Mais conteúdo relacionado Semelhante a Cisco Connect Ottawa 2018 dna automation the evolution to intent-based networking (20) Mais de Cisco Canada (11) Cisco Connect Ottawa 2018 dna automation the evolution to intent-based networking2. DNA Automation
The Evolution to
Intent-Based Networking
Don Orlik, Product Specialist – Digital Network Architecture
Karl Etienne St Pierre, Systems Engineer – Federal
3. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Connect delivers education and
inspiration to technology innovators
worldwide.
• Why an Intent Based solution
• Traditional Management vs. Intent Based Networking
• What is DNA Center
• DNA Center Automation: Using DNA Center for Base
Network Automation
• DNA Center Automation: Using DNA Center for
Application Policy
• Key Takeaways
AGENDA
Lecture
&
Demo
&
Comparisons
with Prime
4. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Why an Intent Based
Solution ?
5. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Cost of Doing Business in the Digital World
Why are companies spending so much?
*McKinsey study conducted for Cisco in 2016
95% 70% 75%
OpEx Spent on Network
Changes & Troubleshooting
Policy Violations
Due to Human Error
Network Changes
Performed Manually
$60B Spent on Network
Operations Labor and Tools
6. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IT Operations Evolution to Intent-based networking
IT Ops Maturity
Automated
segmentation,
security and
application experience
based on policy
SD-Access
and SD-WAN
Simplify
troubleshooting and
detect malware
events in encrypted
flows
Assurance and
Threat Detection
Zero touch
provisioning,
automated software
image management
Base
Automation
Manual network
configuration and
troubleshooting
Manual
Operations
7. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Traditional
Management vs.
Intent Based
Networking
8. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What do we mean by Intent Based Networking?
Conventional Model
The What
“QoS Policy for
Branches A-N”
The How
“Change QoS
config in the
following elements”
Admin
Driven
System
Driven
Intent Based Policy
Deployment
The What
“QoS Policy for
Branches A-N”
The How
“Change QoS
Config in the
following flements”
Admin
Driven
Manual Policy
Deployment
9. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Unlock the Power that Exists
in the Network through
Abstraction, Automation,
and Policy Enforcement
Leverage the
Power of Existing
Distributed Systems
The Network you
have already built
9
Cisco’s Enterprise IBN Strategy
Policy and Intent to Unlock the Power of your Network
Enable Network Wide
Fidelity to an Expressed
Intent (Policy) through
Analytics & Assurance
10. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Feature Configuration vs. Intent Based Networking
FEATURE CONFIGURATION
11. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Feature Configuration vs. Intent Based Networking
INTENT BASED NETWORKING
12. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network Deployment Time Savings
Policy
6 complex steps
reduced to 2 simple
clicks
Now
5 minutes
Before
4 hours
Design
12 find and define
tasks now auto-
discover and import
Now
15 minutes
Before
2 hours
Provision
8 manual
configuration steps
reduced to select
and drop
Now
5 minutes
Before
5 hours
Savings
Workflow time per
device:
Now
25 minutes
Before
11 hours
13. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What is DNA
Center?
14. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DNA Center: Design, Policy, Provision, Assurance
A better way to manage your network
DNA Center: Design, provision,
automate policy and assure
services from one place
Logical workflow to design,
provision, set policy
Respond to changes faster
Monitor end-to-end
network performance
Predict and act on problems
before they happen
Pinpoint problems faster
Reduce downtime with an
end-to-end view instead of
hop by hop
Manage hardware and
software lifecycles
Keep up to date, meet
compliance and plan for refresh
DN1-HW-APL
Current version 1.2.5
15. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Decouple Policy from
Network Topology
Industry Best-Practices
and Policy Compliance
Proactive Issue
Identification and
Resolution
Business Intent driven
Network Changes
Simplify Day 0 to Day
N Changes
Monitoring
and Troubleshooting
Fabric Network Automation Assurance
Introducing DNA Center
Policy-Based Network
Covered in this session
16. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Decouple Policy from
Network Topology
Industry Best-Practices
and Policy Compliance
Proactive Issue
Identification and
Resolution
Business Intent driven
Network Changes
Simplify Day 0 to Day
N Changes
Monitoring
and Troubleshooting
Fabric Network Automation Assurance
Introducing DNA Center
Policy-Based Network
Covered in the
afternoon session
17. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DNA Center
Automation:
Using DNA Center
for Base Network
Automation
18. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automation Use Cases covered in this session
Use Case #4- Wireless
Deployment
Use Case #2- Software
and Image Management
Use Case #3-
Customized Templates
Use Case #5-
Application Policy
Use Case #1- New
device onboarding
SITE
19. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Preparing DNA
Center
20. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Step 1 – Define your network hierarchy
21. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Step 2 – Define Network Settings and Device
Credentials
22. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Step 3 – Discover existing network
23. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Step 4 – Check Inventory
24. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Step 5 (Optional) - Check Topology
25. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #1 -
Network Plug and Play
26. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Direct Costs
• Pre-staging & Shipping
costs
• Travel costs
Complexity
• Configuration errors
• Different products, IOS
Releases
Security
• 3rd
party not secure
• Rogue devices
Time/Productivity
• Manual process
• Shipping , Storage,
Travel
TechnicianStaging
Site
Manual
Installer
Deploy
device on
site
Order
Equipment
Deploy
device on
site
DNA-C Automation
With Plug & Play
Order
Equipment
• Drop Ship devices
• Centralized device discovery
(DHCP, DNS, Cloud)
• Non-technical installer at site
• Template based configurations
• Secure SUDI Authentication
~50%
Day 0 OPEX Savings*
Network Plug and Play: New Device Onboarding
27. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Use Case Example
Device Deployment in Campus
DHCP Server
Network Admin Pre-
Provisions DNAC
Day 0
IP Address
10.11.11.11
DNAC (PnP Server)
28. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNAC (PnP Server)
Use Case Example
Device Deployment in Campus
DHCP Server
Switch running
PnP Agent
<..snip..>
CISCO_PNP.pnpserver
"5A;B2;K4;I10.11.11.11;J80";
<..snip..>
Device validates server’s location and
establishes a communication with the server
Installer
Remote Installer
• Mount and cable
devices
• Power-on
Day 1
Network Admin remotely
monitors status of install
while in progress.
Day 1
IP Address
10.11.11.11
Cisco IOS®
Config
file….
29. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
PnP Server Discovery Options
Redirect
ManualAutomated
DHCP with options 60 and 43
PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server
DNS lookup
pnpserver.localdomain resolves to DNA-C IP Address
Cloud re-direction https://devicehelper.cisco.com/device-helper
Cisco hosted cloud, re-directs to on-prem DNA-C IP Address
USB-based bootstrapping
router-confg/router.cfg/ciscortr.cfg
Manual - using the Cisco® Installer App*
iPhone, iPad, Android
Routers
(ASR, ISR)
Switches
(Catalyst®)
Wireless
Access Points
1
2
3
4
5
* DNA-C Support in Roadmap
Manual discovery
not supported for
Access Points
30. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CCW order
ControllerIP
Corporate
HQ
Cisco®
supply chain
Installer
Device SN
Customer Smart
Account added as
part of ordering
Device SN added
into customer
Smart Account
SN per Smart
Account available in
PnP Connect
DNA Center
registers its identity
with PnP Connect
DNA Center downloads SN from
PnP Connect
Profile mapped
to site
1
2
Customer Smart
Account
3
Device SN
PnP Connect
Cloud-based device
discovery
Instructto
contacton-prem
ises
controller
PresentSN
Device SN
5
4
6
Label
SSL SSL
7
Admin
DNA Center
Deploy image and configuration
Device provisioned upon
discovery and
association to site
8
SSL
Day-0 deployment using PnP Connect
31. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #1 -
Network Plug and
Play Demo
32. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #2 -
SWIM
33. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case:
• Ensure Consistency of Software
for all network devices (by
platform type)
• React to PSIRT and bugs fast
• Deploy software with
confidence
Use Case #2: Managing Software Lifecycle
Benefits:
• Golden Image based workflows
drive software consistency
• Pre/Post check ensures that
software updates do not have
adverse effects on the network
• Patching provides small
updates to react quickly to
security fixes
34. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
But wait! Doesn’t PI have Image
Management?
Select
Golden
Image
Identify
devices to
upgrade
Create a
Change
Request
Approval
of CR
Pre-Check
validations
Distribute
Image
Activate
Image
Post
Upgrade
Validation
Close CR
Plan a
Image
Upgrade
Steps to Update Software Image Update
Select
Golden
Image
Identify
devices to
upgrade
Create a
Change
Request
Approval
of CR
Pre-Check
validations
Distribute
Image
Activate
Image
Post
Upgrade
Validation
Close CR
Plan a
Image
Upgrade
Traditional NMS Software Image Update
Select
Golden
Image
Identify
devices to
upgrade
Create a
Change
Request
Approval
of CR
Pre-Check
validations
Distribute
Image
Activate
Image
Post
Upgrade
Validation
Close CR
Plan a
Image
Upgrade
DNA Center Software Image Update
Indicates ITSM Process Steps
How to interpret
the colors
Actions outside of NMS,
mostly manual
Steps covered in NMS Tool
Steps covered in DNA-C
35. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #2 -
SWIM Demo
36. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Software Upgrade Workflow: Recommended
Images
Recommended Images:
• DNA Center can display the Cisco-recommended software images for
the devices that it manages (by device type).
• Cisco Credentials are required
• If the recommended Golden Image is selected as Golden, DNA Center
automatically uploads from cisco.com.
37. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SMU (Software Maintenance Update)
Each device
update causes
network outage
Business
Loss &
Downtime
Reduced IT
Staff
Slows down
software
rollouts
New Code
Requires bug
analysis,
certification
Copy Images to
site over slow
VPN tunnels
Time
Consuming
Why SMU ?
What is SMU ?
§ Point Fixes for the IOS-XE images (16.x onwards)
§ Provides the ability to just update what is needed
38. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SMUs in DNA Center
Step 1: Upload SMU
Step 2: SMU is automatically associated with
corresponding image
Step 3: Mark SMU as Golden
39. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #3 -
Template Editor
40. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Use Case #3: Customized Configurations
Create the Template
41. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Template Editor
Device Type and
Software Type selected
from a drop down menu• Minimum software version applicable
for this template
• These are check during provisioning, if
there’s a mismatch, provision skips the
template
42. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Template Editor
Checks:
• Velocity syntax error
• Conflicts with blacklisted
commands
Commit:
• Once committed, it becomes read-
only version
• Commit version is essentially
template version control
• Only latest commit version can be
used for provisioning
Content in template uses Velocity TemplateLanguage (VTL). For more information about using VTL:
http://velocity.apache.org/engine/devel/vtl-reference.html .
43. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Customized Network Settings Update
How to deploy the template to the devices
Template is
associated to
Network Profile
Network Profile
assigned to a site
PROFILE
DESIGN
PROVISION
SITE
DEVICE
TEMPLATE
DESIGN
44. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #3 -
Template Editor
Demo
45. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #4 - Wireless
Deployment
46. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #4: Wireless Deployment Made Simple
SSID RF Profiles
Dynamic
Interfaces
Flex/Centralized
PROFILE
DESIGN
PROVISION
SITE
WLC & AP
SSID
DESIGN
SSIDs and RF Parameters that represent wireless network
Devices ready to
deploy
47. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Advanced RF support
Ability to create custom RF profiles with support for:
• Data Rates
• Dynamic Channel Assignment (DCA)
• Tx Power configuration (TPC)
• RxSOP
• Radio Enable/Disable
Now create and edit RF profiles for the wireless network
48. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
New in DNA Center 1.2 Brownfield Support
Phase 1 – In Product Beta
Learn Analyze Populate DNAC Designs
• Learn from WLC and
populate DNAC Designs
automatically
• Provision new WLC’s
using the learnt DNAC
Designs
49. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
New in DNA Center 1.2 Brownfield Support
Phase 1 – In Product Beta
Learn from WLC and populate DNAC Designs automatically
• Network Settings such as AAA, Syslog, DHCP,DNS etc
• Wireless Settings such as SSID’s, RF Profiles, Dynamic Interfaces
50. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #4 -
Wireless
Deployment Demo
51. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #5 –
Application Policy
Automation
52. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ONE
FoundationApplication Policy
Simplifying Deployment of QoS Enterprise Wide
Implements QoS in Minutes
Enhance
Collaboration
Experience
300% 50%
Reduction in
voice jitter
Video quality
improves
Select from
Predefined
Policies
Optimized
for Any
Infrastructure
Select from Predefined
Policies
Automated Deployment
of QoS config
Optimized
for Any Infrastructure
Enhance Application
Experience
53. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Policy
Wireless AP
Trust Boundary
PEP
4Q (WMM)
Catalyst 3650
Trust Boundary
PEP
2P6Q3T
Catalyst 4500
1P7Q1T
Catalyst 6500
1P3Q4T
1P7Q4T
2P6Q4T
…
Nexus 7700
F3: 1P7Q1T
WLC
PEP
ASR/ISRs
MQC
Catalyst 2960-X
Trust Boundary
PEP
1P3Q3T
Wireless AP
Trust Boundary
PEP
4Q (WMM)
Applications can interact with DNA Center via
Northbound APIs, informing the network of application-
specific and dynamic QoS requirements
Southbound APIs translate
business-intent to platform-
specific configurations
Network Operators express high-level
business-intent to DNA Center
Application Policy
DNA Center
AnalyticsPolicy Automation
54. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Policy in DNAC will seamlessly
interconnect all types of hardware and software
queuing models to achieve consistent and
compatible end-to-end treatments aligned with the
expressed business-intent
Catalyst 9300
Application Policy: Deploy End-to-End DSCP
Based Queueing Policies
DNA Center
AnalyticsPolicy Automation
55. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Solicit Application Business-Relevance
Relevant IrrelevantDefault
• These applications directly
supports business objectives
• Applications should be classified
and marked according to RFC
4594-based rules
• These applications may/may not
support business objectives
• E.g. HTTP/HTTPS
• Alternatively, administrator may not
know the application (or how its
being used in the org)
• Applications in this class should be
marked DF and provisioned with a
default best-effort service (RFC
2474)
• These applications are known
and do not directly support any
business objectives; this class
includes all personal/consumer
applications
• Applications in this class should
be marked CS1 and provisioned
with a “less-than-best-effort”
service , per (RFC 3662)
56. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What Do We Do Under-the-Hood?
Apply RFC 4594-based Marking / Queuing / Dropping Treatments
Application
Class
Per-Hop
Behavior
Queuing &
Dropping
Application
Examples
VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)
Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV
Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE
Signaling CS3 BW Queue SCCP, SIP, H.323
Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Default Forwarding DF Default Queue + RED Default Class
Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox LiveIrrelevant
Default
Relevant
57. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Policy Workflow
Based on Business Relevance for the applications
58. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Policy Workflow
Deploy Policy based on Site
59. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
But wait! Doesn’t PI have QoS Templates?
Manually select
interfaces in each
device
60. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
But wait! Doesn’t PI have QoS Templates?
