Watch on YouTube
Watch on Vimeo
See how Cisco is rethinking secure data center and AI networking by moving protection closer to critical traffic. This session shows how embedded enforcement, real-time mitigation, and unified operations across NetOps, SecOps and Platform teams can help reduce downtime, simplify architecture, improve visibility, and sustain high performance as AI workloads scale across enterprises and clouds.
Presented by Javed Asghar and Alejandro de Alda at Tech Field Day Extra during Cisco Live US 2026, Cisco’s secure data center strategy heavily integrates with industry initiatives like Project Glasswing and Project Mythos to build security directly into the networking fabric. To insulate core network elements from emerging AI-driven threats, the architecture isolates three distinct switch attack vectors: kernel-level privilege escalations, user-space network DDoS attacks on routing stacks, and ASIC-level forwarding pipeline programing issues. A central innovation addressing these vectors is Cisco Live Protect, which leverages an embedded enterprise-grade Isovalent Tetragon eBPF agent natively packaged within the NX-OS binary. Live Protect allows NetOps teams to apply real-time policy “shields” to the Linux kernel and user space. Operating in either monitor or enforce mode, these shields allow organizations to mitigate vulnerabilities immediately without needing to wait for arduous InfoSec certifications or disruptive software patching maintenance windows.
The hardware foundation for this strategy centers on Cisco’s AMD Pensando-driven Smart Switches, which act as the new top-of-rack standard to deliver 800 Gbps of line-rate, stateful Layer 3/Layer 4 distributed firewalling directly at the port level. Controlled by an on-premises or cloud-managed Hypershield controller, these switches handle traffic filtering through an internal policy-based routing (PBR) mechanism that appends a hidden DPU header to packets, ensuring optimal BGP routing paths remain uncompromised. The system enforces strict role isolation: NetOps personnel handle the network processing unit (NPU) lifecycle via the Nexus Dashboard, while SecOps teams maintain distinct firewalls on the Data Processing Unit (DPU). To bridge these operational silos, Cisco introduced a cross-domain packet tracer that allows either team to run comprehensive hop-by-hop telemetry, verifying whether a packet successfully traverses the NPU, enters the DPU, and matches the correct security policy.
During the live demonstration, a complete VXLAN EVPN fabric was provisioned rapidly using automated, human-readable YAML files via Cisco’s network-as-code framework. The setup deployed a multi-tier boutique application across a high-availability Smart Switch pair to showcase real-time micro-segmentation and threat isolation. When a compromised server attempted lateral movement, the DPU blocked the anomalous traffic and streamed rich flow logs directly to a Splunk collector for audit visibility. To validate this enforcement, the presenters utilized Nexus Dashboard’s traffic analytics and connectivity analysis tools, which execute Silicon One packet tracers to render full hop-by-hop visualizations. The interface clearly flagged when a packet entered the NPU but failed to return from the DPU, pinpointing security rule drops without requiring complex manual command-line debugging across disparate hardware platforms.
Personnel: Alejandro De Alda, Javed Asghar
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
