Professional Documents
Culture Documents
Intent-based
Networking with Cisco
DNA
#CLUS
BRKCRS-2701 IBN for DNA
One of the major goals of Cisco’s Digital Network Architecture (DNA) is to enable intent-based networking
(IBN). IBN enables operators to express the expected network behavior in abstracted policy terms (WHAT),
instead of prescribing the network’s functionality in low-level configurations (HOW). This session
introduces the concept of IBN, and describes its four main capabilities: translating abstracted expressions
of higher-level business policies into network configurations, automating the implementation into the
network, continuously validating the business intent by observing the network state in real-time, and taking
corrective actions in case of deviations. Participants will learn how various elements of the DNA fulfil these
capabilities, for example the role of the DNA network controller platform to in policy translation, or the role
of the DNA network data platform for telemetry and assurance. The session will also focus on challenges
of moving to an intent-based system.
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda: BRKCRS-2701 Intent-
based Networking with Cisco DNA
• Motivation – What does this mean to you? (Why should you care?)
• What is Intent-based Networking?
• An Architectural View – What is an IBN?
• From Theory to Reality – Use Cases
• Conclusion
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Motivation – What
does this mean to
you? (Why should
you care?)
The Need for LEARNING
a New Network
THE NETWORK.
INTUITIVE. INTENT CONTEXT
Powered by intent.
Informed by context.
SECURITY
BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Unprecedented Demands on the Network
63 million new
3X spend on
devices 6 months to
network operations
online every second detect breach3
vs network2
by 20201
Vision Strategy
Change the way the world We create solutions built on
works, lives, plays, and learns intelligent networks that solve
our customers' challenges
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Digital Transformation is Moving IT to the Boardroom
American Express
Customer Experience
Personalized Service
Physical and Virtual
Through Mobile
RFID Content
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Business at the
Speed of Digital
3X
more organizations
“Digital business requires faster delivery
of services to the business, ultimately
intend to be requiring enterprises to change network
digital ready in operations processes and tooling.”
2 YEARS – Gartner2
– IDC1
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Rewriting the Networking Playbook
Traditional Network Digital-Ready Network
Manual Automated
+ +
Efficiency Speed Financial Value
More Efficient Faster Delivery of Faster WAN Average Annual Benefit 5 Year ROI
Networking Staff New Applications Branch Deployments
Source: IDC The Business Value of Creating Digital-Ready Networks with Cisco DNA Solutions, Jan 2017.
Figures refer to business value achieved by customers adopting Cisco DNA solutions
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Cisco’s Enterprise SDN Strategy
Policy and Intent to Unlock the Power of your Network
Unlock the Power that Exists Leverage the Enable Network Wide
in the Network through Power of Existing Fidelity to an Expressed
Abstraction, Automation, Distributed Systems Intent (Policy) through
and Policy Enforcement Analytics & Assurance
The Network you
have already built
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
13
What is Intent-
based
Networking?
Intent-based Networking
What the Industry Is Saying
“Gartner sees the biggest benefits from IBNS are improving
network agility and availability, and supporting unified intent and
policy across multiple infrastructures.”
“By 2021, in value terms, over 25% of infrastructure services will have
some autonomous self-managing capabilities, expediting business
outcomes and mitigating the risk of human error”
Unlock the Power that Exists Leverage the Enable Network Wide
in the Network through Power of Existing Fidelity to an Expressed
Abstraction, Automation, Distributed Systems Intent (Policy) through
and Policy Enforcement Analytics & Assurance
The Network you
have already built
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Intent-Based Networking (IBN)
Contex
Intent
t
THE NETWORK.
INTUITIVE. INTENT CONTEXT
Powered by intent.
Informed by context.
SECURITY
BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Built on Cisco Digital Network Architecture
Automation Analytics
Security and
Principles Programmable
Virtualization Compliance
Security
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
What we have Launched
Automation Analytics
Principles Programmable
SD-WAN, SD-Access Security and
Virtualization Compliance
& Assurance
Programmable Physical and Virtual infrastructure
API Driven
Catalyst 9000 Insights and
Experiences
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
What we are Launching
DNA-C As a Platform
Cloud Service Management Automation
Open Cisco DNA Center & vManage and Assurance
Automation Analytics
Principles Programmable
SD-WAN, SD-Access Security and
Virtualization Compliance
& Assurance
Programmable Physical and Virtual infrastructure
API Driven
Catalyst 9000 Insights and
Experiences
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Driving the Transformation
Integrate Controllers into IT OP’s
Cloud Service Management Automation
Open Extend/Customize DNA-C++ and Assurance
Automation Analytics
Principles Programmable
Make IBN
Security Real
for NetOps Security and
Virtualization Compliance
Intent + Policy = Automation & Analytics
Programmable Physical and Virtual infrastructure
API Driven Insights and
Enterprise Wide Fabric Experiences
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Objective:
Business intent drives continuous
alignment of network services
Adapting:
Intent-based • Respond dynamically to business
Networking: demands
Learning:
What is it? • Apply telemetry, machine learning to
provide contextual insights and inform
decisions
Protecting
• Identify or predict issues and threats
and respond
BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
An Architectural
View – What is an
IBN?
