Cisco Network Assurance Engine Data Sheet
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Cisco® Network Assurance Engine solution provides continuous verification and analysis of the entire data center network, giving operators confidence that their network is operating consistently with their intent. It combines mathematically accurate network models with codified Cisco domain knowledge to generate “smart events” that pinpoint deviations from intent and offer recommendations for remediation.
Using comprehensive analysis spanning operator intent, controller policy, switch configurations, and data-plane state, Cisco Network Assurance Engine (NAE) helps operators proactively detect network outages and security policy vulnerabilities before they impact business, reduces risk by predicting change impact, and rapidly determines the root cause of problems. With a unified network repository and compliance rules, Network Assurance Engine simplifies audits and ensures compliance.
Cisco Network Assurance Engine is the critical intent-assurance pillar of Cisco’s vision for intent-based data center networks. Built on Cisco’s patented network verification technology, Network Assurance Engine is a comprehensive intent-assurance solution that mathematically verifies the entire data center network for correctness. It gives operators the confidence that their network is always operating consistently with their intent, even as it changes dynamically.
With Cisco Network Assurance Engine, operators can:
● Predict the impact of changes: Proactively verify changes for correctness to drive increased change agility while significantly reducing risk of human error–induced network failures.
● Verify network wide behavior: Continuously analyze and verify the dynamic state of the network against intent and policy to ensure connectivity and eliminate potential network outages and vulnerabilities before any business impact occurs.
● Ensure network security policy and compliance: Ensure network security policies and check for compliance against business rules to reduce security risk and achieve provable continuous compliance by policy and state.
Cisco Network Assurance Engine achieves all of the above by reading the entire policy—every configuration, the network wide state, and the operator’s intent—and building from these comprehensive and mathematically accurate models of network behavior. It then combines these models with more than 30 years of Cisco’s operational domain knowledge of networking to generate smart events that instantly pinpoint any deviations from intended behavior and suggest expert-level recommendations for remediation. By providing this continuous verification and validation of the entire data center network, Cisco Network Assurance Engine fundamentally transforms the operations paradigm from reactive to proactive (see Figure 1).
The Cisco Network Assurance Engine for the data center is supported on Cisco Application Centric Infrastructure (Cisco ACI®) and Cisco Data Center Network Manager (DCNM) for NX-OS-based deployments.
Cisco Network Assurance Engine: how it works
Cisco Network Assurance Engine innovation
As the industry’s most comprehensive intent-assurance suite, Cisco Network Assurance Engine ushers in an operational paradigm that promises to bring to networking the advantages of verification-driven, agile, proactive change management for network operations. Network Assurance Engine brings together unique capabilities, including:
● Most complete vision for intent-based networks in the industry: Architected from the ground up for seamless integration with the Cisco Application Centric Infrastructure (Cisco ACI) and NX-OS platform, delivering on the vision of intent-based networks for data centers.
● Codified Cisco domain knowledge: Built-in failure scenarios accurately pinpointing and powering smart events with steps for remediation.
● Deep policy controller integration: Ensures controller policy and configurations, correlating with dynamic network state.
● Comprehensive analysis: Captures, analyzes, and correlates the entire network state—including switch configurations and the hardware data-plane state.
Table 1. Cisco Network Assurance Engine Release 5.1: features and benefits
| Feature |
Benefits |
| Multi-fabric |
Provide assurance for multi-tier Cisco ACI fabric and investment protection |
| Global search |
Provide advanced search capability for events across the timeline |
| Event lifecycle |
Discover the root cause of an event through its lifecycle |
| Change management |
One-stop shop for information about the assurance on policy and config analysis changes. |
| Explorer |
Explore associations and connectivity and understand the state of network deployment using powerful natural-language querying |
| Communication compliance |
Ensure regulatory and business communication meets compliance at all times |
| Configuration compliance |
Ensure that naming and golden template configurations meet IT requirements for enhanced productivity |
| Pre-change analysis |
Predict the impact of the intended configuration changes to drive insight-driven change management |
| TCAM utilization |
Manage TCAM capacity resources and security policy with advanced utilization analysis |
| Event suppression |
Tailor results to displaying relevant events in an uncluttered dashboard |
| Custom next steps |
Customized remediation actions; eliminates the need for run books for remediation issues |
| Epoch Delta Health Analysis |
Comprehensive view of health drift between any two epochs, minimizing the change window |
| Epoch Delta Policy/Config Analysis |
Comprehensive view of policy/config drift between any two epochs, minimizing troubleshooting time |
| Load-balancer integration |
Ensures the configuration across Cisco ACI and load balancer, enabling high availability |
| Cisco Multi-Site Orchestrator (MSO) |
Ensures site-to-site connectivity; provides an aggregated view across sites |
| Topology |
Supports all Cisco ACI remote-leaf, Layer 3 EVPN, and multi-tier architectures |
Table 2. Feature compatibility matrix
| Feature |
Cisco ACI |
Cisco DCNM/NX-OS |
| Multi-fabric |
Yes |
No |
| Global search |
Yes |
Yes |
| Event lifecycle |
Yes |
Yes |
| Change management |
Yes |
Yes |
| Explorer |
Yes |
Yes |
| Communication compliance |
Yes |
No |
| Configuration compliance |
Yes |
No |
| Pre-change analysis |
Yes |
No |
| TCAM utilization |
Yes |
No |
| Event suppression |
Yes |
Yes |
| Custom next steps |
Yes |
Yes |
| Epoch Delta Health Analysis |
Yes |
Yes |
| Epoch Delta Policy/Config Analysis |
Yes |
Yes |
| Load-balancer integration |
Yes |
No |
| Cisco Multi-Site Orchestrator |
Yes |
No |
| Topology |
Closed loop |
VXLAN BGP EVPN |
Cisco APIC software version support for Cisco Network Assurance Engine 5.1
Table 3. Cisco APIC software version and switch model compatibility
| Cisco Nexus® 9000 Series Switch support |
Cisco Nexus® 9000 Series Switch support |
| All releases from Cisco APIC 3.2 through Cisco APIC 5.1 |
N9K-M12PQ N9K-C9396PX N9K-M6PQ-E N9K-M6PQ N9K-C93128TX N9K-C9396TX N9K-C9372PX N9K-C9372TX N9K-C9332PQ N9K-C9372PX-E N9K-C93120TX N9K-C9372TX-E N9K-C93180YC-EX N9K-93180YC-EX N9K-C93108TC-EX N9K-C93180LC-EX N9K-C93108TC-FX N9K-C93108YC-FX N9K-C93180YC-FX N9K-C9348GC-FXP N9K-C9358GY-FXP N9K-C9336C-FX N9K-C9336C-FX2 N9K-C93216TC-FX2 N9K-C93240YC-FX2 N9K-C93360YC-FX2 N9K-C9316D-GX N9K-C93600CD-GX N9K-C9364C-GX N9K-X9716D-GX N9K-C9504-FM-G N9K-C9508-FM-G |
Cisco NX-OS fabric compatibility information with DCNM assurance group
Table 4. Cisco NX-OS fabric compatibility information with DCNM assurance group
| Cisco DCNM release |
NX-OS release |
Cisco Nexus 9000 Series Switch support |
Topology and deployment |
|
●
11.4(1)
●
11.3(1)
|
● 9.3(5)
● 9.3(3)
|
The Cisco Nexus 9300-EX, -FX, -FX2, and -GX platform switches and the Cisco Nexus 9500 platform switches with -EX and -FX line cards are supported. |
BGP eVPN VXLAN topology and deployments are supported. |
The Cisco Network Assurance Engine can be deployed as:
● A software-only virtual form factor that runs on three virtual machines, with specifications depending on the scale of the customer’s fabric. The product is nonintrusive, requiring only fabric credentials without the need to deploy any sensors. The product typically takes less than one hour to deploy, install, and deliver detailed analysis results for the fabric.
● An application on the Cisco Nexus Dashboard that can be downloaded from the Cisco DC App Center.
The Cisco Network Assurance Engine Release 5.1 application requires Cisco Nexus Dashboard Release 2.0.
Cisco Network Assurance Engine licensing model
● Cisco Network Assurance Engine licenses are included as part of the Cisco Data Center Networking (DCN) Premier license.
● For customers who have a Cisco Data Center Network (DCN) Essentials or Advantage license, customers can acquire Cisco Network Assurance Engine licenses through a Day 2 Operations (Day2Ops) bundle.
● Cisco Network Assurance Engine licenses are available in subscription mode only.
● For Cisco ACI environments, the number of device licenses required is equal to the sum of the leafs. The spine switches do not require a device license.
● For a Cisco NX-OS/DCNM environment, licenses are required for all the devices. The number of add-on device licenses required is equal to the sum of the leafs, fixed spines, and/or modular spines.
● To learn more about Cisco ACI Smart Licensing, click here. For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide
● Contact your Cisco account team to learn pricing and additional details.
Cisco Services for Network Assurance Engine
Accelerate implementation and adoption, gain network insight, speed remediation, and reduce risk with Cisco implementation service and solution support for Cisco Network Assurance Engine. Through knowledge sharing and experienced guidance, network operators can realize the full benefits of their product investment. Cisco Services experts focus on quick installation, discovery of the most important network and configuration smart events, and analysis of top vulnerabilities, and then provide strategic recommendations for remediation. By leveraging unique insights and expertise gained from many Cisco ACI deployments, Cisco Services can help identify and analyze the real impact of Cisco Network Assurance Engine to enhance and ensure data center reliability.
Cisco Network Assurance Engine is subject to the Cisco General Terms (see https://www.cisco.com/go/eula) and Cisco Supplemental General Terms (see https://www.cisco.com/c/dam/en_us/about/doing_business/legal/seula/dcs_cisco_network_assurance_engine.pdf).
Flexible payment solutions to help you achieve your objectives
Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation, and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services, and complementary third-party equipment in easy, predictable payments. Learn more.
Cisco Network Assurance Engine
Please contact your account team to request your free trial and additional information.