Brkarc 3438

#CLUS
Cisco Catalyst 3850

and 3650 Switching
Architecture
Dimitar Hristov – Technical Marketing Engineer

BRKARC-3438
#CLUS
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
Webex Teams will be moderated cs.co/ciscolivebot#BRKARC-3438

by the speaker until June 18, 2018.
#CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Is Your Network Ready for Digitization of
Tomorrow?
IP Display/DMS Printer IP Camera LED Lights / IoT AP PC/Laptop IP Phone
Does the platform Does the platform Does the platform Does the platform Does the platform let you
support new PoE make it easy to support enough ensure secure adapt to new connectivity
devices efficiently? provision Programmability? network access? requirements?
and scale? #CLUS BRKARC-3438 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Enterprise Trends Driving Digital Transformation
Mobility IoT Security Programmability
Fabric Enabled Wireless CoAP / IoT Device profiling 256bit MacSec DevOps Toolkit
Multigigabit SD Bonjour Trustworthy Systems Netconf
Perpetual PoE Group based policy Yang Models
AVB Full Netflow Streaming telemetry
#CLUS BRKARC-3438 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
“The goal of this session is to
give you an in depth view of the
platform so you can understand
its strength as well as its
limitations …”
Agenda
• Introduction & Overview
• Platform and ASIC Architecture
and Packet Walks
• High Availability – Data and
Power Stacks
• Scale
• Software Innovations
• Conclusion
Introduction to Catalyst
3850 and 3650
The Catalyst 3K Family
Catalyst 3850 Catalyst 3650 Catalyst 3850 SFP Catalyst 3850 mGig Catalyst 3850 SFP+ Catalyst 3650 Mini Catalyst 3650
Stackwise-480, Stackwise-160, Stackwise-480, Stackwise-480, Stackwise-480, Stackwise-160, Mgig
Stackpower - Stackpower Stackpower Stackpower Data/PoE/PoE+/ Stackwise-160,
Data/PoE/PoE+/UPoE Data/PoE/PoE+/ 12 and 24 Port Versions 24 and 48 Port Versions 12, 24 and 48 Port Versions Fixed Uplinks Data/PoE/PoE+/UPOE
FRU Uplinks Fixed Uplinks FRU Uplinks Stacks with any Catalyst 3850 Enabling 10G Aggregation Stacks with any 3650 Fixed Uplinks
Stacks with any 3650
Jan Oct May Jan Jun/Aug Jan Oct

2013 2013 2014 2015 2015 2016 2016
Built on Cisco’s Innovative “UADP” ASIC
One Switch – Multiple Deployment scenarios
MultiGigabit
48 Port SFP+ Version
MultiGigabit No Stackwise 480
1 Gigiagbit SFP+
Mini – Shallow Depth SFP
1 Gigabit
Catalyst 3850 Copper Catalyst 3650 Copper

Copper SKUs Data and Copper SKUs Data and Catalyst 3850 Fiber SFP Catalyst 3850 Fiber SFP+
PoE/UPoE Switches PoE/UPoE Switches
Fiber SKUs SFP Versions Fiber SKUs SFP+ Versions
480G Stacking Capacity 160G Stacking Capacity
Enterprise Class Access Layer Smaller Core & Aggregation Option
Based on a Common ASIC and Software

Catalyst 3850/3650
Components
Uplink Network Module Options on Catalyst 3850
C3850-NM-4-1G C3850-NM-2-10G C3850-NM-4-10G C3850-NM-2-40G C3850-NM-8-10G
4x1Gig 2x1Gig+2x10Gig 4x10Gig 2x40Gig 8x10Gig
SFP SFP/SFP+ SFP/SFP+ QSFP SFP/SFP+
48 Ports or 12+ SFP+ For MultiGigabit and SFP+ Versions only
Flexibility & Investment Protection
Fixed Uplink Options on Catalyst 3650
4x1Gig 2x1Gig+2x10Gig 4x10Gig 2x40Gig 8x10Gig
SFP SFP/SFP+ SFP/SFP+ QSFP SFP/SFP+
For MultiGigabit Versions only
Make Uplink Decision at the time of Purchase
Power Supplies
Catalyst 3850 Catalyst 3650
350WAC 440WDC 715WAC 1100WAC 250WAC 640WAC 640WDC 1025WAC
Same as 3750-X— Wider Than 3850/3750-X PSs

Interchangeable New PIDs Different Watts Capacity
MultiGigabit SKUs
Same PS as 3850s
715WAC 1100WAC
Catalyst 3650 Mini – Fixed PS
RPS Support for PS

48 Port 24 Port Redundancy
Power Supply 975W 640W
Available PoE budget 775W 390W
PoE All 48 ports All 24 ports
PoE+ 24 ports 12 ports
48 Port SFP+ Version – 750 WAC PS
Dual 750 WAC PS
4x40G Fixed Uplinks
Line Rate – 640G Switching Capacity
Stack–Cables and Components
Catalyst 3850 Catalyst 3650
3 lengths of cable, 0.5 1 and 3 Meters 1 ring in 3650 vs 3 rings in 3850
Catalyst 3850/3650 models For Your
Reference
Similarities & Differences
Catalyst Catalyst 3850
Features / Catalyst Catalyst Catalyst 3850 Catalyst Catalyst 3650 Catalyst 3650
3850 SFP+ (12,24
Scale 3850 3850 SFP SFP+ (48Port) 3650 Mini MultiGigabit
MultiGigabit Ports)
ASIC UADP 1.0 UADP 1.0 UADP 1.1 UADP 1.1 UADP 1.1 UADP 1.0 UADP 1.1 UADP 1.1
Stacking BW 480G / 9 480G / 9 480G / 9* 480G / 9* NA 160G / 9 160G / 9* 160G / 9*
Stackpower, Stackpower, Stackpower, Stackpower,

Stack Power No No No No
XPS XPS XPS XPS
Modular Modular Modular Modular Fixed
Uplinks Fixed Uplinks Fixed Uplinks Fixed Uplinks
Uplinks Uplinks Uplinks Uplinks uplinks
Wireless 100 AP max 100 AP max 100 AP max 100 AP max 100 AP max 50AP max 50AP max 100 AP max
Stacking
Built-in Built-in Built-in Built-in N/A Optional Optional Optional
Module
Memory/Flash 4GB /2GB 4GB /2GB 4GB /4GB 4GB /4GB 8GB /8GB 4GB /2GB 4GB /2GB 4GB / 4GB
Single (Fixed),
Power Dual (FRU) Dual (FRU) Dual (FRU) Dual (FRU) Dual (FRU) Dual (FRU) Dual (FRU)
RPS 2300
MACSEC 128 bit 128 bit 256 bit 256 bit 256bit 128 bit 256 bit 256 bit
SSO,
HA SSO SSO SSO SSO, Stackwise SSO SSO SSO
Virtual
Looking Inside the
Switch
Catalyst 3850: Under the Covers…
PoE+ Controllers UADP ASICs

Downlink Phys (x2)
(x12)
Cavium CPU
Ampere / Stack
Power Controller
FRU Uplink
Module
Power Stack Conn (x2) Redundant Power Supplies

Ethernet And
Console Port Fan FRU (x3)
Back Stack Conn (x2)
ASICs are a Pillar of Cisco Innovation…
Traditional ASIC Pipeline
Can lookup these
Fields
Parses &
Understands Fixed Fixed
Parser
number of Bytes
MAC IPv4 ACL QoS
Ether
net
IP Payload Look Look Look Look
up up up up
Ether VXLA Ether
VXLAN net
IP UDP
N net
IP Payload
GRE Ethern
IP GRE
Ethern
IP Payload
et et
MPLS Ethern Fast Memory Lookup Tables

Label IP Payload
et
Not Supported in Hardware

Traditional QoS
Look
ACL
Look
…
Look
…
Look
ASIC up up up up
Fixed Pipeline
Cisco Innovation
Based on UADP ASIC

