1 2 3 Previous Next

Network Architecture-Cisco DNA

75 posts


Cisco announces the addition of a suite of predictive services with these two new Cisco Services portfolios: Business Critical Services, and High-value Services.  With these new offerings, Cisco harnesses the power and intelligence of AI and machine learning to help CIOs address their most pressing challenges.


Read more about this exciting announcement


Register for the on-demand TechWise TV briefing now


Reply to this post with any questions you have about this announcement!  Our Services team would love your feedback.

Join us on October 11 from 8:00-9:30am PT for our next Security Customer Connection program briefing on the topic of TrustSec.


In this session, you will learn the fundamentals of TrustSec Software Defined Segmentation leveraging group-based access control. Learn how this can help your organization achieve segmentation and access control without redesigning you network.


Topics will include classification of endpoints into groups tags, propagation of those group assignments, and enforcement using group-based access control rather than traditional security methods. You will also learn how simple policy management is using the Identity Services Engine (ISE) TrustSec policy manager.  We will discuss use cases such a stopping lateral movement (east west traffic) between endpoints and how this can allow you to stop attacks like WannaCry dead in its track.


This will be just one in a series of webinars to help you learn the value of, and the IT challenges, that can be solved using group-based access control. Future topics will include things like Investment Protection with TrustSec as you start your DNA journey.


Join the Security track of the Customer Connection program first, and then register for the briefing

Tuesday, October 17, 2017 at 9:00 a.m. Pacific Time / 12:00 p.m. Eastern Time




Discover how new Cisco Services offerings can help you achieve a level of agility and efficiency you’ve only dreamed of. In this TechWiseTV event, you’ll learn how Cisco Services is helping tens of thousands of IT organizations achieve more every day. And deliver faster, and better, outcomes for their businesses and customers.


You’ll also be one of the first to hear about two major enhancements to our services portfolio. One is designed to help customers reduce complexity and risk, and better protect your business.  The other helps you get more value out of your IT investments.


Together, they help address some critical gaps created by digital transformation and help you accelerate results.



The proliferation of cloud applications continues to transform traditional architectures and traffic patterns, driving a need for organizations to re-architect their network. And now, with the emergence of applications at the edge for IoT control, firewalling, intrusion prevention, network monitoring, telemetry, and analytics, the network needs to be ready for applications hosted anywhere. The Catalyst 9000 series of switches running Open IOS-XE ushers in the new era of intent based networking that not only enables consistent secure access from edge to the cloud, but also enables hosted applications at the edge. The platform uses X86 based CPU with up to 1TB of local storage options to offer a container based application hosting environment.



hosting applications.pngThe initial software release on Catalyst 9000 switches uses the container environment to provide a sand-boxed (or decoupled) execution space called guest-shell for running on-box python. The application hosting capability could potentially enable a variety of new use cases across different verticals. These capabilities will be unlocked in future software releases. The nature of applications that can be hosted is flexible and varies from Cisco offered apps to partner apps to apps developed by customers. Here are some of the interesting use-cases that can be enabled:


  1. Analytics: Analytics is quickly gaining traction as a mechanism to deliver assurance and new business outcomes. Many of these outcomes rely on network and application telemetry. What better place to generate this telemetry than the network itself? A collector application running locally on the switch can collect end user/device telemetry data and TLS meta data. The collector can perform data pre-processing like filtering, aggregation and indexing before streaming the data securely to a data-platform. Processing data locally can significantly reduce the WAN bandwidth and optimize the storage thereby CAPEX required on data-platforms.

  2. Server-less compute: Edge compute helps non-stop operation and control of IoT devices connected to the cloud. It aids verticals like manufacturing where low and deterministic latency is required for real-time control loops. Moreover, IoT control centers hosted in Cloud environments benefit from an on-prem gateway function such as those offered by AWS Greengrass and Azure IoT Hub. These gateways can be hosted on the switch which removes the need for on-prem local compute in the enterprise environments.

  3. Security: With billions of unsophisticated IoT devices connecting to enterprise network, these devices must be classified and appropriate network posture implemented to maintain network security. A distributed micro-services based approach can create a scalable device profiling and firewalling solution.

  4. IT Operations: Every network admin relies on packet capture for monitoring and troubleshooting the network. Traditionally, operators have relied on span to troubleshoot end-user connectivity problems. Packet capture applications can now be hosted on the Catalyst 9000 switches with an API/UI based approach for selecting the desired traffic. Moreover, up to 1TB of local SSD storage is now available to save the resulting pcap files. This saves time and money for an operator troubleshooting real time network issues.


