Professional Documents
Culture Documents
Cognitive Campus Resource Guide
Cognitive Campus Resource Guide
Terry Jenkins
Senior Training Manager
terryjenkins@arista.com
• Arista solved these issues for our customers there, now we are bringing in this
expertise and experience into the Campus and Enterprise networks.
• 10 years ago Leaf - Spine was new, today we are able to solve these problems in a
new area of the network with a vast amount of lessons learned.
• If the major Cloud Titans solve these problems with Arista you can feel confident
we can help you solve them with your customers.
Cloud-Grade: We are not turning the campus into a cloud we are bringing lessons
learned from the cloud into your campus
Spine
Optical Secure Segmentation
Leaf Cognitive Actions
Legacy Core
Routing Device & Diversity-driven
Core
Switching Open Standards-based, Scale
Controlled & Uniform
Distribution
Workloads, VMS, Containers Any Edge for Diverse Devices
Access
Enterprise
DC1
• Public Cloud
Azure
West
Amazon
• Private Cloud/DC
East
Amazon
West
• Colo/Exchanges
Equinix
Private Cloud
Cloud Exchange
Any Site
Multi-Silo DC Island
DMZ Island
Edge Network WAN Campus Data Center Cloud Native Private Cloud Public Cloud
Network Network
Public Cloud
Edge Routing
Data Center
Campus
• Upgrade procedures
… • Certification efforts
• Lifecycle management
• Vulnerability management
EOS + CloudVision • Network designs
Operating Model
• Troubleshooting approaches
• Automation techniques
Network Ops
Cloud Ops
NPM/APM
• Feature discrepancies
DevOps
IAM
• Management platforms
• Ecosystem integration
• And more…
$32K for FTE 1 Month Full DC Deployment 8 Hours $1K for FTE
Universal EOS
Consistent Operations
Campus
Services Any Application Readiness
Secure Campus, Rich Media,
Collaboration, IOT
Physical, Virtual, Container Workloads
Corporate WAN
Public Networks Distributed Storage, Security and VNFs
& Branch
IoT IoT
IoT IoT
MLAG
MLAG
Web Servers
MLAG
External
Network MPLS Metro A CORE
App Delivery
Controllers
CloudVision
Firewalls
MLAG DHCP
ZTP/ZTR
Existing
Telemetry Network
CloudVision
DHCP
ZTP/ZTR
PoE PoE
Telemetry
Disruptive upgrades, stack members must be Hitless and non-disruptive expansion, no model/vendor
Expansion same vendor & model, co-located members limitations, members up to 10km apart
Merged control planes provide aggregate uplinks MLAG for L2 and ECMP for n-way L3. No Spanning Tree.
Uplinks to the Distribution Distributed control plane highly reliable.
Split brain risk, merged fate-sharing control Standards-based and highly scalable. Proven
Maintainability planes architecture in largest data centers
Single point management for just the stack CloudVision for Enterprise-wide management: change
Management management, compliance, visibility, upgrades
StackWise 480
720XP-48ZC2
2 x 25G
720XP-48ZC2
720XP-48Y6
2 x 25G
384 PoE ports + 12 1/10/25G ports 384 PoE ports + 16 1/10/25G ports + 12 QSFP100
Host facing ports
(288 100M - 2.5G, 96 100M - 5G) (320 100M - 2.5G, 64 100M - 5G)
Typical Uplink Capacity 100G (2 x 25G per uplink switch) 100G (2 x 25G per uplink switch)
Distance between any 2 0.5-3m (using proprietary stack) 0.5-30m (DAC/AOC) / 70m - 10km with SFP
connected devices
The very nature of an IP fabric is based on equal cost multipath (ECMP) and control plane stability
Spine Options:
• Modular or fixed configuration switches
• Select for buffering, latency, port count, link speed etc.
Leaf Options:
• Modular or fixed configuration switches
• Select for buffering, latency, port count & link speed
- Large buffers ideal for IP storage, big data, edge nodes etc.
