[MUSIC PLAYING] ROBB BOYD: Welcome
to TechWiseTV. We have had a bunch of new
announcements within enterprise networking-- specifically
Cisco Catalyst, the most successful product
line in networking history. And today, we get to
dig into the Catalyst that nobody expected, as I
think Sachin Gupta recently called it, it's the Catalyst
9800-- notable because it's not a switch, it's a
wireless controller. Let that sink in. You know what? Let's quickly recap
some Catalyst history, because it's been
a busy 18 months. If you remember, Cisco unveiled
intent-based networking about a year and a half back. Now, that first announcement was
anchored with new Catalyst 9000 switches. The 9500 Aggregation Switch,
along with 9300 and 9400 Enterprise Class
Edge Switches, which were the successors to
the older 3000, the 4000, as well as the 6000-- all of these different
lines now evolving into a single family that
share the incredible UADP flexible ASIC, along
with the exact same code base all the way across. Now, we get the Catalyst 9200
which has joined the party. And it's the switch that
everyone expected, right? It's the mid-market successor
to the Catalyst 2K line. Well, today we're going to take
a closer look at the Catalyst 9800, which is not a switch,
but a wireless controller. This is what was meant by the
Catalyst that nobody expected, and this is a really big deal. Why? Well, I mean,
hypothetically if you had to choose which part
of your corporate network could suffer an outage,
which would you choose, right-- wireless or wired? Well, there's no acceptable
answer to that Hobson's choice. The entire network is critical. And wireless
networking has to have that exact same resilience
of its codependent cousin, switching. Well, we have two incredible
guests that are here to show us exactly what this looks like. Now, our engineer
guest in the lab is-- she's told
me to call her AP, because I can't pronounce
her name correctly. Well, she represents
this team, and it's not even the entire team, right? She's going to be in the lab. AP is going to cover
all of the deployment models, the migration tools,
the high availability that's now possible. In fact, I'm ready. Let's go ahead and get
started in the lounge and learn a bit more. Anupam, welcome to TechWiseTV. ANUPAM UPADHYAYA: Robb,
thank you for having me. Excited to be here. ROBB BOYD: Yeah, well I've
got questions, because this-- now I understand it, but
I want to understand it from your perspective,
this notion that we've got the Catalyst
9800, which, without knowing anything else, I would assume
means that we're coming from the Catalyst
switching family, but we're talking about
wireless controller, something that we're not
new to whatsoever. What's happening here? ANUPAM UPADHYAYA: Robb, we
have done wireless controllers for a while. Wireless controllers do seamless
authentication, mobility, and manage multiple
access points-- the heart of the wireless network. ROBB BOYD: OK. ANUPAM UPADHYAYA: What we are
doing fundamentally different here is, we are taking all the
15 to 17 years of innovation and Wi-Fi and
marrying that with IOS XE, a modern, modeler operating
system which gives you the benefit of a
network that is always on, secure, programmable,
and flexible. ROBB BOYD: OK. OK, now that makes
a lot of sense. So IOS XE is the new
foundation for what we're doing with wireless on
this platform going forward. We have-- as you
mentioned, I think it's 15-plus years
of AireOS, which would be the monolithic
operating system, if you will, that we've done. So there are certain
reasons that we have chosen to go this direction. I assume they're IOS XE-based. In other words, the
benefits or the things that are different
that we can do now that we couldn't do before is
why you cited things like-- well, let's just go
into that-- always on. What do you mean by that? ANUPAM UPADHYAYA: Right. See look, when you look
at networks of today, they're increasingly changing. You've got iPhone Xs today,
Amazon Echoes tomorrow, Samsung Galaxy day
after tomorrow. They come with a variety
of device drivers-- a variety of expectations-- and there's this
constant need to always upgrade your network-- the
software on that, right? You want a differentiated
quality of experience. And as you upgrade
your networks, you always have to
plan for a downtime. And imagine, Robb, you walk
in and the network admin tells you, no Wi-Fi
for the next six hours. Or you're a kid. No Wi-Fi for two minutes-- how does that work? ROBB BOYD: No, it doesn't work. ANUPAM UPADHYAYA: It
doesn't work, right? ROBB BOYD: Yeah, it
doesn't work at all. OK. ANUPAM UPADHYAYA: So
you want infrastructure where you can patch and bug
fixes, PSIRT for security, add in new AP models,
add in new functionality without having any operational
impact on the Wi-Fi infra. But there's the
controller, whether it's the AP or the clients. And you think about
Catalyst 9K, where they're thinking about the
switches or the new 9800 wireless controller. They're running IOS XE. And there's this common
trait, hot patching, which is enabling this
entire thing, right? The ability to patch
in a PSIRT, and that we could do on the switch. What we did there, we
took that same paradigm-- because it's IOS XE-- to wireless. And now, are saying,
I can do that patching just on the controller, but
also on the access point. I'm building that resiliency
to the wireless infra, as well. ROBB BOYD: So you're
saying-- because as of today, if I need to roll out a patch--
take the Krack vulnerability, or something we've
had in the past. That was one that
required everybody, no matter how fast we released--
and we're pretty darn good on the security side-- historically you'd have
to take the network down for a brief moment to
restart the APs, which means everybody loses network
access, which could be critical in certain situations. People can't do that to
address a vulnerability. They're going to
keep happening, let's be frank about it, as
well as updates, upgrades and such like this. And you're saying that
this can now be rolled out in a hot patching way. So in other words, we don't
have to take the network down, we can actually stage this. ANUPAM UPADHYAYA: Yeah. It could be-- ROBB BOYD: I mean, not stage
it, but I mean, actually roll it out live. ANUPAM UPADHYAYA: Exactly right. And Robb, on top of that,
when you start thinking about certifications, when you're
adding a new element-- a PSIRT fix-- that means you're
changing the entire image. That needs to be requalified. And that's a bit of a pain
for a lot of customers. And now, in this case,
what we are saying is we have contained
that entire PSIRT to one module that we're patching in. So you don't even
have to recertify the entire thing, which is a
big deal for a lot of customers. ROBB BOYD: Yeah, absolutely. OK, moving on. So security-- what are doing
different with security? ANUPAM UPADHYAYA: Look,
the reality of the matter is, in the world
of today, you've got infestation of malware
everywhere-- millions of new malware variants
coming onto the network, and most of them
are encrypted, which means they could be sitting
on a network dormant, and then they explode
all of a sudden. And you've got problems
with the network. And Robb, I think
you've covered ETA-- Encrypted Third
Analytics, right? ROBB BOYD: Absolutely. So we can do Encrypted
Traffic Analytics? ANUPAM UPADHYAYA: Yeah,
Encrypted Traffic Analytics. ROBB BOYD: I know, I
make the same mistake. But so ETA is now available
on this platform, as well? ANUPAM UPADHYAYA: Exactly right. So now what we have done is, we
have taken that ETA onto Wi-Fi, and all those
benefits of detecting encrypted malware
with 99% efficacy is available on Wi-Fi natively. ROBB BOYD: That's cool,
because that's unique to Cisco. I like that stuff a lot. So that obviously brings
in kind of a coordination between Talos, Stealthwatch, and
some of those other components that we are starting to
get used to that we've been able to do on the
network infrastructure side. We can do this on the
wireless side now, as well. ANUPAM UPADHYAYA: Yeah. ROBB BOYD: Now,
you mentioned-- let me see, what was the other one? Flexibility, I believe. ANUPAM UPADHYAYA: Right. ROBB BOYD: What are you implying
when you say this platform is more flexible than previous? ANUPAM UPADHYAYA: Robb,
controller software function, right? At the end of the
day, it's a brain which is managing seamless
roaming connectivity for clients between
access points, giving you the
visual experience. We at Cisco believe
it's a function that can reset another appliance-- the 1980s, the first
module controller with support for 108 uplinks. 1940s, the appliance
form factors. You could put that on a switch. The Catalyst 9300 switch-- ROBB BOYD: So you're saying
we don't have to have it on the appliance anymore. We can do this virtually? We can do it on a switch? ANUPAM UPADHYAYA: You could
do wherever you want it. You could put it
on an appliance, so if you are using
an appliance-- and that's where most of
the customers are today. ROBB BOYD: Right, that's
what we're used to. ANUPAM UPADHYAYA:
So you get that. But if you have a Catalyst 9300
deployed, and you're using SDA, you can put that
controller on the switch. ROBB BOYD: One less
device to manage. ANUPAM UPADHYAYA: Yeah. And we're not done. You start thinking about,
a lot of customers moving to a virtualized
environment, consolidation of data center where
they saying, I'm going to move all my compute,
all my applications to a, like, ESXI. ROBB BOYD: Like ESXI
or KBM we're talking? ANUPAM UPADHYAYA: Yeah, or even
