Cisco Blogs


Cisco Blog > Security

Foundational Network Traffic Collection and Analysis Setup

This introductory post explains how one of Cisco’s security research groups established a network data collection capability for large amounts of network traffic. This capability was necessary to support research into selected aspects of the Domain Name Service (DNS), but it can be adapted for other purposes.

DNS exploitation is frequently the means by which malicious actors seek to disrupt the normal operation of networks. This can include DNS Cache Poisoning, DNS Amplification Attacks and many others. A quick search at cisco.com/security yields a lot of content published, indicating both the criticality and exposures associated with DNS.

Our research required the ability to collect DNS data and extract DNS attributes for various analytical purposes. For this post, I’ll focus on collection capabilities regarding DNS data. Read More »

Tags: , , , ,

Cisco ISR-AX is Now a Part of the Integrated Services Router Family!

On March 12thCisco announced the ISR-AX and how Cisco is changing the game, reducing complexity and making it simpler for enterprises to deliver and manage application delivery to users. Cisco is expanding the role of our Integrated Service Routers (ISRs) to deliver application-centric networks that provide granular visibility, control, and optimization without additional devices or bandwidth upgrades -- Cisco® Application Experience (AX) Router family is now a part of the ISR family of routers!  The Cisco ISR-AX Routers directly integrate Cisco Wide Area Application Services (WAAS), Application Visibility and Control (AVC), Data/IPBase and Security services into a platform that is simple to order, configure, and deploy for secure, optimized cloud connectivity and branch-office routing.  The Cisco ISR G2 and ISR-AX Routers are based on the same hardware and software that you know and love and are deploying today. Today I wanted to go into the technical details of each of the components. Read More »

Tags: , , , , , , , , , , , , , , , , , , ,

A Better (and More Affordable) Way to Deliver a High Quality Application Experience from Anywhere

Today, marks an important milestone in the history of routing, as Cisco introduces ISR-AX (Integration Services Router Generation 2 with Application Experience) and redefines the role of the router as the application delivery platform.

Quintiles – a biopharmaceutical in Durham, North Carolina – has experienced, first-hand, the benefits of an application aware router. They have successful rolled out VDI to thousands of users globally with key services of ISR-AX, namely Cisco Wide Area Application Services (WAAS). With this solution, they have been able to onboard new acquisition employees within days instead of months, and dramatically increase productivity.

HDR – an Omaha, Nebraska-based architecture and construction firm – also relies on application services integrated on the router to guarantee application performance. HDR runs several mission-critical engineering applications worldwide, which are latency sensitive and transport over 10 terabyte files. They depend on the Cisco Application and Visibility (AVC) services available on the ISR-AX to provide a high quality of experience and resolve issues in a matter of minutes and minimize downtime. Read More »

Tags: , , , , , , , , , , , ,

How to Find and Measure IPv6 Traffic on Your Network

February 20, 2013 at 5:03 am PST

My last post was all about finding IPv6 prefixes on the IPv6 Internet. I think the next natural question is “What about IPv6 traffic?” or more specifically, “What about IPv6 traffic on my network?” In this post, I’ll talk about some network tools, or instrumentation, that can be used to find and measure IPv6 traffic that is out on your network. Network instrumentation is going to be important whether you plan to integrate IPv6 into your network or not. “What?” you might ask, “why is instrumenting my network to detect IPv6 important if I’m not going to run IPv6 in my network?”

Read More »

Tags: , , , , , , , ,

Accounting and Routing in the Internet

Accounting Traffic in the Internet Today

[the full article can be seen at http://www.internetsociety.org/sites/default/files/BGP-for-regulators.pdf]

Business Model Changes

In the past, voice traffic was transported over a dedicated voice infrastructure, and the data network infrastructure was established in parallel so that voice and data traffic did not interfere with each other. Traditional voice accounting and performance functions are standardized within SS7 (Common Channel Signaling System No. 7), the global standard for telecommunications, defined by the ITU-T. The success of data networks led to the development of techniques to encapsulate voice traffic in IP packets, and thus Voice over IP (VoIP) was born. Read More »

Tags: , , , , ,