Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 1 Cisco Unified Access Roadshow Enterprise Backbone Technologies Enabling BYOD.

Similar presentations


Presentation on theme: "Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 1 Cisco Unified Access Roadshow Enterprise Backbone Technologies Enabling BYOD."— Presentation transcript:

1 Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 1 Cisco Unified Access Roadshow Enterprise Backbone Technologies Enabling BYOD and Collaboration Vivek Baveja Technical Marketing Engineer Enterprise Networking Group

2 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Distribution Access Core How Do I Manage This at an Enterprise Level? How Do I Monitor This at an Enterprise Level? How Do I Provide a Consistent User Experience? Questions to Be Answered How Do I Secure my Device and User Communities? How Do I Build a Scalable, Secure, Converged Wired/Wireless Campus Network to Support These Trends? How Do I Bring Both Corporate and Employee Owned Devices on to the Network? What Services Do I Need to Enable the Infrastructure?

3 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 When do I use Catalyst 6500 instead of Nexus 7000 ? What is the future of the 6500 ? How does 6500 with Sup2T fit into a BYOD infrastructure ? How do I secure the campus for BYOD ? How can Catalyst 6500 provide the necessary network visibility for my BYOD infrastructure?

4 Cisco Confidential 4 © 2011 Cisco and/or its affiliates. All rights reserved.

5 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Lead with Catalyst 6500 Sup2T Backbone Lead with Catalyst 6500 Sup 2T Distribution Lead with Catalyst 4K / 3K Access Campus Engineering Investments and Roadmap Follows Positioning Data Center Lead with Nexus 7000 Backbone Lead with Nexus 7000 Aggregation Lead with Nexus 5000/2000 Access Cisco Catalyst or Nexus? Mobility/ BYOD Security Video Workload Mobility VM 10G/ Virtualizatio n Energy Efficiency

6 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Campus Campus Catalyst Family - IOS User Access Control / Segmentation 802.1X / Easy Virtual Networks (EVN) Video Intelligence Medianet Wired / Wireless Convergence Wireless Controller Integration Application Visibility Flexible NetFlow, NAM-3 (NBAR2) Power over Ethernet UPOE, EnergyWise Data Center / Cloud Data Center / Cloud Nexus Family – NX-OS Cloud Security and VM Awareness Nexus 1000v, VSG, ASA, 1000v VM Mobility LISP, VXLAN, OTV LAN / SAN Convergence Unified Ports, FCoE Fabric Scale & Resilience FabricPath, vPC, Wire Speed 10/40/100G Data Center Consolidation VDC, FEX, DCNM Customer Requirements/Needs Ultimately Drive the Sale

7 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Price/Performance Virtualization, Simplified Operations, and Change Management The Network Services Platform for Unified Access Driving Next-Gen Ethernet in the Campus 1G » 10G » 40G » 100G Innovation with Investment Protection Lower TCO Differentiation Transition Innovation Cisco Catalyst 6500 E-Series

8 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 FY12 Cat 6500 Port Share of Total Modular Industry* *Assuming Dell’Oro as a baseline for industry total modular Investment surrounding Sup2T development Compare with Tesla Motor’s $150M investment for first fully electric sports car $200+ Million Investment planned over next 3 years alone Rich network services, Ethernet evolution, Lower TCO, Investment protection 750,000+ Chassis Shipped 1.2 Million Supervisors Shipped 110 Million Ports Shipped 45,000+ Catalyst 6500 Customers

9 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Sup2T Services Modules WiSM2 NAM-3 ASA-SM 1GbE Fiber and Copper Fiber High-Perf. Access AT Copper Access 40 GbE Fiber 6904 FourXLR4SR4 10GbE Fiber and Copper 40G/Slot 80G/Slot

10 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Items in PURPLE are BYOD, Collaboration and Video enablers.SUP720SUP2T L2 MAC Table96K128K Bridge Domains4K16K TrustSec / SGT–Yes VNET Trunk (EVN)–Yes 40G Interfaces–Yes System Bandwidth720 Gbps2 Tbps L3 Interfaces4K128K NetFlow Table128K/256K512K/1M Flexible NetFlow–Yes Hitless ACL Updates32KYes Medianet 2.2–Yes VPLS / A-VPLS Requires WAN Module Yes (no WAN module) VSS Quad Sup SSO–Yes Sup2T Overiew 4X Scalability 3X Performance Cisco Prime New PFC4 Featuring Improved Levels of Performance and Scalability Along with New Enhanced Hardware Features USB-Based Console Support Connectivity Management Processor (CMP) New MSFC5 Supporting Dual Core CUP and Single IOS Image Improved Switch Fabric Providing 80G/Slot

11 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Series with DFC Series with DFC4 40G/slot with integrated DFC4 24 and 48 ports 1GbE fiber 48 ports 10/100/1000 copper 16 ports 10GbE fiber and 10GBASE-T Available in standard and XL sizes Non-blocking 80G/slot performance Wire rate MACsec Virtual switching link (VSL) Large packet buffers (256 MB/port) X2 transceiver or SFP+ with adapter Available in standard and XL sizes LISP-ready Distributed Forwarding Performance, at Central Forwarding Price Doubled System Performance, with Distributed Forwarding 4P 40G $36,000 CFP-40G-SR4 FourX CFP-40G-LR4

12 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12Sup2T Supported Special TMP Program for Upgrade WS-F6K-DFC4-E WS-F6K-DFC4-A 6148E, 6148A, 6148-SFP, 6196 NAM/-1/2/3, ACE20/30, WiSM-1/2 FWSM, ASA-SM Not Supported (Use Sup720-10G or ASR for WAN) Not Supported (ASA-SM to get IPSEC VPN) Sup , 6724, 6748 with CFC G Fiber G/10T with DFC3 6704, 6724, 6748 with DFC3 61xx Series Service Modules WAN Modules VPN SPA

13 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Next-Generation WiSM Blade: WiSM-2 Next-Generation NAM Blade: NAM-3 Next-Generation Firewall Blade: ASA-SM Monitoring PerformanceUp to 15 Gbps Capture to External DiskUp to 5 Gbps Deep Packet Inspection NBAR-2 Support HW Filters/Packet CapturesRapid Troubleshooting 64 GbpsSystem Performance 16 GbpsPerformance/Service Mod. 10,000,000Concurrent Sessions 300,000Connections per Second 250Security Contexts 1,000VLANs NEW Integrate Wired / Wireless Management Performance20 Gbps Access Points500–1,000 Clients15,000 Concurrent AP Upgrade/JoinsUp to 500 Mobility, Domain SizeUp to 18,000 APs NEW NEW Enhance Application Visibility Deliver Robust, Integrated, Streamlined Security OS / Feature Parity with Appliances

14 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Features Scalability Feature Richness Cisco Catalyst 3750-X Trustsec MACsec, SGT, SGACL AVC Medianet Flexible NetFlow Cisco Catalyst 4500-X Trustsec MACsec, SGT, SGACL, EVN AVC Flexible NetFlow/ EEM integration Integrated Wireshark Resiliency VSS Cisco Catalyst 4500E Trustsec MACsec, SGT, SGACL, EVN Resiliency Sup redundancy, NSF/SSO, ISSU AVC Flexible NetFlow/ EEM integration Integrated Wireshark Smart Operations Copper/POE flexibility, EEM, GOLD Cisco Catalyst 6500E Trustsec L3 SGT MACsec over EoMPLS, MPLS L3VPN VPLS / A-VPLS L2oMGRE 6PE, 6VPE Advanced CoPP ASA-SM AVC PIM Register in HW IGMPv3 / MLDv2 Snooping in HW Egress NetFlow Per-VRF NetFlow NAM-3 WiSM-2 Resiliency Quad Sup VSS* BGP PIC EFSU BFD / Multicast BFD Multicast HA ACL Hitless Commit ACL Dry Run Smart Ops EEM GOLD Smart Call Home Smart Install Director LISP WCCPv3 * Roadmap Modular Fixed

15 Cisco Confidential 15 © 2011 Cisco and/or its affiliates. All rights reserved.

16 Cisco Confidential 16 © 2011 Cisco and/or its affiliates. All rights reserved.

17 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Simplified Manageability Managed as single entity with backplane integration Integrated application intelligence, traffic analysis, and performance troubleshooting Remote monitoring with RSPAN/ERSPAN Increased Scalability Virtual Contexts to support virtualization for BYOD Service Modules Match Latest Appliance specifications speeds/feeds Lower Total Cost of Ownership Reduced network footprint No external connectors Improved power management Reduced rack space utilization

