Cisco Blogs


Cisco Blog > Enterprise Networks

IWAN Wed: Securing Your Transport Independence with DMVPN

In my last blog I talked about the value of Pfr to the IWAN solution. This week I wanted to talk about DMVPN and why it is going to be a critical component of your IWAN deployment.

Your IWAN topology will most likely consist of one or more internet connections which means that your data will be traveling over untrusted connections and shared environments so security is going to be top of mind. So how do you secure your data over the internet and other untrusted or shared environments? Well DMVPN (Dynamic Multi-point Virtual Private Network) is based on VPN the same technology that many of you use today to securely connect back to your office when you are traveling or working from home. A VPN will create a tunnel between two end-points and then encrypt all data traveling over the tunnel. VPN’s can connect users to a remote site, client-to-site VPN, or connect two remote sites, site-to-site VPN. Unlike VPN, DMVPN can securely connect multiple points together dynamically.

DMVPNSo how does DMVPN work and what is the benefit to IWAN?  DMVPN works on top of your WAN infrastructure which means that DMVPN tunnels will be established between branch sites as traffic flow demands. In a common hub and spoke topology example, when data needs to be sent from the spoke to the hub site, the spoke will establish a VPN tunnel to the hub by registering first with the hub.  In order for each tunnel to function a new dynamic IP address is created at the branch since the hub site will initiate the connection. In order for data to be routed between sites over the DMVPN tunnels, routing information will need to be exchanged. As more tunnels are created there will be more dynamically created IP addresses and traditional routing protocols like BGP or EIGRP are used to efficiently share routing information so all sites can talk to each other. Lastly QoS is applied to each tunnel to ensure that the hub site does not oversubscribe the spoke sites.

Read More »

Tags: , , ,

Key Annoucements at AWS Summit for the Cloud Services Router (CSR) 1000V

We continue to see significant interest in the CSR 1000V as customers look for robust routing and VPN solution for securely connecting users and branch offices to the Cloud. Last week at the Amazon Web Services Summit in San Francisco Cisco announced a number of key enhancements to its Cloud Services Router (CSR) 1000V for AWS that increase throughput, reduce cost and make it easier for you to get support. These enhancements are explained in more detail below:

  • Hourly billing on a pay-as-you-go basis reduce upfront costs and enable you to get started with minimal upfront costs. You can find out more at the CSR AWS Marketplace page which includes a 30-day free trial.
  • Higher throughput of 100MB gives you faster access to your applications and data.
  • Enhanced support to help you deploy and install the CSR. The new CSR AWS Community is an online community managed by Cisco TAC and CSR Product Management.
  • Testing environment. Deploy and explore the value and benefits of the CSR1000V on the AWS cloud in a lab environment using the CSR AWS Test Drive Lab. The current CSR 1000V lab includes up to 4 hours of complimentary AWS server time for you to try and evaluate a live CSR.

Don’t forget that you can still try the CSR free for 60-days in AWS with the BYOL version. Visit www.cisco.com/go/csrtrial to get started. For those of you still deciding on how to move to the Cloud, I encourage you to read my last blog post  where I talk about some of the key considerations you should take into account when making a decision. Lastly our technical marketing organization has put together a detailed video showing with 3 simple steps on how to deploy the CSR 1000V in Amazon Web Services. With all these support resources and free trials there is no excuse to not get started today!

Tags: , , , , ,

Cisco ISR 4451-X Wins Best of Interop for Networking – No Fooling!

 130A0355The Interop Las Vegas team chose April Fools’ as the day to announce the Best of Interop winners – a curious choice some may say. But, there was no fooling when the Interop team announced the Cisco ISR 4451-X Converged Branch Infrastructure for the Best of Interop Networking category.

Here is what judge Kurt Marko wrote about the solution:

“Convergence has been a persistent theme at Interop for several years, yet it’s typically been applied to data center infrastructure. With the ISR 4451-X branch office router platform, Cisco is … transforming a product line that began as a way to connect remote sites to corporate networks and the Internet into a small-scale data center in a box…a very small, 2U box. … The product’s innovative hardware design splits the control and data planes between two multi-core CPUs. … The 4451-X is poised to address the gap between networking functions that are fully virtualized and those that are still embedded in dedicated networking devices. While edge devices with varying degrees of virtualization have preceded it, Cisco has exploited its UCS expertise to meld the traditional networking features of its branch platform with a general-purpose compute engine, opening the door to levels of integration that allow a blurring of where computing ends and networking begins. As organizations transition to greater virtualization of applications and network services, as embodied by NFV, the 4451-X will facilitate the shift and could serve as a model for future converged hardware designs.”

It is great validation that industry experts like Kurt Marko and other Interop judges understood the importance of convergence in the branch with an architecture that delivers unprecedented compute and WAN service performanceThis advancement in routing comes at a very important time, when the industry is quickly migrating to mobile-cloud architectures and preparing for the Internet of Things. Both trends have dramatically changed branch requirements and have raised the dependency on the network to support business operations. Read More »

Tags: , , , , ,

IWAN Wed: Faster Service Delivery with NFV

As part of our IWAN series I wanted to take a closer look into what trends are impacting the Service Providers. My previous blog talked about how Enterprises can use the CSR 1000V  to migrate to the Cloud. This week I wanted to talk about how Service Providers are using the CSR to deliver services to their customers.

Historically Service Providers deliver services like routing, firewall and VPN to customers by installing multiple hardware products at the customer site. At the customer site the location where the customer and Service Providers network meet is referred to as the customer premise equipment or CPE. The hardware installed at the CPE is often specialized for different network functions, and the architecture and associated management systems are designed by the Service Provider. This approach provides reliable network services to business customers however it can become complex as more network services are added and it is not very flexible when it comes to adding new services. As a result when businesses demand more services or capacity, Service Providers can be slow to respond and will ultimately see an increased time-to-revenue.

Network Function Virtualization (NFV) aims to overcome these challenges by allowing network services to be moved, or instantiated, in various locations in the Service Provider network on demand and without the need for the installation of specialized hardware equipment.  For NFV to work it requires industry vendors like Cisco to virtualize network functions like routers just like we did with the CSR 1000V. We took our IOS XE operating system from the Aggregation Services Router (ASR) 1000 which was already tried and tested in Service Providers networks and turned it into a virtual form factor that can be run on any off-the-shelf x86 server. Cisco has many more products that are in virtualized form factors and the list includes but is not limited to:

•    Virtual Wide Area Application Services (vWAAS)
•    Virtual Wireless LAN Controller (vWLC)
•    Virtual Mobility Service Engine (vMSE)
•    Virtual Security Gateway (VSG)
•    Virtual Network Analysis Module (VNAM)
•    Virtual Identity Services Engine (vISE)
•    Virtual Adaptive Security Appliance (vASA)
•    Nexus 1000v vSwitch (N1Kv)

The primary benefit of NFV is the ability to use the same data center equipment and management tools that Service Providers currently use for their internal networks to host and manage network functions for their customers. The new vCPE has a reduced hardware footprint, simplified infrastructure and requires less customization. Core network functionality shifts to the Service Provider network where the  pooling of resources increases flexibility allowing them to deploy services faster and scale them according to customer demand.

The benefits to of NFV are significant, however the transition will take some time due to the complexity and size of Service Provider networks. Look out for more blog posts around NFV and the vCPE as I explore in more detail the challenges of moving to this new architecture. In the mean time I encourage you to download a new CSR case study about MiroNet AG, a Swiss Cloud and Infrastructure provider that is using the CSR to deliver new differentiated services to its existing customers while simultaneously attracting new customers.

Tags: , , , ,

Catalyst Virtual Switching System and Instant Access (VSS – IA) Lab at Cisco Live US

March 31, 2014 at 6:00 am PST

CLUS14May is fast approaching.  Many people at Cisco, myself included, are making a lot of preparations for Cisco Live US which is May 18 -- 22, 2014 in San Francisco. This is a special year when Cisco Live returns to San Francisco. You might be wondering what’s special, and here’s a quick tip.  It happens only every five years, when it’s a major Cisco anniversary year.  Last time it happened, it was 2009 when Cisco celebrated its 25th anniversary.  Over 10,000 people attended Cisco Live US that year. This year is Cisco’s 30th anniversary. The attendance is expected to be more than doubled. Here’re a few reasons that explain the rapid growth, based on 2013 the Cisco Live surveyed attendee feedback:

  • 99% believe that Cisco Live was a good investment of their time
  • 98% advised they gained valuable knowledge at the event that can be implemented by their company

Every year, new content and topics are being added so that you can keep up with technology evolutions and progress. I want to bring your attention to an exciting new hands-on, instructor-led training session: LTRCRS-2004 Catalyst Virtual Switching System -- Instant Access (VSS -- IA) Lab. It was first offered at Cisco Live Milan in January this year. It was a full house event – many people were put on the wait list because they did not register early enough. Read More »

Tags: , , , , ,