Professional Documents
Culture Documents
Gaining Operational Intelligence in ACI: Day 2 Operations Application Stack
Gaining Operational Intelligence in ACI: Day 2 Operations Application Stack
Gaining Operational Intelligence in ACI: Day 2 Operations Application Stack
Joseph Ezerski
DCSBU 2019
Network Operations – Typical Questions
“Is my policy and state
adhering to the compliance
“Is my network running with mandates?”
PSIRTs/vulnerabilities? “ “Do I have
anomalous hardware
table usage ? “
Architecture and Planning
teams
“ I am not an ACI policy model “Do I have unusual
expert , how do I map my existing latency on some flows
networking functions to the ACI ?“
world?”
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Solving the Problem Where It Happens
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Network Insights & Assurance
Day 2 Operations Stack
+
Network Insights: Network Assurance: Moving
Health and Availability from Reactive to Proactive
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Introducing Network Insight Telemetry Applications
Providing Network Health Visibility & Enabling Proactive Insights
New Apps
Data Collection
Anomaly
Detection
Remediation
Event Analytics Dashboard Displays Faults, Events, And Audit Logs In A Time Series Fashion.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Q1 CY 2019
ACI Network Insights – Resources
Understand What’s Running in your Network
Packet Drops
Latency
Flow Analytics Dashboard Displays Key Indicators Of Infrastructure Data Plane Health.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Demo NIR
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Resource Analysis - Common Use Cases
Menu Items
! Dashboard -- “Tell me now if I’ve got a problem!
• Anomalies
System
• Resource Utilization [Fabric Wide
• Trend Monitoring
(rising/falling)
• Fabric Capacity
• Environmental
Operations
• Statistics
• Flow Analytics
• Event Analytics
Flow Analytics
Event Analytics Multi fabric support Resource tagging
Packet Drop diagnosis
Anomaly notification
Events & Faults Remote Storage vPOD
via Kafka bus
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network Insight Advisor (NIA)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Q2 CY 2019
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network Insights Applications
Apps
DCNM APIC
Platform
NX-OS ACI
Data collection and ingestion Data correlation and analysis Data visualization and action
Anomalies
• Configuration, Consistency, Unplanned
events
Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
2 Detect
Insight
DB Fabric
Monitor 1
4 Implement
Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
Push
Insight
Notification
DB Fabric
Monitor 1
4 Implement
p PSIRT
s S/W p
2 Identify Switches
p p
Notify
• Root cause from fingerprints and signatures – Constantly collects and checks
logs and identifies known caveats, which switches are affected and
recommendations for remediation
• PSIRTs, Field notices, SMUs, EOL/EOS of Software and Hardware
• Config anomalies - Get notifications when your configurations are not within
verified scale
• Compliance checks – hardening, control and data plane inconsistencies
• Measure upgrade impact - If a software upgrade will be disruptive or non
disruptive / if the new hardware can support the existing feature-set and scale
• Open TAC case with logs readily available, check status of SRs
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Part Two: Policy and State
Assurance
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
New App
for ACI!
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NAE Policy Explorer (PE) Introduction
• NAE PE is an ACI App, available in ACI
Appstore
https://aciappcenter.cisco.com/
• It uses NLQ (Natural Language Queries)
to explore ACI policy model, answering
questions about connectivity and
associations among objects, including
VRFs, BDs, ENCAPs, Eps, Interfaces,
Contracts,
• It support ACI 3.2+ release with 2G
footprint
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NAE PE Introduction – Exploration Primitives
“What” Query
• A “What” query answers how different networking assets are related to each other
• Example: What endpoints are associated with BD:X
“Can” Query
• A “Can” query answers if two given assets in the fabric talk to each other
• Example : Can A talk to B , A and B can be arbitrary sets - EPGs, BDs, VRFs, Endpoints,
Encaps, interfaces
“How” Query
• A “How” query answers how and on ports do a pair of EPG’s talk to each other
• Flow information between EPG pair (ether_type, src_port, dst_port, protocol, flags..etc)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NAE PE Workflow
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Open the NAE EP App from ACI AppCenter
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Take a Snapshot of the ACI Fabric
On the timeline, click on the camera icon to take a instantaneous snapshot of the ACI fabric.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Initiate a Query (Begin with What or Can)
▪ Select a snapshot on the timeline
▪ Start a What or Can query
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
“What” Query
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
“Can” queries
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Packaging/Footprint/Limitations
• APP on APIC’s app infrastructure
• Initially support APIC version 3.2
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network Assurance Engine
Update (NAE)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NAE Pricing – Breaking News
• ACI Premier Bundle for Leaf includes NAE Leaf license. The Premier PID belongs
to Core category (Std Disc. 42%) with higher discounts available to customers
• But the NAE Appliance and Spine Licenses are in Market category (Std. Disc
20%) leading to varying discount structure
• To enable uniform discounting and reduce confusion from discounting mismatch
- all NAE PIDs are moving from Market to Core category
• NAE PIDs will reflect price uplift to enable higher discounts characteristic in the
core
• For ease of purchase and to be consistent with other ACI software licensing
approach we are no longer charging for NAE Spine licenses
• The pricing changes will be effective in March 2019
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Points
• There is no change in names of existing SKUs
• Only change is in pricing to enable higher discounts
• No Spine licenses
• Existing quotes given to customers are valid for 30 days.
