Network technologies and trends


August 22, 2013  5:47 AM

What is Cisco Catalyst Instant Access?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Cisco Catalyst Instant Access is a newly launched technology by Cisco which intends to simplify the network operation in a Campus network. The idea behind simplification of operation is by applying a single point of operation and management for Campus Distribution and access switches.

It creates a single network touch point and single configuration across distribution and access layer switches, ultimately driving simplified operations, distribution layer (Catalyst 6500) features at access layer and consistent CLI, which in turn drive down total cost of ownership (TCO). It brings simplified configurations across rich Borderless Network features support such as TrustSec – 802.1x, Security Group Tagging (SGT), SGACL, Flexible NetFlow (FnF), Medianet, Resiliency, Network Virtualization- Easy Virtual Network (EVN), MPLS..etc. The main goal of this session is to do a deep dive into deployment scenarios of Borderless Network solutions utilizing Instant Access in a campus architecture.

In order to deploy this solution you may use either Cisco Catalyst 6500 or Cisco Catalyst 6800 Series Switches along with Cisco Catalyst 6800ia Series Switches (Instant Access). The Cisco Catalyst 6800ia Series Switches operate like remote line cards and are physically connected by up-links to the Cisco Catalyst 6500 or 6800 as shown in the below figure. These switches can be compared with Nexus 2000 Series Switches which are just fabric extenders.

Instant access

Some of the advantages of using Cisco Instant Access Switches are

  • Simplifies Operations via Single Point of Management, Configuration, Troubleshooting across Distribution & Access Block
  • Catalyst 6500 features at Access
  • Consistent Features and Agile Infrastructure across Access layer
  • NO Trunks to Configure from Access to Distribution
  • NO Configuration or Image Management at Access
  • No Routing Protocols or Spanning-Tree configuration between Access and Distribution

The Cisco Catalyst 6800ia Switch comes with the following features

data_sheet_c78-728230-1

  • Two options: 48 Ports GigE PoE+, 48 Ports GigE
  • 2 x 10G uplink SFP+ Ports
  • Stackable up to 3 clients at FCS
  • 80Gbps Bidirectional Stack Bandwidth
  • Single Fixed Power Supply and Fixed Fans
  • Operates in Client Mode ONLY
  • Full PoE (15W) across 48 ports
  • Full PoE+ (30W) across 24 ports
  • Includes Stack Module, no licensing required

Looks like Cisco doesn’t want to stay behind in race as their competitors like Brocade are providing similar solutions.

August 20, 2013  7:41 AM

Are Cisco UCS Blades overtaking HP Blades?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

As we all know deploying the blade servers is a quite tedious tasks and time consuming. Well Cisco claims that deploying Cisco UCS B200 M 3 blade servers takes at least 70% less time compared to HP BL460C Gen8 servers.

Cisco UCS

In the Principled Technologies labs, they tested two different blade server-deployment approaches: the Cisco Unified Computing System™ (UCS) with UCS Manager and the HP Virtual Connect Manager. Using the Cisco UCS Manager’s automated configuration and deployment process, adding two blades took only 14 steps and 18 minutes. In comparison, the HP solution required 43 steps and 1 hour 23 minutes to add two blades. This means that adding two blades with the Cisco UCS solution was 77.4 percent faster and required 67.4 percent fewer steps.

The time and steps saved with UCS become even more dramatic in a large-scale deployment or server refresh. Cisco blades can save your IT staff an enormous amount of time, reduce the possibility of error by simplifying the configuration process, and lower your total cost of ownership.

HP are in this business since decades and they were leading the blade servers market, looks like Cisco is giving them a hard time. Especially the Cisco UCS solution is grabbing a huge market share in US market, gradually its entering the Middle East Market as well.  All our Digital Media Signage Solutions, IP Surveillance Solutions and WebEx solutions are running on Cisco UCS platforms and they are very stable.

You can access the detailed paper for the test conducted by Principled Technology Labs from the following link

http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns944/ucs77_faster_v_hp_for_blade_deployment.pdf


August 19, 2013  10:38 AM

How to reset the Cisco Iron Port Appliance to factory default settings?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Resetting the Cisco Iron Port C370 appliance is an easy task. In this post lets see how we can reset the Cisco Iron Port C 370 appliance to factory default settings.

In order to reset the Cisco Iron Port C 370 appliance either we need a console or ssh access (telnet access will also do).

Step 1

Log into Cisco Iron Port C370 appliance either console or shh.

C370step1

 

Step 2

Suspend the Cisco Iron Port C370 appliance as without suspending the appliance we cannot reset it.

So used the “suspend” command to suspend the appliance

c370step2

 

Step 3

Use the command “resetconfig”to reset the Cisco Iron Port C370 appliance

c370step3

 

Step 4

The Cisco Iron Port C370 appliance will ask you to confirm the reset once you said reset, restart the Cisco Iron Port C370 appliance.

Once the appliance is restarted its back to factory default.


August 15, 2013  7:37 AM

How to configure disclaimer message in Cisco Iron Port Appliance? – Series 3

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Let’s continue from where we stopped in my previous post

Step 9

Once you are done with all the steps click submit as shown below.

C370-step9

Step 10

Select Mail Policies ——-> Outgoing Mail Policies as show below and click add filter

C370-Step 10

Step 11

Now you could see by default Content filter is diabled, we need to enable it

C370-Step11

Step 12

Enable the Content filter and the policy as shown below and click submit

C370-Step12

By following the above mentioned steps you can enable the disclaimer message in Cisco Iron Port C 370 appliance.


August 15, 2013  7:29 AM

How to configure disclaimer message in Cisco Iron Port Appliance? – Series 2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Let’s continue from where we stopped in my previous post

Step 5

Select Mail Policies ——-> Outgoing Content Filters as show below and click add filter

C370-Step5

Step 6

Once you click add filter you will see the following template

Complete the template as show below are replace the name and description column with your our text.

C370-Step7 C370-Step6

Step 7

Click Add action

C370-Step7

Step 8

Once you click add action you will see the following screen

Select Add Disclaimer Text and choose which ever your prefer for disclaimer message  “above message  or below message”  tab.

And then select disclaimer text tab as show in the example.

C370-Step8

We will continue the rest of the steps in the next post.


August 15, 2013  6:03 AM

How to configure disclaimer message in Cisco Iron Port Appliance? – Series 1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In one of my previous post , I discussed about the bug Microsoft Exchange Server 2010 is carrying related to disclaimer messages.

The only option we had is to configure disclaimer message in Cisco Iron Port appliance. In this post let’s see how to enable a disclaimer message in Cisco Iron Port C 370 appliance.

Step 1

Login into the Cisco Iron Port C 370 appliance

Step 2

Select Mail Policies ——-> Text Resources as show below

C370 -Step2

Step 3

In Text Resource Click add text resources

C370-Step3

Step 4

Once you click add text resource you will find a the following template

Just give any name you like for the name tab.

In the type select the “Disclaimer Template”

The in the Inset Variables tab enter the disclaimer message you like have and click submit.

C370-Step4

We will continue the rest of the step in the next post.


August 3, 2013  11:42 AM

What is EIGRP Over the Top?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In the recently concluded Cisco Live, Cisco made an interesting announcement about EIGRP. Yes Cisco is coming out with “EIGRP Over the Top (OTP)” which enables routers running EIGRP to peer across the service provider infrastructure without their involvement. An interesting feature which may catch up the pace in the real world networking.  With EIGRP OTP the service providers won’t even see the customers at all.  EIGRP OTP acts as a provider-independent overlay that transports customer data between the customer’s routers.

One advantage of EIGRP Over the Top solution is, it simplifies multi provider IP WAN network design. It also simplifies the interface with the WAN providers and facilitates an end-to-end EIGRP network, which makes the troubleshooting easier.

I believe EIGRP Over the Top will definitely makes things much easier for service providers as they can deploy EIGRP OTP as it doesn’t impose any special requirements for them.

Some of the key futures of EIGRP Over the Top are as follows

  • Allow customers to segment their network using an MPLS VPN backbone
  • Impose little requirements or no restrictions on customer networks
  • Work seamlessly with both traditional managed and non-managed internet connections
  • EIGRP routes are NOT distributed to MP-iBGP and never show up in the MPLS-VPN backbone
  • Compliments an L3VPN Any-to-Any architecture (no hair pinning of traffic)


August 2, 2013  9:25 AM

Multiple Cisco Products are affected by OSPF LSA Manipulation Vulnerability

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

The recent security advisory suggests that multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. With the help of this vulnerability an unauthenticated attacker can take control of the OSPF Autonomous System (AS) domain routing table, backhole traffic and intercept traffic. Which could cause a huge damage to the attacked network.

The attacker could trigger this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause flushing of the routing table on a targeted router, as well as propagation of the crafted OSPF LSA type 1 update throughout the OSPF AS domain.

To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast LSA type 1 packets. No other LSA type packets can trigger this vulnerability.

The good news is that the OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is also not affected by this vulnerability.

All versions of Cisco NX-OS Software are also affected by the vulnerability. There are currently no official fixed releases available on Cisco.com, but interim releases may be available through Cisco Technical Assistance Center (TAC). Customers with service contracts should contact Cisco support organization to get the interim update.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf


July 24, 2013  7:37 AM

Windows 8.1 Preview is Incompatible with many Antivirus Software

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Windows 8.1 preview is an update of Windows 8, it’s not a full blown new version of Windows. When its just an update ,we all end users expect that  most of the applications will run on the updated version of Windows 8.1 preview. But this is not the case. The most important issue rises here is of Anti-Virus Compatibility. Lots of Windows 8.1 preview users are complaining about the incompatibility of Anti Virus with Windows 8.1 preview.

Before upgrading to Windows 8.1 preview I was using Trend Micro Titanium Maximum Security, it was working fine with Windows 8. I had no issues. Once I upgraded to Windows 8.1 preview I noticed my Anti-Virus application was not working. I tried to re-install the AV but it failed all the time with the following error.

Trends AV

I tried to take contact Trend Micro Support team, but still they don’t have a solution for this issue. Even When I tired Kaspersky pure it failed.

Since Windows 8.1 comes with a built-in Windows defender to certain extent the PCs are  protected. I believe since this issue is already known, most of the security firm are most probably working on the fix. Already some security firms are working on either update or beta release. Here are the links


July 23, 2013  12:12 PM

Cisco UCS Outperforms HP and IBM Blade Servers on East-West Latency

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 

These days the focus is increasing towards lower latency and high performing server-to-server data traffic (East-West). Cisco claims that they specifically designed their UCS unified fabric for this type of traffic. Cisco want to prove the claim made by their competitors that Cisco UCS unified fabric would increase latency and slow blade-to-blade traffic. Cisco ran the tests, and the results were simply amazing.

cisco ucs

According to the recent concluded test Cisco claims that HP and IBM blade architectures rely on placing networking switches (HP Virtual Connect; IBM Flex System Fabric Switches) inside of every 16 or 14 blade chassis. These legacy vendors imply that data can communicate from one blade to another more efficiently because their networking switches reside within the chassis.  They fail to mention two critical points:

  1. All HP and IBM Blade-to-Blade data must still traverse the switch ASICs (HP Virtual Connect; IBM Flex System Fabric) – it does not magically jump across the mid-plane.
  2. Beyond a single enclosure requires data to exit chassis 1, travel through Top-of-Rack (ToR) switches, then down to chassis 2 through a second set of in-chassis networking switches.

Not only does Cisco UCS outperform HP and IBM, but UCS clearly provides lower latency and faster VM timing by a wide margin. Thousands of East-West samples were collected, testing raw blade-to-blade latency (UDP/TCP/RTT TCP) and virtual machine migration times. Testing was performed on a number of different fabric topologies both within a single chassis (best case for HP and IBM) as well as across multiple chassis. Full details can be obtained under NDA from your Cisco representative.

The highlights of the test are as follows

“Cisco UCS demonstrated lower latency than the HP BladeSystem c7000 with Virtual Connect for every test group and every packet size (User Datagram Protocol [UDP], TCP, and round-trip time [RTT] TCP).”

“Cisco UCS delivered better performance than IBM (faster virtual machine migration times) for every group size tested.” “As the virtual machine size and network load increases, the Cisco UCS performance advantage also increases.”

 

You can access the complete report for test carried by Cisco for HP and IBM Blade servers from the below links

Cisco UCS Outperforms HP Blade Servers on East-West Latency
Cisco UCS Outperforms IBM Flex System Blades on East-West Latency


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: