routing underlay and nfv automation with dna center · routing underlay and nfv ... *mckinsey study...

Routing Underlay and NFV Automation with DNA Center

Prakash Rajamani, Director, Product Management

BRKRST-1888

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKPAR-4980

• DNA Center

• Software Update

• Routing Underlay Automation

• NFV Automation

• Cloud Connect

• Intent Based Networking

– Application Policy

• Conclusion

Agenda


The Current Enterprise Branch Landscape

Multiple DevicesRouters, Appliances, Servers

Costly to OperateUpgrades, refresh cycles,

site visits

Difficult to ManageDevice integration and

operation

Virtualization solves all these challengesBRKRST-1888 5

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6BRKRST-1888

What does this lead to?


Why are companies spending so much?

*

*McKinsey study conducted for Cisco in 2016

95% 70% 75%

OpEx Spent on Network Changes & Troubleshooting

Policy Violations Due to Human Error

Network Changes Performed Manually

7BRKRST-1888

The Cost of Doing Business in the Digital World


Intent-based Network Infrastructure

DNA Center

Policy Automation Analytics

I N T E N T C O N T E X T

S E C U R I T Y

L E A R N I N G

Informed by ContextVisibility into traffic and threat patterns

Who, What, When, Where, How

Powered by IntentTranslate Business Intent to Network Policy

Automate the management and provisioning millions of devices instantly

8BRKRST-1888

The Network. Intuitive.Constantly learning, adapting and protecting.


Insights &

Actions

Automation

& Assurance

Security &

Compliance

DNA Software Capabilities

Cloud Service Management

Automation Analytics

Virtualization

DNA-Ready Physical and Virtual infrastructure

Security

9BRKRST-1888

Digital Network Architecture (DNA)

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-1888 10

DNA SolutionCisco Enterprise Portfolio

AnalyticsAutomation Policy

Software-Defined Access (SDA) + Non SDA

Routers Switches Wireless AP WLC

DNA Center

DESIGN PROVISION

POLICY ASSURANCE

DNA Center:

Simple Workflows


DNA Center: Design, Policy, Provision, Assurance A better way to manage your network

DNA Center: Design, provision,

automate policy and assure

services from one place

Logical workflow to design,

provision, set policy

Respond to changes faster

Monitor end-to-end

network performance

Predict and act on problems

before they happen

Pinpoint problems faster

Reduce downtime with an

end-to-end view instead of

hop by hop

Manage hardware and

software lifecycles

Keep up to date, meet

compliance and plan for refresh

Automation Using DNA Center


DNA Automation Principles

IT Process Automation Policy Based AutomationZero Touch Deployment

BRKRST-1888 13

Getting Started With Automation…


Network Changes for Automation

Standard Change:

• Automated Change Request

• No Approval Required

• Fully owned by Network Engg

team with minimal to zero

downtime

Non-Standard Change

• Require Approval by Change

Board

• May require service disruption

• Co-ordination with Application

team during change window

Settings Update (Syslog, NTP)

Password Update

Port Settings, VLAN changes

New device/site deployment

Software Update

New service/Update service

Network

Change

BRKRST-1888 15


Use Case:

• Adding a new Syslog (Ex:

Splunk) in the network

• SoX requirements to update

password every 6 months

Network Settings Update (Standard)

AAA

Server

Site1

North

America

South

AmericaSite2

Africa

EMEAR

AAA

Server

DNS

Server

Syslog

Server

Syslog

Server

DHCP

Server

Benefits:

• Repeated manual error prone

tasks automated

• Engg get additional time to focus

on design and deployment

• Standard change automation

removes the lead time to make

changes

BRKRST-1888 16


Network Settings Roll Out

What’s new!!• Password roll out with

embedded recovery mechanism

• Scheduler for config update

• Banner Updates in Settings

• SWIM Provisioning is now Time

Zone Aware

New!

BRKRST-1888 17

IT Process Automation - Software Image Management


Use Case:

• Ensure Consistency of Software

for all network devices (by

platform type)

• React to PSIRT and bugs fast

• Deploy software with confidence

Managing Software Lifecycle

Benefits:

• Golden Image based workflows

drive software consistency

• Pre/Post check ensures that

software updates do not have

adverse effects on the network

• Patching provides small updates

to react quickly to security fixes

BRKRST-1888 19


Core Principles of Software Upgrade

21 3

Intent based Network Upgrades Upgrade Pre/Post Checks Patching Support

Intent based network upgrades

allows for image standardization,

much desired by all network

admins.

