1 / 32

Cisco Unified Access Roadshow Enterprise Backbone Technologies Enabling BYOD and Collaboration

Cisco Unified Access Roadshow Enterprise Backbone Technologies Enabling BYOD and Collaboration. Vivek Baveja Technical Marketing Engineer Enterprise Networking Group. Use Cases Backbone Support for BYOD, Video, and Collaboration. How Do I Provide a Consistent User Experience?.

aric
Download Presentation

Cisco Unified Access Roadshow Enterprise Backbone Technologies Enabling BYOD and Collaboration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cisco Unified Access Roadshow Enterprise Backbone Technologies Enabling BYOD and Collaboration VivekBaveja Technical Marketing Engineer Enterprise Networking Group

  2. Use CasesBackbone Support for BYOD, Video, and Collaboration How Do I Provide a Consistent User Experience? How Do I Manage This at an Enterprise Level? Distribution Access Core How Do I Bring Both Corporate and Employee Owned Devices on to the Network? Questions to Be Answered How Do I Secure my Device and User Communities? What Services Do I Need to Enable the Infrastructure? How Do I Monitor This at an Enterprise Level? How Do I Build a Scalable, Secure, Converged Wired/Wireless Campus Network to Support These Trends?

  3. Cisco Catalyst 6500Top Questions from Customers How does 6500 with Sup2T fit into a BYOD infrastructure ? When do I use Catalyst 6500 instead of Nexus 7000 ? What is the future of the 6500 ? How do I secure the campus for BYOD ? How can Catalyst 6500 provide the necessary network visibility for my BYOD infrastructure?

  4. Backbone Switching Strategy, Portfolio and Areas of Investment

  5. Positioning the Correct SolutionCisco Catalyst in the Campus to Support BYOD and Collaboration Cisco Catalyst or Nexus? Campus Data Center Workload Mobility VM Video Backbone Access Distribution Backbone Access Aggregation Mobility/ BYOD 10G/ Virtualization Lead with Nexus 7000 Lead with Nexus 7000 Lead with Nexus 5000/2000 Lead with Catalyst 6500 Sup2T Lead with Catalyst 6500 Sup 2T Lead with Catalyst 4K / 3K Energy Efficiency Security Engineering Investments and Roadmap Follows Positioning

  6. Switching Requirements Difference Between Campus and Data Center CampusCatalyst Family - IOS Data Center / CloudNexus Family – NX-OS VM Mobility Cloud Security and VM Awareness Fabric Scale & Resilience LAN / SAN Convergence Data Center Consolidation Power over Ethernet Video Intelligence Wired / Wireless Convergence User Access Control / Segmentation Application Visibility FabricPath, vPC, Wire Speed 10/40/100G Flexible NetFlow, NAM-3 (NBAR2) Wireless Controller Integration Unified Ports, FCoE Nexus 1000v, VSG, ASA, 1000v UPOE, EnergyWise VDC, FEX, DCNM Medianet LISP, VXLAN, OTV 802.1X / Easy Virtual Networks (EVN) Customer Requirements/Needs Ultimately Drive the Sale

  7. Cisco Catalyst 6500 Strategy and DirectionSupporting BYOD and Collaboration Trends Innovation Lower TCO Transition Differentiation TheNetwork Services Platform for UnifiedAccess • Innovation withInvestment Protection Price/Performance Virtualization, Simplified Operations, and Change Management • Driving Next-Gen Ethernet in the Campus • 1G » 10G » 40G » 100G Cisco Catalyst 6500 E-Series

  8. Cisco Catalyst 6500 Installed Base in PerspectiveDriving Future Investment Decisions FY12 Cat 6500 Port Share of Total Modular Industry* $200+ Million Investment surrounding Sup2T development Compare with Tesla Motor’s $150Minvestment for first fully electric sports car $200+ Million Investment planned over next 3 years alone Rich network services, Ethernet evolution, Lower TCO, Investment protection *Assuming Dell’Oro as a baseline for industry total modular • 750,000+Chassis Shipped • 1.2 MillionSupervisors Shipped • 110 MillionPorts Shipped • 45,000+Catalyst 6500 Customers

  9. Cisco Catalyst 6500 PortfolioHardware You Need to Support BYOD and Collaboration Trends Services Modules 10GbE Fiber and Copper 1GbE Fiber and Copper 40G/Slot 6904 FourX SR4 LR4 Sup2T 6816 6816 40 GbE Fiber 6824 Fiber 80G/Slot 6904 6848 6908 High-Perf. Access 6848 NAM-3 Copper Access 6148 45AT WiSM2 ASA-SM

  10. BYOD and Collaboration with Supervisor 2TScalability Enhancements 4X Scalability 3X Performance Sup2T Overiew New PFC4 FeaturingImproved Levels of Performance and Scalability Along with New Enhanced Hardware Features Improved Switch FabricProviding 80G/Slot USB-BasedConsole Support New MSFC5 Supporting Dual Core CUP and Single IOS Image Connectivity Management Processor(CMP) Cisco Prime Items in PURPLEare BYOD, Collaboration and Video enablers.

  11. BYOD and Collaboration with Supervisor 2TScalability Enhancements 6900 Series with DFC4 6800 Series with DFC4 • Non-blocking 80G/slot performance • Wire rate MACsec • Virtual switching link (VSL) • Large packet buffers (256 MB/port) • X2 transceiver or SFP+ with adapter • Available in standard and XL sizes • LISP-ready 4P 40G $36,000 • 40G/slot with integrated DFC4 • 24 and 48 ports 1GbE fiber • 48 ports 10/100/1000 copper • 16 ports 10GbE fiber and 10GBASE-T • Available in standard and XL sizes CFP-40G-SR4 FourX CFP-40G-LR4 Doubled System Performance, with Distributed Forwarding Distributed Forwarding Performance, at Central Forwarding Price

  12. BYOD and Collaboration with Supervisor 2TMake Your Catalyst 6500 Ready Sup2T Sup720 6704, 6724, 6748 with CFC Supported 6704, 6724, 6748 with DFC3 WS-F6K-DFC4-A 6716-10G/10T with DFC3 WS-F6K-DFC4-E 6708-10G Fiber Special TMP Program for Upgrade 61xx Series 6148E, 6148A, 6148-SFP, 6196 Service Modules NAM/-1/2/3, ACE20/30, WiSM-1/2 FWSM, ASA-SM VPN SPA Not Supported (ASA-SM to get IPSEC VPN) WAN Modules Not Supported (Use Sup720-10G or ASR for WAN)

  13. BYOD and Collaboration with Supervisor 2TService Modules Enable Key Capabilities Integrate Wired / Wireless Management Deliver Robust, Integrated, Streamlined Security Enhance Application Visibility Next-GenerationWiSM Blade: WiSM-2 Next-GenerationNAM Blade: NAM-3 NEW NEW Next-GenerationFirewall Blade: ASA-SM NEW OS / Feature Parity with Appliances

  14. BYOD and Collaboration with Supervisor 2TCatalyst 6500 for the BYOD Backbone Cisco Catalyst 6500E Fixed Cisco Catalyst 4500E Modular Cisco Catalyst 4500-X Scalability Features *Roadmap • Trustsec • L3 SGT • MACsec over EoMPLS, • MPLS L3VPN • VPLS / A-VPLS • L2oMGRE • 6PE, 6VPE • Advanced CoPP • ASA-SM • AVC • PIM Register in HW • IGMPv3 / MLDv2 Snooping in HW • Egress NetFlow • Per-VRF NetFlow • NAM-3 • WiSM-2 • Resiliency • Quad Sup VSS* • BGP PIC • EFSU • BFD / Multicast BFD • Multicast HA • ACL Hitless Commit • ACL Dry Run • Smart Ops • EEM • GOLD • Smart Call Home • Smart Install Director • LISP • WCCPv3 • Trustsec • MACsec, SGT, SGACL, EVN • Resiliency • Sup redundancy, NSF/SSO, ISSU • AVC • Flexible NetFlow/ EEM integration • Integrated Wireshark • Smart Operations • Copper/POE flexibility, EEM, GOLD Cisco Catalyst 3750-X • Trustsec • MACsec, SGT, SGACL, EVN • AVC • Flexible NetFlow/ EEM integration • Integrated Wireshark • Resiliency • VSS • Trustsec • MACsec, SGT, SGACL • AVC • Medianet • Flexible NetFlow Feature Richness

  15. Differentiating Features to Support BYOD / Collaboration in the Backbone

  16. Integrated Service Modules

  17. Advantages of Integrated SolutionSimplification, Scalability and Lower TCO Increased Scalability Lower Total Cost of Ownership Simplified Manageability • Managed as single entity with backplane integration • Integrated application intelligence,traffic analysis, and performance troubleshooting • Remote monitoring with RSPAN/ERSPAN • Reduced network footprint • No external connectors • Improved power management • Reduced rack space utilization • Virtual Contexts to support virtualization for BYOD • Service Modules Match Latest Appliance specifications speeds/feeds

  18. NAM-3 L3-7 Application VisibilityProviding Better Insight for a BYOD Infrastructure • Consistent Application Visibility • Branch to Data Center • Across application delivery lifecycle - monitoring, troubleshooting, control and optimization • Can work with Flexible NetFlow as a collector (local or external devices) • Service-centric causal analysis across Application and Network Traffic Flows • Application (L7) specific Packet Analysis (NBAR-2*) • Wireless CAPWAP Decode • Can be managed by Cisco Prime *CYQ42012 Link Utilization

  19. Wireless Services with WISM-2Supporting Campus Wireless and BYOD WISM-2 GUI TOOLS One device for converged Wireless and Wired Services supporting next-generation wiring closet infrastructures 20 Gb Backplane Channel Reduced Operational Costs • Scale 1000 Access Points 15,000 Clients • Central Maintenance Simultaneous AP Upgrade Troubleshooting • Mobility 36,000 AP in Mobility Domain Fast Roaming • Performance 10 GbpsThroughput • New Features Application Visibility and Control (AVC) NetFlowv9 Bonjour support NMSP Location Services Stateful AP failover with VSS Dedicated 12-Core Data Processor Dedicated 12-Core Control Processor PRIME ISE Serial & USB Console Ports Status LEDs

  20. Catalyst WISM-2 as Bonjour Gateway* Improving Campus WLAN Performance for BYOD Core Switch Room 201 Room 203 Catalyst 6500 w/WiSM-2 Access Switch 1 Catalyst 6500 w/WISM-2 Access Switch 3 printer-201 printer-203 Catalyst 6500 w/WiSM-2 atv-201 atv-203 Access Switch 4 Access Switch 2 printer-201 atv-201 printer-201 What services can I use? What services can I use? AP ID: Adam Role: Faculty Location: room201 ID: John Role: Student Location: room201 Bonjour *Q4CY2012

  21. Firewall Services with ASA-SMHigh Performance Platform with Security Directly in the Backbone NAT64, VPN Site-to-Site Services* Multigigabit Fabric • Chassis backplane • Virtualized interfaces • Module-to-module communications Multiple Contexts (250) • High capacity • Memory for handling high session counts • 24 GB of memory Dual-Crypto Accelerators • Hardware processing • Accelerated Virtual Private Networking and Unified Communications encryption Security Service Processors • Multi-services capable • Dedicated 64-bit multicore processors • Future-proof hardware *Roadmap

  22. Internet Catalyst for a Secure CampusSecuring the BYOD Infrastructure at Multiple Layers Network Edge Authentication Topology How do I extend security outside wiring closet ? Campus Core How can I get zero Traffic disruption modifying ACLs ? ACL Atomic Commit Access Protected Corporate resources Visitor Conference room Catalyst 6500 w/ASA-SM Campus Block How can I get DPI and stateful connections ? Integrated Firewall Module Access Control Plane Policing (CoPP) / HWRL How do I insulate CPU from heavy protocol traffic ? How do I scale Campus firewall performance ? Employee Telepresenceroom Catalyst 6500 w/ASA-SM ASA Clustering

  23. Secure On-Boarding for BYODEasy Virtual Networks (EVN) and ASA-SM Segregate BYOD from Corporate Issued Devices ACCESS CONTROL PATH ISOLATION Trusted Devices SSID → Identity → Device Sensor → VLAN X → VRF X → Firewall Context X Cisco Catalyst 6500 VSS 4T ASA-SM Firewall IPS Services in Backbone WISM2 ASA-SM NAM-3 Untrusted Devices SSID → Identity → Device Sensor → VLAN Y → VRF Y → Firewall Context Y BYOD Devices Need the Same Access as Corporate Devices Greater Inspection Required for BYOD Devices BYOD Devices Don’t Get Mandatory Virus/Security Updates Path Isolation Across Network to IPS or ASA-SM to Maintain Compliance HIPAA, PCI, FISMA

  24. Security and Application Visibility Services

  25. Cisco Catalyst for Device Security Across Non-TrustSec Domains Non-TrustSec Domain Header Change Monitor SGACL Packet Drops with Flexible NetFlow L3 SGT Transport TrustSec Domain • Packets sent with “transport mode” ESP to carry SGT without encryption or data authentication • The packet overhead (42-45 bytes) impacts IP MTU/Fragmentation TrustSec Domain SGT SGT SGT 10 192.168.10.0/24 Identity Service Engine SGT SGT SGT 20 192.168.20.0/24 SGT 30 192.168.30.0/24 SGACL Enforcement SGT 30 192.168.200.0/24 Manual or Dynamic Subnet Mapping Server 192.168.10.1 192.168.20.1 192.168.200.1 192.168.30.1