In 2013 Cisco Introduced a new family of (Unified Access Data Plane)
switches called Catalyst 3850
Future proofed for the technologies of tomorrow

Some of the Key Capabilities of UADP ASIC
Flex Parser (256 Bytes) Micro Engines

& Recirculation (Fragmentation
Programmable Pipeline Capability Encryption
(15 Ingress and 7 (upto 16 times) e.g, Macsec 256
Egress) bit)
No Compromise on Performance
UADP 1.0 and 1.1 ASIC Block Diagram
Stack Interface
AQM
Q PBC – Packet Buffers Complex SQS
IQS Ingress Pipeline Egress Pipeline Q Q

Flex Parser EQS
L L L L
o o o o
IGR o
k
u
p
T
a
o
k
u
p
T
a
o
k
u
p
T
a
o
k
u
p
T
a
b b b b
l l l l
e e e e
Stage #15 L
o
o
L
o
o
L
o
o
L
o
o
Stage #1
Ingress
Stage #.. Forwarding Egress Forwarding
k k k k
u u u u
p p p p
T T T T
Stage #2
a a a a
Flexible
b b b b
l l l l
e e e e
Controller L
o
o
L
o
o
L
o
o
L
o
o
Controller
Stage #..
Stage #.. Look up
k k k k
u u u u
p p p p
T T T T
(IFC) (EFC) Stage #..

a a a a
b b b b
l l l l
e e e e
Stage #2
L
o
o
k
u
p
T
a
Tables
L
o
o
k
u
p
T
a
L
o
o
k
u
p
T
a
L
o
o
k
u
p
T
a
Stage #8
b b b b
l l l l
e e e e
Stage #1 L
o
o
k
u
p
T
L
o
o
k
u
p
T
L
o
o
k
u
p
T
L
o
o
k
u
p
T
ReWrite
a a a a
Flex Parser
b
l
e
b
l
e
b
l
e
b
l
e
EGR Engine
Encryption Recirculation
Engine Engine
Ingress
Egress
FIFO
FIFO
UADP 1.1
MACsec MACsec
Network Interfaces - Front Panel Ports + CPU + Network Redundant Uplinks (NRU)
Lets take a look at the Programmable Pipelines
15 Ingress Stages
256 B Header
Ingress Programmable Pipeline
Flex Parser IGR
Stage Stage Stage Stage Stage Stage Stage

#1 #2 #3 #4 #.. #.. #15
Lookup Lookup Lookup Lookup Lookup Lookup Lookup Lookup

Table Table Table Table Table Table Table Table TCAM, SRAM
Stage Stage Stage Stage Stage Stage Stage

#7 #6 #5 #4 #3 #2 #1
EGR Flex Parser
Egress Programmable Pipeline
7 Egress
Stages
Micro Code Programmed to
understand
VXLAN
Ingress Programmable Pipeline

Flex Parser IGR
L3/L2
MC
Look
span
Look
Policy Stage
Tunn
eling
NF
Look
OSPF MPLS ACLs
Lookup Lookup #..
up up #.. up
Software Features
NFC ACL QoS ExM FIB
PLC PSE FSE Micro Code
Span Sec. NF
Stage Stage Stage Policy
Look
up
Look
up
#5 #4 #3
Look
up
Lookup ASIC
EGR Flex Parser
Egress Programmable Pipeline Programmed to

understand
MPLS
UADP Variants
1G/10G 24K
Ethernet Netflow Records
240 Gbps 6MB 56 Gbps

UADP 1.0
External Name
Stacking Capacity Packet Buffer Bandwidth
Catalyst Catalyst SFP

Catalyst 3650 Fiber
First Generation of UADP 3850 Copper
ASIC
First Programmable ASIC
Dual Core 1G/10G/40G 256 Bit 24K x2
Running @ 500MHz Ethernet MACsec Netflow Records
Encryption
1588 240 Gbps 6MB x2 160 Gbps

Stacking Capacity Packet Buffer Bandwidth
IEEE
UADP 1.1
External Name
Catalyst 3850
Multigigabit Catalyst 3650 Catalyst 3650
Catalyst 3850 Mini
SFP+ Multigigabit
Enhanced Version of UADP
1.0 ASIC
Enhanced Power & Security Capability
IOS XE Evolution
Same Look & Feel, More Powerful Architecture
IOS IOS XE 3.7.x(SE) Open IOS XE 16.X
IOS IOSd Hosted Apps IOSd Hosted Apps
WCM LXC* WCM

Features Features
Features Components Components Components
Wireshark KVM* Wireshark
Common
CommonInfrastructure
Common Infrastructure//HA
HA Infrastructure / HA
Management
ManagementInterface
Management Interface Interface
Process
ModuleDrivers
Module Drivers Module Drivers DB
Kernel
Kernel Kernel
UADP ASIC & Open IOS-XE Enables…
Core
WiF
Cat 5e i>
Cables 1G
SW-1 SW-2
WS-C3850-48XS 40G/10G WS-C3850-48XS

2.5-5G!
MultiGigabit MultiGigabit
Switch Capable AP
MultiGigabit Campus Fabric Stackwise Virtual
LDP session
MPLS Dom ain
PE P P PE CE
CE
CE PE P P PE CE
Label switched path
MPLS AVC Programmability
Most Importantly : Software Defined - Access
Identity-based Policy & Single Network Fabric Insights & Telemetry

Segmentation
Decoupled security policy Automation across wired and Analytics and insights into User
definition from VLAN and IP wireless for optimized traffic flows, and application behavior for
Address to enable rapid policy and workflow-based management proactive issue identification and
updates provide consistency at scale resolution
Industry’s first policy-based automation from the Edge to the Cloud

UADP ASIC For Your
Related Sessions Reference
BRKARC-3467 : Cisco Enterprise Silicon - Delivering Innovation for Advanced Routing and Switching
BRKCRS-3300 : IOS XE : Enabling the Digital Network Architecture
TECCRS-2900 : From the Gates to the GUI – Innovations in Enterprise Networking, Catalyst Switching,
and Beyond!
Platform and ASIC
Architecture, Packet
Walk
Catalyst 3850/3650—24 Port Layout
480G STACK INTERFACE
Packet Buffer 800 MHz Quad-

Core CPU
Forwarding Controller
FPGA
UADP ASIC Reassembly
Clock - 375 MHz / Crypto
SDRAM
Ingress Egress
56Gbps FIFO FIFO
4GB
Flash
2GB
Network Interface
USB
Dual PHY Dual PHY
Octal PHY Octal PHY Octal PHY MACSec MACSec
MACSec* MACSec* MACSec*
24 Port PoE+
2 x 10G, 2 x 1G / 4 x 1G EMP Console
24 x 1G 10/100/1000
Catalyst 3850/3650—48 Port Layout
UADP ASIC
Clock - 375 MHz /
56Gbps
Packet Buffer Packet Buffer 800 MHz Quad-
Core CPU
Forwarding Controller Forwarding Controller
FPGA
Reassembly Reassembly
Crypto Crypto
SDRAM
Ingress Egress Ingress Egress
FIFO FIFO FIFO FIFO
4GB
Flash
2GB
Network Interface Network Interface
USB
Dual PHY Dual PHY
Octal PHY Octal PHY Octal PHY Octal PHY Octal PHY Octal PHY MACSec MACSec
MACSec* MACSec* MACSec* MACSec* MACSec* MACSec*
24 Port PoE+ 24 Port PoE+

2 x 10G, 2 x 1G EMP Console
24 x 1G 10/100/1000 24 x 1G 10/100/1000 4 x 1G
4 x 10 G
Catalyst 3850 MultiGigabit — 24 Port Layout
UADP ASIC
Clock – 500 MHz / 160 Gbps
Packet Buffer Packet Buffer Packet Buffer Packet Buffer Octeon-2

