Cisco Connect Toronto 2017 - Your time is now
-
Upload
cisco-canada -
Category
Technology
-
view
209 -
download
4
Transcript of Cisco Connect Toronto 2017 - Your time is now
© 2016 Cisco and/or its affiliates. All rights reserved. 1
Cisco Connect Toronto 2017Your Time Is Now
© 2016 Cisco and/or its affiliates. All rights reserved. 2
CiscoConnect Your Time
Is Now
Dave ZacksDistinguished Engineer, Enterprise Access
Oct. 12th, 2017
Lila RousseauxTechnical Solutions Architect, Cisco Canada
#HighBitRate
Cisco DNA – Deeper Dive,“From the Gates to the GUI”
Dave is a Distinguished Engineer in Cisco’s Enterprise Access group,based in Vancouver, and has been with Cisco for 18 years.
As a DTME within the Enterprise Networks Architecture team, Dave works primarilyon capabilities and solutions that are anywhere from 12 to 36+ months out,helping to define these projects and then assisting as they progresstowards and through design, development, and solution introduction.
Dave has a strong background in, and focus on, customer requirements,and integrating these into the products and solutions Cisco builds.Dave has a special interest in Flexible Hardware and Fabric architectures.
Dave ZacksDistinguished [email protected] @DaveZacks
By Way of Introduction …
Lila RousseauxTechnical Solutions [email protected]
By Way of Introduction …
Lila is a Technical Solutions Architect in Enterprise Networks based in Toronto, Canada. She joined Cisco Argentina in 1999 and moved to Canada in 2002.
In her roles within Cisco, Lila has had the opportunity to work with a varietyof customers: Service Providers, Enterprise, Partners and Commercial;specializing in core Routing, Switching and SDN technologies.
Lila is an advisor for Cisco routing and switching business units providing input inthe strategy around Cisco core products. She got her CCIE certification in 2001 (#6899) and diligently re-certifies every two years! In addition, Lila holds adegree in Computer Science from the University of Buenos Aires.
© 2016 Cisco and/or its affiliates. All rights reserved. 5
Need for Network InnovationPrimer – How ASICs are Designed & BuiltThe Importance of Flexible SiliconUADP – Flexible Switching SiliconLeveraging Flexible Silicon forSoftware Defined Access
Leveraging Flexible Silicon forEncrypted Traffic AnalyticsCatalyst 9K Switches
and Summary Lila
Agenda
Dave
© 2016 Cisco and/or its affiliates. All rights reserved. 6Cisco Public
This is an
ambitiouspresentation
© 2016 Cisco and/or its affiliates. All rights reserved. 7Cisco Public
We are going to try to cover
Cisco Innovationfrom
“The Gates to the GUI”
© 2016 Cisco and/or its affiliates. All rights reserved. 8Cisco Public
No,I don’t mean this
Gates …
© 2016 Cisco and/or its affiliates. All rights reserved. 9Cisco Public
I mean these gates … SILICON Gates
© 2016 Cisco and/or its affiliates. All rights reserved. 10Cisco Public
FromInnovationsinSiliconandSoftware
…
… to Innovationsin Platformsand Solutions
© 2016 Cisco and/or its affiliates. All rights reserved. 11Cisco Public
And Why
TheseInnovationsMatter
© 2016 Cisco and/or its affiliates. All rights reserved. 12Cisco Public
It’s going to be
Quite a Ride
© 2016 Cisco and/or its affiliates. All rights reserved. 13Cisco Public
So
Buckle Up,
and Let’s Get Started!
14© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA and theImportance of Network Innovation
© 2016 Cisco and/or its affiliates. All rights reserved. 15Cisco Public
Innovation inthe network
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Source: Forrester Source: Open Compute Project
Time IT spends on operations80% CEOs are worried about IT strategynot supporting business growth57%
Network Expenses Deployment Speed
0 10 100 1000
Computing Networking
Seconds0
100%
CAPEX OPEX
33% 67%
The Need for AgilityChanging Enterprise Requirements
© 2016 Cisco and/or its affiliates. All rights reserved. 17Cisco Public
Advanced Persistent Threats
Devices per Person3.64
Mobile world requires access to everything everywhere
Mobility
Devices per Admin100K
Agility and NewConsumption Models
Cloud
IoTThings Connected
7.5BUnmanned devicesgrowing at rapid pace
Enterprise Trends Driving Digital Transformation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Users, Device and IOTSegmentation
Enabling Seamless Mobility
Secure Connectivity to the Cloud
Setting Up End-End Security
VLAN 1 VLAN 2 VLAN 3
WAN
Branch A
VLAN 1 Branch A VLAN 3
RemoteVLAN 2
HQ
ACL 1 ACL 2
ACL 2 ACL 3
Traditional Networks Cannot Meet the Demand
© 2016 Cisco and/or its affiliates. All rights reserved. 19Cisco Public
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
You Need a Network that Drives Your Digital Business
Hardware Centric Flexible Hardware,Software Driven
Manual Automated
Piecemeal Security Integrated Security
Network Monitoring Analytics & Insights
Traditional Network The Network. Intuitive.
Cisco is Rewriting the Network Playbook
© 2016 Cisco and/or its affiliates. All rights reserved. 21Cisco Public
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T E N T C O N T E X T
S E C U R I T Y
L E A R N I N G
The Network. Intuitive.Powered by Intent – Informed by Context
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Security
Automation Analytics
Virtualization
Cloud Service Management
Programmable Physical and Virtual infrastructure
Principles
Insights and Experiences
Automation and Assurance
Security and Compliance
Open
API Driven
ProgrammableSoftware Defined Access
Catalyst 9000Flexible Network Hardware
DNA Center
Encrypted Traffic Analytics
Software Subscription Licensing | DNA Advisory, Technical, Support Services
Cisco Digital Network ArchitectureOverview
23© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA and theImportance of Network Hardware
© 2016 Cisco and/or its affiliates. All rights reserved. 24Cisco Public
David GoeckelerCisco SVP,Security and NetworkingCisco Live Las Vegas 2016
Innovation inthe network
ASICs are apillar of Ciscoinnovation …
© 2016 Cisco and/or its affiliates. All rights reserved. 25Cisco Public
Let’s Talk About
ASICs
© 2016 Cisco and/or its affiliates. All rights reserved. 26Cisco Public
What is an ASIC?
“An Application Specific Integrated Circuit is an integrated circuit customized for a particular use, rather than intended
for general purpose use…”
© 2016 Cisco and/or its affiliates. All rights reserved. 27Cisco Public
Why talk ASICs?
© 2016 Cisco and/or its affiliates. All rights reserved. 28Cisco Public
29© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Quick Recap –How Networking Siliconis Designed and Built
© 2016 Cisco and/or its affiliates. All rights reserved. 30Cisco Public
How is an ASIC built?
© 2016 Cisco and/or its affiliates. All rights reserved. 31Cisco Public
ASICs – From Definition to Deployment
© 2016 Cisco and/or its affiliates. All rights reserved. 32Cisco Public
© 2016 Cisco and/or its affiliates. All rights reserved. 33Cisco Public
Discrete transistor MOSFET(metal oxide semiconductor
field effect transistor)
FinFET(fin field effect transistor)
NAND gate
NOR Gate
Universal Gates
… which can be used to build any of the other logic gates …
… mostly used @ 22nm and above
… mostly used @ 16nm and below
… which, when we put millions of them together on a silicon
die, produce a chip!
© 2016 Cisco and/or its affiliates. All rights reserved. 34Cisco Public
Discrete transistor MOSFET(metal oxide semiconductor
field effect transistor)
FinFET(fin field effect transistor)
NAND gate
NOR Gate
Universal Gates
… which can be used to build any of the other logic gates …
… mostly used @ 28nm and above
… mostly used @ 22nm and below
UADP 1.1 191M gates
UADP 2.0 270M gates
Catalyst 3850 mGig
Catalyst 9300, 9400, 9500
© 2016 Cisco and/or its affiliates. All rights reserved. 35Cisco Public
We put a man here …
… using this …
ApolloGuidance Computer
… which was builtfrom nothing but that …
4100 ICs,each of whichcontained asingle 3-input NOR gate
In other words …we put a man on the moon with
less than 10,000 transistors …It takes 7.46 billion transistors to
route your packets!
With the appropriate security, segmentation, QoS, encryption, fragmentation, etc, etc …
Fun Fact!
© 2016 Cisco and/or its affiliates. All rights reserved. 36Cisco Public
© 2016 Cisco and/or its affiliates. All rights reserved. 37Cisco Public
A human hair is
~100,000nanometers
in width
A Perspective
© 2016 Cisco and/or its affiliates. All rights reserved. 38Cisco Public
Red blood cell (7,000 nm)rises to 10th floor
Empire StateBuilding =1454 feetto tip =443 meters
ONE NANOMETER –less than 1/4th of an inch!
… about the same thicknessas three pennieson this scale …
… and we build transistors measured in nanometers …
How SMALLis SMALL?
Sing
le h
uman
hai
r
~ 100,000 nm
… and then we come tothis little pinprick over here …
© 2016 Cisco and/or its affiliates. All rights reserved. 39Cisco Public
ASIC Re-Spin (if needed)
40© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Overview –The Importance ofFlexible Silicon
© 2016 Cisco and/or its affiliates. All rights reserved. 41Cisco Public
Why DoesCisco Develop
Our Own Silicon?
