Archive for January, 2010

Frequently Used UPS Technologies

Published January 28, 2010 David Stahl , Routing & Switching Comment
Tags: ,

As we discussed in a previous post, an Uninterruptible Power Supply (UPS) is an electrical apparatus that provides emergency power to a load when the input power source fails. It does this by means of one or more attached batteries and associated electronic control circuitry. A UPS differs from an auxiliary or emergency power system in that it provides instantaneous (or nearly so) protection from input power interruptions. However, the on-battery runtime of most UPS systems is relatively short, with 5-15 minutes being typical for smaller units. Although this period seems relatively short, it is sufficient to allow time to bring an auxiliary power source on line or to properly shut down the protected equipment.

UPS units are divided into categories that are based on what type, and in some cases the number of different power related problems they address. The general categories of modern UPS systems are online, line-interactive, and standby.

Online
The Online UPS is ideal for environments where electrical isolation is necessary or for equipment that is very sensitive to power fluctuations. Although this technology was once previously reserved for very large installations of 10 kW or more, advances in technology have permitted it to now be available as a common consumer device, usually supplying 500 watts or less. Continue reading ‘Frequently Used UPS Technologies’

Tame the Smartphone Monster

Published January 27, 2010 Unified Communications Leave a Comment
Tags:

Cisco’s online TechWise TV channel tackles making smartphone users more productive by giving them access to powerful unified communications and collaboration tools on virtually any mobile device. Take control of the mobility revolution and support your smartphone users while maintaining security policies and reducing mobile communications expenses.

Live Cisco WebCast on TelePresence

Published January 25, 2010 Unified Communications Leave a Comment
Tags:

Cisco is holding a live, 1 hour webcast on Thursday, February 18 to discuss the “Engineering Behind TelePresence”. According to their site:

“If you are like many IT professionals, you might be under the impression that this newest collaboration solution requires that you add tons of bandwidth or overhaul your entire network.

“TechWiseTV shatters these and other myths and reveals the realities of TelePresence deployment. Gain the engineering insights and the technical know-how you need for a smooth and successful implementation. Discover the latest innovations behind the technology and why these have made widespread adoption much simpler than you might have thought.”

Register for free at Cisco’s web site.

The Importance of a UPS

Published January 25, 2010 David Stahl , Routing & Switching Comment
Tags: ,

In light of the recent tragic events in Haiti, it might be a good time to review some of the requirements for a well designed Uninterruptible Power Source (UPS) to be included in all of our critical network installations. As a CCNA, we are called upon to help maintain the continued operation of networks during any type of power outage caused by either supplier failures or what is often referred to as “Acts of God,” such as tornados, hurricanes or, in this case, a 7.0 earthquake.

After the devastating earthquake in Haiti, it became obvious that the country had lost most of its ability to provide any type of communications, either within the country or with the rest of the world. This blackout covered all of the most commonly used media, including the Internet, telephone, or radio. Although there were isolated instances of messages getting out, Haiti was essentially isolated, even though surrounded by neighboring countries and possible first responders.

Although we are usually only faced with incoming power source problems, they can, by themselves, bring down any normal network operation. Depending on where we live, we normally refer to our power sources as coming from household power, household electricity, power lines, domestic power, wall power, line power, AC power, city power, street power, and grid power. No matter what we call the “power source”, the loss of any normal supply can leave us with dead equipment. It is important to understand the most commonly used terminology when discussing UPS capability. Continue reading ‘The Importance of a UPS’

Cisco Security Devices Default IP Access Policies

Published January 25, 2010 Doug McKillip , Security Leave a Comment
Tags: ,

A significant percentage of the students I teach manage multiple Cisco security devices: IOS routers/switches, ASA or PIX firewalls, IPS sensors and, yes, even the occasional VPN concentrator. While most of the official training courses offered provide at least one chapter which discusses “best practices” in managing each of these devices, they omit the comparison of the default IP-based access policies. That comparison is the subject of this article.

The table below shows a brief summary of two sharply-contrasting default access policies: a) An open one where an access-list is used to restrict access and b) A closed one where the access-list is used to permit access. The VPN Concentrator was added to this list due to its continued presence at many end-user locations despite the product being more than 2 years End-Of-Sale.

Default IP-Based Access Policy

Open (ACL restricts access) Closed (ACL permits access)

IOS router / switch                                     ASA appliance / PIX firewall

VPN Concentrator                                                                   IPS Sensor

IOS router/switch – Most network administrators know that although the default access policy for these devices is wide open, a CLI management session with telnet or ssh cannot be done to the device until a line password is configured. Following this implementation, it is highly recommended that an access-class into the vty lines referencing a standard access-list be added to restrict access. Additionally, a transport input ssh vty line configuration command can be added to restrict access exclusively by this protocol.

Continue reading ‘Cisco Security Devices Default IP Access Policies’

Quality of Service Part 8: Congestion Management

Published January 22, 2010 Paul Stryer , Unified Communications Comment
Tags:

In part 8 of this series we are going to unravel the mysteries of congestion management and its four main queuing methods.

Congestion is the result of many factors and can occur in many places on the network. A few of the reasons for congestion are traffic aggregation points, network transit points, speed mismatches, oversubscription, and insufficient packet buffers. Aggressive traffic can fill interface queues and starve more time sensitive flows such as voice and video. Increasing bandwidth is not an adequate fix to solve these issues. By using queuing algorithms to sort traffic and determine a method of prioritizing traffic, the routers can solve specific network traffic issues which in turn can increase network performance.

There are two hardware components; hardware and software. Hardware queuing always uses FIFO queueing, and software queueing is used if the hardware queue is full. A full hardware queue indicates interface congestion and a software queue is used to manage that congestion.

To control congestion, the device using the congestion management tools must determine the buffer queues the packets are to be queued in and what order in which packets are sent out an interface based on the priority assigned to those packets. Congestion management tools must perform these tasks to function as suggested.

  • Create Queues
  • Assign packets to queues based on the packet classification
  • Schedule the packets for transmission

There are four types of queuing mechanisms in the congestion management feature set. Each mechanism is fully customizable to specify different number of queues and the order in which the traffic is serviced. Only one queueing mechanism type is allowed to be configured on each interface.

Continue reading ‘Quality of Service Part 8: Congestion Management’

Quality of Service Part 7: Service Policy

Published January 20, 2010 Paul Stryer , Unified Communications Comments
Tags:

In part six of this blog series we discussed that Marking was considered to be what will be done with the traffic after it has been classified. Now, we will talk about service policy which are considered as the part of QoS where the policy is implemented.

Service Policy
Once you have defined the class-maps, and policy-maps, the policy is attached to the inbound or outbound packets using the service-policy command. It is possible to assign a single policy map to multiple interfaces or assign multiple policy maps to a single interface. There is a maximum of one service-policy command in each direction, inbound and outbound.

Example 1

Class-map ef
      Match access-group 10
!
Class-map af11
      Match access-group 20
!
Class-map af21
      Match access-group 30
!
Policy-map mark_traffic
      Class ef
      Set ip dscp ef
!
      Class af11
      Set ip dscp af11
!
      Class af21
      Set ip dscp af21
!
Interface serial0/0<
      Service-policy input mark_traffic
!
Access-list 10 permit 192.168.100.0 0.0.0.255
Access-list 20 permit 192.168.101.0 0.0.0.255
Access-list 30 permit 192.168.103.0 0.0.0.255

In the next part of this series on QoS we will look at congestion avoidance.

Author: Paul Stryer

References

IOS 15.0 Security Enhancements and Improvements, Part 3

Published January 18, 2010 Doug McKillip , Security Leave a Comment
Tags: ,

This post is the third of a series of articles on the new security features of IOS 15.0 code. The topic of our discussion here is Flexible Packet Matching (FPM). Some specific enhancements of this feature which debuted in the IOS release 12.4(4)T Advanced Security image will be discussed in this article, namely the use of encrypted Traffic Classification Definition Files (eTCDFs) and Packaging Support.

Let’s explore the fundamental operation of FPM before delving into the enhancements.  First of all, FPM requires the use of Packet Header Definition Files (PHDFs). These are XML-formatted files which contain the fields appropriate to the protocol; each field consists of a field id, description, offset, and length in bits.

In the initial implementation of this feature, the router administrator would first specify a load protocol statement in the running configuration, next define the class-map, policy-map, and service policy statements to describe which field(s) must be present, and finally to define the exact pattern to match at a predefined offset into the packet.

IOS release 12.4(6)T introduced the concept of TCDFs (Traffic Classification Definition Files).  With this addition, the modular policy commands (class-map and policy-map) can now be defined in the XML schema. To properly implement this added feature, an additional load classification statement is needed. Since the two modular policy commands just defined are now in the XML file, the administrator merely has to specify the interface to which the service-policy will be applied.

With the use of a TCDF, the capability exists for public distribution of mitigation of known attacks; however, the use of standard XML presents a security risk with the up-date process. To solve this problem, Cisco added encryption support – the use of eTCDF files. With the advent of this feature, for IOS15.0 Cisco also has announced Packaging Support for FPM, a capability which allows for the periodic updating of all IOS Routers from a centralized server containing the eTCDF files. All the administrator needs to do is specify the IP address of the server, the package name, the path, the periodic time interval in which to check for updates, the auto-load option, and whether or not to log any FPM update events.

Author: Doug McKillip

References

UCM IP Phone Services, Part 2

Published January 18, 2010 Joe Parlas , Unified Communications Leave a Comment
Tags: ,

One of the most interesting concepts Cisco came up with is to provide the ability to advertise services to all Cluster IP Phone users without requiring them to subscribe to that service. So, if you company has an “all employee” web service, you can quickly setup the service, and then magically have it automatically show up when the employees search for services by selecting the service button on their respective IP Phones.

But, in order to do this, you must select a box at the beginning of the web service creation to enable it for “Enterprise Subscriptions’. We are going to step through how to configure extension mobility service for all IP Phones in the cluster.
Continue reading ‘UCM IP Phone Services, Part 2′

Routing Protocol Families

Published January 18, 2010 David Stahl , Routing & Switching Leave a Comment
Tags:

In packet switching networks, routing directs packet forwarding, the transit of logically addressed packets from their source toward their ultimate destination through intermediate nodes. These nodes are typically hardware devices called routers, bridges, gateways, firewalls, or switches. General-purpose computers with multiple network cards can also forward packets and perform routing, though they are not specialized hardware and may suffer from limited performance.

The routing process usually directs forwarding on the basis of routing tables that maintain a record of the routes to various network destinations. Thus, constructing routing tables, which are held in the routers’ memory, is very important for efficient routing. Most routing algorithms use only one network path at a time, but multipath routing techniques enable the use of multiple alternative paths.

The decision of which routing protocol to configure and use must consider many different factors. One of those factors is which branch or family of routing protocols to implement. There are three main branches or families of routing protocol algorithms; Distance Vector, Link-State, and Balanced Hybrid. Each family has distinct functions and features that can provide a desired functionality. Each family also presents certain deficiencies that may preclude its use in modern networks.

Continue reading ‘Routing Protocol Families’

Next Page »

Subscribe in a Reader

Subscribe by Email

Follow us on Twitter

CCNP Prep Kit

Posts by Author & Technology

Archives