- PoE capable switches for the campus etc.
• Comprehensive choice of media types – UTP, DAC,
optical etc.
Open-standard
MLAG (LACP)
2.5G/5G 40G/100G
Trident-3 X7 X5 X3 X2
Flow Tracer
7300X3 7050X3
Dynamic Shared Buffer
High Density Modular Fixed 100G & 25G
100G/25G for Campus Spline for Campus Spline Smart Software Upgrade
Two Chassis: 32 x 100G and 48 x 25G with
4 and 8 slot 100G uplinks
with 50Tbps Fabric Unified Forwarding Table
10G to 100G port flexibility
Linecards:
Industry-leading Power
32x100G QSFP Remote Monitoring
Efficiency
48xSFP-25G & 4x100G
Large scale L2/L3 Tables
Macro Segmentation
Flow Tracer Trace flows through the network and detect anomalies
Dynamic Shared Buffer Voice, Video and Data to IOT, WLAN and Sensors
Trident3 family offers sufficient scale for Larger tables and 128-way ECMP - suitable for
DC and Campus use cases all environments not PIN-point use-cases
A single operating system to certify One image across the whole Campus and DC
● The power limits mentioned are specified at the switch (power sourcing
equipment or PSE)
○ Cat 3 or better cable required for 802.3af (up to 15 W)
○ Cat 5 or better cable required for 802.3at and 802.3bt (above 15 W)
○ PoE power is specified for a maximum cable length of 100 m
Y Series
2.5G mGig ports NA NA
Copper
30W PoE
Z Series
2.5G mGig ports NA NA
60W
Z Series
5G mGig ports NA NA
60W
Y and Z Series
SFP NA NA
SFP
CCS-720XP-48ZC2-F* 40 x 30W All ports full stated 16.7W/port 1800 / 800 1050W
8 x 60W power
CCS-720XP-24ZY4-F* 16 x 30W All ports full stated 20.7W/port 1100 / 500 650W
8 x 60W power
CCS-720XP-48Y6-F* 48 x 30W All ports full stated 16.7W/port 1800 / 800 1050W
power
CCS-720XP-24Y6-F* 24 x 30W All ports full stated 20.7W/port 1100 / 500 650W
power
* Front to Rear airflow is the only available configuration due to cooling constraints.
** PoE follows the 802.3bt standard up to Type 3 (60W / 51W at the PD) on 5G ports.
*** Devices ship with a single PSU - PSUs are compatible with all switches. While mixed PSU sizes will operate, matching PSUs are recommended
AC Power Only
51 Confidential. Copyright
Confidential.
© Arista
Copyright
2019. All©rights
Aristareserved.
2019. All rights reserved.
Power Supplies with PoE for Campus Platforms
Model Number Airflow Input Voltage Default Power Output
Direction Cable *
Notch PSU-XXX-650W
C15
connector * No power cord by default
• The PoE port should stop sending power to prevent the whole switch
going down.
#1 32+ Patents
Marketscope for Wireless LAN Intrusion
Prevention Systems
1000+ WIPS
Customers Marketscape
Confidential.Copyright
Confidential. Copyright © Arista
© Arista 2019.
2019. All rights
All rights reserved.
reserved.
Arista Cognitive WiFi Customers
Large Enterprise Distributed Enterprise Education Service Providers & Federal
OEMS
Cognitive WiFi™
Born in the cloud
Local Network
• NMS
• SIEM
• Syslog
Local VLAN bridging Data Plane - Flexible Control Plane - Distributed
CloudVision
Arista Platforms WiFi
720XP (PoE) 7050X3 7300X3
Cloud Integration
Point
Data tunnel
Local Network
Local VLAN • NMS
bridging and breakout • SIEM
• Syslog
53 12
Racks
200
Controllers
Zero
Cisco Prime
Appliances
100 Zero
200 Zero
Appliances
MSE
Can your
network
figure it out?
1x GigE Uplink
2x 2.5 GigE Uplink with
1x Gigabit Ethernet Port 1 x Gigabit Ethernet Ports 1 x Gigabit Ethernet Ports 2x Gigabit Ethernet Ports 3x GigE Wired ports
power failover
1x Passthrough port
• Internal & external antenna • Low cost Wave-2 • Low cost Wave-2 • Latest QCA ac chipset • 2x2 ac 3rd radio for • OFDMA and MU-MIMO
options • Best for medium density, • Best for medium density • 2x2 ac 3rd radio for dedicated WIPS/RF • 2x2:2 scanning radio
• Integrated BLE SMB, Retail, K-12 SMB, Retail, K12 dedicated WIPS/RF monitoring • Integrated BLE
• Best for stadiums, outdoor Schools, Enterprise monitoring • Integrated BLE • FIPS 2 certification
spaces, weather-affected • Integrated BLE • Internal and External • Best for conference • All .11ax features at
environments antenna options rooms, classrooms, 802.3at with 4x4 5GHz
• Best for high density, hospitality, dormitories, • Full Feature set at
enterprise, classroom etc. 802.3bt (<40W)
and auditoriums
Gen 2 Advantages
• Higher performance
- OFDMA and MU-MIMO
- 4x4:4 5GHz, 4x4:4 2.4GHZ radios
- 2x2:2 scanning radio
- BLE
- Dual 5 Gigabit Ethernet ports with power failover
• Better more secure AP
- FIPS 2 certification
- Conformant to new NIST standard for hardware-
based key gen
• Most efficient power consumption
- Full Feature set at 802.3at
• VoIP Phones
- Cisco, Avaya, Polycom, Siemens
- Testing includes PC connected to phones
• NAC solutions
- ISE, ClearPass, FreeRADIUS, Microsoft NPS, and Forescout
- 802.1x and MBA (MAC-Based AUTH)
- Dynamic VLAN assignment, CoA, Dynamic ACL
- Device classification including VoIP phone AUTH
• PoE
- APs, Phones, Cameras
- UNH-IOL PoE certification and inter-op
- 802.3af, 802.3at, and 802.3bt
WPA2/WPA3 (802.11i)
Inline authentication and
encryption for WiFi devices that
are managed by enterprise IT
and properly configured.
WPA2/WPA3
WIP
S
Overlay protection against security
threats from WiFi devices that are
not managed by enterprise IT
and/or are misconfigured.
APs managed
by enterprise IT
(Static list)
Block Detect
Misconfigured DoS
BLOCK
Neighborhood Neighborhood
APs IGNORE Clients
Accurately detects most types of Rogue APs without Prone to false positives and negatives and can load the
relying on switch infrastructure. switch infrastructure.
A fundamentally different approach that provides most Prone to the typical problems, such as blind spots and
comprehensive WiFi threat protection. flood of false alarms, with a signature-based approach.
Reliable automatic prevention without the risk of Cannot be relied for automatic prevention; liability of
disrupting neighborhood WiFi networks. disrupting neighborhood WiFi networks.
Change Wired +
Compliance Security Visibility
Management Wireless
Interface Summary
Easy access to
device summaries Power Usage
Monitor aggregate
and individual
summaries
Customizable
Dashboards
Create your own view
Continuous
Snapshots
Granular network
state is captured
automatically -
reduces manual CLI
burden
Behavior
Modeling Flow Tracker
Understand Visualization and
endpoints trend analysis
Broad
Visibility
Correlations
extend to DC
92 Confidential. Copyright
Confidential.
© Arista
Copyright
2019. All©rights
Aristareserved.
2019. All rights reserved.
Campus Use-case: Client-to-Cloud Visibility
State Streaming-based
Modern, granular,
complete. (No Polling - at
all!)
Common Dashboard
Starting Point... for Visibility
For diving deeper into Wired and Wireless
control, data, mgmt plane 3rd Party devices
Application Health
Auto packet captures inline and in real time, stored Visual packet trace analysis and auto diagnosis simplifies
in the context of specific client failures debugging.
