Catalyst 6800, nouveau cœur de réseau pour nouveaux usages

Petit-déjeuner – 24 juin 2014 Catalyst 6800 – Nouveau cœur pour nouveaux usages

Jean-Louis TILLET

Vincent MAKOWSKI

Jérôme DURAND

http://reseauxblog.cisco.fr

http://ipv6blog.cisco.fr

Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

9H30 – 10H – Nouveaux usages dans l’entreprise

10H – 10H45 – La nouvelle famille catalyst 6800

10H45 – 11H30 – Services avancés pour le cœur du réseau

11H30 – 12H – Démos Instant Access (dans le lounge)

Agenda


Jean-Louis TILLET


More Video Viewing

79% of All IP Traffic

Faster Broadband Speeds

2.6-Fold Speed Increase

More Devices

21 Billion Connections

More Internet Users

4 Billion Internet Users

Traffic & Service Adoption Drivers, 2013–2018

Growth Catalysts


Global IP Traffic by Device Type By 2018, Non-PC Devices will Drive 57% of Global IP Traffic

Exabytes

per Month

0

20

40

60

80

100

120

140

2013 2014 2015 2016 2017 2018

Non-Smartphones (0.1%,0.1%)

Other Portable Devices (0.1%,0.4%)

M2M (0.4%,2.8%)

Tablets (2.2%,14.0%)

Smartphones (3.5%,16.3%)

TV (26.5%,23.6%)

PCs (67.2%,42.8%)

21% CAGR

* Figures (n) refer to 2013, 2018 device traffic share

Source: Cisco VNI Global Mobile Data Traffic Forecast, 2013–2018


Average Global Traffic per Device (2013- 2018) / Month

= Tablet

Ultra High Definition TV

Laptop/PC

Internet Set-Top or Dongle

4.0 - 18 GB

= 22.9 – 26,3 GB*

22.7 – 39,2GB

= 8.0 GB …

* Includes IP VoD Traffic

Source: Cisco VNI Global IP Traffic Forecast, 2013–2018

=

= Smartphone 1.0 – 5,4 GB

= M2M Module 78 - 514 MB


Global IP Video Traffic Growth IP Video Will Account for 79% of Global IP Traffic by 2018

Source: Cisco VNI Global IP Traffic Forecast, 2013–2018

Petabytes

per Month

0

20 000

40 000

60 000

80 000

100 000

120 000

140 000

2013 2014 2015 2016 2017 2018

Gaming (0.05%, 0.09%)

File Sharing (13%, 6%)

Web/Data (21%, 15%)

IP VOD (23%, 19%)

Internet Video (42%, 60%)

21% CAGR 2013–2018

* Figures (n) refer to 2013, 2018 traffic share


The Network Effect of the Beautiful Game

Global IP streaming and digital broadcast of the World Cup is estimated to drive 4.3 Exabytes…

…Nearly 3X the amount of current monthly broadband traffic for Brazil


32 to 209

times

the

bandwidth


Proliferation

of Devices

Users/ Machines

VDI | IaaS

Private Cloud

Public/Hybrid Cloud

SaaS/IaaS

NETWORK THE

Storage

Database

How Application are Consumed How applications are Delivered Type of applications

Drastic Change in Application Type, Delivery, and Consumption


Changing Role of IT

Business Implications

Technology Transitions

Agility & Speed Growth &

Innovation

Security & Privacy

Mobile New Breed

of Apps Cloud

New Business Models

Experience Expectations

Data & Analytics

Internet of Things


Customer expectations are changing

Less time to deploy technology and

deliver new business capabilities 4X Deployment time advantage of

Salesforce Sales Cloud vs. Siebel

CIO function as a revenue

driver, not cost center 66% CIOs who cite business strategy and driving

business innovation as the top priority

Automation to improve productivity 51% CIOs prioritizing improving IT staff

productivity and operational efficiency as

top goal in next 3 years

Cisco Confidential 13 © 2013 Cisco and/or its affiliates. All rights reserved.

