Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Cisco connect montreal 2018 sd wan - delivering intent-based networking to the branch and wan

167 visualizaciones

Publicado el

Cisco SD-WAN: Fournir des réseaux basés sur l'intention à la succursale et au réseau étendu - Cisco SD-WAN: Intent-based Networking for WAN and Branch

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Cisco connect montreal 2018 sd wan - delivering intent-based networking to the branch and wan

  1. 1. Danny Blais & Luis Cruz Consultants en ingénierie de réseaux Cisco SD-WAN: Un réseau basé sur l'intention pour les succursales et le réseau étendu
  2. 2. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Digital Innovation in the Branch & WAN of revenue is generated in the branch 90% MORE THREATS 30% Of advanced threats will target branch offices by 2016 (up from 5%) MORE USERS 80% Of employee and customers are served in branch offices MORE DEVICES 73% Growth in mobile devices from 2014-2018 MORE APPS 20-50% Increase in enterprise bandwidth per year through 2018 IoT devices connected to internet by 2020 30B Annual increase in enterprise bandwidth and video adoption 50% Up to Mobile-connected devices by 201910B Of Organizations primarily use public cloud by 201980%
  3. 3. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Traditional and Legacy Architectures cannot scale to address changing needs EXPENSIVE Hardware-centric Fixed capacity DIFFICULTTO SUPPORT Discrete device-by-device configurations Complex management silos Require slow truck rolls for changes INFLEXIBLE Tightly controlled, client server model Historical vs predictive management CONNECTIVITY-CENTRIC Fragmented, incomplete user experience Not application-centric POORLY INTEGRATED Conflicting policies and configurations Inflexible and static Risk from accidental interactions and vulnerabilities
  4. 4. Programmable Hardware Centric Automated Predictive Business Intent Manual Closed Network Intent Reactive Software Driven CLOUD & ON-PREM Hosted, delivered, managed AUTOMATION & SCALE Speed, flexible, zero-touch, policy driven SECURITY & COMPLIANCE Segmentation, threat mitigation ASSURANCE & ANALYTICS Users, applications, devices Network Transformation The Era of Digital Transformation
  5. 5. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential What & Why is SD-WAN
  6. 6. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The WAN Has Changed Data Center Multi- Cloud SaaS Internet SAAS Branch WAN Users Devices Things INET MPLS Users Internet MPLS Branch WAN Data Center
  7. 7. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Software Defined WAN Hybrid WAN Transport IPsec Secure Branch MPLS (IP-VPN) Internet Direct Internet Access Private Cloud Virtual Private Cloud Public Cloud Application Optimization Secure Connectivity Efficient and dynamic load sharing Agnostic WAN Transport Simplified Management, Operation and Orchestration
  8. 8. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 SD-WAN Business Case Cost • Substitute higher cost links or devices for lower cost • Lower cost of management, troubleshooting • Leverage Complete Communications for financial analysis Agility • Focus on how automation and policy abstraction empower the organization to innovate faster while transforming the customer and workforce experience Focus • Provide quantifiable metrics associated with expedited mean time to detection, mean time to innocence and mean time to repair Performance • Quantify frequency and cost associated with outages • Reduce number of outages affecting user performance • Improve application performance Security • Application relevant topologies • Segmented virtual WANs and security service chains
  9. 9. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Choosing the right solution • Layer 3 VPN overlay for hub-and-spoke deployments • Layer 3 and 7 policy and performance based routing • Transport independence across a variety of connection types • Zero touch deployment with support for templated configurations • Multicast support over WAN Cisco SD-WANMeraki SD-WAN Highly flexible and customizableSimple, cross-functional management • Support for 3 or more uplinks • Service chaining at L4-L7 • TCP Optimization and WAN acceleration • Highly flexible segmentation with customizable topologies on a per-VRF basis • VNF capabilities for gray and white-box MSP/SP offers • IPv6 support • On-premises and private cloud management • Support for integrating multiple VPC workloads (OnRamp) and extending WAN segmentation into IaaS • Highly scalable (10,000+ sites) • LTE failover • Virtual platform for AWS / Azure • Public cloud management Shared Capabilities • Single pane of glass management for full stack branch infrastructure (security, WAN, switching, wireless, and more) • Cisco Advanced Malware Protection • Cisco Snort IPS • Integrated URL filtering • Geo-IP based firewalling • Intuitive GUI-based configuration and monitoring
  10. 10. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 APPLICATION POLICIES SERVICES DELIVERY PLATFORM TRANSPORT INDEPENDENT FABRIC Broadband CellularMPLS ZERO TOUCH ZERO TRUST QoSSecurity Segmentation Svc Insertion SurvivabilityRouting Multicast Per-Segment Topologies Cloud Path (IaaS) Application SLA Secure Perimeter Traffic Engineering Transport Hub Cloud Accel (SaaS) Analytics Monitoring Operations Business Driven WAN Infrastructure
  11. 11. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco’s SD-WAN Architecture
  12. 12. Supervisor (Control Plane) I/O Module (Data Plane) Switch Fabric (Backplane) SD-WAN Architecture CLI (Management Plane)
  13. 13. Supervisor I/O Module Switch Fabric SD-WAN Architecture Control Plane Data Plane Management Plane Orchestration Plane Backplane vBond CLI
  14. 14. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Data Plane Data Plane Physical/Virtual Cisco vEdge • WAN edge router • Provides secure data plane with remote vEdge routers • Establishes secure control plane with vSmart controllers (OMP) • Implements data plane and application aware routing policies • Exports performance statistics • Leverages traditional routing protocols like OSPF and BGP. • Layer 2 redundancy VRRP • Support Zero Touch Deployment • Physical or Virtual form factor (100Mb, 1Gb, 10Gb) APIs vSmart Controllers vAnalytics 3rd Party Automation vManage Data Center Campus Branch SOHOCloud vBond vEdge Routers 4GMPLS INET
  15. 15. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Control Plane Control Plane Cisco vSmart • Centralized brain of the solution • Facilitates fabric discovery • Establishes OMP peering with all vEdges • Implements control plane policies, such as service chaining, traffic engineering and per VPN topology • Dramatically reduces complexity of the entire network • Distributes connectivity information between vEdge • Orchestrates secure data plane connectivity between vEdges vSmart Controllers vAnalytics 3rd Party Automation vManage Data Center Campus Branch SOHOCloud vBond vEdge Routers 4GMPLS INET APIs
  16. 16. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Management Plane Management Plane Cisco vManage • Single pane of glass for Day0, Day1 and Day2 operations • Real time alerting • Centralized provisioning, monitoring & troubleshooting • Configuration standardization • RBAC • Single or Multitenant • Programmatic • REST API • Syslog • CLI • SNMP • NETCONF vSmart Controllers vAnalytics 3rd Party Automation vManage Data Center Campus Branch SOHOCloud vBond vEdge Routers 4GMPLS INET APIs
  17. 17. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Orchestration Plane APIs vSmart Controllers vAnalytics 3rd Party Automation vManage Data Center Campus Branch SOHOCloud vBond vEdge Routers 4GMPLS INET • Orchestrates connectivity between management, control and data plane • First point of authentication • Requires public IP Address • Facilitates NAT traversal • All other components need to know the vBond IP or DNS information • Authorizes all control connections (white-list model) • Distributes list of vSmarts to all vEdges Orchestration Plane Cisco vBond
  18. 18. Software Defined Centralized Control Unified Control Plane provided by OMP (Overlay Management Protocol) Control Plane DTLS/TLS Legacy O(n^2) complexity SD-WAN O(n) complexity Control Elements • Virtual Fabric over any transport • Virtual or Physical Platforms (vEdge) • Centralized reachability, security and application policies • Secure Channel to SD-WAN Controller (vSmart, vBond, vManage) - Single extensible control plane - Operates over DTLS/TLS authenticated and secured tunnels • Dramatically lowers complexity and increases overall solution scale
  19. 19. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco SD-WAN Solution
  20. 20. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Ingress vEdge VPN 3 VPN 1 VPN 2 SD-WAN IPSec Tunnel 20 IP 8 UDP 36 ESP 4 VPN … Data Egress vEdge Interface VLAN • Segment connectivity across fabric w/o reliance on underlay transport • vEdge routers maintain per-VPN routing table • Labels are used to identify VPN for destination route lookup • Interfaces and sub-interfaces (802.1Q tags) are mapped into VPNs VPN1 VPN2 Interface VLAN VPN1 VPN2 Secure Segmentation End-to-End Segmentation
  21. 21. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 End-to-End Segmentation with Multi-Topology A B C A B C vEdge Router vEdge Router vSmart Route Tables Single Tunnel (per transport)  Security Zoning  Compliance  Guest Wi-Fi  Multi-Tenancy  Extranet Full-Mesh Hub-and-Spoke Partial Mesh Point-to-Point Per-VPN Topology
  22. 22. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Application Quality Probing Regional Hub Remote Site ISP2 ISP1 SD-WAN Fabric Loss/ Latency ! Data Center Cloud onRamp for SaaS Data Center Regional Hub Remote Site SD-WAN FabricMPLS ISP1 Loss/ Latency ! ISP2
  23. 23. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Cloud Security with Cisco Umbrella Regional Data Center Remote Site ISP1 SD-WAN Fabric DNS Queries Data Center DIA • Best suited for cloud SaaS applications • Interoperates with Cloud onRamp for SaaS • Cisco Umbrella enforces security policy compliance based on DNS resolution • Augments native fabric security • Can co-exist with on-premise L4- L7 security modes - VPN segmentation
  24. 24. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Regional Secure Perimeter Single Service Insertion • vEdge router with connected L4-L7 service makes advertisement - Service route OMP address family - Service VPN label • Service is advertised in specific VPN • Service can be L3 routed or L2 bridged • Service can be singly or dually connected (Firewall trust zones) to the advertising vEdge • Control or data policies are used to insert the service node into the matching traffic forwarding path - Match on 6-tuple or DPI signature - Applied on ingress/egress vEdge* For data policy only. Control policy enforced on vSmart. Data Center Remote Office Regional Hub L4-L7 Service Advertisement Policy Advertisement*vSmart VPN1 VPN1 VPN1 Traffic Path Control Plane FW 4GMPLS INET
  25. 25. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Regional Secure Perimeter Multiple Services Chaining Data Center Remote Office • vEdge routers with connected L4-L7 service make advertisement - Service route OMP address family - Services VPN labels • Services are advertised in specific VPN • Services can be L3 routed or L2 bridged • Services can be singly or dually connected to the advertising vEdges • Control or data policies are used to insert the service nodes into the matching traffic forwarding path - Match on 6-tuple or DPI signature - Applied on ingress/egress/service vEdge Regional Hub vSmart * For data policy only. Control policy enforced on vSmart. VPN1 VPN1 VPN1 Policy Advertisement* Service Advertisement FW IDS Traffic Path Control Plane 4GMPLS INET
  26. 26. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Deep Packet Inspection Engine Primary Use Cases: - Application Visibility - Application Firewall - Traffic Prioritization - Transport Selection - Analytics vEdge Router App 1 App 2 App 3,000 Cloud Data Center Data Center Campus Branch Small Office Home Office MPLS INET 3G/4G Embedded Application Recognition Deep Packet Inspection
  27. 27. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28BRKRST-2092 App-Aware Routing Policies • SLA-Driven Routing / Performance Routing Broadband 4G/LTE MPLS # DPI POLICY SLA lte mpls public-internet VPN 1 VPN 2
  28. 28. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29  Enforce SLA compliant path for applications of interest  Other applications will follow fabric routing across all paths Control Plane Path1: 10ms latency, 0% loss, 5ms jitter Path2: 200ms latency, 3% loss, 10ms jitter Path3: 140ms latency , 1% loss, 10ms jitter vManage App Aware Routing Policy App A path must have: latency < 150ms loss < 2% jitter < 10ms vEdge1 vEdge2 MPLS Internet 4G LTE vSmart Controllers App A IPSec Tunnel Critical Applications SLA Path Quality Detection Routing Path 2
  29. 29. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 • High latency path between users and servers, i.e. geo-distances • vEdge routers terminate TCP sessions and provide local acknowledgements to prevent TCP windowing from reacting • Selective acknowledgements prevents unnecessary retransmit of the successfully received segments • Hosts using old TCP/IP stacks will see the most benefit Users Servers High Latency Path vEdgevEdge TCP Connections TCP Connections Optimized TCP Connections (Cubic) SD-WAN Fabric Application Optimization TCP Performance Optimization
  30. 30. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential INET MPLS Site Data Center Network/Headend Redundancy MPLS INET vSmart Controllers Control Data Control Redundancy INET INETMPLSMPLS Transport Redundancy High Availability and Redundancy Overview VRRP OSPF/ BGP OSPF/ BGP Site Redundancy
  31. 31. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco SD-WAN Operation and Management
  32. 32. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 Zero Touch Provisioning – vEdge Appliance Control and Policy Elements * Factory default config Assumption: • DHCP on Transport Side (WAN) • DNS to resolve ztp.viptela.com*  Delivered as-a-Service Zero Touch Provisioning Server 1 2 Full Registration and Configuration 5 3 4 vEdge
  33. 33. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Simplified Management REST NETCONF Syslog Flow ExportSNMP CLI Linux Shell Power Tools Single Pane Of Glass Operations RichAnalytics
  34. 34. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Single Pane of Glass Operations vManage GUI • Intuitive GUI driven operations - Management, monitoring and troubleshooting • Cloud Delivered - Private, hosted or managed • Single or Multi-tenant • Role-based Access Control • Clustered for scale and high availability • REST APIs based
  35. 35. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 • Embedded Deep Packet Inspection engine • Application and flow level visibility for the fabric and individual vEdge routers • Centralized statistics and performance • Export flow level data (IPFIX) to external collector Application and Performance Visibility Deep Packet Inspection
  36. 36. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 • vManage measures performance for popular SaaS applications (Loss/Latency) • Quality of experience score is assigned - Range is from 1 to 10 • Indicates optimal Internet exit point toward the SaaS applications of interest SaaS Application Performance
  37. 37. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 Centralized Device Configuration Enforcement • Centralized Feature Templates • Enforces configuration compliance • Self-recover on misconfiguration • Feature Configuration with Variables
  38. 38. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 Policy Driven WAN Infrastructure Policy Augmented Dynamic Routing vEdge WAN router Access Layer Branch/DC vSmart controller – Policy Enforcement/Advertisement Control Policy: Routing and Services vManage GUI – Policy Orchestration1 2 3 Data Policy: Extensive Policy-based Routing and Services App-Route Policy: App-Aware SLA-based Routing Combine and Apply per Site Execute Control Policy Advertise AAR/Data Policies to Sites Execute AAR and Data Policy as received Dynamic Routing and Policies Combine to dictate behavior
  39. 39. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential vAnalytics
  40. 40. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45 vAnalytics Dashboard
  41. 41. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 1. Bandwidth Usage: 1. Identification of top sources / top destinations / top application (family) 2. Drill-down into information on a per-Site basis 3. Identification of top sources 2. Application Performance: 1. Application to tunnel-binding and performance information 3. Anomaly Detection: 1. Baseline of Application usage. Anomaly detection based on overall application usage / by Family / by Site The Power of Analytics Application Centric (Based on DPI/cflowd)
  42. 42. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 1. Site Availability (SD-WAN value prop) 1. List of Sites with down-time comparing to TLOCs with their down-time 2. Network Availability 1. List of sites by down-time 2. Comparison of Site down-time vs TLOC down-time (SD-WAN value prop) 3. Down site count on a time basis with the ability to drill-down into Sites and downtimes 3. Site Usage Analysis 1. Bandwidth consumed by Site (Top Sites) 2. Drill-down to show historical bandwidth consumption by time 4. Carrier Performance 1. App-Route stats based on a per-carrier basis 2. Ability to drill-down on a specific carrier and visibility into various remote carrier connectivity The Power of Analytics Network Centric
  43. 43. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48 vAnalytics – BW Consumption by Applications
  44. 44. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49 vAnalytics – Network Health by Carriers
  45. 45. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco SD-WAN Portfolio & Scale
  46. 46. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 Summary: Solution Elements Orchestration, Control, Data and Management Planes Control Plane Cisco vSmart • Facilitates fabric discovery • Dissimilates control plane information between vEdges • Distributes data plane and app- aware routing policies to the vEdge routers • Implements control plane policies, such as service chaining, multi-topology and multi-hop • Dramatically reduces control plane complexity • Highly resilient Data Plane Physical/Virtual Cisco vEdge • WAN edge router • Provides secure data plane with remote vEdge routers • Establishes secure control plane with vSmart controllers (OMP) • Implements data plane policies • Exports performance statistics • Leverages traditional routing protocols like OSPF, BGP and VRRP • Support Zero Touch Deployment • Physical or Virtual form factor (100Mb, 1Gb, 10Gb) Management Plane Cisco vManage • Single pane of glass for Day0, Day1 and Day2 operations • Centralized provisioning • Policies and Templates • Troubleshootingand Monitoring • Software upgrades • GUI with RBAC • Programmatic interfaces (REST, NETCONF) • NMS interfaces (SNMP, Syslog, IPFIX) Orchestration Plane Cisco vBond • Orchestrates control and management plane • First point of authentication (white-list model) • Distributes list of vSmarts/ vManage to all vEdge routers • Facilitates NAT traversal • Requires public IP Address [could sit behind 1:1 NAT] • Highly resilient
  47. 47. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco SD-WAN Platform Options ISR 1000 ISR 4000 ASR 1000 High- performance HW & SW redundancy Modular Integrated service containers Next-gen Performance flexibility Branch Services Public Cloud vEdge 2000 10 Gbps Modular vEdge 1000 Up to 1 Gbps Fixed vEdge 100 100 Mbps 4G LTE & WiFi SD-WAN Virtualization ENCS 5100 20 Gbps, Modular vEdge 5000 ENCS 5400 vEdge Cloud
  48. 48. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 Controller Deployment Models vManage vSmart vBond Cloud-Delivered Cisco Cloud Deployed by Cisco Deployed by Customer or SP On-Premise Recommended Control and Management Elements Private Cloud
  49. 49. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62 Data Center Campus Branch Home Office 4G/LTE MPLS Internet Control Plane (Containers or VMs) (vSmart – up to 20) Management Plane (Multi-tenant or Dedicated) (vManage – up to 6) Orchestration Plane (vBond - up to 6) 1500 vEdges per vBond Redundancy Add 1-2 vBonds Horizontal Scale out Model Horizontal Scale Out Model 2000 vEdges per vManage Horizontal Scale out Model in cluster mode (same DC) 2700 vEdges per vSmart Redundancy Add 1-2 vSmarts Horizontal Scale out Model Scalability Orchestration/Control/Management Plane
  50. 50. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Viptela Integration Plan
  51. 51. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco SD-WAN Integration Roadmap Phase 2 Platform Integration Phase 1 No Integration Phase 3 Management Integration Platform: • As-is Management: • vManage Platform: • vEdge capabilities integrated into all IOS-XE platforms (ISR, CSR, ENCS, ASR1K) Management: • vManage for SD-WAN capabilities on IOS-XE Management: • Cloud hosted DNA Center integrates vManage capabilities • Full DNA Center capabilities (Assurance, Integrated workflows for SD-Access and SD-WAN) Support current Viptela customers Viptela SD-WAN on strategic ISR platform Deliver end-to-end experience with full DNA integration DeploymentScenariosBenefitsDetails vEdge ISR4K + vEdge SW DNA Center + SD-WAN ISR4K + vEdge SW vManage vEdge vManage vEdge
  52. 52. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Clarification On SDWAN Terminology Viptela H/W With All Software Capabilities As-Is vEdge Traditional IOSXE With IWAN capabilities, for ISR4K, ASR, CSR & ISRv ISR SDWAN Enabled IOSXE for ISR4K, ASR, CSR & ISRv "SDWAN Enabled ISR" Only Features Highlighted In The Next Slide Are Included In The SD-WAN Image
  53. 53. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Software SD WAN Features  ZTP, App Route Policy, HQoS, Segmentation, NAT DIA, BFD PMTU  Cloud onRamp–IaaS IOS Features:  NBAR2, Umbrella (DNS redirect)  Zone Based Firewall Deployments:  TLOC Extension Routing Protocols  BGP, OSPF Other Features  VRRP, DHCP server,  DNS, RADIUS, Syslog, NTP Monitoring & Troubleshooting  System & Interface stats  vManage with DPI, Analytics July 2018 (16.9.1) Nov 2018 Jan 2019 Post Jan 2019 Hardware SD WAN Features  Cloud onRamp-SaaS  TCP Optimizations  IPv6 support (Transport)  Service chaining  AppQoE – phase1 (FEC, TCP Opt)  Security – phase 2 (AMP etc)  CLI templates for XE-SDWAN IOS Features  Multicast (Auto-RP, Static-RP)  EIGRP  NBAR2 Custom App Platforms  ISR43xx, ISR4221, ASR1001-X, ASR1002- X, ASR 1001-HX, ASR 1002–HX, ISRv (ENCS) 5412, C1111-8P LTEEA/LA, C1117-4PLTEEA/LA, C1111-8P New Interfaces  Ethernet, 4G LTE, T1/E1, xDSL Services  AppNav Functionality  UC –SRST, PSTN GW, SIP GW SDA segmentation use case Platforms:  ASR1006-X, ASR1009-X New Interfaces  Port Channel, UCSE, NIM-1T/2T/4T In PlanningCapabilitiesin“SD-WANIntegratedIOSXE” Integration Roadmap IOS Features:  SD-AVC  Ipv6 service side support Routing protocols:  BGP for IPv6  Multiple BGP community tags Security:  Segmentation scale to 300 VRFs  On-Prem: IPS/IDS, URL Filtering  Umbrella auto-registration  Cloud: Local domain bypass for umbrella Monitoring & Troubleshooting  Multitenancy scale 500 tenants  Template Imp, Network design builder Platforms CSR, C1111-4PLTEEA, C1111- 4PLTELA, C1116-4PLTEEA C1117- 4PMLTEEA C1111-4P, C1116-4P, C1117-4P, C1117-4PM, C1111X-8P Wireless SKU -C1111- 8PLTEEAW, C1111-8PW Not a commitment, roadmap is subject to change Platforms  ISR-4451, ISR-4431
  54. 54. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67 APPs SDWAN Cloud IoT .… SDWAN Fabric USERS DC IaaS SaaS vDC Analytics SECURE SCALE OPEN Cloud Delivered DEVICES THINGS SDA Fabric (branch & campus) SDA Fabric (branch & campus) DC ACI Fabric • User / DeviceIdentity, network-wide • Policyabstraction at User / Group and Application levels • Policyat Fabric Edge. Over-the-top. • Increased Simplicity. Seamless Mobility. End-to-end Context SD-WAN Fabric Integration with DNA
  55. 55. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 100+ Global Enterprise Customers Across Verticals ManufacturingMANUFACTURING TechnologyTECHNOLOGYRetail RETAIL Other IndustriesOTHER INDUSTRIES FinServ FINSERV Healthcare / PharmaHEALTHCARE / PHARMA
  56. 56. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Customer Industry Challenge Solution Retail High cost, slow change, limited flexibility 60-70% cheaper broadband at high bandwidth, centralized control, full visibility. Financial Needed more bandwidth and guaranteed network uptime for a new teller application Dollar cost averaged the bandwidth cost down using a mix of transport (MPLS, Broadband, LTE). Traffic now uses the optimal network path to avoid downtime and slowdowns. Tech Slow performance and MPLS outages provided an expensive and poor user experience Monthly savings reduced the cost per Mbps by more than 80%. Diverse circuits improve the reliability of the global network, with more than half of Agilent’s sites doubling WAN redundancy. Healthcare With an MPLS contract renewal approaching, Cigna wanted the flexibility to change carriers without a massive technology shift Gained back control of its control plane and created the Cigna Service Provider Agnostic Network. Healthcare Security and high network cost Satisfied strict security and audit requirements and provided greater flexibility for partnerships and secure clinical solutions. Cost reductions with the removal of remote site voice equipment and expensive PRIs, aging WAN acceleration equipment and maintenance. Energy Scale to support evolving field operations, and support cloud migration and application SLAs Provided 30-60% savings in overall bandwidth costs. Enabled faster response to acquisitions, divestitures and policy changes. Proven Solution Across Multiple Verticals For Your Reference

×