Troubleshoot in no time
user-reported “WiFi issues”
ur ,
ct ed
e
•
ite fix
Split planes - management, control and data
- Delivers unparalleled flexibility in deployment and management
ch r
ar d o
• Arista’s Distributed Control Plane
fix dde
- Provides truly limitless scale architecture - impossible in a controller model
ot a
• Uptime Assurance
nn be
- Survivability across multiple network conditions
ca an
• Most flexible deployment options
ou s c
- Cloud and On-prem (appliance and virtualized)
t y re
•
bu atu
Zero touch deployments
- True plug and play means absolutely no local configuration required at the AP
Fe
World’s best WIPS
• Industry leading Wireless IPS
- Built into the system – enhanced if you use 3 Radio models Detailed battle-cards available at
https://arista.app.box.com/folder/52715763773
ad ;
lo ce
•
’s ien
Client Journey – view into WiFi users’ experience
- Takes you to the areas that need attention
or r
at xpe
• Performance and application dashboards
is r e
- View into the WiFi network’s heath
in e
tr
m us
• True Network Assurance using the innovative 3rd radio
ad iFi
- Behaves as a client to test your network (on demand and scheduled)
th t W
- Reports what real clients will experience
se len
• Inference Engine
e
Ea cel
- Root cause analysis provides options to address issues observed
Ex
• Broad spectrum troubleshooting assistance
- From bird’s eye view (Client Journey) to microscopic details (packet trace)
- Automatic packet captures when issues are observed
- Allows administrators to did as deep or as little to address the issues
Detailed battle-cards available at
https://arista.app.box.com/folder/52715763773
d
an
- Work with all standards based network elements
ey
-
lu ble sed
Reporting and logging using SNMP, Syslog, SMTP
on
rM
Va ra ba
Best value for money
fo
st pe s
Be tero ard
e
• Lowest capex & opex across all competition
in and
• Transparent licensing
St
- Single license provides all features
- Unlike competition that has complicated licenses for platforms,
features, etc.
Detailed battle-cards available at
https://arista.app.box.com/folder/52715763773
Can we use Cisco (or other vendor) for WiFi and use Arista for Yes - we have customers that deploy Arista as a pure WIPS.
analytics or security (WIPS) only? Typically in a 4:1 ratio (4 Cisco APs to 1 of our security
sensors). However, many of those customers have migrated
from WIPS only to our full cloud-managed wireless solution
because of the breadth of functionality available using the
same APs for WIPS and access.
Confidential.Copyright
Confidential. Copyright © Arista
© Arista 2019.
2019. All rights
All rights reserved.
reserved.
Objection Handling
Objection Response
What if your cloud management console goes down? The Arista cloud platform is highly redundant with a 99.99%
uptime SLA. APs continue to function normally, even in the
unlikely scenario the cloud is not available.
We are a Cisco shop and not interested in changing vendor. The Arista solution can bring real savings (CapEx and OpEx) -
no expensive onsite controllers or management platforms - no
AP HW markups, etc. The Arista solution is much easier to
manage, which makes management accessible to more
members of your organization.
Do you offer an on-prem option? Yes. The on-prem offering includes everything excluding
Guest Manager and inference diagnostics.
Confidential.Copyright
Confidential. Copyright © Arista
© Arista 2019.
2019. All rights
All rights reserved.
reserved.
Objection Handling
Objection Response
Arista has nothing like ISE in their portfolio. Arista integrates seamlessly with 3rd party AAA, NAC and
device onboarding solutions including ISE.
What happens if my internet connection goes down? Will my APs continue to function normally on the LAN. APs will
APs continue to function? continue to provide access for WiFi clients as well as continue
to detect/prevent security threats and store security events
locally on the AP until connection the the internet is restored.
