Last week, we introduced the new IP SLA Video Operation tool to assess the readiness of a network by generating synthetic traffic to mimic real applications. When you use IP SLA VO to generate simulated RTP traffic between two sites, you can use the medianet Performance Monitor feature to measure the performance of this synthetic traffic across the network. You can also use Mediatrace to discover the network elements on the paths between the two sites. For each network element discovered in the network path, Performance Monitor can collect metrics to detect potential capacity bottlenecks and proactively identify quality issues.
In addition to the obvious use for pre-deployment assessment, many enterprises understand that the network and applications are constantly changing so it is necessary to do continuous assessments. For example, after a major scheduled network maintenance or upgrade during non-business hours, you can use IP SLA VO to simulate real application traffic and assess the impact of the network changes to minimize potential business disruption or even downtime. Another example is prior to an important event, you can use IP SLA VO to stress test the network and verify that it can handle the rich media traffic without impacting existing application performance.
Whether you are doing an initial assessment for a new deployment, an expansion to an existing deployment, or ongoing operations, IPSLA VO, Performance Monitor and Mediatrace are effective tools to identify and proactively resolve rich media problems across the network. Put this handy tool in your toolbox and you will like it.
When faced with a life changing situation such as the depletion of the IPv4 address space, the emotional reaction tends to track the Kübler-Ross model, better known as The Five Stages of Grief.
DENIAL: There is no crisis! There are lots of IPv4 addresses; we just need to reclaim the ones that are not used.
The increasing consumption rate of IP addresses combined with the natural inefficiencies inherent in IPv4 subnetting makes complete exhaustion of the IPv4 address space inevitable. In October 2010, a return of a “/8 block” (16 million addresses) added only one month to the depletion date. As of April 2011, the Asia-Pacific region alone consumes two /8 network blocks every month. No amount of conservation or reclamation can solve the problem.
ANGER: What a stupid design! How could we run out of addresses?
Vint Cerf sends his most sincere apologies. Nobody imagined the phenomenal growth of the Internet when Vint and his team defined the 32-bit IPv4 address space back in 1977. The good news is that the problem has been recognized since the 1980s and the IETF has had the successor IPv6 protocol defined since 1998. You can take advantage of more than a decade of experience in navigating this transition.
With video increasingly becoming part of how you collaborate, you need to consider the impact of this incremental video on your network. Video brings many new challenges in order to meet user expectations for a flawless quality of experience. So is your network ready for rich media?
IP SLA video operation answers this question by synthetically generating traffic mimicking real application traffic. The ability to generate realistic RTP stream similar to real life Cisco TelePresence allow you to stress the network and assess the demands these applications will impose on your network. Each type of media application can be expressed for the synthetic media generation system by media application profiles that contain personalities which incorporate characteristics such as bit rate, burst sizes, inter-packet-gaps, etc. These application profiles allow, for example, a catalyst switch to simulate the video playout from multiple places in the network. There may be multiple personalities based on different software versions or configurations of the media application. Cisco will make a set of comprehensive media application profiles available for download. IP SLA video operation, an enhancement to IP SLA, was announced on April 6, 2011 at ISC West in Las Vegas and is first introduced in IOS 12.2(58) SE on Cisco Catalyst 3750 and 3560 series switches. Over time, more products will be implementing this new operation.
A few years back I set up IPv6 connectivity on my home network for the first time. I had a rush of exhilaration when the first ping and traceroute commands completed successfully. Suddenly, I was free of Network Address Translation and bypassing my firewall, connecting directly to any IPv6 device on the Internet. But then it slowly dawned on me that those people same people could also directly connect to my device! In a panic, I wondered if my SMB shares were visible to the world, or if criminals could relentlessly probe my open ports for zero-day vulnerabilities. How could I even check if I had any open ports? My fear got the best of me and I disabled IPv6.
I contacted my friend Dan and posed my dilemma to him. How could I tell if my ports were locked down on a machine which ran IPv6? A number of sites provided port scanners for IPv4, but nobody had a general purpose scanner for IPv6. Hurricane Electric provided one, but only for devices that were on their network. Dan hacked up a primitive IPv6 open port testing site, which uses NMAP to scan an IPv6 visitor for typically vulnerable ports before issuing a simple report. I was pleased to discover that my computer did not answer on any of those commonly attacked ports.
In this process, I discovered that many modern operating systems with IPv6 enabled also come with a set of reasonable host firewall defaults which do not expose listening ports as much as I had expected based on my experience with IPv4. Many hosts with IPv6 enabled by default also come with some very sensible settings to prevent network-launched crimes of opportunity from malicious users.
IPv6 also provides a natural defense against classic portscanning attacks, where an attacker probes for commonly vulnerable ports of every IP address on a subnet. For densely packed IPv4 service provider networks with one IP address assigned per typical user, a few thousand probes across a known DSL or cable subnet can yield a rich collection of potential targets. Since the address space of IPv6 is so much larger and sparsely populated than IPv4, blind portscanning of subnets becomes impractical since a typical IPv6 subnet contains quintillions of addresses hosting a relatively small number of end devices.