Cisco Blogs


Cisco Blog > Internet of Everything

The Extended Network Requires Security That’s the Same, Only Different

April 23, 2014 at 6:00 am PST

IoT Double Edged SwordWhen I was in grade school, my best friend had a favorite saying whenever he disagreed with somebody’s observation that two things were really similar. “It’s the same, only different,” he would quip. Though this phrase was mostly intended to be flippant and evoke an emotional response from the recipient, I’ve finally found a topic where his phrase is 100 percent legitimate; IoT security. That’s because when it comes to securing IoT, we’re not talking about a single, homogeneous network, but rather the extended network which comprises both Information Technology (IT) and Operational Technology (OT) environments.

While existing IT networks have included cloud and perimeter security for many years, OT environments have traditionally been air gapped from the Internet, and therefore only required physical security components to ensure a high level of secure access and safety for plant personnel. And since IT and OT networks were completely separate, the radical differences in their approach to security didn’t make much of a difference – users of each simply lived in blissful isolation. But IoT is changing all of that! Read More »

Tags: , , , , , , , , , ,

What’s New with onePK?

CiscoLive San Francisco is coming up so I’ve been updating my session, the Hitchhiker’s Guide to onePK, with the latest information and some new insights.

One new thing is that Cisco onePK (One Platform Kit) is now Generally Available! Anyone can go to onepkdeveloper.com, download the SDK, and take C, Java or Python for a test drive. And I really mean anyone. You don’t even need a Babel fish. Haven’t programmed since freshman year in college? Don’t worry. If you can click on an icon in a Linux desktop and type the name of a script, then you can use onePK.

The great thing about this is that now we can all get real. As a network engineer, technologies aren’t real to me until I see them running on a network. After all, you can read about LSA types and adjacencies all day long, but until you’ve deployed OSPF, you don’t really know OSPF. The same is true for onePK. Read More »

Tags: , , , , , , , , , , ,

Next Generation Data Center Design With MDS 9710 – Part I

 

High Speed (16Gbps) and High Capacity (384 Line Rate ports per Chassis)

Data centers are undergoing a major transition to meet higher performance, scalability, and resiliency requirements with fewer resources, smaller footprint, and simplified designs. These rigorous requirements coupled with major data center trends, such as virtualization, data center consolidation  and data growth, are putting a tremendous amount of strain on the existing infrastructure and adding complexity. MDS 9710 is designed to surpass these requirements without a forklift upgrade for the decade ahead.

MDS 9700 provides unprecedented

  • Performance - 24 Tbps Switching capacity
  • Reliability -- Redundancy for every critical component in the chassis including Fabric Card
  • Flexibility -- Speed, Protocol, DC Architecture

In addition to these unique capabilities MDS 9710 provides the rich feature set and investment protection to customers.

In this series of blogs I plan to focus on design requirements of the next generation DC with MDS 9710.  We will review one aspect of the DC design requirements in each.  Let us look at performance today. A lot of customers how MDS 9710 delivers highest performance today. The performance that application delivers depend

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

How are You Sprucing Up Your Digital Strategy for Spring?

It’s springtime…typically the time of year when you need to purge your house of all the clutter that’s accumulated during the winter. At the same time, spring always reminds me to do some extra sprucing up around the Cisco digital house — and start checking it from top to bottom with renewed vigor.

So I took stock recently and was pleased to see all the heavy-duty spring cleaning improvements we’ve made of late. Here’s a sampling, plus some tips on how to approach your digital spring cleaning regime:

Leverage data and insights.

We took a recent look at the traffic patterns on our Cisco.com menus. The majority of visitors to the “Products and Services” menu were gravitating to a subset of items. So we took the opportunity to do some clean-up and make that menu more readable by eliminating items with low traffic.

For more details on this change, see our blog: “A Simple Update to Our Cisco.com Menus”. Read More »

Tags: , , , , , ,

Cisco ACI with OpenStack at Redhat Summit – A perfect Pairing

Last week at Redhat Summit in San Francisco, Cisco Data center was well represented in speaking sessions, and solutions expo. I saw lots of traffic at our demo booth featuring Cisco ACI with OpenStack. Customers and Partners alike, showed great interest in how Cisco APIC integrates with OpenStack and enriches Data center operations. We showed the powerful capabilities of Cisco’s Neutron plug-in implementation and how workflow functions like, “create network”, “create subnets and vlan”, “create security groups”, etc. can be elegantly accomplished from the Open Stack console and aligned with the APIC object model via the APIC-Open Stack  API integration. View Demo here: http://youtu.be/pWMXTb237Vk

ACI with OpenStack demo

ACI with OpenStack demo

We also presented in two sessions one titled “Deploying OpenStack with Cisco networking, compute, & storage” and the other  “Automating Red Hat Enterprise Linux deployments with Cisco ACI & OpenStack”. We talked about plans to introduce the group policy model from ACI into OpenStack so that  DevOps teams and NetOps teams can streamline and automate their work while focusing on application and tenant needs at a policy level.

Ravi_DeCapite_t_0450_OpenStack_with_Cisco

The benefit will be that the Group Policy Plugin provides APIs to build Application Network Profiles including service chain requirements.  Both OVS and the ACI Fabric then implement the full policy including distributed L2, L3, and security.   ACI also allows customers to separate tenant polices from operation.  The Tenants manage their applications while the ACI admin manages network operations and infrastructure using policy and it’s all done with automation that speeds up your OpenStack operations.

There was also strong interest in the OpFlex protocol, which Cisco announced at Interop a few weeks ago and how it opens up the ACI policy framework to a broad eco-system. We had lots of other demos showing our Open Stack integration, from a UCS, Nexus 1k, UCS Director stand-point, to round off a 360 degree view of our commitment to broad industry initiatives.

I want to shift focus now to two cool videos recorded last week, by the dynamic team of Joe Onisick and Lilian Quan from the Insieme Business Unit, at Cisco. Joe emphasizes “traffic flows within the ACI Fabric, and application of policy”, while Lilian covers the magic behind how “traffic is handled within the ACI fabric” with emphasis on re-route, bounce, ARP flooding avoidance, etc.,

Stay tuned for more videos on the ACI Fabric mode in near future. We also have a slew of whitepapers coming up that will cover the APIC/ACI Fabric innovations. Check out the recently posted APIC Policy Model whitepaper  that walks you through the basics of the object oriented policy model, Spine-Leaf network architecture and its benefits, APIC policy enforcement, Unicast/Multi-cast policy enforcement, concept of end-point groups (EPG) and all related concepts that you would find extremely valuable as you consider a policy based network architecture for your Data center needs.

I will be covering more exciting news on the ACI front, as we approach Cisco Live San Francisco. Stay tuned

Reference Links

APIC Policy Model whitepaper http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-731310.html

OpFlex -- An Open policy protocol http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-731304.html

OpFlex -- An open source approach http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-731303.html

(ACI-OpenStack demo) http://youtu.be/fYQDvKVg-ag

(Opflex announcement) http://blogs.cisco.com/datacenter/introducing-opflex-a-new-standards-based-protocol-for-application-centric-infrastructure/

Tags: , , , , ,