Trends in Enterprise Networking
Upcoming SlideShare
Loading in...5
×
 

Trends in Enterprise Networking

on

  • 215 views

Learn from Cisco experts the trends in Enterprise networking that may soon be impacting your EtherNet/IP networks. This will be a general overview of various technologies such as: transition from ...

Learn from Cisco experts the trends in Enterprise networking that may soon be impacting your EtherNet/IP networks. This will be a general overview of various technologies such as: transition from IPv4 to IPv6, flexibility gained from Software-defined Networking (SDN), TrustSec secure network access, BYOD, and cloud computing (public, private, fog).

Statistics

Views

Total Views
215
Views on SlideShare
215
Embed Views
0

Actions

Likes
0
Downloads
24
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Trends in Enterprise Networking Trends in Enterprise Networking Presentation Transcript

  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION Trends in Enterprise Networking Dave Cronberger (Cisco Systems), Xuechen Yang (Cisco Systems)
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 2 Agenda Cisco TrustSec – Enable Identity- aware Network SDN – Software Defined Networking
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Control and Data Plane resides within Physical Device The Network Paradigm as We Know it…
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Software defined networking (SDN) is an approach to building computer networks that separates and abstracts elements of these systems What is SDN?(per Wikipedia definition) Defining SDN
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. In other words… In the SDN paradigm, not all processing happens inside the same device The SDN Paradigm
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. What did this “SDN” thing come from? 6 Stanford University – Clean Slate Project http://cleanslate.stanford.edu/ “…explore what kind of Internet we would design if we were to start with a clean slate and 20-30 years of hindsight.”
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. … Clean Slate led to the development of … 7 OpenFlow
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. OpenFlow is a Layer 2 communications protocol that gives access to the forwarding plane of a network switch or router over the network What is Openflow?(per Wikipedia definition) Define Openflow
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Four parts to Openflow Let’s take a closer look at Openflow …
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Central Administration and Operations point for Network Elements Openflow Controller
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Northbound API Integral part of Controller “Network enabled” application can make use of Northbound API to request services from the network… Controller Northbound API
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Agent runs on the network device Agent receives instructions from Controller Agent programs device tables Openflow Device Agent
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Openflow Protocol is… “A mechanism for the Openflow Controller to communicate with Openflow Agents…” Openflow Protocol
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Google has been using Openflow to drive their Wide Area Network since January 2011 http://www.eetimes.com/electronics-news/4371179/Google-describes-its- OpenFlow-network Google’s SDN Network
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Open Network Foundation 15 Non Profit Consortium Dedicated to “the transformation of networks through SDN” Mission to “commercialize and promote SDN…as a disruptive approach to networking…” Open Network Foundation
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Software Defined Networking Openflow is one flavor of SDN Openflow Does Not Equal SDN Software Defined Networking Openflow
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Virtual Overlays 17 Multiple “overlay” networks can co-exist at the same time Overlays provides logical network constructs for different tenants (customers)
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Cisco’s ACI (Application Centric Infrastructure) 18
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 19 Agenda Cisco TrustSec – Enable Identity- aware Network SDN – Software Defined Networking
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Challenges with Enterprise Security and Access Control Policy 20 Protected assets are defined by their network connection • Policies are statically and manually configured • Rules are based on network topology (subnets, addresses) • IP Address does not provide user context or meaning Method does not facilitate key Business / IT requirements like: • Frequent organizational changes • Mobile workforces • Device choice • Virtualization
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Introduce Cisco TrustSec 21
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175 access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462 access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384 access-list 102 permit icmp 136.237.66.158 255.255.255.255 eq 946 119.186.148.222 0.255.255.255 eq 878 access-list 102 permit ip 129.100.41.114 255.255.255.255 gt 3972 47.135.28.103 0.0.0.255 eq 467 access-list 102 permit udp 126.183.90.85 0.0.0.255 eq 3256 114.53.254.245 255.255.255.255 lt 1780 access-list 102 deny icmp 203.36.110.37 255.255.255.255 lt 999 229.216.9.232 0.0.0.127 gt 3611 access-list 102 permit tcp 131.249.33.123 0.0.0.127 lt 4765 71.219.207.89 0.255.255.255 eq 606 access-list 102 deny tcp 112.174.162.193 0.255.255.255 gt 368 4.151.192.136 0.0.0.255 gt 4005 access-list 102 permit ip 189.71.213.162 0.0.0.127 gt 2282 74.67.181.47 0.0.0.127 eq 199 access-list 102 deny udp 130.237.66.56 255.255.255.255 lt 3943 141.68.48.108 0.0.0.255 gt 3782 access-list 102 deny ip 193.250.210.122 0.0.1.255 lt 2297 130.113.139.130 0.255.255.255 gt 526 access-list 102 permit ip 178.97.113.59 255.255.255.255 gt 178 111.184.163.103 255.255.255.255 gt 959 access-list 102 deny ip 164.149.136.73 0.0.0.127 gt 1624 163.41.181.145 0.0.0.255 eq 810 access-list 102 permit icmp 207.221.157.104 0.0.0.255 eq 1979 99.78.135.112 0.255.255.255 gt 3231 access-list 102 permit tcp 100.126.4.49 0.255.255.255 lt 1449 28.237.88.171 0.0.0.127 lt 3679 access-list 102 deny icmp 157.219.157.249 255.255.255.255 gt 1354 60.126.167.112 0.0.31.255 gt 1025 access-list 102 deny icmp 76.176.66.41 0.255.255.255 lt 278 169.48.105.37 0.0.1.255 gt 968 access-list 102 permit ip 8.88.141.113 0.0.0.127 lt 2437 105.145.196.67 0.0.1.255 lt 4167 access-list 102 permit udp 60.242.95.62 0.0.31.255 eq 3181 33.191.71.166 255.255.255.255 lt 2422 access-list 102 permit icmp 186.246.40.245 0.255.255.255 eq 3508 191.139.67.54 0.0.1.255 eq 1479 access-list 102 permit ip 209.111.254.187 0.0.1.255 gt 4640 93.99.173.34 255.255.255.255 gt 28 access-list 102 permit ip 184.232.88.41 0.0.31.255 lt 2247 186.33.104.31 255.255.255.255 lt 4481 access-list 102 deny ip 106.79.247.50 0.0.31.255 gt 1441 96.62.207.209 0.0.0.255 gt 631 access-list 102 permit ip 39.136.60.170 0.0.1.255 eq 4647 96.129.185.116 255.255.255.255 lt 3663 access-list 102 permit tcp 30.175.189.93 0.0.31.255 gt 228 48.33.30.91 0.0.0.255 gt 1388 access-list 102 permit ip 167.100.52.185 0.0.1.255 lt 4379 254.202.200.26 255.255.255.255 gt 4652 access-list 102 permit udp 172.16.184.148 0.255.255.255 gt 4163 124.38.159.247 0.0.0.127 lt 3851 access-list 102 deny icmp 206.107.73.252 0.255.255.255 lt 2465 171.213.183.230 0.0.31.255 gt 1392 access-list 102 permit ip 96.174.38.79 0.255.255.255 eq 1917 1.156.181.180 0.0.31.255 eq 1861 access-list 102 deny icmp 236.123.67.53 0.0.31.255 gt 1181 31.115.75.19 0.0.1.255 gt 2794 access-list 102 deny udp 14.45.208.20 0.0.0.255 lt 419 161.24.159.166 0.0.0.255 lt 2748 access-list 102 permit udp 252.40.175.155 0.0.31.255 lt 4548 87.112.10.20 0.0.1.255 gt 356 access-list 102 deny tcp 124.102.192.59 0.0.0.255 eq 2169 153.233.253.100 0.255.255.255 gt 327 access-list 102 permit icmp 68.14.62.179 255.255.255.255 lt 2985 235.228.242.243 255.255.255.255 lt 2286 access-list 102 deny tcp 91.198.213.34 0.0.0.255 eq 1274 206.136.32.135 0.255.255.255 eq 4191 access-list 102 deny udp 76.150.135.234 255.255.255.255 lt 3573 15.233.106.211 255.255.255.255 eq 3721 access-list 102 permit tcp 126.97.113.32 0.0.1.255 eq 4644 2.216.105.40 0.0.31.255 eq 3716 access-list 102 permit icmp 147.31.93.130 0.0.0.255 gt 968 154.44.194.206 255.255.255.255 eq 4533 access-list 102 deny tcp 154.57.128.91 0.0.0.255 lt 1290 106.233.205.111 0.0.31.255 gt 539 access-list 102 deny ip 