Network technologies and trends

April 26, 2011  5:00 AM

The war of Smartphones, next version of iPhone?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Since its arrival Android is giving a tough time for Apple, plenty of new tablets invented working on Android platform; never the less, Blackberry with its Playbook is expected to do well at least at Enterprise level, HP TouchPad seems to give a tough fight as well. Microsoft is working on Windows 8 eyeing the tablet market and expected to have a demo in June. When all these developments are happening how come Apple can stay idle?

According Reuters the next version of iPhone will go on sale in September 2011, citing three sources with direct knowledge of Apple’s supply chain, the news agency said that production of the iPhone 5 is likely to start in July or August.

The Apple’s next-generation iPhone will have a faster processor but it will be similar in appearance to the iPhone 4, Reuters identified a number of components suppliers for the new phone, namely camera module maker Largan Precision for camera, Wintek to supply the touchscreen, and Foxconn Technology to supply the casing, but none of the vendors would confirm the reports.

Some market observers have suggested that the new phone will be unveiled at an as-yet unscheduled Apple event in September, as Apple has normally held a music-related product launch event in that month. It’s too early to predict the move Apple is going to take; at least I would love to see some restrictions pertained to flash and additional memory expansion  are overcome in the new version of iPhone. Not to forget Android is doing an amazing job and its market share is increasing day by day.

Perhaps Apple can come out with a new version of iPad by testing the success of it’s new version of iPhone. Especially when the tablet market is growing exponentially.

April 25, 2011  5:10 AM

DNS Queries in Windows 2008 R2 Server fails – Part 2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In my previous post I was talking about the DNS query problem we were facing with Windows 2008 R2 server. The solution is quite simple. Immediately I started monitoring the logs in the Cisco PIX 525 firewall using ADSM and syslog. I figured out the DNS queries were replied back from the ISP but were dropped by the Cisco PIX 525 Firewall.

%PIX-4-410001: Dropped UDP DNS reply from outside:x.x.x.x/53 to

inside:y.y.y.y/49746; packet length 768 bytes exceeds configured limit of 512

I was wondering what might be the reason, then figured out the packets received from ISP is of 768 bytes whereas by default the Cisco PIX 525 Firewall allows 512 bytes as shown below.

The problem was with the default DNS inspection policy-map. By default in Cisco PIX 525, Cisco ASA it’s configured to 512 bytes

The moment I changed the default DNS inspection policy-map from 512 bytes to 1000 bytes things were normal the Windows 2008 R2 Server was resolving the DNS queries.

The commands I used to change the default DNS inspection policy-map is as follows.

MBGF-DAC-525-FW01# configure t

MBGF-DAC-525-FW01(config)# class-map inspection_default

MBGF-DAC-525-FW01(config-cmap)# match default-inspection-traffic

MBGF-DAC-525-FW01(config-cmap)# policy-map global_policy

MBGF-DAC-525-FW01(config-pmap)# class inspection_default

MBGF-DAC-525-FW01(config-pmap-c)# inspect dns maximum-length 1000


April 24, 2011  5:36 AM

DNS Queries in Windows 2008 R2 Server fails – Part 1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In our new Data Center we added new HP Blade servers and installed Windows 2008 R2 on those servers. Our Servers are connected inside our network behind a Cisco PIX 525 firewall. We are looking to resolve all our DNS queries for the external network using a DNS IP address provided by our ISP which is 212.x.x.2.

In windows 2008 Server we have specified the DNS forwarder as shown in the below diagram.

But it always fails to resolve the DNS queries from internal network to external network using nslookup command from the command prompt of the Windows 2008 Server as well when we are testing the simple and recursive query to other DNS Servers it’s failing as demonstrated below

We have done the following to

1)      The internal IP address for the Windows 2008 R2 server is PATed in our PIX 525 Firewall, I could browse the internet.

2)      In Windows 2008 R2 Server we have specified the DNS IP Address provided by our ISP.

3)      All our servers in the DMZ zone are working fine.

I am working on this issue; meanwhile if any one of you knows who to resolve this issue, your comments are always welcomed.

April 20, 2011  5:16 AM

Cisco Systems launches new appliance, Cisco Identity Services Engine (ISE)

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Cisco Systems new appliance Cisco ISE: Identity Service Engine , which can be deployed as an appliance or a Virtual machine basically designed to help Organizations to gain enterprise wide visibility into their network, allowing authentication, authorization, accounting, posture profiling gathering real-time  contextual information from the network, users, and devices, and make proactive governance decisions by enforcing policy across the network infrastructure.

The Cisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline service operations. It is an integral part of the overall Cisco TrustSec® solution and SecureX architecture.

The Cisco Identity Services Engine (ISE)is a  policy-based service-enablement platform which ensures corporate and regulatory compliance.