1.3 GHz
6-Core CPU
ASIC1 Forwarding Controller Forwarding Controller
ASIC0 FPGA
Reassembly Reassembly Reassembly Reassembly
Crypto Crypto Crypto Crypto
Ingress Egress Ingress Egress Ingress Egress Ingress Egress SDRAM
FIFO FIFO FIFO FIFO FIFO FIFO FIFO FIFO
4GB
Core 1 Core 0 Core 1 Core 0 Flash
Network Interface Network Interface Network Interface Network Interface 2GB
USB
10GB PHY 10GB PHY 10GB PHY 10GB PHY 10GB PHY 10GB PHY Dual PHY Dual PHY
MACSec MACSec MACSec MACSec MACSec MACSec MACSec MACSec
12 Port UPoE 12 Port UPoE EMP Console
12 x 10G 100M/1G/2.5G/5G/10G 12 x 10G 100M/1G/2.5G/5G/10G 2x40G, 8x10G, 4x10G,

2x1G 2x10G, 4x1G
Catalyst 3850/3650 MultiGigabit—48 Port Layout
UADP ASIC
Packet Buffer Packet Buffer Packet Buffer Packet Buffer Octeon-2

1.3 GHz
6-Core CPU
ASIC1 Forwarding Controller Forwarding Controller
ASIC0 FPGA
Reassembly Reassembly Reassembly Reassembly
Crypto Crypto Crypto Crypto
Ingress Egress Ingress Egress Ingress Egress Ingress Egress SDRAM
4GB
USB
OctalPHY OctalPHY OctalPHY OctalPHY OctalPHY 10GB PHY 10GB PHY 10GB PHY Dual PHY Dual PHY
MACSec* MACSec* MACSec* MACSec* MACSec* MACSec MACSec MACSec MACSec MACSec
36 Port UPoE 12 Port UPoE EMP Console
36 x 1G 100M/1G 12 x 10G 100M/1G/2.5G/5G/10G 2x40G, 8x10G, 4x10G,

2x1G 2x10G, 4x1G
C3850-12XS
Architecture Overview
UADP ASIC
Packet Buffer Packet Buffer Cavium

1.3 GHz
6-Core CPU
Reassembly
UADP Reassembly FPGA
Ingress
Crypto
ASIC0
Egress Ingress
Crypto
Egress SDRAM
FIFO FIFO FIFO FIFO
4GB
Core 1 Core 0 Flash
Network Interface Network Interface 4GB
USB
10G PHY 10G PHY Dual PHY

MACSec MACSec MACSec
EMP Console
4x10G, 2x1G 2x10G,

1x6 10G SFP+ 1x6 10G SFP+ 4x1G
C3850-24XS
Architecture Overview
UADP ASIC
Packet Buffer Packet Buffer Packet Buffer Packet Buffer Cavium

1.3 GHz
6-Core CPU
Forwarding Controller Forwarding Controller Forwarding Controller Forwarding Controller
Reassembly
UADP Reassembly Reassembly
UADP Reassembly FPGA
Ingress
Crypto
ASIC1
Egress Ingress
Crypto
Egress Ingress
Crypto
ASIC0
Egress Ingress
Crypto
Egress SDRAM
4GB
USB
Dual PHY Dual PHY

10G PHY MACSec 10G PHY MACSec 10G PHY MACSec MACSec MACSec
EMP Console
1x6 10G SFP+ 1x6 10G SFP+ 1x6 10G SFP+ 1x6 10G SFP+ 2x40G, 8x10G, 4x10G
Catalyst 3850 SFP+ 48 Port – Block Diagram
UADP ASIC
Cavium
Packet Buffer Packet Buffer Packet Buffer Packet Buffer Packet Buffer Packet Buffer Packet Buffer Packet Buffer 1.3 GHz
Core 0 Core 1 Core 0 Core 1 6-Core CPU
Forwarding Forwarding Forwarding Forwarding Core 0
Forwarding Core 1
Forwarding Core 0
Forwarding Core 1
Forwarding
Controller Controller Controller Controller Controller Controller Controller Controller
Ingr Reass Egr Ingr Reass Egr Ingr Reass Egr Ingr Reass Egr Ingr Reass Egr Ingr Reass Egr Ingr Reass Egr Ingr Reass Egr
FPGA
ess embly ess ess embly ess ess embly ess ess embly ess ess embly ess ess embly ess ess embly ess ess embly ess
FIF Crypt FIF FIF Crypt FIF FIF Crypt FIF FIF Crypt FIF FIF Crypt FIF FIF Crypt FIF FIF Crypt FIF FIF Crypt FIF
O o O O o O O o O O o O O o O O o O O o O O o O
ASIC 0 SDRAM
Network Interface Network Interface ASIC 1
Network Interface Network Interface Network Interface Network Interface
ASIC 2 Network Interface Network Interface
ASIC 3 8GB
Flash
8GB
USB
10G PHY 10G PHY 10G PHY 10G PHY 10G PHY 10G PHY Dual PHY Dual PHY
MACSec MACSec MACSec MACSec MACSec MACSec MACSec MACSec
EMP Console
2 x 12 10G SFP+ 2 x 12 10G SFP+ 4x40G
For Your
Reference
Number of ASICs in different versions of Switches
Product Version UADP Version Number of ASIC / Total Clock Speed Total Bandwidth
number Cores Available
24 Port 3850/3650 1.0 1/1 375 MHz 56 G
48 Port 3850/3650 1.0 2/1 375 MHz 112 G
12/24 Port 3850 SFP 1.0 1/1 375 MHz 56 G
12 Port 10G 3850 1.1 1/1 500 MHz 160 G
24/48 Port mGig 3850s 1.1 2/4 500 MHz 320 G
24 Port mGig 3650 1.1 2/4 500 MHz 160 G
48 Port mGig 3650 1.1 2/4 500 MHz 320 G
24 Port 10G 3850 1.1 2/4 500 MHz 320 G
48 Port 10G 3850 1.1 4/8 500 MHz 640 G
Port Mappings – Platform Level Command
Cat3850-2#show platform port-asic ifm mappings local-port switch 1
Mappings Table
LPN ASIC Port Interface IIF-ID Active

1 1 7 Te1/0/1 0x010096000000000e Y
2 1 6 Te1/0/2 0x0104c20000000010 Y
3 1 5 Te1/0/3 0x0106e34000000012 Y
4 1 4 Te1/0/4 0x0102258000000014 Y
5 0 4 Te1/0/5 0x010263c000000016 Y
6 0 5 Te1/0/6 0x0101884000000018 Y
7 0 6 Te1/0/7 0x01061c400000001a Y
8 0 7 Te1/0/8 0x010319000000001c Y
9 1 0 Te1/0/9 0x0103430000000053 Y
...
...
...
Packet Walks
Unicast – within ASIC
Stack Interface
4
AQM

1. Received, processed into 3 L
o
L
o
L
o
L
o
Flex Parser EQS 5

IGR o
k
u
p
o
k
u
p
o
k
u
p
o
k
u
p
FIFO
T T T T
a a a a
b b b b
l l l l
e e e e
Stage #15 L
o
o
L
o
o
L
o
o
L
o
o
Stage #1 5. EQS schedule PBC to send
Ingress
k k k k
a copy to EFC and a copy to

u u u u
2. A copy to buffer and a copy

p p p p
T T T T
Stage #2
a a a a
Flexible
b b b b
l l l l
e e e e
to IFC Controller L
o
L
o
L
o
L
o
Controller ReWrite (includes descriptor)

Stage #..
o o o o
Stage #.. Look up

k k k k
u u u u
p p p p
T T T T

a a a a
b b b b
3. Goes through IFC, result 6. EFC sends results to

l l l l
e e e e
descriptor send to PBC Stage #2

L
o
o
k
u
p
T
a
Tables
L
o
o
k
u
p
T
a
L
o
o
k
u
p
T
a
L
o
o
k
u
p
T
a ReWrite
Stage #8
b b b b
l l l l
e e e e
Stage #1
4. Descriptor has local ReWrite 7. Rewrite the packet and send
L L L L
o o o o
o o o o
6
k k k k
u u u u
p p p p
T T T T
though the egress FIFO

a a a a
destination, PBC sends the Engine

b b b b
Flex Parser
l
e
l
e
l
e
l
e
EGR
info to EQS 2
Engine Engine 7
Ingress
Egress
FIFO
FIFO
#CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Unicast – Across ASICs on Input
Stack Interface
5 4 AQM

1. Received, processed into 3 IGR
L
o
o
k
u
p
L
o
o
k
u
p
L
o
o
k
u
p
L
o
o
k
u
p
Flex Parser EQS
FIFO
T T T T
a a a a
b b b b
l l l l
e e e e
Stage #15 L L L L Stage #1

2. A copy to buffer and a copy
o o o o
o o o o
Ingress
k k k k
u u u u
p p p p
T T T T
Stage #2
a a a a
Flexible
b b b b
to IFC
l l l l
e e e e
Controller L
o
o
L
o
o
L
o
o
L
o
o
Controller
Stage #..
Stage #.. Look up
k k k k
3. Goes through IFC, result

u u u u
p p p p
T T T T

a a a a
b b b b
l l l l
e e e e

L
o
o
k
u
p
Tables
L
o
o
k
u
p
L
o
o
k
u
p
L
o
o
k
u
p
T T T T
a a a a
4. Descriptor has remote Stage #8

b b b b
l l l l
e e e e
Stage #1
destination, PBC sends the
L L L L
o o o o
o o o o
k k k k
u u u u
p p p p
T T T T
a a a a
info to IQS
b b b b
Flex Parser
l
e
l
e
l
e
l
e
EGR
2
5. IQS schedule PBC to send ReWrite
the packet with descriptor to Engine
Stack Interface
Engine Engine
Ingress
Egress
FIFO
FIFO
Unicast – Across ASICs on Output
6
Stack Interface
AQM

L
o
L
o
L
o
L
o
Flex Parser EQS 7

IGR o
k
u
p
T
a
o
k
u
p
T
a
o
k
u
p
T
a
o
k
u
p
T
a
b b b b
l l l l
e e e e
Stage #15 L
o
o
L
o
o
L
o
o
L
o
o
Stage #1 6. PBC received the frame and
Ingress
k k k k
u u u u
sends the info to EQS

p p p p
T T T T
Stage #2
a a a a
Flexible
b b b b
l l l l
e e e e
Controller L
o
o
L
o
o
L
o
o
L
o
o
Controller
Stage #..
Stage #.. Look up
k k k k
7. EQS schedule PBC to send

u u u u
p p p p
T T T T

a a a a
b b b b
l l l l
e e e e
Stage #2
L
o
o
k
Tables
L
o
o
k
L
o
o
k
L
o
o
k
a copy to EFC and a copy to
ReWrite (includes descriptor)
u u u u
p p p p
T T T T
a a a a
Stage #8
b b b b
l l l l
e e e e
Stage #1 L L L L
8. EFC sends results to

o o o o
8
o o o o
k
u
p
T
a
b
k
u
p
T
a
b
k
u
p
T
a
b
k
u
p
T
a
b
ReWrite
Flex Parser
l
e
l
e
l
e
l
e
EGR Engine ReWrite
9. Rewrite the packet and send
Encryption Recirculation out though the egress FIFO
Engine Engine 9
Ingress
Egress
FIFO
FIFO
Multicast – Egress Replication Only a single copy of packet in
Stack Interface buffer memory during replication
4
AQM

1. Received, processed into 3 L
o
L
o
L
o
L
o
Flex Parser EQS 5

IGR o
k
u
p
o
k
u
p
o
k
u
p
o
k
u
p
FIFO
T T T T
a a a a
b b b b
l l l l
e e e e
Stage #15 L
o
o
L
o
o
L
o
o
L
o
o
Stage #1 5. AQM within EQS generate
Ingress
k k k k
u u u u
2. A copy to buffer and a copy the list of egress port based

p p p p
T T T T
Stage #2
a a a a
Flexible
b b b b
l l l l
e e e e
to IFC Controller L
o
o
L
o
o
L
o
o
L
o
o
Controller
Stage #..
on descriptor, schedule for
Stage #.. Look up
k k k k
u u u u
each egress port

p p p p
T T T T

a a a a
b b b b
3. Goes through IFC, result

l l l l
e e e e

L
o
o
k
u
p
T
a
Tables
L
o
o
k
u
p
T
a
L
o
o
k
u
p
T
a
L
o
o
k
u
p
T
a
Stage #8 6. For each egress port, frame

b b b b
l l l l
e e e e
Stage #1
4. Descriptor has local goes though the EFC, ReWrite
L L L L
o o o o
o o o o
6
k k k k
u u u u
p p p p
T T T T
a a a a
destination, PBC sends the and Egress FIFO

b b b b
Flex Parser
l
e
l
e
l
e
l
e
EGR
info to EQS 2
ReWrite
Encryption Recirculation Engine
Engine Engine
Ingress
Egress
FIFO
FIFO
Catalyst 3850 / 3650 –
UADP Performance – 375 MHz Clock
64 B Frame Speed
BW – 56G/ASIC
64 B Line 84 Mpps
Rate (56 Switching Downlinks
Gbps) Capacity Uplinks
24G 20G
Minimal
added
1/10G
latency with
Ethernet
Recirculation
(1/2 us) Recirculation
10G
CPU
2G
Future Proofed for 802.11ac and beyond

Catalyst 3850 / 3650 – 64 B Frame BW – 56G/ASIC
UADP Performance – 500 MHz Clock Speed
Downlinks + Uplinks
64 B Line 84 Mpps 68G
Rate (160 Switching
Gbps) Capacity
Minimal
added
1/10G/40G
latency with
Ethernet
Recirculation
(1/2 us) Recirculation
10G
CPU
2G
Future Proofed for 802.11ac and beyond

Stacking Architecture
The Stack Ring
480 Gbps capacity
UADP ASIC Stack Interface of UADP ASIC
• 6 rings in total
• 3 rings go East
• 3 rings go West
• Each ring is 40Gbps
• 240Gbps uni-direction
• Spatial Reuse= 480Gbps
Stack
Interface
of UADP
ASIC Assuming 4 x 24-port 3850 Switches
6 Rings in the
Stack
Unicast Packet Path on the Stack Ring
Assuming
4
3
2
1
4 x 24-port
3850 Switches
Creating
 Packet segmented into Segments
256 bytes Re-ordering
segments
 Packet travels half the
ring for unicast traffic
 Segments reordered at
destination stack port
 Destination strips the
packet off the stack ring
Stack Ring Spatial Reuse
4
3
1
2
Assuming
4 x 24-port
3850
Switches
 Credit based system on
the Stack Ring
 Multiple stack ports

grab the ring that is free
and they have credits 3
1
2
4
on to transmit
Stack Ring Spatial Reuse
4
3
1
2
Assuming
4 x 24-port
3850
Switches
 Unicast flows use only
part of the Ring
 Increases the stack ring
bandwidth to 480Gbps
3
1
2
4
Multicast Packet Path on Stack Ring
Assuming
4 x 24-port 3
1
2
4
3850 Switches
 One copy of the source packet
is placed on the rings
 Interested Stack Ports grab the
segments when they see them
 Packet segments travel the
whole ring back to source
 The source strips these
segments off the ring (Source
Stripping)
 Results in efficient replication of
multicast traffic for multiple
Stack Port receivers
Resiliency – StackWise-160
• Modular Stacking (Optional)

