Cisco Instant Access Netzwerk geht auch einfach

Instant Access Netzwerk geht auch einfach Sascha Ulfig Consulting Systems Engineer 20. November 2014

Die IT verwendet zu viel Zeit für sich wiederholende Aufgaben auf Access Switches 28% Monitoring, Troubleshooting 19% Security Konfiguration 18% Installation, Konfiguration, Tests 14% Software Updates Instant Access Einfache Installation Keine sich wiederholenden Tätigkeiten mehr Quelle: Forrester Consulting, 2012 2 2

Klassischer Layer-2 oder Layer-3 Campus Hohe administrative Komplexität Core 94 Switches im Software Imageund Konfigurationsmanagement 188 Access Trunks/Port-Channels 4032 User Ports Pro Switch: Spanning-Tree / Loop Prevention FHRP Tuning Multicast Tuning (PIM / IGMP) Routing Protocol Tuning Security (z.b. 802.1X) Control-Plane Policing Quality of Service Building 1 Building 2 Building 3 Building 4 94 Separate Konfigurationen für SNMP, NTP, TACACS, Banner, vty, VLAN DB, Mgmt IP/GW, Hostname 3 3

Trennung der Control-Plane von der Data-Plane Eine Control-Plane für Distribution & Access Layer Software Defined Networking In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications Source: www.opennetworking.org Catalyst Instant Access Verteilte Data-Plane EINE Control-Plane Catalyst 6848ia Catalyst 6500/6800 4 4

Catalyst Instant Access Auf einen Blick Catalyst 6500/6800 VS FEX 101 FEX 102 FEX 103 FEX 104 Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia 6500-E 6807-XL Supervisor 2T WS-X6904-40G 6880-X Catalyst 6800IA 10G SFP+ Uplink Ports POE & POE+ Support Integriertes Stacking Modul 5

Catalyst Instant Access Auf einen Blick Catalyst 6500/6800 VS FEX 103 FEX 102 FEX 101 Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia FEX 104 Catalyst 6800ia Config on Parent: interface Port-channel101 switchport mode fex-fabric fex associate 101 6500-E 6807-XL Catalyst 6800IA interface Port-channel102 switchport mode fex-fabric fex associate 102 interface GigabitEthernet101/1/0/1 switchport mode2t access Supervisor WS-X6904-40G switchport access vlan 101 interface GigabitEthernet102/1/0/1 ip address 102.1.1.1 255.255.255.0 ipv6 address 2014 and/or 2013:102:1:1:1::1/96 its affiliates. All rights reserved. 6880-X Connect Berlin 20. 21. November 2014 10G SFP+ Uplink Ports POE & POE+ Support Integriertes Stacking Modul 6

Catalyst Instant Access Client Portfolio C6800IA-48TD C6800IA-48FPD C6800IA-48FPDR C3560-CX FCS December 2014 PoE/PoE+ 48 ports, 740W 48 ports, 740W 12 ports, 240W Down Link Ports 48x1G Cu 48x1G Cu 48x1G Cu 12x1G Uplink Ports 2x10G SFP+ 2x10G SFP+ 2x10G SFP+ 2x10G SFP+ (for IA mode), 2x1G Cu FEX ID 12! 42/25* 12! 42/25* 12! 42/25* 42/25* Access Ports Scalability Heute: 1000! 2000/1200* 1000! 2000/1200* 1000! 2000/1200* 300-500* Stack 3!5 3!5 3!5 0 Dual Power Supply Standalone Mode * New Scale with IOS 15.2(1)SY targeted for January 2015. First value for 6880-X, second value for SUP2T. 7

Demnächst für Instant Access: Interface Templates NEW with IOS 15.2(1)SY Easy to Use Template mit template <templatename> definieren Mit source template <templatename> Template an Interface oder anderes Template binden show running interface <intf> zeigt nur noch das Template Mapping an Mit show derived-config interface <intf> kann vollständige Config dargestellt werden Änderung des Templates ändert ALLE Interfaces, welche damit assoziiert sind Switch#sh run sec template or show Template interface all template IA_TEMPLATE switchport mode access switchport access vlan 100 switchport nonegotiate switchport port-security source template IA_TEMPLATE2 template IA_TEMPLATE2 spanning-tree portfast edge Switch(config)#int range g101/1/0/1-3 Switch(config-if-range)#source template IA_TEMPLATE Switch#sh run int g101/1/0/1 interface GigabitEthernet1/1 switchport source template IA_TEMPLATE End Switch#sh derived-config int g101/1/0/1 interface GigabitEthernet1/1 switchport switchport access vlan 100 switchport trunk allowed vlan 1 switchport mode access switchport nonegotiate switchport port-security spanning-tree portfast edge 8

Catalyst Instant Access Campus Dramatische Reduktion der Komplexität Core Instant Access 5 Switches im Software Imageund Konfigurationsmanagement Pro Switch: Spanning-Tree / Loop Prevention FHRP Tuning Multicast Tuning (PIM / IGMP) Routing Protocol Tuning Security (z.b. 802.1X) Control-Plane Policing Quality of Service Building 1 Building 2 Building 3 Building 4 5 Separate Konfigurationen für Routing, Security, CoPP, SNMP, NTP, TACACS, Banner, vty, VLAN DB, Mgmt IP/GW, Hostname 9 9

Catalyst Instant Access Zusammenfassung Ø ngle Point of Management Ø Vereinfachte Installation und Konfiguration Ø Plug and Play Provisionierung Ø KEIN Software Image Management im Access Ø Cat6500 Features durchgängig auf Distribution und Access Netzwerk Vereinfachung Reduzierung der Total Cost of Ownership 10 10

Enterprise Networking Raum: PS OG 1 Security Raum: PS EG 3 13:00 APIC-EM SDN im Enterprise Markus Harbeck Consulting Systems Engineer AMP everywhere - warum es darauf ankommt Volker Marschner Consulting Systems Engineer 13:30 14:00 SDN Paradigmenwechsel für Netzwerke und Datacenter Steffen Winkler Solution Manager Netzwerkumfeld Computacenter AG & Co ohg Instant Access - Netzwerk geht auch einfach Sascha Ulfig Consulting Systems Engineer Einführung in Cloud Managed Networking Christian Goldberg Cloud Networking Systems Engineer Internet of Things... Let's Not Forget Security Please! Eric Vyncke Distinguished Systems Engineer Muninder Sambi Director Product Management Anupam Upadhyaya Manager Product Management Himanshu Mehra PM Engineering, Catalyst Plattform Jens Demmer Manager Product Management Jo Kern Manager Product Management Peter Provart Business Dev. Manager, EBG EMEAR 14:30 Netzwerk Virtualisierung - Netzwerktrennung im LAN und WAN Sascha Ulfig Consulting Systems Engineer Akamai Connect Lorenz Jakober Sr. Product Marketing Manager Akamai Matthias Falkner Distinguished Engineer Carlo Terminiello CSE, EBG EMEAR James Weathersby Manager Technical Marketing 15:00 Threat Centric Security Solutions Holger Unterbrink Consulting Systems Engineer DPDHL Branch of the Future Concept Zvezdan Schoppmann Head of Technology Innovation Management DPDHL Alan Cottom Technical Marketing Engineer 15:30 Prime Infrastructure Lothar Müller Berater & Service Ingenieur EnBW Netze GmbH Skyconnect, eine globale WAN Plattform moving to iwan Markus Vögele Senior Systems & Design Engineer Lufthansa Systems AG 11

Thank you.