The Network. Intuitive.

Built on Cisco DNA

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
By the year 2020 75%
of businesses
will be digital or
will be preparing
to digitize

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Scale Complexity Security
 LEARNING

THE NETWORK.
INTUITIVE.
Introducing Catalyst 9K
INTENT CONTEXT
Series

SECURITY
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
An entirely new era in networking Software-Defined
Access
(SD-Access)

Previous era New era

Video Security

Cloud
Voice
IoT
Data Mobility
(Catalyst 9000 Series)

SD-Access: Policy-based automation from edge to cloud

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Introducing The Catalyst 9K Family
Catalyst 9400

Catalyst 9300
Catalyst 9500

Stackable Access Modular Access Fixed Aggregation

Built on Cisco’s Innovative UADP ASIC & Open IOS-XE

Introducing Cisco Catalyst 9300
New generation of fixed access
Cisco Catalyst 9000
leadership
1G Data UADP 2.0
2.5G at Only Highest 24 Ports Cisco IOS® XE Software
the price stackable 2.5G/mgig
of 1G 40G switch with SD-Access
density in
at the price 8x 10G the industry x86 CPU and containers
of 10G uplinks 1G UPOE/PoE+ Encrypted Traffic Analytics
(ETA)
AES256/MACSEC256
Trustworthy systems

mGig UPOE StackWise® Virtual

IEEE1588 and AVB
48 Ports
NBAR2
Perpetual/fast PoE
Model-driven programmability
Modular Modular uplinks Modular power supplies Patching/GIR
Fans Streaming telemetry

8x10G 2x40G 4x mGig 4x1G 350W 715W 1100W

 Extending Cat 4500E
Introducing Cisco Catalyst 9400 Leadership in Modular
Access
N+1/N+N Modular Power Supply
4X Throughput
Ergonomic handles 3X Client Scale
for efficient weight
distribution
2X Wireless Scale
Mix AC & DC Power Supplies
4X Power scale
Efficient Platinum Rated
Power Supplies 3X Buffering

Up to 480Gbps/Slot 10X Bandwidth

4X Memory & Flash

UPOE Simultaneously on all ports
Rear accessible Fan
Tray for flexible cable
Lower Power
management Native 25/10G & 40G Uplinks
Better Acoustics

Up to 1TB SATA Storage Higher MTBF

DualServiceable
Fan Tray MPLS VPN
Fits non-standard
racks (16”)
While preserving ….
Side-to-side
air flow HA Architecture
Intel x86 CPU, Re-architected power
4 Core 2.4GHz Investment
distribution for 10% higher
energy efficiency Protection Story
 Introducing Cisco Catalyst 9500
High-scale control plane with Up to 2x 950W
2.4GHz x86 CPU with 16 GB AC/DC PSU Extending Cisco
DDR4 memory 5 x fan trays Catalyst 4500X
Nonblocking ports with
Cisco IOS® Software 16.x
Internal storage: 16GB 5.3MB (shared) packet leadership in fixed
External storage: 1xUSB 2.0 buffer per port backbone
SD-Access, MPLS AVB, WRED, (front), 1xUSB 3.0 (back) Up to 24 ports
NAT, PAT, NBAR2 StackWise® Built-in RFID
of QSFP 3x throughput
Virtual
3x bandwidth
5x buffering
5x CPU speed
4x memory and flash
Height:1RU
4x port speed
Depth: 21.8”
2.4x 10G port density

Granular port densities to address all campus sizes

12Px40G 24Px40G 40Px10G + 8Px10G/2Px40G

Catalyst 9K - Foundation

Open IOS-XE UADP 2.0 X86 CPU

IOS XE Denali 16.5.1

IOSd IOS
IOS Hosted Apps
SubIOS
IOSd Sub LXC* LXC*
Sub
System
Blob System Wiresh
System
s
s LXC*
s ark
Common Infrastructure /
HA
Management Interface
IOS-XE
Module Drivers DB

Kernel

Open, Modern OS Programmable ASIC A Platform for App Hosting

We continue to build on the strong Foundation

Catalyst 9K Family – UADP 2.0
Next Generation of ASIC Innovation
Investment Protection
Flexible Pipeline

