The Catalyst 9800: Always On, Secure, Deployable Anywhere on TechWiseTV

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[MUSIC PLAYING] ROBB BOYD: Welcome to TechWiseTV. We have had a bunch of new announcements within enterprise networking-- specifically Cisco Catalyst, the most successful product line in networking history. And today, we get to dig into the Catalyst that nobody expected, as I think Sachin Gupta recently called it, it's the Catalyst 9800-- notable because it's not a switch, it's a wireless controller. Let that sink in. You know what? Let's quickly recap some Catalyst history, because it's been a busy 18 months. If you remember, Cisco unveiled intent-based networking about a year and a half back. Now, that first announcement was anchored with new Catalyst 9000 switches. The 9500 Aggregation Switch, along with 9300 and 9400 Enterprise Class Edge Switches, which were the successors to the older 3000, the 4000, as well as the 6000-- all of these different lines now evolving into a single family that share the incredible UADP flexible ASIC, along with the exact same code base all the way across. Now, we get the Catalyst 9200 which has joined the party. And it's the switch that everyone expected, right? It's the mid-market successor to the Catalyst 2K line. Well, today we're going to take a closer look at the Catalyst 9800, which is not a switch, but a wireless controller. This is what was meant by the Catalyst that nobody expected, and this is a really big deal. Why? Well, I mean, hypothetically if you had to choose which part of your corporate network could suffer an outage, which would you choose, right-- wireless or wired? Well, there's no acceptable answer to that Hobson's choice. The entire network is critical. And wireless networking has to have that exact same resilience of its codependent cousin, switching. Well, we have two incredible guests that are here to show us exactly what this looks like. Now, our engineer guest in the lab is-- she's told me to call her AP, because I can't pronounce her name correctly. Well, she represents this team, and it's not even the entire team, right? She's going to be in the lab. AP is going to cover all of the deployment models, the migration tools, the high availability that's now possible. In fact, I'm ready. Let's go ahead and get started in the lounge and learn a bit more. Anupam, welcome to TechWiseTV. ANUPAM UPADHYAYA: Robb, thank you for having me. Excited to be here. ROBB BOYD: Yeah, well I've got questions, because this-- now I understand it, but I want to understand it from your perspective, this notion that we've got the Catalyst 9800, which, without knowing anything else, I would assume means that we're coming from the Catalyst switching family, but we're talking about wireless controller, something that we're not new to whatsoever. What's happening here? ANUPAM UPADHYAYA: Robb, we have done wireless controllers for a while. Wireless controllers do seamless authentication, mobility, and manage multiple access points-- the heart of the wireless network. ROBB BOYD: OK. ANUPAM UPADHYAYA: What we are doing fundamentally different here is, we are taking all the 15 to 17 years of innovation and Wi-Fi and marrying that with IOS XE, a modern, modeler operating system which gives you the benefit of a network that is always on, secure, programmable, and flexible. ROBB BOYD: OK. OK, now that makes a lot of sense. So IOS XE is the new foundation for what we're doing with wireless on this platform going forward. We have-- as you mentioned, I think it's 15-plus years of AireOS, which would be the monolithic operating system, if you will, that we've done. So there are certain reasons that we have chosen to go this direction. I assume they're IOS XE-based. In other words, the benefits or the things that are different that we can do now that we couldn't do before is why you cited things like-- well, let's just go into that-- always on. What do you mean by that? ANUPAM UPADHYAYA: Right. See look, when you look at networks of today, they're increasingly changing. You've got iPhone Xs today, Amazon Echoes tomorrow, Samsung Galaxy day after tomorrow. They come with a variety of device drivers-- a variety of expectations-- and there's this constant need to always upgrade your network-- the software on that, right? You want a differentiated quality of experience. And as you upgrade your networks, you always have to plan for a downtime. And imagine, Robb, you walk in and the network admin tells you, no Wi-Fi for the next six hours. Or you're a kid. No Wi-Fi for two minutes-- how does that work? ROBB BOYD: No, it doesn't work. ANUPAM UPADHYAYA: It doesn't work, right? ROBB BOYD: Yeah, it doesn't work at all. OK. ANUPAM UPADHYAYA: So you want infrastructure where you can patch and bug fixes, PSIRT for security, add in new AP models, add