Making the rounds with Cisco DNA

Cisco Canada roundtable showcases the new levels of automation and programmability in the company's DNA Architecture.

Carriers of genetic information needed for the growth, development and functioning of cells in virtually all living organisms, DNA double helix molecules store ‘code’ that delivers the hereditary characteristics of unique species and individuals. DNA also stands for Digital Network Architecture, the most recent iteration of Cisco’s networking vision, an architectural approach that aims to deliver new ‘code’ for the deployment and operation of next generation networks. But unlike the term for biological DNA, which in common usage has come to signify that which is immutable, Cisco’s DNA is a response to the massive change now underway in enterprise computing, which provides new flexibility in the networking component. In Cisco’s networking innovation, significant new demand for the rapid, reliable and powerful computing capability required in IoT and in the relentless digitization of business and social processes, has been addressed through the selfsame exploitation of digital tools – automation, policy-based software control, virtualization and cloud service management, visibility and analytics – wrapped in a layer of enterprise security. As Cisco Canada president Bernadette Wightman noted in a roundtable session devoted to highlighting DNA capabilities, “the network will evolve like the automated car; networks will make the decisions for us and this will improve service delivery.”

Wightman’s focus on service delivery explains much about the impetus for Cisco’s development of DNA. While the explosion of high bandwidth applications such as video or IoT and the advance of cloud adoption and speed are putting pressure on data centre networking, a growing expectation for anywhere, anytime mobile access to data and applications has challenged WAN networking to keep pace. In traditional environments, networks have been built out in a highly manual way: updates take a long time, changes have to be qualified and are expensive, and roll out can take months or years – it’s “too slow to deliver value to the customer,” as Cisco’s Jeff Reed argued at the session.

Jeff Reed, SVP product, Cisco Security Business

Software defined networking (SDN) – based on abstraction of underlying infrastructure and separation of the network’s control (logic) and packet forwarding planes to support programmatic traffic shaping and network service deployment – was widely touted at its introduction several years back as an answer to these management issues, which would also enable businesses to apply software control to commodity hardware. But according to Reed, SDN represented a concept that was reserved largely to the data centre, a limitation that would not be helpful in addressing an increasing requirement for deployment and use of multiple networking technologies – in IoT implementations, for example. Currently SVP of product for Cisco’s Security Business, Reed served formerly as SVP, enterprise networks, and as the lead on a project launched within Cisco four years ago to build and expand the company’s software-based platform, and to expand these capabilities across the network more broadly to enable holistic management of all network elements and to support the secure onboarding of new edge devices. From an innovation perspective, Reed described his team’s mandate as the creation of a new SDN controller and DNA as “the culmination of our taking the building blocks of Cisco’s SDN and NFV innovation” and leveraging this to develop an end-to-end architectural approach. To achieve this, the team hired new kinds of experts, placing more focus on software in its R&D activities.

Delivered through Cisco ONE Software, and designed to support “digital readiness,” the DNA Architecture consists of the following components:

  • Operating System – IOS-XE Software supports programmability, controller-based automation, and serviceability, providing IT flexibility through network function virtualization (NFV) and SDN-based automation.
  • SDN controller – Application Policy Infrastructure Controller Enterprise Module (APIC-EM) can run on existing network infrastructure to deliver policy-based automation. It automates tasks, orchestrates workflows and policies, and simplifies operations.
  • Branch SDWAN – Intelligent WAN (IWAN) App simplifies deployment of software-defined WAN in branch deployments to create a secure corporate WAN with good user experience.
  • App visualization – Path Trace application uses APIC-EM to discover and visually display every item on the network path. This device topology provides the basis for automated, policy-based troubleshooting and reduced downtime.
  • Device configuration – Plug and Play detects devices when they are plugged into the network, and their location is automatically sent to the APIC-EM controller, which auto-configures the device for network communication. According to Cisco, this feature accelerates deployments and lowers costs (up to 79 percent). Reed calls it a “killer application” that saves money right out of the box. It can be used it for a network upgrade; with download, the system will self-upgrade without altering the existing network OS. In his view, it is an “easy way to get new functionality with little risk.”
  • Service quality – Easy Quality of Service (EasyQoS) quickly sets QoS policy across the network based on application priority, and automatically changes policy when the application is no longer in use. It reduces cost in comparison to manual performance management.
  • Cloud service delivery – DNA Virtualization decouples software services, such as routing, switching, firewall, WAN optimization, and others, from underlying proprietary hardware. Branch and campus services can be virtualized with Enterprise NFV, and the network perimeter with Secure Agile Exchange. Software instances of network functionality can be spun up where needed in the network, without the acquisition, deployment and testing of new, proprietary hardware equipment.
  • Security – Enterprise Network provides end-to-end monitoring that detects threats and enforces security policy on access and threat remediation. The solution relies on the Identity Services Engine (ISE) with TrustSec, Stealthwatch and Cisco’s Umbrella Cloud Security. This comprehensive approach is designed to address changes in the security landscape that have occurred over the last five years (emergence of Bitcoin, APTs) that Reed argued can only be managed with complete visibility into the network. Stealthwatch employs machine learning capability to deliver new security efficiencies; in the case of alerts, for example, the system assesses response behaviour to ensure that going forward the really important threats are flagged for human response. According to Reed, the Enterprise Network platform delivers “network as a sensor” and “network as an enforcer,” but also branch management via Open DNS in the Umbrella Cloud security offering.
  • Location sensing – CMX Cloud Location-based service collects analytics on user behaviour.

