ENC9K Implementing Cisco Catalyst 9000 Switches
Keeping up with the new releases of the various manufacturers is an important part of the job of every network engineer. Usually it is enough to see the videos available online but from time to time it is necessary to take one more step.
Cisco has released the new Catalyst 9000 family that integrates with 1/20/2019 12:11:45 PM and ISE to build an SDA network. The Catalyst 9k family, strong of IOS XE, also allows programmability levels not previously possible.
For these reasons, I participated in the ENC9K course this week.
The course lasts three days and has given me the opportunity to work with DNAC, SDA and start taking the first steps with NETCONF.
In the first two days of the course the characteristics of the Catalyst 9k were seen in detail. The 9200 family was missing, evidently there is a certain misalignment between the contents of the training and the products that are released. I think Cisco can and should improve on this aspect.
In the laboratories an SDA network has been configured with DNAC and integration with ISE and TrustSec .
The third day focused on the programmability of the Catalyst 9k using Python and NETCONF.
DNAC has many features, I will focus here only on what was used for the training.
The network topology included one Cat 9500 and two 9300.
The first laboratory dealt with the self-discovery process of the switches through the DNA Center. I have some experience on Cisco ACI so I expected something similar.
I found DNAC more complex with more steps in the work flow and more moving parts.
It is very far from the WLC discovery process of access points and the first impression is that it is complicated to be managed by network engineers who mainly deal with campus networks.
Perhaps this is due to the relative youth of the product but I think it is possible to improve to make the process easier to perform and troubleshoot when something doesn’t work as expected.
DNA Center and ISE
The integration between DNA Center and ISE, through pxGrid , made me a positive impression. As well as integration with FirePower it is nice to see a vendor who is committed to converging different products to create a solution that is coherent and adds value.
The programmability of Catalyst 9k is one of the technical subjects that interested me most in this training.
During the labs we checked the status of some interfaces and added some loopback on Cat 9300 switches. All the operations were performed using Python, no CLI.
The path that Cisco is tracing for the campus network is very clear. The convergence between wired and wireless network is strengthening. Now it’s about making the fabric and security aspects converge further and the Catalyst 9000 switch family sets a solid foundation for future developments.
What has not convinced me yet is the quality of the software. DNAC is an improvement over Prime but you still do not have that user experience in terms of simplicity and performance that you would expect from the world’s first networking vendor.
In comparison, the experience with APIC and ACI is smoother. Even if we talk about networks that have different purposes and functions, there are many overlaps.
What I would like to see in future releases is more attention to the user experience and clarity in the status of individual operations.
It is certainly not in the aspirations of network engineers to spend time waiting for the GUI to finish a process with an incomprehensible error message, we leave this to the Windows system engineers ;-)
I believe that in the immediate future I will deal with campus networks based on Catalyst 9000 but without DNAC or SDA. However, it will be an opportunity to bring network automation into the daily work of customers and colleagues.