Cisco Blogs


Cisco Blog > Security

The Secure Way to IPv6 – Use Your Proxy!

When asked about IPv6, many companies are aware that they must do something, but are not sure what is the best way to approach IPv6. In my talks with customers, I found that the unfamiliarity with IPv6 is one of the biggest obstacles. So, to gain experience with IPv6, there are several paths to go down, from the inside-out approach (start within an internal area and work outwards) to the outside-in (work from the internet towards the internal network). One very easy way to start with IPv6 is to use your existing proxy infrastructure. I want to show you how to do this by using the Cisco Web Security Appliance (WSA).

Read More »

Tags: , , , ,

Fosdem 2015: a status update

As is our tradition by now a team of volunteers helped out with the network setup and operation of Free and Open-source Software Developers’ European Meeting (FOSDEM). The network was very similar to the one used last year and we wanted to report on the evolution of the traffic we measured.

First the bad news: due to the increased use of IPv6 we have less accurate data. This is because while IPv4 uses a unique MAC address which we can use to count the number of clients, IPv6 uses ephemeral addresses, and one physical device can use multiple global IPv6 addresses. In fact we noticed one client using more than 100 global IPv6 addresses over a period of 240 seconds. Why this client is doing this is a mystery.

The unique link local IPv6 addresses were only kept in the neighbour cache of the router for a limited time, so we have no good numbers for the amount of clients. The good news is we can still use traffic counters to compare with the previous year.

Internet traffic evolution

Internet traffic evolution


Compared to 2014 we saw a 20% increase in traffic to more than 2 terabytes of traffic exchanged with the internet.

Fosdem 2015 wireless traffic distribution

Fosdem 2015 wireless traffic distribution


More interestingly the IPv4 traffic on the wireless network decreased by almost 20% with the net result that now the IPv6 traffic is 60% of the traffic on the wireless network, while IPv4 traffic is only 40%. So IPv6 traffic is 1.5 times the IPv4 traffic. This is a good indicator that most clients now can use NAT64 and can live on a IPv6 only network.

Internet IPv4 versus IPv6 for Fosdem 2014-2015

Internet IPv4 versus IPv6 for Fosdem 2014-2015


On the internet side the IPv4 traffic increased by 5% while the IPv6 traffic almost doubled. As we use NAT64 to give access to IPv4 only hosts using IPv6 only on the internal network this measurement is a clear indication that more content is now available via IPv6.

For next year we plan to setup some more tracking systems in advance so we can investigate the number of clients on the wireless network and why some clients are using hundreds of global IPv6 addresses.

Tags: , , , ,

Our Ecosystem Begins Here @Ciscocloud

As Cisco prepares for Cisco Live Melbourne #clmel, I wanted to take this opportunity to highlight our @Ciscocloud Intercloud partnership with Telstra

The following Q&A session between executives of our partnered companies identifies the unique challenges of our current business environment and the rapidly changing needs of our customers. Interviewed by Stuart Robbins, the participants in our inaugural blog are Ken Owens, Cloud Services CTO from Cisco, and Tim Otten, GM Cloud Strategy and Platforms from Telstra.

Q: Cisco’s strategy is to create solutions built upon intelligent networks that solve our customers’ challenges. As a key technology partner, Telstra’s diverse customers present unique opportunities for a new generation of solutions for those customers – can you tell us about how our combined capabilities will help those customers be successful?

A:
[Otton, Tim J] Networks are increasingly important to the delivery of services as we shift to “the Cloud,” and the concurrent profusion of data, workforce mobility, distributed application environments, and the hybrid infrastructures supporting those applications. Both Cisco and Telstra are committed to delivering highly secure, high-performance intelligent network capabilities.

These networks must be thoroughly responsive to an ever-changing set of user and application requirements – adaptive, flexible, and resilient. Both companies have a rich tradition of global insight gained from a relentless focus on customer requirements.

[Owens, Ken] Telstra is one of the industry’s most advanced solution providers, with a noteworthy history of successful technology transformations in telecommunications. From the earliest days of IT outsourcing, and managed hosting, and now as we shift to the Cloud, Telstra has provided true leadership to the industry during these transformations.

Like Cisco, they view their customers’ strategic objectives as Priority 1 and will do whatever is necessary to make their customers successful. For more than 25 years, Cisco and Telstra have guided the market through each new technological shift, with exceptional people leading the way.

Q: One aspect of the changing enterprise landscape is the “blurred” boundaries between large enterprises in business ecosystems. While the basic principles remain important (resilient architectures, reliable networks, responsive applications), what are some of the emerging challenges in this “ecosystem first” world?

A:

[Otton, Tim J] The business landscape has changed. Cloud, Mobility, Social Media, advanced analytics, and open platforms are also changing the landscape for service creation and innovation. Increasingly, service creation will emerge both within and beyond (intra- and inter-organizational) boundaries to better serve a growing number of mobile users and a project-oriented workforce.

In order to support connectivity as well as enable full integration with many external partners and providers, businesses are now required to ‘open’ their IT environment. Increasingly, organizations are choosing to expose their own systems and proprietary data to third-parties, creating “greater value” by encouraging innovative use of a company’s intellectual assets. Software applications are distributed, both geographically and architecturally. All of these factors alter the connectivity/security paradigms of traditional enterprise IT.

[Owens, Ken] Tim is right on, and the exciting element of this model is that it’s driven by the customer! This is not a consumer fad or one-time remodel, this is the pace and speed by which business must adopting to the requirements of their customers and the rapidly changing marketplace. A successful business today requires a flexible set of services and capabilities to quickly adapt to this changing landscape. Together, Cisco and Telstra have a proven track record of enabling innovation to address the changing needs of the businesses we support.

Q: Providing exceptional products and services to Enterprise IT is familiar territory to both Cisco and Telstra, and this common ground is one reason why the Cisco-Telstra partnership makes great sense. As we move beyond IT, we’re also being asked to directly address the needs of business departments (marketing, product management, customer support). How do we adapt to meet those needs?

A:

[Otton, Tim J] We need to develop a deeper understanding of the different “lines of business” within the Enterprise. We need to better understand what drives their business and the market environments in which they operate. In other words, we need to become an enabler of business solutions rather than simply selling more technology. Our focus needs to be increasingly on the business outcomes we can deliver to our customers.
We need equip our sales teams to communicate those solutions, to be able to engage customers in conversations that start with business issues and proceed from there to provision enabling technologies rather than starting (and often finishing with) technology alone.
At the same time, we need to better support IT departments so that these services can be integrated into the overall Enterprise network architecture- – -ensuring that these distributed services are secure, and optimized to perform reliably. Telstra and Cisco need to be seen as enabling partners, and not just suppliers.

[Owens, Ken] The needs of the business can be vast, complicated, and rapidly evolving to meet the needs of a changing marketplace. Cisco and Telstra are leaders in business transformation. The key to success in this ever-changing environment is to provide leadership with speed, agility, innovative leadership to assist each customer’s ability to adapt to the changes. Of course, Tim’s right, we also need to help IT executives quickly transition not only their technology, but also their processes and practices.

Q: The recipe seems simple enough = one part: exceptional technology with the associated expertise, and one part: an evolved partnership methodology (i.e., Partnership 2.0) that will serve as the foundation for what our companies can accomplish together.

One last question. Imagine what success looks like for the joint Cisco-Telstra effort in two years: what are the core behaviors/values that we’ll be most proud to have embraced, when we glance back? In other words, what are the central organizational principles that will serve to anchor this new style of ecosystem development?

A:

[Otton, Tim J] My vision for the partnership is that we have developed an advanced understanding of the requirements of stakeholders – whether it be IT, LOB, or end-users – within the customers we served and are singularly focused on the business outcomes that we can jointly deliver for our customers.

[Owens, Ken] The demands of Enterprise 2.0 require an infrastructure that is both elastic and reliable, flexible yet secure. Organizations, too, will require those very characteristics. To accomplish this,“Governance 2.0” and “Partnership 2.0” become framework components of that new ecosystem in service of our customer’s transformed world. As Tim stated, the business outcomes and continuously delivering business value are the key principles.

Thank you Tim for you time to discuss the joint journey we are embarking on.

Tags: , , , , , , , , , , , , , , , , , , ,

SDN and NFV Use Cases in EPN

My last post reviewed some of the building blocks of SDN (Software Defined Networking) and positioned the protocols and APIs (Application Programming Interface) into categories so that the multitude of technologies associated with SDN can be positioned in a coherent framework. This month I’d like to start looking at some use cases where some of these things are used to deliver benefit in a service provider network.

I will review a consumer oriented offering and next month, one targeted at enterprise services.

As always, it is important to define the business outcome we are trying to affect when making a change to the network infrastructure. This case will consider an operator Read More »

Tags: , , , , , , , , , , , , , ,

RST Fiber’s High-speed Network powered by Cisco’s Evolved Programmable Network

ginaBy Gina Nienaber, Marketing Manager

We’ve been discussing the Evolved Programmable Network for some time now, knowing the transition from an IP NGN to an EPN is not something that will happen overnight (See EPN Blogs 1 , 2, 3). The Cisco® Evolved Programmable Network (EPN), represents an idea, an end-to-end unification of network, storage, and compute elements, and a lofty concept for existing multivendor networks to aspire to. New entrants into the communications industry are capitalizing on this period of evolution by building homogeneous end-to-end networks purpose built for SDN and NFV innovation.

One recent entrant is RST Fiber, based in North Carolina. Earlier in the year, Cisco and RST announced their 100 Gbps network deployment covering over 3000 miles throughout North Carolina with plans to Read More »

Tags: , , , , , , , , , , , ,