in new functionality without having any operational impact on the Wi-Fi infra. But there's the controller, whether it's the AP or the clients. And you think about Catalyst 9K, where they're thinking about the switches or the new 9800 wireless controller. They're running IOS XE. And there's this common trait, hot patching, which is enabling this entire thing, right? The ability to patch in a PSIRT, and that we could do on the switch. What we did there, we took that same paradigm-- because it's IOS XE-- to wireless. And now, are saying, I can do that patching just on the controller, but also on the access point. I'm building that resiliency to the wireless infra, as well. ROBB BOYD: So you're saying-- because as of today, if I need to roll out a patch-- take the Krack vulnerability, or something we've had in the past. That was one that required everybody, no matter how fast we released-- and we're pretty darn good on the security side-- historically you'd have to take the network down for a brief moment to restart the APs, which means everybody loses network access, which could be critical in certain situations. People can't do that to address a vulnerability. They're going to keep happening, let's be frank about it, as well as updates, upgrades and such like this. And you're saying that this can now be rolled out in a hot patching way. So in other words, we don't have to take the network down, we can actually stage this. ANUPAM UPADHYAYA: Yeah. It could be-- ROBB BOYD: I mean, not stage it, but I mean, actually roll it out live. ANUPAM UPADHYAYA: Exactly right. And Robb, on top of that, when you start thinking about certifications, when you're adding a new element-- a PSIRT fix-- that means you're changing the entire image. That needs to be requalified. And that's a bit of a pain for a lot of customers. And now, in this case, what we are saying is we have contained that entire PSIRT to one module that we're patching in. So you don't even have to recertify the entire thing, which is a big deal for a lot of customers. ROBB BOYD: Yeah, absolutely. OK, moving on. So security-- what are doing different with security? ANUPAM UPADHYAYA: Look, the reality of the matter is, in the world of today, you've got infestation of malware everywhere-- millions of new malware variants coming onto the network, and most of them are encrypted, which means they could be sitting on a network dormant, and then they explode all of a sudden. And you've got problems with the network. And Robb, I think you've covered ETA-- Encrypted Third Analytics, right? ROBB BOYD: Absolutely. So we can do Encrypted Traffic Analytics? ANUPAM UPADHYAYA: Yeah, Encrypted Traffic Analytics. ROBB BOYD: I know, I make the same mistake. But so ETA is now available on this platform, as well? ANUPAM UPADHYAYA: Exactly right. So now what we have done is, we have taken that ETA onto Wi-Fi, and all those benefits of detecting encrypted malware with 99% efficacy is available on Wi-Fi natively. ROBB BOYD: That's cool, because that's unique to Cisco. I like that stuff a lot. So that obviously brings in kind of a coordination between Talos, Stealthwatch, and some of those other components that we are starting to get used to that we've been able to do on the network infrastructure side. We can do this on the wireless side now, as well. ANUPAM UPADHYAYA: Yeah. ROBB BOYD: Now, you mentioned-- let me see, what was the other one? Flexibility, I believe. ANUPAM UPADHYAYA: Right. ROBB BOYD: What are you implying when you say this platform is more flexible than previous? ANUPAM UPADHYAYA: Robb, controller software function, right? At the end of the day, it's a brain which is managing seamless roaming connectivity for clients between access points, giving you the visual experience. We at Cisco believe it's a function that can reset another appliance-- the 1980s, the first module controller with support for 108 uplinks. 1940s, the appliance form factors. You could put that on a switch. The Catalyst 9300 switch-- ROBB BOYD: So you're saying we don't have to have it on the appliance anymore. We can do this virtually? We can do it on a switch? ANUPAM UPADHYAYA: You could do wherever you want it. You could put it on an appliance, so if you are using an appliance-- and that's where most of the customers are today. ROBB BOYD: Right, that's what we're used to. ANUPAM UPADHYAYA: So you get that. But if you have a Catalyst 9300 deployed, and you're using SDA, you can put that controller on the switch. ROBB BOYD: One less device to manage. ANUPAM UPADHYAYA: Yeah. And we're not done. You start thinking about, a lot of customers moving to a virtualized environment, consolidation of data center where they saying, I'm going to move all my compute, all my applications to a, like, ESXI. ROBB BOYD: Like ESXI or KBM we're talking? ANUPAM UPADHYAYA: Yeah, or even ENCS, the one that we have, right? ROBB BOYD: OK, yeah. ANUPAM UPADHYAYA: I could put that controller as a function there. And I'm still not done. You start thinking about public cloud. People are increasingly moving to AWS. They're saying, I want to move to a hybrid cloud environment. You can put this controller function on AWS, as well. So what this really means is, the customer can bring the infra of their choice. I can deploy the controller on that. So you could rent compute and memory on AWS, you could have computer memory in a virtualized environment, ESXI KBM. You could have it on the appliance, and you could run the controller-- no compromises, consistency of functionality, consistency of experience across all these form factors. And that's what I truly mean by flexibility. ROBB BOYD: Wow, OK. So you're really talking about something-- it's much more of a platform type of play, here, where we are not saying to the customer, here's what we made to use that you're going to have to figure out where this fits in your environment. We're saying, what function do you need, wherever that happens to fit best in the way you run your operation? ANUPAM UPADHYAYA: Exactly right. I mean, look, customers increasingly do not want to be tied to one infra. They want to have flexibility of infra. And that's what we are enabling. You take the infra you want, I'll manage it the way you want it. This all can be managed by DNA Center, or could be managed by Web UI, or could be managed by CLI. So flexibility everywhere. ROBB BOYD: Well, you mentioned programmability, as well. So I'm assuming that may fall into somewhat of a similar category. So if I'm using programmatically accessible tools and such like this, this also functions in that environment too? ANUPAM UPADHYAYA: Yeah. And this, again, ties back to flexibility, right? So let's talk about, a lot of us are CLI jockeys. A lot of us are Prime jockeys, because we have used Prime for a long time. ROBB BOYD: Right, you get used to it for a long time. ANUPAM UPADHYAYA: We are supporting all of that. That's not going away. ROBB BOYD: OK. That's good to know. ANUPAM UPADHYAYA: We are leading with DNA Center. That's where assurance is. That's where you get assurance, and it works best with DNA. That's our lead platform. It works with that, as well. What we also realize is, there is a set of customers who are moved to a dev ops model. They are building their own tools for, like, Puppet, Chef, are writing their own scripts for NETCONF, and YANG models. The controller has a corresponding YANG model for every operational CLI. So everything that it could do with a CLI on the controller, you have a corresponding YANG model, which means now the customer who is moving to a DevOps model could you his own scripts-- Puppet, Chef-- to really manage the box. And this is a bit of a paradigm shift, and I'll tell you why. ROBB BOYD: Well not everybody is doing it. But you're not saying they have to. You're just saying it's an option. ANUPAM UPADHYAYA: Yeah, exactly. Again, it goes back to flexibility, right? You do what you want. It's an open environment. And look, when you think about programmability one of the key constructs says, it's about dealing with structural data. When you think about a CLI jockey like me, and if you do a syslog, or you do SNMP walk, to get to the data that you want is very painstaking. It takes time. Now, with YANG models, you're dealing with structured data, which means you can get to the data you want. ROBB BOYD: I know right where it's going to be. I don't know what it is, but I know where it's going to be, and so I can process based on that. ANUPAM UPADHYAYA: Exactly right. What that means for the customer is, look, in real world and at work, we get inundated with data. What programmability allows you is to really consume the data. ROBB BOYD: Get some structure around that data. ANUPAM UPADHYAYA: When you want it, and at the periodicity you want it. That's critical. ROBB BOYD: There are a couple of things I wanted to make sure I understood. First of all, there's no indication that-- AireOS does not go away. If I have recently deployed a controller, I still have access to AireOS. Obviously, we're continuing to invest in that. It's going to support-- I believe you mentioned to me-- 802.1AX. So we don't have any issues there with anybody that's got our existing controllers. This just represents the new direction, especially from a DNA center or SDA type of perspective-- intent-based networking. This is the way-- definitely the platform to go, because it was obviously, purposely built for that. Am I correct in saying all that? ANUPAM UPADHYAYA: Robb, you summed it very well. Look, this is our direct future direction. We are sort of unifying switch, wireless routing, on IOS XE platforms. But we are not going to abandon our AireOS customers. We