• New stack adapters
• New connectors and copper cables
• Stack Bandwidth
• 80 Gbps uni-directional
• 160 Gbps with spatial reuse
• Stateful Switch Over (SSO)
• Faster Convergence (vs 3750-X)
• Active-Standby model
• Improved Central synchronization on
Active Switch for Wired+Wireless
• Tunnel SSO ensures AP, MA-MC
connectivity during failover
Assuming 4 x 24-port 3650 Switches
How many Can I stack together?
Up to 9 Up to 32
Cores
Enforced by Software Limited in ASIC
High Availability – Data
and Power Stacks
Catalyst 3850 Stack vs. Catalyst 6500
• Active and Standby Members run • Active and Standby Supervisors
IOSd, WCM, etc. • Run IOS on Supervisors
• Synchronize information • Synchronize information
• Active controls Data plane programing • Active programs all DFCs
for all members • DFCs run a subset of IOS for LCs
• Member switches act as Line cards–
connected via the Stack Cable
A A S
S
Catalyst 3850 System Architecture
CPU/Memory CPU/Memory CPU/Memory
Forwarding ASIC Forwarding ASIC Forwarding ASIC
Front Panel Front Panel Front Panel

Ports Ports Ports
Active Processor Standby Processor Line Card Member

Switch Switch Switch
Centralized Control Plane – Scalable Distributed Data Plane

Stack Discovery
 Stack Interfaces brought online
LC Infra
 Infra and LC Domains boot in parallel
 Stack Discovery Protocol discovers Stack Infra
LC
topology – broadcast, followed by neighborcast
 In full ring, discovery exits after all members
are found. LC Infra
 In half ring, system waits for 2mins
 Active Election begins after LC Infra
Discovery exits
Stack port 1 cable is connected and the link is up
Stack port 2 cable is connected and the link is up
Waiting for 120 seconds for other switches to boot
%IOSXE-1-PLATFORM: process stack-mgr: %STACKMGR-1-DISC_START: Switch 3 is starting stack discovery.
##All switches in the stack have been discovered
Switch number is 3
%IOSXE-1-PLATFORM: process stack-mgr: %STACKMGR-1-DISC_DONE: Switch 3 has finished stack discovery.
%IOSXE-1-PLATFORM: process stack-mgr: %STACKMGR-1-SWITCH_ADDED: Switch 3 has been added to the stack.
Stack Active Election
A
1) The stack (or switch) whose member
has the higher user configurable
priority 1–15
2) The switch or stack whose member

has the lowest MAC address
%IOSXE-1-PLATFORM: process stack-mgr: %STACKMGR-1-ACTIVE_ELECTED: Switch 3 has been elected ACTIVE.
Stack Initialization
 Active starts RP Domain (IOSd, WCM, etc)
locally 2min timer
 Programs hardware on all LC Domains
LC RP Infra A
 Traffic resumes once hardware is programmed
RP LC Infra
S
 Starts 2min Timer to elect Standby
in parallel
 Active elects Standby LC Infra
 Standby starts RP Domain locally

 Starts Bulk Sync with Active RP LC Infra
 Standby reaches “Standby Hot”

Switch#show switch
Switch/Stack Mac Address : 2037.0652.a580 - Local Mac Address
Mac persistency wait time: Indefinite
H/W Current
%STACKMGR-1-STANDBY_ELECTED: 3 stack-mgr: Switch 2 Switch# Role Mac Address Priority Version State
has been elected STANDBY. ------------------------------------------------------------
1 Member 2037.0653.ca80 5 P6A Ready
2 Standby 2037.0653.db00 10 P6A HA sync in progress
*3 Active 2037.0652.a580 15 V01 Ready
HA Best Practices & Recommendations
Catalyst3850#switch 1 priority 15
 Power up the first Switch that you want to make
it as Active A
 Configure Priority of the switch (1-15) – 1 by Catalyst3850#switch 2 priority 14
default – the higher the better
S
 Power up the second member that you want to
make as Standby & then power up rest of the Catalyst3850#switch 3 priority 13
members
 To add a member to an existing stack plug in the Catalyst3850#switch 4 priority 12
stack cable first, then power up the switch
 Avoid stack Merge & Stack split if possible
Stack Split – Double Failure – Scenario #1
 Stack speed is reduced by half because of A
the half ring
 The top side of the split remains stable,
Active initiating Clean up for the S
members data
 Lower Side of the Stack reboots - Active
election is held on the lower side of the split
 Active starts RP domain locally and programs
local hardware as well as that of the member
 Active elects Standby (after 2 min timer), and
RP A
signals Standby to start its RP Domain
 Active and Standby perform Bulk Sync as RP S
part of HA – where lower member is
Standby-Hot
Stack Merge – Two Active members in one Stack
1
RP A
 Full ring is restored
 Stack Discovery runs to build Stack 2
topology with broadcast and neighbor RP S
A
cast packets
 HA detects there are two Active switches
(1 and 2) in Stack
3
 Whole Stack reboots RP S
 Stack initialization happens as before
 Configuration of the Active elected is
RP S
downloaded on all members 4
Stack Member Addition
 Stack discovery initiated and completed

 Plug in the member, completing full ring RP A
 Power up the member
RP S
 Stack Discovery process runs and
completes immediately after
discovery happens
 Active detects the new addition, and
programs the hardware of the member Infra
LC
 Active is not pre-empted by powering on
another member even if it was
High Priority
Stack Member Deletion
 Stack discovery initiated and completed

A
 Active detects member removal – and
Clean up process is initiated
S
 Clean-up involves removing TCAM
entries referencing removed member,
MAC addresses, CDP tables – more
like all ports on the member are
shutdown
 Configuration is moved to
Pre-Provisioned state
Stackwise Virtual
StackWise Virtual Architecture
Extending StackWise Architecture
Access-1
SW-1
SW-2
Dist-1
SW-3
SW-4 SW-1 SW-2
SW-5
40G/10G
WS-C3850-48XS WS-C3850-48XS
SW-6
SW-7
SW-8
SW-9
• Cisco StackWise Virtual extends proven back-panel technology over front-panel network ports
• Cisco StackWise Virtual simplifies the Distribution-Layer with two common 3850-48XS series
chassis into single logical entity
• Added Support for StackWise Virtual in 16.8 on 3850-12XS and 3850-24XS
StackWise Virtual Architecture
Unified Forwarding Architecture
Core
Core
SW-1 SW-2
Distribution
40G/10G
WS-C3850-48XS WS-C3850-48XS
Access
• StackWise Virtual supports Unified control and management plane architecture
• StackWise Virtual supports fully distributed forwarding architecture
• Complex network designs gets simplified with Multi-Chassis EtherChannels (MEC)
High Availability For Your
CTHCRS-1300 : Advances in High Availability for the Campus

TECCRS-2001 : Intermediate - Enterprise High Availability Design and Architecture
Stack Power
StackPower - Overview
“Zero-Footprint” RPS deployment
• Provides RPS functionality with Zero
RPS Footprint
• Pay-as-you-grow architecture –
similar to the Data Stack
• 1+N Redundancy with Inline Power
• Up to 4 Switches in a StackPower
Ring
• Multiple StackPower Possible within
one Data Stack
• Up to 9 Switches in a star topology
with XPS
Power Budget Modes
Power Sharing Mode Redundant Mode
1100 1100
715 W 715 W
W W
715 715
W W
2530W – 30W 2530W-1100W – 30W

• The Default Mode – Pools Power from All PS • User Configurable – Reserves the Largest PS
• Total POE Budget = Sum of All PS – 30W • Total POE Budget = Sum of All PS – Largest PS – 30W
#CLUS
Global Stack Power Reserve = 30 ~ 60W BRKARC-3438 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
How StackPower Works?
Power Sharing Mode – Default Mode
StackPower
1100W AC
715 W
715W AC
WS-C3850-24U# show stack-power

Power Stack Stack Stack Total Rsvd Alloc Unused Num Num
Name Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS
-------------------- ------ ------- ------ ------ ------ ------ --- ---
MDF SP-PS Ring 5115 55 1010 4050 4 5
How StackPower Works?
Redundant Mode
StackPower
1100W AC
715 W
715W AC
3850(config)# stack-power stack MDF

