This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
Also available in other formats.
Register your product to gain access to bonus material or receive a coupon.
The complete guide to transforming enterprise networks with Cisco DNA
As networks become more complex and dynamic, organizations need better ways to manage and secure them. With the Cisco Digital Network Architecture, network operators can run entire network fabrics as a single, programmable system by defining rules that span their devices and move with their users. Using Cisco intent-based networking, you spend less time programming devices, managing configurations, and troubleshooting problems so you have more time for driving value from your network, your applications, and most of all, your users.
This guide systematically introduces Cisco DNA, highlighting its business value propositions, design philosophy, tenets, blueprints, components, and solutions.Combining insider information with content previously scattered through multiple technical documents, it provides a single source for evaluation, planning, implementation, and operation.
The authors bring together authoritative insights for multiple business and technical audiences. Senior executives will learn how DNA can help them drive digital transformation for competitive advantage. Technical decision-makers will discover powerful emerging solutions for their specific needs. Architects will find essential recommendations, interdependencies, and caveats for planning deployments. Finally, network operators will learn how to use DNA Center’s modern interface to streamline, automate, and improve virtually any network management task.
· Accelerate the digital transformation of your business by adopting an intent-based network architecture that is open, extensible, and programmable
· Integrate virtualization, automation, analytics, and cloud services to streamline operations and create new business opportunities
· Dive deep into hardware, software, and protocol innovations that lay the programmable infrastructure foundation for DNA
· Virtualize advanced network functions for fast, easy, and flexible deployments
· Translate business intent into device configurations and simplify, scale, and automate network operations using controllers
· Use analytics to tune performance, plan capacity, prevent threats, and simplify troubleshooting
· Learn how Software-Defined Access improves network flexibility, security, mobility, visibility, and performance
· Use DNA Assurance to track the health of clients, network devices, and applications to reveal hundreds of actionable insights
· See how DNA Application Policy supports granular application recognition and end-to-end treatment, for even encrypted applications
· Identify malware, ransomware, and other threats in encrypted traffic
Download the sample pages (includes Chapter 1)
Foreword xxxiv
Introduction xxxvi
Part I Introduction to DNA
Chapter 1 Why Transform Your Business Digitally? 1
Opportunities and Threats 1
Digitally Transforming Industries 3
Digital Advertising 3
Digital Media and Entertainment 3
Digital Finance 4
Digital Communications 4
Digital Transportation Services 5
Digitally Transforming Businesses 7
Transforming the Customer Experience 8
Transforming the Employee Experience 11
Transforming Business Operations 14
Driving Digital Transformation with the Internet of Things 16
Are You Ready? 17
Summary 18
Further Reading 18
Chapter 2 The Business Value of DNA 19
Business Requirements of the Network Architecture 19
Cost Reduction 20
Risk Mitigation 20
Actionable Insights 21
Business Agility 22
Intent-Based Networking 23
Business Value of Cisco Digital Network Architecture 24
Reducing Costs Through Automation, Virtualization, and Programmable Hardware 25
Mitigating Risks with Integrated Security and Compliance 26
Revealing Actionable Insights Through Analytics 26
Accelerating Business Agility Through Open APIs 26
Adding It All Up 28
Summary 29
Further Reading 29
Chapter 3 Designing for Humans 31
Technology Versus User-Experience 31
Design Thinking Philosophy and Principles 33
Cisco Design Thinking Framework 34
Discover Phase 35
Define Phase 37
Explore Phase 39
The Cisco Design Thinking Journey for DNA 40
DNA Discovery Phase 41
DNA Definition Phase 49
DNA Exploration Phase 53
Summary 53
Further Reading 54
Chapter 4 Introducing the Digital Network Architecture 55
Requirements for DNA 56
Requirements to Reduce Complexity and Costs 57
Requirement to Increase Operational Flexibility 58
Security and Compliance Requirements 59
Cloud-Enablement Requirement 60
Architectural Principles 60
Openness 61
Extensibility 62
Programmability 62
Policy-based Networking 63
Security 63
Software Driven 64
Cloud Integrated 65
Conflicting Principles? 65
Overview of the DNA Components 66
Infrastructure 66
Automation 73
Analytics Platform 77
The Role of the Cloud in DNA 80
Connecting the Building Blocks: APIs 83
Outcomes 84
Summary 85
Further Reading 86
Chapter 5 The Digital Network Architecture Blueprint 87
DNA Services 88
DNA Services–Transport 90
DNA Services–Policy 91
Relationship Between DNA Policies and Business Intent 92
DNA Infrastructure 93
Transport Functions 94
Supporting Network Functions 96
Fabrics 98
Automating DNA–Controllers 99
Automating Transport and Network Functions Infrastructure 99
Maintaining a View of the Infrastructure Functions and Connected Endpoints 100
Instantiating and Maintaining DNA Services 100
Relationships in DNA: Revisiting Domains, Scopes, and Fabrics 102
DNA Interfaces 105
Service Definition and Orchestration 107
Relationship Between the Controllers and the Service Definition and Orchestration Component 110
Analytics Platform 112
Data Collection 113
Data Extraction 113
Data Ingestion 114
Data Export 114
On-Premises and Off-Premises Agnosticism–Revisiting the Cloud 115
Application Hosting in the Cloud and the Evolution of the DMZ 116
Leveraging the Cloud for DNA Controllers and Analytics 118
Summary 120
Part II DNA Programmable Infrastructure
Chapter 6 Introduction to DNA Infrastructure 123
Picturing the Modern Network 124
Exploring DNA Infrastructure 125
The Evolving Network, and Why It Matters 126
Requirements: The Need for Change 126
Requirements: The Need for Speed (of Change) 127
Requirements: The Need for Simplicity 128
Requirements: The Need for Continuity 129
DNA Infrastructure Solutions 130
Flexible Hardware 130
Flexible Software 131
New and Evolving Protocols 132
The Emergence of Virtualization 133
Bringing It All Together 133
Summary 134
Chapter 7 Hardware Innovations 135
The Importance of Hardware in a Software-Defined World 135
The Making of a Chip 136
Delving Deeper: How Chips Are Designed and Built 136
Drivers of Chip Design and Density 143
When Good Chips Go Bad: What Can Go Wrong in Chip Design 145
When Good Chips Need to Get Better: Designing the Next Generation 146
Now We Speak the Same Language! 147
What’s Happening in the World of Networks 148
How Traditional Network ASICs Process Packets 149
Traffic Handling with CPUs and FPGAs 150
Introducing Flexible Silicon 152
Flexible Switching Silicon: UADP 154
UADP Use Cases–Current, and Future 163
UADP–Summing Up 172
Flexible Routing Silicon: QFP 173
QFP–An Introduction 174
QFP–Diving Deeper 176
QFP–Use in Platforms 180
UADP and QFP–Summing Up 181
Wireless: Providing Innovation for Mobility 182
Flexible Radio Assignment 183
Intelligent Capture 185
Summary 186
Further Reading 187
Chapter 8 Software Innovations 189
The Importance and Evolution of Networking Software 189
Cisco IOS: Origins and Evolution 190
Evolution of the Cisco IOS Data Plane 191
Evolution of the Cisco IOS Control Plane 194
Evolution of the Cisco IOS Management Plane 195
Evolution of Cisco Networking Software 196
The Evolution of Cisco IOS to IOS XE 198
Cisco IOS XE in a Nutshell 199
Cisco IOS XE: Delving Deeper 201
IOS XE Subsystems 202
IOS XE Database 203
Container Framework and Application Hosting 205
Cisco IOS XE: Bringing It All Together 207
Cisco IOS XE: Simplification with a Single Release Train 209
Cisco IOS XE: Software Maintenance Upgrades 209
Cisco IOS XE: Platform Support 212
Cisco IOS XE: Summary 213
Protecting Platforms and Networks: Trustworthy Systems 214
Trustworthy Systems: An Overview 215
Attack Mitigation with Trustworthy Systems 216
Defense: Image Validation and Signing 217
Defense: Runtime Defenses 217
Defense: Secure Boot 218
Ensuring Device Identity with the Secure Unique Device Identifier 220
Cisco Secure Boot and Trust Anchor Module: Validating the
Integrity of Software, Followed by Hardware 221
The Move to Intuitive Networking 222
Summary 223
Further Reading 223
Chapter 9 Protocol Innovations 225
Networking Protocols: Starting at the Bottom with Ethernet 226
Power Protocols: Power over Ethernet, to 60 Watts and Beyond! 227
The Future of Power over Ethernet 230
Multiple-Speed Protocols over Copper: Multigigabit Ethernet, Squeezing More Life Out of Existing Cabling Infrastructures 230
25G Ethernet–The New Kid on the Block 234
Ethernet Evolving: This Is Not Your Father’s Ethernet! 235
Moving Up the Stack 235
Networking Protocols: Moving Up the Stack to Layer 2 235
Networking Protocols: Moving Up the Stack to Layer 3 237
Networking Protocols Today: Summary 242
Networking Protocols for the New Era of Networking 242
VXLAN: A Next-Generation Encapsulation Technology 243
IS-IS: The Evolution of Underlay Routing 249
LISP: The Evolution of Overlay Host Reachability 249
Scalable Group Tags: The Evolution of Grouping and Policy 257
Bringing It All Together: What Next-Generation Protocols Within the Network Allow Us To Build 264
Summary 264
Further Reading 265
Chapter 10 DNA Infrastructure–Virtualization 267
Benefits of Network Function Virtualization 268
CAPEX Benefits of NFV 268
OPEX Benefits of NFV 270
Architectural Benefits of NFV 271
Use Cases for Network Function Virtualization 272
Control Plane Virtualization 272
Branch Virtualization 274
Virtualization to Connect Applications in VPCs 275
Virtualization of Multicloud Exchanges 276
Overview of an NFV System Architecture 278
Hypervisor Scheduling and NUMA 281
Input/Output Technologies for Virtualization 283
Challenges and Deployment Considerations of Network Function Virtualization 289
Performance 289
Oversubscribing the Physical Hardware Resources 290
Optimizing Server Configurations 290
Selecting the Right I/O Technique 291
VNF Footprint Considerations 292
Multi-tenancy and Multi-function VNFs 293
Transport Virtualization 296
Network Segmentation Architecture 297
Policy-based Path Segmentation 299
Control Plane—based Segmentation 302
Summary 305
Chapter 11 DNA Cloud 307
Introduction to the Cloud 308
Cloud Service Models 311
Cloud Deployment Models 312
It’s a Multicloud World! 313
DNA for the Cloud 315
DNA Cloud for Applications 316
DNA Cloud for Automation 318
DNA Cloud for Analytics 319
Summary 323
Further Reading 323
Part III DNA Automation
Chapter 12 Introduction to DNA Automation 325
Why Automate? 325
Reduce Total Cost of Ownership 326
Lower Risk 326
Move Faster 328
Scale Your Infrastructure, Not Your IT Department 328
Think “Out of the Box” 329
Simplify Like Never Before 330
Enable Applications to Directly Interact with the Network 330
Is DNA Automation the Same as SDN? 330
Centralized Versus Distributed Systems 331
Imperative Versus Declarative Control 331
The Cisco SDN Strategy 332
Automation Elements 332
Network Programmability 332
Network Controller 333
Network Orchestrator 334
Summary 335
Further Reading 336
Chapter 13 Device Programmability 337
Current State of Affairs 338
CLI Automation 338
SNMP 340
Model-Based Data 340
YANG 341
Protocols 344
Encoding 345
Network Protocols 346
NETCONF 347
RESTCONF 350
gRPC 351
Telemetry 352
gRPC Telemetry 353
Tools 354
Application Hosting 357
Summary 359
Further Reading 359
Chapter 14 DNA Automation 361
The Increasing Importance of Automation 362
Allow the Network to Scale 363
Reduce Errors in the Network 363
Time to Perform an Operation 363
Security and Compliance 364
Current Impediments to Automation 364
Classifying Network Automation Tasks 367
Infrastructure and DNA Service Automation 368
Standard and Nonstandard Automation Tasks 369
The Role of Controllers in DNA Automation 371
Leveraging Abstractions in DNA to Deliver Intent-Based Networking 372
Domain Controllers Versus Control Plane Protocols 375
Automating Your Network with Cisco DNA Center 377
DNA Center Basics 377