  26. Core Layer Distribution Layer Access Layer IPv6: First-Hop Security and uRPF Prepare and Secure Your New IPv6 Wired and Wireless Network • IPv6 NDP inspection • Prevents neighbor discovery spoofing attacks • IPv6 RA Guard • Stops false router advertisement threats • IPv6 device tracking • Revoke network access for inactive devices • IPv6 uRPF • Blocks spoofed traffic in hardware (16 paths) IPv6/IPv4 Dual Stack Hosts • IPv6 PACL • Filter traffic on Layer 2 ports WLC L2 Access L3 IPv6 WAN

  27. BYOD Requires More Traffic VisibilityThe Case for Flexible Netflow Campus Building A Campus Building B Typical causes of poor application performance : Bandwidth/capacity bottleneck Unauthorized use of network resource Security Monitoring Monitor Non-Corporate Devices 1 2 3 4 Campus Core Traffic Visibility with Flexible NetFlow 3 Internet • Flexible NetFlow provides the application visibility needed to answer questions on the “who, what, when, where, how” of network activities in order to: • Identify root cause easier, faster, more accurate • Assign problem ownership • Increase operational efficiency • Lower TCO NOC 2 4 1 2 2 1 3 3 4 Campus Building C 2

  28. BYOD Requires More Traffic VisibilityFlexible NetFlow for the Sup2T FlexibleNetflow Optimal CPU utilization with Yielding Netflow Data Export,direct export from a module Increasedcustomization by selecting the fields to match and collect for both IPv4 and IPv6 Up to 13M Flows/System CPU Friendly Export Bigger tables mean more entries per system, up to 13 million entries with a 13 slot chassis, giving you better visibility in your network Sup2TNetflow Allow to use netflow after ingress lookup is done (NetFlow on CoPP) Allow to account for multicast traffic per destination instead of per group SampledNetflowin Hardware EgressNetflow To optimize the Netflow tables utilization and minimize load on analyzers

  29. BYOD Requires More Traffic VisibilitySup2T Can Monitor with Scale and CPU Protection Protect CPU with CPU Yield Netflow Scale Netflow with Distributed Export NDE increases export rate until threshold reached When threshold reached, NDE quickly backs off export rate Supervisor EOBC NetFlow Export NetFlow Data 70% WS-X6848-TX-2T\2TXL Netflow Collector NetFlow Data CPU Wait 5 seconds and thenstep up export rate again 30% NetFlow Data Direct Export supported with Supervisor 2Tand : WS-X6716-10x upgraded with DFC4-E / DFC4-EXL WS-X6816-10x-2T/2TXL WS-X6908-10G-2T/2TXL WS-X6904-40G-2T/2TXL WS-X6908-10G-2T\2TXL Yielding NDE threshold CPU before NDE begins

  30. Tying It All Together

  31. Deploying a Unified Access ArchitectureTying Security, Mobility, and Virtualization for BYOD Campus Campus Backbone L3VPN over mGRE VRFs Across Sites NAM-3 15+Gbps Traffic Monitoring SGT SGT SGT SGT WiSM2 as Mobility Coordinator 40 Gbps with Two Level Shaping Support HD Video Internet Only Company Asset PolicyDecision SGT SGT Identity Service Engine Firewall: ASA. Per VLAN, VRF Policies SGT SGT WiSM2 as MC/MTE SXP Session EVN Per VLAN/VRF Policies:Path Isolation Troubleshoot Data, Voice and Video with FnF, NAM, Egress NetFlow Full or Partial Access Granted Employee Personal Asset PolicyDecision SGACL Enforcement Monitor SGACL Dropped Traffic BGP PIC Fast Convergence 5 4 2 3 4 Profiling to Identify Device Posture of the Device Medianet 2.2 Performance Monitoring Mediatrace 1 802.1x EAP User Authentication VLAN 20 VLAN 10 VLAN 30 Corporate Servers SmartInstall Director VDI Infra Guest Servers Guest Personal Asset Borderless Campus DC Block

  32. Cisco Catalyst Campus Value PropositionAddressing Campus Megatrends (BYOD, Video, Security) End-to-End IOS 15.0 • SGT / SGACL • MACsec • NDAC • CoPP • EVN / VRF-Lite • VPLS / A-VPLS Cloud Trustsec ISR ASR1000 • Flexible NetFlow • Medianet 2.2 Services • Microflow policing • NBAR2 with NAM-3 • AVC with WISM-2 Application Visibility and Control ISE Cisco Catalyst 6500 VSS 4T Cisco Prime NCS WISM2ASA-SM NAM-3 • Smart Install • Virtual Switching System • Embedded Event Manager (EEM) • GOLD • Cisco Prime Smart Operations • Quad Sup VSS SSO • EFSU • NSF / SSO • Multicast HA • BGP PIC Cisco Catalyst 4500E, Cisco Catalyst 3750-X Resiliency • End-to-End OS Consistency: IOS 15.0 • Cisco Validated Designs for Campus Deployment

More Related