Geeknizer » cisco

Devices Connected to Internet [Infographic]

Tarandeep Singh — Tue, 19 Jul 2011 03:53:41 +0000

Did you know that in year 2008, the number of devices connected to internet exceeded the number of people living on Earth? Perhaps we have grown and outnumbered previous growth rate and looking at the future, we would grow to 50 billion connected devices in 2020.

To give you an idea of how we get that number of connected devices, the first thing you should know is that smartphones, tablets are just part of the count, there are other devices that are also connected. Almost Everything – for instance A dutch company called Sparked is using wireless sensors on Cattles to track their activities and health. So when a cattle is sick or pregnant, it automatically notifies the farmer. Such devices consume 200mb of data per year.

The connected devices int he future would interact with each other and help humans do the daily stuff with nearly no hiccups. With advent of IPv6 we could accommodate 100 IPs for each atom of the face of the earth.

Go ahead and checkout the info-graphic by cisco below:

We write latest and greatest in Tech Guides, Apple, iPhone, Tablets, Android, Open Source, Latest in Tech, subscribe to us @geeknizer on Twitter OR on Facebook Fanpage:

Cisco to Launch Android Tablet for Real-time Collaboration

Tarandeep Singh — Wed, 30 Jun 2010 17:30:31 +0000

iPad is definitely revolutionary and thats why Apple still sells One of them every 2-3 seconds.

Thanks to the popularity of Tablets, all eyes are now on Chrome OS Tablet and Android Tablet. Knowing the fact that Google is already building one under the hood, several other companies are betting on the concept.

Cisco is trying to step ahead into another direction by creating first Android Tablet for Business users. As per the official statement from Cisco, Tablet would be called Cius and would provide portable collaboration and serve as a great communication device, will arrive in the market around Q1 2011.

The Cius (“see us”), aimed solely at business users, will provide best experience for Cisco’s business applications such as WebEx, Video conferencing (TelePresence) and VoIP services for Realtime collaboration on the move.

Cius Tablet Specs

Cius would be a 7″ WSVGA touchscreen, weighing 1.15lbs, would have a smaller form factor than the iPad.

The tablet comes equipped with a 720p HD front-facing camera for video conferencing, as well as a 5MP rear-facing camera that can stream VGA-quality video.

Screen: 1024×600 7″ LED backlit
Camera: Front – 720p video/ 2MP stills , Rear – 5MP stills, VGA video
Connectivity: 802.11a/b/g/n flavors of WiFi, bluetooth, Micro USB
Network: 3G (UTMS or EV-DO; it could be both) and Future 4G support
Accessories: Optional HD audio stations that adds telephone handset, speakerphone, DisplayPort, USB ports, Gigabit Ethernet
Battery: Removable 8 hours battery life

Cius Tablet Services

In keeping with its business focus, the Cius includes built-in support for Cisco’s collaboration applications, including Cisco Quad, Cisco Show and Share, Cisco WebEx Connect, Cisco WebEx Meeting Center, Cisco Presence, and interoperability with Cisco TelePresence. It would also enable connecting to your corporate IT infrastructure remotely using Cisco AnyConnect VPN, and can be managed by IT support staff using Cisco Unified Communications Manager. Cisco also plans to release a custom SDK so that Android developers can include support for Cisco’s Collaboration APIs.

No word on pricing but Cisco plans to roll out corporate customer trials in the Q3 of this year, with wide availability beginning in the Q1 2011, stay tuned.

We write about Latest in tech, Apple, iPhone, Android, Tablets, Gadgets, Open Source, Programming. Grab them@taranfx on Twitter or below:

Cisco CRS-3 Boosts Internet Backbone Speeds to 322 Terabits

Tarandeep Singh — Tue, 09 Mar 2010 16:51:16 +0000

We had been waiting for Cisco to “Change the Internet Forever”, and seems like they almost did. Cisco has launched CRS-3 Carrier Routing System, is three times faster than its predecessor CRS-1, six years later.

CRS-3 is designed to serve as the foundation of the next-generation Internet and set the pace for the astonishing growth of video transmission, mobile devices and new online services through this decade and beyond.

With more than 12 times the traffic capacity of the nearest competing system (Juniper), the Cisco CRS-3 is designed to transform the broadband communication and entertainment industry by accelerating the delivery of compelling new experiences for consumers, new revenue opportunities for service providers, and new ways to collaborate in the workplace.

On one side Google wants to experiment Gigabit Internet service, on the Other, Cisco would enable much more powerful systems.

Cisco’s CEO John Chambers highlights the basic facts of the new platform:

The Cisco CRS-3 triples the capacity of its predecessor, the Cisco CRS-1 Carrier Routing System, with up to 322 Terabits per second, which enables the entire printed collection of the Library of Congress to be downloaded in just over one second; every man, woman and child in China to make a video call, simultaneously; and every motion picture ever created to be streamed in less than four minutes.
The Cisco CRS-3 enables unified service delivery of Internet and cloud services with service intelligence spanning service provider Internet Protocol Next-Generation Networks (IP NGNs) and data center. The Cisco CRS-3 also provides unprecedented savings with investment protection for the nearly 5,000 Cisco CRS-1 deployed worldwide. Cisco’s cumulative investment in the Cisco CRS family is $1.6 billion, further underscoring the company’s commitment.
AT&T, one of the world’s largest telecommunications companies, recently tested the Cisco CRS-3 in a successful completion of the world’s first field trial of 100-Gigabit backbone network technology, which took place in AT&T’s live network between New Orleans and Miami. The trial advances AT&T’s development of the next generation of backbone network technology that will support the network requirements for the growing number of advanced services offered by AT&T to consumer and business customers, both fixed and mobile.
The Cisco CRS-3 is currently in field trials, and its pricing starts at $90,000 U.S.

We write about Networking, Google , Open Source, Programming, iPhone, Android and latest in Tech @taranfx on Twitter or by subscribing below:

Cisco to “Change the Internet Forever” on March 9

Tarandeep Singh — Thu, 25 Feb 2010 16:47:12 +0000

Cisco, the world leader in networking equipment, is all set to announce the Next Big Thing for the Internet, this March. The new technology would enable communications service providers to offer more advanced, high-speed Internet connections.
Cisco has refused to reveal-out exact details but their recent plans and announcements lead to converged, faster networks.

UPDATE: Cisco CRS-3 Announced, Boosts Internet Backbone Speeds to 322 Terabits.
Recently, U.S. Federal Communications Commission (FCC) announced that it plans to enforce faster Internet speeds as part of its National Broadband Plan to be unveiled next month, on March 17, according to which bare-minimum Internet data transmission speeds of 100 mbps to 100 million homes within a decade, 96mbps up from current 4mbps. Though, that’s big, it still is far less than what Google is offering with the new Gigabit Internet experiment.

Cisco said on Wednesday it will unveil technology on March 9 that will “forever change the Internet.” On its website, it claims “What’s possible when networking gets an adrenaline boost.”

The upcoming technology would be a significant step-up towards making the IOS-model mould to something even better than current high-end Modular IOS-XE, XR. This would hit Juniper where it hurts the most: 100 Gigabit switches, Routers.

The technology would help telecom service providers like phone companies offer better, high-speed Internet service. A Great push for mobile internet is more expected as Cisco steps further in 4G LTE which would enable phone companies and corporations manage their networks and enable faster, more stable Internet connections.
The wait is on, stay tuned @taranfx for updates.

Cisco targets Mobile Internet, acquires Starent

Tarandeep Singh — Tue, 13 Oct 2009 15:44:35 +0000

We know how serious Cisco is on becoming 4G Leader in the mobile space as a provider. But what we see today, gives cisco another opportunity in Mobile space: Rich multimedia on Mobiles.

Cisco has announced they’ll be acquiring Starent Networks for $2.9 billion. When the deal is completed, expected to close during the first half of 2010, Starent Networks will become the new Mobile Internet Technology Group at Cisco, led by Starent Networks’ President and CEO Ashraf Dahod.

Starent Networks enables mobile operators to deliver rich multimedia on mobiles – video, mobile TV, audio, and games. Starent’s technology helps operators to scale their infrastructure and deliver content on 2.5G, 3G and 4G radio networks.

