Policy-Driven Infrastructure: Separating User Intent from Configuration Procedures

January 28th, 2015

policy_driven_infrastructure_mike_sandeepThe focus on separating user intent from infrastructure is an important new insight into how cloud environments should be run.  To drive forward this approach, Group-Based Policy is currently being developed for both OpenStack and OpenDaylight open source projects. Mike Cohen, Director of Product Management and Sandeep Agrawal Senior Marketing Manager, both of whom work at Cisco Systems join me to talk about Group-Based Policy or using intent to manage infrastructure.



Duration: 21 minutes 17 seconds


Lippis Intro/Analysis @ : 00:10 sec


Question 1 @ 2:44 sec: Sandeep, What is GBP and what problem is trying to solve.


Question 2 @ 4:28 sec: Mike, What are the architectural components associated with GBP?


Question 3 @ 5:41 sec: Sandeep, How does GBP contribute to an open SDN approach?


Question 4 @ 6:48 sec: Sandeep, What does GBP mean for security and governance?


Question 5 @ 8:51 sec: Mike, Does GBP offer a means to automate network configuration and change management? 


Question 6 @ 10:23 sec: Mike, One part of GBP is that it gathers the state of the infrastructure.  How does it accomplish this, is there a state database that’s created?


Question 7 @ 12:20 sec: Mike, Does GBP assist in the creation of an application dependency map that can be shared across multiple IT teams, such as storage, networking, servers/virtualization and application development?


Question 8 @ 13:41 sec: Mike, How are the policies that are created configured within the products that make up the infrastructure?


Question 9 @ 15:09 sec: Mike, GBP is being adopted by OpenStack and OpenDayLight, but how will it be implemented by the vendor community within products?


Question 10 @ 18:03 sec: Mike, How does GBP compare to other efforts such as:  Congress and ONOS?

Cisco Enhances VXLAN: Eliminates IP Multicast Requirement, integrates virtual services via vPath plus connects to legacy networks

May 27th, 2013

Han_Yang_Cisco_Enhances_VXLAN_Eliminates_IP_Multicast_Requirement_integrates_virtual_services_via_vPath_plus_connects_to_legacy_networksCisco introduced enhancements to its VXLAN implementation in the Nexus 1000V virtual switch that overcomes the requirement for IP Multicast. In addition Cisco is integrating vPath to VXLAN for service insertion that stitches virtual services into VXLAN overlay tunnels. Network services might include virtual firewalls, application delivery controllers, WAN optimization, network monitors, etc. A final VXLAN challenge that network teams are facing is how to integrate VXLAN into legacy networks and with existing physical networks, appliances and the enterprise WAN. We’ll hear if Cisco has any solutions to get around this issue as well. Han Yang of Cisco joins me to discuss VXLAN, without multicast and with vPath, and how it can be used to deploy virtual network overlays.

A Realistic Approach To Dynamic Workload Scaling

October 9th, 2012

Dave Dhillon, Product Marketing Manager, Cisco Systems

Dynamic Workload Scaling or Cloud bursting is commonly referred to as the ability to expand or contract workload between two or more virtualized data centers or cloud providers.  It sounds simple enough, but there has not been a practical approach to securely and automatically facilitate elastic IT resources in response to demand.  Cisco Systems is offering one of the most realistic approaches to cloud bursting that leverages the Nexus 7000 and its Application Control Engine or ACE load balancers.  Overlay Transport Virtualization or (OTV) is a feature of the Nexus 7000 and provides Layer 2 connectivity extension across any transport connecting two or more data centers.  ACE provides VM aware load balancing over OTV, which creates the basis for Cisco’s Dynamic Workload Scaling cloud bursting strategy.  I talk with Dave Dhillon Product Marketing Manager at Cisco Systems as we dive into Cisco’s approach to cloud bursting.

Duration: 9 minutes 59 seconds

Lippis Intro/Analysis @ : 00:10 sec

Question 1 @ 2:01 sec: let’s start with a Dynamic Workload Scaling definition and how much demand Cisco sees for this capability?

Question 2 @ 3:46 sec:  Ok great, so let’s talk about Cisco’s Dynamic Workload Scaling approach.  It leverages ACE, OTV, Nexus 7000 and its partnership with VMware.   Can you talk to the piece parts of the approach and how they work together to deliver Dynamic Workload Scaling?

Question 3 @ 6:53 sec: Thank for solution overview, so what are the new levels of business flexibility or outcomes enabled when Dynamic Workload Scaling is implemented?

Question 4 @ 7:59 sec: How do IT business leaders implement DWS in their private clouds?


BYOD Smart Solution

May 14th, 2012

By Cisco Systems

Providing a work-your-way solution for diverse users with multiple devices, anytime, anywhere
Today’s CIO must deliver innovative business solutions and give employees more freedom to work the way they want – all while reducing IT complexity. Consumer devices have proven to be a cost effective and attractive way to keep employees engaged and productive, but many organizations struggle with securely introducing these devices into the network. Securing corporate data, applications, and systems is essential to any BYOD strategy, and IT organizations need to ensure a secure experience from both a device and network access perspective. As corporations develop an any-device, anywhere strategy, IT needs to know who is on the network, the location of the person, and the type and status of the device. This white paper provides a strategy for implementing BYOD securely.

Lippis Report 188: Cisco Deepens the Visibility and Control Attributes of the SecureX Framework to Deliver Context-Aware Mitigation

March 20th, 2012

SecureX is the network security framework that Cisco launched last year. The company has now deepened SecureX to bolster its ability to provide SecOps greater visibility of applications and network traffic, and control of network security resources to mitigate exploits faster and more effectively by providing context- aware security information brought on by Bring Your Own Device or BYOD plus cloud computing applications and services. Cisco achieves this through its new ASA-CX Context-Aware Security capabilities, expanded support for Security Group Tagging or SGT within TrustSec enabled devices, and the addition of device profiling functionality in the IOS of its routers, switches and wireless access points. All of this security technology works with its Identity Services Engine or ISE—Cisco’s identity and access control policy platform.

Read the rest of this entry »

Lippis Report 184: Network Services to Differentiate Next Generation of Campus Core Switches

January 9th, 2012

During the middle of 2012, a few firms will introduce core switches for campus networking. Many of these products will be based upon merchant silicon such as HP Networking’s A10500 Series Enterprise Core Switch. While these products will boast performance advantage, they will find it difficult to win share against established firms such as Cisco’s Catalyst 6500, thanks to its investment in network services. In this Lippis Report Research Note 184, we explore the importance of network services and their role in campus network design.

Read the rest of this entry »

Fall 2011 Open Industry Network Performance And Power Test Report

December 5th, 2011

The IT Industry’s Third Open Network Performance and Power Consumption Test
Read the rest of this entry »

Catalyst 6500 Sup2T 802.1ae MACSec Throughput Performance

November 30th, 2011

MACsec encryption has become increasing popular and important to campus network design, but previous switch performance degraded when encrypted traffic was passing through it. Here we show that the catalyst 6500 does not suffer a performance degrade while MACsec traffic is passing through it. We tested the Catalyst 6500 via the cPacket Networks cTap 10G passive probe to verify traffic flows were either MACsec encrypted or unencrypted. We found that there is no material difference in throughput performance, other than 802.1ae encryption key overhead, thanks to 16 additional bytes per packet. The cPacket passive probe also measured line rate throughput performance. This is a great short video that verifies how the old encryption performance penalty is now gone.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Cisco Systems Catalyst 6500 Sup2T VSS Throughput Performance

November 30th, 2011

One of the most impressive network design options available on the Catalyst 6500 is the use of VSS. Connecting two Catalyst 6500s equipped with Sup2Ts creates a virtual switch, adding each switch’s performance while operating as a single switch thus eliminating spanning tree in favor for active-active links. We configure two Catalyst 6500s via VSS. We measure throughput performance to verify that VSS throughput rates are equally high performance as the MPLS and VPLS scenarios. Check out the two-Catalyst 6500 configurations we deployed for this test.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Catalyst 6500 Sup2T Network Virtualization via MPLS/VPLS Performance

November 30th, 2011

Network virtualization, or the ability to divide a physical network into multiple logical networks with unique attributes, is a design that has grown in popularity as IT business leaders have sort ways to segment their network with different attributes for different user groups. This is popular in healthcare, education, travel and other industries. Network virtualization can be implemented either in IP, and/or MPLS. In addition connecting the Catalyst 6500 directly to service provider MPLS networks is another popular design; therefore we test throughput performance for both scenarios here.

For active-active data center operation, disaster planning and load balancing are best practices when connecting data centers via MPLS or VPLS. VPLS layer 2 connected data centers deliver LAN-like service over the campus and/or wide area network. Layer 2 connectivity is important as server-server communications expect layer 2 connectivity as most applications have been designed with this assumption. For connecting more than two data centers, VPLS offers mesh connectivity. Data centers connected via VPLS look and act as if they are on the same LAN. Therefore, we test that VPLS throughput performance rates are equally high performance in this scenario as MPLS.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Catalyst 6500 Upgrade From Sup720 to Sup2T

November 30th, 2011

During the Lippis Report test of the Cisco Systems Catalyst 6500 at Ixia’s iSimCity we perform an upgrade from Supervisor Engine 720 to 2T. What IT business leaders are looking for are incremental network upgrades with minimal disruption. Therefore, we swap out Sup720 for Sup2T and bring up existing service modules and line cards. Remember that line cards represent the largest investment in switching equipment, so we’ll demonstrate that older line cards interoperate at high performance when the new Sup2T replaces the Sup720. We find that the upgrade process is easy and smooth with compatibility of line cards, configuration code, service modules, transceivers and chassis.

Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.

Cisco Scales Up Its Data Center Fabric At Industry Setting Levels

November 21st, 2011

IT business leaders are seeking data center fabrics that scale to support increasing density of physical and virtual servers at cloud spec. In October of this year, Cisco delivered a monster data center fabric announcement aimed at increasing scale, security and new data center services. A few highlights are the second-generation Nexus 7000 capabilities, a new Nexus 7009 platform, plus FabricPath capabilities on the Nexus 5500 and expanded Nexus 1GbE and 40GbE form factors of the Nexus 3000. Shashi Kiran, Director of Market Management for Data Center/Virtualization and Enterprise Switching at Cisco Systems joins me to talk about what IT business leaders will gain from this new announcement from a business outcome and data center fabric design perspective.

Lippis Report 175: Cisco’s Data Center Fabric Weaves Computing, Networking and Storage for iBusiness Outcomes

July 12th, 2011

The tech sector is at a crossroads. In just 18 short months, mobile and cloud computing has fundamentally changed business assumptions and technical underpinnings of IT delivery. And in the process IT business leaders are fundamentally changing their buying requirements and corporate IT investments challenging existing vendor relationships. The tech sector served up corporate IT along technical lines of computing, networking, storage and applications, but these lines are blurring as every major multi-billion dollar IT firm now seeks to deliver vertical offerings comprised of a single rack of compute, storage and networking to address scale and simplicity associated with the new mobile and cloud computing models. Cisco, IBM, HP, Dell and Oracle all are repositioning their data center offers to address the market opportunity and shift to assist IT leaders building iBusinesses. In this Lippis Report Research Note, we dive into Cisco’s Data Center Fabric as it’s the furthest along at integrating compute, networking and storage access for corporate advantage offering a glimpse of IT’s future.

Read the rest of this entry »

Cisco Delivers Next Generation Nexus Network Operating System for Virtualized and Converged Clouds

July 12th, 2011

Cisco’s Nexus Operating System that runs on the Nexus switches and evolved from Cisco’s MDS SAN-OS is a fundamental building block of its Data Center Fabric. Berna Devrim, Senior Manager of Data Center and Virtualization Marketing at Cisco Systems, discusses the next generation of Nexus OS designed to address the biggest data center issues. These issues are virtualization scale and mobility, cloud spec scale, LAN and SAN convergence plus operational efficiency. This is one of the best audio podcast we’ve produced, so sit back listen, learn and enjoy.