Cisco DNA Center

Policy Automation Analytics

Cisco DNA Center

From 0 to 100 How to get the network
up and running from scratch
Markus Harbeck – Consulting Systems Engineer
@mhgrisu
BRKNMS-2426
CCIE #8087
CCDE #20130015
#CLUS
Agenda
• Warmup Cisco SDN and
Cisco DNA Center
• TOP NEWS!
• What is Cisco DNA Center?
• Get started Deployment – what you get and
how to use it
• Apps in action Demo time of many Apps!
• Vision, Conclusion & Summary
• Q&A

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session

How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#BRKNMS-2426

by the speaker until June 16, 2019.

#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
 Cisco DNA Center

Policy Automation Analytics

Short Hint:
“My English might be bad
but although sexy”
Source: Henning Bornemann –
“Thank you for Deutsche Bahn”

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Let the journey begin Hi my name is
Linda.
Hi my name is
Gregg.

Linda and Gregg

want to start a new
Network Project
with
Cisco DNA Center

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Transforming from CLI to automation let you focus on
“what really matters”
Mobility in the past Mobility with cars
Autonomous driving
Horse drawn today

Source: www. pinterest.de Source: www.zeit.de

Source: www.welt.de

Note: Who had / has control?

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
 Who is Markus Harbeck ???
Personal:
 Location: Eschborn, Germany (near Frankfurt) but lives in Bavaria
 Other Interests: My family, 2 kids, Horse back riding, motor
cycling

My Background:
 CLI Junkie since 1996 for all Routing and Switching
 Joined CISCO October 2010
 Before; 12 years, operations, engineering, application
engineering at Lufthansa Systems
 Drives Cisco DNA Center, Automation and Analytics in EMEAR
and loops in the development team and Business Unit
 Book Author – Cisco DNA Assurance 2018

Current Projects:
 Cisco DNA Center since day1 in 2014

Copyright by Hanna
 Analytics, Assurance
 Network Transformation
 Network Automation
 SDA,
My Kids ITSM
view on Cisco DNA Center and
Network Design
Copyright by Saskia
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
 For Your
How to get the PDF and Video ? Reference

PDF and all Demo Videos here:

Link to BRKNMS-2426
Or PDF:
http://www.ciscolive.com/online

Note: The PDF contains more detailed Slides

& the Demo’s for your reference !!!
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
 Session expectations
Technical Level
High Level

Low Level t
Session progress

That is not a TCP Session!  & not a SDA Session!

We will work from the “INTENT”, which is high level down to the
“HOW” which is low level!

Note: TCP Slow Start is part of the congestion control algorithms put in place by
TCP to help control the amount of data flowing through to a network.
Source: https://www.keycdn.com/support/tcp-slow-start/

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
 Cisco DNA Center

Policy Automation Analytics

Warm Up:
Introduction to
Cisco SDN and
Cisco DNA Center
The Network. Intuitive
LEARNING
Informed
Cisco DNA Center by Context
Visibility into traffic
and threat patterns
Who, What, When,
Policy Automation Analytics
Where, How

INTENT CONTEXT
Powered Intent-based
by Intent Network Infrastructure
Translate Business Intent
to Network Policy
Automate the management
and provisioning millions of
devices instantly

SECURITY

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
 Cisco SDN Domain specific Controller‘s
Data Center Enterprise
REST API REST API

Application Centric Infrastructure (ACI) Cisco DNA

APIC

Cisco DNA Center

1.3.0 Available now!

APIC Cisco DNA Center

(for Data Center) (formerly APIC-EM)
(Nexus 9000) (Catalyst, ISR, ASR, WLAN,
Nexus 7k, NfV, vManage, Meraki)

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
 What is network about?

Security Source: google.de images

Cloud
Video

IOT
Voice Mobility

Data

Source: google.de images

In the past... Today... What really matters !!!

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
The Layers
Increased
IT Agility

Platforms

Systems

Products

Automation Analytics & Assurance

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
 Cisco DNA Center Focus Areas
Network and security
LEARNING Automation services automation aligned
with the IT Process

Proactive and predictive insights

Analytics to assure service experience

INTENT CON TEXT Cisco DNA API standardization and

Center monetization for app dev and
programmability
Platform

Automation and Analytics

Cross
Integration with offers from
Domain Edge to Cloud including
Security
SECURITY
Cisco DNA Cloud and hybrid
Center deployment of Cisco DNA-C
Cloud to address different markets

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
All manual – is that
super cool, still?

BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Before and after – was that all?
1990s Today

hq>enable
hq# config terminal
hq(config)# interface fastethernet 1/1
hq(config-if)# ip address Catalyst>enable Catalyst(config)# router eigrp Test1
1.1.1.1 255.255.255.0 Catalyst# config terminal Catalyst(config)# interface
hq(config-if)# no shutdown Catalyst(config)# interface Te 1/1
hq(config-if)# exit Gigabitethernet 1/1/1 Catalyst(config-if)# ip router
hq(config)# router eigrp Catalyst(config-if)# no switchport eigrp Test1
hq(config-router)# network 1.1.1.0 Catalyst(config-if)# ip address Catalyst(config-if)# no shutdown
hq(config-router)# exit 1.1.1.1 255.255.255.0 Catalyst(config-if)# end
hq(config)# exit Catalyst(config-if)# no shutdown Catalyst# copy run start
hq# copy run start Catalyst(config-if)# exit

28 Years!

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Top 5 advantages
Cisco DNA Center
Cisco DNA Center supports Brownfield

Day 0 and Day N Supported (PnP, and Day 2 Day)

Simplification through abstraction

Open – REST API Northbound, SDK Southbound

Combines Automation and Assurance or in other words:
INTENT and CONTEXT

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
 Cisco DNA Center

Policy Automation Analytics

What is
Cisco DNA Center ?
Do you know this?

There is no time to repair Return to

the fence... PROACTIVE
...because we always have network
to catch the chicken!
operations

Source: google.de images (unknown)

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
The challenges for the Network Operations!
1.x
 Simplification

 Network can not be the bottleneck

 Roll out 100s of devices in minutes

 Change configurations quick and reliable Copyright by Saskia

 Reduce complexity and keep the configuration consistent

 Know the real impact of an Incident I need many

thinks to
 Know the Root Cause happen!!!

 Know the state of the network and your policies  predictability!

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Cisco DNA Center - Platform Architecture
INTENT: Design – Provision – Policy – Assurance Cisco DNA
Cisco DNA Center
Center
Applications PNP Template Topology Device 360 Client 360 Applications

Cisco DNA Center Controller

Northbound REST APIs

Discovery, Design & Analytics,

Topology Cisco DNA
Cisco DNA Center Inventory Provision Assurance
Center
Services Template Policy, Image Path Trace, Services
Telemetry
Manager Repository Context

South Bound CLI SNMP

Netconf SDK
Abstraction (SSH, Telnet) v2c, v3

Addresses
Scale Out
Maglev Elastic Service Infrastructure
and HA
Requirement
Note: Services and Apps listed are an extract s
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Cisco DNA Center - open and extensible
Extensions Integrations Enablement
Extension points across Integration with Enablement for
automation and analytics complementary platforms developer community

APIs Cisco assets

ACI Meraki Tetration
SDK
Cisco DNAC
Connectors Industry integrations Platform

Firehose

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Controller in Action !
Controller creates and enforces
Policies & Events:
The “WHAT”  Intent

The horse takes care of:

The “HOW”

Transforming from CLI to automation let

you focus on “what really matters”
Source: http://www.mysweety.eu

#CLUS BRKNMS-2426
Abstraction
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
 Do You
Think
know Tic
outside O X O Cisco DNA Center

Tac Toe?
O X O
X O X The Box

X #CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
 Cisco DNA Center

Policy Automation Analytics

Get Started
 Operator (UI)
Most Recommended Physical Enterprise
Topology of 3 Node M5 Cluster Network

Switch-1 Switch-2 Switch-3

172.x.x.11 10.x.x.11 192.x.x.11

Separate VLANs
Node-1 10Gbit Enterprise Network
enp94s0f0 enp94s0f1 eno1 eno2 10Gbit Intra-cluster network
1Gbit Management network(OOB)
172.x.x.12 10.x.x.12 192.x.x.12

Node-2
enp94s0f0 enp94s0f1 eno1 eno2

172.x.x1.3 10.x.x.13 192.x.x.13

Node-3
enp94s0f0 enp94s0f1 eno1 eno2

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
What to know about Cisco DNA Center Install
• Mandatory: NTP and DNS must be reachable from the IP addresses used for DNA Center
(Note: Temporary Loopback can be used for DNS, but a real DNS server will be required after install.)

• Setup a single DNA Center node, as a Cluster node.

• With regard to Network Connectivity, DNA Center is simply

a multi-homed appliance. (don’t over complicate it) 

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Cisco DNA Center – Best Praxis
• Treat Cisco DNA Center always as a cluster: plan for a “cluster”
• A standalone box is a “single node cluster”
• Provision for separate intra-cluster link on day 1
• Even when no other node is currently provisioned
• Use isolated L2 domain (partitioned switch)
• Ensure <10ms latency across the intra-cluster link
NOTE: If cluster link is NOT connected the Virtual IP is down!
(started in 1.2.5)
• Prepare to exchange the self signed certificate – the certificate should include all IP
addresses including VIP and the FQDN

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
 Pre Requisites Cisco DNA Center

Description Example

Enterprise Link and Connect min. Enterprise and Cluster Link, both need an IP
Cluster Link connected Subnet. Enterprise needs a Virtual IP Address
Services Subnet Used internally of Cisco DNA Center 10.60.0.0/21
Cisco DNA Center use The minimum size of the subnets is /21 bits; the
in managing its own recommended size is /20 bits to /16 bits. There is no
services default.
Note: Must not conflict or overlap with any other subnets
in use in the enterprise network and not to be routed!
Cluster Services Subnet Used internally of Cisco DNA Center 10.60.8.0/21
Cisco DNA Center to The minimum size of the subnets is /21 bits; the
use in managing its recommended size is /20 bits to /16 bits
clustering services. Note: Must not conflict or overlap with any other subnets
in use in the enterprise network and not to be routed!
NTP, DNS , Def GW etc Will be validated during installation – therefore need to be
reachable!

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Cloud Connectivity Requirements
 The following URLs must be opened up to allow DNA Center’s cloud connection:
• https://*.ciscoconnectdna.com/*
• https://*.cloudfront.net/
 The following URLs must be opened up for Smart Account and SWIM software downloads from
CCO
• https://*.cisco.com/*

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
 New Configuration Wizzard in 1.3

• New UI to make the Conifg_Wizard • Step by step validation as user is

more intuitive for the user going through the configuration

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
 Installation Workflow

• New page for all cluster settings – in • Progress and information on the
one place install, with detail logging on screen

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Cisco DNA Center – 5 step installation – 1st node

1. Start a new
Cisco DNA Center
Cluster
Cisco DNA Center

Config Wizard:
Enter IP Change NTP and Finalize
Boot
address Credentials Service Net Installation
Enter Cisco Shell and UI Enter NTP IP Finalize
DNA Center IP Username and and Service / installation and
(Subnet / Def GW / PWD and Cluster IP bring up
Static Routes)
optional Proxy Subnet controller
Note: Single Wizard for Cisco DNA Center
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Bring up 3 Node Cluster

