Sunteți pe pagina 1din 118

BRKCRS-2814

Cisco SD-Access
Assurance and Analytics

Dave Zacks, DTME


Cisco Webex Teams

Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session

How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

cs.co/ciscolivebot#BRKCRS-2814

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
 Cisco DNA BRKCRS-2814
Agenda Architecture Overview
Cisco
Software-Defined
 Cisco SD-Access
Access –
Brief Recap Assurance and Analytics

 Cisco DNA Assurance


Overview, Getting Started, Capabilities

 Cisco DNA Assurance for SD-Access


Overview and Deeper Dive – Wired and Wireless

 The Role of Streaming Telemetry

 Cisco DNA Center – Platform

Cisco Live 2019 - Barcelona  Take-Away Presenter:


Dave Zacks
Summary and Next Steps
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
By Way of Introduction …

I am a Distinguished Engineer, and have been with Cisco for 19 years.

As a DTME within the Enterprise Networks Business team, I work primarily


on capabilities and solutions that are anywhere from 12 to 36+ months out,
helping to define these projects and then assisting as they progress
towards and through design, development, and solution introduction.

I have a strong background in, and focus on, customer requirements,


and integrating these into the products and solutions Cisco builds.
I have a special interest in Flexible Hardware, Network Fabrics, and Assurance.

Dave Zacks
Distinguished Technical Mktg. Engineer
dzacks@cisco.com @DaveZacks
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA –
Architecture Overview
Innovation in
the network

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
The Network. Intuitive. Cloud Service Management

Based on Cisco DNA Perform Automation Analytics

LEARNING
Virtualization

Programmable Physical and Virtual infrastructure


Cisco DNA Center

Security

Policy Automation Analytics Cisco DNA


Digital Network
Extract
Architecture
Express CONTEXT
INTENT

Intent-based
Network Infrastructure

Implement with
SECURITY BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
The Network. Intuitive.
Principles of Intent-Based Networking

Applications
Cisco DNA Center
APIs
Domain Controllers
Intent-Based Networking portfolio
Powered by IOS-XE

Physical and
Virtual
Open programmable architecture Infrastructure

ASIC

Built-in security, streaming telemetry


and rich analytics

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
The Network. Intuitive.
Moving from Manual to Automated
Basic Advanced

Automated Deployment Consistent Across Network Fabric Self-Driving Automation


Plug and Play, Configure once and deploy Closed Loop through Network
Step 1 Day 0 Deployment everywhere - SD-Access Analytics and Machine Learning
Network admin
previsions devices in
Cisco DNA
Cisco Network Plug Center

and Play applications Admin HTTP Cisco DNA


Proxy Center

Step 2 Internet
Onsite installer with
mobile app installs and
powers on devices, B B
triggers deployment,
checks status Installer

Step 3
New devices contact SD-Access SD-Access
Cisco Network Plug and Fabric
Play application to get
Fabric
provisioned

Network admin can


remotely monitor
Exists Today install status New Future

One Point of Management – All from Cisco DNA Center © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco SD-Access –
Brief Recap
What is the Problem?
Network Policy Today

Network Policy

Enterprise Network
SRC DST
PAYLOAD DATA DSCP PROT IP SRC IP DST
PORT PORT

• QoS
• Security
• Redirect/copy Policy is based on “5 Tuple”
• Only Transitive information
• Traffic engineering • Survives end to end
• etc.

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
What is the Problem?
Network Policy Today

access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165

Network Policy access-list


access-list
access-list
102
102
102
deny udp 32.124.217.1 255.255.255.255 lt 907 11.38.130.82 0.0.31.255 gt 428
permit ip 64.98.77.248 0.0.0.127 eq 639 122.201.132.164 0.0.31.255 gt 1511
deny tcp 247.54.117.116 0.0.0.127 gt 4437 136.68.158.104 0.0.1.255 gt 1945
access-list 102 permit icmp 136.196.101.101 0.0.0.255 lt 2361 90.186.112.213 0.0.31.255 eq 116
access-list 102 deny udp 242.4.189.142 0.0.1.255 eq 1112 19.94.101.166 0.0.0.127 eq 959
access-list 102 deny tcp 82.1.221.1 255.255.255.255 eq 2587 174.222.14.125 0.0.31.255 lt 4993
access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848
access-list 102 deny ip 32.15.78.227 0.0.0.127 eq 1493 72.92.200.157 0.0.0.255 gt 4878

Enterprise Network
access-list
access-list
access-list
102
102
102
permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216
deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111
deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175
access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462
access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384
SRC DST
PAYLOAD DATA DSCP PROT IP SRC IP DST
PORT PORT

IP
SSID C
ADDRESSES VLAN 20 VLAN 10
User/device info?
SSID A
 Locate you VLAN 30
 Identify you
VLAN 40
 Drive “treatment”
SSID B
 Constrain you

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
But What If …
Key Assertion

… we could make the IP address just be a If we could “break the dependence”


LOCATOR for you, and provide other ways between IP addressing and policy, we
to group users / devices to apply POLICY? could greatly simplify networks – and
make networks much more functional.

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
You could build and run your network in a simpler way …
Apply Policy irrespectively of network constructs (VLAN, subnet, IP address)
Easily implement Network Segmentation (w/o implementing MPLS)
Provide L2 and L3 flexibility (w/o stretching VLANs)

WITH A FABRIC…
Key Assertion

… we could make the IP address just be a If we could “break the dependence”


LOCATOR for you, and provide other ways between IP addressing and policy, we
to group users / devices to apply POLICY? could greatly simplify networks – and
make networks much more functional.

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
What is Unique about Software-Defined Access?
Fabric brings Policy Simplification
Fabric breaks the dependency between IP address and Policy.
In Fabric Polices are tied to User/Device Identity
Overlay
Cisco DNA Center – Automation and Assurance
Overlay encapsulation (VXLAN) • Single User Interface for Fabric Management & Orchestration
Supplier • Policy definition based on User, Device or App Group
Overlay • Design, Deploy and Monitoring and Troubleshooting
control plane
(LISP)
Devices Employee Fabric Overlay – Services plane
• Dynamically connects Users/Devices/Things
• IP is an ID not used for traffic forwarding
• End to End Policies and Segmentation

Underlay
Fabric Underlay – Forwarding plane
• Connects the network elements to each other
• Optimized for traffic forwarding (scalability, performance)
• Networking constructs like IP, VLANs, live here

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Cisco Software-Defined Access
The Power of the Fabric
Separate the “Forwarding Plane” from the “Services Plane”

IT Challenge (Business): Network Uptime IT Challenge (Employee): New Services


The Boss YOU The User

Underlay – Simple Transport Forwarding Overlay – Flexible Virtual Services


• Redundant Devices and Paths • Mobility - Map Endpoints to Edges
• Keep It Simple and Manageable • Services - Deliver using Overlay
• Optimize Packet Handling • Scalability - Reduce Protocol State
• Maximize Network Reliability (HA) • Flexible and Programmable

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Cisco Software-Defined Access
Integrated Segmentation
2 Custom Deny

1 Virtual Networks
Default Permit
First level Segmentation
that ensures zero Communication
between Building systems and Users

Group 3 Group 4
Default Deny

1
Group 5 Group 1 Group 2
2 Groups
Second level Segmentation
IoT Virtual Network Employee Virtual Network
within a Virtual Network that
ensures role based access control
between Two Groups

Routers Switches Wireless AP WLC


© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Software-Defined Access
Simplified Connectivity

Stretched No Spanning ECMP


Subnets Tree
Distributed Anycast
Default Gateway
Limit Broadcast Domain
+ No STP
No HSRP / VRRP + Equal Cost
Multi-Path
Routed Access

SD-Access Fabric

10.1.0.0/16
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Cisco Software-Defined Access
Roles and Terminology  Cisco DNA Controller – Enterprise SDN Controller
Cisco DNA
Cisco DNA Center Controller provides GUI management and abstraction via
Identity Services multiple Service Apps, that share information
ISE  Identity Services – External ID Systems (e.g. ISE)
are leveraged for dynamic User or Device to Group
Analytics Engine mapping and Policy definition
 Analytics Engine – External Data Collectors (e.g.
NDP) are leveraged to analyze User or Device to
Fabric Border Fabric Wireless App flows and monitor fabric status
Nodes LAN Controller
B B
 Control-Plane Nodes – Map System that manages
Control-Plane Endpoint ID to Device relationships
CP Nodes
 Border Nodes – A Fabric device (e.g. Core) that
connects External L3 network(s) to the SDA Fabric

 Edge Nodes – A Fabric device (e.g. Access


Fabric Edge
Intermediate or Distribution) that connects Wired Endpoints
Nodes
Nodes (Underlay) o the SDA Fabric
 Fabric Wireless Controller – A Fabric device (WLC)
that connects Wireless Endpoints to the SDA Fabric

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Missed One? Sessions are available online @ CiscoLive.com

Cisco Software-Defined Access


Cisco Live Barcelona 2019 – Session Map You Are Here

Tuesday (Jan 29) Wednesday (Jan 30) Thursday (Jan 31) Friday (Feb 01)
08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00

BRKCRS-2821 BRKCRS-2825 BRKCRS-2812


SD-Access Integration SD-Access Scale SD-Access Migration

BRKCLD-2412 BRKCRS-3811
Cross-Domain Policy SD-Access Policy

BRKCRS-2810 BRKCRS-1449 BRKCRS-1501


SD-Access Solution ISE & SD-Access Validated Design

BRKCRS-3810 BRKCRS-2815 BRKCRS-2814 BRKARC-2020


SD-Access Connect SD-Access Troubleshoot
Deep Dive SD-Access Sites Assurance SD-Access

LTRACI-2636 LTRCRS-2810 BRKEWN-2021 BRKEWN-2020


ACI + SD-Access Lab SD-Access Lab SD-Access Demo SD-Access Wireless

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Cisco DNA Assurance
for SD-Access
The Cost of Troubleshooting
Overview

Typical troubleshooting issues for an enterprise network with 800 users (wired and wireless)

Occurrences Hours saved Days saved


Issue/task DNA Center™ Traditional CLI Savings
per week per Week per Year
Traceroute Instantaneous 6 minutes 6 minutes 25 2.5 hours 15
Slow onboarding 2 minutes 17 minutes 15 minutes 20 5 hours 30
Device RPA failure Instantaneous 20 minutes 20 minutes 6 2 hours 12
Radio channel analysis 5 minutes 25 minutes 20 minutes 6 2 hours 12
Issue replication 5 minutes 65 minutes 60 minutes 2 2 hours 12
Site visit Not required 180 minutes 180 minutes 0.5 1.5 hours 9
Total: 15 hours 90

