Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui

568 visualizaciones

Publicado el

Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui

  1. 1. © 2017 Cisco and/or its affiliates. All rights reserved. 1 Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI” Wade Crick Customer Solutions Architect January 2018 Cisco Connect Your Time Is Now
  2. 2. © 2016 Cisco and/or its affiliates. All rights reserved. 2Cisco Public Session Abstract Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI Come to this session to learn how the latest advances in Cisco Enterprise silicon development – programmable, flexile ASIC (Application Specific Integrated Circuit) hardware which provides a key foundational element of Cisco's Digital Network Architecture portfolio – are driving industry innovations such as Cisco’s new Catalyst 9000 family of switches, as well as exciting new solutions such as ETA (Encrypted Traffic Analytics) and Software-Defined Access. Attendees at this session will gain greater insight into how ASICs are designed and built –showcasing the advanced capabilities and functionality delivered by Cisco's latest switching silicon innovations provided by UADP (Unified Access Data Plane), as well as the latest advancements in Cisco’s wireless silicon. Most importantly, this session will show the continuum of Cisco’s evolution – from the gates (silicon gates, that is) to the latest advanced GUIs that solutions such as SD-Access are enabled with – allow customers to move faster, innovate rapidly, and drive significant cost savings for their organizations. Come to this session to “double-click” on how Cisco is revolutionizing the Enterprise network with DNA! This is the second of two sessions – an optional introduction to the principles of DNA, as well as an exploration of the new DNA Center GUI and the Automation and Assurance aspects of the Cisco Digital Network Architecture it supports – are explored in the preceding companion session.
  3. 3. Agenda • Industry Trends • The Network Intuitive • Cisco DNA and the Importance of Flexible Hardware • The Evolution of the Application Specific Integrated Circuit • DNA/Software Defined Access • DNA Center • Encrypted Traffic Analytics • Catalyst 9000 • Summary, Q&A
  4. 4. © 2016 Cisco and/or its affiliates. All rights reserved. 4Cisco Public We are going to try to cover from “The Gates to the GUI”
  5. 5. © 2016 Cisco and/or its affiliates. All rights reserved. 5Cisco Public Innovation - The world’s 50 most innovative companies # 37. Cisco Systems 2017 patent grants: 967 2016 patent grants: 978 Source - 24/7 Wall St. Jan 12, 2018
  6. 6. © 2016 Cisco and/or its affiliates. All rights reserved. 6Cisco Public From Innovations in Silicon and Software … … to Innovations in Platforms and Solutions
  7. 7. © 2016 Cisco and/or its affiliates. All rights reserved. 7Cisco Public And Why These
  8. 8. 8© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco DNA and the Importance of Network Innovation
  9. 9. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Advanced Persistent Threats Devices per Person 3.64 Mobile world requires access to everything everywhere Mobility Devices per Admin 100K Agility and New Consumption Models Cloud IoT Things Connected 7.5BUnmanned devices growing at rapid pace Enterprise Trends Driving Digital Transformation
  10. 10. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Source: Forrester Source: Open Compute Project Time IT spends on operations80% CEOs are worried about IT strategy not supporting business growth57% Network Expenses Deployment Speed 0 10 100 1000 Computing Networking Seconds 0 100% CAPEX OPEX 33% 67% The Need for Agility Changing Enterprise Requirements
  11. 11. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 VLAN 1 VLAN 2 VLAN 3 WAN Branch A VLAN 1 Branch A VLAN 3 Remote VLAN 2 HQ ACL 1 ACL 2 ACL 2 ACL 3 Traditional Networks Cannot Meet the Demand Users, Device and IoT Segmentation Enabling Seamless Mobility Secure Connectivity to the Cloud Setting Up End-End Security
  12. 12. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  13. 13. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  14. 14. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Digital Network Architecture Principles Insights and experiences Automation and assurance Security and compliance Automation Abstraction and policy control from core to edge Open and programmable | Standards-based Open APIs | Developers environment Cloud service management Policy | Orchestration Physical and virtual infrastructure | App hosting Network data, contextual insights Network-enabled applications Cloud-enabled | Software-delivered Analytic s Virtualization
  15. 15. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The Network. Intuitive. Intent-Based Network Infrastructure DNA Center AnalyticsPolicy Automation Switching Routers Wireless Powered By Intent. Informed by Context. DNA Center 1.1 General Availability Software-Defined Access Meraki Visibility Extended Enterprise
  16. 16. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Journey to Intent-based Networking Intent-based Networking Constantly Learning Constantly Adapting Constantly ProtectingPolicy-Based Automation Business Policy Translation Segmentation Analytics & Assurance Everything as a sensor Telemetry Historical & Real-time Digital—Ready Infrastructure Secure foundation Programmability Virtualization Machine Learning & AI Policy Validation Predictive Self-healing The Network. Intuitive. Powered by intent. Informed by context. Based on Cisco’s DNA We are here Scaling (via Cloud)
  17. 17. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Self-Driving Automation Future Closed Loop through Network Analytics and Machine Learning DNA Center BB Campus Fabric SDA Automated Deployment Plug and Play, Day 0 Deployment Exists Today HTTP Proxy Internet Admin Installer Step 1 Network admin previsions devices in Cisco Network Plug and Play applications Step 2 Onsite installer with mobile app installs and powers on devices, triggers deployment, checks status Step 3 New devices contact Cisco Network Plug and Play application to get provisioned Network admin can remotely monitor install status Basic Advanced One Point of Management – All from Cisco DNA Center Configure once and deploy everywhere - SD-Access DNA Center Campus Fabric SDA New Consistent Across Network Fabric The Network Intuitive. Moving From Manual to Automated
  18. 18. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Quality of Service – Intuitive?
  19. 19. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Wireless AP Trust Boundary PEP 4Q (WMM) Catalyst 3650 Trust Boundary PEP 2P6Q3T Catalyst 4500 1P7Q1T Catalyst 6500 1P3Q4T 1P7Q4T 2P6Q4T … Nexus 7700 F3: 1P7Q1T WLC PEP ASR/ISRs MQC Catalyst 2960-X Trust Boundary PEP 1P3Q3T Wireless AP Trust Boundary PEP 4Q (WMM) Southbound APIs translate business intent to platform- specific configurations Network Operators express high-level business intent to the EasyQoS app EasyQoS Operation Network Controller
  20. 20. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Network Controller EasyQoS will seamlessly interconnect all types of hardware and software queuing models to achieve consistent and compatible end-to-end treatments – aligned with the expressed business intent EasyQoS Results
  21. 21. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 ip access-list extended APIC_EM-MM_STREAM-ACL remark citrix - Citrix permit tcp any any eq 1494 permit udp any any eq 1494 permit tcp any any eq 2598 permit udp any any eq 2598 remark citrix-static - Citrix-Static permit tcp any any eq 1604 permit udp any any eq 1604 permit tcp any any range 2512 2513 permit udp any any range 2512 2513 remark pcoip - PCoIP permit tcp any any eq 4172 permit udp any any eq 4172 permit tcp any any eq 5172 permit udp any any eq 5172 remark timbuktu - Timbuktu permit tcp any any eq 407 permit udp any any eq 407 remark xwindows - XWindows permit tcp any any range 6000 6003 remark vnc - VNC permit tcp any any eq 5800 permit udp any any eq 5800 permit tcp any any range 5900 5901 permit udp any any range 5900 5901 exit ip access-list extended APIC_EM-SIGNALING-ACL remark h323 - H.323 permit tcp any any eq 1300 permit udp any any eq 1300 permit tcp any any range 1718 1720 Your Choice …
  22. 22. 22© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco DNA and the Importance of Flexible Hardware
  23. 23. © 2016 Cisco and/or its affiliates. All rights reserved. 23Cisco Public EISG Architecture Team David Goeckeler Cisco SVP, Security and Networking Cisco Live Las Vegas 2016 ASICs are a pillar of Cisco innovation …
  24. 24. © 2016 Cisco and/or its affiliates. All rights reserved. 24Cisco Public Logic Design Choices • General Purpose CPU • Field Programmable Gate Arrays • Application Specific Integrated Circuits • System on Chip • Graphics Processing Unit
  25. 25. © 2016 Cisco and/or its affiliates. All rights reserved. 25Cisco Public How is an ASIC built?How is an ASIC built?
  26. 26. © 2016 Cisco and/or its affiliates. All rights reserved. 26Cisco Public It all starts with the Transistor • The first bipolar junction transistors were invented by Bell Labs in 1948. • Transistors can be an amplifier (linear region operation) or a switch (saturation region operation). • In switch mode +VCC =1, Gnd = 0 for binary operations.
