Documente Academic
Documente Profesional
Documente Cultură
Cisco SD-Access
Assurance and Analytics
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKCRS-2814
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco DNA BRKCRS-2814
Agenda Architecture Overview
Cisco
Software-Defined
Cisco SD-Access
Access –
Brief Recap Assurance and Analytics
Dave Zacks
Distinguished Technical Mktg. Engineer
dzacks@cisco.com @DaveZacks
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA –
Architecture Overview
Innovation in
the network
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
The Network. Intuitive. Cloud Service Management
LEARNING
Virtualization
Security
Intent-based
Network Infrastructure
Implement with
SECURITY BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
The Network. Intuitive.
Principles of Intent-Based Networking
Applications
Cisco DNA Center
APIs
Domain Controllers
Intent-Based Networking portfolio
Powered by IOS-XE
Physical and
Virtual
Open programmable architecture Infrastructure
ASIC
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
The Network. Intuitive.
Moving from Manual to Automated
Basic Advanced
Step 2 Internet
Onsite installer with
mobile app installs and
powers on devices, B B
triggers deployment,
checks status Installer
Step 3
New devices contact SD-Access SD-Access
Cisco Network Plug and Fabric
Play application to get
Fabric
provisioned
One Point of Management – All from Cisco DNA Center © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco SD-Access –
Brief Recap
What is the Problem?
Network Policy Today
Network Policy
Enterprise Network
SRC DST
PAYLOAD DATA DSCP PROT IP SRC IP DST
PORT PORT
• QoS
• Security
• Redirect/copy Policy is based on “5 Tuple”
• Only Transitive information
• Traffic engineering • Survives end to end
• etc.
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
What is the Problem?
Network Policy Today
access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165
Enterprise Network
access-list
access-list
access-list
102
102
102
permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216
deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111
deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175
access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462
access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384
SRC DST
PAYLOAD DATA DSCP PROT IP SRC IP DST
PORT PORT
IP
SSID C
ADDRESSES VLAN 20 VLAN 10
User/device info?
SSID A
Locate you VLAN 30
Identify you
VLAN 40
Drive “treatment”
SSID B
Constrain you
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
But What If …
Key Assertion
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
You could build and run your network in a simpler way …
Apply Policy irrespectively of network constructs (VLAN, subnet, IP address)
Easily implement Network Segmentation (w/o implementing MPLS)
Provide L2 and L3 flexibility (w/o stretching VLANs)
WITH A FABRIC…
Key Assertion
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
What is Unique about Software-Defined Access?
Fabric brings Policy Simplification
Fabric breaks the dependency between IP address and Policy.
In Fabric Polices are tied to User/Device Identity
Overlay
Cisco DNA Center – Automation and Assurance
Overlay encapsulation (VXLAN) • Single User Interface for Fabric Management & Orchestration
Supplier • Policy definition based on User, Device or App Group
Overlay • Design, Deploy and Monitoring and Troubleshooting
control plane
(LISP)
Devices Employee Fabric Overlay – Services plane
• Dynamically connects Users/Devices/Things
• IP is an ID not used for traffic forwarding
• End to End Policies and Segmentation
Underlay
Fabric Underlay – Forwarding plane
• Connects the network elements to each other
• Optimized for traffic forwarding (scalability, performance)
• Networking constructs like IP, VLANs, live here
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Cisco Software-Defined Access
The Power of the Fabric
Separate the “Forwarding Plane” from the “Services Plane”
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Cisco Software-Defined Access
Integrated Segmentation
2 Custom Deny
1 Virtual Networks
Default Permit
First level Segmentation
that ensures zero Communication
between Building systems and Users
Group 3 Group 4
Default Deny
1
Group 5 Group 1 Group 2
2 Groups
Second level Segmentation
IoT Virtual Network Employee Virtual Network
within a Virtual Network that
ensures role based access control
between Two Groups
SD-Access Fabric
10.1.0.0/16
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Cisco Software-Defined Access
Roles and Terminology Cisco DNA Controller – Enterprise SDN Controller
Cisco DNA
Cisco DNA Center Controller provides GUI management and abstraction via
Identity Services multiple Service Apps, that share information
ISE Identity Services – External ID Systems (e.g. ISE)
are leveraged for dynamic User or Device to Group
Analytics Engine mapping and Policy definition
Analytics Engine – External Data Collectors (e.g.
