More Related Content Similar to TechWiseTV Workshop: Cisco DNA Center Assurance (20) TechWiseTV Workshop: Cisco DNA Center Assurance1. Get to the Right IT decision Faster
with Cisco DNA Center Assurance
and Analytics
Special Guest: Pedro Leonardo
Date:April 4th, 2018
2. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intent-based
Network Infrastructure
DNA Center
Policy Automation Analytics
I N T E N T C O N T E X T
S E C U R I T Y
L E A R N I N G
The Network. Intuitive.
Constantly learning, adapting and protecting.
Informed
by Context
Visibility into traffic
and threat patterns
Who, What, When,
Where, How
Powered
by Intent
Translate Business Intent
to Network Policy
Automate the management
and provisioning millions of
devices instantly
2
3. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA Center = Automation + Assurance
Automation
Design ProvisionPolicy
Assurance
Planning, installation and migration
Proactive and predictive network, client and application assurance
3
4. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
The guarantee that the
infrastructure is doing
what you intended it to do
What is ?Assurance
Continuous Verification
Configs, Changes, Routing, Security,
Services, VMs, Compliance, Audits
Successful Rollouts,Operational
Continuity
Insights & Visibility
Visibility, Context, Historical
Insights, Prediction
Minimize Downtime, User
Productivity
Guided Remediation, Automated Updates,
System optimization
Corrective Actions
IT Productivity
5. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Network Quality is a Complex, End-to-End Problem
* Both = Join/roam and quality/throughput
APs
Local WLCs
Netw ork services DCOffice site
ISE
Mobile clients
CUCM
Client firmware
AP coverage
WAN Uplink usage End-User services
RF Noise/Interf.
Cisco Prime™
Configuration
AuthenticationWLC Capacity
WAN
Client density
Af f ects Join/Roam
Af f ects Quality/Throughput
Af f ects Both*
DHCP
Addressing
WAN QoS, Routing, ...
There are 100+
points of failure
between user
and app
What is the problem?
Where is the problem?
How can I fix the problem fast?
6. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public. 1 McKinsey Study of Network Operations for Cisco – 2018 6
IT Challenge: 43% of IT Time spent in Troubleshooting
Network operators
spend more time collecting
data than analyzing
while troubleshooting
Impossible for IT to
troubleshoot if they cannot
replicate the issue or see it
real time
Half of WiFi issues take
more than 30min to resolve
4x Replication
challenge
Slow resolution
7. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Fragmented visibility
Closed interfaces / Silo’d views
Devices queried multiple times
Different protocols/mechanisms
Always playing catch up
Not designed for analytics
Inconsistent API architecture
Specialized knowledge required
Limited data that is not actionable
My report vs your report
No view of state changes
Lacking context or feedback loop
Too Many Tools Reactive Systems Limited Insights
Rigid Closed/Proprietary Lack of Intelligence
Today’s tools are limited and do not address network needs
8. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Right Place Right Time Right Action
Ideal Solution to Provide Network Assurance
Quick Problem
Isolation
Replicate the
Problem in data
Resolve the problem
Decisively
8
9. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Detect Predict Adapt
9
10. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Transforming network operations through actionable insights and simplicity
DNA Analytics
Right Place Right Time Right Action
Proactive to get ahead
of the problem
Predictive to stay ahead
Correlated Insights
360º view across network
Ability to follow the
network path
End-to-End Visibility
Contextual Graph—
Captures network state
over time
14 Days history: Record
and replay events
Time Travel
Today—Remediate
with user input
Future—Automated
remediation
Guided Remediation
11. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application performanceDevices
Network
Jane’s Devices
Jane Smith
Jane’s Applications
Context: Who, What, Where, When, How
Context Matters and is a Key Ingredient
11
12. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Everything as a Sensor
Over 100+ Actionable Insights
Client | Applications | Wireless | Switching | Routing
Network Telemetry
Contextual Data
Complex Event
Processing
Correlated Insights
Guided
Remediation
Metadata
extraction
Complex
correlation
Steam
Processing
001110101100110
1010110010
00101101
0110100
1101101
00101101
10101100110
101011000110011
Clients Baseline
Application Network
From Network Data to Business Insights
13. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
?
Src IP: 1.1.1.2 ?
Dest IP: 2.2.2.2
Dest Port: 3600
Business Applications
Houston
Data Center
George BakerFinance
1.1.1.1
SJC-9 2nd
Floor
WAN QoS
problem here...
Client density
problem here...
App ID: 18
Forwarding
problem here…
Netflow AVC DDI ISE/Radius Topology CMX, DNAC Device
Contextual Correlation and Property Graph
13
14. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Unknown networksKnown networks
14
Proactive Connectivity Assessment for Wired
! ?
• IPSLA analyzes IP service levels for services to increase
productivity, lower operational costs, and reduce downtime
• IPSLA tests are run in the fabric network to verify connectivity
to control plane, fabric border, fabric edge nodes, and
fabric network services such as DHCP, DNS, IPAM, AAA
servers
• This provides predictive performance
capability before issue happens
• This configuration is done
by DNA-C
ip sla 1
icmp-echo 192.168.110.1
frequency 300
Example
Test your network anywhere at any time
C
BB
E E E
Fabric border and default border
Fabric control
Fabric edge
C
E
B
15. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Proactive Performance Assessment for Wireless
Test your network anywhere at any time
R1
Dedicated Sensor AP1800 Flexible Radio
Sensors act as
clients
Access point
On-Boarding Tests
• 802.11 Association
• 802.11 Authentication & Key Exchange
• IP Addressing DHCP (IPv4)
Network tests
• DNS (IPv4)
• RADIUS (IPv4)
• First Hop Router/Default gateway (IPv4)
• Intranet Host
• External Host (IPv4)
Application tests
• Email: POP3, IMAP, Outlook Web Access (IPv4)
• File Transfer: FTP (IPv4), TFTP (IPv4)
• Web: HTTP & HTTPS (IPv4)
Flexible Radio Assignment Algorithm intelligently
identifies excessive radios and seamlessly converts
those into Sensor mode without client impact
15
16. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Apple iOS WiFi Analytics in DNA-C Assurance
Device Profile
Client shares these
details
1. iPhone 7, iPad
Pro
2. iOS 11
Support per device-
group Policies and
Analytics
1 Wi-Fi Analytics
Client shares these
details
1. BSSID
2. RSSI
3. Channel #
Insights into the clients
view of the network
2 Assurance
Client shares these
details
Error code for why did it
previously disconnected
Provide clarity into the
reliability of
connectivity
3
17. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Client Onboarding
Network Coverage
& Capacity
Network Device
Monitoring
Application
Performance
Association failures
Authentication failures
IP address failure
Client Exclusion
Excessive on-boarding
time
Excessive authentication
time
Excessive IP addressing
time
AAA, DHCP reachability
Client Side Analytics
(Apple Insights)
Coverage hole
AP License
Utilization
Client Capacity
Radio Utilization
Availability
Crash, AP Join Failure
High Availability
CPU, Memory
Flapping AP, Hung
Radio
Power supply failures
Throughput analysis
Roaming pattern analysis
Sticky client
Slow roaming
Excessive roaming
RF, Roaming pattern
Dual band clients prefer
2.4GHz
Excessive interference
Client Experience
Sensor Tests:
• Web: HTTP & HTTPS
• Email: POP3, IMAP,
Outlook Web Access
• File Transfer: FTP &
TFTP
Application Experience
(Packet Loss, Latency,
Jitter)
Insights: Wireless Use Cases
18. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Control Plane Data Plane Policy Plane
Control plane reachability
Edge reachability
Border reachability
MAP server
BGP AS mismatch, Flaps
OSPF adjacency failure
EIGRP adjacency failure
Border and edge
connectivity
Border node health
Access node health
Network Services
DHCP, DNS, AAA
Interface High Utilization
Interface Flaps
Gateway Connectivity
Application Performance
(Packet Loss, Latency,
Jitter)
ISE/PxGrid connectivity
Border Node policy
Edge Node policy
SGACL validation
Network Device
Monitoring
High CPU
High Mem
High Temp
Line-card
Modules
POE power
TCAM Table
Insights: Wired Use Cases
Client Onboarding
Client/Device DHCP
Client/Device DNS
Client authentication/
authorization
19. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continuous validation-and-verification loop to ensure alignment of operation with intent
Adapt: Closed Loop Remediation*
Assurance
Streaming Telemetry
Data collectionOrchestrate Policies, Configure System
Business Intent, Policy Translation
Continuous Verification
Insights & Visibility
Corrective Action
Network inventory and topology
Network state changes
Path trace information
Automation
* Future
19
21. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How do DNA-C integrations link together?
End to end value creation for IT
Network Mgmt Integrations
Operations Integrations
• App stack visibility + Faster MTTR
• IP pool usage & allocationmetrics
• Bi directional systems sync
• ITSM Change, Problem and Incident
• Approvals, Schedule window sync
• Issue triage / association
• Reporting for custom correlations
• Contextual Metrics
• Additional Network Events
• ITSM Tracking & Audit
• Enriched IT Reporting
• Advanced Network Assurance
Integrations Example Key Use Cases Bi-directional Value
23. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNAC 1.1 and 1.2 Platform:
Scale and Hardware specification
• Centralizeddeployment,cloud tethered
• 1 RU Small form factor
• 2 x 10Gbps Data links
• Built in Network Telemetrycollection (FNF,
SNMP,Syslog)
• Built in Contextualconnectors (ISE/PxGrid,
IPAM, Location)
• HA (3 Node, Automation), RBAC,
Backup/Restore, Scheduler, APIs
• 64-bit x86 Processors
• Solid State Disks in RAID10
• Hardware MRAID Controller
• Dual PSU
Single Appliance for DNAC (Automation + Assurance)
Scale: Single Node
5,000 -> 4K Aps + 1K Network Devices
25,000 -> Clients/Hosts
24. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Supported Network Platforms in DNAC 1.1.x, 1.2
CAT2K / CAT3K / CAT4K Switches CAT9K / CAT6K / N7K Switches ASR / ISR / CSRv Routers
CAT2K Recommended OS Minimum OS
C2960-L IOS 15.2(2)E7 IOS 15.2(1)E1
C2960-P IOS 15.2(2)E7 IOS 15.2(1)E1
C2960-C IOS 15.2(2)E8 IOS 15.2(1)E1
C2960-CPD IOS 15.2(2)E8 IOS 15.2(1)E1
C2960-X Stack IOS 15.2(2)E6 IOS ≥ 12.1
C2960-XR IOS 15.2(2)E6 IOS ≥ 12.1
C2960-XR Stack IOS 15.2(2)E6 IOS ≥ 12.1
C2960-CX IOS 15.2(4)E3 IOS ≥ 12.1
CAT3K Recommended OS Minimum OS
C3560-CX IOS 15.2(6)E All Versions
C3650 (Copper) IOS-XE 16.6.1 All Versions
C3650-Stack IOS-XE 16.6.1 All Versions
C3850(Copper/Fiber) IOS-XE 16.6.1 All Versions
C3850-Stack (Copper/Fiber) IOS-XE 16.6.1 All Versions
CAT4K Recommended OS Minimum OS
C4500-X IOS-XE 3.10E All Versions
C4500-E (SUP 7E|7LE|8LE) IOS-XE 3.10E All Versions
C4507R+E (SUP 7E|7LE|8LE) IOS-XE 3.10E All Versions
C4503E (Sup 8E|9E) IOS-XE 3.10E All Versions
C4506E (Sup 8E|9E) IOS-XE 3.10E All Versions
C4507R+E (Sup 8E|9E) IOS-XE 3.10E All Versions
C4510R+E (Sup 8E|9E) IOS-XE 3.10E All Versions
CAT9K Recommended OS Minimum OS
C9300 IOS-XE 16.6.2 IOS-XE 16.6.1
C9300 Stack IOS-XE 16.6.2 IOS-XE 16.6.1
C9400-LC-48UX IOS-XE 16.6.2 IOS-XE 16.6.1
C9400-LC-24XS IOS-XE 16.6.2 IOS-XE 16.6.1
C9400 (Sup1XL) IOS-XE 16.6.2 IOS-XE 16.6.1
C9400 (Sup1E) IOS-XE 16.6.2 IOS-XE 16.6.1
C9500 IOS-XE 16.6.2 IOS-XE 16.6.1
C9500 Stack IOS-XE 16.6.2 IOS-XE 16.6.1
ISR 4K Recommended OS Minimum OS
ISR 4431 IOS-XE 3.16 IOS-XE 3.9
ISR 4221 IOS-XE 16.4 IOS-XE 16.4
ISR 4351 IOS-XE 3.16 IOS-XE 3.10
ISR 4451-X IOS-XE 3.16 IOS-XE 3.9
CAT6K Recommended OS Minimum OS
C6503E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C6504E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C6506E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C6509E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C6513E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C6807-XL (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C6840-X (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C6880-X (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
ASR 1K Recommended OS Minimum OS
ASR 1001-X IOS-XE 16.3.5 IOS-XE 3.12.0
ASR 1002-X IOS-XE 16.3.5 IOS-XE 3.7.0
ASR 1006-X (RP2) IOS-XE 16.3.5 IOS-XE 3.16.0
ASR 1006-X (RP3) IOS-XE 16.3.5 IOS-XE 16.3.1
ASR 1009-X (RP2) IOS-XE 16.3.5 IOS-XE 3.16.0
ASR 1009-X (RP3) IOS-XE 16.3.5 IOS-XE 16.3.1
ASR 1001-HX IOS-XE 16.3.5 IOS-XE 16.3.1
ASR 1002-HX IOS-XE 16.3.5 IOS-XE 16.3.1
Virtual Router Recommended OS Minimum OS
CSRv WIP WIP
ISRv WIP WIP
ASAv WIP WIP
vWAAS WIP WIP
ENCS 5400 WIP WIP
ENCS 5100 WIP WIP
UCS-C220 WIP WIP
UCSE on ISR43xx WIP WIP
ISR 1K (Selected PIDs Only)
Recommen
ded OS
Minimum
OS
C1112-8P + (LTEEA) IOS-XE 16.7.1 IOS-XE 16.6.1
C1113-8P + (M,LTE*,WE,WA,WZ,MWE) IOS-XE 16.7.1 IOS-XE 16.6.1
C1114-8P + (LTEEA) IOS-XE 16.7.1 IOS-XE 16.6.1
C1115-8P + (PM, LTEEA,PMLTEEA) IOS-XE 16.7.1 IOS-XE 16.6.1
Wireless Controllers / APs
Wireless Recommended OS Minimum OS
WLC (3504,5520,8540) AireOS 8.5 MR2 AireOS 8.5 MR2
AP 3500 AireOS 8.5 MR2 AireOS 8.5 MR2
AP 1600, 2600,3600 AireOS 8.5 MR2 AireOS 8.5 MR2
AP 700,1700,2700,3700 AireOS 8.5 MR2 AireOS 8.5 MR2
AP 1800, 2800,3800 AireOS 8.5 MR2 AireOS 8.5 MR2
Cisco Meraki Devices
Device Type Recommended OS Minimum OS
All Cisco MerakiDevices All Versions All Versions
25. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
SDA Recommended Versions in DNAC 1.1.x, 1.2
Management DNA Center DNA 1.1.x, 1.2
Identity Identity Services Engine (ISE) ISE 2.3 patch 1
Fabric Edge Cisco Catalyst 9300 Series Switches
Cisco Catalyst 9400 Series Switches (Sup1)
Cisco Catalyst 3850 Series and 3650 Series Switches
Cisco Catalyst 4500E Series Switches (Sup8E, Sup9E)
IOS-XE 16.6.2s
IOS-XE 16.6.2s
IOS-XE 16.6.2s
IOS 3.10.0cE
Fabric Border
and Control
Plane
Cisco Catalyst 9500 Series Switches
Cisco Catalyst 3850 Series Fiber Module
Cisco Catalyst 6807-XL Switch (Sup6T, Sup2T)
Cisco Catalyst 6500 Series Switches
Cisco Catalyst 6880-XSwitch
Cisco Catalyst 6840-XSwitch
Cisco Nexus® 7700 Switch (Sup 2E, M3 line cards only)
Cisco 4000 Series Integrated Services Routers
Cisco ASR 1000 Series Aggregation ServicesRouters
Cisco Cloud Services Router 1000v (control plane only)
IOS-XE 16.6.2s
IOS-XE 16.6.2s
IOS 15.4(1)SY3
IOS 15.4(1)SY3
IOS 15.4(1)SY3
IOS 15.4(1)SY3
NX-OS 8.2(1)
IOS-XE 16.6.2
IOS-XE 16.6.2
IOS-XE 16.6.2
SD-Access
Wireless
802.11 Wave 2 access points: Cisco Aironet® 1800, 2800, and 3800 Series
802.11 Wave 1 access points: Cisco Aironet® 1700, 2700, and 3700 Series
Cisco 3504, 5520 and 8540 Series WirelessControllers
AireOS 8.5.120.0 MR2
AireOS 8.5.120.0 MR2
AireOS 8.5.120.0 MR2