Brkarc-3004 Apic em

Controller based policy
and network
automation - changing
the future
Markus Harbeck Consulting Systems Engineer
BRKARC-3004
CCIE #8087
CCDE #20130015
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click Join the Discussion
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
Cisco Spark spaces will be

cs.co/clus17/BRKARC-3004
available until July 3, 2017.
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
Introduction to Cisco SDN and
APIC-EM intent
TOP NEWS!
What is APIC-EM ?
APIC-EM Deployment what
you get and how to use it
Use Cases Demo time of
many Apps!
Vision, Conclusion & Summary
Q&A
Short Hint:
My English might be bad but

although sexy
Source: Henning Bornemann -Thank you for Deutsche Bahn
Who is Markus Harbeck ???
Personal:
Location: Eschborn, Germany (near Frankfurt) but lives in Bavaria
Other Interests: My family, Horse back riding, motor cycling,
Other business interests: LISP, Multicast, MPLS, IPv6, SDN
Background:
Joined CISCO October 2010 mharbeck@cisco.com
Before; 12 years, operations, engineering, application engineering at Lufthansa
Systems
Drives APIC-EM, Automation and Analytics in EMEAR
LISP innovations first customer projects in Germany
Owner and Head of the Network Innovation Summit http://cs.co/NIS2015
CCIE #8087
Current Projects: CCDE #20130015
APIC-EM, DNA Center
Copyright by Saskia
Copyright by Hanna
Analytics, Assurance
Network Transformation
Copyright by Hanna
Network Automation
LISP
My Kids view on
Network Design
Copyright by Saskia
For Your
How to get the PDF and Video ? Reference
PDF and all Demo Videos here:

http://cs.co/BRKARC3004
Or PDF:
http://www.ciscolive.com/online
Note: The PDF contains all detailed Slides

from the Demos for your reference !!!
Why Video Demos
Risk of broken Internet Connectivity
Risk of LAB Failure
Videos are available after the session

FOR YOU !
Note: I produced all demos myself !
Source: http://www.mysweety.eu
This session concentrates on Base Automation Software
Defined Access will be coverd in several Cisco Live Session
Disclaimer: Many of the products and features described herein remain in varying
stages of development and will be offered on a when-and-if-available basis. This
roadmap is subject to change at the sole discretion of Cisco, and Cisco will have
no liability for delay in the delivery or failure to deliver any of the products or
features set forth in this document.
Introduction to Cisco
SDN and
APIC-EM intent
SDN Still Dont kNow Stanford Defined Networking
The Promise of OF/SDN had been Decoupling Policy from Configuration
An open solution for customized flow A platform for With SDN I can develop solutions to my problems far faster
Physical
forwarding control in the Data-Center developing new control planes
Managing the Whitebox routing
at software speeds. I dont have to work with my network
vendor or go through length standardization
separation of the
A way to reduce and switching
CAPEX of my network
control andcommodity network through
A way to avoid lock-in to a
single networking vendor
and leverage A means to do traffic engineering without
data plane switches abstractions MPLS
An open solution for VM mobility in A solution to build a very large scale layer-2
the Data-Center network
ve
A means to scale my fixed/mobile gateways
Packet and
Running
A way to build my own security/encryption
solution, avoiding RSA
A way to define virtual networks with specific
forwarding
optimize their placement on
A solution to build virtual topologies with topologies for my multi-tenant Data-Center
networks in agile
x86 compute
optimum multicast forwarding behavior
You cant just buy SDN. DEV-OPS model
A way to scale my firewalls
A way to configure my entire network as and loadbalancers
Its an architecture
A way to distribute policy/intent, e.g. for DDoS
prevention, in the network a whole rather than individual which
devices you
have to embrace andAlife
A way to optimize link utilization in my network, through
new multi-path algorithms
solution to get a global view of the
network topology and state
Cisco Rewriting the Networking Playbook
Traditional Network Digital-Ready Network
Hardware Centric Software Driven
Manual Automated
Siloed Security Integrated Security
Network Monitoring Analytics and Insights
You Need a Network that Drives your Digital Business

Network Automation to reduce cost and remove
manual errors
Design to Provision
Scripting Network deployment
Simple scripts to automate driven by standardized
config push and feature CLI network design
Automated
Deployment
with Integrated
Compliance
Manual
Network
Deployment
and Ops
ITSM Integration
Plug and Play
Integration with NOC Tools and
Zero Touch deployment
ITSM (Change Management
for Day 0 Network
and CMDB)
deployment
What is brand new?
DNA Center (APIC-EM 2.x)
Built-in expertise to manage and deploy end-to-end network
services with a central management (July 2017)
Network Data Platform for Assurance

Analytics collects data from users, devices, and applications and
uses machine learning to proactively identify problems (Nov 2017)
Software-Defined Access
Dynamically adapt to changing needs with policy-based
management of the network fabric (Jul 2017)
Enhanced Network as a Sensor

Uncover threats hidden in encrypted traffic without
decryption (Sept 2017)
Catalyst 9000 Series Switches

First infrastructure devices purposely designed for DNA
9500 (Jun 2017), 9400 (August 2017), 9300 (June 2017)
Software Subscription Licensing | DNA Advisory, Technical, Support Services
APIC
Application Policy Infrastructure Controller
Application Centric Infrastructure (ACI) User Centric Infrastructure
APIC
(DC) EM
Data Center Enterprise Module
(Nexus 9000) (Catalyst, ISR, ASR, WLAN,
Nexus 7k*, 5k*, NfV*)
*limited support
Common Policy Model from Branch to Data Center
POLICY
DATA CENTER WAN AND ACCESS
Application Network Flow Profile User and Things Network Profile

SLA, Security, QoS, Load Balancing QoS, Security, SLA, Device, Location, Role
Cloud Data Center WAN Access
CISCO ADVANTAGE
BROWNFIELD AND POLICY FRAMEWORK: FOCUS ON
END TO END
GREENFIELD APPLICATION AND USER ENABLEMENT
What is APIC-EM ?
Do you know or recognize your Network ?
1.x 2.x
Copyright by Saskia
the view from my

6 year old daughter !
the view from my

4 year old daughter !
Copyright by Saskia
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
1.x
The challenges !
Copyright by Saskia
Simplify your network
Automate your network deployment and RMA
Keep the configuration consistent Copyright by Saskia
Dynamic Policies where necessary
Control network traffic and optimize it
Interface with the User and Application (UCI and ACI)
Quickly react on events like Intrusion detection, collaboration events etc
APIC-EM similarity to Smartphone
The APIC-EM has:
A strong base platform for SDN use cases
It has build in Apps (eg QoS, ACL, Policy

etc)
It offers an API to be used by ISV & Apps

can be developed by many
One App example Jabber / Unified

communication integration
APIC-EM - Platform Architecture
APIC-EM Network PnP IWAN Path Trace Network Inventory APIC-EM
Applications Advanced Topology Visualizer Easy static and dynamic QoS Applications
APIC-EM Controller
Northbound REST APIs
Inventory
RBAC Policy Analysis Policy (QoS)
APIC-EM Manager
APIC-EM
Services Services
Topology Data Access IWAN
Network PnP
Services Service Services
South Bound CLI SNMP

Netconf* RESTconf*
Abstraction (SSH, Telnet) v2c, v3
Addresses
Scale Out
Grapevine Elastic Service Infrastructure
and HA
Requirements
Note: Services and Apps listed are an extract BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Controller in Action !
Controller creates and enforces Policies:

The WHAT
The horse takes care of:

The HOW
Source: http://www.mysweety.eu
Abstraction
Do You
Think
know Tic
outside O X O
Tac Toe?
O X O
X O X The Box
X BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
DNA Center: Design, Policy, Provision, Assurance
A better way to manage your network
DNA-Center = App on APIC-EM 2.x

