Showing posts with label Software Defined Networking. Show all posts
Showing posts with label Software Defined Networking. Show all posts

Thursday, 14 March 2019

Open programmable architecture delivering value beyond connectivity

We discussed how Cisco delivers consistency and simplicity, with integrated security, across Enterprise domains. Now we’ll discuss in more detail how this is done.

“People who are serious about software should make their own hardware”

Cisco uniquely develops its own hardware and software, including silicon for Switching, Wireless, and Routing platforms. This allows Cisco to deliver unique innovations and optimizations pertaining to network-specific needs, such as:

◈ Stackpower/Stackwise,  AVB, MACSec-256, and ERSPAN for Switching
◈ CleanAir, Flexible Radio Assignment and Hyperlocation for Wireless
◈ Advanced hardware queueing and Deep Packet Inspection for Routing
◈ Flexible Netflow (FNF), Scalable Group Tags (SGT), VXLAN, and NBAR2 across all the domains

These unique innovations in hardware and software enables Cisco to deliver a lot more value beyond connectivity in the areas of security, visibility, high availability, etc and are the foundation for the evolution to an Intent-based architecture.

Built-in Security and Network Visibility for Proactive Insights


FNF and NBAR2 are foundational enablers for Security and Application Visibility embedded in the platforms. Cisco Switching, Routing and Wireless platforms incorporate special hardware and software to collect information about all the flows in the network, not just sampled, and deep packet inspection capability to identify applications. All this is done without network slowdown. This is what makes advanced Security services such as Encrypted Traffic Analytics (ETA) able to detect malware in encrypted traffic without decrypting the traffic, working in conjunction with Cisco Talos, Cognitive Threat Analytics (CTA), and Threatgrid while using Cisco Stealthwatch. It is also what enables Application Assurance, advanced Application Policy, and Network as a Sensor.

◈ Granular Visibility: Model-driven telemetry (MDT, otherwise known as Streaming Telemetry) provides a mechanism to stream data from Switches, Routers, and Wireless devices to a destination. By subscribing to a data set defined in a YANG model, the specific event data can be streamed on-change, providing near-real-time monitoring of the network, leading to quick detection and rectification of failures.
◈ Intelligent Capture: Gather contextual data ranging from live client onboarding to on-demand RF scanning to real-time Wi-Fi analytics and client location. Actionable insights are provided by analyzing packet captures across multiple network elements, with zero packet loss.


Simplified Management for an Always-on Network


Network Automation is a new paradigm for network configuration, operation and monitoring. Cisco’s solution delivers the following across wired and wireless in the Enterprise:

◈ Automated device provisioning: This is the ability to automate the process of upgrading software images and installing configuration files on Cisco Switches, Routers, and Wireless devices when they are being deployed in the network for the first time. Cisco provides turnkey solutions such as Plug and Play (PnP) that enable an effortless and automated deployment. Automatic device provisioning is also provided using Zero Touch Provisioning (ZTP) which, while not a turnkey solution like PnP, is offered for greater flexibility and compatibility with numerous device types.

◈ API-driven configuration: support a wide range of automation features and provide robust open APIs over Network Configuration Protocol (NETCONF) using YANG data models for external tools, both off-the-shelf and custom built, to automatically provision network resources. Most platforms also support Restconf and GNMI APIs.

◈ Seamless software upgrades and patching: To enhance OS resiliency, Cisco IOS XE supports patching, which provides fixes for critical bugs and security vulnerabilities between regular maintenance releases. This support allows customers to add patches without having to wait for the next maintenance release.

◈ Application Hosting: Cisco Switches and Routers support hosting of applications directly in the infrastructure. Container/VM App hosting for Analytics, Security, IOT, Validation/Troubleshooting tools (Wireshark, iPerf, etc), Cloud Connectors, CI/CD applications, and more. These platforms support local storage starting from 120GB and above to store application data.

Orchestrating and Assuring the network from an Enterprise-wide view


Custom ASICs enable Cisco to future proof customers for the ever-changing digital businesses, by delivering beyond standards. Modern and modular IOS-XE support across the portfolio supports IT simplicity and scale. More importantly, all Cisco’s next generation platforms are built from the ground-up for Intent Based Networking (IBN). Cisco SD-Access, Cisco’s IBN architecture for the Campus, provides automated end-to-end segmentation to separate user, device and application traffic.

Cisco SD-Access automates user access policy so organizations can make sure the right policies are established for any user or device with any application across the network. Instead of defining a policy for your LAN, wireless LAN and WAN, you only define it once and apply it to all three domains. SD Access provides the ability for “policy-based automated network enforcement” for access, security, application quality and monitoring, across ALL network domains. Cisco SD-Access delivers macro-segmentation using Virtual Networks (or VRFs) and micro-segmentation using Scalable Group Tags (SGTs). VXLAN is the dataplane encapsulation protocol carrying the Virtual Networks and SGTs and forwarded with the specialized silicon in the hardware platforms, while LISP is the fabric Control Plane protocol keeping track of devices and users as they connect and move in the fabric.

“It is clear that SD-Access is the future; it is the only way we can keep up with the explosion of connected devices” 

Cisco DNA Center is the single pane of glass where all of this comes together. It is the single point of Orchestration, Automation, and Assurance for the network.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications, Cisco Study Material

◈ Automation for Provisioning: Software Image Management (SWIM) manages the images for your network devices and, when it detects a device is not conformant with images deemed as “Golden” in your environment, can automatically update the device. Cisco Plug-n-Play (PnP) enables zero-touch deployment for new devices as they are added to your network.

◈ Analytics for Assurance: Cisco DNA Center receives contextual information from the network devices, endpoints, and applications and delivers rich assurance functionality. It delivers unprecedented visibility, proactive insights, real-time troubleshooting, and predictive performance.

“The new Cisco Catalyst 9000 provide us performance we need, and the security features that are critical for our healthcare records. The new network, powered by Cisco® Digital Network Architecture (Cisco DNA), gives us granular insight into who’re the users, the devices they use, and the applications they access—all with the ability to learn and adapt to changes and needs in the network.”

Cisco DNA Center is also the place where the network can be designed, policy is created, and devices are deployed in the network, for SD-Access (fabric based) and non-fabric based environments. Next time we’ll explore DNA Center a bit closer. In the meantime, here is a teaser showing Wired and Wireless Client Health in DNA Center.

Cisco Tutorial and Material, Cisco Guides, Cisco Learning, Cisco Certifications, Cisco Study Material

Wednesday, 16 May 2018

Cisco ACI and NetBrain: Delivering Application-Centric Network Operations

Introduction


We launched Cisco ACI – NetBrain joint solution that extends NetBrain core capabilities to Cisco ACI. This blog is meant to raise awareness on how this solution and its key features benefit customers to transition to an Application-Centric Datacenter and further optimize Day-2 data center network operations.

Cisco ACI, Cisco NetBrain, Cisco Tutorials and Materials, Cisco Learning, Cisco Data Center

NetBrain is renowned for its network automation and troubleshooting capabilities and has regularly featured in Gartner’s Market guide for Network automation. NetBrain also boasts a strong 2000+ Enterprise customer base to complement its numerous awards and innovation recognition.

Cisco ACI is a market leading, SDN based networking technology that keeps applications as the focal point of data center infrastructure and enables the creation of an agile, open and secure architecture.

Challenge


Transitioning to an Application Centric data center and getting used to the new network operation model is a gradual process. To ensure a smooth transition, it is important to have tools to manage this heterogeneous network environment, where modern SDN based, open networking technologies are deployed alongside legacy networks. In such a scenario customers struggle to get deep visibility, effectively monitor and troubleshoot security and change management issues without impacting SLA.

Solution


Cisco ACI, Cisco NetBrain, Cisco Tutorials and Materials, Cisco Learning, Cisco Data Center

The NetBrain solution for Cisco ACI provides a single consistent view containing both network-centric and application-centric contexts of data centers, aiding enterprises to seamlessly transition to an application-centric, intent-based network enabled by Cisco ACI. The integration creates a scalable, versatile automation platform to provide network visualizations and automation for “Day 2” operation workflows, giving network operations teams deeper network visibility and enhanced workflow management for operational tasks.

NetBrain utilizes ACI open REST API framework to collect network data which feeds into its modeling engine. The resulting data model is used to dynamically create visualizations and serve as the foundation for automation and troubleshooting.

Key Use Cases and Benefits


◈ Enhanced visibility across heterogeneous infrastructures

The solution provides numerous forms of visualizations that allow users to visualize ACI network alongside legacy networks, trace application path end-to-end among other visualizations capabilities thereby providing a deep understanding of different design aspects in a heterogeneous environment.

◈ Real-time insights

With the solution, the user can superimpose different data sets from ACI as well as from other management systems in a single consistent view getting powerful change management, correlation, and troubleshooting capabilities.

◈ Cross-organization collaboration and Knowledge management

Using the integration, users can code best practices and solutions to known problems in the form of a Runbook automation routine and share across the organization. This fosters not only better cross-organization collaboration but also helps enterprise move towards standardizing their troubleshooting workflows.

◈ Reduced resolution time

Leveraging executable Runbook monitor the solution can monitor incidents and trigger a “Level-0” troubleshooting diagnosis as the first course of action. This utility can be further integrated with any ticketing and monitoring solution for expedited incident management.