Cisco will provide variety of tool sets that aid application development to promote these business outcomes and support the developer community.  Developers can use Dockers Software Defined Environment (SDE) for application development and seamlessly deploy it on the Catalyst 9000 switches. The application has full access to all the programmability capabilities already available on open IOS-XE including the rich model driven APIs, streaming telemetry, CLI and SNMP. Cisco will also provide developers with app hosting SDK to get API access to the switch data plane.


Finally, Cisco DNA-Center will also offer the full lifecycle management for these hosted applications. The goal is to provide an intuitive UX for enterprise-wide provisioning and subsequent versioning of the application; including knobs for the administrator to secure the app hosting environment by limiting access to switch resources on a per application basis.


We at Cisco are very excited about the wide range of possibilities that can now be harnessed by network operators, application developers and DevOps teams, who can leverage the strength of Open IOS-XE to run applications utilizing the underlying x86 CPU of Catalyst 9000 series switches.


Sandra Rivera, SVP/GM of Network Platforms Group, Intel, rightly commented,

"The Intel® Xeon® processor D family of System on a Chip and the Cisco Catalyst 9000 switches push the edge of ‘what is possible’ with the ecosystem for containers and application hosting on a common platform."

This massive evolution of our switching products with Catalyst 9000 series, highlights the strength of Cisco innovation and openness of our platforms – it’s time to make the switch!


Join me on July 11, 2017 from 8:00-9:39am PT, for a deep-dive into the Catalyst 9000 series.  Join the Enterprise Networks track of the Cisco Customer Connection program and then register for the briefing.  Looking forward to your attendance!  www.cisco.com/go/ccp

The recent launch of Cisco Catalyst 9000 series of switches revealed an interesting design feature capturing the interest of Cisco Live attendees. Pininfarnia, designers to the famed Ferrari auto dynasty, provided design insight to ensure the new Catalyst switches were as ergonomic and aesthetically pleasing as possible. During launch press activities, CNBC wrote the first story about the Pininfarnia Cisco collaboration and I am sharing some of the finer design details and unique usability of the Catalyst 9000 switches here.


Building these switches from the ground up allowed us to make usability a central consideration. This led to new, creative thinking and innovative design choices on the Catalyst 9000 switches.


But how much design change can we make in switches?


Let us start with my favorite topic – the fan tray design on the Catalyst 9400 switch. Historically, front accessibility of all FRUable components has been an ante requirement for enterprise modular platforms. This is to accommodate for space constrained closet environments where the switch had to be placed flush against the wall. Front accessibility of the fan-tray came with the caveat that all the cables need to be routed to the opposite side of fan-tray to enable serviceability in case of a failure. Cable management gets tricky when you have to route 48 twisted pair Ethernet cables to the same side of the chassis and in many cases customers need special cable guides to make this work. The Catalyst 9400 chassis introduces user-configurable dual serviceable fan-tray design to overcome this specific challenge. This innovative design allows users to service the same fan-tray from the front and rear of the chassis. Cable management compromises are no more.

cat9k blog #2 image.pngOn the topic of fans, these generate all the acoustic noise emitted by the switches. In environments where the closets do not have acoustic isolation, the noise can be disruptive and this is exactly what we attempted to minimize on the Catalyst 9000 switches. Historically, sensors measure ambient temperature and dynamically modulate the speed of fans as a mechanism to reduce noise. The Catalyst 9000 switches takes this a step further by deploying sensors to measure the barometric pressure that allows the fans to run at reduced RPMs to minimize acoustic noise at lower altitudes. Furthermore, an intricate network of sensors continuously monitors the Catalyst 9400 platform’s thermal health and increases the speed of selective fans within the fan-tray when alerted, minimizing the overall system generated noise. The same closed loop mechanism is also used to get N+1 redundancy for fans within the fan-tray where neighboring fans can compensate for a failed fan by increasing their RPM.


Design choices on the Catalyst 9000 switches also aid day-today operations. Asset management enabled by RFID comes with added overhead of programming the RFID and tagging it to the component that requires tracking. Not anymore! Catalyst 9000 switches come with pre-programmed RFID tags with optional customizable fields making inventory management more convenient than ever before. While RFID tags are included at the switch level on the Catalyst 9300/9500; the Catalyst 9400 sports the RFID tag on all field replaceable units (FRU) -  supervisors, line-cards, fan-trays and power supplies.


