Cisco made a major announcement today focused on their enterprise networking portfolio introducing DNA Center and a new Catalyst 9000 portfolio. From Cisco's point of view, this launch represents a major change in their approach to campus networking, moving away from the traditional CLI configuration model and bringing together a wholly software defined end-user infrastructure.
Hardware is where you would normally see Cisco's focus. For the last five years, the Unified Access Dataplane (UADP) chip in the Catalyst was a major success, introducing semi-flexible and programmable ASICs. The Catalyst 9000 will introduce UADP 2.0 and offer a newly programmable IOS-XE, a software and hardware package specifically designed for the age of the software defined campus network. With an x86 CPU inside, IOS-XE will run many of its services within containers and Cisco are opening up four containers for customers to inject their own micro-services onto the switch. Catalyst models 9300, 9400 and 9500 are to be released between now and November of this year, providing replacements for the stackable 3850 access switches, the Catalyst 4500 chassis model and the 4500-X/3850-XS respectively. One additional hardware inclusion will be the option of 100W PoE on certain 9300 and 9400 models to support the growing demand of higher-powered IoT and building management systems.
New hardware is one thing, but it's in the software where things get interesting. Cisco's DNA Center takes plenty of design cues from their Meraki counterparts. Cisco's Enterprise Networking group has developed a new, single point of clarity for designing, provisioning and managing campus networks. From DNA Center you can define how your SD-Access network looks; identifying network devices based on location, automatically provisioning them and then managing them from the access to the core as a single fabric. End user devices can be assigned addresses from location-specific pools and rather than defining traditional VLANs and VRFs, end users, devices and applications are segregated on the fabric through policies you define.
Released on its own dedicated appliance initially, DNA Center will encompass not only enterprise switching but in the future support routers, wireless controllers and access points. This will provide direct integration with existing products such as Identity Services Engine and Stealthwatch. The introduction of Platform Assurance is where DNA Center starts to provide a serious benefit to operations teams; highlighting the top ten performance or user-impacting issues through self-diagnosis with DNA Center making pro-active recommendations for remediation. Enhanced Traffic Analytics, a roadmap feature, will enable the identification of threats such as malware without the need for payload decryption. Instead, it's analysing metadata such as packet payload, application payload and inter-packet gap to predict if the traffic contains a security threat.
The technology in the infrastructure is already there - LISP and ISIS for the control plane, VXLAN for the data-plane and a combination of VRF and TrustSec make up the policy control. DNA Center provides a way of tying all of this together in a cohesive way, not too dissimilar to how Cisco's Application Centric Infrastructure (ACI) works now.
There's some good news and some bad news. The 4500-X will not be supported as a fabric member. Existing UADP platforms such as the 3850 and 3650 will be compatible but may not get some future feature releases that the new UADP can support. 4500 chassis equipped with Sup8/9 and the 6800 will also be supported but again with limited scope for future development.
We would love to hear any comments you have about this article!