Cisco Blogs

Top Ten IOS Services You Should Be Using Now!

April 22, 2010 - 5 Comments

Cisco IOS is a mainstay within the vast majority of the world’s networks – public or private, small or large, local or global. It is THE control software for Cisco’s switching and routing systems and serves as the core service delivery platform for Cisco’s Borderless Networks.

Given its central role within the world’s networks, much is asked of Cisco IOS – and much is delivered by Cisco IOS. So much so, that at times, key high-value IOS services can go unnoticed and unused by network operators. In an effort to expose some of these IOS “hidden gems,” I recently polled the team responsible for directing Cisco IOS developments. I asked them to identify IOS services that, from their experience, customers should be putting to even greater use within their networks.

As would be expected from such an enthusiastic team, responses came fast and furiously. And although I gathered a rather lengthy list of nominees, I narrowed the list down to a manageable top ten. In no particular order, what follows is the Top Ten IOS Services You Should Be Using Now…

10.  PfR – Boost availability and performance of mission-critical applications.

Cisco IOS Performance Routing (PfR) improves application performance by enabling a performance-aware infrastructure that selects the best path across the network. By continuously measuring network and application performance characteristics, PfR can improve application availability by dynamically routing around performance problems in the network.

9.  SAF – Speed application deployment and increase solution scalability.

Cisco IOS Service Advertisement Framework (SAF) provides an innovative network-integrated way to dynamically enable application endpoints to advertise and discover services in the network, resulting in simplified application deployment and increased scalability.

8.  IBNS — Secure resources. Improve visibility. Enforce policy compliance.

Cisco IOS Identity-based Network Services (IBNS) is designed to enable secure user and host access to enterprise networks, enabling policy enforcement of all users and hosts — whether managed or unmanaged. The solution promotes authentication to access the network, providing varying levels of access to networked resources based on corporate access policy. See Cisco In-The-Lab videos on ACLs and VLANs.

7.  IPSLA  — Test, measure, and monitor the user experience on the network.

Cisco IOS IP Service Level Agreements (IPSLA) exercise the network, using synthetic transactions which mimic the action of the end user. When something goes wrong, IPSLA can also trigger actions inside the device or interactions with an external network management system. With IPSLAs, network operators are able to establish and verify service guarantees; increase network reliability by validating network performance; proactively identify network issues; and boost return on investment (ROI) for existing and new network-centric applications. See Cisco In-The-Lab video on IPSLA.

6.  EEM  — Automate networking tasks and lower operational costs

Cisco IOS Embedded Event Management (EEM) is an automation engine that allows network operators to easily insert their own management logic into IOS. From network changes to hardware problems, EEM is able to automate routing and non-routine administrative actions. In order to help our customer easily leverage this powerful technology, ready-to-use EEM solutions are provided at no charge under Cisco’s Embedded Automations System (EASy) program. See Cisco In-The-Lab video on EEM.

5.  WSMA  — Advance network management capabilities via web services.

Cisco IOS Web Services Management Agent (WSMA) defines a set of web services, through which a network device can be fully managed – from configuration to on-going monitoring to troubleshooting. WSMA operates in both listener mode (Connections are initiated by external applications.) and initiator mode (WSMA initiates the connections.). WSMA supports HTTP, HTTPS, Secure Shell Version 2 (SSHv2) and TLS transports; provides XML encoded model for configuration and operational data; publishes schemas for web services; avoids screen scraping; allows faster NMS application development; and provides faster response times compared to traditional telnet-based access mechanisms.

4.  NBAR2  —  Improve network visibility and application control

Cisco IOS Network Based Application Recognition 2 (NBAR2) is the next generation of Deep Packet Inspection technology from Cisco. It combines original NBAR capabilities with advanced classification capabilities of the Service Control Engine (SCE). NBAR2 dramatically enhances application visibility in the network and enables many networking services (e.g., QOS, routing, filtering, security, reporting…) to be application-aware. This provides the network operator with greater control over application-specific use – and abuse — of the network. See Cisco In-The-Lab video on NBAR.

3.  Flexible NetFlow  —  Optimize network use and protect network from abuse

Cisco IOS Flexible NetFlow improves on the original NetFlow through improved scalability and flexibility. Flexible NetFlow identifies network traffic, monitors network behavior, and detects network anomalies. All of these capabilities help network operators optimize resource usage, plan network capacity, adjust application service levels, and detect Denial of Service (DoS) attacks and network-propagated worms.

2.  IOS Firewall  —  Defend resources and heighten availability

Cisco IOS Zone-Based Policy Firewall protects the network infrastructure against network and application layer attacks, viruses, and worms and solidifies unified communications by guarding Session Initiation Protocol (SIP) endpoints and call-control resources. IOS Firewall can also ensure regulatory compliance in areas of PCI and HIPAA.

1.  AUM  —  Simplify IOS software image management.

Cisco IOS Auto-Upgrade Manager (AUM) provides a simple interface to specify, download, and upgrade a new Cisco IOS image. Network operators are able to upgrade to a new Cisco IOS image in interactive mode by allowing the Auto-Upgrade Manager to guide you through the process. Alternatively, you can perform the upgrade by issuing a single Cisco IOS command or a series of commands useful for batch scripting. It saves time and also boosts the integrity of the IOS upgrade process. See Cisco In-The-Lab video on AUM.

How many of the above Cisco IOS features are you putting to use across your Cisco network infrastructure? How have they made your network better? Or your staff more efficient? Or your end users more productive? Let us know. And, as always, we welcome suggestions on how to further improve Cisco IOS and its many and varied services.

One last thing… I will recommend two sites where you will find more information about not only the services listed above, but many other valuable IOS services. The first serves as a jump point to IOS service descriptions – IOS Services Portfolio. The second hosts short training videos that focus on specific IOS services – In-The-Lab videos on IOS. These videos feature TechWise TV’s Jimmy Ray Purser offering straightforward how-to guidance for network operators looking to get the most out of Cisco IOS.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Just received an excellent IPSLA pointer from Joel King of Cisco. He wrote...I use IP SLA as an important part of conducting a Network Readiness Assessment for IP Video Surveillance. See more details.""If you're looking to add IP video surveillance (or even video anything for that matter) to your network, the document Joel refers to is the best source for guidance that I have come across. As you will see in this document, IPSLA is just one of many tools available to help you assess your network's video readiness. With that said, I can tell you that I have heard of IPSLA coming to the rescue of many a network bogged down by video traffic. One recent occurrence had Cisco support engineers dropping in an IPSLA ""probe"" (really just an ISR with IPSLA activated) into a competitor's switch network in order pinpoint the cause of a video-driven network slowdown. Problem identified. Fix recommended. Customer satisfied... with Cisco that is. ;-)"

  2. Thanks for the interest, David. I'm glad you found it useful. Who knows... You just may find me doing a follow-up listing #11 thru 20!

  3. heii..thanks for the info, very useful for me..thanks a lot..

  4. Thanks for the additional guidance, Brad. The more operators make use of such features as IPSLA and Flexible NetFlow, the better their networks serve their organizations.

  5. Hi Mark,Glad you brought up #3 - Flexible NetFlow. I just did on blog on it:How to configure a Cisco Nexus 7000 to export NetFlow v9, glad you brought up # 7 - IPSLA as I've done blogs on that too:Why aren't more people using Cisco's IP SLA? to setup Cisco IP SLA jitter monitors to setup a Cisco IP SLA TCP connect operation, I've got many more Flexible NetFlow blogs on my Cisco How-To Tutorials web page: