You’ve probably heard of blockchains by now – the relatively new technology underpinning a whole host of cryptocurrencies and distributed apps. Blockchains promise exciting solution opportunities across a range of markets, from IoT and machine-to-machine communication, to healthcare, identity management, supply chain, and more.
But, have you come to grips with how blockchains work? How you use them? What they can do? How you code apps on them?
Well, now’s your chance to start!
This week on DevNet Sandbox, we released a Blockchain Sandbox to give you your very own private blockchain, based on the Linux Foundation’s HyperLedger Fabric.
Intended as a foundation for developing applications or solutions with a modular architecture, Hyperledger Fabric allows components, such as consensus and membership services, to be plug-and-play.
HyperLedger Fabric leverages container technology to host smart contracts called “chaincode” that comprise the application logic of the system.
As part of the Sandbox, we provide you with an Ubuntu VM that has four docker containers containing the peers of the blockchain, split across two separate organisations. Each one of these peers is capable of hosting your chaincode that can be used to execute code on Fabric that support any app or logic that you wish!
Blockchain Sandbox: Topology
Of course, feel free to re-configure the peers and organisations as you wish, along with build more channels to communicate on (hit the Hyperledger Fabric link earlier to learn more about these concepts or fire directly over to here).
We also provide you with a short example of how to transact on the blockchain and move some value across peers taking part in the chain, to get you started, should you need.
There’s also the CLI that you can use should you wish to explore this method of interaction further.
Note that we’re using LevelDB as the data store on our deployment of HyperLedger Fabric. It’s a light-weight, single-purpose library for persistence with bindings to many platforms, including Fabric.
As always, let us know what you think of the Sandbox and provide us any feedback through the Sandbox forums. Cisco are a premier member of the HyperLedger effort, so we’d love to know what you think!
Here’s a video from a live presentation that Vallard Benincosa and I made introducing blockchain and decentralized apps at a recently Cisco Live event. Enjoy!
https://youtu.be/2OP9_i4fu6E
We’d love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!
When it comes to deploying a wireless network, a hospital needs to have the best of both worlds when it comes to hardware and software. Having one without the other simply doesn’t work; it’s almost like owning a new sports car and not filling it up with gas. One needs the other so that you can get where you want to be.
For Sentara Healthcare, a medical group with 300-plus care sites, they found that by choosing Cisco Digital Network Architecture (DNA), it was able to marry a high-tech hardware solution with cutting-edge software. Their new wireless deployment started off with outfitting their buildings with the Cisco Aironet 2700 and 3700 Series Access Points.
For the healthcare group, a robust network is a necessity due to the number of medical devices that need to be connected to the network. From infusion pumps to patient monitoring systems to even doctor’s notes made on tablets, if these access points can’t handle the amount of data being transferred; the entire system stops working. Luckily for Sentara, Cisco is more than up to the challenge.
Sentara Director of Information Security, Chad Spiers said, “By its very nature, [connected devices] widens the threat surface area and introduces new back door vulnerabilities.”
What he means is that security is an imperative, which is another area of expertise that Cisco DNA possesses. Cisco DNA is founded on Cisco hardware—like the Cisco Aironet Access Points—and allows hospital campuses and remote sites to collaborate safely and act as a single entity.
Cisco Identity Services Engine (ISE) has simplified access control. It checks to make sure that users and their devices are safe to connect to wired, wireless and remote connections. The Sentara IT team is able to designate network access to guests, patients, administrators and medical staff across multiple campuses from one single console. IT administrators are able to create special permissions for each user group. For example, a hospital visitor cn access the network so that he or she can use their mobile device, but they will not be able to view sensitive medical records.
Sentara went a step farther by using ISE and Cisco Stealthwatch to turn the network into a security sensor and informer. This allows the network to uncover attacks that are happening, quarantine them and ultimately repair them. This is as a must for any hospital.