We are uncomfortable with your recurring cloud licensing fee. There is a grace period and ample notification of expiration to
What happens if our cloud licensing expires? give your organization time to renew cloud licenses.
Confidential.Copyright
Confidential. Copyright © Arista
© Arista 2019.
2019. All rights
All rights reserved.
reserved.
Objection Handling
Objection Response
Customers require SNMP integration. The Arista Cloud Integration Point (CIP) enables integration of
local NMS and SIEM systems with the Arista cloud.
Cloud WLAN providers like Arista require that networks be Long ago this was true but now Arista offers a number of
designed/re-designed such that all VLANs are brought to the solutions for tunneling data traffic back to the network core
edge of the network where cloud APs connect to the network. (e.g. VxLAN) so customers’ underlying L2/L3 networks can
remain as is.
Confidential.Copyright
Confidential. Copyright © Arista
© Arista 2019.
2019. All rights
All rights reserved.
reserved.
Objection Handling - Meraki
Objection Response
No full stack management in Arista cloud management Arista already offers full stack management with the on-prem
offering. management solution. Full stack management via the cloud is
expected in the 1st half 2020.
Arista WiFi does not support L3 roaming. When you properly do your WiFi subnets (using larger
address blocks) the need for L3 roaming goes away as the
area being covered by the WiFi is covered by a larger
subnet…thus no “L3 roaming”.
Confidential.Copyright
Confidential. Copyright © Arista
© Arista 2019.
2019. All rights
All rights reserved.
reserved.
Objection Handling - Meraki
Objection Response
Meraki’s management solution includes an MDM offering. While Arista WiFi does not include MDM the Arista solution
can easily interoperate with leading 3rd party MDM solutions.
Meraki is much easier to configure than competitor solutions. Meraki does have fewer knobs but that does not mean that it
easier to deploy. Fewer knobs often means less ability to
customize configurations which leads to more compromises,
particularly in challenging RF environments.
Confidential.Copyright
Confidential. Copyright © Arista
© Arista 2019.
2019. All rights
All rights reserved.
reserved.
Design Resources
• Currently offer several courses that cover general Arista Knowledge and
CloudVision
• New program being developed to cover full certification from beginner to
expert - 8 levels
- Will cover in-depth training on VXLAN, EVPN, BGP, MPLS, WIFI, Cloud Vision, etc.
- Roadmap for launch early 2020
• WiFi specific specialization training
• Partner hosted Arista specific CWNP WiFi training
Tiered structure ✘
Outsourced support ✘
Key takeaway:
If network uptime is important to your business Arista is the ONLY choice
Confidential. Copyright © Arista 2018. All rights reserved.
Arista Differentiator: Arista TAC Escalation Process
Engage TAC
via email or phone If TAC can’t resolve issue, it gets
escalated to:
Shannon
Nashua,NH Korea
China
Pune Japan[*Hiring in progress]
Santa Clara Cary,NC
Bangalore
Sydney
Contact us:
Phone: 1866 476 0000
Global locations All products ~19s to respond to calls
Email: support@arista.com
support-wifi@arista.com for round the supported by single ~10min. TSE assignment
Forum: https://eos.arista.com/forum/ clock coverage tier, all employee TAC for email cases
Confidential. Copyright © Arista 2018. All rights reserved.
Arista Differentiator: Customer Feedback
"I work with many, many vendors, and Arista has, by far, the best TAC in the Industry!"
IB must be up-to-date for “installed at” site info for proper depot stocking. Recommend
quarterly IB true-ups
Break-Fix
Forum
CVaaS
Reduce MTTD by 80%
TAC (Mean Time To Detect)
Design
Articles Chat Bots Reduce MTTR by 50%
Operations (Mean Time To Respond)
CVaaS & AS
Design Webinars
Admin
1. Speed Using AI & ML create Intelligent, contextually aware with immediate engagement and faster response
http://bit.ly/ATS-Campus
Link will be active for 1 week and you will receive a confirmation email once graded.