Cisco Announces “The Network. Intuitive.”

With content courtesy of Cisco Systems

Last year I broke down the Cisco DNA – Digital Network Architecture in an article called “Beyond Marchitecture”, because quite frankly, it was a ton of marketing with little substance.

This year at Cisco Live! 2017, Cisco has done this the right way.   With a new campaign, backed by the technical prowess we expect from Cisco and launched with all the big names, and big programs we expect.  This was well thought out, and if this is what Chuck Robbins is going to bring to the table of Cisco Systems – there should be some big things ahead.

In a series of interviews with different business units, it was revealed that the “Handcuffs are off” and departments have been given the ability to innovate, collaborate and tear down the silos.  This new program demonstrates that.

The Network.  Intuitive.

2017-07-05 11_36_44-DNA for CL Vegas.pdf - Adobe Reader

First get past the grammar related issues of the new DNA Campaign, and realize that is it not “The Network Intuitive” it is “The Network. Intuitive.”  – punctuation matters here

The key to understanding “The Network.  Intuitive.” is in two powerful words.


As announced by Chuck Robbins in the Cisco Live keynote, they want you to power your network with business intent.   No more programming VLANs, or setting up routing, but truly going into a unified console and telling it what you want to do.

“A computer will do what you tell it to do, that may be totally different from what you had in mind” — Quote Unknown

The idea that “Machine A” can talk to “Server B” and “User Y” and talk to “System X” without worrying about the underlying infrastructure is where they are going.

This is a construct, not a product, but unlike DNA-2016, there is a strong technical basis for this idea.


Intent does not do you any good, unless you have context in your network.   We need to understand, who is where, and understand what they are before we can set our intent against that object.

Chicken before the egg syndrome a little bit, how do we secure, route and prioritize our network, if we do not know what this traffic, who they are and what they are trying to do.  Today context generally comes from things like IP Addresses and subnets.    In DNA-2017, this context come from Cisco ISE.

The Network. Intuitive.  InfoGraphic.

2017-07-05 14_38_42-DNA for CL Vegas.pdf - Adobe Reader

The latest info-graphic from Cisco really does provide a good overview of this new architecture.

The underlying technology for this new intuitive network technology is SD-Access – Software-Defined Access.  This of “ACI – Application Centric Infrastructure” but now it is user centric – make our decisions and policies and apply them to users, and where they are is unimportant.

SD-Access Building Blocks


I want to help build the SD-Access story for you, so you can understand how this technology comes together.  Like like years DNA announcement, SD-Access is a reference architecture, but there are bespoke technologies around it.

Transport Layer – Network

At the very basic transport layer, SD-Access relies on a few switch options that are available today.      Supported on Catalyst 9K, 3650, 3850, 4500E, 6500/6800 and Nexus 7K.  Wireless options are 3800, 2800, 1560 and controllers 8540, 5520 and 3504.

The new one to this party is the Catalyst 9000, developed by the team at Cisco with the new DopplerD series CPU with tons of power and supporting ETA – Encrypted Traffic Analytics.    Please see my future blog post on the Catalyst 9000 series.

These devices do all the transport and implementation of policy in the background of SD-Access and move the bits around your network


Understanding the Campus Fabric

The underlay network will transport your traffic from place to place, this is what makes up your campus fabric.   True virtual networking to the endpoints through encapsulation, not just through VLANs anymore.    The idea is we want to segregate the forwarding plane, from the services plane, why should our physical network dictate how traffic flows around our network, but how can we add capabilities without massive complexity.

2017-07-09 07_46_09-(48) TechWiseTV_ A Deeper Look at Software-Defined Access - YouTube

If you want me to sit here and admit that this is as easy as the old VLANs and IP addresses in your network – it simply is not.   However the security, control and simplicity once it is implemented is worth it.  The automation and contextual data you will receive.

The transport does not need to be complex, by using an overlay, we can deliver features through the overlay, and the underlay network, the hardware does not need to be complex.

LISP – Location Identity Separation Protocol – Layer 3

This bring together location and identity.    Think of the old way for a moment, we know switch port, and IP address or subnet, and we have a weak idea of the context of a user, who and where they are.  LISP takes the IP and Location and segregates them so that IP and Location are not tied anymore.

LISP is like DNS for packets,  when a switch needs to forward packets from place to place, LISP identifies to the network device locations and the routes required using a map server or resolver.   This could be an IOS device or a virtual machine somewhere.   LISP allows a device to live in any place on the network.  Getting in and out of the LISP environment is via a tunnel router or “XTR”.

This is what provides mobility of devices around your network, even if a user moves to another building or another floor, the IP address of that user does not change – they just move from place to place and the map system handles where that user is

VXLAN – Layer 2

Wait, why is VXLAN showing up in the access layer?   Well, LISP is really a layer 3 technology, it ensures that packets can route, but what if we have users across multiple layer 3 areas that need layer 2 connectivity?   What about multicast and broadcast traffic.

VXLAN provides the transport of our layer 2 traffic across our campus fabric.

Transporting Policy with Cisco TrustSEC

We can now add contextual information into the VXLAN headers through “SGT” or scale-able group tags.   We need to use TrustSEC so that we can apply policies against objects but not based on their IP, but their identity.     Instead of using the IP address, we use the SGT – tag to tell the rest of the network who owns this packet so we can make decisions based on security.  SGT is applied by ISE and then access lists and rules are applied against security groups, users are placed in those groups within ISE.

Identity Layer – Context

This is where the context comes in.   ISE – Identity Services Engine is used to create network identity for objects, users and systems.    I know what some of you are thinking “Oh no – ISE”.   Have you taken a look at ISE 2.1+ ?  They have vastly improved the experience.    There is no question that adding ISE will complicate your life, but it is the contextual engine that provides the data you need to secure your network.   There is no avoiding ISE anymore, you will need to have it in your life, and your network.


There are benefits here, once ISE is implemented, all of your network devices start to see things are user activity, firewalls show users names not systems, you can start deploying policy against groups of objects and network authentication becomes very easy.   Your wireless network becomes easier to manage from a security perspective.

Interface Layer – Intent

This is the real veggies.   DNA Centre is the new package for the APIC-EM platform.    This is Cisco’s single pane of glass attempt by Cisco so make a UI front end for your network, the intent is a single pane of glass for your ENTIRE network.


This is where your contextual groups from ISE like users and servers will meet up with the policy you want to create.   There is no denying the interface is a little “Meraki” like, clearly they borrowed some design concepts.    All of the complex components of SD-Access meet here in DNA Centre, and are then pushed out to the rest of your network.   The automation from DNA Centre will automate everything for you.  From dealing with ISE to programming those Catalyst switches.   This is the automation layer.  Set what intent you want, and automation will turn that into action down on your hardware layer. Worrying about all this VXLAN and LISP stuff?  No worries, DNA Centre will help you here.

2017-07-09 07_56_42-(48) Cisco SD-Access - Campus Fabric with DNA Center Automation & Assurance with

NDP – Network Data Platform

No shortage of data about our network, we have NetFlow and Syslog and any number of tools to deliver data.   In the coming months as we get a better look into the new Network Data Platform, we will learn how this will help correlate network data and provide analytics.   This is where the old “Proverbial lead into gold” promise is supposed to deliver.   For me this is a wait and see approach, right now there just isn’t enough data out there, for now that is all I have to say.  This is still very early.


More to come in future posts about Catalyst 9000 and DNA Centre, NDP and ETA.



With content courtesy of Cisco Systems


CiscoLive! Techtorials – Worth it? #CLUS 2017

Are Techtorial Sessions Worth It ?

In a word?   YES.

Now to explain why….

This year I flew out Saturday, and was here on Sunday, in order to attend a techtorial.     I chose Immersive Journey Into IPV6.  Yes, it’s true, I am not a superpower when it comes to IPV6, I know enough to do what I need, and what my clients need, but I am lacking.

Where am I lacking?  Think about IPV4, ARP, DHCP, DNS, all those protocols and how they talk to each other, how they work at the bit level.   I know that stuff pretty cold, but IPV6 the light bulb never went on, for me I just didn’t feel comfortable, I didn’t feel like I knew it cold.

