Key Takeaways From CLUS2016Cisco Live US 2016 is in the books, and what a great event it was! Like every year, it’s a crazy intense week, and my week was filled with attending sessions, meeting people, doing interviews, and a lot more. I was happy to see a big gathering of both people from Cisco and Cisco VIP’s this year. From the Cisco side, I got to meet Karlo Bobiles for the first time. Matt and Brett were there and I also met with Raymond, Rigo, and Adam. All such great people!


I think this year also was the year with the most VIPsat least from the events I’ve been to. The Nordic region was well represented with me from Sweden, Riikka from Finland, and Mark from Denmark. Elvin was there, and I met with Steven, Erick, and Aref for the first time. All such cool and knowledgeable people!


For those that couldn’t make it this year, I hope to see you next year! There is a lot going on in the industry right now, and based on what I learned at CLUS, these are my key takeaways.


You may have heard of the three monkeys from Japanese culture: “See no evil, hear no evil, speak no evil.”


See no evil – Cisco Tetration Analytics

We lack visibility in our networks today both for security and troubleshooting purposes. Packet capturing is difficult to do well and without impacting performance. We don’t have good tools outside of Wireshark to analyze traffic, and we lack the tools to do “what if” scenarios and to replay an event that happened in our network. We don’t have storage or compute to analyze all the traffic, so we sample.


Cisco Tetration Analytics is a product that can use software sensors installed on an end host or hardware sensors based on the Nexus 9300 platform. It can process millions of flows per second and store billions of records for easy access. Every flow and every packet is monitored. The platform can provide information available to us today, such as how much data a flow consisted of, variations in IP/TCP flags, TTL of the packet, and so on. What is really nice, though, is the analytics part where you can test a policy to be deployed and see its effect on either recorded traffic or live traffic! You can search for a flow from the DB, and Tetration can also be used to generate a policy for an APIC, such as the one used in ACI. Tetration will give us insight into our networks that we didn’t have before.


Hear no evil – Cisco Defense Orchestrator

Much of networking security has been based on central security processing. Keeping policies in sync at different locations and on different devices has always been challenging. Cisco Defense Orchestrator is a cloud-based security policy management product that is used to establish and maintain a security posture by managing security policies across Cisco security devices.


With the Defense Orchestrator, we don’t have to turn a deaf ear to security any longer. We can manage our ASA firewalls, ASA with FirePOWER and also the Umbrella Branch. This tool can configure these devices and check them for compliance. It can also give visibility into the top applications, top attacks, and top risks in your network. It also helps with onboarding new devices and finding errors in the configuration.


Speak no evil – The rise of network automation

Historically we have had very few methods of interacting with our network devices. There was Telnet, SSH, and in some cases HTTP and/or HTTPs, and that was it. That meant that we had to build complex scripts for automation and rely on screen scraping, which is not an efficient method in automating things, as it is error prone.


Based on what I experienced in Vegas, Cisco is taking network automation very seriously. They are both working on automating by using the APIC-EM, but more importantly, they are giving us options. We will be able to interact with our devices through Python, Netconf, YANG, API’s, or whatever makes sense to us. Options will be provided to us, and then we use what fits our business the bestthe way it should be. Gone are the days of writing Expect scripts and communicating over Telnet/SSH only.


This can all seem a little scary, but I assure you that Cisco is not about to abandon all of the network engineers that have come up through their certification paths in the past. There will be paths to follow to become more versed in these technologies such as the Devnet community. Devnet was a huge success this year at Live!


This was definitely my best Live so far. I hope I have given you some insight into what is going on and I hope to see both new and old friends next year!