DNA

#CLUS
DNA Center
Policy Automation Analytics
DNA Center
Network Automation easy, fast,
reliable for everyone
Markus Harbeck – Consulting Systems
Engineer
BRKNMS-3005
CCIE #8087
CCDE #20130015
#CLUS
Agenda • Warmup Cisco SDN and
DNA Center
DNA Center
• TOP NEWS!
Policy Automation Analytics • What is DNA Center?
• Get started Deployment – what you
get and how to use it
• Apps in action Demo time of many
Apps!
• Vision, Conclusion & Summary
• Q&A
#CLUS BRKNMS-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
DNA Center
Short Hint:
My English might be bad
but although sexy
Source: Henning Bornemann -Thank you for Deutsche Bahn”
Transforming from CLI to automation let you focus on
“what really matters”
Mobility in the past Mobility with cars
Autonomous driving
Horse drawn today
Source: www. pinterest.de Source: www.zeit.de
Source: www.welt.de
Note: Who had / has control?

Who is Markus Harbeck ???
Personal:
 Location: Eschborn, Germany (near Frankfurt) but lives in Bavaria
 Other Interests: My family, 2 kids, Horse back riding, motor
cycling
My Background:
 CLI Junkie since 1996 for all Routing and Switching
 Joined CISCO October 2010
 Before; 12 years, operations, engineering, application
engineering at Lufthansa Systems
 Drives DNA Center, Automation and Analytics in EMEAR and
loops in the development team and Business Unit
Current Projects:
 DNA Center since day1 in 2014
 Analytics, Assurance
 Network Transformation
Copyright by Hanna
 Network Automation
 SDA, ITSM
My Kids view on DNA Center and
Network Design
Copyright by Saskia
For Your
How to get the PDF and Video ? Reference
PDF and all Demo Videos here:

https://cisco.box.com/v/BRKNMS3005
Or PDF:
http://www.ciscolive.com/online
Note: The PDF contains more detailed Slides

& the Demo’s for your reference !!!
Why Video Demo’s
 Risk of broken Internet Connectivity
 Risk of LAB Failure
 Videos are available after the session
 FOR YOU !
Note: I produced all demo’s myself !

Source: http://www.mysweety.eu
Session expectations
Technical Level
High Level
Low Level t
Session progress
That is not a TCP Session!  & not a SDA Session!
We will work from the “INTENT”, which is high level down to the
“HOW” which is low level!
Note: TCP Slow Start is part of the congestion control algorithms put in place by
TCP to help control the amount of data flowing through to a network. Source:
https://www.keycdn.com/support/tcp-slow-start/
DNA Center
Warm Up:
Introduction to Cisco
SDN
and
DNA Center
SDN – Still Don’t kNow – Stanford Defined
Networking
• The Promise of OF/SDN had been “Decoupling Policy from Configuration”
“An open solution for customized flow “A platform for “With SDN I can develop solutions to my problems far faster –
forwarding control in the Data-Center” developing new control planes”
“at software speeds”. I don’t have to work with my network
vendor or go through length standardization”
“A way to reduce the

CAPEX of my network “A way to avoid lock-in to a
and leverage commodity single networking vendor” “A means to do traffic engineering without
switches” MPLS”
“An open solution for VM mobility “A solution to build a very large scale layer-2
in the Data-Center” network”
“A means to scale my fixed/mobile gateways “A way to build my own security/encryption

and solution, avoiding RSA”
optimize their placement” “A way to define virtual networks with specific
“A solution to build virtual topologies with topologies for my multi-tenant Data-Center”
You can’t just buy SDN.

optimum multicast forwarding behavior”
“A way to scale my firewalls
“A way to configure my entire network and loadbalancers”
It’s an architecture
“A way to distribute policy/intent, e.g. for DDoS
prevention, in the network” which
as a whole rather than
devices”
individual you have
to embrace and life“A solution

“A way to optimize link utilization in my network, through
new multi-path algorithms”
to get a global view of the
network – topology and state”
Cisco SDN Domain specific Controller‘s
Data Center Enterprise
REST API REST API
Application Centric Infrastructure (ACI) DNA
APIC
1.2 Available now!
APIC DNA Center

(for Data Center) (formerly APIC-EM)
(Nexus 9000) (Catalyst, ISR, ASR, WLAN,
Nexus 7k, NfV, vManage, Meraki)
The Journey from APIC-EM to DNA Center
 Building SDN foundation
Since 2015
 PnP, Easy QoS, CAA, IV
0.9  1.6
APIC-EM New Name

1.x  2.x DNA Center
 Based on APIC-EM 2.x
 Design, Policy, Provision &
Assurance
DNA Center 1.0 since
August 2017  Application Policy, Security
Contracts, Troubleshooting
(1.2 today)
Policies
 DNACenter 1.2 available
APIC-EM proofed the value of Policy and SDN Automation – DNA Center now closes the gaps
APIC-EM & DNA Center started the journey
Intent (Automation) Context (Assurance & Analytics)
Infrastructure Secure Policy Based Analytics Intent-based

Readiness Foundation Automation and Assurance Network
Open and Rapid threat detection Simplify, scale network End-to-end view of Constantly learning,
Programmable and mitigation deployment for Cloud, the network with full adapting, protecting
Mobile, IoT context through data
and insights
What is network about?
Source: google.de images
Security
Cloud
Video
IOT
Voice Mobility
Data
Source: google.de images
In the past... Today... What really matters !!!