Logical workflow to design, Monitor end-to-end Pinpoint problems faster Manage hardware and
provision, set policy network performance Reduce downtime with an software lifecycles
Respond to changes faster Predict and act on problems end-to-end view instead of Keep up to date, meet
before they happen hop by hop compliance and plan for refresh
DNA Center: Design, provision,

automate policy and assure
services from one place
DNA Solution DNA Center
Cisco Enterprise Portfolio Simple Workflows
DESIGN PROVISION POLICY ASSURANCE
DNA Center
Identity Services Engine APIC-EM Network Data Platform

2.x
Routers Switches Wireless Controllers Wireless APs
DNA Themes
Global Settings Virtual Networks Network Profiles

Site Hierarchy ISE, AAA, Radius Fabric Domains
Network Profiles Endpoint Groups PnP
SWIM Group Policies
DNA : Driving Network Transformation
Access and Application Policy delivered over
Secure Fabric based extension of

a fabric network
Predictive analytics and closed loop
Policy and Assurance automation
ITSM integration and cost management
DNA is the System of Truth
Policy intent based Control and Best-practice application policy deployed on

greenfield/brownfield networks
Assurance Network Data Platform based performance
analytics
Network is the System of Truth
Bespoke Management and Automation of Device Onboarding, Software

Updates, Custom Configuration etc.
Network Monitoring, Device Health and
Monitoring Performance
APIC-EM
Deployment what
you get and how to
use it
APIC-EM 5 step installation
Physical Appliance or Virtual Downloadable ISO Image
.ISO for virtual OS: Ubuntu 14.04 64-bit
Pre-installed Deployment Options:
APIC-EM software Bare-metal install
APIC-EM Appliance SKUs: (recommended)
APIC-EM-APL-R-K9 Virtual machine
APIC-EM-APL-G-K9
Enter IP Change Add NTP Finalize

Boot .iso
address Credentials Server Installation
Enter APIC-EM Shell and UI Enter NTP Finalize
IP Username and Server IP installation and
(Subnet / Def GW (mandatory!)
learned PWD plus CCO bring up
automatically) login for update controller
*Single Wizard for DNA-C, ISE and NDP

APIC-EM
High-Availability (HA) Design
APIC-EM Cluster
Software
Type HW HA
HA
Node 1
IP Addr1 Single Node
No No
(only Node1)
Virtual IP
Node 2 Address
2 Nodes
IP Addr2 Yes No
(Node 1+2)
Node 3 3 Nodes
IP Addr3 (Node Yes Yes
1+2+3)
Note: A Node is a physical server or a virtual machine
where APIC-EM is installed.
APIC-EM communication
APIC-EM Cluster Cisco Cloud,

DNS NTP NTP,
Node 1 DNS, etc.
IP Addr1
REST APIs and

Virtual IP
Node 2 Address APIC-EM UI
IP Addr2
Node 3 Network
IP Addr3 Devices
Note: For the actual releases, all the nodes in the APIC-EM cluster need to be in the same subnet
50k+ Devices*
300k+ Hosts
APIC-EM Scalability 20k Devices*

100k Hosts
LAN/WAN/WLAN
LAN/WAN/WLAN
Note: No change in HW requirements!
16k Devices*
80k Hosts
LAN/WAN/WLAN
8k Devices*
40k Hosts
LAN/WAN/WLAN
4k Devices*
20k Hosts
LAN/WAN/
1k Devices* WLAN
5k Hosts
LAN/WAN/
100 Devices* WLAN
100 Hosts
LAN/WAN
1.0
PoC CA (GA) 1.1 1.2 1.3 X
Nov 14 Jul 15 Nov 14 Oct 15 Feb 16 Oct 16 Future
APIC-EM
Some Useful hints !!!
Graceful full Cluster
Shutdown / Start
sudo /home/grapevine/bin/harvest_all_clients
sudo shutdown -h now
Start Single Node or Node of Multihost Cluster (only one - last powered down), when
started Enable Grapevine:
$ grape config update enable_policy true
Graceful Cluster Node
Shutdown
1. grape host display get host_id
2. grape host evacuate <host_id>
3. grape host display shows

enabled = false
sudo shutdown h now
BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Restart Controller Node
1. grape host enable <host_id>
is the same as the one from the
shutdown !
2. Wait until Controller is up
3. grape host display shows

enabled = true
Root Cause Analysis rca
Collects important:
log files
configuration files
output of various commands
Creates a compressed tarball
containing the above information
which can be sent to developers for <snip>
further debugging and analysis
Can be sent to support team!
Note: same as show tech-support
Lets start APIC-EM & Abstraction
Deployed Lets have a break ?
In English:
One (1) Two (2) Three (3) Four (4)
In German:
Uan(1) Tu (2) Sri (3) For (4)
They abstract and

understand!
Or ready for the a Demo ?

Demo Time !
APIC-EM 2.x
Overview
Download Demo Video here: http://cs.co/BRKARC3004

Brief excurse into
the REST API
and
programmability
RESTful services exposed
API: VERBS + NOUNS + Syntax
GET JSON Syntax:

/host
{
"policyOwner": "Admin",
POST /link "networkUser":
{"userIdentifiers":["40.0.0.15"],
/network-device "applications":[{"raw": "12340;UDP"}]
PUT
}
}
/interface Header: Content-Type: Application/JSON
DELETE
https://fra-apicem1.cisco.com/api/v1/network-device GET/POST
Demo Time !
REST API

Demo Time !
App: Command Runner

Use Cases
Demo It!
Network Plug and Play (PnP)
Deployment
Device receives target
image and configuration
2
Discovery
Device can reach
PnP Server on APIC-EM
1
No Staging
Routers (ISR, ASR)
No Staging Required
PnP Runs from Cisco
Switches (Catalyst) Wireless Access Points
Factory-Default Configuration
Network Plug and Play (PnP) Components
PnP Agent PnP Protocol APIC-EM (pnpserver)
Embedded in IOS / AirOS Runs between Service in APIC-EM
Requests for IP and APIC-EM Address Agent and Manages sites, devices,
Authenticates APIC-EM images, licenses, workflow
Creats a PnP Profile Provides Northbound REST
Opens on http APIs
Operates on https / tcp !
Secure and reliable
Routers Switches Wireless

(ISR, ASR) (Catalyst) Access Points
PnP Discovery Options
DHCP DHCP with options 60 and 43
1 Server PnP string: 5A1D;B2;K4;I172.19.45.222;J80
Wireless Access Points DNS DNS lookup

2 Server pnpserver.localdomain ---- 172.19.45.222 (PnP Server)
Cloud re-direction - roadmap (Q4CY2016)

Routers (ISR, ASR)
3 https://devicehelper.cisco.com/device-helper re-directs to 172.19.45.22
(PnP Server)
4 USB-based bootstrapping
Switches (Catalyst)
Manual - using the Cisco Installer App
5 iPhone, iPad, Android, (roadmap - Windows mobile and PC)
Others
X
Any other manual or automated discovery method Scripting, AN, EEM, NAP, etc.
Network-PnP Connect Redirection Service
Device SR# Device SR#
Smart
Account DB
Supply-Chain PnP Connect
Customer DB Redirection Service
Wheres my
PnP Server?
CISCO Customer Order APIC-EM Registers IP
Address w/ Cloud
CUSTOMER APIC-EM IP
Cisco Commerce Workspace
PnP Protocol
PnP-Agent PnP-Agent APIC EM

Controller
Download
Image & Config
Customer
Or Partner
Demo Time !
Secure NG PnP Demo

SMI Proxy for old IOS PnP
Distribution Switch SMI Proxy
conf t
ip dhcp pool pnp-smi-301
network 172.20.2.192 255.255.255.248
default-router 172.20.2.193
option 66 ip 172.20.2.55
dns-server 172.16.0.12 172.16.0.13
domain-name
option 43 ascii "5A1D;B2apic.fra-lab.net ;K4;I172.20.2.43;J80
vstack vlan 301

vstack startup-vlan 301
vstack proxy interface Vlan301 startup-vlan 301 pnp-profile pnp-zero-touch
pnp profile pnp-zero-touch

transport https host 172.20.2.43 port 443
pnp startup-vlan 301
Distribution
SMI Proxy Distribution with SMI Proxy (vstack configuration)
15.2.E4
VLAN301
C2960X Switch with non PnP image eg. 15.0 (<15.2)

