Events | 08.29.2017

Network Evolution or Revolution: Reflecting on Key Announcements from Cisco Live! U.S. 2017

Now that the dust has settled on another Cisco Live! and some of the details have been filled in, it’s worth discussing where Cisco and the market at-large seem to be heading. I was fortunate to be invited to attend the Digital Network Architecture (DNA) Innovation Day and am basing this high-level commentary and what will follow in a deep-dive blog series around what was shared that day, as well as through follow-up discussions/research post-Cisco Live.

Transform your business with Cisco technology. Contact us to learn how Cisco can seamlessly integrate with existing technology.

If “The Network Intuitive”, “The New Era of Networking”, and “DNA” all sound like new marketing terms, you’ve come to the right place. Catch-phrases and references to the “Ferrari design team” aside, what did Cisco actually launch at Cisco Live?

  • DNA Center: A simplified administrative portal for one-stop network design, provisioning, application and network assurance; which interfaces with all the other components of the larger DNA solution (APIC-EM, NDP, ISE, etc.). It’s safe to say this will ultimately replace Cisco’s Prime Infrastructure.
  • Software Defined Access (SDA): The re-launch/coming out party for Campus Fabric (released last summer) with ISE TrustSec integration, which will allow organizations to rid themselves of the Spanning-Tree Protocol (STP) in the Campus while retaining the ability to extend Layer2 across the network and provide end-to-end segmentation of the network. This will also tie into Cisco’s Unified Wireless portfolio and facilitate optimal Layer2 roams over large campus environments.
  • Network Data Platform (NDP): NDP will pull streaming analytics data from the network and provide historical and real-time insight back to DNA Center for human consumption. I’m really looking forward to seeing just how much telemetry Cisco is going to be able to pull out of the network based on their hardware capabilities.
  • Catalyst 9000: A new line of campus switches, not to be confused with the data center-focused Nexus 9000s, which will eventually replace the very popular 3850/4500 product lines. These new switches are based on the 2nd generation UADP ASIC which facilitates features such as SDA, ETA.
  • Encrypted Traffic Analytics (ETA): This is really an evolutionary feature which provides signature-based identification of “known” encrypted malware over the network via enhanced NetFlow on the Catalyst 9000s with the existing StealthWatch solution (Lancope Acquisition).

According to Cisco, these are the overarching benefits of DNA:

  • Simplified network design & provisioning
  • End-to-end segmentation with policy enforcement
  • Insights and telemetry (simplified troubleshooting and event correlation)

Now, let’s examine some of these claims in more detail:

K.I.S.S.: Simplified Network Design & Provisioning

Simplicity is the ultimate form of sophistication; the best technology doesn’t necessarily equate to the best user experience. Complexity for the sake of complexity, which leads to solutions in search of problems, won’t play moving forward. As illustrated with new customer/partner advisory groups, Cisco now seems to be heavily listening to a larger group of customers and focusing on solving real problems.

While Cisco has never been known for its management platforms, there is a clear push to simplify and abstract complexity (minus Meraki). While some claim this is an attempt to Meraki-fy their enterprise solutions, I would argue this is taking things to the next level by abstracting configuration as an expression of intent.

DNA is centered around Intent Based Networking (IBNS), which may quickly become the latest marketing buzzword surpassing even SDN. IBNS allows the network designer/operator to input a very high-level desired state of the network and the system will automatically deploy the defined configuration/policies based on best practice and, more importantly, continuously validate the desired configuration state via telemetry and analytics. The promise of IBNS is a network that is dramatically easier to design, deploy, and maintain. IBNS really isn’t a new concept, but, until recently as an industry we’ve remained too focused on features and less so on “consumability” (to borrow from IBM).

Cisco’s vision as shared at Cisco Live is exactly what customers have been looking for. However, the execution of their vision will ultimately determine whether this will be another iWAN-like experience or something widely adopted by customers.

Want a certified Cisco partner to help you choose, deploy, and manage your Cisco solutions? Contact us today to learn more.

Hardware Still Matters and STP Needs to Die a Quick Death

Cisco has been touting the flexibility of their UADP ASIC for years now (Catalyst 3850/4500) and while some might argue that some of the previous use cases (Unified Access/Converged Access) weren’t successful, there’s no denying the value in the underpinnings of the ASICs programmability. SDA is a solution that solves customer problems and there is no shortage of examples of large scale campus network meltdowns due to STP running in very flat networks.

Cisco’s competitors (likely running the newly announced Broadcom T3 ASICs) will now have to play catch-up following Cisco’s lead here and release campus fabric solutions over their own based on IP tunneling mechanisms that have existed in the data center space for a while now (e.g. VXLAN). A network without full-NetFlow is like flying blind and when industry pundits imply that hardware doesn’t matter what they’re really saying is that hardware doesn’t matter if you don’t care about full visibility in your campus network. The UADP ASIC has always supported full-NetFlow vs. sampled and puts Cisco in a great position to deliver on their over-arching vision surrounding Campus Security & IBNS.

Security is Still the Hotness (Insert Flame Emoji)

It’s imperative that organizations consider security when evaluating Campus LAN futures and they should be looking to separate policy from topology (VLANs as the basis for network segmentation is a thing of the past).

TrustSec is still one of the best kept secrets at Cisco. Cisco is doubling down with TrustSec as part of their newly announced SDA campus fabric (to be covered in an upcoming blogpost). TrustSec facilitates the separation of logical user/device segmentation from the underlying topology in a manner that ensures end-to-end segmentation and can also facilitate end-to-end encryption at the network layer with MACsec (again, hardware does matter).

Each year, Cisco makes even more bold and exciting announcements than the year before and 2017 didn’t disappoint. In the coming weeks, we’ll dig deeper into more of the aforementioned topics and what they mean for network teams. If you have questions about anything discussed in this post, or how Cisco technology can improve your environment, please reach out to me at