Nicht aus der Schweiz? Besuchen Sie lehmanns.de
Für diesen Artikel ist leider kein Bild verfügbar.

Cisco Digital Network Architecture

Intent-based Networking for the Enterprise
2018
Cisco Press (Hersteller)
978-0-13-472401-0 (ISBN)
CHF 79,95 inkl. MwSt
  • Keine Verlagsinformationen verfügbar
  • Artikel merken
The complete guide to transforming enterprise networks with Cisco DNA






As networks become more complex and dynamic, organizations need better ways to manage and secure them. With the Cisco Digital Network Architecture, network operators can run entire network fabrics as a single, programmable system by defining rules that span their devices and move with their users. Using Cisco intent-based networking, you spend less time programming devices, managing configurations, and troubleshooting problems so you have more time for driving value from your network, your applications, and most of all, your users.




This guide systematically introduces Cisco DNA, highlighting its business value propositions, design philosophy, tenets, blueprints, components, and solutions.Combining insider information with content previously scattered through multiple technical documents, it provides a single source for evaluation, planning, implementation, and operation.




The authors bring together authoritative insights for multiple business and technical audiences. Senior executives will learn how DNA can help them drive digital transformation for competitive advantage. Technical decision-makers will discover powerful emerging solutions for their specific needs. Architects will find essential recommendations, interdependencies, and caveats for planning deployments. Finally, network operators will learn how to use DNA Center's modern interface to streamline, automate, and improve virtually any network management task.




* Accelerate the digital transformation of your business by adopting an intent-based network architecture that is open, extensible, and programmable

* Integrate virtualization, automation, analytics, and cloud services to streamline operations and create new business opportunities

* Dive deep into hardware, software, and protocol innovations that lay the programmable infrastructure foundation for DNA

* Virtualize advanced network functions for fast, easy, and flexible deployments

* Translate business intent into device configurations and simplify, scale, and automate network operations using controllers

* Use analytics to tune performance, plan capacity, prevent threats, and simplify troubleshooting

* Learn how Software-Defined Access improves network flexibility, security, mobility, visibility, and performance

* Use DNA Assurance to track the health of clients, network devices, and applications to reveal hundreds of actionable insights

* See how DNA Application Policy supports granular application recognition and end-to-end treatment, for even encrypted applications



* Identify malware, ransomware, and other threats in encrypted traffic

Tim Szigeti, CCIE No. 9794, is a principal technical marketing engineer within the Cisco Enterprise Networking Business (ENB) team. In this role, he collaborates with customers, the field, engineering, Cisco IT, and third-party technology partners to drive the development of industry-leading network analytics solutions. In his more than 20 years with Cisco, Tim has authored/co-authored five generations of Cisco QoS Design Guides, four Cisco Press books, an IETF standard (RFC 8325), and multiple patents. Additionally, Tim has been inducted into the Cisco Distinguished Speaker Hall of Fame Elite, representing the Top 1 percent of Cisco speakers of all time. Outside of Cisco, Tim's passion is on-track performance driving; as such, you may at times catch a glimpse of him taking corners at high speeds on the spectacular Sea-to-Sky Highway between his hometown of Vancouver and Whistler, British Columbia. Additional information on Tim can be found on the Cisco Innovators website in the feature story "Cisco Innovators: Tim Szigeti," at https://newsroom.cisco.com/featurecontent?type=webcontent&articleId=1845902. Dave Zacks is a distinguished technical marketing engineer within the Cisco ENB team, focused on network architectures and fabrics, network hardware and ASIC design, switching, wireless, and the many and diverse technologies under the enterprise networking umbrella. Dave is based in Vancouver, Canada, and has been with Cisco for 19 years. Prior to his employment with Cisco, Dave traces his roots in computing to 1979, and has been involved in the datacomm and networking industry since 1985. Dave is a Cisco Live Distinguished Speaker, having scored in the top 10 percent of all speakers at Cisco Live events worldwide as rated by the attendees. In addition, Dave is recognized as one of only a handful of such speakers to earn the Cisco Live Distinguished Speaker Elite designation, an honor awarded to speakers who have achieved Cisco Live Distinguished Speaker status ten times or more (Dave's total is currently 15). In addition to his abiding focus on data communications, Dave maintains a deep and broad interest in many additional topic areas, including (but not limited to) particle and quantum physics, astrophysics, biology, genetics, chemistry, history, mathematics, cryptology, and many other topics. Dave has a special passion for rocketry, aeronautics, space travel, and advanced aircraft and spacecraft design, engineering, and operation. Additional background on Dave can be reviewed on the Cisco Innovators website in the feature story "Cisco Innovators: Dave Zacks," at https://newsroom.cisco.com/featurecontent?type=webcontent&articleId=1851941. Dr. Matthias Falkner is a distinguished technical marketing engineer within the Cisco ENB team. He currently focuses on the evolution of enterprise and service provider network architectures, and in particular on end-to-end architecture solutions involving virtualization. Matthias is currently helping to drive the Cisco automation strategy for enterprise networks (including DNA Center). Matthias also holds responsibilities in branch virtualization and in the definition of the cloud exchange architecture. Prior to his role within ENB, Matthias was the lead TME architect for the Cisco ASR 1000 Series routers. He has also held positions in product management, and served as a product line manager for the Cisco 10000 Series routers. From 2000 to 2005, Matthias was a consulting systems engineer in the Deutsche Telekom account team with Cisco Germany. Matthias holds a PhD in Systems and Computer engineering from Carleton University, Canada, and an MSc in Operations Research & Information Systems from the London School of Economics and Political Science, UK. His technical interests are in the area of performance characterization of virtualized networks, high availability, and service chaining. Simone Arena is a principal technical marketing engineer (TME) within the Cisco ENB team and is primarily focused on enterprise network architecture and on all things related to wireless and mobility. Simone is based in Italy and is a Cisco veteran, having joined Cisco in 1999. Throughout the years, Simone has covered multiple roles at Cisco, starting as a software engineer working with Catalyst switching platforms, to consulting system engineer in the field, to TME within different teams (Enterprise Solution Engineering, Wireless Business Unit, and now ENB). Today Simone is the lead TME architect for DNA Wireless, and his time is split between helping customers and partners design the best solution that fits their needs and engineering and product management, trying to evolve and improve the products and solutions. Simone is a Distinguished Speaker at Cisco Live and has spoken at Cisco Live events all over the world for several years. He consistently is rated as an excellent speaker by attendees for his deep technical knowledge and ability to impart this information in a meaningful way. Besides wireless, Simone has two passions: his two daughters, Viola and Anita, and his hometown soccer team, Fiorentina. In his spare time Simone enjoys listening to music, especially through his new tube amplifier (simply awesome!). More information on Simone can be found on the Cisco Innovators website in the feature story "Cisco Innovators: Simone Arena," at https://newsroom.cisco.com/feature-content?type=webcontent&articleId=1849095.

Foreword xxxiv

Introduction xxxvi

Part I Introduction to DNA

Chapter 1 Why Transform Your Business Digitally? 1

Opportunities and Threats 1

Digitally Transforming Industries 3

Digital Advertising 3

Digital Media and Entertainment 3

Digital Finance 4

Digital Communications 4

Digital Transportation Services 5

Digitally Transforming Businesses 7

Transforming the Customer Experience 8

Transforming the Employee Experience 11

Transforming Business Operations 14

Driving Digital Transformation with the Internet of Things 16

Are You Ready? 17

Summary 18

Further Reading 18

Chapter 2 The Business Value of DNA 19

Business Requirements of the Network Architecture 19

Cost Reduction 20

Risk Mitigation 20

Actionable Insights 21

Business Agility 22

Intent-Based Networking 23

Business Value of Cisco Digital Network Architecture 24

Reducing Costs Through Automation, Virtualization, and Programmable Hardware 25

Mitigating Risks with Integrated Security and Compliance 26

Revealing Actionable Insights Through Analytics 26

Accelerating Business Agility Through Open APIs 26

Adding It All Up 28

Summary 29

Further Reading 29

Chapter 3 Designing for Humans 31

Technology Versus User-Experience 31

Design Thinking Philosophy and Principles 33

Cisco Design Thinking Framework 34

Discover Phase 35

Define Phase 37

Explore Phase 39

The Cisco Design Thinking Journey for DNA 40

DNA Discovery Phase 41

DNA Definition Phase 49

DNA Exploration Phase 53

Summary 53

Further Reading 54

Chapter 4 Introducing the Digital Network Architecture 55

Requirements for DNA 56

Requirements to Reduce Complexity and Costs 57

Requirement to Increase Operational Flexibility 58

Security and Compliance Requirements 59

Cloud-Enablement Requirement 60

Architectural Principles 60

Openness 61

Extensibility 62

Programmability 62

Policy-based Networking 63

Security 63

Software Driven 64

Cloud Integrated 65

Conflicting Principles? 65

Overview of the DNA Components 66

Infrastructure 66

Automation 73

Analytics Platform 77

The Role of the Cloud in DNA 80

Connecting the Building Blocks: APIs 83

Outcomes 84

Summary 85

Further Reading 86

Chapter 5 The Digital Network Architecture Blueprint 87

DNA Services 88

DNA Services-Transport 90

DNA Services-Policy 91

Relationship Between DNA Policies and Business Intent 92

DNA Infrastructure 93

Transport Functions 94

Supporting Network Functions 96

Fabrics 98

Automating DNA-Controllers 99

Automating Transport and Network Functions Infrastructure 99

Maintaining a View of the Infrastructure Functions and Connected Endpoints 100

Instantiating and Maintaining DNA Services 100

Relationships in DNA: Revisiting Domains, Scopes, and Fabrics 102

DNA Interfaces 105

Service Definition and Orchestration 107

Relationship Between the Controllers and the Service Definition and Orchestration Component 110

Analytics Platform 112

Data Collection 113

Data Extraction 113

Data Ingestion 114

Data Export 114

On-Premises and Off-Premises Agnosticism-Revisiting the Cloud 115

Application Hosting in the Cloud and the Evolution of the DMZ 116

Leveraging the Cloud for DNA Controllers and Analytics 118

Summary 120

Part II DNA Programmable Infrastructure

Chapter 6 Introduction to DNA Infrastructure 123

Picturing the Modern Network 124

Exploring DNA Infrastructure 125

The Evolving Network, and Why It Matters 126

Requirements: The Need for Change 126

Requirements: The Need for Speed (of Change) 127

Requirements: The Need for Simplicity 128

Requirements: The Need for Continuity 129

DNA Infrastructure Solutions 130

Flexible Hardware 130

Flexible Software 131

New and Evolving Protocols 132

The Emergence of Virtualization 133

Bringing It All Together 133

Summary 134

Chapter 7 Hardware Innovations 135

The Importance of Hardware in a Software-Defined World 135

The Making of a Chip 136

Delving Deeper: How Chips Are Designed and Built 136

Drivers of Chip Design and Density 143

When Good Chips Go Bad: What Can Go Wrong in Chip Design 145

When Good Chips Need to Get Better: Designing the Next Generation 146

Now We Speak the Same Language! 147

What's Happening in the World of Networks 148

How Traditional Network ASICs Process Packets 149

Traffic Handling with CPUs and FPGAs 150

Introducing Flexible Silicon 152

Flexible Switching Silicon: UADP 154

UADP Use Cases-Current, and Future 163

UADP-Summing Up 172

Flexible Routing Silicon: QFP 173

QFP-An Introduction 174

QFP-Diving Deeper 176

QFP-Use in Platforms 180

UADP and QFP-Summing Up 181

Wireless: Providing Innovation for Mobility 182

Flexible Radio Assignment 183

Intelligent Capture 185

Summary 186

Further Reading 187

Chapter 8 Software Innovations 189

The Importance and Evolution of Networking Software 189

Cisco IOS: Origins and Evolution 190

Evolution of the Cisco IOS Data Plane 191

Evolution of the Cisco IOS Control Plane 194

Evolution of the Cisco IOS Management Plane 195

Evolution of Cisco Networking Software 196

The Evolution of Cisco IOS to IOS XE 198

Cisco IOS XE in a Nutshell 199

Cisco IOS XE: Delving Deeper 201

IOS XE Subsystems 202

IOS XE Database 203

Container Framework and Application Hosting 205

Cisco IOS XE: Bringing It All Together 207

Cisco IOS XE: Simplification with a Single Release Train 209

Cisco IOS XE: Software Maintenance Upgrades 209

Cisco IOS XE: Platform Support 212

Cisco IOS XE: Summary 213

Protecting Platforms and Networks: Trustworthy Systems 214

Trustworthy Systems: An Overview 215

Attack Mitigation with Trustworthy Systems 216

Defense: Image Validation and Signing 217

Defense: Runtime Defenses 217

Defense: Secure Boot 218

Ensuring Device Identity with the Secure Unique Device Identifier 220

Cisco Secure Boot and Trust Anchor Module: Validating the

Integrity of Software, Followed by Hardware 221

The Move to Intuitive Networking 222

Summary 223

Further Reading 223

Chapter 9 Protocol Innovations 225

Networking Protocols: Starting at the Bottom with Ethernet 226

Power Protocols: Power over Ethernet, to 60 Watts and Beyond! 227

The Future of Power over Ethernet 230

Multiple-Speed Protocols over Copper: Multigigabit Ethernet, Squeezing More Life Out of Existing Cabling Infrastructures 230

25G Ethernet-The New Kid on the Block 234

Ethernet Evolving: This Is Not Your Father's Ethernet! 235

Moving Up the Stack 235

Networking Protocols: Moving Up the Stack to Layer 2 235

Networking Protocols: Moving Up the Stack to Layer 3 237

Networking Protocols Today: Summary 242

Networking Protocols for the New Era of Networking 242

VXLAN: A Next-Generation Encapsulation Technology 243

IS-IS: The Evolution of Underlay Routing 249

LISP: The Evolution of Overlay Host Reachability 249

Scalable Group Tags: The Evolution of Grouping and Policy 257

Bringing It All Together: What Next-Generation Protocols Within the Network Allow Us To Build 264

Summary 264

Further Reading 265

Chapter 10 DNA Infrastructure-Virtualization 267

Benefits of Network Function Virtualization 268

CAPEX Benefits of NFV 268

OPEX Benefits of NFV 270

Architectural Benefits of NFV 271

Use Cases for Network Function Virtualization 272

Control Plane Virtualization 272

Branch Virtualization 274

Virtualization to Connect Applications in VPCs 275

Virtualization of Multicloud Exchanges 276

Overview of an NFV System Architecture 278

Hypervisor Scheduling and NUMA 281

Input/Output Technologies for Virtualization 283

Challenges and Deployment Considerations of Network Function Virtualization 289

Performance 289

Oversubscribing the Physical Hardware Resources 290

Optimizing Server Configurations 290

Selecting the Right I/O Technique 291

VNF Footprint Considerations 292

Multi-tenancy and Multi-function VNFs 293

Transport Virtualization 296

Network Segmentation Architecture 297

Policy-based Path Segmentation 299

Control Plane-based Segmentation 302

Summary 305

Chapter 11 DNA Cloud 307

Introduction to the Cloud 308

Cloud Service Models 311

Cloud Deployment Models 312

It's a Multicloud World! 313

DNA for the Cloud 315

DNA Cloud for Applications 316

DNA Cloud for Automation 318

DNA Cloud for Analytics 319

Summary 323

Further Reading 323

Part III DNA Automation

Chapter 12 Introduction to DNA Automation 325

Why Automate? 325

Reduce Total Cost of Ownership 326

Lower Risk 326

Move Faster 328

Scale Your Infrastructure, Not Your IT Department 328

Think "Out of the Box" 329

Simplify Like Never Before 330

Enable Applications to Directly Interact with the Network 330

Is DNA Automation the Same as SDN? 330

Centralized Versus Distributed Systems 331

Imperative Versus Declarative Control 331

The Cisco SDN Strategy 332

Automation Elements 332

Network Programmability 332

Network Controller 333

Network Orchestrator 334

Summary 335

Further Reading 336

Chapter 13 Device Programmability 337

Current State of Affairs 338

CLI Automation 338

SNMP 340

Model-Based Data 340

YANG 341

Protocols 344

Encoding 345

Network Protocols 346

NETCONF 347

RESTCONF 350

gRPC 351

Telemetry 352

gRPC Telemetry 353

Tools 354

Application Hosting 357

Summary 359

Further Reading 359

Chapter 14 DNA Automation 361

The Increasing Importance of Automation 362

Allow the Network to Scale 363

Reduce Errors in the Network 363

Time to Perform an Operation 363

Security and Compliance 364

Current Impediments to Automation 364

Classifying Network Automation Tasks 367

Infrastructure and DNA Service Automation 368

Standard and Nonstandard Automation Tasks 369

The Role of Controllers in DNA Automation 371

Leveraging Abstractions in DNA to Deliver Intent-Based Networking 372

Domain Controllers Versus Control Plane Protocols 375

Automating Your Network with Cisco DNA Center 377

DNA Center Basics 377

Day 0 Operations-Standardizing on Network Designs 382

Standardizing on Network Designs 388

Automating the Deployment of Network Elements and Functions 390

Day N Operations-Automating Lifecycle Operations 394

Summary 395

Further Reading 396

Part IV DNA Analytics

Chapter 15 Introduction to DNA Analytics 397

A Definition of Analytics 397

DNA Analytics 398

DNA Analytics, Opportunities and Challenges 399

Brief History of Network Analytics 400

Why DNA Analytics? 401

The Role of Network Analytics in DNA 402