Commenting on how these various components might work together in a live device setting, Rob Barton, principal systems engineer and chief digital architect for Cisco Canada, noted that while APIC – EM discovery functionality identifies what a device is supposed to be doing, Path Trace enables “sniffing” to find errors. It traces the path between end points, even across different protocols that may in fact have different paths, and delivers stats on each device (ex. the number of drops). According to Barton, it would take months to do this work manually, and the bigger the network, the more complex the task; however, Path Trace can generate device stats for a reasonably large deployment in a matter of minutes, or even find an old device on the network that can’t be configured according to modern QoS policy. And with Easy QoS, devices can be automatically configured for the type of applications that have been prioritized.

To demonstrate how some of these new capabilities can be used in a live IoT setting, Cisco invited University of British Columbian researchers Stefan Storey, graduate of UBC’s Resource Management and Environmental Studies program, and Blair Antcliffe, energy engineer at UBC, to describe their smarter building project, an initiative that has been supported through Cisco’s Canadian research chair program. Essentially, the UBC team used the CMX product to connect motion and environmental sensors in buildings to the university’s HVAC systems. Data on occupancy was collected via WiFi access points and analysed by CMX, which can track people based on occupancy to determine the usage of a particular physical space. With this data in hand, the researchers wrote some middleware that would tie back to the HVAC system, so that air flow could be adjusted based on occupancy, and energy consumption reduced. According to Antcliffe, the “ah ha moment” occurred when he recognized the depth and nuance of the data that was available, and how CMX APIs would enable them to bring heterogenous data sets to HVAC in a form that the system could understand: “opening this up to third parties like ourselves speeds innovation,” he added. Based on this initiative, which Antcliffe claimed delivers an ROI of three years through energy savings, the team is now developing the pilot into a commercial project. Co-founded by Storey and Antcliffe, the new company is called Sensible Building Science.

If the goal for innovators like the UBC team is scale, so too is Cisco looking to accelerate use of the DNA Architecture. One means to this end is the development of purpose built solutions that combine the capabilities to address the needs of specific industries – on behalf of organizations that may not have the research expertise and focus displayed by the UBC group.  For example, Cisco recently announced updates to its Connected Factory portfolio based on use of the DNA portfolio: the Time Sensitive Networking standard (on the IE4000 Switch family) offers the data protection and network reliability which are critical in industrial environments; the Connected Asset Manager (CAM) can collect data from multiple legacy systems and tie this together, integrating information siloes for IoT intelligence; and the Industrial Network Director delivers automated control of the plant network (for IT and OT managers) through a managed switch.

A key recurring theme in the acceleration of technology adoption is simplification, including broad and easy integration. Cisco is working towards this goal through automation, but also through focus on making DNA programming changes easier to manage – the learning and development team is now bringing training in this area into standard Cisco certifications. On interoperability challenge, Cisco describes DNA as “Open and Programmable” and offers APIs such as those used by UBC in many of its components to ease data integration. The CAM, for example, is marketed as “open and analytic-engine agnostic.” In other areas, some work remains to be done. As Barton explained, Path Trace may be challenged in a heterogeneous environment as it’s not possible to gather information from a device that is not Cisco hardware, and it’s not possible to do large, multi-vendor QoS at this point. However, once large deployments for Cisco environments “are nailed down,” the company “may extend this,” he speculated, a goal that also is subject for industry speculation, but that has so far proved elusive.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.