9.148.176.48 0.0.1.255 eq 1310 64.61.88.73 0.0.1.255 lt 4570 access-list 102 deny ip 124.236.172.134 255.255.255.255 gt 859 56.81.14.184 255.55.255.255 gt 2754 access-list 102 deny icmp 227.161.68.159 0.0.31.255 lt 3228 78.113.205.236 255.55.255.255 lt 486 access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165 access-list 102 deny udp 32.124.217.1 255.255.255.255 lt 907 11.38.130.82 0.0.31.255 gt 428 access-list 102 permit ip 64.98.77.248 0.0.0.127 eq 639 122.201.132.164 0.0.31.255 gt 1511 access-list 102 deny tcp 247.54.117.116 0.0.0.127 gt 4437 136.68.158.104 0.0.1.255 gt 1945 access-list 102 permit icmp 136.196.101.101 0.0.0.255 lt 2361 90.186.112.213 0.0.31.255 eq 116 access-list 102 deny udp 242.4.189.142 0.0.1.255 eq 1112 19.94.101.166 0.0.0.127 eq 959 access-list 102 deny tcp 82.1.221.1 255.255.255.255 eq 2587 174.222.14.125 0.0.31.255 lt 4993 access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848 access-list 102 deny ip 32.15.78.227 0.0.0.127 eq 1493 72.92.200.157 0.0.0.255 gt 4878 access-list 102 permit icmp 100.211.144.227 0.0.1.255 lt 4962 94.127.214.49 0.255.255.255 eq 1216 access-list 102 deny icmp 88.91.79.30 0.0.0.255 gt 26 207.4.250.132 0.0.1.255 gt 1111 access-list 102 deny ip 167.17.174.35 0.0.1.255 eq 3914 140.119.154.142 255.255.255.255 eq 4175 access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462 access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384 access-list 102 permit icmp 136.237.66.158 255.255.255.255 eq 946 119.186.148.222 0.255.255.255 eq 878 access-list 102 permit ip 129.100.41.114 255.255.255.255 gt 3972 47.135.28.103 0.0.0.255 eq 467 22 Simplified Access Management Accelerated Security Operations Consistent Policy Anywhere • Manages policies using plain language • Control access to critical assets by business role • Maintain policy compliance • Segments networks using central policy management • Enforces policy on wired, wireless & VPN • Scales to remote, branch, campus & data center • Quickly onboard servers • Speed-up adds, moves and changes, eliminate many • Automate FW & ACL administration Traditional Security Policy Taking Complexity out of Network Security
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Traditional Security Administration 23 Adding destination Object Adding source Object ACL for 3 source objects & 3 destination objects permit NY to SRV1 for HTTPS deny NY to SAP2 for SQL deny NY to SCM2 for SSH permit SF to SRV1 for HTTPS deny SF to SAP1 for SQL deny SF to SCM2 for SSH permit LA to SRV1 for HTTPS deny LA to SAP1 for SQL deny LA to SAP for SSH Permit SJC to SRV1 for HTTPS deny SJC to SAP1 for SQL deny SJC to SCM2 for SSH permit NY to VDI for RDP deny SF to VDI for RDP deny LA to VDI for RDP deny SJC to VDI for RDP A Global Bank dedicated 24 global resources to manage Firewall rules currently Complex Task and High OPEX continues Traditional ACL/FW Rule Source Destination NY SF LA DC-MTV (SRV1) DC-MTV (SAP1) DC-RTP (SCM2) NY 10.2.34.0/24 10.2.35.0/24 10.2.36.0/24 10.3.102.0/24 10.3.152.0/24 10.4.111.0/24 …. SJC DC-RTP (VDI) Production Servers
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Security Administration with TrustSec 24 Permit Employee to Production_Servers eq HTTPS Deny Employee to Production_Servers eq SQL Deny Employee to Production_Servers eq SSH Permit Employee to VDI eq RDP Deny BYOD to Production_Servers Deny BYOD to VDI eq RDP Policy Stays with Users / Servers regardless of location/topology Simple to define, Audit, and Manage Less operational effort and faster to deploy new services Security Group Filtering NY SF LA DC-MTV (SRV1) DC-MTV (SAP1) DC-RTP (SCM2) SJC DC-RTP (VDI) Production Servers VDI Servers BYOD Employee Source SGT: Employee (10) BYOD (200) Destination SGT: Production_Servers (50) VDI (201)
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Flexible Classification for SGT 2 VLAN-SGT IP-SGT Port Profile Port-SGT IPv4 Prefix Learning IPv6 Prefix Learning IPv6 Prefix- SGT IPv4 Subnet-SGT 802.1X MAB Web Auth Profiling SGT SGT Addr.Pool-SGT VLAN-SGT Data Center/ Virtualization User/Device/Location Cisco access layer ISE NX-OS/ CIAC/ Hypervisors IOS/Routing Campus & VPN Access non-Cisco & legacy env Business Partners & Supplier access controls SGT • TrustSec decouples network topology and security policy to simplify access control and segmentation • Classification process groups network resources into Security Groups
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. SGT Propagation 26 Wired Access Wireless Access DC Firewall Enterprise Backbone DC Virtual AccessCampus Core DC Core DC Distribution Physical Server Physical Server VM Server VM Server DC Physical Access SGT 20 SGT 30 IP Address SGT SRC 10.1.100.98 50 Local SXP IP-SGT Binding Table SXP SGT = 50 ASI C ASI C Optionally Encrypted Inline SGT Tagging SGT=50 ASI C L2 Ethernet Frame SRC: 10.1.100.98 IP Address SGT 10.1.100.98 50SXP Non-SGT capable
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Typical TrustSec Deployments 27  Enhanced network role-based access control  Controlled access to compliance-critical assets  Context-based classification facilitating BYOD access control  Improved scale compared to IP-based ACLs  Flexible network segmentation  Segmentation to support compliance needs  Allow shared services with user segmentation  User-to-user malware propagation control  Lines of Business / Extranet access control  Zero Touch Firewall rule provisioning
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Securing Your BYOD with TrustSec 28 Segmentation using Security Group, independent from topology Offload filtering to ASA for rich and scalable policy rule automation Simplified network design, lowering operational cost WLC CAPWAP Tunnel InternetVLAN BYOD Tag POS Tag Audit Tag SGACL/FW Device ISE BYOD Device Audit DC-PCI-DB DC-PCI-Web Local PCI Server Payment System Source Destination Action IP Sec Group IP Sec Group Service Action Campus WLAN BYOD Device Any Internet HTTP Allow Any Payment System Any DC-PCI-Web, Local PCI Server HTTPS Allow Any Audit Any DC-PCI-DB TCP Allow Any Any Any Any Any Deny Single VLAN
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Campus User Segmentation 29 Voice Employee Guest Quarantine Employee Tag Supplier Tag Guest Tag Quarantine Tag Data Center Firewall Voice Building 3 Data VLAN Campus Core Data Center Main Building Data VLAN Employee Quarantine Enforcement is based on Security Group, even for communication in same VLAN Employee Supplier Guest EmployeeSRC DST Supplier Remed. Internet ✗ ✗ ✗ ✔ ✗ Quarantine ✗ ✗ ✗ ✗ ✔ ✔ ✔✗ ✔ ✗ ✔ Access Layer Employee
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Cisco TrustSec Summary 30 Efficient  Simplifies implementation of security policy  Highly scalable & Inline rate  Simplifies Data Center network design Secure  Embed security within the infra  Enforcement based on rich context  Solution simplicity enables end-to-end approach Demonstrable ROI  Reduces ACL and VLAN complexity & maintenance  Automates FW policy  Improve both performance & availability
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. IPV6 is Happening Ever So Slowly 31
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. So What’s Your Address? Status Why everyone is quiet on IPv6 ? Going forward What is it Where will it start
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Why everyone is quiet on IPv6? Enterprises find no panic condition to adopt IPv6 Migration to IPv6 is not into the priority list of decision makers End consumer lacks readiness of IPv6 Governments lagging in their deployment targets Lots of doubts and fear regarding adoption of IPv6 Conversation around IPv6 is low..
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Why everyone is quiet on IPv6? Short government initiatives, and no urgent need  Source: Current Analysis (August, 2013), ITU, Tech Target, IT Business Edge, Caribbean Network Operators Group • Even after the exhaustion of IPv4 address, service providers and enterprises are in no hurry for IPv6  Enterprises are not finding in any reason to migrate on IPv6 network, as till date IPv4 works well both inside and outside the enterprise network  With various technologies such as NAT, enterprises holds the power of sticking to IPv4 until there is a compelling reason to migrate • Availability of IPv4 transfer policies between inter and intra RIR’s (Regional Internet Registry) has further delayed the necessity for adoption of IPv6 • IPv4 to IPv6 migration is still pretty low on the priority list of network administrators – Current Analysis, August- 2013 • Outside of telco’s and technology companies, moving to IPv6 is rarely high on