NDP) are leveraged to analyze User or Device to
Fabric Border Fabric Wireless App flows and monitor fabric status
Nodes LAN Controller
B B
Control-Plane Nodes – Map System that manages
Control-Plane Endpoint ID to Device relationships
CP Nodes
Border Nodes – A Fabric device (e.g. Core) that
connects External L3 network(s) to the SDA Fabric
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Missed One? Sessions are available online @ CiscoLive.com
Tuesday (Jan 29) Wednesday (Jan 30) Thursday (Jan 31) Friday (Feb 01)
08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00
BRKCLD-2412 BRKCRS-3811
Cross-Domain Policy SD-Access Policy
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Cisco DNA Assurance
for SD-Access
The Cost of Troubleshooting
Overview
Typical troubleshooting issues for an enterprise network with 800 users (wired and wireless)
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Why SD-Access Assurance?
Example
Fabric Border Cisco DNA Center
Nodes
Intermediate
Nodes (Underlay)
Need to Troubleshoot
user red connectivity
to a App server
Fabric Edge
Nodes
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Why SD-Access Assurance?
Example
Cisco DNA Center
CLI is the most common troubleshooting tool.
It’s just a very bad troubleshooting tool.
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Why SD-Access Assurance?
Example
Cisco DNA Center
ping 192.168.130.2
.....
Success rate is 0 percent (0/5)
show ip route 192.168.130.2
show cdp nei g1/0/23
show run int g1/0/23
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Why SD-Access Assurance?
Example
Cisco DNA Center
interface GigabitEthernet1/0/23
description border_cp g1/0/15
no switchport
ip address 192.168.15.1 255.255.255.252
ip router isis
ip access-group test out
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Network Quality
A Complex, End-to-End Problem
Client firmware Affects join/roam
WAN uplink usage End-user services Affects quality/throughput
Affects both*
Client density AP coverage
Configuration
WLC capacity WAN QoS, routing, ...
RF noise/interf
Authentication
Cisco® Unified
Cisco
CM
ISE Addressing
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Today’s Tools
Too Limited, and Do Not Address Network Needs
Rigid Closed/Proprietary
BRKCRS-2814
Lack of Intelligence
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Cisco DNA Center
Overview
Physical and virtual infrastructure Automation for provisioning Platform for extensibility
• Zero-touch deployment • Integrate APIs with third-party solutions
• Device lifecycle management • Integrate and customize ServiceNow
Cisco and third party • Policy enforcement • Evolve operational tools and processes
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Cisco DNA Assurance
Part of Cisco DNA Center
Automation Analytics
Design Provision Policy Assurance
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Event Processing
Overview
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Context is Key
Cisco Context
Time
360-degree Visibility
Users Network
Devices Applications
Data Granularity
Location
Historical, Real-time, Future
IPAM
MAC: B8:8D:12:36:15:22
Device
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Delivering Context for Network Troubleshooting
Use Case Example
Group: Marketing User: George Baker
ISE
IPAM
NetFlow
Cisco DNA
AVC Center
Analytics
Engine
Topology Step 2: IP Address
Management (IPAM)
Location MAC: 60:F4:45:78:96:9F
integration supplies Cisco
MAC: B8:8D:12:36:15:22
DNA Center with the
Device Source IP: 1.1.1.2 DHCP addresses bound
to the user’s device(s)
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Delivering Context for Network Troubleshooting
Use Case Example Step 3: Cisco DNA
Group: Marketing User: George Baker
Center filters NetFlow
ISE
records by the Source IP
of the client’s device
IPAM
DDI
Cisco DNA
AVC Center
Analytics
Dest Port: 80
?
