Category Archives: ACI

Cisco Live 2017: Kinetic Launch, ACI Updates, & More!

Cisco Live 2017

GreenPages Solutions Architect, Kevin Dresser, recently attended Cisco Live 2017 in Las Vegas. Here are his hightlights and thoughts from the conference:

I arrived a day early to Cisco Live to attend a technical seminar on Cisco’s Application Centric Infrastructure (ACI) which is their software-defined-networking solution for the Nexus Data Center platform.  ACI has been out for over two years, however, this year’s conference had a great deal of emphasis on the fundamentals of ACI and taking these beyond just the data center.  The theme this year was “The Network.  Intuitive.” and just a week prior to CiscoLive was a major announcement of intent-based networking solutions under the Cisco Digital Network Architecture (DNA) portfolio.

The graphic below shows the core ACI fundamentals that tie together the analysis services, the defining of network functions and the provisioning and configuration of devices.

ACI Fundamentals

The opening keynote highlighted three core challenges that Cisco’s vision is now focused on:  Scale, Complexity, and Security.  Cisco CEO Chuck Robbins stated that “in 2020, as many as 1 million new connections will be added to the internet every hour”.  The reality of this type of continuous growth of connected devices is where reducing complexity becomes a necessity.  And as that network footprint grows, so does the threat surface.  The emphasis on security was paramount and needs to be built into everything.  The messaging from Cisco around this new era of networking is that their intuitive network, “powered by intent and informed by context”, will provide a secure, intelligent and adaptable platform.  At the core of this intuitive network is the vast amount of data points that are available from these network connected devices.  Last year’s Tetration and AppDynamics acquisitions are now integrated into the network to bring analytics to the DNA portfolio and leverage the huge amounts of data points that are available from these network connected devices.  One example of how this will work is “Encrypted Traffic Analytics” which will look at network traffic and perform packet analytics that can accurately detect threats in encrypted traffic with more than 99 percent accuracy.  ETA will accomplish this by looking at packet meta data and flow dynamics without needing to decrypt the data which has always been a resource intensive bottleneck.  Another major benefit of network data analytics is in the information learned about the network to help significantly reduce the time administrators spend on problem identification, troubleshooting, and resolution. 

One last item to mention regarding the keynote was the announcement of the Cisco Security Connector for iOS.  Apple CEO Tim Cook joined the stage with Chuck Robbins to discuss the Cisco/Apple partnership and how they are committed to enterprise network security.  The Security Connector for iOS app will deliver visibility, control, and privacy to enterprise owned iOS devices and use existing solutions like Umbrella to prevent access to malicious sites whether on the corporate network, public wifi or cellular data connections.

Here’s a summary of some of the new products and solutions:

DNA Center 

The DNA Center is a management dashboard and command center for all network functions.  This is where Scale and Complexity are addressed by eliminating the need to configure individual devices through the traditional CLI.  Auto provisioning and policy definitions are all centrally managed through the DNA Center.

Data Analytics and Assurance 

The analytics and assurance platform continuously collects data from NetFlow, SNMP and Syslog sources to monitor device, user and application performance.  The analytics and correlation of data help reduce troubleshooting time determining root cause and remediation of issues.  Network traffic patterns and trends are also identified to help proactively plan changes before performance issues impact users.

Catalyst 9000 Switching 

The new Catalyst 9300, 9400 and 9500 switches come with custom built ASICs that are programmable, enabling software developers to leverage network resources to optimize their applications.  The Catalyst 9000 is the ACI solution to the Enterprise as the Nexus 9000 is to the Data Center.

Software-Defined Access 

SD-Access will bring SDN to the Enterprise access layer.  Segmentation policies for users, devices, and applications will provide greater security to the access network devices.  Identity Services Engine will ensure user and device security policies are enforced as they move between wired and wireless connections.  The DNA Center will provide auto-provisioning and management through the centralized UI and will tap into the network analytics platform for performance monitoring, management, and troubleshooting.

The following hardware platforms are supported for SD-Access:

Switches:  Catalyst 9300, 9400, 9500, 3650, 3850, 4500E, 6500, 6800 and Nexus 7000

Routers:  4000 ISR and 1000 ASR

Wireless:  3800, 2800, 1850, 1830 and 1815 APs; 8540, 5520 and 3504 Controllers

Encrypted Traffic Analytics – 

Although not available until Fall 2017, Encrypted Traffic Analytics can accurately detect threats in encrypted traffic without needing to decrypt the data.  The technology uses NetFlow and Stealthwatch to feed packet flow dynamics and meta data flow analysis to pick out threats with 99.9% accuracy.

Threat Intelligence Director on Firepower 

The Threat Intelligence Director will be available on the FMC in Fall 2017 to enable 3rd party threat intelligence feeds beyond the current Talos services.  

Jasper Control Center 7 – 

The Jasper service provides real-time control and visibility of IoT deployments using cellular data connections.  New features include improved reporting, integration with other Cisco products such as Spark and Umbrella as well as an analytics package. 

Cisco Kinetic – 

Kinetic is another IoT tool that compliments Jasper by working with wifi and wired endpoints and runs on the new Catalyst 9000 switches.

My takeaway from this year’s Cisco Live conference is that Cisco has really turned a corner on their movement towards providing software solutions for the network.  Most significant is how they are integrating the analytics, automation and security solutions across many different network platforms.  Changes are coming in the way we design, implement and support networks. 

By Kevin Dresser, Solutions Architect

Cisco boosts SDN range with ACI update

Cisco corporateCisco claims that customers can take a further step towards network automation as it launched a new release of Application Centric Infrastructure (ACI) software to its software defined networking range.

Despite massive demand there are only 5% of networks being automated, according to Cisco’s own customer feedback. In response it has moved to simplify the task by making it easier to address all the various autonomous segments of any complicated network infrastructure.

The new software revision of ACI makes it capable of microsegmentation of both physical (i.e. bare metal) applications and virtualized applications, which are separated from the hardware by virtual operating systems such as VMware VDS and Microsoft Hyper-V. By extending ACI across multi-site environments it will enable cloud operators and network managers to devise policy-driven automation of multiple data centres.

In addition, Cisco claimed it has paved the way for integration with Docker containers through its contributions to open source. This, it said, means customers can get a consistent policy model and have more options to choose from when using the Cisco Application Policy Infrastructure Controller (APIC).

ACI now supports automated service insertion for any third party service running between layers four and seven on the network stack, it said. More support will be put behind cloud automation tools like VMware vRealize Automation and OpenStack, including open standards-based Opflex support with Open vSwitch (OVS).

The ACI ecosystem now makes the automation of entire application suites possible, including Platform as a Service (PAAS) and Software as a Service (SAAS) and there are now over 5000 Nexus 9000 ACI-ready customers using Cisco’s open platform it said.

“Customers tell me that only five to ten percent of their networks are automated today,” said Soni Jiandani, SVP at Cisco. Though they are eager to adopt comprehensive automation for their networks and network services through a single pane of management, they haven’t managed it yet. However, since several ACI customers have achieved full this could be the next step, said Jiandani.