IOS 15.0(2)EX4
Our Rabbit Kuckie at break
Exhausted ?
You need a break ?
We still have cool
things to see!
And yes he sleeps
only ! And abstracts
in his dreams
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
How to import many devices ? PnP API
1
2 /file/config
/pnp-project /file/image
3
/pnp-project/{project-id}/device
Demo Time !
Import Devices in PnP

using REST

Demo Time !
PnP for RMA

(device replacement)

Demo Time !
Path Trace

Do you know all details?
Wireless AP ASR/ISRs Wireless AP

Trust Boundary MQC Trust Boundary
PEP Catalyst 4500 Nexus 7700 PEP
4Q (WMM) 1P7Q1T F3: 1P7Q1T 4Q (WMM)
Catalyst 3650 Catalyst 6500 WLC Catalyst 2960-X

Trust Boundary
PEP
Please Abstract !
1P3Q4T
1P7Q4T
PEP Trust Boundary
PEP
2P6Q3T 2P6Q4T 1P3Q3T

Solicit Application Business-Relevance
Relevant Default Irrelevant

These applications are known
These applications directly These applications may/may not
and do not directly support any
supports business objectives support business objectives
business objectives; this class
Applications should be classified E.g. HTTP/HTTPS includes all personal/consumer
and marked according to RFC applications
Alternatively, administrator may not
4594-based rules
know the application (or how its Applications in this class should
being used in the org) be marked CS1 and provisioned
Applications in this class should be with a less-than-best-effort
marked DF and provisioned with a service , per (RFC 3662)
default best-effort service (RFC
2474)
CVD: http://www.cisco.com/c/en/us/td/docs/solutions/CVD/Mar2017/APIC-EM-EasyQoS-DesignGuide.html
Or short link: http://cs.co/apicem14easyqos
EasyQoS Solution
Applications can interact with APIC-EM via Northbound
APIs, informing the network of application-specific and
dynamic QoS requirements
Network Operators express high-level

business-intent to APIC-EM EasyQoS
Southbound APIs translate

business-intent to platform-
specific configurations
Wireless AP ASR/ISRs Wireless AP

Trust Boundary MQC Trust Boundary
PEP Catalyst 4500 Nexus 7700 PEP
4Q (WMM) 1P7Q1T F3: 1P7Q1T 4Q (WMM)
Catalyst 3650 Catalyst 6500 WLC Catalyst 2960-X

Trust Boundary 1P3Q4T PEP Trust Boundary
PEP 1P7Q4T PEP
2P6Q3T 2P6Q4T 1P3Q3T
What Do We Do Under-the-Hood?
Apply RFC 4594-based Marking / Queuing / Dropping Treatments
Application Per-Hop Queuing & Application

Class Behavior Dropping Examples
VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)
Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV
Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Relevant Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE
Signaling CS3 BW Queue SCCP, SIP, H.323
Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Default Best Effort DF Default Queue + RED Default Class
Irrelevant Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live
Demo Time !
Easy QoS

How Will it Work in the Network?
Provisioning End-to-End DSCP-Based Queuing
What happens if you get a new Application ?
Example: QoS Video Classification Enables Enterprise Wide Jabber
APIC-EM Easy-QoS
1. Define new Application

Qo 2. Update QoS
Jabber Video S Policy
3. Push Updated QoS Policy to Network Devices
4. Deploy Jabber Video

Client BRKARC-3004 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Demo Time !
Dynamic QoS / Jabber

How Will Dynamic QoS Work? Part 1a
Provision Edge Marking Policies
The administrator enters strategic business Intent to APIC-EM
APIC-EM deploys:
a) static (ingress) ACL-based classification & DSCP-marking policies
with null ACL entries for VOICE and VIDEO
ip access-list extended VOICE
ip access-list extended VIDEO EM
ip access-list extended BULK-DATA
permit tcp any any eq ftp
permit tcp any any eq ftp-data

class-map match-all VOICE
match access-group name VOICE
class-map match-all VIDEO
match access-group name VIDEO
class-map match-all BULK-DATA
match access-group name BULK-DATA

policy-map APIC-EM-INGRESS-MARKING
class VOICE
set dscp ef
class VIDEO
set dscp af41
class BULK-DATA
set dscp af11 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
APIC-EM DynQoS - Part 1b
Once the administrator has entered strategic business Intent to APIC-EM
APIC-EM deploys:
a) static (ingress) ACL-based classification & DSCP marking policies
b) static (ingress and egress) DSCP-based queuing policies on all switches
class-map match-all VOICE-PQ1

match dscp ef EM
class-map match-all VIDEO-PQ2
match dscp af41
class-map match-any BULK-DATA-QUEUE
match dscp af11 af12 af13

policy-map APIC-EM-2P6Q3T
class VOICE-PQ1
priority level 1
class VIDEO-PQ2
priority level 2
class BULK-DATA-QUEUE
bandwidth remaining percent 5
queue-buffers ratio 10
queue-limit dscp values af13 percent 80
How Will Dynamic QoS Work?
Classify and Mark a Proceeding Call
CUCM signals APIC-EM of a proceeding call
APIC-EM deploys a dynamic ACL update for voice and/or video
to all ports on the switch (or switch module)
EM
permit udp host 10.1.1.1 eq 18578 host 10.2.2.2 eq 17333
ip access-list extended VIDEO

ip access-list extended VIDEO
APIC-EM-CUCM API Details
Once CUCM knows media addresses and ports it informs APIC-EM via
POST to /api/v0/fms/flow:
{"srcIPAddress":"10.1.1.1","dstIPAddress":10.2.2.2","srcPort":31999,"dstPort":21141,"media
Type":"video","qosClassName":"conversational.video.avconf.aq", "averageBandwidth":0,
"peakBandwidth":0,"appid":"CUCM","codec":"H.264}
APIC-EM responds under normal conditions with a flow ID:

{"response":{"data":"success","flowId":"bc8727b7-76d0-4bac-94b9-
fa6b76a1a803"},"version":"0.0"}
And it proceeds to set up QoS marking for the flow on the relevant network devices
When the call is over, CUCM tells APIC-EM via DELETE to
/api/v0/fms/flow/bc8727b7-76d0-4bac-94b9-fa6b76a1a803
And APIC-EM removes the marking from the network devices
Cisco Active Advisor App
CAA- Life Cycle Management
Personalized Advisor Info on:

End-of-life & End-of-support dates
Security Advisories (PSIRTs) based on PID and OS
Demo Time !
Cisco Active Advisor

Vision,
Conclusion
&
Summary
Open Interfaces and Integrations
Flexibility Accessibility Expansibility
Platform extensibility for building API and Data Models across multiple Integrations with complimentary
custom apps stages in DNA Stack platforms *
Firehose * Cisco Assets
Graph API
Industry
Connectors Contextual Search Integrations
*roadmap post FCS

DNA Automation Whats New
Existing Approach DNA Approach
Built Using Scripts Integrated Workflows
Design tools generate CLI Config for manual Network Design via Profile Integrated
deployment Deployment
Separate tool for different functions One Tool to Manage the Network
Software Update is Manual and Proactive and Consistent Software and

Reactive Patching
Consistent API across Network Platforms

API automation via CLI via REST
The Network that Scales for the Digital Business

How we get to an SDN controlled network!
Do you remember? Business Intelligent
2.x 1.x 1.x
Copyright by Saskia
2.x Copyright by Hanna
Copyright by Saskia Copyright by Hanna
Transition !
With APIC-EM much better control !
1.x
Copyright by Hanna
my 8 year old
2.x my 6 yeardaughter!
old daughter!
Copyright by Hanna
1.x 2.x
The answer!
Copyright by Hanna
Simplification because of abstraction
Copyright by Hanna
Automation done by NG PnP incl. RMA
Consistency enforced by policies
Dynamic Policies enforcement follow the network
Traffic to be controlled and directed in the network eg iWAN
Interfacing to APIC-DC and your App using REST
Events trigger controller actions
APIC-EM in dCloud http://dcloud.cisco.com
APIC-EM on DevNet http://developer.cisco.com
https://developer.cisco.com/site/apic-em/docs/resources/sandbox/
https://learninglabs.cisco.com/tracks/apic-em-prog
Some References
APIC-EM BRKARC-3004
CL Session PDF and Demo Video Download http://cs.co/BRKARC3004
APIC-EM Demo Videos incl. Audio http://cs.co/apicemvideo
APIC-EM on Facebook https://www.facebook.com/groups/apicem/
German Blog http://gblogs.cisco.com/de/category/apic-em/
DevNet and Download https://developer.cisco.com/site/apic-em/
APIC-EM on YouTube http://cs.co/video-apicem
My Call to action !
1. Get engaged personally with APIC-EM

(using Devnet Sandbox and dCLoud LAB)
2. Download and test APIC-EM the code is available on CCO and DevNet
3. Take one use case and implement
4. Provide Feedback to the BU and/or me about APIC-EM Capabilities, whishes,

things you miss !
Complete Your Online
Session Evaluation
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 gift card.
Complete your session surveys
through the Cisco Live mobile
app or on www.CiscoLive.com/us.
Dont forget: Cisco Live sessions will be

available for viewing on demand after the
event at www.CiscoLive.com/Online.
Continue Your Education
Demos in the Cisco campus
Walk-in Self-Paced Labs
Lunch & Learn
Meet the Engineer 1:1 meetings
Related sessions
Thank you
R&S Related Cisco Education Offerings
Course Description Cisco Certification
CCIE R&S Advanced Workshops (CIERS-1 & Expert level trainings including: instructor led workshops, self CCIE Routing & Switching
CIERS-2) plus assessments, practice labs and CCIE Lab Builder to prepare candidates
Self Assessments, Workbooks & Labs for the CCIE R&S practical exam.
Implementing Cisco IP Routing v2.0 Professional level instructor led trainings to prepare candidates for the CCNP Routing & Switching
Implementing Cisco IP Switched CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in
Networks V2.0 self study eLearning formats with Cisco Learning Labs.
Troubleshooting and Maintaining
Cisco IP Networks v2.0
Interconnecting Cisco Networking Devices: Configure, implement and troubleshoot local and wide-area IPv4 and IPv6 CCNA Routing & Switching
Part 2 (or combined) networks. Also available in self study eLearning format with Cisco Learning
Lab.
Interconnecting Cisco Networking Devices: Installation, configuration, and basic support of a branch network. Also CCENT Routing & Switching
Part 1 available in self study eLearning format with Cisco Learning Lab.
For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth
Design Cisco Education Offerings
Designing Cisco Network Service Architectures Provides learner with the ability to perform conceptual, intermediate, and CCDP (Design Professional)
(ARCH) Version 3.0 detailed design of a network infrastructure that supports desired capacity,
performance, availability required for converged Enterprise network (Available Now)
services and applications.
Designing for Cisco Internetwork Solutions Instructor led training focused on fundamental design methodologies used CCDA (Design Associate)
(DESGN) Version 3.0 to determine requirements for network performance, security, voice, and
wireless solutions. Prepares candidates for the CCDA certification exam. (Available Now)

Network Programmability Cisco Education Offerings
Developing with Cisco Network Programmability Provides Application Developers with comprehensive curriculum to Cisco Network Programmability
(NPDEV) develop infrastructure programming skills; Developer (NPDEV) Specialist
Addresses needs of software engineers who automate network Certification
infrastructure and/or utilize APIs and toolkits to interface with SDN
controllers and individual devices
Designing and Implementing Cisco Network Provides network engineers with comprehensive soup-to-nuts curriculum Cisco Network Programmability
Programmability (NPDESI) to develop and validate automation and programming skills; Design and Implementation
Directly addresses the evolving role of network engineers towards more (NPDESI) Specialist Certification
programmability, automation and orchestration
Programming for Network Engineers (PRNE) Learn the fundamentals of Python programming within the context of Recommended pre-requisite for
performing functions relevant to network engineers. Use Network NPDESI and NPDEV Specialist
Programming to simplify or automate tasks Certifications
Cisco Digital Network Architecture This training provides students with the guiding principles and core None
Implementation Essentials (DNAIE) elements of Ciscos Digital Network Architecture (DNA) architecture and its
solution components including; APIC-EM, NFV, Analytics, Security and
Fabric.

Data and Analytics Cisco Education Offerings
Course Description
ANDMB Data Management, Architecture and Applications Provides hands on training with a technical mix of application, compute, storage and
networking topics concerning the deployment of Big Data clusters.
ANDMA Advanced Data Management, Architecture and Covers major architecture design to cater to different needs of the application, data center or
Applications deployment requirements. It provides architectural designs and advanced hands-on training on
topics covering Scaling of cluster to thousands of nodes and management, Data Life Cycle
management with HDFS tiered storage, and different approaches for Multi-tenant Hadoop
cluster deployments with Openstack
ANCISB Basic Course in Data Virtualization based on Cisco Hands-on accelerated training on installing and developing with Cisco Information Server
Information Server Application Data Services. It provides technical guidance to engineers who will be performing
complex integration activities.
ANCISV Advanced Course in Data Virtualization based on Recommended course for administrators who need to understand how Cisco Information
Cisco Information Server Server fits into their environment and the types of administration tasks typically required by the
product.
ANCISM Administration Course in Data Virtualization based Course is for candidates who are familiar with Cisco Data Virtualization basics and want to
on Cisco Information Server focus on advanced Cisco Information Server features.
Data and Analytics training page: http://www.cisco.com/c/en/us/training-events/resources/learning-services/technology/data-analytics.html


Brkarc-3004 Apic em

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Brkarc-3004 Apic em

Загружено:

Авторское право:

Доступные форматы

Controller based policy

Cisco Spark spaces will be

My English might be bad but

PDF and all Demo Videos here:

Note: The PDF contains all detailed Slides

Risk of LAB Failure

Videos are available after the session

Hardware Centric Software Driven

Siloed Security Integrated Security

Network Monitoring Analytics and Insights

You Need a Network that Drives your Digital Business

Network Data Platform for Assurance

Enhanced Network as a Sensor

Catalyst 9000 Series Switches

Software Subscription Licensing | DNA Advisory, Technical, Support Services

DATA CENTER WAN AND ACCESS

Application Network Flow Profile User and Things Network Profile

Cloud Data Center WAN Access

the view from my

the view from my

Automate your network deployment and RMA

Keep the configuration consistent Copyright by Saskia

Dynamic Policies where necessary

Control network traffic and optimize it

Interface with the User and Application (UCI and ACI)

Quickly react on events like Intrusion detection, collaboration events etc

A strong base platform for SDN use cases

It has build in Apps (eg QoS, ACL, Policy

It offers an API to be used by ISV & Apps

One App example Jabber / Unified

South Bound CLI SNMP

Controller creates and enforces Policies:

The horse takes care of:

DNA-Center = App on APIC-EM 2.x

DNA Center: Design, provision,

DESIGN PROVISION POLICY ASSURANCE

Identity Services Engine APIC-EM Network Data Platform

Routers Switches Wireless Controllers Wireless APs

Global Settings Virtual Networks Network Profiles

Secure Fabric based extension of

DNA is the System of Truth

Policy intent based Control and Best-practice application policy deployed on

Network is the System of Truth

Bespoke Management and Automation of Device Onboarding, Software

Enter IP Change Add NTP Finalize

*Single Wizard for DNA-C, ISE and NDP

APIC-EM Cluster Cisco Cloud,

REST APIs and

APIC-EM Scalability 20k Devices*

Nov 14 Jul 15 Nov 14 Oct 15 Feb 16 Oct 16 Future

sudo shutdown -h now

1. grape host display get host_id

2. grape host evacuate <host_id>

3. grape host display shows

2. Wait until Controller is up

3. grape host display shows

Note: same as show tech-support

They abstract and

Or ready for the a Demo ?

Download Demo Video here: http://cs.co/BRKARC3004

GET JSON Syntax:

Download Demo Video here: http://cs.co/BRKARC3004

App: Command Runner