Summary 404

Chapter 16 DNA Analytics Components 405

Analytics Data Sources 405

DNA Instrumentation 407

Distributed Network Analytics 408

Telemetry 411

Why Telemetry? 412

The DNA Telemetry Architecture 413

Limitations of Today's Telemetry Protocols 413

The Evolution of DNA Telemetry: Model-Driven Telemetry 414

Analytics Engine 416

The Traditional Analytics Approach 416

The Need for Analytics Engines 418

The Role of the Cloud for Analytics 420

Summary 422

Further Reading 422

Chapter 17 DNA Analytics Engines 423

Why a DNA Analytics Engine? 425

DNA Analytics Engines 427

Cisco Network Data Platform 428

Telemetry Quotient 430

NDP Architecture 430

NDP Deployments Modes 436

NDP Security and High Availability 438

Cisco Tetration Analytics 439

It's All About Quality of Data 440

Data Center Visibility with Cisco Tetration Analytics 442

Cisco Tetration Analytics Architecture 444

The Benefits of Cisco Tetration Analytics 446

Summary 448

Further Reading 449

Part V DNA Solutions

Chapter 18 DNA Virtualization Solutions: Enterprise Network Functions Virtualization and Secure Agile Exchange 451

The Cisco Strategy for Virtualization in the Enterprise 452

Cisco Enterprise Network Functions Virtualization 453

Details on Virtualization Hardware 455

NFVIS: An Operating System Optimized for Enterprise Virtualization 459

Virtualized Network Functions 463

Service Chaining and Sample Packet Flows 468

Orchestration and Management 473

485

Virtualizing Connectivity to Untrusted Domains: Secure Agile Exchange 488

Motivation for the Cisco SAE Solution 489

Cisco SAE Building Blocks 492

Running Virtualized Applications and VNFs Inside IOS XE 493

Summary 496

Further Reading 496

Chapter 19 DNA Software-Defined Access 497

The Challenges of Enterprise Networks Today 497

Software-Defined Access: A High-Level Overview 499

SD-Access: A Fabric for the Enterprise 500

What Is a Fabric? 500

Why Use a Fabric? 501

Capabilities Offered by SD-Access 505

SD-Access High-Level Architecture and Attributes 512

SD-Access Fabric Capabilities 515

SD-Access Device Roles 518

SD-Access Case Study 542

SD-Access Case Study, Summing Up 565

Summary 565

Further Reading 567

Chapter 20 DNA Application Policy 569

Managing Applications in DNA Center 570

Application Registry 570

Application Sets 574

Application Policy 576

What Happens "Under the Hood"? 585

Translating Business Intent into Application Policy 586

DNA Infrastructure Software Requirements for Application Policy 589

NBAR2 589

SD-AVC 599

DNA Infrastructure Platform-Specific Requirements for Application Policy 601

Routing Platform Requirements 602

Switching Platform Requirements 613

Wireless Platform Requirements 621

Summary 628

Further Reading 629

Chapter 21 DNA Analytics and Assurance 631

Introduction to DNA Assurance 631

Context 633

Learning 638

The Architectural Requirements of a Self-Healing Network 639

Instrumentation 640

Distributed On-Device Analytics 641

Telemetry 642

Scalable Storage 643

Analytics Engine 643

Machine Learning 644

Guided Troubleshooting and Remediation 645

Automated Troubleshooting and Remediation 645

DNA Center Analytics and Assurance 647

Network Data Platform 647

DNA Assurance 653

Summary 710

Further Reading 710

Chapter 22 DNA Encrypted Traffic Analytics 711

Encrypted Malware Detection: Defining the Problem 712

Encrypted Malware Detection: Defining the Solution 714

ETA: Use of IDP for Encrypted Malware Detection 714

ETA: Use of SPLT for Encrypted Malware Detection 715

Encrypted Malware Detection: The Solution in Action 716

Encrypted Malware Detection: Putting It All Together 719

Summary 720

Part VI DNA Evolution

Chapter 23 DNA Evolution 721







9781587147050 TOC 11/19/2018

Erscheint lt. Verlag 27.12.2018
Reihe/Serie Networking Technology
Verlagsort Indianapolis
Sprache englisch
Themenwelt Technik Elektrotechnik / Energietechnik
ISBN-10 0-13-472401-1 / 0134724011
ISBN-13 978-0-13-472401-0 / 9780134724010
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich