Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Gain Insight and Programmability with Cisco DC Networking

226 vues

Publié le

Gain Insight and Programmability with Cisco DC Networking

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Gain Insight and Programmability with Cisco DC Networking

  1. 1. © 2017 Cisco and/or its affiliates. All rights reserved. 1 Cisco Connect Your Time Is Now Cisco DC Networking: Gain Insight and Programmability January, 2018
  2. 2. © 2017 Cisco and/or its affiliates. All rights reserved. 2 What’s Happening in Your Data Centre Data and Endpoints Complexity Security
  3. 3. © 2017 Cisco and/or its affiliates. All rights reserved. 3 Is your Data Centre doing what you intend?
  4. 4. © 2017 Cisco and/or its affiliates. All rights reserved. 4 C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The Intent Cycle Adapt Learn Protect APP
  5. 5. © 2017 Cisco and/or its affiliates. All rights reserved. 5 Cisco ACI: Industry Leader Ecosystem Partners Data Center Switching Growth ACI Customers ACI Attach Rate on N9K Ecosystem Partners 6%Y/YQ4 50+%4,000+ 65+
  6. 6. 6© 2017 Cisco and/or its affiliates. All rights reserved. Nexus Switching
  7. 7. © 2017 Cisco and/or its affiliates. All rights reserved. 7 Portfolio at a Glance Nexus 7700 Series Nexus 7000 Series Nexus F and M Series Line Cards Nexus 3200 Series Nexus 3100 Series Nexus 3600 R Series Nexus 5600 Series Nexus 2300 Series Nexus 9500 Series Nexus 97xx Series Line Cards Nexus 96xx-R Series Line Cards Nexus 9300 Series Nexus 9200 Series Nexus 7000 Series Modular Nexus 3000 Series Fixed Nexus 5000 and 2000 Series Fixed Nexus 9000 Series Modular Nexus 9000 Series Fixed
  8. 8. © 2017 Cisco and/or its affiliates. All rights reserved. 8 Areas of Investment CloudScale ASICs Nexus 9000 CloudScale General Data Center Design • High Speed Fabrics (ACI, NX-OS) • VXLAN, Segment Routing Broadcom Jericho Nexus 9000 Jericho Financials and Collapsed Core/Edge • Financial Multicast (UDP) • VXLAN, Segment Routing, MPLS • Large Routing Tables and WAN buffer requirements Cisco Custom ASICs Nexus 7000 Series General Data Center Design • Data Center Interconnect • DC and Campus Core • Cross Domain Policy Integration Broadcom T2+/T3/ TH/TH2/Jericho Nexus 3000 Series Merchant Silicon Alternative • Fabric Designs (customers specifically looking for BCOM based SOC) • Specific Use Cases (ULL, Data Path Programmability)
  9. 9. © 2017 Cisco and/or its affiliates. All rights reserved. 9 ASIC Portfolio For Nexus 3000/9000 Merchant Merchant + Cisco 1st Gen Switches: 2013–2015 40nm 28nm Trident T2 ASE, ALE Merchant 2nd/3rd Gen Switches: 2016/2017 28nm 16nm Tomahawk Trident 2+ LS1800EX, S1600, S3600, LS1800FX, S6400 40nm Scale • Route/ Host tables • Sharding • Encap normalization • EPG/ SGT/ NSH Telemetry • Analytics • Netflow • Atomic Counters Optimization • Intelligent Buffers • DLB/ Flow Prioritization
  10. 10. © 2017 Cisco and/or its affiliates. All rights reserved. 10 Cisco ASIC Differentiation • Industry leading port density à Enables 64 x 100G in single chip • Multi Speed 1/10/25/40/50/100G à Investment protection • DC Optimized Smart Buffer and TCAM Scale à Best in class price/performance supporting 1 million routes • Flow Level Granular Visibility à Real-time visibility, and analytics to see every packet • Unified Fabric with LAN and SAN Convergence à Single Unified network
  11. 11. © 2017 Cisco and/or its affiliates. All rights reserved. 11 EX and FX Series Cloud Scale Switches Nexus 9300 Nexus 9500 EX Cloud Scale • ACI and NX-OS • 10/25/40/100G • Tetration Hardware Sensor • Support for N2000 (FEX) FX Cloud Scale Enhancement • Line rate Encryption • UP (25GbE and 32G FC) • 25G RS FEC
  12. 12. © 2017 Cisco and/or its affiliates. All rights reserved. 12 Nexus 9300-FX Series Nexus 9300-FX NEW Q2’CY16 Nexus 93108TC-FX 48p 1/10GT + 6p 40/100G QSFP Nexus 93180YC-FX 48p 10/25G SFP + 6p 40/100G QSFP * Hardware Readiness, Check Software Roadmap for Enablement Timelines Dual personality – ACI and NX-OS mode Flexible port configurations – 1/10/25/40/50/100G Line rate encryption all ports 32G FC support on all SFP ports 25G distances beyond 3m (RS FEC) Large Route/ACL table Flow Table (Tetration) FEX Support Key Features Support for Nexus 5K FC designs – transition platform Link Security against fiber taps Key Benefits Nexus 9348GC-FXP 48p 100m/1GT + 4x 10/25G SFP28 + 2x 40/100G QSFP28
  13. 13. © 2017 Cisco and/or its affiliates. All rights reserved. 13 Nexus 9000 Cloud Scale Fabric Foundation with 2 Year Innovation Advantage Nexus 9300 Nexus 9500 Nexus 9000 Cloud Scale Innovations Integrated line rate flow capture Streaming analytics export off chip Integrated line rate encryption Smart Buffering Multi-speed ports 64p 100G line rate routing in single chip Unified ports—10/25GbE and 8/16/32G FC
  14. 14. © 2017 Cisco and/or its affiliates. All rights reserved. 14 Nexus 9300 Portfolio Modular Uplink Integrated Uplink 48x25G+6x100G (Nexus 93180YC-EX) 48x10GT+6x100G (Nexus 93108TC-EX) 28p 40/50G+4p 100G (Nexus 93180LC-EX) 48x10GT+12x40G (Nexus 9396TX) 48x10G+12x40G (Nexus 9396PX) 96x10G+8x40G (Nexus 93128TX) 32x40G (Nexus 9332Q) 48x10GT+6x40G (Nexus 9372TX(E)) 48x10G+6x40G (Nexus 9372PX(E)) 96x10G+6x40G (Nexus 93120TX) Gen 1: 2 ASICs Gen 2/3: CloudScale (1 ASIC) 48x25G+6x100G (Nexus 93180YC-FX) 48x1GT+4x10/25G+2p 100G (Nexus 9348GC-FXP) 48x10GT+6x100G (Nexus 93108TC-FX) 1G 10GT 10/25G 40/50G
  15. 15. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Programmable Fabric VXLAN EVPN multi-site solution VXLAN OAM, Tenant Multicast Segment Routing L3 EVPN DCNM Integration Visibility/Analytics Tetration Integration NX SW and HW Streaming Telemetry Netflow-v9 Security Secured Access Encryption (MacSec and CloudSec) High Availability Enhanced ISSU Automation DCNM Nexus Configuration Mgmt Modules (Puppet/Chef/Ansible) Industry Standard Data Models (OpenConfig / IETF YANG) Infrastructure NX-SDK Intelligent Services, PMN FCOE FC UP on FX Platforms Cisco NX-OS Innovations in Cisco NX-OS
  16. 16. 16© 2017 Cisco and/or its affiliates. All rights reserved. Cisco ACI Path to Agility in an App-Centric World
  17. 17. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remote PoD Multi-Pod / Multi-Site Hybrid Cloud Extension ACI Anywhere Any Workload, Any Location, Any Cloud ACI Anywhere IP WAN IP WAN Remote Location Public CloudOn Premise Security Everywhere Policy EverywhereAnalytics Everywhere
  18. 18. © 2017 Cisco and/or its affiliates. All rights reserved. 18 Areas of Investment Infrastructure Virtualization Security Ecosystem
  19. 19. © 2017 Cisco and/or its affiliates. All rights reserved. 19 What’s New in ACI 3.0? Hardware, Security, Scale, Usability, Fabric Extension Policy-Driven Infrastructure Fabric Management • Multi-Site • Refreshed APIC GUI • Graceful Insertion and Removal • QinQ to EPG Mapping • TCAM Tile Infra • Latency and Precision Time Protocol Infrastructure • Nexus 9364C (Fixed Spine) • Nexus 9348GC-FXP (1G ToR) • N9K-X9736C-FX (Spine LC) • Ingress QoS Policing per EPG Virtualization • Kubernetes Support • VMM: Delayed EP detach/attach for DVS and AVS • AVS: QoS Marking Security • Micro-segmentation Enhancements • 802.1X – End Point Authentication • 2 Factor Authentication • First Hop Security
  20. 20. © 2017 Cisco and/or its affiliates. All rights reserved. 20 ACI Software Enablement Nexus 9000 Platforms Nexus Foundation: CloudScale Platforms Nexus 9300 Nexus 9500 Nexus 9000 ACI 3.0 Nexus 9364C – Fixed Spine 64p 40/100G QSFP ACI 3.0 Nexus 9736C-FX 36p 40/100G Line Card (4/8/16 slot) ACI 3.1 N9K-C9516-FM-E2 Fabric Module with 100G (16 slot) ACI 2.2(2) Nexus 93180YC-FX 48p 10/25G SFP + 6p 40/100G QSFP ACI 2.2(2) Nexus 93180TC-FX 48p 1/10GT + 6p 40/100G QSFP ACI 3.0 Nexus 9348GC-FXP 48p 100M/1G Base-T, 4p 10/25G SFP+
  21. 21. © 2017 Cisco and/or its affiliates. All rights reserved. 21 Inter-Site IP Network Site A Site B Multi-Site Appliance Geographically Dispersed Active/Active Data Centers Active/Standby Data Centers For Disaster Recovery Stretch VRF, EPG, BD Across Sites with VXLAN Up to 500ms to 1 sec Latency ACI Multisite Extends Network Virtualization, Policy & Services to Multiple Fabrics
  22. 22. © 2017 Cisco and/or its affiliates. All rights reserved. 22 First Step Towards Intuitive APIC GUI Usability • New Look and Feel across Applications • Consistent Layout across Tabs • Collaborate by Sharing Objects • Simplified Topology Views • Release Bulletin • Troubleshooting • User Profiles • Alerts Operations • Personalized User Profile • Dashboard Widgets • Improved Health Score and Fault Counts Configuration • Best of both Basic and Advanced UI • Simplified Port Selectors • Workflows simplified • New APIC Postman App
  23. 23. © 2017 Cisco and/or its affiliates. All rights reserved. 23 Profile 1: Default Profile* Profile 2: Policy Heavy Profile 3: L2-Only Mode Profile 4: Multicast Flexibility To Choose TCAM Profile Based On Your Infrastructure Needs L2 MAC DA Lookup Policy Info Tile 0 Tile 5 Tile 17 IPv6 Host Entries Optimized TCAM Resources * Only One Profile is Supported in 3.0 TCAM Profiles
  24. 24. © 2017 Cisco and/or its affiliates. All rights reserved. 24 Gracefully isolate the node from fabric Troubleshoot (if required) Re-commission the node 1 2 3 L2/L3 GIR diverts the data traffic to alternate paths and allows node troubleshooting, maintenance and upgrade. Graceful Insertion and Removal (GIR)
  25. 25. © 2017 Cisco and/or its affiliates. All rights reserved. 25 Cisco ACI Virtual Edge Decoupled From Hypervisor Kernel API Dependencies ACI Virtual Edge ACI Virtual Edge (AVE) Maintain Existing Operational Models Simple Transition/Migration AVS => AVE Policy Consistency Across Multiple Hypervisors AVS/AVE Feature Parity Legacy AVS (Today) Hypervisor Dependent Cisco AVE (Q1 CY18) Native vSwitch VM Switching + Policy Enforcement VM VM AVE Q2 FY18 Q1 CY18 Hypervisor Agnostic VM VM VM AVE AVS Policy Enforcement, Services, Telemetry UserSpaceKernel Future
  26. 26. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ACI Infrastructure Extend ACI Policy to Satellite Data Centers Options 1. Remote Physical Leaf (Nexus 9K) ACI 3.1 2. Remote Pod (Virtual) (Futures) On Premise IP Network L2 / L3 Remote Data Center Nexus 9K Physical Leaf Remote PoD Virtual (Spine + Leaf) AVE AVE
  27. 27. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Connectivity Usability Maintenance Operations ACI Infrastructure Enhancements Integration of Clustered Network Services IEEE 1588 and Latency (ACI 3.0) TCAM Profiles (ACI 2.3 and ACI 3.0) Maintenance Mode (ACI 3.0) Software Maintenance Update (SMU) Patching Support Mixed OS (ACI 2.3) EPG Contract Inheritance (ACI 2.3) New APIC GUI with Simplified Workflows (ACI 3.0) vSphere Tags (ACI 2.3) 100G Front Panel Port Support: 93180LC-EX (ACI 2.3) Breakout (93180LC-EX) (ACI 3.1) Flexible Port Configuration for Uplink/Downlink QSA (9364c) (ACI 3.1)
  28. 28. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ACI: Cloud Automation Virtualization and Orchestration Deploy Tenant Deploy App Deploy Firewall vSphere 6.5, Tags (ACI 2.3) vCenter Plugin (RBAC) (ACI 3.0) NG-Application Virtual Switch AzurePack – VPN Termination (ASA, ASR 1K) AzureStack Newton Support, IPv6 (ACI 2.3) Bare-Metal Provisioning (Ironic) Ocata Support Cloud Automation Unified Networking (ACI 3.0) Integration of Kubernetes network policies and ACI policies Visibility
  29. 29. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ACI Security Automated Security with Built In Multi-Tenancy Q4 CY 2018 Micro-Segmentation DNS EPG, AD Based EPG (ACI 3.1) ACI 3.0 Contracts Inheritance, Intra- EPG Contracts Q4 CY 2017 Certifications FIPs and UC-APL Certified Common Criteria (in progress) ACI 3.1 MACSEC Encryption APIC Centralized Key Management ACI 2.3 ACI-TrustSec Integration Higher Scale (15K) ACI 3.0 First Hop Security IP Source Guard, DHCP Guard, DHCP Snooping, etc.
  30. 30. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential End Point Groups End-Points vCenter/Fabric Bridge DomainsNumber of Sites 15,000 180,000 12 200 15,0004 Number of Pods 11 10 9 8 7 654 3 2 1 11 10 9 8 7 654 3 2 1 11 10 9 8 7 654 3 2 1 11 10 9 8 7 654 3 2 1 11 10 9 8 7 654 3 2 1 11 10 9 8 7 654 3 2 1 Leafs Tenants Policy CAM Service ChainsFilters 800 3000 2000 61,000 100010000 Contracts 11 10 9 8 7 654 3 2 1 11 10 9 8 7 654 3 2 1 11 10 9 8 7 654 3 2 1 11 10 9 8 7 654 3 2 1 11 10 9 8 7 654 3 2 1 11 10 9 8 7 654 3 2 1 ACI 3.0 ACI: Infrastructure Scaling
  31. 31. 31© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Tetration Analytics Get to a Secure Zero-Trust Model in an Application-Centric World Cisco Tetration Analytics
  32. 32. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Rapid App Deployment Continuous Development Application Mobility Micro Services Policy Enforcement Heterogeneous Network Secure Zero-Trust Policy Compliance Security Challenges in Modern Data Centers Securing Applications Has Become Complex Applications Are Driving Modern Datacenter Infrastructure
  33. 33. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Holistic Approach to Server Protection Dynamic and heterogeneous environment Traffic visibility, server process baseline, and analytics Policy that enables application segmentation Segmentation Application control using whitelists Advanced behavior analysis Break organizational siloes
  34. 34. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Operations Cisco Tetration Analytics Use Cases Security Cisco Tetration™ Visibility and forensics Application insight Policy Neighborhood graphs Application segmentation Compliance Policy simulation Process inventory
  35. 35. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Tetration Analytics Architecture Overview Software sensor and enforcement Embedded network sensors (telemetry only) ERSPAN sensors (telemetry only) Analytics engine Web GUI REST API Event notification Cisco Tetration apps Third-party sources (configuration data) Data collection layer Access mechanism Bring your own data (streaming telemetry)
  36. 36. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Tetration Analytics Data Sources Main features ü Low CPU overhead (SLA enforced) ü Low network overhead ü New Enforcement point (software agents) ü Highly secure (code signed and authenticated) ü Every flow (no sampling) and no payload *Note: No per-packet telemetry; not an enforcement point Software sensors Universal* (basic sensor for other OS) Linux servers (virtual machine and bare metal) Windows servers (virtual machines and bare metal) Windows Desktop VM (virtual desktop infrastructure only) Cisco Nexus 9300 EX Cisco Nexus 9300 FX Network sensors Next-generation Cisco Nexus® Series Switches Third-party sources Asset tagging Load balancers IP address management CMDB … Third-party data sourcesAvailable today
  37. 37. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Tetration Application Segmentation Policy Recommendation Cisco Tetration Analytics™ Application workspaces Application segmentation policy Public cloud Private cloud On-premise
  38. 38. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Enforcement of Policy across any floor tile Azure Amazon Cisco Tetration Analytics™ 1. Generates unique policy per workload 2. Pushes policy to all workloads 3. Workload securely enforces policy 4. Continuously recomputes policy from identity and classification changes Google Enforcement Compliance monitoring VirtualBare metal Cisco ACITMPublic cloud Traditional network
  39. 39. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Policy-Related Notification Cisco Tetration Analytics™ Kafka broker Northbound consumers Northbound consumers Message publish Kafka • Alerts every minute for enforcement • Policy compliance event notifications • Count of policy alerts until whitelisted • Alerts when IP tables or firewall is flushed or disabled by user • Alerts when enforcement sensor is disabled • Publishes policy differences between versions
  40. 40. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Rest API • Cisco Tetration flow search • Sensor management Push notification • Out-of-the-box events • User-defined events Cisco Tetration applications • Access to data lake • Write your own application Cisco Tetration Analytics Open API Northbound application Programmatic interface Rest API Kafka broker Northbound consumers Northbound consumers Message publish Cisco Tetration Analytics™ platform Kafka Cisco Tetration™ applications
  41. 41. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Tetration™ Cloud • Software deployed in AWS • Suitable for deployments of less than 1000 workloads • AWS instance owned by customer Cisco Tetration™ Platform (large form factor) • Suitable for deployments of more than 5,000 workloads • Built-in redundancy • Scales to up to 25,000 workloads Includes: • 36 x Cisco UCS® C220 servers • 3 x Cisco Nexus® 9300 platform switches Cisco Tetration-M (small form factor) • Suitable for deployments of less than 5,000 workloads Includes: • 6 x Cisco UCS C220 servers • 2 x Cisco Nexus 9300 platform switches Tetration Analytics: Deployment Options Amazon Web Services On-premises options Public cloud
  42. 42. 42© 2017 Cisco and/or its affiliates. All rights reserved. Open Ecosystem Program, interoperate and extend Ecosystem
  43. 43. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ACI/NX-OS L4-7 Integrations: Interoperate and Extend Automation Security EnforcementSecurity ManagementADC
  44. 44. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cloud Orchestration and ITSM Cloud Automation and PaaS Monitoring NX-OS Rich Ecosystem with Cisco ACI and NX-OS
  45. 45. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ACI App Center
  46. 46. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco ACI: App Center Programmable Infrastructure: Open APIs For Value Added Applications Visually monitor externally routed interface states And next hop add/delete Monitoring and Troubleshooting Analytics Auto Provision ACI network by simply importing Tetration ADM Auto Provisioning cTrac Fault Analytics Tetration Intuitively analyze historical fault metrics and audit logs with variety of filters Infoblox v2.0 Connectors and Integrators ECOSYSTEM Sample Apps Improved UI with robust syncing. Configure and provision new DHCP ranges from the App
  47. 47. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Tetration Analytics Ecosystem Service visibility Layer 4-7 services integration Security orchestration Service assurance Insight exchange Cisco Tetration Analytics™
  48. 48. Thank you.

×