Security is hot topic on everyone’s mind and for IT it is a constant challenge to stay ahead of the latest threats and vulnerabilities that their organizations face on a daily basis. Take a quick look at the news and it won’t take you long to find an article talking about the latest cyber attack that resulted in the leak of personal data. So what can organizations and more specifically IT teams do to protect themselves from threats and vulnerabilities. Personally I don’t think you can protect yourselves from all threats and vulnerabilities. Cyber threats will continue to exist and cyber criminals will continue to develop increasingly sophisticated attacks to evade even the most robust security barriers. Even if you were to isolate your network from the internet an intruder could overcome your physical security and launch an attack from within your organization.
So what can you do to protect yourself? I view security as a way to reduce your exposure to threats and you should at a minimum make sure you have the appropriate security measures in place to reduce your exposure to threats and vulnerabilities. While you may never be able to stay one step ahead of cyber attacks you should be in a position to detects threats and be able to mitigate them as fast as possible to reduce your exposure.
Read More »
Tags: Advanced Malware Protection, AMP, Cloud web security, CWS, DMVPN, firewall, IDS, IPS, ISR 4000, ISR4k, IWAN, routers, security
These are just a few of the many questions that were asked on the webinar ‘How to Deliver Uncompromising Branch Application Performance‘:
- Would DMVPN also allow me to easily integrate networks using multiple MPLS providers?
- Is there a specific router model, IOS required for a PfRv3 branch controller and master controller?
- Can you explain how the direct spoke-to-spoke routing is accomplished when using DMVPN?
- Is using BGP with DMVPN scalable? Wouldn’t we have to define each neighbor?
Read More »
Tags: DMVPN, hybrid WAN, Intelligent WAN, ISR 4000, IWAN, PfRv3
A few weeks back, Gartner analyst Bjarne Munch stated, “Internet and MPLS play an equally important role for enterprise connectivity. Network planners must establish a unified WAN with strong integration between these two networks to avoid performance problems.”[i]
So, why should IT move to a hybrid WAN architecture? What are the benefits?
#1 – Control Costs
Growth in bandwidth demand is overwhelming customer networks, particularly at the branch. IP traffic is expected to grow three times over the next five years due to video, cloud applications, rich media and data center centralization. At the same time, Nemertes’ 2014 WAN Best Practices and Success Factors report states that 60% of IT WAN budgets will remain flat or decline in 2015. Read More »
Tags: Akamai Connect, AVC, DMVPN, Glue, hybrid WAN, Intelligent WAN, IWAN, LiveAction, PfRv3
Since DMVPN has been added to the CCIE v5 BluePrint (http://www.cisco.com/web/learning/exams/docs/ccieRS_Lab5.pdf) I figured that now was just as good of a time as any to write this blog.
DMVPN stands for Dynamic Multipoint VPN and it is an effective solution for dynamic secure overlay networks.
DMVPN is combination of the following technologies:
- Multipoint GRE (mGRE)
- Next-Hop Resolution Protocol (NHRP)
- Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)
- Dynamic IPsec encryption
- Cisco Express Forwarding (CEF)
Topology that we will be starting with:
First thing will be to complete the base configurations on R1, R2 & R3. This will consist of configuring the IP addresses on the above interfaces and setting up the routing protocol to distribute the routes. In this case we will use EIGRP 123. Read More »
Tags: #ciscochampion, BGP, CCIE, DMVPN, EIGRP, OSPF
In my last blog I talked about the value of Pfr to the IWAN solution. This week I wanted to talk about DMVPN and why it is going to be a critical component of your IWAN deployment.
Your IWAN topology will most likely consist of one or more internet connections which means that your data will be traveling over untrusted connections and shared environments so security is going to be top of mind. So how do you secure your data over the internet and other untrusted or shared environments? Well DMVPN (Dynamic Multi-point Virtual Private Network) is based on VPN the same technology that many of you use today to securely connect back to your office when you are traveling or working from home. A VPN will create a tunnel between two end-points and then encrypt all data traveling over the tunnel. VPN’s can connect users to a remote site, client-to-site VPN, or connect two remote sites, site-to-site VPN. Unlike VPN, DMVPN can securely connect multiple points together dynamically.
So how does DMVPN work and what is the benefit to IWAN? DMVPN works on top of your WAN infrastructure which means that DMVPN tunnels will be established between branch sites as traffic flow demands. In a common hub and spoke topology example, when data needs to be sent from the spoke to the hub site, the spoke will establish a VPN tunnel to the hub by registering first with the hub. In order for each tunnel to function a new dynamic IP address is created at the branch since the hub site will initiate the connection. In order for data to be routed between sites over the DMVPN tunnels, routing information will need to be exchanged. As more tunnels are created there will be more dynamically created IP addresses and traditional routing protocols like BGP or EIGRP are used to efficiently share routing information so all sites can talk to each other. Lastly QoS is applied to each tunnel to ensure that the hub site does not oversubscribe the spoke sites.
Read More »
Tags: Cisco ISR, DMVPN, IWAN, PfR