Professional Documents
Culture Documents
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
By the year 2020 75%
of businesses
will be digital or
will be preparing
to digitize
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Scale Complexity Security
LEARNING
THE NETWORK.
INTUITIVE.
Introducing Catalyst 9K
INTENT CONTEXT
Series
SECURITY
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
An entirely new era in networking Software-Defined
Access
(SD-Access)
Video Security
Cloud
Voice
IoT
Data Mobility
(Catalyst 9000 Series)
Catalyst 9300
Catalyst 9500
IOSd IOS
IOS Hosted Apps
SubIOS
IOSd Sub LXC* LXC*
Sub
System
Blob System Wiresh
System
s
s LXC*
s ark
Common Infrastructure /
HA
Management Interface
IOS-XE
Module Drivers DB
Kernel
Universal Deployments
Adaptable Tables
Enhanced Scale/Buffering
Multicore resource share
Shared Up to 2X to 4X
384K Flex Up to 240GE
Counters Lookup Bandwidth Forwarding + TCAM
7.46B Transistors
28nm Technology
Up to 32MB Up to 64K x2
Embedded CPUs Packet Buffer Netflow Records
Catalyst 9K Family – x86 CPU
x86 CPU
Up to 1 TB Up to 120 GB
Blue Beacon
on Every System &
Components
Components of Catalyst
CLEI
Index
= 'UNDEFINED'
= '900'
Encode
Filter
9400
= 'SGTIN-198‘
= '0‘
Partition = '5'
Company = '0746320'
Built-in Passive RFID
File Transfer
Device Management
Introducing
Encrypted Traffic Analysis
INTENT CONTEXT
SECURITY
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
An Online Tipping Point
>80% encrypted
>55% encrypted
Web Traffic
May 2017 2019
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
70% of attacks will use
encryption in 2019
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Machine Learning Infrastructure view of the data
Identifies Malware
Encrypted Traffic Analytics
Google Search
Malware in
Encrypted Traffic
Firefox self-repair
Security
AND Privacy
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
See and Act on Threats (Now For Encrypted Traffic)
ISE
(Identity Services Engine)
Automated policy
enforcement for
segmentation through
Encrypted
SD-Access
Traffic Analytics
NetFlow with
enhanced
Machine
learning Spot malware in
encrypted traffic
99%
• Analyze metadata
Threat Detection Accuracy*
without decrypting
111011011000001 telemetry at
line rate traffic flows
000111100111101 Stealthwatch
• Global-to-local
001000100001
0.01%
knowledge correlation
• Automate policy and
segmentation across
Catalyst 9K False Positives*
the entire network
Switch
Cognitive Analytics
*Source : Identifying Encrypted Malware Traffic with Contextual Flow Data, Oct 2016
LEARNING
THE NETWORK.
INTUITIVE.
Introducing DNA-C & SDA
INTENT CONTEXT
SECURITY
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Network. Intuitive.
Components
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Challenges for Traditional Networks
Ever increasing number of users Multiple steps, Separate user policies for
and endpoint types user credentials, complex wired and wireless networks
interactions
Ever increasing number of Unable to find users
VLANs, ACLs, and IP Subnets Multiple touch-points when troubleshooting
VLAN = SUBNET
Policy Constructs
(aka IP Based ACLs)
were instrinsically tied to those
rules and define how networks are
still built today...
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What is SD-Access?
Fabric Roles & Terminology
DNA Center –Provides GUI management and
DNA Center
DNA CENTER abstraction via Apps that share context.
Identity Analyzes Endpoınt to App flows and monitors
Services fabric status.
ISE
DNA Center
Identity Services Engine APIC-EM Network Data Platform
Network Advantage
IP Base Full L3 with flexible Segmentation and Network
Routed Access and Access Differentiators Resiliency
DNA Essentials
Simplified Network Operations Solution Package
Lan Base
L2 Features and Competitive Parity
Network Essentials
Competitive Parity with Full L2 and Routed Access
Advantage Essentials
DNA Advantage (Inclusive of DNA Essentials) DNA Essentials
SDA
Perpetual
Programmability with Open
Perpetual
Capabilities
MACSEC-256 Wireless Client and Guest, MPLS L3VPN Layer 2, Routed Access (RIP, Models and Netconf/Restconf,
IoT & Mobility EIGRP Stub, OSPF (1000 routes) PnP Agent, ZTP
CoAP High Availability & Resiliency ,PBR, PIM Stub Multicast (up to
NSF, GIR, Stackwise Virtual, ISSU 1000 routes)), PIM Stub, PVLAN,
VRRP, PBR, CDP, QoS, FHS, Telemetry & Visibility
Full Routing Optimize Bandwidth 802.1x, Macsec-128, CoPP, Sampled NetFlow, SPAN,
Functionality Utilization with Multicast Trustsec SXP, IP SLA Responder, RSPAN
BGP, HSRP, OSPF, ISIS, MSDP, mVPN, AutoRP, PIM-BIDIR SSO
HSRP,GLBP
Must Attach Cisco ONE Advantage, DNA Advantage or DNA Essentials as Subscription with 9K