Universal Deployments
Adaptable Tables

Enhanced Scale/Buffering
Multicore resource share

Shared Up to 2X to 4X
384K Flex Up to 240GE
Counters Lookup Bandwidth Forwarding + TCAM

7.46B Transistors
28nm Technology
Up to 32MB Up to 64K x2
Embedded CPUs Packet Buffer Netflow Records
Catalyst 9K Family – x86 CPU

x86 CPU

Example 3rd Party Apps

x86 enables hosting containers and 3rd party apps

Catalyst 9K Family – External Storage Options
SATA SSD Storage USB 3.0

Up to 1 TB Up to 120 GB

For Local Logging – 3rd Party App Hosting - Containers

Catalyst 9K Family – Blue Beacon

Blue Beacon
on Every System &
Components

Identification of Devices has never been Easier

Catalyst 9K Family - RFID

Sample RFID Tag Data

SN = 'FOC2109Q023’
PID = 'C9500-24Q'
RFID on Every Device
VID = 'V00'
TAN = '68-100900-02'
and FRUable
TAN Rev = '10'

Components of Catalyst
CLEI
Index
= 'UNDEFINED'
= '900'
Encode
Filter
9400
= 'SGTIN-198‘
= '0‘
Partition = '5'
Company = '0746320'
Built-in Passive RFID

Inventory Management (Tracking) has never been Easier

Catalyst 9K Family – Optional Bluetooth

File Transfer

Device Management

cat9k (config)# interface bt0

Accessing the Device has never been Easier

 LEARNING

Introducing
Encrypted Traffic Analysis
INTENT CONTEXT

SECURITY
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 An Online Tipping Point

>80% encrypted
>55% encrypted

Web Traffic
May 2017 2019

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 70% of attacks will use
encryption in 2019

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Machine Learning Infrastructure view of the data
Identifies Malware
Encrypted Traffic Analytics
Google Search

Malware in
Encrypted Traffic

Firefox self-repair
Security
AND Privacy

Detection: Bestafera Malware

99.99% Accuracy

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 See and Act on Threats (Now For Encrypted Traffic)
ISE
(Identity Services Engine)
Automated policy
enforcement for
segmentation through
Encrypted
SD-Access
Traffic Analytics
NetFlow with
enhanced
Machine
learning Spot malware in
encrypted traffic
99%
• Analyze metadata
Threat Detection Accuracy*
without decrypting
111011011000001 telemetry at
line rate traffic flows
000111100111101 Stealthwatch
• Global-to-local
001000100001
0.01%
knowledge correlation
• Automate policy and
segmentation across
Catalyst 9K False Positives*
the entire network
Switch

Cognitive Analytics

*Source : Identifying Encrypted Malware Traffic with Contextual Flow Data, Oct 2016
 LEARNING

THE NETWORK.
INTUITIVE.
Introducing DNA-C & SDA
INTENT CONTEXT

SECURITY
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Network. Intuitive.
Components

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Challenges for Traditional Networks

Difficult to Segment Complex to Manage Slower Issue Resolution

Ever increasing number of users Multiple steps, Separate user policies for
and endpoint types user credentials, complex wired and wireless networks
interactions
Ever increasing number of Unable to find users
VLANs, ACLs, and IP Subnets Multiple touch-points when troubleshooting

Traditional Networks Cannot Keep Up!

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 Tanenbaum defined many of the
GOLDEN rules of Networking,
including…

VLAN = SUBNET
Policy Constructs
(aka IP Based ACLs)
were instrinsically tied to those
rules and define how networks are
still built today...
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What is SD-Access?
Fabric Roles & Terminology
 DNA Center –Provides GUI management and
DNA Center
DNA CENTER abstraction via Apps that share context.
Identity Analyzes Endpoınt to App flows and monitors
Services fabric status.
ISE

 Identity Services – External ID System(s)

(e.g. ISE) are leveraged for dynamic Endpoint
to Group mapping and Policy definition
Fabric Border Fabric Wireless
Nodes  Control-Plane Nodes – Map System that
Controller manages Endpoint to Device relationships
B B
Control-Plane  Fabric Border Nodes – A Fabric device (e.g.
Intermediate Core) that connects External L3 network(s)
C Nodes
Nodes (Underlay) to the SDA Fabric

 Fabric Edge Nodes – A Fabric device (e.g.

Campus Access or Distribution) that connects Wired
Fabric Edge
Nodes
Fabric Endpoints to the SDA Fabric

 Fabric Wireless Controller – A Fabric device

(WLC) that connects Wireless Endpoints to
the SDA Fabric
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-Access Fabric: Virtual Network
SD-Access Fabric: Scalable Group
 DNA Solution DNA Center
Simple Workflows
Cisco Enterprise Portfolio

DESIGN PROVISION POLICY ASSURANCE

DNA Center
Identity Services Engine APIC-EM Network Data Platform

Routers Switches Wireless Controllers Wireless APs

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Issues
Issues
Client 360
Catalyst 9K: Simplified packaging
Current three-tier packaging Simplified two-tier packaging

IP Services DNA Advantage

Software Defined Access, Assurance and ETA
Full L3 and Core Differentiators
Solution Package

Network Advantage
IP Base Full L3 with flexible Segmentation and Network
Routed Access and Access Differentiators Resiliency

DNA Essentials
Simplified Network Operations Solution Package
Lan Base
L2 Features and Competitive Parity
Network Essentials
Competitive Parity with Full L2 and Routed Access

DNA subscriptions required (min 3-year term)

at time of Cat 9K order
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Catalyst 9K: Advantage vs. Essentials * Future

Advantage Essentials
DNA Advantage (Inclusive of DNA Essentials) DNA Essentials
SDA

3,5,7 Year Terms

Ready
3,5,7 Year Terms

Software-defined Assurance & Analytics Cisco Differentiators Basic Automation

Network insights from analytics and Containers, Python, EEM, ANI, Plug and Play,
Access Full FNF, Wireshark EasyQOS Configuration*
Policy-based Automation and machine learning, clients and
Assurance, SD-Wireless applications covering on-boarding,
Telemetry & Visibility connectivity and performance
ERSPAN, AVC, NBAR2 Basic Monitoring Capabilities Element Management
EasyQOS Monitoring*, Client and Image Management,
Security & IoT Element Management Device 360, PSIRT Compliance* Topology and Discovery
Encrypted Traffic Analytics, Patch Management
mDNS GW, NAT/PAT

Network Advantage (Inclusive of Network Essentials) Network Essentials

Enhanced Security Flexible Network Segmentation Essential Switch DevOps Integration
Controls VRF, VXLAN, LISP, Trustsec,

Perpetual
Programmability with Open
Perpetual

Capabilities
MACSEC-256 Wireless Client and Guest, MPLS L3VPN Layer 2, Routed Access (RIP, Models and Netconf/Restconf,
IoT & Mobility EIGRP Stub, OSPF (1000 routes) PnP Agent, ZTP
CoAP High Availability & Resiliency ,PBR, PIM Stub Multicast (up to
NSF, GIR, Stackwise Virtual, ISSU 1000 routes)), PIM Stub, PVLAN,
VRRP, PBR, CDP, QoS, FHS, Telemetry & Visibility
Full Routing Optimize Bandwidth 802.1x, Macsec-128, CoPP, Sampled NetFlow, SPAN,
Functionality Utilization with Multicast Trustsec SXP, IP SLA Responder, RSPAN
BGP, HSRP, OSPF, ISIS, MSDP, mVPN, AutoRP, PIM-BIDIR SSO
HSRP,GLBP

 C9K HW includes the Perpetual Network OS (Essentials or Advantage)

 Mandatory
© 2017 Cisco and/or its affiliates. All rights reserved. to
attach DNA License when ordering C9K
Cisco Confidential
 DNA License includes Switch and DNA Center Features
 Switching: Offer Structure
Cisco ONE Advantage DNA Advantage DNA Essentials
Single
SKU Single Single
3/5/7 Year Subscriptions SKU
3/5/7 Year Subscriptions 3/5/7 Year Subscriptions
SKU
Stealthwatch

ISE Base + ISE Plus Prime

DNA Advantage DNA Advantage

DNA Essentials DNA Essentials DNAEssentials

DNA Essentials

Catalyst 9K with Network Advantage Catalyst 9K with Network Essentials

(Full Layer 3 Routing) ( Layer 2 Routed Access)

Software Support included in all subscriptions

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

Must Attach Cisco ONE Advantage, DNA Advantage or DNA Essentials as Subscription with 9K