analyze Endpoint to App flows and monitor fabric status

Analytics

Engine

CControl Plane

Nodes

B

What is SD-Access?Fabric Roles & Terminology

48BRKCOC-2493

B

Fabric Wireless Controller – A Fabric device (WLC) that connects Wireless Endpoints to the SDA Fabric

Fabric Wireless

Controller

Campus

Fabric


Segmented Overlay networks

Site1 Site2 Site3S

ite

lo

cal o

ve

rlay

WAN

Fab

ric w

ide o

ve

rlay

Underlay FabricControl Plane & Mapping Server

Overlay Data Plane: VXLAN

Control Plane: LISP

BRKCOC-2493 49


Fabric wide virtual networks

VN Fabric wide virtual network

0 Guest Users + Devices

9 IOT Employee User Devices

8 LAB / Demo devices

7 Partner Devices

6 Employee Devices

5 Alphas

4 Shared community devices

3 WPR/Building devices

2 Datacenter

1 IT Infrastructure devices

InfraManagement

Building Controls

Media Services

CorporateServices

Internet

Lab Networks

Extranet Partners

IoT

BRKCOC-2493 50


What benefits do we see?

51© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

1. Control-Plane based on LISP

2. Data-Plane based on VXLAN

3. Policy-Plane based on TrustSec

What is unique about Campus Fabric?Key Components

Key Differences

• L2 + L3 Overlay -vs- L2 or L3 Only

• Host Mobility with Anycast Gateway

• Adds VRF + SGT into Data-Plane

• Virtual Tunnel Endpoints (No Static)

• No Topology Limitations (Basic IP)

BRKACI-2400 12

Central Control & assurance

Programmability & Automation

Enhanced Threat Analytics

Host mobility & Segmentation


21% 18% 23% 17%

78% 82% 77% 82%

BLDK RTP7/8/9 TKY7 STLD1

LAPTOP CONNECTION PREFERENCE

Wired Wireless

• Target 80% desktop environment to go wireless only

• Meeting rooms still retain wired connections

• Doubled the density of AP’s across floor

• Moving clients to 5GHz Spectrum – less interference / more bandwidth

• Desktop Video & IP Phones running on Wireless

• Enhanced RF site surveys & continuous RF airspace monitoring

• Enabled for Apple Fastlane (prioritisation and enhanced client mobility)

• Switching infrastructure transitions to Digital Ceiling

Access Evolution: Wireless as primary access

BRKCOC-2493 52


Access Evolution ProposalCurrent

Floor

Distribution

(FD)

Proposed

Desk area APR TPFree standing

enclosure

increased

desk spaceReduced

cable runs

Increase number of

AP on 5Ghz only

Deploy in-ceiling

Cisco switches Wireless Printers

APR’s and Meeting rooms to

retain wired connectivity

DC

Wireless IP Phone Wired Security Camera

& Badge ReadersDC

FD

Wired Emergency

Phones


Evolve Floor Distribution + Switch density


• Floor port: Reduced

• Cable run: Reduced

• Switchport: Reduced

• Distribution frame: Reduced

• Switch real-estate: Reduced

• Rack real-estate: Reduced

• Power + Cooling: Reduced

• UPS: Reduced

• Comms room real-estate: Reduced

Business case considerations

• Wireless Infrastructure (AP’s + WLC)

• Wireless Monitoring: Investment required

• Wireless IP Phones: Investment required

• Increased initial support

• New Floor + Network design

• Training: Wireless troubleshooting

• Wireless printers/security cameras?

• Rigorous Wireless certification testing on most

popular devices

Target sites: Greenfield & Retrofit sites

Saving’s Opportunity Investment Required:

BRKCOC-2493 55

Automation & Assurance platform


Programmable Platform (IOS 16.x)

Automation Manager Deployment model

DNA-C/

NSO

Home &

Remote

25000

PartnersBranch

400-500

Network Infrastructure

DC

28

Network Connectivity

WAN/Internet/Cloud

APIC

Automation

Workflow

Controller Platform

Prescriptive

WorkflowDevelopment Platform

Feature 1 Feature 2 Feature 3 Feature 4

Core

20

Network Feature

NSODNA-C/

NSONSO

• Prescriptive Workflow: target DNA-C

• Bespoke Workflow: target NSO

• Controllers segmented based on network function

• Home & Extranet environment based on mix of scripted and bespoke operation

• Controllers extend beyond network infrastructure: (Unified Comms/Telecom etc)

BRKCOC-2493 57


Controller & Automation platform

ISE DNA-C NSO

Developer Platform Production Platform

ISE DNA-C NSO

58BRKCOC-2493


Network Automation & Orchestration

1. Define what the service is

2. What are the infrastructure elements/devices that need to be changed as

part of this service

An example is Basic Wireless Service:

Wireless Service

Gateway Configuration WLC Configuration Switch Configuration Other / 3rd Party

Infrastructure Devices


Network Automation & Orchestration (NSO)

Connect LAN Spin VM Spin NFV Connect WAN

Automation & Orchestration Controller

Services

Services (described as YANG Data Models)Intent Driven Services

Devices/Infra

Switching ComputeNFV based virtual office

3rD Party

e.g. Create partner or cloud connection

e.g. N7K, ASR, Compute, API’s etc

Translation


Service Model

Service Instance 1

Device 1 Device 2

Service Instance 2

Device 3 Device 4

NSO Service Manager & Models

NSO Manages Network Services through the Service Model Construct:

Service Instance 1: Prioritise all Sales Applications for 2 weeks prior to quarter end

Service Instance 2: Enable network to optimise traffic flow to Cloud based Video service for company meeting

EXAMPLE USE CASE’s

BRKCOC-2493 61


Digital journey

FY17 FY18-19 FY19+

: Secure programmable network infrastructure & services

Cloud or On-prem controllers for infra management

Virtualised Infrastructure & Transport

Transition to self driving intent based networks

Control

Software defined

Intent Based Networking

Foundational

Actionable insights from Security, Business, NetworkAnalytics

BRKCOC-2493 62


Come talk to our Cisco IT Experts!

CollaborationAppDynamics

ACI & TA

NSOvBranch

World of Solutions

Cisco on Cisco will have 5 demo booths placed around the Cisco Campus showcasing how Cisco IT designs, deploys, and manages our own solutions. Through these IT success stories you’ll see how Cisco solutions are driving transformational business benefits.


Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKCOC-2493


• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.

Complete Your Online Session Evaluation

http://ciscolive.com/Online

http://www.ciscolive.com/global/on-demand-library/


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Tech Circle

• Meet the Engineer 1:1 meetings

• Related sessions

66BRKCOC-2493

Thank you

cisco it: digital enterprise networks · •current snapshot • business challenges & industry...

Documents