The document discusses the internal architecture of Cisco IOS-XE software and hardware platforms like ASR1000 and ISR4000 routers. It describes the key components like the Route Processor (RP), Embedded Services Processor (ESP), Quantum Flow Processor (QFP), and how they work together. Diagnostic tools for troubleshooting traffic forwarding like conditional debugging, packet tracer and embedded packet capture are also covered.
Cisco® Application Centric Infrastructure (ACI) is an innovative architecture that radically simplifies, optimizes, and accelerates the entire application deployment lifecycle. Cloud, mobility, and big data applications are causing a shift in the data center model. Cisco ACI redefines the power of IT, enabling IT to be more responsive to changing business and application needs, enhancing agility, and adding business value. Cisco ACI delivers a transformational operating model for next-generation data center and cloud applications. This Cisco ACI hands lab will step you through from the ACI Fabric concepts to deployment. • Cisco ACI Overview • ACI Fabric Discovery • ACI Building Basic Network Constructs • ACI Building Policy Filters and Contracts • : Deploying a 3-Tier Application Network Profile • ACI Integrating with VMware • Deploying a Service Graph with Application Network Profile • Exploring Monitoring and Troubleshooting
Segment Routing Advanced Use Cases - Cisco Live 2016 USAJose Liste
The document discusses segment routing and its use for inter-domain connectivity at scale. Segment routing allows source routing by encoding a path as an ordered list of segments in packet headers. It can be used to interconnect massive-scale datacenters and networks with hundreds of thousands of nodes. Segment routing scales through the use of globally unique prefix segments, redistribution of routing information only from the core to edges, and segment routing path computation elements. The path computation elements use segment routing native algorithms to optimize paths while maintaining equal-cost multipath routing.
Application Centric Infrastructure (ACI), the policy driven data centreCisco Canada
Mike Herbet, Principal Engineer, Cisco, Dave Cole, Consulting Systems Engineer, Cisco, Sean Comrie, Technical Solutions Architect, Cisco focused on the application centric infrastructure (ACI) at Cisco Connect Toronto.
- Clustering allows up to 16 firewall devices to operate as a single logical device for high availability and scalability. One unit is elected as the master to handle management and centralized functions while other units act as slaves.
- Packets are distributed across units with one unit assigned as the flow owner to ensure symmetric inspection. A flow director uses a hash to determine which unit owns a new connection. Flow forwarders help redirect packets to the owner.
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
This presentation discusses Segment Routing over IPv6 (SRv6) and the Network Programming Model. It provides an overview of what SRv6 is, how it works, and how the Network Programming Model can be used for applications like VPNs, SD-WANs, and service function chaining. The presentation also covers SRv6 standardization efforts, open source implementations, and areas of ongoing research.
This document provides instructions for setting up and attending an eBPF workshop. It includes links for setting up the workshop platform, background slides, and code repository. It also lists an agenda with topics that will be covered, including setting up the eBPF lab, an introduction, eBPF 101, writing eBPF programs, BCC, and a tutorial. Attendees are asked to let the presenter know if they have any problems setting up.
Cisco® Application Centric Infrastructure (ACI) is an innovative architecture that radically simplifies, optimizes, and accelerates the entire application deployment lifecycle. Cloud, mobility, and big data applications are causing a shift in the data center model. Cisco ACI redefines the power of IT, enabling IT to be more responsive to changing business and application needs, enhancing agility, and adding business value. Cisco ACI delivers a transformational operating model for next-generation data center and cloud applications. This Cisco ACI hands lab will step you through from the ACI Fabric concepts to deployment. • Cisco ACI Overview • ACI Fabric Discovery • ACI Building Basic Network Constructs • ACI Building Policy Filters and Contracts • : Deploying a 3-Tier Application Network Profile • ACI Integrating with VMware • Deploying a Service Graph with Application Network Profile • Exploring Monitoring and Troubleshooting
Segment Routing Advanced Use Cases - Cisco Live 2016 USAJose Liste
The document discusses segment routing and its use for inter-domain connectivity at scale. Segment routing allows source routing by encoding a path as an ordered list of segments in packet headers. It can be used to interconnect massive-scale datacenters and networks with hundreds of thousands of nodes. Segment routing scales through the use of globally unique prefix segments, redistribution of routing information only from the core to edges, and segment routing path computation elements. The path computation elements use segment routing native algorithms to optimize paths while maintaining equal-cost multipath routing.
Application Centric Infrastructure (ACI), the policy driven data centreCisco Canada
Mike Herbet, Principal Engineer, Cisco, Dave Cole, Consulting Systems Engineer, Cisco, Sean Comrie, Technical Solutions Architect, Cisco focused on the application centric infrastructure (ACI) at Cisco Connect Toronto.
- Clustering allows up to 16 firewall devices to operate as a single logical device for high availability and scalability. One unit is elected as the master to handle management and centralized functions while other units act as slaves.
- Packets are distributed across units with one unit assigned as the flow owner to ensure symmetric inspection. A flow director uses a hash to determine which unit owns a new connection. Flow forwarders help redirect packets to the owner.
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
This presentation discusses Segment Routing over IPv6 (SRv6) and the Network Programming Model. It provides an overview of what SRv6 is, how it works, and how the Network Programming Model can be used for applications like VPNs, SD-WANs, and service function chaining. The presentation also covers SRv6 standardization efforts, open source implementations, and areas of ongoing research.
This document provides instructions for setting up and attending an eBPF workshop. It includes links for setting up the workshop platform, background slides, and code repository. It also lists an agenda with topics that will be covered, including setting up the eBPF lab, an introduction, eBPF 101, writing eBPF programs, BCC, and a tutorial. Attendees are asked to let the presenter know if they have any problems setting up.
Next Generation Nexus 9000 ArchitectureCisco Canada
In the upcoming year, 2016, the industry will see a significant capacity, capability and cost point shift in Data Center switching. The introduction of 25/100G supplementing the previous standard of 10/40G at the same cost points and power efficiency which represents a 250% increase in capacity for roughly the same capital costs is just one example of the scope of the change. These changes are occurring due to the introduction of new generations of ASICs leveraging improvements in semiconductor fabrication combined with innovative developments in network algorithms, SerDes capabilities and ASIC design approaches. This session will take a deep dive look at the technology changes enabling this shift and the architecture of the next generation nexus 9000 Data Center switches enabled due to these changes. Topics will include a discussion of the introduction of 25/50/100G to compliment existing 10/40G, why next generation fabrication techniques enable much larger forwarding scale, more intelligent buffering and queuing algorithms and embedded telemetry enabling big data analytics based on network traffic
The document describes the 5G standalone access registration call flow between a 5G UE, 5G NR base station (gNB), and 5G core network (5GC) components. It includes:
1. An overview of the 5G RAN and 5GC access flow showing the main procedures and components involved.
2. A more detailed access call flow showing the signaling exchanges between the UE, gNB and 5GC components at each step of the registration process.
3. Appendix sections providing reference information on the radio resource control (RRC) connection setup process and signaling messages exchanged.
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017Bruno Teixeira
This session provides an overview of the segment routing technology and its use cases. This new routing paradigm provides high operational simplicity and maximum network scalability and flexibility. You will get an understanding of the basic concepts behind the technology and its wide applicability ranging from simple transport for MPLS services, disjoint routing, traffic engineering and its benefits in the context of software defined networking. Previous knowledge of IP routing and MPLS is required.
In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
This document discusses the benefits of SD-WAN and how it addresses challenges businesses face with their networks. Some key points:
- SD-WAN allows businesses to use cheaper internet connections instead of expensive private circuits, reducing costs while maintaining security and performance. It provides dynamic routing of traffic over multiple links for high availability.
- SD-WAN simplifies management through centralized, cloud-based control. It improves application performance by selecting optimal paths and dynamically moving traffic if there are issues.
- SD-WAN enhances security with features like firewalls, intrusion detection, and encryption. Management has visibility into network and application usage for planning.
- Case studies show how SD-WAN helped
The document provides an overview and agenda for a technical deep dive into Cisco SD-WAN. It discusses extending Cisco SD-WAN to Cisco routers, using Cloud onRamp to improve access to SaaS and IaaS applications, and providing layered security between sites and to the cloud. It also covers operations and troubleshooting capabilities in Cisco SD-WAN such as infrastructure monitoring, application visibility, performance statistics, and troubleshooting tools.
Traffic Engineering Using Segment Routing Cisco Canada
1) The document discusses using segment routing for traffic engineering. It provides an overview of segment routing technology, use cases, control and data plane operations, and how segment routing can be used for traffic engineering.
2) Key aspects covered include how segment routing works by encoding a path as an ordered list of segments, different types of segments (IGP prefixes, adjacencies, BGP), and how this allows for application-engineered end-to-end paths.
3) Traffic engineering with segment routing provides explicit routing, supports constraint-based routing without needing RSVP-TE, and uses existing IGP extensions to advertise link attributes.
This document discusses overlay networking using VXLAN. It provides definitions of key concepts like logical overlay networks, physical underlay networks, and tunnel end points (VTEPs). It describes how VXLAN works by encapsulating Ethernet frames with IP/UDP and a VXLAN header that includes a VNI to identify different virtual networks. It covers VXLAN terminology, frame formats, control plane options, and how broadcast, unknown, and multicast traffic is forwarded between VTEPs using either IP multicast or head-end replication.
Cisco ACI: A New Approach to Software Defined NetworkingDebra Jennings
Cisco ACI: A New Approach to Software Defined Networking, presented by Michael Edwards from GTRI. Learn more about Cisco's Application Centric Infrastructure (ACI). As a policy-based automation solution, Cisco ACI is a different approach to Software Defined Networking (SDN). This presentation uncovers what makes it simple, agile and application centric, and how it can reduce errors and accelerate application deployment from weeks to minutes.
Segment Routing Technology Deep Dive and Advanced Use CasesCisco Canada
The document provides an overview of Segment Routing technologies including SRv6. It begins with a recap of Segment Routing concepts and how it simplifies network operations. It then covers SRv6 which extends Segment Routing to IPv6 networks to take advantage of growing IPv6 adoption. The document discusses how SRv6 can further simplify networks and support new services and traffic patterns from 5G, IoT, and container-based microservices.
NFV +SDN
(Network Function Virtualization + Software Defined Networking)
- What, Why and When NFV and SDN?
- Basic concepts and definition of NFV, SDN.
- Benefits of NFV.
- NFV Architecture
This document provides an overview of 3GPP specifications and network functions related to 2G, 3G, 4G, and 5G mobile networks. It includes abbreviations for network nodes, interfaces, and protocols across the different generations of cellular standards. Release numbers are shown for 5G network functions introduced in 3GPP specifications.
The advent of Network Function Virtualization (NFV) is dramatically changing the way in which telecommunication networks are designed and operated. Traditional specialized physical appliances are replaced with software modules, called Virtual Network functions(VNFs), running on a virtualization infrastructure made up of general purpose servers. Examples of VNFs categories are NATs (Network Address Translation), firewalls, DPIs (Deep Packet Inspection), IDSs (Intrusion Detection System), load balancers, HTTP proxies. Service Function Chaining (SFC) denotes the process of forwarding packets through the sequence of VNFs. IPv6 Segment Routing (SRv6) is a source routing paradigm that allows to steer packets through an ordered list of VNFs in a simple and scalable manner. In this slides, we present the architecture of SFC using SRv6 for both cases of SRv6-aware and SRv6-unaware VNFs. We provide an open source implementation and easy replicable testbed for the presented work.
Advanced Topics and Future Directions in MPLS Cisco Canada
This session presents the most recent extensions to the MPLS architecture. The material has a special focus on standardization and forward – looking directions for the evolution of the technology.
The document discusses Firepower NGFW deployment scenarios at the internet edge. It begins with an introduction to the speaker and overview of the Firepower software and platforms, including the Firepower 2100, 4100, and 9300 appliance families. It then covers deployment options like the Firepower Threat Defense virtual machine and ASA with Firepower Services, comparing their features. The remainder discusses specific Firepower capabilities for network security like application control, URL filtering, intrusion prevention, and file reputation.
Next Generation Nexus 9000 ArchitectureCisco Canada
In the upcoming year, 2016, the industry will see a significant capacity, capability and cost point shift in Data Center switching. The introduction of 25/100G supplementing the previous standard of 10/40G at the same cost points and power efficiency which represents a 250% increase in capacity for roughly the same capital costs is just one example of the scope of the change. These changes are occurring due to the introduction of new generations of ASICs leveraging improvements in semiconductor fabrication combined with innovative developments in network algorithms, SerDes capabilities and ASIC design approaches. This session will take a deep dive look at the technology changes enabling this shift and the architecture of the next generation nexus 9000 Data Center switches enabled due to these changes. Topics will include a discussion of the introduction of 25/50/100G to compliment existing 10/40G, why next generation fabrication techniques enable much larger forwarding scale, more intelligent buffering and queuing algorithms and embedded telemetry enabling big data analytics based on network traffic
The document describes the 5G standalone access registration call flow between a 5G UE, 5G NR base station (gNB), and 5G core network (5GC) components. It includes:
1. An overview of the 5G RAN and 5GC access flow showing the main procedures and components involved.
2. A more detailed access call flow showing the signaling exchanges between the UE, gNB and 5GC components at each step of the registration process.
3. Appendix sections providing reference information on the radio resource control (RRC) connection setup process and signaling messages exchanged.
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017Bruno Teixeira
This session provides an overview of the segment routing technology and its use cases. This new routing paradigm provides high operational simplicity and maximum network scalability and flexibility. You will get an understanding of the basic concepts behind the technology and its wide applicability ranging from simple transport for MPLS services, disjoint routing, traffic engineering and its benefits in the context of software defined networking. Previous knowledge of IP routing and MPLS is required.
In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
This document discusses the benefits of SD-WAN and how it addresses challenges businesses face with their networks. Some key points:
- SD-WAN allows businesses to use cheaper internet connections instead of expensive private circuits, reducing costs while maintaining security and performance. It provides dynamic routing of traffic over multiple links for high availability.
- SD-WAN simplifies management through centralized, cloud-based control. It improves application performance by selecting optimal paths and dynamically moving traffic if there are issues.
- SD-WAN enhances security with features like firewalls, intrusion detection, and encryption. Management has visibility into network and application usage for planning.
- Case studies show how SD-WAN helped
The document provides an overview and agenda for a technical deep dive into Cisco SD-WAN. It discusses extending Cisco SD-WAN to Cisco routers, using Cloud onRamp to improve access to SaaS and IaaS applications, and providing layered security between sites and to the cloud. It also covers operations and troubleshooting capabilities in Cisco SD-WAN such as infrastructure monitoring, application visibility, performance statistics, and troubleshooting tools.
Traffic Engineering Using Segment Routing Cisco Canada
1) The document discusses using segment routing for traffic engineering. It provides an overview of segment routing technology, use cases, control and data plane operations, and how segment routing can be used for traffic engineering.
2) Key aspects covered include how segment routing works by encoding a path as an ordered list of segments, different types of segments (IGP prefixes, adjacencies, BGP), and how this allows for application-engineered end-to-end paths.
3) Traffic engineering with segment routing provides explicit routing, supports constraint-based routing without needing RSVP-TE, and uses existing IGP extensions to advertise link attributes.
This document discusses overlay networking using VXLAN. It provides definitions of key concepts like logical overlay networks, physical underlay networks, and tunnel end points (VTEPs). It describes how VXLAN works by encapsulating Ethernet frames with IP/UDP and a VXLAN header that includes a VNI to identify different virtual networks. It covers VXLAN terminology, frame formats, control plane options, and how broadcast, unknown, and multicast traffic is forwarded between VTEPs using either IP multicast or head-end replication.
Cisco ACI: A New Approach to Software Defined NetworkingDebra Jennings
Cisco ACI: A New Approach to Software Defined Networking, presented by Michael Edwards from GTRI. Learn more about Cisco's Application Centric Infrastructure (ACI). As a policy-based automation solution, Cisco ACI is a different approach to Software Defined Networking (SDN). This presentation uncovers what makes it simple, agile and application centric, and how it can reduce errors and accelerate application deployment from weeks to minutes.
Segment Routing Technology Deep Dive and Advanced Use CasesCisco Canada
The document provides an overview of Segment Routing technologies including SRv6. It begins with a recap of Segment Routing concepts and how it simplifies network operations. It then covers SRv6 which extends Segment Routing to IPv6 networks to take advantage of growing IPv6 adoption. The document discusses how SRv6 can further simplify networks and support new services and traffic patterns from 5G, IoT, and container-based microservices.
NFV +SDN
(Network Function Virtualization + Software Defined Networking)
- What, Why and When NFV and SDN?
- Basic concepts and definition of NFV, SDN.
- Benefits of NFV.
- NFV Architecture
This document provides an overview of 3GPP specifications and network functions related to 2G, 3G, 4G, and 5G mobile networks. It includes abbreviations for network nodes, interfaces, and protocols across the different generations of cellular standards. Release numbers are shown for 5G network functions introduced in 3GPP specifications.
The advent of Network Function Virtualization (NFV) is dramatically changing the way in which telecommunication networks are designed and operated. Traditional specialized physical appliances are replaced with software modules, called Virtual Network functions(VNFs), running on a virtualization infrastructure made up of general purpose servers. Examples of VNFs categories are NATs (Network Address Translation), firewalls, DPIs (Deep Packet Inspection), IDSs (Intrusion Detection System), load balancers, HTTP proxies. Service Function Chaining (SFC) denotes the process of forwarding packets through the sequence of VNFs. IPv6 Segment Routing (SRv6) is a source routing paradigm that allows to steer packets through an ordered list of VNFs in a simple and scalable manner. In this slides, we present the architecture of SFC using SRv6 for both cases of SRv6-aware and SRv6-unaware VNFs. We provide an open source implementation and easy replicable testbed for the presented work.
Advanced Topics and Future Directions in MPLS Cisco Canada
This session presents the most recent extensions to the MPLS architecture. The material has a special focus on standardization and forward – looking directions for the evolution of the technology.
The document discusses Firepower NGFW deployment scenarios at the internet edge. It begins with an introduction to the speaker and overview of the Firepower software and platforms, including the Firepower 2100, 4100, and 9300 appliance families. It then covers deployment options like the Firepower Threat Defense virtual machine and ASA with Firepower Services, comparing their features. The remainder discusses specific Firepower capabilities for network security like application control, URL filtering, intrusion prevention, and file reputation.
Mesh - What happens if you connect everything?Phil Dearson
An inspiration session for Google Squared (2015). Examining how trends in wearables, nearables, the quantified self and the internet of things eventually create a Mesh environment with unique characteristics. This is a PDF version so contact author for version with embedded videos.
The document discusses the Internet of Everything (IoE) and connectivity challenges. By 2020, it is estimated that over 25 billion devices will be connected. The IoE brings challenges around discovering devices, identifying services, adapting to changes, managing diverse networks, enabling interoperability across operating systems, and securing connections. The AllJoyn framework and Wi-Fi connectivity help address these challenges by allowing smart devices to connect, interoperate and work together across brands and categories. The Qualcomm XSPAN Wi-Fi portfolio, including the QCA4004 system on chip, aims to enable ubiquitous connectivity for the IoE. Development tools are provided to help build applications for hostless "smart things."
Обзор возможностей продукта Cisco TelePresence ServerCisco Russia
Обзор возможностей продукта Cisco TelePresence Server. Интеграция с CUCM и VCS. Использование TelePresence Conductor.
Запись вебинара: https://www.youtube.com/watch?v=ZOUhY2MVzIk
Пять шагов для защиты ЦОД. Почему традиционная защита может оказаться неэффек...Cisco Russia
Перед администраторами центров обработки данных (ЦОД) стоит очень непростая задача. Они должны защитить ЦОД без ущерба для производительности и функциональности систем. Многие рассчитывают защитить ЦОД с помощью решений для интернет-периметра, однако этих решений недостаточно.
ЦОД предъявляет уникальные требования к выделению ресурсов, производительности, виртуализации, приложениям и трафику. Устройства обеспечения безопасности интернет-периметра просто
не предназначены для удовлетворения таких требований.
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
The document provides an overview of an introductory session on IOS XR for enterprises and service providers. It outlines the agenda which includes discussing IOS XR architecture, modularity, scalability, stability, security, software packages, the command line interface, configuration management, monitoring tools, example configurations, and the route policy language. It also provides some logistical information about the session.
PLNOG14: Architektura oraz rozwiązywanie problemów na routerach IOS-XE - Piot...PROIDEA
Piotr Kupisiewicz - Cisco Systems
Language: Polish
Architektura IOS-XE jest implementowana w każdym nowoczesnym routerze Cisco. Mowa tutaj o routerze ASR1000, jak również o seriach 43xx oraz 44xx.
Skoro IOS oraz IOS-XE "wyglądają" tak samo, jaka jest różnica między nimi ?
W jaki sposób efektywnie rozwiązywać problemy z przepływem ruchu poprzez router oparty o IOS-XE ?
Sesja omawiająca architekturę oraz podejście do rozwiązywania problemów (z prawdziwym "live demo"). Aspekty te mogą okazać się bardzo pomocne dla inżynierów sieciowych, jak również dla architektów sieciowych.
Zarejestruj się na kolejną edycję PLNOG: krakow.plnog.pl
Cisco Discovery Protocol (CDP) is a proprietary protocol that allows Cisco devices to discover directly connected neighbors. CDP discovers neighboring devices regardless of network protocol and provides information including device identifiers, addresses, capabilities and platform. Network administrators can use CDP to identify neighboring devices and generate a network map to aid in troubleshooting.
PLNOG 13: P. Kupisiewicz, O. Pelerin: Make IOS-XE Troubleshooting Easy – Pack...PROIDEA
Piotr Kupisiewicz – Technical Expert in Krakow’s TAC VPN team. In IT for more than 10 years, out of which 5 years is mostly software engineering experience. Last 5 years spent mostly in networking area interested mostly in Network Security. His hobby are drums and very heavy music. CCIE Security 39762.
Olivier Pelerin – as a key member of the escalation team at Cisco’s Technical Assistance Center, he handles world-wide escalations on VPN technologies pertaining to IPSEC, DMVPN, EzVPN, GetVPN, FlexVPN, PKI. Olivier has spent years troubleshooting and diagnosing issues on some of largest, and most complex VPN deployments Olivier have a CCIE in security #20306
Topic of Presentation: Make IOS-XE Troubleshooting Easy – Packet-Tracer
Language: English
Abstract: “IOS-XE is operating system running on Service Provider devices like ASR series and ISR-4451. Aim of this session is to show how very complicated Service Provider’s configurations can be easily troubleshoted using packet-tracer tool.”
Network Function Virtualization (NFV) using IOS-XRCisco Canada
Network Function Visualization (NFV) is being heavily adapted in Service Providers, Enterprise Network, and data center market segments. IOS-XRv 9000 and IOS XRv offer NFV functionality leveraging Cisco IOS-XR's already proven and time-tested deployment of this network OS in the field. The session will go over the fundamentals of NFV, introduces virtual flavors of IOS-XR and their use cases as virtual Route Reflector (vRR) and virtual Provider Edge (vPE), as well as demonstrate how these use-cases bring improvement and efficiency to the network implementation. In this session the attendees will be offered a hands-on experience of deploying IOS-XRv 9000 in a virtual environment, explore its basics, and configure it as a virtual device.
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
The document discusses using BGP FlowSpec to provide network security for an internet service provider. It begins with an introduction to BGP FlowSpec, describing its components and how rules are distributed using BGP. It then covers using BGP FlowSpec for different DDoS mitigation scenarios, including stateless amplification attacks, stateless L3/L4 attacks, and stateful attacks targeting application resources. Configuration and other use cases are also briefly mentioned.
The document discusses the Serial Peripheral Interface (SPI) driver framework in Linux. It describes the SPI protocol and components of the SPI framework, including the SPI master driver, SPI device driver, and SPI client drivers. It explains how the SPI core layer implements SPI bus transactions and how SPI client drivers interface with SPI devices to perform operations like reading and writing.
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...Cisco Canada
This document provides an overview of Segment Routing (SR) and SRv6. It begins with a recap of SR basics like segment types and how segments are encoded in MPLS labels or IPv6 headers. It then covers SRv6 which uses an IPv6 routing header to encode segments for source routing. The document explains how SRv6 simplifies networking by eliminating the need for overlay protocols and protocols like RSVP. It details the SRv6 header format and how packets are processed hop-by-hop through the segment list.
The document discusses several key differences between IPv4 and IPv6 that relate to security implications:
- IPv6 uses a vastly larger address space (340 trillion trillion trillion addresses vs 4 billion IPv4 addresses), making address scanning much more difficult. However, the large address space was not designed to prevent scanning.
- Techniques like neighbor discovery allow nodes to automatically configure themselves on the network, but this introduces vulnerabilities like denial of service attacks if not secured properly. Cisco technologies like RA Guard help mitigate these risks.
- While IPsec was originally mandated for IPv6, using it for all traffic can introduce scalability issues and impair network services and visibility. It is best reserved for specific high-value targets as with
This document summarizes Cisco's UCS and usNIC technologies for high performance computing. It discusses how UCS provides record-setting servers with large memory capacities, low latency Ethernet networking, and centralized management. It then describes how usNIC allows direct userspace access to network interface cards for ultra-low latency by bypassing the operating system. Benchmarks show usNIC achieving sub-microsecond application to application latency.
This document discusses the Serial Peripheral Interface (SPI) driver framework in Linux. It describes the SPI protocol and components of the SPI framework, including the SPI master driver, SPI device driver, and SPI client drivers. It explains how the SPI client driver registers with the SPI core and uses APIs to access SPI devices via the SPI message passing method.
Krzysztof Mazepa - IOS XR - IP Fast ConvergencePROIDEA
This document discusses mechanisms for fast convergence on Cisco IOS-XR platforms like the CRS-1 and 12000 XR routers that allow service providers to achieve sub-second convergence, including IGP fast convergence, IP over DWDM proactive protection, BGP local convergence upon PE-CE link failure, and BGP prefix independent convergence. It provides examples of where these mechanisms should be deployed and evaluates their performance through case studies and test results.
This document provides an overview and agenda for a session on advanced topics in IP multicast deployment. It discusses tools and techniques for deploying IP multicast, including examples of PIM mode configurations, rendezvous point deployment models, interconnecting PIM domains, label switched multicast, high availability techniques, and multicast in wireless environments. The target audience is network engineers in enterprise and service provider networks.
BGP started in 1989 to connect autonomous systems in a stable, efficient manner. This document outlines advancements in BGP infrastructure, VPN enhancements, and high availability features. Infrastructure enhancements improve areas like keepalive processing and update generation. VPN enhancements support technologies like iBGP between PE and CE routers, multicast VPNs, and EVPN. High availability features include graceful shutdown, fast convergence using PIC, and non-stop routing.
This document discusses routing protocols and concepts. It covers IOS, IOS XE, and IOS XR platforms commonly used in networks. ISRs running IOS or IOS XE are typically used at the customer premises edge and border, while ASRs running IOS XR are used in the core and aggregation layers. The training focuses on IOS and IOS XE platforms. OSPF and BGP routing protocols are explained, including router IDs, metrics, link state databases, and attributes. DHCP and NAT services are also covered.
Configuring Ip Sec Between A Router And A Pixangelitoh11
IPSec is being configured between a router and a PIX firewall to encrypt traffic between the internal networks while allowing public internet access without encryption. Access lists and NAT are used to exempt the internal traffic from NAT and encrypt it, while applying NAT to other traffic. Debug commands show the IKE and IPSec security associations being successfully negotiated.
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof MazepaPROIDEA
IOS XR is Cisco's modular, distributed network operating system. In 2004, Cisco introduced IOS XR and the CRS-1 router, the first router to run IOS XR. IOS XR offers innovations such as a distributed architecture, high scalability, and always-on operations. In subsequent years, Cisco continued expanding IOS XR's capabilities with features like 64-bit support and virtualization.
High Performance Security and Virtualization for Oracle Database and Cloud-En...Ramesh Nagappan
This document discusses security strategies for Oracle's SPARC SuperCluster systems. It describes security capabilities at each layer of the SuperCluster, including secure isolation, access control, data protection, and monitoring capabilities for the compute, storage, network and database layers. Example deployment architectures are provided showing how these security capabilities can be leveraged in database consolidation and multi-tier application scenarios. Performance results demonstrate the benefits of hardware-accelerated cryptography on SPARC T5 systems.
Embitude's Linux SPI Drivers Training Slides. Contains the details of AM335X specific low level programming, SPI components such as SPI Master Driver, SPI Client Driver, Device Tree for SPI
Similar to Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k и ISR4400 (20)
Обзор Сервисных Услуг Cisco в России и странах СНГ.Cisco Russia
Обзор Сервисных Услуг в России и странах СНГ.
Сервисные Услуги в России и странах СНГ делятсяна Базовую и Расширенную техническую поддержку.
БАЗОВАЯ ТЕХНИЧЕСКАЯ ПОДДЕРЖКА 1. Центр Технической Поддержки (ТАС) Центр технической поддержки Cisco TAC предоставляет Заказчикам быстрый доступ к технологическим экспертам с опытом диагностики и решения самых сложных проблем.
Cisco TAC обладает развитой системой управления запросами, которая позволяет оперативно направить проблему в соответствующую технологическую команду или перевести на следующий уровень поддержки, если проблема не решена в заданный период.
Cisco TAC предоставляет круглосуточную поддержку по всему миру.
Клиентские контракты на техническую поддержку Cisco Smart Net Total CareCisco Russia
Клиентские контракты на услуги технической поддержки Cisco Smart Net Total Care
Cisco Smart Net Total Care (SNTC) — это контракт на услуги технической поддержки Cisco.
Cервис сочетает в себе ведущие в отрасли и получившие множество наград технические сервисы с дополнительно встроенными инструментами бизнес-аналитики, которые получает Заказчик через встроенные интеллектуальные возможности на портале Smart Net Total Care.
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Профессиональные услуги Cisco для Software-Defined AccessCisco Russia
Как реализовать SDA, создать стратегию, которая будет сопоставлена с бизнес задачами, оценить готовность к трансформации, успешно и максимально надежно реализовать намеченные планы.
Обнаружение известного вредоносного кода в зашифрованном с помощью TLS трафик...Cisco Russia
О работе группы исследователей компании Cisco, в которой доказана применимость традиционных методов статистического и поведенческого анализа для обнаружения и атрибуции известного вредоносного ПО, использующего TLS в качестве метода шифрования каналов взаимодействия, без дешифровки или компрометации TLS-сессии. Также рассказано о решении Cisco Encrypted Traffic Analytics, реализующем принципы, заложенные в данном исследовании, его архитектуре и преимуществах.
Промышленный Интернет вещей: опыт и результаты применения в нефтегазовой отраслиCisco Russia
Как компания Cisco способствует цифровой трансформации предприятий нефтегазовой отрасли. Описание внедренных проектов, полученных результатов, обзор примененных архитектур.