Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based networking

Cisco Connect Toronto
Canada • 18 October 2018
Global vision.
Local knowledge.

DNA Automation
The Evolution to
Intent-Based Networking
Don Orlik
Product Specialist – Digital Network Architecture

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Connect delivers education and
inspiration to technology innovators
worldwide.
• Why an Intent Based solution
• Traditional Management vs. Intent Based Networking
• What is DNA Center
• DNA Center Automation: Using DNA Center for Base
Network Automation
• DNA Center Automation: Using DNA Center for
Application Policy
• Key Takeaways
AGENDA
Lecture
&
Demo
&
Comparisons
with Prime

Why an Intent Based
Solution ?

The Cost of Doing Business in the Digital World
Why are companies spending so much?
*McKinsey study conducted for Cisco in 2016
95% 70% 75%
OpEx Spent on Network
Changes & Troubleshooting
Policy Violations
Due to Human Error
Network Changes
Performed Manually
$60B Spent on Network
Operations Labor and Tools

IT Operations Evolution to Intent-based networking
IT Ops Maturity
Automated
segmentation,
security and
application experience
based on policy
SD-Access
and SD-WAN
Simplify
troubleshooting and
detect malware
events in encrypted
flows
Assurance and
Threat Detection
Zero touch
provisioning,
automated software
image management
Base
Automation
Manual network
configuration and
troubleshooting
Manual
Operations

Traditional
Management vs.
Intent Based
Networking

What do we mean by Intent Based Networking?
Conventional Model
The What
“QoS Policy for
Branches A-N”
The How
“Change QoS
config in the
following elements”
Admin
Driven
System
Driven
Intent Based Policy
Deployment
The What
“QoS Policy for
Branches A-N”
The How
“Change QoS
Config in the
following flements”
Admin
Driven
Manual Policy
Deployment

Unlock the Power that Exists
in the Network through
Abstraction, Automation,
and Policy Enforcement
Leverage the
Power of Existing
Distributed Systems
The Network you
have already built
9
Cisco’s Enterprise IBN Strategy
Policy and Intent to Unlock the Power of your Network
Enable Network Wide
Fidelity to an Expressed
Intent (Policy) through
Analytics & Assurance

Feature Configuration vs. Intent Based Networking
FEATURE CONFIGURATION

Feature Configuration vs. Intent Based Networking
INTENT BASED NETWORKING

Network Deployment Time Savings
Policy
6 complex steps
reduced to 2 simple
clicks
Now
5 minutes
Before
4 hours
Design
12 find and define
tasks now auto-
discover and import
Now
15 minutes
Before
2 hours
Provision
8 manual
configuration steps
reduced to select
and drop
Now
5 minutes
Before
5 hours
Savings
Workflow time per
device:
Now
25 minutes
Before
11 hours

What is DNA
Center?

DNA Center: Design, Policy, Provision, Assurance
A better way to manage your network
DNA Center: Design, provision,
automate policy and assure
services from one place
Logical workflow to design,
provision, set policy
Respond to changes faster
Monitor end-to-end
network performance
Predict and act on problems
before they happen
Pinpoint problems faster
Reduce downtime with an
end-to-end view instead of
hop by hop
Manage hardware and
software lifecycles
Keep up to date, meet
compliance and plan for refresh
DN1-HW-APL
Current version 1.2.5

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Decouple Policy from
Network Topology
Industry Best-Practices
and Policy Compliance
Proactive Issue
Identification and
Resolution
Business Intent driven
Network Changes
Simplify Day 0 to Day
N Changes
Monitoring
and Troubleshooting
Fabric Network Automation Assurance
Introducing DNA Center
Policy-Based Network
Covered in this session

Decouple Policy from
Network Topology
Industry Best-Practices
and Policy Compliance
Proactive Issue
Identification and
Resolution
Business Intent driven
Network Changes
Simplify Day 0 to Day
N Changes
Monitoring
and Troubleshooting
Fabric Network Automation Assurance
Introducing DNA Center
Policy-Based Network
Covered in the
afternoon session