DNA Center View
DNA Software Capabilities
Cloud Service Management

Automation
& Assurance
Automation Analytics
Security &
Virtualization Compliance
Insights &
DNA-Ready Physical and Virtual infrastructure
Actions
Security
The Layers
Increased
IT Agility
Platforms
Systems
Products
DNA Center Focus Areas
Automatio Network and security
LEARNING services automation aligned
n
with the IT Process
Proactive and predictive insights

Analytics to assure service experience
INTENT CON TEXT DNA API standardization and

Center monetization for app dev and
programmability
Platform
Automation and Analytics

Cross
Integration with offers from
Domain Edge to Cloud including
Security
SECURITY
DNA-C Cloud and hybrid
deployment of DNA-C to
Cloud address different markets
Before and after – was that all?
1990s Today
hq>enable
hq# config terminal
hq(config)# interface fastethernet 1/1
hq(config-if)# ip address Catalyst>enable Catalyst(config)# router eigrp Test1
1.1.1.1 255.255.255.0 Catalyst# config terminal Catalyst(config)# interface
hq(config-if)# no shutdown Catalyst(config)# interface Te 1/1
hq(config-if)# exit Gigabitethernet 1/1/1 Catalyst(config-if)# ip router
hq(config)# router eigrp Catalyst(config-if)# no switchport eigrp Test1
hq(config-router)# network 1.1.1.0 Catalyst(config-if)# ip address Catalyst(config-if)# no shutdown
hq(config-router)# exit 1.1.1.1 255.255.255.0 Catalyst(config-if)# end
hq(config)# exit Catalyst(config-if)# no shutdown Catalyst# copy run start
hq# copy run start Catalyst(config-if)# exit
28 Years!
Top 5 advantages
DNA Center supports Brownfield
Day 0 and Day N Supported (PnP, and Day 2 Day)
Simplification through abstraction
Open – REST API Northbound, SDK (Beta) Southbound

Combines Automation and Assurance or in other words:
INTENT and CONTEXT
DNA Center
What is DNA Center ?

Do you know this?
There is no time to repair Return to

the fence... PROACTIVE
...because we always have network
to catch the chicken!
operations
Source: google.de images (unknown)
The challenges for the Network Operations! 1.x
 Simplification
 Network can not be the bottleneck
 Roll out 100s of devices in minutes
 Change configurations quick and reliable Copyright by Saskia
 Reduce complexity and keep the configuration consistent
 Know the real impact of an Incident
 Know the Root Cause
 Know the state of the network and your policies  predictability!
DNA Center - Platform Architecture
DNA Center INTENT: Design – Provision – Policy – Assurance DNA Center
Applications Templat Topolog Applications
PNP Device 360 Client 360
e y
DNA Center Controller

Northbound REST APIs
Discovery, Design & Analytics,

Topology
DNA Center Inventory Provision Assurance
DNA Center
Services Template Policy, Image Path Trace,
Services
Telemetry
Manager Repository Context
South Bound CLI SNMP

Netconf* SDK*
Abstraction (SSH, Telnet) v2c, v3
Addresses
Scale Out
Maglev Elastic Service Infrastructure
and HA
Requirement
*Roadmap
s
Note: Services and Apps listed are an extract
DNA Center - open and extensible
Extensions Integrations Enablement
Extension points across Integration with Enablement for
automation and analytics complementary platforms developer community
APIs Cisco assets

ACI Meraki Tetratio
SDK
n
DNAC
Connectors Industry integrations Platform
Firehose
Controller in Action !
Controller creates and enforces

Policies & Events:
The “WHAT”  Intent
The horse takes care of:

The “HOW”
Transforming from CLI to automation let

you focus on “what really matters”
Source: http://www.mysweety.eu
#CLUS BRKNMS-3005
Abstraction
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Do You
Think
know Tic
outside O X O
Tac Toe?
O X O
X O X The Box
X #CLUS BRKNMS-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
DNA Center
Get Started
Cisco DNA Center
Use policy-based
Design Design your network using
Cisco DNA™ software capabilities automation to deliver Provision
physical maps and logical services to the network
topologies for quick visual based on business priority
reference and to simplify device
Cloud service management deployment
Automation Assurance
DNA Center appliance

Virtualization
Define user and device Combine deep insights with
Policy profiles that facilitate highly rich context to deliver a Assurance
secure access and DNA-ready physical and virtual infrastructure consistent experience and
network segmentation proactively optimize your
based on business needs network
Switch Route Wireless LAN Access
r controller point
Security
You can use either the UI or the API

DNA Center – 5 step installation
Config Wizard:
NTP and
Enter IP Change Finalize
Boot Service
address Credentials Installation
Net
Enter DNA Shell and UI Enter NTP IP Finalize
Center IP Username and and Service / installation and
(Subnet / Def GW / PWD and Cluster IP bring up
Static Routes)
optional Proxy Subnet controller
Note: Single Wizard for DNA Center #CLUS BRKNMS-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
How to use DNA Center
Foundation / Basement
1. Discover
2. Inventory & Role assignment  Analytics
3. SWIM (Software & Image Management)
4. Network Profile & Template
Operations / day to day tasks

5. Design
6. Provision
7. Policy
8. Assurance
Demo Time
DNA Center Overview
Download Demo Video here:

DNA Center

DNA Center
Some Useful hints !!!
DNA Center

Ensure connectivity
 Network connectivity
 NTP server connectivity – must be reachable
 To modify basic server settings use “sudo maglev-config update” to change the
configuration. – Be careful using this command on production device.
 If you have multiple Ethernet Interface – set one with a default gateway and the others with
static routes
 Do NOT change anything using Linux Shell!
Note: Be careful with config wizard syntax especially for the sub netmask
Note2: All Parameters will be validated – e.g. DNS Server reachability
Special Settings information
Description Example
Services Subnet Used internally of DNA Center 10.60.0.0/21,

DNA Center use in The minimum size of the subnets is /21 bits; the 10.60.8.0/21
managing its own recommended size is /20 bits to /16 bits. There is no
services default.
Note: Must not conflict or overlap with any other subnets
in use in the enterprise network
Cluster Services Subnet Used internally of DNA Center 10.100.0.0/1
DNA Center to use in 6
managing its clustering The default is 10.100.0.0/16
services. Note: Must not conflict or overlap with any other subnets
in use in the enterprise network
NTP, DNS , Def GW etc Will be validated during installation – therefore need to be
reachable!
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-1/install/b_dnac_install_1_1_0P1/b_dnac_install_1_1_0P1_chapter_00.html
Root Cause Analysis
 SSH into DNA Center
ssh -l maglev –p2222 <dnac-ip>
 Collects important:
 log files
 configuration files
 output of various commands
 Creates a compressed tar ball containing the
above information which can be sent to
developers for further debugging and analysis
  Can be sent to support team!
Note: Please use Port 2222 for SSH and SCP <…snip…>
Note: that happens all the time
Server in the past Transformed server
Source: www.novell.com Source: www.

guidebookgallery.org
Brief excursion into the
REST API and
programmability
DNA Center

API: VERBS + NOUNS + Syntax
GET JSON Syntax:

/host
{
"policyOwner": "Admin",
POST /link "networkUser":
{"userIdentifiers":["40.0.0.15"],
/network-device
"applications":[{"raw": "12340;UDP"}]
PUT }
}
/interface Header: Content-Type: Application/JSON
DELETE
https://<dnacenter-ip>/api/v1/network-device GET/POST
Demo Time
REST APIs

DNA Center

DNA Center
Apps in Action
Network Plug and Play (PnP) – Components
PnP Agent PnP Protocol DNA Center (pnpserver)

 Embedded in IOS / AirOS Runs between Service in DNA Center
 Requests for IP and DNA Center Address Agent and DNA Manages sites, devices,
 Authenticates Center images, licenses, workflow
 Creates a PnP Profile Provides Northbound REST
 Opens on http APIs
 Operates on https / tcp !
 Secure and reliable
Routers Switches Wireless

(ISR, ASR) (Catalyst®) Access Points
PnP Server Discovery Options
Routers
DHCP with option 43 (ASR, ISR)
1 PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server
Wireless
Automated
Access Points
DNS lookup
2
resolves to DNA Center IP Address
Switches
(Catalyst®)
Cloud re-direction https://devicehelper.cisco.com/device-
3 Redirect helper
USB-based bootstrapping*
4 router-confg/router.cfg/ciscortr.cfg Manual discovery
not supported for
Manual
Access Points
Manual - using the Cisco® Installer App**

5
*Supported on Cat 9K only for switches
* *DNA Center Support in Roadmap #CLUS BRKNMS-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Day-0 deployment using PnP Connect
Cisco® Customer
supply chain Device SN Smart Account Device SN
PnP Connect
Cloud-based device
discovery
2 3
Label
5 DNA Center downloads SN
Device SN SN per Smart
from PnP Connect
added into Account available
customer in PnP Connect Device SN
Smart Account S S
4
SL SL
DNA Center
registers its
identity with
PnP Connect
CCW
order S
1 SL
Deploy image and configuration 6
DNA
Customer Device provisioned Center Corporat Profile
7 upon discovery and ™ e HQ mapped to
Smart Account Installer
added as part association to site site
of ordering
Admin
For more details on PnP Connect please refer to
https://communities.cisco.com/docs/DOC-72466
Software and Image Management
(SWIM)
1 2 3
Intent based Network Upgrades Upgrade Pre/Post Checks Patching Support
Intent based network upgrades Pre and post checks allows Patches are supported in
allows for image standardization, network admins more DNAC from intent to pre-
much desired by all network control and visibility over post checks in same way
admins. network upgrades we manage regular images
SMU: Software Maintenance

Upgrade
Integrity/ Trustworthiness Verification
Demo Time
LAN Automation with PnP

DNA Center

Demo Time

DNA Center

Our dog “Bessi” at break
Transforming from CLI to automation let
you focus on “what really matters”
Exhausted?
You need a break?
We still have cool things to see!
 And yes she sleeps only!
And transforms in her dreams 
#CLUS
BRKNMS-3005 BRKNMS-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Demo Time
Design, Provision  Intent

DNA Center

Demo Time
”Policy Protected”
Template Programmer

DNA Center

What can a policy be? (an extract there are many
more)
Authentication & Authorization
Access 802.1x, static assignment – which group
Allow or decline access
DB
Who can access what?
Access Control Rules for x-group access
✓ Permit/deny group to group
Mirror Traffic (ERSPAN)

Traffic Copy Employee
Configures ERSPAN for specific endpoint and traffic
1
Edge Switch
Finance Servers
(source and destination SGT)
Assign Application QoS relevance

Quality of Experience Categorize applications (Relevant – Irrelevant – Default)
(Application) Apply QoS config network wide
Demo Time
Policy Intent

DNA Center

Solicit Application Business-Relevance
Relevant Default Irrelevant

• These applications directly • These applications may/may not • These applications are known
supports business objectives support business objectives and do not directly support any
business objectives; this class
• Applications should be classified • E.g. HTTP/HTTPS
includes all personal/consumer
and marked according to RFC
• Alternatively, administrator may applications
4594-based rules
not know the application (or how
• Applications in this class should
its being used in the org)
be marked CS1 and provisioned
• Applications in this class should with a “less-than-best-effort”
be marked DF and provisioned service , per (RFC 3662)
with a default best-effort service
(RFC 2474)
CVD: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Dec2017/APIC-EM-EasyQoS-DesignGuide-Dec2017.html
Or short link: http://cs.co/apicem14easyqos
Applications can interact with DNA Center via
Application Policy Northbound APIs, informing the network of application-
specific and dynamic QoS requirements
REST API
Network Operators express high-level
business-intent to DNA Center
Application Policy Southbound APIs translate
business-intent to platform-
specific configurations
CUCM
WAN
Service
Applicatio
Network services DC
APs Office site n
Local WLCs
Access Switch
Core Switch
4500: 1P7Q1T Nexus 7700
AP PEP WLC WAN 6500: 1P3Q4T
3650: 2P6Q3T F3: 1P7Q1T
4Q (WMM) PEP MQC 1P7Q4T
2960X:
2P6Q4T
1P3Q3T
What Do We Do Under-the-Hood?
Apply RFC 4594-based Marking / Queuing / Dropping Treatments
Application Per-Hop Queuing & Application
Class Behavior Dropping Examples
VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)
Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV
Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Business
Relevant Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE
Signaling CS3 BW Queue SCCP, SIP, H.323
Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Default Best Effort DF Default Queue + RED Default Class

Business Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, Bit Torrent, Xbox Live
Irrelevant
Demo Time
Application Policy (QoS)

DNA Center

How will it work in my Network?
REST API
CUCM
WAN
Service
Applicatio
Network services DC
APs Office site Local WLCs n
Note: Provisioning End-to-End DSCP-Based Queuing

Do you know or recognize your Network?
1.x
Did you ever asked yourself:

