《设计、验证和认证您的无线流遥测部署.pdf》由会员分享,可在线阅读,更多相关《设计、验证和认证您的无线流遥测部署.pdf(65页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveRafael Ceara Batlle,Sr Systems Architect,3xCCIE(W,SP,DC)rcearaBRKEWN-2045Design,Validate and Certify your Wireless Streaming Telemetry Deployment 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use
2、 Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.1234
3、3https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKEWN-20453Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicWhy Model Driven TelemetryIntroduction to MDTConnection State FlowDesign ConsiderationsTelemetry Design at ScalePerformance and ValidationLess
4、ons LearnedDemoTakeawaysBRKEWN-20454Why Model Driven Telemetry 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveC9800-40/80Why Model Driven TelemetryHomegrown Automation ToolsMultiple/Many Multiple/Many Monitoring ToolsMonitoring ToolsSNMP/SSHSNMP/SSH End-of-Life of the exi
5、sting management solution.Multiple management tools for:alarms and monitoring of the network.Old monitoring and alarming that is requesting relatively static data and doesnt scale.SNMP is an old protocol that use an old polling mechanism and generate a lot of false positive alarms.Lack of visibility
6、 in whats happening in“near real time”.Retrieve of data is too slow with the currentmethods.Existing Mgmt Solutions not scalable and networking teams are developing homegrown automation tools.BRKEWN-20456 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNorthStar for Alarmi
7、ng,Monitoring,Automation:Homegrown Automation ToolsCollectorsCollectorsgRPCgRPC TLS/mTLSTLS/mTLSC9800-40/80Why Model Driven TelemetryCustomers Journey toward Streaming TelemetryBRKEWN-20457 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWireless data collection via Stream
8、ing Telemetry:Deploy this solution across the entire Wireless Stack.WLCs,APsMonitor the Wireless network in real time to take actions based on specific Metrics/KPIs.Examples:Signal Strength Retransmissions Roaming/sec Radio Resource Management Rx Neighbors,Tx Neighbors,Channel Measurements,Info,Util
9、ization Packet Loss,Error Rates,Signal Noise.WLC and AP state Clients connections,state,auth/deauth,assoc/disassoc Latency Uptime,Hardware Inventory,Environmental Sensors,etc.BRKEWN-20458 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat to do with that data?MetricsKPIs
10、CoverageTx/RxNeighborsRetransmissionsLatencyData RateHWInventoryClients StatsSignal NoiseSignal StrengthPacket LossWLC/APStateRoamingHomegrown Homegrown Automation ToolsAutomation ToolsMonitor Your Monitor Your Infrastructure,Infrastructure,Setup Alarms and Setup Alarms and NotificationsNotification
11、sWebhookWebhook Webex TeamsWebex Teamsemails/pagersemails/pagersPush Changes to The Push Changes to The Infrastructure Based Infrastructure Based on Behavior on Behavior Netconf/Netconf/RestconfRestconfC9800C9800-CL/L/40/80CL/L/40/80BRKEWN-20459Introduction to MDT 2023 Cisco and/or its affiliates.Al
12、l rights reserved.Cisco Public#CiscoLiveIOS XE API OperationsGETPOSTPOST,PATCHDELETENETCONFRESTCONF gNMI(Dial-Out 17.11)GETSETSUBSCRIBESET=updateSET=,(operation=“create”)(operation=“replace”)(operation=“delete”)gRPCYANG pushBRKEWN-204511 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pub
13、lic#CiscoLiveIOS XE API OperationsGETPOSTPOST,PATCHDELETENETCONFRESTCONF gNMIGETSETSUBSCRIBESET=updateSET=,(operation=“create”)(operation=“replace”)(operation=“delete”)gRPCYANG pushYANG pushBRKEWN-204512 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivegRPC ConceptgRPC is a
14、 Remote Procedure Call(RPC)dial-out Model Driven Telemetry(MDT)interfaceoriginally developed by Google.gRPC Dial-Out telemetry is an automated communicationprocess by which measurements and other data are collected and transmitted to the remotereceiving equipment for monitoring.gRPC works on HTTP2 a
15、nd use TCP sockets for theestablished of the communication.The gRPC service port number is in the range of 1 to65535.When using TLS/mTLS the recommended port is 443.ApplicationsStorageCollectorsConnections,Aggregations,Normalizations,InjectionsDatabases,DataSets,Searches,Queries Monitoring,Alerts,Au
16、tomations,Integrations,VisualizationsBorder,Backbone,Border,Backbone,Aggregation,peering Aggregation,peering RoutersRoutersData Center Data Center SwitchesSwitchesWireless LAN ControllersWireless LAN ControllersEdge/*SDWAN Edge/*SDWAN RoutersRoutersCampus Network Campus Network SwitchesSwitches*Futu
17、re Support*Future SupportStreaming TelemetryBRKEWN-204513 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveYang and xPath ConceptYANG,“Yet Another Network Generation”,RFC 6020,is a data modeling language used tomodel configuration and state data on network devices.The model
18、 is represented in ahierarchical fashion and can be presented in many ways,one of which is the“Xpath/Path”.The XPaths are construct on different filters that send specific data/information based on aYANG model.ApplicationsStorageCollectorsConnections,Aggregations,Normalizations,InjectionsDatabases,D
19、ataSets,Searches,Queries Monitoring,Alerts,Automations,Integrations,VisualizationsWireless LAN ControllersWireless LAN ControllersStreaming Telemetry Tunnel TCP/TLS/mTLSDefintionDefintion of of xPathxPath Subscriptions for:Subscriptions for:Roaming/s Success/FailuresClient statsWLC Health StateAP He
20、alth Statetelemetry ietf subscription 110encoding encode-kvgpbfilter xpath/filter xpath/wirelesswireless-clientclient-oper:clientoper:client-operoper-datadata/dot11/dot11-operoper-datadatareceiver-type protocolsource-address 10.10.10.1stream yang-pushupdate-policy periodic 9000receiver name streamin
21、g-telemetry!telemetry ietf subscription 118encoding encode-kvgpbfilter xpath/filter xpath/environmentenvironment-iosios-xexe-oper:environmentoper:environment-sensorssensors/environment/environment-sensorsensorreceiver-type protocolsource-address 10.10.10.1stream yang-pushupdate-policy periodic 6000r
22、eceiver name streaming-telemetryBRKEWN-204514DefinitionDefinitionIP Addresses/FQDNIP Addresses/FQDN 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveModel Driven Telemetry Publication TypesOnOn-ChangeChange:When events are published on-change as an event occurs,like when th
23、e OSPF neighborchanges.*WeWe dontdont supportsupport onon-changechange forfor allall XPathXPath.PeriodicPeriodic:When events are published at a pre-defined time-based interval,for example:every 30seconds.EncodingEncoding:Protocol Buffers,or Protobuf,is the encoding that is used with the gRPC telemet
24、ry interface.Config example periodic or on-change:wlc1.9840(config)#telemetry ietf subscription 145wlc1.9840(config-mdt-subs)#update-policy?on-change Enable on-change updatesperiodic Enable periodic updatesBRKEWN-204515 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIOS X
25、E Model Driven Telemetry WirelessWireless SwitchingSwitching Routing Routing(*SDWAN)(*SDWAN)*IoT*IoTCollector/ReceiverCollector/ReceiverDecodes to textDecodes to textStorageStorageTime Series DatabaseTime Series DatabaseMonitoringMonitoringand Visualizationsand VisualizationsgRPCgRPC DialDial-Out/Co
26、nfiguredOut/ConfiguredCLIor withNETCONF/RESTCONF DialNETCONF/RESTCONF Dial-In InYANG ModelsLoad BalancersLoad BalancersWebhookWebhook Webex TeamsWebex Teamsemails/pagersemails/pagers*Roadmap*RoadmapVisualize dataVisualize dataBRKEWN-204516Connection State Flow 2023 Cisco and/or its affiliates.All ri
27、ghts reserved.Cisco Public#CiscoLiveConnecting Flow state Connecting Flow state DisconnectedDisconnectedResolvingResolvingTransport requestedTransport requestedConnectingConnectingConnectedConnectedgRPC Dial-Out:High Availability Design ConsiderationsConnectedConnectedDisconnectingDisconnectingSubch
28、annel releasedSubchannel releasedDisconnectedDisconnectedThere is a 15 second delay between Disconnecting and Connecting flow states.There is a 15 second delay between Disconnecting and Connecting flow states.Flow states are Flow states are per subscriptionper subscription:each individual subscripti
29、on follows these workflows:each individual subscription follows these workflowsA single IP is resolved for each FQDN based DNS subscription.A single IP is resolved for each FQDN based DNS subscription.If FQDN resolves to multiple IP only 1 will be used for the connection.If FQDN resolves to multiple
30、 IP only 1 will be used for the connection.When multiple subscriptions/xpaths to the same FQDN with multiple IP there will be connections built to each IP When multiple subscriptions/xpaths to the same FQDN with multiple IP there will be connections built to each IP provided by DNS.provided by DNS.S
31、ubchannel requestedSubchannel requestedDisconnecting Flow state Disconnecting Flow state Cisco gRPC CollectorsCisco gRPC CollectorsFQDN:FQDN:70 70 xPathxPath Subs will Subs will establish connection with establish connection with the IP resolved via DNSthe IP resolved via DNSRepeat theRepeat theCycl
32、eCycleCisco gRPC CollectorsCisco gRPC CollectorsFQDN:FQDN:134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.4gRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelectiongRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelection18BRKEWN-2045 2023 Cisco and/or its affili
33、ates.All rights reserved.Cisco Public#CiscoLiveConnecting Flow state Connecting Flow state DisconnectedDisconnectedResolvingResolvingTransport requestedTransport requestedConnectingConnectingConnectedConnectedgRPC Dial-Out:High Availability Design ConsiderationsConnectedConnectedDisconnectingDisconn
34、ectingSubchannel releasedSubchannel releasedDisconnectedDisconnectedThere is a 15 second delay between Disconnecting and Connecting flow states.There is a 15 second delay between Disconnecting and Connecting flow states.Flow states are Flow states are per subscriptionper subscription:each individual
35、 subscription follows these workflows:each individual subscription follows these workflowsA single IP is resolved for each FQDN based DNS subscription.A single IP is resolved for each FQDN based DNS subscription.If FQDN resolves to multiple IP only 1 will be used for the connection.If FQDN resolves
36、to multiple IP only 1 will be used for the connection.When multiple subscriptions/xpaths to the same FQDN with multiple IP there will be connections built to each IP When multiple subscriptions/xpaths to the same FQDN with multiple IP there will be connections built to each IP provided by DNS.provid
37、ed by DNS.Subchannel requestedSubchannel requestedDisconnecting Flow state Disconnecting Flow state Cisco gRPC CollectorsCisco gRPC CollectorsFQDN:FQDN:70 70 xPathxPath Subs will Subs will establish connection with establish connection with the IP resolved via DNSthe IP resolved via DNSRepeat theRep
38、eat theCycleCycleCisco gRPC CollectorsCisco gRPC CollectorsFQDN:FQDN:134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.4Collector.4 goes downCollector.4 goes downor went out of Serviceor went out of Service10 10 xPathxPath Subs have connection Subs have connection establ
39、ished with collector.4established with collector.4gRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelectiongRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelection19BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConnecting Flow state Connecting Flow sta
40、te DisconnectedDisconnectedResolvingResolvingTransport requestedTransport requestedConnectingConnectingConnectedConnectedgRPC Dial-Out:High Availability Design ConsiderationsConnectedConnectedDisconnectingDisconnectingSubchannel releasedSubchannel releasedDisconnectedDisconnectedThere is a 15 second
41、 delay between Disconnecting and Connecting flow states.There is a 15 second delay between Disconnecting and Connecting flow states.Flow states are Flow states are per subscriptionper subscription:each individual subscription follows these workflows:each individual subscription follows these workflo
42、wsA single IP is resolved for each FQDN based DNS subscription.A single IP is resolved for each FQDN based DNS subscription.If FQDN resolves to multiple IP only 1 will be used for the connection.If FQDN resolves to multiple IP only 1 will be used for the connection.When multiple subscriptions/xpaths
43、 to the same FQDN with multiple IP there will be connections built to each IP When multiple subscriptions/xpaths to the same FQDN with multiple IP there will be connections built to each IP provided by DNS.provided by DNS.Subchannel requestedSubchannel requestedDisconnecting Flow state Disconnecting
44、 Flow state Cisco gRPC CollectorsCisco gRPC CollectorsFQDN:FQDN:70 70 xPathxPath Subs will Subs will establish connection with establish connection with the IP resolved via DNSthe IP resolved via DNSRepeat theRepeat theCycleCycleCisco gRPC CollectorsCisco gRPC CollectorsFQDN:FQDN:134.10.10.1,.2,.3,.
45、4134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.410 10 xPathxPath Subs on Collector.4 Subs on Collector.4 will go down and disconnect will go down and disconnect flow state will trigger and then flow state will trigger and then Connecting Flow State will startConnecting Flow State will s
46、tartCollector.4 goes downCollector.4 goes downor went out of Serviceor went out of ServicegRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelectiongRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelection20BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveC
47、onnecting Flow state Connecting Flow state DisconnectedDisconnectedResolvingResolvingTransport requestedTransport requestedConnectingConnectingConnectedConnectedgRPC Dial-Out:High Availability Design ConsiderationsConnectedConnectedDisconnectingDisconnectingSubchannel releasedSubchannel releasedDisc
48、onnectedDisconnectedThere is a 15 second delay between Disconnecting and Connecting flow states.There is a 15 second delay between Disconnecting and Connecting flow states.Flow states are Flow states are per subscriptionper subscription:each individual subscription follows these workflows:each indiv
49、idual subscription follows these workflowsA single IP is resolved for each FQDN based DNS subscription.A single IP is resolved for each FQDN based DNS subscription.If FQDN resolves to multiple IP only 1 will be used for the connection.If FQDN resolves to multiple IP only 1 will be used for the conne
50、ction.When multiple subscriptions/xpaths to the same FQDN with multiple IP there will be connections built to each IP When multiple subscriptions/xpaths to the same FQDN with multiple IP there will be connections built to each IP provided by DNS.provided by DNS.Subchannel requestedSubchannel request
51、edDisconnecting Flow state Disconnecting Flow state Cisco gRPC CollectorsCisco gRPC CollectorsFQDN:FQDN:70 70 xPathxPath Subs will Subs will establish connection with establish connection with the IP resolved via DNSthe IP resolved via DNSRepeat theRepeat theCycleCycleCisco gRPC CollectorsCisco gRPC
52、 CollectorsFQDN:FQDN:134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.410 10 xPathxPath Subs will follow the Subs will follow the disconnecting/connecting flow procedure disconnecting/connecting flow procedure to resolve the FQDN and connect again to resolve the FQDN an
53、d connect again with the collectors availablewith the collectors availableCollector.4 might remain down,Collector.4 might remain down,but xpath subs will try to register but xpath subs will try to register with rest of collectors by with rest of collectors by resolving again the FQDNresolving again
54、the FQDNgRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelectiongRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelection21BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConnecting Flow state Connecting Flow state DisconnectedDisconnectedResolvingResolv
55、ingTransport requestedTransport requestedConnectingConnectingConnectedConnectedgRPC Dial-Out:High Availability Design ConsiderationsConnectedConnectedDisconnectingDisconnectingSubchannel releasedSubchannel releasedDisconnectedDisconnectedThere is a 15 second delay between Disconnecting and Connectin
56、g flow states.There is a 15 second delay between Disconnecting and Connecting flow states.Flow states are Flow states are per subscriptionper subscription:each individual subscription follows these workflows:each individual subscription follows these workflowsA single IP is resolved for each FQDN ba
57、sed DNS subscription.A single IP is resolved for each FQDN based DNS subscription.If FQDN resolves to multiple IP only 1 will be used for the connection.If FQDN resolves to multiple IP only 1 will be used for the connection.When multiple subscriptions/xpaths to the same FQDN with multiple IP there w
58、ill be connections built to each IP When multiple subscriptions/xpaths to the same FQDN with multiple IP there will be connections built to each IP provided by DNS.provided by DNS.Subchannel requestedSubchannel requestedDisconnecting Flow state Disconnecting Flow state Cisco gRPC CollectorsCisco gRP
59、C CollectorsFQDN:FQDN:70 70 xPathxPath Subs will Subs will establish connection with establish connection with the IP resolved via DNSthe IP resolved via DNSRepeat theRepeat theCycleCycleCisco gRPC CollectorsCisco gRPC CollectorsFQDN:FQDN:134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.4134.10.10.1,.2,.3,.41
60、34.10.10.1,.2,.3,.4gRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelectiongRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelectionCollector.4 might remain Collector.4 might remain down,but subs will register down,but subs will register with collectors.1,.2,or.3 with collectors.1,.2,or.3 bas
61、ed on DNS resolutionbased on DNS resolution10 10 xPathxPath Subs will follow the Subs will follow the disconnecting/connecting flow procedure disconnecting/connecting flow procedure to resolve the FQDN and connect again to resolve the FQDN and connect again with the collectors availablewith the coll
62、ectors available22BRKEWN-2045Design Considerations 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveImportant Design ConsiderationsImportant Design Considerations Secure your TransportSecure your TransportAccess to information is critical and you want to make sure you are s
63、ecuring your streaming telemetry deployment.Cisco recommendation is to use TLS/mTLS(mutual Transport-Layer Security).Define your FQDN StrategyDefine your FQDN StrategyUse an FQDN to host your collectors.It will be better for scalability and fast grow of new VMs/Containers.Setup your DNS per regions,
64、geolocation,weight,etc.Thing about RedundancyThing about RedundancyMake sure each element of your telemetry design is fully redundant for better reliability and availability of the service(Routers,Load-Balancers,Controllers,etc).BRKEWN-204524 2023 Cisco and/or its affiliates.All rights reserved.Cisc
65、o Public#CiscoLiveCisco APsCisco APsgRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelectionCustomer Network DesignCustomer Network DesignCat9800sCat9800s MoveMove awayaway fromfrom MultipleMultiple SNMPSNMP instances/datainstances/data sourcessources toto centralizedcentralized youryour streami
66、ngstreaming monitoringmonitoring infrastructureinfrastructure.MoveMove towardstowards anan activeactive telemetrytelemetry dialdial-outout solutionsolution toto collectcollect allall datadata in in thethe cloudcloud ofof preferencepreference(AWS,(AWS,GCP,GCP,Azure)Azure).SecureSecure thethe transpor
67、ttransport(mTLS)(mTLS)ofof thethe monitoredmonitored infrastructureinfrastructure.SupportSupport ofof FQDNFQDN toto streamstream thethe datadata toto multiplemultiple collectorscollectors acrossacross differentdifferent regionsregions.ConfigureConfigure xPathxPath subscriptionssubscriptions asas nee
68、dedneeded(Support(Support 128128 subssubs onon XEXE releaserelease 1717.9 9.1 1).BuildBuild automationautomation basedbased onon thethe KPIsKPIs andand metricsmetrics receivedreceived in in realreal timetime.Cisco CatalystCisco CatalystSwitchesSwitchesCisco Catalyst Cisco Catalyst SwitchesSwitchesCi
69、sco Catalyst Cisco Catalyst SwitchesSwitchesCustomer Reference ArchitectureCloud DeploymentCisco CatalystCisco CatalystSwitchesSwitchesCisco Catalyst Cisco Catalyst SwitchesSwitchesCisco Catalyst Cisco Catalyst SwitchesSwitchesLoad BalancersLoad BRoute53Route53TLS Termination/TLS Termination/Authent
70、icationAuthenticationHTTP2/ServerHTTP2/ServerAWS AWS FargateFargateDialDial-Out Containers Out Containers Handler CiscoHandler CiscoECS TaskOthers ECS TaskOthers ECS Taskand servicesand servicesEC2/EC2/FargateFargate Deployment Deployment grpc telemetry receiver usgrpc telemetry receiver us-easteast
71、-1 1DialDial-Out Containers Out Containers Handler CiscoHandler CiscoECS TaskOthers ECS TaskOthers ECS Taskand servicesand servicesEC2/EC2/FargateFargate Deployment Deployment grpc telemetry receiver usgrpc telemetry receiver us-westwest-1 1grpc collectorsgrpc collectorsFailover to stream Failover t
72、o stream on different Regionon different RegionPerPer-Device Device TLS CertsTLS CertsTrustTrust-ChainChainKinesis Stream Kinesis Stream usus-easteast-1 1Kinesis Stream Kinesis Stream usus-westwest-1 1Trust ChainTrust ChainHomegrownHomegrownAutomation Automation ToolToolCisco APsCisco APsTLS Termina
73、tion/TLS Termination/AuthenticationAuthenticationHTTP2/ServerHTTP2/Servergrpc collectorsgrpc collectorsEC2 InstancesEC2 InstancesAWS AWS FargateFargateEC2 InstancesEC2 InstancesAmazonAmazonTimeSeriesTimeSeriesDynamoDBDynamoDBAuto Scale Auto Scale servicesservicesAuto Scale Auto Scale servicesservice
74、sBRKEWN-204525 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivegRPC mTLSgRPC mTLSFQDN IP DNS FQDN IP DNS SelectionSelectionCustomer Reference ArchitecturePrivate Cloud DeploymentLoad Load BalancersBalancersDNS DNS ServersServersContainer Cluster Container Cluster grpc tele
75、metry receiver DCgrpc telemetry receiver DC-1 1PerPer-Device Device TLS CertsTLS CertsTrust-ChainDBDB-Cluster Cluster DC1DC1DBDB-Cluster Cluster DC2DC2Trust ChainContainer Cluster Container Cluster grpc telemetry receiver DCgrpc telemetry receiver DC-2 2HomegrownHomegrownAutomation Automation ToolTo
76、olCertificateCertificateManagerManager MoveMove awayaway fromfrom MultipleMultiple SNMPSNMP instances/datainstances/data sourcessources toto centralizedcentralized youryour streamingstreaming monitoringmonitoring infrastructureinfrastructure.MoveMove towardstowards anan activeactive telemetrytelemet
77、ry dialdial-outout solutionsolution toto collectcollect allall datadata in in thethe privateprivate cloudcloud(Data(Data Centers)Centers).SecureSecure thethe transporttransport(mTLS)(mTLS)ofof thethe monitoredmonitored infrastructureinfrastructure.SupportSupport ofof FQDNFQDN toto streamstream theth
78、e datadata toto multiplemultiple collectorscollectors acrossacross differentdifferent locationslocations.ConfigureConfigure xPathxPath subscriptionssubscriptions asas neededneeded(We(We supportsupport 128128 subssubs onon XEXE releaserelease 1717.9 9.1 1).BuildBuild automationautomation basedbased o
79、non thethe KPIsKPIs andand metricsmetrics receivedreceived in in realreal timetime.ComputeOrchestrationComputeOrchestrationDB Cluster FailoverCisco APsCisco APsCustomer Network DesignCustomer Network DesignCat9800sCat9800sCisco CatalystCisco CatalystSwitchesSwitchesCisco Catalyst Cisco Catalyst Swit
80、chesSwitchesCisco Catalyst Cisco Catalyst SwitchesSwitchesCisco CatalystCisco CatalystSwitchesSwitchesCisco Catalyst Cisco Catalyst SwitchesSwitchesCisco Catalyst Cisco Catalyst SwitchesSwitchesCisco APsCisco APPerPer-Device Device TLS CertsTLS CertsBRKEWN-204526Telemetry Design at Scale 2023 Cisco
81、and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveScaling your Telemetry deploymentMinimum scaling deployment:FQDN with Multiple Collectors C9800C9800-CLCLC9800C9800-CLCLC9800C9800-L LC9800C9800-L LC9800C9800-8080C9800C9800-4040C9800C9800-4040Site 1Site 2Site 3Site 4Site 5Site 6Site N+
82、1Collector1Collector1Collector2Collector2Collector3Collector3CollectorN+1CollectorN+1FQDN:FQDN:Mutual Transport Layer Security(mTLS)Transport NetworkTransport NetworkDB Cluster1DB Cluster1DB Cluster1DB Cluster1ClientClient taketake thethe decisiondecision toto whichwhich collectorcollector selectsel
83、ect basedbased onon DNSDNS resolutionresolution.Leaving the decision to the client for the selection the XPaths subscriptions Leaving the decision to the client for the selection the XPaths subscriptions to connect with the collectors might create a scalability issue in the future.to connect with th
84、e collectors might create a scalability issue in the future.DNS ServersDNS ServersPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TL
85、S CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsCertificateCertificateManagerManagerBRKEWN-204528 2023 Cisco and/or its affiliates.All ri
86、ghts reserved.Cisco Public#CiscoLiveScaling your Telemetry deploymentGood scaling deployment:Active/Standby mTLS passthrough Multiple CollectorsBRKEWN-2045C9800C9800-CLCLC9800C9800-CLCLC9800C9800-L LC9800C9800-L LC9800C9800-8080C9800C9800-4040C9800C9800-4040Site 1Site 2Site 3Site 4Site 5Site 6Site N
87、+1Collector1Collector1Collector2Collector2Collector3Collector3CollectorN+1CollectorN+1FQDN:FQDN:Mutual Transport Layer Security(mTLS)Transport NetworkTransport NetworkDB Cluster1DB Cluster1DB Cluster1DB Cluster1DNS ServersDNS ServersActiveActiveLoadLoad Balancer1Balancer1StandbyStandbyLoadLoad Balan
88、cer2Balancer2PerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device
89、Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsCertificateCertificateManagerManagerClientClient sendsend allall thethe requestrequest toto thethe ActiveActive LoadLoad BalancerBalancer.The Load Balancer will distribute the sessions across all Collectors based The Load Balancer will
90、distribute the sessions across all Collectors based on the number of sessions per source IPs.on the number of sessions per source IPs.More Devices to manage with Certs.Might be more difficult for More Devices to manage with Certs.Might be more difficult for Troubleshoot.Troubleshoot.PerPer-Device De
91、vice TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS Certs29 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveScal
92、ing your Telemetry deploymentOptimal scaling deployment:Active/Standby Load Balances with Multiple CollectorsBRKEWN-2045C9800C9800-CLCLC9800C9800-CLCLC9800C9800-L LC9800C9800-L LC9800C9800-8080C9800C9800-4040C9800C9800-4040Site 1Site 2Site 3Site 4Site 5Site 6Site N+1Collector1Collector1Collector2Col
93、lector2Collector3Collector3CollectorN+1CollectorN+1FQDN:FQDN:Mutual Transport Layer Security(mTLS)Transport NetworkTransport NetworkDB Cluster1DB Cluster1DB Cluster1DB Cluster1DNS ServersDNS ServersActiveActiveLoadLoad Balancer1Balancer1StandbyStandbyLoadLoad Balancer2Balancer2PerPer-Device Device T
94、LS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Dev
95、ice Device TLS CertsTLS CertsgRPC TCPgRPC TCPgRPC TCPgRPC TCPgRPC TCPgRPC TCPCertificateCertificateManagerManagerClientClient sendsend allall thethe requestrequest toto thethe ActiveActive LoadLoad BalancerBalancer.The Load Balancer will distribute the sessions across all Collectors based The Load B
96、alancer will distribute the sessions across all Collectors based on the number of sessions per source IPs.on the number of sessions per source IPs.On Active/Standby scenario can scale but performance can be impacted as On Active/Standby scenario can scale but performance can be impacted as well.well
97、.BRKEWN-204530 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveScaling your Telemetry deploymentOptimal scaling deployment:Active/Active Load Balances with Multiple CollectorsBRKEWN-2045C9800C9800-CLCLC9800C9800-CLCLC9800C9800-L LC9800C9800-L LC9800C9800-8080C9800C9800-404
98、0C9800C9800-4040Site 1Site 2Site 3Site 4Site 5Site 6Site N+1Collector1Collector1Collector2Collector2Collector3Collector3CollectorN+1CollectorN+1FQDN:FQDN:Mutual Transport Layer Security(mTLS)Transport NetworkTransport NetworkDB Cluster1DB Cluster1DB Cluster1DB Cluster1DNS ServersDNS ServersActiveAct
99、iveLoadLoad Balancer1Balancer1ActiveActiveLoadLoad Balancer2Balancer2PerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS Ce
100、rtsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsgRPC TCPgRPC TCPgRPC TCPgRPC TCPgRPC TCPgRPC TCPCertificateCertificateManagerManagerClientClient sendsend allall thethe requestrequest toto thethe ActiveActive LoadLoad BalancerBal
101、ancer.The Load Balancer will distribute the sessions across all Collectors based The Load Balancer will distribute the sessions across all Collectors based on the number of sessions per source IPs.on the number of sessions per source IPs.On Active/Active scenario can provide better performance and s
102、calability in On Active/Active scenario can provide better performance and scalability in the long term.the long term.31 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveScaling your Telemetry deploymentBest scaling Deployment:Dual Layer Load Balancers to the CollectorsC980
103、0C9800-CLCLC9800C9800-CLCLC9800C9800-L LC9800C9800-L LC9800C9800-8080C9800C9800-4040C9800C9800-4040Site 1Site 2Site 3Site 4Site 5Site 6Site N+1Collector1Collector1Collector2Collector2Collector3Collector3CollectorN+1CollectorN+1FQDN:FQDN:Transport NetworkTransport NetworkDB Cluster1DB Cluster1DB Clus
104、ter1DB Cluster1DNS ServersDNS ServersActiveActiveFrontendFrontendLoadLoad Balancer1Balancer1ActiveActiveFrontendFrontendLoadLoad Balancer2Balancer2PerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS Ce
105、rtsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsPerPer-Device Device TLS CertsTLS CertsgRPC TCPgRPC TCPCertificateCertificateManagerManagerClientClient sendsend allall thethe requestrequest
106、 toto thethe ActiveActive LoadLoad BalancerBalancer.The Load Balancer will distribute the sessions across all Collectors based The Load Balancer will distribute the sessions across all Collectors based on the number of sessions per source IPs.on the number of sessions per source IPs.On Active/Active
107、 scenario can provide better performance and scalability in On Active/Active scenario can provide better performance and scalability in the long term.the long term.Mutual Transport Layer Security(mTLS)ActiveActiveBackendBackendLoadLoad Balancer1Balancer1ActiveActiveBackendBackendLoadLoad Balancer2Ba
108、lancer2Public Public FacingFacingPivatePivate FacingFacingBRKEWN-204532Performance and Validation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePerformance and Validation:34BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTesting and
109、 Validation at Scale with Wireless BU TeamCat9800Cat9800-8080Cisco Catalyst Cisco Catalyst 93009300Cisco Catalyst Cisco Catalyst 93009300Cisco Catalyst Cisco Catalyst 95009500Cisco Catalyst Cisco Catalyst 95009500Total of 64k ClientsTotal of 64k Clientssending trafficsending trafficTrafficSimTraffic
110、Sim Cluster SetupCluster SetupPrivate Network TrafficSim generate data traffic for each client that has a CAPWAP Tunnels established with the WLC.Traffic generated returns to the TrafficSim cluster.WLC start collecting xPath Subscriptions metrics.WLC Push data to the Collectors based on the defined
111、periodic updates(60,300,900secs,etc).Automated scripts validate and verify Subs metrics,KPIs,performance and possible issues.Cisco gRPC Cisco gRPC CollectorsCollectorsCAPWAP CAPWAP Tunnels to sim up to 6k APs+64k Clients and Tunnels to sim up to 6k APs+64k Clients and Setup Roaming/secs+High Through
112、put Setup Roaming/secs+High Throughput ConditionsConditionsTSTSTSTSTSCiscoCiscoCAPWAPCAPWAPSimSimDatabasesDatabasesExecute Automation Execute Automation Pipeline ScriptsPipeline ScriptsDifferent Tools to Analyze Different Tools to Analyze and Visualize the Dataand Visualize the DataReal AP Farm Real
113、 AP Farm 1K+of APs and Clients1K+of APs and Clients35BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTesting and Validation at Scale with Wireless BU Team4k x APs+15k Clients with 70+xPath Subscriptions36BRKEWN-2045 2023 Cisco and/or its affiliates.All rights r
114、eserved.Cisco Public#CiscoLiveTesting and Validation at Scale with Wireless BU Team4k x APs+15k Clients with 70+xPath Subscriptions and 300 roaming/secClient roaming rateIncrease of roaming rate37BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveResults of Perfor
115、mance and Validation at Scale4k x APs+15k Clients with 70+XPath Subscriptions and 30 roaming/sec38BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMemory,CPU,Temperature,Throughput LoadTemperatureTemperatureMemoryMemoryCPUCPUThroughputThroughputInterval on which
116、 data is Interval on which data is send to the collectors.send to the collectors.Total of 70+Xpath Subs Total of 70+Xpath Subs every 60,90,120,300 and every 60,90,120,300 and 900secs.900secs.BRKEWN-204539 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFor your reference:M
117、ost important Wireless XPath tested at scale(Best Practices):Most stable IOSMost stable IOS-XE version for gRPC:XE version for gRPC:17.9.3 and higher and 17.12.1 and higherList of recommended Wireless XPath at scale with Time Period:/wireless-access-point-oper:access-point-oper-data/ethernet-mac-wtp
118、-mac-map15 mins/wireless-access-point-oper:access-point-oper-data/capwap-data15 mins/wireless-access-point-oper:access-point-oper-data/cdp-cache-data/15 mins/wireless-access-point-oper:access-point-oper-data/radio-oper-stats60 secs/wireless-access-point-oper:access-point-oper-data/radio-oper-data180
119、 secs/wireless-access-point-oper:access-point-oper-data/oper-data180 secs/wireless-rrm-oper:rrm-oper-data/rrm-measurement180 secs/wireless-client-oper:client-oper-data/dot11-oper-data180 secs/wireless-client-oper:client-oper-data/common-oper-data15 mins/wireless-client-oper:client-oper-data/policy-d
120、ata60 secs/wireless-client-oper:client-oper-data/sisf-db-mac/ipv4-binding/ip-key/ip-addr15 mins/wireless-client-oper:client-oper-data/traffic-stats180 secs/lldp-ios-xe-oper:lldp-entries/lldp-state-details60 secs/device-hardware-xe-oper:device-hardware-data/device-hardware15 mins/wireless-mobility-op
121、er:mobility-oper-data/mobility-node-data/ulink-status60 secs/process-cpu-ios-xe-oper:cpu-usage/cpu-utilization/one-minute60 secs/platform-sw-ios-xe-oper:cisco-platform-software/control-processes60 secs/environment-ios-xe-oper:environment-sensors/environment-sensor60 secs/lldp-ios-xe-oper:lldp-entrie
122、s/lldp-intf-details60 secs/interfaces-ios-xe-oper:interfaces/interface60 secs/platform-ios-xe-oper:components/component60 secs/mdt-oper-v2:mdt-oper-v2-data60 secs/wireless-access-point-oper:access-point-oper-data/radio-oper-data/radio-band-info180 secs40BRKEWN-2045Lessons Learned 2023 Cisco and/or i
123、ts affiliates.All rights reserved.Cisco Public#CiscoLiveLessons Learned No.1-Use CasesWLC Clean air:High Interferers in 2.4GhzWLC Clean air:High Interferers in 2.4Ghz:xPathxPath:/:/wirelesswireless-rrmrrm-oper:rrmoper:rrm-operoper-datadata/rrmrrm-measurementmeasurement/wirelesswireless-rrmrrm-oper:r
124、rmoper:rrm-operoper-datadata/spectrum/spectrum-devicedevice-tabletableWe have seen,over a period of time,the number of clean air interferers on WLC growexponentially from just few 100s to several thousands.You can detect this issue bymonitoring your infrastructure and verifying if your CCA,Rx,Tx uti
125、lization and Rx/Tx Noisegoes exponentially up with MDT.This issue was fixed in 17.3.5,17.6.3,17.8.1.BRKEWN-204542 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLessons Learned No.2-Use-CasesApple Continuity service(Apple Continuity service(mDNSmDNS)enabled)enabledIn the
126、Monterey OS,Apple has added a feature where every macbook has the capacity tobecome an Apple TV and advertise itself.The default behavior is ON for all MacBooks.WhenmDNS gateway is enabled and using the default mDNS profiles,This causes an exponential risein mDNS entries being cached on the controll
127、er,and also the amount of query responses whichthe controller sends back increases exponentially.Essentially,a Macbook in a completelydifferent site will be seen by every other Macbook looking for an Apple TV and that too acrossVLANs.One can imagine how much the traffic increases cause of this.Xpath
128、:/Xpath:/mdnsmdns-oper:mdnsoper:mdns-operoper-datadata/mdnsmdns-globalglobal-statsstatsBRKEWN-204543Demo 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDemo Architecture DiagramBRKEWN-204545 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKEWN
129、-204546 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLab DocumentationTry out gRPC in your own lab setup with:Try out gRPC in your own lab setup with:Setup Telegraf,Setup Telegraf,InfluxDBInfluxDB and Grafana:and Grafana:https:/ HAProxy and Keepalived:Setup HAProxy and
130、Keepalived:https:/ the certificatesGenerate the certificates for your gRPC Collectors and WLCs:for your gRPC Collectors and WLCs:https:/ your DNS ServerSetup your DNS Server for your FQDN collectors:for your FQDN collectors:https:/ gRPC and MDT:Troubleshoot gRPC and MDT:https:/ RecordingDemo Recordi
131、ng:https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTakeawaysTelemetry the new norm for monitoring and adoption is happening very quickly.Streaming Telemetry a solid and scalable solution.Get familiar with Streaming Telemetry on DevNet Sandbox:https:/ to your Cisco
132、CX and Account team about MDT.Want to learn more about Streaming Telemetry?Connect with me on Social Media:LinkedIn:https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overal
133、l event survey will get Cisco Live-branded socks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Game for every survey completed.BRKEWN-204550 2023 Cisco and/or its affi
134、liates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive
135、 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive53Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Cl
136、ick the+at the bottom of the screen and scan the QR code:How:123453 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKEWN-2045#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAppendixBRKEWN-204555Demo Screenshot Slides 2023 Cisco and/or its affi
137、liates.All rights reserved.Cisco Public#CiscoLiveDefining your Telemetry configuration57BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLoad balance your grpc traffic to the collectors58BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ
138、ic#CiscoLiveVisualizing and Monitoring your Infrastructure59BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSetting up the Alarms60BRKEWN-2045 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAlarms notifications to Webex Teams61BRKEWN
139、-2045Use-Cases Scenarios 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLogistics/Industrial/Manufacturing Services Metrics/KPIs:Cisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsTables/ScannersIn
140、dustrialAugmented RealityAutonomousDronesThin ClientsRobot packersIoT SensorsUnmanaged RobotsCollab RobotsSmart PackagingCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsAutonomous RobotsCisco APsCisco APs Inventory picking accuracy Orders Efficiency and Fill Rate Machinery Pe
141、rformance Network operational uptime Backorder rate Order lead times Cost Optimization Stock cycle timeWireless AnalyticsCisco APsCisco APsBRKEWN-204563 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APs
142、Cisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsCisco APsHealthcare S
143、ervices Metrics/KPIs:Critical Health Systems Emergency Services Nursing Care Hospital Environment Climate Management Location Tracking IoT Health Sensors Services Access Patient care CollabBRKEWN-204564 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveColleges/Universities Services Metrics/KPIs:Cisco APsCisco APsCisco APsCisco APs Student Services Access Location Tracking Occupancy Sensing EV Charging Buildings Surveillance Assets Management Smart Buildings IoT SensorsUniversities/CollegesUniversities/CollegesCampus NetworksCampus NetworksBRKEWN-204565