#CiscoChampion Radio is a podcast series by technologists for technologists. In this episode we’re talking to David Zacks, the importance of flexible infrastructure.
Introducing the Cat9K platform and next gen of chip set.
The power of the single code base in the new Catalyst Platform 9300, 9400 and 9500.
The ability to empower people with analytics at the edge.
Focusing on the flexible infrastructure and looking 1-3 years out.v
Encrypted threat analytics.
The power behind Network Intuitive.
The importance of flexible evergreen hardware as Cisco moves into being a software company.
Working with the design team to build a flexible infrastructure.
Moving to intent based networking.
Elevating the conversation in SDA and why it was built it in the first place.
Micro-segmenting.
How to do identification through context.
Coming out of the starting blocks with SDA.
CLI is not going away.
Building blocks for a new network implementation.
Moving networks into the 21st century.
Explaining cryptographic compliance.
SPLT packet review.
Listen in and provide us feedback, we would love to hear from you!
Resources:
Cisco Enterprise Silicon – Delivering Innovation for Advanced Routing and Switching [BRKARC-3467] by Peter Jones and David Zacks, PDF of session presentation.
Detect threats in encrypted traffic without decryption, using network based security analytics [BRKCRS-1560] by Sarav Radhakrishnan, PDF of session presentation.
As the Network Engineering job role changes, Learning@Cisco and DevNet provide resources for skills transition.
Network engineering, as a job role, has shifted dramatically over the past 20 years. In the past, network engineers were responsible for keeping the network up and running, but the job role today is much more complex. Digital transformation, automation and orchestration, as well as changes in infrastructure, have opened up new possibilities and expanded the bandwidth of the role. In this new digital era, optimizing business outcomes has become a priority across industry.
With the advent of intent-based networking, the role of the network engineer is bound to shift even more. Additionally, since the half-life of newly acquired skills is now roughly 2.5 years, keeping pace with this rapid, and accelerating, pace of innovation calls into question – what’s the best way to attain the right skills and ensure future success? Last week, I met with industry leaders at the Software-Defined Enterprise Conference and Expo to discuss just this. Here are three ways that you can reinvent yourself as a network engineer:
Learn from your team
It takes a really long time to become an expert at something – Malcolm Gladwell has popularly defined expertise as 10,000 hours of experience. How can you get ahead of this incredibly long expertise development time? Speak to those who have been there, learn from their mistakes and challenges, and continually refer to them as a resource.
Your team is one of your most valuable resources. Listen to them, talk to them and learn together. Don’t just take knowledge from others; share yours with others as well. Set aside time explicitly for the purpose of sharing ideas and collaborating. And don’t just look to your team for new knowledge – look to the larger organization, to different areas of the business. Contribute to a culture of sharing, learning and teaching in order to foster your own growth and development, and to reinvent yourself as a network engineer.
Legitimize your learning, then celebrate your success
Team sharing helps accelerate learning and development; training and certification make this growth tangible. Eight of ten managers agree that Cisco certified individuals are more knowledgeable and valuable to their organization. They can take on more responsibilities, are more respected by peers and are more promotable according to Cisco’s Value of Certifications Study. So what are you waiting for? You want to reinvent yourself? Start training to become certified; it’s the best way to flex your career muscle and prove that you are truly capable of taking on a larger role or switching to a new position. Once you’re certified and have succeeded in accomplishing your next career goal, celebrate your success, but don’t think that’s where your reinvention ends.
Embark on a journey of continuous learning
No longer is learning a point-in-time occurrence, but instead an ongoing journey. To become a continuous learner requires a change in mindset – from a fixed mindset to a growth mindset, as referred to in Carol Dweck’s popular book. Having a growth mindset means opening yourself up to new possibilities, new tactics, new technologies and ultimately, becoming more flexible. Taking advantage of both team learning and more formalized training, and becoming a flexible, continuous learner with a growth mindset will create new professional opportunities and will ultimately set you up for long-term success.
There are resources available to you to continue your learning. Learning@Cisco offers extensive learning opportunities in network programmability through training and certification.
Has anything really changed for women in tech over the past 20 years? It’s definitely a question worth asking if you’re a woman, and hopefully one you’re at least mildly interested in if you’re a man.
We did not initially ask Anne to be on the show so she could cover that topic—we asked her on because she’s a brilliant engineer from the Cisco cloud team and we wanted to know what she was working on. But when you’re a woman in the tech world, sometimes people just want to know. What was it like when you were young and you wanted to get into the field? Did you always love it? Did your parents resist your plan? What was it like in college? Did the guys dismiss you? Do they dismiss you today? What’s it like when you walk into engineering meetings? Do you care that you’re probably getting paid less? And how do you feel about that Google letter?
Luckily for us, Anne is capable of a quick pivot. She graciously tabled whatever engineering insights she had planned to share, and instead spent the half-hour sharing her first-hand experiences, opinions, and insights as a woman in tech. She covered all the things I mentioned above, and also delved into:
The dangers of “Us vs. Them” tribalism when addressing gender inequality
How she reacts to the “microindignities” women experience so regularly in the workplace
Her realization that not all the “dinosaurs” are old (or going extinct)
The best steps women can take to earn respect from their male colleagues
See the video podcast on our YouTube page, or listen to the audio version on iTunes. And if you like what you hear, we invite you to subscribe to our channel so you don’t miss any of the other exciting podcasts we have scheduled over the next several months.
Your mom, your sister, your friend…maybe even you—breast cancer touches all of our lives. In the U.S. alone, approximately 1 in 8 women will develop the disease during their lifetime.[1]Breast cancer is the most commonly diagnosed cancer in women, and the second-leading cause of death.[2]
When it comes to breast cancer, early diagnosis is one of the most important strategies for survival.[3] But if you live hours away from specialists and diagnosticians, the time, travel, and costs add up.
This is a problem the Medical Hospital Center of Odessa, Texas, set out to solve. With the help of vRad, the hospital works with more than 400 physicians across the U.S. to read images remotely for patients who would otherwise have no access to sub-specialists.
For patients, the quick turnaround makes a difference. When Ms. Carol, a patient at the Medical Hospital Center, had an abnormal mammogram, “They wanted an ultrasound. That was actually the height of my anxiety. I’m really grateful that the medical center has the technology because it would have just been another week of wondering what was going to happen.”
When it comes to breast cancer, knowledge is power. By enabling immediate follow-up, patients and doctors can make decisions about next steps in care. Whether a patient is cleared or needs to start a treatment plan, speed matters.
With Cisco networking and collaboration technology, companies like vRad have the power to make life-changing diagnoses in real time. Learn more here.
“Our partnership with Cisco has really changed the playing field for patients and the delivery of healthcare in this country,” – Dr. Sussman, radiologist, vRad
Technology enables real-time diagnosis from everywhere. See the full vRad case study here.
Posting this blog on behalf of Babi Seal, Senior Manager, Product Management, INSBU and Lukas Krattiger, Principal Engineer, INSBU
This is the second blog in a two-part series that highlights novel Virtual Extensible LAN (VXLAN)-related features that are now shipping in the latest software release of the Nexus 9000 platform. In the previous blog, we briefly described three key features: Tenant Routed Multicast (TRM), Centralized Route Leaking for EVPN (Ethernet VPN), and Policy-Based Routing support with VXLAN. In this blog, we will look at the capabilities of the VXLAN EVPN Multi-Site feature.
Overview
VXLAN EVPN Multi-Site marks an important milestone in the journey of overlays. The vanilla VXLAN flood-and-learn based mechanism that relied on data-plane learning. This approach was replaced with an enhanced mechanism that relied on a control plane, back in early 2015 when BGP EVPN became the control plane of choice for VXLAN overlays. With this addition, support for integrated Layer-2/3 services, multi-tenancy, optimal one-hop forwarding, and workload mobility was introduced, making EVPN enabled VXLAN a more scalable and efficient solution.
VXLAN EVPN Multi-Site continues the evolutionary path toward building even more efficient VXLAN-based overlay deployments. It brings back proven networking design principles around hierarchical network design and fault containment with preserving network control boundaries when building scalable overlays.
Pre-EVPN Multi-Site: Multi-Pod and Multi-Fabric
The need for interconnecting data centers is as old as the notion of data centers themselves. This was no different when VXLAN was introduced. With VXLAN’s capability to build Layer-2 networks on top of Layer-3 networks, we achieved simplicity with transport independence but unfortunately left out many network-design principles for the overlay.
Even in the pre-VXLAN EVPN days, we still managed to build well-structured and hierarchical topologies such as Fat-Tree, Clos, Leaf/Spine. VXLAN overlays flattened this by creating end-to-end encapsulations from leaf to leaf through the Multi-Pod design. There the data plane was shared across pods while keeping some separate overlay control plane instance per pod. Alternative approaches preserved the hierarchy but required introduction of additional Data Center Interconnect (DCI) technology for interconnecting distinct VXLAN overlay domains; resulting in a Multi-Fabric design.
The challenge with Multi-Pod was the use of a single overlay domain (end-to-end encapsulation), which created challenges with scale, fate sharing, and operational restrictions. While Multi-Fabric provided improvements by isolating both the control and the data plane using hierarchical topologies, there was additional considerations imposed on the users to select from a mish-mash of different DCI technologies to extend and interconnect the overlay domains, thus resulting in greater operational complexity.
Introducing VXLAN EVPN Multi-Site
VXLAN EVPN Multi-Site is an open solution that extends the capability of VXLAN EVPN to provide hierarchical multi-site connectivity and allows stretching of Layer 2 and 3 services beyond a single overlay domain. The improvement over Multi-Pod/Multi-Fabric designs is significant in that now VXLAN EVPN is still used for carrying traffic between sites but policies can be applied at the border devices that also serve as the ‘gateway’ to the other sites. These border devices called Border Gateways (BGW) and terminate, mask, and interconnect multiple overlay domains, fabrics or sites. The chosen approach in VXLAN EVPN Multi-Site preserves the network-control boundary for traffic enforcement and failure containment with the simplicity of an integrated Layer 2 and 3 extension.
The BGW is the core component of EVPN Multi-Site that simplifies the deployment of the overall solution. In existing VXLAN EVPN fabrics, the BGW becomes a simple conversion of an existing Border Node or an easy addition as a leaf during the fabric lifecycle.
With EVPN Multi-Site, control- and data-plane within a given fabric stays unchanged. Only when it is necessary for traffic to leave the existing fabric to reach an end-point in a remote fabric, then the BGW perform its function of termination and re-origination the VXLAN tunnels. The question is how?
In EVPN Multi-Site, we define each fabric (‘site’) as its own BGP Autonomous System. We leverage the behavior of External BGP’s next-hop behavior, which points to the next-hop node for reaching a remote end point, in this case the closest BGW. To ensure resiliency and load distribution for the BGW, up to four BGWs can operate with the same “personality” requiring no control-plane changes whenever a failure scenario isolates or degrades one of the available BGWs. The personality encompasses sharing the same site ID and the same Virtual IP Address in a given site thereby making them part of a BGW cluster. Additional functions are available that perform interface state tracking to assist in rapid and efficient detection of failure scenarios thereby preventing an impaired BGW from remaining in the cluster.
The two important steps that allow EVPN Multi-Site to achieve its overall behavior are:
How a BGP EVPN advertisement appears remotely: When a BGP EVPN Route-Type 2 (MAC/IP) or Route-Type 5 (IP Prefix) is advertised from a remote site (remote AS), the BGW will take this information and advertise it with its own IP address as the next-hop into its local site (local AS).
How a leaf performs the data-plane operations when exiting the local traffic: As a result of BGP EVPN advertisements into its local site (local AS), all site local leafs will see the BGW as the only next-hop to reach the remote site prefixes (both MAC and IP). Whenever there is a need to reach these destinations, the VXLAN encapsulation from a leaf will be performed towards the BGW of the local site.
What this means is that if there are N=10 sites with M=256 leafs (VTEPs) each, the number of VTEPs each leaf needs to know about significantly reduces with an EVPN Multi-Site deployment as listed below:
Another useful feature that EVPN Multi-Site offers is rate limiting across the three BUM classes – Broadcast, Unknown Unicast, and Multicast. Rate limiting or even disabling of some of these classes becomes paramount, especially with the requirement of Layer-2 extension that is present in many intra data center and data center interconnect use cases.
While limiting BUM traffic is important, the distribution of BUM handling is even more critical in a world of scale-out architectures. In EVPN Multi-Site, we are doing this by a per-VNI Designated Forwarder (DF) election. Across all the BGW that are deployed within a site and with seamless extension of Layer-2, each BGW will perform the function of BUM forwarding for a different VNI (VXLAN Network Identifier). This way potential hotspots are avoided and traffic distribution can be achieved more efficiently.
Summary
Innovations such as the Cisco CloudScale ASICs available through the Nexus 9000-EX and -FX series provide many advanced capabilities for VXLAN overlays that are not available as widely in other switching platforms, like VXLAN EVPN Multi-Site. Cisco is developing comprehensive deployment guides that will go in-depth on all of the topics we have introduced in this two-part blog series. Stay tuned.
Resources
Since the release of NX-OS 7.0(3)I7(1) for Nexus 9000 platform, various resources have been posted around EVPN Multi-Site. The prime resources are listed below:
Building Data Centers with VXLAN BGP EVPN: A Cisco NX-OS Perspective: By Lukas Krattiger, Shyam Kapadia, David Jansen, Published Mar 31, 2017 by Cisco Press. http://www.ciscopress.com/store/building-data-centers-with-vxlan-bgp-evpn-a-cisco-nx-9781587144677
Once you have a digital strategy in place, it’s time to move forward and make it happen. Let’s explore the basics of digital marketing execution, from email marketing and social media marketing to mobile marketing and everything in between.
With short attention spans and smart buying habits, digitally savvy consumers need personalized, relevant communications. Make sure that your email gets remembered by applying these five attributes:
Social media is one of the most powerful ways to reach and engage with buyers. Because it’s almost universally used—by consumers and brands—it’s one of the most effective channels to connect with your audience. As you think about creating content to support your social media marketing, frame your thinking around your audience’s needs and interests. The content mix may vary depending on which platforms you use, but here are some things to include:
With flexible, visible pay-per-click (PPC) ads, your ad is placed as a “sponsored result” on the top or side of search engine results, and you pay for each received click. Because the ads appear when a person is searching for a particular keyword or term, it’s important to use relevant keywords.
Display ads are visual ads that can be placed on a variety of online media in a wide array of formats such as text, images, video, flash, and more. You can use nearly any type of media to spread your message across multiple devices and channels.
Through social advertising, you can target the right buyers and deliver your message on the channels that your buyers spend time on—like Facebook, Twitter, LinkedIn, YouTube, and Instagram.
Successful marketers use mobile marketing in conjunction with existing channels (web, email, social) to drive meaningful engagement with customers and prospects. By leveraging mobile devices to engage at any point in the customer lifecycle, you can drive brand value and demand. It’s important to reconcile timing and cadence with your larger mobile strategy, which varies depending on your target personas and business goals. Here are some other considerations:
Combine mobile with marketing automation
Use SMS and MMS messaging
Create a mobile app
As a Cisco partner, you have a wealth of resources at your fingertips—all designed to help you stay one step ahead of the game. Be sure to explore each of these resources for even more information on digital readiness.
While major corporate breaches and ransomware attacks like WannaCry continue to get the most attention, we are also seeing a rise in attacks that directly target consumers and employees. Lax company privacy measures and poor cyber hygiene make a hacker’s job easy and make us all prime targets. National Cyber Security Awareness Month is the perfect time to stop, think, and then connect in a way that keeps us safe online.
Often, the full risks associated with social sharing aren’t glaringly evident. For example, we willingly give up data for some benefit, whether it’s connecting with friends and family, signing up online for discounts or “free stuff,” or engaging with what’s trendy in the moment. But where our data goes – directly to the vendor, to third parties, or unwittingly to cyber criminals – can be a mystery.
Users of All Ages Are Susceptible to Cyber Risks
These days, no one is immune. Younger users and employees who have come of age using social media, often seem more transparent and open with what they share on public platforms. They do not have the life experience, nor the judgment, to see the future impact of oversharing personal details. But older people can be vulnerable online, too. Many older folks don’t realize that hackers can use ransomware or phishing attacks against them – for example, through ploys like hijacking photos of their grandchildren. And users in midlife can be so consumed with work and family obligations that they don’t have time to keep up with vendors’ changing privacy settings, refresh their passwords, or regularly back up their devices. We all have our cyber kryptonite that might allow jerks and crooks in to harm us.
Reducing Cyber Risks
What’s to be done? First, digital providers must understand their customers’ privacy and security needs and design digital experiences with appropriate context. If you want to be a trusted business, it’s not enough to have the minimum of security or basic compliance with the laws that govern your business. Think about going beyond. People are linking their lives to your digital services, driving an ethical and moral imperative for technical providers to up their game. It’s a big responsibility to run a social platform today.
To many online vendors’ credit, privacy settings have become much more clear and granular over the past few years. Unfortunately, as a consequence, settings change more often, forcing users to stay watchful over their preferences which could auto-revert to a non-preferred setting. To help, digital businesses can increase user education and outreach in places where their audiences naturally go. For example, use various social channels such as YouTube, Twitter, Snapchat, Facebook and podcasts to disseminate security and privacy updates.
Of course in the always-on world, personal preferences enter the workplace as well. Here is where younger generations may well have a distinct advantage. Because they’ve grown up with issues such as cyber-bullying, they might be more sensitive to online pitfalls and the risk to brand reputation. Their penchant for social connection can make them good brand ambassadors if you train them early and often about what makes or breaks a brand over time. And younger workers’ expectations of authenticity can encourage seasoned workers to be more open in the workplace.
Strike a Balance Between Privacy and Controls
It’s no longer possible to completely separate our work and private lives and still participate online. Our world is “always on,” and the need for an integrated life is the best means for survival in an intense playing field. You need the right balance between personal and professional personas, and judgment matters before sharing crosses the line. For instance, managers might withhold certain information for very good reasons, like the law or confidentiality requirements. Those same managers are tasked with leading with authenticity and transparency to build loyalty and trust.
At Cisco, we believe the digital economy can only flourish when you connect people, process, data and things in an ethical, relevant and secure way. This is how we create an environment where everyone can more easily do business and trust that their data is safeguarded. As we kick off National Cyber Security Awareness Month, let’s all – vendors and users – stop and think about our part in making that trustworthy environment a reality.
Listen to the Privacy Sigma Riders podcast seriesfor more insights on security, trust and privacy from Michelle and some of the leading voices in the industry.
Visit our Cisco Trust Center for our perspective on data protection and privacy,
What this means is that if there are N=10 sites with M=256 leafs (VTEPs) each, the number of VTEPs each leaf needs to know about significantly reduces with an EVPN Multi-Site deployment as listed below:
