Category Archives: Cisco

ACI anywhere with Virtual Edge (AVE)

The goal of extending ACI anywhere is becoming real with ACI Virtual Edge (EVE), the next generation of the Application Virtual Switch (AVS) for ACI environments. this should be available until the end of the year, AVE is hypervisor independent, offering consistent policy control across multiple hypervisors. For now the only target hypervisor is VMware.

AVS still supported but seems to be time for a change!

No tags for this post.

Realistic Traffic Generator

TRex is an open source, stateful traffic generator fuelled by DPDK. It generates L4-7 traffic based on pre-processing and smart replay of real traffic templates. TRex amplifies both client and server side traffic. Trex can can scale to 200Gb/sec with one UCS, but you can run it in any x86 hardware.

You can build your own VM running Fedora or Ubuntu, but Cisco cooked a OVA and Virtual Box image ready to go here

Cisco DEVNET has a corner for TREX too, check here

It’s time to load some devices, and compare with datasheets :)

TRex Current Stateful Feature sets

  • DPDK 1/2.5/5/10/25/40/50/100Gbps interfaces support
  • High scale of realistic traffic, up to 200-400Gb/sec with one Cisco UCS
  • Latency/Jitter measurements
  • Flow ordering checks
  • NAT, PAT dynamic translation learning

TRex New Stateless Feature sets

  • Crafting and generating stateless traffic streams
  • Large scale – Supports up to 20 million packets per second (mpps)
  • Multiple streams support
  • Ability to change any field inside the packet (e.g. src_ip = 10.0.0.1-10.0.0.255)
  • Continuous/Burst/Multi-burst support
  • Interactive support – Console, GUI
  • Per stream statistics, latency and Jitter
  • Python API for automation
  • Multi-user support

 

 

Spot Bad Traffic without decrypting it

How can we detect and mitigate a kill chain in encrypted traffic without breaking users privacy and same time  with minimal false positives? Cisco Catalyst 9k is the newest platform with this capability which is called Encrypted Traffic Analysis (ETS). Machine Learning & metadata seems to be the right ingredients to make the wheel work.

Read here for more detail.

 

 

 

Cisco Catalyst reborn

Cisco announced a new platform, Catalyst 9k (fixed and modular), a new hit for the Enterprise Architecture.

Some of the benefits i’ve captured:

  • Secure segmentation with SD-Access
  • Unmatched 60W POE on every access port
  • DNA Center
  • IoT readiness
  • Cloud readiness
  • IOS-XE
  • UADP 2.0
  • StackWise Virtual
  • IEEE1588
  • MACsec256
  • Encrypted Traffic Analysis (ETA)
  • Licensing mode changed (no info yet)

Catalyst 9300

Catalyst 9400

Catalyst 9500

 

CCIE and VR combined

It’s not April fools day, so what the title means? No chance to Cisco stay behind the software world! I would expect that Cisco will use VR soon as part of their Collaboration suite

If you are going to Cisco Live US you can see this two Demos:

  • BeTheRouter (BTR) – in this App, you are the heart and decision maker of what to do with the packets in terms of routing policy, QoS, etc.
  • TroubleshootTheLab (TTL) – in this App, user is presented a real-life-looking data center environment with tasks to rack-and-stack Cisco equipment in 3D such as Routers and Switches, followed by a cabling exercise to connect various devices according to the topology diagram, and troubleshoot a cabling issue fix.

Shall we expect a 8 hour Lab exam using VR?

 

Update 02.06.2017
Teaser included

SFP validation failed on Nexus

If you come across to an issue like this you are about to fix before that you think. After plug in SFP (1 gig copper) on a SFP+ port i got an error saying “SFP validation failed”.

N3K# sh int e1/45
Ethernet1/45 is down (SFP validation failed)
Dedicated Interface
Hardware: 100/1000/10000/40000 Ethernet, address: 00d7.8fa9.34b4 (bia 00d7.8fa
9.34b4)
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is trunk
Full-duplex, 10 Gb/s, media type is 1G
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
EtherType is 0x8100
Last link flapped never
Last clearing of “show interface” counters never
0 interface resets
Load-Interval #1: 30 seconds
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 0 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 0 bps, 0 pps; output rate 0 bps, 0 pps

So we have to force the interface speed like old days.

N3K(config)# interface Ethernet1/45
N3K(config-if)# speed 1000
N3K(config-if)# no shut

Plugin the cable and done!

N3K(config-if)# show int e1/45
Ethernet1/45 is down (Link not connected)
Dedicated Interface
Hardware: 100/1000/10000/40000 Ethernet, address: 00d7.8fa9.34b4 (bia 00d7.8fa
9.34b4)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is trunk
Full-duplex, 1000 Mb/s, media type is 1G

Next-Gen SAN reaching 32Gbps

Cisco MDS still evolving as a platform, and Cisco announced technology innovations for next-generation storage networking, giving 32Gb fibre channel performance across a unified MDS storage director and UCS. Cisco storage solutions can help the network adapt to new storage trends such as flash, NVMe, and converged infrastructure workloads.

You can see here the full announcement.

 

New Cisco Certs on Programming Skills

We have been observing a lots talk about SDN (and flavours), programmability , APIs, Automation, and so on.  Cisco is launching new Certifications embracing a new Era of Software. So stay relevant! You can read the full article here https://learningnetwork.cisco.com/blogs/talking-tech-with-cisco/2017/04/06/new-certifications-and-training-to-meet-the-needs-of-today-s-digitized-businesses

Upgrade Cisco Blade Switch

Applying a major upgrade between 12.x and 15.x code, backup your config first before go ahead!

Checking the actual version

 

SW01#sh ver | i IOS
Cisco IOS Software, CBS30X0 Software (CBS30X0-LANBASEK9-M), Version 12.2(35)SE, RELEASE SOFTWARE (fc2)SW01#show boot
BOOT path-list      : flash:cbs30x0-lanbase-mz.122-35.SE/cbs30x0-lanbase-mz.122-35.SE.bin
Config file         : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break        : no
Manual Boot         : no
HELPER path-list    :
Auto upgrade        : yes
Auto upgrade path   :

Downloading and extracting the TAR file from your TFTP

SW01#download-sw tftp:10.1.0.103/cbs30x0-ipbase-tar.150-2.SE6.tar
Loading cbs30x0-ipbase-tar.150-2.SE6.tar from 10.1.0.103 (via FastEthernet0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(omitted for brevity)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK – 15073280 bytes]

Loading cbs30x0-ipbase-tar.150-2.SE6.tar from 10.1.0.103 (via FastEthernet0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(omitted for brevity)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
examining image…
extracting info (107 bytes)
extracting cbs30x0-ipbase-mz.150-2.SE6/info (372 bytes)
extracting info (107 bytes)

Stacking Version Number: 1.49

System Type:             0x00000000
Ios Image File Size:   0x00BEF200
Total Image File Size: 0x00E60200
Minimum Dram required: 0x08000000
Image Suffix:          ipbase-150-2.SE6
Image Directory:       cbs30x0-ipbase-mz.150-2.SE6
Image Name:            cbs30x0-ipbase-mz.150-2.SE6.bin
Image Feature:         IP|LAYER_3|MIN_DRAM_MEG=128

Old image for switch 1: unknown

Extracting images from archive into flash…
cbs30x0-ipbase-mz.150-2.SE6/ (directory)
extracting cbs30x0-ipbase-mz.150-2.SE6/info (372 bytes)
cbs30x0-ipbase-mz.150-2.SE6/html/ (directory)
extracting cbs30x0-ipbase-mz.150-2.SE6/html/frmwrkResource.htm (950 bytes)
extracting cbs30x0-ipbase-mz.150-2.SE6/html/menu.shtml (8324 bytes)
extracting cbs30x0-ipbase-mz.150-2.SE6/html/portstats.js (8142 bytes)
(omitted for brevity)
extracting cbs30x0-ipbase-mz.150-2.SE6/cbs30x0-ipbase-mz.150-2.SE6.bin (12505683 bytes)
extracting info (107 bytes)

Installing (renaming): `flash:update/cbs30x0-ipbase-mz.150-2.SE6′ ->
`flash:cbs30x0-ipbase-mz.150-2.SE6′
New software image installed in flash:cbs30x0-ipbase-mz.150-2.SE6

All software images installed.

Boot updated with the new image & Reboot

SW01#show boot
BOOT path-list      : flash:cbs30x0-ipbase-mz.150-2.SE6/cbs30x0-ipbase-mz.150-2.SE6.bin
Config file         : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break        : no
Manual Boot         : no
HELPER path-list    :
Auto upgrade        : yes
Auto upgrade path   :SW01#reload
Proceed with reload? [confirm]

New code is Live!

SW01#sh ver | i IOS
Cisco IOS Software, CBS30X0 Software (CBS30X0-IPBASE-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)

Compare the running config with the Backup one we did previously zero differences, so another successful upgrade!

NetRiders Competition 2017

NetRiders is a Competition offered for students currently or recently enrolled in a Cisco Networking Academy course. Each region offers three levels of competitions: CCNA, CCENT, and IT Essentials. Eligibility requirements differ per competition level. Competition schedules differ for each region.

What are the benefits?

  • Develop and grow networking and IT skills
  • Test and showcase skills in a fun and rewarding environment
  • Compete to be the most skilled student in a region
  • Interact and compete with fellow students at a national level
  • Increase knowledge and enhance future professional development (i.e. available for more employment opportunities)
  • Get visibility from other schools to become an instructor
  • Win prizes

The registrations are now the the following Region, if you belong to another region check the official page here

 

 

Cisco ACS Config Factory Default

I’m running Cisco ACS 5.2, and this shouldn’t be common operation in Production but…..backup your licenses before you go ahead.

login as: admin
Using keyboard-interactive authentication.
Password:******cs/admin# acs reset-config
This command deletes the current ACS configuration
and resets the ACS configuration to factory defaults.Cisco recommends that you perform a backup before you execute this command.Are you sure you want to reset the configuration now? (yes/no) yes

Grab a coffee now, this will take a while around 20 minutes!

Stopping ACS.
Stopping Management and View………………….
Stopping Runtime…………….
Stopping Database……
Cleanup…..Resetting configuration to factory defaults.

Starting ACS ….

To verify that ACS processes are running, use the
‘show application status acs’ command.

acs/admin# show application status acs

Application initializing…
Status is not yet available.
Please check again in a minute.

acs/admin# show application status acs

ACS role: PRIMARY

  • Process ‘database’ running
    Process ‘management’ running
    Process ‘runtime’ running
    Process ‘view-database’ running
    Process ‘view-jobmanager’ running
    Process ‘view-alertmanager’ running
    Process ‘view-collector’ running
    Process ‘view-logprocessor’ running