DNA Center
Automation:
Using DNA Center
for Base Network
Automation

Automation Use Cases covered in this session
Use Case #4- Wireless
Deployment
Use Case #2- Software
and Image Management
Use Case #3-
Customized Templates
Use Case #5-
Application Policy
Use Case #1- New
device onboarding
SITE

Preparing DNA
Center

Step 1 – Define your network hierarchy

Step 2 – Define Network Settings and Device
Credentials

Step 3 – Discover existing network

Step 4 – Check Inventory

Step 5 (Optional) - Check Topology

Use Case #1 -
Network Plug and Play

Direct Costs
• Pre-staging & Shipping
costs
• Travel costs
Complexity
• Configuration errors
• Different products, IOS
Releases
Security
• 3rd
party not secure
• Rogue devices
Time/Productivity
• Manual process
• Shipping , Storage,
Travel
TechnicianStaging
Site
Manual
Installer
Deploy
device on
site
Order
Equipment
Deploy
device on
site
DNA-C Automation
With Plug & Play
Order
Equipment
• Drop Ship devices
• Centralized device discovery
(DHCP, DNS, Cloud)
• Non-technical installer at site
• Template based configurations
• Secure SUDI Authentication
~50%
Day 0 OPEX Savings*
Network Plug and Play: New Device Onboarding

Use Case Example
Device Deployment in Campus
DHCP Server
Network Admin Pre-
Provisions DNAC
Day 0
IP Address
10.11.11.11
DNAC (PnP Server)

DNAC (PnP Server)
Use Case Example
Device Deployment in Campus
DHCP Server
Switch running
PnP Agent
<..snip..>
CISCO_PNP.pnpserver
"5A;B2;K4;I10.11.11.11;J80";
<..snip..>
Device validates server’s location and
establishes a communication with the server
Installer
Remote Installer
• Mount and cable
devices
• Power-on
Day 1
Network Admin remotely
monitors status of install
while in progress.
Day 1
IP Address
10.11.11.11
Cisco IOS®
Config
file….

PnP Server Discovery Options
Redirect
ManualAutomated
DHCP with options 60 and 43
PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server
DNS lookup
pnpserver.localdomain resolves to DNA-C IP Address
Cloud re-direction https://devicehelper.cisco.com/device-helper
Cisco hosted cloud, re-directs to on-prem DNA-C IP Address
USB-based bootstrapping
router-confg/router.cfg/ciscortr.cfg
Manual - using the Cisco® Installer App*
iPhone, iPad, Android
Routers
(ASR, ISR)
Switches
(Catalyst®)
Wireless
Access Points
1
2
3
4
5
* DNA-C Support in Roadmap
Manual discovery
not supported for
Access Points

CCW order
ControllerIP
Corporate
HQ
Cisco®
supply chain
Installer
Device SN
Customer Smart
Account added as
part of ordering
Device SN added
into customer
Smart Account
SN per Smart
Account available in
PnP Connect
DNA Center
registers its identity
with PnP Connect
DNA Center downloads SN from
PnP Connect
Profile mapped
to site
1
2
Customer Smart
Account
3
Device SN
PnP Connect
Cloud-based device
discovery
Instructto
contacton-prem
ises
controller
PresentSN
Device SN
5
4
6
Label
SSL SSL
7
Admin
DNA Center
Deploy image and configuration
Device provisioned upon
discovery and
association to site
8
SSL
Day-0 deployment using PnP Connect

Use Case #1 -
Network Plug and
Play Demo

Use Case #2 -
SWIM

Use Case:
• Ensure Consistency of Software
for all network devices (by
platform type)
• React to PSIRT and bugs fast
• Deploy software with
confidence
Use Case #2: Managing Software Lifecycle
Benefits:
• Golden Image based workflows
drive software consistency
• Pre/Post check ensures that
software updates do not have
adverse effects on the network
• Patching provides small
updates to react quickly to
security fixes

But wait! Doesn’t PI have Image
Management?
Select
Golden
Image
Identify
devices to
upgrade
Create a
Change
Request
Approval
of CR
Pre-Check
validations
Distribute
Image
Activate
Image
Post
Upgrade
Validation
Close CR
Plan a
Image
Upgrade
Steps to Update Software Image Update
Select
Golden
Image
Identify
devices to
upgrade
Create a
Change
Request
Approval
of CR
Pre-Check
validations
Distribute
Image
Activate
Image
Post
Upgrade
Validation
Close CR
Plan a
Image
Upgrade
Traditional NMS Software Image Update
Select
Golden
Image
Identify
devices to
upgrade
Create a
Change
Request
Approval
of CR
Pre-Check
validations
Distribute
Image
Activate
Image
Post
Upgrade
Validation
Close CR
Plan a
Image
Upgrade
DNA Center Software Image Update
Indicates ITSM Process Steps
How to interpret
the colors
Actions outside of NMS,
mostly manual
Steps covered in NMS Tool
Steps covered in DNA-C

Use Case #2 -
SWIM Demo

Software Upgrade Workflow: Recommended
Images
Recommended Images:
• DNA Center can display the Cisco-recommended software images for
the devices that it manages (by device type).
• Cisco Credentials are required
• If the recommended Golden Image is selected as Golden, DNA Center
automatically uploads from cisco.com.

SMU (Software Maintenance Update)
Each device
update causes
network outage
Business
Loss &
Downtime
Reduced IT
Staff
Slows down
software
rollouts
New Code
Requires bug
analysis,
certification
Copy Images to
site over slow
VPN tunnels
Time
Consuming
Why SMU ?
What is SMU ?
§ Point Fixes for the IOS-XE images (16.x onwards)
§ Provides the ability to just update what is needed

SMUs in DNA Center
Step 1: Upload SMU
Step 2: SMU is automatically associated with
corresponding image
Step 3: Mark SMU as Golden

Use Case #3 -
Template Editor

Use Case #3: Customized Configurations
Create the Template

Template Editor
Device Type and
Software Type selected
from a drop down menu• Minimum software version applicable
for this template
• These are check during provisioning, if
there’s a mismatch, provision skips the
template

Template Editor
Checks:
• Velocity syntax error
• Conflicts with blacklisted
commands
Commit:
• Once committed, it becomes read-
only version
• Commit version is essentially
template version control
• Only latest commit version can be
used for provisioning
Content in template uses Velocity TemplateLanguage (VTL). For more information about using VTL:
http://velocity.apache.org/engine/devel/vtl-reference.html .

Customized Network Settings Update
How to deploy the template to the devices
Template is
associated to
Network Profile
Network Profile
assigned to a site
PROFILE
DESIGN
PROVISION
SITE
DEVICE
TEMPLATE
DESIGN

Use Case #3 -
Template Editor
Demo

Use Case #4 - Wireless
Deployment

Use Case #4: Wireless Deployment Made Simple
SSID RF Profiles
Dynamic
Interfaces
Flex/Centralized
PROFILE
DESIGN
PROVISION
SITE
WLC & AP
SSID
DESIGN
SSIDs and RF Parameters that represent wireless network
Devices ready to
deploy

Advanced RF support
Ability to create custom RF profiles with support for:
• Data Rates
• Dynamic Channel Assignment (DCA)
• Tx Power configuration (TPC)
• RxSOP
• Radio Enable/Disable
Now create and edit RF profiles for the wireless network

New in DNA Center 1.2 Brownfield Support
Phase 1 – In Product Beta
Learn Analyze Populate DNAC Designs
• Learn from WLC and
populate DNAC Designs
automatically
• Provision new WLC’s
using the learnt DNAC
Designs

