Cisco Network Assurance Engine Data Sheet

Data Sheet

Available Languages

Download Options

  • PDF
    (336.5 KB)
    View with Adobe Reader on a variety of devices
Updated:March 3, 2021

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (336.5 KB)
    View with Adobe Reader on a variety of devices
Updated:March 3, 2021
 

 

The Cisco® Network Assurance Engine solution provides continuous verification and analysis of the entire data center network, giving operators confidence that their network is operating consistently with their intent. It combines mathematically accurate network models with codified Cisco domain knowledge to generate “smart events” that pinpoint deviations from intent and offer recommendations for remediation.

Using comprehensive analysis spanning operator intent, controller policy, switch configurations, and data-plane state, Cisco Network Assurance Engine (NAE) helps operators proactively detect network outages and security policy vulnerabilities before they impact business, reduces risk by predicting change impact, and rapidly determines the root cause of problems. With a unified network repository and compliance rules, Network Assurance Engine simplifies audits and ensures compliance.

Solution overview

Cisco Network Assurance Engine is the critical intent-assurance pillar of Cisco’s vision for intent-based data center networks. Built on Cisco’s patented network verification technology, Network Assurance Engine is a comprehensive intent-assurance solution that mathematically verifies the entire data center network for correctness. It gives operators the confidence that their network is always operating consistently with their intent, even as it changes dynamically.

With Cisco Network Assurance Engine, operators can:

     Predict the impact of changes: Proactively verify changes for correctness to drive increased change agility while significantly reducing risk of human error–induced network failures.

     Verify network wide behavior: Continuously analyze and verify the dynamic state of the network against intent and policy to ensure connectivity and eliminate potential network outages and vulnerabilities before any business impact occurs.

     Ensure network security policy and compliance: Ensure network security policies and check for compliance against business rules to reduce security risk and achieve provable continuous compliance by policy and state.

Cisco Network Assurance Engine achieves all of the above by reading the entire policy—every configuration, the network wide state, and the operator’s intent—and building from these comprehensive and mathematically accurate models of network behavior. It then combines these models with more than 30 years of Cisco’s operational domain knowledge of networking to generate smart events that instantly pinpoint any deviations from intended behavior and suggest expert-level recommendations for remediation. By providing this continuous verification and validation of the entire data center network, Cisco Network Assurance Engine fundamentally transforms the operations paradigm from reactive to proactive (see Figure 1).

The Cisco Network Assurance Engine for the data center is supported on Cisco Application Centric Infrastructure (Cisco ACI®) and Cisco Data Center Network Manager (DCNM) for NX-OS-based deployments.

Cisco Network Assurance Engine: how it works

Figure 1.               

Cisco Network Assurance Engine: how it works

Cisco Network Assurance Engine innovation

As the industry’s most comprehensive intent-assurance suite, Cisco Network Assurance Engine ushers in an operational paradigm that promises to bring to networking the advantages of verification-driven, agile, proactive change management for network operations. Network Assurance Engine brings together unique capabilities, including:

     Most complete vision for intent-based networks in the industry: Architected from the ground up for seamless integration with the Cisco Application Centric Infrastructure (Cisco ACI) and NX-OS platform, delivering on the vision of intent-based networks for data centers.

     Codified Cisco domain knowledge: Built-in failure scenarios accurately pinpointing and powering smart events with steps for remediation.

     Deep policy controller integration: Ensures controller policy and configurations, correlating with dynamic network state.

     Comprehensive analysis: Captures, analyzes, and correlates the entire network state—including switch configurations and the hardware data-plane state.

Features and benefits

Table 1.           Cisco Network Assurance Engine Release 5.1: features and benefits

Feature

Benefits

Multi-fabric

Provide assurance for multi-tier Cisco ACI fabric and investment protection

Global search

Provide advanced search capability for events across the timeline

Event lifecycle

Discover the root cause of an event through its lifecycle

Change management

One-stop shop for information about the assurance on policy and config analysis changes.

Explorer

Explore associations and connectivity and understand the state of network deployment using powerful natural-language querying

Communication compliance

Ensure regulatory and business communication meets compliance at all times

Configuration compliance

Ensure that naming and golden template configurations meet IT requirements for enhanced productivity

Pre-change analysis

Predict the impact of the intended configuration changes to drive insight-driven change management

TCAM utilization

Manage TCAM capacity resources and security policy with advanced utilization analysis

Event suppression

Tailor results to displaying relevant events in an uncluttered dashboard

Custom next steps

Customized remediation actions; eliminates the need for run books for remediation issues

Epoch Delta Health Analysis

Comprehensive view of health drift between any two epochs, minimizing the change window

Epoch Delta Policy/Config Analysis

Comprehensive view of policy/config drift between any two epochs, minimizing troubleshooting time

Load-balancer integration

Ensures the configuration across Cisco ACI and load balancer, enabling high availability

Cisco Multi-Site Orchestrator (MSO)

Ensures site-to-site connectivity; provides an aggregated view across sites

Topology

Supports all Cisco ACI remote-leaf, Layer 3 EVPN, and multi-tier architectures

Table 2.           Feature compatibility matrix

Feature

Cisco ACI

Cisco DCNM/NX-OS

Multi-fabric

Yes

No

Global search

Yes

Yes

Event lifecycle

Yes

Yes

Change management

Yes

Yes

Explorer

Yes

Yes

Communication compliance

Yes

No

Configuration compliance

Yes

No

Pre-change analysis

Yes

No

TCAM utilization

Yes

No

Event suppression

Yes

Yes

Custom next steps

Yes

Yes

Epoch Delta Health Analysis

Yes

Yes

Epoch Delta Policy/Config Analysis

Yes

Yes

Load-balancer integration

Yes

No

Cisco Multi-Site Orchestrator

Yes

No

Topology

Closed loop

VXLAN BGP EVPN

Hardware platform support

Cisco APIC software version support for Cisco Network Assurance Engine 5.1

Table 3.           Cisco APIC software version and switch model compatibility

Cisco Nexus® 9000 Series Switch support

Cisco Nexus® 9000 Series Switch support

All releases from Cisco APIC 3.2 through Cisco APIC 5.1

N9K-M12PQ

N9K-C9396PX

N9K-M6PQ-E

N9K-M6PQ

N9K-C93128TX

N9K-C9396TX

N9K-C9372PX

N9K-C9372TX

N9K-C9332PQ

N9K-C9372PX-E

N9K-C93120TX

N9K-C9372TX-E

N9K-C93180YC-EX

N9K-93180YC-EX

N9K-C93108TC-EX

N9K-C93180LC-EX

N9K-C93108TC-FX

N9K-C93108YC-FX

N9K-C93180YC-FX

N9K-C9348GC-FXP

N9K-C9358GY-FXP

N9K-C9336C-FX

N9K-C9336C-FX2

N9K-C93216TC-FX2

N9K-C93240YC-FX2

N9K-C93360YC-FX2

N9K-C9316D-GX

N9K-C93600CD-GX

N9K-C9364C-GX

N9K-X9716D-GX

N9K-C9504-FM-G

N9K-C9508-FM-G

Cisco NX-OS fabric compatibility information with DCNM assurance group

Table 4.           Cisco NX-OS fabric compatibility information with DCNM assurance group

Cisco DCNM release

NX-OS release

Cisco Nexus 9000 Series Switch support

Topology and deployment

  11.4(1)
  11.3(1)
  9.3(5)
  9.3(3)

The Cisco Nexus 9300-EX, -FX, -FX2, and -GX platform switches and the Cisco Nexus 9500 platform switches with -EX and -FX line cards are supported.

BGP eVPN VXLAN topology and deployments are supported.

Deployment model

The Cisco Network Assurance Engine can be deployed as:

     A software-only virtual form factor that runs on three virtual machines, with specifications depending on the scale of the customer’s fabric. The product is nonintrusive, requiring only fabric credentials without the need to deploy any sensors. The product typically takes less than one hour to deploy, install, and deliver detailed analysis results for the fabric.

     An application on the Cisco Nexus Dashboard that can be downloaded from the Cisco DC App Center.

The Cisco Network Assurance Engine Release 5.1 application requires Cisco Nexus Dashboard Release 2.0.

Cisco Network Assurance Engine licensing model

     Cisco Network Assurance Engine licenses are included as part of the Cisco Data Center Networking (DCN) Premier license.

     For customers who have a Cisco Data Center Network (DCN) Essentials or Advantage license, customers can acquire Cisco Network Assurance Engine licenses through a Day 2 Operations (Day2Ops) bundle.

     Cisco Network Assurance Engine licenses are available in subscription mode only.

     For Cisco ACI environments, the number of device licenses required is equal to the sum of the leafs. The spine switches do not require a device license.

     For a Cisco NX-OS/DCNM environment, licenses are required for all the devices. The number of add-on device licenses required is equal to the sum of the leafs, fixed spines, and/or modular spines.

     To learn more about Cisco ACI Smart Licensing, click here. For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide

     Contact your Cisco account team to learn pricing and additional details.

Cisco Services for Network Assurance Engine

Accelerate implementation and adoption, gain network insight, speed remediation, and reduce risk with Cisco implementation service and solution support for Cisco Network Assurance Engine. Through knowledge sharing and experienced guidance, network operators can realize the full benefits of their product investment. Cisco Services experts focus on quick installation, discovery of the most important network and configuration smart events, and analysis of top vulnerabilities, and then provide strategic recommendations for remediation. By leveraging unique insights and expertise gained from many Cisco ACI deployments, Cisco Services can help identify and analyze the real impact of Cisco Network Assurance Engine to enhance and ensure data center reliability.

Cisco General Terms

Cisco Network Assurance Engine is subject to the Cisco General Terms (see https://www.cisco.com/go/eula) and Cisco Supplemental General Terms (see https://www.cisco.com/c/dam/en_us/about/doing_business/legal/seula/dcs_cisco_network_assurance_engine.pdf).

Cisco Capital

Flexible payment solutions to help you achieve your objectives

Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation, and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services, and complementary third-party equipment in easy, predictable payments. Learn more.

For more information

Cisco Network Assurance Engine

Please contact your account team to request your free trial and additional information.

 

 

 

Learn more