Cisco Connect Toronto 2017 - Your time is now

© 2016 Cisco and/or its affiliates. All rights reserved. 1

Cisco Connect Toronto 2017Your Time Is Now


CiscoConnect Your Time

Is Now

Dave ZacksDistinguished Engineer, Enterprise Access

Oct. 12th, 2017

Lila RousseauxTechnical Solutions Architect, Cisco Canada

#HighBitRate

Cisco DNA – Deeper Dive,“From the Gates to the GUI”

Dave is a Distinguished Engineer in Cisco’s Enterprise Access group,based in Vancouver, and has been with Cisco for 18 years.

As a DTME within the Enterprise Networks Architecture team, Dave works primarilyon capabilities and solutions that are anywhere from 12 to 36+ months out,helping to define these projects and then assisting as they progresstowards and through design, development, and solution introduction.

Dave has a strong background in, and focus on, customer requirements,and integrating these into the products and solutions Cisco builds.Dave has a special interest in Flexible Hardware and Fabric architectures.

Dave ZacksDistinguished [email protected] @DaveZacks

By Way of Introduction …

Lila RousseauxTechnical Solutions [email protected]

By Way of Introduction …

Lila is a Technical Solutions Architect in Enterprise Networks based in Toronto, Canada. She joined Cisco Argentina in 1999 and moved to Canada in 2002.

In her roles within Cisco, Lila has had the opportunity to work with a varietyof customers: Service Providers, Enterprise, Partners and Commercial;specializing in core Routing, Switching and SDN technologies.

Lila is an advisor for Cisco routing and switching business units providing input inthe strategy around Cisco core products. She got her CCIE certification in 2001 (#6899) and diligently re-certifies every two years! In addition, Lila holds adegree in Computer Science from the University of Buenos Aires.


Need for Network InnovationPrimer – How ASICs are Designed & BuiltThe Importance of Flexible SiliconUADP – Flexible Switching SiliconLeveraging Flexible Silicon forSoftware Defined Access

Leveraging Flexible Silicon forEncrypted Traffic AnalyticsCatalyst 9K Switches

and Summary Lila

Agenda

Dave

© 2016 Cisco and/or its affiliates. All rights reserved. 6Cisco Public

This is an

ambitiouspresentation


We are going to try to cover

Cisco Innovationfrom

“The Gates to the GUI”


No,I don’t mean this

Gates …


I mean these gates … SILICON Gates


FromInnovationsinSiliconandSoftware

…

… to Innovationsin Platformsand Solutions


And Why

TheseInnovationsMatter


It’s going to be

Quite a Ride


So

Buckle Up,

and Let’s Get Started!

14© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco DNA and theImportance of Network Innovation


Innovation inthe network

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

Source: Forrester Source: Open Compute Project

Time IT spends on operations80% CEOs are worried about IT strategynot supporting business growth57%

Network Expenses Deployment Speed

0 10 100 1000

Computing Networking

Seconds0

100%

CAPEX OPEX

33% 67%

The Need for AgilityChanging Enterprise Requirements


Advanced Persistent Threats

Devices per Person3.64

Mobile world requires access to everything everywhere

Mobility

Devices per Admin100K

Agility and NewConsumption Models

Cloud

IoTThings Connected

7.5BUnmanned devicesgrowing at rapid pace

Enterprise Trends Driving Digital Transformation


Users, Device and IOTSegmentation

Enabling Seamless Mobility

Secure Connectivity to the Cloud

Setting Up End-End Security

VLAN 1 VLAN 2 VLAN 3

WAN

Branch A

VLAN 1 Branch A VLAN 3

RemoteVLAN 2

HQ

ACL 1 ACL 2

ACL 2 ACL 3

Traditional Networks Cannot Meet the Demand


You Need a Network that Drives Your Digital Business

Hardware Centric Flexible Hardware,Software Driven

Manual Automated

Piecemeal Security Integrated Security

Network Monitoring Analytics & Insights

Traditional Network The Network. Intuitive.

Cisco is Rewriting the Network Playbook


Intent-based Network Infrastructure

DNA Center

AnalyticsPolicy Automation

I N T E N T C O N T E X T

S E C U R I T Y

L E A R N I N G

The Network. Intuitive.Powered by Intent – Informed by Context


Security

Automation Analytics

Virtualization

Cloud Service Management

Programmable Physical and Virtual infrastructure

Principles

Insights and Experiences

Automation and Assurance

Security and Compliance

Open

API Driven

ProgrammableSoftware Defined Access

Catalyst 9000Flexible Network Hardware

DNA Center

Encrypted Traffic Analytics

Software Subscription Licensing | DNA Advisory, Technical, Support Services

Cisco Digital Network ArchitectureOverview


Cisco DNA and theImportance of Network Hardware


David GoeckelerCisco SVP,Security and NetworkingCisco Live Las Vegas 2016

Innovation inthe network

ASICs are apillar of Ciscoinnovation …


Let’s Talk About

ASICs


What is an ASIC?

“An Application Specific Integrated Circuit is an integrated circuit customized for a particular use, rather than intended

for general purpose use…”


Why talk ASICs?


Quick Recap –How Networking Siliconis Designed and Built


How is an ASIC built?


ASICs – From Definition to Deployment


Discrete transistor MOSFET(metal oxide semiconductor

field effect transistor)

FinFET(fin field effect transistor)

NAND gate

NOR Gate

Universal Gates

… which can be used to build any of the other logic gates …

… mostly used @ 22nm and above

… mostly used @ 16nm and below

… which, when we put millions of them together on a silicon

die, produce a chip!


Discrete transistor MOSFET(metal oxide semiconductor

field effect transistor)

FinFET(fin field effect transistor)

NAND gate

NOR Gate

Universal Gates

… which can be used to build any of the other logic gates …

… mostly used @ 28nm and above

… mostly used @ 22nm and below

UADP 1.1 191M gates

UADP 2.0 270M gates

Catalyst 3850 mGig

Catalyst 9300, 9400, 9500


We put a man here …

… using this …

ApolloGuidance Computer

… which was builtfrom nothing but that …

4100 ICs,each of whichcontained asingle 3-input NOR gate

In other words …we put a man on the moon with

less than 10,000 transistors …It takes 7.46 billion transistors to

route your packets!

With the appropriate security, segmentation, QoS, encryption, fragmentation, etc, etc …

Fun Fact!


A human hair is

~100,000nanometers

in width

A Perspective


Red blood cell (7,000 nm)rises to 10th floor

Empire StateBuilding =1454 feetto tip =443 meters

ONE NANOMETER –less than 1/4th of an inch!

… about the same thicknessas three pennieson this scale …

… and we build transistors measured in nanometers …

How SMALLis SMALL?

Sing

le h

uman

hai

r

~ 100,000 nm

… and then we come tothis little pinprick over here …


ASIC Re-Spin (if needed)


Overview –The Importance ofFlexible Silicon


Why DoesCisco Develop

Our Own Silicon?


Why DoesCisco Develop

Our Own Silicon?

Simpler Deployment OptionsBetter Insight and Optimization

Increased SecurityMost Appropriate Scalability

Flexibility and Investment Protectionvia Programmability


Traditionally the ASICprocessing pipeline is

FIXEDIPv4

IPv6

Traditional Fixed ASIC Processing Pipeline


… and has challengeshandling NEW

PROTOCOLS …MPLS

Traditional Fixed ASIC Processing Pipeline


Flexibility in Networking …

… disconnect with traditional fixed ASIC processing ….

Evolution of Business

Industry Trends – SDN


So where canFlexible ASICs help us?


DNA Flexible Infrastructure – Programmable ASIC Silicon


Flex Rewrite

Programmable ASICsdeliver

FLEXIBILITY …

Flex Parser

Flexible, Programmable Processing Pipeline

GRE

If IPv7 were invented

tomorrow …

... we could probably handle it via the Programmable

Pipeline!

Flex Counters

Stage 1 Stage 2 Stage 3 Stage n

IPv4

IPv6

VXLAN

MPLS

IPv7

Flexible ASIC Processing Pipeline


Flex Rewrite

Flex Parser

Programmable ASICsprovide support forTUNNELLING …IPv4

… a task at which Cisco’s Programmable, Flexible ASICs excel!

Tunnelled traffic requires RECIRCULATION …

IPv4VXLAN

High-performance, low-latency recirculation path …Flex Counters

Flexible, Programmable Processing Pipeline

Stage 1 Stage 2 Stage 3 Stage n

Flexible ASIC Processing Pipeline


Catalyst 3550Circa 2003

60M transistors47,226 lines of code


210M transistors86,220 lines of code


1300M transistors(Latest version: 3 BILLLION transistors)

1,490,000 lines of code

Catalyst 9300 / 9400 / 9500 – 2017

New!

UADP 2.0: 7.46B transistors!2,160,000 lines of code

All Cisco-developed siliconDriving the benefits of vertical integration –Hardware and software working together!

Just like some other famous examples …

ASIC Evolution – Over Time


Networking Innovation –Flexible Switching Silicon …UADP – Unified Access Data Plane


Latest version –7.46 BILLION

transistors


Ability to handle current and future protocols – extremely

flexible and capable

Excellent for encapsulations, which

often need recirculation

UADPprovides an

unparalleled degree of Flexibility

in an Access Switch

UADPDesigned for Flexibility


Parse depthof 256 Bytes

15 programmable stages

Up to 250 frames across stages at one time…

VXLAN as a protocol had not even been invented when UADP 1.0 was designed …

Yet UADP forwards VXLANin hardware, at high performance

in IOS-XE 16.3+ …thanks to Flexibility!

in

VXLAN is a complex protocol …


UADPUnparalleled Functionality


GREERSPANCAPWAP

MPLSVXLAN

VXLAN-GPE*, NSH*,and more…

Current, and Possible Future, UADP Use Cases

* Not Committed


Catalyst 9300 / 9400 / 9500

Enabled by

UADP2.0


UADP 1.01.3B Transistors

UADP 1.13B Transistors


UADP – Programmable ASIC Family



UADP 1.13B Transistors


One transistor for everyone in

India …One transistor for everyone in

India, China, US & Canada …

One transistor for

Everyone in the world!

Or Looked At Another Way …

https://en.wikipedia.org/wiki/File:People's_Republic_of_China_(orthographic_projection).svg

https://en.wikipedia.org/wiki/File:USA_orthographic.svg

https://en.wikipedia.org/wiki/File:Canada_(orthographic_projection).svg


What does all of thismean for me?


Cisco Programmable Hardwareequals

FLEXIBILITYADAPTABILITY

Enabling Network Evolution –a critical requirement

for DNA


Want to Double-click?

BRKARC-3467Cisco Live US 2017, Las Vegas

90 minutes of awesome silicon geekery with Dave and Peter –

this session, ++


Networking Innovation –Leveraging Flexible Siliconfor Software-Defined Access


Overlay – Flexible Virtual ServicesMobility - Map Endpoints to Edges

Services - Deliver using Overlay

Scalability - Reduce Protocol State

Flexible and Programmable

Underlay – Simple Transport ForwardingRedundant Devices and Paths

Keep It Simple and Manageable

Optimize Packet Handling

Maximize Network Reliability (HA)

Separate the “Forwarding Plane” from the “Services Plane”

IT Challenge (Business): Network Uptime IT Challenge (Employee): New ServicesThe Boss YOU The User

Software Defined AccessThe Power of The Fabric


Overlay encapsulation (VXLAN)

Fabric Underlay – Forwarding plane• Connects the network elements to each other• Optimized for traffic forwarding (scalability, performance)• Networking constructs like IP, VLANs, live here

Overlay control plane

(LISP)

Underlay

Overlay

Employee

Supplier

Devices

Fabric breaks the dependency between IP address and Policy.In Fabric Polices are tied to User/Device Identity

Fabric brings Policy Simplification

DNA Center – Automation and Assurance• Single User Interface for Fabric Management & Orchestration• Policy definition based on User, Device or App Group• Design, Deploy and Monitoring and Troubleshooting

Fabric Overlay – Services plane• Dynamically connects Users/Devices/Things• IP is an ID not used for traffic forwarding• End to End Policies and Segmentation

What is Unique About SD-Access?VLAN 20

SSID D

VLAN 30 SSID A

SSID C

VLAN 40

VLAN 10

SSID B


AutomationApp Policy Infra Control

(APIC-EM)

Identity & PolicyIdentity Services Engine (ISE)

AssuranceNetwork Data Platform

(NDP)

Employees Virtual Network

Group 1 Group 2

IoTVirtual Network

Group 3 Group 4

Contextual Visibility and Troubleshooting

Policy Mobility with no Topology

Dependence

SD-Access Fabric

Stretched Subnets

SD-AccessDNA Center

Integrated Mobility,with User / Device Identity

Solution At a Glance


Network access in minutes for any user or deviceto any application without compromise

Industry’s first policy based automation from edge-to-cloud

Foundation for Cisco DNA

Broad platform support

Give time back to IT

Why SD-Access?



BRKCRS-2810Cisco Live US 2017, Las Vegas

Title: Cisco SD-Access - A Look Under the Hood Speaker: Shawn Wargo - Principal Engineer - Technical Marketing


Network Innovation –

Leveraging Flexible Silicon forEncrypted Traffic Analytics


38%

62%

Organizations are at risk

Decrypt Do not decrypt

New attack vectors• Employees browsing over HTTPS: Malware infection, covert channel with command and control server,

data exfiltration • Employees on internal network connecting to DMZ servers: Lateral propagation of encrypted threats

cannot detect malicious content in

encrypted traffic

of attackers used encryption to

evade detection

of organizations have been victims of a cyber attack

41%81% 64%

Source: Ponemon Report, 2016

New Threat Landscape


Catalyst 9K Enables Enhanced Network as a Sensor and EnforcerAnalytics to Identify Malware in Encrypted Traffic Without Decryption & Respond

StealthWatch

pxGridContext & Mitigation

ISE

Machine Learning with enhanced behavior analytics

Encrypted traffic analytics

Analytics indicating Malware in Encrypted Traffic @ 99+% Efficacy

NetworkTelemetry based(No Decryption)

Line Rate Performance

Investment Optimization

SimplifiedManagement

Globally correlated threat intel

Mitigation using ISE & Network

ERSPAN to send traffic for deeper analysis


Cryptographic Audits

Malware in Encrypted Traffic

Netflow Data: SrcIP, DstIP, SrcPort, DstPort, Proto, #Bytes, #Packets

Intraflow Data: Sequence of Packet Lengths & Times (SPLT), Initial data packet (IDP), Byte Distribution, …

TLS Metadata: Extensions, Ciphersuites, SNI, Certificate Strings, …

Telemetry from Switch Analytics

Primary Use-case Secondary Use-case

Catalyst 9K Enables Encrypted Traffic Analytics


Make the most of theunencrypted fields

Identify the content type through the size and timing of packets

Initial data packet Sequence of packet lengths and times

Who’s who of the Internet’sdark side

Threatintelligence map

Broad behavioral information about the servers on the Internet.

Bestafera

Google Search

How Can We Inspect Encrypted Traffic?


Cisco Stealthwatch

Cognitive Analytics

Malware detection and cryptographic compliance

New Catalyst 9K

NetFlow

Enhanced NetFlow

Telemetry for encrypted malware detectionand cryptographic compliance

Enhanced analytics and machine learning

Global-to-local knowledge correlation

Enhanced NetFlow from Cisco’s newest switches

and routers

Continuous Enterprise-wide compliance

Leveraged network Faster investigation Higher precision Stronger protection

Metadata

Encrypted Traffic Metadata

Finding Malicious Activity in Encrypted Traffic



BRKCRS-1560 Cisco Live US 2017, Las Vegas

Title: Detect threats in encrypted traffic without decryption, using network based security analyticsSpeaker: Sarav Radhakrishnan -Distinguished Engineer


Network Innovation –

Catalyst 9K Series Family


Voice

Video

Data

Previous Era

Mobility

Security

Cloud

IOT

New Era

SD-Access

A New Era in Networking


Converged OSOpen IOS-XE

ConvergedLicensing Catalyst 9300

Lead Fixed Access

Catalyst 9400Lead Modular Access

Catalyst 9500Lead Fixed Core

Built on Cisco’s Innovative UADP ASIC & Open IOS-XE

Converged ASICUADP 2.0

Introducing the Catalyst 9K Family


Up to 32MBPacket Buffer

Up to 64K x2Netflow RecordsEmbedded CPUs

Shared Lookup

Up to 240GEBandwidth

384K Flex Counters

Up to 2X to 4X Forwarding + TCAM

Universal DeploymentsAdaptable Tables

Enhanced Scale/BufferingMulticore resource share

Investment ProtectionFlexible Pipeline

7.46B Transistors28nm Technology

UADP 2.0 – Next Generation of ASIC Innovation


One Release Train

Operational Efficiency, Consistency in Control Plane Behavior,

RAFA(Run Any Feature

Anywhere)Feature Velocity across Platforms

Patch UpdatesWCM/WebUI/SANET/etc sub

package upgrade, Peach of mind for Customers

Trustworthy & Secure PlatformA more Secure Operating System

Image Signing - Authentic OS, Secure Boot - Boot Sequence

Check, HardwareAuthenticity, etc

Comprehensive Programmability

Object based model, Netconf/REST Interfaces

Open IOS-XEBenefits


PS

Supervisor

Line Card

Chassis/FanTray

Blue Beacon on Every System & Components

Identification of Devices has never been Easier

Catalyst 9K Family – Blue Beacon


Sample RFID Tag DataSN = 'FOC2109Q023’PID = 'C9500-24Q' VID = 'V00' TAN = '68-100900-02' TAN Rev = '10' CLEI = 'UNDEFINED' Index = '900' Encode = 'SGTIN-198‘Filter = '0‘Partition = '5' Company = '0746320' Built-in Passive RFID

Inventory Management (Tracking) has never been Easier

RFID on Every Deviceand FRUable

Components of Catalyst 9400

Catalyst 9K Family – RFID


Device Management

File Transfer

cat9k (config)# interface bt0

Accessing the Device has never been Easier* Roadmap

Catalyst 9K Family – Optional Bluetooth


Catalyst 9300 Series


Unmatched POEResiliency – Perpetual/Fast High power - 60W UPOE

Flexible ASICUADP 2.0

Powerful CPU complexX86 CPU

4-core 1.8GHz

In-built Memory8GB Memory 16GB Flash

Bluetooth Dongle Support/External Storage(USB 2.0)

Built-in RFID Passive

Most Dense and Flexible Uplink offering4 x 1G, 4 x MGig, 8 x 10G, 2 x 40G

USB ConsoleMini-USB type B

Introducing Catalyst 9300New Generation of Stackable Access


Stackwise-480 – 8 membersNSF/SSO

External StorageUSB 3.0 Removable storage (120GB SSD)

Intelligent Power managementStackpower

Optional PSPower Supplies (AC+DC)

Redundant Fans

* Roadmap

Stack Cables

Redundant Power Supply

Catalyst 9300 – Back View

© 2016 Cisco and/or its affiliates. All rights reserved. 90Cisco PublicThe Next Level of the Market-Leading Fixed Access Switching Platform

1G Data

1G POE+

mGig UPOE

24 Ports

48 Ports

24 Ports

48 Ports (*)

24 Ports

48 Ports

1G UPOE24 Ports

48 Ports

* Roadmap

Catalyst 9300New Generation of Stackable Access


Existing Gigabit infrastructure is insufficient to handle .11ac growth beyond

1Gbps

Gigabit Ethernet has been around since 1999 and has now become the bottleneck

Market needs an innovative technology to support >1Gbps

over existing cables

Limited to 1GE!

Cat 5e Cables

WiFi @ 1G>1G

MultiGigabit TechnologyTypical Use Case – Next Gen Mobility with .11ac Wave 2


Delivers up to 5X Speeds in Enterprise without replacing Cabling Infrastructure

2.5-5G!

Cat 5e Cables

WiFi > 1G

MultigigabitSwitch

MultigigabitCapable AP

Is a game-changing technology allowing enterprise networks to

evolve beyond 1G

Enables 2.5 and 5 Gbps up to 100m on legacy cables

Supports all PoE standardsup to 60W

Cisco Multigigabit with

MultiGigabit TechnologyTypical Use Case – Next Gen Mobility with .11ac Wave 2


Cable Type

1G 2.5G 5G 10G

Cat5e 100m 100m 100m * NA

Cat6 100m 100m 100m 55 m

Cat6a 100m 100m 100m 100m

Auto-negotiation of All Speeds Supported across All cable Types

Brownfield Deployments Can Leverage Existing Cat5e/Cat6 extending ROI and Support Speeds at 2.5G and 5G up to a distance of 100m*

Greenfield Deployments with Cat6a will Support 10G But Can Also Now Support Speeds at 2.5G and 5G at a Distance of 100m

* 5Gig on CAT5E may be limited to < 100 meter in certain cable configurations

UPoE is supported on 3850 and 4500E

MultiGigabit Cabling Investment Protection

© 2016 Cisco and/or its affiliates. All rights reserved. 94Cisco PublicThe Next Level of the Market-Leading Fixed Access Switching Platform

Line rate on All ports

48 Multigigabit Ethernet Ports (12 x 1G/2.5G/5G/10G + 36 x 100M/1G/2.5G)

UPOE on all ports

* Roadmap

Industry’s First High Density MultiGigabit SwitchNew Generation of Stackable Access


4x1Gig

SFP

2x40Gig

QSFP

8x10Gig

SFP/SFP+4x1/2.5/5/10Gig

Copper (*)

Uplink Modules supported on all 9300 Copper Models

OIR Supported on all Uplink Modules

Uplink Options on Catalyst 9300

* Roadmap


For YourReference

Catalyst 9300 Performance Specifications


4-Slot* 7-Slot 10-Slot

Power Supply3200W AC3200W DC

Core Linecards24x 10G SFP+

48x1G SFP24x1G SFP

Access Linecards24xmGig + 24xUPOE

48xUPoE48xPoE+48xData

SupervisorSup-1: 80G/Slot Access Optimized

Sup-1XL: 120G/Slot Core Optimized

Redundancy is now Table

StakesIEEE 802.3BT100W PoE

Ready

9Tbps System b/w

* Roadmap

Introducing Catalyst 9400New Generation of Modular Access


4 - Slot 7 - Slot 10 - SlotSupervisor 2 (Redundant)Line Cards 2 5 8

Ports 96x 10/100/100048 mGig; 56 SFP/SFP+

2x QSFP+

240x 10/100/1000120 mGig; 128 SFP/SFP+

2x QSFP+

384x 10/100/1000192 mGig; 200 SFP/SFP+

2x QSFP+Dimension W:17.5”; D:16.25”; H:6RU W:17.5”; D:16.25”; H:10RU W: 17.5”; D:16.25”; H: 13RU

BW per LC Slot 480G 480G 480GBW between Sup Slots 720G

Power Supply 4 PS (N+1 and N+N) 8 PS (N+1 and N+N) 8 PS (N+1 and N+N)PoE per slot 4,800W

Cooling Side to Side (Front-to-Back for PS)

SLI = Switch Link Interface

High Density 10G Ports, 100G Uplinks

Ready for future higher power PoE devices

Catalyst 9400 – Chassis


Uplinks:8x 10G / 2x 40G

Line Card Slot BW:7 Slot: 80G10 Slot: 80G (> 150Byte)

720G LCs/Uplinks

MACSec256

2.4Ghz Quad Core x86 CPU

UADP 2.0 XL ASICs

USB 2.0/3.0

16G DRAM and 16G Flash

M.2 SATA SSD (Optional: Upto 1TB)

Catalyst 9400 – Sup-1 Overview


Fiber (1G/10G)24x 1G/10G TrustSec and MACsec(256)

RJ45 (UPoE)24x 10/100/1000 + 24x 100/1G/2.5G/5G/10G48x 10/100/1000 PoE/PoE+/UPoETrustSec and MACSec(256)

RJ45 (Data)48x 10/100/1000TrustSec and MACSec(256)

48x 10/100/1000 Data

48x 10/100/1000 UPoE24x 1G + 24x mGig UPoE

24x SFP/SFP+

Catalyst 9400 – Line Cards


For YourReference

Catalyst 9400 – Sup-1 Performance Specifications


Next Gen High Speed Campus Aggregator

Depth: 21.8”Height:1RU

All ports Non-blockingUp to 128 MB Packet Buffer per Core

QSA adapter Support*

Internal Storage : 16GBExternal Storage : 1xUSB 2.0 (front) , 1xUSB 3.0 (back)

* Roadmap

Built-In RFIDBulit-in Blue Beacon

Powerful CPU complexIntel X86 CPU Quad-core 2.4GHz16 GB Memory

Introducing Catalyst 9500New Generation of Fixed Campus Core & Aggregation


Font to Back Airflow

Faster External Storage: USB

3.0, Up to 128 GB Redundant 1+1 950W AC PSU

Redundant N+1 Fans

Catalyst 9500 – Back View


Catalyst 9500-40X40 ports of 10G SFP+ andNM: 2 x QSFP or 8 x SFP+

Catalyst 9500-12Q12 ports of 40G QSFP

Catalyst 9500-24Q24 ports of 40G QSFP

Modular Power SuppliesModular Fans Modular Uplinks

Catalyst 9500 – Optimized for Enterprise Deployments


Uplink Modules supported on C9500-40X SKU

OIR Supported on all Uplink Modules

8 x 10G SFP+ 2 x 40G QSFP

Catalyst 9500 – Uplink Options


Core/Aggregation

9500 9500

9300

Network system virtualization in core/aggregation

Physical Stack Logical Stack

Distribution

SW-1 SW-2

Catalyst 9k Catalyst 9k40G/10G

Access

Core

Core

StackWise Virtual Architecture Available today in Catalyst 9500-24Q


For YourReference

Catalyst 9500 – Performance Specificatons


C9K Technology Innovations


Result

Malware Installed

Boot loader corrupted

Cisco Defenses

Management Plane ProtectionsRecovery Mechanisms

Secure StorageSecure Boot

Run Time Defenses

Integrity Verification

Attack Surface Reduction

Authentication

Strong Crypto

Audits & Logging

Signed Images

Modified OS

Binaries

In-Memory Modifications

ROMMON changes

Infection Method

ExploitedVulnerability

Compromised Credentials

Why Trustworthy Systems?


Converging Building Systems will expand customer choice

Disparate Building Services

Single ConvergedIP Network

Robust Security

Enhanced Network as a SensorSegmentation & policy with SD-Access

Resilient Infrastructure

Power HA & UPOE scaleOptimized for mGig Access

Table Sizes, Buffer, Memory, RoutesScalable Operation

Faster MAC Learning & scale with x86

Extend Trust DomainDigital BuildingCoAP for IoT covergence

Catalyst 9K Innovations Enable IoT Convergence


Perpetual UPOE

• Uninterrupted POE power during control plane reboot

2-event classification

Fast power negotiation without LLDP

Physical layer negotiation < 1s

Fast UPOE

Bypasses IOS control plane boot

Restores power to PD within 30sec of power resumption

Catalyst 9300 delivers a robust low voltage Infrastructure

Cisco Innovations – Leadership in PoE FeaturesCatalyst 9300


Device Bootstrap and Onboarding

Server Management Tools on x86 Infrastructure

Configuration Automation through Open Interfaces

YANG

OpenConfig

ZTP

PnP

Open BootLoader

Catalyst 9K Offers Complete DevOps Toolkit

B

Catalyst 9K Family – Programmability & Automation


x86 enables hosting containers and 3rd party apps

KVMLXC

CPU Storage Containers

x86 CPU

Example 3rd Party Apps

* Roadmap

Catalyst 9K Family – Containers & App Hosting


Up to 1 TB Up to 120 GB

SATA SSD Storage USB 3.0

For Local Logging – 3rd Party App Hosting - Containers

Catalyst 9K Family – External Storage Options



BRKARC-2035Cisco Live US 2017, Las Vegas

Title: The Catalyst 9000 Switch Family - An Architectural ViewSpeaker: Muhammad Imam - Sr. Manager Technical Marketing


Summary


From the Hardware …

… to the Software andProtocols, with Integrated Security …

to the Whole Solution …

Cisco Innovations – In Hardware, Software, and Solutions – Tie It All Together

“From the Gates – to the GUI”

Innovation All The Way Up the StackHardware, Software, and Solutions

Thank you.

Cisco Connect Toronto 2017 - Your time is now

Technology

Transcript of Cisco Connect Toronto 2017 - Your time is now