  27. 27. © 2016 Cisco and/or its affiliates. All rights reserved. 27Cisco Public An example of a Transistor AND Gate Fairchild DM7408 Quad 2-Input AND Gates Truth Table
  28. 28. © 2016 Cisco and/or its affiliates. All rights reserved. 28Cisco Public An example of a Transistor NAND Gate
  29. 29. © 2016 Cisco and/or its affiliates. All rights reserved. 29Cisco Public We are talking transistors… and how many we can pack in an ASIC die … “The number of transistors incorporated into a chip will approximately double every 18 - 24 months …” “Moore’s Law” - 1975 Transistor Width measured in Nanometers Nanometer = One Billionth of a Meter TSMC currently plans to start manufacturing 7nm chips in 2018. “This past September, we announced our plan for the world's first 3-nanometer fab located in the Tainan science park. This fab could cost upwards of $20 billion and represents TSMC's commitment to drive technology forward," TSMC executive Mark Liu. NVIDIA TITAN V GPU is fabricated on TSMC 12 nm FFN (FinFET NVIDIA) process. 21.1 billion transistors. Apple iPhone X 10nm
  30. 30. © 2016 Cisco and/or its affiliates. All rights reserved. 30Cisco Public Then, it starts with coding… Verilog VHDL Synthesis Process Converts code into logical gate constructs (Netlist) ASICs – From Definition to Deployment
  31. 31. © 2016 Cisco and/or its affiliates. All rights reserved. 31Cisco Public Discrete transistor MOSFET (metal oxide semiconductor field effect transistor) FinFET (Fin Field Effect Transistor - "3D" ) NAND gate NOR Gate Universal Gates XOR Gate AND Gate OR Gate NOT Gate XNOR Gate … which can be used to build any of the other logic gates … … mostly used @ 22nm and above Intel in 2012 used 22- nm in Ivy Bridge processors … which, when we put millions of them together on a silicon die, produce a chip! Silicon wafer
  32. 32. © 2016 Cisco and/or its affiliates. All rights reserved. 32Cisco Public And we have an ASIC…
  33. 33. © 2016 Cisco and/or its affiliates. All rights reserved. 33Cisco Public Why Does Cisco Develop Our Own Silicon? Simpler Deployment Options Better Insight and Optimization Increased Security Most Appropriate Scalability Flexibility and Investment Protection via Programmability Simpler Deployment Options Better Insight and Optimization Increased Security Most Appropriate Scalability Flexibility and Investment Protection via Programmability
  34. 34. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 • Cisco spent US$1.567 Billion last quarter (Q2, FY2018) on R&D, some of which was on custom ASICs. • Vast major of Cisco products include custom ASICs • Custom ASICs in: • Catalyst 3000, 9000 • Nexus 5000, 7000, 9000 • ISR, ASR 1000 (Quantum Flow Processor) • Wireless • … Cisco Investments
  35. 35. © 2016 Cisco and/or its affiliates. All rights reserved. 35Cisco Public Up to 32MB Packet Buffer Up to 64K x2 Netflow RecordsEmbedded Microcontrollers Shared Lookup Up to 240GE Bandwidth 384K Flex Counters, Up to 2X to 4X Forwarding + TCAM Universal Deployments Adaptable Tables Enhanced Scale/Buffering Multicore resource share Investment Protection Flexible Pipeline 7.46B Transistors 28nm Technology UADP 2.0 – Next Generation of ASIC Innovation Mobile Ready Security/Trustsec/MACsec Enhanced Netflow Programmable High Performance Recirculation (tunneling - GRE, VXLAN, etc) Flexible Pipeline
  36. 36. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Traditionally the ASIC processing pipeline is FIXEDIPv4 IPv6 Traditional Fixed ASIC Processing Pipeline
  37. 37. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 … and has challenges handling NEW PROTOCOLS … MPLS Traditional Fixed ASIC Processing Pipeline
  38. 38. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Flex Rewrite Flex Rewrite Cisco’s UADP ASIC delivers FLEXIBILITY … Flex Parser Flex Parser Flexible, Programmable Processing Pipeline GRE If IPv7 were invented tomorrow … ... we could probably handle it via the Programmable Pipeline! Flex CountersFlex Counters Stage 1 Stage 2 Stage 3 Stage n IPv4 IPv6 VXLAN MPLS IPv7 Unified Access Data Plane – Processing Pipeline
  39. 39. © 2016 Cisco and/or its affiliates. All rights reserved. 39Cisco Public So where can Flexible ASICs help us? So where can Flexible ASICs help us?
  40. 40. © 2016 Cisco and/or its affiliates. All rights reserved. 40Cisco Public DNA Flexible Infrastructure – Programmable ASIC Silicon
  41. 41. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 ASIC Evolution – Over Time UADP 2.0: 7.46B transistors! 2,160,000 lines of code New!New! Catalyst 9300 / 9400 / 9500 – 2017 Catalyst 3550 Circa 2003 60M transistors 47,226 lines of code Catalyst 3750 Circa 2008 210M transistors 86,220 lines of code Catalyst 3850 Circa 2013 UADP 1.0 – 1.3B transistors UADP 1.1 – 3.0B transistors 1,490,000 lines of code All Cisco-developed silicon Driving the benefits of vertical integration – Hardware and software working together! Just like some other famous examples …
  42. 42. © 2016 Cisco and/or its affiliates. All rights reserved. 42Cisco Public What does all of this mean for me?
