Cisco Introduces 100G Service Edge To The Catalyst 8500 Family

Vrrroooom!  Vvrrrrooooom!  Did you hear the rumble? The fastest Catalyst 8500 Series Edge Platform with four times more horsepower is ready to tear up the road! Cisco just launched its highest-performing Catalyst 8500 Series Edge Platform- C8500-20X6C.

Architects today want to build networks that deliver the best secure application experience at scale, with better power efficiency. Cisco Catalyst 8000 Series Edge Platforms are designed to make this happen. In particular, the C8500-20X6C has highly scalable feature sets for Routing and SD-WAN deployments. It is the ideal platform for Multi-Tenant Edge/Hub, Colocation hosted Multi-Cloud Gateway, Border Router in Multi-Region Fabric (MRF), SD-WAN Remote Access aggregation, IPsec Gateway for Private 5G-IoT endpoints, multi-cloud services edge, and more…

Built using the third generation of QuantumFlow Processor (QFP), the latest addition to the portfolio inherits feature parity with the existing Catalyst 8500 Series, comes with built-in high-density, high-speed 100/40GE interfaces and offers hundreds of Gigs of scalable services.

Deploy WAN Innovations At Scale

Cisco SD-WAN offers best-in-class features for modern WAN environments in a multitude of architectures. The C8500-20X6C is a highly flexible and scalable SD-WAN headend. With 100Gbps aggregate IMIX performance, it simplifies network designs eliminating the complexity of horizontal scale-out. In a Multi-Region Fabric deployment, it can be deployed as a Border Router to increase fabric scale and span across multiple regions. Multi-Tenancy (MT) is another great innovation for sharing the C8500-20X6C platform hardware among multiple tenants in a colocation deployment. Complete isolation of control and data plane is offered for each tenant within a shared physical platform configured as MT-Hub, MT-Gateway, or MT-Edge.

When used as SD-WAN Remote Access (SD-WAN RA) aggregation edge, it allows remote users to enter the fabric at the nearest entry point and benefit from an SD-WAN-driven application experience. Unlike other industry remote access solutions, the Cisco SD-WAN RA solution provides a consistent policy and user experience regardless of whether users are inside the office or at a remote location while offering the lowest TCO.

On routing edge deployments, the C8500-20X6C offers secure WAN aggregation and scalable endpoint aggregation for Private 5G-IoT using well-established VPN technologies. It can be used for DCI (Data Center Interconnect), SD-Access, and Network Infrastructure use cases with higher performance.

C8500-20X6C can operate as a service edge for private cloud infrastructures. It could also be a multi-cloud gateway placed in a colocation space offering high-scale services.

Figure 1: C8500-20X6C offers scalable services for Enterprise, and Service Provider edge deployments

What Makes C8500-20X6C An Industry-Leading Services Edge Platform?

Two important dimensions for service edge platforms are data plane and control plane performance and scale.

A total of 3584 threads from 896 Packet Processing Engines (PPEs) in an intelligently meshed 4 QFP complex form the data plane for applying accelerated services. A high-speed 8-core Intel CPU is used for the control plane and adds a boost to control functions. Intel’s QuickAssist Technology (QAT) enables faster IPsec session creation. Two mirrored 160Mb TCAMs enable lightspeed classification rules for accelerated policy executions in the data plane offering increased services scale.

The C8500-20X6C has six QSFP28 ports for 100/40Gbps and twenty SFP+ ports for 10/1Gbps ethernet connectivity. All interfaces can be enabled and used simultaneously. They offer line rate MACsec for path encryption and Synchronous Ethernet for network-timing needs. The platform is built with sufficient buffering ability to handle I/O over-subscription and ensure traffic prioritization.

The platform offers more x86 cores for edge-compute service planes to host KVM and LXC applications including ThousandEyes monitoring.

Figure 2: Cisco Catalyst 8500 Series Edge Platform Portfolio

A Secure Platform You Can Trust

The C8500-20X6C is trustworthy. It implements Trust Anchor module, Secure Boot, image signing, and runtime defenses to protect against modern cyber-attacks.

There are 64 crypto engines inside the QFP data plane. The crypto engines have dedicated resources for encryption and their use does not impact non-encrypted traffic. The digest and cipher algorithm instructions are built for scale. The cryptography occurs in line with the forwarding functions to deliver ‘hardware accelerated’ multi-hundred gig crypto performance.

Helping Achieve Your Sustainability Goals

Often customers end up deploying scale-out architectures with multiple boxes when the aggregation performance needs cannot be met by a single device. In today’s business environment, sustainability is a key goal, usually measured as ‘Performance-to-Power’ ratio.   Using one high-performance C8500-20X6C vs multiple services platforms, customers can recognize up to 60% reduction in power per Gbps which will help organizations reach their energy efficiency goals.

Add Muscle To Your Network With C8500-20X6C

In summary, the C8500-20X6C will help flex your network’s performance boundaries to a new level.

◉ Raw packet processing power, hardware-accelerated crypto, and scalable services offer the necessary muscles for evolving edge networking use cases.

◉ Trustworthy solutions strengthen the platform against unforeseen network attacks.

◉ All of this with healthier power efficiency… a greener way for a scalable future!

Source: cisco.com

Continue reading

Evolution towards Full-Stack Observability

Applications are the front door for virtually every business, and they are under pressure to accelerate their digital transformation projects. Flawless application experience is a top priority, and 84% report that the need to maintain the performance of business applications is now more important than ever.

Modern Applications are complex

However, it is also more complicated than ever. Modern applications are built on top of microservices, running on cloud-native and hybrid cloud architectures, which are based on massively decentralized services, ultimately creating a complex and rapidly evolving environment. A small issue in one service can have a cumulative effect on the overall experience.

The information and experience required to operate these environments is scattered and siloed across different tools and teams. This reduces the ability to identify, prioritize, and effectively address the issues that are directly impacting the user experience and most likely the business and its brand and reputation.

Monitoring to Visibility to Full-Stack Observability

As applications are becoming more complex, the way we monitor and observe them should also change.

Earlier, we had monitoring – when each team had their own dashboard, which was built based on passive access of information, usually alerts and events that typically are built into the dashboard based on sampling. The main KPI that organizations were looking at was availability.

Then the industry evolved towards visibility – more active ingestion of Telemetry. In particular, the addition of metrics, events and logs, and root-cause analysis. But still each team or domain had their own tool. Performance was the main KPI for visibility.

Now industry is building on monitoring and visibility, into Full-Stack Observability. Business context is getting added to the conversation. In addition to metrics, events and logs, tracing is added for measuring the experience end-to-end for cloud-native applications. Security also comes to the forefront with FSO. But the most important change we are seeing in the market today is the ability to do full-stack observability across multiple domains and multiple teams because traditional monitoring and/or silo visibility does not work in a world that is driven by hybrid or cloud-native deployments. Full-Stack Observability provides business context with availability and performance so that you can monitor the experience.

Source: cisco.com

Continue reading

Boost your 80km links to 100G with QSFP-100G-ZR4-S optical modules

Introduction

Cisco’s QSFP-100G-ZR4-S pluggable module

Data-intensive applications like streaming video, cloud computing, and 5G wireless are triggering massive increases in bandwidth demand even in remote areas. To keep up, service providers and network operators need to upgrade existing 10G networks with mature 100G optics. 100G QSFP28 pluggable modules are already in broad deployment across reaches from 100m to 40km. The problem is that traditional 100G QSFP28 modules are not designed to operate beyond 40km distance.

Previously, organizations wanting to upgrade their 80km 10G links had to either add external amplifiers (and possibly repeater huts) to their 40km 100G QSFP28 solutions or use coherent transport systems. Both approaches increased cost and complexity. For enterprises, service providers, telcos, and wireless carriers operating in remote areas, those solutions don’t fit the business case—but neither does continuing to invest in 10G links.

These network operators have been waiting for a cost-effective 100G QSFP28 module capable of operating up to 80km distances. Today, the wait is finally over.

With an advanced design incorporating an integrated semiconductor optical amplifier (SOA), Cisco’s QSFP-100G-ZR4-S modules provide a simple and economical 100G solution for a variety of extended-range applications requiring 80km reaches. Rather than installing or leasing new fiber to meet demand, network operators can upgrade existing 10G modules to the QSFP-100G-ZR4-S to gain a huge bandwidth boost and reduce cost per bit. Often times there is an unused 100G QSFP28 port available on existing equipment. The additional capacity enables operators to dramatically upgrade their offerings, bringing in new revenue streams. They can do this while , transforming their network and cutting costs.

QSFP-100G-ZR4-S equips network operators to dramatically upgrade their networks.

The QSFP-100G-ZR4-S in action

The QSFP-100G-ZR4-S addresses several application areas:

◉ Enterprise: From retail to manufacturing, healthcare to remote offices, today’s enterprises require high-speed connectivity to link facilities across increasing distances. With its extended reach, the QSFP-100G-ZR4-S provides greater flexibility to build a network that best suits the business.

◉ Connecting to a regional data center: To reduce IT operating costs, businesses are offloading applications to the cloud. With the QSFP-100G-ZR4-S, organizations can reliably transmit more data across high speed links to data centers over distances of up to 80km.

◉ Rural broadband: As service providers expand access to under-served and unserved rural communities, the 80km reach of the QSFP-100G-ZR4-S provides an effective solution for remote regions where distance, power, cost, and space are key factors.

◉ Mobile: With the rollout of 5G, wireless providers need 100G links to aggregate 4G and 5G traffic. QSFP-100G-ZR4-S modules deliver, offering long enough reach to serve distant decentralized locations at reaches up to 80km.

Source: cisco.com

Continue reading

Women Technical Leader Incubation Program (WTLI) in India

Cisco IT has launched a women technical leader incubation program to support and encourage women in technology. The initiative, which has been run in-house, offers training and development for women to build leadership skills. Its four-pillar framework of experience, education, empowerment, and exposure was designed to enable women to “confidently build their path in technology with skilled guidance and opportunity.” An added hackathon-style event proved “beneficial to garner employee engagement and enthusiasm.”

Overview

Women empowerment has shattered many myths and altered numerous mindsets around the world. Although technology is an open arena for leaders of any gender, the number of women leaders remains low. Retaining and developing women’s technical talent is a challenge, and the numbers can be discouraging. Cisco IT conducted a survey with site leaders, managers, women leaders, and women employees to determine why there are fewer women in technology. The reasons ranged from the lack of female role models to the perpetuation of myths, such as imposter syndrome, as well as the lack of opportunities to network, train, and provide a platform for empowerment.

Cisco IT initially implemented a gender-neutral Technical Leadership Initiative in India, but this did not bring women to the forefront. According to the survey, women who take a career break find it difficult to keep up with the latest technology and upskill. Many who return to work after a leave period, or a sabbatical, feel outdated. These insights led to the creation of a specific program for women.

A Unique Program

With this in mind, Cisco IT developed and launched a unique program in-house to address the challenges and obstacles faced by women in the technology industry. This innovative platform provides enterprise women leaders with an opportunity to work together on cross-functional business problems and serve as role models for other women. The goal of the program is to empower women and help them become the leaders they aspire to be.

The framework

To support and empower women in the technology industry, Cisco IT developed the program with four key pillars: experience, education, empowerment, and exposure. This holistic approach provides women with the guidance and opportunities they need to confidently pursue and build successful careers in technology. The program was developed in early February, and the first cohort of participants began their projects in May 2022.

In line with its efforts, the program followed a rigorous nomination process and ultimately selected 20 women to participate. The participants were then divided into four cohorts with cross functional expertise and given projects with a coach to learn and apply the four-pillar framework.

1. Education

To provide participants with the best possible learning experience, the program leveraged a variety of soft skills and leadership training courses available on Degreed. These courses were facilitated in group settings to encourage active collaboration and practice. In addition, a defined technical leadership curriculum was developed, and the latest technology trainings were made available to participants. Key players in the cloud technology industry, such as AWS, also contributed training sessions in a group forum. Hackathon-based events were also organized to engage and energize participants.

2. Experience

After completing their training, it was important for the participants to gain practical experience. To provide this opportunity, technology leaders from across Cisco came together to design cross-functional business problems for the participants to work on. This allowed the participants to shadow the leaders and gain hands-on experience, breaking the traditional mindset of project execution and fostering leadership skills. It also facilitated connections across different parts of the organization, helping participants develop their business acumen.

3. Exposure

To provide the participants with diverse perspectives and guidance on their projects, the team brought in Principal and Distinguished Engineers from various functions across Cisco to serve on the advisory board. The board held a mix of panel discussions and role-model series featuring successful women leaders who shared their experiences and insights on topics such as work-life balance and making difficult decisions. These sessions provided valuable guidance and inspiration for the participants.

4. Empowerment

To celebrate the completion of the program, each participant presented a lightning pitch to Cisco CIO Fletcher Previn. This was a rewarding and empowering experience for them. It also enabled them to identify a sponsor through Cisco’s Multiplier platform, where the power of sponsorship is leveraged to increase a pipeline of diverse talent. Additionally, the participants had the opportunity to participate in one-on-one speed mentoring sessions with women leaders from across Cisco, which helped them chart a career path forward.

Valuable Outcomes

The program empowered women employees to make their own decisions, define the scope of their projects, engage with stakeholders, and become thought leaders in their fields. Most of the participants went through career progression by taking on challenging responsibilities, increased scope or being part of complex technical projects, with better visibility and technology stack, ever since the culmination. One participant even had the opportunity to speak at Cisco Live as a technical expert.

The program has received overwhelmingly positive feedback from both participants and coaches involved. One major advantage of the program is its ability to retain and develop in-house talent, which can be challenging in the current global environment. The program offers women the opportunity to enhance their skills and break new ground in technology. Many participants who were originally part of a technical team are now leading their own teams, tackling new challenges with confidence.

Overcoming Challenges

One of the main challenges of the program was to break down the myths and misconceptions that held women back. Because of career breaks and a conventional mindset, women often lacked confidence and were hesitant to ask for what they needed or negotiate for better opportunities. These negative biases made them feel excluded from innovative projects.

The solution took five to six months to develop, as the team worked with multiple vendors to provide training, coordinated with site leaders for nominations, consulted with Principal Engineers to identify business use cases, and worked with the Learning and Development team to review progress.

The program was launched during the COVID-19 pandemic, which made it difficult as the virtual format made it challenging to provide effective training in soft skills. However, as the program gained momentum, it became more interactive and effective.

Manager support was key to help employees balance work and training, making the program a success with huge positive impact for all participants.

Future: Where there is intent, opportunities are limitless.

Preparation for the next phase of the Women’s Technical Leadership Initiative (WTLI) Program is underway, with plans to implement it in March 2023. The team is also evaluating expansion to more locations across the globe. With the support of Cisco’s senior leadership, we are confident that the program will be successful and help bring more women technical leaders to the forefront.

Source: cisco.com

Continue reading

New Cisco hybrid work offers: Helping you reimagine the employee experience

Getting Hybrid Work “just right”

The concept of “hybrid work” is getting a lot of attention as more companies are trying to determine the right mix of remote and in-office presence for their employees. This challenge is also highlighting a lack of understanding on the best ways to support a hybrid workforce to achieve improvements in productivity and office space optimization.

We have learned a lot at Cisco from our 15+ years of experience in creating the best experience for employees to get work done instead of worrying about where the work gets done. Creating this employee experience took much more than stitching together a collection of technology products, vendors, and commercial support models. Instead, we focused on delivering the hybrid work experience as a business outcome. By taking this holistic approach, we have seen some impressive results that are flowing through to our bottom line:

◉ Helping us to be rated #1 Best Place to Work for multiple years, and with less than half of the average industry attrition.

◉ Enabling our Real Estate teams to invest in higher quality, more modern and sustainable work environments with 30-50% less space, and with better employee experiences.

◉ Scaling of IT processes, infrastructure, and applications to support secure hybrid work for tens of thousands of employees worldwide.

Re-imagining the employee experience

One of the major obstacles we had to overcome was making hybrid work easy for non-technical employees without much IT expertise. After all, hybrid work should not require your employees to be their own IT manager.

To get employees productive quickly, we pre-install our hybrid work software package on employee laptops. Webex is the best platform for collaboration. Secure Endpoint, Duo, Meraki Systems Manager, and Umbrella provide world-class security that frustrates attackers, not users. And ThousandEyes Endpoint Agent enables remote troubleshooting, so employees do not need to go into the office for IT help.

We also added our Meraki networking for fast, secure home office wireless. To ensure that remote workers can fully engage with anyone in the office, we include a Cisco 4K video camera and headphones with a large video monitor. Combined with Webex, this solution provides outstanding video and audio quality.

The best part is the employee experience. The employee just turns on the laptop and is automatically connected. Simple. No technical experience needed.

What’s new?

Our business outcome approach to hybrid work has been hugely popular with Cisco employees. We want to make our experience YOUR experience. I’m thrilled to announce the availability several new offers with special pricing that make it easier to design, purchase, and implement hybrid work for your own organization. These new offers include:

1. Detailed design guides for Work from Office renovations.

2. Cisco Validated Framework documentation for IT managers to deploy Work from Office.

3. New commercial construct –

◉ Hybrid Work Software Offer — Powered by Enterprise Agreement 3.0, this is the best value in the industry for hybrid work across collaboration, security, digital experience monitoring, and mobile device management.

◉ Hybrid Work Home Offer – Our work-from-home expertise for delivering collaboration with different devices and networking at special pricing.

◉ Hybrid Work Office Offer – Helping companies build sustainable spaces that are optimized for hybrid work.

Source: cisco.com

Continue reading

Enforcing Zero Trust Access with Cisco SD-WAN

As applications become distributed across clouds, data centers, SaaS, and to the edge, enterprises need to enable secure access to these applications for their workforce from anywhere. Implementing Secure Access Service Edge (SASE) is a preferred method for enabling secure access to distributed applications by a hybrid workforce and the growing number of IoT devices.

Zero trust is one of the most common starting points for enterprises that are embarking on their SASE journey. Many enterprises are either in the process of adopting zero trust or have already adopted it. The initial transition was primarily driven by a large number of remote workers as a result of the pandemic. However, many enterprises are now transitioning to hybrid environments with the workforce distributed from campuses to branches to home offices.

This hybrid work environment, along with increasing reliance on distributed cloud and SaaS applications, requires a network architecture that provides scalable and distributed zero-trust security enforcement close to endpoints and people using them. This maximizes bandwidth utilization of the WAN link while ensuring that there is no central choke point where all the traffic needs to be redirected. In addition, in order to thwart real-time threats, IT needs the network to continuously monitor and assess the security posture of devices after application access is granted.

The latest enhancements in the SD-WAN security architecture are designed to support this new paradigm of distributed applications and hybrid workforces. Now, the tight integration between Cisco SD-WAN and Cisco Identity Services Engine (ISE) enables IT to employ zero trust security functions for the traffic that goes through an SD-WAN fabric.

Cisco ISE Configures Security Posture in SD-WAN Fabric for Zero Trust

Delivering a Zero Trust methodology for SD-WAN traffic requires four key functionalities: application access policies based on the desired security posture (who can access what); security controls for admitted traffic; continuous enforcement; and immediate adaptation to security posture changes—all enforced with a consistent model for on-prem, mobile, and remote devices and workforce.

Cisco ISE supports the configuration of security posture policies in SD-WAN fabric. When a person’s device or an IoT endpoint connects to the network, the posture of the device is evaluated based on the configured policy, and an authorization decision is made based on that outcome. For example, an outcome of a device posture evaluation can be compliant, non-compliant, or unknown. This outcome of device posture evaluation determines an authorization policy, which can include the assignment of a Security Group Tag (SGT) and other authorization attributes to the device and owner. Details about how this is configured in Cisco ISE are captured in this technical article and video.

In addition, Cisco ISE shares the security group tags and session attributes with the Cisco SD-WAN ecosystem. This information can be leveraged by IT to create identity groups and associate security policies in Cisco vManage to enable access by specific user groups to applications over the SD-WAN fabric all the way to the edge.

The images of Cisco vManage console in Figures 1 – 3 illustrate the process of how Cisco vManage learns a set of security group tags from ISE.

Figure 1: Identity groups pulled from ISE and shown in Cisco SD-WAN vManage

Figure 2: Creation of identity lists which includes a group of security groups – identity lists are used in the security policy configuration

Figure 3: Security policy configuration based on identity lists

Monitoring of Security Posture Guards Against Attacks

Cisco ISE also supports a periodic reassessment of device posture. Any change in the posture will cause a change of authorization which results in a different security policy being implemented in the SD-WAN edge. This enables the network and endpoints to work in unison to enable zero trust capabilities. Following are three use cases to illustrate what is possible with the deep integration of Cisco ISE and SD-WAN solutions.

◉ IT can configure a posture policy that requires an Anti-Malware Protection (AMP) agent running on endpoints to identify malicious files. When the owner of a device connects to the network, the posture is evaluated and determined to be compliant with a running AMP agent. The compliant status results in a specific SGT being assigned to the traffic and associated authorization access. As an added benefit in this case, SD-WAN router will not execute the network AMP functionality when it is being run on the endpoint. However, if the AMP process on an endpoint is terminated either voluntarily or involuntarily, ISE will detect this through periodic posture assessment. The endpoint’s non-compliant status will result in a more restrictive SGT being assigned. On the SD-WAN router, a policy for non-compliant traffic will result in the execution of the network-based AMP function for the traffic originating from that endpoint. As a result the network and end-point work in unison to ensure that the right policies continue to execute properly.

◉ IT can configure posture policy that prevents the insertion of a USB device in an end-point. When a device connects to the network without a USB attached, the posture is evaluated by ISE as compliant, and therefore traffic from the device is allowed to pass through the network. If a USB is connected to the device, ISE will immediately detect the non-compliant status and do a change of authorization, assigning a different SGT which can be used by the SD-WAN edge to block all traffic from the device as long as the USB is attached.

◉ With Software-Defined Remote Access (SDRA), another key technology of Cisco SD-WAN, the traffic from remote workers and their devices is processed by the SD-WAN edge as well as subjected to ISE posture evaluation. This means that all the functions for accessing applications based on posture are applicable and available to both on-prem and remote endpoints.

Start the Journey to SASE with Zero Trust-Enabled Cisco SD-WAN

Cisco SD-WAN connects the workforce and IoT devices to any application using integrated capabilities for multicloud, security, and application optimization—all on a SASE-enabled architecture. Zero trust is a key capability of SASE, along with SD-WAN, enterprise firewalls, a cloud access security broker, secure web gateways, malware protection, intrusion prevention system, URL filtering, and DNS-layer protection.

As organizations make progress on their journey to SASE, Cisco SD-WAN’s rich security capabilities enable Zero Trust functions across SD-WAN traffic to secure the network and devices in a scalable, optimal, and cost-effective way.

Source: cisco.com

Continue reading

Common Database Infrastructure in Cisco IOS XE Software Simplifies 160+ Enterprise Devices

Developed by a global team of more than 3000 software engineers, Cisco IOS XE Software powers more than 160 Cisco enterprise platforms for access, distribution, core, WAN, and wireless — with many different form factors and combinations of hardware and software. One of the main reasons the software stack can encompass such a large portfolio of enterprise networking products is due to a common database and database-centric programming model across all platforms.

It started with the Cisco 1000 Series Aggregation Services Router (ASR 1000) in 2004, where every state update to the data path went into and out of an in-memory database. Since 2015 and Cisco IOS XE version 16.1.1, many more platforms have been added, due in large part to the software stack’s consolidated database features that work across all platforms. From one platform supported by IOS XE to 160 in six years is an incredible industry run rate.

Here are some of the most useful and robust database features used across all Cisco devices that run Cisco IOS XE.

In-memory Database Power and Capturing Application Intent

Configuration and operational data in IOS XE devices are stored in in-memory NoSQL graph databases. In addition to providing atomicity, consistency, isolation, and durability (ACID) functionality, IOS XE supports validation and default values, dependency management, replication, notifications, subscriptions, and consolidation.

Application database intent ― including schema, defaults, validation, and graph model ― are captured in a Domain Specific Language (DSL) called The Definition Language (TDL) that was developed by Cisco. Using TDL, developers can describe what they want to do, what data they want to model, and the rules for validation. Then the TDL compiler generates database interaction code in the language of choice for the application (e.g., C, Java, Python), as shown in Figure 1. If developers want to use a new language, they can still use the intent captured in TDL to generate code.

Figure 1. Utilizing DSL to Capture Database User Intent

Decoupling intent from implementation code provides tremendous architectural flexibility. For IOS XE, the back end is written in C to provide optimal performance. The front end uses a formal query system and can be in any language. We use a custom compiler with a Model-View-Controller (MVC)-based architecture to perform the magic of converting intent to front-end APIs.

This approach eliminates the need for data conversion for clients querying the database. As shown in Figure 2, applications can natively interact with the database through APIs regardless of the language of choice. The database can also be read by other applications and/or infrastructure (e.g., Web UI, CLI-based show commands, and other monitoring services).

Figure 2. Cisco IOS XE Applications Natively Interact with the Database

Runtime Infrastructure for Cisco IOS XE

Although the database infrastructure in IOS XE can use secondary storage as the database store, most of the applications use in-memory databases that reside in RAM. A transactional engine specifies ACID guarantees (e.g., a process launched by some user must request modifying the database and signal when it is done modifying it). Failure to complete the process results in the database being rolled back so it is never in an inconsistent state.

Figure 3. Runtime Infrastructure for Cisco IOS XE

The raw lookup data structure layer includes the infrastructure for indexing algorithm tables (e.g., hash tables, binary search trees). The graph layer is where user-specific database configurations like table connections, default values, and validation enforcement are performed. For example, a Wireless Lan Controller (WLC) tracks Access Points (AP) and clients connected to it. Clients are connected to the WLC through the AP. This wireless operational state may be modeled as AP and client tables, with each record in the AP table connected to a client table. It is important to note this is the internal state of the application. With IOS XE database runtime, this state can now be consolidated, exported, replicated for SSO, etcetera, while being performant enough to support the high-scale requirements for wireless.

Other Functions Enhanced with IOS XE Database Features

◉ Fast reload – On reload, a persistent, version-aware, binary configuration can be read faster than any text representation. In the past, reloading software on Cisco platforms could take up to 7 minutes. With Extended Fast Software Upgrade (xFSU), it takes 30 seconds or less. The hardware is never powered off and traffic keeps flowing while the control plane is maintained in an operational state during the reload process.

◉ Stateful Process Restart – Externalizing an IOS XE device’s configuration and operational state allows stateful restart processes. By saving the device’s state externally, it can be restarted and will continue where it left off.

◉ Horizontal Scaling – Consolidation of a device’s operational state allows for the elastic and horizontal scaling of processes based on changing application traffic patterns. There may be multiple copies of the same process, each with its own database, but Cisco enables databases to be consolidated into a single database, providing a global view, which makes it easier to spawn more processes horizontally.

◉ Stateful Switchover (SSO) – Databases on active and standby devices in a high availability configuration are continuously synchronized through replication to keep the standby device in a hot state, able to become active in case of a failure. Like stateful process restart, at the device level, SSO synchronizes one device through replication continuously.

◉ In-Service Software Upgrade (ISSU) – To ensure that versions of Cisco IOS XE that are running are correct across supervisor engines and other devices, databases in Cisco IOS provide per-object versioning support with build time checking for violations. This helps ensure a reliable ISSU.  ISSU orchestrates the upgrade on standby and active processors one after the other and then switches between them in the control plane so that there is zero effective downtime and zero traffic loss.

◉ Monitoring and Global Device View – A device running IOS XE provide a global view of its complex and varied operations, based on the consolidation of databases, which allows for greater real-time insights into configuration and operational data. Analysts can subscribe to specific data sets and request to be alerted when any changes occur to monitor the device more proactively.

Summary of Database Benefits in Cisco IOS XE

Database features in Cisco IOS XE allow devices to be reloaded in seconds, to maintain a state during restart and switchover. Applications can consume database records natively without any translation required. Intent can be gathered and code generated in any development language, ensuring resilience to regressions. Databases used by each device are consolidated into a global view, enabling the horizontal scaling of processes. The system supports version skew operation with per-object versioning.

It’s all relatively seamless across all 160+ Cisco IOS XE devices.

Source: cisco.com

Continue reading