New in DNA Center 1.2 Brownfield Support
Phase 1 – In Product Beta
Learn from WLC and populate DNAC Designs automatically
• Network Settings such as AAA, Syslog, DHCP,DNS etc
• Wireless Settings such as SSID’s, RF Profiles, Dynamic Interfaces

Use Case #4 -
Wireless
Deployment Demo

Use Case #5 –
Application Policy
Automation

Cisco ONE
FoundationApplication Policy
Simplifying Deployment of QoS Enterprise Wide
Implements QoS in Minutes
Enhance
Collaboration
Experience
300% 50%
Reduction in
voice jitter
Video quality
improves
Select from
Predefined
Policies
Optimized
for Any
Infrastructure
Select from Predefined
Policies
Automated Deployment
of QoS config
Optimized
for Any Infrastructure
Enhance Application
Experience

Application Policy
Wireless AP
Trust Boundary
PEP
4Q (WMM)
Catalyst 3650
Trust Boundary
PEP
2P6Q3T
Catalyst 4500
1P7Q1T
Catalyst 6500
1P3Q4T
1P7Q4T
2P6Q4T
…
Nexus 7700
F3: 1P7Q1T
WLC
PEP
ASR/ISRs
MQC
Catalyst 2960-X
Trust Boundary
PEP
1P3Q3T
Wireless AP
Trust Boundary
PEP
4Q (WMM)
Applications can interact with DNA Center via
Northbound APIs, informing the network of application-
specific and dynamic QoS requirements
Southbound APIs translate
business-intent to platform-
specific configurations
Network Operators express high-level
business-intent to DNA Center
Application Policy
DNA Center
AnalyticsPolicy Automation

Application Policy in DNAC will seamlessly
interconnect all types of hardware and software
queuing models to achieve consistent and
compatible end-to-end treatments aligned with the
expressed business-intent
Catalyst 9300
Application Policy: Deploy End-to-End DSCP
Based Queueing Policies
DNA Center
AnalyticsPolicy Automation

Solicit Application Business-Relevance
Relevant IrrelevantDefault
• These applications directly
supports business objectives
• Applications should be classified
and marked according to RFC
4594-based rules
• These applications may/may not
support business objectives
• E.g. HTTP/HTTPS
• Alternatively, administrator may not
know the application (or how its
being used in the org)
• Applications in this class should be
marked DF and provisioned with a
default best-effort service (RFC
2474)
• These applications are known
and do not directly support any
business objectives; this class
includes all personal/consumer
applications
• Applications in this class should
be marked CS1 and provisioned
with a “less-than-best-effort”
service , per (RFC 3662)

What Do We Do Under-the-Hood?
Apply RFC 4594-based Marking / Queuing / Dropping Treatments
Application
Class
Per-Hop
Behavior
Queuing &
Dropping
Application
Examples
VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)
Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV
Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE
Signaling CS3 BW Queue SCCP, SIP, H.323
Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Default Forwarding DF Default Queue + RED Default Class
Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox LiveIrrelevant
Default
Relevant

Application Policy Workflow
Based on Business Relevance for the applications

Deploy Policy based on Site

But wait! Doesn’t PI have QoS Templates?
Manually select
interfaces in each
device

But wait! Doesn’t PI have QoS Templates?
For each interface and
direction decide whether or
not you want to do QoS
Classification & Marking
Set Classification and
Queuing Profiles

Prime Templates provide complete exposure and
manipulation of low level QoS configuration

Under the Hood - Classification
class-map match-all VOICE
match protocol attribute traffic-class voip-telephony
match protocol attribute business-relevance business-relevant
class-map match-all BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video
class-map match-all REAL-TIME-INTERACTIVE
match protocol attribute traffic-class real-time-interactive
class-map match-all MULTIMEDIA-CONFERENCING
match protocol attribute traffic-class multimedia-conferencing
class-map match-all MULTIMEDIA-STREAMING
match protocol attribute traffic-class multimedia-streaming
class-map match-all SIGNALING
match protocol attribute traffic-class signaling
class-map match-all NETWORK-CONTROL
match protocol attribute traffic-class network-control
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant
policy-map MARKING
class VOICE
set dscp ef
class BROADCAST-VIDEO
set dscp cs5
class REAL-TIME-INTERACTIVE
set dscp cs4
class MULTIMEDIA-CONFERENCING
set dscp af41
class MULTIMEDIA-STREAMING
set dscp af31
class SIGNALING
set dscp cs3
class NETWORK-CONTROL
set dscp cs6
class NETWORK-MANAGEMENT
set dscp cs2
class TRANSACTIONAL-DATA
set dscp af21
class BULK-DATA
set dscp af11
class SCAVENGER
set dscp cs1
class class-default
set dscp default

Cisco Protocol Pack Library: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
Protocol Pack 28: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp2800/nbar-prot-pack2800.html
<protocol>
<attributes>
<application-group>other</application-group>
<business-relevance>business-relevant</business-relevance>
<category>business-and-productivity-tools</category>
<encrypted>false</encrypted>
<p2p-technology>false</p2p-technology>
<sub-category>desktop-virtualization</sub-category>
<traffic-class>multimedia-streaming</traffic-class>
<tunnel>false</tunnel>
</attributes>
<common-name>Citrix Static</common-name>
<enabled>true</enabled>
<engine-id>3</engine-id>
<global-id>L4:1604</global-id>
<help-string>Citrix Static</help-string>
<id>1433</id>
<ip-version>
<ipv4>true</ipv4>
<ipv6>true</ipv6>
</ip-version>
<long-description>Citrix is an application that mediates users remotely to their corporate applications. ICre is a designated protocol for application server system; it is used for transferring data between clients and servers…
<name>citrix-static</name>
<ports>
<tcp>1494,1604,2512,2513,2598</tcp>
<udp>1604,2512,2513</udp>
</ports>
<indicative-ports>
<tcp>1494,1604,2512,2513,2598</tcp>
<udp>1604,2512,2513</udp>
</indicative-ports>
<references>http://www.citrix.com/site/resources/dynamic/additional/ICA_Acceleration_0709a.pdf</references>
<commonly-used>7</commonly-used>
<selector-id>1604</selector-id>
<underlying-protocols>tcp,udp</underlying-protocols>
</protocol>
remark citrix-static
permit tcp any any eq 1494
permit tcp any any range 2512 2513
- Citrix Static
ip access-list extended CONTROLLER-MULTIMEDIA-STREAMING-ACL
…
permit udp any any eq 1604
permit udp any any range 2512 2513

Cisco Protocol Pack Library: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
Protocol Pack 28: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp2800/nbar-prot-pack2800.html
ip access-list extended prm-APIC_QOS_IN#MM_STREAM__acl
remark citrix - Citrix
remark citrix-static - Citrix-Static
permit tcp any any range 2512 2513
permit udp any any range 2512 2513
</snip>
exit
Application
ACLs
!
ip access-list extended prm-APIC_QOS_IN#VOICE__acl
permit ip host 10.4.81.21 any DSCP ef
!
ip access-list extended prm-APIC_QOS_IN#MM-CONF__acl
permit ip host 10.4.81.21 any DSCP af41
!
Static Endpoint
ACL for Cisco
Phone

Use Case #5 -
Application Policy
Demo

Key Takeaways

Key Takeaways
It’s all about efficiency and speed
Intent Driven Networking accomplishes drastic simplification
Assurance must be outcomes driven and not problem based
Network Automation is required Reduce Cost and Remove
manual Errors
Profile Based Deployment simplifies Day 0 Deployment and
Day 2 Change Management

Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based networking

Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based networking

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based networking

Similar to Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based networking (20)

More from Cisco Canada

More from Cisco Canada (20)

Recently uploaded

Recently uploaded (20)

Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based networking