global vision. local knowledge. · apps license mgmt financial costing impact analysis business...

Cisco Forum KyivCountry • Day Month Year

Global vision.

Local knowledge.

Andrii OvrashkoSystems [email protected]

Cisco DNA Center

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco

Networking at the Speed of Digital Transformation

1 2017 Cisco Security report2 Cisco Complete VNI Forecast3 Cisco 2016 Mid-Year Cybersecurity Report4 Cisco Global Cloud Index Whitepaper

of organizations claim that strategic help aligning network initiatives to business priorities is the most important requirement from network consulting services

* Source: IDC, Worldwide Network Consulting Services Study, 2017, N=502

Business is More Reliant on the Network than ever

http://www.cisco.com/c/dam/m/digital/en_us/Cisco_Annual_Cybersecurity_Report_2017.pdf?_ga=1.194547693.178549878.1485966641

http://www.cisco.com/c/m/en_us/solutions/service-provider/vni-complete-forecast/infographic.html

http://www.cisco.com/c/m/en_us/offers/sc04/2016-midyear-cybersecurity-report/index.html?POSITION=SEM&COUNTRY_SITE=us&CAMPAIGN=SC-04+threat-centric+security&CREATIVE=SEM_SC_Security_(BMM)_(B)-Report_MSR&REFERRING_SITE=Bing&COUNTRY=United States&KEYWORD=+cisco +2016 +midyear +report&KWID=p12066135158&KEYCODE=001344793&utm_source=bing&utm_medium=cpc&utm_campaign=US_SEM_SC_Security (BMM) (B)&utm_term=+cisco +2016 +midyear +report&utm_content=Report_MSR&dclid=CLic1a3esNICFYp7YgodYdAITQ

http://www.cisco.com/c/dam/en/us/solutions/collateral/service-provider/global-cloud-index-gci/white-paper-c11-738085.pdf


Paradigm Shift in IT Operations

Source: Cisco Study Nov 2018 https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1951395

Dramatic Change in IT Operations as CIOs Embrace Analytics and Automation

• Race to Operational Maturity

Accelerating

• 88% of CIOs Identify Investing in IT

Operations as Key to Driving Preemptive

Practices and enhance Customer

Experience

• 65% of CIOs expect to increase budget

for optimizing and remediating IT

operations over the next 12 months

https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1951395


The Network. Intuitive.

Intent-based Network Infrastructure

DNA-Center

AnalyticsPolicy Automation

I N T E N T C O N T E X T

L E A R N I N G


DNA Center: Design – Policy – Provision – Assure


DNA-Center

AnalyticsPolicy Automation

I N T E N T C O N T E X T

L E A R N I N G


The Network. Intuitive.Powered by intent. Informed by context.

Journey to intent-based networking

We are here

Digital—ready infrastructure

Secure foundation

Programmability

Virtualization

Analytics and assurance

Everything as a sensor

Telemetry Historical and real time

Policy-based automation

Business policy

Translation Segmentation

Machine learning and AI

Policy validation

Predictive Self-healing

Intent-based networking

Constantly learning

Constantly adapting

Constantly protecting

Scaling (via cloud)


DNA Center Scale Up – Hardware Appliances

PID Scale (Devices) Scale (Aps) Scale (Clients) Availability

DN1-HW-APL 1000 Devices (Switches/Routers/WLC)

4,000 25,000 EOS/EOL upcoming

DN2-HW-APL (New) 1000 Devices (Switches/Routers/WLC)

4,000 25,000 Imminent

DN2-HW-APL-L (New) 2000 Devices (Switches/Routers/WLC)

6,000 40,000* Ordering starts Dec/ Jan ‘19

DN2-HW-APL-XL (New) 6000 Devices (Switches/Routers/WLC)

14,000 100,000 Ironman timeframe**

** = In Planning* = In Testing

Note: members of a DNAC Cluster must be identical – except for DN1-HW-APL and DN2-HW-APL which can be combined in the same cluster


Основные сценарии применения DNA Center

Автоматизация управления сетью

Мониторинг сети

Интеграция

Streaming Telemetry

iOS sensorsApp

monitoring

N-dimension

Health

SD Access PnPTemplate

editorQoS

Path Trace Topology Inventory API

ISE DDIService

Now


Network Changes for Automation

Standard Change:

• Automated Change Request• No Approval Required• Fully owned by Network Engg

team with minimal to zero downtime

Non-Standard Change

• Require Approval by Change Board

• May require service disruption• Co-ordination with Application

team during change window

Settings Update (Syslog, NTP)

Password Update

Port Settings, VLAN changes

New device/site deployment

Software Update

New service/Update service

Network

Changes


What are Standard Network Changes ??

