Overview
This article compares Prime Infra (PI) and DNA Center for a wireless user of Catalyst 9800 controller. As a Quality assurance test engineer for Prime Infra, there was always an inquisitiveness to compare Prime Infra with DNA Center for a specific use case. It was out of this interest that we decided to write this blog and hope that the reader finds it useful, or a reference, when migrating from Prime Infra to DNA Center. This article talks about use cases around device configuration, upgrade/downgrade, basic architecture and futuristic developments and what can be some of the comparison data points between Prime Infra and DNAC Center. There are also multiple reference links in each section in case further information is required.
Manage Wireless LAN Controller on Prime Infra and DNAC
Figure 1: Interaction between Prime and Catalyst 9800
Prime Infrastructure can configure, manage and monitor Catalyst 9800 Series Wireless LAN Controllers with reachability from C9800 via CLI, SNMP and Netconf-Yang. Every prime release requires integration of coral, which is extracted from specific IOS-XE release. At times multiple corals need to be managed on Prime to ensure backward compatibility. While adding C9800 to Prime Infrastructure, based on device discovery, subscriptions are pushed to device. Currently 30 subscriptions are supported by prime which include various AP, client, rogue related telemetry data. Coral is the medium through which all subscription information is exchanged between Prime Infra and wireless LAN controller.
- EWC catalyst devices (9100 EWC) are not supported by prime whereas AireOS ME controllers are supported.Device supported on Prime
- Prime software upgrade, user has to download the upgrade file and start upgrade on manually. Currently prime will not support downgrade to lower version of software. Prime Installation and upgrade procedure
- Prime server currently supported 1:1 HA (Primary and Secondary) Prime High Availability configuration
Figure 2: Interaction between DNAC and Catalyst 9800 without need of coral
Cisco Wireless device-discover, inventory by Automation (Fusion) and transfer of inventory information to Assurance via Netconf Yang interface is all possible with DNAC and once discovered device moves to “Managed state” in DNAC. Best way to subscribe data in Catalyst 9800 is via on-change subscription, which will send an update as soon as there is a change in a TDL table record. Events are always delivered on-change. Subscription supports periodic notification as well. DNA-C currently shows the event viewer in Issues and Client 360 to show the sequence of events during onboarding. Currently 60 subscriptions are supported by DNAC. Interaction between eWLC and DNAC application using Polaris TDL and there is no dependency on coral (unlike Prime), all packages are integrated with DNAC software itself.
- EWC (Fabric)deployment is supported only on DNAC and not on prime infrastructure. Device supported on DNAC
- DNAC software upgrade or any updates, you will get notification from cloud server (cisco global catalogue server) and just one click to upgrade/update your DNAC software, currently software downgrade is not supported on DNAC as well. DNAC upgrade Guide
- Currently DNA-C supported 3 node cluster for (1:3) High Availability. DNAC 3 node cluster High Availability Guide
Wireless Lan Controller site configuration on Prime Infra and DNAC
Prime Infra (PI): For local site and flex site deployment, user can use “template creation” to push on C9800 device, there are multiple templates (wlan, policy, policy tag, rf profile, rf tag, site profile and site tag) required to configure local site (or) flex deployment from prime. Deployment of the site can take time (at times upto 45 minutes) depending on the server performance. Cisco Prime Infra User Guide
Figure 3: Snapshot of various templates on Prime Infra that need configuration
DNAC: Here the approach is customer based use case driven scenario, if user creates single profile for local site and push device – it will configure all required data’s on device (wlan, policy, policy tag, rf profile, rf tag, site profile and site tag), same in flex site as well. Site deployment takes only 10 mints to complete all configuration on device.
Figure 4: One step configuration for device offered on DNAC
Quality Assurance Test experience
|
Template Configuration push |
|
|
Prime |
DNAC |
|
Provisioning achieved through template and config groups |
Service based network level provisioning via profiles and Policies |
|
Manual failures recovery via CLI templates |
In-built capability to roll back on failures |
|
Day 0 and Day 1 updates via multiple CLI template or composite template |
Simplified Day 0/N updates via settings and profiles |
Device Configuration through Prime Infra and DNAC
Prime- Device configuration Via SNMP
Prime Infrastructure provides a number of out-of-the-box configuration templates that user can use to make changes on network devices. User can Create a New Features and Technologies Template Using an Existing Template.
Wireless controller templates provide access to all Prime Infrastructure templates from a single page. User can add and apply controller templates, view templates, or make modifications to the existing templates. This section on Prime Infra also includes steps for applying and deleting controller templates and creating or changing access point templates. Controller Templates and Field Descriptions.
- All wireless template configurations are pushed to device via SNMP which uses UDP and C9800 device scale discovery of AP, Clients, Rogue and other telemetry related events are updated via Netconf Yang. (i.e. through TDL process On-change updates).
- SNMP uses Pull method to see the data for monitoring and bulk data push to device taking long time to update on device.
DNAC device configuration via NETCONF-YANG
Wireless Onboarding Configuration templates to be applied to devices. Create network profile for basic configuration commands to onboard a wireless device to managed on the network. You can Create Templates to Automate Device Configuration Changes. Create Network Profiles.
- All wireless template device configuration pushed via Netconf-Yang which uses TCP.
- NETCONF uses Push method to configurating and monitoring the data store as well. bulk data push to device much faster than SNMP.
Maps Management on Prime Infra and DNAC
Prime Infra Maps:
Prime Infrastructure site maps represent geographical locations and physical structures where your organization maintains network assets and provides network services on users. It has option to configure site hierarchy on organization. If organization is configured site, building and floor on the map, below details can be seen in network. Currently device 360 view is not present on the prime but available in DNAC. On Prime Infra user has to navigate through different pages to look for device details
- Displaying physical locations of network devices, including wired routers, wireless access points and controllers, and client devices like laptops, tablets and mobile phones.
- Displays wireless network coverage, including “heatmap” displays of signal strength and quality, locations of RF interferers, chokepoints, and so on.
Figure 5: Sample floor map on Prime Infra
DNAC Maps:
Cisco DNA-C map it is mandatory to design network with site, area, building and floor.
Design area is where you create the structure and framework of your network, including the physical topology, network settings, and device type profiles that you can apply to devices throughout your network. Create a Site in a Network Hierarchy.
Whatever supported is present on prime, same features are implemented on DNA-C as well and also device 360 view supported only on DNAC map. This helps user to check device information on 360 views. DNAC also supports 3D maps.
Figure 6: Sample floor map on DNAC
Prime Infra Database vs DNAC Database
|
# |
Prime DB |
DNAC DB |
|
1 |
Oracle DB used to manage wired, wireless and routers and third-party device. There is dependency on the license based data storage. |
Open source data base like Mongo db, postgress, graph, etc.. There is no third-party license dependency. |
|
2 |
Difficult to troubleshoot across devices with one common data base supported on all cisco platforms (switches, routers and firewall). Multiple data base services are not supported. |
DNAC uses multiple app services with their own data base service and easier to troubleshoot any specific app services. |
|
3 |
Device supported scale: Device scale supported on Prime |
Device supported scale: Device Scale supported on DNAC |
|
4 |
On Virtual Machine (OVA deployment) - support is available to increase DB size for already running the prime server. |
OVA virtual Machine development is currently unavailable, however, InProgress in future releases. |
|
|
Prime Appliance (Gen3) server supports maximum, CPU – 20c and Memory – 64GB, Disk I/O speed – 320 Mbps, Disk Size-4x1.2TB |
DNAC Appliance server has three flavors - supports maximum CPU – 44/56/112C, Memory – 128/256GB, Disk I/O speed – 320 Mbps, Disk size – 4x1.8TB |
Software Image Management (SWIM) on Prime Infra and DNAC
|
Prime Infra |
DNAC |
|
Separate device image upgrade for Wired and Wireless devices |
Common workflow for across Enterprise wireless products |
|
No concept of image standardization |
Standardization of software by selecting device type, role and location |
|
Limited set of pre-check-ins that cannot be customized |
Pre and post check validation provides seamless updates |
|
No support for software patch updates |
Patching capability to reduce downtime during software upgrades |
|
Compliance of image is done by manually creating scripts that need to be executed |
Automatic compliance and integrity checks for images |
Alarms and Issue reporting on Prime Infra and DNAC
|
Prime Infra |
DNAC |
|
Raw info - need expert to understand alarms |
Very descriptive explanation of any issue |
|
Every event generates an alarm |
False positive suppression |
|
At times, many alarms for same root cause |
Correlated insights with root cause analysis |
|
No guidance about how to resolve an alarm |
Suggested actions based on expert knowledge |
|
No correlation with affected users |
Clear indication of affected users and locations |
Rogue Detection on Prime Infra and DNAC
While Prime Infra provides different reports to uncover and visualize threat in wireless network environment, DNAC provide dashboards with more graphical and statistical view to handle threats. With DNAC intelligent live packet capture of threats Forensic analysis of attack becomes easier. User can download pcap file on their machine to analysis all raw data of attack.
aWIPS profile configuration, on DNAC, allows user to select required signatures, configure threshold values used in detection of a WIPS denial of service (DoS) attacks, and enable forensic capture at signature level. Threshold configuration helps to adjust the number of alarms which are generated for a specific duration for each aWIPS signature.
Rogue and aWIPS dashboard provides a central view of all the attack in user network over the time with real time data. With the help of threat 360 view user can clearly identify attack location, client, AP and nearby APs. This helps to define appropriate action by creating customize rogue rules in DNAC to prevent the attack.
Figure 7: DNAC Assurance page for Rogue and aWIPS
NAT Support on Prime Infra and DNAC
Prime Infra: NAT scenario is supported.
Cisco prime supports NAT’d deployment where prime and wireless controller deployed in a private network communicate via public network and all telemetry events travel through public network. This helps customer from exposing their private IPs publicly. All present release of Cisco prime software can manage telemetry in NAT’d environment.
DNAC: NAT feature will be supported from DNAC 2.3.2 release.
Artificial Intelligence / Machine Learning on Prime Infra and DNAC
Implementation of AI/ML in DNAC over prime takes it to next level. Analyzing trillion bytes of data, network performance, comparison of network to peers and preparing mitigation plans for network issue now became more easier in DNAC. Cisco DNAC AI Network Analytics provides customer various insight on their network.
1.Network heat map- provide client and APs KPI e.g., client count, client SNR, client RSSI, radio resets, packet failure rate, interference etc.
2.Peer Comparison- provide KPI with similar network size in field.
3.Network comparison- compare two buildings or ap model or end points by radio throughput, interference, channel utilisation, media, or cloud throughput.
4.Baseline - give complete view of issue in your network, what building and controller are impacted. onboarding time can be optimised by resolving AI driven issue in building and controllers.
Conclusion
Based on the various use cases talked about in this article, Prime Infra has been exceptional in providing the required support for our customers. DNAC, however, seems to be the way forward in optimising all the above work-flows and also paving the way towards much more user friendly dashboards, network insights and utilities.
References
Prime Infra Compatibility Matrix
https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
Prime Infra 3.10 Configuration Guide
DNAC Compatibility Matrix
Cisco DNA Assurance User Guide, Release 2.2.2
Document Authors:
Sridharan Krishnachetty (sridhkri)
