Spawar tech day
-
Upload
cisco-public-sector -
Category
Technology
-
view
421 -
download
0
Transcript of Spawar tech day
APIC-EM: The evolution from traditional management to SDN-led, policy-based
automationKedar Karmarkar CCIE# 6724 (R&S, Wireless LAN)
Technical Leader– Enterprise Switching, Cisco Systems
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• SDN in Enterprise Networks
• Introduction to APIC-EM
• Transition to SDN-Led Management
• SDN Led Troubleshooting
• SDN Led Provisioning
• SDN Led Automation
• PI and APIC-EM Integration
• SDN Led QoS
• SDN Controller – Core Applications
Agenda
2
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
SDN in Enterprise Networks
3
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 4
Myriads of Technologies
Today’s Network is Unprepared for the SD-Digital Enterprise
Low Elasticity to Changing Business
needs
Low App Visibility & Awareness
Box by Box Management
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 5
Opportunity Cost of Traditional Enterprise IT
Time IT spends on operations CEOs are worried about IT strategy not supporting business growth80% 57%
0
100%
Source: Forrester
CAPEX OPEX
33% 67%
0 10 100 1000
Computing Networking
Seconds
Source: Open Compute Project
“…While other components of the IT infrastructure have become more programmable and allow for faster, automated provisioning,
installing network circuits is still a painstakingly manual process...” —Andrew Lerner, Gartner Research
Network Expenses Deployment Speed
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 6
Transformation Innovation
Manual Automated
Device by device Network-wide
Configuration Policy
Closed Systems Open and Programmable
Network Data Business Intelligence
New Installations Legacy + New Installations
Dimensions of SDN-Led Network Change
Enterprise Networks Become More Agile, Effective, and Efficient to Operate
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 7
Conventional Model
The What“Security Policy for
Branches A-N”
The How“Change ACLs in
the following elements”
Admin Driven
System Driven
Controller Led Policy Deployment
The What“Security Policy for
Branches A-N”
The How“Change ACLs in
the following flements”
Admin Driven
Manual Policy Deployment
Manual to Systemic Policy Deployment
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 8
Abstraction
Zero touch deploymentDay 0 to Day N
Lower TCO
Published NB API’sCisco and Partner Apps
Openness
Benefits of Enterprise SDN
ControlAutomation
Brownfield and Greenfield
Embedded best practicesMassive Simplicity
Programmability
Centralized policyNetwork wide deploymentDynamic Network Agility
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
APIC-EM: Application Policy Infrastructure Controller Enterprise
Module
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 10
Agnostic SB interface supporting multiple protocols
APIC-EM: Cisco Enterprise SDN
Software or ApplianceBased NB RESTful APIs
Existing and New Device Support
Cisco, Partner or Customer Developed Apps
Open, Programmable App Platform for Enterprise Network Transformation
EM
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 12
North Bound APIs
SECURITY COLLABORATION ORCHESTRATIONSERVICES WAN
Cisco APIC Enterprise Module Architecture
Network Element Layer
Policy Infrastruc
tureAutomati
on
Network Information Database
South Bound APIs CLI, SNMP
Abstracts Network Devices to Mask Complexity
Treat Network as a System
Exposes Network Intelligence
For Business Innovation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 13
APIC-EM Applications at GAJourney towards simplification via abstraction
Public Cloud
Enterprise Network
PLUG-AND-PLAYZero touch deployment of routers / switches / APs
Accelerated roll-out: Eliminates tech visits and shrinks deployment from months to minutes
Cisco IWAN (SDWAN)Guided, fast auto-provisioning of IWAN solution
From 250 CLI commands to 5 GUI clicks per branch: 1000% IWAN deployment acceleration
Path VisualizationDiscover path between two end points based on 5 tuple
Rapidly troubleshoot congestion and ACL issues and lower Opex for trouble ticket processing by 500%
BRANCH
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 14
APIC-EM New Applications at GA.1EasyQoS for Static and Dynamic QoS
Config.
Cisco Validated Design- Based Templates
Enterprise Network
3945/ISRG2
3945/ISRG2
Cat 3750
CollaborationApp
SessionPolicy
AP
Pre-QOS change – Default ClassificationQoS Changes
Post QoS change - Video
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Transition to SDN-Led Management
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 16
Software Defined Network Led Management
Management(NMS)
NE NE NE NE
Customer developed provisioning tools, manual CLI
changes, and run book automation for IT Operations
support
Controller(Policy and Control)
Management(Provisioning and Assurance)
Automation(Workflow / Orchestration)
NE NE NE NE
Customer input on business / service intent
Traditional Management SDN Led Management
Feature Configuration
Policy Automation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 18
Evolution to Policy Automation will Take Time
policy
feature
conf
igur
atio
n
feature
policy policy
feature
Policy based Automation:• Dynamic• Business intent to
network intent• Executed by
APIC-EM Apps• Prescriptive• Business driven
feature
policy
Oct 2015 +36 monthsIncreasing policy coverage through more apps
and services
Steady State:• Cisco leads
market adoption so that a large majority of Enterprises adopt policy based automation
• A small set of larger enterprises or MSP’s will continue to leverage customizable feature configuration
Feature based Configuration:• Static• Focused on
configuration• Executed by Prime
Infrastructure• Customizable• Expert Led
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 19
System Components for SDN Led IT Ops
Network Infra
Owns the communication to/from the network and drives programmability
Stores, processes and visualizes all historical data for monitoring
and network change
Captures business intent policy and assures network orchestration
and execution
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 20
Deployment Modes for SDN led Provisioning
APIC-EM(Discovery, Inventory, Topology, PnP, PKI…)
Common Controller Services Across the Enterprise
FEATURE CONFIGURATION WITH PRIME INFRA
Customer, Partner or 3rd
party developed
Automation
Custom apps utilizing feature programmability via Prime NB APIs for
configuration and data
POLICY PRESCRIPTIVE APPS on APIC-EM
App App App ..
App App App ..
Cisco developed modular, policy automated management apps with common UI/UX framework with and
embedded service automation
Customer, Partner or 3rd
party developed
Apps
Custom apps utilizing policy programmability
via APIC-EM NB REST APIs
Device Scope A Device Scope B
Prime Infrastructure
Prime Infra NMS integrated with APIC-EM providing full GUI based configuration and FCAPS management leveraging Network
automation like PnP/PKI
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 21
APIC-EM + Apps• Real-time System of Change
• Policy Automation
• Prescriptive
• Policy monitoring, troubleshooting and compliance
• Domain focus (e.g. IWAN)
• Historical System of Record• Feature Configuration• Customizable• Feature level monitoring,
troubleshooting and compliance
• End-to-End Assurance
Prime Infrastructure
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
SDN Led ProvisioningZero Touch Deployment
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031
Network Plug-n-Play – for Zero Touch Deployment
Unskilled Installer GUI Based Consistent for devices &
PIN(Campus/Branch) Secure Greenfield & Brownfield
Central Staging Facility
Site-1
• Install OS• Install base
configNetwork
Admin
Installer
Site-3
Today’s Process
Site-2 Site(s)
Network PnPPre Provision Projects/Sites
Network Admin
1
Install & Power-on devices
2
Installer
Monitor device installation
3
Network Admin
Reseller/Partner
Ships equipment
23
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 24
PnP Server
Use Case ExampleDevice Deployment in Campus
DHCP Server
Pre Provision Projects/Sites• Policies• Match Rules • Configs/Image• IP Addressing
Network Admin
Day 0Pre-provision DHCP Server• IP address• option 43
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 25
PnP Server
Use Case ExampleDevice Deployment in Campus
DHCP Server
Switch running PnP Agent
<..snip..> CISCO_PNP.pnpserver "5A;B2;K4;I10.11.11.11;J80";<..snip..>
Device validates server’s location and establishes a communication with the server
Installer
Remote Installer• Mount and cable
devices • Power-on
Day 1
Network Admin remotely monitors status of install while in progress.
