Duct tape is pretty amazing stuff because its versatile and easy to use.  That being said, sometimes, that versatility and ease-of-use means it gets used at times when maybe it shouldn’t.

This thought came to mind a couple of weeks ago at VMworld.  Over the course of the show, I had a number of conversations with folks about tunneling and overlay network.  For many (mostly non-networking) folks, it seemed like the best thing since sliced bread—it gave them the holy grail—flexible, agile, one-demand connectivity without having to talk to the network folks.

From a networking perspective, its kinda funny, since the concept of tunnels is a decades old technology. It’s always played a legitimate role in a comprehensive networking strategy (MPLS and IPsec VPNs for example) so its cool to see an old concept find new applications.

However, lest we be lulled into blissful slumber by the unicorns playing lilting melodies through their horns, its good to remember, as with pretty much everything in IT, there is no free lunch.  While overlays networks make life simpler for the server admin or the virtualization admin, there are a couple of things to bear in mind.

From an operational perspective, the overlay environment becomes a second network that needs to be managed—often a dumber, less instrumented network.  Somewhere, someone still needs to maintain a fully functioning, highly available, secure, properly traffic-engineered network that underpins that virtualized connectivity. Think of this as the difference between your checkbook and your checking account—just because you can write a check doesn’t mean there is money in the account to cover it.

Now, if you are not a networking dude or dudette, your first reaction may be “why do I care?”  Well, when you start seeing performance issues on your tunnel, you start to see intermittent drops on your tunnel, or you need to demonstrate auditable regulatory compliance, then you start to care.  While some folks propose that the underlying network becomes irrelevant once you start using overlays, the truth is that the strengths and weaknesses (performance, availability, security, manageability, etc.) of the underlying physical network are going to manifest themselves in in whatever rides on top.  While overlay technology is undeniably useful, having an approach that leverages the intelligence of the underlying infrastructure (assuming any exists) is going to pay off in the long run.

Read More »

Tags: Cisco ONE, data center, Duct Tape, networking, SDN, virtualization

This morning the winner of our first weekly raffle was picked amongst the 200 correct answers! This lucky and smart participant  will receive very soon a congratulations e-mail and in a few days his/her Apple iPad!

The race for the grand prize is definitely on! But don’t worry !

If you didn’t participate this week , you can still win points in answering the bonus questions before the end of the week-end ! How ? very simple
Check right away www.Facebook.com/ciscodc for the Unified data center IQ tab – This set of questions are worth 30 points – A great way to catch up if you missed this first week or to boost your Unified IQ if you are already in the race .

Now you may want to know what are the results for the first set of questions
The questions were related to our September 19^th low latency data center switch announcement – At this time , we launched a new technology called Algo Boost and a ultra low latency Nexus 3548 , breaking the barriers of 200 nanoseconds !

[] What is Cisco’s Algo Boost?

A new Cisco ASIC, with unprecedented speed, performance and visibility
Check the blog announcement 

Read More »

Tags: Cisco, Cisco ONE, data center, SDN, Unified Data Center

[See Also: Follow-Up Q&A on Freemium Pricing Model]

[Update 11/26/12: the free Nexus 1000V virtual switch is available for download from here.]

Following on the heels of the announcement of our Nexus 1000V 2.1 release last month, Cisco is today announcing a new pricing and packaging strategy for its flagship virtual switch portfolio. Starting with that new 2.1 release, which is now in beta, we will have two editions of the Nexus 1000V, an Essential Edition and an Advanced Edition. The Nexus 1000V Essential Edition will be available for free, plus a nominal annual support fee, in a move that we believe will encourage customers and our partners to proliferate what has already become the most popular virtual switch in the industry with over 6,000 customers to date.

The Nexus 1000V Essential Edition provides all the rich Layer-2 networking features to connect virtual applications to the network and integrate into VMware environments, including: VXLAN capability, Cisco vPath service insertion, integration with vCloud Director, and a plug-in for management and monitoring in VMware’s vCenter Server. This free version will enable rapid, low-risk adoption of Cisco’s virtual network technology environments.

The Advanced Edition, priced at $695 per CPU, the same price as the current 1.5 release, includes:

• The Cisco Virtual Security Gateway (VSG) for Nexus 1000V, a virtual firewall with visibility to virtual machine attributes for building sophisticated compliance policies, and logical trust zones between applications (VSG was previously sold as a separate product).
• Support for advanced capabilities, such as DHCP snooping, IP Source Guard, Dynamic ARP inspection and Cisco TrustSec Security Group Access (SGA).

Read More »

Tags: ASA 1000V, Cisco ONE, Cisco TrustSec, KVM, Nexus 1000v, Nexus 1100, OpenStack, SDN, virtual network overlays, Virtual Security Gateway, vPath, vsg, VXLAN, Xen

The science behind Virtual Machine Monitors, or VMM, aka Hypervisors, was demystified almost half a century ago, in a famous ACM publication, “Formal Requirements for Virtualizable Third Generation Architectures”.

In my life, I had the honor of working on some of the most bleeding edge virtualization technologies of their day.  My first was IBM’s VM, VSAM and a host of other v-words.  My last was at XenSource (now Citrix) and Cisco, on what I still think is the most complete hypervisor of our age, true to its theoretical foundation in the Math paper I just mentioned.

Though Xen is arguably the most widely used hypervisor in the Cloud or sum of all servers in the world today, I actually think its most interesting accomplishment lies in what its founders just announced this week.  Therefore, I want to extend my congratulations to my good friends Simon Crosby and Ian Pratt for the admirable work at Bromium with vSentry.

I think it is remarkable for two reasons.  It addresses the missing part of what hypervisors are useful, which is security; for those of you that actually read Popek & Goldberg’s paper, you would note that VMM’s are very good at intercepting not just privileged but also sensitive instructions, and very few people out there, until now have focused on the latter, the security piece.  But there is one more reason, in fact the key point of this paper, the necessary and sufficient conditions for a system to be able to have a VMM or hypervisor, and I am hoping the Xen guys who have done so well articulating that for real (not fictional or hyped) hypervisors, can also help sort our the hype from fiction in what is ambiguously called nowadays a “network hypervisor”.

Could this approach be what is actually missing, to sort out truth from hype in what we call SDN today?  Is this the new age of hypervisors?  Or is this just another useful application of an un-hyped hypervisor?

Tags: Cisco, hypervisor, network, network hypervisor, open source, SDN, security, virtualization, vmm, Xen

Programmability, application aware environments, and software defined networks are popular topics in the industry right now. Network operators see the revenue opportunities to deliver services which can dynamically utilize network infrastructure while meeting application specific requirements. This thought process dominated at this year’s Carrier Ethernet World Congress in Barcelona, and Cisco was helping lead the way.

It was a pleasure to watch some of our thought leaders share their unique and innovative ideas and direction with the larger service provider, vendor and analyst community – starting with Software Defined Networking (SDN).  SDN wasn’t the only topic, we shared ideas around mobile trends such as 4G/LTE and small cells and the resulting network impact, the increasing need to marry the IP layer with the underlying transport layers, and strategies around moving legacy TDM services onto a packet infrastructure.  I love watching the cross-industry creativity flow as we collectively solve today’s challenges posed by the growth of new user trends.

All that said, Read More »

Tags: Carrier Ethernet World Congress, Cisco, NPS, ONE, onePK, Open Network Environment, SDN, Service Provider, software defined network