AAA Configuration

DNS/DHCP Servers

NTP Servers

Syslog Servers

Netflow Collectors

SNMP/SSH/Telnet

Interfaces Configuration

ACL’s

Dial Plans

Vrf

Routing Protocols

Tunnels/DMVPN

Security/Crypto

QOS

AVC

AAA Configuration

DNS/DHCP Servers

NTP Servers

Syslog Servers

Netflow Collectors

SNMP/SSH/Telnet

Interfaces Configuration

Spanning Tree

VLAN

Security/Crypto

QOS

AVC

AAA Configuration

DNS/DHCP Servers

NTP Servers

Syslog Servers

Netflow Collectors

SNMP/SSH/Telnet

SSID’s

RF

Security/Crypto

QOS

AVC

Routers Switches WLC’s

Standard Changes :

o No Approval Required

o Minimal to Zero Disruption

Non-Standard Changes :

o Requires Approval

o May require service

disruption

o May need co-ordination

with other teams (App,DC

etc) during change window


Network/IT Processes & Systems

x-Domain Integration

Business & IT Efficiency

DNA Center Platform Elevating the Meaning of “Open” with 360 Degree Extensibility


DNA Center Platform – APIs, Adapters, SDKs


DNA Center Platform – Phase 1 Partner Solutions


Southbound APIs & Collectors

.

Northbound APIs

AP

Is & C

on

necto

rsAP

IS &

Co

nn

ecto

rs Cross-Domain Integrations

CloudData

CenterSecurity Collab

DNA Center Platform


1

BusinessApps

License Mgmt Financial Costing

Impact Analysis

Business Intelligence

5

Network Apps

Advancedfunctions

Policy /Compliance

UC PerfMonitoring

End-User Monitoring

4

3Network / IT Process Integrations

Identity Services

IT ServiceMgmt

Network Services

2

DNA Center


DNA Center Platform

DNA Center Platform


DNA Center: Southbound – Device SDK1

Infrastructure

Physical | Virtual | Programmable | App Hosting

Device Pack SDK

SNMP

Netconf

CLI

• Discovery

• Inventory

• Topology

• Availability

• Command Runner


DNA Center: Southbound – Device SDK1

Problem: DNA Center supports a vast range of Enterprise Routing, Switching and Wireless platforms out of the box (check release notes). But what if you need 3rd party or Cisco legacy device support ?

Solution: Use the Device SDK

1. Put DNA Center and Device into Lab

2. Deploy Device SDK on DevOps Station

3. Connect Device SDK to DNA Center

4. Create Device Package

- Specify Device- Phased Releases of Features / Functional Domain initial Scope: Discovery, Inventory, Topology,

basic Presence and Config- Develop Mappings

5. Develop Device Package

6. Build and Test Device Package

Infrastructure

Physical | Virtual | Programmable | App Hosting

DNA Center

1)

4)

3)

2)

5)

6)

Device SDK


DNA Center – Device SDK – Functional Domains

• Inventory• Discovery• Topology• Availability• SNMP Polling

Visibility

• SWIM• Config Push• Config Archive• Config Change

detection• Compliance

Configuration

• Application• Access• Access Control

Policy

• Correlation• Alarm

Suppression• Root Cause

Assurance

• Client• End points• IoT Extensions

Extension

1


DNA Center – Device SDK – Current Scope1

Version 1.2.10 (September 2018)

Discovery

• Device identification based on defined configuration

Inventory

• Visibility of Device Details

• Visibility of Interface Details and Operational Status

Topology

• All Device-to-Device connections in network

Extension

• Command Runner: execute commands against device via DNA Center

Assurance

• Key performance metrics via SNMP (CPU, Memory, Temperature, ...)