Engine
Topology
MAC: B8:8D:12:36:15:22
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Delivering Context for Network Troubleshooting
Use Case Example Step 4: Application
Group: Marketing User: George Baker
Visibility and Control
ISE
identifies which of the
flow-records were for
IPAM
DDI WebEx traffic
NetFlow
Netflow Dest IP: 2.2.2.2
Cisco DNA
AVC Center
Analytics
Dest Port: 80
?
Engine
Topology
MAC: B8:8D:12:36:15:22
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Delivering Context for Network Troubleshooting
Use Case Example Step 5: Cisco DNA
Group: Marketing User: George Baker Center contextually
ISE correlates where the
user-device attaches to
IPAM
DDI the network and which
network-devices the flow
NetFlow traverses
Netflow Dest IP: 2.2.2.2
Dest Port: 80
Device
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Delivering Context for Network Troubleshooting
Use Case Example Step 6: Location services
Group: Marketing User: George Baker contextually-correlate the
ISE geographic locations of
the
IPAM
DDI user/network devices
NetFlow
Netflow Dest IP: 2.2.2.2
Dest Port: 80
Device Building 24 1 st Floor
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Delivering Context for Network Troubleshooting
Use Case Example Step 7: Network
Group: Marketing User: George Baker telemetry is used to
ISE identify, isolate and root-
cause issues
IPAM
DDI
NetFlow
Netflow Dest IP: 2.2.2.2
Dest Port: 80
Device Building 24 1 st Floor
• The process of learning begins with observations of data, and looking for patterns within the data so as
to make increasingly better correlations, inferences and predictions
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Reasons for Data Patterns
Statistics 101:
Correlation does not necessary mean Causation
• Coincidence
• Correlation
• Causation
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Machine Learning
Many Data Inputs
RF & EDCA
behavioral
metrics,..
WAN
DHCP
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Cisco DNA Center
Analytics Architecture
Data collection and ingestion Data correlation and analysis Data visualization and action
Network assurance
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Cisco DNA Center
The Power of Automation and Analytics Working in Sync
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Getting Started
Workflow
Cisco DNA Assurance
Getting Started Workflow
Loopback as
Cloud Tethered Assign Device to
Preferred
for App Updates Sites
Management IP
Provision
Telemetry
Configuration
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Getting Started Workflow – Network Discovery
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Getting Started Workflow – Assign Devices to Sites
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Getting Started Workflow – Provision
SD-Access requires
Provision
1
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Getting Started Workflow – Telemetry Configuration
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Enabling SD-Access Assurance A Connect
1 Wired
Configuring SNMP Collector
Enable all the metrics. LISP, CLISP and RTTMON
are not enabled by default for SD-Access fabric 1
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
4
Getting Started Workflow
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Cisco DNA Assurance
Capabilities
Cisco DNA Assurance
Overall Health
Toggle Overview
Topology | Map | List
Health Summary
• Network Health
• Client Health
• Application Health
• Compliance
Top 10 Issues
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Health Scores
Site Health Score function ( Client Health Score,
Device Health Score )
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Network Time Travel
“Go Back In Time” to Understand the Network State when the Issue Occurred
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Cisco DNA Assurance
Network Health
Time Travel
Toggle Overview
Topology | Map | List
Health Summary
Health by Role
• Wireless vs Wired
• Core vs Access
• Data vs Control
• etc
Quick Filters
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Network Health
Time Travel
Travel to Time of Issue
Health Summary
• Routers
• Switches
• APs and WLCs
• etc
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Cisco DNA Assurance
Client Health
Time Travel
Toggle Overview
Map | List
Health Summary
• Wireless vs Wired
• Onboarding Times
• RSSI
• etc
Quick Filters
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Client 360 (1/3)
Client Devices
Time Travel
Client Issues
• Correlated
• Integrated with ITSM
Local Topology
• Health Summary
• Devices Summry
• Device 360 Links
• etc
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Client 360 (2/3)
Application Experience
• Business Relevant vs.
