Several years ago, I had a conversation with an IT manager about his company’s network security that I still remember today. He said: “We’re losing our battle over internal network security. We cannot keep up with our vendors and contractors who bring in all kinds of devices to our network. We may turn our internal network into a DMZ.” Turning an internal network into a DMZ was probably an extreme case at that time but it showed the underlying problem: if you don’t have control over what’s happening on your network, you’ll have an uphill battle in your hands.
Today, the challenge has intensified due to the bring-your-own-device (BYOD) trend. There are speculations that corporate networks may eventually turn out to be the equivalent of college networks where users routinely bring their own personal devices. Because personal devices generally do not have the same level of security as IT-owned assets, they tend to have more vulnerabilities and it’s harder to protect sensitive information and intellectual property on these devices. The adage, “security risks walk in the door with employees” is quickly becoming a reality that organizations must address.
Read More »
Tags: 802.11ac, Bring your Own Device (BYOD), byod, DMZ, enterprise network, MDM, Mobile Device Management, UA, unified access
[WARNING: This blog post contains specifics on actual product features. Stop reading now if you prefer PowerPoint to Excel.]
“Enterprise class.” Sounds awesome. But does it have any meaning to your business?
It turns out that it does, but we need to dig into a real product example to make it clear. One shining example from Cisco is our leadership in Enterprise class (there’s that phrase again!) 3G/4G. Let’s use this example to highlight how our engineers create “Enterprise class” products by focusing on: Read More »
Tags: 3G, 3G MIBs, 3G/4G, 3GPP, 4G, business continuity, CPE-based 3G, Enterprise Class, enterprise class security, enterprise network, EZ VPN, modem lifecycle, router, vpn, WAN, Wireless WAN
The classic traceroute tool has become an essential tool for network engineers. Traceroute is able to discover layer-3 nodes (routers) along the path towards a destination. This information provides operators with visibility about the path towards a destination.
However, there are limitations to traceroute such as issues with traceroute following the right path (as it’s IP source address might be different), no layer-2 (switches and bridges) discovery and really only a single piece of information is returned (IP address of the router).
With mediatrace, which shares the IP header of the flow you would like to trace, you can have much better path congruency—and confidence in the discovery. The mediatrace will also not only discover the routers (as with traceroute), but also switches that are only doing layer 2 forwarding.
Mediatrace does not need to be enabled on every hop. If it is not enabled on node, the mediatrace packet will simply be forwarded through that part of the network. This is exactly what would happen in the case of your traditional MPLS-VPN network.
Figure 1. Mediatrace tracing a flow while the operator chillaxes
Now for the best part! Mediatrace can dynamically engage the performance monitor feature we talked about a few weeks ago. This allows a dynamic surgical monitoring policy to be applied for the flow we are tracing that results in hop by hop performance measurements such as loss and jitter. As is the case with all mediatrace runs, the information is brought back into a single report where it can be quickly analyzed.
Figure 2. Mediatrace integration with performance monitor
Despite the name, mediatrace is not only for voice/video flows. It is able to trace any IP flow, and is even able to engage performance monitor to gather hop by hop TCP stats.
Mediatrace is a new tool that cisco released in IOS 15.1(3)T for the ISR platforms as part of the medianet program. Over the course of 2011, this feature will proliferate across cisco’s enterprise line of routers and switches.
Mediatrace Configuration Guide
Tags: business video, enterprise network, medianet, mediatrace, performance monitor, rich media applications, video