DATA SHEET

Apstra Intent-Based Networking and Intent-Based Analytics bring a full life-cycle automation that adapts to a dynamic environment across a multi-vendor infrastructure. The NSX integration in Apstra AOS 3.1 is the first and only in the industry to deliver a multi-vendor, multi-workload, and multi-cloud underlay, overlay, and security solution, taking Intent-Based Networking to the next level. It liberates customers from being locked in to a specific hardware vendor and accelerates the delivery of business services in hybrid and multi-cloud environments for any workload.

The tight, seamless integration with VMware NSX accelerates service-intent deployments for any-workload across any data center and cloud, improves collaboration among networking, security, virtualization and cloud teams and reduces operational cost significantly by over 80%.

DATA SHEET

Simplified Intent-Based Network Design and Operations

CHALLENGES

SOLUTION

RESULTS

Network admins manually track and verify thousands of elements, even for a small spine-leaf network with a handful of devices.

Apstra AOS®

A turn-key software that helps networking teams manage data center networks as a cohesive system.

From the AOS Server GUI customers can design, build, deploy, and operate a spine-leaf network in days, rather than in months, including racking, stacking, cabling and validating all design intent is met in real-time.

Apstra Intent-Based Networking for the Data Center - 3.1

Apstra Operating System

DATA SHEET

2

VMware NSX IntegrationApstra AOS is the first and only vendor that provides tight and seamless integration with NSX by bridging the gap between physical network and NSX/virtual network across any-workload and any hardware in the data center in the following ways:

• Automation - AOS automates and enables consistent network and security policy for physical and virtual workloads across the physical and virtual/NSX infrastructure. As a result, businesses are more agile and IT is able to respond faster to business needs.

• Visibility and auto-remediation - AOS bridges the visibility gaps in physical and logical connections between the overlay and underlay networks enabling faster root-cause analysis thanks to precise anomalies identification. In situations where there are performance degradation, intermittent services or possible maintenance on leaf switches, AOS enables network team to quickly take appropriate actions ensuring virtual services are not impacted.

• Closed-loop system - AOS goes beyond automation in delivering a full integrity and continuous validation into the service-intent policy defined by NSX eliminating complex troubleshooting procedures. Businesses are able to accelerate resolutions thus increasing application availability.

10.10.10.42 10.10.10.50

DatabaseWeb 2Web 1

N-VDSLS:10.10.10.0/24

ESX-82.7 ESX-82.7

DATA SHEET

3

Enhanced Multidomain Unified Group-Based Policy - Assisted RemediationApstra Intent-Based Data Center Automation 3.1 expands the industry’s first and most advanced Intent-Based Networking technology to include Multidomain Unified Group-Based Policy which unifies the disparate centers of policy data and allows for automated and validated enforcement regardless of the location, manufacturer, or type of device.

Multidomain Unified Group-Based Policy provides a simple user interface and API that delivers end to end policy deployments, rendered in the vendor-specific syntax and methods automatically without requiring the user to know how or where the policy must be implemented. This intent-derived logic is unique to Apstra and frees IT from the complexities of ACL syntax, enforcement locations, and multitenant communication policies.

Enhancements to Multidomain Unified Group-Based Policy:• In situations where two different policies are created and there are possible

conflicts between them, IT has the flexibility to create policy hierarchy to enforce precedence between them in order to resolve conflict. Note (in previous release, IT had to change rules to avoid policy conflict)

• Enable IT to easily figure out/visualize which shadow rules are followed by other rules as they don’t appear applied as a specific ACL. As a result, IT is able to understand the overall policy impact. Shadow rules exist when there is a full containment between rules that results in a similar action. But the less/general rule is used while the more/granular specific rule becomes a “shadow rule”.

• Enable IT to have a granular visibility into the policy and set of rules applied to specific IPE (IP endpoint) allowing them to quickly confirm if the desired outcome of the policy is what is expected. As a result, troubleshooting is accelerated to resolve any possible misconfigurations.

• Once a policy is created, IT is able to temporarily disable it to visualize its impact and take appropriate recourse. Pre-created policies can be easily applied without creating them from scratch saving IT time.

• Enable hitless policy updates to avoid traffic disruptions. As a result, applications’ availability and security are not impacted.

PERMIT SSH(22)

CONFLICT

DENY1 - 1024

DATA SHEET

4

Zero Touch Provisioning - Reference ImplementationAOS now comes with a VM-based reference implementation of a universal Zero Touch Provisioning server to allow customers to drastically reduce the time and complexity associated with initial device provisioning. The reference implementation includes customizable vendor-specific scripts to handle initial OS upgrades, access configuration, AOS registration and more.

Apstra Professional Services (or Advanced Services Engineering?) organization provides customization and integration services to meet particular customer ZTP requirements and constraints.

AOS can automate the first boot process of all network and bare metal Linux devices.

Using the Zero Touch Provisioning (ZTP) Server, network operators can elect to automatically instruct all new devices to do any of the following:

• Report Serial Number, Vendor, Platform

• Upgrade OS

• Install base security policy

• Install trusted keys

• Install AOS Agent

• Enter Quarantine

Cabling/Neighbor Discovery and Override

Networks sometimes need to be recabled in challenging ways. AOS permits the operator to override default interface assignments and change to a more ad-hoc port assignment approach. Network consistency is ensured when changing the naming, numbering and cabling of the ports. Topology is accurately depicted, guaranteeing that diagrams and cabling matrices represent the exact configuration of the entire fabric. Further enhancements to the Root Cause Identification System support a detailed hierarchical view of all anomalies related to a bad cable.

DATA SHEET

5

Enhanced Visualization and Telemetry ManagementAOS supports customizable dashboards for each stage of the analytics processing function, enabling quick views of anomalies and the knowledge summarized by the probes. Data transfers across a fabric can be monitored and alerted on, with an extensive set of algorithms built into the Intent-Based Analytics processing capabilities. SLAs can be created in one central location and AOS will alert upon any deviation from your defined properties. These SLAs can also be used to check compliance of devices and services across the entire network in seconds. Intent-Based Analytics provides:

• Complex pattern analysis with configurable anomalies for "situations to watch"

• Data normalization, processing, and summarization

• Simple and dynamic data selection based on intent, device roles, and system design

• Integrated and customizable visualizations for path analysis, bar charts, heat maps, and more

• Flexible drag-and-drop widgets within dashboards

• Custom telemetry collectors with the AOS Python SDK and simple packaging with AOS-CLI.

ETHERNET 49/1

ETHERNET 3ETHERNET 3

ETHERNET 3ETHERNET 3

ETHERNET 3/3/1

ETHERNET 50/1ETHERNET 3/4/1

ETHERNET 50/1ETHERNET 3/4/1ETHERNET 3/2/1ETHERNET 50/1

ETHERNET 3/1/1ETHERNET 49/1

ETHERNET 3/2/1ETHERNET 50/1

ETHERNET 3/1/1ETHERNET 49/1

ETHERNET 49/1ETHERNET 3/3/1

SPIN

E 1

SPIN

E 2

MLA

G_R

ACK_

EXT_

001_

LEA

F2M

LAG

_RAC

K_EX

T_00

1_LE

AF1

MLA

G_R

ACK_

EXT_

001_

LEA

F2M

LAG

_RAC

K_EX

T_00

1_LE

AF1

DATA SHEET

6

5 Stage Clos IP Fabric EnhancementsAOS scales to support the largest datacenters around the world. Thousands of connected devices can be managed as a single logical element, with a complex EVPN overlay that can be instantiated with a few simple clicks. Tenant isolation with VRFs, ACLs, VLANs and VXLANs can all be created in a simple workflow that allows an architect to reconfigure a multivendor fabric in seconds and provides assurance that policy changes are automatically enforced no matter how large your network grows.

EXTERNAL ROUTERS

SUPER SPINE

SPINE

LEAF

SERVERS

DATA SHEET

7

SummaryApstra addresses IT application, hybrid cloud, and data center automation needs with the deployment of Intent-Based Data Center Automation to achieve higher reliability, vendor choice, and reduced costs. AOS is the Operating System for the Data Center and enables network engineers and operators to quickly and reliably design, build, operate, and continuously validate data centers of any size.