Default vs. Irrelevant
• Bandwidth and Usage
• App 360 Links
Device Details
• Hardware / Firmware
• RF Details
• Apple iOS Analytics
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Client 360 (3/3)
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Application Health
Health Summary
By Relevance
Top 10 Usage
App Experience
• By Application
• Filter / Sort
• etc
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Issue Details
Issue Summary
• Description
• Impact
• Locations
• Clients
Context Information
Guided Resolution
• Step by Step
• Automation on managed Devices
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance
Issue Details
Issue Summary
• Description
• Impact
• Locations
• Clients
Context Information
Guided Resolution
• Step by Step
• Automation on managed Devices
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Path Trace
Troubleshoot Issues Along the Network Path
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Path Trace
How Does It Work?
Cisco DNA
Center NIB
Cisco DNA
Center NIB
Cisco DNA
Center NIB
Cisco DNA
Center NIB
Cisco DNA
Center NIB
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Cisco DNA Assurance
for SD-Access
Cisco SD-Access Assurance
Quick Isolation of Network Issues
Cisco DNA Center
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Cisco SD-Access Assurance
Root-Cause Issues in a Few Clicks
Cisco DNA Center
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Cisco SD-Access Assurance
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Cisco SD-Access Assurance
End-to-End Visibility
Cisco DNA Center
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Cisco SD-Access Fabric Assurance Applications
Services
Client
Control Plane Data Plane Policy Plane Device
Onboarding
Border and Edge
Edge to Control Plane ISE connectivity Client / Device DHCP CPU, Memory
connectivity
Border to Control Plane Border node policy Client / Device DNS TCAM Tables NEW
Border node health
WLC to Control Plane NEW Edge node policy Client Authentication Modules
Edge node health
CP performance SGACL validation NEW Client Authorization Temperature
Device to Services
Routing protocols (DHCP, DNS, AAA) Power (POE)
(OSPF, ISIS, EIGRP and
Interface High
BGP) NEW NEW
Utilization, Flaps
Deep Gateway Connectivity
Application
Performance BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Fabric Device 360
Click on the Fabric tab to see how Fabric metrics are going
1. Select Both options
2. Reachability tests are being performed in the Fabric Underlay and Overlay. Test results below
1
2
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Fabric Assurance
Path Trace – Fabric Wired Client to Wired Client
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Fabric Assurance ISE (AAA)
IP SLA CP
B B
• IP SLA tests are run in the network fabric to
verify connectivity between Control Plane,
Fabric Border, and Fabric Edge nodes.
• Includes path trace capability as part of IPSLA traffic initiated from Edges
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Fabric Assurance
IP SLA CP
B B
• IP SLA tests are run in the network fabric to
verify connectivity between Fabric Border
and external services VN Campus
• Monitor external services from fabric in the
underlay and overlay network E E E
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Fabric Assurance
Control Plane CP
B B
• Fabric nodes query Control Plane to resolve
host locations, if they don’t have an entry in
their local database
• After receiving a map-reply, each fabric node
stores those entries in its cache database 10.2.120.3
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Fabric Assurance
Health Scores CP
• Control Plane
• Data Plane Fabric Device Score is the
• System Health Lowest of all Scores
Example
3850-SJC24-3
5
System Health Data Plane Control Plane
10 10 5
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Fabric Assurance
Health Scores CP
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Fabric Assurance
What’s New in Cisco SD-Access 1.2.5?