Can I switch OFF one of my
Core switches at NO risk?
…the view from my

Copyright by Saskia 4 year old daughter !
What's the Impact?
IM1234546:
ROW is down ROW = Roswell
An Airline case:
(Airlines think 3 letter Code) We are not flying to ROW lets requeue
NW
Eg. FRA = Frankfurt the IM to Monday – P3
MCO = Orlando
etc .
Duty Manager Sorry typo in the IM
10 Min later RoW – means Rest of World
The network monitoring is green NW
Assurance Affects Join/Roam
Affects Quality/Throughput
Client firmware Affects Both*

WAN Uplink usage End-User services
Client density AP coverage Configuration
WLC Capacity WAN QoS, Routing, ... Authentication

RF Noise/Interf.
Addressing
CUCM
ISE
WAN
DHCP
APs
Office site What is the problem?
Network services DC
There are
Mobile clients
Local WLCs
Cisco Prime™
100+ points of
Where is the problem?
* Both = Join/roam and quality/throughput
failure between
user and app
How can I fix the problem fast?
360
Cisco Context
Time 360-degree Visibility

Users Network
Devices Applications
Data Granularity
Location Historical, Real-time, Future
Context = know that your Policy works
DNA Center Assurance
Automation
Design Provision Policy Assurance
• Global settings • Fabric domains • Virtual networks • Issues and trends

• Site profiles • Device on-boarding • ISE, AAA, Radius • Performance
• DDI, SWIM, PNP • Device inventory • Access control • Proactive
• User access • Host on-boarding • Application control troubleshooting
Planning, installation and migration

Proactive and predictive network, client and application assurance
One License for Intent and Context! Either Essentials or Advantage
Demo Time
Assurance

DNA Center

A future Story with DNA Center of Network
Operating
Angry user reports issue after encountering problem
“My video was terrible, the network is terrible!”
“An issue was seen by DNA Center at the time”

All Data Sent to IM “fault was identified and fixed by our engineers”
“I’ve got another video meeting today. Can I trust you?”
“Let me verify the network state using a Sensor test”
“Yes. It looks good. I also checked via PathTrace that the correct path is being taken”
“If you like, I can run the Sensor test and PathTrace periodically until your meeting
starts…”
Assurance at Cisco Live BCN  NOC
#CLUS BRKNMS-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA Center
Summary
&
Conclusion
The answer for network Operations!1.x
 Simplification because of abstraction
Copyright by Hanna
 The network becomes agile and predictable
 Easy Roll Out and RMA in Minutes
 Changes and configurations predictable, policy protected
 Complexity reduction because of abstraction and policies
 Integration of Assurance and Analytics

 Know that your policy works, get guidance
 Know the Impact and the Root Cause
How we get to an SDN “controlled network…!"
Do you remember? Business Intelligent
1.x 1.x
Copyright by Saskia Copyright by Hanna
Transforming …!
My Call to action !
You can start totally RISK free !!!

Monitoring / Analytics LAB and Pilot for
automation
 Use DNA Center just for Analytics &  Use DNA Center in the LAB to see
Assurance (Read Only) automation in action
 Have a quick win information in the  Build a small pilot
first 30 Minutes
 Pick and identify your use case PnP,
 Get up to date visibility SWIM…
 Proof value of DNA Center
Session close to the end…
Technical Level
High Level
Low Level t
Session progress
Have a drink on me !
After the long journey
BUT PLS
ONE MORE SLIDE!!!!
Note: that happens all the time – now you make it happen !!!
Traditional networking DNA Center
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
Webex Teams will be moderated cs.co/ciscolivebot#BRKNMS-3005

by the speaker until June 18, 2018.
Complete your online session evaluation
Give us your feedback to be entered

into a Daily Survey Drawing.
Complete your session surveys through
the Cisco Live mobile app or on
www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available for viewing
on demand after the event at www.CiscoLive.com/Online.
Continue
your Demos in
the Cisco
Walk-in
self-paced
Meet the
engineer
Related
sessions
education campus labs 1:1
meetings
Thank you
#CLUS
#CLUS
Taking pictures?
Manual, no automation, high risk,
Expensive, complex
High Skill level needed
A lot of fun !
Automated, lower risk
Average Skill needed for 1st / 2nd Level
Still a lot fun ! And space for more!

Cisco Rewriting the Networking Playbook
Historicaly Digital-Ready Network
Hardware Centric Software Driven
Manual (eg CLI) Automated
Silo’ed Security Integrated Security
Network Monitoring Analytics and Insights
You Need a Network that Drives your Digital Business

Independent App
APIC-EM into DNA Center Embedded Capability
APIC-EM 1.6
Inventory Discovery Topology Easy QoS IWAN App
Command Integrity
Path-trace Plug and Play SD Bonjour
Runner Verification
DNA Center Nov 2017 Jan 2018 Mar 2018

Plug and Play
Inventory Discovery Topology App
IWAN App
Command Integrity
Path-trace Easy QoS
Runner Verification SD Bonjour
1.0 1.1 1.1.1 1.2
System Monitoring
System Status
and Monitoring
BRKNMS-3005 81
Logging Level
 Default Log Level is Info
 To change the Logging level

 From Main Menu  System Settings

Settings Logging Levels
 Select the appropriate service and
Debug Logging Level
 Set the timeout for logging level
to 15 / 30 / 60 minutes or forever
BRKNMS-3005 82
DNAC 1.1 Platform: Scale and Hardware
specification
• Centralized deployment, cloud tethered
• 1 RU Small form factor
• 2 x 10Gbps Data links
• Built in Network Telemetry collection (FNF,
Scale: Single Node SNMP, Syslog)
• Built in Contextual connectors (ISE/PxGrid,
IPAM, Location)
5,000 -> 4K Aps + 1K Network Devices*
• HA (3 Node, Automation),
25,000 -> Clients/Hosts*
• RBAC, Backup/Restore, Scheduler, APIs
• 64-bit x86 Processors

• Solid State Disks in RAID10
• Hardware MRAID Controller
*Scale will increase in the next releases • Dual PSU
Single Appliance for DNAC (Automation + Assurance)

BRKNMS-3005 83
DNA Center Appliance Setup Workflow
 Unbox and Rack mount the  Provide the following details  Wait for system bring up as it
DNA Appliance • IP Address, GW, DNS, automatically deploys
 Power up and attach the Virtual IP • Kubernetes cluster
cable • NTP • Maglev-system
 Configure the CIMC settings • HTTP Proxy applications
(optional) • Cluster subnets • Automation and
 Config-Wizard automatically • Admin password Assurance applications
starts  Automatic reboot  When vKVM console displays
the maglev login prompt,
DNA-C is installed and ready
to use!
DNA Center Assurance - How to Get Started
Prerequisites DNA Center Installation DNA Assurance Setup

• Review list of WLCs/APs and • Review best practices for • Assurance Day1 Workflows
SW Ver supported: Installation - Discovery/Inventory
Device Support Matrix • Go through installation workflow Collection
• Make sure the WLCs are • Best practices for Cluster - Establish Streaming Telemetry
bring-up with devices
running or upgraded to 8.5.120
- Prepare Site Hierarchy
(8.5 MR2) • Turn on Cloud Updates
- Provision Devices to Buildings
• Review prerequisites for DNA - Assign APs to floor
Center Deployment and best Watch Video
practices : Watch Video Watch Video
(Install and Admin Guides)
 Visit http://dnac.cisco.com for more resources
 DNA Center on SalesConnect: https://salesconnect.cisco.com/#/program/PAGE-9982
 DNA Center on Cisco.com: https://cisco.com/go/dnacenter
Installation Best Practices
 Always treat DNA-C as a cluster: plan for a “cluster”

• Standalone box is a “single node cluster”
 Provision for separate intra-cluster link on day 1

• Changing the intra-cluster link from one interface to another is not supported
 Provision for Cluster Virtual IP on day 1

• Network Devices will continue to see the same IP when more nodes are added
 Use a complete private network for intra-cluster link (no other machines should be in this
network)
• Use isolated L2 domain (all clusters must be in the same L2 domain)
• Ensure < 10ms latency (RTT) across the intra-cluster link
High-Availability (HA) Design
DNA Center Cluster

• DNA Center High Availability
o Support for HW and SW failures Node 1 Node 2 Node 3
o Fault tolerance: 1 node in a 3-node cluster
Maglev Maglev Maglev
• Deployment Model DNAC Services DNAC Services DNAC Services
o 1 or 3 node cluster Service A Service A Service A
o Cluster Nodes in the same subnet

Service B Service D Service F
o Latency between nodes: < 10 ms RTT
Service C Service E Service G
Note: HA Support for Automation workflows only in the DNAC 1.1 Release
Cluster Bring-up Best Practices
 Bring up first node: complete the installation (along-with Virtual IP, intra-cluster link) and let the
services come up
 Bring up the second node: let the installation complete
 Bring up the third node

• Remember 2-node DNAC cluster cannot withstand a node failure (One node crash will lead to stall of the
other node)
• 2-node cluster is not a supported deployment model
2 node cluster
Node 1 install No protection from node failure
Formation of DNA-C cluster

Single node cluster Node 2 install Node 3 install Full clustering.
Enable HA for application support
Validate configuration
DNA Center Authentication via REST API
APIC-EM DNAC
Authent POST Basic

ication JSON Body Auth
request
Respon ["response"] ["Token"
["serviceTicket"]
se ]
Roles:
BRKNMS-3005 89
TLS and Cipher Changes on DNAC
TLS 1.0 RC4 cipher
Implications:
- Older versions of IOS cannot establish Plug and Play connection.
- Need to upgrade software e.g. 3850 requires 16.3.3
- Unable to import software images from devices (uses TLS connection)
- Import image from CCO/filesystem
- REST API connections from python may fail with Error: , ConnectionResetError(54, 'C
- 'pip install pyOpenSSL'
DNA Center Tools
BRKNMS-3005 91
DNA Center Work Flow
 Site Hierarchy  Virtual Networks
 Network Settings and  Contracts & SGT
Credentials  Microsegmentation
 IP address mgmt  Application Policy (QoS)
 SWIM  Traffic Copy Policies
 Wireless
 Network Profiles
ISE
 Base Provisioning  Overall, Network, Client &

 SDA Provisioning Application Health
 Image Patch & Upgrade  Analytics Device and Client
 Profile Provisioning 360
(Templates)  Troubleshooting
 Issues and Trends
#CLUS BRKNMS-3005 © Root
2018 Cisco and/or Cause Analysis
its affiliates. All rights reserved. Cisco Public 92
PnP Connect: End to End Workflow (With PnP
App)
Cisco Supply Chain Device SN# Device SN#
PnP Connect
Cloud based device discovery
Device SN SN per SA available

DNA-C< downloads
added into in PnP Connect
SN from PnP Connect
Customer SA Device SN#
DNA-C registers
it’s identity w/
PnP Connect
Config to SN
CCW Order
Config to SN
Deploy Image & Configuration
DNA
Center Templates Config to SN
Device provisioned
Customer Smart
upon discovery
Account added as Corporate HQ
part of ordering Installer Templates
mapped to device
Admin
SN
PnP Connect: End to End Workflow (With
Profiles)
Cisco Supply Chain Device SN# Device SN#
PnP Connect
Cloud based device discovery
Device SN SN per SA available

DNA-C downloads SN
added into in PnP Connect
from PnP Connect
Customer SA Device SN#
DNA-C registers
it’s identity w/
PnP Connect
Config to SN
CCW Order
Config to SN
Deploy Image & Configuration
DNA Config to SN
Center Proffile
Device provisioned
Customer Smart
upon discovery
Account added as Corporate HQ
part of ordering Installer Profile mapped to Site
&
Admin
SN mapped to Site
A few Facts for DNA Center 1.1
• Parallel Device Upgrade/Threads for SWIM:

• 25
• Pre Checks:
• Both Image and SMU’s
• RAM & Flash
• Post Checks
• SMU Only
• CPU, Disk Space, Route Summary
• In case of failure during Image upgrade or Pre & Post checks, provide
reason for failure and automatically Rollback
Use Case#2: Customized Network Settings Update
Use Case:
• Deploy customized configuration to
devices in the network
Core Capabilities:
• Will ensure policy CLI cannot be
programmed
• Auto-complete gnome parser
• Provisioning: Form Viewer
• Mapped to profile to be deployed to the
network
BRKNMS-3005 96
Customized Network Settings Update
Create the Template
Use Case #3: Wireless Deployment Made Simple
Automation
o Discover WLC
o Create Site(s) with Buildings and Floors
o Design Wireless Profiles
o Provision WLC and AP
o Connect wireless client
BRKNMS-3005 98
Use Case #4: Managing Software Lifecycle
Use Case:
• Ensure Consistency of
Software for all network
devices (by platform type)
• React to PSIRT and bugs fast
• Deploy software with
confidence
Benefits:
• Golden Image based workflows
drive software consistency
• Pre/Post check ensures that
software updates do not have
adverse effects on the network
• Patching provides small
updates to react quickly to
security fixes
Design
 Set up sites, buildings and floor areas to mimic your network
Site Setup topology.
 Import floor maps and place access points.
 Standardize DNS, DHCP, servers across sites.

