Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
0
Helpful
2
Replies

Elevating Campus Network Reliability: Chapter-2: Performance

Bansari
Cisco Employee
Cisco Employee

‎02-16-2026 05:20 AM - edited ‎02-16-2026 08:12 AM

Performance: The Compliance Engine

In a modern campus network, Performance is often misunderstood as merely a measure of speed or bandwidth. From a Site Reliability Engineering (SRE) perspective, performance is actually a measure of predictability and consistency. A network performs best when it stays within its defined "guardrails." When devices deviate from their intended configuration or run unpatched software, performance degrades, and the risk of outages increases.

Cisco Catalyst Center serves as a powerful Compliance Engine, ensuring that your network remains in its desired state. By automating the audit of configurations, software versions, and security vulnerabilities, it eliminates the manual "toil" that typically leads to performance issues.

Bansari_0-1771247453192.png

Catalyst Center categorizes compliance into several critical dimensions, each acting as a safeguard for network performance.

1. Configuration Compliance: Eliminating Drift

Configuration drift—small, unauthorized, or manual changes made to individual devices—is one of the leading causes of unpredictable network behavior. Catalyst Center acts as a continuous auditor, checking configuration compliance at three distinct levels to ensure the network remains aligned with your engineered standards.

Network Intent Compliance: This check compares the device's current state against the Network Services defined during the preparation phase. It ensures that critical global settings—such as NTP, DHCP, and DNS—remain exactly as intended across the entire site hierarchy.

Bansari_1-1771247453194.png

CLI Intent Compliance: This level validates the device against the CLI Templates (Jinja or Velocity) defined within your Network Profiles. It ensures that the "Golden Standard" configurations you prepared for hardening, security, and Day-N operations have not been altered.

Bansari_2-1771247453196.png

Startup vs. Running Configuration: Perhaps the most common operational risk is a "Running Config" that contains unsaved changes. Catalyst Center monitors for deviations between the active configuration in RAM and the saved configuration in NVRAM, preventing a potential loss of settings during an unexpected reboot.

Bansari_3-1771247453200.png

Automated Auditing and Remediation: By default, Catalyst Center performs these compliance checks automatically once every 24 hours, ensuring that drift never goes unnoticed for long. When a deviation is detected, the system automatically highlights the non-compliant device in the inventory.

The power of the Compliance Engine lies in its Drill-Down capability. Engineers can view a side-by-side comparison that provides exact information on which lines of configuration were changed, added, or removed. From this view, you have the tactical choice to either Acknowledge the change (if it was a deliberate, temporary fix) or Correct the behavior by syncing the device back to its intended state.

2. Security (PSIRT) Compliance

A secure network is a high-performing network. Security vulnerabilities often lead to performance-sapping exploits or forced reboots. Catalyst Center automatically scans your inventory for Critical PSIRTs.

Bansari_4-1771247453205.png

The system doesn't just alert you to a vulnerability; it provides a path to resolution. You can remediate issues either by applying a workaround via a Template or by performing a full software upgrade via SWIM.

3. End-of-Life (EOX) and Software Image Compliance

Performance is also a factor of hardware health. As hardware and software reach their End-of-Life milestones, their ability to perform under modern traffic loads diminishes.

Catalyst Center scans for Hardware Module and Software EOX milestones. By marking EOX hardware for refresh and EOL software for upgrades, you ensure that the network is always running on modern, supported infrastructure.

This topic will be discussed in Chapter3: Availability: Catalyst Center provides inbuilt, automated workflows for Hardware Refresh and RMA, alongside a comprehensive Software Image Management (SWIM) feature. These tools ensure that your lifecycle management is not a manual "toil" but a streamlined, engineered process that keeps your campus network in a fully supported and highly available state.

Compliance is the catalyst for positive performance. By using Catalyst Center as a Compliance Engine, you move away from the "toil" of manual audits and toward an automated, engineered state of reliability. When your network is compliant, it is predictable; and when it is predictable, it performs at its peak.

To explore the complete strategy for building a resilient network, please refer to the full series of posts below:

Elevating Campus Network Reliability Series:

Labels:
0 Helpful
2 Replies 2

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎02-16-2026 06:26 AM

In a modern campus network, Performance is often misunderstood as merely a measure of speed or bandwidth. From a Site Reliability Engineering (SRE) perspective, performance is actually a measure of predictability and consistency.

Agreed, but although the remaining post describes real potential issues that could adversely impact "performance", I would say end-to-end impairments, like transmission corruption and/or congestion (causing jumps in latency and/or drops) also impact "performance" and these appear to be ignored, at least in this "Chapter-2: Performance".

0 Helpful

Bansari
Cisco Employee
Cisco Employee
In response to Joseph W. Doherty

‎02-16-2026 07:55 AM

Thanks for the feedback! I definitely agree with your point of view—metrics like CPU, memory, and link latency are huge factors when it comes to device or network performance.

In this specific chapter, I chose to link performance with compliance because I wanted to highlight how standardization leads to predictability. For the actual monitoring of those health parameters, I’d suggest taking a look at Chapter 4: Monitoring. - https://community.cisco.com/t5/network-management/elevating-campus-network-reliability-chapter-4-monitoring/td-p/5370325

While I focus on the broader "Health Scores" in that post, those scores are actually calculated using some of the metrics you mentioned in Catalyst Center. And monitoring the health score is a great way to keep tabs on those underlying issues in a more consolidated way.

I kept this series focused on a few holistic strategies that I’ve found most effective for baselining and improving a network, but there are definitely many other ways to measure success. Thanks for adding your perspective to the conversation!

0 Helpful
Customers Also Viewed These Support Documents