Category Archives: Cisco

ACI anywhere with Virtual Edge (AVE)

The goal of extending ACI anywhere is becoming real with ACI Virtual Edge (EVE), the next generation of the Application Virtual Switch (AVS) for ACI environments. this should be available until the end of the year, AVE is hypervisor independent, offering consistent policy control across multiple hypervisors. For now the only target hypervisor is VMware.

AVS still supported but seems to be time for a change!

Share
No tags for this post.

Realistic Traffic Generator

TRex is an open source, stateful traffic generator fuelled by DPDK. It generates L4-7 traffic based on pre-processing and smart replay of real traffic templates. TRex amplifies both client and server side traffic. Trex can can scale to 200Gb/sec with one UCS, but you can run it in any x86 hardware.

You can build your own VM running Fedora or Ubuntu, but Cisco cooked a OVA and Virtual Box image ready to go here

Cisco DEVNET has a corner for TREX too, check here

It’s time to load some devices, and compare with datasheets :)

TRex Current Stateful Feature sets

  • DPDK 1/2.5/5/10/25/40/50/100Gbps interfaces support
  • High scale of realistic traffic, up to 200-400Gb/sec with one Cisco UCS
  • Latency/Jitter measurements
  • Flow ordering checks
  • NAT, PAT dynamic translation learning

TRex New Stateless Feature sets

  • Crafting and generating stateless traffic streams
  • Large scale – Supports up to 20 million packets per second (mpps)
  • Multiple streams support
  • Ability to change any field inside the packet (e.g. src_ip = 10.0.0.1-10.0.0.255)
  • Continuous/Burst/Multi-burst support
  • Interactive support – Console, GUI
  • Per stream statistics, latency and Jitter
  • Python API for automation
  • Multi-user support

 

 

Share

Spot Bad Traffic without decrypting it

How can we detect and mitigate a kill chain in encrypted traffic without breaking users privacy and same time  with minimal false positives? Cisco Catalyst 9k is the newest platform with this capability which is called Encrypted Traffic Analysis (ETS). Machine Learning & metadata seems to be the right ingredients to make the wheel work.

Read here for more detail.

 

 

 

Share

Cisco Catalyst reborn

Cisco announced a new platform, Catalyst 9k (fixed and modular), a new hit for the Enterprise Architecture.

Some of the benefits i’ve captured:

  • Secure segmentation with SD-Access
  • Unmatched 60W POE on every access port
  • DNA Center
  • IoT readiness
  • Cloud readiness
  • IOS-XE
  • UADP 2.0
  • StackWise Virtual
  • IEEE1588
  • MACsec256
  • Encrypted Traffic Analysis (ETA)
  • Licensing mode changed (no info yet)

Catalyst 9300

Catalyst 9400

Catalyst 9500

 

Share

CCIE and VR combined

It’s not April fools day, so what the title means? No chance to Cisco stay behind the software world! I would expect that Cisco will use VR soon as part of their Collaboration suite

If you are going to Cisco Live US you can see this two Demos:

  • BeTheRouter (BTR) – in this App, you are the heart and decision maker of what to do with the packets in terms of routing policy, QoS, etc.
  • TroubleshootTheLab (TTL) – in this App, user is presented a real-life-looking data center environment with tasks to rack-and-stack Cisco equipment in 3D such as Routers and Switches, followed by a cabling exercise to connect various devices according to the topology diagram, and troubleshoot a cabling issue fix.

Shall we expect a 8 hour Lab exam using VR?

 

Update 02.06.2017
Teaser included

Share

SFP validation failed on Nexus

If you come across to an issue like this you are about to fix before that you think. After plug in SFP (1 gig copper) on a SFP+ port i got an error saying “SFP validation failed”.

N3K# sh int e1/45
Ethernet1/45 is down (SFP validation failed)
Dedicated Interface
Hardware: 100/1000/10000/40000 Ethernet, address: 00d7.8fa9.34b4 (bia 00d7.8fa
9.34b4)
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is trunk
Full-duplex, 10 Gb/s, media type is 1G
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
EtherType is 0x8100
Last link flapped never
Last clearing of “show interface” counters never
0 interface resets
Load-Interval #1: 30 seconds
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 0 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 0 bps, 0 pps; output rate 0 bps, 0 pps

So we have to force the interface speed like old days.

N3K(config)# interface Ethernet1/45
N3K(config-if)# speed 1000
N3K(config-if)# no shut

Plugin the cable and done!

N3K(config-if)# show int e1/45
Ethernet1/45 is down (Link not connected)
Dedicated Interface
Hardware: 100/1000/10000/40000 Ethernet, address: 00d7.8fa9.34b4 (bia 00d7.8fa
9.34b4)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is trunk
Full-duplex, 1000 Mb/s, media type is 1G

Share