• Calculate Device Health Score based on metrics


ITSM Integration

Integrate DNA Center into (1) event, (2)incident, (3) change, and (4) problem management ITSM processes

Integrate DNA Center into ITSM approval and pre-approval chains

Sync CMDB between DNA Center and ITSM tool

Link DNA Center with formal change and

maintenance window schedules

Guided Remediation, Intuitive IT Service Management

DNA Center


DNA Issue or Event

ITSM Event Problem Information forTroubleshooting

Change Request or Incident

• Incident: an event that is outside of the normal service operations and may have cause a disruption in IT service

• Change Request: a request for a change to an IT service

Definitions

ITSM System Perspective

Change Request

• Pre-planned changes in the network that require approvals such as Software Image Management automatically log a change request

• These change requests wait for approval complete notification before upgrading the image at a specific time provided by the ITSM

Incident• ITSM Assurance events of a certain level of severity log an incident• The parameters for which events log an incident are set by the user in

DNA Center

DNA Center Ecosystem: Streamlined Closed-Loop Operation

DNA Center proactively triggers action in real-time and enables end-to-end automated resolution. This results in uninterrupted and enhanced Network User Experience.


Assurance: WLC Crash and Reboot

WLC Crash and Reboot event in Assurance automatically creates an event in ServiceNow


Assurance: WLC Power Failure

WLC Power Failure event in Assurance automatically creates an event in ServiceNow


Automation: Software Image Management

SWIM Monitoring Bundle scans the system and automatically logs an Incident


Ticket Enrichment

DNA Center APIs populate a ticket with additional information for troubleshooting

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco © 2018 Cisco and/or its affiliates. All rights reserved. Cisco

IT challenge

43% of IT time spent on troubleshooting

Data collection

Network operators spend 4x more time collecting data than analyzing while troubleshooting

Replication challenge

It’s impossible for IT to troubleshoot if they cannot replicate the issue or see it in real time

Slow resolution

Half of Wi-Fi issues take more than 30 minutesto resolve


Network quality is a complex, end-to-end problem

* Both = Join/roam and quality/throughput

Access points

Local WLCs

Network services data center

Office site

Cisco ISE

Mobile clients

Cisco® Unified CM

Client firmware

AP coverage

WAN uplink usage End-user services

RF noise/interf

Cisco Prime®

Configuration

Authentication

WLC capacity

WAN

Client density

Affects join/roam

Affects quality/throughput

Affects both*

DHCP

Addressing

WAN QoS, routing, ...

100+ points of failure between user and appWith 50,000+ permutations!

What is the problem?

Where is the problem?

How can I fix the problem fast?


Event Processing

“Event processing is a method

of tracking and analyzing

streams of information about

things that happen (events),

and deriving a conclusion from

them.“


In This Environment, Context is Key

Devices Applications

Users Network

Time

Location

Rich Context Increase Business Productivity and Frees Up IT Time

Cisco Context

360-degree Visibility

Data Granularity

Historical, Real-time, Future


DNA Assurance

Telemetry and Sensors at SourceClients | Applications | Wireless | Switching | Routing

Network TelemetryContextual Data

Correlation Complex Event

ProcessingIssues Insights

Guided Remediation

Metadata extraction

Complex correlation

Steam Processing

001110101100110

1010110010

00101101

0110100

1101101

00101101

10101100110

101011000110011

Clients Baseline

Application Network


Complex Event Processing (CEP)

“CEP is event processing that

combines data from multiple

sources to infer events or

patterns that suggest more

complicated circumstances.

The goal … is to identify

meaningful events”


The Cost of Troubleshooting

Typical troubleshooting issues for an enterprise network with 800 users (wired and wireless)

Issue/task DNA Center™ Traditional CLI SavingsOccurrences

per weekHours saved

per weekDays saved

per year

Traceroute Instantaneous 6 minutes 6 minutes 25 2.5 hours 15

Slow onboarding 2 minutes 17 minutes 15 minutes 20 5 hours 30

Device RPA failure Instantaneous 20 minutes 20 minutes 6 2 hours 12

Radio channel analysis 5 minutes 25 minutes 20 minutes 6 2 hours 12

Issue replication 5 minutes 65 minutes 60 minutes 2 2 hours 12

Site visit Not required 180 minutes 180 minutes 0.5 1.5 hours 9

Total: 15 hours 90

What would YOU do with 90 extra productive days per year?90

*RPA: Routing protocol adjacency failure


DNA Assurance

From: Raw Alarms (or no Data)