As a network operator, imagine sending a highly trained employee out ever time you had to touch a switch - be it to connect debug cables or service a failed FRU. The Catalyst 9000 series now includes blue beacons on all switches and FRUs. Anyone with access to the switch can do trivial tasks like replacing a failed power supply. The savings for remote sites maintenance can be significant – just pick up the phone and you can literally ask anyone to service the switch.


Cisco CEO Chuck Robbins called the Catalyst 9000 series “beautiful” and here are some of the design choices that make the Catalyst 9000 the industry’s most aesthetic switches.

  • Rounded frame without sharp corners – “yes” you can keep touching!
  • Ergonomic pullout handles on the Catalyst 9400 enable better weight distribution – you will not break your back lifting these switches!
  • Innovative slide-out ejectors with latch on the uplink modules of Catalyst 9500 – no more screwdrivers!
  • Molded plastic covers ejectors, screws and handles on field replaceable units – no gloves required!
  • Industry standard icons now advertise the capabilities of the switch – a truly universal switch!

Cat9k blog #2 features image.pngThe Catalyst 9000 series of switches redefines convenience and usability – it is time to make the switch.

We are excited to announce the inaugural episode of #CiscoChat Podcast. #CiscoChat Podcast explores topics related to networking, IT, IoT, collaboration, security, cloud, data centers, and more.


In this first installment of the #CiscoChat Podcast, we open with an recurring series called “Ask the IoT Whiz.” On each episode of Ask the IoT Whiz, we’ll speak with experts as we address questions from you — our community of listeners. This episode’s questions will help to guide you through the common challenges that arise in migrating legacy Machine-to-Machine (M2M) networks to modern IP networks. This migration is key to digital transformation, but there are many obstacles to overcome along the way.


Ask the IoT Whiz host, Stephanie Gaspar, is joined by Duval Yeager, Cisco Product Marketing Manager and IoT Subject Matter Expert. Throughout the chat, we address some of your most compelling questions, including:

  • How to secure IoT devices in the wake of security hacks like the Mirai botnet
  • How to ensure mission-critical services can be prioritized when operating in a shared IP network space
  • How to overcome the challenge of small-packet processing


This first episode is full of great information to prepare you for the challenges you’ll face in your legacy M2M migration. Listen below, and join the conversation in the comments section. You can also reach Cisco IoT directly on Twitter.


Download the episode on SoundCloud, follow our station, or listen here now!


Not to fear if you can't make it to Vegas next week.  We've got a couple of activities you can partake in right from your office chair.




All though out the community next week, you'll be able to catch livestreams of all the keynotes from Cisco Live.  You can jump on pretty much any community home page and find the schedule and turn on the livestream!




innovation showcase.PNG


Like the keynotes, we'll be streaming all of the Innovation Showcase sessions during the week.  Again, the schedule will be available and you can choose when to turn on or off the livestream from the community.  Livestream will be placed on most pages of the community.





Tech Field Day is an independently organized conference series centered on enterprise IT infrastructure.  They will have a livestream on the topic of DNA all day on Tuesday, June 27.  Catch the livestream here on Tuesday, June 27.





You already know this, but it's worth a reminder - you can ALWAYS ask us questions ANYTIME in the community.  Your peers would love to chat with you and Cisco technical and product teams are standing by as well to help.  Don't leave your questions unanswered!


CCP new image.jpg


Want details from Cisco's June 20th Network Intuitive announcement?  Check out the latest briefing schedule via the Customer Connection program and register for an upcoming session.  We've got four coming up in July and we'd love to have you join and answer your questions.




Hope you'll take advantage of these opportunities next week. Enjoy!


An explosive growth of network use is underway which has some estimating that that over half of the world’s population now has internet access and spends approximately 11 hours daily on line. And that number is growing. By 2020, we can expect 50 billion devices to be connecting by 2020 and internet usage will similarly grow. This growth coupled with the changing threat landscape introduces new set of security challenges. Enterprises must secure their assets from advanced persistent threats where perimeter security is proving to be insufficient.


Cisco understands these trends and is leading the way with the Digital Network Architecture (DNA). Cisco is ushering into a new era of networking with the new Catalyst 9000 series of switches, Software-Defined Access (SD-Access) and Network Data Platform (NDP), which deliver the core principles of DNA.


As we transition our network infrastructure closer to the software-defined networking architecture, it is imperative that we simplify our software licensing strategy. Therefore, with the launch of Cisco Catalyst 9000 Series we are moving to a more intuitive two-tier, software licensing model – Essentials and Advantage. Essentials tier provides baseline networking capabilities while Advantage tier focuses on Cisco value added differentiators.


The Essentials tier offers an augmented Network OS license – ‘Network Essentials’ -- that provides Full L2 and Routed access capabilities on the Catalyst 9K platforms. It additionally provides a ‘DNA Essentials’ license that contains relevant Base Automation and Monitoring capabilities on the switch and DNA Center to simplify network management and troubleshooting through Plug n Play, On-box python, Client 360 and more.

Essentials.PNGThe Advantage tier is arguably the finest software tier available in the Enterprise Switching market today. It contains the best Network OS license – ‘Network Advantage’ providing Full L3, Segmentation and Resiliency capabilities on the Catalyst 9K platforms. It also provides a ‘DNA Advantage’ license containing Cisco’s lead Enterprise architectural solution – SD-Access, providing policy-based automation from edge to cloud, network security through micro-segmentation, encrypted traffic analytics (ETA) and proactive issue resolution through predictive analytics.

Advantage.PNGContents for each of the software package can be found in the respective datasheets for Catalyst 9300, 9400 and 9500. DNA licenses are inclusive of all the capabilities that are delivered by our DNA Center; no additional licenses are required with DNA-Center and the associated platforms APIC-EM and NDP.


Cisco understands Enterprise customers have invested in products such as Catalyst 3K with a Lan Base, IP Base or an IP services in a perpetual buying motion in the past. Therefore, with Catalyst 9K we continue to offer our Network licenses – Network Essentials and Network Advantage as perpetual only. However, with DNA licenses we want to offer flexibility to our customers. Most of the capabilities in these licenses contain new path breaking innovations from Cisco that our customers would be using for the first time. Therefore, we are offering DNA licenses – DNA Essentials and DNA Advantage as term-based licenses with 3, 5 and 7-year term options as that would greatly encourage our customers to try out these new technologies and deploy them in their Enterprise networks.

perpetual chart.PNGAdditionally, DNA licenses being term based by design offers embedded software support and ongoing innovation promise to the end customers at no additional cost. This is immensely important because as Cisco transitions to a software-defined architecture, customers will expect significant, ongoing innovation from Cisco that would be covered under DNA licenses. Lastly, solution consumption is also

made easy with Cisco One software. To know more, please visit – www.cisco.com/go/onedna.


As we enter the new era of networking and introduce term-based licenses, we understand software license management will be important, as our customers now have to manage perpetual and term-based licenses across multiple campuses, branches and regions. Therefore, very soon within DNA Center, we will introduce a ‘DNA License Manager’ application to provide Enterprise customers a single pane of glass for visibility on all aspects of software licensing. This application will be a one-stop shop for all Enterprise customers as it would cover the entire portfolio of Enterprise networking that comprises of routing, Switching and wireless products.


The value of Cisco’s new era of networking is here – it’s time to make the Switch!


Want to hear more about this and other technical details from the announcement?  Join us on July 11, 2017 from 8:00-9:30am PT for a deep-dive session and Q&A.  Simply join the Cisco Customer Connection program and then register for the session.  www.cisco.com/go/ccp

Check out this blog from David Goeckeler ...


Just over a year ago, David McGrew, one of Cisco’s fellows, walked into my office to brief me on a project he was working on. The next 45 minutes were pretty unforgettable.


He explained to me that he and his team had discovered how to solve one of the biggest challenges in network security: They had invented technology that can identify malware in encrypted traffic. They even were showing four nines of accuracy in their test cases and no information was being decrypted. The fact that no decryption was involved meant their approach did not come at the expense of privacy.  It wasn’t until he walked me through exactly how they were running ...


Read the full blog

Today Cisco unveils a new network for a new era, a network for today’s world and tomorrow’s. Our new network is the result of the deep innovation we’ve been driving at Cisco, and it’s something I believe will change the trajectory of the entire industry.


At the core of this new era is intent-based networking, which is focused on business outcomes and the increasing speed at which companies can achieve their desired results. It is a network with a purpose, one that can think ahead to help organizations move faster and be smarter. While there are several technologies involved in bringing this to life, on a conceptual level the key pillars of this approach are intent, context and intuition. As the pace of business only accelerates, the need for these capabilities is critical.  The new network delivers ...