Pre and post checks allows

network admins more

control and visibility over

network upgrades

Patches are supported in

DNAC from intent to pre-

post checks in same way we

manage regular images


DNA Center Based Software Update

SWIM and IT Process Automation

Select

Golden

Image

Identify

devices to

upgrade

Create a

Change

Request

Approval

of CR

Pre-Check

validations

Distribute

Image

Activate

Image

Post

Upgrade

Validation

Close CR

Plan a

Image

Upgrade

Steps to Update Software Image Update

Select

Golden

Image

Identify

devices to

upgrade

Create a

Change

Request

Approval

of CR

Pre-Check

validations

Distribute

Image

Activate

Image

Post

Upgrade

Validation

Close CR

Plan a

Image

Upgrade

Traditional NMS Software Image Update

Select

Golden

Image

Identify

devices to

upgrade

Create a

Change

Request

Approval

of CR

Pre-Check

validations

Distribute

Image

Activate

Image

Post

Upgrade

Validation

Close CR

Plan a

Image

Upgrade

Indicates ITSM Process Steps

How to interpret

the colors

Actions outside of NMS,

mostly manual

Steps covered in NMS Tool

Steps covered in DNA-C

BRKRST-1888 21

SWIM Demo


IT Process Integration – SWIM

SWIM

ServiceNow

Integration

Zero Touch Provisioning – Router


ORDER EQUIPMENTSTAGE AT CENTRAL LOCATION DEPLOY DEVICE

ONSITE

TODAY

Cisco DNA-C

DNA-C Automation w/ Plug & Play

TRUCK ROLL WITH

TECHNICIAN

Lower deployment costs

ORDER EQUIPMENT DEPLOY DEVICE

ONSITE

Direct Costs

• Pre-staging & Shipping costs

• Travel costs

Security

• 3rd party not secure

• Rogue devices

Time/Productivity

• Manual process

• Shipping , Storage, Travel

Complexity

• Configuration errors

• Different products, IOS Releases

• Drop Ship devices

• Centralized device discovery (DHCP, DNS,

Cloud)

• Non-technical installer at site

• Template based configurations

• Secure SUDI Authentication

~50%Day0 OPEX Savings*

* OPEX savings based on customer data

Router Day-0 Deployment Automation

BRKRST-1888 25


Network Deployment using Profile

Network

Design

Deployment

Standardization

Network

Compliance

Before

During

After

Profile Based Deployment

• Plan for the network deployment

• Feature and Capabilities to be

enabled based on requirements

• Topology for network deployment

• PnP Based Day 0 Deployment

• Version management of Profile

for Day 2 Change Management

• Configuration Compliance

Validation against Profile

• Remediation of Configuration to

Golden Configuration

Configuration ConsistencySimplified Network

Deployment

Integrated IT

Process Flows


Two Steps to Automate Device Deployment

DESIGN PROVISION

• Network Design and Topology

• Routing Protocols and WAN

Connectivity

• LAN Connectivity

• Routing Services

• Network Settings

• IP Addressing Schema

• Naming Convention

• Service Provider Configuration

• Ship Devices to Site

• Design applicable for site

• Site specific parameters


Profiles for Underlay Automation

Network Settings

Named Capability

Template

Programmer CLI

PROFILE

PROFILE

1

2

DESIGN

PROVISION

BRKRST-1888 28


CLI Template vs Feature Template

• CLI Based Config template and

Rollback template

• Syntax Checking/Validation of CLI

• Provisioning: Form View

• Cannot push Policy CLI

configuration

• UI flow to create a feature

• No CLI to configure a feature

• Leverage Netconf/Yang to

configure a feature

• Example: DMVPN, Routing

protocol: BGP/OSPF, VLAN,

SSID, AVC

CLI Template Named Capability

BRKRST-1888 29


Profile with Features Templates

Enterprise SSID

Guest SSID

Feature Templates

(future)

RF Profiles

AVC

BandSelect

FRA

Voice

WLAN Override

Other…

PROFILE NAMED Capability

BRKRST-1888 30

Router Underlay Design and Provisioning Demo

Enterprise NFV


Freedom of choiceHardware platform

Hardware and software independenceVirtualization layer

Consistent, trusted network services across all the platformsVirtual network functions (VNFs)

Centralized Orchestration and ManagementSDN Applications

What Is Enterprise NFV?

BRKRST-1888 33


Network Functions Virtualization Infrastructure Software (NFVIS)

Cisco DNA Center (DNA Center) Cisco Network Service Orchestrator (NSO) / Virtual Managed Services (VMS)

Introducing Cisco Enterprise NFVNetwork Services in Minutes, on Any Platform

Virtual Router

(ISRv,CSR,vEdge)

Virtual Firewall

(ASAv, NGFWv)

Virtual WAN

Optimization

(vWAAS)

Virtual Wireless

LAN Controller

(vWLC)

Third-Party VNFs

Cisco 4000 Series ISR + UCS® E-Series

Enterprise Network Compute System (ENCS)

Cisco® UCS C-Series

BRKRST-1888 34


Lower operating costs

AND

IoTMobility Analytics CloudMobile traffic will Exceed

wired traffic by 2017

IoT Devices will

triple by 2020

76% of companies

planning to or investing in

Big Data

80% of organizations will

primarily use SaaS by 2018

Deploy new capabilities faster

Why Virtualization for the Network?

BRKRST-1888 35


ENCS 5000 Series - Chassis Options

ENCS541212-CoreENCS5408

8-CoreENCS54066-Core

ENCS 5104 ENCS 5406 ENCS 5408 ENCS 5412

CPU 4-core, 3.4 GHz 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz

PoE No No 200W 200W

Capacity Guidance ISRv + 1 VNF ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs

ENCS51044-Core

What makes this possible

BRKRST-1888 36


Single slide on NFVIS

37BRKRST-1888

Demo – DNA Center

Cloud Connect

Policy Based Automation


Policy Based Automation

Authentication and Authorization

Group Assignment Based on

Authentication methods

Access Policy

Who can access what

Rules for x-group accessPermit group to app

Permit group to group

Access Control Policy

Transforming network operations through intent expressed as policy

Traffic treatment

QoS for ApplicationPath Optimization

Application compressionApplication caching

Application Policy


Key Takeaways


Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKRST-1888


• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.

Complete Your Online Session Evaluation

http://ciscolive.com/Online

http://www.ciscolive.com/global/on-demand-library/


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Tech Circle

• Meet the Engineer 1:1 meetings

• Related sessions

62BRKRST-1888

Thank you

routing underlay and nfv automation with dna center · routing underlay and nfv ... *mckinsey study...

Documents