Cisco Service Provider Blog

« January 2008 | Main | March 2008 »

February 27, 2008

IPSec

Co-authored with Shyam Kota, Product Manager at Cisco working towards a secure Internet infrastructure

With the advent of Web 2.0 applications, enterprises and their respective service providers are viewing the network as a service enabler that transports critical business applications. Doing so over the public internet is considered risky from an infosec perspective, prone to loss of data confidentiality to hackers and fraud. To ensure secure transport of data, various proprietary protocols were developed - however the scope of these were limited to the application they were designed to serve. To overcome such limitations and ensure a uniform end-to-end security framework, IPSec for IP was developed by IETF.

What makes this Possible?
Designed by the Internet Engineering Task Force (IETF) as the security architecture for the Internet Protocol, IPSec defines IP packet formats and related infrastructure for transporting IP traffic with end-to-end authentication, ensuring integrity and confidentiality for network traffic. IPSec protocol allows for negotiation of IPSec policies and security associations and transporting encrypted data over any network (public or private) between trusted peers/systems.

The Solution
For transport of data securely, two common approaches are available. For telecommuters and remote users, IPSec tunnel can start at the end user (PC) and terminated at the SP edge. The data from the user can be transported securely over the internet and decrypted at the SP edge and sent to the final destination over an IP/MPLS network.

The other approach is to create a IPSec tunnel between Enterprise edge and the SP edge, whereby all traffic is encrypted by default.

The first approach allows for secure remote access for all users and requires support for termination of potentially thousands of IPSec tunnels at the SP edge. The latter approach allows for secure data transport for enterprises between headquarters and branch offices via the SP core network.

For service providers, the ability to offer secure VPN service in the network is very appealing value add. This approach can also enable offering new services rapidly, in areas where the SP does not have a services footprint. Cisco has a complete portfolio of solutions that provide IPSec support. The workhorse of the service provider edge platforms - Cisco XR-12K - introduces this functionality via the IPSec shared port adapter - each of which can deliver up to 2 Gbps of AES and 3DES encrypted data traffic along with scaling up to 16,000 site-to-site or remote-access IPsec tunnels simultaneously.

Posted by Kelly Ahuja at 03:31 PM Permalink | Comments (0) | TrackBacks (0)

February 26, 2008

Welcome to The Exabyte Era

The next big wave of IP traffic growth is upon us, which will be having dramatic impacts on the providers and their networks. At the “Core” of it all (please forgive the pun and foreshadowing…) is the empowered consumer, who is using video and Web 2.0 networked-based applications in ways unforeseen just a few years ago and, in turn, is helping to inspire major changes at the business customers as well. Randall Stephenson, Chairman and CEO of ATT, recently made a comment that the bandwidth glut of the past is gone and, ironically, was exhausted by “primitive” applications (Click here for a Light Reading story of Mr. Stephenson’s comments) – as more sophisticated applications come about into the mainstream, such as telepresence and more high-definition video, the need for bandwidth will sky-rocket.

From Cisco’s perspective, we are projecting this surge in the amount of bandwidth required to be massive, growing from 6.6 exabytes a month in 2007 to nearly 29 exabytes per month -- more than quadrupling in less than a half decade.

To put this in context, 29 exabytes a month is equivalent to:
29,000,000,000 Gigabytes.
Or nearly 144 times all of the world’s printed matter.
Or nearly six times all the words spoken. Ever.
Or 7,250,000,000 DVDs streamed online.
Or 1160 times the amount supported by the U.S. Internet backbone in 2000.

These growth figures were gained from a modeling exercise we did using third party analyst forecasts on service growth and then, with the base assumptions on the use of those services, determined the resulting traffic impact on the network itself. Such insight helps both Cisco and our SP customers prepare for what’s ahead as implications are wide-ranging throughout the network including the hub of it all, the Core, which we’ll be talking about more soon.

I’ll cover this study further in a future post, and, if you just can’t wait, please check out the great whitepaper that Arielle Sumits, our lead researcher on this topic, put together on the study.

In the interim, don’t forget to register for the big announcement and launch event we have planned for March 4th. I’d very much welcome your thoughts on it.

Until then, thanks for reading,
Doug

Posted by Doug Webster at 05:25 PM Permalink | Comments (0) | TrackBacks (0)

The End of Gs

cisco_gsm.pngFinally back on California time, after a busy week in Barcelona at the Mobile World Congress. The GSM Association, which owns the event, changed the name from the 3GSM World Congress, dropping the reference to 3G. In part, this represents the desire to attract participants from the information technology, financial services and entertainment industries (including Robert Redford). But dropping references to radio technology (2G GSM or 3G W-CDMA) also suggests the "end of Gs" for the mobile industry.

Not that new radio technology was ignored at the Congress. Many heralded the arrival of 3GPP Long-Term Evolution radios (although the impression of imminence is undermined by the LT in LTE), others exhibited WiMax (including Cisco), and femtocells generated much interest (including partner ip.access). But the notion of 4G replacing 3G, which replaced 2G, which replaced 1G, makes decreasing sense as a framework to describe the future.

Past evolution was driven by changes in radio technology, from analog to digital and then to CDMA. As the radio technology changed, the standards bodies (3GPP and 3GPP2) also changed the core. But future radio evolution is unlikely to come in tidy generations. Instead, mobile networks will use an increasing blend of radio access.

The ongoing evolution is now driven by a change in dominant payload, shifting from voice to data, with traffic shifting even faster than revenue. Data demands ever higher bandwidth. Fortunately, Moore's Law will unleash ever faster radios (and in more combinations), but business cases will spread their adoption over time, while history and regulation spread their adoption across geographies. Also, physics and economics dictates different radios for different applications, for slower speeds over longer distances, like cellular, and higher speeds over shorter distances, like WiFi.

Thus, mobile operators should expect not a monochromatic shift from 3G to 4G, with a simultaneous re-engineering of the core network. Instead, they should plan for a rich palette of radio access, with a core comprising a network of these access networks, that is, a core mobile internetwork. This change explains why so many mobile operators increasingly consider IP the foundation, around which to array the growing collection of radio technology. New radios should have no more effect on architecture and applications, than upgrading links from shared 10 Mbps to 1 Gbps Ethernet.

woman_bird.png Of course, this focus on the mobile internet and IP is exciting for Cisco, but it also raises the challenge of accelerating our mobile gateways to meet the traffic growth. At the Congress, we demonstrated the SAMI platform for mobile gateways (GGSN, PDSN, content services), which Current Analysis recently tested up to 54 Gbps, making it the fastest in the industry by a factor of more than five times. With the growth in traffic from the iPhone and other devices, it comes into service just in time.

As always, Barcelona was full of beauty and fun. In a park near the Congress, I came across a huge outdoor sculpture by Joan Miró, called "Dona i Ocell" ("Woman and Bird"). While photographing it with my camera phone, I noticed the pigeons behind me squawking very strangely. Only they weren't pigeons, they were parrots living in the palm trees. More international arrivals, along with the Mobile World Congress participants, all trying the patience of the locals with our chatter.

Posted by Larry Lang at 09:44 AM Permalink | Comments (0) | TrackBacks (0)

February 19, 2008

"It’s the application stupid!"

mwc_logo.gifAnticipation was building... show organizers even changed the event’s name to “Mobile World Congress” (MWC) to acknowledge the evolution of the industry. The stage was set for a technology debate around HSPA, LTE and WiMAX. Many were prepared to engage in the rhetoric and race for mobile access technology supremacy. There was plenty of hype as Intel, Ericsson, NSN, and other corporate titans attempted to increase mindshare for their particular solution or approach.

In the end, it was the small guys who captured the attention and headlines─the companies who focused on the delivery of a rich mobile user experience. "It’s the application stupid" was the theme that stole the show (see "Green Porno—a series of short films designed for cell phones and computers; provocatively named for search recognition). As Softbank CEO, Masayoshi Son and Vodafone CEO Arun Sarin pointed out in their keynotes, the Internet, entertainment and mobility are where the world is heading. Mr. Son even went so far as to say, "Voice will be offered for free" Wow... how times have changed.

So what is the killer app?

Well, you could say new search techniques from Yahoo!, Skype for mobile, fixed-mobile services, social networking, video chat, financial services, targeted advertising, or just the high-speed access to the Internet; the list goes on and on. Indeed, application innovation was a common thread throughout the MWC halls; big guys and little guys each demonstrating what is possible now that we have deployed high-speed mobile broadband (pick your access type). Combine that infrastructure with fast handset processors that support appealing graphics and one could confidently suggest that mobile operators are ready and primed to serve as a growth engine for their shareholders and the Connected Life economy at-large.

With all the excitement around new applications that use the high-speed data path of a mobile network, one has to ask, “How will the mobile operator make money on all this Internet traffic?” Is it the Apple-ATT over-the-top approach? Or Verizon Open access initiative? We have seen this movie before in the fixed world and the service providers’ ability to increase bandwidth and revenue from end-users (simultaneously) has proved difficult in competitive markets. My suggestion to mobile carriers: leverage the intelligence in your network. Turn these “smarts” into sustainable business advantages by allowing consumers to personalize services and offering tiered, premium services (for a fee) that consumers value and are willing to buy.

By all means, don't give it away.

Stay tuned for more.

Posted by Jeff Spagnola at 03:53 PM Permalink | Comments (1) | TrackBacks (0)

February 14, 2008

Valentines’ Day Quote from Cupid

Ok, so I know I’ve already mentioned the uber-users campaign we have going on and the Web 2.0 aspects it brings to us, but considering the day and the challenges that so many of us have had with finding love – past, present or future – I figured it would only be appropriate to get a better idea of the challenges that Cupid goes through as well…

Happy Valentines’ Day!

Posted by Doug Webster at 07:32 AM Permalink | Comments (0) | TrackBacks (0)

February 11, 2008

Are you a network uber-user?

Uber UserWe just kicked off a new marketing campaign, focused on the uber-users of the network, to act as a run-up to a major announcement we are planning in a few weeks time. Instead of taking a traditional approach of interviewing enterprises and providers as to the challenges they are facing with network, we directed our questions to the likes of Santa Claus, the Stork, Cupid, the Easter Bunny, and a Unicorn, all of which face some daunting operational issues which must be addressed by the network.

Such an approach is a bit different for Cisco. Admittedly, we are showing our fun side which many of our customers and constituents have encouraged (at dinners with analysts, I’ve heard “why are you always so serious in briefings… you’ve earned the credibility to joke around now and then”). Beyond just the tone, though, and more applicable for this forum, our uber-users campaign is also a way for us to embrace the viral marketing benefits that are possible with Web 2.0. With the “tell a friend” function, we are hoping to have these passed about amongst our customers, and in the process, target the news of our upcoming announcement to the parties that are interested in it the most, far more efficiently and broadly than what we could achieve through other, often costly means. This represents us to not only talk about the Human Network but to benefit from it as well. (Our promotional effort will have ties to the larger Human Network campaign itself too, but we can talk about that later….)
So what’s your take on this?

And, are you, too, a networking uber-user?

Posted by Doug Webster at 11:27 AM Permalink | Comments (0) | TrackBacks (0)

February 10, 2008

Paradigm Shift in IP Mobility (CMIP to PMIP)

Mobile operators and service providers have been looking for efficient solutions to the inter-domain IP mobility for the past fifteen years or so. The main motivation for this effort was the ability to continue an IP session when a host IP address had to change due to mobility. Client Mobile IP (CMIP for short) was introduced by Internet Engineering Task Force (IETF) to overcome this problem.

The CMIP allows a mobile terminal (e.g., a laptop or a PDA) to keep its transport connection opened and continue to be reachable while moving. The CMIP also provides a common IP layer mobility across different access technologies. This would be quite attractive for mobile operators who might own several access networks of different types such as WiMax, 3GPP2 High Rate Packet Data (HRPD), or 3GPP Long Term Evolution (LTE), etc.

While CMIP ensures seamless mobility for the user session but it introduces some deficiencies such as waste of airlink capacity due to signaling overhead and added complexity to the mobile terminal by requiring the client IP mobility software.

To alleviate this problem IETF NETLMM WG is currently developing a protocol so called Proxy Mobile IP (PMIP) based on a network-based mobility management approach. The PMIP eliminates signaling overhead, reduces software complexity/cost and poses no requirement for a network interface to change IP address when the mobile node changes to a new router. The IETF standards for PMIP (PMIPv4 and PMIPv6 drafts) are primarily authored by Cisco IP mobility experts and SP network architects. Both drafts are near completion and will be published as new RFCs soon.

Posted by Rajiv Kapoor at 11:01 PM Permalink | Comments (1) | TrackBacks (0)

February 08, 2008

Tapping into the world of a miscreant economy

I just found out the other day that two colleagues were recent victims of 'identity theft'. One had her credit card number stolen, not once but two times, amounting to fraudulent charges at Walmart and K-Mart, as well as an additional credit card balance transfer of $16,000. The other colleague had someone attempting to take out a huge bank loan using her credit credentials.

But as I am finding out, security issues are not limited to credit card fraud. Digging a little more into this topic, I came across recent headlines mentioning 'storm'----an ever-growing Botnet that is estimated to have infected between 1 million and 50 million computers. Botnets are becoming the foundation of elaborate extortion schemes including identity theft. Motivated by political or economic objectives, botnets can cost businesses as well as service providers millions of dollars each year. Such electronic schemes are underlining a fundamental paradigm shift in the miscreant economy---a community that engages in cyber crime-related activities for financial reward.

The costs of “loss” are staggering

Just last month, 337,000 voters in Davidson County (Nashville) had their identities compromised with a laptop theft; this loss was estimated to cost $1M which covers identity protection for those affected. And what is the going rate for stolen information these days? According to Trend Micro, the hacker black market can get you a credit card number with PIN for $490, a driver’s license can be bought for $147 and a PayPal account logon and password can be bought for a measly $6. There are still other ways where stolen identity and personal information can materialize in real money. I watched the Dateline program on NBC where Chris Hansen ran an interesting investigative report on have you been scammed?, foiling an elaborate crime ring of purchasing of goods online with illegal / stolen credit cards items. There were legitimate physical drop off points in the US for merchandise purchased with stolen credit cards, which in turn, were shipped off to an overseas non-traceable destination.

The role of the Service Provider

What it boils down to it this: service providers must enhance their value propositions and offer “better” managed security-enabled services to the end user. Providers must offer increased service and value guarantees to their customers in order to help protect both their networks and services.

Providers readily offer encrypted VPN services to businesses accepting VISA and Master cards to be compliant with PCI-DSS standards. However, protecting endpoints such as laptops and 3G phones from miscreants via NAC and content filtering technology with managed security services offer portfolio would go a long way to deploy “defense-in-depth” security philosophy. Providers can really help protect valuable and confidential information for businesses and residential customers and become their ‘trusted partner’.

Posted by Jeff Spagnola at 12:32 AM Permalink | Comments (0) | TrackBacks (0)

February 04, 2008

Negotiating with a 2 year old (aka Rising Expectations)

Dora.jpgIt was a long day of travel with the family, and while I am a bit more used to the rigors of travel, it is particularly taxing on the kids. My oldest responds one way to travel, invariably wanting to go swimming even when we check into a hotel late at night, just to burn off energy stored while in a cramped seat. My youngest, though, wants to try to regain the routine she is used to at home.

To accommodate her, my wife and I packed her favorite blanket, her sound machine to help her sleep, and her favorite doll du jour. On this trip, though, when we got to the room, I quickly realized that I was not well prepared, when my little girl looked up at me and said it:

IwantDora.”

It was 9 o’clock at night – well past her bedtime, and I just wanted to get her settled. Showing an episode of her favorite show would have made total sense, but I simply forgot to pack the DVD, and for some reason, there isn’t as much of demand for the exploits of the bilingual cartoon character and her friend Boots on primetime TV as there is at my house. I had nothing, and had to break the bad news to her.

“IwantDora-please!” was the response.

Given that she is two, tired, out of her regular rhythm, and awfully cute (yes, she takes after her mother), I wanted to do whatever I could to pacify her and make amends, but I couldn’t. Unlike our home with its multiple digital video recorders (DVRs) where we can watch any show at any time, our hotel room was downright antiquated. We had to watch shows on the schedule of the broadcaster with only a few options to choose from. For quite literally her entire life, she has never had to do this – DVRs aren’t a great new technology but more tablestakes in her on-demand, high def world where video calls to her cousins are common and she can reach her father anytime, anywhere on speed dial.

In discussions on the service provider industry, we talk about rising expectations of consumer and the evolving dynamic that users have with their providers, but this was a case where it was front and center for me – and obvious that what I may think of as understandable limitations of a technology for me isn’t at all reasonable to others.

I can only imagine what the expectations my daughter’s two year old will have in a few decades. Hopefully, when that time comes, she’ll be a better negotiator than her father, who committed to both buying her a car when she turns 16 and a trip to the vending machine…

Posted by Doug Webster at 05:15 PM Permalink | Comments (0) | TrackBacks (0)

 

Legal Disclaimer

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.

© 1992-2007 Cisco Systems, Inc. All rights reserved.