1. “Start a new Cluster”  wait until 1 Node is installed successfully

2. Add a 2nd Node “Join Cisco DNA Center Cluster and add IP address and Node 1
credentials – Wait until the node 2 is fully installed and visible in the UI System 360 view
3. Add the 3rd Node “Join Cisco DNA Center Cluster and add IP address and Node 1
credentials – Wait until the node 3 is fully installed and visible in the UI System 360 view
NOTE: HA must have a cluster of 3 nodes!
2 node cluster
Fragile time! No protection from 1 crash
1) Node 1 Install

Formation of Cisco DNA Center cluster

Single node cluster 2) Node 2 Install 3) Node 3 Install Full clustering.
Enable HA for
Validate configuration
application support

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Enabling HA. Turning it ON
would enable HA

Services
are
balanced

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Automation HA – Failure and Recovery - Link

If a link failure happens, system automatically moves

Switch 1 Switch 2 Switch 3

the VIP to another node to make sure there are no

DNAC1 DNAC2 DNAC3 interruptions to traffic

Switch 1 Switch 2 Switch 3

When the node comes back up VIPs are not moved
back, until the node is re-elected as “seed” or
DNAC1 DNAC2 DNAC3 “master”

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Automation HA – Failure and Recovery - Node
Switch 1 Switch 2 Switch 3 If a chassis is lost, all services are moved
automatically to the two surviving nodes
DNAC1 DNAC2 DNAC3
Time to move services 7 to 15 minutes

If a Node comes back up after failure, service

Switch 1 Switch 2 Switch 3 redistribution to the other node is automatic over
time (all service will not move instantly)
DNAC1 DNAC2 DNAC3 Note: If the node needs to be RMA’d then Service
redistribution needs to be manually triggered

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Assurance – Failure and Recovery - Link
Switch 1 Switch 2 Switch 3 If a link failure happens, system automatically moves
the VIP to another node to make sure there are no
interruptions to traffic
DNAC1 DNAC2 DNAC3

When the node comes back up VIPs are not moved

Switch 1 Switch 2 Switch 3 back, until the node is re-elected as “seed” or
“master”

DNAC1 DNAC2 DNAC3

Note: If Inter-cluster link (Communication link
between clusters) fails, the effect is similar to node
failure covered in next slide

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Assurance – Failure and Recovery - Node
If the node with NDP fails Assurance recovery is
Switch 1 Switch 2 Switch 3
required. If not, there is no impact to Assurance

If the node with “NDP” service goes down,

Assurance is offline
DNAC1 DNAC2 DNAC3

NDP

UI Banner and Documentation provides details on

recovery

If a Node comes back up after failure, Assurance will

Switch 1 Switch 2 Switch 3 res-start, however there will be missing data for the
time of the downtime

DNAC1 DNAC2 DNAC3 Note: If the node needs to be RMA’d then NDP
NDP
service needs to be manually restarted on another
node.
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
More information in System 360 For Your
Reference

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
More information in System 360 For Your
Reference

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
 Download Demo Video here:
Link to BRKNMS-2426

Demo Time

Cisco DNA Center Overview Cisco DNA Center

Policy Automation Analytics

 Cisco DNA Center

Policy Automation Analytics

Some usefull hints

Ensure connectivity Cisco DNA Center

 Network connectivity
 NTP server connectivity – must be reachable
 To modify basic server settings use “sudo maglev-config update” to change the
configuration. – Be careful using this command on production device.
 If you have multiple Ethernet Interface – set one with a default gateway and the others with
static routes
 Do NOT change anything using Linux Shell!

Note1: Be careful with config wizard syntax especially for the sub netmask

Note2: All Parameters will be validated – e.g. DNS Server reachability

Note3: Never change anything in the Linux command shell unless TAC advises!!!

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
 Root Cause Analysis
 SSH into Cisco DNA Center

ssh -l maglev –p2222 <Cisco DNAC-ip>

 Collects important:
 log files
 configuration files
 output of various commands
 Creates a compressed tar ball containing the
above information which can be sent to
developers for further debugging and analysis
  Can be sent to support team!

<…snip…>
Note: Please use Port 2222 for
SSH and SCP

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
 Transforming from CLI to automation let you focus on
“what really matters”
Note: that happens all the time

Server in the past Transformed server

Source: www.novell.com Source: www.

guidebookgallery.org

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
 Cisco Cisco DNA Center

Use policy-based
Design Design your network using
Cisco Cisco DNA™ software capabilities automation to deliver Provision
physical maps and logical services to the network
topologies for quick visual based on business priority
reference and to simplify device
Cloud service management deployment

Automation Assurance

Cisco DNA Virtualization

Center
Define user and device Combine deep insights with
Policy profiles that facilitate highly rich context to deliver a Assurance
secure access and Cisco DNA-ready physical and virtual consistent experience and
network segmentation proactively optimize your
based on business needs
infrastructure network
Switch Router Wireless LAN Access
controller point

Security

You can use either the UI or the API

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
 Cisco DNA Center

Policy Automation Analytics

Brief excursion into

the REST API and
programmability
Why API?

Automation Integration Innovation

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
API: VERBS + NOUNS + Syntax

GET JSON Syntax:

/host
{
"policyOwner": "Admin",
POST /link "networkUser":
{"userIdentifiers":["40.0.0.15"],
/network-device
"applications":[{"raw": "12340;UDP"}]
PUT }
}
/interface Header: Content-Type: Application/JSON
DELETE

https://<Cisco DNA Center-ip>/api/v1/network-device GET/POST

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
https://developer.cisco.com/site/dna-center-rest-api/

NOTE: All API moving from:

/api/v1/<ENDPOINT>
To:
/dna/intent/api/v1/<ENDPOINT>

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Authentication request - POSTMAN

APIC-EM Cisco
DNA
Center
Authentication POST JSON Body Basic Auth
request
Response ["response"]["serviceTicket"] ["Token"]

Roles:
Make network changes
Read only role
Make Assurance changes

/dna/system/api/v1/auth/token Able to make all changes

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
 Download Demo Video here:
Link to BRKNMS-2426

Demo Time

REST APIs Cisco DNA Center

Policy Automation Analytics

 Cisco DNA Center

Policy Automation Analytics

Apps in Action –
how to get in
production?
Let’s Start Well, there are 2
How do we methods Gregg!
start?

Hey Linda, what

do we need to
do next?

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
 1st: Discovery
Changes are made on network
devices when:
Running Discovery
Adding a device to Inventory
When assigning a device to a
site.

After successful discovery devices

are added to the Inventory

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
And 2nd: Network Plug and Play (PnP)
PnP Agent PnP Protocol Cisco DNA Center
 Embedded in IOS / AirOS Runs between (pnpserver)
 Requests for IP and Cisco DNA Center Agent and Service in Cisco DNA Center
Address Cisco DNA Manages sites, devices,
 Authenticates Center images, licenses, workflow
 Creates a PnP Profile Provides Northbound REST
 Opens on http APIs
 Operates on https / tcp !
 Secure and reliable

Routers Switches Wireless

(ISR, ASR) (Catalyst®) Access Points Cisco DNA Center

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
PnP Server Discovery Options
Routers
DHCP with option 43 (ASR, ISR)
1 PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server

Wireless
Automated

Access Points
DNS lookup
2
pnpserver.localdomain resolves to Cisco DNA Center IP Address
Switches
Cloud re-direction https://devicehelper.cisco.com/device- (Catalyst®)

helper
3 Redirect
Cisco hosted cloud, re-directs to on-prem Cisco DNA Center IP
Address

USB-based bootstrapping*
4 router-confg/router.cfg/ciscortr.cfg Manual
discovery not
Manual

supported for
Access Points
Manual - using the Cisco® Installer App**
5 iPhone, iPad, Android

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Day-0 deployment using PnP
Cisco® Customer Smart
supply chain Device SN Account Device SN

PnP
Cloud-based device
discovery
Device SN SN per Smart
3
La bel
Cisco DNA Center downloads
added into Account available in
SN from PnP Connect
customer Smart PnP Connect
Account Device SN

2 SSL

DNA Center
registers its
identity with PnP
Connect
CCW order 5) PnP Connect 5

1 4
Corporate HQ
Customer Smart 4) Device (Switch, 6 6) Time, Cert
Account added as Router AP) boots IOS / SWIM
part of ordering and starts PnP Configuration push

Note: Used for LAN Automation, too!

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
 Day 0 Provisioning Flows
Order Power-On Provision
Admin
Unclaimed workflow Workflow securely
p ushed to device

Good

CCW P
Order

Installer
Installer racks, cables and
boots the device at the
customer site/branch
Best Power ON
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
 Day 0 Provisioning Flows
Order Power-On Provision
Admin
Unclaimed workflow Workflow securely
p ushed to device

Good
Device SN#
Pre-provision workflow
Workflow securely
p ushed to device

w/o
Smart Account
CCW
Better Cisco DNA
Order
Center
Provisioning

Installer
Installer racks, cables and
boots the device at the
customer site/branch

Power ON
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
 Day 0 Provisioning Flows
Order Power-On Provision
Admin
Unclaimed workflow Workflow securely
p ushed to device

Good
Device SN#
Pre-provision workflow
Workflow securely
p ushed to device

w/o
Smart Account
CCW
Better Cisco DNA
Order
with Center
Smart Account
Provisioning

Device SN#

PnP Connect Installer Workflow securely

p ushed to device

Cloud-based device discovery Installer racks, cables and

Cloud-sync workflow
boots the device at the
customer site/branch
Best Power ON
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
What you need to know …
Device Onboarding Provision Workflow Switch

Step 2
Step 0 Step 1
Complete Profile
Plan for PnP Discovery Claim to Site via PnP
Provisioning
Plan DHCP Option 43 or DNS What are Provisioned? What are Provisioned?
for devices to discover Cisco • Part 1- PnP Claim • Network Settings of Site
DNA Center
• Device Credentials • Day-N Templates of Profile
• CLI Template(s) of Profile
• Part 2- Add to Inventory
• Device Controllability if it is
enabled

Profile Profile

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
 For Your

LAN Automation
LAN Automation (for
(for SDA)
SDA) Reference
Reference

§ LAN Automation uses

LAN Automation uses PnP
PnP and
and SWIM
SWIM
§ A new switch
A new switch can
can be
be added
added to
to the
the
Fabric with all
Fabric with all necessary
necessary configurations
configurations
Zero
Zero touch
touch

#CLUS
#CLUS BRKNMS-2426
BRKNMS- 2426 © 2019
2019 Cisco
Cisco and/or
and/or its
its affiliates.
affiliates. All
All rights
rights reserved.
reserved. Cisco
Cisco Public
Public 65
 Download Demo Video here:
Link to BRKNMS-2426

Demo Time

PnP & LAN Automation

and Template Programmer
Cisco DNA Center

Policy Automation Analytics

Software and Image Management For Your

(SWIM) Reference

Image Management Upgrade Pre/Post Checks

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
 Informational

SWIM Out of box Pre-Checks and Post-Checks

Pre-Checks in Cisco DNA • Check if Device is Managed or has
Center SWIM Partial collection failure
• Check if Image is actually upgraded
• Flash & Memory check • Check if SMU is installed (inventory)
• Check if Device is Managed or has
Partial collection failure
• Valid Config-Register check
• Check for HTTPS reachability to Cisco
DNA Center
• SFTP Path length check - more than
64 (For WLC)
• Startup-Config check
• Domain name check
• RSA key pair check
• Image size, checksum validation (IV) Post-checks in Cisco DNA
TLS 1.2 Check
•
Center SWIM

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Software Upgrade – Integrity Verification

End User Deployment Cisco Development Cycle

Network Integrity Known Good Value Network Device

CCO
Devices Verification Collection Development

Software Is the software used by the device authentic? Includes checks of the
software files (Known Good Value) and in-memory (Imprint Value) contents. Also
includes shell access attempts (Event Occurrence)

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
 For Your

Integrity / Trustworthiness Verification Reference

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
 Download Demo Video here:
Link to BRKNMS-2426

Demo Time

Software and Image

Management
Cisco DNA Center

Policy Automation Analytics

 Our dog “Bessi” at break
Transforming from CLI to automation let
you focus on “what really matters”

Exhausted?
You need a break?
We still have cool things to see!
 And yes she sleeps only!
And transforms in her dreams 

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
 Download Demo Video here:
Link to BRKNMS-2426

Demo Time

Design, Provision  Intent Cisco DNA Center

Policy Automation Analytics

 What can a policy be? (an extract there are many
more)
Authentication & Authorization
Access 802.1x, static assignment – which group
Allow or decline access

DB
Who can access what?
Access Control Rules for x-group access
✓ Permit/deny group to group

Mirror Traffic (ERSPAN)

Traffic Copy Employee
Configures ERSPAN for specific endpoint and traffic
1
Edge Switch
Finance Servers
(source and destination SGT)

Quality of Experience Assign Application QoS relevance

Categorize applications (Relevant – Irrelevant – Default)
(Application) Apply QoS config network wide
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
 Solicit Application Business-Relevance

Relevant Default Irrelevant

• These applications directly • These applications may/may not • These applications are known
supports business objectives support business objectives and do not directly support any
business objectives; this class
• Applications should be classified • E.g. HTTP/HTTPS
includes all personal/consumer
and marked according to RFC
• Alternatively, administrator may applications
4594-based rules
not know the application (or how
• Applications in this class should
its being used in the org)
be marked CS1 and provisioned
• Applications in this class should with a “less-than-best-effort”
be marked DF and provisioned service , per (RFC 3662)
with a default best-effort service
(RFC 2474)
CVD: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Dec2017/APIC-EM-EasyQoS-DesignGuide-Dec2017.html
Or short link: http://cs.co/apicem14easyqos

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
 Applications can interact with Cisco DNA Center via
Application Policy Northbound APIs, informing the network of application-
specific and dynamic QoS requirements

REST API
Network Operators express high-level
business-intent to Cisco DNA Center
Application Policy Southbound APIs translate
business-intent to platform-
specific configurations
Cisco DNA Center

CUCM

WAN
Service
Applicatio
Network services DC
APs Office site n

Local WLCs

Access Switch
AP PEP Core Switch
4500: 1P7Q1T Nexus 7700
4Q (WMM) WLC WAN 6500: 1P3Q4T
3650: 2P6Q3T F3: 1P7Q1T
PEP MQC 1P7Q4T
2960X:
2P6Q4T
1P3Q3T
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
 What Do We Do Under-the-Hood?
• Apply RFC 4594-based Marking / Queuing / Dropping Treatments

Application Per-Hop Queuing & Application

Class Behavior Dropping Examples
VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)

Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV

Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence

Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx

Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Business
Relevant Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE

Signaling CS3 BW Queue SCCP, SIP, H.323

Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog

Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps

Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution

Default Best Effort DF Default Queue + RED Default Class

Business Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, Bit Torrent, Xbox Live
Irrelevant

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
 Download Demo Video here:
Link to BRKNMS-2426

Demo Time

Application Policy (QoS) Cisco DNA Center

Policy Automation Analytics

How will it work in my Network?
REST API

Cisco DNA Center

CUCM

WAN
Service
Applicatio
Network services DC
APs Office site Local WLCs n

Note: Provisioning End-to-End DSCP-Based Queuing

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
 From
Cisco DNA Center
Source: kfz-betrieb.vogel.de

1. Setup Cisco DNA Center

2. Onboard Devices either Discovery or PnP / LAN Automation
3. Provision the devices – Assign Site and Configure Design plus Templates
4. If SDA add devices to the fabric
5. Manage Policies – e.g. Application Policy or Scalable Group Contracts
 What’s next ?

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
 Cisco DNA Center

Policy Automation Analytics

Assurance
Do you know or recognize your Network?
1.x

Did you ever asked yourself:

Can I switch OFF one of my
Core switches at NO risk?

…the view from my

Copyright by Saskia 4 year old daughter !
In 2012
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
 What's the Impact?
• An Airline case: • IM1234546:
ROW is down ROW = Roswell
• (Airlines think 3 letter Code)
Eg. FRA = Frankfurt We are not flying to ROW lets requeue
MCO = Orlando the IM to Monday – P3 NW
etc .

Duty Manager Sorry typo in the IM

10 Min later RoW – means Rest of World

The network monitoring is green NW

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
 Assurance Affects Join/Roam

Affects Quality/Throughput

Client firmware Affects Both*

WAN Uplink usage End-User services

Client density AP coverage Configuration

WLC Capacity WAN QoS, Routing, ... Authentication

RF Noise/Interf.
Addressing
CUCM
ISE

WAN

DHCP

APs
Office site What is the problem?
Network services DC

There are
Mobile clients
Local WLCs
Cisco Prime™

100+ points of
Where is the problem?
* Both = Join/roam and quality/throughput

failure between
user and app
How can I fix the problem fast?
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
360
Cisco Context

Time 360-degree Visibility

Users Network
Devices Applications
Data Granularity

Location Historical, Real-time, Future

Context = know that your Policy works

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
 Download Demo Video here:
Link to BRKNMS-2426

Demo Time

Assurance Cisco DNA Center

Policy Automation Analytics

A future Story with Cisco DNA Center of Network Operating
Angry user reports issue after encountering problem
“My video was terrible, the network is terrible!”
Helpdesk
Source: http://worldartsme.com/

Cisco DNA Center opened “There are no issues in the network

but application health shows video issues
an Incident and enriched it
I forward it to the responsible group
NW

Perfect all information's are in the ticket, I can identify the Root cause
 Incident solved
Video
Let me inform the user and resolve the Incident
Video
Many Thanks this really improves my experience!

Source: http://www.clipartpanda.com/

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Assurance at Cisco Live BCN 2018  NOC

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Summary &
Conclusion
The answer for network Operations! 1.x

 Simplification because of abstraction

Copyright by Hanna
 The network becomes agile and predictable

 Easy Roll Out and RMA in Minutes

 Changes and configurations predictable, policy protected

 Complexity reduction because of abstraction and policies

 Integration of Assurance and Analytics

 Know that your policy works, get guidance

 Know the Impact and the Root Cause

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
 How we get to an SDN “controlled network…!"
Do you remember? Business Intelligent
1.x 1.x

Copyright by Saskia Copyright by Hanna

Transforming …!
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Cisco DNA Center I am glad we
automated
Its new but it and Assured
works!

Linda and Gregg

have
Cisco DNA Center
in production for
Automation and
Assurance
#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
My Call to action ! Cisco DNA Center

You can start totally RISK free !!!

Monitoring / Analytics LAB and Pilot for automation
 Use Cisco DNA Center just for  Use Cisco DNA Center in the LAB to see
Analytics & Assurance (Read Only) automation in action
 Have a quick win information in the  Build a small pilot
first 30 Minutes
 Pick and identify your use case PnP,
 Get up to date visibility SWIM…
 Proof value of Cisco DNA Center

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
 Session close to the end…
Technical Level
High Level

Low Level t
Session progress
Have a drink on me !

After the long journey

BUT PLS
ONE MORE SLIDE!!!!

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Transforming from CLI to automation let you focus on
“what really matters”
Note: that happens all the time – now you make it happen !!!

Traditional networking Cisco DNA Center

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Continue your education

Demos in the
Walk-in labs
Cisco campus

Meet the engineer

Related sessions
1:1 meetings

#CLUS BRKNMS-2426 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Thank you

#CLUS
#CLUS