 Standardize device credentials.
Global Settings  Manage IP address pools effectively.
 Override global settings with site-specific settings.
 Standardize configurations for network devices and sites.

Network Profiles  Create once and use multiple times.
 Tag images and their corresponding patches as “golden”.

Software Image and  Do automatic compliancy checks against the golden images.
Patch Management  Update software images and patches on network devices.
 Perform pre- and postchecks for image deployment.
BRKNMS-3005 100
Provision
 When approved, associate the profiles to sites.
Network Profiles  Deploy the profiles.
 Create fabric domains across your network.

 Associate the devices to sites.
Fabric Domain  Add the SDA-capable devices to the fabric domain and assign
roles.
 Onboard routers, switches, and access points using PnP.

Plug and Play  Claim the devices that have been discovered with PnP and
associate them to the respective sites.
BRKNMS-3005 101
DNA Center Wireless Configuration Workflow
WLC Mapped to AP Mapped Wireless

Create SSID Map Profile to
Sites to Site (Floor) Profile
Site
Map sites that APs inherits the SSIDs and RF SSIDs and RF Devices ready to
WLC will manage properties of the Profile Parameters that Parameters that deploy
associated to site represent wireless represent wireless
network network
BRKNMS-3005 102
Policy
 Offers option to import groups from ISE (or AD groups)
Scalable Groups  Offers option to create groups through static mapping
 Enables SGT ID on SDA-enabled devices
 A “default” virtual network is created automatically

Virtual Networks  Offers option to add or remove new virtual networks
 Enables VN ID on SDA-enabled devices
 Groups provide native SGT-based segmentation.

Manag grups and VN  Intra-VN policies are set to Default Permit or Deny
Policies  VNs provide native VRF network segmentation.
 Inter-VN policies are mapped to firewall instances.
BRKNMS-3005 103
Policy Overview for Device Role = Switching
Access
Under the Hood
Ingress Marking Policies
• Applied on all interfaces which are not connected to another network
device
• Decision is based on looking at the topology / link information in NIB
Egress Queuing Policies
• Applied on all interfaces
Policy Overview for Device Role = Switching
Distribution & Core
Under the Hood
• No Marking policies applied on any interface
• Applied on all interfaces
Policy Overview Device Role = Border Router
Under the Hood
• Marking policies applied on all interfaces except in the case where no SP
Profile is specified for WAN interfaces (using #WAN# description)

• For LAN interfaces – LAN egress queuing policies are attached
• For WAN interfaces – egress queuing policies corresponding to the SP
profile is attached to the interface
Note: WAN interface is identified by looking at the interface description field (#WAN# tag)
Policy Overview Device Type = WLC
Under the Hood
Upstream
• Trust DSCP at the Access Point
• DSCP re-marked as per the AVC policy on WLC
Downstream
• DSCP re-marked as per the AVC policy on WLC
• DSCP  UP mapping at the Access Point
Note: IEEE 802.11 QoS consists of eight User Priorities (UPs) that are mapped to four Access Categories
(ACs)Voice, Video, Best Effort, and Background.
Application Summary
api/v2/data/customer-facing- POST Create an application group

service/scalablegroup/application "scalableGroupType":"APPLICATI
ON_GROUP
api/v2/data/customer-facing-service/scalablegroup/application POST Create an application
"scalableGroupType":
"APPLICATION"
api/v2/data/customer-facing- GET Look up application group by
service/scalablegroup/application?scalableGroupType=APPLICATION_GROUP&nam
e=MyCustomSet name
api/v2/data/customer-facing- GET Lookup application by name
service/scalablegroup/application?scalableGroupType=APPLICATION&name=Adam
-App
api/v2/data/customer-facing-service/scalablegroup/application/{{Id}} DELETE Delete an Application or
Application group
Assurance
Global maps to depict the state of the network
Network Visualization Health scores to color-code the areas needing attention
Ability to drill down to a particular site, building, or floor
 Health scores to gauge the criticality of the network

Health Scores  Health scores for clients, network devices, and applications
 Detailed 360 views for routers, switches, WLC, APs

 Automatic troubleshooting scripts run to pinpoint key concerns
360 views  Assurance-enhanced path trace to provide relevant path
analytics and statistics across nodes in the path
BRKNMS-3005 109
Overall Health
• Quick drill down to a site or

Toggle between Geo, List or
Topology View
• Where in the world and on

which site most serious
issues are happening
• Overall health summary

of network and clients
• Top 10 Global Insights

Network Client Health
• Client Health Summary • Network Health Summary

• Onboarding, RF and Client Profile info • Control, Data, Policy Plane and Health info
360 view Users and Devices
• Single location for all user

information and every user device
• History of performance for each
user device
• Proactive identification of any
issues affecting user’s experience
• Single location for all user device

related user information
• Connectivity graph with
health score of all device on
the path
• Application performance
• Device KPIs
Time Travel
• History shows critical events • Rewind time to when the issue

• Identifies when issues occurred
occurred! • All the information on the user
or network device 360 changes
to the selected time!
Path Trace
• Run pathtrace from source

to destination to quickly get
key performance statistics
for each device along the
network path
• Identify ACLs that may be

Blocking or affecting the
traffic flow
Insights with Guided Remediation Actions
• Detailed drill downs to identify the

impact quickly
• Guided Actions to help remediate

issues quickly #CLUS BRKNMS-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Apple Insights
1 2 3
Device Profile Wi-Fi Analytics Assurance
Client shares these details Client shares these details Client shares these details
1. Model e.g. iPhone 7 1. BSSID Error code for why did it
2. OS Details e.g. iOS 2. RSSI previously disconnected
11 3. Channel #
Support per device-

Insights into the clients Provide clarity into the
group Policies and
view of the network reliability of connectivity
Analytics
Disassociation Dis-associated Session Time Location – Building
Reason from AP Duration Flr
DHCP Failure AP1 23min 10sec 23:30:15 – Dec-2-2018 SJC24 / 1F
Device internal AP1 10min 10sec 23:30:15 – Dec-2-2018 SJC24 / 1F

state reset
Captive Portal AP2 52sec 23:30:15 – Dec-2-2018 SJC24 / 2F

failure
Captive Portal AP2 2min 10sec 23:30:15 – Dec-2-2018 SJC24 / 2F

failure
Miscellaneous AP2 30min 10sec 23:30:15 – Dec-2-2018 SJC24 / 1F

Reasons
Proactive Insights - Senor
Create sensor test schedule and • Sensor tests raise issues/insights

define the applications and test to • Detailed results shown at the floor level
run #CLUS BRKNMS-3005 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Execute Path Trace
Daphine said she was not able
to use a printer with her PC
Let’s run a Path Trace to the

printer specific IP address and
port to understand where is the
problem
BRKNMS-3005 118
Check Path Trace
Path Trace reports an ACL

Denying traffic to the Printer
BRKNMS-3005 119
DNA Assurance Platform Support (Release 1.1)
CAT2K / CAT3K / CAT4K Switches CAT9K / CAT6K / N7K Switches ASR / ISR / CSRv Routers
CAT2K Recommended O S Minimum O S CAT9K Recommended OS Minimum OS ISR 4K Recommended OS Minimum OS
C2960-L IOS 15.2(2)E7 IOS 15.2(1)E1
C9300 IOS-XE 16.6.2 IOS-XE 16.6.1 ISR 4431 IOS-XE 3.16 IOS-XE 3.9
C2960-P IOS 15.2(2)E7 IOS 15.2(1)E1
C9300 Stack IOS-XE 16.6.2 IOS-XE 16.6.1 ISR 4221 IOS-XE 16.4 IOS-XE 16.4
C2960-C IOS 15.2(2)E8 IOS 15.2(1)E1
C9400-LC-48UX IOS-XE 16.6.2 IOS-XE 16.6.1 ISR 4351 IOS-XE 3.16 IOS-XE 3.10
C2960-CPD IOS 15.2(2)E8 IOS 15.2(1)E1
C9400-LC-24XS IOS-XE 16.6.2 IOS-XE 16.6.1 ISR 4451-X IOS-XE 3.16 IOS-XE 3.9
C2960-X Stack IOS 15.2(2)E6 IOS ≥ 12.1
C2960-XR IOS 15.2(2)E6 IOS ≥ 12.1 C9400 (Sup1XL) IOS-XE 16.6.2 IOS-XE 16.6.1
Recommend Minimum
C2960-XR Stack IOS 15.2(2)E6 IOS ≥ 12.1 C9400 (Sup1E) IOS-XE 16.6.2 IOS-XE 16.6.1 ISR 1K (Selected PIDs Only)
ed OS OS
C2960-CX IOS 15.2(4)E3 IOS ≥ 12.1 C9500 IOS-XE 16.6.2 IOS-XE 16.6.1
C1112-8P + (LTEEA) IOS-XE 16.7.1 IOS-XE 16.6.1
C9500 Stack IOS-XE 16.6.2 IOS-XE 16.6.1
C1113-8P + (M,LTE*,WE,WA,WZ,MWE) IOS-XE 16.7.1 IOS-XE 16.6.1
CAT3K Recommended O S Minimum O S C1114-8P + (LTEEA) IOS-XE 16.7.1 IOS-XE 16.6.1
CAT6K Recommended O S Minimum O S
C3560-CX IOS 15.2(6)E All Versions C1115-8P + (PM, LTEEA,PMLTEEA) IOS-XE 16.7.1 IOS-XE 16.6.1
C3650 (Copper) IOS-XE 16.6.1 All Versions C6503E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C3650-Stack IOS-XE 16.6.1 All Versions C6504E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2 ASR 1K Recommended O S Minimum O S
C3850(Copper/Fiber) IOS-XE 16.6.1 All Versions C6506E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2 ASR 1001-X IOS-XE 16.3.5 IOS-XE 3.12.0
C3850-Stack (Copper/Fiber) IOS-XE 16.6.1 All Versions C6509E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
ASR 1002-X IOS-XE 16.3.5 IOS-XE 3.7.0
C6513E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C6807-XL (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2 ASR 1006-X (RP2) IOS-XE 16.3.5 IOS-XE 3.16.0
CAT4K Recommended O S Minimum O S
C6840-X (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2 ASR 1006-X (RP3) IOS-XE 16.3.5 IOS-XE 16.3.1
C4500-X IOS-XE 3.10E All Versions
C6880-X (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2 ASR 1009-X (RP2) IOS-XE 16.3.5 IOS-XE 3.16.0
C4500-E (SUP 7E|7LE|8LE) IOS-XE 3.10E All Versions
ASR 1009-X (RP3) IOS-XE 16.3.5 IOS-XE 16.3.1
C4507R+E (SUP 7E|7LE|8LE) IOS-XE 3.10E All Versions
C4503E (Sup 8E|9E) IOS-XE 3.10E All Versions Wireless Controllers / APs ASR 1001-HX IOS-XE 16.3.5 IOS-XE 16.3.1
C4506E (Sup 8E|9E) IOS-XE 3.10E All Versions ASR 1002-HX IOS-XE 16.3.5 IOS-XE 16.3.1
C4507R+E (Sup 8E|9E) IOS-XE 3.10E All Versions Wireless Recommended O S Minimum O S
Virtual Router Recommended O S Minimum O S
C4510R+E (Sup 8E|9E) IOS-XE 3.10E All Versions
WLC (35xx,55xx,85xx) AireOS 8.5 MR1 AireOS 8.5 MR1 CSRv WIP WIP
AP 1700 AireOS 8.5 MR1 AireOS 8.5 MR1 ISRv WIP WIP
Cisco Meraki Devices AP 1800 AireOS 8.5 MR1 AireOS 8.5 MR1 ASAv WIP WIP
AP 2700 AireOS 8.5 MR1 AireOS 8.5 MR1 vWAAS WIP WIP
AP 2800 AireOS 8.5 MR1 AireOS 8.5 MR1 ENCS 5400 WIP WIP
D evice Type Recommended O S Minimum O S ENCS 5100 WIP WIP
AP 3700 AireOS 8.5 MR1 AireOS 8.5 MR1
UCS-C220 WIP WIP
All Cisco Meraki Devices All Versions All Versions AP 3800 AireOS 8.5 MR1 AireOS 8.5 MR1
UCSE on ISR43xx WIP WIP
DNA+ITSM enable faster remediation
ITSM Ecosystem Integration The result?
• Actionable insights
Visibility into points of failure
in network • Agility for changing needs of the network
Client Metrics
Health Scores
Network Data
Proactive incident and change

