Cisco Instant Access · Multicast Tuning (PIM / IGMP) Routing Protocol Tuning Security (z.B....
Transcript of Cisco Instant Access · Multicast Tuning (PIM / IGMP) Routing Protocol Tuning Security (z.B....
Cisco Instant Access
Sascha Ulfig
Netzwerk geht auch einfach
Consulting Systems Engineer
20. November 2014
2 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Connect | Berlin 20.–21. November 2014
Keine sich wiederholenden Tätigkeiten mehr
Die IT verwendet zu viel Zeit für sich wiederholende Aufgaben auf Access Switches
28% Monitoring,
Troubleshooting
19% Security
Konfiguration
18% Installation,
Konfiguration, Tests
14% Software Updates
Quelle: Forrester Consulting, 2012
Cisco Instant Access Einfache Installation
2
3 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Connect | Berlin 20.–21. November 2014
94 Switches im Software Image- und Konfigurationsmanagement 188 Access Trunks/Port-Channels 4032 User Ports Pro Switch: Spanning-Tree / Loop Prevention FHRP Tuning Multicast Tuning (PIM / IGMP) Routing Protocol Tuning Security (z.B. 802.1X) Control-Plane Policing Quality of Service 94 Separate Konfigurationen für SNMP, NTP, TACACS, Banner, vty, VLAN DB, Mgmt IP/GW, Hostname
Klassischer Layer-2 oder Layer-3 Campus Hohe administrative Komplexität
SiSi SiSi
SiSi SiSi SiSi SiSi SiSi SiSi SiSi SiSi
Building 1 Building 2 Building 3 Building 4
Core
3
4 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Connect | Berlin 20.–21. November 2014
Cisco Catalyst Instant Access
Trennung der Control-Plane von der Data-Plane Eine Control-Plane für Distribution & Access Layer
SiSi SiSi
4
Software Defined Networking “…In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications…”
Source: www.opennetworking.org
Verteilte Data-Plane Catalyst 6848ia
EINE Control-Plane
Catalyst 6500/6800
5 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Connect | Berlin 20.–21. November 2014
Supervisor 2T WS-X6904-40G 6880-X
6500-E 6807-XL
• 10G SFP+ Uplink Ports • POE & POE+ Support • Integriertes Stacking Modul
Catalyst 6800IA
Catalyst 6500/6800
VS
Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia
FEX 101 FEX 102 FEX 103 FEX 104
Cisco Catalyst Instant Access Auf einen Blick…
6 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Connect | Berlin 20.–21. November 2014
Supervisor 2T WS-X6904-40G 6880-X
6500-E 6807-XL
• 10G SFP+ Uplink Ports • POE & POE+ Support • Integriertes Stacking Modul
Catalyst 6800IA
Catalyst 6500/6800
VS
Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia
Config on Parent: interface Port-channel101 switchport mode fex-fabric fex associate 101 interface Port-channel102 switchport mode fex-fabric fex associate 102 interface GigabitEthernet101/1/0/1 switchport mode access switchport access vlan 101 interface GigabitEthernet102/1/0/1 ip address 102.1.1.1 255.255.255.0 ipv6 address 2013:102:1:1:1::1/96
FEX 101 FEX 102 FEX 103 FEX 104
Cisco Catalyst Instant Access Auf einen Blick…
7 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Connect | Berlin 20.–21. November 2014
Catalyst Instant Access Client Portfolio C6800IA-48FPD C6800IA-48FPDR C6800IA-48TD C3560-CX
PoE/PoE+ ✗ ✓ 48 ports, 740W
✓ 48 ports, 740W
✓
12 ports, 240W
Down Link Ports 48x1G Cu 48x1G Cu 48x1G Cu 12x1G
Uplink Ports 2x10G SFP+ 2x10G SFP+ 2x10G SFP+ 2x10G SFP+ (for IA mode) , 2x1G Cu
FEX ID 12 ! 42/25* 12 ! 42/25* 12 ! 42/25* 42/25*
Access Ports Scalability Heute: 1000 ! 2000/1200* 1000 ! 2000/1200* 1000 ! 2000/1200* 300-500*
Stack 3!5 3!5 3!5 0
Dual Power Supply ✗ ✗ ✓ ✗ Standalone Mode ✗ ✗ ✗ ✓
FCS December
2014
* New Scale with IOS 15.2(1)SY targeted for January 2015. First value for 6880-X, second value for SUP2T.
8 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Connect | Berlin 20.–21. November 2014
Switch#sh run | sec template or show Template interface all template IA_TEMPLATE switchport mode access switchport access vlan 100 switchport nonegotiate switchport port-security source template IA_TEMPLATE2 template IA_TEMPLATE2 spanning-tree portfast edge Switch(config)#int range g101/1/0/1-3 Switch(config-if-range)#source template IA_TEMPLATE Switch#sh run int g101/1/0/1 interface GigabitEthernet1/1 switchport source template IA_TEMPLATE End Switch#sh derived-config int g101/1/0/1 interface GigabitEthernet1/1 switchport switchport access vlan 100 switchport trunk allowed vlan 1 switchport mode access switchport nonegotiate switchport port-security spanning-tree portfast edge
Demnächst für Instant Access: Interface Templates
• Template mit “template <templatename>” definieren
• Mit “source template <templatename>” Template an Interface oder anderes Template binden
• “show running interface <intf>” zeigt nur
noch das Template Mapping an
• Mit “show derived-config interface <intf>” kann vollständige Config dargestellt werden
• Änderung des Templates ändert ALLE Interfaces, welche damit assoziiert sind
Easy to Use
NEW with IOS
15.2(1)SY
9 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Connect | Berlin 20.–21. November 2014
Catalyst Instant Access Campus Dramatische Reduktion der Komplexität
Core
Building 1 Building 2 Building 3 Building 4
5 Switches im Software Image- und Konfigurationsmanagement Pro Switch: Spanning-Tree / Loop Prevention FHRP Tuning Multicast Tuning (PIM / IGMP) Routing Protocol Tuning Security (z.B. 802.1X) Control-Plane Policing Quality of Service 5 Separate Konfigurationen für Routing, Security, CoPP, SNMP, NTP, TACACS, Banner, vty, VLAN DB, Mgmt IP/GW, Hostname
Instant Access
9
10 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Connect | Berlin 20.–21. November 2014
Cisco Catalyst Instant Access Zusammenfassung Ø “Single Point of Management”
Ø Vereinfachte Installation und Konfiguration
Ø Plug and Play Provisionierung
Ø KEIN Software Image Management im Access
Ø Cat6500 Features durchgängig auf Distribution und Access
Netzwerk Vereinfachung Reduzierung der “Total Cost of Ownership” 10
11 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Connect | Berlin 20.–21. November 2014
Muninder Sambi – Director Product Management Anupam Upadhyaya – Manager Product Management
Himanshu Mehra – PM Engineering, Catalyst Plattform
Jens Demmer – Manager Product Management Jo Kern – Manager Product Management
Peter Provart – Business Dev. Manager, EBG EMEAR
Matthias Falkner – Distinguished Engineer Carlo Terminiello – CSE, EBG EMEAR
James Weathersby – Manager Technical Marketing
Alan Cottom – Technical Marketing Engineer
Enterprise Networking Raum: PS OG 1
Security Raum: PS EG 3
13:00
APIC-EM – SDN im Enterprise Markus Harbeck
Consulting Systems Engineer Cisco
AMP everywhere - warum es darauf ankommt Volker Marschner
Consulting Systems Engineer Cisco
13:30
SDN – Paradigmenwechsel für Netzwerke und Datacenter Steffen Winkler
Solution Manager Netzwerkumfeld Computacenter AG & Co oHG
Einführung in Cloud Managed Networking Christian Goldberg
Cloud Networking Systems Engineer Cisco
14:00
Instant Access - Netzwerk geht auch einfach Sascha Ulfig
Consulting Systems Engineer Cisco
Internet of Things... Let's Not Forget Security Please! Eric Vyncke
Distinguished Systems Engineer Cisco
14:30
Netzwerk Virtualisierung - Netzwerktrennung im LAN und WAN Sascha Ulfig
Consulting Systems Engineer Cisco
Akamai Connect Lorenz Jakober
Sr. Product Marketing Manager Akamai
15:00
Cisco Threat Centric Security Solutions Holger Unterbrink
Consulting Systems Engineer Cisco
DPDHL Branch of the Future Concept Zvezdan Schoppmann
Head of Technology Innovation Management DPDHL
15:30
Prime Infrastructure Lothar Müller
Berater & Service Ingenieur EnBW Netze GmbH
Skyconnect, eine globale WAN Plattform „moving to iWAN“ Markus Vögele
Senior Systems & Design Engineer Lufthansa Systems AG