Cisco Blogs


Cisco Blog > Enterprise Networks

IWAN Wed: Securing Your Transport Independence with DMVPN

In my last blog I talked about the value of Pfr to the IWAN solution. This week I wanted to talk about DMVPN and why it is going to be a critical component of your IWAN deployment.

Your IWAN topology will most likely consist of one or more internet connections which means that your data will be traveling over untrusted connections and shared environments so security is going to be top of mind. So how do you secure your data over the internet and other untrusted or shared environments? Well DMVPN (Dynamic Multi-point Virtual Private Network) is based on VPN the same technology that many of you use today to securely connect back to your office when you are traveling or working from home. A VPN will create a tunnel between two end-points and then encrypt all data traveling over the tunnel. VPN’s can connect users to a remote site, client-to-site VPN, or connect two remote sites, site-to-site VPN. Unlike VPN, DMVPN can securely connect multiple points together dynamically.

DMVPNSo how does DMVPN work and what is the benefit to IWAN?  DMVPN works on top of your WAN infrastructure which means that DMVPN tunnels will be established between branch sites as traffic flow demands. In a common hub and spoke topology example, when data needs to be sent from the spoke to the hub site, the spoke will establish a VPN tunnel to the hub by registering first with the hub.  In order for each tunnel to function a new dynamic IP address is created at the branch since the hub site will initiate the connection. In order for data to be routed between sites over the DMVPN tunnels, routing information will need to be exchanged. As more tunnels are created there will be more dynamically created IP addresses and traditional routing protocols like BGP or EIGRP are used to efficiently share routing information so all sites can talk to each other. Lastly QoS is applied to each tunnel to ensure that the hub site does not oversubscribe the spoke sites.

Read More »

Tags: , , ,

Best of Interop – Tokyo Winner: Cisco Cloud Services Router (CSR) 1000V !

Networking as a technology has been around for decades now and most people consider it to be mature with a crawling pace of innovation.  But with big market transitions like cloud computing, nothing can be further from the truth as the Cloud Services Router (CSR) 1000V has proven with its announcement at Cisco Live! – San Diego on June 12th as part of our Cloud Connected Solution launch

Read More »

Tags: , , , , , , , , , , ,

Why Cisco, Not Juniper? OpEx, CapEx and the Frankenkluge in the Branch Office Closet

One of the great things about being at Cisco HQ in Silicon Valley is the wonderful diversity we have here. Although you don’t really get seasons you do get an awesome mix of people. A recent stroll around the lake at Shoreline Park revealed people speaking English, Russian, German, Japanese, Chinese, Korean, Vietnamese, Hindi and some other languages I could not identify. Similarly sushi, butter chicken and naan, pho, bulgoki and bahn mi are all easy to find for the diversified, international foodie.

However, when I go out for Indian food with my friends, they almost always insist on going to a buffet in Mountain View called Passage to India. Partially because they usually have a huge assortment of “desi-chinese” dishes such as Gobi Manchurian and Chilli Chicken but largely because they see the buffet being a tremendous value. Little chicken tikka masala, little tandoori, little goat curry, some gulab jamun – enjoy them all, they are all included in a well integrated package. A la carte approaches make it hard to enjoy such variety, as each additional dish is usually priced like the main part of a meal.

Reminds me of the whole Cisco vs Juniper thing for the branch.

We took a look at the cost of building a modern, secure, integrated services network for the branch, incorporating the functionality and services that you would want in a new branch deployment, you know, things like security (firewall, IPS, VPN), video, server virtualization, WAN optimization, video optimization, 4G backup and Unified Communications. Doing all this with Cisco was pretty easy, all you need is an ISR, which we spec’ed out as an ISR 3945 for our hypothetical 150 person branch (with a 45Mbps WAN bandwidth). Implementation was cheap and easy, particularly when you consider all the capabilities that you were getting.

Read More »

Tags: , , , , ,

The Aluminum Falcon and Turning Security up to Eleven on the ISR

Suzuki Hayabusa Turbocharged compared to Cisco ISR web security with Cisco Scan SafeFor years, I rode a Suzuki Hayabusa, a hypersports motorcycle with a very large engine. Felt like Han Solo’s (he shot first, you know) Millenium Falcon when you opened the throttle – instant, strong forward movement regardless of speed or gear. Open throttle and you are heaved down the road. Thus, I had to name the machine something. It was a grotesque bronze color, so for a while I called her the Copper Rhino, but eventually I settled on the name Aluminum Falcon (Hayabusa is the Japanese name for a variant of the Peregrin Falcon) as a good play on the name Hayabusa and also because the intake system set up a resonance in the upper midrange that reminded me of the warbling cry of a Wookie.

Read More »

Tags: , , , , , ,