“Pitching Packets” Game Teaches Cyber Security with Beanbags

– October 4, 2017 – 0 Comments

This October, the 14th year of National Cyber Security Awareness Month (NCSAM) focuses on educating consumers on Internet safety.  Consumers can be of all ages and backgrounds, so in the spirit of NCSAM, I’d like to share how beanbags and laundry baskets can be used to teach anyone the basics of Internet routing, security, and privacy.

“Pitching Packets: Cyber Security Edition” is adapted from a game called “Welcome to Packetville” designed by Cisco employees Jennifer Lowry and Marcie Pittman in 2006.  The original game aimed to describe the Internet in simple terms to a population of youth that were exploring the possibilities of STEM careers.  Fast-forward to 2017 and the Global Information Security Workforce Study predicts there will be a cybersecurity workforce gap of 1.8 million in the next 5 years.  For this reason, the original game was updated to concentrate on Internet safety.

In Pitching Packets, laundry baskets represent the major components of the network (core routers, home or access routers, and endpoints).  To set up the game, create a network diagram by connecting baskets with routes, represented with colored tape between baskets.  While the color of the core and access routers doesn’t matter, the colors of the endpoint baskets represent their address. The network topology is also irrelevant, but the size of the network depends on how many participants are available each game.

Pitching Packets Network Topology

This example topology works well for groups of 20-25 students.

Once the workshop begins, assign students to a router or endpoint (represented by baskets) or to the role of packet sweeper.  Set up every round by giving each endpoint a set of beanbags to transmit (e.g. give the yellow endpoint all red beanbags, indicating it is transmitting to the red endpoint.)  The base rules that apply to all rounds of play include:

  1. The objective of the game is to toss beanbags amongst baskets until they reach destination basket, as indicated by the color of the beanbags. This corresponds to the technical idea that the objective of a network is to route all packets to their destination, as indicated by addresses.
  2. Students may only throw beanbags along a corresponding tape line, as packets travel along network routes.
  3. Students representing components may not pick up beanbags that miss the basket. Participants acting as packet sweepers are the only ones allowed to pick up beanbags and return them to an endpoint, as they represent dropped packets that endpoints are responsible for retransmitting.

These base rules demonstrate several important networking lessons:

  • Internet traffic is fragmented into small units of data, called packets.
  • Core routers handle the most Internet traffic, so that position is the fastest-pace in direct contrast to endpoints, which are only concerned with their own traffic.
  • Dropped packets slow down the network, a situation most have experienced while waiting for a webpage or video to load.

Multiple rounds of play with modified rules provide the opportunity to integrate Internet security and privacy lessons during a post-round discussion.  Rotating the students amongst various roles deepens their understanding of network operations.

Round 1 introduces the idea that nothing is truly private on the Internet. Cut photos into pieces, number them, and have students attach them to the beanbags.  This directly correlates to the way packet fragmentation and re-assembly occurs at endpoints.  The addition of photos represents sending a picture message or posting a disappearing photo to a social media network.  Students quickly understand that cleartext messages can be read by any component it touches in the network and copies of supposedly private photos may exist on the Internet.

Left: Student playing the grey endpoint reassembles her photo message Center: Photos are cut and numbered for Round 1’s fragmentation and reassembly lesson Right: I demonstrate how to attach messages to beanbags for different lessons

Round 2 introduces the idea that privacy can be achieved through encryption (e.g. with HTTPS or VPNs.)  Instruct the endpoints to write messages and demonstrate information hiding by attaching them to the beanbags with the text facing the fabric.  Alternatively, teach a simple shift or substitution cipher so endpoints can generate encrypted messages.

The virus packet wreaks havoc on the game! Students dump the contents of the core router.

Round 3 introduces various types of network security (e.g., anti-virus, packet inspection, firewall rules) and the concept of a layered approach to defending networks.  Mark a beanbag (e.g. with an “X”) to represent a virus and inform students that if they receive the virus packet, they must pass it to any connecting route.  Afterwards, they must also dump their basket of beanbags onto the ground and await a packet sweeper’s assistance.   During game play, have instructors introduce the virus and allow it to spread amongst the network.  After a few minutes, quietly remove the marked beanbag (as a security researcher might stop a virus.)  Post-round discussion should include how quickly a virus spreads and its effect on the network speed.

I hope this blog post inspires you to recreate this game in your own community. Because it uses easily available materials and no computing devices, this highly energized analog game makes digital security education fun and accessible to all.  Please feel free to use the comments below if you have ideas on adaptations to expand the lessons!

 

Tags:

Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

All comments in this blog are held for moderation. Your comment will not display until it has been approved

3 Technology Essentials for the Modern Virtual Sales Organization

– October 4, 2017 – 0 Comments

In its October 2016 State of the Connected Customer Report, Salesforce Research revealed that a whopping 80 percent of business buyers expect companies to respond and interact with them in real time, versus the 64 percent of consumers with the same expectation. It’s clear we’ve reached a tipping point in B2B sales, as business buyers seek both a highly-personalized experience from—and real-time access to—the companies they transact with, even more so than consumers do.

The challenge today is to adapt our selling behaviors to this changing buyer mindset. And to make that happen at scale, we must also adapt our technology stacks.

In today’s digital economy, the technology that powers your B2B virtual sales organization should serve to replicate the consumer buying experience, making all touches and sales motions seamless, engaging and value-oriented. This requires three key components: collaborative technologies that enable buyer interactions (conferencing, chat, social, etc.), predictive analytics designed to help you best understand and anticipate the buyer’s needs, and integration across the data and systems that fuel personalized content marketing, digital commerce and sales enablement.

Get Current with Collaboration Tools

Collaboration tools have become a necessity in our industry for extending sales reach. But collaboration isn’t what it used to be: it now comes in many digital shapes and forms, allowing us to more effectively assist and influence buyers at various points in their journey. While each of our partners has differing business models and sales requirements, here are some key collaboration tools to consider:

  • Conferencing tools to deliver live product demos at the time and location of the buyer’s choosing.
  • Live chat tools that allow virtual agents to interact seamlessly with prospects and customers and provide highly personalized service and support.
  • Active participation in social networks to showcase your expertise to customers. Partners should use these channels to help define buying requirements, demonstrate thought leadership and gain valuable insights into buyers’ habits and preferences.
  • Digital engagement tools such as automated SMS and email push notifications or mobile/location-based apps that can be used to deliver targeted and timely messages to prospects and customers.

The Big Partner Opportunity: Predictive Tools

Two equally important goals of the virtual sales organization are to anticipate the needs of buyers and build relationships based on value delivery. While collaboration technologies can enable personal one-to-one interactions, the ability to integrate these conversations with predictive analytics helps facilitate a purchasing experience that feels more personal and organic to your buyers. In addition, cohesion across technologies allows your sales team to tie every touch — be it a personalized email offer, social media interaction, or product suggestion/landing page — to a direct business outcome.

As much as we tout predictive intelligence and how it can create more dynamic customer journeys, Salesforce Research reports that only 30% of sales teams today currently use it. This poses a significant opportunity for our partners to move ahead of the competition. By taking advantage of Cisco’s analytics-driven partner programs and platforms, such as Lifecycle Advantage, you can get in on the power of predictive intelligence to drive more upsells, cross-sells and renewals, along with stronger customer relationships.

Regardless of the sales tools you have in play, there’s no doubt that the way your buyers are engaging with you is rapidly changing. Now is the time to put in place the people, processes and technologies that will allow you to deliver the seamless experiences that today’s buyers demand. Your reward will be improved sales, faster growth and increased customer retention. It is our commitment to empower you in every way possible to ensure your success.

Watch the on-demand webinar, The Inside Scoop on Inside Sales to learn more about the evolution of virtual sales.

Tags:

Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Securing the Digital Institute – Deakin University: A Case Study in Cyber Security Excellence

– October 4, 2017 – 0 Comments

Ransomware and malware attacks have been capturing recent global headlines and like all industries, the education sector is vulnerable to this growing threat landscape. Although the full reputational and financial impact of these attacks are not known, it is a stark reminder of the significant cost that a malware outbreak can have on any organisation. 

Deakin University in Victoria, Australia supports the idea that tactical approaches to security are failing to provide the required level of cyber protection and resilience, and that a strategic approach and investment is necessary to identify and plug the gaps that allow attacks to be successful.

“Cybersecurity is by far the most important challenge we face these days” states William Confalonieri, Chief Digital Officer at Deakin University. Deakin’s motto is ‘Driving the Digital Frontier’ and they live this value by embracing all of the opportunities the digital age can provide and to translate those opportunities into benefits for staff, students and the wider community.

In such a fast-changing landscape, it had been challenging for Deakin to stay abreast of the cyber landscape. Top concerns were around visibility of malware, phishing and advanced threats. Deakin wanted to advance their capability and they were after a solution that would be simple, effective and would allow them to scale and to be able to manage it with less resources overall. 

Watch this video to better understand how Deakin have partnered with Cisco on an holistic end-to-end cyber security strategy, in order for them to be able to deliver on their digital transformation vision.

Interested in learning more about how Cisco is transforming education in Australia? Click here to explore.

Tags:

Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Extending Hyperconverged: Three Questions to Ask About Hybrid Cloud

– October 4, 2017 – 0 Comments

Many hyperconverged buyers have infrastructure responsibility in their data center. And if you are an infrastructure manager, Cisco HyperFlex make you job easier by combining hardware and software into a pre-integrated solution that scales out network, storage, and compute resources in the data center.

But what should you think about when extending hyperconverged to hybrid cloud?

Cisco CloudCenter adds hybrid cloud management orchestration that works across by HyperFlex and public cloud IaaS providers. But going hybrid with cloud is a new experience for many infrastructure managers, with new issues to consider.

Three questions to ask

If your IT organization is already going hybrid or just starting to think about adding public cloud workload deployment options, or if your IT consumers are already going to the cloud because it is easier than working through legacy IT service delivery systems — then ask yourself (and your broader IT organization) these three questions:

1. Is consumption variable and unpredictable?

Call it bursting. Call it hybrid capacity optimization. Call it flexibility to meet changing business needs. Whatever you call it, the issue here is that if you are responsible for keeping an eye on capacity, you may not know capacity requirements before a new business project is launched. Or demands for on-premises capacity may vary seasonally, or during specific stages in a development project.

That variable service consumption may be initiated by IT staff. For instance, IT may occasionally deploy a temporary marketing campaign platform that runs for weeks. Or, may deploy a student computerized test taking platform that runs for days, with staggered demand throughout the semester. But during end of semester finals, all the computerized tests are scheduled at the same time.

On the flip side, that variable service consumption may be initiated by people outside of IT. Maybe users such as Dev or quality assurance engineers may need to stand up and tear down short-lived workloads multiple times before production. Researchers may also deploy and access data sets with large compute and storage resource requirements for short periods of time.

Many workloads deployed on hyperconverged infrastructure are predictable and stable. But if you have variable and unpredictable IT service demand scenarios, adding Cisco CloudCenter to a HyperFlex foundation will help you automate deployment and balance workloads both on-premises and in the public cloud. And that actually improves return on Cisco infrastructure investments by maximizing capacity utilization.

2. Does IT want to bring cloud experience back on-premises?

Call it private cloud. Call it virtualization plus automation. Call it an easy button  backed by deployment automation and orchestration. Regardless of how you put it, “the cloud” is seen as a painless and streamlined option, and has trained IT consumers to get what they want, when they want it. Once people have undergone the “swipe credit card and deploy resources” experience, the traditional IT “submit help desk ticket and wait” service consumption process is viewed as unnecessary friction. In many cases, ease of use is pulling users to the cloud. Not cost advantage. Not pay per use billing. And not performance.

With CloudCenter added to HyperFlex, you can bring that easy cloud experience back to your data center. CloudCenter provides a single management and orchestration layer that automates deployment in the cloud and back on-premises. Users get a single interface, and can choose to deploy a VM or a fully configured application stack on HyperFlex just as easily as in the cloud. Plus, they can do this without IT having to manage big private cloud deployment project, and without turning their organization inside out.

If you have legacy processes, think of CloudCenter as a self-service portal that only offers users the ability to make a “pre-approved change.” Users can deploy right now, and IT can apply basic policies as well as cost and usage controls in order to stay in the loop.

3. Do I want to optimize capacity by harnessing the power of automation?

Call it resource optimization on-premises. Call it lowering the monthly cloud bill.

The good news is — there is no issue here. It is all opportunity. You can use automation driving both software defined data center technology and cloud APIs to be a better steward of your resources and funding. If everything is software defined – either via vSphere and HyperFlex connect on-premises or via cloud APIs – you can harness the power of automation to reduce consumption that doesn’t add business value. Adding CloudCenter to HyperFlex allows you to harness the power of automation to reduce unnecessary consumption and optimize resource utilization on-premises or cut your bill in the cloud.

See this webcast to learn more about these CloudCenter features that can help cut your cloud bill.

Getting started

So if you have variable workloads, want to offer the cloud experience everywhere, or want to harness automation to optimize resources, where do you begin?

All CloudCenter features are available with the HyperFlex bundle. There is no tiered functionality or limited feature set. Everything is available as soon as you add CloudCenter to HyperFlex.

In my next blog, I’ll go through a “walk then run” approach in more detail. But for now, start with allowing users to self-service deploy VM or application in a HyperFlex environment, with basic usage and policy guardrails to guide the automation. Or begin by automating scale out, with end-of-life policies that delete workloads after a set period of time. Both of these will get you started with immediate benefit.

Additional Resources

At a Glance: HyperFlex with CloudCenter

Webcast: 4 key success factors learned from customers with HyperFlex with CloudCenter initiatives.

Request a demo: Cisco is a big company. If you take time to request a demo, we will take the time to find right team in your global region to help you directly. Or, you can always ask your HyperFlex seller (Cisco Account Manager or DataCenter Sales Specialist) about HyperFlex with CloudCenter.

 

 

 

Tags:

Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Announcing Cisco Kinetic for Cities: New name, alignment and evolution for Smart+Connected Digital Platform

– October 4, 2017 – 0 Comments

As more cities and communities undertake digital transformation, Cisco continues to lead with powerful research, vision, technology, and business models all designed to guide our customers’ journey. We continue to evolve our offerings—drawing on internal and partner resources and customer feedback—to lay a path forward and keep it clear, safe, and well lit.

In fact, Cisco was recognized as the #1 Smart City Supplier in the recent report, Navigant Research Leaderboard: Smart City Suppliers, produced by leading smart cities analyst firm Navigant Research. We’re thrilled to receive this recognition!

“Cisco’s position as the leader in the smart cities market is based on its integrated perspective on urban innovation, strong sector-specific solutions, and a commitment to continued thought leadership and city engagement,” noted Eric Woods, research director at Navigant Research. “With the development of its connected digital platform and a range of vertical solution offerings, Cisco is providing an integrated environment for cities moving to IoT-based solutions and at the same time putting its smart city program onto a stronger commercial basis.”

One of the most exciting changes in how Cisco supports smart cities and communities going forward is that our connected digital platform and solutions strategy is now fully aligned with Cisco Kinetic, a new Cisco unified Internet of Things (IoT) platform strategy. As such, the “Smart+Connected Digital Platform” is being renamedCisco Kinetic for Citiesand integrated—along with the solutions for lighting, parking, crowd, environment and others—into the overall Cisco Kinetic platform strategy.

Jahangir Mohammed, VP/GM of IoT, explains: “Cisco Kinetic is a cloud-based platform that helps customers extract, compute, and move data from connected things to IoT applications to deliver better outcomes and services. Cisco Kinetic gets the right data to the right applications at the right timeacross edge, private cloud, public cloud, and hybrid environmentswhile executing policies to enforce data ownership, privacy, security and even data sovereignty laws. These are all critical requirements for any smart city and community deployment.”

“Cisco Kinetic represents an important milestone for Cisco and our customers who are eager to unlock the value of the data being generated by connected machines, things and spaces,” says Jahangir. “Cisco Kinetic for Cities is purpose-built to harness the power of all that data to drive smart city initiatives forward. We’re excited to align our efforts in the development of these IoT technologies that bring simplicity, scalability, and interoperability to organizations across all sectors.”

By integrating with Cisco Kinetic, we can leverage more resources, expertise, and visionary thought leadership across Cisco and a broader partner ecosystem to provide our customers with even better tools and services to help them manage, share, and leverage data and gain new insights.

Cisco Kinetic for Cities will continue to provide a horizontal, data aggregation platform—one tailored specifically to the needs and challenges of cities and communities. It will continue to enable a plethora of solutions and applications from Cisco, our partners and third-party developers through a growing set of application programming interfaces (APIs). The architecture and the approach to deployment for the platform and solutions will be built on the successes (and lessons learned) from current deployments of connected digital platform and solutions—from Copenhagen to Hamburg, from Jaipur to Adelaide, from Kansas City to Las Vegas, and many more—where the benefits of digitization and a platform approach are continuing to accrue.

The municipality of Albertslund, a Copenhagen suburb, participates in the smart city initiatives that Cisco is driving to help Greater Copenhagen achieve its social, economic and environmental goals.

Says Niels Carsten Bluhme—Albertslund’s senior director for city, culture, environment and employment—in a video chronicling the vision and progress of these initiatives, “[By] using sensors, digital management platforms, and analytics programs, we can achieve a number of benefits on the green transformation agenda in becoming carbon neutral. Today, we regard this as the most important accelerator for getting there.”

We are committed to continuing our strong leadership, development, and partnership objectives in the smart cities space. We’ll be making some more exciting announcements at the Smart City Expo World Congress in Barcelona (Nov. 14 – 16, 2017). Perhaps we will see you there!

Stay tuned…

Anil

 

 

Tags:

Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Live #CiscoChat October 4th — Explore the Many Uses of Hyperconverged Infrastructure

– October 3, 2017 – 0 Comments

Simplicity, flexibility, and cost-savings…these are just a few of the well-known benefits of a hyperconverged infrastructure. As an IT expert, you’ve likely seen first-hand how this technology has advanced over the years, outgrowing early challenges like network limitations, inflexible scaling, and silo difficulties to arrive where we are now. But what’s new, and what’s next? How are next-gen solutions helping hyperconverged infrastructure expand beyond the expected — to deliver the extraordinary? To find out, join in on our next #CiscoChat, Thursday, October 4th, at 10 a.m. PST.

The chat will take place on the Cisco Data Center Twitter account (@CiscoDC), and will be hosted by Marketing Manager Maggie Smith (@maggies_groton2), Senior Technical Marketing Engineer Michael Zimmerman (@mzim00), Marketing Manager Stephen Selgrade (@sfselgrade), and Veeam’s Senior Alliance Product Marketing Manager Andrew Lickly (@drewl17). In the chat, the hosts will discuss hyperconvergence and some of its many use cases, and open up the discussion to you — so you can share your challenges, your wins, and so much more.

To participate in the chat:

  • Make sure you’re logged into your Twitter account.
  • Search for the #CiscoChat hashtag and click on the “Latest” tab.
  • Follow the moderator’s account to participate.The Twitter chat will be moderated by the moderator of the Cisco Data Center Twitter account (@CiscoDC), who will begin welcoming guests at 10 a.m. PST (1 p.m. EST) and posting questions for discussion.
  • If you need multiple tweets to answer a question, preface each tweet with “1A,” “2A,” etc. in order to make it easier for others to follow along with the conversation.
  • Be sure to use the #CiscoChat hashtag at the end of each tweet, so that others can find your contributions to the discussion.

Have questions for the group? Ask away during the #CiscoChat. We look forward to talking with you! For more information around this topic, check out the resources below:

Tags:

Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Cloud Unfiltered Podcast, Episode 21: Women in Tech, with Anne McCormick

– October 3, 2017 – 0 Comments

Has anything really changed for women in tech over the past 20 years? It’s definitely a question worth asking if you’re a woman, and hopefully one you’re at least mildly interested in if you’re a man.

We did not initially ask Anne to be on the show so she could cover that topic—we asked her on because she’s a brilliant engineer from the Cisco cloud team and we wanted to know what she was working on. But when you’re a woman in the tech world, sometimes people just want to know. What was it like when you were young and you wanted to get into the field? Did you always love it? Did your parents resist your plan? What was it like in college? Did the guys dismiss you? Do they dismiss you today? What’s it like when you walk into engineering meetings? Do you care that you’re probably getting paid less? And how do you feel about that Google letter?

Luckily for us, Anne is capable of a quick pivot. She graciously tabled whatever engineering insights she had planned to share, and instead spent the half-hour sharing her first-hand experiences, opinions, and insights as a woman in tech. She covered all the things I mentioned above, and also delved into:

  • The dangers of “Us vs. Them” tribalism when addressing gender inequality
  • How she reacts to the “microindignities” women experience so regularly in the workplace
  • Her realization that not all the “dinosaurs” are old (or going extinct)
  • The best steps women can take to earn respect from their male colleagues

See the video podcast on our YouTube page, or listen to the audio version on iTunes. And if you like what you hear, we invite you to subscribe to our channel so you don’t miss any of the other exciting podcasts we have scheduled over the next several months.

Tags:

Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Real-time diagnosis: Changing the game for breast cancer

– October 3, 2017 – 0 Comments

Your mom, your sister, your friend…maybe even you—breast cancer touches all of our lives. In the U.S. alone, approximately 1 in 8 women will develop the disease during their lifetime.[1] Breast cancer is the most commonly diagnosed cancer in women, and the second-leading cause of death.[2]

When it comes to breast cancer, early diagnosis is one of the most important strategies for survival.[3] But if you live hours away from specialists and diagnosticians, the time, travel, and costs add up.

This is a problem the Medical Hospital Center of Odessa, Texas, set out to solve. With the help of vRad, the hospital works with more than 400 physicians across the U.S. to read images remotely for patients who would otherwise have no access to sub-specialists.

For patients, the quick turnaround makes a difference. When Ms. Carol, a patient at the Medical Hospital Center, had an abnormal mammogram, “They wanted an ultrasound. That was actually the height of my anxiety. I’m really grateful that the medical center has the technology because it would have just been another week of wondering what was going to happen.”

When it comes to breast cancer, knowledge is power. By enabling immediate follow-up, patients and doctors can make decisions about next steps in care. Whether a patient is cleared or needs to start a treatment plan, speed matters.

With Cisco networking and collaboration technology, companies like vRad have the power to make life-changing diagnoses in real time. Learn more here.

“Our partnership with Cisco has really changed the playing field for patients and the delivery of healthcare in this country,” – Dr. Sussman, radiologist, vRad

Technology enables real-time diagnosis from everywhere. See the full vRad case study here.

[1] Breastcancer.org, U.S. Breast Cancer Statistics, 2017, http://www.breastcancer.org/symptoms/understand_bc/statistics

[2] Centers for Disease Control and Prevention, Cancer Facts for Demographic Groups, 2017 https://www.cdc.gov/cancer/dcpc/data/women.htm

[3] American Cancer Society, Breast Cancer Early Detection and Diagnosis, 2017, https://www.cancer.org/cancer/breast-cancer/screening-tests-and-early-detection/american-cancer-society-recommendations-for-the-early-detection-of-breast-cancer.html

Tags:

Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

VXLAN Innovations- VXLAN EVPN Multi-Site: Part 2 of 2

– October 3, 2017 – 0 Comments

 

Posting this blog on behalf of Babi Seal, Senior Manager, Product Management, INSBU and Lukas Krattiger, Principal Engineer, INSBU

This is the second blog in a two-part series that highlights novel Virtual Extensible LAN (VXLAN)-related features that are now shipping in the latest software release of the Nexus 9000 platform. In the previous blog, we briefly described three key features: Tenant Routed Multicast (TRM), Centralized Route Leaking for EVPN (Ethernet VPN), and Policy-Based Routing support with VXLAN. In this blog, we will look at the capabilities of the VXLAN EVPN Multi-Site feature.

VXLAN EVPN Multi-Site marks an important milestone in the journey of overlays. The vanilla VXLAN flood-and-learn based mechanism that relied on data-plane learning. This approach was replaced with an enhanced mechanism that relied on a control plane, back in early 2015 when BGP EVPN became the control plane of choice for VXLAN overlays. With this addition, support for integrated Layer-2/3 services, multi-tenancy, optimal one-hop forwarding, and workload mobility was introduced, making EVPN enabled VXLAN a more scalable and efficient solution.

VXLAN EVPN Multi-Site continues the evolutionary path toward building even more efficient VXLAN-based overlay deployments. It brings back proven networking design principles around hierarchical network design and fault containment with preserving network control boundaries when building scalable overlays.

The need for interconnecting data centers is as old as the notion of data centers themselves. This was no different when VXLAN was introduced. With VXLAN’s capability to build Layer-2 networks on top of Layer-3 networks, we achieved simplicity with transport independence but unfortunately left out many network-design principles for the overlay.

Even in the pre-VXLAN EVPN days, we still managed to build well-structured and hierarchical topologies such as Fat-Tree, Clos, Leaf/Spine. VXLAN overlays flattened this by creating end-to-end encapsulations from leaf to leaf through the Multi-Pod design. There the data plane was shared across pods while keeping some separate overlay control plane instance per pod. Alternative approaches preserved the hierarchy but required introduction of additional Data Center Interconnect (DCI) technology for interconnecting distinct VXLAN overlay domains; resulting in a Multi-Fabric design.

The challenge with Multi-Pod was the use of a single overlay domain (end-to-end encapsulation), which created challenges with scale, fate sharing, and operational restrictions. While Multi-Fabric provided improvements by isolating both the control and the data plane using hierarchical topologies, there was additional considerations imposed on the users to select from a mish-mash of different DCI technologies to extend and interconnect the overlay domains, thus resulting in greater operational complexity.

VXLAN EVPN Multi-Site is an open solution that extends the capability of VXLAN EVPN to provide hierarchical multi-site connectivity and allows stretching of Layer 2 and 3 services beyond a single overlay domain. The improvement over Multi-Pod/Multi-Fabric designs is significant in that now VXLAN EVPN is still used for carrying traffic between sites but policies can be applied at the border devices that also serve as the ‘gateway’ to the other sites. These border devices called Border Gateways (BGW) and terminate, mask, and interconnect multiple overlay domains, fabrics or sites. The chosen approach in VXLAN EVPN Multi-Site preserves the network-control boundary for traffic enforcement and failure containment with the simplicity of an integrated Layer 2 and 3 extension.

The BGW is the core component of EVPN Multi-Site that simplifies the deployment of the overall solution. In existing VXLAN EVPN fabrics, the BGW becomes a simple conversion of an existing Border Node or an easy addition as a leaf during the fabric lifecycle.

With EVPN Multi-Site, control- and data-plane within a given fabric stays unchanged. Only when it is necessary for traffic to leave the existing fabric to reach an end-point in a remote fabric, then the BGW perform its function of termination and re-origination the VXLAN tunnels. The question is how?

In EVPN Multi-Site, we define each fabric (‘site’) as its own BGP Autonomous System. We leverage the behavior of External BGP’s next-hop behavior, which points to the next-hop node for reaching a remote end point, in this case the closest BGW. To ensure resiliency and load distribution for the BGW, up to four BGWs can operate with the same “personality” requiring no control-plane changes whenever a failure scenario isolates or degrades one of the available BGWs. The personality encompasses sharing the same site ID and the same Virtual IP Address in a given site thereby making them part of a BGW cluster. Additional functions are available that perform interface state tracking to assist in rapid and efficient detection of failure scenarios thereby preventing an impaired BGW from remaining in the cluster.

The two important steps that allow EVPN Multi-Site to achieve its overall behavior are:

  • How a BGP EVPN advertisement appears remotely: When a BGP EVPN Route-Type 2 (MAC/IP) or Route-Type 5 (IP Prefix) is advertised from a remote site (remote AS), the BGW will take this information and advertise it with its own IP address as the next-hop into its local site (local AS).
  • How a leaf performs the data-plane operations when exiting the local traffic: As a result of BGP EVPN advertisements into its local site (local AS), all site local leafs will see the BGW as the only next-hop to reach the remote site prefixes (both MAC and IP). Whenever there is a need to reach these destinations, the VXLAN encapsulation from a leaf will be performed towards the BGW of the local site.

What this means is that if there are N=10 sites with M=256 leafs (VTEPs) each, the number of VTEPs each leaf needs to know about significantly reduces with an EVPN Multi-Site deployment as listed below:

Another useful feature that EVPN Multi-Site offers is rate limiting across the three BUM classes – Broadcast, Unknown Unicast, and Multicast. Rate limiting or even disabling of some of these classes becomes paramount, especially with the requirement of Layer-2 extension that is present in many intra data center and data center interconnect use cases.

While limiting BUM traffic is important, the distribution of BUM handling is even more critical in a world of scale-out architectures. In EVPN Multi-Site, we are doing this by a per-VNI Designated Forwarder (DF) election. Across all the BGW that are deployed within a site and with seamless extension of Layer-2, each BGW will perform the function of BUM forwarding for a different VNI (VXLAN Network Identifier). This way potential hotspots are avoided and traffic distribution can be achieved more efficiently.

Summary

Innovations such as the Cisco CloudScale ASICs available through the Nexus 9000-EX and -FX series provide many advanced capabilities for VXLAN overlays that are not available as widely in other switching platforms, like VXLAN EVPN Multi-Site. Cisco is developing comprehensive deployment guides that will go in-depth on all of the topics we have introduced in this two-part blog series. Stay tuned.

 

Since the release of NX-OS 7.0(3)I7(1) for Nexus 9000 platform, various resources have been posted around EVPN Multi-Site. The prime resources are listed below:

Build Hierarchical Fabrics with VXLAN EVPN Multi-Site White Paper https://www.cisco.com/c/dam/en/us/products/collateral/switches/nexus-9000-series-switches/at-a-glance-c45-739422.pdf

Configuration Guide for VXLAN EVPN Multi-Site https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_chapter_01100.html

BRKDCN-2035 – VXLAN BGP EVPN based Multi-POD, Multi-Fabric and Multi-Site (2017 Las Vegas)https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=95611

Building Data Centers with VXLAN BGP EVPN: A Cisco NX-OS Perspective: By Lukas KrattigerShyam KapadiaDavid Jansen, Published Mar 31, 2017 by Cisco Press. http://www.ciscopress.com/store/building-data-centers-with-vxlan-bgp-evpn-a-cisco-nx-9781587144677

 

Tags:

Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

Access: A Tale of Three Academics

– October 3, 2017 – 0 Comments

It’s 2am. Four college students are huddled around a laptop and a whiteboard. Unfolded laundry is littered across the bed. A crumpled bag of chips lies face down on the desk, spilling salt across the scattered pages of a forgotten problem set. Speakers are humming lowly with the rhythms of the top 40 set to shuffle. From this fertile soil, the seed of innovation is about to sprout.

Hours of feverish mental activity and excited mutterings have coalesced into a crescendo of marker squeaks and keyboard clicks. The data’s crunched. The code is written. It’s time to execute the program – to feel destiny smile upon them… What’s this? “Network failure”? “Not enough bandwidth”?!

In neighboring rooms, fists are raised to shake at the heavens as streaming shows freeze and aspiring minds are plunged into intellectual darkness. There is weeping and gnashing of teeth.

 

 

The third-grader was almost finished with her game. A few problems left, and she could show her teacher her results! And then the bell rang. She would have to run to make the bus. And her assignment would remain unfinished, at least for another day.

As she carefully packed away her tablet, she thought ahead to the hour-and-a-half ride home. How she wished she could spend that time finishing the game and showing her teacher how well she’d done. And then, like the rest of the class, she could start the next level tomorrow, instead of falling behind.

On the bus, the terrain rolled by, obscured by the fog of familiarity. The fire of curiosity extinguished by the lethargic drizzle of boredom.

 

 

A frazzled math teacher tapped frenetically at his mouse clicker, like a boxer reeling off jabs to the face of his opponent. Implacable, the wheel of death spun on, its stare as blank, cold, and dispassionate. Soulless. There was no reasoning with such a foe. No appealing to logic or emotion or shared experience. Only despair.

The deadline for submitting grades was fading into the rearview mirror. The slow, endless spinning of the wheel was hypnotizing – a jarring contrast to the relentless buzzing of his mobile phone inching its way across his desk.

He didn’t have the heart to tell her he would be late, once again. A guttural growl was the only audible vestige of the crippling frustration reverberating through his body. The frenzied flurry of anxieties playing king of the hill in his mind faded into a single exasperated plea: “Why, oh why, can’t I do this from home?”

 

 

We’ve all experienced the unique brand of soul-crushing vexation that results from the failure of technology. From jammed printers to broken links, these failures have turned multitudes of hairs gray before their time. Of all such errors, network failures or limitations seem the most pitiless and monolithic. What can mere mortals do to sway the fates of this dispassionate deity?

As these vignettes illustrate, empowered teaching and learning requires an automated, secure, intelligent core network up to the task of handling increased traffic, supporting a range of users, scaling to continuously offer new services, monitoring internet and application usage, and protecting sensitive data from attackers.

Only atop a solid and secure network foundation can we support the wireless connectivity and mobility services that extend access to all students—at all times. On campus, on the bus, at home, or anywhere else.

Engagement, experience, and innovation are built upon the bedrock of access, and undisrupted connectivity is crucial in enabling opportunities for teachers and students to learn without limits.

To learn how Cisco Digital Network Architecture (DNA) for Education empowers learning opportunities, visit this infographic, or watch this video.

Tags:

Leave a comment

We’d love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.