Some of the highlights of Cisco Identity Services Engine (ISE are as follows

  • Context-aware enforcement: Gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network.
  • Business-relevant policies: Create and enforce consistent policy from the head office to the branch office.
  • Systemwide visibility: Let IT see who and what is on the network for advanced discovery and troubleshooting.
  • Flexible architecture: Combine authentication, authorization, and accounting (AAA), posture, profiling, and guest management

Currently the Cisco Identity Services Engine (ISE) is available in following models and platforms

Platforms Options
Appliance Identity Services Engine 3315 (small) 1000-endpoint target

Identity Services Engine 3355 (medium) 5000-endpoint target

Identity Services Engine 3395 (large) 10,000-endpoint target

Software/virtual machine 1, 5, or 10 virtual machines

For further info please check the Cisco Identity Services Engine (ISE) home page at Cisco Systems.

April 14, 2011  9:45 PM

CCIE Service Provider v3.0 Exams Released

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

According Cisco they will release an updated v3.0 CCIE Service Provider written and Lab exams in all testing location worldwide and the v2.0 exam will retire simultaneously. CCIE Service Provider aspirers willing to take exam on or after April 18th 2011 should expect to be tested on the CCIE SP v3.0 Written and CCIE SP v3.0 Lab Exam topics, which were released in October 2010.

To brief the updated exam will cover configuration and optimization of IP core technologies, aggregation and edge technologies, and remote access technologies-all of which are key to service provider infrastructures. The exams will also cover managing services for voice, video, and security traversing the core IP network.

For further info check Cisco Learning Network.

April 12, 2011  12:36 PM

Cisco Learning Labs Provide Hands-On Training

Yasir Irfan Yasir Irfan Profile: Yasir Irfan


Whenever you are preparing for the Cisco CCNA ®, Cisco CCNP®, and Cisco CCIP® certifications especially when you are doing a self-study the major concern is lab experience to answer the simulated questions. Often many of us end up looking for real Cisco hardware from eBay, as most of the present day simulators fail to fulfill our requirements. To certain extent GNS3 did an amazing job by emulating the power of Cisco IOS in our machines. But GNS3 does have some limitations; when it comes to switching GNS3 have no answer.

Current high end systems fail to handle most complex GNS3 topologies. To ease all these hurdles Cisco has an answer. Yeah you can experience the Cisco real labs. A more flexible option is here known as Cisco Learning Labs. For the first time, Cisco certifications aspirers can secure hands-on Cisco IOS® Software lab practice for both routing and core switching.

Cisco Learning Labs are powered by Cisco IOS® Software on UNIX and enable critical, hands-on lab experience for future networking engineers interested in attaining Cisco certifications.

Key Facts

  • Cisco Learning Labsare currently available forCisco CCNA®,CCNP®andCCIP®study, through theCisco Learning Network Storeand Cisco Authorized Learning Partners.
  • Accessible from the convenience of the user’s PC,Cisco Learning Labsprovide complete lab preparation experience for routing and switching skills.
  • Multiple labs are available in each lab bundle, accessible anytime for 90 days, for up to 25 hours. Supplemental lab time is available in increments of five hours.

March 30, 2011  7:20 AM

Cisco Network Academy has enrolled its 1 millionth student

Yasir Irfan Yasir Irfan Profile: Yasir Irfan


According to Cisco, Cisco Network Academy has enrolled its 1 millionth student for the first time. The Cisco Network Academy offers the program in partnership with educational institutions, government administrations and community based organizations globally and delivers information and communications technology (ICT) education through classroom-based and cloud-based curricula.

 One of the programs offered at the Academy is teaching students how to design, build, troubleshoot, and secure computer networks for increased access to career and economic opportunities in communities around the world. 

I have seen few CCIE’s who started their Cisco Certification path  form Cisco Network Academy, while they were studying in their Universities and now they are flurshing in their career and doing an exceptional job for their organization.

Key Highlights:

  • The Networking Academy began in 1997 with 64 schools and has grown to become one of the “world’s largest classrooms”with 10,000 academies in 165 countries, and nearly 4 million studentshaving participated in the program to date.
  • A pioneering example of cloud-based education delivery, the Networking Academy teaches students how to design, build, troubleshoot, and secure computer networks for increased access to career and economic opportunities in communities around the world.Students who complete the program often go on to secure entry-level career opportunities, participate in continuing education and achieve globally recognized career certifications.
  • Networking Academy courses are delivered in multiple languages through a cloud-based learning system. Courses are supported by classroom instruction, hands-on learning activities, and interactive online assessments that provide personalized feedback. Networking Academy instructors receive extensive training and support to help ensure a consistently-enriching learning experience for students around the world.
  • Cisco is celebrating thismilestone by offering Networking Academy students and alumni the chance toshow the benefits of this unique classroom experience through a videocontest titled “Why is The Cisco Networking Academy Classroom like No other?”

Amy Christen, vice president of Cisco Corporate Affairs and Networking Academy
“Networking Academy is truly the world’s largest classroom. The unique delivery model combines the power of the network and the cloud with the global need for ICT skills-based education to address the critical need for networking professionals around the world.”

Key Networking Academy Statistics:

  • 1 million Networking Academy students worldwide concurrently engaged in learning this year
  • Nearly 4 million students reached by the Networking Academy to date
  • 10,000 Networking Academies operating in 165 countries
  • 1 million online assessments delivered monthly
  • 100 million online assessments delivered to date
  • 175,000 Facebook fans, whose numbers are growing daily

[kml_flashembed movie="" width="425" height="350" wmode="transparent" /]

March 27, 2011  5:46 AM

What is IP SLA?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 When you are preparing for Cisco CCNP- Switch Exam, IP SLA is one of the key topics included at quite later stage even surprised David Hucaby the author of the title “CCNP Switch Official Certification Guide”  Even he included the supplementary material for the “CCNP Switch Official Certification Guide”

 The Cisco IOS IP Service Level Agreement better known as IPSLA is a feature which was introduced in the IOS version 11.2 under the name of Response Time Responder (RTR). Later on Cisco sensed RTR is creating some sort of confusion as some of reference texts referred RTR as Real time responder; hence they renamed RTR as Service Assurance Agent (SAA). Even SAA didn’t stick for long time and now it’s known as IP SLA.  IP SLA is truly excellent for built-in network testing. In fact, it is a key ingredient for sophisticated implementations of Performance Routing (PfR).

 At its introduction in IOS 11.2 version under the name of RTR it had very limited offerings  

  • ICMP Ping
  • ICMP Echo Path
  • IBM SNANativeEcho

The Cisco IOS IP Service Level Agreement (IP SLA) feature can be used to gather realistic information about how specific types of traffic are being handled end-to-end across a network. To do this, an IP SLA device runs a preconfigured test and generates traffic that is destined for a far end device. As the far end responds with packets that are received back at the source, IP SLA gathers data about what happened along the way.

IP SLA is capable of running following tests in Cisco Switches and routers

Test Type Description IP SLA Required on Target?
icmp-echo ICMP Echo response time No
path-echo Hop-by-hop and end-to-end response times over path discovered from ICMP Echo No
path-jitter Hop-by-hop jitter over ICMP Echo path Yes
dns DNS query response time No
dhcp DHCP IP address request response time No
ftp FTP file retrieval response time No
http Web page retrieval response time No
udp-echo End-to-end response time of UDP echo No
udp-jitter Round trip delay, one-way delay, one-way jitter, one-way packet loss, and connectivity using UDP packets Yes
tcp-connect Response time to build a TCP connection with a host No

March 23, 2011  6:13 AM

Telnet by default disabled in NX-OS devices

Yasir Irfan Yasir Irfan Profile: Yasir Irfan


As I am working with Nexus 7000, Nexus 5000 and 2000 Series Switches, I discovered by default  Telnet Server is disabled in a NX-OS devices such as Nexus 7000, Nexus 5000 and 2000 Series Switches.

We all know Telnet protocol enables TCP/IP connections to a host. Telnet allows a user at one site to establish a TCP connection to a login server at another site and then passes the keystrokes from one device to the other. Telnet can accept either an IP address or a domain name as the remote device address.

I will show you how to enable the Telnet Server in NX-OS devices


VDC-Admin(config)# feature telnet

VDC-Admin(config)# show telnet server

telnet service enabled


March 16, 2011  7:13 AM

Preparing for Cisco CCNA Certification – Great opportunity to attend Essentials of CCNA webinar

Yasir Irfan Yasir Irfan Profile: Yasir Irfan


For all those folks working hard to achieve Cisco CCNA Certification, one of the most recognized certification in the IT Industry, good news is here. The Cisco learning Network is conducting a 90-minute webinar which highlights the technologies and topics an individual will need to know to achieve their CCNA certification. In addition, The Essentials of CCNA webinar reviews the latest training methods and content available for CCNA, as well as the certifications and career paths available after you’ve achieved your certification.  You’ll hear from Cisco Subject Matter Experts who developed the actual CCNA exam and course materials. Plus, the Essentials of CCNA webinar takes a look at the latest training methods and content available for CCNA, as well the certifications and career paths available after you’ve achieved your certification. 

It’s completely free is recommended for individuals who are thinking of becoming CCNA certified, or have just started preparing to take their CCNA exams. Don’t delay, register now.

Event: The Essentials of CCNA webinar
Date: March 30
Time: 8:00 a.m. Pacific Daylight Time
Cost: Free
Registration link:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: