I know what you’re going to say when I reveal that this week’s guest is going to talk about Vector Packet Processing (VPP):
“Why do we—the Cloud Unfiltered audience—care about VPP?! I mean, it’s a networking technology, right? And this is a cloud show. We’re here to talk cloud technology and share cloud strategies…not muck around in the network. Ick.”
Fair enough. I get it.
But here’s the thing: Fast network = fast cloud. That’s the truth. And to quote Ed, VPP “is faster than hell and it scales unbelievably.” What’s more, the latest iteration of VPP is integrated with Kubernetes, which is arguably the architecture mechanism for cloud native applications. Plus, Ed is one of the smartest people you will ever meet, and he’s deeply involved in a number of open source communities that are relevant to the cloud, like Kubernetes and FD.io. So he’s got a lot of knowledge to drop on those of you that are interested in those things. Specifically, during this episode, Ed does in fact talk about what’s new with VPP, and he also touches on:
What the Kubernetes community is doing that’s allowing it to function so well
Why Istio is “every bit as cool as everyone is saying”
How Istio and Envoy work together
Whether or not serverless computing is on its way to becoming the new hotness
The upcoming FD.io mini-summit at KubeCon
See the video podcast on our YouTube page, or listen to the audio version on iTunes. And if you like what you hear, we invite you to subscribe to our channel so you don’t miss any of the other exciting podcasts we have scheduled over the next several months.
Another Automation Fair has come and gone, and much like the Houston Astros championship World Series run, the event was a big success with more than 10,000 attendees during the week. The big themes of Connected Plantwide Ethernet (CPWE) architecture, connectivity and security were prominent as well as a lot of discussion around process applications for the many energy customers in attendance at the event.
As noted in the previous blog from my colleague Scot Wlodarczak, Cisco presented “Industrial to Enterprise – One, Secure Network” in the booth, and had several demos in the that revolved around the CPWE, Factory Security, Collaboration, Oil and Gas Connectivity and the Meraki cloud-managed infrastructure solutions. Cisco also participated in the Rockwell Connected Enterprise industry solutions pavilion. Our latest product, FactoryTalk Network Manager a co-development with Rockwell, was also released at the show. FactoryTalk® Network Manager offers operations team an easily adopted, fast path to network management. Users gain full visibility and control of the industrial Ethernet infrastructure in the context of connected devices and network infrastructure. Customers experience an acceleration of business outcomes leveraging “Plug and Play” deployment drive increased system availability with a common management framework between operations and IT.
Big topics from the floor
Along with new products, the event floor was buzzing with activity from analysts, industry media, customers, partners, and system integrators. One of the most significant areas of interest from attendees was around IT/OT convergence and how to further their training around network design and architectures. As a follow-up to these requests, I have listed links to training below:
Industrial IP Advantage: This is the consortium of Cisco, Rockwell, and Panduit and this training will provide based practices around IT/OT professional development, network design, and industry trends. Click here to learn more.
Industrial CCNA: This certification from Cisco provides candidates the necessary skills to successfully implement and troubleshoot the most common industry standard protocols while leveraging best practices and references architectures. Click here to learn more.
During the week, Cisco subject matter experts also participated in several speaking sessions on the following topics:
The evolution of the digital oilfield
Digital manufacturing solutions in practice
Smart manufacturing journeys
Delivering the plant of the future today
Identity and mobility in CPWE architectures
Cisco also partnered with Rockwell and other exhibitors during the week to give back the community. The city of Houston saw significant impact by Hurricane Harvey, and subsequent flooding and the vendor community and the United Way came together to help box 8,000 Thanksgiving meal kits for affected families. Congratulations as well to the winners who participated with us in our booth raffle and walked away with a drone or Yeti cup.
We look forward to seeing you next year in Philadelphia.
I also invite you to explore the following manufacturing topics:
Restaurant Ciné Città had a great location in a crowded tourist area in Belgium, but they were overlooked by potential customers passing by.
Until they met Pingvalue – an online platform and mobile app connecting businesses and customers. Integrated with Cisco, the Solution Partner offered the insights they needed to target and attract hungry tourists.
