WEBVTT 0:00:02.860000 --> 0:00:06.460000 Hello and welcome to this video that I've titled, Comparing Traditional 0:00:06.460000 --> 0:00:11.780000 Campus Networks Against DNA Center-Enabled Networks. 0:00:11.780000 --> 0:00:16.060000 In this video, we're going to be talking about device management from 0:00:16.060000 --> 0:00:20.200000 the standpoint of how have devices typically been managed in the past 0:00:20.200000 --> 0:00:23.000000 up until the present in most networks. 0:00:23.000000 --> 0:00:28.660000 How does device management change when you have a DNA center-enabled environment? 0:00:28.660000 --> 0:00:32.420000 So we're going to look at some similarities and some differences. 0:00:32.420000 --> 0:00:34.320000 And this is important in a couple of regards. 0:00:34.320000 --> 0:00:37.440000 Number one, if you're thinking of moving to a DNA-centered environment, 0:00:37.440000 --> 0:00:42.000000 or even if it's not DNA center, just some sort of controller-based automated 0:00:42.000000 --> 0:00:46.440000 and programmable environment for your topology, it's good to set your 0:00:46.440000 --> 0:00:51.140000 expectations as far as once I make that migration or move, how are things 0:00:51.140000 --> 0:00:54.480000 going to remain the same for me, and what things are going to be different, 0:00:54.480000 --> 0:00:56.300000 and what things might have to become used to. 0:00:56.300000 --> 0:01:00.020000 So let's start by looking at traditional device management, just doing 0:01:00.020000 --> 0:01:03.400000 an overview here of how things have been done in the past and probably 0:01:03.400000 --> 0:01:06.780000 up until present day in a lot of networks. 0:01:06.780000 --> 0:01:10.980000 So traditionally, devices have been managed via some sort of command line 0:01:10.980000 --> 0:01:13.940000 interface. Now, of course, this varies box by box. 0:01:13.940000 --> 0:01:17.040000 There's a lot of vendors out there that ship routers and firewalls that 0:01:17.040000 --> 0:01:21.340000 have both a GUI component and a CLI. 0:01:21.340000 --> 0:01:23.400000 Almost everything has some sort of a CLI. 0:01:23.400000 --> 0:01:25.620000 Sometimes it's buried and kind of hard to find. 0:01:25.620000 --> 0:01:30.120000 So even devices that are primarily meant to be managed by a GUI, a lot 0:01:30.120000 --> 0:01:33.640000 of times to get really finely tuned, you have to access some sort of command 0:01:33.640000 --> 0:01:38.260000 line interface. So I'm just saying here's that overall, it's typical that 0:01:38.260000 --> 0:01:42.560000 devices are managed via a command line interface, which means box by box 0:01:42.560000 --> 0:01:47.180000 management. Meaning that if I have, let's say I have an existing network 0:01:47.180000 --> 0:01:52.760000 right now of 50 switches and 200 routers, and I decide, okay, time for 0:01:52.760000 --> 0:01:54.240000 me to upgrade the software on my switches. 0:01:54.240000 --> 0:01:58.580000 I found a bug in one of them, and it turns out that in order to resolve 0:01:58.580000 --> 0:02:02.140000 that bug, I have to upgrade to a new release of software, and I have to 0:02:02.140000 --> 0:02:04.720000 do that across all of my platforms. 0:02:04.720000 --> 0:02:09.240000 Well, traditionally, that meant that I had to get into each box one by 0:02:09.240000 --> 0:02:15.840000 one issues some sort of command lines using console or telnet or SSH access. 0:02:15.840000 --> 0:02:20.560000 And once I'm in that box, perform my upgrade, leave that box, move on 0:02:20.560000 --> 0:02:24.020000 to the next one, and then rinse and repeat over and over and over again 0:02:24.020000 --> 0:02:26.160000 for each device I wanted to. 0:02:26.160000 --> 0:02:30.300000 Or if I was manually collecting statistics, maybe part of my job is every 0:02:30.300000 --> 0:02:34.200000 single morning, I'm supposed to log into every single box and issue a 0:02:34.200000 --> 0:02:38.300000 show procs CPU command, maybe look at some of the interfaces to see if 0:02:38.300000 --> 0:02:40.360000 there's any errors or anything. 0:02:40.360000 --> 0:02:45.320000 Well, that would also be a command line driven process, box by box by 0:02:45.320000 --> 0:02:50.700000 box. So of course, to do this requires knowledge of potentially hundreds 0:02:50.700000 --> 0:02:53.180000 of command line commands. 0:02:53.180000 --> 0:02:56.340000 Now, if I'm just focusing on Cisco for a moment, if you spend any time 0:02:56.340000 --> 0:03:01.880000 with Cisco devices in the Cisco iOS, whether it be iOS XE, XR, iOS mainline, 0:03:01.880000 --> 0:03:05.300000 whatever it is, you very soon realize that there are literally hundreds, 0:03:05.300000 --> 0:03:08.980000 maybe even thousands of commands that you have to learn and memorize to 0:03:08.980000 --> 0:03:10.700000 effectively get your job done. 0:03:10.700000 --> 0:03:11.980000 That's a lot of memorization. 0:03:11.980000 --> 0:03:14.100000 That's a lot of learning curve. 0:03:14.100000 --> 0:03:18.980000 And so what current and legacy GUI-based systems are there? 0:03:18.980000 --> 0:03:23.060000 Because there are some GUI-based systems that can help centralize some 0:03:23.060000 --> 0:03:28.560000 of this. For example, there are certainly SNMP management stations that 0:03:28.560000 --> 0:03:33.540000 collect statistics via SNMP and do that sort of automatically on a box 0:03:33.540000 --> 0:03:36.960000 by box basis. So you just have to log in and it'll show you your current 0:03:36.960000 --> 0:03:40.180000 statistics. It'll show you pie charts and you'll look for the red and 0:03:40.180000 --> 0:03:41.740000 green lights and everything like that. 0:03:41.740000 --> 0:03:44.260000 So that certainly exists. 0:03:44.260000 --> 0:03:47.980000 Cisco works is legacy, but Cisco works was like an example of a system 0:03:47.980000 --> 0:03:52.360000 like that. There's currently the Cisco networking assistant and many others. 0:03:52.360000 --> 0:03:56.460000 This little screenshot right here shows you Cisco networking assistant. 0:03:56.460000 --> 0:04:01.480000 But those GUI-based systems are very limited in what they can do. 0:04:01.480000 --> 0:04:06.060000 Mostly, they were primarily designed just to pull the individual boxes, 0:04:06.060000 --> 0:04:09.820000 collect statistics about like their health and then give you a visibility 0:04:09.820000 --> 0:04:13.340000 as to the health of the overall network and the boxes. 0:04:13.340000 --> 0:04:18.500000 They weren't really designed to push configurations to identify proactively 0:04:18.500000 --> 0:04:23.260000 trouble spots and then to recommend solutions or even to automatically 0:04:23.260000 --> 0:04:27.920000 put solutions into place or to dynamically change the network based on 0:04:27.920000 --> 0:04:29.840000 what your needs were at the time. 0:04:29.840000 --> 0:04:32.620000 That's what software defined networking is all about. 0:04:32.620000 --> 0:04:37.720000 So let's now move into a DNA centered environment. 0:04:37.720000 --> 0:04:42.320000 What if I'm going to put Cisco's DNA center into my network and I'm going 0:04:42.320000 --> 0:04:46.900000 to either purchase a brand new set of hardware to support that, maybe 0:04:46.900000 --> 0:04:49.980000 purchase some hardware to support DNA center or maybe I'm just going to 0:04:49.980000 --> 0:04:53.360000 have DNA center and I'm going to try to incorporate that with my existing 0:04:53.360000 --> 0:04:55.400000 network infrastructure. 0:04:55.400000 --> 0:04:59.620000 So if we assume that that's the model you're going towards, what similarities 0:04:59.620000 --> 0:05:04.060000 would there be in how you manage the network, now that DNA center is in 0:05:04.060000 --> 0:05:09.120000 place? Well, both with and without DNA center, all devices have to have 0:05:09.120000 --> 0:05:12.640000 some sort of configurations with full IP reachability. 0:05:12.640000 --> 0:05:16.020000 So if you're sitting at your desk, whether you're manually initiating 0:05:16.020000 --> 0:05:21.960000 an SSH session via putty or secure CRT to a router switch or you're configuring 0:05:21.960000 --> 0:05:26.080000 DNA center to automate that process, either way, you have to have the 0:05:26.080000 --> 0:05:27.840000 IP reachability in place. 0:05:27.840000 --> 0:05:29.620000 We call that the underlay network. 0:05:29.620000 --> 0:05:33.180000 So the underlay network has to be in place which means all boxes have 0:05:33.180000 --> 0:05:37.060000 to be reachable via IP, which means you're going to have some sort of 0:05:37.060000 --> 0:05:39.940000 routing protocol in place to give full IP reachability. 0:05:39.940000 --> 0:05:43.420000 So that's not going to change, whether you have DNA center enabled or 0:05:43.420000 --> 0:05:45.660000 not. Now here's the difference though. 0:05:45.660000 --> 0:05:49.660000 In a traditional network, that underlay network, the, you know, the putting 0:05:49.660000 --> 0:05:54.040000 of IP addresses on interfaces, bringing those interfaces up, instantiating 0:05:54.040000 --> 0:05:57.100000 a routing protocol, that would have to be done manually. 0:05:57.100000 --> 0:05:59.600000 Every time you purchased a new router or switch and you plugged it in, 0:05:59.600000 --> 0:06:03.160000 you'd have to be there and then you'd have to log into it via the console 0:06:03.160000 --> 0:06:07.200000 and put some sort of baseline configuration on it and then move on to 0:06:07.200000 --> 0:06:12.160000 the next box. In a DNA centered environment, if you're using the right 0:06:12.160000 --> 0:06:15.860000 hardware, and this is the key, not all existing infrastructure supports 0:06:15.860000 --> 0:06:19.720000 this, but a lot of the newer devices, a lot of the newer routers and switches 0:06:19.720000 --> 0:06:24.280000 support something either called plug and play or zero touch provisioning, 0:06:24.280000 --> 0:06:28.340000 which simply means that the device is set up right from the factory, that 0:06:28.340000 --> 0:06:32.560000 all you have to do is screw into the rack, plug in the cables and walk 0:06:32.560000 --> 0:06:38.100000 away. And that device will wait a certain amount of time to see if you're 0:06:38.100000 --> 0:06:41.420000 gonna configure it manually, but for a certain time period of lapses and 0:06:41.420000 --> 0:06:45.500000 it doesn't detect any command line from you, the human operator, it will 0:06:45.500000 --> 0:06:46.820000 actually reach out. 0:06:46.820000 --> 0:06:50.300000 First thing it will do is it will do DHCP, like your laptop. 0:06:50.300000 --> 0:06:52.980000 They'll say, hey, is there a DHCP server out there somewhere? 0:06:52.980000 --> 0:06:55.120000 I need some IP information. 0:06:55.120000 --> 0:06:58.760000 Then once it gets the IP information back, one of two things will happen 0:06:58.760000 --> 0:07:03.280000 depending on the box and the software, either that box will be pre-configured 0:07:03.280000 --> 0:07:08.780000 by default to know like the DNS name of your DNS center or of your DNA 0:07:08.780000 --> 0:07:13.920000 center. So it'll just resolve the IP address of your DNA center via DNS 0:07:13.920000 --> 0:07:16.100000 and it'll know how to get there. 0:07:16.100000 --> 0:07:19.720000 Or it'll get that information from DHCP itself. 0:07:19.720000 --> 0:07:23.320000 In addition to DHCP giving the IP address on the default gateway, DHCP 0:07:23.320000 --> 0:07:27.000000 will say, and hey, here's information about another box you need to go 0:07:27.000000 --> 0:07:31.040000 to to get the rest of your information, which would be DNA center. 0:07:31.040000 --> 0:07:35.060000 So in both zero touch provisioning and plug and play in both situations, 0:07:35.060000 --> 0:07:39.400000 you have a box that starts out empty with a clean slate and it will dynamically 0:07:39.400000 --> 0:07:40.540000 configure itself. 0:07:40.540000 --> 0:07:44.880000 It will reach out to DNA center and a DNA center, you've got some initial 0:07:44.880000 --> 0:07:47.080000 configuration templates that you've worked up. 0:07:47.080000 --> 0:07:48.960000 It'll pull one of those down. 0:07:48.960000 --> 0:07:52.580000 It'll dynamically configure itself all by itself. 0:07:52.580000 --> 0:07:55.980000 So that's very different than a traditional network. 0:07:55.980000 --> 0:08:02.640000 Typically devices have to have credentials configured such as SNMP, SSH 0:08:02.640000 --> 0:08:07.440000 and Telnet. So once again, these are similarities between traditional 0:08:07.440000 --> 0:08:09.880000 and DNA centered environments. 0:08:09.880000 --> 0:08:13.160000 In both situations, whether you're going with DNA center or you're sticking 0:08:13.160000 --> 0:08:16.940000 with what you have, most likely you're gonna have some SNMP configuration 0:08:16.940000 --> 0:08:20.420000 that you have to do because you're gonna be using SNMP for all of your 0:08:20.420000 --> 0:08:23.960000 polling and to get your health and statistics of the network. 0:08:23.960000 --> 0:08:27.340000 And you're gonna wanna configure some sort of SSH or Telnet credentials 0:08:27.340000 --> 0:08:31.320000 so you're not always locked into having to physically be there on the 0:08:31.320000 --> 0:08:33.280000 box, on the console. 0:08:33.280000 --> 0:08:36.400000 You wanna be able to Telnet or SSH into that box periodically to reach 0:08:36.400000 --> 0:08:43.760000 it remotely. Now when using SNMP, which pretty much everybody does, both 0:08:43.760000 --> 0:08:47.940000 traditional campus networks and DNA center enabled topologies will have 0:08:47.940000 --> 0:08:52.740000 a central point which is called our SNMP manager which collects and displays 0:08:52.740000 --> 0:09:00.060000 statistics. Now with DNA center, typically DNA center itself is the SNMP 0:09:00.060000 --> 0:09:03.220000 manager. I'm sure you could have a separate SNMP manager. 0:09:03.220000 --> 0:09:06.080000 So if you've got, if you've already got an SNMP platform you've been using 0:09:06.080000 --> 0:09:10.880000 and you know it and you love it via the use of APIs, DNA center could 0:09:10.880000 --> 0:09:15.180000 incorporate that but DNA center does have the ability built into itself 0:09:15.180000 --> 0:09:20.420000 to be the SNMP manager, to poll devices via SNMP, to collect statistics 0:09:20.420000 --> 0:09:24.060000 via SNMP, DNA center can do that all by itself. 0:09:24.060000 --> 0:09:28.420000 So those are some similarities between traditional and DNA center enabled 0:09:28.420000 --> 0:09:31.360000 environments. What are some differences? 0:09:31.360000 --> 0:09:33.400000 Let's talk about those. 0:09:33.400000 --> 0:09:39.500000 So in a traditional campus, by default without you doing anything, you 0:09:39.500000 --> 0:09:42.060000 would not have any topology visibility. 0:09:42.060000 --> 0:09:45.700000 So if you just, you know, racked and stacked your routers and switches 0:09:45.700000 --> 0:09:48.540000 and firewalls and you configure them via the command line, you walked 0:09:48.540000 --> 0:09:52.600000 away and then I asked you, hey, can you give me a topology diagram? 0:09:52.600000 --> 0:09:54.560000 What does your network look like? 0:09:54.560000 --> 0:09:57.160000 It's not just gonna magically appear out of thin air. 0:09:57.160000 --> 0:10:01.520000 You'd have to make one via PowerPoint or Visio or something else. 0:10:01.520000 --> 0:10:04.380000 So in a traditional network, that's one additional step you'd have to 0:10:04.380000 --> 0:10:09.060000 do than a DNA center enabled environment, you don't have to do. 0:10:09.060000 --> 0:10:11.680000 And we'll talk about that in just one moment. 0:10:11.680000 --> 0:10:14.260000 And certainly in a traditional network, you'd have to have box by box 0:10:14.260000 --> 0:10:17.560000 management when it comes to things like updating configurations and updating 0:10:17.560000 --> 0:10:22.540000 software. Now let's contrast that with a DNA center enabled environment. 0:10:22.540000 --> 0:10:25.720000 In DNA center, you actually have the ability to have dynamic topology 0:10:25.720000 --> 0:10:28.180000 visualization. This is really nice. 0:10:28.180000 --> 0:10:32.560000 DNA center has what's called a device discovery section where it can dynamically 0:10:32.560000 --> 0:10:35.380000 reach out and discover your devices. 0:10:35.380000 --> 0:10:37.260000 And it does that either one of two ways. 0:10:37.260000 --> 0:10:39.900000 Either you put in like a range of IP addresses. 0:10:39.900000 --> 0:10:43.420000 If you know in advance what the range of IP addresses are of all your 0:10:43.420000 --> 0:10:47.840000 devices, you can say, hey, DNA center, start with 10001 and work your 0:10:47.840000 --> 0:10:51.100000 way up to 10.0 0254. 0:10:51.100000 --> 0:10:54.440000 And the DNA center will try each one of those IP addresses and see if 0:10:54.440000 --> 0:10:55.580000 it's responsive. 0:10:55.580000 --> 0:10:59.260000 And if it is, it'll discover various information about the network device 0:10:59.260000 --> 0:11:01.700000 at the other end of that IP address. 0:11:01.700000 --> 0:11:06.740000 Or if you're using an entirely Cisco network which uses Cisco discovery 0:11:06.740000 --> 0:11:10.740000 protocol, CDP, it can actually use CDP to discover the network. 0:11:10.740000 --> 0:11:14.500000 But either way, it has the ability to dynamically discover devices and 0:11:14.500000 --> 0:11:16.780000 then build a topology map for you. 0:11:16.780000 --> 0:11:20.180000 A nice topology map that shows where everything is. 0:11:20.180000 --> 0:11:25.340000 DNA center also has path trace and easy ACL analysis. 0:11:25.340000 --> 0:11:28.620000 This is something that a traditional campus network doesn't have. 0:11:28.620000 --> 0:11:30.960000 You know imagine your traditional campus network, you've built it, you've 0:11:30.960000 --> 0:11:35.480000 walked away. And now you wonder to yourself, hmm, if PCA over here in 0:11:35.480000 --> 0:11:39.700000 payroll was to send a packet to the payroll server which is way over here 0:11:39.700000 --> 0:11:44.820000 at the other end of the campus, what path are those packets gonna take? 0:11:44.820000 --> 0:11:49.100000 And is there potentially any access list somewhere in that path that might 0:11:49.100000 --> 0:11:51.040000 block those packets? 0:11:51.040000 --> 0:11:54.580000 Well, that would involve maybe a ping test or something else on your part 0:11:54.580000 --> 0:11:57.960000 manually to do. DNA center has that built in. 0:11:57.960000 --> 0:12:01.360000 That's a tool in DNS center where you can type the starting address, the 0:12:01.360000 --> 0:12:05.120000 end address and it'll totally visualize for you that the packets would 0:12:05.120000 --> 0:12:08.060000 go through this series of devices. 0:12:08.060000 --> 0:12:12.100000 And if any device in there has an access list blocking what you've defined, 0:12:12.100000 --> 0:12:15.740000 it'll show you that access list. 0:12:15.740000 --> 0:12:20.080000 Also DNA center gives you centralized management of software updates and 0:12:20.080000 --> 0:12:21.620000 version control. 0:12:21.620000 --> 0:12:27.460000 So imagine once again that you've got a network of maybe six different 0:12:27.460000 --> 0:12:33.160000 models of switches, you know, seven different models of routers and you 0:12:33.160000 --> 0:12:36.740000 wanna have some sort of standardized processes about your software. 0:12:36.740000 --> 0:12:39.800000 You know, certain models of switches, you want them standardized on this 0:12:39.800000 --> 0:12:41.060000 version of software. 0:12:41.060000 --> 0:12:43.720000 This is your golden image that you know is good. 0:12:43.720000 --> 0:12:45.140000 You want all of them to have that. 0:12:45.140000 --> 0:12:46.360000 Another version of switch. 0:12:46.360000 --> 0:12:48.320000 You've got a different golden image for that. 0:12:48.320000 --> 0:12:50.440000 Well, where do you store that? 0:12:50.440000 --> 0:12:53.960000 Where do you store that knowledge about what the golden image is for each 0:12:53.960000 --> 0:12:57.360000 router and switch platform and how do you make it consistent so that whatever 0:12:57.360000 --> 0:13:02.040000 you've identified as the perfect software images for your environment, 0:13:02.040000 --> 0:13:05.240000 Bob, the network admin over there and Sally, the network admin over there 0:13:05.240000 --> 0:13:08.200000 will also know that's the images that should be used. 0:13:08.200000 --> 0:13:11.260000 Well, in DNA center, that's built into DNA center. 0:13:11.260000 --> 0:13:14.120000 You can identify that and DNA center controls all that. 0:13:14.120000 --> 0:13:17.060000 It consolidates it. 0:13:17.060000 --> 0:13:20.120000 And of course with DNA center, you have centralized control of initial 0:13:20.120000 --> 0:13:23.540000 configurations for plug and play and zero touch devices. 0:13:23.540000 --> 0:13:25.340000 We've talked a little bit about that already. 0:13:25.340000 --> 0:13:29.140000 Another very really neat feature of DNA center that you don't have in 0:13:29.140000 --> 0:13:34.540000 a traditional environment is artificial intelligence and machine learning. 0:13:34.540000 --> 0:13:40.960000 DNA center has a component built into it called the MDP component, which 0:13:40.960000 --> 0:13:45.720000 has the ability to collect tons of information, all sorts of statistics 0:13:45.720000 --> 0:13:49.960000 and air counters and all sorts of stuff from the various devices, what 0:13:49.960000 --> 0:13:54.580000 we call information that was gathered via on device analytics. 0:13:54.580000 --> 0:13:57.780000 DNA center can store all that, but more importantly, not just storing 0:13:57.780000 --> 0:14:02.060000 the information which would take you a lifetime to parse through and make 0:14:02.060000 --> 0:14:06.080000 sense of. It has artificial intelligence and machine learning built into 0:14:06.080000 --> 0:14:10.500000 it. So it can actually look at that stuff and say, oh, here's a potential 0:14:10.500000 --> 0:14:13.440000 problem. Here's a problem that's happening right now. 0:14:13.440000 --> 0:14:17.600000 Let me offer you the human administrator so potential solutions. 0:14:17.600000 --> 0:14:19.040000 Would you like to take this action? 0:14:19.040000 --> 0:14:20.700000 Would you like to take that action? 0:14:20.700000 --> 0:14:24.320000 So it has that ability built into it, which you certainly don't have in 0:14:24.320000 --> 0:14:27.540000 a traditional environment. 0:14:27.540000 --> 0:14:29.800000 So that brings us to the end of this video. 0:14:29.800000 --> 0:14:32.520000 I hope it was useful for you and thank you for watching.