Well, that changed today, after an entire day in the room with amazing speakers, Denise Fishburne, Scott Hogg, Ed Horley, Tim Martin and Jim Bailey.   Feel free to check out their credentials, but Scott literally wrote the book on IPV6 Security as one example.     Denise “Fish” Fishburne is without question the premiere troubleshooter (See my previous blogs).

Our session went down like this..

Screen Shot 2017-06-25 at 3.21.43 PM.png

This was a SERIOUS content download, we went into a ton of detail in each section.  Fish talked about how she learned IPV6 from the packet and backwards into the RFC,  Scott talked about IPV6 hacking and vulnerabilities and how to protect yourself from common attacks.   The design section went into IPv6 address design and even had a enterprise design practical example.  Ed went into AMAZING detail about host operating IPV6 support, what works, what doesn’t and tips for deployment.   This section I really appreciated, there are so many nuances.

Why is the money worth it?

Quite simple – bang for your buck.   Sure, one techtorial is about 30%  more on top of the cost of your entire full conference pass, but in previous years I noticed I was taking out so much time for World of Solutions, DevNET and other sessions, I couldn’t FOCUS on topics I wanted a deep dive on.   I also missed sessions I wanted.  With the Sunday session techtorial, I could get in the room, listen from multiple amazing speakers on a great topic and there is nothing else I am missing.  I could FOCUS.

The benefit of going all day on this topic is, each section threads into each section and you get continuity in learning.   Don’t forget, this is a Sunday, that means there is also less of a chance that your regular job duties will interrupt you.

If you want to get the most out of your CiscoLive! trip, you want to be able to see as much as possible. Focus on the Sunday on the topic you wanted that deep dive on, it allows you to learn better. This will free up time later in the event to hit the World of Solutions, try new things in DevNet, and hit up even more of the smaller sessions.

Keep in mind, you can pay for techtorial sessions with Cisco Learning Credits (CLC) so make sure when you purchase Cisco Hardware and Software to make sure your partner and Cisco rep are working to get you those CLC’s.

disclaimer:  I won this techtorial last year in a social media contest, and redeemed that free credit this year.  I did not pay out of pocket to attend this session.

Cisco Live! Returns to Hot Breakfast!

Last year I wrote this blog about the breakfast offerings at Cisco Live!, outlining the importance of a good breakfast on learning comprehension.   I made sure that this information received wide distribution, and many of you helped with your retweets to the team @CiscoLive, and as a result it did become something considered this year.

I have been advised by the Cisco Live team that hot breakfast sandwiches have been added to the menu for Monday through Thursday!    This is amazing news.    I have to thank in particular Kathleen Mudge @KathleenMudge  for helping spread the word at Cisco Live offices.

“Food is like a pharmaceutical compound that affects the brain,” – ULCA Professor of Neurosurgery and Physiological Science Fernando Gómez-Pinilla.

Short term memory and auditory attention are higher when a breakfast offered with protein as opposed to refined carbohydrates is offered, no more sugar crash, and power through your day.

For me personally, this is important, as I have recently embarked on a low-carb Ketogenic lifestyle.  More options give us better ability to learn and interact.

This is a great win for all delegates, and for the social media community as a whole.



Cisco Live! on a Budget – 2017

Last year I wrote a great article on “Making your Case for Cisco Live” – Click Here – that article was all about how to get your boss to pay for Cisco Live, and why Cisco Live is a great value.    If you have not read that – go back and read that.   I even provide some tips on how to get free passes if you are a Cisco customer, or how to show your boss that Cisco Live! is cheaper than traditional training.

Why Cisco Live?

First, I want to talk about WHY you need to get to Cisco Live US – #CLUS.   For your career, for your job, for YOU.

Cisco Live! has some great tips on “Why” attend, I will not list them all – CLICK HERE – and I will show you all the right reasons.

There’s Never Been a Better Time – to go to Cisco Live and find out what you have been missing.

  • Breakout Sessions, Content, Content, Content…
  • DevNet
  • Seminars
  • Walk In Labs
  • World of Solutions

The bottom line is – there is more to do at Cisco Live, than you have time for, and you really do need to think about, and plan how to get the most out of your week.

I am budget constrained!

No problem, if getting your boss to pay is a problem, or you need to go on a budget (still, get the boss to pay, you need to really make your case!) this will give you tips on how to get the most – for the least at Cisco Live!

A full trip to Cisco Live! for the full conference experience is going to cost you close to $5000 USD – if you get the full conference pass.   That is the bottom line,  between airline tickets, the $2300+ full conference pass and hotel – you are approaching some big bucks.   Don’t let this get you down – you are still going – and for much less.

The Explorer + Social Pass – The Hidden Gem

I am sure the event does not want everyone figuring this out – The Explorer Pass is the best value – and I will show you how to save yourself $1900 right now – and still experience it all.     Yes, all of it.

$249 – Miss (Almost) Nothing.

For the price of “Explorer + Social Pass” which is only $249,  the only things that you are missing at Cisco Live! is the following….

  • Cisco Live T-Shirt (Trust me, you will go home with enough T-Shirts!)
  • Cisco Live Bag (If you ask around, tons of people give their away you could get one)
  • Breakfast and Lunch (Read my blog HERE about breakfast – not a big deal IMO)
  • Breakout Sessions (I will address this)
  • Your attendance does not count towards NetVet status
  • No Free Certification Exam

If you want to save an extra $150, you could get only the “Explorer” pass, but then you miss out on the “Social” part of Cisco Live, and I DO NOT recommend this,  there have been enough BLOGS out there about why Cisco Live! is all about SOCIAL.

What do you get?

DevNet Zone

Are you a developer?  Do you want to be?  Are you getting interested in the new SDN, SDWAN, XML, REST-API – are you trying to catch up in this new software defined programmatic world we are in?   Then DevNet zone is for you – you could literally hang here all week, there are tons of activities and learning opportunities.      This area should be called “Industry Shift Zone”  because this is where you will see what really is up and coming, and new ways of thinking.    Not to be missed

World of Solutions

This is where everyone goes for free stuff – but – this is where you go to learn from everyone who sells complimentary products – and they don’t tend to only send marketing people but real engineering types.     Here is the secret – Cisco has over 30% of the floor space in World of Solutions.   Lots of the content you see in breakouts is also duplicated here, and you can go one-on-one with a lot of the product teams.     I try and track down those hard to find Cisco engineering types on specific technologies, get some answers and learn about things.     Another cool trick, is if you want to integration product A + B – perhaps you want to link ACI with ASA Firewall – goto the ACI booth, and then drag that person over to the ASA booth (or vice versa) and then have a conversation – ok be nice about it, but you get the idea.   WORLD OF SOLUTIONS IS WORTH THE PRICE OF ADMISSION ALONE.   You could spend all week in here.

Customer Appreciation Event (CAE)

It is a concert, it is a great time, and you get to see/hang/learn and collaborate with like minded people – the nerd knobs never stop, and the CAE is a great place to go to network.


You still get access to keynotes, and there is nothing more inspiring than listening to some of these amazing speakers – live – in person.  If you don’t make it into the hall, don’t worry it is simulcasted all over the event.

Breakouts via Cisco Live! 365 Access

Didn’t I just say you don’t get breakouts?  That’s right – live – you don’t – but who says that you need to see them LIVE.   With access to Cisco Live 365 online – you can see almost every single breakout – online.     “But what if I have questions”  well, there is a good chance someone will ask it.

Here is another tip – go ahead and watch the breakouts you WOULD have seen – at Cisco Live Europe on Cisco Live 365 – before the event,  now you are ahead of the game.   Once you reach the event, you can use access to World of Solutions or DevNet to go ask questions.


No question, this can get expensive, if you stay at the Mandalay (Assuming you get a room) you are $490/Night+ – CRAZY.      If you stay just 2 doors down at the Excalibur, rooms as I write this are $69, and it is walking distance, or take the tram.    There are rooms for as low as $49 a night – and if you read my blog from last year, you won’t be in your room much anyway.


This is where it becomes difficult, because travel is always a challenge – and I don’t know where you are coming from, but you need to get “fancy”


If you are in the western half the USA – you have Friday night till Sunday night to get there, so you don’t lose much of your work day, so driving might be an option for you.    Don’t worry about parking, if you are a member of any M-Life hotel program (free sign up) parking is free, or maxes out at $30 (if you “lose” your ticket) and there are many other free parking offers.

If you drove from Chicago and back, it would cost you about $270 in fuel in an average car, leave the F-150 at home, and grab that Toyota Echo.

Even if you are coming from as far as Florida or Chicago – this drive is doable and can anyone say ROAD TRIP!?


I am not an “American Flight Expert” as I am Canadian but Google Flights, Travelocity, tons of other sites give you the ability to find reasonable flight options.   As I look right now you can get flights that run from $300-600 – and if you play with your dates you can reduce it a bit, remember to consider it might be worth staying an extra night on either end to bring the flight cost down.

The Sub – $1500 Live Trip

You can do it,  $249 for your ticket, $276 for your room, $600 for your flight – a little spending money for food – YOU CAN DO THIS – for less than $1500.

So what are you waiting for – CLICK HERE NOW – see what you would miss out on, and sign up now.


Cisco Live 2016 – Recap #CLUS

It has been a few weeks since the end of Cisco Live 2016.  I was originally targeting my blog post to be right after the event – catch all of that post event excitement.

I wanted my post to be more of a retrospective, how I feel about the event – where the benefits are for ME.

Each Experience is Different

If you asked 25 people how Live was for them, what their plan was, you will get 25 different answers.   I have a few goals at each Cisco Live event that I attend.

 1.  Network with colleagues and good friends

This one is HUGE for me.   In life, business and technology there is no better resources than those you have around you.   I have met some amazing people at Cisco Live.  True technology visionaries – people who really do think differently, and people who thing abstractly.

On the surface it sounds like a kegger party or some kind of mass social event, but it is nothing like that, unless you were a fly on the wall to the conversations that we have with each other – it is simply impossible to comprehend.  I swear that when this group is together, a high speed multi-gigabit (it would obviously be some kind of mGIG  / NBase-T connection OBVIOUSLY 😉 )  connection is created and ideas, thoughts and challenges are transferred at high speed between individuals.

The biggest take away I get from this group is inspiration – a few years ago it inspired me to look within myself, and forge ahead with new ideas.   Every year I get new perspectives on technology and my life.

This is the large family of “Live Friends” but this year they really did graduate in my own personal mind from Live Friends to Live Family.



2.   Get the update

What is the focus for 2016/2017.  What is the new technological focus – yes from a Cisco perspective (see my Cisco DNA series) but more important, what is hot.  I mean really hot.  Is it IoT technology (slow uptake, but this is starting to actually grab hold), new wireless technologies (802.11AC Wave 2?), new management platforms?

What about SDN?   Years ago at Live I remember watching demos on “OpenFlow” and thinking “That’s interesting, but no mass adoption yet”.     The key is to see what is coming.

This is your chance to hit up some sessions and get up to date on — whatever it is you need updating on.  Don’t leave before Q&A – that could be your chance to spark up an amazing conversation with someone really smart.

3.  Find a path for this year

So this really is my secret,  #CLUS helps you find your competitive edge.   If you want to stay competitive in the marketplace, be the “go to guy/gal”, and keep life interesting – you need to stay ahead.   Cisco Live unlike any other event shows you what is coming down the tubes, and in great detail.

Perhaps this year you are planning a big data centre migration and want to design a new state of the art architecture.   Maybe you want to build a business plan to revolutionize the way your company uses wireless to drive revenue.

Whatever you are planning for the next 12 months – start planning it at Cisco Live, simply because the resources available to you are outstanding.

3.  Geek-Out

If you are passionate about new and cool technology, this place is pretty awesome for eye candy.  Virtual reality switch configuration, and big transport trucks full of radio gear, model trains connected to IoT devices.  Let’s be honest for just a second – take some time to yourself and go play.   It will be the best release your brain has had in awhile – and this type of release is inspiring, it will help you release the kid that is stuck inside of all of us.


My 2016 Cisco Live Take Away

Ok, my intention wasn’t to write another “here is some tips” post – the event is past, but those are the things that I focus on.

For 2016, my goals are exactly what I mentioned above.   That being said, the event was 2 days too short for me to get everything I wanted – but there is no way my body could have handled 2 more days in Las Vegas.

Most sessions will be up on in coming weeks, so if you missed a session don’t fret, it will be there.

For this year, it is time to understand Cisco DNA (that is why I am writing my Cisco DNA series) as customers will come looking for it, and Cisco is pushing significant marketing dollars down the pipe on it.

Apple integration is going to be big for collab in the next year,  even on the wireless front I can see this being a big deal as well.  This “Apple thing” is going to be big for Cisco.   Keep your eye on it.  Spark + Apple + Video + Wireless = something innovative, I can just feel that.

My main content ingestion focus was Tech Field Day  – Presentations from Glue Networks, OpenGear, Veeam and Cisco.   These were extremely high quality presentations and are currently available on the Tech Field Day Extra page.

The second place I go, is the World of Solutions – but this year it was massive – I mean – massive.   I could have spent my entire day just in that room, each day and still not spent the time I wanted to.   This goes back to value, it is almost impossible not to get good value out of going to Cisco Live – even on just a social / explorer pass.

Now we forge into the last half of 2016, with a new focus, feeling pumped and ready for what is ahead.    See you in 2017.




Breakfast and Learning – Cisco Live

Breakfast at Cisco Live! has been a controversial topic, and while @networkingnerd is busy taking care of important topics like fixing the CCIE,  I’m going to battle one closer to my stomach.


We have had quite the debacle when it comes to breakfast, the hot food story back in San Diego was interesting,  but this year what we got was continental.    Muffins, doughnuts,  sugar filled pastry, and mini boxed cereal – and coffee.  Let me be very clear, the coffee station was awesome, and appreciated.

This isn’t a typical tweet/blog about how I wasn’t happy with the food – this is about academics, learning and science.

“Food is like a pharmaceutical compound that affects the brain,” – ULCA Professor of Neurosurgery and Physiological Science Fernando Gómez-Pinilla.

These are deep technical topics,  there are sessions on BGP architecture – at 8AM.   Many people were out until after midnight (yes go to bed earlier if you have an early session – but many do not) .   Everyone is sleep deprived going at 200mph at Cisco Live – we need a good breakfast.   Even if you were not out until 2AM – breakfast is still important.

This year I resigned to paying out of pocket $25-30 – per day – to get a decent breakfast because the provided breakfast was not acceptable.   We pay $1800+ to attend – sorry but continental isn’t good enough.   Most employers will not reimburse a food expense because it is covered by the event, and real breakfast is off site, which is a pain with 8AM sessions.

A recent study on breakfast consumption at  Tufts University  showed that “results indicated that breakfast consumption and breakfast type affected cognitive performance, particularly spatial memory, short-term memory, visual perception, and auditory vigilance.”

The key here is BREAKFAST TYPE – they compared basic dry cereal with something more hearty – oatmeal – and they found that they “performed better on a short term memory task after consuming the oatmeal breakfast compared to when they consumed the ready-to eat cereal or no breakfast”

These are long sessions we are in – and we are listening – and the same study identified that the oatmeal over regular dry cereal caused the test subjects to ” perform(ed) better on a short term memory task and an auditory attention task than when they had the ready-to-eat cereal.”

Now talk about the rest of the food, I do not want this to be just an attack on dry cereal – lets talk about the pastry.   Very high in refined sugars.    This causes a sharp rise and fall in blood glucose which causes a very quick crash as opposed to the slow sustained glucose release.

The oatmeal in this study provided the same carbohydrates and fat as the ready-to-eat cereals, but it contained fibre and PROTEIN.     You leave feeling full, with a slow steady energy release and less crash with a full breakfast instead of ready-eat-cereals and high sugar pastries.

The Last Word

The final word is this.   I hope @CiscoLive is listening – and if you read this article, please re-tweet this article and tag @CiscoLive .   This event is about learning, it is about the pursuit of knowledge.   That pursuit begins with a proper and hearty breakfast, and due to scheduling, going off site for breakfast simply isn’t reasonable.  We need the event to provide us with the physiological needs to learn the best we can at this event.


Click to access MahoneyEtAl.pdf