For each interface and
direction decide whether or
not you want to do QoS
Classification & Marking
Set Classification and
Queuing Profiles
61. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Prime Templates provide complete exposure and
manipulation of low level QoS configuration
62. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Policy Workflow
Under the Hood - Classification
class-map match-all VOICE
match protocol attribute traffic-class voip-telephony
match protocol attribute business-relevance business-relevant
class-map match-all BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video
match protocol attribute business-relevance business-relevant
class-map match-all REAL-TIME-INTERACTIVE
match protocol attribute traffic-class real-time-interactive
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-CONFERENCING
match protocol attribute traffic-class multimedia-conferencing
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA-STREAMING
match protocol attribute traffic-class multimedia-streaming
match protocol attribute business-relevance business-relevant
class-map match-all SIGNALING
match protocol attribute traffic-class signaling
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-CONTROL
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant
policy-map MARKING
class VOICE
set dscp ef
class BROADCAST-VIDEO
set dscp cs5
class REAL-TIME-INTERACTIVE
set dscp cs4
class MULTIMEDIA-CONFERENCING
set dscp af41
class MULTIMEDIA-STREAMING
set dscp af31
class SIGNALING
set dscp cs3
class NETWORK-CONTROL
set dscp cs6
class NETWORK-MANAGEMENT
set dscp cs2
class TRANSACTIONAL-DATA
set dscp af21
class BULK-DATA
set dscp af11
class SCAVENGER
set dscp cs1
class class-default
set dscp default
63. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Policy Workflow
Under the Hood - Classification
Cisco Protocol Pack Library: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
Protocol Pack 28: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp2800/nbar-prot-pack2800.html
<protocol>
<attributes>
<application-group>other</application-group>
<business-relevance>business-relevant</business-relevance>
<category>business-and-productivity-tools</category>
<encrypted>false</encrypted>
<p2p-technology>false</p2p-technology>
<sub-category>desktop-virtualization</sub-category>
<traffic-class>multimedia-streaming</traffic-class>
<tunnel>false</tunnel>
</attributes>
<common-name>Citrix Static</common-name>
<enabled>true</enabled>
<engine-id>3</engine-id>
<global-id>L4:1604</global-id>
<help-string>Citrix Static</help-string>
<id>1433</id>
<ip-version>
<ipv4>true</ipv4>
<ipv6>true</ipv6>
</ip-version>
<long-description>Citrix is an application that mediates users remotely to their corporate applications. ICre is a designated protocol for application server system; it is used for transferring data between clients and servers…
<name>citrix-static</name>
<ports>
<tcp>1494,1604,2512,2513,2598</tcp>
<udp>1604,2512,2513</udp>
</ports>
<indicative-ports>
<tcp>1494,1604,2512,2513,2598</tcp>
<udp>1604,2512,2513</udp>
</indicative-ports>
<references>http://www.citrix.com/site/resources/dynamic/additional/ICA_Acceleration_0709a.pdf</references>
<commonly-used>7</commonly-used>
<selector-id>1604</selector-id>
<underlying-protocols>tcp,udp</underlying-protocols>
</protocol>
remark citrix-static
permit tcp any any eq 1494
permit tcp any any eq 1604
permit tcp any any range 2512 2513
permit tcp any any eq 2598
- Citrix Static
ip access-list extended CONTROLLER-MULTIMEDIA-STREAMING-ACL
…
permit udp any any eq 1604
permit udp any any range 2512 2513
64. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Policy Workflow
Under the Hood - Classification
Cisco Protocol Pack Library: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
Protocol Pack 28: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp2800/nbar-prot-pack2800.html
ip access-list extended prm-APIC_QOS_IN#MM_STREAM__acl
remark citrix - Citrix
permit tcp any any eq 1494
permit udp any any eq 1494
permit tcp any any eq 2598
permit udp any any eq 2598
remark citrix-static - Citrix-Static
permit tcp any any eq 1604
permit udp any any eq 1604
permit tcp any any range 2512 2513
permit udp any any range 2512 2513
</snip>
exit
Application
ACLs
!
ip access-list extended prm-APIC_QOS_IN#VOICE__acl
permit ip host 10.4.81.21 any DSCP ef
!
ip access-list extended prm-APIC_QOS_IN#MM-CONF__acl
permit ip host 10.4.81.21 any DSCP af41
!
Static Endpoint
ACL for Cisco
Phone
65. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case #5 -
Application Policy
Demo
66. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Takeaways
67. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Key Takeaways
It’s all about efficiency and speed
Intent Driven Networking accomplishes drastic simplification
Assurance must be outcomes driven and not problem based
Network Automation is required Reduce Cost and Remove
manual Errors
Profile Based Deployment simplifies Day 0 Deployment and
Day 2 Change Management