Cisco Tech Update Apic-Em SDN 18 Og 20 August 2015

SDN & APIC-EM TECH-Update
August 2015
Ren Andersen System Engineer Cisco DK
Why SDN, programming and APIC?
Presentation_ID
Cisco and/or its affiliates. All rights reserved.
Cisco Public
Fast IT: IT Agility at the Speed of Business
Manual
Box-Centric
Provision in Months
Presentation_ID
Automated
Network-Wide
Hours
Closed Systems
Network Data
New Installations
Cisco Public
Open and Programmable

Business Intelligence
Existing + New Installations
Design Point for Cisco APIC-EM Solution
Low Risk
Minimal to NO
programming
Brownfield
Support
Presentation_ID
Low
Complexity
Start with few

solvable problems
4
Cisco Public
Why controllers helps us all, admin still has the power.
But uses controller

to mask complexity
NETWORK
Presentation_ID
5
Cisco Public
Different controllers different purposes

1
APIC
APIC-EM
ODL
DC
WAN
Access
Open
Source
Cisco SDN Controller Technologies

Presentation_ID
Cisco Public
Abstracting Conventional Policy Complexity

Conventional Model
ACI Policy Model

The What
The What
Admin
Driven
Security Policy for

Branch A
Security Policy for

Branch A
ACI Constructs
The How
Admin Driven
Northbound APIs
The How
Change ACLs in
the Following
Elements
Change ACLs in
the Following
Elements
APIC EM
ACI Abstracts System Management and Enables Programmable Driven Policies

Presentation_ID
7
Cisco Public
What is Policy?
WHAT
HOW
Policy way to simplify how we do things via abstraction

Presentation_ID
8
Cisco Public
Cisco APIC Enterprise Module Architecture

Security
QoS
IWAN
Network PnP
Cisco and Third Party Applications

Exposes Network Intelligence
REST API
For Business Innovation
Cisco APIC Enterprise Module

Network Info
Database
Policy
Infrastructure
Automation
Abstracts Network Devices to Mask Complexity

Southbound Interface: CLI
Treat Network as a System
Network Devices
Catalyst, ASR, ISR
Masking Network Complexity, Exposing Network Intelligence

Presentation_ID
9
Cisco Public
Policy engine Business Intent

Intent Policies
UI:: BradWebAllow: brad http allow
High Level Constructs
Policy Manager:: Business Policy -> Network Policy
Translation
Policy Programmer:: Network Policy-> Network Cmds
Network Control Functions
QoS
Configuration
Presentation_ID
Scanner-Service:: Network Commands -> device
ACL
10
Translation of high level constructs to

network control functions reduces skills
gaps and clarifies policy procedures
Cisco Public
UNDER THE COVERS YOU DONT SEE THIS!

{"policyName":"bradweballow","policyOwner":"Admin","policyPriority":4095,
networkUser":{"userIdentifiers:["brad"]},"resource":{"applications":["80,80,tcp"]}
,"actions":["PERMIT"]}
CompositeNetworkPolicy [networkPolicy=NetworkPolicy [policyId=902000be-adaf-4f41-bfb7d1d9ee01e0f8,
creatorUserId=Admin, policyName=bradweballow, policyPriority=4095,
businessPolicyId=10d7e374-c1e0-4190-b3f8-58b3a49b4a90,
flowId=7ba2034a-3cb0-4877-ae14-4a6c33aac312,
actionId=70fb3b4c-ccf8-4561-b49c-684e5dc8d3cd, ],
flow=Flow [flowId=7ba2034a-3cb0-4877-ae14-4a6c33aac312,
srcIp=10.10.30.2, srcIpMask=32, dscp=-1, protocol=tcp, srcTptPortLower=0,
srcTptPortUpper=0, dstTptPortLower=80, dstTptPortUpper=80], flowAction=FlowAction
[actionId=70fb3b4c-ccf8-4561-b49c-684e5dc8d3cd, action=permit, actionPropDscp=-1, ]]
CLI = config t, ip access-list extended User-Acl--8653840507576742282,

10 permit tcp host 10.10.30.2 any eq 80,
interface GigabitEthernet1/0/4, ip access-group User-Acl--8653840507576742282 in, end
20:22:28.992 EST DEBUG c.c.c.qos.acl.AclPolicy - Acl Policy Created Successfully on the
Device : d29d175f-aacc-4c9c-a290-2392fc80a0e3
Presentation_ID
11
Cisco Public
First we need to check the APIC-EM User Interface
Presentation_ID
12
Cisco Public
APIC-EM User Interface App: Device Inventory
Presentation_ID
13
Cisco Public
APIC-EM User Interface App: Topology
Presentation_ID
14
Cisco Public
APIC-EM User Interface App: **possible** future services
Presentation_ID
Cisco Public
Use Case: Path Visualization
No efficient method to troubleshoot IP voice and video sessions traversing the network
on demand
Lack of network visibility creates large OPEX to diagnose and find problem sources
Path computation service provides a fast and accurate method for rapidly
identifying/isolating paths causing problems
Low risk use case for SDN
Presentation_ID
16
Cisco Public
Path Trace Visualizer

5-Tuple Input
Presentation_ID
Cisco Public
17
Path Trace Visualizer

Wireless to Wired
Presentation_ID
Cisco Public
18
Path Visualization (Trace)
For Your
Reference
Key Milestones to SDN Led Management Evolution 2015
Q1 2015
Q4-2015
Q1- 2016
APIC-EM CA
APIC-EM GA
APIC-EM Updates
Path Visualization application for

network path tracing
Scalable controller foundation

supporting multiple use case / apps
Expanded application support across

multiple enterprise use cases
APIC-EM Apps
APIC EM Apps
APIC-EM Apps
IWAN app EFT with policy based

provisioning of Secure WAN
IWAN App GA with dynamic QoS

changes; BSA app EFT
Multiple apps across Wireless, Access,

Collab, Security and Automation
Presentation_ID
20
Cisco Public
APIC-EM Policy App
Presentation_ID
21
Cisco Public
APIC-EM Policy App

Under the hood
Presentation_ID
Cisco Public
22
How to use Policy Programming for Network Threat Defense

Policy Programming outside the User Interface
2. SF Sensor detects threat

3. SF DC notifies Controller
SourceFire
Defence Center
HQ
WAN
Internet
Defense Center
Alert!!!!
Malware Attack
ISR
4. Remediation API event
5. Policy installed on Access

switch port by Controller.
6. Block or quarantine end-point
Presentation_ID
SDN Controller
Remediation Policy
Enforcement
1. BYOD Malware/Javascript
Attack
Controller
Notification
Sensor
ISR
Sensor
Branch
X
Host Quarantined
Cisco Public
23
How to use Policy Programming for Network Threat Defense

Policy Programming outside the User Interface
Controller
Notification
SDN Controller
SourceFire
Defence Center
HQ
WAN
Internet
Defense Center
Presentation_ID
/api/v0/policy POST
{"actions": ["DENY"],
"policyOwner":"admin,
"policyName": "deny_all,
"networkUser":
{"userIdentifiers:["10.1
0.20.7"]}}
ISR
Sensor
ISR
Sensor
Branch
X
Host Quarantined
Cisco Public
24
EasyQoS App
No More Individual, Box-by-Box Configuration
Best Effort
Transacti
onal Data
Control
Realtime
Config.
Cisco Validated
Design- Based Templates
Cisco Validated
Design {CVD}
Presentation_ID
Cisco Public
25
Easy QoS App

Cisco Validated Design (CVD) classification and marking
Presentation_ID
Cisco Public
26
Easy QoS
Easy customization of policies
Presentation_ID
Cisco Public
27
Use Case: Dynamic QoS Classification for Jabber Video

Collaboration
App
Post QoS change - Video
Session
Policy
EN
Controller
QoS Changes
Pre-QOS change Default Classification
Enterprise Network
3945/ISRG2
AP
3945/ISRG2
3945/ISRG2
Cat 3750
Cat 3750
Single policy request produces automated change

across all network elements enabling high quality user
experience
Presentation_ID
28
Cisco Public
Application Driven Network Dynamics

Dynamic Policy Management for Jabber Audio/Video
Client A
calls Client
B
APIC
EM
REST API
CUCM calls
APIC-EM to
setup Policy
QoS Policy
enabled on
network device
APIC
EM
REST API
Calls Ends
CUCM calls
APIC-EM to
Delete Policy
Presentation_ID
QoS Policy
removed from
network device
Cisco
(*)Public
Roadmap
29
NG Plug-N-Play - Simple Secure Scalable

1
Pre Provision Projects/Sites

Policies
Match Rules
Configs/Image
IP Addressing
Network Admin
APIC EM
PnP Server
2
Smart
Install
Proxy
PnP
Agent
PnP
Agent
PnP
Agent
CampusBldg-2
Installer
Remote Installer
Mount and cable devices
Power-on
Unskilled
Installer
2013-2014 Cisco and/or its affiliates. All rights reserved.
GUI Based
PnP
Agent
Network Admin remotely

monitors status of install
while in progress.
Booting devices call out
to PnP Server,
requesting instructions
Smart InstallClient
Consistent for devices &

PIN(Campus/Branch)
Secure
RMA Use
Case
Greenfield
Cisco Confidential
& Brownfield
30
NG PnP Components
Cisco Cloud Redirection Service
https://devicehelper.cisco.com/devicehelper
PnP Helper Applications:
Applications on smart phones and
personal computers that facilitate
deployment
Deliver Boot Strap config when
needed
PnP Protocol: Protocol between the

Agent and the PnP server. This is an
open schema allowing third-party
development of PnP servers
PnP Agent: An embedded agent on the ISR

and Catalyst to automate deployment process
PnP Server: A central server that manages deploy

devices (images, configurations, files and licenses)
for the devices being deployed.
APIC EM PnP Server provides a north bound
interface for management applications.
PnP Server communicates with the Agents using an
open PnP protocol.
Cisco Confidential
31
Example Branch Automated Deployment

PnP Server
Day 0
Booting
devices
contact PnP
Server
requesting
instructions
Pre Provision
Projects/Sites
Policies
Match Rules
Configs/Image
IP Addressing
Network
Admin
Internet
PnP Server site Device list

PID
Serial #
Hostname
IP address
ISR-2951
FOX23zxcd
ISR-main
192.168.15.1
ISR-2951
FOX23zxcb
ISR-bakcup
192.168.15.2
C3850
FOC123dfg
Dist1
192.168.16.3
C3560C
FOC443asd
ACC-sw1
192.168.16.4
C3560C
FOC443asa
ACC-sw2
192.168.16.5
C3560C
FOC443asg
ACC-sw3
192.168.16.6
C3560C
FOC443asx
AC-sw4
192.168.16.7
Deliver bootstrap
Network Admin
Day 1
Day 1
Installer on site
Mount and cable

devices
Power-on
IT Admin remotely monitors

status of install while in
progress.
Installer
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
32
APIC EM Component: PnP/ZTD Manageability

Pre-provisioning and Day0
First GUI based

PnP Server from
Cisco
ZTD App
Available Q4
2015
Scripts based on
REST API
PreProvisioning
Image & Config.

Policy Definition
Enterprise Applications &

Orchestration Layer
Zero Touch
Deployment (ZTD)
App
Security
QOS
Mobility
REST API
ZTD component
ZTD
component
Cisco ONE Enterprise

APIC Controller - EM
CLI, OpenFlow, OnePK API, PNP Protocol
Cisco Devices
Catalyst, ISR, ASR
Cisco Confidential
33
NG PnP: Installer App

No CLI by installer
Why an Installer App for Deployment
Delivers boot strap
Troubleshooting tool: ie: device status
Communicates with Server
3G/4G/Wifi
Provides device install status & progress
Provide project install notes/documents
Optional: the Installer App is not required

for solution
Bootstrap and installer aid only
Supported Devices: Iphone, Ipad, laptop
Uses special Serial/console cable
Special App
Console
cables
Cisco Confidential
34
NG PnP Server Discovery: precedence

1) DHCP Response with Options 60 & 43 consistent with Cisco LWAP
Option 60 Vendor Class ID matching Networking Device optionally configured

on DHCP Server
Option 43 IP Address of PnP Server
2) pnpserver.localdomain customer configures their DNS server to resolve

3) Cloud redirection https://devicehelper.cisco.com/device-helper
4) Neighbor assisted when no DHCP
1
Contact PnP Server directly using option 43

192.168.1.1
Resolve DNS pnpserver.localdomain
2
DNS response: 192.168.1.1
PnP Server
AGent
DNS Server
Cisco Confidential
35
APIC-EM ZTD: pre-provision site process

Site Workflow
- Serial # and PID create rule
to match the device

- Operational Config and/or
IOS image for each device

- Bootstrap config optional
- Import/Export to use table
driven data entry
Cisco Confidential
36
NG Plug-N-Play Supported Platforms

Supported
Release
Release
Timelines
Cisco Catalyst 4500E Switches (Sup8-E, 7-E/7L-E, 6-E/6L-E)

Cisco Catalyst 4500-X, 4900 Series Switches
Cisco Catalyst 3850, 3650, 3750-X, 3560-X Series Switches
Cisco Catalyst 2960-C, 3560-C Series Compact Switches
Cisco Catalyst 2960-S/SF/X/XR Series Switches
Cisco 5700 Series Wireless Controller
IOS 15.2(2)E,
IOS-XE 3.6.0E
July 2014
Core Switches
Cisco Catalyst 6500 Series Switches: Sup2T/Sup720

Cisco Catalyst 6880-X, 6807-XL Series Switches
IOS 15.2(1)SY
Dec 2014
Access Routers
Cisco 4451-X Integrated Services Router

Cisco ASR 1000 Series Aggregation Services Routers
Cisco Cloud Services Router 1000V Series
Cisco 800, 1900, 2900, 3900 Series Integrated Services Routers
IOS-XE 3.12/
IOS 15.4(2)T
July 2014
IOS 15.2(2)E
July 2014
Roadmap
Q4CY15
Platform
Access
Switches
Industrial
Ethernet
Switches
Firewall, DataCenter Switches
PnP Agent Support on Products
Cisco Industrial Ethernet 2000 Series Switches

Cisco Industrial Ethernet 3000 Series Switches
Cisco ASA Firewalls, Cisco Nexus Series Switches
Cisco Confidential
37
Cisco Solution: APIC EM + IWAN
AVC
DMVPN
WAAS
IOS FW
PfR
Single policy management domain
Seamless LAN and WAN interoperability

Better Resource Utilization
Central point of control for multiple services
Simplified Management
Lower Operational Complexity
One click implementation of business context policies
Easier Deployment
Centralized end to end network level view
Greater control of Service Level Objectives for critical Apps
Complete service location and form factor

transparency
Higher Agility
Smarter Branch, Simpler Operations, Faster Service Delivery
Presentation_ID
Cisco Public
Cisco Intelligent WAN App for APIC-EM
APP
Business
Policy:
App SLA
IT Admin
Access
DMVPN
SLA
QoS
Security
Path
Selection
NETWORK
Application
Network Profile
SDN
Simple Workflow
Templates
Zero Touch
Provisioning
Network, Applications
Monitoring
Business
Level Policies
Business Policy Dictates Network Action

Presentation_ID
39
Cisco Public
Open
Architecture
APIC-EM IWAN App

Dashboard and Site Configuration
Presentation_ID
Cisco Public
40
Site topology choices in IWAN app
Presentation_ID
Cisco Public
Link type selection in

