The announcement earlier this week focused on the Borderless Networks services with new capabilities for Centralized Policy, Unified Management and Automated Video and Voice. For more information on the announcement, see Marie Hattar’s blog.
Automated Video and Voice highlights the unique capabilities in the network infrastructure to simplify the deployment and optimize the network for video.
Why video?
Because it is not a question of IF it is coming to Enterprise networks, but WHEN. As you can see from the chart from Forrester Research (Jan. 2011) the adoption for video applications and technologies is on the significant growth path because they are adding value for businesses.
Steven Boutelle, Vice President, Cisco Global Government Solutions Group would like to share some of the latest updates to the Internet Routing in Space (IRIS) program and provide an expert’s overview on where the satellite industry stands today. Watch Steven’s interview below!
To further assist in moving IRIS forward, TeleCommunications Systems, Inc. has been selected as an exclusive service provider. This is another milestone in the long-term collaboration between TCS and Cisco in an effort to move IRIS onward.
Cisco Advanced Services has been involved in quite a few Data Center Migration projects over last couple of years. One common theme in most of these migrations was that the projects were never limited to infrastructure migration to shiny new devices. Statements of work almost always included improvements and customization to routing, configuration of QoS across the Data Center Interconnect and the WAN circuits, and to provide some level of instrumentation to validate the traffic flow across multiple different paths. While these requirements seem like a logical extension of any Data Center migration project, fulfilling these requirements was never straightforward.
In most of the customer environments, by looking at the Network topology, we could easily determine safe upper limits of client to server traffic. The real challenge was to determine traffic between the web front-end servers and the application and/or database servers – the east/west traffic. Some wild assumptions were made in some cases since the data was either not available or was inadequate. This lack of network traffic profiling made QoS provisioning very difficult on WAN circuits and almost impossible on the Inter Data Center links.
Mark Townsley opened the inaugural V6 World Congress 2011, a 3-day conference on IPv6 Internetworking, with a keynote discussion on the business case for IPv6. One of his key messages was to do with the fact that there is strength in numbers, according to the Network Effect. Thus critical mass is required for the transition to begin in earnest and for the eventual switch to IPv6 to come to true fruition.
Theodore Vail of Bell Telephone discovered and learned how to harness the powers of a mathematical equation that describes “The Network Effect” more than 100 years ago as evidenced by the world wide telephony network. In simple terms, the Network Effect states that the more connections (or people) working together in a network, the more robust and more valuable it becomes. Extrapolating this information to the modern day Internet and further the IPv6 Internet we, indeed, believe the future of the Internet is in our hands and it is up to us to join together as a network of participants to keep it going. Such was the spirit of the participants at V6 World Congress, one of realization in how they are all working together to ensure the continued growth and success of the Internet.
The heart of the Internet is technological growth. With IPv4 on the way out, this growth is prone to being stunted. The basis of a study by Dimitri Zenghelis from Cisco IBSG, finds that “network technology has the potential to boost economic growth, sustainably enriching poorer societies.” If the Internet lacks the ability to expand and grow, a likely outcome will be that the innovation we have come to expect will become more and more difficult to achieve, potentially causing the world economy to lose the monetary sustenance it derives from the Network Effect.
Cisco is a primary supplier of the network at Interop Las Vegas this year.
The challenge? Build a high-performance, highly available network that can support both IPv4 and IPv6 end-to-end. Watch this video to learn how Cisco did it.
Last week, we introduced the new IP SLA Video Operation tool to assess the readiness of a network by generating synthetic traffic to mimic real applications. When you use IP SLA VO to generate simulated RTP traffic between two sites, you can use the medianet Performance Monitor feature to measure the performance of this synthetic traffic across the network. You can also use Mediatrace to discover the network elements on the paths between the two sites. For each network element discovered in the network path, Performance Monitor can collect metrics to detect potential capacity bottlenecks and proactively identify quality issues.
In addition to the obvious use for pre-deployment assessment, many enterprises understand that the network and applications are constantly changing so it is necessary to do continuous assessments. For example, after a major scheduled network maintenance or upgrade during non-business hours, you can use IP SLA VO to simulate real application traffic and assess the impact of the network changes to minimize potential business disruption or even downtime. Another example is prior to an important event, you can use IP SLA VO to stress test the network and verify that it can handle the rich media traffic without impacting existing application performance.
Whether you are doing an initial assessment for a new deployment, an expansion to an existing deployment, or ongoing operations, IPSLA VO, Performance Monitor and Mediatrace are effective tools to identify and proactively resolve rich media problems across the network. Put this handy tool in your toolbox and you will like it.
When faced with a life changing situation such as the depletion of the IPv4 address space, the emotional reaction tends to track the Kübler-Ross model, better known as The Five Stages of Grief.
DENIAL: There is no crisis! There are lots of IPv4 addresses; we just need to reclaim the ones that are not used.
The increasing consumption rate of IP addresses combined with the natural inefficiencies inherent in IPv4 subnetting makes complete exhaustion of the IPv4 address space inevitable. In October 2010, a return of a “/8 block” (16 million addresses) added only one month to the depletion date. As of April 2011, the Asia-Pacific region alone consumes two /8 network blocks every month. No amount of conservation or reclamation can solve the problem.
ANGER: What a stupid design! How could we run out of addresses?
Vint Cerf sends his most sincere apologies. Nobody imagined the phenomenal growth of the Internet when Vint and his team defined the 32-bit IPv4 address space back in 1977. The good news is that the problem has been recognized since the 1980s and the IETF has had the successor IPv6 protocol defined since 1998. You can take advantage of more than a decade of experience in navigating this transition.
With video increasingly becoming part of how you collaborate, you need to consider the impact of this incremental video on your network. Video brings many new challenges in order to meet user expectations for a flawless quality of experience. So is your network ready for rich media?
IP SLA video operation answers this question by synthetically generating traffic mimicking real application traffic. The ability to generate realistic RTP stream similar to real life Cisco TelePresence allow you to stress the network and assess the demands these applications will impose on your network. Each type of media application can be expressed for the synthetic media generation system by media application profiles that contain personalities which incorporate characteristics such as bit rate, burst sizes, inter-packet-gaps, etc. These application profiles allow, for example, a catalyst switch to simulate the video playout from multiple places in the network. There may be multiple personalities based on different software versions or configurations of the media application. Cisco will make a set of comprehensive media application profiles available for download. IP SLA video operation, an enhancement to IP SLA, was announced on April 6, 2011 at ISC West in Las Vegas and is first introduced in IOS 12.2(58) SE on Cisco Catalyst 3750 and 3560 series switches. Over time, more products will be implementing this new operation.
A few years back I set up IPv6 connectivity on my home network for the first time. I had a rush of exhilaration when the first ping and traceroute commands completed successfully. Suddenly, I was free of Network Address Translation and bypassing my firewall, connecting directly to any IPv6 device on the Internet. But then it slowly dawned on me that those people same people could also directly connect to my device! In a panic, I wondered if my SMB shares were visible to the world, or if criminals could relentlessly probe my open ports for zero-day vulnerabilities. How could I even check if I had any open ports? My fear got the best of me and I disabled IPv6.
I contacted my friend Dan and posed my dilemma to him. How could I tell if my ports were locked down on a machine which ran IPv6? A number of sites provided port scanners for IPv4, but nobody had a general purpose scanner for IPv6. Hurricane Electric provided one, but only for devices that were on their network. Dan hacked up a primitive IPv6 open port testing site, which uses NMAP to scan an IPv6 visitor for typically vulnerable ports before issuing a simple report. I was pleased to discover that my computer did not answer on any of those commonly attacked ports.
In this process, I discovered that many modern operating systems with IPv6 enabled also come with a set of reasonable host firewall defaults which do not expose listening ports as much as I had expected based on my experience with IPv4. Many hosts with IPv6 enabled by default also come with some very sensible settings to prevent network-launched crimes of opportunity from malicious users.
IPv6 also provides a natural defense against classic portscanning attacks, where an attacker probes for commonly vulnerable ports of every IP address on a subnet. For densely packed IPv4 service provider networks with one IP address assigned per typical user, a few thousand probes across a known DSL or cable subnet can yield a rich collection of potential targets. Since the address space of IPv6 is so much larger and sparsely populated than IPv4, blind portscanning of subnets becomes impractical since a typical IPv6 subnet contains quintillions of addresses hosting a relatively small number of end devices.
Despite the sensible security posture of IPv6, a network based firewall provides additional protections by thwarting attacks at the network perimeter, analyzing connection context and allowing greater control of policy and analytics. An IPv6 Quick Start Guide for the Cisco ASA can be found in the World IPv6 Day – IPv6 Transition community at the Cisco Support Forums. Please visit this forum and ask questions. Overcome your fear of running IPv6 and start reaping the benefits of running IPv6 on your own network in time for World IPv6 Day.
This meter represents your reputation at a 100% scale based on your level of participation on the site. Find out more
Comments Off
A few weeks ago, we introduced a new tool for network operators called mediatrace. On the router and switches, a mediatrace report presents several stanzas of data collected along a particular path. While the report is useful, there is a very high information density and the network operator could overlook an important item at a casual glance.
Mediascope was created as an intern project at Cisco to help in the visualization of mediatrace data. Mediascope uses the IOS Web Services Management Agent (WSMA) interface to execute mediatrace commands. As a flash based tool, mediascope can be hosted on a regular web server in your network and be available for general users (well except for ipad/iphone!).
The user initially logs into the mediascope tool with a mediascope specific password. Then the target router is identified and credentials for that node are provided. At this point, the user can ask mediascope to dynamically configure IOS performancemonitor to discover the flows traversing the target router. The discovered flows are dynamically displayed in a list allowing the user to select the interesting flow and then continue on to the specific metrics to be gathered (lower part of Figure 1 below).
Figure 1. Mediascope Flow selection and Data Retrieval Selection
Figure 2. Mediascope Result Visualization
In Figure 2, we can see the result of the mediatrace run. Note from Figure 1 that the y-axis in the chart is selectable, as are the meanings of the color. In our example, the height of the circles conveys number of IP packets seen for the monitored flow, size conveys CPU utilization, and conditional coloring based on number of packets lost and jitter values. Of course, a much simpler chart could be constructed, but we wanted to show how easily very dense information could be represented.
Using the chart the operator is able to quickly identify the node that is at high CPI, but also the node that seems to be seeing packet loss.
We had a lot of fun creating mediascope. Check out our multi-language demos on YouTube! We invite you to make your own audio version- with the challenge of no English words at all. I’m hoping we’ll see one in Klingonsoon!
One of the key tenets of engineering is to reduce complexity, but in doing so it is important to understand the implications. While we might try to view one technology as it relates to another to help us simplify the details, it is important that we recognise how and where they differ.
Case in point.
When it comes to wireless networks, I often talk about how there are two questions I dislike being asked more than any others:
How many clients can connect to an access point?
What is the maximum range of an access point?
The reason is that I believe they are the wrong questions. They are being asked from perspective of someone trying to relate to a wireless network as if it were a wired network. What they are really asking is “how many switch ports do I need to cover this area?”
But wireless networks are not switched networks. While each connected device in a wired network has its own physical cable, and thereby its own gigabit Ethernet link, in a wireless network, every device connected to a particular access point shares the same RF spectrum, the same total available bandwidth.
For a standard access point in today’s deployments, that means a maximum total bandwidth of 144Mbps on the 2.4GHz band with a 20MHz channel and 300Mbps on the 5GHz band with a 40MHz channel using channel bonding.
But that is an over simplification.
Those aggregate bandwidths assume each client is connected at the highest available data rate. As we increase range, however, the data rate decreases, thereby reducing the overall channel utilisation. Therefore, with fewer access points, we are not just sharing a limited amount of bandwidth with more clients, but we are actually reducing the total available bandwidth.
Interference, particularly as access points cover larger areas, becomes an even greater issue. An increase in the signal to noise ratio leads to a decrease in the maximum sustainable data rate. This again reduces the overall channel utilisation. The key here is that a wireless network’s ability to not only detect, but where possible mitigate interference is critical to its ability to sustain higher data rates and maximise the total available bandwidth in each cell.
All this assumes that the wireless clients connecting to the network are even capable of supporting those high data rates.
Most smartphones on the market today support only 802.11g in the 2.4GHz band, meaning that at most they can support 54Mbps.
Newer devices, such as the iPhone 4, support 802.11n, but only in 2.4GHz, and only with a single antenna, limiting them to a single “spatial stream”—in simple terms that means the maximum data rate they can support is 72Mbps.
This applies to tablet devices as well. While the new iPad2 supports 802.11n in both the 2.4GHz and 5GHz band, it too is limited to a single spatial stream. The Cius goes one step further with support for channel bonding in 5GHz, increasing the maximum data rate to 150Mbps.
Interestingly, we are now starting to see new access points enter the market using Atheros’ first-generation silicon supporting three spatial streams. While this increases the maximum data rate in the 5GHz band to 450Mbps, as we have just seen, this will have no impact on the multitude of mobile devices given their single spatial stream limitation.
Three spatial streams represents a key milestone for the 802.11 standard, and will become increasingly important over the next 2 to 3 years as battery technology improves and wireless chipsets incorporate better power saving designs. Of course, by that time we will be looking at access points supporting four spatial streams and 600Mbps—and again, be waiting for the mobile devices to catch up.
As we look to support these many different mobile devices entering the market today along with their high bandwidth applications, clearly the two key areas we must consider in our wireless network designs are access point density to control cell sizes, and interference detection and mitigation capabilities to ensure that we maximise the channel utilisation in each cell.
And so, I’d like to propose two different questions to consider at the start of a wireless deployment:
How many different devices do you expect to connect to the wireless network?
And what are the applications that will run across the network and what are their associated bandwidth requirements?
Wireless and wired networks fundamentally differ at the physical layer. While its not necessarily important to understand the details of RF communications, it is important to understand the implications.
From my home network, I can successfully ping or traceroute to some IPv6 hosts, but I cannot subsequently open a web page or use other applications with it. How can this be? Maximum Transmission Unit (MTU) gotchas…
HISTORY
There is a subtle difference between IPv4 and IPv6 fragmentation strategies. IPv4 routers fragment traffic in the network when needed and then the receiving host reassembles those fragments. This generally works well, but there are a number of potential issues. Because of these issues, the IETF developed means for higher layer protocols such as TCP to determine the smallest MTU on a path and send appropriately sized datagrams in order to avoid fragmentation. The IPv6 designers presumed the presence of this Path MTU Discovery so that in IPv6, fragmentation no longer happens in the network but only at the hosts -- and then only in special cases in that absolutely require it.
This meter represents your reputation at a 100% scale based on your level of participation on the site. Find out more
Comments Off
The classic traceroute tool has become an essential tool for network engineers. Traceroute is able to discover layer-3 nodes (routers) along the path towards a destination. This information provides operators with visibility about the path towards a destination.
However, there are limitations to traceroute such as issues with traceroute following the right path (as it’s IP source address might be different), no layer-2 (switches and bridges) discovery and really only a single piece of information is returned (IP address of the router).
With mediatrace, which shares the IP header of the flow you would like to trace, you can have much better path congruency—and confidence in the discovery. The mediatrace will also not only discover the routers (as with traceroute), but also switches that are only doing layer 2 forwarding.
Mediatrace does not need to be enabled on every hop. If it is not enabled on node, the mediatrace packet will simply be forwarded through that part of the network. This is exactly what would happen in the case of your traditional MPLS-VPN network.
Figure 1. Mediatrace tracing a flow while the operator chillaxes
Now for the best part! Mediatrace can dynamically engage the performance monitor feature we talked about a few weeks ago. This allows a dynamic surgical monitoring policy to be applied for the flow we are tracing that results in hop by hop performance measurements such as loss and jitter. As is the case with all mediatrace runs, the information is brought back into a single report where it can be quickly analyzed.
Figure 2. Mediatrace integration with performance monitor
Despite the name, mediatrace is not only for voice/video flows. It is able to trace any IP flow, and is even able to engage performance monitor to gather hop by hop TCP stats.
Mediatrace is a new tool that cisco released in IOS 15.1(3)T for the ISR platforms as part of the medianet program. Over the course of 2011, this feature will proliferate across cisco’s enterprise line of routers and switches.
“The philosophy of the school room in one generation will be the philosophy of government in the next.” -- Abraham Lincoln
Given its technical complexities, it’s understandable that some people have been skeptical about business video adoption over the past few years. But video is now much more than just a technology. Like printing and voice were not so long ago, it’s an irresistible force that is fundamentally changing the way all generations create and experience culture, business, and much of our everyday existence. For example:
Video and computer game time for kids 8-18 has doubled in the past 10 years, and only 4-6% of their time is spent on print media (source: Arstechnica).
In a recent enterprise survey, 57% of respondents are planning or have already implemented some desktop video conferencing, and 44% are planning or have already implemented some IP video for training, demos, and other purposes (source: Forrester Research).
By the end of 2010, almost half of all mobile data traffic was already video, and it’s expected to grow 26 fold from 2010 to 2015 (source: Cisco Visual Networking Index).
Forward-thinking organizations embracing these trends have already come up with some wonderfully innovative new business models built on delivering video everywhere. For instance, the Khan Academy delivers free education via YouTube to millions of people worldwide, and Marriott Marquis hotels are delivering unique new guest experiences for discriminating travelers via Cisco technology.
Here’s a dramatization of delivering video anywhere to enhance education:
Most people already have IPv6 capability whether they know it or not. All Microsoft operating systems such as Windows Vista and all MacOS releases since 10.2 have IPv6 installed enabled by default. Mobile devices running Android 2.1, Apple iOS 4.0, and Symbian 7.0 are configured likewise as is nearly every *nix variant you can name. Even the venerable and ubiquitous Windows XP has a latent IPv6 stack which can be activated with a single command.
Typically, IPv6 enabled systems will prefer IPv6 connections over IPv4, so a misconfigured or malfunctioning IPv6 network will cause connectivity problems. Many popular troubleshooting regimens simply prescribe disabling IPv6 as the “solution,” which really does nothing more than to hide the underlying problem with the IPv6 network. When you have a network problem that is “solved” by disabling IPv6, you have masked the symptom of a bigger problem that warrants further investigation.