SD-Access
SD-Access
Wireless
Transit
Path Trace
SD-Access for Distributed Campus
IP Transit
• Hierarchy view of fabric sites/domains • Pathtrace for SD-Access Wired and Wireless
• Network Health for each fabric site/domain hosts, with L2 extension
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Cisco SD-Access for Distributed Campus
Monitoring Network Health for Individual Fabric Sites SD-Access 1.2.5
CP
SJC4
B
CP
SD-Access
B CP
B Transit
B
Fabric
SJC3 Fabric
SJC-24
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Cisco SD-Access Assurance
Monitoring Network Health for Individual Fabric Sites
Aggregated view
across all
SD-Access
Fabric Domains
& Sites
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Cisco SD-Access Fabric Assurance
Wireless Use Cases
Broad
Deep
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Cisco SD-Access Assurance
Monitoring WLC Connectivity for Enterprise Guest Control Plane
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Cisco SD-Access Assurance
Monitoring WLC Connectivity for Enterprise Guest Control Plane
Issue occurred
during this time
window
Timeline View
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Fabric Assurance
Path Trace – Fabric Wireless Client to Wired Client
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Cisco DNA Assurance
Sensor Everywhere
Test Your Network Anywhere at Any time at Real-world Client Level
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Wireless Sensors
Proactive Performance Assessment for Wireless
Test your network anywhere at any time
On-Boarding Tests
• 802.11 Association
• 802.11 Authentication & Key Exchange
• IP Addressing DHCP (IPv4) Sensors act as Access point
Network tests
• DNS (IPv4) clients
• RADIUS (IPv4)
• First Hop Router/Default gateway (IPv4)
• Intranet Host
• External Host (IPv4) R1
Application tests
• Email: POP3, IMAP, Outlook Web Access (IPv4)
• File Transfer: FTP (IPv4), TFTP (IPv4)
• Web: HTTP & HTTPS (IPv4) Dedicated Sensor AP1800 Flexible Radio
Flexible Radio Assignment Algorithm intelligently
identifies excessive radios and seamlessly
converts those into Sensor mode without client
impact
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Cisco DNA Assurance
Active Sensor Dashboard
Time Travel
Trending Charts
• For Key Services
(DHCP, DNS, AAA, Web, Email, …)
Spark Charts
• Results per Location
over Time
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
AP 4800 – A More Advanced Access Point
Similar to AP 3800i, but has an Additional Flexible Radio for Analytics +
Advanced Hyperlocation Antenna Array
• Location Array antenna is now integrated
• Bluetooth Low Energy radio is now integrated
• Embedded analytics/location radio is now integrated
+ =
Hyperlocation Cisco DNA Analytics,
antenna array Monitoring and Location Radio AP-4800
Best in Class
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Cisco Intelligent Capture
Real-Time Client and App Insights to Enhance Cisco DNA Wireless Assurance
Cisco Intelligent Capture with Real-time Client and App insights would enhance guided
remediation and also allow On-Demand VIP client Troubleshooting© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intelligent Capture
Overview
Network Time Travel AP4800 3rd radio Full packet
view Intelligent Capture
capture
Failed Onboard
Real-time Client location
Map with trail of movement
Real-time Event
Viewer
Download Onboard
Packet
Onboard Packet
stage identifier
Failed Packet
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Troubleshooting Use Cases using Intelligent Capture
1 On-Demand RF Scanner
Situation
Live RF Network || Pause 11:50:32 Record • A large logistics company uses Wi-Fi operated Auto-guided vehicles (AGV) in its
Session logistics warehouses. Due to high ceilings and large moving metal structures,
Red Spot: Coverage Hole these warehouse have dynamic RF scenarios
• Due to little human involvement sometimes these machines don’t take optimal
paths due to temporal coverage hole
Solution
• IT staff uses the On-Demand RF scanner tool to validate AGV’s RF coverage
during the live operation and detect coverage holes in a highly dynamic RF
environment
• This helps IT staff immensely in RF design, planning and optimization
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Troubleshooting Use Cases using Intelligent Capture
2 Automated Packet Captures
Situation
Visual Packet Trace Analyzer (<5 sec) • A Financial services giant decided to adopt to BYOD to encourage people to
use its Virtual Desktop Infrastructure for a certain critical applications. In the
first week, John discovered longer Onboarding time from mobile device
compare to laptop and received complaints from several end-users
Solution
• IT staff turned on the Auto PCAP to capture onboarding and roaming failure
anomalies for the BYOD device at a specific site. This allowed IT staff to
capture de-authentication packets that are typically observed when the client
has driver issues
Real-time Anomalies with Auto PCAPs (<5 sec)
• IT staff also had access to detailed PCAP analysis that enabled them to
identify the root cause behind onboarding and roaming failures
On-boarding and roaming failures
Key Issues addressed VOIP Performance issues
Sticky client analysis with real-time
location
Key Industries All segments
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Troubleshooting Use Cases using Intelligent Capture
3 VIP Service Assurance Situation
• A large healthcare deployed 5000 vital sign monitor for every in-patient.
Visual Packet Trace Analyzer (<5 sec)
These vital sign allow doctors to monitor critical parameters on a real-time
basis
• Wi-Fi connection of vital sign monitor starts to get disrupted on an
intermitted basis during the middle of the day and if not addressed it can be
life threatening
Solution
• IT staff uses Live Troubleshooting tool to perform detailed forensics on both
the client state and the location
• Using packet trace analyzer, the IT staff is able to visualize frequent roaming
Real-time Client Location Tracking (<5 sec) and re-authentication failures from the device along with lower RSSI than
anticipated in particular location
SNMP SNMP
Poller
syslog syslog
collector
CLI scripts
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Streaming Telemetry
Overview
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Streaming Telemetry Components of Cisco DNA Assurance
Ability to collect many KPIs from devices as close as possible to real time
Subscription Publication
• Periodic or on-change
• Structured data
• Priority subscriptions
NETCONF RESTconf GNMI
• Customized to recipient
• XML or JSON encoding
YANG Data Model
Programmable • NETCONF or HTTP/2 transport
Interfaces
Open Native Open Native • Increased scale
Physical and Virtual Network Infrastructure Configuration Operational • Reduced CPU and bandwidth
consumption
Device Features
SNMP
Interface BGP QoS ACL …
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Cisco DNA Center –
Platform
Cisco DNA Center 1.2
Cisco DNA Assurance Scalability
4K Access Points
1000 Switches/Routers/WLC
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Cisco DNA Center 1.2
Data Retention
• Customizable Backup
Relationship 14 days
retention policy (To external storage)
Graph
• Storage
monitoring and
alerting Events/Alarms 14 days
• Provide
meaningful
Issues 14 days Purge
assurance
troubleshooting,
issues and
trending
dashboard data
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Summary –
Innovation Access
The Network. Intuitive.
Cisco DNA Assurance for SD-Access
Session Summary
SD-Access
Fabric DESIGN PROVISION POLICY ASSURANCE
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Cisco DNA Assurance and Analytics
A New Way
Old Approach Cisco DNA Approach
Reactive: Traditional monitoring based Proactive: True Assurance based on deeper
on network element KPFs correlation across all entities
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Missed One? Sessions are available online @ CiscoLive.com
Cisco SD-Access
Cisco Live 2019 Barcelona – Session Map
Tuesday (Jan 29) Wednesday (Jan 30) Thursday (Jan 31) Friday (Feb 01)
08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00
BRKCLD-2412 BRKCRS-3811
Cross-Domain Policy SD-Access Policy
BRKEWN-2021 BRKEWN-2020
SD-Access Demo SD-Access Wireless
LTRACI-2636 LTRCRS-2810
ACI + SD-Access Lab SD-Access Lab
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Would You Like to Know More?
Available e-books
http://cs.co/cat9000book
http://cs.co/sdabook
http://cs.co/programmabilitybook
http://cs.co/wirelessbook
http://cs.co/assurancebook
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Would You Like to Know More?
Cisco SD-Access Resources
cisco.com/go/sdaccess cisco.com/go/dnacenter
• SD-Access At-A-Glance
• Cisco DNA Center At-A-Glance
• SD-Access Design Guide
•
•
•
SD-Access FAQs
SD-Access Migration Guide
cisco.com/go/cvd •
Cisco DNA Center 'How To' Video Resources
Cisco DNA Center Data Sheet
• SD-Access Design Guide - Dec 2017
• SD-Access Solution Data Sheet • SD-Access Deploy Guide - Jan 2018
• SD-Access Solution White Paper
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Cisco SD-Access – Assurance and Analytics
Evaluations
How
Did We Did I Our
Achieve Do?Objectives?
Don’t Forget
to fill out your evaluations!
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKCRS-2814
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Continue Your Education
BRKCRS-2814 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Thank you