The digital economy and the Internet of Everything (IoE) are creating a host of new opportunities. With as many as 50 billion connected devices by 2020, this wave of digitization will spell new opportunities for organizations and governments and the consumers and citizens they serve.
Yet, the more things become connected, the more opportunities exist for malicious actors as well. We are now dealing with a new world where more and more devices are creating a broader and more diverse attack surface that can be exploited.
Attackers are becoming stealthier, better organized, collaborating extensively, and are well resourced. According to the Cisco 2015 Annual Security Report, malware is becoming increasingly sophisticated and elusive. Since 2009, we have seen a 66 percent compound annual growth rate of detected security incidents.
In order to respond faster to threats and achieve better outcomes requires a tightly integrated security architecture that is as pervasive as the devices and services we are protecting. For this reason, we believe that the most effective way to confront these challenges is to evolve to an approach that extends security everywhere – both embedded into the intelligent network infrastructure and pervasive across the extended network – from the service provider to the enterprise network infrastructure, data center, IoT, cloud and endpoint. This is essential to protect today’s wide array of attack vectors while positioning security to act as a growth engine to enable companies to seize new business opportunities.
Read More »
Tags: CLUS15, IoE, network, security
It is now March. It actually hailed here in Huntington Beach, but we’ll call it snow for the novelty. It’s always neat to see things like this happen here in Southern California mainly because things like snow rarely seems to happen. We freak out on rainbows. Get the picture?
Well to keep things sane here locally, I asked my brethren Wireless Product Manager, Nasser Tarazi to take a few minutes to talk about his new Cisco WAP131.
Here’s a few nuggets about the new WAP131:
The new WAP131
- The WAP131 supports concurrent dual band radios for improved coverage and performance
- Designed for Desktop/tabletop deployment
- It can be powered by a PoE Switch using the WAP131’s PoE ethernet port, meaning less cabling demands for deployment
- Works out of the box
- Quick and easy deployment
- Free feature upgrades
- Limited Lifetime Warranty
- A good product to replace the popular WAP4410N
Simply put, this new wireless access point is a perfect upgrade for those who were previously using a single wireless router (network-in-a box) for their small business networking needs. Nasser adds, “We are providing our customers with affordable yet highly reliable, secure wireless solutions. The new Cisco WAP131 is yet another example”.
Quick note, Nasser’s son used his GoPro to video this piece, pretty good for his first attempt. Maybe the next video we will show Nasser snowboarding!
That is all for now. Thank you for spending some time with us.
Tags: Cisco, network, PoE+, port, rout, small business, wireless
As Cisco prepares for Cisco Live Melbourne #clmel, I wanted to take this opportunity to highlight our @Ciscocloud Intercloud partnership with Telstra
The following Q&A session between executives of our partnered companies identifies the unique challenges of our current business environment and the rapidly changing needs of our customers. Interviewed by Stuart Robbins, the participants in our inaugural blog are Ken Owens, Cloud Services CTO from Cisco, and Tim Otten, GM Cloud Strategy and Platforms from Telstra.
Q: Cisco’s strategy is to create solutions built upon intelligent networks that solve our customers’ challenges. As a key technology partner, Telstra’s diverse customers present unique opportunities for a new generation of solutions for those customers – can you tell us about how our combined capabilities will help those customers be successful?
[Otton, Tim J] Networks are increasingly important to the delivery of services as we shift to “the Cloud,” and the concurrent profusion of data, workforce mobility, distributed application environments, and the hybrid infrastructures supporting those applications. Both Cisco and Telstra are committed to delivering highly secure, high-performance intelligent network capabilities.
These networks must be thoroughly responsive to an ever-changing set of user and application requirements – adaptive, flexible, and resilient. Both companies have a rich tradition of global insight gained from a relentless focus on customer requirements.
[Owens, Ken] Telstra is one of the industry’s most advanced solution providers, with a noteworthy history of successful technology transformations in telecommunications. From the earliest days of IT outsourcing, and managed hosting, and now as we shift to the Cloud, Telstra has provided true leadership to the industry during these transformations.
Like Cisco, they view their customers’ strategic objectives as Priority 1 and will do whatever is necessary to make their customers successful. For more than 25 years, Cisco and Telstra have guided the market through each new technological shift, with exceptional people leading the way.
Q: One aspect of the changing enterprise landscape is the “blurred” boundaries between large enterprises in business ecosystems. While the basic principles remain important (resilient architectures, reliable networks, responsive applications), what are some of the emerging challenges in this “ecosystem first” world?
[Otton, Tim J] The business landscape has changed. Cloud, Mobility, Social Media, advanced analytics, and open platforms are also changing the landscape for service creation and innovation. Increasingly, service creation will emerge both within and beyond (intra- and inter-organizational) boundaries to better serve a growing number of mobile users and a project-oriented workforce.
In order to support connectivity as well as enable full integration with many external partners and providers, businesses are now required to ‘open’ their IT environment. Increasingly, organizations are choosing to expose their own systems and proprietary data to third-parties, creating “greater value” by encouraging innovative use of a company’s intellectual assets. Software applications are distributed, both geographically and architecturally. All of these factors alter the connectivity/security paradigms of traditional enterprise IT.
[Owens, Ken] Tim is right on, and the exciting element of this model is that it’s driven by the customer! This is not a consumer fad or one-time remodel, this is the pace and speed by which business must adopting to the requirements of their customers and the rapidly changing marketplace. A successful business today requires a flexible set of services and capabilities to quickly adapt to this changing landscape. Together, Cisco and Telstra have a proven track record of enabling innovation to address the changing needs of the businesses we support.
Q: Providing exceptional products and services to Enterprise IT is familiar territory to both Cisco and Telstra, and this common ground is one reason why the Cisco-Telstra partnership makes great sense. As we move beyond IT, we’re also being asked to directly address the needs of business departments (marketing, product management, customer support). How do we adapt to meet those needs?
[Otton, Tim J] We need to develop a deeper understanding of the different “lines of business” within the Enterprise. We need to better understand what drives their business and the market environments in which they operate. In other words, we need to become an enabler of business solutions rather than simply selling more technology. Our focus needs to be increasingly on the business outcomes we can deliver to our customers.
We need equip our sales teams to communicate those solutions, to be able to engage customers in conversations that start with business issues and proceed from there to provision enabling technologies rather than starting (and often finishing with) technology alone.
At the same time, we need to better support IT departments so that these services can be integrated into the overall Enterprise network architecture- – -ensuring that these distributed services are secure, and optimized to perform reliably. Telstra and Cisco need to be seen as enabling partners, and not just suppliers.
[Owens, Ken] The needs of the business can be vast, complicated, and rapidly evolving to meet the needs of a changing marketplace. Cisco and Telstra are leaders in business transformation. The key to success in this ever-changing environment is to provide leadership with speed, agility, innovative leadership to assist each customer’s ability to adapt to the changes. Of course, Tim’s right, we also need to help IT executives quickly transition not only their technology, but also their processes and practices.
Q: The recipe seems simple enough = one part: exceptional technology with the associated expertise, and one part: an evolved partnership methodology (i.e., Partnership 2.0) that will serve as the foundation for what our companies can accomplish together.
One last question. Imagine what success looks like for the joint Cisco-Telstra effort in two years: what are the core behaviors/values that we’ll be most proud to have embraced, when we glance back? In other words, what are the central organizational principles that will serve to anchor this new style of ecosystem development?
[Otton, Tim J] My vision for the partnership is that we have developed an advanced understanding of the requirements of stakeholders – whether it be IT, LOB, or end-users – within the customers we served and are singularly focused on the business outcomes that we can jointly deliver for our customers.
[Owens, Ken] The demands of Enterprise 2.0 require an infrastructure that is both elastic and reliable, flexible yet secure. Organizations, too, will require those very characteristics. To accomplish this,“Governance 2.0” and “Partnership 2.0” become framework components of that new ecosystem in service of our customer’s transformed world. As Tim stated, the business outcomes and continuously delivering business value are the key principles.
Thank you Tim for you time to discuss the joint journey we are embarking on.
Tags: application, application portability, Big Data, Borderless Networks, Cisco, cloud, Cloud Computing, data center, ecosystem, InterCloud, IoE, IoT, IPv6, network, partner, SDN, security, Service Provider, strategy, telstra
February is here. Winter is in full swing on this side of the equator. Summer is grasping the other. I know it’s been a warm one so far for our friends in Australia. But snowfall amounts in the Northeast has our ski areas in Northern California and the Rockies so envious. Such is Mother Nature right?
Recently, our team announced some important details for our Switching and Wireless products.
I thought I would take the time to let you all know more on these announcements.
First up, Nasser Tarazi, Wireless Product Manager, announced two new models. We will cover the new WAP351 this week and the new WAP131 next week.
The New Cisco WAP351
The new Cisco WAP351 perfect for conference rooms, classrooms, hospitality and other flexible deployments. It offers Dual Radio (2.4Ghz and 5Ghz) wireless N connectivity, a 5-port Switch with PoE PD and PSE support, Single Point Setup, Captive Portal and comes with Limited Lifetime Warranty.
The WAP351 offers something new to the Wireless portfolio. Here is a quick Power Over Ethernet (PoE) primer. PoE Powered-Device (PD) is the ability to power the device through an PD-capable Ethernet port. PoE PSE (Power Sourcing Equipment) is the ability to supply power a device connected to a PSE-capable Ethernet port. In terms of power, a standard PoE port can support a maximum output of 15W, while a PoE+ port supports up to 30W.
Now, back to the WAP351. As mentioned above, the WAP351 support both PD and PSE. This means if the WAP351 is connected to a PoE+ switch like the SG300-10PP, the WAP351 can be power through PD-capable Ethernet port, while at the same time powering a standard PoE device like a phone or another AP, like the WAP131 through the WAP351’s designated PSE-capable Ethernet port.
More on Wireless Access Points and PoE:
- PoE: Power over Ethernet. PoE enables Power and Data to be combined onto a single Ethernet cable to power devices such as access points, IP phones, or IP cameras
- PSE on a WAP is exclusive to the new WAP351
- A WAP with PSE is attractive for verticals such as education, hospitality, and smaller offices and meeting rooms where both wired and wired access is required
- PoE enables WAP’s or other endpoint devices to be installed where power typically is not available, such as on a wall or ceiling. This allows for greater flexibility during deployments.
- All Cisco Small Business WAP’s support PoE PD
- Dual-Radio WAPs requiring 802.3af PoE power = WAP131, WAP351, WAP561
- Dual-Radio WAPs requiring 802.3at PoE+ power = WAP371, WAP351 when using the PSE with full power budget
- The WAP351 can be powered by 48V/1.25A external DC power if a 802.3af/t PoE switch is not used or available
- The WAP351 can provide 6w of PSE when using 802.3af
Ok you got it? Make sense?
Cisco 300 Series Switches
In other news:
Switching Product Manager Michael Wynh announced several price reductions on the ever-popular 300 Series Switches. This is good news for our customers and channel partners alike. Businesses can maximize their budgets and take advantage of Cisco’s class-leading PoE switching products. For more information on these important updates, please contact your local Cisco Representative or check out our support community.
That is it for now. Thanks for hanging out with us.
Until next time,
Tags: #wireless, access point, Cisco, Cisco Wireless, ethernet, network, PoE ports, port, router, switch, VLAN, wlan
Given the tremendous interest in VXLAN with MP-BGP based EVPN Control-Plane (short EVPN) at Cisco Live in Milan, I decided to write a “short” technology brief blog post on this topic.
VXLAN (IETF RFC7348) has been designed to solve specific problems faced with Classical Ethernet for a few decades now. By introducing an abstraction through encapsulation, VXLAN has become the de-facto standard overlay of choice in the industry. Chief among the advantages provided by VXLAN; extension of the todays limited VLAN space and the increase in the scalability provided for Layer-2 Domains.
Extended Namespace – The available VLAN space from the IEEE 802.1Q encapsulation perspective is limited to a 12-bit field, which provides 4096 VLANs or segments. By encapsulating the original Ethernet frame with a VXLAN header, the newly introduced addressing field offers 24-bits, thereby providing a much larger namespace with up to 16 Million Virtual Network Identifiers (VNIs) or segments.
While the VXLAN VNI allows unique identification of a large number of tenant segments which is especially useful in high-scale multi-tenant deployments, the problems and requirements of large Layer-2 Domains are not sufficiently addressed. However, significant improvements in the following areas have been achieved:
- No dependency on Spanning-Tree protocol by leveraging Layer-3 routing protocols
- Layer-3 routing with Equal Cost Multi-Path (ECMP) allows all available links to be used
- Scalability, convergence, and resiliency of a Layer-3 network
- Isolation of Broadcast and Failure Domains
IETF RFC7348 – VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks
Scalable Layer-2 Domains
The abstraction by using a VXLAN-like overlay does not inherently change the Flood & Learn behavior introduced by Ethernet. In typical deployments of VXLAN, BUM (Broadcast, Unicast, Multicast) traffic is forwarded via layer-3 multicast in the underlay that in turn aids in the learning process so that subsequent traffic need not be subjected to this “flood” semantic. A control-plane is required to minimize the flood behavior and proactively distribute End-Host information to participating entities (typically called Virtual Tunnel End Points aka VTEPs) in the same segment – learning.
Control-plane protocols are mostly employed in the layer-3 routing space where predominantly IP prefix information is exchanged. Over the past years, some of the well-known routing protocols have been extended to also learn and exchange Layer-2 MAC addresses. An early technology adoption with MAC addresses in a routing-protocol was Cisco’s OTV (Overlay Transport Virtualization), which employed IS-IS to significantly reduce flooding across Data Center Interconnects (DCI).
Multi-Protocol BGP (MP-BGP) introduced a new Network Layer Reachability Information (NLRI) to carry both, Layer-2 MAC and Layer-3 IP information at the same time. By having the combined set of MAC and IP information available for forwarding decisions, optimized routing and switching within a network becomes feasible and the need for flood to do learning get minimized or even eliminated. This extension that allows BGP to transport Layer-2 MAC and Layer-3 IP information is called EVPN – Ethernet Virtual Private Network.
EVPN is documented in the following IETF drafts
Integrated Route and Bridge (IRB) – VXLAN-EVPN offers significant advantages in Overlay networking by optimizing forwarding decision within the network based on Layer-2 MAC as well as Layer-3 IP information. The decision on forwarding via routing or switching can be done as close as possible to the End-Host, on any given Leaf/ToR (Top-of-Rack) Switch. The Leaf Switch provides the Distributed Anycast Gateway for routing, which acts completely stateless and does not require the exchange of protocol signalization for election or failover decision. All the reachability information available within the BGP control-plane is sufficient to provide the gateway service. The Distributed Anycast Gateway also provides integrated routing and bridging (IRB) decision at the Leaf Switch, which can be extended across a significant number of nodes. All the Leaf Switches host active default gateways for their respective configured subnets; the well known semantic of First Hop Routing Protocols (FHRP) with active/standby does not apply anymore.
Summary – The advantages provided by a VXLAN-EVPN solution are briefly summarized as follows:
- Standards based Overlay (VXLAN) with Standards based Control-Plane (BGP)
- Layer-2 MAC and Layer-3 IP information distribution by Control-Plane (BGP)
- Forwarding decision based on Control-Plane (minimizes flooding)
- Integrated Routing/Bridging (IRB) for Optimized Forwarding in the Overlay
- Leverages Layer-3 ECMP – all links forwarding – in the Underlay
- Significantly larger Name-Space in the Overlay (16M segments)
- Integration of Physical and Virtual Networks with Hybrid Overlays
- It facilitates Software-Defined-Networking (SDN)
Simply formulated, VXLAN-EVPN provides a standards-based Overlay that supports Segmentation, Host Mobility, and High Scale.
VXLAN-EVPN is available on Nexus 9300 (NX-OS 7.0) with Nexus 7000/7700 (F3 linecards) to follow in the upcoming major release. Additional Data Center Switching platforms, like the Nexus 5600, will follow shortly after.
A detailed whitepaper on this topic is available on Cisco.com. In addition, VXLAN-EVPN was featured during the following Cisco Live! Sessions.
Do you have appetite for more? Post a comment, tweet about it and have the conversation going … Thanks for reading and Happy Networking!
Tags: #CLEUR, Cisco, cisco live, Cisco Nexus, Cisco Nexus 9000, data center, EVPN, ietf, network, nexus, rfc7348, SDN, VXLAN