cisco application centric infrastructure roadshow...• the configuration of the span aggregator...

Cisco Application Centric Infrastructure Roadshow

Wednesday, 2. April 14

Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

§  Business and IT trends §  Cisco Open Network Environment (ONE)

§  Lunch

§  Cisco Application Centric Infrastructure (Data Center)

§  Cisco APIC Enterprise Module (WAN & Access)

Cisco ACI Roadshow - Agenda

Cisco Open Networking Environment

Wednesday, 2. April 14


§  Understand Cisco ONE vision §  Comprehensive answer to SDN §  New licensing scheme to simplify consumption

§  Understand the main Cisco ONE characteristics: §  Complete solution (as opposed to fragmented approaches) §  Open ecosystem §  Open for customers (no architecture is forced upon them)

Session objectives


Cisco O

NE

Ser

vice

s

UNIFIED PLATFORM

APPLICATIONS

INFRASTRUCTURE

Data Center WAN Access

Element Management

Provisioning Infrastructure

Security & Policy

Orchestration

Service Management Application

Security, Policy &

Compliance

DC WAN ACCESS

Simplify Application Delivery


Controllers Data

Sovereignty Virtual Services

APIs

Hybrid Cloud

Fragmented Approaches Creating Increased Complexity

Element Management

Provisioning Infrastructure Security & Policy

DC WAN ACCESS


Announcing the Cisco ONE Platform Enabling Application Centric Infrastructure

Element Management

Provisioning Infrastructure Security & Policy

DC WAN ACCESS

Faster application deployments

Consistency and agility across the Enterprise

Improved application availability with faster remediation

Increased security and productivity with automation

Cisco ONE PLATFORM

APIs

APIs


WAN Data Center Access Infrastructure Domains

Controller, Virtual Switch, Northbound/Southbound APIs Cisco ONE Essentials

ACI Fabric, L2/L3 Services, Infrastructure Management Cisco ONE Foundation

Policy-Based, Optimized End-to-End Application Delivery Cisco ONE Advanced Application Services

Comprehensive Network Security and Threat Defense Cisco ONE Advanced Security Services

Cisco ONE Software Platform


Infrastructure Domains Data Center WAN Access

Cisco ONE Platform in the Data Center

Cisco ONE Advanced Application Services InterCloud

Cisco ONE Advanced Security Services ASA Web/Email Sourcefire

Cisco ONE Foundation

Prime ACI Fabric UCS Director

Cisco ONE Essentials

ONE PK N1KV DevKit



InterCloud

ASA Web/Email Sourcefire

Prime ACI Fabric UCS Director

N1KV DevKit ONE PK

Cisco ONE Across WAN and Access

Cisco ONE Advanced Application Services UC Gateway WAAS AVC CMX AVC

Cisco ONE Advanced Security Services Firewall AnyConnect ISE/TrustSec Cloud

Web Security VPN


CSR AP License, L2/L3 Switching Prime Prime


DevKit ONE PK DevKit ONE PK



Simplified Licensing with Logical Suites

Cisco ONE Advanced Application Services

Cisco ONE Advanced Security Services



Enterprise Security Suite

Data Center Foundation WAN Foundation Access Foundation

Cisco ONE Suite for DC

Cisco ONE Suite for WAN

Cisco ONE Suite for Access

Included with SmartNet and Collaborative Services


Spring/Summer 2014

Pricing & Offer Details

APIC Controller Availability

Enterprise Module Availability

InterCloud Availability

Fall/Winter 2014

Cisco ONE Platform Availability

ELA & Subscription Licensing Models

Announced in February

Cisco ONE Platform

Cisco InterCloud

Cisco APIC Enterprise Module

When is this Available?


Cisco ONE partner community Introducing Cisco DevNet

Innovative Apps | Compelling Apps

ONE DevKit Common Northbound APIs

API Development

Engineering SDKs Strategic and Tactical Marketing Cross Platform Support

Access to Testing Lab

Developer Support Community Management

DevNet Portal Live

Jan Feb Mar Apr Dec

Cisco Community &

DevNet Integration

ONE PK Developer Support

APIC Enterprise

Module Sandbox

DevNet Portal

DevNet APIs and SDKs

DevNet Sandbox Platform

DevNet Hackathon

(May)

To Create a Community of Software Developers who Leverage Cisco Technology in Their Work Innovative & Compelling Apps


“Cisco is late to the SDN game” Really?

http://www.openserversummit.com/English/Collaterals/Press_Releases/2013/20131021_ITBrandPulse_InnovationLeaderAwards.pdf


Cisco ONE: Infrastructure Programmability If you want you can program, but you don’t need to

SNMP (v1, v2, v3), Syslog, NETCONF, RMON, CLI

Programmable

•  NX-API •  JSON-RPC •  XML/JSON

•  Python scripting •  Customizable CLIs •  BASH access •  Broadcom shell access •  Linux containers •  OpenFlow support •  Cisco onePK™

Automation and Orchestration

•  Puppet

•  Chef

•  OpenStack network plugin

•  XMPP support

•  OpenDaylight integration

Visibility

•  Dynamic buffer monitoring

•  Enhanced Ethanalyzer

•  SMTP email “pipe” output

•  Embedded Event Manager (EEM)

•  Flow monitoring

•  vTracker


Did you know?

“Managing Cisco Devices using Puppet”: http://www.youtube.com/watch?v=ai_93hUlmt0


Quiz:

When did Cisco include into IOS programmability with “Embedded Event Manager” (TCL scripts) ?

• 2000


§  Open-source controller

§  Main industry players support the initiative

§  Multiple northbound and southbound APIs

§  Base controller code provided by Cisco

§  Cisco will provide commercial versions of Open Daylight

Open Daylight Cisco’s reference for controller architecture


Traditional traffic visibility in the DC Lacking flexibility and scalability

Analysis appliances / modules (like Cisco NAM)

Challenges:

•  Some people need more analysis appliances (like IDS, Web site analytics, ad hoc Wireshark for troubleshooting, etc)

•  In many DCs the bandwidth to analyze exceeds the capacity of a single appliance: a scale-out approach is required


Solution: create a monitoring network All production traffic is sent via SPAN or TAPs to the monitoring network

“SPAN aggregator

switch”

NAM appliances

Challenges:

•  The configuration of the SPAN aggregator switch becomes “interesting”

•  What if you need two SPAN aggregator switches?

Other analysis appliances (IDS, Wireshark, etc)

General purpose switch (unflexible) Or

Purpose-built switch (expensive)


SPAN aggregator switch: life can be hard… Using a standard Ethernet switch as SPAN aggregator has limitations

•  N ingress ports (as many as switches in the production network)

•  M egress ports (as many as analysis appliances)

•  Forwarding rules examples:

•  Send all traffic to appliances 1 and 2

•  Send HTTP traffic to appliance 3

•  Send Applications X and Y to appliance 4

•  Have you tried to do the above with VLANs/VACLs?

•  What if you need 2 SPAN aggregator switches?

“SPAN aggregator switch”

Analysis appliances (Troubleshooting, IDS,

Performance, Wireshark, etc)

Production network devices

Traffic coming from TAPs or SPAN sessions

Traffic selectively forwarded to specific appliances


§  Introduce OpenFlow non-intrusively in your organization

§  Cost-effective, flexible solution to gain more intelligence out of your network traffic: gain visibility into what is going one in your network!

Example with Cisco commercial version of Open Daylight Controller Application: TAP aggregator using OpenFlow

Cisco OpenDayligh

t

Cisco Network Analysis Modules (NAMs)

Other analysis appliances (IDS, Wireshark, etc)

Nexus 3000

Openflow

Monitoring Network Production

Network

Mirrored Traffic


26 26

Network architectures in the DC

Virtual Networking

Network Fabrics Application Centric Infrastructure

Cisco Open Network Environment

Federated Clouds

Supported infrastructure

Full Cisco Nexus portfolio Anything Cisco Nexus 9000


§  Scalable, flexible networks §  Technology examples:

§  Virtual Port Channels enable non-blocking redundant architectures §  Fabric Extenders enable management simplification §  FabricPath enables flexible L2 topologies like spine/leaf or large domains §  Unified Ports and FCoE enable consolidation of storage and data fabrics §  BiDi optics enable low-cost transition to 40GbE