© 2016 Cisco and/or its affiliates. All rights reserved. 42Cisco Public
Why DoesCisco Develop
Our Own Silicon?
Simpler Deployment OptionsBetter Insight and Optimization
Increased SecurityMost Appropriate Scalability
Flexibility and Investment Protectionvia Programmability
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Traditionally the ASICprocessing pipeline is
FIXEDIPv4
IPv6
Traditional Fixed ASIC Processing Pipeline
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
… and has challengeshandling NEW
PROTOCOLS …MPLS
Traditional Fixed ASIC Processing Pipeline
© 2016 Cisco and/or its affiliates. All rights reserved. 45Cisco Public
Flexibility in Networking …
… disconnect with traditional fixed ASIC processing ….
Evolution of Business
Industry Trends – SDN
© 2016 Cisco and/or its affiliates. All rights reserved. 46Cisco Public
© 2016 Cisco and/or its affiliates. All rights reserved. 47Cisco Public
So where canFlexible ASICs help us?
© 2016 Cisco and/or its affiliates. All rights reserved. 48Cisco Public
DNA Flexible Infrastructure – Programmable ASIC Silicon
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Flex Rewrite
Programmable ASICsdeliver
FLEXIBILITY …
Flex Parser
Flexible, Programmable Processing Pipeline
GRE
If IPv7 were invented
tomorrow …
... we could probably handle it via the Programmable
Pipeline!
Flex Counters
Stage 1 Stage 2 Stage 3 Stage n
IPv4
IPv6
VXLAN
MPLS
IPv7
Flexible ASIC Processing Pipeline
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Flex Rewrite
Flex Parser
Programmable ASICsprovide support forTUNNELLING …IPv4
… a task at which Cisco’s Programmable, Flexible ASICs excel!
Tunnelled traffic requires RECIRCULATION …
IPv4VXLAN
High-performance, low-latency recirculation path …Flex Counters
Flexible, Programmable Processing Pipeline
Stage 1 Stage 2 Stage 3 Stage n
Flexible ASIC Processing Pipeline
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Catalyst 3550Circa 2003
60M transistors47,226 lines of code
Catalyst 3750Circa 2008
210M transistors86,220 lines of code
Catalyst 3850Circa 2013
1300M transistors(Latest version: 3 BILLLION transistors)
1,490,000 lines of code
Catalyst 9300 / 9400 / 9500 – 2017
New!
UADP 2.0: 7.46B transistors!2,160,000 lines of code
All Cisco-developed siliconDriving the benefits of vertical integration –Hardware and software working together!
Just like some other famous examples …
ASIC Evolution – Over Time
52© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Networking Innovation –Flexible Switching Silicon …UADP – Unified Access Data Plane
© 2016 Cisco and/or its affiliates. All rights reserved. 53Cisco Public
Latest version –7.46 BILLION
transistors
© 2016 Cisco and/or its affiliates. All rights reserved. 54Cisco Public
Ability to handle current and future protocols – extremely
flexible and capable
Excellent for encapsulations, which
often need recirculation
UADPprovides an
unparalleled degree of Flexibility
in an Access Switch
UADPDesigned for Flexibility
© 2016 Cisco and/or its affiliates. All rights reserved. 55Cisco Public
Parse depthof 256 Bytes
15 programmable stages
Up to 250 frames across stages at one time…
VXLAN as a protocol had not even been invented when UADP 1.0 was designed …
Yet UADP forwards VXLANin hardware, at high performance
in IOS-XE 16.3+ …thanks to Flexibility!
in
VXLAN is a complex protocol …
© 2016 Cisco and/or its affiliates. All rights reserved. 56Cisco Public
UADPUnparalleled Functionality
© 2016 Cisco and/or its affiliates. All rights reserved. 57Cisco Public
GREERSPANCAPWAP
MPLSVXLAN
VXLAN-GPE*, NSH*,and more…
Current, and Possible Future, UADP Use Cases
* Not Committed
© 2016 Cisco and/or its affiliates. All rights reserved. 58Cisco Public
Catalyst 9300 / 9400 / 9500
Enabled by
UADP2.0
© 2016 Cisco and/or its affiliates. All rights reserved. 59Cisco Public
UADP 1.01.3B Transistors
UADP 1.13B Transistors
UADP 2.07.46B Transistors
UADP – Programmable ASIC Family
© 2016 Cisco and/or its affiliates. All rights reserved. 60Cisco Public
UADP 1.01.3B Transistors
UADP 1.13B Transistors
UADP 2.07.46B Transistors
One transistor for everyone in
India …One transistor for everyone in
India, China, US & Canada …
One transistor for
Everyone in the world!
Or Looked At Another Way …
© 2016 Cisco and/or its affiliates. All rights reserved. 61Cisco Public
What does all of thismean for me?
© 2016 Cisco and/or its affiliates. All rights reserved. 62Cisco Public
Cisco Programmable Hardwareequals
FLEXIBILITYADAPTABILITY
Enabling Network Evolution –a critical requirement
for DNA
© 2016 Cisco and/or its affiliates. All rights reserved. 63Cisco Public
Want to Double-click?
BRKARC-3467Cisco Live US 2017, Las Vegas
90 minutes of awesome silicon geekery with Dave and Peter –
this session, ++
64© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Networking Innovation –Leveraging Flexible Siliconfor Software-Defined Access
© 2016 Cisco and/or its affiliates. All rights reserved. 65Cisco Public
Overlay – Flexible Virtual ServicesMobility - Map Endpoints to Edges
Services - Deliver using Overlay
Scalability - Reduce Protocol State
Flexible and Programmable
Underlay – Simple Transport ForwardingRedundant Devices and Paths
Keep It Simple and Manageable
Optimize Packet Handling
Maximize Network Reliability (HA)
Separate the “Forwarding Plane” from the “Services Plane”
IT Challenge (Business): Network Uptime IT Challenge (Employee): New ServicesThe Boss YOU The User
Software Defined AccessThe Power of The Fabric
© 2016 Cisco and/or its affiliates. All rights reserved. 66Cisco Public
Overlay encapsulation (VXLAN)
Fabric Underlay – Forwarding plane• Connects the network elements to each other• Optimized for traffic forwarding (scalability, performance)• Networking constructs like IP, VLANs, live here
Overlay control plane
(LISP)
Underlay
Overlay
Employee
Supplier
Devices
Fabric breaks the dependency between IP address and Policy.In Fabric Polices are tied to User/Device Identity
Fabric brings Policy Simplification
DNA Center – Automation and Assurance• Single User Interface for Fabric Management & Orchestration• Policy definition based on User, Device or App Group• Design, Deploy and Monitoring and Troubleshooting
Fabric Overlay – Services plane• Dynamically connects Users/Devices/Things• IP is an ID not used for traffic forwarding• End to End Policies and Segmentation
What is Unique About SD-Access?VLAN 20
SSID D
VLAN 30 SSID A
SSID C
VLAN 40
VLAN 10
SSID B
© 2016 Cisco and/or its affiliates. All rights reserved. 67Cisco PublicTECCRS-2700 67
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
AutomationApp Policy Infra Control
(APIC-EM)
Identity & PolicyIdentity Services Engine (ISE)
AssuranceNetwork Data Platform
(NDP)
Employees Virtual Network
Group 1 Group 2
IoTVirtual Network
Group 3 Group 4
Contextual Visibility and Troubleshooting
Policy Mobility with no Topology
Dependence
SD-Access Fabric
Stretched Subnets
SD-AccessDNA Center
Integrated Mobility,with User / Device Identity
Solution At a Glance
© 2016 Cisco and/or its affiliates. All rights reserved. 69Cisco Public
Network access in minutes for any user or deviceto any application without compromise
Industry’s first policy based automation from edge-to-cloud
Foundation for Cisco DNA
Broad platform support
Give time back to IT
Why SD-Access?
© 2016 Cisco and/or its affiliates. All rights reserved. 70Cisco Public
Want to Double-click?
BRKCRS-2810Cisco Live US 2017, Las Vegas
Title: Cisco SD-Access - A Look Under the Hood Speaker: Shawn Wargo - Principal Engineer - Technical Marketing
71© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Innovation –
Leveraging Flexible Silicon forEncrypted Traffic Analytics
© 2016 Cisco and/or its affiliates. All rights reserved. 72Cisco Public
38%
62%
Organizations are at risk
Decrypt Do not decrypt
New attack vectors• Employees browsing over HTTPS: Malware infection, covert channel with command and control server,
data exfiltration • Employees on internal network connecting to DMZ servers: Lateral propagation of encrypted threats
cannot detect malicious content in
encrypted traffic
of attackers used encryption to
evade detection
of organizations have been victims of a cyber attack
41%81% 64%
Source: Ponemon Report, 2016
New Threat Landscape
© 2016 Cisco and/or its affiliates. All rights reserved. 73Cisco Public
Catalyst 9K Enables Enhanced Network as a Sensor and EnforcerAnalytics to Identify Malware in Encrypted Traffic Without Decryption & Respond
StealthWatch
pxGridContext & Mitigation
ISE
Machine Learning with enhanced behavior analytics
Encrypted traffic analytics
Analytics indicating Malware in Encrypted Traffic @ 99+% Efficacy
NetworkTelemetry based(No Decryption)
Line Rate Performance
Investment Optimization
SimplifiedManagement
Globally correlated threat intel
Mitigation using ISE & Network
ERSPAN to send traffic for deeper analysis
© 2016 Cisco and/or its affiliates. All rights reserved. 74Cisco Public
Cryptographic Audits
Malware in Encrypted Traffic
Netflow Data: SrcIP, DstIP, SrcPort, DstPort, Proto, #Bytes, #Packets
Intraflow Data: Sequence of Packet Lengths & Times (SPLT), Initial data packet (IDP), Byte Distribution, …
TLS Metadata: Extensions, Ciphersuites, SNI, Certificate Strings, …
Telemetry from Switch Analytics
Primary Use-case Secondary Use-case
Catalyst 9K Enables Encrypted Traffic Analytics
© 2016 Cisco and/or its affiliates. All rights reserved. 75Cisco Public
Make the most of theunencrypted fields
Identify the content type through the size and timing of packets
Initial data packet Sequence of packet lengths and times
Who’s who of the Internet’sdark side
Threatintelligence map
Broad behavioral information about the servers on the Internet.
Bestafera
Google Search
How Can We Inspect Encrypted Traffic?
© 2016 Cisco and/or its affiliates. All rights reserved. 76Cisco Public
Cisco Stealthwatch
Cognitive Analytics
Malware detection and cryptographic compliance
New Catalyst 9K
NetFlow
Enhanced NetFlow
Telemetry for encrypted malware detectionand cryptographic compliance
Enhanced analytics and machine learning
Global-to-local knowledge correlation
Enhanced NetFlow from Cisco’s newest switches
and routers
Continuous Enterprise-wide compliance
Leveraged network Faster investigation Higher precision Stronger protection
Metadata
Encrypted Traffic Metadata
Finding Malicious Activity in Encrypted Traffic
© 2016 Cisco and/or its affiliates. All rights reserved. 77Cisco Public
Want to Double-click?
BRKCRS-1560 Cisco Live US 2017, Las Vegas
Title: Detect threats in encrypted traffic without decryption, using network based security analyticsSpeaker: Sarav Radhakrishnan -Distinguished Engineer
78© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Innovation –
Catalyst 9K Series Family
© 2016 Cisco and/or its affiliates. All rights reserved. 79Cisco Public
Voice
Video
Data
Previous Era
Mobility
Security
Cloud
IOT
New Era
SD-Access
A New Era in Networking
© 2016 Cisco and/or its affiliates. All rights reserved. 80Cisco Public
Converged OSOpen IOS-XE
ConvergedLicensing Catalyst 9300
Lead Fixed Access
Catalyst 9400Lead Modular Access
Catalyst 9500Lead Fixed Core
Built on Cisco’s Innovative UADP ASIC & Open IOS-XE
Converged ASICUADP 2.0
Introducing the Catalyst 9K Family
© 2016 Cisco and/or its affiliates. All rights reserved. 81Cisco Public
Up to 32MBPacket Buffer
Up to 64K x2Netflow RecordsEmbedded CPUs
Shared Lookup
Up to 240GEBandwidth
384K Flex Counters
Up to 2X to 4X Forwarding + TCAM