The Starrent is a Massachusetts-based company that was set up less than ten years ago but these days employs about 1,000 people, mostly at its development centre in Bangalore.

It’s developers create routing and management systems to carry IP packets over cellular networks, which are then integrated into all the popular wireless technologies as well as being ideally suited for LTE - the next generation of wireless that’s much more IP-based.

Those systems have already been deployed at more than 100 operators in 45 countries, including the LTE-capable system sold by Motorola amongst others.

“Combining Cisco’s strength in video and IP with Starent Networks’ leading mobile infrastructure solutions creates a compelling portfolio of products that provides an integrated architecture to offer rich, quality multimedia experiences to mobile subscribers on 3G and 4G networks,” said Starent CEO Ashraf Dahod.

“Video traffic will make up 64 percent of the world’s data traffic by 2013,” Romanski said. “That puts pressure on the providers. The combination of Cisco and Starent will mean faster feeds, better content, more robust interaction with your mobile device.”

Today, mobiles aren’t just about making and receiving phone calls; smartphones are on the rise, and users of these devices expect a rich multimedia experience. With its second big acquisition this month (they also acquired Tandberg).

Cisco is using the recession to extend its range of services and position itself to the mobile future. ahead of us.

Cisco could become 4G Leader: WiMax and Now LTE

Tarandeep Singh — Sun, 20 Sep 2009 11:47:06 +0000

Cisco already had it’s underlying technology of WiMAX with their previous acquisition of Navini Networks and involvement with Service Provider Clearwire, Cisco now plans to explore and play in the LTE space.

Why? –

LTE is one of several all-IP radio access technologies that will enable the Mobile Internet. The others include HSPA and EV-DO for paired licensed spectrum, WiMAX for unpaired licensed spectrum, and Wi-Fi in the unlicensed bands. LTE is being developed as part of an industry-wide effort to stay ahead of the tremendous growth in mobile data traffic.

LTE is an Orthogonal Frequency Division Multiple Access (OFDMA)-based radio access technology that has been highly optimized for packet traffic. The Serving Gateway (SGW) will be primarily tasked with issues related to micro-mobility and the PDN gateway is the IP point-of-attachment for mobile users. Cisco will be building both Serving and PDN gateways.

Cisco, today, offers a mobile gateway on its 7600 series routers by way of the Service and Application Module for IP (SAMI). But they will not be LTE gateway capable until LTE-specific software is available for it. Whatever the case is, Cisco calls themselves LTE Ready, though their SAMI is incomplete solution.

Senior director of Worldwide SP marketing at Cisco, Nagesh, doesn’t yet tell when that will be, but he added that it will be in early field trials with mobile operators later this year.

That ain’t all, Cisco plans to offer a “LTE readiness assessment service” to integrate its gateway with a packet data node (PDN) and mobility management entity (MME), which forms the ControlPlane for wireless access. Cisco will supply the LTE gateway and PDN (7600 router), but rely on third-party LTE RAN vendors for the MME. The result will be a “single, unified LTE solution” pulled together by Cisco, Nagesh says: “We won’t just go as a (LTE) gateway.”

Cisco’s interest and imminent involvement in LTE does not conflict with its immersion in WiMAX. “Our strategy is to be radio aware, or agnostic,” Nagesh claims.

Cisco is currently experimenting a femtocell solution with Big-fish and we should see an announcement soon on Cisco’s overall strategy. It will mesh with the vendor’s connected home/connected business initiatives to support unified communications, video and collaboration applications — e.g. a coverage augmentation for Cisco’s Telepresence, Unified communications WebEx Connect offering.

The current 4G plan can blend into Cisco’s femtocell strategy.

As per cisco:

“We believe each technology has a role to play. WiMAX is ahead since it was built end-to-end IP. But Clearwire is building a lot of LTE capabilities even though the RAN is WiMAX. It doesn’t matter if it’s WiMAX or LTE on the RAN side. How will operators make money out of their spectrum assets? The challenge of figuring out the business model is still at play.”

• In the future we plan to allow our mobile gateway applications to be more easily ported onto service modules that run on a variety of our high-end edge routers. This gives operators far more flexibility in their choice of a platform to host the gateway function.

• We are announcing our intention to develop LTE gateway functionality. We will support operators that are migrating from a CDMA environment as well as those migrating from a GSM/UMTS environment. Our plan is to develop both Serving and PDN gateways. Our gateways will be built on the SAMI module, the only shipping LTE-ready platform in the industry.

Cisco, VMWare create “Disaster Avoidance” VMotion over Long Distance

Tarandeep Singh — Wed, 02 Sep 2009 17:48:14 +0000

VMotion, a VMware product, provides seamless OS Load balancing. VMotion allows individual virtual machines to be dynamically moved to another VMware server without impact to users.

Cisco and VMware announced a method for using VMotion across data centers that are located as far apart — 200 kilometers.

Users have been pushing VMware to offer a method of allowing VMotion to be used between data centers, and this reference architecture is a step in the right direction. But it is only a step and not a true failover technology. It does not replace VMware’s disaster recovery product, Site Recovery Manager.

The long-range Vmotion technique was originally demonstrated at Cisco Live! But VMware formally announced support for it. It can be used with Cisco switches that support VLANs, namely the Catalyst 6500 as well as the Nexus 7000. It requires that users implement VMware’s latest product, vSphere.

The current reference design provides only what its makers refer to as “Disaster avoidance” not “disaster recovery.” Long-range movement of a virtual machine using VMotion must be performed manually (although users could write scripts to move VMs.)

As per Cisco:

VMotion solution and CiscoLive!, we have been working dilligently with VMware to develop and refine the solution. Inter-data center workload mobility has a lot of moving parts involved. Essentially, you need to be able to address three areas:

Mobility at layer 2

Mobility of the data, since there is seldom value in moving the workload if it loses access to the data it needs

Mobility at layer 3 and of services

Technical issues with the network and storage have yet to be solved to allow VMotion to support more automated long-distance failover. These include an inability to maintain an IP address if a VM is moved from one ISP to another, for instance from a data center in New York to another in San Jose. Likewise, storage is a problem. Until storage vendors come up with a way to support active/active SANs for the same VM moved between two physically far locations, no-latency failovers won’t be possible between data centers.

Some of the features are better found in Oracle’s VirtualIron.

How good is this new Technique?

This technique is not recommended, and not supported by VMware, when users have Disk Raw Mapping (DRM) turned on and used with clustered servers on either side.

All that said, for Cisco users wanting to deploy vSphere, this design can be practical in helping them manage VMs between data centers. It can be used for disaster situations where users have warning (tornadoes, hurricanes). It can be helpful for load balancing applications between data centers to offset an expected traffic spike. It also represents major progress on the network portion of the long-range VMotion problem.

The reference architecture is available for from Cisco’s blog.

New Approach to Detect and Tackle Network Latency Issues Effectively

Tarandeep Singh — Fri, 21 Aug 2009 19:30:15 +0000

Network Latency is critical for almost all kinds of networks and applications running on them. One of the key challenges is is finding the source of latency issues in an active network.
A team of researchers have found a solution, but it will require a new generation of networking hardware.

Issues with latency and dropped packets can be a overkill for network’s performance and it doesnt end there, it can cripple applications like real-time communications, scientific computing, and high-frequency trading.

What is the Challenge?

The biggest challenge that is seen by network engineers is that it can be extremely difficult to diagnose. The reason being — they may not appear under test conditions, and real-time monitoring of performance may require dedicated hardware or procedures that actually cut into the usable bandwidth.

New Research

A team of academic researchers have come up with what they think is a solution, one that could sample the transmission of a collection of representative packets in real time, in a manner that’s inexpensive in terms of both hardware and networking resources.

The researchers were supported by the National Science Foundation and Cisco. They presented their work at the SIGCOMM meeting on Thursday; they’ve placed a paper describing it in detail. The paper describes how the system—which they term a Lossy Difference Aggregator—would operate in principle, describe some simulations of its performance, and suggest how it might be implemented. Unfortunately, it appears that it would require an extension to an IEEE standard that’s only been adopted recently, as well as dedicated processing hardware.