90 What would YOU do with 90 extra productive Days per Year?

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Why SD-Access Assurance?
Example
Fabric Border Cisco DNA Center
Nodes

Intermediate
Nodes (Underlay)

Need to Troubleshoot
user red connectivity
to a App server

Fabric Edge
Nodes

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Why SD-Access Assurance?
Example
Cisco DNA Center
CLI is the most common troubleshooting tool.
It’s just a very bad troubleshooting tool.

 show ip dhcp snooping binding


 show ip vrf interfaces | inc 1021
 show lisp vrf Campus | i IID
 show lisp instance-id 4099 ipv4 map-cache
 show ip cef vrf Campus 50.0.0.1 internal
 traceroute 192.168.130.2
 ping 192.168.10.1
 show cdp nei g1/0/22

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Why SD-Access Assurance?
Example
Cisco DNA Center
 ping 192.168.130.2
.....
Success rate is 0 percent (0/5)
 show ip route 192.168.130.2
 show cdp nei g1/0/23
 show run int g1/0/23

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Why SD-Access Assurance?
Example
Cisco DNA Center
interface GigabitEthernet1/0/23
description border_cp g1/0/15
no switchport
ip address 192.168.15.1 255.255.255.252
ip router isis
ip access-group test out

Extended IP access list test


10 deny ip host 192.168.120.1 host 192.168.130.2

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Network Quality
A Complex, End-to-End Problem
Client firmware Affects join/roam
WAN uplink usage End-user services Affects quality/throughput
Affects both*
Client density AP coverage

Configuration
WLC capacity WAN QoS, routing, ...
RF noise/interf
Authentication
Cisco® Unified
Cisco
CM
ISE Addressing

100+ points of failure What


WANis the problem?

between user and app DHCP

With 50,000+ Office site Where is the problem?


Network services Cisco Prime®
Access data center
Mobile clients
permutations! points
Local WLCs
How can I fix the problem fast?
* Both = Join/roam and quality/throughput

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Today’s Tools
Too Limited, and Do Not Address Network Needs

Too Many Tools Reactive Systems Limited Insights


Fragmented visibility Always playing catch up Limited data that is not actionable
Closed interfaces / Silo’d views Not designed for analytics My report vs your report
Devices queried multiple times Inconsistent API architecture No view of state changes
Different protocols/mechanisms Specialized knowledge required Lacking context or feedback loop

Rigid Closed/Proprietary
BRKCRS-2814
Lack of Intelligence
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Cisco DNA Center
Overview

Cisco DNA Center

Policy Provision Design Assurance

Complete network Analytics for assurance


Cisco DNA Center Appliance management system • Verify intent of network settings
• Single pane of glass for all devices • Proactively resolve issues
• End-to-end health information in real time • Reduce time spent troubleshooting
• Granular visibility
• Simplified workflows

Physical and virtual infrastructure Automation for provisioning Platform for extensibility
• Zero-touch deployment • Integrate APIs with third-party solutions
• Device lifecycle management • Integrate and customize ServiceNow
Cisco and third party • Policy enforcement • Evolve operational tools and processes

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Cisco DNA Assurance
Part of Cisco DNA Center

Automation Analytics
Design Provision Policy Assurance

Planning, installation and migration


Proactive and predictive network, client and application assurance

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Event Processing
Overview

“Event Processing is a method


of tracking and analyzing
streams of information about
things that happen (events),
and deriving a conclusion from
them.“

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Context is Key

Cisco Context
Time
360-degree Visibility
Users Network
Devices Applications
Data Granularity

Location
Historical, Real-time, Future

Rich Context Increase Business Productivity and Frees Up IT Time


BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Complex Event Processing
Overview

“CEP is event processing that


combines data from multiple
sources to infer events or
patterns that suggest more
complicated circumstances.
The goal … is to identify
meaningful events”
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Delivering Context for Network Troubleshooting
Use Case Example An unhappy user calls in
Group: Marketing User: George Baker
to report a problem with
ISE his WebEx experience

IPAM

Step 1: Identity Services


NetFlow Engine integration
Cisco DNA provides Cisco DNA
AVC Center Center with the user’s
Analytics information, group-
Engine
Topology policies and device
information
Location MAC: 60:F4:45:78:96:9F

MAC: B8:8D:12:36:15:22

Device

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Delivering Context for Network Troubleshooting
Use Case Example
Group: Marketing User: George Baker

ISE

IPAM

NetFlow
Cisco DNA
AVC Center
Analytics
Engine
Topology Step 2: IP Address
Management (IPAM)
Location MAC: 60:F4:45:78:96:9F
integration supplies Cisco
MAC: B8:8D:12:36:15:22
DNA Center with the
Device Source IP: 1.1.1.2 DHCP addresses bound
to the user’s device(s)

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Delivering Context for Network Troubleshooting
Use Case Example Step 3: Cisco DNA
Group: Marketing User: George Baker
Center filters NetFlow
ISE
records by the Source IP
of the client’s device
IPAM
DDI

NetFlow Dest IP: 2.2.2.2

Cisco DNA
AVC Center
Analytics
Dest Port: 80
?
Engine
Topology

Location MAC: 60:F4:45:78:96:9F

MAC: B8:8D:12:36:15:22

Device Source IP: 1.1.1.2


Dest Port: 80 ?

Dest IP: 3.2.2.2

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Delivering Context for Network Troubleshooting
Use Case Example Step 4: Application
Group: Marketing User: George Baker
Visibility and Control
ISE
identifies which of the
flow-records were for
IPAM
DDI WebEx traffic

NetFlow
Netflow Dest IP: 2.2.2.2

Cisco DNA
AVC Center
Analytics
Dest Port: 80
?
Engine
Topology

Location MAC: 60:F4:45:78:96:9F

MAC: B8:8D:12:36:15:22

Device Source IP: 1.1.1.2


Dest Port: 80 ?

Dest IP: 3.2.2.2

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Delivering Context for Network Troubleshooting
Use Case Example Step 5: Cisco DNA
Group: Marketing User: George Baker Center contextually
ISE correlates where the
user-device attaches to
IPAM
DDI the network and which
network-devices the flow
NetFlow traverses
Netflow Dest IP: 2.2.2.2

Cisco DNA MAC: B8:8D:12:36:15:22

AVC Center Source IP: 1.1.1.2


Dest Port: 80
Analytics
Engine
Topology
Topology

Location MAC: 60:F4:45:78:96:9F

Dest Port: 80
Device

Dest IP: 3.2.2.2

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Delivering Context for Network Troubleshooting
Use Case Example Step 6: Location services
Group: Marketing User: George Baker contextually-correlate the
ISE geographic locations of
the
IPAM
DDI user/network devices

NetFlow
Netflow Dest IP: 2.2.2.2

Cisco DNA MAC: B8:8D:12:36:15:22

AVC Center Source IP: 1.1.1.2


Dest Port: 80
Analytics
Engine
Topology
Topology

Location MAC: 60:F4:45:78:96:9F

Dest Port: 80
Device Building 24 1 st Floor

Dest IP: 3.2.2.2

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Delivering Context for Network Troubleshooting
Use Case Example Step 7: Network
Group: Marketing User: George Baker telemetry is used to
ISE identify, isolate and root-
cause issues
IPAM
DDI

NetFlow
Netflow Dest IP: 2.2.2.2

Cisco DNA MAC: B8:8D:12:36:15:22

AVC Center Source IP: 1.1.1.2


Dest Port: 80
Analytics
Engine
Topology
Topology

Location MAC: 60:F4:45:78:96:9F

Dest Port: 80
Device Building 24 1 st Floor

Dest IP: 3.2.2.2


No Layer 2 QoS
marking for Webex
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
What is Machine Learning?
• Machine learning is an application of artificial intelligence (AI) that provides systems the ability to
automatically learn and improve from experience without being explicitly programmed to do so

• The process of learning begins with observations of data, and looking for patterns within the data so as
to make increasingly better correlations, inferences and predictions

• The primary aim is


to allow these systems
to learn automatically
without human intervention
or assistance and adjust
actions accordingly

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Reasons for Data Patterns
Statistics 101:
Correlation does not necessary mean Causation
• Coincidence
• Correlation
• Causation

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Machine Learning
Many Data Inputs

RF & EDCA
behavioral
metrics,..

Application metrics, user


Device type, OS release, feedback, failure rate, ...
behavioral metrics, ... Queuing, Dropping, WRED
behavioral metrics…
CUCM ... and more
ISE
WAN & core
network metrics ..

WAN
DHCP

Office Site Network Services DC


APs
Mobile Clients
Local WLCs

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Cisco DNA Center
Analytics Architecture

Data collection and ingestion Data correlation and analysis Data visualization and action
Network assurance

Router Switch WLC Sensor Complex


Network correlation
telemetry
Metadata
SNMP NetFlow Syslog Streaming extraction
telemetry
...
Collector and analytics pipeline SDK
ISE AAA Topology Location PxGrid Stream
processing Data models and restful APIs

DNS DHCP Inventory Policy IPAM Time series analysis

Contextual data Analytics Engine System management portal

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Cisco DNA Center
The Power of Automation and Analytics Working in Sync

Cisco DNA Center


Telemetry, alerts,
violations
Assurance and
Automation Analytics
Network inventory,
topology, and
configuration

Network and telemetry Streaming telemetry


configuration & network data

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Getting Started
Workflow
Cisco DNA Assurance
Getting Started Workflow

Cisco DNA Network Network Ready for


Center Device Design & SD-Access
Install Discovery Provision Assurance !

On-Premise CDP Create Network


Single Node IP Address Range Hierarchy (Sites)

Loopback as
Cloud Tethered Assign Device to
Preferred
for App Updates Sites
Management IP
Provision
Telemetry
Configuration

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Getting Started Workflow – Network Discovery

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Getting Started Workflow – Assign Devices to Sites

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Getting Started Workflow – Provision

SD-Access requires
Provision
1

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Getting Started Workflow – Telemetry Configuration

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Enabling SD-Access Assurance A Connect
1 Wired
Configuring SNMP Collector
 Enable all the metrics. LISP, CLISP and RTTMON
are not enabled by default for SD-Access fabric 1

 Change the polling timer from 15 mins to 10 mins


using the slider
2
 (Only required in versions prior to 1.2)

 Input a unique name

 Save the configuration

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
4
Getting Started Workflow

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Cisco DNA Assurance
Capabilities
Cisco DNA Assurance
Overall Health

Toggle Overview
Topology | Map | List

Health Summary
• Network Health
• Client Health
• Application Health
• Compliance

Top 10 Issues

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Health Scores
Site Health Score function ( Client Health Score,
Device Health Score )

Client Health Score function ( Onboarding Score,


Connectivity Score )

Device Health Score function ( System Health Score,


Control Plane Score,
Data Plane Score )

Application Health Score function ( Traffic Class,


Latency, Packet Loss)

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Network Time Travel
“Go Back In Time” to Understand the Network State when the Issue Occurred

• History shows critical events • Rewind time to when the issue


• Identifies when issues occurred! occurred
• All the information on the user
or network device 360 changes
to the selected time!