To: Correlated Insights

Right PlaceProblem Isolation

Right TimeTime Travel

From: Challenging Replication

To: When & Where it Happened

Right ActionGuided Resolution

From: Escalation and Slow Resolution

To: Guided Remediation


Application Assurance


Assurance of Business Critical Applications

Health of Business

Relevant Apps overtime

Table with the top N (filterable) applications:• Name• Heath• User count• Business class / Traffic class• Usage / Average Throughput• Perf (Loss, Latency, App Delay)


Application health dashboard menu

Click to see Application

dashboard


Application Health Dashboard


Application Health Dashboard – Applications

Select applications by type and health


Application 360

Application health over time

Site application health details


Application experience in site

Application performance metrics

Click to view clients using the application

Select site to view

application

performance in site


Clients using the application


Client Application Experience


Application experience for a client

Application issues

Click on issue for details

Selected client


Application Issues – Network Latency

In Client 360, raising Insights for excessive Network Latency Issue

The second charts details the issues in the Application Server causing the delay

Objective: Closing the Application Experience Loop

48

Defining the IntentExpressing Business-Level Intent

Validating the OutcomeDNA Assurance & Analytics

Quantitatively Correlating

the Delivered Outcome

with the Expressed Business-Intent

Delivering the IntentDNA Automation – App Policies

Translating Business Intent

into Network Policies and Transport

49

Determining Business RelevanceHow Important is an Application to Your Business?

Relevant IrrelevantDefault

• These applications directly support business objectives

• Applications should be classified, marked and treated marked according to industry best-practice recommendations

• These applications may/may not support business objectives (e.g. HTTP/HTTPS/SSL)

• Applications of this type should be treated with a Default Forwarding service

• These applications do not support business objectives and are typically consumer-oriented

• Applications of this type should be treated with a “less-than Best Effort” service

RFC 4594 RFC 2474 RFC 3662

50

What Do We Do Under-the-Hood?

Application

Class

Per-Hop

Behavior

Queuing &

Dropping

Application

Examples

VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)

Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV

Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence

Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx

Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)

Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE

Signaling CS3 BW Queue SCCP, SIP, H.323

Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog

Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps

Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution

Default Forwarding DF Default Queue + RED Default Class

Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live

Apply RFC 4594-based Marking / Queuing / Dropping Treatments

Irrelevant

Default

Relevant

51

What Do We Do Under-the-Hood?

Application

Class

Per-Hop

Behavior

Queuing &

Dropping

Application

Examples

VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)

Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV

Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence

Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx

Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)

Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE

Signaling CS3 BW Queue SCCP, SIP, H.323

Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog

Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps

Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution

Default Forwarding DF Default Queue + RED Default Class

Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live

Apply RFC 4594-based Marking / Queuing / Dropping Treatments

Irrelevant

Default

Relevant

52

Your Choice

ip access-list extended DNA-APIC_QOS_IN#VOICE__acl

remark XYZ1234

PERMIT TCP any host 2.2.2.2 eq 35601

ip access-list extended DNA-APIC_QOS_IN#BROADCAST__acl

remark dmp

PERMIT TCP any any eq 7777

ip access-list extended DNA-APIC_QOS_IN#MM_CONF__acl

remark zoom-meetings



PERMIT UDP any any eq 8801


remark cisco-collaboration


ip access-list extended DNA-APIC_QOS_IN#MM_STREAM__acl


As of May 2018:

• 700 + unique customers shipped DNA Appliances

• 300 + trials / deployments by end of Q3 FY18

(estimated from telemetry)Aviation

✓ Highest client count ~ 13,934

✓ Total of 632 APs deployed

• AP3700 and AP3800

• AP1810W as Sensor

✓ 3 WLC HA pairs (5520, 3504, 8540)

• 8.5.114.27 (8.5MR2 Eng Special)

✓ Size of venue: equivalent to 40 football fields

✓ Highest client count ~ 28,275

✓ Total of 1,514 APs deployed

• Mix of AP3800 & AP3700

✓ 1 WLC HA pair (2 x WLC8540)

• AireOS 8.5MR2

✓ Peak total concurrent throughput: 6.09 Gbps

Cisco Live Barcelona Mobile World Congress

DNA Center Shipments

DNA Center

global vision. local knowledge. · apps license mgmt financial costing impact analysis business...

Documents