Day 0 Operations–Standardizing on Network Designs 382
Standardizing on Network Designs 388
Automating the Deployment of Network Elements and Functions 390
Day N Operations–Automating Lifecycle Operations 394
Summary 395
Further Reading 396
Part IV DNA Analytics
Chapter 15 Introduction to DNA Analytics 397
A Definition of Analytics 397
DNA Analytics 398
DNA Analytics, Opportunities and Challenges 399
Brief History of Network Analytics 400
Why DNA Analytics? 401
The Role of Network Analytics in DNA 402
Summary 404
Chapter 16 DNA Analytics Components 405
Analytics Data Sources 405
DNA Instrumentation 407
Distributed Network Analytics 408
Telemetry 411
Why Telemetry? 412
The DNA Telemetry Architecture 413
Limitations of Today’s Telemetry Protocols 413
The Evolution of DNA Telemetry: Model-Driven Telemetry 414
Analytics Engine 416
The Traditional Analytics Approach 416
The Need for Analytics Engines 418
The Role of the Cloud for Analytics 420
Summary 422
Further Reading 422
Chapter 17 DNA Analytics Engines 423
Why a DNA Analytics Engine? 425
DNA Analytics Engines 427
Cisco Network Data Platform 428
Telemetry Quotient 430
NDP Architecture 430
NDP Deployments Modes 436
NDP Security and High Availability 438
Cisco Tetration Analytics 439
It’s All About Quality of Data 440
Data Center Visibility with Cisco Tetration Analytics 442
Cisco Tetration Analytics Architecture 444
The Benefits of Cisco Tetration Analytics 446
Summary 448
Further Reading 449
Part V DNA Solutions
Chapter 18 DNA Virtualization Solutions: Enterprise Network Functions Virtualization and Secure Agile Exchange 451
The Cisco Strategy for Virtualization in the Enterprise 452
Cisco Enterprise Network Functions Virtualization 453
Details on Virtualization Hardware 455
NFVIS: An Operating System Optimized for Enterprise Virtualization 459
Virtualized Network Functions 463
Service Chaining and Sample Packet Flows 468
Orchestration and Management 473
485
Virtualizing Connectivity to Untrusted Domains: Secure Agile Exchange 488
Motivation for the Cisco SAE Solution 489
Cisco SAE Building Blocks 492
Running Virtualized Applications and VNFs Inside IOS XE 493
Summary 496
Further Reading 496
Chapter 19 DNA Software-Defined Access 497
The Challenges of Enterprise Networks Today 497
Software-Defined Access: A High-Level Overview 499
SD-Access: A Fabric for the Enterprise 500
What Is a Fabric? 500
Why Use a Fabric? 501
Capabilities Offered by SD-Access 505
SD-Access High-Level Architecture and Attributes 512
SD-Access Fabric Capabilities 515
SD-Access Device Roles 518
SD-Access Case Study 542
SD-Access Case Study, Summing Up 565
Summary 565
Further Reading 567
Chapter 20 DNA Application Policy 569
Managing Applications in DNA Center 570
Application Registry 570
Application Sets 574
Application Policy 576
What Happens “Under the Hood”? 585
Translating Business Intent into Application Policy 586
DNA Infrastructure Software Requirements for Application Policy 589
NBAR2 589
SD-AVC 599
DNA Infrastructure Platform-Specific Requirements for Application Policy 601
Routing Platform Requirements 602
Switching Platform Requirements 613
Wireless Platform Requirements 621
Summary 628
Further Reading 629
Chapter 21 DNA Analytics and Assurance 631
Introduction to DNA Assurance 631
Context 633
Learning 638
The Architectural Requirements of a Self-Healing Network 639
Instrumentation 640
Distributed On-Device Analytics 641
Telemetry 642
Scalable Storage 643
Analytics Engine 643
Machine Learning 644
Guided Troubleshooting and Remediation 645
Automated Troubleshooting and Remediation 645
DNA Center Analytics and Assurance 647
Network Data Platform 647
DNA Assurance 653
Summary 710
Further Reading 710
Chapter 22 DNA Encrypted Traffic Analytics 711
Encrypted Malware Detection: Defining the Problem 712
Encrypted Malware Detection: Defining the Solution 714
ETA: Use of IDP for Encrypted Malware Detection 714
ETA: Use of SPLT for Encrypted Malware Detection 715
Encrypted Malware Detection: The Solution in Action 716
Encrypted Malware Detection: Putting It All Together 719
Summary 720
Part VI DNA Evolution
Chapter 23 DNA Evolution 721
9781587147050 TOC 11/19/2018