Day 1
IP Address 10.11.11.11
Cisco IOS®
Config file….
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
SDN Led AutomationIWAN App
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031
Intelligent WAN
WAN Transport
Branch
MPLS
$$$
Low Cost Circuit,Internet, 4G
$
PrivateCloudVirtual
Private Cloud
Direct Internet Access
Internet backhaul
Cisco Cloud Web
Security Public Cloud
Secure WAN transport across MPLS and/or Internet for private cloud / DC access
Increase WAN Capacity Improve App Performance Scale Security at the Branch
Leverage Low Cost path for public cloud and Internet access
27
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 28
Cisco Intelligent WAN App for APIC-EM
IT Admin
Business Policy:
App SLA
DMVPNSLAQoSSecurityPath Selection
Access ApplicationNetwork Profile
NETWORK
SDN
Simple Workflow Templates
Plug and Play Business Level Policies
Open Architecture
Network, Applications Monitoring
Business Policy Dictates Network Action
IWAN is a Prescriptive Solution
APIC-EM
IWAN APP
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
SDN Led Troubleshooting
29
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 30
Why Use Path Visualization?
• Problem• Inspection, Interrogation, and Remediation of Network Problems rely on manual techniques
today to process. THIS IS A SLOW AND EXPENSIVE PROCESS• Solution
• Path Visualization focuses on automating inspection and some interrogation• Inspection – ability to find user path in seconds• Interrogation – ability to visualize key statistics to help determine cause of failure
(performance and system statistics, ACLs for the path…)
Case Number 12345
User Cannot Connect to…..
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 31
Path Visualization
APIC EM Returns A Path Based on a 5 Tuple Input
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
SDN Led QoS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 33
EasyQoS AppNo more Box-by-Box configuration
Config.
Cisco Validated Design- Based Templates
Con
trol
Tran
sact
ion
al D
ata
Rea
ltim
eB
est E
ffort
Cisco Validated Design {CVD}
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 34
Levels of QoS Policy AbstractionStrategic vs Tactical
• Strategic QoS Policy (The WHY / WHAT you want to do)• reflects business intent • is not constrained by any technical or administrative limitation• is end-to-end
• Tactical QoS Policy (The HOW is it to be done)• adapts the strategic business intent to the maximum of platform’s capabilities• is limited by various tactical constraints, including:
• PIN-specific constraints• Platform constraints• Interface constraints• Role constraints
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 35
Converting Business Intent to Tactical Policies
Wireless APTrust Boundary
PEP4Q (WMM)
Catalyst 3650Trust Boundary
PEP2P6Q3T
Catalyst 4500Trust DSCP
1P7Q1T
Catalyst 6500Trust DSCP
1P3Q4T1P7Q4T2P6Q4T
…
Nexus 7700Trust DSCPF3: 1P7Q1T
WLCPEP
ASR/ISRsTrust DSCP
HQoSMQC
Catalyst 2960-XTrust Boundary
PEP1P3Q3T
Wireless APTrust Boundary
PEP4Q (WMM)
EM
• the principle goal of the tactical QoS policy is to express the strategic QoS policy with maximum fidelity
• QoS design best practices will be used to generate platform-specific configurations
• QoS features will be selectively enabled if they directly contribute to expressing the strategic policy on a given platform
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 36
Dynamic QoS Classification for Jabber Video/MS Lync
Enterprise Network
3945/ISRG23945/ISRG2
3945/ISRG2
Cat 3750
Cat 3750
Single policy request produces automated change across all network elements enabling high quality user experience
QoS Changes
CollaborationApp
SessionPolicy
AP
Pre-QOS change – Default ClassificationPost QoS change - Video
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Wrap-Up & Key Takeaways
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKNMS-2031 103
Cisco SDN for Enterprise Networks with APIC-EMKey Takeaways
Automation
+
Simplification
PI + APIC-EMIntegration
Brownfield
+
Greenfield
Thank you
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
104