ENCS, the one that we have, right? ROBB BOYD: OK, yeah. ANUPAM UPADHYAYA: I could put
that controller as a function there. And I'm still not done. You start thinking
about public cloud. People are increasingly
moving to AWS. They're saying, I want to move
to a hybrid cloud environment. You can put this controller
function on AWS, as well. So what this really
means is, the customer can bring the infra
of their choice. I can deploy the
controller on that. So you could rent compute
and memory on AWS, you could have computer memory
in a virtualized environment, ESXI KBM. You could have it
on the appliance, and you could run the
controller-- no compromises, consistency of functionality,
consistency of experience across all these form factors. And that's what I truly
mean by flexibility. ROBB BOYD: Wow, OK. So you're really talking
about something-- it's much more of a
platform type of play, here, where we are not
saying to the customer, here's what we made
to use that you're going to have to
figure out where this fits in your environment. We're saying, what
function do you need, wherever that happens
to fit best in the way you run your operation? ANUPAM UPADHYAYA: Exactly right. I mean, look, customers
increasingly do not want to be tied to one infra. They want to have
flexibility of infra. And that's what we are enabling. You take the infra
you want, I'll manage it the way you want it. This all can be
managed by DNA Center, or could be managed by Web UI,
or could be managed by CLI. So flexibility everywhere. ROBB BOYD: Well, you mentioned
programmability, as well. So I'm assuming that
may fall into somewhat of a similar category. So if I'm using programmatically
accessible tools and such like this, this also
functions in that environment too? ANUPAM UPADHYAYA: Yeah. And this, again, ties back
to flexibility, right? So let's talk about, a
lot of us are CLI jockeys. A lot of us are Prime
jockeys, because we have used Prime for a long time. ROBB BOYD: Right, you get
used to it for a long time. ANUPAM UPADHYAYA: We are
supporting all of that. That's not going away. ROBB BOYD: OK. That's good to know. ANUPAM UPADHYAYA: We are
leading with DNA Center. That's where assurance is. That's where you get assurance,
and it works best with DNA. That's our lead platform. It works with that, as well. What we also
realize is, there is a set of customers who are
moved to a dev ops model. They are building
their own tools for, like, Puppet, Chef, are writing
their own scripts for NETCONF, and YANG models. The controller has a
corresponding YANG model for every operational CLI. So everything that it could do
with a CLI on the controller, you have a corresponding
YANG model, which means now
the customer who is moving to a DevOps model
could you his own scripts-- Puppet, Chef-- to
really manage the box. And this is a bit of a paradigm
shift, and I'll tell you why. ROBB BOYD: Well not
everybody is doing it. But you're not
saying they have to. You're just saying
it's an option. ANUPAM UPADHYAYA: Yeah, exactly. Again, it goes back
to flexibility, right? You do what you want. It's an open environment. And look, when you think
about programmability one of the key constructs
says, it's about dealing with structural data. When you think about
a CLI jockey like me, and if you do a
syslog, or you do SNMP walk, to get to
the data that you want is very painstaking. It takes time. Now, with YANG
models, you're dealing with structured
data, which means you can get to the data you want. ROBB BOYD: I know right
where it's going to be. I don't know what it is, but
I know where it's going to be, and so I can process
based on that. ANUPAM UPADHYAYA: Exactly right. What that means for the
customer is, look, in real world and at work, we get
inundated with data. What programmability allows you
is to really consume the data. ROBB BOYD: Get some
structure around that data. ANUPAM UPADHYAYA: When you
want it, and at the periodicity you want it. That's critical. ROBB BOYD: There are a
couple of things I wanted to make sure I understood. First of all, there's
no indication that-- AireOS does not go away. If I have recently
deployed a controller, I still have access to AireOS. Obviously, we're continuing
to invest in that. It's going to support-- I believe you mentioned to me-- 802.1AX. So we don't have any
issues there with anybody that's got our
existing controllers. This just represents the
new direction, especially from a DNA center or SDA
type of perspective-- intent-based networking. This is the way-- definitely the platform to
go, because it was obviously, purposely built for that. Am I correct in saying all that? ANUPAM UPADHYAYA: Robb,
you summed it very well. Look, this is our
direct future direction. We are sort of unifying
switch, wireless routing, on IOS XE platforms. But we are not going to
abandon our AireOS customers. We understand there is a
big installed base there. ROBB BOYD: Huge, yeah. ANUPAM UPADHYAYA: And all
this transition takes time. It doesn't happen overnight. ROBB BOYD: OK. So this is not alarm bells. ANUPAM UPADHYAYA: 11ax, we're
going to support that AireOS. Like you said, when 11ax comes,
it will be supported on AireOS. AireOS is not going away. ROBB BOYD: Don't shoot me
for asking this question. Converged access-- this
is not the same as what we had previously
called converged access. With a couple platforms
where some of the things may sound a little bit similar
to what we're doing here. This is completely different,
though, it sounds like. Is that true? ANUPAM UPADHYAYA: Yeah. It's a very interesting
question, Robb. When we sort of started
with this project about three years
back, we first looked at what we can learn
from converged access. So converged access
was our first attempt at unifying these thing. And there are
certain things which we could have done better,
like providing investment protection, feature
parity with AireOS, providing support for
Prime, Web UI, CLI, making sure that there is
a consistency of experience across what's there
in AireOS and this. And more importantly,
making sure that we run a prolonged EFT cycle-- make sure that customers-- we run an EFT cycle
for nine months. ROBB BOYD: So
you're saying we've tested this with
customers for-- it sounds like a pretty good, long time. ANUPAM UPADHYAYA:
A very long time. ROBB BOYD: Before we even got
to this point of announcing it. ANUPAM UPADHYAYA: And
very demanding, very demanding-- some
web-scale customers. ROBB BOYD: What if
they're watching here? Be careful. ANUPAM UPADHYAYA: Yeah, I know. ROBB BOYD: OK, but web-scale,
that's interesting. So you've been stress
testing these things in actual, live environments? ANUPAM UPADHYAYA: Yeah. ROBB BOYD: So we're not beta
testing on our other customers at this point in time? No. We've already done all that. ANUPAM UPADHYAYA: Yeah. We have done
extensive EFT testing. And now we are out. And again, Robb, all those--
we took the learnings that distributed control system
architecture-- not a good idea. Making sure that the consistency
of features is there from day zero. Making sure you're providing
investment protection for existing management tools. We are giving all that
from day one, right? So we have launched
the support for Prime, the support for Web UI,
the support for CLI, with 16.10 IOS XE release,
where we release this product, we have enterprise feature
parity with AireOS. And we are going to bridge
the other gaps in the next two releases. ROBB BOYD: I've got
to run over the lab, because I can see AP is ready
for me to come over here, and we're going to get into
some of these details here. But thank you. Thank you so much. ANUPAM UPADHYAYA:
Robb, thank you. ROBB BOYD: Is that everything? There anything else? ANUPAM UPADHYAYA: Yes. ROBB BOYD: OK, good. ANUPAM UPADHYAYA: We're good. ROBB BOYD: Thank you very much. All right, let's run
over here to the lab. All right, so we're in the lab. Welcome. APARAJITA SOOD: Thank
you, good to be here. ROBB BOYD: So glad
to have you here. I'm just going to take
AP, if you don't mind. APARAJITA SOOD:
Yeah, that's perfect. ROBB BOYD: OK, good. Pronunciation is
not my strong suit. So glad to have
you here, because I want to get into the details
of kind of what we were talking about in the lounge. What's the truth
behind all of this? Obviously, there's some
physical boxes, here. We've got the controllers. What's important to understand
about these controllers? APARAJITA SOOD: So these are
the industry's first modular wireless controllers. And so they're built ground-up
for intent-based networking and for Cisco DNA. And what that means
is, we've brought in the goodness of
IOS XE, combined that with what we've
always had in AireOS-- you know, RF excellence--
and brought out industry's best in
class controllers with high availability,
programmability, and security. And I just want to show
you the two controllers-- the appliance form factors. Of course, you know, this is
available on the appliances. It's available on the cloud-- the public and private cloud--
on the switch, as well. But what we have right
here is the appliance. And the one at the bottom
really is the 80 gig module, the 9800 80. It is the industry's
first controller with a modular uplink. So that means I
can actually have an 18 into 1 gige module, 10
into 10 gige module, a 40, 80, or 100 gige module. And it supports 6,000 access
points, 64,000 clients. It's a two RU form factor,
80 gigs of throughput. And actually, this
is much more compact than what we had with the 8540. So it's double the throughput,
but it's 30% smaller or more compact as compared