70-80%

Maintenance

IT Budgets

Funded

New

Projects

Missed Business

Opportunities

Today’s CIO Challenge Managing Growing Demand for IT Projects


Source: A commissioned study conducted by Forrester Consulting for Cisco Systems, 2012

MONITORING, TROUBLESHOOTING

SECURITY CONFIGURATIONS

INITIAL INSTALL, CONFIGS, TESTING

UPGRADING EQUIPMENT


Services

Infrastructure

Platform

Applications

Application Interfaces

Infrastructure Interfaces

New Business Models Partner Ecosystem

Model for Next Generation IT


Vincent Makowski


17

Rappel sur la famille 6500

6716 6716

6704 6708

Fiber 6724

6748

Copper 6748

NAM-3

ASA-SM

WiSM2

6503-E 6504-E 6506-E 6509-E 6509-V-E 6513-E

40G/Slo

t

6816

6816

6904

80G/Sl

ot

6908

CFP-LR4 CFP-SR4 CVR-4SFP

Fiber

6824

6848

Copper 6848


SUP720 SUP2T

96K 128K

L2 MAC Table 16K

TrustSec / SGT Bridge Domains Yes

VNET Trunk (EVN) – Yes

40G Interfaces – Yes

System Bandwidth 720 Gbps 2 Tbps

L3 Interfaces 4K 128K

NetFlow Table 128K/256K 512K/1M

Flexible NetFlow – Yes

Hitless ACL Updates 32K Yes

Medianet 2.2 Yes (low) Yes (high)

VPLS / A-VPLS Requires WAN

Module Yes (Native on PFC4)

VSS Quad Sup SSO – Yes

Sup2T Overiew

Scalability Enhancements BYOD and Collaboration with Supervisor 2T 4X Scalability

3X Performance

New PFC4 Featuring

Improved Levels of

Performance and Scalability

Along with New Enhanced

Hardware Features

USB-Based

Console Support

Connectivity Management

Processor (CMP)

New MSFC5 Supporting

Dual Core CUP and Single IOS

Image

Improved Switch Fabric

Providing 80G/Slot


…….. 2000 …….. 2005 …….. 2010 …….. 2015 …….. 2020+

Sup1A Maintain Support

Sup2 Maintain Support

Sup720-3B

Sup2T: Next-Generation Supervisor

EoS

EoS

12 years

12 years

Sup32

Sup720-10G (VSS Enabled)

EoL

EoL

Sup720-3A Maintain Support EoS EoL 12 years

EoS

EoL

End of Sale

End of Life

End of Support

Supervisor 2T FCS June 2011

Cisco Catalyst 6000 Supervisor Lifecycle to 2020+

Maintain Support

EoS

EoL 12 years

Maintain Support EoL 12 years


Cisco Catalyst 6800

Catalyst 6807-XL, 6880-X, 6800ia

Next Gen 10/40/100G Backbone Services

INVESTMENT PROTECTION

Ré-utilisation des cartes du chassis 6500

INNOVATION

Densité 10G/40G/100Gbps*

jusqu’à 880G/Slot

Capacité Globale de 11.4 Tbps

SIMPLICITE

Instant Access

Carte de Services

Programmabilité via onePK (SDN) * Roadmap


Introduction au nouveau Chassis 6807-XL Modularité et Performance

7 Slots10 RU

Investment protection!

Compatible with Sup2T, 6700, 6800,

6900

and latest service modules

Backwards compatible backplane

connectors

Catalyst 6500 DNA

Low-power and noise

High-efficiency fans

Up to 4 (N+1) power supply

redundancy

3000W AC

Up to 880G/Slot capable

Next-generation ready

Side-to-side air flow

(redirectable via airflow baffles)


22

6500-E with Sup720 6500-E with Sup2T 6807-XL with Sup2T

6900 Series Cards

6800 Series Cards

WS-X6716-10G/T With WS-F6K-DFC4-E With WS-F6K-DFC4-E

WS-X6708-10G

WS-X6704-10GE (w/ DFC3) With WS-F6K-DFC4-E With WS-F6K-DFC4-E

6700 Series 1GE (w/ DFC3) With WS-F6K-DFC4-A With WS-F6K-DFC4-A

6700 Series w/ CFC

6100 POE Cards

Service Modules *

WAN Cards

Future 32x10G / 4x100G

Catalyst 6500-E and 6807-XL Support Matrix for Different Modular Platforms

* NAM-3, ASA-SM, WISM-2, ACE30


WS-X6816-10G-2T WS-X6904-40G-2T WS-X6908-10G-2T

Max Throughput: 80G

Optics: X2

Egress Buffers/port: 256 MB

Features:

Full-feature L2/L3 module with

MPLS, VPLS. IPv4/IPv6

capabilities, 1M+ IPv4 Routes,

1M NetFlow

Additional Hardware

Features:

Large Buffers, SGT, MACSec,

LISP

Ideal for: Campus Aggregation and

Core

80G

CFP, SFP/SFP+

21 MB




1M NetFlow

10G flexibility, SGT, MACSec,

LISP, Dual Priority Queues, Two

Level Shaping, Instant Access

Campus Aggregation and

Core

40G

X2

90 MB




1M NetFlow

Campus Aggregation

Catalyst 6500 10G Portfolio Providing Deployment Options


Flexibilité 10G/40Gbps

WS-X6904-40G / 40GXL-2T dCEF2T – 80 Gig/slot 4 ports CFP 40GE ou 16 ports 10GE SFP+ 2 x 40Gb Connexions au Switch Fabric DFC4 / DFC4XL intégrées Supporte Cisco TrustSec sur tous les ports Supporte VSL sur tous les ports


The New Catalyst 6880-X C6K-Based “Extensible” Fixed Platform

Up to eighty 1G/10G ports

or twenty 40G ports*

Fixed module sixteen

10/100/1000/10G

or up to four 40G X86 2 GHz CPU

4 GB DRAM

Sixteen 10/100M, 1/10G or up to

four 40G ports

MACsec, VSS, instant access,

MPLS, VPLS, LISP, SGT, 1588(*)

capable on every port

Low power

Low noise fans

Platinum EFF

Redundant AC and DC

PS


26

Catalyst 6880-X Base Board & System Controller

* Under Investigation

16 x SFP+ Ports: VSS, IA (FEX),

LISP, MPLS, HQoS,

MACSEC, SGT,

1588 PTP & AVB*

available on Every Port

Enhanced Control-Plane Scale with new X86 2.0GHz Dual Core CPU

USB Host (Type A)

USB Console (Type B)

RJ-45 Console and

Management Ports

Two HW Options 6880-X-LE 6880-X

IPv4/v6 Routing Capability 256K/128K 2M/1M

Multicast Routes (IPv6) 64K 256K

Number of Adjacencies 256K 1M

MAC Addresses 128K 128K

L3 Interfaces 128K 128K

Security and QoS ACL 64K 256K

Flexible NetFlow 512K 1M

Microflow Policers 512 512

Aggregate Policers 8K 8K

Forwarding

Daughter Board

System

Base Board

* Roadmap


27

16-port SFP+ Multi-rate Port Card Supports between 10Mbps – 40Gbps

Two Versions Standard (LE) Large Tables

FIB Table v4/v6 256K/128K 2M/1M

NetFlow Table 512K 1M

Security ACL Table 64K 256K

Port Buffering 24MB / Port 24MB / Port

Port Speed & Type Number of Ports

10/100/100 Mb/s Copper 16 (GLC-T SFP)

1 Gb/s Fiber 16 (SFP)

10 Gb/s Fiber 16 (SFP+)

40 Gb/s Fiber 4 (SFP-QSFP*)

MacSec, FEX, LISP, VSS, SGT, 1588 Capable on Every Port

Forwarding

Engine

Daughter Board

Port Card

Base Board

Port Card

Status LED

Port Card

ID LED 16 x 10/1G

SFP Ports

Port Status

LED

Ejector

Lever

* Roadmap


Catalyst Instant Access Client 6800ia

48 x 1G RJ45 Ports

Catalyst 6500 features at

access

2 x 10G SFP+

Uplink Ports Data and

PoE/PoE+ Options

Stackable up to

three members at

FCS

System and Status LEDs

RPS connector


No More Repetitive Operations

IT Spends Most of Their Time in Repetitive Operational Actions for Access Switches

28% Monitoring,

troubleshooting

19% Security

configurations

18% Initial install,

configs, testing

14% Upgrading

equipment

Source: A commissioned study conducted by Forrester Consulting for Cisco Systems, 2012

Introducing

Instant Access

Simple Install & Connect


SDP

SRP

SCP

Instant

Access

Client

Instant

Access

Client

VSL

LACP or

PAGP

LACP or

PAGP

Access

Switch Access

Switch

VSL

Access

Switch Access

Switch

LACP or

PAGP

Cisco Catalyst Instant Access


Benefits of Instant Access

SDP

SRP

SCP

Instant

Access

Client

Instant

Access

Client

VSL

Simplifies operations via single point of management,

configuration, troubleshooting across distribution and access block

Catalyst 6500 features at access

Consistent features and agile infrastructure across access layer


Fabric Link

Connect Switches STACKING POE+

Instant Access (IA) Satellite Capabilities Key Differences From Nexus FEX (Fabric Extender)

Spanning-tree bpduguard

Disable


Catalyst Instant Access Components

Supervisor 2T WS-X6904-40G 6880-X*

6500E 6807-XL*

• 10G uplink ports, POE+ Support • Integrated Stacking module

Catalyst 6800ia

* 6807-XL and 6880-X will be available in Q4CY13.

Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia

Config on Parent

interface Port-channel4 fex associate 101 interface Port-channel5 fex associate 102 interface Port-channel6 fex associate 103 interface Gig 101/1/0/1 switchport mode access span-tree port fast span-tree bpduguard enable


Enterprise Network – 3000 ports example C

ore

A

ggre

gation

A

ccess

Number of Managed Devices = 68

Access Devices = 60

Distribution Devices = 6

Core Devices = 2


Enterprise Network – with stacking C

ore

A

ggre

gation

A

ccess


Access Devices = 20


Core Devices = 2


Enterprise Network – With VSS and stacking C

ore

A

ggre

gation

A

ccess


Access Devices = 20


Core Devices = 1


Enterprise Network – with Instant Access C

ore

A

ggre

gation

A

ccess



Catalyst Instant Access Phase-1 Scalability

38

Maximum Client Node User Ports 1008

Maximum FEX ID’s 12

Maximum Client Switches 21

Maximum Clients in Stack 3

Maximum User Ports in Stack 144

Client Node ID is a single client or a stack. If using

individual clients max of 12 switches supported.

7 144 3 1008

10 96 2 960

5 192 2 960

3 288 3 864

12 48 0 576

Most optimum where

IDF has 96 or greater

Single Client IDF’s support

fewer overall ports


Catalyst Instant Access Fabric Link Connectivity Scenarios – Dual Homed to VSS Pair

39

Dual Homed to

VSS Pair

SiSi SiSi

Dual Homed across

Stack Members

SiSi SiSi

Up to 6 uplinks(60G) MEC across Client to Parent

SiSi SiSi

Recommended Design


Jérôme DURAND


Catalyst 6k – Une innovation inégalée sur le cœur

AutoQoS

BGP

DHCP EoMPLS

FHRP

Flexible Netflow

IPv6

MPLS LDP

VSS

Multicast

MPLS – TE, VPN

WCCP

HW based NAT

Object Group ACL

HW Based GRE

VRF Aware NAT

Mini Protocol Analyzer


43

VSS Quad-Sup SSO Now Available on C6807-XL with Instant Access

VSS Switch 1

(SSO – Active)

In-Chassis Active

In-Chassis Standby

[Standby Hot

(Chassis)]

In-Chassis Standby

[Standby Hot

(Chassis)]

STANDBY HOT (CHASSIS) is a new redundancy mode created for the VSS ICS

Supervisor

STANDBY HOT (CHASSIS) mode allows the ICS Supervisor to operate in a separate RF/CF (SSO) Domain,

while maintaining the Traditional RF/CF (SSO) Domain between VSS chassis.

Instant Access support for VSS Quad-Sup SSO with 6807-XL was added in 15.1(2)SY2

VSS Switch 2

(SSO – Hot Standby)

In-Chassis Active

C6807-XL & Sup2T IA with 15.1(2)SY2


44

IP FRR - LFA Process-independent IGP sub-second convergence

IP Fast Re-Route & Loop Free Alternate • Based on pre-selection of a backup path, other than the primary next hop

Provides local protection for unicast traffic (IP and MPLS/LDP) in the event of a single failure, whether Link, Node, or Shared-Risk Link-Group (SRLG)

FIB pre-installs the backup path in hardware Data-Plane • Traffic is redirected to the LFA immediately upon failure

An LFA takes forwarding decision without knowledge of the failure

Primary Path

Repair Path

Primary

Next-Hop

Calculating

Node

router ospf 1

router-id 10.1.1.1

fast-reroute per-prefix enable prefix-priority low

network 10.0.0.0 255.255.255.255 area 0

…

Router#sh ip route 10.7.7.7

Routing entry for 10.7.7.7/32

Known via ”ospf 1", distance 115, metric 12, type inter area

Redistributing via bgp 6800

Last update from 10.2.4.4 on Port-channel1, 1w0d ago

Routing Descriptor Blocks:

* 10.1.2.1, from 10.1.2.1, 1w0d ago, via Port-channel1

Route metric is 12, traffic share count is 1

Repair Path: 10.1.3.1, via Port-channel2

Router#


Multicast only Fast Re-Route (MoFRR) Sub-Second Multicast Convergence

Source

M

Backup

Path

Primary

Path

M

M

J

J

J

J FAIL

J

J

J

J

M

M

M

M

M

RPF DROP

Primary

PIM Joins

Secondary

PIM Joins

Discard

Duplicates

Primary

Stream

Secondary

Stream

PIM

IGMP

MoFRR Operation

1 MoFRR sends PIM Joins on both

the Primary & Secondary ECMP

2 This builds a Primary & Secondary

Stream, and Duplicate Packets are

sent to LHR * over both Paths

3 LHR sends the Primary Stream,

and discards Duplicate Packets

from the Secondary Stream

4 If the Primary Path fails, MoFRR

begins sending Secondary Stream

for Immediate Convergence KEY BENEFITS

MoFRR can achieve

~200ms convergence by

prebuilding an alternate

Multicast tree

MoFRR convergence

is Independent

from Unicast Routing

convergence

MoFRR leverages Multicast S,G

Load-Balancing

Receivers

* LHR=Last-hop Router

IPv4 15.1(2)SY Sup2T


Address Translation NAT / PAT & MSR in Hardware

IOS Support for NAT / PAT & MSR with IPv4 & VRF

NAT64 & DNS64 with ASA-SM

Network / Port Address Translation

NAT /

PAT Web

Server

Inside

CAT6

K

ip nat pool NAT 64.16.10.1 64.16.10.63 prefix 24

ip nat inside source list 64 pool

!

access-list 64 permit 10.10.10.0 0.0.0.255

!

interface GigabitEthernet1/1

ip nat inside

!


ip nat inside

Public Unicast

Traffic

Private Unicast Traffic

interface

GigabitEthernet2/1

ip nat outside

Outside

LAN

10.10.10.1 ,

69.83.10.120

64.16.10.1 ,

69.83.10.120

Multicast Service Reflection

MSR

Web

Server

Inside

CAT6

K

interface Vif1

ip address 80.1.1.100 255.0.0.0

ip pim sparse-mode

ip service reflect destination 239.1.1.10 mask-len 32

ip igmp static-group 228.1.1.10 source 83.1.1.10

!


ip pim sparse-mode

!


ip pim sparse-mode

Public Unicast

Traffic

Private Unicast Traffic

interface

GigabitEthernet2/1

ip pim sparse-mode

Outside

LAN

80.1.1.100 , 239.1.1.10

83.1.1.10 , 228.1.1.10

Vif1


Segmentation The Challenge of Traditional Security Enforcement

Distribution

Core

Data Center

Identity Service Engine

Directory

Service

WLC

permit tcp 3.1.1.1 100.1.1.1 eq https

permit tcp 3.1.1.1 100.1.1.1 eq 8081

deny ip 3.1.1.1 200.1.1.2


permit tcp 2.1.1.1 150.1.1.1 eq 8081

permit tcp 2.1.1.1 150.1.1.1 eq 445

deny ip 2.1.1.1 200.1.1.2


permit tcp 3.1.1.1 100.1.1.1 eq 8081

deny ip 3.1.1.1 200.1.1.2


permit tcp 2.1.1.1 150.1.1.1 eq 8081

permit tcp 2.1.1.1 150.1.1.1 eq 445

deny ip 2.1.1.1 200.1.1.2


deny ip 1.1.1.1 100.1.1.2


deny ip 1.1.1.1 100.1.1.2


deny ip 1.1.1.1 200.1.1.1


deny ip 1.1.1.1 100.1.1.2


deny ip 1.1.1.1 100.1.1.2


deny ip 1.1.1.1 200.1.1.1

permit tcp any 200.1.1.1 eq https

permit tcp any 200.1.1.1 eq 8081

deny ip all




deny ip all


deny ip all

Access Control with

IP Access Control Lists

• Topology-based

• Manual configurations

• Error prone

• Unscalable

• Difficult to maintain

VLAN 10 IT

3.1.1.1 VLAN 20 Finance

2.1.1.1 VLAN 30 Doctor

1.1.1.1 VLAN 99

Doctor or IT or

Finance ?

99.1.1.1

VLAN 99

Doctor or

IT or Finance ?

98.1.1.1 VPN


Cisco TrustSec Domain

SGT SGT SGT SGT SGT

cts role-based permissions from 10 to 111 permit tcp dst eq 443 permit tcp dst eq 80 deny ip

SGACL Enforcement

Segmentation Security Group Tagging (SGT) and SGACL

Identity Service Engine

SG Tag Imposed to Incoming Traffic

Device-

Aware

1

1

Identity-

Aware Security

Group

Doctor

Doctor Corp PC Doctor

Personal PC Doctor

IP Phone NA Voice

SGA is ingress tagging and egress enforcement


Ethernet point-to-point and multi-point L2VPN services Supervisor2T supports VPLS, A-VPLS & H-VPLS natively

H-VPLS increase scalability of VPLS by partitioning the network

A-VPLS greatly simplifies VPLS deployment & management

NetFlow VPN Support Sup2T adds the VPN_ID as part of the Netflow Key.

MPLS, VPLS, VRF-LITE

VRF aware NetFlow

VRF aware NAT

LIF Benefits for VRF with EVN The same VLAN # can be reused on

different L3 sub-interfaces belonging

to different physical interfaces.

Sup2T Virtualization Enhancements

interface GigabitEthernet1/1.1

encapsulation dot1Q 11

ip vrf forwarding vrf1

ip address 10.1.1.2 255.255.255.0

…

interface GigabitEthernet1/2.1


ip vrf forwarding vrf1

ip address 10.0.1.2 255.255.255.0


Transport Payload Feature names Target

Ethernet Layer 3 VRF-Lite

EVN

Campus

Small number of VPNs

MPLS

Layer 2 AToM (EoMPLS)

VPLS

Campus

DataCenter Interconnection

Layer 3 MPLS-VPN Large Number of VPNs

Campus and/or Providers

IP

Layer 2 L2VPNomGRE

VPLSoGRE DataCenter Interconnection

Layer 3 MPLS-VPN over mGRE

LISP Campus and/or Providers

Network Virtualization Options


Virtualization made simple EVN – Easy virtualization

• LAN Trunks

• Significant configuration simplification

• VRFs are pre-provisioned on Trunk

• Route Replication

• IGP based Shared Services / BGP not required

• Enhanced Troubleshooting and Usability

• routing-context, traceroute, debug condition, cisco-vrf-mib

VRF VRF

Global

VRF VRF

Global

802.1Q


VRF-Lite Subinterface Config VNET Trunk Config interface TenGigabitEthernet1/1

ip address 10.122.5.1 255.255.255.252

ip pim query-interval 1

ip pim sparse-mode

logging event link-status

interface TenGigabitEthernet1/1.101

description Subinterface for Red VRF


ip vrf forwarding red

ip address 10.122.5.1 255.255.255.252


ip pim sparse-mode

logging event subif-link-status

interface TenGigabitEthernet1/1.102

description Subinterface for Green VRF


ip vrf forwarding green

ip address 10.122.5.1 255.255.255.252


ip pim sparse-mode

logging event subif-link-status

interface TenGigabitEthernet1/1

vnet trunk

ip address 10.122.5.2 255.255.255.252


ip pim sparse-mode

logging event link-status

Global Config: vrf definition red

vnet tag 101

vrf definition green

vnet tag 102

Both Routers Have VRFs Defined VNET Router Has Tags

EVN VNET Trunk

Virtualization made simple EVN – Easy virtualization


57

Cloud requires Application Visibility and Control

App Visibility

& Control

Flexible NetFlow (FnF)

Priority Queuing

Microflow Policing

Media Services (MSI & MSP)

Auto SmartPorts

SPAN, RSPAN, ERSPAN

Integrated Wire Shark

SGT & MACSEC

Example Challenges

• What is the average IPv4 TCP traffic load?

• Does this building use more L2 or L3 traffic?

• How do I identify who is watching Youtube?

• Can I easily create a Video QoS Policy?

• Will I be able to limit the amount of traffic?

AVC Solutions

• Monitor TCP & UDP with Flexible Netflow

• Build utilization graphs from Netflow Export

• NBAR can distinguish L7 application types

• Use Metadata to build QoS & FnF policies

• Traffic-Shaping & HQoS optimize resources


Priority Queuing & LLQ

Aggregate Policing

Metadata QoS & FnF

AVC with WISM2

Mini Protocol Analyzer (MPA)

SPAN, RSPAN, ERSPAN

SGT & MACSEC


Traffic Shaping & HQoS

Metadata QoS & FnF

Enhanced Object Tracking

NBAR2 with NAM-3

Mini Protocol Analyzer (MPA)

SPAN, RSPAN, ERSPAN

SGT & MACSEC


58

WLAN Controllers Access Switches

Cisco Prime Infrastructure

NAM-3 Backbone Switches

Application Visibility and Control Offering Wired and Wireless Application Insight and Control


59

Flexible NetFlow (FnF) How can it really help me?

Internet

NAM

Prime

Data Center Branch

IPv4 IPv6 L2

MAC

L2

VLAN

UDP

Flags

TCP

Flags MPLS Multicast …

DoS Attack

Anomaly Detect

Compliance

IP SLA

Capacity Planning

Flexible NetFlow

Collector Ecosystem

FnF Benefits

• Lower CapEx Better insight for capacity planning, network upgrades and compliance

• Lower OpEx Better service and user experience,

Increased IT staff productivity

FnF Capabilities

• Deep app visibility with L2 – L7 fields

• Flexible flow Monitors & Records

• Scalable flow Collection & Export

• Customizable policy action with EEM

• Simple to deploy with NAM3 & Prime

Campus

App Visibility

http://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ

http://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQ


Catalyst 6500 Network Analysis Module (NAM-3) Software Release 6.0 & 6.1

Superior Service Delivery in the Campus

Network Clients

Client Network

Application Servers

NAM-3

APPLICATION AWARENESS L2-L7 Application Visibility (NBAR2)

NETWORK INTELLIGENCE CAPWAP, Trustsec SGT, LISP, …

PACKET ANALYTICS Event-based On-Demand

Captures

Advanced Packet Decoder

Performance Analytics

Application Intelligence


61

6904 Support for two Level HQOS Policy (Replace SIP-400, ES+ 1G, 10G Ports with 6904)

To sub-rate traffic going to the cloud

Meet contracted rate with the SP

To limit traffic inter-site/Inter DC traffic

Limit the amount of traffic going to each site (EVPL case)

Allow SPs to offer dedicated bandwidth to Customers end to end over shared infrastructure

Different SLAs for different customers

Priority Level 1 % police

Priority Level 2 %

min-bw % or Shaper Aggregate

shaped

rate = x

Queues

HQOS Policy

w/ shaper

Physical port

Enterprise WAN or

Metro E Handoff

WAN /DC Edge/Core WAN Edge

Aggregation

Core

SiSiSiSi

SiSiSiSi

SiSiSiSi

police

min-bw % or Shaper

min-bw % or Shaper


Mini Protocol Analyzer (MPA) Built-In Packet Capture & Analyzer

• Packets switched in the hardware can be captured and examined by using SPAN or VACL capture functionality.

• Historically, an external Sniffer had to be connected to examine SPAN‘d packets.

• Capturing packets to an external Sniffer involves time, availability and possibly other unwanted complexities.

• The SPAN mini protocol analyzer (MPA) feature is an embedded packet capture tool.

• The MPA’s captured packets are saved to local memory and can be displayed or exported for post processing.

• Packets can be filtered using several mechanisms

• One SPAN ASIC session will be used for sending the traffic to the MPA program running on the Supervisor.


64

Campus Leadership in IPv6

Visibility & Control Optimized IPv6 Delivery Special Technologies

Core

• EIGRPv6, OSPFv3, IS-IS

• IPv6 SSO / NSF, NSR

• Dual-Stack IPv4 / IPv6

• IPv6 PIM, Embedded RP

• IPv6 support for VSS

• IPv6 RACL

• ACL Hitless Commit / Dry Run

• IPv6 CoPP

• IPv6 uRPF

• IPv6 Flexible Netflow

• IPv6 ECMP • L3 LISP • BFDv6 • Traffic Shaping • IPv6 NAM3

• IPv6 GRE, DMVPNv6

• WCCPv6

• L3 LISP

• 6to4 Tunnels, 6PE/6VPE

• NAT64 with ASA-SM


• BGPv6

• IPv6 PBR



• IPv6 IPsec

• IPv6 Firewall Security

• IPv6 IDS

• IPv6 ASA-SM Ed

ge




• IPv6 PIM, BSR

• DHCPv6, Relay Agent

• HSRPv6, VRRPv6, GLBPv6

• IPv6 support for VSS

• IPv6 ECMP • L2 / L3 LISP*

• BFDv6 • Traffic Policing • IPv6 HQoS, PQ & LLQ • IPv6 WISM2

• IPv6 RACL, VACL

• ACL Hitless Commit / Dry Run

• IPv6 CoPP

• IPv6 uRPF

• L2 / L3 Flexible Netflow

Dis

trib

utio

n

• Auto Smart Ports, PnP

• RPSVT, MST

• 802.1Q Trunking

• VTP, VTPv3

• MLD, PIM Snooping

• IPv6 First Hop Security

• IPv6 PACL, RA Guard

• Port-Security, Storm-Control

• L2 Flexible Netflow

• FlexLinks • IPv6 HQoS, PQ • Vlan Translation • QinQ Trunking

Acce

ss

Internet

Data

Center Branch


Introduction to SDN Traditional Approach

Traditional SDN Approach


OpenFlow is just one piece of SDN

SDN is a bigger space

SDN does not equal OpenFlow


Cisco APIC Enterprise Module Architecture

Abstracts Network Devices to Mask Complexity

Treat Network as a System

Exposes Network Intelligence

For Business Innovation Cisco APIC Enterprise Module

Cisco and Third Party Applications

Network Devices Catalyst, ASR, ISR

Network Info Database

Policy Infrastructure

Automation

REST API

CLI, OpenFlow, OnePK API

Security QoS Mobility


Catalyst 6k – Une innovation inégalée sur le cœur

AutoQoS

BGP

DHCP EoMPLS

FHRP

Flexible Netflow

IPv6

MPLS LDP

VSS

Multicast

MPLS – TE, VPN

WCCP

HW based NAT

Object Group ACL

HW Based GRE

VRF Aware NAT

Mini Protocol Analyzer

Thank you. http://reseauxblog.cisco.fr

Catalyst 6800, nouveau cœur de réseau pour nouveaux usages

Technology

Transcript of Catalyst 6800, nouveau cœur de réseau pour nouveaux usages