3850(config-stackpower)# mode redundant
WS-C3850-24U# show stack-power detail

Power Stack Stack Stack Total Rsvd Alloc Unused Num Num
Name Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS
-------------------- ------ ------- ------ ------ ------ ------ --- ---
MDF SP-R Ring 5115 1135 1010 2970 4 5
Enforcement Modes
Strict & Loose Modes Control The Behavior of Load Shed
BUDGET ALLOCATED ACTUAL BUDGET ALLOCATED ACTUAL
Available Committed Drawn Available Committed Drawn
Power Pool Power Power Power Pool Power Power
Lost PS or Lost PS or
Power source Power source
Shed Load
Lost Shed Load
another PS
Dropped PD Dropped PD
Loose mode Strict mode

• Loose mode allows for a negative power budget
• Strict mode sheds load as soon as the power budget goes below the Allocated power level
For Your
System Power Reserved Reference
• 30~60W StackPower Reserve

• System Power is Reserved based on different PIDs
Catalyst 3850/3650 Version System Power Catalyst3850/3650 System
Reserved Version Power
Reserved
24 Port 3850 Copper (Data/PoE/PoE+/UPoE) 200 48 Port 3850 Fiber SFP+ 280
48 Port 3850 Copper (Data/PoE/PoE+/UPoE) 280 24 Port 3850 mGig 520
12 Port 3850 Fiber SFP 200 48 Port 3850 mGig 470
24 Port 3850 Fiber SFP 200 24 Port 3650 200
12 Port 3850 Fiber SFP+ 300 48 Port 3650 280
24 Port 3850 Fiber SFP+ 410
Scale
UADP ASIC Block Diagram
Stack Interface
AQM

Flex Parser EQS
L L L L
o o o o
IGR o
k
u
p
T
a
o
k
u
p
T
a
o
k
u
p
T
a
o
k
u
p
T
a
b b b b
l l l l
e e e e
Stage #15 L
o
o
L
o
o
L
o
o
L
o
o
Stage #1
Ingress
k k k k
u u u u
p p p p
T T T T
Stage #2
a a a a
Flexible
b b b b
l l l l
e e e e
Controller L
o
o
L
o
o
L
o
o
L
o
o
Controller
Stage #..
Stage #.. Look up
k k k k
u u u u
p p p p
T T T T

a a a a
b b b b
l l l l
e e e e
Stage #2
L
o
o
k
u
p
T
a
Tables
L
o
o
k
u
p
T
a
L
o
o
k
u
p
T
a
L
o
o
k
u
p
T
a
Stage #8
b b b b
l l l l
e e e e
Stage #1 L
o
o
k
u
p
T
L
o
o
k
u
p
T
L
o
o
k
u
p
T
L
o
o
k
u
p
T
ReWrite
a a a a
Flex Parser
b
l
e
b
l
e
b
l
e
b
l
e
EGR Engine
Engine Engine
Ingress
Egress
FIFO
FIFO
TCAM and SRAM
12 K TCAM
Switch# show platform hardware fed switch act fwd-asic resource tcam utilization
CAM Utilization for ASIC Instance [0]
Table Max Values Used Values
--------------------------------------------------------------------------------
SRAM
Unicast MAC addresses 32768/512 15/21
L3 Multicast groups 4096/512 0/7
L2 Multicast groups 4096/512 0/9
Directly or indirectly connected routes 16384/7168 2/18
QoS Access Control Entries 2560 88
Security Access Control Entries 3072 114
...
...
Netflow ACEs 768 15
Input Security Associations 256 4
Output Security Associations and Policies 256 5
OUTPUT_GROUP_LE 6144 0
Macsec SPD 256 2
Switch#
Catalyst 3850 – TCAM & ACL Scale
TAQs 3 & 4
Reserved for
Security ACLs
ACL Resources
IPv4 Entries 3000 Entries RACL Region 1
5
3
IPv6 Entries Half the IPv4 6
PACL
One type of IPv4 ACL (RACL, 1500 Entries Region E
PACL, VACL, GACL*) n
t
L4OPs/Label 8 L4OPs VACL r
Region i
e
Ingress VCUs 196 s
GACL
Region
Egress VCUs 92
256 Bits Entries Each (512
• GACL (Group Client ACL) – Any dot1x client attached features like dACL, QoS, for IPv6 Entries)
Filter ID, Per User ACLs are in GACL region Regions are flexible BUT cannot span across TAQs
• Order of Processing : GACL  PACL  VACL  RACL
• TAQ – ACL TQD (TCAM Quads)
• VCU = Value Comparison Unit
Catalyst 3850 – Netflow Scale
Configuring FNF involves 4 major steps:
FnF fully integrated in the ASIC – NO performance impact
Ingress & Egress FnF supported on all ports, VLANs & SSIDs
System Scalability: 24K flows / ASIC. 1.0 and 2 x 24k / ASIC 1.1
IPv4 & IPv6 capable
Catalyst 3850/3650 – QoS Fundamental Actions
Conditional
Policing Marking
Trust Classification
Unconditional
Marking
Conditional
Marking Policing
Classification PQ1
PQ or Q
Scheduler
PQ2
8q3t
Unconditional
Marking 1p7q3t Q3
2p6q3t Q4 WTD
Q5 WRR
Q6
Q7
Q8
#CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Catalyst 3650/3850 Campus QoS Design
Wired Port Egress Queuing (2P6Q3T with WTD) Model
Application DSCP 2P6Q3T BWR =

Bandwidth
Network Control (CS7) EF PQ Level 1 (10%) Remaining
Internetwork Control CS6 CS5
PQ Level 2 (20%) WTD =
CS4
VoIP EF Weighted
CS7 & CS6 Tail
Broadcast Video CS5 Q6 Drop
CS3 & CS2 (BWR 10%)
Multimedia Conferencing AF4
Q5
AF4
Realtime Interactive CS4 (BWR 10% + WTD)
Multimedia Streaming AF3 AF3 Q4
(BWR 10% + DSCP-Based WTD)
Signaling CS3
Q3
Transactional Data AF2 AF2
(BWR 10% + DSCP-Based WTD)
Network Management CS2
AF1 Q2
Bulk Data AF1 (BWR 5% + DSCP-Based WTD)
CS1
Scavenger CS1
Best Effort DF DF Q1 (BWR 25%)
6MB Packet Buffer
Packets to Egress Port Queues
3MB-4MB EQC
0.6MB
0.75MB-1MB
Packet 0.5MB-1MB SQS
Holding Buffer IQS
Packets from the Stack And
Locally Switched Packets
Packets going to Stack
Policing
1 Rate 2 Color 2 Rate 3 Color
CIR PIR CIR
CBS PBS CBS
No No B>Tc No
B<Tc B>Tp
Packet of Yes Packet of Yes Yes

Conform Exceed Size B Violate Exceed Conform
Size B
Action Action Action Action Action
police cir 100000000 bc 3125000 police cir percent 10 pir percent 50

conform-action set-dscp-transmit af41 conform-action transmit
exceed-action drop exceed-action set-dscp-transmit dscp table MARKDOWN
violate-action drop
Catalyst 3850 – QoS Scale
QoS Scale Numbers

Class-maps (Ingress) 1024
Class-maps (egress) 512
Table-maps (ingress) 16
Table-maps (egress) 16
Aggregate Policers 2000
Wired Queues/port 8 queues
Wireless Queues/port 4 queues
Buffer/ASIC Core 6 MB
Key Differences –
Catalyst 3850/3650 vs 3750-X/E
Catalyst 3850 Catalyst 3750-X

• MQC • MLS QoS
• Trust by Default • Untrust by Default
• 8 Queues 1P7Q3T OR 2P6Q3T • 4 Queues Per Port –