Universal DeploymentsAdaptable Tables
Enhanced Scale/BufferingMulticore resource share
Investment ProtectionFlexible Pipeline
7.46B Transistors28nm Technology
UADP 2.0 – Next Generation of ASIC Innovation
© 2016 Cisco and/or its affiliates. All rights reserved. 82Cisco Public
© 2016 Cisco and/or its affiliates. All rights reserved. 83Cisco Public
One Release Train
Operational Efficiency, Consistency in Control Plane Behavior,
RAFA(Run Any Feature
Anywhere)Feature Velocity across Platforms
Patch UpdatesWCM/WebUI/SANET/etc sub
package upgrade, Peach of mind for Customers
Trustworthy & Secure PlatformA more Secure Operating System
Image Signing - Authentic OS, Secure Boot - Boot Sequence
Check, HardwareAuthenticity, etc
Comprehensive Programmability
Object based model, Netconf/REST Interfaces
Open IOS-XEBenefits
© 2016 Cisco and/or its affiliates. All rights reserved. 84Cisco Public
PS
Supervisor
Line Card
Chassis/FanTray
Blue Beacon on Every System & Components
Identification of Devices has never been Easier
Catalyst 9K Family – Blue Beacon
© 2016 Cisco and/or its affiliates. All rights reserved. 85Cisco Public
Sample RFID Tag DataSN = 'FOC2109Q023’PID = 'C9500-24Q' VID = 'V00' TAN = '68-100900-02' TAN Rev = '10' CLEI = 'UNDEFINED' Index = '900' Encode = 'SGTIN-198‘Filter = '0‘Partition = '5' Company = '0746320' Built-in Passive RFID
Inventory Management (Tracking) has never been Easier
RFID on Every Deviceand FRUable
Components of Catalyst 9400
Catalyst 9K Family – RFID
© 2016 Cisco and/or its affiliates. All rights reserved. 86Cisco Public
Device Management
File Transfer
cat9k (config)# interface bt0
Accessing the Device has never been Easier* Roadmap
Catalyst 9K Family – Optional Bluetooth
© 2016 Cisco and/or its affiliates. All rights reserved. 87Cisco Public
Catalyst 9300 Series
© 2016 Cisco and/or its affiliates. All rights reserved. 88Cisco Public
Unmatched POEResiliency – Perpetual/Fast High power - 60W UPOE
Flexible ASICUADP 2.0
Powerful CPU complexX86 CPU
4-core 1.8GHz
In-built Memory8GB Memory 16GB Flash
Bluetooth Dongle Support/External Storage(USB 2.0)
Built-in RFID Passive
Most Dense and Flexible Uplink offering4 x 1G, 4 x MGig, 8 x 10G, 2 x 40G
USB ConsoleMini-USB type B
Introducing Catalyst 9300New Generation of Stackable Access
© 2016 Cisco and/or its affiliates. All rights reserved. 89Cisco Public
Stackwise-480 – 8 membersNSF/SSO
External StorageUSB 3.0 Removable storage (120GB SSD)
Intelligent Power managementStackpower
Optional PSPower Supplies (AC+DC)
Redundant Fans
* Roadmap
Stack Cables
Redundant Power Supply
Catalyst 9300 – Back View
© 2016 Cisco and/or its affiliates. All rights reserved. 90Cisco PublicThe Next Level of the Market-Leading Fixed Access Switching Platform
1G Data
1G POE+
mGig UPOE
24 Ports
48 Ports
24 Ports
48 Ports (*)
24 Ports
48 Ports
1G UPOE24 Ports
48 Ports
* Roadmap
Catalyst 9300New Generation of Stackable Access
© 2016 Cisco and/or its affiliates. All rights reserved. 91Cisco Public
Existing Gigabit infrastructure is insufficient to handle .11ac growth beyond
1Gbps
Gigabit Ethernet has been around since 1999 and has now become the bottleneck
Market needs an innovative technology to support >1Gbps
over existing cables
Limited to 1GE!
Cat 5e Cables
WiFi @ 1G>1G
MultiGigabit TechnologyTypical Use Case – Next Gen Mobility with .11ac Wave 2
© 2016 Cisco and/or its affiliates. All rights reserved. 92Cisco Public
Delivers up to 5X Speeds in Enterprise without replacing Cabling Infrastructure
2.5-5G!
Cat 5e Cables
WiFi > 1G
MultigigabitSwitch
MultigigabitCapable AP
Is a game-changing technology allowing enterprise networks to
evolve beyond 1G
Enables 2.5 and 5 Gbps up to 100m on legacy cables
Supports all PoE standardsup to 60W
Cisco Multigigabit with
MultiGigabit TechnologyTypical Use Case – Next Gen Mobility with .11ac Wave 2
© 2016 Cisco and/or its affiliates. All rights reserved. 93Cisco Public
Cable Type
1G 2.5G 5G 10G
Cat5e 100m 100m 100m * NA
Cat6 100m 100m 100m 55 m
Cat6a 100m 100m 100m 100m
Auto-negotiation of All Speeds Supported across All cable Types