IWAN app
Presentation_ID
Cisco Public
Application priority policy setting in

IWAN app
Presentation_ID
Cisco Public
Cisco Prime and APIC-EM

Management
&
Orchestration
Layer
Operational Automation
Cisco IAC
UCSD
Catalog /
Provisioning
PRIME INFRASTRUCTURE
& NAM
Fault /
Events
APIC-EM
App (IWAN)
User / Data Performanc Reporting /

Management e Monitoring Analytics
Policy and Service Definition

Automated Assurance Provisioning
Visualization, Trending and
Analytics
REST API (ONE DevKit)
Control
Layer
Cisco APIC
Common ACI Architecture
APIC for datacenter
APIC Enterprise Module
CLI, OpenFlow, OnePK API
Device
Layer
Network Intelligence
Device Layer Abstraction
Network Control
Policy Enforcement & Network
Change
Cisco Devices
Enterprise Networks, Data Center
Presentation_ID
44
Cisco Public
System of record vs. system of change
Prime Infrastructure
APIC - EM
System of Record
System of Change
Policy definition
Historical reporting on
events & performance
Configuration archive
Troubleshooting workflows
Capacity Trending
Predictive Analytics
Presentation_ID
45
Policy enforcement
Discovery (for change)
Topology (for change)
PnP
Network state monitoring
Device abstraction
Network Control
Cisco Public
Policy Maturity to Cover Enterprise System of Change
Policy based
Configuration:
Dynamic, able to
be automated,
managed by the
controller;
Policy grows,
static shrinks
configuration
Today
Presentation_ID
traditional
Controller-based Automation
policy
policy
traditional
traditional
ACI
policy
Cisco Public
Cisco Controller and Management System Portfolio for

the Campus/Branch in 12-24 Months
Common Automation Layer
System of
Automation
Branch Service Automation
Common Monitoring / Assurance
System of
Record
Prime Infrastructure
Feature
Configurable
Provisioning
Policy
Prescriptive
Provisioning
Prime
Infrastructure
Multiple APIC-EM
Apps
System of
Change
Common Controller Layer

for Campus/ Branch
NE
NE
Presentation_ID
NE
NE
APIC-EM
NE
NE
NE
Cisco Public
NE
NE
NE
Traditional Management to SDN led Management (1 of 5)

Traditional Management
SDN Led Management

Customer input on business /
service intent
Customer developed
provisioning tools, manual CLI
changes, and run book
automation for IT Operations
support
Automation
(Workflow / Orchestration)
Prime Infra (NMS)

(Provisioning and Assurance)
Controller
(APIC-EM)
Prime Infra (NMS)

NW (LF, AS)*, UCS
NE
NE
NE
NE
NE
NE
* LF: Lifecycle, AS: Assurance
NE
NE
Cisco Confidential
48
Traditional Management to SDN led Management (5 of 5)

Prime Infra + APIC EM (w/ Foundation Apps, Solution Apps, Advanced Apps)
Traditional Management
SDN Led Management

Customer input on
business / service intent
Customer developed
provisioning tools, manual CLI
changes, and run book
automation for IT Operations
support
Advanced Apps ($$)
...
Ex: BSA*, Prime Insight
Automation
MGMT 3.x Lic. ($$)
...
PI 3.x (NMS)
PI 3.x
Solution Apps
Ex. IWAN App, etc
APIC-EM Foundation Apps ($0)

Ex: Inv., Topo., PnP..
Prime Infra (NMS)

Controller (APIC-EM)
NW (LF, AS)*, UCS
NE
NE
NE
NE
NE
NE
NE
APIC-EM Controller SW ($0)

(Opt) UCS HW Platform($$)
NE
Cisco Confidential
*BSA: Branch Services Automation
49
Add an APIC-EM Controller to Prime 3.0
Presentation_ID
Cisco Public
In Prime Enable APIC-EM Next-Gen PnP server for

Plug and Play globally
Presentation_ID
Cisco Public
APIC-EM Controlled Availability Supported devices
Presentation_ID
Cisco Public
52
What you get for CA2 APIC-EM ver. 0.9

Service Catalog
Root
Client
Bins / libs
Single ISO Image:

Containing one Linux Machine
Ubuntu 14.04 64-bit
Grapevine bits
APIC-EM Service Catalog
Container
Operating System
Client Container
How APIC-EM can be deployed !

Bare Metal
C
u
s
t
o
!
m
!
e
!
r
a
s
k
Hypervisor Agnostic
Root
Root
Client
Client
Bins / libs
Bins / libs
Container
Container
Client
Bins / libs
Bins / libs
Container
Container
Operating System
Client
Operating System
Virtual Machine
Hypervisor
Hardware
Hardware
Before you deploy

General Requirements:
Minimum Number of IP Addresses
CPU: 2-4 cores or more
Required = 1 (external Phy Interface)
RAM: 8-64GB or higher (for

scaling)
Depending on the customers

environment:
HDD: 40-150GB
Bare Metal or ANY Hypervisor !
Add +1 for access to NTP server

network if separated (needed all
times!)
Multiple Physical Machines for HA
NTP server
Add +1 for access to Internet (if

not routable from above networks)
Internet access
(for automatic updates)
Custom made Apic-EM Apps
DevNet
Forums | Sandbox | API Index | Documentation
Presentation_ID
Cisco Public
Self-Service Sandboxes
Select
environment
Verify
availability
Teardown
Collaborate
Reserve
Conduct
activities
Presentation_ID
Setup
Cisco Public
Building the Partner Ecosystem: Advanced Apps
Threat Detection &

Mitigation
Cloud Hosted WAN

Management
VDI & Load

Balancing
More Partners are in Pipeline

Presentation_ID
Cisco Public
Network
Performance
Management
Homemade Apic-EM Apps
RightSize App Goal

Scope : Ensure IT is not preventing business from
growing and Lower TCO by right sizing switching
infrastructure
2 functions
List amount of unused ports for a given time period,
suggest replacements when valid
Predict growth and expand before problems arise
Presentation_ID
Cisco Public
RightSize App
Admin workstation
1. RIGHTSIZING-APP polls
APIC-EM rest API
Procurement
APIC-EM
3
2
Database
Presentation_ID
Switch infrastructure
2. APIC-EM polls southbound

switches using CLI
3. RIGHTSIZING-APP saves
data in database
4. RIGHTSIZING-APP check
growth parameters and
creates events is Threshold
exceeding
5. RIGHTSIZING-APP sends
events using email to
procurement department
Cisco Public
Presentation_ID
Cisco Public
Presentation_ID
Cisco Public
Presentation_ID
Cisco Public
Presentation_ID
Cisco Public
Presentation_ID
Cisco Public
Presentation_ID
Cisco Public
Presentation_ID
Cisco Public
SkyConnect 4.0
Lufthansa Systems global WAN platform
Reference customer on APIC EM
Is the All in One iWAN LAN and Voice solution
APIC-EM Apps a.k.a how can the controller help my

customer simplify their environment?
Path Visualization
Path Visualization + Integration with CUCM (via MapCollab)
ACL Trace
Just a few
examples,
theres
much more
ACL Analysis
Security Policy Programming (Per User/Group)
Policy Programming for Network Threat Defense

Easy QoS via User Interface
Dynamic Policy for video soft clients
IWAN App
Applications
Released in
phases
Network Plug and Play Server

Presentation_ID
Cisco Public
APIC-EM for free

Get Apps with Cisco ONE
What Is Cisco ONE Software?