• BU and PMs will work with any accounts that have
• deal in flight to make sure net price is maintained by adjusting discounts
• quote submitted but deal is not booked make sure net price is kept
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Intent Assurance
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How Cisco Network Assurance Engine
How it Works
Reasoning you do after the fact, the Engine does before the fact, continuously, network wide
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
#CLUS DEVNET-1699 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Verification Results Delivered via Smart Events
What ? Who and Where ?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Epoch Delta Analysis
Correlated Ad hoc Analysis Workflow
4 Qs, correlated answers…
• What changed?
• Who was impacted?
• Was it due to config changes?
• What happened as a result?
Use Cases
• Change Management
• Root-cause analysis
Before / After /
Baseline Current • Migration
• Maintenance Upgrades
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Capacity Management
Health Delta - Summary
Change in the health of the Fabric
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Epoch Delta Workflow – Policy Delta
Impact, Change, Operator
What got
impacted ?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
#CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NAT Implementation
• DNAT (IP to IP ) is supported in Release 2.1.1a
• Use a .csv file (NAT.csv) to provide the mapping info
of private-IP and public-IP for all ACI
leafs/spines/APICs
Typical NAT deployment with
NAE
Public IPs of
ACI
APIC Hosts
NAT.csv
NAE NAT Network
(Public, Private IP)
Network Assurance Network Address Translation APIC/Leaf/Spine
Engine
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Tables Export Available
Customer may need to externally NAE Release 2.1.1a supports export of
save assurance analysis results the following assurance results tables:
for different reasons: • All Smart Events
• Analysis
• Tenant Security Smart Events
• Ticketing
• Tenant Endpoints Smart Events
• Change Management
• Tenant Forwarding Smart Events
• Backup
• Real-time Change Analysis Smart Events
• TCAM Smart Events
• L3 Forwarding Table
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Working With Export Options
▪ Two export formats are supported: CSV and JSON
CSV
JSON
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
New Additions in the 3.0.1 Release (Dec 2018)
Tenant Forwarding
• PC and vPC interface Smart Events
• L2 Path Binding Smart Events enhanced with PC and vPC support
Policy
• Overlapping subnets Smart Event enhancements
Scale Increase
• 200 Leaf support in a single fabric
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Forwarding Connectivity Analysis
Health of Forwarding Communication Fabric-wide
Use Cases
Forward Communication
Issues across entire fabric
InterVRF IntraVRF
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential *Roadmap
Forwarding Connectivity Analysis
Health of Forwarding Communication Fabric-wide
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Compliance Analysis
Continuous Compliance Verification
NAE COMMUNICATION COMPLIANCE REQ
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential *Roadmap
Smart Events & Compliance Score for Compliance
COMPLIANCE SCORE
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Bringing It All Together
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network Insight & Network Assurance
ACI NX-OS
Capacity Planning Proactive Assurance and Compliance Execute high confidence production
Design and verify compliance mandate and Faster incident and problem management maintenance and upgrades
NAE posture Shrink change management windows
Design and verify security mandate and posture Accelerate ACI on-ramp
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
OPSTACK – Tools at a Glance
Platforms
Key Use cases Data Sources Technology Target Teams Packaging
supported
•
• Proactive assurance of Policy and Dynamic state
• Network Operations
changes. • APIC Policy and
• Network Provisioning
NAE • Incident and Problem Management Network wide
Formal Model based • Network Administration Appliance ACI
• Audit and Compliance control/data plane
of logical network assets
• Change Management state
• Network Security policy Management