Pingvalue says…
We partnered with a Cisco reseller to give the restaurant’s customers a better overall experience. We installed wireless access points and Cisco’s Connected Mobile Experiences (CMX) technology, an analytics and automation solution. Then, we integrated our private dashboard with CMX for richer, real-time data about potential customers.
Ciné Città now understands the face behind the screen. They can profile potential and existing customers by age, gender, interests, and influential status. And, they can see what customers like, share, and promote on social channels.
That level of insight makes it possible for the restaurant to target the right audience at the right time. As hungry tourists walk past the restaurant, they receive recommendations and promotions directly on their device. And once in the restaurant, customers have access to a trusted and secure wireless connection (cue Instagram food pictures.)
The Pingvalue/Cisco CMX solution gives Ciné Città a chance to do more than just offer customers great WiFi. Now, the restaurant can tap into the power of geolocation and personalized marketing to attract new and repeat customers.
From all the feedback and conversations regarding our momentum and leadership in the smart cities market, we can reflect on a few key insights that continue to shine as imperative pieces of the puzzle that work together to help build a smart, connected community. Cisco’s Global Managing Director for Smart Cities and IoT, Amr Salem, summarizes this perfectly in the video below.
As we move along, further into this journey toward making cities smarter and more securely connected, a collection of truths reveal themselves.
First, visionary leadership is of paramount importance in successfully bringing about change. New business models will provide game-changing opportunities to take advantage of untapped sources of value. Smart city initiatives are a team sport, only with trusted ecosystems and partnerships will goals be achieved. Data is flowing all around us, making regulatory policies a pressing issue in order to adequately protect investments, people and digital infrastructure. With connectivity growing exponentially, global open standards will be imperative to assure inclusivity, direct participation and transparency. And finally, people are the most valuable assets that communities have – training and education for the digital future will lay the foundations for ongoing success.
The path to smart cities is a journey, not a destination. Here at Cisco, we’ve learned a great deal in our decade-long leadership in helping those on quests toward their own unique smart city dreams. With more and more successful leaps forward, we’re invigorated by the mounting possibilities for growth and prosperity.
I began this comic book series with the idea that creating a science fiction prototype would be a useful tool in imagining—and planning for—the Future of Work. I have found it helpful to envision future scenarios where a mobile, flexible work force collaborates seamlessly with each other and with intelligent robots–whether in person at the office, or via holograms and immersive video from a remote field location. It’s been good to explore how the future might make meaningful work more accessible to more people—whether through assistive technology or alternative training programs.
And it’s also been valuable to explore the darker possibilities, where automation destroys our jobs, blackmail opens the door to a security breach, and (as Elon Musk fears) artificial intelligence becomes an existential threat.
The truth is, we don’t know what the future will bring. Because we haven’t finished creating it yet. It’s a work in progress, and many people are asking, what kind of future will it be?
This comic book series has been a call for a reasoned approach to the Future of Work, grounded in human values and enabled by technology. More than anything, it’s a reminder that we have choices, and we should make them wisely.
Envisioning various future scenarios has also been a valuable exercise as we prepare for our Future of Work Living Lab in February. We are assembling an exciting cohort of industry leaders to innovate together around some of the future’s most challenging issues—another step in creating a future we’ll want our children to live in.
But meanwhile, let’s check in one more time with Gail, who is making her own choices about the future of work – and the world.
The Workspace of the Future: [Dark Future] Increases in artificial intelligence, robotics and automation create a broader income gap and greater global inequities
Today, having the right IT network is more critical than ever, as it has become the cornerstone of business digital success or failure. Without a strong, secure network foundation, businesses don’t have the agility or security required to compete in today’s rapidly changing business environment. The Cisco Visual Networking Index shows how that there are 17B devices connected to the network today. By 2021 there will be there will be more than 27 billion networked devices. Traditional approaches to network design and management on this scale will not be successful – my 20+ years in the networking industry tells me that.
You might be wondering how to respond and you are not alone. I’ve met with dozens of customers from multiple industries and they’re all asking what to do next. That question is usually followed by “Do we need to replace our entire network?” The good news is you don’t have to start from scratch. The journey to a new, digital network is just that – a journey. Each company can start from a point that makes sense for them to drive their most desired business change.
Cisco’s vision for a new era of networking, is an intent-based network powered by context. Since our June launch, over 1,100 customers have started their journey to the new network to help them drive success in their business. Cisco’s Digital Network Architecture (DNA), delivers flexible entry points to address the scale of networks today — their increasing complexity, the security that is required, and powerful insights to help shape decisions moving forward.
Here’s how it can work. Think of intent as a business outcome you want to achieve. If I’m a CIO, I might say “I want to reduce IT operational costs AND I want to increase the productivity of my staff”. That is my intent. Next, I might think about the technology solution I need to put in place to achieve that objective.
For example, I might increase productivity for my staff by automating IOT deployments at scale using Software Defined Access (SDA). I might look at Assurance to reduce the amount my staff spends troubleshooting network issues. Perhaps, I will focus on delivering a consistent user experience as I move applications to the cloud. You can choose the technology solution that best meets your organization’s needs.
Through the use of machine learning and predictive analytics, the new network will help you deliver results by learning, adapting, and protecting. Because it can rapidly execute your specified technical solution over and over, it gets better at it each time. The network is constantly collecting this data, to create the powerful insights – which we call context – that let you know when your outcome has been achieved and when it’s time to pivot. And because it is software based, you can easily adapt your existing network to start your journey at any time.
As VP of Worldwide Sales for Cisco’s Enterprise Networking, I’m able to witness customers on their digital journeys. I see many embracing the new network and changing their businesses. It’s exciting to see the momentum and limitless possibilities ahead as customers gain more experience with the power of intent delivered by context.
If you’re still on the fence, stay tuned. Over the next few months, I will be sharing our continued innovations, the different ways Cisco customers are implementing these new technologies, and the business outcomes they are driving. In the meantime, use the comment section below to tell me what you are considering and the benefits you’re seeing in your company’s own digital journey.
#CiscoChampion Radio is a podcast series by technologists for technologists. In this episode we’re talking to David Reeckmann about Cisco Spark in VR and Cisco Emerge.
Cisco Champions are an elite group of technical experts who are passionate about IT and enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The program has been running for over four years and has earned two industry awards as an industry best practice. Learn more about the program at http://cs.co/ciscochampion.
Cisco’s Aggregation Service Router 9000 (ASR 9k) has evolved into the cloud-scale, multi-service platform offering unprecedented flexibility, scale, programmability and security for Service Providers today.
When the ASR 9k was first announced in November 2008, it was a 6-slot and a 10-slot chassis—each of them capable of handling 3.2Tbps and 6.4Tbps of traffic, respectively.
Over the past nine years, we transitioned from 10GE to 40GE and most recently to 100GE connectivity as speed and scale required to handle bandwidth growth continues to be challenged. Current shipping line cards support up to 12 100GE-ports, bringing the total capacity of the higher range chassis up to 48Tbps.
“With the same original chassis, we increased capacity by a factor of eight, helping our customers protect their investments.”
The product line has expanded significantly and offers hardware flexibility with fixed and modular chassis configurations ranging from the Cisco ASR 9001 (two rack units [2RU]) to the Cisco ASR 9922 (44RU), with each system designed to provide true carrier-class reliability using the Cisco IOS® XR operating system.
The ASR 9K has always been a feature-rich platform, and the trend continues. I want to specifically call out the support of two very important technologies that are front and center to any network-transformation initiatives—segment routing and ethernet VPN (EVPN), each ruthlessly simplifying Service Providers’ networks by providing a unified forwarding plane and a unified control plane.
In November 2016, we added Cloud-scale networking software innovations to the ASR 9K, bringing significant operational improvements. With model-driven programmability, we helped Service Providers advance their automation journey. We offered the most comprehensive set of data models, native YANG models, as well as industry-driven OpenConfig models and standards-driven IETF models, in addition to model-driven APIs and tools to accelerate the adoption of software automation.
In September 2017, we added a new API – the Service Level API that enables dynamic, programmatic control of a router. It is a scalable and convenient integration point to build/extend a device’s control plane functionality enabling the delivery of advanced use cases.
With model-driven telemetry, critical state and statistics can be exported from the network many times faster than traditional monitoring technologies in a more automation-friendly format and with less load on the network. It provides critical insight into what’s happening in the network in real-time in order to mitigate issues as they happen… and in the very near future, proactively.
Combining programmability and telemetry definitely moves the network into a self-driving mode.
I’m really amazed by how far we’ve come with the ASR 9K. This platform offers unprecedented flexibility, scale, and programmability to support features that were not even considered when the platform was first designed. Additionally, highly granular classification capabilities and hardware resource allocation truly make it the multi-service platform Here are some successful use cases in both the Service Provider and Enterprise markets.
Business VPN
Service delivery infrastructure complexity is slowing down the ability to deploy and manage new business services. Different technologies have been implemented to offer L2 VPNs and L3 VPNs, respectively, but they all come with their own limitations and complexity. Moreover, largely manual device configurations make it much harder to scale the network to support increases in traffic, devices, and apps that are coming with digital business initiatives.
Ethernet VPN and network programmability promise new and better ways of providing business services. With a unique control plane control, EVPN, any VPN service can be offered. And when combined with segment routing, VPN services can be differentiated further with advanced service level agreements (SLAs). But, it does not stop here – this new service delivery infrastructure can also be fully automated.
Mobile Backhaul
Mobile backhaul capacity and efficiency must increase so that mobile broadband, data access, and video services can effectively support consumer usage trends and keep mobile infrastructure costs in check. The complexity of the pre-aggregation and aggregation networks, and their lack of automation and programmability, are impediments to efficiency, scale, and cost-effectiveness.
Using segment routing as the transport protocol for mobile backhaul further simplifies and optimizes traffic engineering. The use of streaming telemetry combined with data analytics solutions provides even more information about traffic, usage, devices, and subscribers. This information is useful in optimizing traffic in real-time, troubleshooting and providing granular information about subscribers that can be useful for the development of new services and pricing.
With the recently-added support of Segment Routing IPv6 (SRv6), the ASR 9k is ready for 5G network infrastructure evolutions.
Data Center Interconnect
Scale is an issue with data center interconnect (DCI) services. The need for signaling for separate point-to-point pseudo-wire virtual circuit (VC) labels in each remote provider edge device limits scale. Slow failover is also a problem with most DCI solutions. If a virtual machine (VM) goes down in one data center, it often doesn’t failover to another VM instantaneously, so service is temporarily lost.
EVPN plays a major role here. It enables the ASR 9K running multi-protocol border gateway protocol (BGP) to advertise and learn media access control (MAC) addresses for access topology and VPN endpoint discovery. This eliminates the need for signaling separate point-to-point pseudo-wire VC labels for each remote PE, enabling tremendous scale. EVPN also brings seamless host mobility for near-instantaneous fail-over. If a VM in one data center goes down, another VM in a different data center is automatically created, so service isn’t lost.
With the on-going digital transformation, security is no longer an option. Security needs to be enforced at multiple levels, and that starts with the network.
MACSec chip in shipping line cards allows encryption and authentication in hardware, saving CPU resources and providing higher throughput. This is a critical feature for DCI as links from different data centers going to public areas need to be encrypted faster to handle massive scale without overwhelming CPUs.
Distributed denial of service (DDoS) attacks continue to increase in size and frequency, and these attacks are no longer simple, single-vector assaults. They are now typically sophisticated, multiple-vector assaults, or they are part of much larger threat campaigns. The Cisco ASR 9k DDoS is completely virtualized, and mitigation is embedded into ASR 9k series routers. As a result, networks are empowered to detect and block DDoS attack traffic automatically without interfering with normal traffic flow.
“By integrating Arbor’s proven DDoS mitigation technology into the ASR 9000 router, Cisco is moving aggressively to enable their customers to address the growing size and scale of DDoS attacks. This is a best-of-breed combination.” – Chris Rodriguez, Senior Industry Analyst, Frost & Sullivan
I’m proud of the work we have accomplished to evolve and transform our ASR 9k into the cloud-scale, multi-service platform. We plan to continue this evolution and lead the industry with unprecedented flexibility, scale, programmability and security for Service Providers today and in the future.
This blog post was authored by Marcin Noga of Cisco Talos.
Introduction
In 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of weaponizing this vulnerability and creating a fully working exploit that leverages it on Windows 7 x86 with the affected version of 7zip (x86 15.05 beta) installed.
