Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

Posts with #networking tag

Wireless LAN & Wired (Ethernet) LAN

August 28 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

There are different network infrastructures (wired LAN, Service Provider Networks) that allows mobility, but in a business environment, the most important is the wireless LAN (WLAN). Most modern business networks rely on switch-based LANs for day-to-day operation inside the office.

Productivity is no longer restricted to a fixed work location or a defined time period. People now expect to be connected at any time and place, (you are in when you are out...) from the office to the airport or even the home.

 Traveling employees used to be restricted to pay phones for checking messages and returning a few phone calls between flights. Now employees can check e-mail, voice mail, and the status of products on personal digital assistants (PDAs) while at many temporary locations.

 

Wireless LAN and Wired (Ethernet) LAN

Wireless LANs share a similar origin with Ethernet LANs. The IEEE has adopted the 802 LAN/MAN portfolio of computer network architecture standards. The two dominant 802 working groups are 802.3 Ethernet and 802.11 wireless LAN. However, there are important differences between the two.

 

WLANs use radio frequencies (RF) instead of cables at the Physical layer and MAC sub-layer of the Data Link layer. In comparison to cable, RF has the following characteristics:

i. RF does not have boundaries, such as the limits of a wire in a sheath. The lack of such a boundary allows data frames traveling over the RF media to be available to anyone that can receive the RF signal.

ii. RF is unprotected from outside signals, whereas cable is in an insulating sheath. Radios operating independently in the same geographic area but using the same or a similar RF can interfere with each other.

iii. RF transmission is subject to the same challenges inherent in any wave-based technology, such as consumer radio. For example, as you get further away from the source, you may hear stations playing over each other or hear static in the transmission. Eventually you may lose the signal all together. Wired LANs have cables that are of an appropriate length to maintain signal strength.

iv. RF bands are regulated differently in various countries. The use of WLANs is subject to additional regulations and sets of standards that are not applied to wired LANs.

WLANs connect clients to the network through a wireless access point (AP) instead of an Ethernet switch.

WLANs connect mobile devices that are often battery powered, as opposed to plugged-in LAN devices. Wireless network interface cards (NICs) tend to reduce the battery life of a mobile device.

WLANs support hosts that contend for access on the RF media (frequency bands). 802.11 prescribe collision-avoidance instead of collision-detection for media access to proactively avoid collisions within the media.

 

WLANs use a different frame format than wired Ethernet LANs. WLANs require additional information in the Layer 2 header of the frame.

WLANs raise more privacy issues because radio frequencies can reach outside the facility.

 

802.11 wireless LANs extend the 802.3 Ethernet LAN infrastructures to provide additional connectivity options. However, additional components and protocols are used to complete wireless connections.

 

In an 802.3 Ethernet LAN, each client has a cable that connects the client NIC to a switch. The switch is the point where the client gains access to the network.

 

In a wireless LAN, each client uses a wireless adapter to gain access to the network through a wireless device such as a wireless router or access point.

wirelessLAN.jpg

More Related:

WLAN, WLAN’S Role & Advantages

Cisco Routing Quiz for Preparing CCNA Exam

Core Topics Covered on the CCNA Exam

10 Things to Know About the Cisco CCNA Voice Certification

Read more

Cisco IPv6 Static Address Configuration Tech Tips

August 20 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

Once you have a basic understanding of IPv6, the next logical step on Cisco equipment is to test out the different capabilities that exist within Cisco equipment and IOS. Here we take a look at the configuration of IPv6 addressing on a Cisco IOS device.

 

Cisco IPv6 Static Address Configuration

IPv6 is a little different from IPv4 in that multiple IPv6 addresses can exist on a single network interface; this can include an Aggregatable Unicast Address, Link-Local Unicast address, and/or anycast address. The next few sections review the configuration of these different address types.

 

Configuring Unicast Addresses

There are two common address types that are assigned to each IPv6 interface; this includes an Aggregatable Unicast address and a Link-Local address. An Aggregatable Unicast address is allowed to be globally routed and operates similarly to a public IPv4 address.

 

An Aggregatable Unicast address can be configured in a number of ways. This article goes over the ways to statically address an IPv6 interface, which includes either specifying the whole IPv6 address and prefix-length or by using a prefix and using EUI-64. Table 1 shows the steps that are required to configure an Aggregatable Unicast address, using both a completely manual configuration and by using EUI-64.

 

Table1-IPv6 Aggregatable Unicast Address Configuration

1

Enter global configuration mode

router#configure terminal

2

Enter interface configuration mode

router(config)#interface interface

3

Configure the interface with a manual Aggregatable Unicast address

router(config-if)#ipv6 address address/prefix-length

 

OR

 

3

Configure the interface with an Aggregatable Unicast address using EUI-64. This method uses the prefix and the Interface ID to develop the complete IPv6 address to use.

router(config-if)#ipv6 address address-prefix eui-64

 

A Link-Local address is used to communicate between devices that share the same link; these addresses are only allowed to be used on the local link and are not routed. Link-Local addresses will automatically be configured using the interface identifier (typically the MAC address) when IPv6 is enabled on an interface or the Link-Local address can be manually configured. Table 2 shows the steps that are required to manually configure a Link-Local address.

 

Table2-IPv6 Link-Local Address Configuration

1

Enter global configuration mode

router#configure terminal

2

Enter interface configuration mode

router(config)#interface interface

3

Configure the interface with a Link-Local address

router(config-if)#ipv6 address address link-local

 

Configuring Anycast Addresses

The concept of an Anycast address did not exist within IPv4 and is intended to be (along with additional use of Multicast) a replacement for some of the capabilities of IPv4 broadcast addresses. An Anycast address is intended to be configured on the interface of multiple network devices that provide the same services (i.e. the subnet gateway, DNS server or other server). When a client uses the address, the network will direct it only to the closest device assigned the address to the client. Table3 shows the steps that are required to configure an Anycast address on an interface.