A More Valuable and Flexible Way to Consume Cisco Software
Current Model
Cisco ONE
A La Carte, Separately
Priced Items
Software Suites
Licensing Tied to
Hardware
Software License Portability

Access to Ongoing Innovation
Perpetual for the
Perpetual, Subscription, & ELA Options
Lifetime of the Box
Presentation_ID
Offered as a Solution
Cisco Public
Cisco ONE Software
Security
Cisco ONE for Data Center
Cisco ONE for

WAN
Cisco ONE for Access
Threat Defense for Data Center
Threat Defense for WAN
Identity Services for Access
ASA, ASAv
ASA, ASAv, Cloud
ISE, ISEv
Applications
Multi-Tenant
Converged
Fabric
Intercloud
Fabric
WAN Collaboration
Campus Fabric
Advanced
Mobility
Services
Foundation
Foundation for
Networking
Foundation for
Compute
Foundation for WAN
Foundation
for Switching
Foundation
for Wireless
Networking
Compute
WAN
Switching
Wireless
Nexus 3K, 5K, 6K, 7K,

9K, MDS 9000
X86, UCS
ISR, ASR, CSR
Catalyst 2K, 3K,

4K, 6K
WLC, MSE, AP
Note: Not represented is the Base Software Platform (e.g., operating system) included with each device. These are not sold as a Cisco ONE bundle, but included with the device
Presentation_ID
Cisco Public
Suites
Products
Some References
APIC-EM
Session PDF
http://www.cisco.com/web/DK/seminarer/mate
rialer.html
APIC-EM Demo Videos incl. Audio
https://www.youtube.com/watch?v=mUY5ErfjOs
APIC-EM on Facebook
https://www.facebook.com/groups/apicem/
German Blog
http://gblogs.cisco.com/de/category/apic-em/
DevNet and Download
https://developer.cisco.com/site/apic-em/
Presentation_ID
75
Cisco Public

Cisco Tech Update Apic-Em SDN 18 Og 20 August 2015

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Cisco Tech Update Apic-Em SDN 18 Og 20 August 2015

Încărcat de

Drepturi de autor:

Formate disponibile

SDN & APIC-EM TECH-Update

Ren Andersen System Engineer Cisco DK

Why SDN, programming and APIC?

Cisco and/or its affiliates. All rights reserved.

Fast IT: IT Agility at the Speed of Business

Cisco and/or its affiliates. All rights reserved.

Open and Programmable

Design Point for Cisco APIC-EM Solution

Start with few

Why controllers helps us all, admin still has the power.

But uses controller

Different controllers different purposes

Cisco SDN Controller Technologies

Cisco and/or its affiliates. All rights reserved.

Abstracting Conventional Policy Complexity

ACI Policy Model

Security Policy for

Security Policy for

ACI Abstracts System Management and Enables Programmable Driven Policies

Policy way to simplify how we do things via abstraction

Cisco APIC Enterprise Module Architecture

Cisco and Third Party Applications

For Business Innovation

Cisco APIC Enterprise Module

Abstracts Network Devices to Mask Complexity

Treat Network as a System

Masking Network Complexity, Exposing Network Intelligence

Policy engine Business Intent

UI:: BradWebAllow: brad http allow

High Level Constructs

Policy Manager:: Business Policy -> Network Policy

Policy Programmer:: Network Policy-> Network Cmds

Network Control Functions

Scanner-Service:: Network Commands -> device

Translation of high level constructs to

UNDER THE COVERS YOU DONT SEE THIS!

CLI = config t, ip access-list extended User-Acl--8653840507576742282,

First we need to check the APIC-EM User Interface

APIC-EM User Interface App: Device Inventory

APIC-EM User Interface App: Topology

APIC-EM User Interface App: **possible** future services

Cisco and/or its affiliates. All rights reserved.

Use Case: Path Visualization

Path Trace Visualizer

Cisco and/or its affiliates. All rights reserved.

Path Trace Visualizer

Cisco and/or its affiliates. All rights reserved.

Path Visualization (Trace)

Key Milestones to SDN Led Management Evolution 2015

Path Visualization application for

Scalable controller foundation

Expanded application support across

IWAN app EFT with policy based

IWAN App GA with dynamic QoS

Multiple apps across Wireless, Access,

APIC-EM Policy App

APIC-EM Policy App

Cisco and/or its affiliates. All rights reserved.

How to use Policy Programming for Network Threat Defense

2. SF Sensor detects threat

4. Remediation API event

5. Policy installed on Access

Cisco and/or its affiliates. All rights reserved.

APIC-EM User Interface App: possible future services