understand there is a big installed base there. ROBB BOYD: Huge, yeah. ANUPAM UPADHYAYA: And all this transition takes time. It doesn't happen overnight. ROBB BOYD: OK. So this is not alarm bells. ANUPAM UPADHYAYA: 11ax, we're going to support that AireOS. Like you said, when 11ax comes, it will be supported on AireOS. AireOS is not going away. ROBB BOYD: Don't shoot me for asking this question. Converged access-- this is not the same as what we had previously called converged access. With a couple platforms where some of the things may sound a little bit similar to what we're doing here. This is completely different, though, it sounds like. Is that true? ANUPAM UPADHYAYA: Yeah. It's a very interesting question, Robb. When we sort of started with this project about three years back, we first looked at what we can learn from converged access. So converged access was our first attempt at unifying these thing. And there are certain things which we could have done better, like providing investment protection, feature parity with AireOS, providing support for Prime, Web UI, CLI, making sure that there is a consistency of experience across what's there in AireOS and this. And more importantly, making sure that we run a prolonged EFT cycle-- make sure that customers-- we run an EFT cycle for nine months. ROBB BOYD: So you're saying we've tested this with customers for-- it sounds like a pretty good, long time. ANUPAM UPADHYAYA: A very long time. ROBB BOYD: Before we even got to this point of announcing it. ANUPAM UPADHYAYA: And very demanding, very demanding-- some web-scale customers. ROBB BOYD: What if they're watching here? Be careful. ANUPAM UPADHYAYA: Yeah, I know. ROBB BOYD: OK, but web-scale, that's interesting. So you've been stress testing these things in actual, live environments? ANUPAM UPADHYAYA: Yeah. ROBB BOYD: So we're not beta testing on our other customers at this point in time? No. We've already done all that. ANUPAM UPADHYAYA: Yeah. We have done extensive EFT testing. And now we are out. And again, Robb, all those-- we took the learnings that distributed control system architecture-- not a good idea. Making sure that the consistency of features is there from day zero. Making sure you're providing investment protection for existing management tools. We are giving all that from day one, right? So we have launched the support for Prime, the support for Web UI, the support for CLI, with 16.10 IOS XE release, where we release this product, we have enterprise feature parity with AireOS. And we are going to bridge the other gaps in the next two releases. ROBB BOYD: I've got to run over the lab, because I can see AP is ready for me to come over here, and we're going to get into some of these details here. But thank you. Thank you so much. ANUPAM UPADHYAYA: Robb, thank you. ROBB BOYD: Is that everything? There anything else? ANUPAM UPADHYAYA: Yes. ROBB BOYD: OK, good. ANUPAM UPADHYAYA: We're good. ROBB BOYD: Thank you very much. All right, let's run over here to the lab. All right, so we're in the lab. Welcome. APARAJITA SOOD: Thank you, good to be here. ROBB BOYD: So glad to have you here. I'm just going to take AP, if you don't mind. APARAJITA SOOD: Yeah, that's perfect. ROBB BOYD: OK, good. Pronunciation is not my strong suit. So glad to have you here, because I want to get into the details of kind of what we were talking about in the lounge. What's the truth behind all of this? Obviously, there's some physical boxes, here. We've got the controllers. What's important to understand about these controllers? APARAJITA SOOD: So these are the industry's first modular wireless controllers. And so they're built ground-up for intent-based networking and for Cisco DNA. And what that means is, we've brought in the goodness of IOS XE, combined that with what we've always had in AireOS-- you know, RF excellence-- and brought out industry's best in class controllers with high availability, programmability, and security. And I just want to show you the two controllers-- the appliance form factors. Of course, you know, this is available on the appliances. It's available on the cloud-- the public and private cloud-- on the switch, as well. But what we have right here is the appliance. And the one at the bottom really is the 80 gig module, the 9800 80. It is the industry's first controller with a modular uplink. So that means I can actually have an 18 into 1 gige module, 10 into 10 gige module, a 40, 80, or 100 gige module. And it supports 6,000 access points, 64,000 clients. It's a two RU form factor, 80 gigs of throughput. And actually, this is much more compact than what we had with the 8540. So it's double the throughput, but it's 30% smaller or more compact as compared with the 8540. ROBB BOYD: So a whole lot more for a whole lot less. APARAJITA SOOD: That's right. ROBB BOYD: To kind of summarize that there. Because these are the form factors-- although it was really the 1RU that we've been most used to when it comes to AireOS. And we're used to that appliance form factor. But that's not to go without mentioning that these are one option, certainly maybe the preferred and many DNA Center situations, or intent-based networking? APARAJITA SOOD: That's right. ROBB BOYD: So we highly encourage, but certainly this is not what you're limited do. APARAJITA SOOD: No, you're not. So this is the 9840 appliance. And this supports 2,000 access points, 32,000 clients. It's a 1RU form factor. And as you can see, there is also a reduction in terms of depth as compared to the 5520, because that was a concern with the 5520. So we've actually made it 40% smaller, but doubled the throughput compared to the 5520. It's not just smaller than the 5520, but also smaller than the 5508. And it has four built-in 10 gige module ports. And yeah, actually both of these, I also want to point out they support high availability. So they support redundancy ports as an external interface. And not just the RG45 redundancy port like we've always had with AireOS, but in addition to that, also a gigabit SFP RP port. And that means you can connect them over fiber. You can go larger distances between the appliances. ROBB BOYD: OK. Well, now I'm curious. So beyond these, and beyond the form factors, what is it like from an operational perspective? Can we look at the UI that you guys have been working on, and kind of how we function with that? Because those changes, I think, become important to understand. APARAJITA SOOD: Yeah. And the cool thing with this is, we have made this for intent-based networking. This is the dashboard. When you get an out-of-the-box appliance, or you deploy a virtual controller, what it gives you the ability to do is, it gives you the ability to plug into a guided UI-based day zero workflow. So that lets you set up basic things like system settings, allows you to create WLANs right at day zero, so that at boot-up time you have the right WLANs, you of the right SSIDs, and also the global RF parameters that can be set right at day zero time. ROBB BOYD: So all of the basic stuff-- it just walks you right through it. APARAJITA SOOD: Exactly. So it's a three-step process, you can click-click-click and your box is up and running. So when you actually come into a day one, it allows you to configure day one in two ways. So there is a wireless basic, which we kind of look at first. And this is an intent-based way to configure a controller. So what that means is, I can just say, here's a network that I want to set up in this location. Either it's local or remote, what networks I want to create within that location, and which APs do I need to broadcast that network. So you can just add a site, here. Put in very basic information like, what's the location name, whether it's a local or a flex, and flex basically refers to FlexConnect, which is our preferred mode of deployment for distributed networks. ROBB BOYD: Yeah, it's a remote site that can function as a controller, as well. APARAJITA SOOD: Exactly. Choose a client density, low typical or high, depending on what kind of a network you're setting up-- whether it's a dorm or an auditorium, a cafeteria. And these RF characteristics vary depending on what kind of a network, where this network is being deployed. ROBB BOYD: You can change it by just dragging that simple thing back and forth. APARAJITA SOOD: It's just a slider. Exactly. So you can just say, high density, typical, or low. ROBB BOYD: So that's included in the basic, yeah. APARAJITA SOOD: So you first set up the basic parameters here. You can also set up networks here. And the cool thing about this is, this wireless basic setup, and the advanced, of course, is fully integrated with the day zero. So when you create networks at day zero, they actually show up at day one in the basics. So you can either say, I want to select a network that was created at day zero and edit policies for a specific location, or I want to create a new network. And when I create a new network, I'm able to edit the policy details. So clients that are connecting to a network within this location will receive specific VLANs, ACLs, QoS, and other specific parameters. So networking and switching policies can be varied on a per location basis. And then, of course, you can choose what access points you need to be part of this location. And these are the access points that will broadcast these SSIDs. And you can do this for local and remote sites. The difference between the local and the remote site is, you have things that are specific to remote sites-- for example, the native VLAN IDs. If you want to put in specific triple-A servers in a remote site, you have the ability to do that, as well. ROBB BOYD: And all of that's under your basic wireless setup. APARAJITA SOOD: Under the basic. So if you want to get more into the advanced stuff, you really want to get into the weeds, modify the knobs of every single detail, we have the option to also go into the advanced setting. So the advance setting is a lot more elaborate. It allows the user to really get into the details of a WLAN policy, AP-specific parameters, and also RF parameters. And we've actually provided a guided workflow that shows the user how he needs to proceed with the configuration. So here, you can see the WLAN profile right on the top allows you to look at what SSIDs are already created, create a new one if you need to. And you can see that there is advanced configuration. You can set in things like P2P blocking, 11K, 11V-- very specific wireless advanced configuration. ROBB BOYD: This is all very logical. I mean, advanced sometimes may scare a few people, but actually this seems very logical. And I like your layout and the workflow. It seems obvious within this, as well. APARAJITA SOOD: Yeah. And again, this is fully integrated with the wireless basic setup, which means anything that you create in basic-- ROBB BOYD: Not wasted time. APARAJITA SOOD: Will also show up in advanced. So the user could come in from day zero, go into the basic flow, create SSIDs there, and wants to tweak something very specific, comes into the advanced. And it's a phased approach to it. So you're not directly thrown into the advanced, but you can kind of choose what your level of comfort is and go in from there. ROBB BOYD: So one thing I'm curious about is I see references to policies, tags, and things like this, but I'm not used to that nomenclature from the AireOS side. And anyone that's working with AireOS historically, how are they going to feel about coming over to something like this? Maybe we could explain a little bit about why it's set up this way. APARAJITA SOOD: Absolutely. So we've actually changed the configuration model from AireOS, and part of that is just because we've moved to an IOS XE-based platform. So things are different with IOS. But even beyond that, we have really changed how we view with concepts like WLANs, AP groups, flex groups, and RF profiles that were existing with AireOS. And we are trying to make this more object oriented. And the good thing with making it object oriented is it's reusable. So I'm going to kind of show you what the model looked like on AireOS, and this is probably familiar to you and a lot of folks. We had four main concepts. We know when you're configuring wireless, there's WLAN, the AP groups, the flex groups, and the RF profiles. But I've also color coded some of these parameters within these entities, and you can see that there is some amount of overlap between the parameters across these entities. So what that leads to is, it leads to inheritance, because you could configure the same thing on the WLAN. You could configure the same thing on the AP group, and then go, again, very specifically into the AP. So it kind of makes it a little bit harder to manage configuration. And our idea with moving towards a simplified 9800 model is that we want to decouple and modularize these, and make sure that we've created profiles that are unique and non-overlapping. So you have a WLAN profile that basically talks to what is the wireless basic and advanced config. The policy profile is about network and switching policies. AP join and flex profiles are specifically two characteristics to do with the access points. And RF profiles are to do with things like HTX parameters, RRAM, data rates, and so on. And then, before they'll kind of group these policies that logically make sense together as tags. So you have a policy tag that defines the domain, a site tag that defines the characteristics of the physical access points in terms of .winX of the AP, redundancy for access points, and so on. And then, finally, the tags are related to RF that combine the 2.4 and 5 gigahertz. And so once you have these tags created, you can just tag the APs with the appropriate tags. So it's not really that you're taking an AP and putting it into a group, it's the other way around where you're creating an object, calling it a tag, and then tagging the access points. So this becomes a lot more reusable. ROBB BOYD: I was going to say, a lot less work. APARAJITA SOOD: A lot less work. It's simplified. You can reuse these objects. And also it's easier to provision, easier to manage on an ongoing basis. ROBB BOYD: One of the benefits-- and this is what I like about-- we were recording this show after the announcement's been made. And so one of the benefits of that is that I've been able to talk to some people that have actually gone through the deployment-- some hardcore, AireOS experienced, external to Cisco, wireless