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Cisco DNA Assurance
Network Health

Time Travel

Toggle Overview
Topology | Map | List

Health Summary

Health by Role
• Wireless vs Wired
• Core vs Access
• Data vs Control
• etc

Quick Filters

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Network Health

Time Travel
Travel to Time of Issue

Health Summary
• Routers
• Switches
• APs and WLCs
• etc

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Cisco DNA Assurance
Client Health

Time Travel

Toggle Overview
Map | List

Health Summary
• Wireless vs Wired
• Onboarding Times
• RSSI
• etc

Quick Filters

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Client 360 (1/3)

Client Devices

Time Travel

Client Issues
• Correlated
• Integrated with ITSM

Local Topology
• Health Summary
• Devices Summry
• Device 360 Links
• etc

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Client 360 (2/3)

Application Experience
• Business Relevant vs.
Default vs. Irrelevant
• Bandwidth and Usage
• App 360 Links

Device Details
• Hardware / Firmware
• RF Details
• Apple iOS Analytics

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Client 360 (3/3)

Apple iOS Analytics


• Cisco – Apple Partnership
• RF Client’s View
• Client Side Behavior

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Application Health

Health Summary
By Relevance
Top 10 Usage

App Experience
• By Application
• Filter / Sort
• etc

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Issue Details

Issue Summary
• Description
• Impact
• Locations
• Clients

Context Information

Guided Resolution
• Step by Step
• Automation on managed Devices

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Issue Details

Issue Summary
• Description
• Impact
• Locations
• Clients

Context Information

Guided Resolution
• Step by Step
• Automation on managed Devices

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Path Trace
Troubleshoot Issues Along the Network Path

• Run pathtrace from source to


destination to quickly get key
performance statistics for
each device along the
network path

• Identify ACLs that may be


Blocking or affecting the
traffic flow

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Path Trace
How Does It Work?

Cisco DNA
Center NIB

Cisco DNA
Center NIB

Cisco DNA
Center NIB

Cisco DNA
Center NIB

Cisco DNA
Center NIB

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Cisco DNA Assurance
for SD-Access
Cisco SD-Access Assurance
Quick Isolation of Network Issues
Cisco DNA Center

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Cisco SD-Access Assurance
Root-Cause Issues in a Few Clicks
Cisco DNA Center

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Cisco SD-Access Assurance

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Cisco SD-Access Assurance
End-to-End Visibility
Cisco DNA Center

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Cisco SD-Access Fabric Assurance Applications

Wired Use Cases


Clients

Services

Network Infrastructure Broad

Client
Control Plane Data Plane Policy Plane Device
Onboarding
Border and Edge
Edge to Control Plane ISE connectivity Client / Device DHCP CPU, Memory
connectivity
Border to Control Plane Border node policy Client / Device DNS TCAM Tables NEW
Border node health
WLC to Control Plane NEW Edge node policy Client Authentication Modules
Edge node health
CP performance SGACL validation NEW Client Authorization Temperature
Device to Services
Routing protocols (DHCP, DNS, AAA) Power (POE)
(OSPF, ISIS, EIGRP and
Interface High
BGP) NEW NEW
Utilization, Flaps
Deep Gateway Connectivity
Application
Performance BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Fabric Device 360
Click on the Fabric tab to see how Fabric metrics are going
1. Select Both options
2. Reachability tests are being performed in the Fabric Underlay and Overlay. Test results below

1
2

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Fabric Assurance
Path Trace – Fabric Wired Client to Wired Client

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Fabric Assurance ISE (AAA)

IP SLA CP

B B
• IP SLA tests are run in the network fabric to
verify connectivity between Control Plane,
Fabric Border, and Fabric Edge nodes.

• IP SLA analyzes basic IP service levels for


common IP services, to reduce downtime E E E

and lower operational costs

• Includes path trace capability as part of IPSLA traffic initiated from Edges

troubleshooting steps Automated via Cisco DNA Center


ip sla 1
icmp-echo 192.168.110.1 source-ip 192.168.120.1
threshold 3
ip sla schedule 1 life forever start-time now

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Fabric Assurance
IP SLA CP

B B
• IP SLA tests are run in the network fabric to
verify connectivity between Fabric Border
and external services VN Campus
• Monitor external services from fabric in the
underlay and overlay network E E E

(IPAM, DHCP ,DNS) `

• Includes path trace capability as part of IPSLA traffic


troubleshooting steps Example
ip sla 3
icmp-echo 50.0.0.1 source-ip 7.1.1.5
vrf Campus
threshold 3
ip sla schedule 3 life forever start-time now

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Fabric Assurance
Control Plane CP

B B
• Fabric nodes query Control Plane to resolve
host locations, if they don’t have an entry in
their local database
• After receiving a map-reply, each fabric node
stores those entries in its cache database 10.2.120.3

• Fabric Assurance tracks the number of E E E

requests and state of active cache entries to


provide proactive alerts
Example

FE1# show ip lisp map-cache instance-id 4098


LISP IPv4 Mapping Cache for EID-table vrf Campus (IID 4098), 5 entries

10.2.1.89/32, uptime: 00:05:16, expires: 23:57:59, via map-reply, complete


Locator Uptime State Pri/Wgt 10.2.1.89/32

10.2.120.3 00:04:23 up 10/10

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Fabric Assurance
Health Scores CP

Collect relevant Key Performance Indicators B B

(KPIs) to determine Device Health


For example: Resources (CPU, DRAM, etc),
Link state and errors, Protocol state and
errors, Reachability to Control Plane, etc
Fabric Device Health has 3 Categories: E E E

• Control Plane
• Data Plane Fabric Device Score is the
• System Health Lowest of all Scores
Example

3850-SJC24-3
5
System Health Data Plane Control Plane
10 10 5
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Fabric Assurance
Health Scores CP

Fabric Health score is the percentage of B B

healthy devices in the domain


Category Score is the percentage of healthy
devices in the category
Fabric Network Health has 4
Categories: E E E
• Fabric Edge
• Fabric Border
Fabric Domain Score is the
• Fabric Control Plane
No. of healthy devices /
• Fabric Wireless
Total devices
Fabric Network Health
Example
60%
Fabric Wireless Fabric Edge Fabric Border Fabric Control Plane
70% 100% 50% 100%

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Fabric Assurance
What’s New in Cisco SD-Access 1.2.5?

SD-Access for Distributed Campus

SD-Access
SD-Access

SD-Access WLC to Control Plane Monitoring

Wireless
Transit

• Hierarchy view of fabric sites/domains


• Monitoring WLC connectivity to (CP) nodes
• Network Health for each fabric site/domain
• Network Health for fabric WLC to CP nodes
• Network Health for SD-Access transit

SD-Access End-Host Path trace

Path Trace
SD-Access for Distributed Campus
IP Transit

• Hierarchy view of fabric sites/domains • Pathtrace for SD-Access Wired and Wireless
• Network Health for each fabric site/domain hosts, with L2 extension

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Cisco SD-Access for Distributed Campus
Monitoring Network Health for Individual Fabric Sites SD-Access 1.2.5
CP

• SD-Access Assurance provides Network Health


for each Fabric site and Transit
• Fabric hierarchy is carried from Automation into
Fabric
Assurance to give granular visibility CP

SJC4
B

CP

SD-Access
B CP
B Transit
B
Fabric
SJC3 Fabric
SJC-24

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Cisco SD-Access Assurance
Monitoring Network Health for Individual Fabric Sites

Aggregated view
across all
SD-Access
Fabric Domains
& Sites

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Cisco SD-Access Fabric Assurance
Wireless Use Cases
Broad

Network Coverage Network Device Application


Client Onboarding Client Experience
& Capacity Monitoring Performance
Association failures Throughput analysis Coverage hole Availability Sensor Tests:
Authentication failures Roaming pattern analysis AP License Utilization Crash, AP Join Failure Web: HTTP & HTTPS
IP address failure Sticky client Client Capacity High Availability Email: POP3, IMAP,
Slow roaming Radio Utilization Outlook Web Access
Client Exclusion CPU, Memory
Excessive roaming File Transfer: FTP & TFTP
Excessive on-boarding Flapping AP, Hung Radio
time RF, Roaming pattern Application Experience
Power supply failures (Packet Loss, Latency,
Excessive authentication Dual band clients prefer Jitter)
time 2.4GHz
Excessive IP addressing Excessive interference
time
AAA, DHCP reachability
Client Side Analytics (Apple
Insights)

Deep

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Cisco SD-Access Assurance
Monitoring WLC Connectivity for Enterprise Guest Control Plane

Fabric WLC to Fabric CP Issue

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Cisco SD-Access Assurance
Monitoring WLC Connectivity for Enterprise Guest Control Plane

Issue occurred
during this time
window

Timeline View

Detail description and hostnames


of WLC and control plane node

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Fabric Assurance
Path Trace – Fabric Wireless Client to Wired Client

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Cisco DNA Assurance
Sensor Everywhere
Test Your Network Anywhere at Any time at Real-world Client Level

Aironet 1800S Active Sensor AP as a Sensor


(1800/2800/3800/4800)

Purpose-built Hardware for Analytics


In-line monitoring to DNA for analytics
and insights while serving clients

• 2x2 with 2 spatial streams


• Multiple powering options
- PoE Power
- USB Type “C” power
- Direct AC Power Plug
• Integrated BLE
• Ultra compact form factor

Onboarding & Configure Tests Global Issue Dynamic Sensor


SLA Dashboard
Services Tests Remotely Creation Test Trigger

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Wireless Sensors
Proactive Performance Assessment for Wireless
Test your network anywhere at any time
 On-Boarding Tests
• 802.11 Association
• 802.11 Authentication & Key Exchange
• IP Addressing DHCP (IPv4) Sensors act as Access point
 Network tests
• DNS (IPv4) clients
• RADIUS (IPv4)
• First Hop Router/Default gateway (IPv4)
• Intranet Host
• External Host (IPv4) R1

 Application tests
• Email: POP3, IMAP, Outlook Web Access (IPv4)
• File Transfer: FTP (IPv4), TFTP (IPv4)
• Web: HTTP & HTTPS (IPv4) Dedicated Sensor AP1800 Flexible Radio
Flexible Radio Assignment Algorithm intelligently
identifies excessive radios and seamlessly
converts those into Sensor mode without client
impact

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Cisco DNA Assurance
Active Sensor Dashboard
Time Travel

Sensor Test Summary


• Past Failures by
• Locations
• Type
• …

Trending Charts
• For Key Services
(DHCP, DNS, AAA, Web, Email, …)

Spark Charts
• Results per Location
over Time
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
AP 4800 – A More Advanced Access Point
Similar to AP 3800i, but has an Additional Flexible Radio for Analytics +
Advanced Hyperlocation Antenna Array
• Location Array antenna is now integrated
• Bluetooth Low Energy radio is now integrated
• Embedded analytics/location radio is now integrated

+ =
Hyperlocation Cisco DNA Analytics,
antenna array Monitoring and Location Radio AP-4800
Best in Class
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Cisco Intelligent Capture
Real-Time Client and App Insights to Enhance Cisco DNA Wireless Assurance

Client and App Hyperlocation – Real- Total Secure Active Sensor


Real-time Forensics Time Client Location Coverage Monitoring Testing

• Real-time client RF • Enhance Sticky client • 24x7 monitoring of • Onboarding Tests


view issue analysis with Wi-Fi and non-Wi-Fi
Real-time location interference using • Network Services
• In-service packet AirSense radio Tests
captures using Live • Identify coverage holes
Assurance analytics with real-time • 24x7 wIPS forensics • App Connectivity Tests
accuracy (<3 mtr.) to prevent over the air • App Experience Tests
• Monitor Client attacks using Live
Onboarding real-time Assurance radio
• Real-time App
performance insights

Cisco Intelligent Capture with Real-time Client and App insights would enhance guided
remediation and also allow On-Demand VIP client Troubleshooting© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intelligent Capture
Overview
Network Time Travel AP4800 3rd radio Full packet
view Intelligent Capture
capture

Failed Onboard
Real-time Client location
Map with trail of movement

Real-time Event
Viewer

Download Onboard
Packet
Onboard Packet
stage identifier

Failed Packet

RSSI Chart per Packet


Auto Packet
Analyzer Interpacket Gap (ms)
bar chart

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Troubleshooting Use Cases using Intelligent Capture
1 On-Demand RF Scanner
Situation
Live RF Network || Pause 11:50:32 Record • A large logistics company uses Wi-Fi operated Auto-guided vehicles (AGV) in its
Session logistics warehouses. Due to high ceilings and large moving metal structures,
Red Spot: Coverage Hole these warehouse have dynamic RF scenarios
• Due to little human involvement sometimes these machines don’t take optimal
paths due to temporal coverage hole

Solution
• IT staff uses the On-Demand RF scanner tool to validate AGV’s RF coverage
during the live operation and detect coverage holes in a highly dynamic RF
environment
• This helps IT staff immensely in RF design, planning and optimization

Green Spot: Voice-quality Throughput KPI List Graph* Poor RF Zones


SNR RF design optimization
Orange Spot: Browsing-quality Throughput RSSI
Key Issues addressed
MCS Sticky client analysis with real-time location
Red Spot: Coverage Hole Throughput VoIP performance and audio issues
Packet retry
Key Industries Healthcare, Distribution, Logistics, Retail and Higher Ed.

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Troubleshooting Use Cases using Intelligent Capture
2 Automated Packet Captures
Situation
Visual Packet Trace Analyzer (<5 sec) • A Financial services giant decided to adopt to BYOD to encourage people to
use its Virtual Desktop Infrastructure for a certain critical applications. In the
first week, John discovered longer Onboarding time from mobile device
compare to laptop and received complaints from several end-users

Solution

• IT staff turned on the Auto PCAP to capture onboarding and roaming failure
anomalies for the BYOD device at a specific site. This allowed IT staff to
capture de-authentication packets that are typically observed when the client
has driver issues
Real-time Anomalies with Auto PCAPs (<5 sec)
• IT staff also had access to detailed PCAP analysis that enabled them to
identify the root cause behind onboarding and roaming failures
On-boarding and roaming failures
Key Issues addressed VOIP Performance issues
Sticky client analysis with real-time
location
Key Industries All segments

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Troubleshooting Use Cases using Intelligent Capture
3 VIP Service Assurance Situation

• A large healthcare deployed 5000 vital sign monitor for every in-patient.
Visual Packet Trace Analyzer (<5 sec)
These vital sign allow doctors to monitor critical parameters on a real-time
basis
• Wi-Fi connection of vital sign monitor starts to get disrupted on an
intermitted basis during the middle of the day and if not addressed it can be
life threatening
Solution
• IT staff uses Live Troubleshooting tool to perform detailed forensics on both
the client state and the location
• Using packet trace analyzer, the IT staff is able to visualize frequent roaming
Real-time Client Location Tracking (<5 sec) and re-authentication failures from the device along with lower RSSI than
anticipated in particular location

On-boarding and roaming failures w/ PCAP


Sticky client analysis with real-time location
Key Issues addressed
Service Level Assurance for critical
apps/users
Remote Wireless troubleshooting through
Full PCAP
Key Industries Healthcare, Distribution, Logistics, Retail, Higher Ed, MSPs
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Why Streaming
Telemetry?
Individual Transfer Mechanisms
Challenges

SNMP SNMP
Poller

syslog syslog
collector

CLI scripts

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Streaming Telemetry
Overview

Export enriched, consistent and concise data with context from


network devices for a better user and operator experience

Periodic or Structured Data Scalable Reduced CPU


On-Change Load

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Streaming Telemetry Components of Cisco DNA Assurance
Ability to collect many KPIs from devices as close as possible to real time

With Streaming Telemetry we will support collection of many KPIs as close as


possible to real time

Subscription Publication
• Periodic or on-change
• Structured data
• Priority subscriptions
NETCONF RESTconf GNMI
• Customized to recipient
• XML or JSON encoding
YANG Data Model
Programmable • NETCONF or HTTP/2 transport
Interfaces
Open Native Open Native • Increased scale
Physical and Virtual Network Infrastructure Configuration Operational • Reduced CPU and bandwidth
consumption
Device Features
SNMP
Interface BGP QoS ACL …

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Cisco DNA Center –
Platform
Cisco DNA Center 1.2
Cisco DNA Assurance Scalability

25K Clients / Endpoints

4K Access Points

1000 Switches/Routers/WLC

200 Number of Site Hierarchies*

* Site Hierarchy can include sites, buildings, and floors

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Cisco DNA Center 1.2
Data Retention

• Data storage for


5000 devices, KPIs, Metrics 14 days
25,000 clients

• Customizable Backup
Relationship 14 days
retention policy (To external storage)
Graph
• Storage
monitoring and
alerting Events/Alarms 14 days

• Provide
meaningful
Issues 14 days Purge
assurance
troubleshooting,
issues and
trending
dashboard data

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Summary –
Innovation Access
The Network. Intuitive.
Cisco DNA Assurance for SD-Access
Session Summary

SD-Access Assurance = SD-Access + Cisco DNA Center


Assurance
B B

C Cisco DNA Center


Simple Workflows

SD-Access
Fabric DESIGN PROVISION POLICY ASSURANCE

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Cisco DNA Assurance and Analytics
A New Way
Old Approach Cisco DNA Approach
Reactive: Traditional monitoring based Proactive: True Assurance based on deeper
on network element KPFs correlation across all entities

Network and Context Aware - deeper insights


Network Unaware
through Analytics

Closed Interfaces & Open interfaces with adaptive APIs


Developer Inefficiencies and ITSM Integration framework

Use case specific Hyper-distributed multi-tenant &


monolithic architecture cloud first secure architecture

Micro services based agile modern


Rigid Network Telemetry
network telemetry collection capabilities

The Network that Scales for the Digital Business


© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco SD-Access
Fabric-Ready Platforms for Your Digital-Ready Network

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Missed One? Sessions are available online @ CiscoLive.com

Cisco SD-Access
Cisco Live 2019 Barcelona – Session Map
Tuesday (Jan 29) Wednesday (Jan 30) Thursday (Jan 31) Friday (Feb 01)
08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00

BRKCRS-2821 BRKCRS-2815 BRKCRS-2812


Connect SD-Access Outside Connect SD-Access Sites SD-Access Migration

BRKCLD-2412 BRKCRS-3811
Cross-Domain Policy SD-Access Policy

BRKCRS-2810 BRKCRS-1491 BRKARC-2020


ISE & SD-Access
SD-Access Solution Troubleshoot SD-Access

BRKCRS-3810 BRKCRS-2825 BRKCRS-2814 BRKCRS-1501


SD-Access SD-Access Scale SD-Access Assurance Validated Design
Deep Dive

BRKEWN-2021 BRKEWN-2020
SD-Access Demo SD-Access Wireless

LTRACI-2636 LTRCRS-2810
ACI + SD-Access Lab SD-Access Lab

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Would You Like to Know More?
Available e-books
http://cs.co/cat9000book
http://cs.co/sdabook
http://cs.co/programmabilitybook
http://cs.co/wirelessbook
http://cs.co/assurancebook

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Would You Like to Know More?
Cisco SD-Access Resources

cisco.com/go/sdaccess cisco.com/go/dnacenter
• SD-Access At-A-Glance
• Cisco DNA Center At-A-Glance
• SD-Access Design Guide



SD-Access FAQs
SD-Access Migration Guide
cisco.com/go/cvd •
Cisco DNA Center 'How To' Video Resources
Cisco DNA Center Data Sheet
• SD-Access Design Guide - Dec 2017
• SD-Access Solution Data Sheet • SD-Access Deploy Guide - Jan 2018
• SD-Access Solution White Paper

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Cisco SD-Access – Assurance and Analytics
Evaluations

How
Did We Did I Our
Achieve Do?Objectives?

Do You Have a Better Understanding …

of what Cisco DNA Assurance and Analytics provides…

of how these capabilities are used with SD-Access…

and how you can leverage SD-Access


Assurance and Analytics in your own network designs?

Don’t Forget
to fill out your evaluations!
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Webex Teams

Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session

How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

cs.co/ciscolivebot#BRKCRS-2814

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations

Don’t forget: Cisco Live sessions will be available for viewing


on demand after the event at ciscolive.cisco.com

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Continue Your Education

Demos in Meet the Related


Walk-in
the Cisco engineer sessions
self-paced
Showcase labs 1:1
meetings

BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Thank you

S-ar putea să vă placă și