Root Cause Identification:

• Connectivity Fault Model*

• Cabling Fault Model

• Anomaly Summarization*

Intent-Based Analytics (IBA):

• Intent-Based Analytics Dashboards and Widgets

• Intent-Based Analytics Property Sets

• IBA Visualization Improvements

• Complex Data Filtering*

Device OS:

• Cisco NX-OS and NX-OSv

• Arista EOS and vEOS

• Juniper Junos OS

• Cumulus Linux and CVX

• Dell OpenSwitch (OPX)

• Microsoft SONiC

• Ubuntu Servers with Free-Range-Routing (FRR)

• CentOS Servers

Services:

• BGP L3 Clos Fabric with multi-tenancy EVPN (RFC 7432)

• 5 Stage Clos IP Fabric*

• Intra-rack (VLAN), or inter-rack (VXLAN)

• L3 VXLAN routing

• L3 server routing with dual attachment

• IPv6 fabric and applications

• Access Control Lists (ACLs)

• Extensible services (intent, resources, expectations)

• DHCP relay

• VRFs

Telemetry:

• LLDP, BGP, EVPN, Config Deviation

• Interface counters

• Routing table verification

• Host, transceiver, interface, LAG / MLAG

• MAC & ARP

• Server and devices health

• Network-wide external routes*

• Intent-Based anomaly detection

• Telemetry streaming via protocol buffers

• Extensible telemetry collection

• Interactive Network Visualization

Platform:

• AOS Backup / Restore

• AOS Server Health Reporting*

• RESTful APIs

• Graph model and GraphQL/QE API

• AOS-CLI

• AOS Developer SDK (Python)

• Extensible on-box or off-box device agents

• AOS Server Clustering

Security:

• Multi-User Authentication

• Role Based Access Control

• LDAP Authentication

• TACACS+ Authentication

• RADIUS Authentication*

• Active Directory Authentication

• HTTPS UI

• AOS Server Security Hardening

• Headless Operation

AOS 3.1 Features and Specifications

DATA SHEET

8

AOS 3.1 Features and Specifications (Cont.)

Intent-Based Analytics Probes:

*New features introduced in AOS 3.1

Blueprint Customization:

• External Routing Policy

• Advanced Configlets

• Property Sets

• Resource Management

AOS Extensibility Tool For the Community (AOS ETC):

• Zero Touch Provisioning (ZTP) Server

• Template Catalog

• 3rd Party Tool Integration (protobuf)

• Legacy Devices Integration

• Slack Notification Integration (demo)

• Amazon Alexa Voice Integration (demo)

Maintenance workflows:

• Staged/Commit Workflows

• Scale-out Maintenance

• NOS Management

• Device Maintenance Mode

• Replacement Maintenance

• Decommission Maintenance

Workload Change Operations:

• Group Based Policy

• Virtual Network Management

Device Management:

• Zero Touch Provisioning*

• Device Agent Installer

• Lifecycle Management

• Device Quarantine

• NOS Management

• Device Import/Export

• Device Profiles

• Logical Devices

• East-West traffic

• MLAG imbalance

• Headroom

• ECMP imbalance

• Hot / Cold fabric ports

• Interface flapping

• BGP (VRF aware)

• Default gateway count

• MLAG domain

• TCAM usage

• OS version

• Interface bandwidth

• Interface errors (overloaded int bandwidth)

• Sustained Interface discards

• SFP

• Interface buffers

• BUM traffic

• Display External Routes*

• PIM state on a Leaf, Spine, Border Leaf

• PIM RP on Leaf, Spine

• PIM Anycast RP on Border Leaf

• PIM MRoute Anomalies on Border Leaf

• VTEP

• STP state

• Flag STP state changes

• Power Supply Anomalies Probe

• Hypervisor and Fabric VLAN config mismatch

• VMs without Fabric configured VLANs

• Hypervisor and Fabric LAG config mismatch

• Hypervisor missing LLDP config

• Hypervisor MTU Mismatch*

• Hypervisor MTU Check*

• Hypervisor Redundancy Check*

An open source catalog of Intent-Based Analytics probe configurations is available, to enable an ecosystem with customers, partners, and other third parties

All Rights Reserved © 2019 Apstra Incorporated

www.apstra.com

About ApstraApstra Intent-Based Networking for the Data Center increases application availability and reliability, simplifies deployment and operations, and dramatically reduces costs for Enterprise, Cloud Service Provider, and Telco data centers. Apstra empowers Intent-Based Data Centers through its pioneering Intent-Based Networking, distributed system architecture, and vendor-agnostic overlay. Headquartered in Menlo Park, California and privately funded, Apstra is a Gartner Cool Vendor and Best of VMworld winner.

For more information, visit www.apstra.com, contact sales@apstra.com or follow @ApstraInc

Engage with Apstra on Twitter, Follow Apstra on LinkedIn, Like Apstra on Facebook