Cisco Locator/ID Separation Protocol (LISP) is routing architecture that provides new semantics for IP addressing. The current IP routing and addressing architecture uses a single numbering space, the IP address, to express two pieces of information:
The way the device attaches to the network
The LISP routing architecture design separates the device identity, or endpoint identifier (EID), from its location, or routing locator (RLOC), into two different numbering spaces. Splitting EID and RLOC functions yields several advantages.
Check out this video for a quick review of LISP.
Although LISP was designed to deal with the route scalability problem in the Internet, it turns out is has the capability to help with the transition to IP Version 6 (IPv6), the next-generation Internet protocol.
The transition to IPv6 is an immediate challenge facing Public Sector, and specifically Federal customers today due to Government mandates and impending IPv4 address exhaustion for consumers of Government services.
Because IPv6 is not backward compatible with IPv4, and because its deployment and operation are different from that of IPv4, development and implementation of an IPv6 transition strategy is imperative. Many techniques exist to ease the transition to IPv6, and the network-based IPv6 transition techniques can be divided generally into three categories: dual-stack IPv4 and IPv6, IPv6 tunneling, and IPv6 translation.
Each approach has its features, benefits, and limitations; they are not all equivalent in terms of cost, complexity, or capabilities. Most likely, a combination of these techniques will provide the best solution. The role that the Locator/ID Separation Protocol (LISP) being developed by Cisco and the IETF can play in IPv6 transition strategies is documented in this Whitepaper.
Incorporating LISP into an IPv6 transition strategy can simplify the initial rollout of IPv6 by taking advantage of the LISP mechanisms to encapsulate IPv6 host packets within IPv4 headers (or IPv4 host packets within IPv6 headers). For example, you can build IPv6 islands and connect them with existing IPv4 Internet connectivity.
LISP is a Cisco innovation that is being promoted as an open standard. Cisco participates in standards bodies such as the IETF LISP Working Group to develop the LISP architecture.
Many people wonder what it takes to be PCI compliant. More importantly, people want to know the difference between PCI, FISMA, DIACAP and STIG. With so much alphabet soup, one has to wonder what it all means, and what is the best way to navigate these waters.
I’m not here to provide you with all the answers, but I can certainly help you to understand where PCI fits into the picture.
Today, as I watched the Cisco Data Center webcast “Evolutionary Fabric, Revolutionary Scale: A Nondisruptive Way to Handle Dynamic Data Center and Cloud Environments” I thought about how data centers can provide an advantage for government agencies seeking ways to increase operational efficiency and reduce costs.
In many ways, data centers today have similar characteristics when compared to government organizations with:
isolated silos of information
labor-intensive manual processes
rising costs of service
mandates to provide open access to information
changing workplace with mobile applications, video, …
requirements to ensure security
In the data center, silos include servers, storage, applications, and network devices. In many government organizations, different agencies often operate independently in separate silos.
The strategic advantage for both government IT organizations and government agencies is to develop holistic strategies that unify the separate parts into a system to deliver better efficiency with higher resource utilization that is easier to manage and costs less.
I was reading an article recently about what auditors really think about the security and compliance requirements that they test for when doing a PCI DSS compliance audit. I was more than a little surprised to read that over 60% of the 505 auditors in the study referenced said the organizations they audit don’t believe compliance improves their data security effectiveness. I’m a bit perplexed by that. After all, there are only 12 requirements in the PCS DSS specification, and they seem pretty straightforward and simple to me. Read More »
I recently watched a session called, “Public Sector Cloud – The Big Debate”, recorded earlier this year. The debate presents several points of view from experts in the field of Cloud Computing. I enjoyed the candid conversation and the opportunity to get a taste for the challenges governments face in their environments.
I encourage you to watch this too and let me know what you think. The session was moderated by Dr. Richard Sykes and includes experts such as John Suffolk (former UK Government CIO) and David Wilde (Westminster City Council CIO).