1P3Q3T
• 6 MB Buffer per ASIC or ASIC Core
• 2 MB Buffer per ASIC
• HQoS – 2 Level Hierarchical Policy
• No HQoS
For Your
Catalyst 3850 – SD-Access Scale Reference
Fabric Constructs Maximum Supported

Fabric Edge Relevant Scale
Virtual Networks 64
Groups (SGTs) 4096 / 255 DGT
SGACLs (Security ACEs) 1500
Fabric Border Relevant Scale
Virtual Networks 64
Groups (SGTs) 4096
SGACLs (Security ACEs) 1500
Fabric Control Plane Entries 4096
IPv4 Routes 8K
IPv4 Host Entries 16K
Software Innovations
Trustworthy Systems
Secure by Design
Holistic Approach Built for Evidence of Trust Security Expertise

Today’s Threats and Innovation
Organizations can no longer rely on perimeter

devices to protect the network from cyber
intrusions… There has never been a greater
need to improve network infrastructure security.
Alert TA16-251A, September 2016
Secure Hardware Development – ACT2 Chip
MACsec
Encryption
Anti-Counterfeit
Phase 2 (ACT2)
 Secure Storage
 Secure UDI Secure Hardware
 HW Entropy Development
 Data at Rest Encryption Boot Code
Hardening
REAL WORLD: Converted 3750-X 24 to 48 Ports
Cisco Secure Boot and Trust Anchor Module
Validating the Authenticity of Software Followed by Hardware
Step 5 Step 6
Step 1 Step 2 Step 3 Step 4
Trust Anchor Trust Anchor
module module
*
CPU CPU CPU CPU CPU
Microloader Bootloader OS OS OS
Microloader
Microloader Bootloader OS launched Authenticity and

checks Bootloader checks OS license checks
* The first instructions that run on a CPU are either stored in immutable hardware so that they cannot be tampered with or are validated by the hardware
*
Hardware authenticity check
Software authenticity check
Trustworthy Systems - Features Supported
Feature Catalyst 3850/3650
Image Signing Yes
Secure Boot Yes
Anti-Counterfeit Check Yes
Trust Anchor Module Yes
PnP SUDI Support Yes
Run Time Defenses Yes
Secure Storage Yes (16.8)
X.509v3 SSH Authentication Yes
Reference:
FLIPSEC-1010 Malware on Network Elements – Protect and Verify with Trustworthy Systems
Fast Software Upgrade (16.8)
Regular Upgrade Vs Fast Software Upgrade Process
Normal Upgrade Time Fast Software Upgrade Impact
Traffic Traffic
Reload
X sec Kernel X/2 sec
Reload
Kernel IOSd IOSd

Control Plane update Data Plane update
Control Plane + Data Plane impacted during the complete upgrade without impacting traffic with impact
#Install add file image activate Fastreload

#Install add file image activate commit
commit
Traffic is impacted throughout the upgrade Traffic impact is reduced by more than half by
cycle #CLUS separating ©the control
2018 Cisco andAll rights
and/or its affiliates. data plane
reserved. updates
Cisco Public 100
Fast Software Upgrade
Supported and Unsupported Designs
Layer 2 Access Layer Designs– FSU Supported
STP
L2 Only L2 Only
x x Vlan1-10
L2 Only
MEC MEC
Access Access Access
Layer Layer Layer
Unsupported Designs
L2 Extensions with
Access Layer Device L3 connections with
Routing Protocols
Access
Layer Roadmap
Software Maintenance Upgrades
Software Upgrades are Challenging
Cost
• Expensive Upgrades - Business Loss

• Each device upgrade causes Network outage
Time SMU
• Reduced IT staff slows software roll out Point Fixes
Reduces Validation –
• Physical presence required Scope & Time
Scope
• New Code requires bug analysis, certification
SMU Types
• Cold Patching (traffic-affecting)
Install of a SMU will require a system reload from 16.8 and 16.6(3)
Security Critical Issues

Vulnerabilities
• Cisco Vulnerabilities • No work around possible
• Open Source Vulnerabilities • TAC/Escalation Approved
Catalyst 3850 12/24/48 XS ISSU Workflow for SVL
(16.8) 1. ISSU Started, Image is
expanded on Active and Standby
V1 S1 Active
If S2 fails to become standby it
will revert back to step 1
V1 S2 Standby Abort Timer

Starts
2. Standby Reloads
with the new V2 Image
V2
5. ISSU S1 Standby
V1 S1 Active
Expired Abort timer will revert
Complete to Step 2 and then Step 1
V2 S2 Active V1 V2 S2 Standby
Abort Timer
Expired
Abort Timer
Stopped
V1 V2 S1 Standby
3. Auto-Switchover causes S2 to
4. ‘Commit’ Keyword become new active and S1 reloads
stops the abort timer
V2 S2 Active
with the new V2 image
Software-Defined Access
Solution Components
DNA Center:
Simple Workflows
DESIGN PROVISION POLICY ASSURANCE
DNA Center
DNAC
Network Data Services Identity Services Engine
Appliance
Routers Switches Wireless AP WLC
Software Defined Access For Your
CTHCRS-1800 : DNA SD-Access - Building the Fabric Demonstration

INSCRS-1006 : Redefining Access and Campus Networks
PSOCRS-2003 : A Revolutionary New Way to Build and Manage Digital Ready Networks
CCP-2001 : DNA SD-Access - Roadmap
LTRCRS-2810 : DNA SD-Access - Hands-On Lab
Software Defined Access For Your
LTRCRS-2450 : DNA Campus Fabric - Programmability Lab
BRKCRS-2410 : Cisco Network Data Platform for Campus Networks
BRKMPL-2114 : Integrating Campus / DC fabrics with MPLS
BRKSDN-2314 : Declarative Policy Models for Agile Network Consumption
BRKCRS-2700 : Evolution of the Enterprise Network: Cisco Digital Network Architecture
BRKCRS-2893 : Choice of Segmentation and Group based Policies for Enterprise Networks
BRKARC-3467 : Cisco Silicon - Delivering Innovation for Advanced Routing and Switching
Programmability & Data Models
NETCONF (16.6)
RESTCONF (16.8)
gNMI (16.8)
NETCONF RESTconf gRPC

(YANG) Data Model
Models
Data Model Open Native Open Native
Models Models Models Models
Device Features Configuration Operation Data

Interface BGP QoS ACL …
Network Device Lifecycle Goal:
 Get devices into an operational state
Provisioning Automation Tools:
Goal:  PXE, ZTP, PnP
 Continuously upgrade  Python Scripting
network, incrementally
and safely
Tools: Install
 Patching
 Config/Replace
Goal:
 Apply configuration to the
Upgrade Configure device
Tools:
Goal:
 Data Models
 Add dynamic services,
optimize behavior and  Programmable Interfaces
Optimize
trouble shooting  Python Scripting
Tools:
 Telemetry
Audio Video Bridging
Convergence of AV on Ethernet with Cisco Catalyst Switches
Cisco Catalyst family of switches are now Avnu-certified

The Avnu Alliance (www.avnu.org) is a community creating an
interoperable ecosystem servicing the precise timing and low latency
requirements of diverse applications using open standards through
certification
Supported Platforms Open Standards Ecosystem Partners
IEEE 802.1BA: Audio Video Bridging

IEEE 802.1AS: Generalized PTP
IEEE 802.1Qat: Stream Reservation
C9300 C9500 Protocol
IEEE 802.1Qav: Forwarding and Queuing
for Time-Sensitive Streams
C3850 Select models C3650
See www.cisco.com/go/avb
Cisco MultiGigabit – Now IEEE 802.3bz
WiFi > 1G
Cat 5e Cables
2.5-5G!
MultiGigabit MultiGigabit
Switch Capable AP
Cisco MultiGigabit enables various use cases
Digital Imaging Server in a High Definition Uplink Extension 802.11ac wave 2

Branch Cameras APs
Cisco POE Innovations
 Fast power negotiation without LLDP

2-event classification  Physical layer negotiation < 1s
 (config-if)#power inline port 2-event
 Uninterrupted POE power during control plane reboot

Perpetual POE  (config-if)#power inline port poe-ha
 Bypasses IOS control plane boot

Fast POE  Restores power to PD within 30sec of power restore
 (config-if)#power inline port poe-ha
Delivering robust and resilient power infrastructure

Constrained Application Protocol (CoAP)
• Endpoints need to talk to each other
• Endpoint are low on memory and code space
• Need a light weight protocol for the endpoints to communicate
• Standard should be open and support APIs for Industry acceptance
RES
T
Based on REST Open IETF Standard
Lets ‘You’ chose Secure
(GET PUT POST) (RFC 7252)
the date Model
Made for millions of nodes operating in the constrained environment

Challenges of Today’s Network
Yesterday’s Applications Today’s Applications
L7
L6 HTTP 80
L5 FTP 20/21
AVC
L4 POP3 110
Netflow
L3 IMAP 143
L2 HTTPS 443
L1 SMTP 25
Enabling and Monitoring AVC – CLI
switch# show ip nbar protocol-discovery top-n
GigabitEthernet1/0/23
CLI Input Output
switch# show run int g1/0/23 ----- ------
Protocol Packet Count Packet Count
Building configuration... Byte Count Byte Count
5min Bit Rate (bps) 5min Bit Rate (bps)
interface GigabitEthernet1/0/23 5min Max Bit Rate (bps) 5min Max Bit Rate
switchport access vlan 193 ------------------------ ------------------------ ------------------------
ip nbar protocol-discovery youtube 356 187
end 264713 25603
0 0
6000 3000
bing 2741 2384
493258 423925
0 0
3000 3000
WebUI – Monitoring AVC
• Filter Monitoring Over
Ingress/Egress
interfaces and
direction
• Identify Top Talkers
• Monitor Data over 2,

24 or 48 hours
• Monitor percentage
Bandwidth usage
MPLS Enables Network Segmentation in Campus
POS Medical Device

Network Other
Network
Doctor Staff
Line of business – BU segmentation Payment Card Industry Hospital Network
INTERNET
Bring-Your-Own-Device (BYOD) Mergers and Acquisitions Multi-Tenancy
Conclusion
Catalyst 3850/3650 is built on Robust Architecture
+
The Combination of UADP and IOS-XE 16.x Makes your Network Ready and Future proofed
2013 2015 2017
Future proofed for the technologies of tomorrow

Catalyst 9000 Family
Investment Energy Secure IoT Mobility Cloud
Protection Efficient Convergence
Converged
Converged OS Converged ASIC Licensing
Open IOS-XE UADP 2.0 Packaging
Catalyst 9300
Lead Fixed Access
Catalyst 9500
Lead Fixed Core
Catalyst 9400
Lead Modular Access
Industry’s First (Enterprise): Industry’s Unmatched: Future Proofed:

• X86 CPU • HA • NG-Wifi (IEEE 802.11ax)
• 100% Model Driven • Multi-gigabit density • 802.3bt Ready
• Software Patching • UPoE scale • 25G Ethernet
Catalyst 9000 For Your
BRKARC-2035 - The Catalyst 9000 Switch Family - An Architectural View
BRKARC-3863 - Catalyst Fixed Access Switching Architecture (9300)
BRKARC-3873 - Catalyst Modular Access Switching Architecture (9400)
What to Do Next?
Technical Advisor y
Managed Im plem entation
Optim ization Tr aining
SD-Access DNA Cisco

Capable Center Services
Refresh your Deploy the Engage

Hardware and Software DNA Center Cisco Services
Complete your online session evaluation
Give us your feedback to be entered

into a Daily Survey Drawing.
Complete your session surveys through
the Cisco Live mobile app or on
www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available for viewing
on demand after the event at www.CiscoLive.com/Online.
Continue
your Demos in
the Cisco
Walk-in
self-paced
Meet the
engineer
Related
sessions
education campus labs 1:1
meetings
Thank you
#CLUS
#CLUS

Brkarc 3438

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Brkarc 3438

Încărcat de

Drepturi de autor:

Formate disponibile

#CLUS

Cisco Catalyst 3850

Dimitar Hristov – Technical Marketing Engineer

Webex Teams will be moderated cs.co/ciscolivebot#BRKARC-3438

Mobility IoT Security Programmability

Jan Oct May Jan Jun/Aug Jan Oct

Built on Cisco’s Innovative “UADP” ASIC

Catalyst 3850 Copper Catalyst 3650 Copper

Enterprise Class Access Layer Smaller Core & Aggregation Option

Based on a Common ASIC and Software

C3850-NM-4-1G C3850-NM-2-10G C3850-NM-4-10G C3850-NM-2-40G C3850-NM-8-10G

4x1Gig 2x1Gig+2x10Gig 4x10Gig 2x40Gig 8x10Gig

SFP SFP/SFP+ SFP/SFP+ QSFP SFP/SFP+

48 Ports or 12+ SFP+ For MultiGigabit and SFP+ Versions only

Flexibility & Investment Protection

4x1Gig 2x1Gig+2x10Gig 4x10Gig 2x40Gig 8x10Gig

SFP SFP/SFP+ SFP/SFP+ QSFP SFP/SFP+

For MultiGigabit Versions only

Make Uplink Decision at the time of Purchase

350WAC 440WDC 715WAC 1100WAC 250WAC 640WAC 640WDC 1025WAC

Same as 3750-X— Wider Than 3850/3750-X PSs

RPS Support for PS

Available PoE budget 775W 390W

PoE All 48 ports All 24 ports

PoE+ 24 ports 12 ports

Line Rate – 640G Switching Capacity

3 lengths of cable, 0.5 1 and 3 Meters 1 ring in 3650 vs 3 rings in 3850

Stacking BW 480G / 9 480G / 9 480G / 9* 480G / 9* NA 160G / 9 160G / 9* 160G / 9*

Stackpower, Stackpower, Stackpower, Stackpower,

PoE+ Controllers UADP ASICs

Power Stack Conn (x2) Redundant Power Supplies

MPLS Ethern Fast Memory Lookup Tables

Not Supported in Hardware

Based on UADP ASIC

Future proofed for the technologies of tomorrow

Flex Parser (256 Bytes) Micro Engines

IQS Ingress Pipeline Egress Pipeline Q Q

(IFC) (EFC) Stage #..

Stage Stage Stage Stage Stage Stage Stage

Lookup Lookup Lookup Lookup Lookup Lookup Lookup Lookup

Stage Stage Stage Stage Stage Stage Stage

EGR Flex Parser

Egress Programmable Pipeline

Ingress Programmable Pipeline

NFC ACL QoS ExM FIB

PLC PSE FSE Micro Code

Egress Programmable Pipeline Programmed to

240 Gbps 6MB 56 Gbps

Catalyst Catalyst SFP

1588 240 Gbps 6MB x2 160 Gbps

IOS IOSd Hosted Apps IOSd Hosted Apps

WCM LXC* WCM

WS-C3850-48XS 40G/10G WS-C3850-48XS

MultiGigabit Campus Fabric Stackwise Virtual

MPLS AVC Programmability

Identity-based Policy & Single Network Fabric Insights & Telemetry

Industry’s first policy-based automation from the Edge to the Cloud

BRKCRS-3300 : IOS XE : Enabling the Digital Network Architecture

Packet Buffer 800 MHz Quad-

24 Port PoE+ 24 Port PoE+

Packet Buffer Packet Buffer Packet Buffer Packet Buffer Octeon-2

12 Port UPoE 12 Port UPoE EMP Console

12 x 10G 100M/1G/2.5G/5G/10G 12 x 10G 100M/1G/2.5G/5G/10G 2x40G, 8x10G, 4x10G,