18 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Consistent Application Visibility Branch to Data Center Across application delivery lifecycle - monitoring, troubleshooting, control and optimization Can work with Flexible NetFlow as a collector (local or external devices) Service-centric causal analysis across Application and Network Traffic Flows Application (L7) specific Packet Analysis (NBAR-2*) Wireless CAPWAP Decode Can be managed by Cisco Prime Link Utilization *CYQ42012

19 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 One device for converged Wireless and Wired Services supporting next-generation wiring closet infrastructures Status LEDs Serial & USB Console Ports Dedicated 12-Core Control Processor 20 Gb Backplane Channel Dedicated 12-Core Data Processor Reduced Operational Costs Scale 1000 Access Points 15,000 Clients Central Maintenance Simultaneous AP Upgrade Troubleshooting Mobility 36,000 AP in Mobility Domain Fast Roaming Performance 10 Gbps Throughput New Features Application Visibility and Control (AVC) NetFlow v9 Bonjour support NMSP Location Services Stateful AP failover with VSS ISE PRIME

20 Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 20 Room 203 printer-203 atv-203 Room 201 printer-201 atv-201 ID: John Role: Student Location: room201 What services can I use? printer-201 atv-201 What services can I use? printer-201 Bonjour Catalyst 6500 w/WiSM-2 Catalyst 6500 w/WiSM-2 Catalyst 6500 w/WISM-2 Access Switch 1 Access Switch 2 Access Switch 3 Access Switch 4 Core Switch AP *Q4 CY2012 ID: Adam Role: Faculty Location: room201

21 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Security Service Processors Multi-services capable Dedicated 64-bit multicore processors Future-proof hardware Multigigabit Fabric Chassis backplane Virtualized interfaces Module-to-module communications Dual-Crypto Accelerators Hardware processing Accelerated Virtual Private Networking and Unified Communications encryption Multiple Contexts (250) High capacity Memory for handling high session counts 24 GB of memory NAT64, VPN Site-to-Site Services* *Roadmap

22 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Protected Corporate resources Campus Block Internet Visitor Conference room Employee Telepresence room Access Catalyst 6500 w/ASA-SM Campus Core Access Catalyst 6500 w/ASA-SM

23 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Trusted Devices ACCESS CONTROLPATH ISOLATION Untrusted Devices ASA-SM Firewall IPS Services in Backbone SSID → Identity → Device Sensor → VLAN X → VRF X → Firewall Context X BYOD Devices Need the Same Access as Corporate Devices Greater Inspection Required for BYOD Devices BYOD Devices Don’t Get Mandatory Virus/Security Updates Path Isolation Across Network to IPS or ASA-SM to Maintain Compliance HIPAA, PCI, FISMA WISM2 ASA-SM NAM-3 Cisco Catalyst 6500 VSS 4T SSID → Identity → Device Sensor → VLAN Y → VRF Y → Firewall Context Y

24 Cisco Confidential 24 © 2011 Cisco and/or its affiliates. All rights reserved.

25 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 TrustSec Domain SGT Server / / /24 SGT 10 SGT 10 SGT 20 SGT 20 SGT 30 SGT /24 SGT 30 SGT 30 SGACL Enforcement Monitor SGACL Packet Drops with Flexible NetFlow Non-TrustSec Domain L3 SGT Transport Manual or Dynamic Subnet Mapping Identity Service Engine  Packets sent with “transport mode” ESP to carry SGT without encryption or data authentication  The packet overhead (42-45 bytes) impacts IP MTU/Fragmentation Header Change

26 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 IPv6 NDP inspection IPv6 NDP inspection Prevents neighbor discovery spoofing attacks Prevents neighbor discovery spoofing attacks IPv6 RA Guard IPv6 RA Guard Stops false router advertisement threats Stops false router advertisement threats IPv6 PACL IPv6 PACL Filter traffic on Layer 2 ports Filter traffic on Layer 2 ports IPv6 device tracking IPv6 device tracking Revoke network access for inactive devices Revoke network access for inactive devices L2 Access IPv6/IPv4 Dual Stack Hosts Access Layer Distribution Layer Core Layer IPv6 WAN L3 WLC IPv6 uRPF IPv6 uRPF Blocks spoofed traffic in hardware (16 paths) Blocks spoofed traffic in hardware (16 paths)

27 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Typical causes of poor application performance : Bandwidth/capacity bottleneck Unauthorized use of network resource Security Monitoring Monitor Non-Corporate Devices Campus Building A Internet Campus Building B Campus Building C Campus Core 2 Traffic Visibility with Flexible NetFlow Flexible NetFlow provides the application visibility needed to answer questions on the “who, what, when, where, how” of network activities in order to:  Identify root cause easier, faster, more accurate  Assign problem ownership  Increase operational efficiency  Lower TCO NOC 3 4

28 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Flexible Netflow Increased customization by selecting the fields to match and collect for both IPv4 and IPv6 CPU Friendly Export Optimal CPU utilization with Yielding Netflow Data Export, direct export from a module Up to 13M Flows/ System Bigger tables mean more entries per system, up to 13 million entries with a 13 slot chassis, giving you better visibility in your network Sampled Netflow in Hardware To optimize the Netflow tables utilization and minimize load on analyzers Egress Netflow Allow to use netflow after ingress lookup is done (NetFlow on CoPP) Allow to account for multicast traffic per destination instead of per group Sup2T Netflow

29 Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 29 NDE increases export rate until threshold reached Wait 5 seconds and then step up export rate again When threshold reached, NDE quickly backs off export rate CPU 30% 70% Yielding NDE threshold CPU before NDE begins Protect CPU with CPU Yield Netflow Scale Netflow with Distributed Export Netflow Collector EOBC WS-X6848-TX-2T\2TXL NetFlow Data NetFlow Data WS-X G-2T\2TXL NetFlow Data NetFlow Data Supervisor NetFlow Data NetFlow Data NetFlow Export NetFlow Export

30 Cisco Confidential 30 © 2011 Cisco and/or its affiliates. All rights reserved.

31 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Gbps with Two Level Shaping Support HD Video 40 Gbps with Two Level Shaping Support HD Video DC Block Borderless Campus WiSM2 as MC/MTE Firewall: ASA. Per VLAN, VRF Policies 802.1x EAP User Authentication Campus Backbone Profiling to Identify Device Posture of the Device VLAN 10 VLAN 20 Internet Only Policy Decision Troubleshoot Data, Voice and Video with FnF, NAM, Egress NetFlow Troubleshoot Data, Voice and Video with FnF, NAM, Egress NetFlow Policy Decision Full or Partial Access Granted Corporate Servers VDI Infra Guest Servers VLAN 30 SXP Session SGT EVN Per VLAN/VRF Policies: Path Isolation L3VPN over mGRE VRFs Across Sites BGP PIC Fast Convergence BGP PIC Fast Convergence SGACL Enforcement Monitor SGACL Dropped Traffic SGACL Enforcement Monitor SGACL Dropped Traffic NAM-3 15+Gbps Traffic Monitoring NAM-3 15+Gbps Traffic Monitoring Medianet 2.2 Performance Monitoring Mediatrace SmartInstall Director SmartInstall Director Employee Personal Asset Company Asset Guest Personal Asset WiSM2 as Mobility Coordinator Identity Service Engine

32 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 End-to-End OS Consistency: IOS 15.0 Cisco Validated Designs for Campus Deployment ISE Cisco Prime NCS Cisco Catalyst 4500E, Cisco Catalyst 3750-X End- to-End IOS 15.0 ASR1000 Cloud ISR WISM2 ASA- SM NAM-3 Cisco Catalyst 6500 VSS 4T Flexible NetFlow Medianet 2.2 Services Microflow policing NBAR2 with NAM-3 AVC with WISM-2 Application Visibility and Control SGT / SGACL MACsec NDAC CoPP EVN / VRF-Lite VPLS / A-VPLS Trustsec Smart Install Virtual Switching System Embedded Event Manager (EEM) GOLD Cisco Prime Smart Operations Quad Sup VSS SSO EFSU NSF / SSO Multicast HA BGP PIC Resiliency


Download ppt "Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 1 Cisco Unified Access Roadshow Enterprise Backbone Technologies Enabling BYOD."

Similar presentations


Ads by Google