The Network. Intuitive.

Priston

Any else following Cisco's new products launching?

https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1854555

I've been trying to figure out more about DNA Center, might just have to wait till August to really understand what it is...

ccie14023

Well, let me take this one since I happen to work in the Cisco BU that developed the product and have been a part of the team working on it for a year and a half now. I could answer any question you might have, or concern on how it impacts your direction as someone studying for Cisco certifications.

"The Network Intuitive" is of course a marketing term. Not that it's inaccurate, it is one of the better marketing slogan's we've used. But as a marketing term it is not a technical description and requires some further elaboration for technical folks.

For over a year now, Cisco has somewhat quietly introduced a campus fabric. This is similar to data center fabrics (think ACI). This fabric is a VXLAN fabric with a LISP control plane. LISP is more suited to campus networks that BGP, which is the control plane protocol used in the data center. The fabric gives you all the advantages of layer 3 routed backbones (fast failover, no STP), without the limitations (i.e., cannot stretch VLANs across a layer 3 BB).

Now, this is interesting enough, but we also added TrustSec into the picture. The fabric carries an SGT value in the header. In you're not familiar with SGTs, they provide an identifier beyond IP address that can be used for security policy. So this enables us to have two users in the same subnet with different security policies. We can stop them from communicating even though they are in the same subnet.

As I said, this fabric has been available for a while now, but configurable with CLI (or NETCONF) only. The first part of the announcement consists of Software Defined Access, an app that runs in APIC-EM and makes provisioning all this extremely easy and intuitive. (Thus the intuitive part.) You wouldn't really want to configure VXLAN with LISP and TrustSec with dot1x authentication, would you? SD-Access provides a drag and drop interface for configuring fabrics and security policies. The whole point is that it abstracts the underlying technology. You don't really even need to know about VXLAN or LISP to use it. It just works. Intuitive.

APIC-EM is the platform. DNA Center is the collection of "DNA" apps that run on APIC-EM. SD-Access is one of those apps. There will be others eventually.

We also announced a brand new line of Catalyst switches, the Cat 9k. 9300 is fixed, 9400 is modular, 9500 is fixed backbone. These run IOS XE (starting with 16.6). They are significantly beefed up, have x86 processors, and a lot more memory. 9400's can take up to 1 TB of SSD storage. We can run applications in containers and VMs on these boxes. (I'm running a lab on that at Cisco Live next week, BTW.)

The third part is ETA, Enhanced Threat Analytics. Basically, it's our answer to the problem of how to detect malware in encrypted traffic. We also announced a network analytics platform, which is basically a big data approach to monitoring/troubleshooting the network.

Since this forum is for certifications, how does this affect you? I'd say, keep studying what you have been studying. No matter how intuitive or simple we make provisioning, you still need to understand the underlying technology. As provisioning becomes simple, a lot of the work shifts to design. People who design networks need to understand them. Meanwhile, it takes a long time for a product like SD-Access to roll in to networks. For the foreseeable future, we'll still need people who can do CLI and work on non-fabric networks.

A lot more to say on this, but I've said a lot already.

Priston

Thanks for the response.

I don't see any of this affecting me now, but I'm sure at some point knowing these technologies will be really beneficial.
I guess I should start with reading up on VXLAN and LISP.