 

Table3-IPv6 Anycast Address Configuration

1

Enter global configuration mode

router#configure terminal

2

Enter interface configuration mode

router(config)#interface interface

3

Configure the interface with an Anycast address

router(config-if)#ipv6 address address/prefix-length anycast

 

While there are certainly a number of differences between IPv4 and IPv6 other than the obvious address length, what should be kept in mind is that the majority of the fundamentals are very similar and anyone familiar with IPv4 should be able to transition with a little research and practice. Hopefully the contents of this article make the static configuration of IPv6 address on a Cisco IOS device a little easier.

Reference from http://www.petri.co.il/ipv6-static-address-configuration.htm

More Info and Tips Related to IPv6:

How to Enable IPv6 Support on a Cisco Catalyst 3560 Switch?

First Hop Redundancy Protocols in IPv6 HSRP + GLBP

What Hardware Vendor IPv6 Support

IPv6 OSPF/v3: Case Study

Read more

Configuring Authentication in OSPF

August 12 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

Routing protocols are used to exchange reachability information between routers. Routing information learned from peers is used to determine the next hop towards the destination. To route traffic correctly, it is necessary to prevent malicious or incorrect routing information from getting introduced into the routing table. This can be done by authenticating the routing updates exchanged between routers. Open Shortest Path First (OSPF) supports plain text authentication and Message Digest 5 (MD5) authentications.

Configuration overview:

Only three key point need to be remembered while configuring authentication in OSPF

A) Types of Authentication:

There are three different types of authentication available for OSPF version 2:
1) Null authentication: Null authentication means that there is no authentication, which is the default on Cisco routers.
2) Clear text authentication: In this method of authentication, passwords are exchanged in clear text on the network
3) Cryptographic authentication: The cryptographic method uses the open standard MD5 (Message Digest type 5) encryption.

B) Enabling OSPF Authentication:

OSPF authentication can be enabling in two ways:
1) Per interface: Authentication is enabling per interface using the "ip ospf athentication" command.
2) Area authentication: Authentication for area can enable using "area authentication" command.

C) Configuring Authentication Key:

In either case password must be configure at interface using "ip ospf authentication-key" or "ip ospf message-digest-key" command

 

Configuration Example:

A) Area based authentication Example:

To enable OSPF MD5 authentication:
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fa0/0
Router(config-if)#ip ospf message-digest-key 1 md5 cisco@123
Router(config-if)#exit
Router(config)#router ospf 100
Router(config-router)#area 2 authentication message-digest
Router(config-router)#exit

To enable clear text authentication
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface f0/0
Router(config-if)#ip ospf authentication-key cisco@123
Router(config-if)#exit
Router(config)#router ospf 100
Router(config-router)#area 2 authentication
Router(config-router)#exit


Interface based authentication Example:
To enable OSPF MD5 authentication:
Router(config)#int fa0/0
Router(config-if)#ip ospf authentication message-digest
Router(config-if)#ip ospf message-digest-key 1 md5 cisco
Router(config-if)#exit
Router(config)#

 
To enable clear text authentication
Router(config)#int fa0/0
Router(config-if)#ip ospf authentication
Router(config-if)#ip ospf authentication-key cisco
Router(config-if)#exit
Router(config)#

 

OSPF commands for each authentication types:

Types of

Authentication

Area authentication

Command

Interface

Authentication

Command

Interface

Authentication

Key command

0-Null

<no command>

ip ospf authentication null

<no command>

1-Clear Text

area number authentication

ip ospf authentication

ip ospf authentication-key Key-value

2-MD5

area number authentication message-digest

ip ospf authentication message-digest

ip ospf message-digest-key key-num md5 Key-value

 

OSPF Virtual Link Authentication:

Virual link is an interface in area 0.This mean if you enable authentication on Area 0 it will automatically turn authentication on virtual link but as discussed above password(Key) must need to enable on interface.As we know Virtual link doesnt have any interface on which you can configure authentication,authentication on virtual link can be configure using"area virtual-link" command under OSPF process.

 

Verification Commands

Authentication failures can occur for two reasons:
1) Authentication type mismatch between neighbors
2) Authentication Key mismatch between neighbors
 

The below “debug ip ospf adj" output indicate mismatch in authentication type.
Router#debug ip ospf adj
OSPF adjacency events debugging is on
*Mar 1 00:02:30.279: OSPF: Rcv pkt from 10.1.1.2, FastEthernet0/0 : Mismatch Authentication type. Input packet specified type 2, we use type 0

*Mar 1 00:02:39.603: OSPF: Rcv pkt from 10.1.1.2, FastEthernet0/0 : Mismatch Authentication type. Input packet specified type 2, we use type 0

Router#sh ip ospf int fa0/0
FastEthernet0/0 is up, line protocol is up
  Internet Address 10.1.1.2/24, Area 0
  Process ID 100, Router ID 10.1.1.2, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 10.1.1.2, Interface address 10.1.1.2
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:06
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)
Message digest authentication enabled
    Youngest key id is 1

 

Related Information:

Sample Configuration for Authentication in OSPF

Configuring OSPF Authentication on a Virtual Link

---Resources from https://supportforums.cisco.com/docs/DOC-4449

More Related:

Conditional Route Origination in OSPF Domain

How to Use OSPF Point-to-Multi-Point on Ethernet?

Basic HSRP Configuration Example On Cisco IOS XR

Conditional Route Origination in OSPF Domain

How to Configure Cisco Routers as Frame Relay Switch (FRS)?

Read more

What’s the Difference Between the 802.11ac & the 802.11n?

July 23 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

You're probably familiar with 802.11a/b/g/n, all of which are protocols for the 802.11 wireless networking standards. You can safely bet that any device with Wi-Fi connectivity, from your laptop to your smartphone, supports at least wireless B or G, and if it came out within the past few years, it should support wireless N. 802.11n (or the latest draft of it, 802.11n-2009) is the fastest of the ones that are currently widely available. 802.11ac is a new Wi-Fi protocol and is intended to be the natural successor to 802.11n. You may have heard it called "5G Wi-Fi" or "Gigabit Wi-Fi." 

Compared with the current 802.11n, what the new 802.11ac will bring to us? What some things you should consider while investing the 802.11ac? There are some main differences you need to know.

802.11ac Compatibility

802.11ac-Compatibility.jpg
The first thing to get out of the way is - like past Wi-Fi standards - 802.11ac is backwards compatible with 802.11b, g and n. This means you can buy an 802.11ac-equipped device and it will work just fine with your existing router. Similarly you can upgrade to an 802.11ac router and it will work happily with all your existing devices. That said you will need both an 802.11ac router and an 802.11ac device to enjoy the standard’s biggest benefits. And those begin with…


802.11ac
 Speed

802.11ac-Speed.jpg

With any new wireless technology speed is always the headline-grabbing feature but, as with every wireless standard to date, the figures tossed around can be highly misleading. 

1.3 gigabits per second (Gbps) is the speed most commonly cited as the 802.11ac standard. This translates to 166 megabytes per second (MBps) or 1331 megabits per second (Mbps). It is vastly quicker than the 450Mbit per second (0.45Gbps) headline speeds quoted on the highest performing 802.11n routers.

So wireless ac is roughly 3x as fast as wireless n? No. 

These figures are ‘theoretical maximums’ that are never close to being realised in real world scenarios. In our experience wireless n performance tends to top off around 50-150Mbit and our reviews of draft 802.11ac routers have typically found performance to be closer to 250-300Mbit. So 2.5x faster when close to your router is a good rule of thumb (though far more at distance, which we'll come to shortly). 

Happily this gain is likely to increase as 802.11ac devices advance. Wireless 802.11n supports a maximum of four antennas at roughly 100Mbit each, where 802.11ac can support up to eight antennas at over 400Mbit each. 

Smaller devices like smartphones tend to fit only a single antenna, but it gets even bigger in tablets (typically two to four antennas) and laptops and televisions (four to eight). In addition no 802.11ac router released so far has packed more than six antennas. 

A final point: beware routers claiming speeds of 1,750 Gigabits. It is a marketing ploy where the manufacturer has added the 1.3Gbit theoretical maximum speed of 802.11ac to the 450Mbit theoretical maximum speed of 802.11n. Sneaky. 

802.11ac Range 

802.11ac-Range.png

While speed is what will likely sell 802.11ac routers, range is equally important. Here wireless ac excels. 

The first point to make is the 802.11ac standard lives entirely in the 5GHz spectrum. While some more modern routers broadcast 802.11n in 5GHz as well as 2.4GHz they remain relatively rare.  

Consequently, the 5GHz spectrum tends to be 'quiet', meaning much less interference from neighborhood Wi-Fi. This more than counters the fact that, in lab conditions, 5GHz signals do not actually broadcast as far as 2.4GHz signals. 5GHz is also necessary to support the faster speeds of wireless ac. 


The second key factor is 802.11ac makes ‘beamforming’ a core part of its spec. Rather than throw out wireless signal equally in all directions, WiFi with beamforming detects where devices are and intensifies the signal in their direction(s). 

This technology has been around in proprietary form (it made a huge impact in the D-Link DIR-645), but now it will be inside every 802.11ac router and every 802.11ac device. 

The combination of these two technologies is profound. This was most clearly seen with the Linksys EA6500 which hit speeds of 30.2MBps (241.6Mbit) when connecting to a device just two metres away, but still performed at 22.7MBps (181.6Mbit) when 13 metres away with two solid walls in the way. By contrast Linksys’ own EA4500 (identical except being limited to 802.11n) managed 10.6MBps (84.8Mbit) dropping to 2.31MBps (18.48Mbit) under the same conditions. 

The real world result is 802.11ac not only enables you to enjoy the fastest 100Mbit (and beyond) fibre optic broadband speeds all over the house, but to enjoy it along with multiple streams of Full HD content, super low latency gaming and blazing fast home networking all at the same time. 

802.11ac Availability

Here comes the first caveat. The announcement of the Wi-Fi Alliance’s 802.11ac certification programme means 802.11ac equipped products can now be certified, but that process will take time as thousands of chipsets need to be tested. 

Of course some manufacturers have jumped the gun. The 802.11ac routers we have tested are sold as ‘Draft 802.11ac’ products and while many may become certified through a firmware update, it is not guaranteed. Draft 802.11ac products are also not guaranteed to perform optimally with other Draft 802.11ac products - especially between different manufacturers. Certified products are. 

The good news is the first certified chipsets are already creeping out and they come from the likes of Intel, Qualcomm, Cisco, Realtek, Marvell, Broadcom and Samsung - manufacturers with extensive networking expertise and who licence their chipsets to others. For example Intel has only one chipset certified - the ‘Dual band Wireless 7260’-but it is expected to be at the heart of most Haswell-powered Ultrabooks. The highest profile of these to date is the new 2013 MacBook Air. 
new-802.11ac-wi-fi-support.png
Furthermore, adoption should be fast. The first 802.11ac routers carried a hefty premium, but this has dropped quickly to the point where price shouldn’t be a barrier to anyone keen to hop onto the bandwagon. In addition 802.11ac is extremely efficient and it brings power savings compared to 802.11n, meaning it is ideal for mobile devices. The Samsung Galaxy S4 and Samsung Mega phones already pack wireless ac. 

As such, while 802.11ac products are only trickling out at present, it will turn into a tidal wave by early 2014. 

Wait for 802.11ac?

All of which begs the question: should I now buy any device that isn’t 802.11ac compatible? The short answer is no. If you live alone in a small flat where you have no signal problems 802.11n may serve all your needs, but in larger, multi-user homes and homes with network attached storage the benefits of 802.11ac are simply too good to miss out on. Especially when buying devices you expect to keep for a number of years. 

The longer answer is 802.11ac is a revolution that will be hard to actively avoid. Wireless ac will be built into most laptops and phones within the next 12 months and routers will increasingly come with it (though ISPs are typically slow to adopt new standards in the routers they give out, so plug an ac router into theirs and switch off their wireless to get around it). 

It will take time and money for your home to be fully 802.11ac compatible, but it will be worth it.

---Original Reference from http://www.trustedreviews.com/opinions/802-11ac-vs-802-11n-what-s-the-difference

More Related Networking Reviews:

Wi-Fi Alliance Announces 802.11ac Certification

802.11ac Wi-Fi vs. the 802.11n

Read more

SDNs: 8 Key Considerations Before You Make the Leap

July 9 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

Software-defined networks (SDN) aren’t for everybody. Through programmability and automation, they promise to make IT life easier. But depending on your IT shop, the benefit may not be worth the effort… or investment.SDN-strategy.jpg

There are eight considerations for IT shops evaluating SDNs, according to IT management software company Solar Winds. The checklist was compiled from interactions with customers considering or inquiring about SDNs:  

1) The industry in which the organization is operating

SDNs work for cloud providers or for any organization that experiences dramatically scaling workloads, says Sanjay Castelino, vice president and market leader of SolarWinds’ network management business. Financial services companies and retail fall into that category, where “the dynamic nature of the business drives IT to be flexible,” Castelino says.  

Some that do not fit this mold are publishing and healthcare, he says, two industries that are relatively stable, and not launching or moving around application workloads every day. “Their environments are not as dynamic,” Castelino says.  

2) The size of an organization’s network

While there is not a distinct bare metal server or virtual machine threshold for implementing an SDN or not, the rule of thumb is hundreds of IP addresses.

“For 50 IP addresses, it’s not worth the change,” he says. “For hundreds of IP addresses, you might need the automation.”
Castelino recommends doing capacity planning before considering SDNs.

3) The level of complexity of an organization’s network

If there are requirements for a lot of network slicing or segmentation for security and isolation, you might be a good candidate for an SDN. If there are lots of virtual LANs to configure and manage, or there are VLANs that require more automation than others, SDNs might be a good fit.

But change shouldn’t be made just for the sake of it, Castelino says.

“You don’t want to make changes that break things,” he says. “Policy is not a simple task to go implement. Have to have someone deeply steeped in network engineering.”

And you have to validate and test the environment multiple times, he adds.   

4) The Dynamic nature of an organization’s applications and workloads

This goes back to consideration No. 1: Are you a cloud operator or a hardback book publisher? How often are you launching new applications and closing others? How often are you moving workloads around? Is your environment static and predictable, or always changing, always moving and unpredictable?

5) The number of virtual machines within an organization’s network

“If you’re not at a few hundred, you’re probably early,” Castelino says. He reiterates that if an organization is running hundreds of workloads, it might be worth taking a look at SDNs. Below that level, and with SDN’s immaturity, it might be “way too early” to look at.

6) The organization’s need for agility, flexibility and scalability within the network

See Nos. 4 and 1: If you have a business or IT environment that scales quickly and changes dynamically, you want SDN. But the eventual ease of operations will come with some initial work. The time it takes to get into SDN is not small today, Castelino notes – it’s still at the bleeding edge of the technology curve.

“Network engineering skills and capital resources are going to be key,” he says. “It could be an expensive proposition so you need to ensure value on the other side.”

7) The organization’s need to simplify security measures and control access to applications

The benefit of SDN is that things get done the same way all the time, through policy, even though the environment is dynamic and always changing. Security and network access control in a dynamic environment can be a nightmare. It’s important to get policy enforcement right in this regard not only to ease operation but to ensure information stays where it should.   

8) The organization’s access to personnel and capital resources

If an IT shop doesn’t have network engineering expertise, or a personnel is stretched thin, SDN is not the project to undertake, Castelino says.

“There will be lots of bumps in the road,” he says. “It’s going to be a lot of work and take time.”

SDN deployments are done in parallel with the production environment, test, evaluated, validated and tested again before they are cut over to the production network. It takes time, people and money.

In summary, SDN holds a lot of promise. There are a lot of problems it can solve… but also a lot it can start if the environment is not conducive to the effort and undertaking to transition to an SDN-programmable and automated IT operation.

“The hype cycle can sometimes lead to an ugly bursting of the bubble,” Castelino says. “SDN has its purpose. But if it is marketed as a panacea for everything under the sun, you’ll see a lot of dramatic failures. It’s not ready for everyone but some can get a lot of value out of it. You just need to go in with eyes open.”

Review resources from http://www.networkworld.com/news/2013/070213-sdn-271479.html

More Related:

12 Big Proposals for SDN IT Buyers

Read more

Cisco Accelerates SDN Strategy with Dynamic Fabric Automation

July 4 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

Note: The original version of this article indicated that VXLAN was used for tunneling. As per Cisco's remarks in the comments section, Cisco is using a proprietary tagging encapsulation protocol. The article has been updated for accuracy and to express the author's views about proprietary protocols.

Cisco Systems' SDN strategy is taking shape via its announcement of Dynamic Fabric Automation. DFA is a data center fabric that uses an overlay network to provide orchestration, multitenancy and operational visibility. VMware, Juniper and Alcatel's Nuage also offer network overlays, but DFA has one significant difference: hardware integration in the physical network devices to support bare-metal servers or other physical devices.

DFA is orchestration software using a software network controller to manage a tunneling overlay network using a proprietary 24-bit tag in the Ethernet header to signal tunnel membership over the Fabric Path-based fabric to an endpoint.

Cisco recommends using Nexus gear deployed in a Spine-and-Leaf configuration, though it's not required. This appears to be a workaround for the lack of entropy in the Ethernet header, which would cause poor load balancing in MLAG network designs common in today's networks.

Announced at Cisco Live in Orlando Florida, this is the first demonstration of Cisco's SDN strategy, which Cisco is calling "Application-Centric Infrastructure."

Tunnel Management

DFA uses Cisco's Data Center Network Manager (DCNM) as a network controller for the tunnel overlay and manages all the physical and software devices in the Unified Fabric as a distributed control plane. Note that Cisco disagrees with the use of the term "controller" to describe the DCNM. It calls it a Centralized Point of Management (CPoM). Cisco's reasoning is described in the comments section.

DFA-Architecture.png

DFA works at the device level through an existing feature in NX-OS called Configuration Port Profiles. The DFA controller applies port profiles to logical ports in the Nexus 1000V switch on hypervisor platforms and to the physical leaf-node switches. In this way, both physical and virtual devices can connect using an overlay network.

This control of the network edge, plus integration with cloud platforms such as OpenStack, provides the control for multitenant data centers. DFA enables multitenancy through the underlay network by managing all device configurations and by the use of proprietary overlay networking to isolate traffic.

The DCNM knows the location of endpoints and can graphically display the network slice of each tenant in the architecture, which simplifies troubleshooting and improves network visibility.

Cisco uses the misnomer of "Workload Aware Fabric Network" for this feature. The term implies that the network is adaptively handling traffic flows. In reality, the network controller knows the locations of servers and the network devices that are in the path.

The unified fabric is configured to support a distributed gateway where all leaf nodes share the gateway IP and MAC address for a given subnet. This enables transparent layer-2 functions across all the leaf nodes while also providing layer-3 routing at the network edge.

ARP traffic is terminated on each leaf and BUM traffic is significantly suppressed. Internally, the underlay uses /32 routing for each host to support dynamic L2 mobility at the edge of the network.

DFA-Endpoints-copy-1.png

DFA Endpoints Source: Greg Ferro

It's not clear which specific Nexus devices support DFA today. As mentioned, Cisco recommends a Leaf/Spine design using an ECMP network core (FabricPath) between the spine and leaf nodes, which is only supported on specific switch models. DFA also uses iBGP to propagate some configuration data between elements of the tunnel fabric (although it's not yet clear what exactly this data is).

Cisco Plays To Its Strengths

It has been clear for some time that Cisco has not been leading Software Defined Networking technology and, to some extent, lost control of the SDN debate. It's trying to get it back. Cisco has started using a marketing term "Application-Centric Infrastructure" instead of "Software Defined Networking" and that message was consistently repeated at Cisco Live.

With DFA, Cisco is the only vendor today with a strategy to orchestrate physical tunnelling functions in network hardware (albeit with a proprietary mechanism with poor interoperability) with software network agents such as the Nexus 1000V.

This allows the deployment of overlay networks that connect both virtualized platforms such as OpenStack or VMware to non-virtualized devices and servers. Instead of supporting virtual workloads in a cloud platform like vCloud or OpenStack, Cisco can support any workload, anywhere.

This embracing of non-cloud systems will be attractive to many customers and attacks a weakness in existing software overlays such as Nicira, Contrail and Nuage that don't provide support for legacy network integration.

DFA looks to be a strong product that certainly meets customer needs, goes beyond competitive products and plays to Cisco's strengths integrating the physical and virtual networks.

Unfortunately, the choice of a non-standard and proprietary encapsulation is a significant drawback. While some customers may not be concerned about the use of proprietary technology, I recommend DFA be avoided because of it.

It's also clear that Cisco is betting a great deal on its Insieme project, which may offer a better solution for similar use cases. Cisco did not clearly explain Insieme at Cisco Live, so customers will have to wait for more information before making concrete plans.

About the author: Greg Ferro is a freelance Network Architect and Engineer. 

---News from http://www.networkcomputing.com/

More Cisco News:

Cisco Chambers: “IoE is the Next Big Transition for Businesses”

Internet of Everything, SDN Hot Topics in Cisco Partner Summit 2013

Cisco Delivers “Monster” Catalyst Switch, Routers for SDN Environments

Four Key Networking Predictions for 2013

Cisco’ Answer to SDN, Cisco ONE Introduced at Cisco Live

Cisco vs. Juniper: How Different are Their SDN Strategies?

Read more

Why Attend Mobile Asia Expo (MAE ) 2013?

June 27 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

Mobile is connecting the world in a dramatic and breath-taking fashion. It bridgesMAE2013-SHANGHAI.png generations, builds communities, ignites ideas and tears down the barriers which separate us. Mobile Asia Expo will accelerate this effect by showcasing the mobile trends and solutions that will transform our lives today and tomorrow. Join us in Connecting the Future!

Mobile Asia Expo 2013 will include:

A world-class Expo, showcasing cutting-edge technology, demonstrations, products, devices and apps to mobile professionals and mobile-passionate consumers

A thought-leadership Conference for senior mobile professionals, featuring visionary keynotes and panel discussions and world-class networking opportunities

App Planet, where app developers can learn and expand their knowledge of the popular mobile app marketplace

New for 2013, the Mobile Asia Expo exhibition will feature the Connected City. The Connected City will demonstrate the current reality and future vision of ‘the connected life’ through a real city street in the heart of Mobile Asia Expo, creating an engaging, visionary, and “connected” experience.

 

New for 2013

Featuring something for everyone who has an interest in the mobile industry, Mobile Asia Expo 2013 will include many new event offerings:

Showcasing ‘Smart City’–Explore the ways that mobile technology is enabling cities to become more efficient through cutting-edge demonstrations from international exhibitors

More networking opportunities–Connect with the C-level leaders in the Asian mobile industry through a range of unique networking opportunities

My MAE online networking platform–Reach out to new contacts and set up meetings using our exclusive, dual language social networking tool

Doing business in China–Learn about buying and selling your products and services as well as finding the right partner within the Chinese market

Training opportunities–Participate in formalized mobile industry business trainings geared toward director & manager level employees

Even more Innovation Lab presenters–Hear from exhibitors, sponsors or partners on emerging technologies and new products or services in the very successful Innovation Lab

 

Who Will Attend?

Mobile Asia Expo will feature something for everyone who has an interest in the mobile industry. Expected attendees include:

  • B2B Mobile Professionals looking for outstanding networking opportunities with senior industry leaders and discussing emerging industry trends
  • Industry professionals looking to further their mobile knowledge and discover new products and technologies
  • Mobile Consumers interested in the latest in mobile technology and devices
  • Retail Buyers seeking new products and glimpsing the future of mobile
  • App Developers interested in learning the newest developments from the largest platforms

 

Why Attend?

The conference and exhibition programmes in the inaugural GSMA Mobile Asia Expo were attended by more than 15,500 visitors from 81 markets, attracting executives from mobile operators, software companies, device makers, equipment providers and internet companies, as well as government delegations.

 

While there are many benefits of attending and being part of the Mobile Asia Expo 2013, our event has continued to grow and evolve around some fundamental values:

Bringing Together the Mobile Ecosystem: Mobile has become part and partial of our daily lives today. GSMA brings together mobile operators and different players in the mobile ecosystem in this annual mobile-focused occasion where mobile innovations, ideas and business deals are being fostered and accelerated.

Where the World meets Chinese and Asian Audiences: This is an international event where prestigious international exhibitors, partners, speakers and press are invited to bring mobile innovations, products and services in front of the prospective industry audience in this rapidly growing market of China and pan-Asia.

Inheriting Professional Quality of Mobile World Congress: Backed up by the professional team behind the industry-renowned Mobile World Congress, Mobile Asia Expo is going to drive a first-class conference and exhibition experience in the state-of-art facilities of Shanghai New International Exhibition Centre.

Bringing ‘Consumer Experience’ to the Exhibition Floor: Different from the traditional tradeshow setting, Mobile Asia Expo brings ‘Consumer Experience’ in the exhibition floor design and provides opportunities for both trade and consumers to experience the forefront of new mobile technologies in an unconventional setting.

More Related Info and Topics of MAE you can visit:

http://www.cisco.com/web/CN/solutions/sp/mae/index_en.html and http://www.mobileasiaexpo.com/

More Cisco News and Reviews:

Cisco’s Exhibition of MWC 2013: Bringing Hybrid Wireless Networking Products

WMC2012: Cisco Bridges Wi-Fi, Cellular Net

Internet of Everything, SDN Hot Topics in Cisco Partner Summit 2013

Join Us at Cisco Live US 2013

Read more

Cisco Unveils pxGrid For Identity, Device Context Awareness with Cisco ISE

June 18 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

 

Cisco is introducing a new framework for sharing context-aware information to a variety of third-party security providers. The networking giant said it will use pxGrid to make Cisco ISE the central repository for context-aware security architecture via a new ecosystem of partners.Cisco-Announces-pxGrid-For-Identity--Device-Context-Awarene.jpg

Cisco already has a broad set of mobile device management (MDM) vendor partners for Identity Services Engine (ISE). This week, however, Cisco added a new collection of Security Information and Event Management (SIEM) and threat detection vendors that are integrating with ISE via pxGrid. The initial set of partners includes HP ArcSight, IBM, Lancope, LogRhythm, Splunk, Symantec and Tibco.

The PxGrid is a publish-and-subscribe framework through which security products can collect contextual information from ISE, such as user, device, network connection and location. They can then use that information to improve their own analytics. Since pxGrid is bi-directional, these SIEM and threat detection vendors can also send instructions to ISE to revoke or modify network access.

Cisco's decision to align with the SIEM market struck at least one analyst as an odd choice.

"SIEMs are an old technology," said John Katsaros, principal at Internet Research Group. "Some would call it ancient. If you look at it going forward, SIEMs are going to be phased out. I don't think they're going to be around for more than a couple more years."

Instead, Katsaros thinks Cisco should be aligning its security strategy with big data. RSA predicted this shift late last year and evangelized the notion at the RSA conference this year.

Rather than interconnecting different security platforms, Katsaros thinks vendors should be helping enterprises build data warehouses for security management. "Big data makes it more affordable to capture, keep and mine security information. Why (Cisco isn't) going in that direction is beyond me. They didn't show us anything that shows they have a better way of doing things than with big data techniques."

With pxGrid, Cisco ISE adds context everywhere

Kevin Skahill, director of Cisco's secure access and mobility group, said the vendor's plans for pxGrid go well beyond the SIEM and threat-detection market.

"We see potential to do this integration with many other platforms," he said. "PxGrid is a publish-and-subscribe technique that provides a single framework that partners can develop once (with). It allows partners to customize and secure what contexts get shared, because not every partner wants the 80 different attributes that ISE can provide."

Nor is Cisco ISE necessarily being pitched as the heart of a context-aware security architecture, Skahill said, adding that the pxGrid framework will allow vendor partners to share context directly with each other. Cisco is submitting pxGrid to the IETF and other standardization bodies for consideration, he added.

Carefusion, a global manufacturer of medical devices, is an alpha adopter of the pxGrid integration, using a combination of Cisco ISE and Lancope's StealthWatch NetFlow analyzer.

"We are using the ISE and Stealthwatch combination to help secure our wired VPN and wireless access," said Bart Lauwers, Carefusion's vice president of IT infrastructure. "One problem we were facing was how to correlate all this data (from Stealthwatch) and ensure that we're taking the right action. In our alpha deployment, we had the ability to examine historic behavior, determine what the impact (of an incident was) do a full assessment of what the threat was and when it happened and install a rule to prevent it from happening again."

Lauwers said the integration will allow his team to identify and remediate threats instantly, rather than the weeks or months it could sometimes take.

PxGrid also integrates Cisco ISE into SDN

Cisco will also integrate its software-defined networking strategy with pxGrid, said Dave Framptom, vice president and general manager of Cisco's secure access and mobility product group.

"The Cisco ONE controller will be one of the consumers of context from ISE with pxGrid," he said. "Then that controller can take that information and help direct an action in the network."

PxGrid is available now to prospective partners and will be generally available for customer use in the first quarter of 2014.

Reviews from http://searchnetworking.techtarget.com

More Cisco Related:

Cisco pxGrid Aims for Greater Network Security

Cisco Platform Exchange Grid (pxGrid) Overview

 

Read more

Mobility Without Complexity: Four Tips to Prepare Your LAN for 802.11n

June 13 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

Businesses have long recognized the benefits of wireless networking: flexible network connectivity, improved productivity, and lowered cabling costs. As the demand for reliable and predicable wireless support for time-sensitive applications (such as video streaming and real-time collaboration) has risen, many organizations have made the decision to deploy 802.11n to meet their higher performance requirements. Successful deployment and operation of a 802.11n wireless network depends heavily on the wired

 Four-Tips-to-Prepare-Your-LAN-for-802.11n.jpg

LAN that supports it. To take full advantage of the performance enhancements and scalability offered by 802.11n, the four easy-to-follow suggestions below can help to simplify deployment of a 802.11n wireless network on your wired LAN to maximize network efficiency. 

1. Prepare for growth.

Bandwidth provisioning: The main driver to deploying an 802.11n network is to take advantage of the increased bandwidth it provides for multimedia applications. The lower speeds of an 802.11a/g wireless network resulted in unreliable and undesirable consequences for bandwidth-intensive voice and video applications. Now, with the improved performance in 802.11n, and enhanced reliability, it is possible for your wireless LAN to function as predictably as a wired LAN.

To utilize the full potential of 802.11n, sufficient bandwidth must be provisioned in the wired LAN to support the increased traffic demands. A 1:1 ratio of 1Gbps port per 802.11n access point is a safe rule; less obvious is how to properly provision the uplink ports.

10GE uplinks provide the bandwidth necessary to backhaul traffic generated by multiple access points or other bandwidth-intensive devices supported by a single PoE switch. 10GE uplinks provide a reliable and predictable response to the 802.11n wireless LAN demands. 10GE provides the support necessary to decrease latency in time-sensitive applications.

If you are not ready to make the move to 10GE, you can use the existing 1Gpbs uplinks.

However, it is important to be aware of traffic demands on the switch to avoid excessive network disruption. As your network needs grow, a 10GE uplink is recommended.

Cisco solution: The Cisco Catalyst 3750-E Series Switches with StackWise Plus are an enterprise-class line of stackable wiring closet switches that facilitates the deployment of secure converged applications while maximizing investment protection for evolving network and application requirements. Combining 10/100/1000 and Power over Ethernet (PoE) configurations with 10 Gigabit Ethernet uplinks, the Cisco Catalyst 3750-E enhances worker productivity by enabling applications such as IP telephony, wireless, and video.

The Cisco TwinGig Converter Module supports the multistep approach to deploying 802.11n by providing a flexible way to easily deploy 10GE without network disruption. The converter module allows for 1G to be used until traffic demands on the network demand a 10Gig uplink.

This converter module is supported in the Cisco Catalyst 3750-E PoE switches and allows for easy 10GE deployment as the 802.11n bandwidth demand increases.

2. Eliminate complexity and lower costs.

Power over Ethernet (PoE): The benefits of wireless networking are increased productivity and decreased complexity and cost. An integral part of this equation is the ability to provide power through PoE switches. By providing the delivery of power over the existing LAN Ethernet cabling to the connected devices, PoE removes the need for costly and complicated electrical upgrades and reduces labor costs associated with deployment.

For example, electrical outlets are not usually placed in hard-to-reach areas. Wireless access points, in contrast, are typically placed in ceilings to maximize wireless coverage. By simply using the existing LAN conduit, which is typically run inside walls and over ceilings, a wireless access point can be powered where electricity was previously not available. By eliminating the restriction of placing access points only where power outlets are available, a more flexible and reliable wireless network can be realized. The end results are maximum wireless network coverage and availability for the end users.

The benefits of PoE switches do not stop there. Deployment of a PoE switch provides the benefit of being able to control the APs in the plenum (the space between the structural ceiling and a drop-down ceiling) and power off (and on) wireless access points from the switch or WLAN controller.

Power management: After PoE switches are enabled on the LAN, power management of the switches and connected devices can be as simple as setting the automatic thermostat in your home. The Cisco Catalyst PoE switches support Cisco EnergyWise, an advanced green IT technology that allows businesses to measure their power usage and create policies to reduce power consumption when the network is not in use, such as turning off power to “sleeping” devices, such as voice-over-IP (VoIP) phones and printers, during hours when the business is closed.

The Cisco Catalyst PoE switches and Cisco Aironet products are designed to work in concert in providing power-optimized solutions. The Cisco Aironet 1140 Access Point supports Cisco Wireless Control System (WCS) adaptive power management, which allows businesses to schedule when the access point radios are available.

Maintaining the predictability and reliability of an 802.11n network is having device features that perform as configured. Many 802.11n devices have power demands that exceed the 802.3af standard. A frequent, undesirable tradeoff is disabling features when the device is starting to approach the limits of the 802.3af PoE standard. The Cisco Aironet 1140 Access Point works within the 802.3af power specification without compromise to performance, feature set, or power usage.

By coupling the power management capabilities of the Cisco Catalyst PoE switches and the Aironet access points, you can set policies to schedule power usage according to your business needs. And, through careful planning, you can deploy a wired and wireless network solution that provides a simple way to significantly save on overall business operating expenses.

3. Automate devices.

Automate switch deployment: Cisco Catalyst switches support many ease of use features.

To simplify switch deployment and minimize chance for error, the Cisco 3750E offers DHCP AutoInstall. This allows the switch to automatically receive its IP address upon initialization and, once the IP address has been obtained, automatically download the appropriate configuration file.

By automating the deployment process, the AutoInstall feature allows multiple switches to be deployed easily and uniformly, without the risk of administrator input error.

Simplify moves, adds, and changes: The dynamic nature of a wireless network demands real-time responsiveness in the wired LAN. The network should be able to adjust to changes in the network with minimal interference. Cisco’s Auto Smartports significantly decrease deployment time and increase accuracy and consistency by automatically detecting devices connected to its ports. Cisco Catalyst switches use Auto Smartports macros to apply precreated, common switch port configuration scripts and, through automation, lower administrative costs and network response time.

Set network policies: To maximize the benefit of an 802.11n converged environment, it is important to balance resources and address the possibility of resource contention throughout the LAN. Automated network services, such as auto-QoS, allow for easy configuration of traffic prioritization in order to reliably deliver data to time-sensitive applications.

Grant secure user access: Security is another area where creating policies is vital to simplifying wireless deployment. Cisco Identity-Based Networking Services (IBNS) are an integrated solution that combines the management of authentication, access control, and user policies to secure network connectivity and resources. It also provides an account of user activities to provide visibility and safeguard the network. By providing centralized policy-based management for network security policies, the need to manually configure user rights on a perport basis is removed, and overall network administration is greatly simplified, thus decreasing cost and potential for downtime.

4. Protect your investment.

802.11n is a new technology that is experiencing high early adoption rates, and the implementation of its deployment needs to be done in a well-thought-out and prudent manner.

Intelligent networks are built with a strategic vision to keep them at maximum efficiency and top performance. To make sure your business has done the best to protect its upgrade to an 802.11n network, here are a few quick questions you should ask:

Is my wired network ready to support the demands of an 802.11n wireless network?

Can I easily upgrade the performance of my LAN switches without network disruption?

Using 802.3af-compliant PoE switches, can my 802.11n wireless access point perform at full performance and security without any feature constraints?

Can my switch vendor guarantee interoperability between my PoE switch and my 802.11n wireless access point?

Do my switches and wireless access points collaborate to help me manage my business operational costs and lower my environmental effects?

Why Cisco?

By creating high-performance network infrastructures and continuing to lead industry innovations, Cisco has created reliable and responsive environments that accelerate the deployment of applications and services over a single network.

Cisco wired and wireless solutions allow for businesses to use their network more efficiently and more effectively through reliability and consistency. Cisco’s end-to-end solutions reduce complexity and lower complexity, resulting in lower administrative costs.

Additionally, rigorous interoperability and performance testing is done between Cisco devices to guarantee maximum results. There is no interoperability guesswork. The Cisco Catalyst PoE switches and the Cisco Aironet 1140 provide the performance, power, and security needed to support the demands of an 802.11n wireless network.

Cisco understands that as early adopters of the 802.11n wireless network, businesses are making the decision to lead rather than follow. By driving standards forward, helping customers plan for the future, and enabling network excellence, Cisco is committed to its customers’ success.

Note: Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices

More Cisco News, Reviews and Tutorials you can visit: http://blog.router-switch.com/

Read more

Startup Aims SDN Technology at Cisco WANs

April 25 2013 , Written by Cisco & Cisco Router, Network Switch Published on #Networking

Glue Networks developing automation tools for managing WAN operations

SDNs aren't just for data center networks, despite the best-use-case-scenario arguments for network virtualization and flow management pervading the industry.

 

SDNs can automate and manage WAN operations as well. Google is using OpenFlow to interconnect data center over a WAN.

 

And startup Glue Networks is targeting Cisco's installed base of WAN routers as a sweet spot for its SDN WAN offerings.

 

Major IT trends such as SaaS, private clouds, BYOD, mobility and voice/data convergence are stressing the quality of links in an enterprise WAN, as analyst Lee Doyle notes here. WAN links now require improved security, lower latency, higher reliability and support for any device in any location to accommodate these trends.

 

SDN can help enterprise IT accomplish this without the expense of upgrading individual WAN links, Doyle notes. The technology can allow for prioritization of key applications and traffic types, ease provisioning for new sites, new applications, and changed traffic priorities, enhance security and more tightly link WAN service to specific applications.

 

That's what Glue Networks is after. Glue's gluware software runs in the cloud and provides a cloud-based service for turning up remote sites and teleworkers worldwide. It is designed to lower the cost of private WAN networking by automating those operations and handling ongoing maintenance, monitoring, life-cycle management and feature extension.

 

Some of those features might include Cisco's WAAS Express, ScanSafe, ISE, MediaNet and TrustSec services.

 

The software automates the provisioning of voice, video, wireless, LAN networking, IP addressing, PKI security, firewalls, VLANs and ACLs, and allows users to configure a meshed, spoke-to-spoke, low-latency infrastructure that is QoS-enabled, the company says.

 

The company's gluware Teleworker software resides in the cloud and acts as a control plane to create a secure data plane for teleworkers to connect to the corporate network. Teleworkers can self-provision their equipment with a single click and no IT support, Glue claims.

 

Glue's products are essentially a software-defined dynamic multipoint VPN offered as a monthly software-as-a-service subscription. It includes a central policy-based controller, applications with "CCIE intelligence," and an API to configure the OS using the applications.

 

Glue's gluware also includes tools for alert notification based on thresholds; hardware ordering logistics and router provisioning workflows; end-user and administrator monitoring portals; repository of network configurations, end-user data, and reporting and monitoring data; agents to proactively monitor the health of the network and deploy large-scale configurations; and an orchestrator to generate hardware configurations, check for errors and conduct "self-healing" operations.

 

Glue says its addressable market is the $12 billion worth of 16 million Cisco WAN routers installed globally. Glue expects Cisco to have 23 million WAN routers installed by 2017.

 

Glue was founded in 2007. It has about $6.2 million in funding from a $4.5 million Series A round in 2011, and $1.7 million in convertible notes in 2012. The company's investors include Keiretsu Forum, San Joaquin Angels, Sierra Angels, Sacramento Angels, Sand Hill Angels, Harvard Angels, Halo Fund and Angel Forum.

 

Glue is headquartered in San Francisco and the company's executive team is comprised of officials from Yelofin Networks, Cisco, Agilent, Intel, INX and MTV Networks.

 

---News from http://www.networkworld.com/news/2013/041213-glue-networks-268664.html

 

More Related Cisco News:

Cisco SDN Strategy Doubles Cisco Software Business

Cisco Combines Wired, Wireless and SDN into Its New Catalyst Switch

Read more
<< < 1 2 3 4 5 6 7 > >>