Upload
others
View
14
Download
0
Embed Size (px)
Citation preview
APIC-EM controler for everyone & networks for the future
Aleksander Kocelj
System engineer
Cisco systems
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Agenda
3
APIC-EM
Catalyst 3K
Catalyst 2K
• APIC-EM• Automatization
• Programmability
• Built-in applications
• Catalyst 3K
• Catalyst 2K
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Simplification Creates Agility
Applications Are the Vehicle for Digital Business
DO-IT-YOURSELF ASSEMBLY AND INTEGRATION READY TO GO
Faster Time to Market and Lower OpEx
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
APIC – 2 Controllers!
EM
Enterprise Module(Catalyst, ISR, ASR, Nexus 7k*, 6k*, 5k*,
WLAN, NfV*)
(DC)
Data Center(Nexus 9000)
APIC
Application Policy Infrastructure Controller
Application Centric Infrastructure (ACI) User Centric Infrastructure (UCI)
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Cisco Digital Network Architecture
Automation
Abstraction and Policy Control
from Core to Edge
Open and Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service Management
Policy | Orchestration
Virtualization
Physical and Virtual Infrastructure | App Hosting
Analytics
Network Data,
Contextual Insights
Insights and
Experiences
Automation
and Assurance
Security and
Compliance
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Northbound REST API
APIC-EM Platform Architecture
APIC-EM Applications
Elastic Controller Infrastructure (Grapevine )
Network
PnPIWAN
Path
Trace
Network
Inventory
Advanced Topology Visualizer
APIC-EM Services
Inventory
ManagerRBAC Policy Analysis
Policy
Programmer
Network PnPData Access
Service
Topology
Services
IWAN
Services
Applications built on top of APIC-EM
Applications packaged with APIC-EM
Core Applications bundled
IWAN Application separately licensed
Open and Documented REST API
Core Services
Applications Specific Services
Provides Scale and High Availability
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
APIC-EM Packaging and Deployment
Built as a
Linux Container
Grapevine
Root
LXC
Container
LXC
Container
GV
Client
GV
Client
Operation System
Server / Machine
Standalone or
Resilient Deployment
3 Nodes• active-active-active
• Scale and HA- Software failure- HW failure of 1 node
1 or 2 Nodes• active-active
• Scale and HA- Software failure only
Download or
Preinstalled Appliance
Download• .iso image including
ubuntu 14.04 64bit
• available from:- software.cisco.com- devnet.cisco.com
Cisco Appliance• APIC-EM installed
• ready-to-go
• or SKU:- APIC-EM-APL-R-K9- APIC-EM-APL-G-K9
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
`
System Requirements
Server: 64-bit x86 (Ubuntu 14.04 LTS)
vCPU: 6*
RAM: 32 or 64 GB (for single or Multi-host
deployments)
Storage: 500 GB HDD
Browser: Google Chrome or Firefox
Hypervisor: VMware vSphere 5.1/5.5/6.0 (for Virtual
Appliance)
* 12 vCPU for a single Node (32GB)
http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/application-policy-
infrastructure-controller-enterprise-module/datasheet-c78-730594.html
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
`
Scale Numbers
Network
Devices:
10000
Access
Points:
10000
End
Hosts:
100,000
Note: These scale numbers are for the APIC-EM platform and the base applications.
Some other APIC-EM applications might have different scale numbers.
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
APIC-EM – 5 step installation
Physical Appliance Downloadable ISO Image
Pre-installed
APIC-EM software
APIC-EM Appliance SKUs:
− APIC-EM-APL-R-K9
− APIC-EM-APL-G-K9
OS: Ubuntu 14.04 64-bit
Deployment Options:
− Bare-metal install
(recommended)
− Virtual machine
Boot .isoEnter IP
address
Enter APIC-EM IP(Subnet / Def GW learned automatically)
Add NTP
Server
Enter NTP
Server (mandatory)
Change
Credentials
Shell and UI
Username and
PWD plus CCO
login for update
Finalize
Installation
Finalize
installation and
bring up
controller -- WAIT
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
`
Software Upgrades
Download the release upgrade pack from the
Cisco® Cloud
Upgrade - Drag and drop the release upgrade pack to
the controller using the UI
Controller Releases will be Incremental
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
`
Backup and Restore
One-click capability to
create database backup
Ability to download a copy
of the backup file to an
external location
Restore DB capability from
the last known backup
Ability to drag and drop the
backup file from an
external location
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Supported Switches
Catalyst 3560CG Series
Catalyst 3560-X Series
Catalyst 3750-X Series (Stack)
Catalyst 2960-S Series (Stack)
Catalyst 2960-X Series
Catalyst 4500(Sup7E) Series
Catalyst 4500E(Sup8E) Series
Catalyst 3650 Series
Catalyst 3850 Series (Stack)
Catalyst 6500(Sup720-3C/B)
Series
Catalyst 6500 (Sup2T) Series
Catalyst 6880-X Series
Supported Switches
Cisco Nexus 5000 Series
Cisco Nexus 7000 Series
Cisco Nexus 7700 Series
Supported Ether Switch
Service Modules
Cisco 2900: SM-ES2-16-P
Cisco 2900: SM-ES2-24-P
Cisco 2900: SM-D-ES2-48
Cisco 3900: SM-ES3-16-P
Cisco 3900: SM-ES3-24-P
Cisco 3900: SM-D-ES3-48-P
Supported Routers
Cisco ISR G2
Cisco ISR 4k
Cisco ASR 1000 Series
Cisco ASR 9000 Series
Supported WLCs
Cisco 2500 Series WLC
Cisco 5500 Series WLC
Cisco 5760 WLC
Cisco 8500 WLC
Cisco WiSM2
Devices Supported
http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-
enterprise-module/1-3-x/supported-devices/b_apic_em_supported_devices_1-3-x.html
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Discovery
• New Discovery UI for improved UX
• Easy identification of devices with failures for faster troubleshooting
• Editing of Existing Discovery Jobs
• Cloning of Discovery Jobs to quickly create new ones
• Discovery History to track changes
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Topology
• Geo-Tagging (Mapbox) for easier management of network topology
• Tagging based on Civic Address or Zip code
• RBAC scope based topology view
• Improved UX
• Faster Topology Rendering
• Easier identification of collaboration endpoints such as Phones
• Ability to disaggregate multiple devices all at once
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Inventory
• API to pull LC, module and License Information from device Inventory
• Filters in Host Inventory for Faster Search
• Support for additional platforms (IE4k, IE3K )
• Auto Configuration of SNMP on devices
• Auto Configuration of IPDTBeta on devices
• Intuitive feedback on device failure status
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
RBAC – Scope Awareness
• Scope (Group) based awareness to allow user access to only select network resources
• Better alignment with Organizational structure and roles
• Supported for both Internal and External controller authentication
• Current Roles Supported: Admin, Policy Admin and Observer
Note: Installer Role cannot access the Cisco APIC-EM GUI. As such, they are not bound
by an RBAC scope.
APIC-EM Path Trace App
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
APIC-EM Path Trace Application
User Trouble Ticket IT Path Trace
NETWORK
Open
Architecture
Network,
Applications
Monitoring
Simple Workflow
BENEFITS
SDN
Easy visual discovery of trouble spots in the
communication path based on 5-tuple info
OpEx for ticket processing decreased by 98%
from 1.6 hours to 1 minute
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
`
Path Trace App: Application Flow Visibility
Link Source InformationStats: Device, Interface, QoS, PerfmonACL CheckCAPWAP Tunnel
APIC-EM PnP App
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
NETWORK
New RouterNew Switch
PnP ApplicationIT
Simple Workflow Zero Touch
Provisioning
SDN
Open
Architecture
BENEFITS
APIC-EM PnP ApplicationUse Case: Auto-Discovery and Provisioning
Zero Touch Deployment.
Shortened Deployment Time.No On-Site Expert Needed
Increased Security. Decreased
Chance of Misconfiguration.
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Network Plug and Play - Components
PnP Agent
Runs on Cisco® switches, routers, and wireless access points
Automates the deployment process
PnP Server
Central server - APIC-EM
Manages sites, devices, images, licenses
Provides northbound REST APIs
PnP Protocol
Runs between Agent and Server
Open schema
PnP Helper App (optional)
Delivers bootstrap status and troubleshooting checks
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
PnP Server Discovery Options
Switches (Catalyst®) Routers (ISR, ASR) Wireless Access Points
1
2
3
4
5
DHCPServer
DNSServer
DHCP with options 60 and 43
PnP string: 5A1D;B2;K4;I172.19.45.222;J80
DNS lookup
pnpserver.localdomain ---- 172.19.45.222 (PnP Server)
Cloud re-direction
https://devicehelper.cisco.com/device-helper re-directs to 172.19.45.22
(PnP Server)
USB-based bootstrapping
Manual - using the Cisco® Installer App
iPhone, iPad, Android, (roadmap - Windows mobile and PC)
Cisco iWANSolution Overview
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
NETWORK
DMVPNSLA QoS
Path SelectionBusiness Policy:
App SLAIWAN
ApplicationIT
SDN
Simple Workflow Zero Touch
Provisioning
Business Level
Policies
Open
Architecture
Network,
Applications
Monitoring
BENEFITS
APIC-EM IWAN ApplicationUse Case: Cisco Best Practices & Knowledge for SDWAN
Note: IWAN App Release 1 targets less than 500 sites, 2 links per Branch with ISR4000.
From Weeks to
Minutes
Over 1000 CLI commands
reduced to 10 GUI Clicks
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
`
IWAN SD-WAN Automation
Cisco® APIC-EM centralized policy expression
and distribution
Distributed policy enforcement
Automated application and topology discovery
Application and network performance monitoring
Adaptive path selection and QoS
to sustain policy
Performance analytics collected network-wide
and reported centrallyMC
Branch
MC
Large Site
MC
Campus
Data Center
or POP
4G
LTEInternet
Data Center
or POP #2...n
MPLS
(IP-VPN)
IWAN Domain
ControllerPolicy Rendering
Policy Distribution
and Domain Control
Distributed Policy
Enforcement
IWAN APP
Policy Expression
APIC-EM EasyQoS App
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Policy Service: EasyQoS
Enhance Collaboration Experience
300% 50%Reduction in
voice jitter
Video quality
improves
No Operator Intervention
”
The EasyQoS App reduces deployment times
for network-wide QoS dramatically. We can
now respond to changing application needs via
policy-based automation within minutes or
even seconds.
“
Select from Predefined
Policies
AutomatedDeployment
of QoS config
Optimized for Any
Infrastructure
Edeka
Lower Costs & Complexity
Deploy changes: Months to Minutes
Thousands in cost savings
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
3131© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
EM
EasyQoS will seamlessly interconnect all types of
hardware and software queuing models to achieve
consistent and compatible end-to-end treatments
aligned with the expressed business-intent
EasyQoSApplication QoS- Deploy End-to-End DSCP based Queueing Policies
Cisco Catalyst 3K switches
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
MPLS on Catalyst 3850
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
MPLS Features
• Label Distribution Protocol
LDP
• MPLS QOS
• BFD
• MPLS TraceRoute/LSP Ping
• MPLS L3VPN-IPv4
PE-CE Protocols : Static, RIP, EIGRP,
OSPF
PE-P Protocols: OSPF & ISIS
MP-IBGP
• IPv6 L3VPN
• 6PE
• Multicast VPN
Catalyst 3850 (Supported
on All SKUs)
MPLS – Bringing MPLS to Access
CE PPE
PE
P
P
CE
P
PE
PE
CE
CE
MPLS Domain
Label switched path
LDP
Polaris | UADP | Standards-based
L3VPN
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Network As A Sensor
Application Assurance
Detect Rich Endpoint Context
Detect Anomalous Traffic Flows
Detect User Access Policy Violations
Better Application Experience
Leverages DNS-AS and NBAR2
Visibility of Critical applications on the network
Consistent policies for End User Experience
Threat Analysis Key Benefits
Stealthwatch Deployed as
Physical or Virtual
Appliance
Collects Network Data
with Full NetFlow Per
Switch
Identifies and Reports
Potential Security Threats
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Programmability, Why Network Programmability Matters
0
100%
67%
CAPEX OPEX
33%
0 10 100 1000
Computing Networking
Seconds
Network Expenses Deployment Speed
Time IT
spends on
operations
CMOs think IT
is not
responding fast
enough to time-
sensitive
projects
CEOs are
worried about IT
strategy not
supporting
business growth
80% 55% 57%
Source: Forrester Source: Open Compute Project
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Programmability & Automation
Day 0:Programmable
Bootstrap
Device
Provisioning
Day 1:
Programmable Interfaces
Configuration
Day 2:
Telemetry
Monitoring
Bootstrap
Agent (PnP) ZTPNET
CONF
REST
CONF
YANG
ModelsPython
Model Driven
Telemetry
gRPCShipping
Shipping
Shipping
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Cisco Stackwise Virtual
VSLSW-1 SW-2
o
o
Distributed stacking will support 16.1 feature parity during FCS.
Cisco Catalyst 2K switches
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Cisco Catalyst 2960 Family
Advanced Layer 2
Stackable
Cisco Catalyst 2960-X
License: LAN Base
10G/1G SFP+/SFP 80G FlexStack-Plus Full
PoE, PoE+IPv6 FHS NetFlow-Lite
Gig
ab
it E
thern
et
Ease of Use
Robust Security
Enhanced Lifetime
Warranty
Energy Efficiency
Lower TCO
Fea
ture
Lea
de
rsh
ip a
nd
Cis
co
Qu
ali
ty a
t
Co
mp
eti
tive
Pri
ces
Layer 2 Standalone
Cisco® Catalyst® 2960-Plus
License: LAN Lite/LAN Base
1G SFP/BASE-T Uplinks
802.3af PoE
Fa
st
Eth
ern
et
Advanced Layer 2/3
Stackable +
Resilient
Cisco Catalyst 2960-XR
License: IP Lite
2960-X Features + IP Lite: L3/Routing
Redundant PSU
Layer 2 Standalone
Cisco Catalyst 2960-L
License: LAN Lite
1G SFP Uplinks Partial PoE,
PoE+Web UI, Bluetooth Ready
New
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Introducing the Cisco Catalyst 2960-L Series
Extending Unified Access
Persistent PoE*
< 1-minboot time
Bluetooth ready
800MHzCPU
1.5 Mb perASIC
Prime Infrastructure and
PnP
Web UI for configuration
and management
Fanless
EEE
PoE+
2 x 1G or 4 x 1G
8/16/24/48 downlinks
4 queues per port
* FCS+1
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
C2960-L Series Hardware Specification
• Fanless*
• Flash: 256 Mb and DRAM: 512 Mb
• 800-MHz CPU
• Downlink options: 8/16/24/48 of 1G
• Fixed uplinks options: 2/4 of 1G
• Default license: LAN Lite (also
includes dot1x Multiauth, IPv6:
QoS and trust, IPv6 MLDv1 and
v2 snooping)
• Max available PoE budget: 370W
• Operating temperatures: -5C to 45C
(at sea level)
• Operating altitude: up to 10000 ft.
• Fixed power supply (no RPS
support)
• Stacking not supported
*Except 48-port switches
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
C2960-L Overview
Feature 8 Ports 16 Ports 24 Ports 48 Ports
Forwarding bandwidths 10 Gbps 18 Gbps 28 Gbps 52 Gbps
Switching bandwidth 20 Gbps 36 Gbps 56 Gbps 104 Gbps
Forwarding rate (64-byte L3 packets) 14.88 Mpps 26.78 Mpps 41.67 Mpps 77.38 Mpps
Unicast MAC addresses 8K 8K 8K 8K
Maximum active VLANs 64 64 64 64
VLAN IDs available 4,096 4,096 4,096 4,096
Maximum STP instances 64 64 64 64
MTU-L3 packet 9198 bytes 9198 bytes 9198 bytes 9198 bytes
Jumbo Ethernet frame 10,240 bytes 10,240 bytes 10,240 bytes 10,240 bytes
MTBF in hours (Data) 2,448,133 2,416,689 2,412,947 1,370,769
MTBF in hours (PoE) 315,044 313,496 909,838 437,970
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Q&A
?