Doing real-time monitoring, ignoring implementation details, is simple — Mark each network packet with a timestamp when it leaves a interface of hardware, and then compare that to the time at which it’s received or response is received. The latter calculates RTT, round trip time. The first one is better way of doing it but comes with a challenge — The challenge is communicating these timestamps between the hardware. Each has to be matched with a specific packet, which can be computationally intensive, and the two pieces of hardware have to transfer the data in order to make time comparisons. It’s possible to cut down on the work by choosing a representative sample of packets for a given time period, but coordinating the choice of packets across hardware can be a challenge.

The Lossy Difference Aggregator tries to handle this scenario well. The “lossy” part of its name implies – a way of selecting a representative subset of packets to track. As each packet comes into the router, it’s assigned a hash value. That value is then used to assign it a position in a data structure that has an arbitrary number of columns, termed “banks,” and slots within each column. Each entry contains the packet’s hash value and a timestamp.

Let’s take an example to make this easy. Say a structure limited to 1024 entries could contain a single bank with 1024 entries, or four banks with 256 entries each. The hash value is used to place the packet in a specific location in the structure. So, in the authors’ example, a hash with three leading zeros might assign it to bank 1, while seven leading zeros would place it in bank 2. A separate function can be used to assign it a row within the bank. Anything that doesn’t find a place in this structure is discarded and is not considered in the calculations.

After a set sampling time, the sending hardware transmits this structure to the equipment that should be receiving it, which has been building a similar structure out of the same packets. At this point, the actual performance data should be simple: lost packets can be identified as unfilled slots, and the time stamps can be used to calculate various latency figures. Because it’s so simple, the authors calculate that implementing it would require adding only an additional one percent to the transistor count of even the low-end ASICs currently in use. The data structure itself would require only 72Kbits of control traffic a second.

Mathematically, the authors demonstrate that the system would provide a statistically accurate measure of both the latency and its standard deviation. They also created a simulator, which they used to demonstrate its accuracy. Even under really bad conditions, like a 20 % packet loss rate, its estimates of latency would be within tolerance of 4 %. If you’re losing 20 percent of your packets, latency’s probably the least of your concerns.

Comparisons with a method of actively monitoring network performance showed that the Lossy Difference Aggregator provided more accurate latency measures.

Of course, network hardware will need to recognize this traffic as distinct from the packets it’s supposed to be routing. The authors suggest adding an extension to the IEEE 1588 standard, which is used for synchronizing the clocks of network equipment. Since accurate comparisons of time stamps require clock synchronization anyway, this seems like a reasonable suggestion.

The remaining challenge involves actually putting an implementation into hardware. The authors, perhaps due to their interactions with their sponsors at Cisco, seem especially attuned to the realities of the networking hardware world. The power of embedded processors is starting to commoditize and featurize the networking hardware market in the same way that the power of desktop processors has transformed the PC market. The specialized real-term monitoring hardware could represent a value-added proposition for vendors. Its first likely customers—high frequency traders and high performance computing centers—are also among the least price-sensitive.

The Value

The authors point out that the data generated by their method can provide value well before it’s fully deployed. Putting this hardware on either side of major network bottlenecks could be extremely useful, and it might be possible to arrange the protocol so that it operates across hardware that’s separated by a number of intervening devices. As the intervening hardware is replaced, the data returned will simply become finer-grained.

If and when this methodology is used to detect and optimize latency in slow networks like VPN — It could bring a revolution.

Can Collaboration Deliver a $100 Billion Stimulus Package? Cisco Discusses

Tarandeep Singh — Tue, 18 Aug 2009 17:23:04 +0000

Collaboration is one key area every company still need alot to work on. Right kind of Collaboration tools can do wonder for you and your business.

Most Business models today rely on basic collaboration that includes nothing more than Email, IM, Screen sharing. Which is barely sufficient, for atleast the way they think about it.

What is meant by a Good Collaboration has alot more than these inferior ways of communication.

- Unified Communications – A single device that lets you control over everything. It can be a single messenger/ gadget that can handle your VoIP, Messages/Emails, instant messaging, Realtime Video conferencing and NextGeneration Screen sharing/control.
How do you end up cutting Cost?

- Travel - As per Gartner, business spent $41 Billion in last year alone for travel. Imagine the scope of savings when you no longer have to travel because of proper Collaboration tools like Cisco’s Telepresence, etc.

- Time – Time is Money for every business. Improper communication tools has discouraged fast business models to evade deals at faster rates. The means of accessibility, travel, access to data, analytics; everthing causes delays in the business and hence heavy losses.

Acoording to a research, 60% of the time today is spent achieving what could have been possible to achieve, with proper collaboration, in only 10% of the time.

Let’s hear more for Cisco’s experts of collaboration -

BGP 4byte ASN Vulnerable to DoS on Cisco IOS, IOS XE – Fix Released

Tarandeep Singh — Tue, 04 Aug 2009 20:53:54 +0000

4byte ASN (autonomous system numbers) was incorporated into most BGP routers recently. Since we are running out of ASN no. given to service providers, authority have stopped using previous Internet 2byte BGP ASN routing Updates.

The newly found vulnerabilities affect only devices running Cisco IOS and Cisco IOS XE Software (here after both referred to as simply Cisco IOS) with support for RFC4893 and that have been configured for BGP routing.

This feature has a critical vulnerability on all recent IOS that support it. Cisco last week issued — and today updated — a security advisory for its IOS software.

Cisco IOS supporting RFC 4893 for four octet AS number spaces in BGP are susceptible to denial of service attacks when handling BGP updates. There are two DoS vulnerabilities in the software, according to the advisory:

1. Vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems.

2. Vulnerability could cause an affected device to reload when the affected device processes a malformed BGP update that has been crafted to trigger the issue.

Workaround - Configuring “bgp maxas-limit [value]“ on the affected device does mitigate this vulnerability. Cisco recommends using a conservative value of 100 to mitigate this vulnerability.

Cisco says it released free software updates to address these vulnerabilities. There are no workarounds available for the first vulnerability, software upgrade is necessary.

Cisco Serious on Accelerating Virtualization VN-Link

Tarandeep Singh — Sat, 04 Jul 2009 08:39:09 +0000

As we all know, virtualization and cloud computing is getting faster and more featureful. As time sneaks by, more clearer picture is being drawn in the cloudy world where things were bit smoky months back. But there is one company who’s getting therir best into Virtualization to make it a big driver for SaaS.

Cisco is looking to accelerate the rate at which customers adopt and implement virtualization in their data centers.

Cisco Officials said. “Demand for virtualized data centers is high due to the complexity of managing and provisioning physical resources, securing that environment, maximizing utilization of assets, numerous network connections, and the rising costs of facilities and energy usage”.

“Power is increasing at a faster rate than the top line revenue of your company,” said John McCool, senior vice president and general manager of Cisco’s data center, switching and services group. McCool spoke at the Cisco Live conference in San Francisco.

The key driver had been it’s inherited benefits. Virtualization removes the logical view of an infrastructure from the physical underpinnings, thus making data center resources transparent to an application and enabling that application to move. Cisco itself was faced with a “$100 million server” issue – it needed the server but didn’t have enough room for it in a current data center and faced an expensive build out of a new facility just to house it. But virtualization let Cisco pocket that stash. Virtualizing its data centers reduced its cable plant by 4,800 cables made room for 50% more physical servers and increased virtual machine capacity fourfold.

Definitely, this gave Cisco a practical approach for virtualization.

Another example, a New Jersey financial institution. They were opening an office in Bangalore opted to host applications in New Jersey and implement virtual desktops in India with Cisco’s Wide Area Application Services and Application Control Engine products to save money.

But virtualization poses few challenges. It makes the mobile VM difficult to monitor and track and thus hard to manage. That’s why Cisco developed VN-Link, software that allows the network to become VM-aware and map policies to a VM as it moves across physical ports.though previously when Oracle bought Virtual Iron, Oracle got this feature in-built too. But Actually, Virtual Iron is much more powerful than what Cisco solution is. That might mean that Cisco is not alone, it’s quiet possible Oracle is also packing it’s bags for serious Cloud Computing.

Cisco’s VN-Link is intended to provide full visibility to VMs for the network administrator and VM management for the systems administrator. VN-Link is integral to Cisco’s Nexus 2148T fabric extender to provide network interface virtualization, which provides a “direct, consistent view of VMs and the (data center) operational model” by divorcing VMs from their physical interfaces.

This, combined with a unified switching fabric supporting Ethernet and Fibre Channel, simplifies and provides greater and more consistent visibility into all data center operations, Bugnion said. The environment can be managed from a network perspective or from a server perspective, he said.

Cisco’s platform for enabling all of this, of course, is the Unified Computing System. UCS is intended to be a single point of data center management through its ability to discover, view and configure resources, such as servers, and apply and enforce service profiles on those servers.

“Our strategy (with UCS) is to accelerate virtualization through increased visibility and control,” Bugnion said. “We’re focused on that part of the data center in which the network plays a central role. Management and energy efficiency is not an afterthought.”

To date, Savvis and Thomson Reuters are two publicly announced potential customers for UCS. They note significant results from using or trialing virtualization and UCS.

The future of cloud computing lies in hands of success of Virtualization. Cisco, Oracle, IBM, HP, and lots other are serious in making it a success.

So you are CCIE? Cisco Raised the Bar. Time to Upgrade, Again!

Tarandeep Singh — Mon, 29 Jun 2009 18:16:50 +0000

Call It CCIE’s terror or a Marketing Stunt, But CCIE’s are no longer the Guru of Networks. Cisco has now come up with new certification set above the CCIE level, known as Cisco Certified Architect.

If you are CCIE you know what what Honor it is to be one. Every one respects them. Sometimes, people go for multiple CCIEs if they have free time but at some point they also stagnated. Cisco wanted to remove this banner, they took things to an another level.

Cisco says that in order to respond to strong costumer and market demand, to recognize the Experts who can really architect the future network, need of CCA or Cisco certified Architect arises.

What’s New?

- Rather than Core Technical topics, It is oriented towards more Real-life challenges. It recognizes the architectural experience and competency of network designers like business needs analysis, address planning, design, interoperability, and connectivity issues.

- New Popular Cisco Products: Topics include Cisco TelePresence and mobility, Unifiied communications.

Everything else you need to know is listed here Key Facts/ Highlights listed here.

Cisco and IOS jumble. How easy is it for Cisco and Customers?

Tarandeep Singh — Thu, 04 Jun 2009 16:04:52 +0000

Let’s take a short stroll down IOS lane…
Best I can tell there are nine varieties of IOS:

Regular IOS – the old warhorse running the routers.
IOS for 6500s and 7600s – this is different than “regular IOS” since it has specific versions and release tracks. (12.2(33)SXI is the latest strain.)
Modular IOS for 6500s and 7600s – same as above, but now “modular”.
IOS for 3750 and 3550s – again, IOS-like but with a completely different release model and versions.
IOS XE for the ASR line – an abstracted version of IOS that runs the IOS shell in a process along with all other hardware functions.
IOS XR for the BFRs
NX-OS for the new Nexus line of switches – based on SAN-OS, but used in Ethernet switches. It actual has two different lines – one for the Nexus 7000 and another for the Nexus 5000.
Cisco IOS for ASAs
IOS for CSM, ACE, and other service blades

So, that’s nine different varieties of IOS(there could be more). Then, of course, you can divide each line into its various versions. In good old IOS there’s the ISRs, the 7200s, and 7300s. For each hardware line there’s a version line – 12.1, 12.2, 12.3, and 12.4 (or vice-versa, for each version line there is a hardware line). Inside the versions there’s mainline, T-code, and special releases. There are also qualifiers like FCS, LD, GA, and GD…but, last year, those went away and now we have MD.

So, just for regular IOS, let’s do some math:

4 versions * 3 hardware lines * 3 release modes * 5 qualifiers = 180 different versions

AHHHHHH!

Oh, wait, I forgot the feature sets. You know, the very clear and simple to understand different capability varieties you can order – Enterprise, Advanced Enterprise, Advanced IP Services, IP Services, Advanced Security, IP Voice, plus crypto versions. Probably a good 10 different varieties here. That brings us to 1,800 different versions….just for “regular IOS”.

Now, why am I picking on Cisco? Well, it’s just gotten out of control. Many will say, “Sure, it’s a lot, but no one runs all of these in their networks. You only need to track some.” True, my medium-enterprise network deals with only 7 out of the 9 varieties of IOS listed above! We use something in each of the nine versions except modular 6500/7600 (but that will change in a year) and IOS XR (because, alas, my boss will not give in and buy the CRS-1 for us). It’s gotten too much to handle. I do not have the labor resources nor the contracting dollars to constantly research, evaluate, bug scrub, and test IOS versions in many different hardware lines. Pretty soon I will need to hire a “Software Manager” to track all the different version of code we rely on. Trust me, senior management doesn’t understand, nor want to understand this problem. They just expect it to work….very well.

Cisco needs to consolidate their software lines. Come out with IOS 20.0 and announce all hardware lines (ok, 95%) will be able to run from this single code base. Set a goal of 2012. Then greatly simplify the release model with regimented, regular releases based on three modes: (1) Early Release, (2) General Release, (3) Maintenance Release. Cut the feature sets to three: (1) Base, (2) Normal, (3) Advanced. That should give us this:

1 version * 1 hardware lines * 3 release modes * 3 feature sets = 9 different versions

Much better.

Even after 21.0 and 22.0 come out, it would still only be:

3 version * 1 hardware lines * 3 release modes * 3 feature sets = 27 different versions

After three versions are out (in the example above 20.0, 21.0, and 22.0) pull the earliest release and stop updating it. That keeps the system at 27 versions.

Come on Cisco…other have/are doing it. Time to step up and simplify this for customers.

Clearwire partnerships with Cisco for WiMAX deal

Tarandeep Singh — Wed, 03 Jun 2009 09:47:54 +0000

After using Motorola for its Portland WiMAX infrastructure, Clearwire is now including Cisco in its future plans.

Cisco and Clearwire had been in the news for a while. Now after things have settled to a more clear vision for future, I am giving you this post.

On May 13th, mobile WiMAX operator Clearwire announced that its core infrastructure provider for the Clear 4G mobile WiMAX network moving forward will be Cisco.

Scott Richardson, Chief Strategy Officer of Clearwire said, “By teaming with Cisco, one of the world’s most forward-looking IP network infrastructure providers, we’re building a robust and cost-efficient next-generation network that’s designed specifically for delivering rich broadband services.”

The plan for the two companies involves bringing mobile WiMAX to more than 80 US markets by the end of next year. Currently, Clearwire has built only a single WiMAX network of the two major deployments in the United States, and it was built on infrastructure provided by Motorola, which includes access points, gateways, and consumer premises equipment.

In fact, the very first mobile WiMAX 802.16e handoff took place in 2007 on Motorola’s equipment (with WAP 400 access points.)

Even the Baltimore-based Sprint 4G network (nee Xohm) which was built using Samsung infrastructure includes consumer products made by Motorola.

Though Cisco is a networking veteran with a reputable name, it’s a rookie in WiMAX equipment. The company hopes to produce its first mobile WiMAX device later this year.

Cisco CRS-1 celebrates 5years

Tarandeep Singh — Fri, 29 May 2009 18:19:37 +0000

It hardly seems like five years have passed since Cisco rolled out the CRS-1 core router. The system was unveiled as a multiterabit, multichassis-capable routing matrix, an alternative to Juniper’s T series systems and TX interconnect. From all indications, the CRS-1 is enjoying a growing childhood. Cisco claims it has now shipped more than 3,200 units to about 300 customers, and that 250 or more of the routers are multichassis configurations, deployed at more than 25 service providers. It took three years for the platform to generate its first $1 billion in revenue, but its latest $1 billion came in just a year, according to this report from IDG News Service’s Stephen Lawson. But Cisco’s “rolling four quarter” market share declined 3% in carrier routing, while that of its competitors — Juniper, Huawei, Alcatel Lucent and Ericsson — increased, according to first quarter 2009 data from Dittberner Associates. Dittberner says these vendors are growing faster than the market while Cisco is “slipping.” Cisco, however, claims the CRS-1 specifically is gaining share and that demand for the product is strong. Globally, carrier router revenue in the first quarter was down 18% from the fourth quarter of 2008 to $3 billion, the third quarter in a row that revenue declined, according to Dittberner.

Arista Networks EOS (Highly Modular)

Tarandeep Singh — Mon, 25 May 2009 19:10:28 +0000

In my response to earlier post “Did cisco copy JUNOS“, a network engineer called “Router guy” suggested considering Arista Networks. And the information I gathered from their website was good enough to prove that cisco is still lagging years behind the other vendors, at least, technology wise. Cisco started realizing the facts and spent billions of $$$ to get half way to where other vendors did at smaller costs. I can name 5 such at this moment.

Arista EOS is designed to provide a foundation for the business needs of next-generation datacenters and cloud networks. EOS is a highly modular software design based on a unique multi-process state sharing architecture that completely separates networking state from the processing itself. This enables fault recovery and incremental software updates on a fine-grain process basis without affecting the state of the system.

Arista EOS provides robust and reliable data center communication services while delivering security, stability, openness, modularity and extensibility. This unique combination offers the opportunity to significantly improve the functionality and evolution of next generation data centers.
Official VIDEO:

They summarize the key points:
Modularity

* Software fault containment to single modules for superior system stability
* Modules may be upgraded independent of the others

High Availability

* In-service software upgrades (ISSU) of individual modules
* Stateful fault repair of modules for automatic self healing

Third Party Extensibility

* Customizable to particular customer needs
* Native integration with virtualized environments

Manageability

* Familiar industry standard CLI eases management tasks
* Easily adaptable to in-house network management systems

I believe, IOS XE provides most of these but its still far from being adopted at all cisco routers/switches due to both marketing/technical/compatibility reasons. The one gap that cisco still hasn’t been able to achieve is “Third party Extensibility”. Though Cisco took a linux QNX kernel and modified to make IOS XE, they didn’t make it OPEN. Its now a propriety Linux kernel. Hence they ommit any chances of expandability, monotonizing the things as they always do.

Did Cisco copy JUNOS to make IOS XE?

Tarandeep Singh — Mon, 25 May 2009 18:35:55 +0000

JUNOS had been a modular OS since day one. Cisco had a monolithic OS from day one which gives downtimes. Cisco hired few people from Juniper and adopted their “best practices” into their crappy IOS.

What Juniper has to say about it:

Juniper is often not one to discuss with the media its thoughts on the competition when the competition – i.e. Cisco – makes a big product announcement. However, this week, Juniper CTO and founder Pradeep Sindhu told exactly what he thought of Cisco’s new ASR 1000 router, namely how wrong Cisco is to force its customers to learn a new operating system with each new product (ASR 1000 sports the new IOS-XE, and the Cisco Nexus data center switch has the new NX-OS).

In a Q&A with Duffy, Sindhu said: “[A single operating system] is a need that our customers are telling us they have. They do not like the fact that they have to read manuals this thick to figure out what release of the operating system works with which particular product and products, and what the combination of limitations are that are imposed by particular subsets of the products that they are using. That becomes very complicated. Much of this is reflected in operational cost increasing for the customer.”

He said this is in sharp contrast to Juniper’s strategy of having a single OS and a single architecture. “We try to have a consistent single operating system and a single unified architecture for two reasons: internally [at Juniper], it is tremendously efficient because we get to solve difficult problems once rather than solving them over and over again; from a customer’s standpoint products appear to be consistent and are consistent, so they are a lot easier to use.”

Makes sense to me. But why is it that Cisco is coming out with a new OS with each new significant product?

The Technology cisco adopted:

IOS XE runs on the new generation of ASR routers. These are again aimed at service providers, but also at large enterprises looking for very high throughput edge devices. IOS XE is based around a Linux Kernal with IOS features being ported in from ond of the conventional IOS 12.2SR release trains. It is more modular (although conventional IOS is heading this way too) and thus should be more stable as a single process failing should not cause the whole router to fall over as happened on older IOS releases. Very different types of ASIC and FPGA are used on the ASR’s necessitating the different OS.

NX OS is run on the new Nexus 7000 and 5000 series switches. These sit above the Catalyst 6500 series in terms of performance and are aimed at large datacentres, offering the ability to unify your SAN, LAN, WAN and Security infrastructure to a much larger extent with new technologies such as Fibre Channel over Ethernet. The OS includes much of the 12.2 IOS features, some things ported from SAN-OS (runs on some of the data switches) and some new stuff which Cisco got when they bought the company that originally made these switches.

The main reason for the seperate software releases in each case is because the processing/fabric is far more distributed then in traditional routers and switches, with very different chipsets used requiring different processes to handle it.

In addition to this some of the new OS’s have come from purchases Cisco has made, much as happened with PIX and Catalyst switches (which used to run CatOS and not IOS).

Cisco’s plan for the future:

Cisco’s traditional IOS is based on QNX which is a Unix-based real-time OS and so is IOS-XR, the difference being that IOS-XR has more modularity while traditional IOS is monolithic. By monolithic I mean that the entire software is compiled into a single image that is loaded into memory so any upgrades/patches etc need downtime for the device. With IOS-XR you can upgrade portions of the OS without bringing down the entire device and hence its much more suitable for critical systems.

Traditional IOS will in due course be replaced with modular IOS but not with the QNX-based IOS-XR. Cisco is using a different version of IOS on the ASR router called IOS-XE and on the Nexus switch (an upgrade of SAN-OS) called NX-OS. Both are based on a linux kernel from Montavista Linux, and they are fully modular just like IOS-XR. Ultimately, most mainstream Cisco platforms will run something like IOS-XE.

IOS-XR is currently used only on the CRS routing platform (used for very large service provider core, not enterprises) and is likely to stay that way.

So to answer your question – No, IOS-XR per se will probably not be widely used across Cisco’s product line. But modular OS in the form of IOS-XE type software will be what Cisco pushes in the future.

The modular features of IOS XE and the ASR are a critical factor for Jeff Young, CTO of FactSet Research Systems Inc. FactSet supplies historical and real-time financial analytics to financial institutions worldwide and has POPs around the globe. “One hundred percent uptime is critical for our customers, and therefore critical for us,” Young says. “A single POP could have hundreds of clients relying on it to access real-time and analytical data services. Any downtime impacts our clients’ business. In-service upgrades of SPAs and IOS keep our network running without disrupting our infrastructure.”

Leveraging the 40-core Quantum flow processor (announced by Cisco in February and which can process 160 simultaneous threads at a whopping 49 billion transactions per second), the ASR supports the common services found on Cisco’s routers, including stateful firewalling, QoS, VPN, and multicast. In addition, it supports leading-edge services like deep packet inspection for application performance management, a session border controller for VoIP, performance routing, as well as a platform for additional services. Services can be added to IOS XE, and the company is working internally to identify additional services. Cisco doesn’t have any immediate plans to open the platform up to third-party developers but is leaving the door open for future external development.

The increased capacity and processing power of the ASRs make them a good replacement for multiple Cisco 7200 or 7300 routers in service today. Consolidating multiple platforms saves rack space and power requirements. Cisco estimates an ASR is twice as efficient compared with the number of routers required to support the same performance requirements. That’s good for the environment, but also good for the bottom line. “Since we use co-location space in POPs around the globe, we pay by the rack unit and watt. Any reduction in space and power while maintaining our quality guarantees adds to our bottom line,” FactSet’s Young says.

Did Cisco copy JUNOS to make IOS XE?

Tarandeep Singh — Mon, 25 May 2009 18:31:31 +0000

What Juniper has to say about it:

Makes sense to me. But why is it that Cisco is coming out with a new OS with each new significant product?

The Technology cisco adopted:

In addition to this some of the new OS’s have come from purchases Cisco has made, much as happened with PIX and Catalyst switches (which used to run CatOS and not IOS).

Cisco’s plan for the future:

IOS-XR is currently used only on the CRS routing platform (used for very large service provider core, not enterprises) and is likely to stay that way.

VPN Security: where are the holes in your security.

Tarandeep Singh — Thu, 14 May 2009 16:36:52 +0000

Demand for mobile and remote access to small- and midsized business networks has increased dramatically. Even the most basic VPN technologies are so accessible and affordable that there is no good reason for failing to utilize them. That said, the real question for SMBs is which type of VPN to implement: Standard IPSec or SSL?

SSL is best

SMBs that have limited budgets and/or those that do not share highly sensitive data may opt for a standard VPN because of cost; this technology is virtually free. In fact, most operating systems have built-in VPN protocols, but you typically get what you pay for here. Such protocols often rely on little more than usernames and passwords, they usually lack robust authentication and encryption components, and they can easily become open doorways into corporate networks.

Furthermore, standard VPNs require the deployment of software and clients – an administrative headache at best.
SSL VPNs use the same encryption protocols as many e-commerce sites and Web-enabled applications. They are therefore more compatible with the networks through which your remote users connect. Further, SSL is simple to install and leverages firewall ports already opened to secure Internet traffic, enabling users to connect to a network securely via a standard Web browser, without the need to install special software on the client (for example desktops or laptops).

SSL VPNs will support security policies that regulate access depending on the user, device or location. SSL can also deny access if a less-than-secure situation is detected, such as a user logging on via an unsecured wireless LAN at a local coffee shop. In a word, while SSL may cost more up front than standard VPN solutions, it pays for itself in reduced management costs and improved network security.

SSL encryption for data protection

Because most VPNs operate over the Internet, SMBs must deal with the challenge of keeping the transactions and data confidential and protected. This is where SSL encryption comes in – encryption scrambles the data and keeps it unreadable by unauthorized users. Each SSL certificate consists of a public and private key – the public key encrypts information and the private key decrypts it. When a Web browser points to a secured domain, an SSL handshake either authenticates the server and the client or blocks unauthorized users.

Tips and best practices for managing encryption keys

If an SMB loses an encryption key or the key becomes corrupted, the SMB may lose access to all of the systems and data housed on the network. The worst case scenario is that the system becomes completely unusable unless it is re-formatted and re-installed. Further, if a business neglects the security of keys, it could pay big time, according to the Ponemon Institute. In a recent study, Ponemon reported that there has been an 8% increase in the average total cost of encryption key breaches year over year, with a price tag of $197 per record. Don’t fall victim to poor key management. Keep these best practices top of mind:

- Back it up: Back up your encryption keys to a secure location. Further, make sure you’re able to recover backed-up encryption keys – you’ll need an effective disaster-recovery plan that outlines the encryption key recovery process and that plan will need to be tested often. Finally, do not store encryption and decryption keys in the same place – and don’t store any keys on tapes that contain encrypted, archived data.

- Be protective of your keys: Only give authorized users access to encryption/decryption keys, and whatever you do, don’t send keys via e-mail. While it may seem obvious, this indiscretion happens surprisingly frequently. Ensure that the key is only transferred or used from a secure system – be cautious at Internet kiosks and other public facilities.

- Avoid compliance headaches: Stay informed of corporate governance or regulatory compliance measures such as the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act and Sarbanes-Oxley that mandate privacy and confidentiality of computer records. Keeping in mind the potential repercussions of negligent key management may be a motivator to get it right.

- Consider the end-user: The mantra here is “the simpler, the better.” And quite frankly, change tends to make users uncomfortable. Products shouldn’t change the look and feel, and should have a minimal impact on the user experience. End user comfort makes it easier for keys to be used correctly and securely.

The remote access market is enormous, even overwhelming at times. According to IDC, 28% of all firms, or 2.4 million companies, have some sort of branch office. As remote access continues to grow, SSL will be in greater demand – especially for SMBs. Through SSL and effective key management, IT managers and end-users alike can share information securely and conveniently.

Virtualization aware Networking powered by Cisco and VMware

Tarandeep Singh — Wed, 13 May 2009 21:43:11 +0000

Cisco and VMware have collaborated to address new challenges that have arisen from the introduction of bladed server architectures and subsequently of server virtualization. With Cisco VN-Link, you will find a portfolio of networking solutions that can operate directly within the distributed hypervisor layer and offer a feature set and operational model that is familiar and consistent with other Cisco networking products. This approach provides an end-to-end network solution to the new requirements created by server virtualization.

Is it State-of-the-Art or pre-launch advertising? In any case I believe that Cisco’s overview of this new (and at least partially proprietary) hardware-centric approach to Network Virtualization is a must read. It contains a very sound summary of the network challenges in virtualized environments, a recap of VMware’s Distributed Virtual Switch (DVS), Cisco’s Nexus 1000V and a somewhat vague introduction to concepts such as port profile, VN-Link and vEth.

Here is what Cisco’s Whitepaper describes:

The design of modern data center networks is based on a proven layered approach, which has been tested and improved over the past several years in some of the largest data center implementations in the world. The three layers of a data center network are:

• Core layer, the high-speed packet switching backplane for all flows going in and out of the data center

• Aggregation layer, providing important functions such as the integration of network-hosted services: load balancing, intrusion detection, firewalls, SSL offload, network analysis, and more

• Access layer, where the servers physically attach to the network and where the network policies (access control lists [ACLs], quality of service [QoS], VLANs, etc.) are enforced

The access-layer network infrastructure can be implemented with either large, modular switches, typically located at the end of each row, providing connectivity for each of the servers located within that row (the end-of-row model,) or smaller, fixed configuration top-of-rack switches that provide connectivity to one or a few adjacent racks and have uplinks to the aggregation-layer devices (the top-of-rack model.) Bladed server architectures modify the access layer by allowing an optional embedded blade switch to be located within the blade enclosure. Blade switches, which are functionally similar to access-layer switches, are topologically located at the access layer; however, they are often deployed as an additional layer of the network between access-layer switches and computing nodes (blades), thus introducing a fourth layer in the network design.

Effects of Virtualization

Server virtualization modifies both of the previously mentioned assumptions of data center network design by allowing multiple OS images to transparently share the same physical server and I/O devices. As a consequence, it introduces the need to support local switching between different virtual machines within the same server, thus pushing the access layer of the network further away from its original location and invalidating the assumption that each network access port correspond to a single physical server running a single image.

Server virtualization also invalidates a second assumption: the static nature of the relationship between an image and the network. By abstracting hardware from software, virtualization effectively enables OS images to become mobile, which means that a virtual machine can be moved from one physical server to another within the data center or even across multiple data centers. This move can take place within the same access switch or to another access switch in the same or a different data center. The consequences of this new level of mobility on the network are not trivial, and their effects may go beyond just the access layer, as, for example, some of the services deployed in the aggregation layer may need to be modified to support virtual machine mobility. Even in terms of pure Layer 2 switching and connectivity, mobility of virtual machines, implemented by products such as VMware VMotion, poses fairly stringent requirements on the underlying network infrastructure, especially at the access layer. For example, it requires that both the source and destination hosts be part of the same set of Layer 2 domains (VLANs). Therefore, all switch ports of a particular virtualization cluster must be configured uniformly as trunk ports that allow traffic from any of the VLANs used by the cluster’s virtual machines, certainly not a classic network design best practice. Figure 1 provides a visual comparison of the different access layer connectivity options.

Figure 1. Comparison of Access Layer Connectivity Options in (1) Nonvirtualized Rack-Optimized Server, (2) Virtualized Rack-Optimized Server, (3) Nonvirtualized Blade Server, and (4) Virtualized Blade Server

Virtual machine mobility also breaks several other features that have been implemented in the network under the assumption that computing is relatively static and moving a physical server in the data center is not a practical thing to do very often. For example, features such as port security, IEEE 802.1x, and IP source guard that maintain state information based on the physical port cannot be deployed in the current generation of access-layer switches since the virtual machine may move at any point in time. Further, as virtual machines move from one physical server to another, it is also desirable that all the network policies defined in the network for the virtual machine (for example, ACLs) be consistently applied, no matter what the location of the virtual machine in the network.

Hypervisor-Embedded Virtual Switch

The easiest and most straightforward way to network virtual machines is to implement a standalone software switch as part of the hypervisor. This is what VMware did with the virtual switch (vSwitch). Each virtual network interface card (vNIC) logically connects a virtual machine to the vSwitch and allows the virtual machine to send and receive traffic through that interface. If two vNICs attached to the same vSwitch need to communicate with each other, the vSwitch will perform the Layer 2 switching function directly, without any need to send traffic to the physical network.

The primary benefit of the embedded vSwitch approach is its simplicity: each hypervisor includes one or more independent instances of the vSwitch. Unfortunately, this strength becomes a weakness when it comes to deploying several VMware ESX servers in the data center, since each embedded vSwitch represents an independent point of configuration. Another problem with the vSwitch is that it represents a piece of the network that is not managed consistently with the rest of the network infrastructure; in fact, network administrators often do not even have access to the vSwitch. In many practical cases, the vSwitch is an unmanaged network device, certainly not a desirable situation, especially in mission-critical or highly regulated environments, where IT departments rely on network capabilities to help ensure the proper level of compliance and visibility. This approach creates operation inconsistencies in a critical point of the IT infrastructure where the server administrator now has the liability of maintaining and securing a portion of the network without the use of the best practices, diagnostic tools, and management and monitoring available throughout the rest of the infrastructure.

Furthermore, vSwitches do not do anything special to solve the problem of virtual machine mobility; the administrator must manually make sure that the vSwitches on both the originating and target VMware ESX hosts and the upstream physical access-layer ports are consistently configured so that the migration of the virtual machine can take place without breaking network policies or basic connectivity. In a virtualized server environment, in which virtual machine networking is performed through vSwitches, the configuration of physical access-layer ports as trunk ports is an unavoidable requirement if mobility needs to be supported.

To overcome the limitations of the embedded vSwitch, VMware and Cisco jointly developed the concept of a distributed virtual switch (DVS), which essentially decouples the control and data planes of the embedded switch and allows multiple, independent vSwitches (data planes) to be managed by a centralized management system (control plane.) VMware has branded its own implementation of DVS as the vNetwork Distributed Switch, and the control plane component is implemented within VMware vCenter. This approach effectively allows virtual machine administrators to move away from host-level network configuration and manage network connectivity at the VMware ESX cluster level.

Cisco VN-Link

Cisco is using the DVS framework to deliver a portfolio of networking solutions that can operate directly within the distributed hypervisor layer and offer a feature set and operational model that are familiar and consistent with other Cisco networking products. This approach provides an end-to-end network solution to meet the new requirements created by server virtualization. Specifically, it introduces a new set of features and capabilities that enable virtual machine interfaces to be individually identified, configured, monitored, migrated, and diagnosed in a way that is consistent with the current network operation models.

These features are collectively referred to as Cisco Virtual Network Link (VN-Link). The term literally indicates the creation of a logical link between a vNIC on a virtual machine and a Cisco switch enabled for VN-Link. This mapping is the logical equivalent of using a cable to connect a NIC with a network port of an access-layer switch.

Virtual Ethernet Interfaces

A switch enabled for VN-Link operates on the basis of the concept of virtual Ethernet (vEth) interfaces. These virtual interfaces are dynamically provisioned based on network policies stored in the switch as the result of virtual machine provisioning operations by the hypervisor management layer (for example, VMware vCenter.) These virtual interfaces then maintain network configuration attributes, security, and statistics for a given virtual interface across mobility events.

Virtual Ethernet interfaces are the virtual equivalent of physical network access ports. A switch enabled for VN-Link can implement several vEth interfaces per physical port, and it creates a mapping between each vEth interface and the corresponding vNIC on the virtual machine. A very important benefit of vEth interfaces is that they can follow vNICs when virtual machines move from one physical server to another. The movement is performed while maintaining the port configuration and state, including NetFlow, port statistics, and any Switched Port Analyzer (SPAN) session. By virtualizing the network access port with vEth interfaces, VN-Link effectively enables transparent mobility of virtual machines across different physical servers and different physical access-layer switches.

Port Profiles

Port profiles are a collection of interface configuration commands that can be dynamically applied at either physical or virtual interfaces. Any changes to a given port profile are propagated immediately to all ports that have been associated with it. A port profile can define a quite sophisticated collection of attributes such as VLAN, private VLAN (PVLAN), ACL, port security, NetFlow collection, rate limiting, QoS marking, and even remote-port mirroring (through Encapsulated Remote SPAN [ERSPAN]) for advanced, per-virtual machine troubleshooting.

An example of a port profile configuration is shown here:

(config)# port-profile webservers

(config-port-prof)# switchport access vlan 10

(config-port-prof)# ip access-group 500 in

(config-port-prof)# inherit port-profile server

The port profile can then be assigned to a given vEth interface as follows:

(config)# interface veth1

(config-if)# inherit port-profile webservers

Figure 2. Relationship Between Virtual and Physical Network Constructs in a VN-Link Enabled Switch (Cisco Nexus™ 1000V Series Switches)

Port profiles are tightly integrated with the management layer for the virtual machines (for example, VMware vCenter) and enable simplified management of the virtual infrastructure. Port profiles are managed and configured by network administrators. To facilitate integration with the virtual machine management layer, Cisco VN-Link switches can push the catalog of port profiles into virtual machine management solutions such as VMware vCenter, where they are represented as distinct port groups. This integration allows virtual machine administrators to simply choose among a menu of profiles as they create virtual machines. When a virtual machine is powered on or off, its corresponding profiles are used to dynamically configure the vEth in the VN-Link switch.

VN-Link can be implemented in two ways:

• As a Cisco DVS running entirely in software within the hypervisor layer (Cisco Nexus 1000V Series)

• With a new class of devices that support network interface virtualization (NIV) and eliminate the need for software-based switching within hypervisors

Deploying VN-Link in Existing Networks with the Cisco Nexus 1000V Series

With the introduction of the DVS framework, VMware also allowed third-party networking vendors to provide their own implementations of distributed virtual switches by using the vNetwork switch API interfaces. Cisco and VMware collaborated closely on the design of these APIs, and the Cisco Nexus 1000V Series represents the first example of third-party DVSs that are fully integrated with VMware Virtual Infrastructure, including VMware vCenter for the virtualization administrator. When deployed, the Cisco Nexus 1000V Series not only maintains the virtualization administrator’s regular workflow; it also offloads the vSwitch and port group configuration to the network administrator, reducing network configuration mistakes and helping ensure that consistent network policy is enforced throughout the data center.

The Cisco Nexus 1000V Series consists of two main types of components that can virtually emulate a 66-slot modular Ethernet switch with redundant supervisor functions:

• Virtual Ethernet module (VEM)-data plane: This lightweight software component runs inside the hypervisor. It enables advanced networking and security features, performs switching between directly attached virtual machines, provides uplink capabilities to the rest of the network, and effectively replaces the vSwitch. Each hypervisor is embedded with one VEM.

• Virtual supervisor module (VSM)-control plane: This standalone, external, physical or virtual appliance is responsible for the configuration, management, monitoring, and diagnostics of the overall Cisco Nexus 1000V Series system (that is, the combination of the VSM itself and all the VEMs it controls) as well as the integration with VMware vCenter. A single VSM can manage up to 64 VEMs. VSMs can be deployed in an active-standby model, helping ensure high availability.

In the Cisco Nexus 1000V Series, traffic between virtual machines is switched locally at each instance of a VEM. Each VEM is also responsible for interconnecting the local virtual machines with the rest of the network through the upstream access-layer network switch (blade, top-of-rack, end-of-row, etc.). The VSM is responsible for running the control plane protocols and configuring the state of each VEM accordingly, but it never takes part in the actual forwarding of packets (Figure 3).

Figure 3. Cisco Nexus 1000V Series Distributed Switching Architecture

Deploying VN-Link with Network Interface Virtualization

In addition to the distributed virtual switch model, which requires a tight integration between the hypervisor, its management layer, and the virtual networking components and implements switching in software within the hypervisor, Cisco has developed a hardware approach based on the concept of network interface virtualization. NIV completely removes any switching function from the hypervisor and locates it in a hardware network switch physically independent of the server. NIV still requires a component on the host, called the interface virtualizer, that can be implemented either in software within the hypervisor or in hardware within an interface virtualizer-capable adapter. The purpose of the interface virtualizer is twofold:

• For traffic going from the server to the network, the interface virtualizer identifies the source vNIC and explicitly tags each of the packets generated by that vNIC with a unique tag, also known as a virtual network tag (VNTag).

• For traffic received from the network, the interface virtualizer removes the VNTag and directs the packet to the specified vNIC.

The interface virtualizer never performs any local switching between virtual machines. The switching process is completely decoupled from the hypervisor, which brings networking of virtual machines to feature parity with networking of physical devices.

Switching is always performed by the network switch to which the interface virtualizer connects, which in this case is called the virtual interface switch (VIS) to indicate its capability not only to switch between physical ports, but also between virtual interfaces (VIFs) corresponding to vNICs that are remote from the switch. Said in a different way, each vNIC in a virtual machine will correspond to a VIF in the VIS, and any switching or policy enforcement function will be performed within the VIS and not in the hypervisor. The VIS can be any kind of access-layer switch in the network (a blade, top-of-rack, or end-of-row switch) as long as it supports NIV (Figure 4).

Figure 4. Architectural Elements of the NIV Model

An important consequence of the NIV model is that the VIS cannot be just any IEEE 802.1D-compliant Ethernet switch, but it must implement some extensions to support the newly defined satellite relationships. These extensions are link local and must be implemented both in the switch and in the interface virtualizer. Without such extensions, the portions of traffic belonging to different virtual machines cannot be identified because the virtual machines are multiplexed over a single physical link.

In addition, a VIS must be enabled to potentially forward a frame back on the same inbound port from which it was received. The IEEE 801.D standard that defines the operation of Layer 2 Ethernet switches clearly states that a compliant switch is never allowed to forward any frames back on the same interface from which they were received. This measure was originally introduced in the standard to avoid the creation of loops in Layer 2 topologies while enabling relatively simple hardware implementations of Layer 2 forwarding engines. The technology that is currently available for implementing forwarding engines allows much more sophisticated algorithms, and thus this requirement no longer needs to be imposed. Nonetheless, the capability of a network switch to send packets back on the same interface from which they were received still requires the proper level of standardization. Cisco defined a protocol, VNTag, that has been submitted to the IEEE 802.3 task force for standardization.

NIV represents innovation at Layer 2 that is designed for deployment within the VN-Link operating framework. Specifically, it includes the same mechanisms, such as port profiles, vEth interfaces, support for virtual machine mobility, a consistent network deployment and operating model, and integration with hypervisor managers, as the Cisco Nexus 1000V Series.

Conclusion

The introduction of bladed server architectures and server virtualization has invalidated several design, operational, and diagnostic assumptions of data center networks. Server virtualization allows multiple OS images to transparently share the same physical server and I/O devices. As a consequence, it introduces the need to support local switching between different Virtual Machines within the same server. Cisco and VMware have collaborated to define a set of APIs that enable transparent integration of third-party networking capabilities within the VMware Virtual Infrastructure.

Cisco has been the first networking vendor to take advantage of such capabilities to deliver VN-Link, a portfolio of networking solutions that can operate directly within the distributed hypervisor layer and offer a feature set and operational model that is familiar and consistent with other Cisco networking products. This approach provides an end-to-end network solution to the new requirements created by server virtualization.

VN-Link can be implemented as a Cisco distributed virtual switch, or DVS, running entirely in software within the hypervisor layer (Cisco Nexus 1000V Series) or in a new class of devices that support network interface virtualization, or NIV, and eliminate the need for software-based switching within hypervisors. VN-Link provides an immediate solution to virtual machine networking requirements, while laying the foundation for future enhanced and simplified connectivity options in virtualized data centers.

Juniper EX8216 is a Cloud switch, Delivers 12.4 Terabits

Tarandeep Singh — Tue, 12 May 2009 19:28:19 +0000

Juniper Networks today announced the availability of the EX8216 Ethernet switch, a 16-slot platform with a switch fabric capacity of 12.4 terabits.

The EX8216 joins the eight-slot EX8208 as Juniper’s modular, chassis-based LAN switch offerings. The EX8208 began shipping in the first quarter after a delay.

The EX8216 is optimized for high-density 10 Gigabit Ethernet data center and cloud computing environments, Juniper says. Juniper claims the switch has a per-slot capacity of 320Gbps and delivers up to 2 billion packets per second performance, features the company says will be required for 100G Ethernet in the future.

It will go up against Cisco’s Nexus 7000 and other high-end, data center-optimized switches and switching routers from Brocade, Extreme and Force10.

Even though the EX8216 is positioned by Juniper as a platform for cloud computing, the company is believed to be working on new switching architectures as part of its Stratus cloud computing project.
Pricing for the EX8216 starts at $76,000.

Separately, Juniper confirmed that its recently introduced EX2500 top-of-rack 10G Ethernet data center switch is a licensed product that does not run its JUNOS software — a “chink” in the company’s end-to-end JUNOS consistency story, a company official acknowledges. He would not disclose the manufacturer of the switch but says Juniper chose to license the product for time-to-market purposes to fill a gap in its switching portfolio.

Routing for the future: Cisco ASR IOS XE

Tarandeep Singh — Fri, 24 Apr 2009 11:22:38 +0000

Cisco’s ASR routers gives a new Edge to the Routing technologies that exist today. It introduces the new concept of distributed software components for routers to make them more resilient.

source: NetworkWorld

You can search for “IOS XE” and get plenty of results or you could click around a lot and finally find it, but that’s wrong. XE is a key component of the ASR line and it should be easy to find and review. It almost appears Cisco is hiding the information or, at a minimum, just trying to say it’s IOS, whereas NX-OS is different and gets its own support sections. I disagree; IOS XE is different and should be made clearly available.

Nowhere on the ASR main page is a link – or for that matter even the letters “XE” – to XE material. It’s there, under “All support information for Cisco ASR 1000 Series Aggregation Services Routers”, but it’s certainly not a highlighted part of the ASR material.

IOS XE is a “distributed software architecture that moves many operating system responsibilities out of the IOS process”. Whereas in traditional software IOS controlled almost everything, in XE IOS is just one of twelve processes. This separates responsibility for the operation of the router into distinct modules that have isolated fault domains. So, if something goes wrong in the “Logger” process, it won’t crash the “IOS” process.

The actual IOS XE software comes in seven individual sub-packages (files) which are combined into a complete consolidated package (file). Normally, the router boots from the single consolidated package which automatically loads each of the seven sub-packages into memory. However, you can extract individual sub-packages yourself and specify which sub-packages you want loaded (maybe 5 instead of all 7). When individual sub-packages are loaded “content from the RP is copied into memory on an as-needed basis only” which conserves memory. The router can run at highest peak traffic load when configured to run using individual sub-packages. So, if you want a screaming, kick-butt ASR, you’ll need to load individual sub-packages, not a complete consolidated package (file).

Once the router is booted and running, the CLI is “identical in look, feel, and usage to the Cisco IOS CLI on most platforms.” As best I can tell, it’s IOS version 12.2(33)XN-series code.

One other nice feature of IOS XE is that is can run two IOS processes on a single RP. The 1002 and 1004 versions do not allow dual, physical RPs, so, instead, you can configure two IOS processes on the same RP. That way, should the IOS process hit a bug and fail, the backup IOS process takes over. This does not protect against hardware failures, but can provide protection against the more likely failure: software bugs.

One final note about In Service Software Upgrade (ISSU). ISSU is a very nice feature that can help prevent any outages during upgrades, but it’s not a simple decision to upgrade from one version to any other version. ISSU has strict IOS XE version compatibility steps that must be adhered to or the upgrade could interrupt traffic. You may have to do two upgrades if you want to use ISSU to get from your current version to your target version of IOS XE.

Overall, there are some very nice features in IOS XE. It’s definitely new so expect some bumps, but Cisco has setup XE as a platform for modularity. I would expect many (all?) router lines to be running IOS XE in the future.

http://cisco.com/en/US/products/ps9587/tsd_products_support_series_home.html“>Cisco IOS XE Main Support Page

Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide

Cisco IOS XE Software End-of-Life Strategy