Let's talk

Cisco DNA Centre - simple network deployment

9 August 2017

It's a few weeks since Cisco announced the next step in its journey toward simplifying and automating network provisioning and management: Cisco DNA Centre. Building on the APIC-EM, which we've been using for a while to help configure intelligent wide-area networks (iWAN), Cisco promises that DNA Centre will be a transformative tool in network design, provisioning, policy management, and support. It's up to people like me to work out whether and when that promise will be fulfilled.

First off, here's a bit of insight into the network design process. For at least as long as I've been engineering LANs and WANs, we've used Visio to draw the network, Word to describe it, and Excel to list all the details such as VLANS and IP addresses. I'll give the outcome of all that to a network engineer, who'll translate it into device configurations to be applied as the project takes shape. It's a manual, labour-intensive process, and on a big project it takes ages.

With DNA Centre, Cisco is attempting at a stroke to cut out nearly all of this manual work. Working in a visual interface, even importing floorplans if that helps, you can lay out and specify your network, user groups, policies and so on, and have DNA Centre build the network down to the actual device configuration.

Best intentions

This kind of intent-based network configuration abstracts the low level detail from your high-level intent, which sounds great - I get to design something pretty and our network engineers get ready-made configs instead of having to pick carefully through rows of Excel. But as you can probably appreciate, for Cisco to truly deliver on that is quite a challenge. It'll be a while before we actually get hands on with DNA Centre, but when we do we'll be evaluating it against several criteria:

  • Low level features. Networks are incredibly complex beasts - that's part of the reason everybody wants to simplify their management - but for something like DNA Centre to work it needs to cover a wide enough set of device-level features. In other words, we need to be able to achieve the same ends with it as we can through manual configuration. At least, we need a clear idea of where its limitations are, and that the parts of the network it configures will sit happily alongside the manually configured bits.
  • Consistency. It's vital that we can design networks that function as we expect. No doubt Cisco has tested DNA Centre exhaustively, but before I can use it for a client, I need to be certain that innocent changes in the GUI will make predictable, proportionate and reproducible changes, rather than throwing up weird config or performance issues.
  • Robustness. Similarly, I need to know that DNA Centre's output will be a robust, secure network architected to best practice guidelines. Without that reassurance, it's just not going to be a worthwhile tool.

Our experience with the APIC-EM iWAN app has been really positive, but we've learned that to achieve a successful deployment you must first understand the constraints, requirements and limitations of the technology - given that it's working to a specific validated design. If we're involved in a client's project early enough I can tailor the customer environment to this design, which is a double benefit since it conforms to lots of best practice configuration. On the flip side, I've found that it can be a struggle to retrofit an APIC-EM iWAN around a highly bespoke “brownfield” production network.

DNA Centre is more complex still, and for it to work its technology needs to be sufficiently broad and deep, and incredibly thoroughly tested. The two most likely scenarios are that Cisco has either done a brilliant job and covered every possible technical use case, in which case it will be transformative, or that it's only covered a subset, in which case it may fit some projects but not others - at least in this initial release. Either way, I'm looking forward to getting hands-on and finding out which it is - and whether I'll be uninstalling Excel any time soon.

Image: Jorge Mendoza-Torres/Flickr, public domain