Cisco Blogs


Cisco Blog > Enterprise Networks

IP SLA Video Operation Part 2 – How to use it? When to use it?

Last week, we introduced the new IP SLA Video Operation tool to assess the readiness of a network by generating synthetic traffic to mimic real applications. When you use IP SLA VO to generate simulated RTP traffic between two sites, you can use the medianet Performance Monitor feature to measure the performance of this synthetic traffic across the network. You can also use Mediatrace to discover the network elements on the paths between the two sites. For each network element discovered in the network path, Performance Monitor can collect metrics to detect potential capacity bottlenecks and proactively identify quality issues.

In addition to the obvious use for pre-deployment assessment, many enterprises understand that the network and applications are constantly changing so it is necessary to do continuous assessments. For example, after a major scheduled network maintenance or upgrade during non-business hours, you can use IP SLA VO to simulate real application traffic and assess the impact of the network changes to minimize potential business disruption or even downtime. Another example is prior to an important event, you can use IP SLA VO to stress test the network and verify that it can handle the rich media traffic without impacting existing application performance.

Whether you are doing an initial assessment for a new deployment, an expansion to an existing deployment, or ongoing operations, IPSLA VO, Performance Monitor and Mediatrace are effective tools to identify and proactively resolve rich media problems across the  network. Put this handy tool in your toolbox and you will like it.

Learn more:

Tags: , , , , ,

IPv6: The Five Stages of Grief

When faced with a life changing situation such as the depletion of the IPv4 address space, the emotional reaction tends to track the Kübler-Ross model, better known as The Five Stages of Grief. 

DENIAL:  There is no crisis!  There are lots of IPv4 addresses; we just need to reclaim the ones that are not used. 

The increasing consumption rate of IP addresses combined with the natural inefficiencies inherent in IPv4 subnetting makes complete exhaustion of the IPv4 address space inevitable.  In October 2010, a return of a “/8 block” (16 million addresses) added only one month to the depletion date.  As of April 2011, the Asia-Pacific region alone consumes two /8 network blocks every month.  No amount of conservation or reclamation can solve the problem.

ANGER: What a stupid design!  How could we run out of addresses?

Vint Cerf sends his most sincere apologies.  Nobody imagined the phenomenal growth of the Internet when Vint and his team defined the 32-bit IPv4 address space back in 1977.  The good news is that the problem has been recognized since the 1980s and the IETF has had the successor IPv6 protocol defined since 1998.  You can take advantage of more than a decade of experience in navigating this transition.

Read More »

Tags: ,

IP SLA Video Operation – A powerful tool to mimic the real traffic demands on your network

With video increasingly becoming part of how you collaborate, you need to consider the impact of this incremental video on your network. Video brings many new challenges in order to meet user expectations for a flawless quality of experience. So is your network ready for rich media?

IP SLA video operation answers this question by synthetically generating traffic  mimicking real application traffic. The ability to generate realistic RTP stream similar to real life Cisco TelePresence allow you to stress the network and assess the demands these applications will impose on your network. Each type of media application can be expressed for the synthetic media generation system by media application profiles that contain personalities which incorporate characteristics such as bit rate, burst sizes, inter-packet-gaps, etc. These application profiles allow, for example, a catalyst switch to simulate the video playout from multiple places in the network. There may be multiple personalities based on different software versions or configurations of the media application. Cisco will make a set of comprehensive media application profiles available for download. IP SLA video operation, an enhancement to IP SLA, was announced on April 6, 2011 at ISC West in Las Vegas and is first introduced in IOS 12.2(58) SE on Cisco Catalyst 3750 and 3560 series switches. Over time, more products will be implementing this new operation.

Read More »

Tags: , , , , ,

Overcoming the Fear of IPv6

A few years back I set up IPv6 connectivity on my home network for the first time.  I had a rush of exhilaration when the first ping and traceroute commands completed successfully.  Suddenly, I was free of Network Address Translation and bypassing my firewall, connecting directly to any IPv6 device on the Internet.  But then it slowly dawned on me that those people same people could also directly connect to my device!  In a panic, I wondered if my SMB shares were visible to the world, or if criminals could relentlessly probe my open ports for zero-day vulnerabilities.   How could I even check if I had any open ports?  My fear got the best of me and I disabled IPv6.

I contacted my friend Dan and posed my dilemma to him.  How could I tell if my ports were locked down on a machine which ran IPv6?  A number of sites provided port scanners for IPv4, but nobody had a general purpose scanner for IPv6.  Hurricane Electric provided one, but only for devices that were on their network.  Dan hacked up a primitive IPv6 open port testing site, which uses NMAP to scan an IPv6 visitor for typically vulnerable ports before issuing a simple report.  I was pleased to discover that my computer did not answer on any of those commonly attacked ports.

In this process, I discovered that many modern operating systems with IPv6 enabled also come with a set of reasonable host firewall defaults which do not expose listening ports as much as I had expected based on my experience with IPv4.  Many hosts with IPv6 enabled by default also come with some very sensible settings to prevent network-launched crimes of opportunity from malicious users.

IPv6 also provides a natural defense against classic portscanning attacks, where an attacker probes for commonly vulnerable ports of every IP address on a subnet.  For densely packed IPv4 service provider networks with one IP address assigned per typical user, a few thousand probes across a known DSL or cable subnet can yield a rich collection of potential targets.  Since the address space of IPv6 is so much larger and sparsely populated than IPv4, blind portscanning of subnets becomes impractical since a typical IPv6 subnet contains quintillions of addresses hosting a relatively small number of end devices.

Despite the sensible security posture of IPv6, a network based firewall provides additional protections by thwarting attacks at the network perimeter, analyzing connection context and allowing greater control of policy and analytics.  An IPv6 Quick Start Guide for the Cisco ASA can be found in the World IPv6 Day – IPv6 Transition community at the Cisco Support Forums.  Please visit this forum and ask questions.  Overcome your fear of running IPv6 and start reaping the benefits of running IPv6 on your own network in time for World IPv6 Day.

Tags: ,

Mediascope

March 29, 2011 at 9:25 am PST

A few weeks ago, we introduced a new tool for network operators called mediatrace. On the router and switches, a mediatrace report presents several stanzas of data collected along a particular path. While the report is useful, there is a very high information density and the network operator could overlook an important item at a casual glance.

Mediascope was created as an intern project at Cisco to help in the visualization of mediatrace data. Mediascope uses the IOS Web Services Management Agent (WSMA) interface to execute mediatrace commands. As a flash based tool, mediascope can be hosted on a regular web server in your network and be available for general users (well except for ipad/iphone!).

The user initially logs into the mediascope tool with a mediascope specific password. Then the target router is identified and credentials for that node are provided. At this point, the user can ask mediascope to dynamically configure IOS performance monitor to discover the flows traversing the target router. The discovered flows are dynamically displayed in a list allowing the user to select the interesting flow and then continue on to the specific metrics to be gathered (lower part of Figure 1 below).

Figure 1. Mediascope Flow selection and Data Retrieval Selection

Figure 2. Mediascope Result Visualization

In Figure 2, we can see the result of the mediatrace run. Note from Figure 1 that the y-axis in the chart is selectable, as are the meanings of the color. In our example, the height of the circles conveys number of IP packets seen for the monitored flow, size conveys CPU utilization, and conditional coloring based on number of packets lost and jitter values. Of course, a much simpler chart could be constructed, but we wanted to show how easily very dense information could be represented.

Using the chart the operator is able to quickly identify the node that is at high CPI, but also the node that seems to be seeing packet loss.

We had a lot of fun creating mediascope. Check out our multi-language demos on YouTube!  We invite you to make your own audio version- with the challenge of no English words at all. I’m hoping we’ll see one in Klingon soon!

Mediascope demo: English German Spanish

Mediascope is open sourced under the BSD license.

http://medianet.sourceforge.net/

Tags: , , , , , , ,