engineers. And consistently, what I've heard back-- and this is credit to your team, a lot of people behind you working on this stuff-- that they felt like it naturally, even though they had more experience with AireOS than they did with IOS XE, they said this felt natural. It was easy for them to get into. It was logical. They knew kind of, even if they didn't know exactly where something was going to go, it wasn't hard to figure out. And then, pretty soon they were kind of in the groove, because it just made sense. And that's a credit to you guys in the UI perspective, because I know that's not easy to really figure out, because you guys are in the weeds constantly as you're figuring out these details. Anyway, but nice job. I think this does make sense, and it's nice to see it go in this direction. Because as things get bigger and more complicated, that's the kind of model that we really need, which is, I know, what you're looking for. You guys are built for scale. APARAJITA SOOD: That's right. ROBB BOYD: Yeah, absolutely. APARAJITA SOOD: And we've made it very easy for customers to migrate from their existing AireOS networks to the 9800, because if you look at these concepts, this is new. You know, so customers don't really have to bear the burden of manually migrating this. So we've actually provided an inbuilt support for a script that converts your existing AireOS to a 9800 configuration. And I want to show you what that script looks like. It's essentially inbuilt natively to the controller. And it's the AireOS conflict translator. By the way, this is also available on Prime. So if you have a customer that's doing advanced configuration with AireOS currently, the same tool that is embedded on the controller is also on Prime. And you can seamlessly migrate an existing AireOS deployment using Prime. ROBB BOYD: That's so good to hear. APARAJITA SOOD: To the 9800. And also, with DNA Center, automation is completely seamless across AireOS and the 9800, because that's the whole function of automation is to abstract out the details of the architecture. ROBB BOYD: But you guys went to the trouble to make it easier to go, hey, I've spent years perfecting my policy models, and how this is set up. I need to go to something new, because we're adding new sites, or we're starting to grow in this direction, or we've bought in. We like where this is going. And you're saying, we've made it easy for you to take that work you've already done. It's not wasted time. We're going to be able to apply it for you. APARAJITA SOOD: Exactly. You can see how easy it is to actually translate the configuration. All you do is, you select and upload an AireOS config file. And this will show you what the translated config looks like. And what's really nice about this is you can see what corresponding AireOS conflict maps to what 9800 can fix. So anything that you see with a bang right here is actually AireOS config. It's not going to get applied when you apply to the box. And then, it shows you the corresponding configuration in terms of what it looks like on IOS XE. And it's as easy as just applying it, or if you'd like to edit IP addresses, if you want to put in password shared secrets, you can just export this, make edits, and then import the file, and you're basically ready to go from there. ROBB BOYD: I like where you noded out the code, so you kind of know what you're looking at. It's not going to go through. But if you're trying to make sure it's correct before you apply it, you're still going to recognize that we left it in there. It's not gibberish. APARAJITA SOOD: It's a visual way to just recognize that this is a mapping that the tool is doing for me. ROBB BOYD: Well, let me ask you-- OK, so that's a situation going in a migration. What about coexistence-- the notion that many customers start adding the 9800, but there's no reason to throw out anything that they've done previously, right? Can the two run at the same time? APARAJITA SOOD: Absolutely. And this is really why we are doing this, is because we want to bring in adoption as quickly as possible to these platforms, and make sure the customers that have AireOS are not really having to take out everything that they have in they networks today. ROBB BOYD: That's just not a reality. Yeah. APARAJITA SOOD: And it works seamlessly, because we have the ability to do seamless roaming between 9800 and AireOS. ROBB BOYD: Now, IRCM-- sorry, what does that stand for? APARAJITA SOOD: So Inter-Controller Roaming. That's what it means when clients are roaming between the two controllers. So in this example, you have a controller that's running AireOS and a controller that's the new controller-- the 9800. And what we're saying is, as long as you upgrade your AireOS controller to 8.8 MR2 you will have seamless mobility across the two controllers. And the reason you need 8.8 MR2 is because the 9800 uses encrypted mobility. We want to make it more secure. It's CAPWAP based. Whereas on the traditional AireOS, it's AoIP. So you need a controller with a code to bridge the two. ROBB BOYD: That's going to understand the tunnels. Yeah. APARAJITA SOOD: So this is the code that actually allows you to create tunnels based on what the peer is. So if the peer is a 9800, it actually creates a CAPWAP secure a mobility tunnel. If it's an older AireOS controller, it continues to use AoIP. So as long as you upgrade this to 8.8 MR2 seamless mobility across the campus. And you don't really need to do this for every single controller in your mobility group as long as you upgrade the controller that is in the roaming path. So you need something that is a bridge between the 9800-- the newer platform-- and your existing AireOS controllers. ROBB BOYD: It's not as easy to upgrade the older stuff as it's going to be. APARAJITA SOOD: That's right. ROBB BOYD: But you don't need to do all of them. What about, can you use the previous installation as a guest anchor or something to that effect? APARAJITA SOOD: Absolutely. So if you have an existing AireOS guest anchor, again, you need to upgrade this to 8.8 MR2 So that it has the capability to create a secure mobility tunnel with a 9800 foreign controller, and also continue to do AoIP with an existing AireOS foreign and controller. And as long as you upgrade this to 8.8 MR2, this will continue to work. You can also use the 9800 as the anchor controller. But again, most customers already have an AireOS controller deployed in the DMZ, so you don't really want to rip and replace it. You just upgrade the code, and this continues to give you guest anchor functionality. ROBB BOYD: So really migrate over time. You're removing excuses for people not to start trying this out, right? APARAJITA SOOD: Absolutely. That's right. We are making it very, very easy for customers to adopt. ROBB BOYD: Because obviously, AireOS doesn't go away. APARAJITA SOOD: No, it does not. ROBB BOYD: We have a lot deployed out there now that some people are perfectly happy with, and they're going to continue to work with it. This just represents kind of a direction that we're going in the long run for even better scalability, better resilience, high availability, as was mentioned, as well. And these new platforms can handle so much more than ever before. Is that a good place to sum things up, here? APARAJITA SOOD: Yeah, absolutely. I mean, so you can see that this is-- the three thing that we always talk about is deploy anywhere. And you can see the same IOS XE code is deployed in the appliances. The exact same UI, by the way, that we showed you is available across the board. So it's not a different UI for every platform. It's the exact same UI-- exact same interface whether you are in the appliance, whether you are on the cloud, or on the switch as an embedded function. And, you know, these are industries-- first controllers that are modular that are highly available, that are versatile, that have programmability support, that support telemetry. And we are making the adoption and the migration really seamless, and very, very intuitive. ROBB BOYD: Well, I'm impressed with the team and what you guys have accomplished, also because of the amount of testing that you did beforehand. APARAJITA SOOD: Absolutely. ROBB BOYD: Before we ever got to this public point, you guys went to the trouble of getting a lot of feedback from some important people that kind of rode these things pretty hard to make sure that they could work correctly. So nice job with your team. APARAJITA SOOD: Thank you. ROBB BOYD: Please thank everybody for me. I'm sure they're waiting to hear what Robb had to say to it. APARAJITA SOOD: I will. ROBB BOYD: But either way, thank you so much for walking us through that. APARAJITA SOOD: You're welcome. ROBB BOYD: Guys, thank you so much for watching the show, as well. Hope you enjoyed it. Hope you learned something. I'm going to put into the show notes a couple other shows that this all ties into, because this whole family continues to expand. When we talk about the Catalyst 9000 or the Catalyst 9K, adding wireless to this just makes complete sense, makes things a whole lot easier. And I really like the consolidation that's happening. I hope you do as well. No reason not to try this. Anyway, thanks for watching. We'll see you on the next one. [MUSIC PLAYING]
Info
Channel: Cisco
Views: 9,093
Rating: 4.7985611 out of 5
Keywords: Aironet, Wireless, Controller, Catalyst, 9800, HA, TechWiseTV, IOS-XE, Programmability, Cisco, cisco techwisetv, cisco catalyst 9800, cisco catalyst, cisco wireless controller
Id: 3Puo3PEAiAc
Channel Id: undefined
Length: 31min 59sec (1919 seconds)
Published: Fri Jan 04 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.