§  With a rich switching portfolio to meet every need

§  Dynamic Fabric Automation takes a DC network to the next level

Data Center Network Fabrics Network Fabrics


Data Center Network Fabrics Dynamic Fabric Automation: the next level

Fabric Management

DFA consists of four modules, that can be deployed individually or together for a comprehensive solution

Workload Automation

Virtual Fabrics Optimized Networking

Centralized Management XMPP

Zero-touch provisioning Cable consistency checks

Orchestration integration Workload-aware fabric Automated provisioning

Any subnet anywhere Reduced failure domains Scalable Multitenancy

Network Fabrics


Cisco Virtual Networking Virtual

Networking

Tenant A

Nexus 1000V

Nexus 1000V

•  Distributed switch •  NX-OS

consistency

Security

•  Zone-based FW •  Edge FW

Application

•  Application visibility

•  Application performance

•  WAN optimization

InterCloud

•  Flexible Hybrid Cloud

Routing

•  Virtual router •  WAN L3 gateway

•  Routing and VPN

ASA 1000V Cloud

Firewall

Cisco Virtual

Security Gateway

(VSG) vWAAS

Citrix NetScaler

VPX

Imperva SecureSphere

WAF Cloud Services Router 1000V

Zone A

Zone B

vPath VXLAN

Multi-Hypervisor (VMware, Microsoft*, RedHat*, Citrix*)

Ecosystem Services

•  Citrix NetScaler VPX virtual ADC

•  Imperva Web App. Firewall

Any Physical Infrastructure (Compute, Network, Storage)

Ciisco vNAM


Innovation Example: Cisco VXLAN Gateways Connecting physical workloads to a virtual overlay

L3 VXLAN gateway: L3 services VM (CSR 1Kv / ASAv)

L2 VXLAN gateway on Nexus 1110

L2 VXLAN gateway on physical switch

L3 VXLAN gateway on physical switch

Virtual Networking


Example: Cisco Intercloud

Public Cloud

Cloud Services

Hybrid Cloud: The Best of Both Worlds

Dev/Test: Quickly develop in cloud and run production in data center

Capacity Augmentation: Build the base and rent the peak

Disaster Recovery: Deliver as a service, reduce complexity and cost

Data Center

Private Cloud

Virtual Networking


Current Approaches

Cisco InterCloud

Customer

Choice Open

vCloud Hybrid Services™

Homogeneous + Custom

Providers

Open Workload Mobility

Virtual Networking


Cisco InterCloud

Customer Cloud Providers

& Cisco Powered

Services Choice Open

Cisco’s Hybrid Cloud Differentiation

Open Ecosystem

No Cloud Vendor Lock-In Any Hypervisor to Any Provider Heterogeneous Infrastructure

End-to-End Security Data Sovereignty Workload Mobility Across Clouds

Virtual Networking


Cisco InterCloud Solution Overview

Enterprise DC / Private Cloud Provider Clouds

vSphere

Hyper-V

OpenStack/KVM

CloudStack/Xen

InterCloud Business Edition

End User & IT Admin Portals

Secure Fabric, Network,

Compute & Storage

Azure APIs

EC2 APIs

InterCloud Provider Enablement Platform

Cloud Providers Cisco Powered

Services

Brokered Services

Virtual Networking


Cisco InterCloud: Secure Workload Mobility Hybrid Cloud for burst capacity or dev/test machines

Private Public

Choice: Freedom to place workloads across heterogeneous Private and Public Clouds

Consistency: End-to-end workload security with consistent extension of Private Cloud policies to Public Cloud environments

Cisco InterCloud

Control: Unified management and networking to move workloads across clouds

Compliance: Assurance that all employees adhere to IT policies when using Public Cloud services

Sustained Workloads Variable Workloads

Virtual Networking


§  Simplifying IT, increasing agility §  Delivering on the promise of SDN §  Providing customer choice and flexibility §  Open ecosystem, driving innovation §  Only Cisco: breadth, depth, leadership

Cisco ONE Platform


After lunch we will see Cisco’s Application Centric Infrastructure

Thank you.

cisco application centric infrastructure roadshow...• the configuration of the span aggregator...

Documents