corporate IT agendas – Deloitte, April- 2013 • Decision makers are finding themselves resistant to change as:  Migration seems to be more of technology requirement not business requirement  Lack of skilled manpower  Not ready to share pie from shrinking IT Budgets • Realization of actual need of IPv6 with newer technologies such as IoT, SDN, Cloud, etc. is still not felt • Federal agencies are lagging far behind the supposed deadlines to upgrade their websites for IPv6 • Government agencies, facing budget constraints, have missed deadlines for migration – Deliotte, April-2013 • IPv6 deployment targets are missing because  No regulatory and economic incentives to encourage IPv6 adoption  No efforts to support and promote awareness and educational activities
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Why everyone is quiet on IPv6? Lack of readiness and doubtful state is difficult to overcome  Source: Heavy Reading (March, 2013), Network Computing, GCN, Deloitte, • Much of the consumer electronics industry lacks the readiness of IPv6. Unfortunately, most consumers are not aware of these incompatibility issues Many older equipment's such as cable modems, digital set-top boxes, home routers, smart TVs, DVD players, Blu-ray players, gaming consoles, and other devices that uses IPv4 protocol lacks IPv6 capability • Consumer electronics industry should follow the lead and show greater support for IPv6 by churning out more IPv6-ready devices • Currently, there is no rush from end consumers to migrate on IPv6 network, so no motivation for service providers for migration • The principal challenge for operators is that IPv6 does not have direct backward compatible with IPv4 – Heavy Reading, March-2013. • Fear of handling different types of network at same time, as SP/ISPs will have to maintain IPv4 operations with legacy equipment's, while adding IPv6 to the mix. • Other than legacy IPv4 supported equipment's, IPv6 providers also need to revamp their software element • Security complications in maintaining firewalls which are both IPv6 and IPv4 compatible • Increase in security threat with auto-configuration feature of IPv6
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Going Where? Projectscope Why everyone is quiet on IPv6 ? Going forward What is it Where will it start
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Going forward Implementation of IPv6 has been a marathon not a sprint race  Source: Heavy Reading (March, 2013) Current Analysis (August, 2013), IT Business edge, GCNEnd-consumers need to get upgraded or replace their huge legacy electronics equipment, which is supporting IPv4 protocol but not IPv6 Status– End consumers are least motivated for migration to IPv6 supported equipment's CDN and web hosting companies are required to increase IPv6-enabled content. Status– Number of people in the industry planning to implement IPv6 has increased, so IPv6 supported content for these users need to be ready More professional services from service providers and IPv6 skilled workforce by enterprises is desired Status– Decision makers finding themselves resistant to adopt to IPv6 because of scarce skills
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. What is it Where will it start? Projectscope Why everyone is quiet on IPv6 ? Going forward What is it Where will it start
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. What is it? Service IPv4 IPv6 Addressing Range 32-bit, NAT 128-bit, Multiple Scopes IP Provisioning DHCP SLAAC, Renumbering, DHCP Security IPSec IPSec Mobility Mobile IP Mobile IP with Direct Routing Quality-of-Service Differentiated Service, Integrated Service Differentiated Service, Integrated Service Multicast IGMP/PIM/MBGP MLD/PIM/MBGP, Scope Identifier
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. 340,282,366,920,938,463,374,607,432,768,211,456 (IPv6 Address Space - 340 Trillion Trillion Trillion) vs 4,294,967,296 (IPv4 Address Space - 4 Billion) . Antares 15th Brightest star in the sky Our Sun You said it was how many?  Let’s assume our Sun represents 4 Billion Addresses  The IPv6 Address space would approach the size Antares  In fact, a proper comparison would be to compare Antares with a Telephone Box
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. What does it look like?  16-bit hexadecimal numbers  Numbers are separated by (:)  Hex numbers are not case sensitive  Abbreviations are possible • Contiguous blocks of zeros could be represented by (::)  Example:  2001:0db8:0000:130F:0000:0000:087C:140B  2001:0db8:0:130F::87C:140B  Double colon can only appear once in the address • Leading zeros in a block can be omitted  Example:  2001:0db8:00e2:0300::087C:140B  2001:db8:e2:300::87C:140B
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. More then this will take a day…  Addresses are assigned to interfaces  Interface “expected” to have multiple addresses  Addresses have scope Link Local Unique Local Global  Source Address Selection Algorithm selects source IP with scope ≥ than scope of destination address  Addresses have lifetime (advertised via RA or DHCP) Valid and preferred lifetime Link LocalUnique LocalGlobal
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Bring Your Own…..?  This is really more about Wireless  Cooperate with IT or prepare to face failure  Device Management - MDM  Device Security – Integrated  This is why IPV6 will happen!
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. BYOD Use Cases 44 Differentiated Services, On-Boarding Securely Personal and Corporate Devices Deny Some Devices Focus on Basic Services, Guest Access Broader Device Types Internet Only Posture from Mobile Device Management Any Device, Any Ownership MDM Compliance LIMITED ADVANCEDENHANCEDBASIC/GUEST Environments with Tight Controls Only Corporate Devices IT Whitelist
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. AP AP AP AP Services & Policies Mgmt & Policy Architecture Outcomes: Scale and performance for ubiquitous wireless (20X) Local traffic switching to avoid hair-pinning Unified Policy for Wired and Wireless Architected for HA Brings new feature set to Wireless CAPWAP (Data, Ctl) Mobility, Mgmt 5508 / WiSM2 Software upgrade Improving Mobile Experience Converged Wired/Wireless
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Integrated security & MDM Integration - Scope Enrollment: (IS)-orchestrated to simplify user experience o Non registered clients redirected to MDM registration page o Non compliant clients will be given restricted access Daily Access: network+device o Update data from endpoint which can be tied into access policy De-enrollment: Ability to Initiate Device Action from ISE o Device stolen -> need to wipe data on client Cisco MCMS
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Improving Mobile Experience WLAN Rate Limiting & QoS Prioritization  In combination with QoS  Helpful to prevent Guest WLAN traffic (or other less critical traffic) from overrunning the WAN  Significant customer issue for customers due to BYOD and Mobile Device explosion! Wired Clients w/LAN traffic Wireless Clients w/LAN traffic Downstream Upstream Rate Limited Both Upstream and Downstream traffic is rate limited by the AP
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. Integration with Virtualization Clients Virtualized App Environment Application Virtualization Client Application Portability: Delivering legacy/non-native apps to broad device set Example: iPad does not support an application natively Data Loss Prevention: Securing Enterprise applications and data Example: avoid storing data locally, use of virtualization for application subset – confidential, intellectual property, financial
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. BYOD will Force IPV6  Why  Literally 100’s of Thousands of devices  Cisco as an example:  65,500 employees  1 IP Phone  1 Smart Phone  1 Tablet  1 Laptop  That’s 65,500 x 4 = 262,000 addresses
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. But wait!  Now add:  Door locks  Thermostats  Security Cameras  Servers  PAC/PLCs  I/O  And…
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. We care what you think!  On the mobile app: 1. Locate session using Schedule or Agenda Builder 2. Click on the thumbs up icon on the lower right corner of the session detail 3. Complete survey 4. Click the Submit Form button 51 Please take a couple minutes to complete a quick session survey to tell us how we’re doing. 2 3 4 1 Thank you!!
  • Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. www.rsteched.com Follow RSTechED on Facebook & Twitter. Connect with us on LinkedIn. PUBLIC INFORMATION Questions?