  43. 43. © 2016 Cisco and/or its affiliates. All rights reserved. 43Cisco Public Cisco Programmable Hardware equals FLEXIBILITY ADAPTABILITY Enabling Network Evolution – a critical requirement for DNA
  44. 44. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Digital Network Architecture How DNA Center embraces the Cisco DNA Principles Insights and experiences Automation and assurance Security and compliance Automation Abstraction and policy control from core to edge Open and programmable | Standards-based Open APIs | Developers environment Cloud service management Policy | Orchestration Physical and virtual infrastructure | App hosting Network data, contextual insights Network-enabled applications Cloud-enabled | Software-delivered Analytic s Virtualization DNA Center APIC-EM, ISE, Analytics & Assurance
  45. 45. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential June 2017 - What we announced: • DNA Center • Built-in expertise to manage and deploy end-to-end network services with a central management • DNA Analytics & Assurance • Analytics collects data from users, devices, and applications and uses machine learning to proactively identify problems • Software-Defined Access • Dynamically adapt to changing needs with policy-based management of the network fabric • Enhanced Network as a Sensor • Uncover threats hidden in encrypted traffic without decryption. • Catalyst 9000 Series Switches • First infrastructure devices purposely designed for DNA Software Subscription Licensing | DNA Advisory, Technical, Support Services
  46. 46. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
  47. 47. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
  48. 48. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
  49. 49. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Software-Defined Access Industry’s first policy-based automation from the edge to the cloud Single Network Fabric Automate User Access Policy End-to-End Segmentation Keep user, device and applications traffic separate without redesigning the network Apply the right policies for user or device to any application across the network Enable a consistent user experience anywhere without compromising on security Common user policy for the branch, campus, WAN and cloud
  50. 50. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
  51. 51. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
  52. 52. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Controller-based Management Programmable Overlay Simplified L3 Underlay DNA Center Software Defined Access (SD-Access) Bringing Everything Together
  53. 53. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1. Control Plane based on LISP 2. Data-Plane based on VXLAN 3. Policy-Plane based on TrustSec Key Components of SD-Access Key Differences • L2 + L3 Overlay -vs- L2 or L3 Only • Host Mobility with Anycast Gateway • Adds VRF + SGT into Data-Plane • Virtual Tunnel Endpoints (No Static) • No Topology Limitations (Basic IP) 53
  54. 54. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential APIC-EM ISE NDP  Control-Plane Nodes – Map System that manages Endpoint ID to Device relationships  Edge Nodes – A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SDA Fabric  Identity Services – External ID Systems (e.g. ISE) are leveraged for dynamic User or Device to Group mapping and Policy definition  Border Nodes – A Fabric device (e.g. Core) that connects External L3 network(s) to the SDA Fabric Identity Services Intermediate Nodes (Underlay) Fabric Border Nodes Fabric Edge Nodes  DNA Controller – Enterprise SDN Controller provides GUI management and abstraction via multiple Service Apps, that share information DNA Center  Analytics Engine – External Data Collectors (e.g. NDP) are leveraged to analyze User or Device to App flows and monitor fabric status Analytics Engine C Control-Plane Nodes B SD-Access Roles & Terminology B  Fabric Wireless Controller – A Fabric device (WLC) that connects Wireless Endpoints to the SDA Fabric 54 Fabric Wireless LAN Controller
  55. 55. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential SD-Access Support A single fabric for your digital ready network WirelessRoutingSwitching AIR-CT5520 AIR-CT8540 Wave 2 APs (1800, 2800,3800) Wave 1 APs* (1700, 2700,3700) Catalyst 9400 Catalyst 9300 Catalyst 9500 Catalyst 4500E Catalyst 6K Nexus 7700 Catalyst 3850 and 3650 AIR-CT3504 *with Caveats **Future NEW NEW NEW NEW Subtended Catalyst Digital Building Catalyst 3560-CX NEW IE Switches** (2K/3K/4K/5K) ASR-1000-X ASR-1000-HX ISR 4430 ISR 4450 ENCS 5400** ISR 4351 ISR 4331 CSRv
  56. 56. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DNA Center: Design, Policy, Provision, Assurance A better way to manage your network DNA Center: Design, provision, automate policy and assure services from one place Logical workflow to design, provision, set policy Respond to changes faster Monitor end-to-end network performance Predict and act on problems before they happen Pinpoint problems faster Reduce downtime with an end-to-end view instead of hop by hop Manage hardware and software lifecycles Keep up to date, meet compliance and plan for refresh
  57. 57. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Select Areas, Building, Floors • Configure Network Settings • Set IP Address Pools Design Design | Provision | Policy | Assurance
