Cisco Blogs

Cisco Blog > Data Center and Cloud

Network Services Headers (NSH): Creating a Service Plane for Cloud Networks

November 19, 2014 at 9:00 am PST

In the past, we have pointed out that configuring network services and security policies into an application network has traditionally been the most complex, tedious and time-consuming aspect of deploying new applications. For a data center or cloud provider to stand up applications in minutes and not days, easily configuring the right service nodes (e.g. a load balancer or firewall), with the right application and security policies, to support the specific workload requirements, independent of location in the network is a clear obstacle that has to be overcome.

Let’s say, for example, you have a world-beating best-in-class firewall positioned in some rack of your data center. You also have two workloads that need to be separated according to security policies implemented on this firewall on other servers a few hops away. The network and security teams have traditionally had a few challenges to address:

  1. If traffic from workload1 to workload2 needs to go through a firewall, how do you route traffic properly, considering the workloads don’t themselves have visibility to the specifics of the firewalls they need to work with. Traffic routing of this nature can be implemented in the network through the use of VLAN’s and policy-based routing techniques, but this is not scalable to hundreds or thousands of applications, is tedious to manage, limits workload mobility, and makes the whole infrastructure more error-prone and brittle.
  2. The physical location of the firewall or network service largely determines the topology of the network, and have historically restricted where workloads could be placed. But modern data center and cloud networks need to be able to provide required services and policies independent of where the workloads are placed, on this rack or that, on-premises or in the cloud.

Whereas physical firewalls might have been incorporated into an application network through VLAN stitching, there are a number of other protocols and techniques that generally have to be used with other network services to include them in an application deployment, such as Source NAT for application delivery controllers, or WCCP for WAN optimization. The complexity of configuring services for a single application deployment thus increases measurably.

Read More »

Tags: , , , , , ,

What’s New from Cisco IT?

If you’ve seen the short introductory video to Cisco on Cisco, then you know that Cisco IT shares stories with customers. But – what kind of stories?

Well – let me turn that around. What stories would you like to hear? Because we have some good ones. And if we don’t have content to point you to, we’ll build it. Just let us know what you’d like to hear about.

For example:


Cisco IT has some great stories to share about transforming Cisco into a global collaborative environment, based on two major cultural changes: mobility and video.

Read More »

Tags: , , , , , ,

Endpoint Protection and Least Prevalence

Let’s face it, malware is everywhere now, and it’s here to stay. The statistics are staggering. According to the 2014 Cisco Annual Security Report, “100 percent of the business networks analyzed by Cisco had traffic going to websites that host malware” and 96 percent of the business networks analyzed had connections to known hijacked infrastructure or compromised sites. It’s a pretty scary reality for organizations and the security teams that are tasked with protecting these organizations from threats.

Not only is malware abundant and pervasive, but it comes in all shapes and sizes, including trojans, adware, worms, downloaders, droppers, ransomware, and polymorphic malware to name a few. Furthermore, it’s attacking us on all fronts, regardless of the device or operating system that we are using.

Read More »

Tags: , , ,

Going Native with OpenStack Centric Applications: Murano

November 18, 2014 at 9:58 pm PST

Following on our previous discussion surveying the projects supporting applications within OpenStack, let’s continue our review with an in-depth look at the OpenStack-native Application Catalog: Murano, currently an incubation status project, having seen its functionality and core services integration advanced over the past few OpenStack releases.

OpenStack Centric Applications - Murano Logo

What is it?

An application catalog developed by Mirantis, HP and others (now Cisco), that allows application developers and cloud administrators to publish applications in a categorized catalog to be perused and deployed by application consumers. The selection of applications available within the catalog is intended to be that of released versions (ready-state) of applications (cloud-native or enterprise-architected), not application versions that are mid-development. Ideally, these are applications ready to be consumed and run by application users. Read More »

Tags: , , , ,

Cisco UCS Integrated Infrastructure for Big Data with Splunk Enterprise

The Cisco UCS Integrated Infrastructure for Big Data is the third generation of Cisco UCS Common Platform Architecture (CPA) for Big Data with significant improvements in performance and capacity. The solution has been widely adopted across major sectors including agriculture, education, entertainment, finance, healthcare, manufacturing and governments.

Today I’m pleased to announce that we are expanding our Cisco Integrated Infrastructure for Big Data portfolio to include joint reference architectures with Splunk. Splunk helps organizations unlock the value hidden within massive volumes of machine data generated by websites, applications, servers, networks, mobile devices and all the sensors and RFID assets that produce data every second of every day. Many organizations rely on Splunk for real-time end-to-end operational visibility and security intelligence, and as a result index terabytes of data every day across physical, virtual and cloud environments. A high performance, highly scalable, enterprise class infrastructure is critical.

Cisco has worked closely with Splunk to deliver a comprehensive solution with Splunk Enterprise that supports the massive scalability Splunk Enterprise deployments demand while delivering exceptional performance that dramatically exceeds Splunk reference hardware. See table 1. In short: Deploying Splunk Enterprise on UCS-based architectures enables organizations to improve performance up to 25x or index more than a TB/day with a 1 year retention policy.

Optimized for high performance or high data retention the solution is available in single instance (ideal for small-medium deployments) and scale-out cluster (designed for large scale deployments with data replication for redundancy).

High performance option: The single instance solution is based on UCS C220 M4 Server supports up to 250 GB* of indexing capacity per day with 1-month* data retention. The scale-out cluster solution consists of sixteen UCS C220 M4 Server (indexers), five UCS 220 M4 Servers (three search heads, two administration and master nodes) supports up to 8TB* of indexing capacity per day with a 16 day* data retention. Ideal for security, operations, and business intelligence use cases that require extremely fast response times for multiple concurrent searches.

High data retention option: The single instance solution is based on UCS C240 M4 Server supporting a 1 year retention period at 80GB per day Indexing capacity. The scale-out cluster consists of sixteen UCS C240 M4 Server (indexers), five UCS 220 M4 Servers (three search heads, two administration and master nodes) with a 1 year retention period at 1.25TB per day Indexing capacity. This solution is ideal for applications requiring a balance of performance with a long data retention period.

Table 1: Performance benchmark data on Cisco UCS High Retention Single Instance Architecture

Searching (No indexing load) – Average Searches Per Minute (4-64)
Search Type

Cisco UCS High Retention Single Instance Architecture

Performance Gains relative to Splunk Reference HW**

Dense Searches(1 in every 100 events)


2.13 x

Rare Searches(1 in every 1M events)


25.5 x

Very Rare Searches(1 in every 100M events)


16.8 x

Searching and Indexing -- Average Searches Per Minute (4-64)
Search Type

Cisco UCS High Retention Single Instance Architecture

Performance Gains Relative to Splunk Reference HW**

Dense Searches(1 in every 100 events)


1.1 x

Rare Searches(1 in every 1M events)


15 x

Very Rare Searches(1 in every 100M events)


9.6 x

Together, Cisco and Splunk are helping organizations break down internal silos and harness big data to deepen business and customer understanding, mitigate cybersecurity risk, prevent fraud, improve service performance and reduce cost.

* Indexing capacity and data retention are inversely related, and a smaller indexing volume enables a greater retention capacity.
** Based on reference hardware specs outlined in the Splunk Capacity Planning Manual.

Additional Information
Cisco UCS Integrated Infrastructure for Big Data with Splunk Enterprise