Brownfield Deployments Can Leverage Existing Cat5e/Cat6 extending ROI and Support Speeds at 2.5G and 5G up to a distance of 100m*
Greenfield Deployments with Cat6a will Support 10G But Can Also Now Support Speeds at 2.5G and 5G at a Distance of 100m
* 5Gig on CAT5E may be limited to < 100 meter in certain cable configurations
UPoE is supported on 3850 and 4500E
MultiGigabit Cabling Investment Protection
© 2016 Cisco and/or its affiliates. All rights reserved. 94Cisco PublicThe Next Level of the Market-Leading Fixed Access Switching Platform
Line rate on All ports
48 Multigigabit Ethernet Ports (12 x 1G/2.5G/5G/10G + 36 x 100M/1G/2.5G)
UPOE on all ports
* Roadmap
Industry’s First High Density MultiGigabit SwitchNew Generation of Stackable Access
© 2016 Cisco and/or its affiliates. All rights reserved. 95Cisco Public
4x1Gig
SFP
2x40Gig
QSFP
8x10Gig
SFP/SFP+4x1/2.5/5/10Gig
Copper (*)
Uplink Modules supported on all 9300 Copper Models
OIR Supported on all Uplink Modules
Uplink Options on Catalyst 9300
* Roadmap
© 2016 Cisco and/or its affiliates. All rights reserved. 96Cisco Public
For YourReference
Catalyst 9300 Performance Specifications
© 2016 Cisco and/or its affiliates. All rights reserved. 97Cisco Public
Catalyst 9400 Series
© 2016 Cisco and/or its affiliates. All rights reserved. 98Cisco Public
4-Slot* 7-Slot 10-Slot
Power Supply3200W AC3200W DC
Core Linecards24x 10G SFP+
48x1G SFP24x1G SFP
Access Linecards24xmGig + 24xUPOE
48xUPoE48xPoE+48xData
SupervisorSup-1: 80G/Slot Access Optimized
Sup-1XL: 120G/Slot Core Optimized
Redundancy is now Table
StakesIEEE 802.3BT100W PoE
Ready
9Tbps System b/w
* Roadmap
Introducing Catalyst 9400New Generation of Modular Access
© 2016 Cisco and/or its affiliates. All rights reserved. 99Cisco Public
4 - Slot 7 - Slot 10 - SlotSupervisor 2 (Redundant)Line Cards 2 5 8
Ports 96x 10/100/100048 mGig; 56 SFP/SFP+
2x QSFP+
240x 10/100/1000120 mGig; 128 SFP/SFP+
2x QSFP+
384x 10/100/1000192 mGig; 200 SFP/SFP+
2x QSFP+Dimension W:17.5”; D:16.25”; H:6RU W:17.5”; D:16.25”; H:10RU W: 17.5”; D:16.25”; H: 13RU
BW per LC Slot 480G 480G 480GBW between Sup Slots 720G
Power Supply 4 PS (N+1 and N+N) 8 PS (N+1 and N+N) 8 PS (N+1 and N+N)PoE per slot 4,800W
Cooling Side to Side (Front-to-Back for PS)
SLI = Switch Link Interface
High Density 10G Ports, 100G Uplinks
Ready for future higher power PoE devices
Catalyst 9400 – Chassis
© 2016 Cisco and/or its affiliates. All rights reserved. 100Cisco Public
Uplinks:8x 10G / 2x 40G
Line Card Slot BW:7 Slot: 80G10 Slot: 80G (> 150Byte)
720G LCs/Uplinks
MACSec256
2.4Ghz Quad Core x86 CPU
UADP 2.0 XL ASICs
USB 2.0/3.0
16G DRAM and 16G Flash
M.2 SATA SSD (Optional: Upto 1TB)
Catalyst 9400 – Sup-1 Overview
© 2016 Cisco and/or its affiliates. All rights reserved. 101Cisco Public
Fiber (1G/10G)24x 1G/10G TrustSec and MACsec(256)
RJ45 (UPoE)24x 10/100/1000 + 24x 100/1G/2.5G/5G/10G48x 10/100/1000 PoE/PoE+/UPoETrustSec and MACSec(256)
RJ45 (Data)48x 10/100/1000TrustSec and MACSec(256)
48x 10/100/1000 Data
48x 10/100/1000 UPoE24x 1G + 24x mGig UPoE
24x SFP/SFP+
Catalyst 9400 – Line Cards
© 2016 Cisco and/or its affiliates. All rights reserved. 102Cisco Public
For YourReference
Catalyst 9400 – Sup-1 Performance Specifications
© 2016 Cisco and/or its affiliates. All rights reserved. 103Cisco Public
Catalyst 9500 Series
© 2016 Cisco and/or its affiliates. All rights reserved. 104Cisco Public
Next Gen High Speed Campus Aggregator
Depth: 21.8”Height:1RU
All ports Non-blockingUp to 128 MB Packet Buffer per Core
QSA adapter Support*
Internal Storage : 16GBExternal Storage : 1xUSB 2.0 (front) , 1xUSB 3.0 (back)
* Roadmap
Built-In RFIDBulit-in Blue Beacon
Powerful CPU complexIntel X86 CPU Quad-core 2.4GHz16 GB Memory
Introducing Catalyst 9500New Generation of Fixed Campus Core & Aggregation
© 2016 Cisco and/or its affiliates. All rights reserved. 105Cisco Public
Font to Back Airflow
Faster External Storage: USB
3.0, Up to 128 GB Redundant 1+1 950W AC PSU
Redundant N+1 Fans
Catalyst 9500 – Back View
© 2016 Cisco and/or its affiliates. All rights reserved. 106Cisco Public
Catalyst 9500-40X40 ports of 10G SFP+ andNM: 2 x QSFP or 8 x SFP+
Catalyst 9500-12Q12 ports of 40G QSFP
Catalyst 9500-24Q24 ports of 40G QSFP
Modular Power SuppliesModular Fans Modular Uplinks
Catalyst 9500 – Optimized for Enterprise Deployments
© 2016 Cisco and/or its affiliates. All rights reserved. 107Cisco Public
Uplink Modules supported on C9500-40X SKU
OIR Supported on all Uplink Modules
8 x 10G SFP+ 2 x 40G QSFP
Catalyst 9500 – Uplink Options
© 2016 Cisco and/or its affiliates. All rights reserved. 108Cisco Public
Core/Aggregation
9500 9500
9300
Network system virtualization in core/aggregation
Physical Stack Logical Stack
Distribution
SW-1 SW-2
Catalyst 9k Catalyst 9k40G/10G
Access
Core
Core
StackWise Virtual Architecture Available today in Catalyst 9500-24Q
© 2016 Cisco and/or its affiliates. All rights reserved. 109Cisco Public
For YourReference
Catalyst 9500 – Performance Specificatons
110© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
C9K Technology Innovations
© 2016 Cisco and/or its affiliates. All rights reserved. 111Cisco Public
Result
Malware Installed
Boot loader corrupted
Cisco Defenses
Management Plane ProtectionsRecovery Mechanisms
Secure StorageSecure Boot
Run Time Defenses
Integrity Verification
Attack Surface Reduction
Authentication
Strong Crypto
Audits & Logging
Signed Images
Modified OS
Binaries
In-Memory Modifications
ROMMON changes
Infection Method
ExploitedVulnerability
Compromised Credentials
Why Trustworthy Systems?
© 2016 Cisco and/or its affiliates. All rights reserved. 112Cisco Public
© 2016 Cisco and/or its affiliates. All rights reserved. 113Cisco Public
Converging Building Systems will expand customer choice
Disparate Building Services
Single ConvergedIP Network
Robust Security
Enhanced Network as a SensorSegmentation & policy with SD-Access
Resilient Infrastructure
Power HA & UPOE scaleOptimized for mGig Access
Table Sizes, Buffer, Memory, RoutesScalable Operation
Faster MAC Learning & scale with x86
Extend Trust DomainDigital BuildingCoAP for IoT covergence
Catalyst 9K Innovations Enable IoT Convergence
© 2016 Cisco and/or its affiliates. All rights reserved. 114Cisco Public
Perpetual UPOE
• Uninterrupted POE power during control plane reboot
2-event classification
Fast power negotiation without LLDP
Physical layer negotiation < 1s
Fast UPOE
Bypasses IOS control plane boot
Restores power to PD within 30sec of power resumption
Catalyst 9300 delivers a robust low voltage Infrastructure
Cisco Innovations – Leadership in PoE FeaturesCatalyst 9300
© 2016 Cisco and/or its affiliates. All rights reserved. 115Cisco Public
Device Bootstrap and Onboarding
Server Management Tools on x86 Infrastructure
Configuration Automation through Open Interfaces
YANG
OpenConfig
ZTP
PnP
Open BootLoader
Catalyst 9K Offers Complete DevOps Toolkit
B
Catalyst 9K Family – Programmability & Automation
© 2016 Cisco and/or its affiliates. All rights reserved. 116Cisco Public
x86 enables hosting containers and 3rd party apps
KVMLXC
CPU Storage Containers
x86 CPU
Example 3rd Party Apps
* Roadmap
Catalyst 9K Family – Containers & App Hosting
© 2016 Cisco and/or its affiliates. All rights reserved. 117Cisco Public
Up to 1 TB Up to 120 GB
SATA SSD Storage USB 3.0
For Local Logging – 3rd Party App Hosting - Containers
Catalyst 9K Family – External Storage Options
© 2016 Cisco and/or its affiliates. All rights reserved. 118Cisco Public
Want to Double-click?
BRKARC-2035Cisco Live US 2017, Las Vegas
Title: The Catalyst 9000 Switch Family - An Architectural ViewSpeaker: Muhammad Imam - Sr. Manager Technical Marketing
119© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Summary
© 2016 Cisco and/or its affiliates. All rights reserved. 120Cisco Public
From the Hardware …
… to the Software andProtocols, with Integrated Security …
to the Whole Solution …
Cisco Innovations – In Hardware, Software, and Solutions – Tie It All Together
“From the Gates – to the GUI”
Innovation All The Way Up the StackHardware, Software, and Solutions
Thank you.