Professional Documents
Culture Documents
and network
automation - changing
the future
Markus Harbeck Consulting Systems Engineer
BRKARC-3004
CCIE #8087
CCDE #20130015
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click Join the Discussion
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
Introduction to Cisco SDN and
APIC-EM intent
TOP NEWS!
What is APIC-EM ?
APIC-EM Deployment what
you get and how to use it
Use Cases Demo time of
many Apps!
Vision, Conclusion & Summary
Q&A
Short Hint:
Background:
Joined CISCO October 2010 mharbeck@cisco.com
Before; 12 years, operations, engineering, application engineering at Lufthansa
Systems
Drives APIC-EM, Automation and Analytics in EMEAR
LISP innovations first customer projects in Germany
Owner and Head of the Network Innovation Summit http://cs.co/NIS2015
CCIE #8087
Current Projects: CCDE #20130015
APIC-EM, DNA Center
Copyright by Saskia
Copyright by Hanna
Analytics, Assurance
Network Transformation
Copyright by Hanna
Network Automation
LISP
My Kids view on
Network Design
Copyright by Saskia
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
For Your
How to get the PDF and Video ? Reference
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
This session concentrates on Base Automation Software
Defined Access will be coverd in several Cisco Live Session
Disclaimer: Many of the products and features described herein remain in varying
stages of development and will be offered on a when-and-if-available basis. This
roadmap is subject to change at the sole discretion of Cisco, and Cisco will have
no liability for delay in the delivery or failure to deliver any of the products or
features set forth in this document.
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Introduction to Cisco
SDN and
APIC-EM intent
SDN Still Dont kNow Stanford Defined Networking
The Promise of OF/SDN had been Decoupling Policy from Configuration
An open solution for customized flow A platform for With SDN I can develop solutions to my problems far faster
Physical
forwarding control in the Data-Center developing new control planes
Managing the Whitebox routing
at software speeds. I dont have to work with my network
vendor or go through length standardization
separation of the
A way to reduce and switching
CAPEX of my network
control andcommodity network through
A way to avoid lock-in to a
single networking vendor
and leverage A means to do traffic engineering without
data plane switches abstractions MPLS
An open solution for VM mobility in A solution to build a very large scale layer-2
the Data-Center network
ve
A means to scale my fixed/mobile gateways
Packet and
Running
A way to build my own security/encryption
solution, avoiding RSA
A way to define virtual networks with specific
forwarding
optimize their placement on
A solution to build virtual topologies with topologies for my multi-tenant Data-Center
networks in agile
x86 compute
optimum multicast forwarding behavior
You cant just buy SDN. DEV-OPS model
A way to scale my firewalls
A way to configure my entire network as and loadbalancers
Its an architecture
A way to distribute policy/intent, e.g. for DDoS
prevention, in the network a whole rather than individual which
devices you
have to embrace andAlife
A way to optimize link utilization in my network, through
new multi-path algorithms
solution to get a global view of the
network topology and state
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Cisco Rewriting the Networking Playbook
Traditional Network Digital-Ready Network
Manual Automated
Automated
Deployment
with Integrated
Compliance
Manual
Network
Deployment
and Ops
ITSM Integration
Plug and Play
Integration with NOC Tools and
Zero Touch deployment
ITSM (Change Management
for Day 0 Network
and CMDB)
deployment
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
What is brand new?
DNA Center (APIC-EM 2.x)
Built-in expertise to manage and deploy end-to-end network
services with a central management (July 2017)
Software-Defined Access
Dynamically adapt to changing needs with policy-based
management of the network fabric (Jul 2017)
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
APIC
Application Policy Infrastructure Controller
Application Centric Infrastructure (ACI) User Centric Infrastructure
APIC
(DC) EM
Data Center Enterprise Module
(Nexus 9000) (Catalyst, ISR, ASR, WLAN,
Nexus 7k*, 5k*, NfV*)
*limited support
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Common Policy Model from Branch to Data Center
POLICY
CISCO ADVANTAGE
BROWNFIELD AND POLICY FRAMEWORK: FOCUS ON
END TO END
GREENFIELD APPLICATION AND USER ENABLEMENT
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
What is APIC-EM ?
Do you know or recognize your Network ?
1.x 2.x
Copyright by Saskia
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
1.x
The challenges !
Copyright by Saskia
Simplify your network
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
APIC-EM similarity to Smartphone
The APIC-EM has:
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
APIC-EM - Platform Architecture
APIC-EM Network PnP IWAN Path Trace Network Inventory APIC-EM
Applications Advanced Topology Visualizer Easy static and dynamic QoS Applications
APIC-EM Controller
Northbound REST APIs
Inventory
RBAC Policy Analysis Policy (QoS)
APIC-EM Manager
APIC-EM
Services Services
Topology Data Access IWAN
Network PnP
Services Service Services
Addresses
Scale Out
Grapevine Elastic Service Infrastructure
and HA
Requirements
Note: Services and Apps listed are an extract BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Controller in Action !
Source: http://www.mysweety.eu
Abstraction
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Do You
Think
know Tic
outside O X O
Tac Toe?
O X O
X O X The Box
X BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
DNA Center: Design, Policy, Provision, Assurance
A better way to manage your network
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
DNA Solution DNA Center
Cisco Enterprise Portfolio Simple Workflows
DNA Center
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
DNA Themes
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
APIC-EM
Deployment what
you get and how to
use it
APIC-EM 5 step installation
Physical Appliance or Virtual Downloadable ISO Image
.ISO for virtual OS: Ubuntu 14.04 64-bit
Pre-installed Deployment Options:
APIC-EM software Bare-metal install
APIC-EM Appliance SKUs: (recommended)
APIC-EM-APL-R-K9 Virtual machine
APIC-EM-APL-G-K9
APIC-EM Cluster
Software
Type HW HA
HA
Node 1
IP Addr1 Single Node
No No
(only Node1)
Virtual IP
Node 2 Address
2 Nodes
IP Addr2 Yes No
(Node 1+2)
Node 3 3 Nodes
IP Addr3 (Node Yes Yes
1+2+3)
Note: A Node is a physical server or a virtual machine
where APIC-EM is installed.
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
APIC-EM communication
Node 3 Network
IP Addr3 Devices
Note: For the actual releases, all the nodes in the APIC-EM cluster need to be in the same subnet
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
50k+ Devices*
300k+ Hosts
LAN/WAN/WLAN
Note: No change in HW requirements!
16k Devices*
80k Hosts
LAN/WAN/WLAN
8k Devices*
40k Hosts
LAN/WAN/WLAN
4k Devices*
20k Hosts
LAN/WAN/
1k Devices* WLAN
5k Hosts
LAN/WAN/
100 Devices* WLAN
100 Hosts
LAN/WAN
1.0
PoC CA (GA) 1.1 1.2 1.3 X
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
APIC-EM
Some Useful hints !!!
Graceful full Cluster
Shutdown / Start
sudo /home/grapevine/bin/harvest_all_clients
Start Single Node or Node of Multihost Cluster (only one - last powered down), when
started Enable Grapevine:
$ grape config update enable_policy true
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Graceful Cluster Node
Shutdown
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Restart Controller Node
1. grape host enable <host_id>
is the same as the one from the
shutdown !
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Root Cause Analysis rca
Collects important:
log files
configuration files
output of various commands
Creates a compressed tarball
containing the above information
which can be sent to developers for <snip>
further debugging and analysis
Can be sent to support team!
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Lets start APIC-EM & Abstraction
Deployed Lets have a break ?
In English:
One (1) Two (2) Three (3) Four (4)
In German:
Uan(1) Tu (2) Sri (3) For (4)
APIC-EM 2.x
Overview
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
API: VERBS + NOUNS + Syntax
https://fra-apicem1.cisco.com/api/v1/network-device GET/POST
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Demo Time !
REST API
Deployment
Device receives target
image and configuration
2
Discovery
Device can reach
PnP Server on APIC-EM
1
No Staging
Routers (ISR, ASR)
No Staging Required
PnP Runs from Cisco
Switches (Catalyst) Wireless Access Points
Factory-Default Configuration
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Network Plug and Play (PnP) Components
PnP Agent PnP Protocol APIC-EM (pnpserver)
Embedded in IOS / AirOS Runs between Service in APIC-EM
Requests for IP and APIC-EM Address Agent and Manages sites, devices,
Authenticates APIC-EM images, licenses, workflow
Creats a PnP Profile Provides Northbound REST
Opens on http APIs
Operates on https / tcp !
Secure and reliable
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
PnP Discovery Options
DHCP DHCP with options 60 and 43
1 Server PnP string: 5A1D;B2;K4;I172.19.45.222;J80
4 USB-based bootstrapping
Switches (Catalyst)
Manual - using the Cisco Installer App
5 iPhone, iPad, Android, (roadmap - Windows mobile and PC)
Others
X
Any other manual or automated discovery method Scripting, AN, EEM, NAP, etc.
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Network-PnP Connect Redirection Service
Device SR# Device SR#
Smart
Account DB
Supply-Chain PnP Connect
Customer DB Redirection Service
Wheres my
PnP Server?
CISCO Customer Order APIC-EM Registers IP
Address w/ Cloud
CUSTOMER APIC-EM IP
PnP Protocol
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Demo Time !
Distribution
SMI Proxy Distribution with SMI Proxy (vstack configuration)
15.2.E4
VLAN301
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Our Rabbit Kuckie at break
Exhausted ?
You need a break ?
We still have cool
things to see!
And yes he sleeps
only ! And abstracts
in his dreams
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
How to import many devices ? PnP API
1
2 /file/config
/pnp-project /file/image
3
/pnp-project/{project-id}/device
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Demo Time !
Path Trace
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Solicit Application Business-Relevance
CVD: http://www.cisco.com/c/en/us/td/docs/solutions/CVD/Mar2017/APIC-EM-EasyQoS-DesignGuide.html
Or short link: http://cs.co/apicem14easyqos
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
EasyQoS Solution
Applications can interact with APIC-EM via Northbound
APIs, informing the network of application-specific and
dynamic QoS requirements
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Relevant Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Irrelevant Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Demo Time !
Easy QoS
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
What happens if you get a new Application ?
Example: QoS Video Classification Enables Enterprise Wide Jabber
APIC-EM Easy-QoS
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
How Will Dynamic QoS Work?
Classify and Mark a Proceeding Call
CUCM signals APIC-EM of a proceeding call
APIC-EM deploys a dynamic ACL update for voice and/or video
to all ports on the switch (or switch module)
EM
ip access-list extended VOICE
permit udp host 10.1.1.1 eq 18578 host 10.2.2.2 eq 17333
ip access-list extended VIDEO
permit udp host 10.1.1.1 eq 31199 host 10.2.2.2 eq 24141
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Cisco Active Advisor App
CAA- Life Cycle Management
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Demo Time !
Platform extensibility for building API and Data Models across multiple Integrations with complimentary
custom apps stages in DNA Stack platforms *
Firehose * Cisco Assets
Graph API
Industry
Connectors Contextual Search Integrations
Design tools generate CLI Config for manual Network Design via Profile Integrated
deployment Deployment
Separate tool for different functions One Tool to Manage the Network
Transition !
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
With APIC-EM much better control !
1.x
Copyright by Hanna
my 8 year old
2.x my 6 yeardaughter!
old daughter!
Copyright by Hanna
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
1.x 2.x
The answer!
Copyright by Hanna
Simplification because of abstraction
Copyright by Hanna
Automation done by NG PnP incl. RMA
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
APIC-EM in dCloud http://dcloud.cisco.com
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
APIC-EM on DevNet http://developer.cisco.com
https://developer.cisco.com/site/apic-em/docs/resources/sandbox/
https://learninglabs.cisco.com/tracks/apic-em-prog
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Some References
APIC-EM BRKARC-3004
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
My Call to action !
2. Download and test APIC-EM the code is available on CCO and DevNet
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Complete Your Online
Session Evaluation
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 gift card.
Complete your session surveys
through the Cisco Live mobile
app or on www.CiscoLive.com/us.
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
Demos in the Cisco campus
Walk-in Self-Paced Labs
Lunch & Learn
Meet the Engineer 1:1 meetings
Related sessions
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Thank you
R&S Related Cisco Education Offerings
Course Description Cisco Certification
CCIE R&S Advanced Workshops (CIERS-1 & Expert level trainings including: instructor led workshops, self CCIE Routing & Switching
CIERS-2) plus assessments, practice labs and CCIE Lab Builder to prepare candidates
Self Assessments, Workbooks & Labs for the CCIE R&S practical exam.
Implementing Cisco IP Routing v2.0 Professional level instructor led trainings to prepare candidates for the CCNP Routing & Switching
Implementing Cisco IP Switched CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in
Networks V2.0 self study eLearning formats with Cisco Learning Labs.
Troubleshooting and Maintaining
Cisco IP Networks v2.0
Interconnecting Cisco Networking Devices: Configure, implement and troubleshoot local and wide-area IPv4 and IPv6 CCNA Routing & Switching
Part 2 (or combined) networks. Also available in self study eLearning format with Cisco Learning
Lab.
Interconnecting Cisco Networking Devices: Installation, configuration, and basic support of a branch network. Also CCENT Routing & Switching
Part 1 available in self study eLearning format with Cisco Learning Lab.
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Design Cisco Education Offerings
Course Description Cisco Certification
Designing Cisco Network Service Architectures Provides learner with the ability to perform conceptual, intermediate, and CCDP (Design Professional)
(ARCH) Version 3.0 detailed design of a network infrastructure that supports desired capacity,
performance, availability required for converged Enterprise network (Available Now)
services and applications.
Designing for Cisco Internetwork Solutions Instructor led training focused on fundamental design methodologies used CCDA (Design Associate)
(DESGN) Version 3.0 to determine requirements for network performance, security, voice, and
wireless solutions. Prepares candidates for the CCDA certification exam. (Available Now)
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Network Programmability Cisco Education Offerings
Course Description Cisco Certification
Developing with Cisco Network Programmability Provides Application Developers with comprehensive curriculum to Cisco Network Programmability
(NPDEV) develop infrastructure programming skills; Developer (NPDEV) Specialist
Addresses needs of software engineers who automate network Certification
infrastructure and/or utilize APIs and toolkits to interface with SDN
controllers and individual devices
Designing and Implementing Cisco Network Provides network engineers with comprehensive soup-to-nuts curriculum Cisco Network Programmability
Programmability (NPDESI) to develop and validate automation and programming skills; Design and Implementation
Directly addresses the evolving role of network engineers towards more (NPDESI) Specialist Certification
programmability, automation and orchestration
Programming for Network Engineers (PRNE) Learn the fundamentals of Python programming within the context of Recommended pre-requisite for
performing functions relevant to network engineers. Use Network NPDESI and NPDEV Specialist
Programming to simplify or automate tasks Certifications
Cisco Digital Network Architecture This training provides students with the guiding principles and core None
Implementation Essentials (DNAIE) elements of Ciscos Digital Network Architecture (DNA) architecture and its
solution components including; APIC-EM, NFV, Analytics, Security and
Fabric.
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Data and Analytics Cisco Education Offerings
Course Description
ANDMB Data Management, Architecture and Applications Provides hands on training with a technical mix of application, compute, storage and
networking topics concerning the deployment of Big Data clusters.
ANDMA Advanced Data Management, Architecture and Covers major architecture design to cater to different needs of the application, data center or
Applications deployment requirements. It provides architectural designs and advanced hands-on training on
topics covering Scaling of cluster to thousands of nodes and management, Data Life Cycle
management with HDFS tiered storage, and different approaches for Multi-tenant Hadoop
cluster deployments with Openstack
ANCISB Basic Course in Data Virtualization based on Cisco Hands-on accelerated training on installing and developing with Cisco Information Server
Information Server Application Data Services. It provides technical guidance to engineers who will be performing
complex integration activities.
ANCISV Advanced Course in Data Virtualization based on Recommended course for administrators who need to understand how Cisco Information
Cisco Information Server Server fits into their environment and the types of administration tasks typically required by the
product.
ANCISM Administration Course in Data Virtualization based Course is for candidates who are familiar with Cisco Data Virtualization basics and want to
on Cisco Information Server focus on advanced Cisco Information Server features.
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 88