with the 8540. ROBB BOYD: So a whole lot
more for a whole lot less. APARAJITA SOOD: That's right. ROBB BOYD: To kind of
summarize that there. Because these are
the form factors-- although it was really
the 1RU that we've been most used to when
it comes to AireOS. And we're used to that
appliance form factor. But that's not to go
without mentioning that these are one
option, certainly maybe the preferred and many
DNA Center situations, or intent-based networking? APARAJITA SOOD: That's right. ROBB BOYD: So we
highly encourage, but certainly this is not
what you're limited do. APARAJITA SOOD: No, you're not. So this is the 9840 appliance. And this supports 2,000
access points, 32,000 clients. It's a 1RU form factor. And as you can
see, there is also a reduction in terms of depth
as compared to the 5520, because that was a
concern with the 5520. So we've actually
made it 40% smaller, but doubled the throughput
compared to the 5520. It's not just smaller than
the 5520, but also smaller than the 5508. And it has four built-in
10 gige module ports. And yeah, actually
both of these, I also want to point out they
support high availability. So they support redundancy
ports as an external interface. And not just the
RG45 redundancy port like we've always had with
AireOS, but in addition to that, also a
gigabit SFP RP port. And that means you can
connect them over fiber. You can go larger distances
between the appliances. ROBB BOYD: OK. Well, now I'm curious. So beyond these, and
beyond the form factors, what is it like from an
operational perspective? Can we look at the UI that
you guys have been working on, and kind of how we
function with that? Because those changes, I think,
become important to understand. APARAJITA SOOD: Yeah. And the cool thing with
this is, we have made this for intent-based networking. This is the dashboard. When you get an
out-of-the-box appliance, or you deploy a
virtual controller, what it gives you
the ability to do is, it gives you the ability to plug
into a guided UI-based day zero workflow. So that lets you set up basic
things like system settings, allows you to create
WLANs right at day zero, so that at boot-up time you
have the right WLANs, you of the right SSIDs, and also the
global RF parameters that can be set right at day zero time. ROBB BOYD: So all
of the basic stuff-- it just walks you
right through it. APARAJITA SOOD: Exactly. So it's a three-step process,
you can click-click-click and your box is up and running. So when you actually
come into a day one, it allows you to configure
day one in two ways. So there is a wireless basic,
which we kind of look at first. And this is an intent-based
way to configure a controller. So what that means
is, I can just say, here's a
network that I want to set up in this location. Either it's local or
remote, what networks I want to create
within that location, and which APs do I need
to broadcast that network. So you can just
add a site, here. Put in very basic information
like, what's the location name, whether it's a local or a
flex, and flex basically refers to FlexConnect,
which is our preferred mode of deployment for
distributed networks. ROBB BOYD: Yeah,
it's a remote site that can function as
a controller, as well. APARAJITA SOOD: Exactly. Choose a client density,
low typical or high, depending on what
kind of a network you're setting up-- whether
it's a dorm or an auditorium, a cafeteria. And these RF
characteristics vary depending on what kind
of a network, where this network is being deployed. ROBB BOYD: You can change it by
just dragging that simple thing back and forth. APARAJITA SOOD:
It's just a slider. Exactly. So you can just say, high
density, typical, or low. ROBB BOYD: So that's
included in the basic, yeah. APARAJITA SOOD: So you first set
up the basic parameters here. You can also set
up networks here. And the cool thing about this
is, this wireless basic setup, and the advanced, of
course, is fully integrated with the day zero. So when you create
networks at day zero, they actually show up at
day one in the basics. So you can either say, I
want to select a network that was created at day
zero and edit policies for a specific location, or I
want to create a new network. And when I create
a new network, I'm able to edit the policy details. So clients that are
connecting to a network within this location will
receive specific VLANs, ACLs, QoS, and other
specific parameters. So networking and
switching policies can be varied on a
per location basis. And then, of course,
you can choose what access points you need
to be part of this location. And these are the
access points that will broadcast these SSIDs. And you can do this for
local and remote sites. The difference between the
local and the remote site is, you have things that are
specific to remote sites-- for example, the
native VLAN IDs. If you want to put in
specific triple-A servers in a remote site, you have the
ability to do that, as well. ROBB BOYD: And all of that's
under your basic wireless setup. APARAJITA SOOD: Under the basic. So if you want to get more
into the advanced stuff, you really want to
get into the weeds, modify the knobs of
every single detail, we have the option to also
go into the advanced setting. So the advance setting
is a lot more elaborate. It allows the user to really
get into the details of a WLAN policy, AP-specific parameters,
and also RF parameters. And we've actually
provided a guided workflow that shows the user
how he needs to proceed with the configuration. So here, you can see the
WLAN profile right on the top allows you to look at what
SSIDs are already created, create a new one if you need to. And you can see that there
is advanced configuration. You can set in things like
P2P blocking, 11K, 11V-- very specific wireless
advanced configuration. ROBB BOYD: This is
all very logical. I mean, advanced sometimes
may scare a few people, but actually this
seems very logical. And I like your layout
and the workflow. It seems obvious
within this, as well. APARAJITA SOOD: Yeah. And again, this is
fully integrated with the wireless basic
setup, which means anything that you create in basic-- ROBB BOYD: Not wasted time. APARAJITA SOOD: Will
also show up in advanced. So the user could
come in from day zero, go into the basic flow,
create SSIDs there, and wants to tweak
something very specific, comes into the advanced. And it's a phased
approach to it. So you're not directly
thrown into the advanced, but you can kind of choose
what your level of comfort is and go in from there. ROBB BOYD: So one
thing I'm curious about is I see references to policies,
tags, and things like this, but I'm not used to that
nomenclature from the AireOS side. And anyone that's working
with AireOS historically, how are they going to
feel about coming over to something like this? Maybe we could
explain a little bit about why it's set up this way. APARAJITA SOOD: Absolutely. So we've actually changed
the configuration model from AireOS, and part of that
is just because we've moved to an IOS XE-based platform. So things are
different with IOS. But even beyond
that, we have really changed how we view with
concepts like WLANs, AP groups, flex
groups, and RF profiles that were existing with AireOS. And we are trying to make
this more object oriented. And the good thing with
making it object oriented is it's reusable. So I'm going to kind
of show you what the model looked like on
AireOS, and this is probably familiar to you
and a lot of folks. We had four main concepts. We know when you're
configuring wireless, there's WLAN, the AP
groups, the flex groups, and the RF profiles. But I've also color coded
some of these parameters within these
entities, and you can see that there is some amount of
overlap between the parameters across these entities. So what that leads to is,
it leads to inheritance, because you could configure
the same thing on the WLAN. You could configure the
same thing on the AP group, and then go, again, very
specifically into the AP. So it kind of makes
it a little bit harder to manage configuration. And our idea with moving
towards a simplified 9800 model is that we want to decouple and
modularize these, and make sure that we've created profiles that
are unique and non-overlapping. So you have a WLAN
profile that basically talks to what is the wireless
basic and advanced config. The policy profile is about
network and switching policies. AP join and flex
profiles are specifically two characteristics to do
with the access points. And RF profiles are to do with
things like HTX parameters, RRAM, data rates, and so on. And then, before
they'll kind of group these policies that logically
make sense together as tags. So you have a policy tag
that defines the domain, a site tag that defines the
characteristics of the physical access points in terms
of .winX of the AP, redundancy for access
points, and so on. And then, finally,
the tags are related to RF that combine the
2.4 and 5 gigahertz. And so once you have
these tags created, you can just tag the APs
with the appropriate tags. So it's not really that
you're taking an AP and putting it
into a group, it's the other way around where
you're creating an object, calling it a tag, and then
tagging the access points. So this becomes a
lot more reusable. ROBB BOYD: I was going
to say, a lot less work. APARAJITA SOOD: A lot less work. It's simplified. You can reuse these objects. And also it's
easier to provision, easier to manage on
an ongoing basis. ROBB BOYD: One of the
benefits-- and this is what I like about--
we were recording this show after the
announcement's been made. And so one of the
benefits of that is that I've been able to
talk to some people that have actually gone
through the deployment-- some hardcore,
AireOS experienced, external to Cisco,
wireless engineers. And consistently,
what I've heard back-- and this is credit to your
team, a lot of people behind you working on this stuff-- that they felt
like it naturally, even though they had more
experience with AireOS than they did with IOS XE,
they said this felt natural. It was easy for
them to get into. It was logical. They knew kind of,
even if they didn't know exactly where
something was going to go, it wasn't hard to figure out. And then, pretty soon they
were kind of in the groove, because it just made sense. And that's a credit to you
guys in the UI perspective, because I know that's not
easy to really figure out, because you guys are
in the weeds constantly as you're figuring
out these details. Anyway, but nice job. I think this does
make sense, and it's nice to see it go
in this direction. Because as things get
bigger and more complicated, that's the kind of model that we
really need, which is, I know, what you're looking for. You guys are built for scale. APARAJITA SOOD: That's right. ROBB BOYD: Yeah, absolutely. APARAJITA SOOD: And we've made
it very easy for customers to migrate from their existing
AireOS networks to the 9800, because if you look at
these concepts, this is new. You know, so
customers don't really have to bear the burden of
manually migrating this. So we've actually provided
an inbuilt support for a script that converts
your existing AireOS to a 9800 configuration. And I want to show you what
that script looks like. It's essentially inbuilt
natively to the controller. And it's the AireOS
conflict translator. By the way, this is
also available on Prime. So if you have a customer that's
doing advanced configuration with AireOS currently,
the same tool that is embedded on the
controller is also on Prime. And you can seamlessly migrate
an existing AireOS deployment using Prime. ROBB BOYD: That's
so good to hear. APARAJITA SOOD: To the 9800. And also, with DNA
Center, automation is completely seamless
across AireOS and the 9800, because that's the whole
function of automation is to abstract out the
details of the architecture. ROBB BOYD: But you guys
went to the trouble to make it easier
to go, hey, I've spent years perfecting my policy
models, and how this is set up. I need to go to something new,
because we're adding new sites, or we're starting to
grow in this direction, or we've bought in. We like where this is going. And you're saying,
we've made it easy for you to take that
work you've already done. It's not wasted time. We're going to be able
to apply it for you. APARAJITA SOOD: Exactly. You can see how easy it
is to actually translate the configuration. All you do is, you select and
upload an AireOS config file. And this will show you what the
translated config looks like. And what's really
nice about this is you can see what corresponding
AireOS conflict maps to what 9800 can fix. So anything that you see
with a bang right here is actually AireOS config. It's not going to get applied
when you apply to the box. And then, it shows you the
corresponding configuration in terms of what it
looks like on IOS XE. And it's as easy as
just applying it, or if you'd like to
edit IP addresses, if you want to put in
password shared secrets, you can just export this,
make edits, and then import the file, and you're basically
ready to go from there. ROBB BOYD: I like where
you noded out the code, so you kind of know
what you're looking at. It's not going to go through. But if you're trying to
make sure it's correct before you apply
it, you're still going to recognize that
we left it in there. It's not gibberish. APARAJITA SOOD:
It's a visual way to just recognize that this
is a mapping that the tool is doing for me. ROBB BOYD: Well,
let me ask you-- OK, so that's a situation
going in a migration. What about
coexistence-- the notion that many customers
start adding the 9800, but there's no reason to throw
out anything that they've done previously, right? Can the two run
at the same time? APARAJITA SOOD: Absolutely. And this is really
why we are doing this, is because we want to bring
in adoption as quickly as possible to these
platforms, and make sure the customers that have
AireOS are not really having to take out
everything that they have in they networks today. ROBB BOYD: That's
just not a reality. Yeah. APARAJITA SOOD: And
it works seamlessly, because we have the ability
to do seamless roaming between 9800 and AireOS. ROBB BOYD: Now, IRCM-- sorry, what does that stand for? APARAJITA SOOD: So
Inter-Controller Roaming. That's what it means