  58. 58. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Assign Devices to Locations • Provision Network Fabric • On-board Hosts Provision Design | Provision | Policy | Assurance
  59. 59. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Create Virtual Networks • Register End Point Types • Administer Context- Based Policy Policy Design | Provision | Policy | Assurance
  60. 60. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Network and Device Performance • Client Access, Connectivity, Monitoring and Troubleshooting • Application Experience Monitoring & Acceleration Assurance Design | Provision | Policy | Assurance
  61. 61. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Analyze netflow metadata without decrypting traffic flows • Global-to-local knowledge correlation - 99.99% threat detection accuracy • Encrypted traffic analytics from Cisco’s newest switches and routers Encrypted Traffic Analytics Security with Privacy
  62. 62. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Enhanced Network as a Sensor Encrypted Traffic Non-Encrypted Traffic Secure and manage your digital network in real time, all the time, everywhere Industry’s first network with the ability to find threats in encrypted traffic without decryption Avoid, stop, or mitigate threats faster then ever before | Real-time flow analysis for better visibility
  63. 63. C97-739122-02 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential A closer look at the science behind ETA
  64. 64. C97-739122-02 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Encrypted traffic – mining usable information https://1.2.3.4 https://123.123.123.123 https://234.234.234.234 https://22.33.44.55 https://21.21.21.21 We can see the TLS session properties We can see the channel behavior We (often) know the server • TLS session properties • Channel behavior • Domain identity (often)
  65. 65. C97-739122-02 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • HTTPS header contains several information-rich fields. • Server name provides domain information. • Crypto information educates us on client and server behavior and application identity. • Certificate information is similar to whois information for a domain. • And much more can be understood when we combine the information with global data. Initial data packet IPHeader TCPHeader TLS Header TLS version SNI (Server Name) Ciphersuites Certificate Organization Issuer Issued Expires Initial data packet Initial data packet
  66. 66. C97-739122-02 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Sequence of packet lengths and times Sequence of packet lengths and times Flow start Time • Size and timing of the first packets allow us to estimate the type of data inside the encrypted channel. • We can distinguish video, web, API calls, voice, and other data types from one another and characterize the source within the class.
  67. 67. C97-739122-02 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco’s threat intelligence map Image: http://census2012.sourceforge.net/images.html • Who’s who of the internet’s dark side • Models use up to 20 features of 150 million malicious, risky, or otherwise security-relevant endpoints on the internet. • These data features include domain data, whois data, TLS certificate data, usage statistics, and behavioral data for each server.
  68. 68. C97-739122-02 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Finding malicious activity in encrypted traffic Cisco Stealthwatch® Cognitive Analytics Malware detection and cryptographic compliance New Catalyst® 9000* NetFlow Enhanced NetFlow Telemetry for encrypted malware detection and cryptographic compliance * ISR, ASR are supported Enhanced analytics and machine learning Global-to-local knowledge correlation Enhanced NetFlow from Cisco’s newest switches and routers Continuous Enterprise-wide compliance Leveraged network Faster investigation Higher precision Stronger protection Metadata
  69. 69. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Catalyst 9000: The platform for the new era First in enterprise • x86 CPU with application hosting • Programmable ASIC • Software patching Future-Proofed • IEEE 802.11ax ready • 100W PoE (IEEE 802.3bt) ready • 25G Ethernet ready Industry’s unmatched • High availability • Multigigabit density • UPOE scale SD-Access integrated Converged ASIC Single image Common licensing Security IoT convergence CloudMobility UADP 2.0 Cisco IOS® XE Software
  70. 70. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 70 Kanata R&D Team 3rd Largest Cisco Engineering site worldwide
  71. 71. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Catalyst 9000 - CRN's 2017 Products Of The Year
  72. 72. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential SDA - Show me the money
  73. 73. Cisco Public 73© 2016 Cisco and/or its affiliates. All rights reserved. Summary – Innovation Across the Network. Intuitive.
  74. 74. © 2016 Cisco and/or its affiliates. All rights reserved. 74Cisco Public From the Hardware … … to the Software and Protocols, with Integrated Security … to the Whole Solution … Cisco Innovations – In Hardware, Software, and Solutions – Tie It All Together “From the Gates – to the GUI” Integrated Security Innovation All The Way Up the Stack Hardware, Software, and Solutions
  75. 75. Thank you.

×