Friday, July 7, 2017

Cisco's intent-based, intuitive networking launch – Part 1

This week Cisco outlined its vision for Intent-based Networking. Cisco CEO Chuck Robbins described the unveiling as the most significant announcement from the company in perhaps the last five years and as the 'foundation for networking' for the next 30 years. So, what exactly is it?

Simply put, it is a vision. It is not a technology nor a network architecture, it is a vision of machine learning that will be applied to make networks more agile, more efficient and more secure. It leverages Cisco's Digital Network Architecture (DNA), which extends its data centre-based, policy-driven Application Centric Infrastructure (ACI) technology throughout the entire network: from campus to branch, wired to wireless, core to edge. Cisco has been talking about its DNA for the past 15 months or so. It would be easy to assume that all the Cisco DNA slide ware presented to date has simply been a marketing exercise to keep market analysts busy, but this would be a wrong assumption. The five key principles of Cisco DNA have already been used to differentiate its Nexus 9000 core data centre switches. These five guiding principles for Cisco DNA will now do the same for core systems in enterprise networks:

·         Virtualise everything to give organisations freedom of choice to run any service anywhere, independent of the underlying platform – physical or virtual, on premise or in the cloud.

·         Designed for automation to make networks and services on those networks easy to deploy, manage and maintain, fundamentally changing the approach to network management.

·         Pervasive analytics to provide insights on the operation of the network, IT infrastructure and the business – information that only the network can provide.

·         Service management delivered from the cloud to unify policy and orchestration across the network, enabling the agility of cloud with the security and control of on premises solutions.

·         Open, extensible and programmable at every layer, integrating Cisco and 3rd party technology, open API's and a developer platform, to support a rich ecosystem of network-enabled applications.

At a press event this week in San Francisco, Cisco executives kicked off this new intent-based networking vision by launching several key products: DNA Center, a centralised management dashboard with an intent-based approach for full visibility and context across the entire network, and new Intent-based network infrastructure products including the Catalyst 9000 switching portfolio.

Custom Cisco silicon + onboard Intel x86 powers the switches

It used to be said in that 'silicon is destiny', at least that was a saying in Silicon Valley until Marc Andreessen came along and proclaimed 'software will eat the world'. In more recent years, the conventional wisdom became that merchant silicon was good enough and fast enough, with software to be the key differentiator, enabling valued-added features. In the enterprise networking space, Broadcom's merchant Ethernet switching silicon has pretty much dominated the market. The company offers several switching silicon product families, covering everything from low-end access switches to the highest-capacity, openly programmable data centre core switches.

For this new Catalyst 9000 Series product family Cisco developed its own programmable silicon. The chipset is officially known as the Cisco Unified Access Data Plane (UADP) 2.0 ASIC. Next-generation features include a programmable pipeline, microengine capabilities, and template-based, configurable allocation of Layer 2 and Layer 3 forwarding, access control lists (ACLs), and QoS entries. A first version Cisco Unified Access Data Plane ASIC has previously powered the Catalyst 3850 Unified Access Switch with a built-in WLAN controller and the Cisco 5760 Unified Access WLAN Controller appliance, which have been shipping for several years.

With the new Cisco UADP 2.0 ASIC entering production, it is worth looking at the data sheets for the first Catalyst platforms in which it will be deployed. The newly-announced Catalyst 9K product line up includes the Catalyst 9500 Series 40 Gbit/s switch for the enterprise campus. Three variants will be offered:  24 x 40 Gigabit Ethernet ports, 12 x 40 Gigabit Ethernet ports, or 40 x 10 Gigabit Ethernet ports. A mix of QSFP and SFP+ ports are supported. Key specifications include:

·         Intel 2.4 GHz x86 CPU with up to 120 GB of USB 3.0 SSD storage for container-based application hosting.

·         Up to 960 Gbit/s switching capacity (IPv4) with up to 1440 Mpps of throughput.

·         Up to 24 nonblocking 40 Gigabit Ethernet QSFP ports.

·         Platinum-rated AC power supplies.

·         Up to 512,000 Flexible NetFlow (FNF) entries in hardware.

·         Up to 32 MB of shared buffer per ASIC.

·         Up to 64,000 routing entries for high-end campus access and aggregation deployments.

·         IPv6 support in hardware, providing wire-rate forwarding for IPv6 networks.

·         Dual-stack support for IPv4/v6 and dynamic hardware forwarding table allocations, for ease of IPv4-to-IPv6 migration.

·         Support for both static and dynamic NAT and Port Address Translation (PAT).

·         Scalable routing (IPv4, IPv6, and multicast) tables and Layer 2 tables.

·         Open IOS-XE, described as a completely new rewrite of IOS for the enterprise with support for model-driven programmability, on-box Python scripting, streaming telemetry, container-based application hosting, and patching for critical bug fixes; the OS also has built-in defences to protect against runtime attacks.

·         StackWise virtual technology, a network system virtualisation technology for scalability.

The Catalyst 9400 Series, positioned as the mainstream, next generation of the industry’s most widely deployed enterprise switching platform. The Catalyst 9400 includes modular access switches built for security, IoT and the cloud, offering high availability, support up to 8 Tbit/s, SD-Access capabilities. Two versions of the 9400 are initially offered: a 10-slot chassis offering up 384 ports, 480 Gbit/s per slot; or a 7-slot chassis offering up to 240 ports, 480 Gbit/s per slot. Both support MPLS L2 and L3 VPNs, MVPN, NAT, SD-Access, Cisco StackWise, and N+N/N+1 redundancy.

A Cisco Catalyst 9400 Supervisor Engine line card is used to power the chassis. On the card is the same Cisco Unified Access Dataplane (UADP) 2.0 ASIC, along with an Intel 2.4 GHz x86 CPU with up to 960 GB of SATA SSD local storage for container based application hosting. Line rate hardware-based Flexible NetFlow (FNF) can process up to 384,000 application flows. Significantly, the Catalyst 9400 switches form the foundation building block for Cisco's enterprise SD-Access, which includes: policy-based automation from edge to cloud; segmentation and micro-segmentation, with predictable performance and scalability; automation through the Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM); policy enforcement through the Cisco Identity Services Engine (ISE).

The Catalyst 9300 Series, positioned as Cisco's next generation stackable switching platform, features eighteen models initially. The three top configurations are: 24 ports of 1/2.5/5/10 Gbit/s; 48 ports of 1 Gbit/s SFP for data, PoE+, Cisco UPOE; 24 ports of 1 Gbit/s SFP for data, PoE+, Cisco UPOE.


As with other members of the Catalyst 9000 series, these switches are powered by the new UADP 2.0 ASIC with programmable pipeline and microengine capabilities. The Cisco ASIC is complemented by an Intel x86 CPU complex with 8 GB memory, and 16 GB of flash and external USB 3.0 SSD pluggable storage slot to host containers and run third-party applications and scripts natively within the switch. Cisco also said the Catalyst 9300 Series is optimised for high-density 802.11ac Wave2.