when clients are roaming between the two controllers. So in this example,
you have a controller that's running AireOS
and a controller that's the new controller-- the 9800. And what we're
saying is, as long as you upgrade your AireOS
controller to 8.8 MR2 you will have seamless mobility
across the two controllers. And the reason you need 8.8
MR2 is because the 9800 uses encrypted mobility. We want to make it more secure. It's CAPWAP based. Whereas on the traditional
AireOS, it's AoIP. So you need a controller with
a code to bridge the two. ROBB BOYD: That's going
to understand the tunnels. Yeah. APARAJITA SOOD: So
this is the code that actually allows
you to create tunnels based on what the peer is. So if the peer is
a 9800, it actually creates a CAPWAP secure
a mobility tunnel. If it's an older
AireOS controller, it continues to use AoIP. So as long as you
upgrade this to 8.8 MR2 seamless mobility
across the campus. And you don't really
need to do this for every single controller
in your mobility group as long as you upgrade
the controller that is in the roaming path. So you need something that is
a bridge between the 9800-- the newer platform-- and your
existing AireOS controllers. ROBB BOYD: It's not as
easy to upgrade the older stuff as it's going to be. APARAJITA SOOD: That's right. ROBB BOYD: But you don't
need to do all of them. What about, can you use
the previous installation as a guest anchor or
something to that effect? APARAJITA SOOD: Absolutely. So if you have an existing
AireOS guest anchor, again, you need to
upgrade this to 8.8 MR2 So that it has the capability
to create a secure mobility tunnel with a 9800
foreign controller, and also continue to do
AoIP with an existing AireOS foreign and controller. And as long as you
upgrade this to 8.8 MR2, this will continue to work. You can also use the 9800
as the anchor controller. But again, most
customers already have an AireOS controller
deployed in the DMZ, so you don't really want
to rip and replace it. You just upgrade
the code, and this continues to give you
guest anchor functionality. ROBB BOYD: So really
migrate over time. You're removing excuses for
people not to start trying this out, right? APARAJITA SOOD: Absolutely. That's right. We are making it very, very
easy for customers to adopt. ROBB BOYD: Because obviously,
AireOS doesn't go away. APARAJITA SOOD: No, it does not. ROBB BOYD: We have
a lot deployed out there now that some people
are perfectly happy with, and they're going to
continue to work with it. This just represents
kind of a direction that we're going in the
long run for even better scalability, better resilience,
high availability, as was mentioned, as well. And these new platforms can
handle so much more than ever before. Is that a good place
to sum things up, here? APARAJITA SOOD:
Yeah, absolutely. I mean, so you can
see that this is-- the three thing that we always
talk about is deploy anywhere. And you can see the
same IOS XE code is deployed in the appliances. The exact same UI,
by the way, that we showed you is available
across the board. So it's not a different
UI for every platform. It's the exact same UI-- exact same interface whether
you are in the appliance, whether you are on the
cloud, or on the switch as an embedded function. And, you know, these
are industries-- first controllers
that are modular that are highly available,
that are versatile, that have programmability
support, that support telemetry. And we are making the adoption
and the migration really seamless, and very,
very intuitive. ROBB BOYD: Well, I'm
impressed with the team and what you guys
have accomplished, also because of the
amount of testing that you did beforehand. APARAJITA SOOD: Absolutely. ROBB BOYD: Before we ever
got to this public point, you guys went to the trouble
of getting a lot of feedback from some important
people that kind of rode these things pretty
hard to make sure that they could work correctly. So nice job with your team. APARAJITA SOOD: Thank you. ROBB BOYD: Please
thank everybody for me. I'm sure they're waiting to
hear what Robb had to say to it. APARAJITA SOOD: I will. ROBB BOYD: But either way,
thank you so much for walking us through that. APARAJITA SOOD: You're welcome. ROBB BOYD: Guys, thank you so
much for watching the show, as well. Hope you enjoyed it. Hope you learned something. I'm going to put
into the show notes a couple other
shows that this all ties into, because this whole
family continues to expand. When we talk about the Catalyst
9000 or the Catalyst 9K, adding wireless to this
just makes complete sense, makes things a whole lot easier. And I really like the
consolidation that's happening. I hope you do as well. No reason not to try this. Anyway, thanks for watching. We'll see you on the next one. [MUSIC PLAYING]