management DNA ITSM Tool
Scheduling
CMDB
Correlation
Integrated IT value chain Association
across operations, services
and support Most relevant issue routed to create an ITSM
incident or change request with enriched data
Transforming network operations through actionable insights and simplicity

BRKNMS-3005 121
DNA v1.1 Essentials and Advantage (Automation)
Wireless Switching Routing
• Fabric Enabled Wireless • SD-Access • SD-WAN integration
• Sensors – Lifecycle Mgmt • Access Policy
• Virtual Network
Advantage
• SD Bonjour • SWIM: Patching Support
• EasyQoS (NBAR Based)
• Centralized and Flex • Automated Underlay • Router underlay design and

• Zero Touch WLC and AP • Non-fabric – Profile provisioning
provisioning based customizable • ENFV
• Guest with ISE
Essentials • Inventory • Integrity Verification • Neighbor topology

• Discovery • Software Update • EasyQoS (DSCP Based)
• Topology • Network Settings Update
• Search • Policy Protected CLI Template
DNA v1.1 Essentials and Advantage (Assurance)
Wireless Switching Routing
• Apple device insights • SD-Access Assurance • TBD pending SD-WAN
• Sensors • Control plane integration
• Heat maps • Data plane
• Policy plane
Advantage
• Trends • App 360
• Global issues (across multiple devices) • App performance in client/device 360s (Jitter,
• Situational dashboard loss, latency – collected from a Router)
• Client 360 • Floor Maps • Switch 360 • Router 360

• WLC 360 • Non-fabric insights • Router underlay insights
• AP 360 • ENFV • ENFV
Essentials • Landing page • 360 pages • App visibility

• Drill-down geo maps • Health score • KPIs
• Topology • Time series • Context info
• Network health • Issues (device level) • Reports
• Client health • Neighbor topology
• Search • Path Trace
DNA Assurance supports both SDA and Non-SDA
Non-SDA SDA
• Traditional WLAN, LAN, • Adds fabric assurance

and WAN (non fabric) (control-plane troubleshooting)
• Client wired and wireless • Fabric overlay
service assurance • Fabric policy monitoring
• Sensors for wireless and troubleshooting
• Application experience
• WAN nonfabric (non-SD-WAN)
• ENFV and WAAS
BRKNMS-3005 124
DNA Center in dCloud http://dcloud.cisco.com
DNA Center on DevNet http://developer.cisco.com
https://learninglabs.cisco.com/tracks/programming-dna
https://developer.cisco.com/docs/sda/#sd-access-integrations
Some References
DNA Center – BRKNMS-3005
CL Session PDF and Demo Video Download http://cs.co/BRKSDN3005
DNA Center Demo Video’s incl. Audio http://cs.co/apicemvideo
DNA Center on Facebook https://www.facebook.com/groups/apicem/

http://gblogs.cisco.com/de/category/DNA
German Blog
Center/
https://developer.cisco.com/site/DNA
DevNet and Download
Center/
DNA Center on YouTube http://cs.co/video-apicem
BRKNMS-3005 127

DNA

Uploaded by

Document Informationclick to expand document informationtechnical paper about DNA

Document Informationclick to expand document information

Copyright:

Available Formats

DNA

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DNA

Uploaded by

Copyright:

Available Formats

#CLUS

Policy Automation Analytics

Policy Automation Analytics

Source: www. pinterest.de Source: www.zeit.de

Note: Who had / has control?

PDF and all Demo Videos here:

Note: The PDF contains more detailed Slides

 Risk of broken Internet Connectivity

 Risk of LAB Failure

 Videos are available after the session

Note: I produced all demo’s myself !

That is not a TCP Session!  & not a SDA Session!

Policy Automation Analytics

“A way to reduce the

“A means to scale my fixed/mobile gateways “A way to build my own security/encryption

You can’t just buy SDN.

to embrace and life“A solution

Application Centric Infrastructure (ACI) DNA

1.2 Available now!

APIC DNA Center

APIC-EM New Name

Intent (Automation) Context (Assurance & Analytics)

Infrastructure Secure Policy Based Analytics Intent-based

Source: google.de images

In the past... Today... What really matters !!!

DNA Software Capabilities

Cloud Service Management

Proactive and predictive insights

INTENT CON TEXT DNA API standardization and

Automation and Analytics

Day 0 and Day N Supported (PnP, and Day 2 Day)

Simplification through abstraction

Open – REST API Northbound, SDK (Beta) Southbound

Policy Automation Analytics

What is DNA Center ?

There is no time to repair Return to

Source: google.de images (unknown)

 Network can not be the bottleneck

 Roll out 100s of devices in minutes

 Change configurations quick and reliable Copyright by Saskia

 Reduce complexity and keep the configuration consistent

 Know the real impact of an Incident

 Know the Root Cause

 Know the state of the network and your policies  predictability!

DNA Center Controller

Discovery, Design & Analytics,

South Bound CLI SNMP

APIs Cisco assets

Controller creates and enforces

The horse takes care of:

Transforming from CLI to automation let

Policy Automation Analytics

DNA Center appliance

You can use either the UI or the API

Operations / day to day tasks

DNA Center Overview

Download Demo Video here:

Policy Automation Analytics