Setting the Stage: A high-level Enterprise
Network Model
Network Sites
Plane SD- WAN Cloud Exchange VPC
Internet
Outd oor
Mobile / 5G SaaS
SP
Internet
NW Fns (phy&vir)
Branch
Ent Apps
MPLS
Camp us DC Fabric
SD Access Corporate WAN
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
The Intent Architecture sits between the
Infrastructure and Operators
Intent Architecture
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Unpacking the Intent-based Model
Intent-based Networking
Industry Initiative
Activation Assurance
Orchestrate policies
& configure systems
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Translation
Activation Assurance
Verify
Capture Translate
Integrity
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Translation
Activation Assurance
Activation Assurance
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Translation
Activation Assurance
BranchOps WANOps
Network Sites
Plane SD- WAN Cloud Exchange VPC
Internet
Outd oor
Mobile / 5G SaaS
SP
Internet
NW Fns (phy&vir)
Branch
Ent Apps
MPLS
Camp us DC Fabric
SD Access Corporate WAN
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
In the Enterprise, Cisco Cisco DNA Center
captures Intent
Cisco DNA Center
Simple Workflows
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Translation
Activation Assurance
Kafka
Cassandra
Elastic Services
Mongo DB
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Cisco DNA Center performs Intent translations
Translation
Activation Assurance
to Configurations
Physical and Virtual Infrastructure
sites {A,B,C}
Workflow Engine
Device Manager
2. CFS:
• QoS, PfR, Ipsec/GRE
(Device-specific Intent)
3. RFS: Device Model
• QoS on Router R1 YANG XDE
• QoS on Switch S1
• …
Network Programmer
4. Device Model
• R1: ASR1K SB API: NC/YANG, CLI..
• S1: Cat9K
Network Elements
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Translation
Activation Assurance
Provide
Verification Remediate
Insights
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Contextual Correlation and Property Graph
Translation
Activation Assurance
Business Applications
? Forwarding
problem here…
RTP
DC
Client density
WAN QoS problem here...
problem here...
SJC-9 2nd Floor
Characterize Translate /
Translation Intent Homogenize
Model- based
Verify Integrity
Policies
API API
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
How does IBN stack up?
Traditional Network Intent-based Network
Architecture • Device-by-device management • Networkwide system-oriented management
• Unidirectional configuration • Closed-loop automated configuration and assurance
• Nonprogrammable devices • Programmable physical and virtualized infrastructure
• Patchy network security • Security functions integrated systematically throughout
the architecture
• API-centric, model-based
• Open hardware and software stack
Translation • Ad hoc operator interpretation and ad hoc • Yes, through intent capturing and translation system
translation functions
Intent Verification • No Support • Yes, integrity and consistency checks
Policy Support • Limited, expressed by device commands • Limited, expressed by device commands
Activation • Limited (scripting), device-by-device • Automated, network-wide with controllers
Assurance • Manual, device-by-device • Automated, full analytics with AI/ML or formal method
support
Feedback loop • Based on ad hoc, manual operator monitoring • Yes, automated for either operator or system activation
“My application is critical “I don’t want engineering to “I want to roll out a new
to the business” talk to finance applications” small branch”
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Demo: Access Control Policies
Under the Hood – What is Happening?
• Allocate VRF for Virtual Network and configure on Fabric nodes
• Create VLANS and Associate with VRF’s in Fabric nodes
• Create Policy in ISE to establish VLAN assignment to land
Authenticated User/Device in appropriate VLAN/VRF
• Create Policy in ISE to establish SGT assignment
• Create Policy in ISE to establish SGT to SGT Policy Rule Set
• Distribute SG-ACL’s to Fabric Nodes
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Demo: Application Experience
Deploy End-to-End DSCP-based Queuing
Policies
EasyQoS will seamlessly interconnect all types of
hardware and software queuing models to achieve DNAC
consistent and compatible end-to-end treatments (NCP+ NDP)
aligned with the expressed business-intent EM
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
What Do We Do ”Under-the-Hood”?
Apply RFC 4394-based Marking / Queuing / Dropping Treatments
Application Per-Hop Queuing & Application
Class Behavior Dropping Examples
VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Relevant
Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Irrelevant Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Your Choice….
ip access-list extended APIC_EM-MM_STREAM-ACL
remark citrix - Citrix
permit tcp any any eq 1494
permit udp any any eq 1494
permit tcp any any eq 2598
permit udp any any eq 2598
remark citrix-static - Citrix-Static
permit tcp any any eq 1604
permit udp any any eq 1604
permit tcp any any range 2512 2513
permit udp any any range 2512 2513
remark pcoip - PCoIP
permit tcp any any eq 4172
permit udp any any eq 4172
permit tcp any any eq 5172
permit udp any any eq 5172
remark timbuktu - Timbuktu
permit tcp any any eq 407
permit udp any any eq 407
remark xwindows - XWindows
permit tcp any any range 6000 6003
remark vnc - VNC
permit tcp any any eq 5800
permit udp any any eq 5800
permit tcp any any range 5900 5901
permit udp any any range 5900 5901
exit
ip access-list extended APIC_EM-SIGNALING-ACL
remark h323 - H.323
permit tcp any any eq 1300
permit udp any any eq 1300 #CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Demo: Standardizing Network
Infrastructure
What just happened?
Cisco DNAC Branch Template
• Authenticate against SN
• Secure Connection between Cisco DNA Push config /
Center and ENCS template
• Instantiate VNFs
• Create Service chains NFVIS
WAN
ENCS
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Closing
Driving the Transformation
Integrate Controllers into IT OP’s
Cloud Service Management Automation
Open Extend/Customize
Closed Loop DNA-C++ and Assurance
Automation Analytics
Security
Make IBN for NetOps
Real Security and
Principles Programmable
Intent + Policy =Deploy
Virtualization
Automation & Analytics Compliance
Measure
Programmable Physical and Virtual infrastructure
API Driven Insights and
Adjust
Enterprise Wide Fabric Experiences
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Continue your education
Demos in the
Walk-in labs
Cisco campus
#CLUS BRKCRS-2701 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Thank you
#CLUS
#CLUS