Read Chuck Robbins blog

globe and internet.jpgThe Network Intuitive


In every generation there is a groundbreaking technology that completely changes the way that we view our world. In the IT industry this happened in the past with the introduction of IP-based networks in the early 90s and then again with VMs for virtualization in the early 2000s. I am very excited to be a part of the team that is defining a new era of networking for the next 20 years with the launch of Cisco Software-Defined Access and the new Catalyst 9K family.


Cisco SD-Access represents a fundamental change in the way that we design, provision, and troubleshoot Enterprise Networks and how we make the network “intuitive”.


So what is SD-Access and why will it change everything in Enterprise networking?


The Pitch

For the past 25 years, enterprise networks have been built on the concept of VLANs, IP subnets and ACLs. In the new age of digitization, with the exponential growth of network use, this architecture will no longer be able to scale.

  • VLANs and IP Subnets aren’t designed for a mobile and wireless world with a growing number of users accessing resources anywhere from any device at any time.
  • VLANs did not imagine a world with millions of IOT devices of varying levels of sophistication running on a converged infrastructure managed by IT.
  • ACLs were not built for a world where security is top-of-mind and the threat of malware and hacking are constant.


These new digital network requirements need a fundamentally different approach. Cisco SD-Access is the answer.


Cisco SD-Access is an intent-based networking solution that translates business intent into networking configurations. The following are the key capabilities of this solution.


  1. Policy-Based Validation: SD-Access builds a standards-based network fabric that converts a high-level business policy into network configuration. One of the key use-cases for this is segmentation of users, devices and things with identity-based policy regardless of location. Gone are the days of dependency on VLANs and IP subnets!

  2. Intuitive Automation: SD-Access uses the new DNA-Center built on top of our award winning SDN controller APIC-EM for end-to-end automation. An comparable analogy for this would be the transition to a GUI interface that Windows 3.0 drove in the early 90’s from the previous CLI-only MS-DOS interface. It ushered in an entirely new era for home computing and the same is now true for Enterprise networks. Welcome to a world of software-defined segmentation with policy controls at your fingertips!

  3. Contextual Analytics and Dynamic Remediation: Combined with our new Network Data Platform (NDP), SD-Access validates the original business intent is satisfied and takes corrective actions when a conflict arises. This means network engineers can spend more time designing better networks instead of spending a majority of their time in fighting network-related fires!


Additionally, SD-Access capabilities are available through programmable APIs at both a controller layer as well as standard-based models on the infrastructure itself offering unprecedented flexibility and customer control.


The Business Benefits

The biggest benefit of SD-Access is the ability to deliver business policy from network edge to cloud and improve network flexibility. But that’s not all SD-Access offers:


  1. Reduce Operating Expenditure: SD-Access Automation and workflows minimize the time and expense on operational tasks and allows network engineers and architects to focus on strategic initiatives. Companies like Royal Caribbean have embraced the segmentation and automation capabilities of Cisco SD-Access to provide secure access and remotely provision cruise-ships worldwide to reduce cost.

  2. Improve Compliance: Automatic validation of business intent simplifies auditing and compliance regulations by ensuring that intent translates to operations. Wipro, a worldwide leader in IT consulting is looking at Cisco SD-Access to quickly deploy services to IT locations worldwide and provide clear segmentation for their clients across the globe ensuring compliance.

  3. Optimize User Experience: A SD-Access network optimizes the network to get the most out of the infrastructure which in turn provides and overall better user experience. Deutsche Bahn looks to SD-Access to consolidate their locations across the country with consistent policy and provide their users with the best experience possible.


Cisco has also ensured unprecedented investment protection for our customers by supporting this solution on not only our cutting-edge Catalyst 9000 product family of Switches but also our existing portfolio of Enterprise Networking products. Check the list of supported products on the Cisco SD-Access page.


The Bottom Line

The new era of digitization requires a fresh approach to meet the network requirements for the next 20 years. Cisco SD-Access gives customers the power to redefine networking and brings real business benefits.


For more information, www.cisco.com/go/sdaccess

Want to learn more?  Join my colleague, Sehjung Hah, on July 18, 2017 from 8:00-9:30am PT in the Cisco Customer Connection program.  He'll be delivering a technical, deep-dive briefing on SD-Access. Register for the Customer Connection program and then sign up for the session.  www.cisco.com/go/ccp  We look forward to seeing you there!



Maximize your Network Mileage!

Enterprise network managers walk an unenviable tightrope. They must balance network users’ real need for adequate network resources against inevitable financial limitations. They make network bets on technology that will maximize both their financial investment and their network productivity.


When it comes to investment protection, Cisco’s Catalyst Switches are unmatched.


The Cisco Catalyst 6500-E and Catalyst 4500-E series of Switches are a testimonial of this where every new generation of supervisor provided backward compatibility with all previous generation line-cards. Similarly, the Catalyst 3K was the industry’s first stackable Switch to offer modularity of uplinks, which enable customers to continue using the same Switching platforms as they transition their uplink speed.


Cisco’s introduction of the Catalyst 9000 series of Switches and Software Defined Access (SD-Access) is launching of a new era of networking and resetting the bar for investment protection for Enterprise Switching.


Firstly, SD-Access customers are not required to upgrade their Switching infrastructure since most Cisco Switching platforms shipped since 2013 support this capability. It is the first time that a full-featured fabric technology has been delivered without requiring an upgrade of the Switches. The programmable pipeline architecture, supported by the Unified Access Data Plane (UADP) ASICs, make this possible. While the rest of the industry cycled through multiple generations of ASICs to support the VxLAN fabric evolution, the programmable pipeline of UADP allowed Cisco Catalyst Switches to adopt this technology by simply upgrading the ASIC mico-code. Looking into the future, we feel confident that we will be able support fabric enhancements like Network Services Header (NSH) and Group Policy Option (GPO) through micro-code upgrades as well.


The Catalyst 9000 series of Switches are based on UADP 2.0 the second generation of UADP ASIC that comprises of 7.46 Billion transistors – one for every human being on this planet! In addition to programmability improvements of the ASIC pipeline, we have also introduced flexible tables on UADP 2.0 to enable universal deployments of the Catalyst 9000 Switches. UADP 2.0 turns Catalyst 9K into a Swiss Army Knife style Switch by customization of available table (SRAM/TCAM) resources based on customer deployment requirements. Cisco currently offers four fully tested templates to cover the all places in the network.


Finally, if needed, all the pipeline programmability and table configuration capabilities of UADP 2.0 can also be exposed over customer consumable APIs like OpenFlow 1.3 and P4 (Programming Protocol-Independent Packet Processors). This can unlock unlimited possibilities for Enterprises as they look to adopt net new IoT and security use-cases.


But the ASIC is only part of the futureproofing capabilities in the Cisco Catalyst 9000 Switches.


The Catalyst 9400 platform is advancing modular investment protection into new territory by decoupling the bandwidth driven by line-card and supervisor. Separating this functionality allows us to test the line-cards for full bandwidth capacity even if the corresponding supervisor generation is not capable of supporting this bandwidth. To illustrate this using a real life example, the Multigigabit/10G line-cards on the Catalyst 9400 platform are roughly 3:1 oversubscribed when used with gen-1 supervisor. Future generations of supervisors can enable close to line-rate operation of these exact same line-cards thereby increasing the throughput of the system without the need to upgrade the line-cards.


The Catalyst 9000 series of switches introduce significant enhancements in terms of PoE scale. To prevent power draw limits per line-card slot, we updated the power distribution of the Catalyst 9400 chassis.  This update enables the Catalyst 9400 platform to support UPOE (60W) on all ports simultaneously making it the industry’s most capable platform in terms of power over Ethernet (PoE) scale. It also ensures that the chassis is ready to adopt future PoE standards.


The Catalyst 9500 introduces the first Enterprise optimized 40G core/aggregation Switches. The increased use of Multi-gigabit ports in the access necessitates greater than 10G uplink connectivity from the closet. While many Enterprise environments won’t need 40G in the aggregation/core layers today; the Catalyst 9500 platform provides the option to use standard 10G SFP+ optics on its 40G QSFP+ ports via the QSA adapter (CVR-QSFP-SFP10G). This allows customers to future-proof their aggregation/core Switches for 40G while continuing to use 10G optics until higher bandwidth is required.


Finally, Catalyst 9300 continues as the industry’s only stackable Switch to support 480G of stacking bandwidth via StackWise-480 technology. As 25G and 100G Ethernet standards mature for the Enterprise market, StackWise-480 technology ensures that the stack itself never becomes the bottleneck for performance.


Cisco’s Catalyst 9000’s Switches have been built with investment protection capabilities that can see Enterprises through the next decade – it’s time to make the Switch!


For more information, visit the Network Architecture - Cisco DNA page.

Want to learn more?  We have a great technical deep-dive briefing set up to chat about the Catalyst 9000 Series Switches on July 11, 2017 from 8:00-9:30am PT.  Join us via the Customer Connection program.  First join the program and then register for the briefing.  We'll see you there!  www.cisco.com/go/ccp


DNA Assurance and Analytics

Posted by leleonar Jun 20, 2017

The following is co-authored from Cisco Product Managers, Pedro Leonardo and Amit Dutta.



Network complexity continues to increase, leading to higher OpEx cost. As much as 85% of companies report that their systems are reactive. There is a strong desire to transition to proactive/predictive solutions. Additionally, there is too much data and not enough insights which comes from today’s proliferation of tools. Because of that, network administrators do not get a holistic view of behavior of the network. What they are looking for is to quickly triangulate and isolate the source of contention.


Cisco’s Assurance and Analytics solution delivers a full technology stack from the ground up to address customer needs. It uses simplified integrated user experience across the entire enterprise portfolio of products. It proactively identifies issues and trends through correlation and machine learning algorithms.


DNA Assurance overview

DNA Assurance provides a comprehensive solution to assure higher and consistent service levels to meet growing business demands. The solution addresses not just the reactive monitoring and troubleshooting but also the proactive and predictive aspects of running the network, and ensuring clients and application experience are meeting optimal performance levels.


DNA Assurance gives network health visibility through proactive issues and trends. These issues consist of basic and advanced correlation of multiple sources of information, thus eliminating white noise and false positives.


When there is a network outage or performance glitch, IT teams need to identify the root cause before they can mitigate the problem. More analytics tools and more data doesn’t always help IT to troubleshoot problem faster. However, having greater insight into what is happening on the network and having recommend solution to problem will reduce IT time and increase network uptime.


The solution proactively monitors the network, gathering and processing information from devices, applications, and users and presenting it in Cisco DNA Center, an easy-to-use single dashboard for managing all analytics tasks.


DNA Assurance provides both system guided as well as self-guided troubleshooting. For a great number of issues and trends it provides a system guided approach where it does correlation of multiple Key Performance Indicators (KPI)s and results from automated sensor to determine the root cause of the problem, and then provide suggested actions.


DNA Assurance also provides in-depth health scores for the network and its devices, its clients, applications and services. Client experience is assessed both for access (onboarding) and connectivity by providing detailed application experience analysis from the global to the site and the client.


Network Data Correlation and Analysis

Cisco’s Assurance is built on top of the new Cisco Network Data Platform (NDP) designed to scale across the enterprise.


The key to Cisco DNA Assurance and Analytics is its ability to continually collect and put insights into action. Cisco NDP collects NetFlow records, Simple Network Management Protocol (SNMP) events, wireless LAN controller activity, and syslog information in real time to continually monitor how devices, users, and applications are performing. The solution baselines the collected data to establish “norms” and then uses it for network analysis to find outliers.


The solution then performs advanced processing to evaluate and correlate events. The system is able to quickly identify the most likely root cause and offer proven best practices for resolving issues. For more detailed discovery, it drills down to the underlying data.


NDP also leverages streaming technologies to collect network telemetry data in real-time and augment the collected telemetry data with contextual information in order to continuously correlate and build the relationship of the network devices, applications, users, and endpoints. This comprehensive network relationship is leveraged by the DNA Assurance via APIs in order to provide an end-to-end visibility in the context of the applications and user experience.

assurance analytics architecture.jpgThere are three layers of analytics in NDP. The first layer helps to reduce the data noise so that the enterprise can enable minimal telemetry data but gain the maximum visibility in DNA assurance. The second layer builds context aware data graph and offers this insight via APIs. Based on historical data and machine learning algorithms, NDP allows DNA Assurance to quickly identify abnormal patterns and trending based on baseline data. The third layer offers model based meta-data and analytical pipelines management APIs to further extend the platform to integrate with business applications.


In addition, NDP has natural language search and time-based replay capabilities that will enable DNA Assurance to gain instant network insights so that enterprise IT will effectively reduce the mean time to discovery (MTTD) and mean time to resolution (MTTR) as well as improve operational efficiency.

Want to learn more?  Join us for an upcoming technical, deep-dive briefing on DNA Assurance and Analytics on July 25, 2017 from 8:00-9:30am PT.  The session is hosted by the Cisco Customer Connection program.  You'll need to register for the program first and then the briefing.  Do so now at www.cisco.com/go/ccp  We look forward to your attendance!

What is SD-Access?


Imagine being able to bring Software-Defined, fully programmable, fabric-based network Automation and Assurance to your Enterprise Campus, WAN and Branch network environments... with built in Group-based Security + Segmentation and Quality of Service!


The new Cisco DNA Software Defined Access (SD-Access) combines the Campus Fabric and IWAN overlay solutions with Cisco TrustSec, into a common API-driven GUI ecosystem comprised of DNA Center: APIC-EM, ISE, NDP and others.


Read more about the Business Benefits of Cisco SD-Access.


The SD-Access solution can be summarized by the following attributes:

  • CVD / RNA based network design
  • LISP based control-plane overlay
  • VXLAN based data-plane encapsulation
  • CTS / SGT based policy management
  • NDP based fabric assurance
  • APIC-EM based fabric automation



The SD-Access solution will work on the following platforms (FCS 1.0):

  • Catalyst 3650 and 3850 (all models)
  • Catalyst 4500-E + Sup8E/9E and 4700 Cards
  • Catalyst 6807-XL + Sup2T/6T and 6800 Cards
  • Catalyst 6880-X or C6840-X (all models)
  • Catalyst 9300, 9400 and 9500 (all models)
  • Nexus 7700 + Sup2E and M3 Cards
  • ASR 1000-X or 1000-HX (all models)
  • ISR 4430 or 4450 (all models)
  • Cisco WLC 3504, 5520 or 8540
  • Cisco AP 1800/2800/3800 (Wave 2)


Want to Learn More?





Cisco SD-Access Solution Overview


What should I be doing?


1. Focus on refreshing the Access & Core

2. Start getting familiar with DNA Center

4. Ask your SE to engage Cisco Services

In less than a week, in Las Vegas, Cisco will showcase a revolutionary solution for defense and detection against encrypted malware.


In a recent global study, more than 40% of attackers used encryption to evade detection.  Things will get much worse.  By 2020, 80% of WW traffic will be encrypted according to multiple analysts.  Simultaneously, weak, out-of-date, ciphers are proliferating, due to the rapid growth of users, devices and sessions. Enterprises often decrypt traffic for inspection on access networks.  This approach will become prohibitively expensive due to sheer complexity, new privacy regulations and the adoption of perfect forward secrecy.


What is needed is to ubiquitously scan for threats in their encrypted state and continuously monitor your entire access infrastructure for the strong cryptography.


Cisco’s new Encrypted Traffic Analytics combines both these capabilities with new machine learning systems both in the cloud and on-premise. And it leverages your own network.  Without decryption it detects hidden malware with high precision and it instantly identifies older cyphers and protocols so they can be updated.


At CiscoLive, Cisco will demonstrate the full power of machine learning enabled by Cisco Stealthwatch, Cognitive Analytics and new networking technologies.ETA image.png

CiscoLive Events


World of Solutions Cisco Campus

Stealthwatch Security AnalyticsSecurity
Network Sensor and EnforcerEnterprise Networks and Mobility
Network Security AnalyticsIT Insights
Theater PresentationsTheater walk up


Sessions and Tectorials

(Search for Session ID)

  • Hidden Figures: Securing What You Cannot See - Session ID: INSSEC-1013
  • Detect Threats in encrypted Traffic without decryption - Session ID: BRKCRS-1560
  • Detecting Threats with Advanced Analytics Martin Rehak - Session ID: BRKSEC-3106
  • Deciphering Malware's Use of TLS (without Decryption) - Session ID: BRKSEC-2809
  • Understanding Encrypted Traffic Using "Joy" for Monitoring and Forensics - Session ID: DEVNET-1218
  • DevNet Workshop - An Introduction to Monitoring Encrypted Network Traffic with "Joy" - Session ID: DEVNET-1215
  • Security Monitoring with StealthWatch: The detailed walkthrough - Session ID: BRKSEC-3014   
  • Building Network Security Policy Through Data Intelligence - Session ID: BRKSEC-2026


After CiscoLive, join us on July 12, 2017 in the Cisco Customer Connection program.  We'll have a special technical deep-dive breifing on Stealthwatch 6.9.2 and whole ETA solution.  Simply join the Customer Connection program to register and navigate your way to the online briefings session registration.  www.cisco.com/go/ccp


And later in July, look for another Cisco blog on the science of encrypted malware detection using machine learning.


Look forward to your attendance in person in Las Vegas and on-line for the webinar and follow-up blog.

Filter Blog

By date:
By tag: