Cisco Data Center Networking Presents at Tech Field Day Extra at Cisco Live US 2026

Cisco Secure Al Networking: From Fabric To Kubernetes to Operations

Watch on YouTube
Watch on Vimeo

Vimala Veerappan, Senior Director in the Data Center Networking Business Group at Cisco, presented the company’s evolving data center networking strategy, which focuses on solving the challenges of infrastructure fragmentation, escalating operational complexity, and advanced security vulnerabilities brought on by distributed AI workloads. The core of Cisco’s AI networking strategy is threefold: addressing the operating model, infusing security into every infrastructure layer, and driving operations at the speed of machines. Central to this strategy is Cisco Nexus One, a unified architecture that harmonizes silicon, systems, optics, software, and network operating models. This allows enterprises to build, operate, and secure standard fabrics capable of running both AI and non-AI workloads together, while leveraging recent innovations like the liquid-cooled G300 ASIC, 1.6T optics, native Splunk integration within the Nexus Dashboard, and advanced AI job observability from the fabric to the GPU.

Veerappan introduced key highlights from Cisco Live US, starting with the extension of Nexus One capabilities into Kubernetes environments through standard-based networking and Isovalent technology. Because two-thirds of organizations rely on Kubernetes to run modern AI applications, this integration eliminates traditional operational silos between platform and network teams, offering true multi-tenancy, fabric-to-pod visibility, and automated, mobile security policies that follow workloads wherever they migrate. Cisco is tackling the complexities of shared backend AI infrastructures by introducing automated multi-tenancy and micro-segmentation directly into the fabric itself via an Open API framework. This enables seamless onboarding through preferred AI infrastructure orchestrators and job schedulers, embedding tenant and job IDs into the VXLAN headers to allow precise, job-level isolation and fast root-cause analysis, a capability highly valued by NeoCloud and heavily regulated enterprise customers.

The presentation also emphasized Cisco’s commitment to fabric security and future-proofing operations in an AI-driven threat landscape. To eliminate the scale and physical limitations of centralized firewalls hairpinning distributed AI traffic, Cisco showcased its Nexus smart switches, which integrate layer 4 segmentation at the top of every rack. Addressing the rapid acceleration of software vulnerabilities highlighted by tools like Broad Project Glasswing, Veerappan introduced Cisco Live Protect, an innovative remediation model that allows operators to apply compensating controls directly to Nexus switches to eliminate vulnerability exposure windows immediately without waiting for a scheduled maintenance window. Finally, looking toward future challenges, Veerappan noted that Cisco is actively advancing into phase two of developing quantum-safe secure protocols while transitioning toward agentic ops, a model that utilizes deep reasoning, decades of networking expertise, and cross-domain visibility to shift operations from manual remediation to machine-scale reasoning and automated provisioning.

Personnel: Vimala Veerappan

Cisco Isovalent Private Networks over EVPN/VXLAN

Watch on YouTube
Watch on Vimeo

See how Cisco can bridge Nexus One data center fabrics and Kubernetes environments with a consistent operating model for visibility, policy, and security. This session shows how teams can reduce tool sprawl, speed troubleshooting, strengthen workload protection, and build AI-ready application infrastructure while bringing NetOps, platform, and security teams into shared workflows.

Marcos Hernandez and Camillo Rossi presented the general availability of Isovalent Private Networks over EVPN/VXLAN, marking a deeply integrated collaboration between the Isovalent and Cisco Data Center Networking teams. Isovalent leverages eBPF (Extended Berkeley Packet Filter) technology to embed layer 3 through layer 7 container network interface services directly into the Linux kernel, making it programmable without modifying the core system. The newly announced Isovalent Network for Virtualization brings a virtual private cloud (VPC) experience to Kubernetes, creating isolated private networks with overlapping subnets. This framework stabilizes virtual machine networking by preserving stateful workload identities and real IP addresses across application lifecycles and migrations. Rather than using rigid, centralized gateways, the solution pairs Kubernetes nodes directly with top-of-rack switches using standard BGP unnumbered configurations to advertise EVPN Type 5 host routes, converting the entire Nexus fabric into a massive, highly scalable distributed gateway.

The technical demonstration highlighted how this architecture unifies end-to-end security and visibility while simplifying cross-domain troubleshooting. Through Fabric Security Groups, operators can automatically map Kubernetes endpoint labels to specific Security Group Tags (SGTs) within the fabric, allowing unified security contracts across NX-OS and ACI environments. The presenters demonstrated an application traffic failure, leveraging the real-time, identity-aware kernel telemetry of Isovalent Timescape alongside the Cisco Nexus Dashboard. While Timescape analyzed isolated microservices flows and localized policy drops, Nexus Dashboard tracked the lifecycle of the EVPN routes and ran connectivity analyses using distributed ELAM packet captures to identify misconfigured security tags. Cisco’s future roadmap aims to merge these distinct datasets via Cisco Cloud Control, embedding Timescape’s application-level metadata directly onto Nexus Dashboard’s physical path topologies to establish a single pane of glass for modern infrastructure.

Personnel: Camillo Rossi, Marcos Herrnandez

Cisco Secure Data Center Networking: Security Built Into the Fabric

Watch on YouTube
Watch on Vimeo

See how Cisco is rethinking secure data center and AI networking by moving protection closer to critical traffic. This session shows how embedded enforcement, real-time mitigation, and unified operations across NetOps, SecOps and Platform teams can help reduce downtime, simplify architecture, improve visibility, and sustain high performance as AI workloads scale across enterprises and clouds.

Presented by Javed Asghar and Alejandro de Alda at Tech Field Day Extra during Cisco Live US 2026, Cisco’s secure data center strategy heavily integrates with industry initiatives like Project Glasswing and Project Mythos to build security directly into the networking fabric. To insulate core network elements from emerging AI-driven threats, the architecture isolates three distinct switch attack vectors: kernel-level privilege escalations, user-space network DDoS attacks on routing stacks, and ASIC-level forwarding pipeline programing issues. A central innovation addressing these vectors is Cisco Live Protect, which leverages an embedded enterprise-grade Isovalent Tetragon eBPF agent natively packaged within the NX-OS binary. Live Protect allows NetOps teams to apply real-time policy “shields” to the Linux kernel and user space. Operating in either monitor or enforce mode, these shields allow organizations to mitigate vulnerabilities immediately without needing to wait for arduous InfoSec certifications or disruptive software patching maintenance windows.

The hardware foundation for this strategy centers on Cisco’s AMD Pensando-driven Smart Switches, which act as the new top-of-rack standard to deliver 800 Gbps of line-rate, stateful Layer 3/Layer 4 distributed firewalling directly at the port level. Controlled by an on-premises or cloud-managed Hypershield controller, these switches handle traffic filtering through an internal policy-based routing (PBR) mechanism that appends a hidden DPU header to packets, ensuring optimal BGP routing paths remain uncompromised. The system enforces strict role isolation: NetOps personnel handle the network processing unit (NPU) lifecycle via the Nexus Dashboard, while SecOps teams maintain distinct firewalls on the Data Processing Unit (DPU). To bridge these operational silos, Cisco introduced a cross-domain packet tracer that allows either team to run comprehensive hop-by-hop telemetry, verifying whether a packet successfully traverses the NPU, enters the DPU, and matches the correct security policy.

During the live demonstration, a complete VXLAN EVPN fabric was provisioned rapidly using automated, human-readable YAML files via Cisco’s network-as-code framework. The setup deployed a multi-tier boutique application across a high-availability Smart Switch pair to showcase real-time micro-segmentation and threat isolation. When a compromised server attempted lateral movement, the DPU blocked the anomalous traffic and streamed rich flow logs directly to a Splunk collector for audit visibility. To validate this enforcement, the presenters utilized Nexus Dashboard’s traffic analytics and connectivity analysis tools, which execute Silicon One packet tracers to render full hop-by-hop visualizations. The interface clearly flagged when a packet entered the NPU but failed to return from the DPU, pinpointing security rule drops without requiring complex manual command-line debugging across disparate hardware platforms.

Personnel: Alejandro De Alda, Javed Asghar

Cisco Securing AI Inferencing

Watch on YouTube
Watch on Vimeo

Javed Asghar presented Cisco’s emerging strategy for securing AI inferencing workloads, expanding on architectural concepts originally disclosed at the NVIDIA GTC conference. While Cisco’s existing Smart Switches serve as an effective entry-level security option for frontend fabrics running lower-capacity systems, they face strict performance limitations when handling the massive 400 Gbps and 800 Gbps traffic demands of upper-generation platforms like NVIDIA Blackwell. To bridge this performance gap and eliminate network choke points, Cisco is moving enforcement directly into the server host layer through its hybrid mesh firewall architecture. This strategy deploys a self-contained Hypershield firewall instance onto an onboard NVIDIA Bluefield DPU SuperNIC, intercepting all input and output traffic directly at the host level without consuming any valuable CPU or GPU compute resources.

The strategy primarily targets NeoCloud environments, using hardware-carved partitions on the host DPU to provide true tenant and VPC isolation. Rather than relying on simple permitted firewalls or logical segregation, this model mirrors physical VRF structures to ensure that multiple tenants sharing GPU-as-a-service infrastructure are strictly isolated without the risk of cross-tenant route leaking. To achieve this cross-platform deployment, Cisco utilizes a common base feature layer that abstracts the underlying hardware, though Asghar noted that individual vendor optimizations necessitate unique P4 code customization. This hardware-specific tuning requires an extra 20% to 40% developmental overhead, introducing a slight one-to-three-month release gap between AMD-based switch features and NVIDIA-based server DPU features.

Beyond multi-tenant isolation and automated east-west stateful firewalling, the host-level DPU architecture is designed with a compliance-first approach to assist InfoSec and forensic teams. Security operators can baseline unmapped environments by running the DPU firewall in monitor mode, collecting comprehensive telemetry to generate accurate application dependency graphs before transitioning to strict enforcement. To support these continuous compliance workflows, the Bluefield DPU generates and streams unsampled, per-packet IPFix metadata directly to an enterprise collector. This capability provides operators with granular, process-to-network visibility across 800 Gbps pipelines, allowing them to verify data sovereignty and maintain strict architectural evidence for complex AI inferencing environments.

Personnel: Javed Asghar