Cisco Digital Network Architecture: Intent-based Networking for the Enterprise, 1st edition

  • Tim Szigeti
  • David Zacks
  • Matthias Falkner
  • Simone Arena


The complete guide to transforming enterprise networks with Cisco DNA

As networks become more complex and dynamic, organizations need better ways to manage and secure them. With the Cisco Digital Network Architecture, network operators can run entire network fabrics as a single, programmable system by defining rules that span their devices and move with their users. Using Cisco intent-based networking, you spend less time programming devices, managing configurations, and troubleshooting problems so you have more time for driving value from your network, your applications, and most of all, your users.

This guide systematically introduces Cisco DNA, highlighting its business value propositions, design philosophy, tenets, blueprints, components, and solutions.Combining insider information with content previously scattered through multiple technical documents, it provides a single source for evaluation, planning, implementation, and operation.

The authors bring together authoritative insights for multiple business and technical audiences. Senior executives will learn how DNA can help them drive digital transformation for competitive advantage. Technical decision-makers will discover powerful emerging solutions for their specific needs. Architects will find essential recommendations, interdependencies, and caveats for planning deployments. Finally, network operators will learn how to use DNA Center’s modern interface to streamline, automate, and improve virtually any network management task.

·         Accelerate the digital transformation of your business by adopting an intent-based network architecture that is open, extensible, and programmable

·         Integrate virtualization, automation, analytics, and cloud services to streamline operations and create new business opportunities

·         Dive deep into hardware, software, and protocol innovations that lay the programmable infrastructure foundation for DNA

·         Virtualize advanced network functions for fast, easy, and flexible deployments

·         Translate business intent into device configurations and simplify, scale, and automate network operations using controllers

·         Use analytics to tune performance, plan capacity, prevent threats, and simplify troubleshooting

·         Learn how Software-Defined Access improves network flexibility, security, mobility, visibility, and performance

·         Use DNA Assurance to track the health of clients, network devices, and applications to reveal hundreds of actionable insights

·         See how DNA Application Policy supports granular application recognition and end-to-end treatment, for even encrypted applications

·         Identify malware, ransomware, and other threats in encrypted traffic 

Table of contents

Foreword xxxiv

Introduction xxxvi

Part I Introduction to DNA

Chapter 1 Why Transform Your Business Digitally? 1

Opportunities and Threats 1

Digitally Transforming Industries 3

    Digital Advertising 3

    Digital Media and Entertainment 3

    Digital Finance 4

    Digital Communications 4

    Digital Transportation Services 5

Digitally Transforming Businesses 7

    Transforming the Customer Experience 8

    Transforming the Employee Experience 11

    Transforming Business Operations 14

Driving Digital Transformation with the Internet of Things 16

Are You Ready? 17

Summary 18

Further Reading 18

Chapter 2 The Business Value of DNA 19

Business Requirements of the Network Architecture 19

    Cost Reduction 20

    Risk Mitigation 20

    Actionable Insights 21

    Business Agility 22

Intent-Based Networking 23

Business Value of Cisco Digital Network Architecture 24

    Reducing Costs Through Automation, Virtualization, and Programmable Hardware 25

    Mitigating Risks with Integrated Security and Compliance 26

    Revealing Actionable Insights Through Analytics 26

Accelerating Business Agility Through Open APIs 26

Adding It All Up 28

Summary 29

Further Reading 29

Chapter 3 Designing for Humans 31

Technology Versus User-Experience 31

Design Thinking Philosophy and Principles 33

Cisco Design Thinking Framework 34

    Discover Phase 35

    Define Phase 37

    Explore Phase 39

The Cisco Design Thinking Journey for DNA 40

    DNA Discovery Phase 41

    DNA Definition Phase 49

    DNA Exploration Phase 53

Summary 53

Further Reading 54

Chapter 4 Introducing the Digital Network Architecture 55

Requirements for DNA 56

    Requirements to Reduce Complexity and Costs 57

    Requirement to Increase Operational Flexibility 58

    Security and Compliance Requirements 59

    Cloud-Enablement Requirement 60

Architectural Principles 60

    Openness 61

    Extensibility 62

    Programmability 62

    Policy-based Networking 63

    Security 63

    Software Driven 64

    Cloud Integrated 65

    Conflicting Principles? 65

Overview of the DNA Components 66

    Infrastructure 66

    Automation 73

    Analytics Platform 77

    The Role of the Cloud in DNA 80

    Connecting the Building Blocks: APIs 83

Outcomes 84

Summary 85

Further Reading 86

Chapter 5 The Digital Network Architecture Blueprint 87

DNA Services 88

    DNA Services–Transport 90

    DNA Services–Policy 91

    Relationship Between DNA Policies and Business Intent 92

DNA Infrastructure 93

    Transport Functions 94

    Supporting Network Functions 96

    Fabrics 98

Automating DNA–Controllers 99

    Automating Transport and Network Functions Infrastructure 99

    Maintaining a View of the Infrastructure Functions and Connected Endpoints 100

    Instantiating and Maintaining DNA Services 100

    Relationships in DNA: Revisiting Domains, Scopes, and Fabrics 102

    DNA Interfaces 105

Service Definition and Orchestration 107

    Relationship Between the Controllers and the Service Definition and Orchestration Component 110

Analytics Platform 112

    Data Collection 113

    Data Extraction 113

    Data Ingestion 114

    Data Export 114

On-Premises and Off-Premises Agnosticism–Revisiting the Cloud 115

    Application Hosting in the Cloud and the Evolution of the DMZ 116

    Leveraging the Cloud for DNA Controllers and Analytics 118

Summary 120

Part II DNA Programmable Infrastructure

Chapter 6 Introduction to DNA Infrastructure 123

Picturing the Modern Network 124

Exploring DNA Infrastructure 125

The Evolving Network, and Why It Matters 126

    Requirements: The Need for Change 126

    Requirements: The Need for Speed (of Change) 127

    Requirements: The Need for Simplicity 128

    Requirements: The Need for Continuity 129

DNA Infrastructure Solutions 130

    Flexible Hardware 130

    Flexible Software 131

    New and Evolving Protocols 132

    The Emergence of Virtualization 133

Bringing It All Together 133

Summary 134

Chapter 7 Hardware Innovations 135

The Importance of Hardware in a Software-Defined World 135

The Making of a Chip 136

    Delving Deeper: How Chips Are Designed and Built 136

    Drivers of Chip Design and Density 143

    When Good Chips Go Bad: What Can Go Wrong in Chip Design 145

    When Good Chips Need to Get Better: Designing the Next Generation 146

    Now We Speak the Same Language! 147

What’s Happening in the World of Networks 148

How Traditional Network ASICs Process Packets 149

Traffic Handling with CPUs and FPGAs 150

Introducing Flexible Silicon 152

Flexible Switching Silicon: UADP 154

    UADP Use Cases–Current, and Future 163

    UADP–Summing Up 172

Flexible Routing Silicon: QFP 173

    QFP–An Introduction 174

    QFP–Diving Deeper 176

    QFP–Use in Platforms 180

UADP and QFP–Summing Up 181

Wireless: Providing Innovation for Mobility 182

    Flexible Radio Assignment 183

    Intelligent Capture 185

Summary 186

Further Reading 187

Chapter 8 Software Innovations 189

The Importance and Evolution of Networking Software 189

Cisco IOS: Origins and Evolution 190

    Evolution of the Cisco IOS Data Plane 191

    Evolution of the Cisco IOS Control Plane 194

    Evolution of the Cisco IOS Management Plane 195

Evolution of Cisco Networking Software 196

The Evolution of Cisco IOS to IOS XE 198

Cisco IOS XE in a Nutshell 199

Cisco IOS XE: Delving Deeper 201

    IOS XE Subsystems 202

    IOS XE Database 203

    Container Framework and Application Hosting 205

Cisco IOS XE: Bringing It All Together 207

    Cisco IOS XE: Simplification with a Single Release Train 209

    Cisco IOS XE: Software Maintenance Upgrades 209

Cisco IOS XE: Platform Support 212

Cisco IOS XE: Summary 213

Protecting Platforms and Networks: Trustworthy Systems 214

    Trustworthy Systems: An Overview 215

    Attack Mitigation with Trustworthy Systems 216

    Defense: Image Validation and Signing 217

    Defense: Runtime Defenses 217

    Defense: Secure Boot 218

    Ensuring Device Identity with the Secure Unique Device Identifier 220

    Cisco Secure Boot and Trust Anchor Module: Validating the

    Integrity of Software, Followed by Hardware 221

The Move to Intuitive Networking 222

Summary 223

Further Reading 223

Chapter 9 Protocol Innovations 225

Networking Protocols: Starting at the Bottom with Ethernet 226

    Power Protocols: Power over Ethernet, to 60 Watts and Beyond! 227

    The Future of Power over Ethernet 230

    Multiple-Speed Protocols over Copper: Multigigabit Ethernet, Squeezing More Life Out of Existing Cabling Infrastructures 230

    25G Ethernet–The New Kid on the Block 234

    Ethernet Evolving: This Is Not Your Father’s Ethernet! 235

Moving Up the Stack 235

    Networking Protocols: Moving Up the Stack to Layer 2 235

    Networking Protocols: Moving Up the Stack to Layer 3 237

    Networking Protocols Today: Summary 242

Networking Protocols for the New Era of Networking 242

    VXLAN: A Next-Generation Encapsulation Technology 243

    IS-IS: The Evolution of Underlay Routing 249

    LISP: The Evolution of Overlay Host Reachability 249

    Scalable Group Tags: The Evolution of Grouping and Policy 257

    Bringing It All Together: What Next-Generation Protocols Within the Network Allow Us To Build 264

Summary 264

Further Reading 265

Chapter 10 DNA Infrastructure–Virtualization 267

Benefits of Network Function Virtualization 268

    CAPEX Benefits of NFV 268

    OPEX Benefits of NFV 270

    Architectural Benefits of NFV 271

Use Cases for Network Function Virtualization 272

    Control Plane Virtualization 272

    Branch Virtualization 274

    Virtualization to Connect Applications in VPCs 275

    Virtualization of Multicloud Exchanges 276

Overview of an NFV System Architecture 278

    Hypervisor Scheduling and NUMA 281

    Input/Output Technologies for Virtualization 283

Challenges and Deployment Considerations of Network Function Virtualization 289

    Performance 289

    Oversubscribing the Physical Hardware Resources 290

    Optimizing Server Configurations 290

    Selecting the Right I/O Technique 291

    VNF Footprint Considerations 292

    Multi-tenancy and Multi-function VNFs 293

Transport Virtualization 296

    Network Segmentation Architecture 297

    Policy-based Path Segmentation 299

    Control Plane—based Segmentation 302

Summary 305

Chapter 11 DNA Cloud 307

Introduction to the Cloud 308

    Cloud Service Models 311

    Cloud Deployment Models 312

    It’s a Multicloud World! 313

DNA for the Cloud 315

    DNA Cloud for Applications 316

    DNA Cloud for Automation 318

    DNA Cloud for Analytics 319

Summary 323

Further Reading 323

Part III DNA Automation

Chapter 12 Introduction to DNA Automation 325

Why Automate? 325

    Reduce Total Cost of Ownership 326

    Lower Risk 326

    Move Faster 328

    Scale Your Infrastructure, Not Your IT Department 328

    Think “Out of the Box” 329

    Simplify Like Never Before 330

    Enable Applications to Directly Interact with the Network 330

Is DNA Automation the Same as SDN? 330

    Centralized Versus Distributed Systems 331

    Imperative Versus Declarative Control 331

    The Cisco SDN Strategy 332

Automation Elements 332

    Network Programmability 332

    Network Controller 333

    Network Orchestrator 334

Summary 335

Further Reading 336

Chapter 13 Device Programmability 337

Current State of Affairs 338

    CLI Automation 338

    SNMP 340

Model-Based Data 340

    YANG 341

Protocols 344

    Encoding 345

    Network Protocols 346

    NETCONF 347

    RESTCONF 350

    gRPC 351

Telemetry 352

    gRPC Telemetry 353

Tools 354

Application Hosting 357

Summary 359

Further Reading 359

Chapter 14 DNA Automation 361

The Increasing Importance of Automation 362

    Allow the Network to Scale 363

    Reduce Errors in the Network 363

    Time to Perform an Operation 363

    Security and Compliance 364

Current Impediments to Automation 364

Classifying Network Automation Tasks 367

    Infrastructure and DNA Service Automation 368

    Standard and Nonstandard Automation Tasks 369

The Role of Controllers in DNA Automation 371

    Leveraging Abstractions in DNA to Deliver Intent-Based Networking 372

    Domain Controllers Versus Control Plane Protocols 375

Automating Your Network with Cisco DNA Center 377

    DNA Center Basics 377

    Day 0 Operations–Standardizing on Network Designs 382

    Standardizing on Network Designs 388

    Automating the Deployment of Network Elements and Functions 390

    Day N Operations–Automating Lifecycle Operations 394

Summary 395

Further Reading 396

Part IV DNA Analytics

Chapter 15 Introduction to DNA Analytics 397

A Definition of Analytics 397

DNA Analytics 398

    DNA Analytics, Opportunities and Challenges 399

Brief History of Network Analytics 400

Why DNA Analytics? 401

The Role of Network Analytics in DNA 402

Summary 404

Chapter 16 DNA Analytics Components 405

Analytics Data Sources 405

DNA Instrumentation 407

Distributed Network Analytics 408

Telemetry 411

    Why Telemetry? 412

    The DNA Telemetry Architecture 413

    Limitations of Today’s Telemetry Protocols 413

    The Evolution of DNA Telemetry: Model-Driven Telemetry 414

Analytics Engine 416

    The Traditional Analytics Approach 416

    The Need for Analytics Engines 418

The Role of the Cloud for Analytics 420

Summary 422

Further Reading 422

Chapter 17 DNA Analytics Engines 423

Why a DNA Analytics Engine? 425

DNA Analytics Engines 427

Cisco Network Data Platform 428

    Telemetry Quotient 430

    NDP Architecture 430

    NDP Deployments Modes 436

    NDP Security and High Availability 438

Cisco Tetration Analytics 439

    It’s All About Quality of Data 440

    Data Center Visibility with Cisco Tetration Analytics 442

    Cisco Tetration Analytics Architecture 444

    The Benefits of Cisco Tetration Analytics 446

Summary 448

Further Reading 449

Part V DNA Solutions

Chapter 18 DNA Virtualization Solutions: Enterprise Network Functions Virtualization and Secure Agile Exchange 451

The Cisco Strategy for Virtualization in the Enterprise 452

Cisco Enterprise Network Functions Virtualization 453

    Details on Virtualization Hardware 455

    NFVIS: An Operating System Optimized for Enterprise Virtualization 459

    Virtualized Network Functions 463

    Service Chaining and Sample Packet Flows 468

    Orchestration and Management 473


Virtualizing Connectivity to Untrusted Domains: Secure Agile Exchange 488

    Motivation for the Cisco SAE Solution 489

    Cisco SAE Building Blocks 492

Running Virtualized Applications and VNFs Inside IOS XE 493

Summary 496

Further Reading 496

Chapter 19 DNA Software-Defined Access 497

The Challenges of Enterprise Networks Today 497

Software-Defined Access: A High-Level Overview 499

SD-Access: A Fabric for the Enterprise 500

    What Is a Fabric? 500

    Why Use a Fabric? 501

    Capabilities Offered by SD-Access 505

    SD-Access High-Level Architecture and Attributes 512

    SD-Access Fabric Capabilities 515

    SD-Access Device Roles 518

SD-Access Case Study 542

    SD-Access Case Study, Summing Up 565

Summary 565

Further Reading 567

Chapter 20 DNA Application Policy 569

Managing Applications in DNA Center 570

    Application Registry 570

    Application Sets 574

    Application Policy 576

What Happens “Under the Hood”? 585

Translating Business Intent into Application Policy 586

DNA Infrastructure Software Requirements for Application Policy 589

    NBAR2 589

    SD-AVC 599

DNA Infrastructure Platform-Specific Requirements for Application Policy 601

    Routing Platform Requirements 602

    Switching Platform Requirements 613

    Wireless Platform Requirements 621

Summary 628

Further Reading 629

Chapter 21 DNA Analytics and Assurance 631

Introduction to DNA Assurance 631

    Context 633

    Learning 638

The Architectural Requirements of a Self-Healing Network 639

    Instrumentation 640

    Distributed On-Device Analytics 641

    Telemetry 642

    Scalable Storage 643

    Analytics Engine 643

    Machine Learning 644

    Guided Troubleshooting and Remediation 645

    Automated Troubleshooting and Remediation 645

DNA Center Analytics and Assurance 647

    Network Data Platform 647

    DNA Assurance 653

Summary 710

Further Reading 710

Chapter 22 DNA Encrypted Traffic Analytics 711

Encrypted Malware Detection: Defining the Problem 712

Encrypted Malware Detection: Defining the Solution 714

    ETA: Use of IDP for Encrypted Malware Detection 714

    ETA: Use of SPLT for Encrypted Malware Detection 715

Encrypted Malware Detection: The Solution in Action 716

Encrypted Malware Detection: Putting It All Together 719

Summary 720

Part VI DNA Evolution

Chapter 23 DNA Evolution 721



9781587147050   TOC   11/19/2018 

For teachers

All the material you need to teach your courses.

Discover teaching material

Published by Cisco Press (January 3rd 2019) - Copyright © 2019