Preface: I recently attended a Tech Field Day event (Tech Field Day Extra – Cisco Live 2017) and while the event is put on my Gestalt IT, I was not paid nor received any sort of reimbursement from Gestalt IT or the presenting companies.
Recently, I had the pleasure of being a delegate to a full day of Tech Field Day Extra – Cisco Live 2017. The entire day was devoted to Cisco and their recent announcements about their latest enterprise networking initiatives, or as they call it, the Network Intuitive. During the sessions, we got plenty of substance to fill in what the primary key note, delivered by Cisco CEO Chuck Robbins, was all about.
Interestingly enough, while I will never profess to being a packet plumber, my involvement in the day was one as an observer from other sides of IT operations and architecture. During the day, I was able to draw many parallels between the transformation that other IT disciplines/silos were or are currently going through.
The three major definitions of future enterprise networks that were outlined by the Cisco CEO were as follows: Scale, Simplification, Security. The goal of this post is to outline what Cisco is doing to help realize those definitions in their newest enterprise networking gear.
Going into these sessions, my entire understanding of software defined networking and the subsequent skirmishes between various vendors was very limited. As far as I was concerned, I didn’t care much about the intricate details of networking and only cared about the result that it delivered to my customers. These skirmishes between the various companies and their approaches only fueled my disdain for the specifics.
However, having attended these Cisco sessions (which, subsequently, were delivered by some of Cisco’s most distinguished minds and presenters), the importance of the network dawned on me. Like many architectures in other IT disciplines, while we’ve been able to abstract many of the architectural components, of say, a storage array, it’s purpose in delivering business value will always be a high priority.
That being said, I was able to fully grasp the reasoning behind the need for the ASIC technology in Cisco’s new Catalyst 9000 line. If you go back and touch on the points that Cisco CEO Chuck Robbins brought up in his Day 1 Keynote, scale was referred to as a primary point of definition of enterprise networking moving forward. With a constant stream of new devices that on-ramp into enterprise networks (whether that be devices like smartphones, tablets, or even IoT devices), the ability to process the onslaught of packets becomes something that needs to be addressed.
Thus, the importance of the ASIC in Cisco’s Catalyst lines over the last few years. The ASIC was created specifically to offload and process what software itself would not be able to scale with commodity processing capabilities. To parallel, think of all the offloads that come on a NIC in a server these days. If you tried to perform VXLAN services on those NICs without the offload, you put burden on the CPUs, which means the application running on those servers is going to suffer. The ASIC is essentially providing the same style of services, but at a different layer in the network.
Lastly, Cisco intends for these ASICs to be adaptable, over time. Cisco provided an example of VXLAN as to how adaptable the UADP ASIC is. When the ASIC was first designed, VXLAN was not even invented yet. However, over the course of time, Cisco’s software element, IOS-XE, was able to add support for the protocol, while wrapping it around the ASIC’s capabilities. This lead to VXLAN being able to be fully performing at a hardware layer, rather than having to resort to running it purely as software. The possibility, along with the realization, of new features in the platform should ensure there is a long-term investment into the platform that should not require a constant stream of hardware refreshes (not unlike certain legacy storage vendors) to be able to take advantage of new protocols over time.
You can’t call yourself a software-defined architecture without having to provide software elements to manage all these capabilities. This is also the layer that many traditional networkers struggle with. The software capabilities are used to encapsulate many of the functions that those networkers used to do, mostly through the power of the command line interface.
As we move towards a more automation forward enterprise, we are realizing that the devil is truly in the details. Those details led us towards needing to understand minute bits of information down to the tiniest object within our infrastructure. As enterprises scale, this mentality does not. Abstracting that information into the form of software-based policies becomes all the more important to scaling out the duties of the network administrator.
This is where Cisco’s DNA (Digital Network Architecture) product line comes into play. Included in DNA are a management dashboard (called DNA Center), a policy-driven engine to automatically segment network traffic (called Software-Defined Access), and a machine learning platform (included in DNA Center) to help drive more realization from predictive analytics. All of these tools are to change the thought process of networking to a more intent-based system versus the low-level detail orientation or prior network generations.
This is where I bring into this explanation my work with Cisco management software. If you read through my prior blogs, I work with Cisco’s UCS Director product to help automate our technical process in more legacy networking stacks, along with the combination of storage, compute, and virtualization. I mention this, as I see a lot of parallels between that product and what DNA Center is ultimately going to provide. The purpose is to be able to define a policy and implement it across the fabric. Going back to the original statement of networkers needing to become more ingrained with tools like RESTful APIs and associated scripting languages that execute against these APIs is going to be one of the biggest challenges moving forward for networkers. The same movement is happening with storage administrators, compute administrators, and virtualization administrators. Welcome to the party, networkers! As one who’s moved towards manipulation of IT systems through these protocols and scripting languages, I can assure you that you aren’t abandoning anything and, in fact, will become much more valuable to the organization by adding these skillsets to your toolset.
Now, more than ever, security is becoming a primary initiative within any technical silo/domain. For the longest time, we’ve considered security to be the “NO” of IT operations (in fact, you can’t spell “operations” with “no”). Businesses can no longer risk having security being an afterthought to projects. When you factor in the sheer number of devices onboarding to enterprise networks these days, that fact is enough to keep C-level executives awake with fear at night.
Cisco has woven security through all layers of this entire platform. Many of the ASICs roles are that to drive home encryption capabilities so that, again, offloads aren’t needing to be done by the software itself. However, some of the more interesting security measures are that being done by Encrypted Traffic Analytics.
I found this to be one of the most intriguing aspects in the security profile of the platform. I had no idea that a vast majority of our network traffic was already being encrypted. I also had no idea that many of our recent vulnerability attacks were also being performed using encryption. This has introduced a double-edged sword for those in the security realm. They want us to encrypt our traffic, however, now the malicious traffic is using the same means, making it harder to detect when these sorts of vulnerability events occur within the enterprise.
This is where Cisco has decided that analytics would be a great approach to identifying potential threats before they become fully bloomed nightmares. Instead of having to decrypt traffic to learn the intricate details of the potentially malicious threat, pattern recognition is applied to the traffic. If the traffic looks drastically different than what an organization is used to having, these sorts of anomalies can be flagged or even immediate set to deny so that further transmission can no longer occur. So, the net result is that by using this engine to analyze the pattern, you aren’t wasting precious resources having to fully decrypt the transmission.
The rise of business goal driven IT is forcing many IT technologists to find new ways to exist once the shift starts to happen in their specific environments. We, as the technologists, are attempting to adapt across the board, and we are more dependent on our technology partners to understand and provide us with the means to realize these goals. My personal belief is that Cisco is genuinely turning that corner to be able to help adapt IT in the ways we’ve started to experience or have come to expect in other technology disciplines. I look forward to watching these platforms evolve, along with watching my IT networking brethren evolve. I welcome you all to the new evolution of IT.
Now, can we stop arguing over the definition of what SDN is supposed to be? 😉