Cisco Nexus 9000 Intelligent Buffers in a VXLAN/EVPN Fabric

As customers migrate to network fabrics based on Virtual Extensible Local Area Network/Ethernet Virtual Private Network (VXLAN/EVPN) technology, questions about the implications for application performance, Quality of Service (QoS) mechanisms, and congestion avoidance often arise. This blog post addresses some of the common areas of confusion and concern, and touches on a few best practices for maximizing the value of using Cisco Nexus 9000 switches for Data Center fabric deployments by leveraging the available Intelligent Buffering capabilities.

What Is the Intelligent Buffering Capability in Nexus 9000?

Cisco Nexus 9000 series switches implement an egress-buffered shared-memory architecture, as shown in Figure 1. Each physical interface has 8 user-configurable output queues that contend for shared buffer capacity when congestion occurs. A buffer admission algorithm called Dynamic Buffer Protection (DBP), enabled by default, ensures fair access to the available buffer among any congested queues.

Figure 1 – Simplified Shared-Memory Egress Buffered Switch

 

In addition to DBP, two key features – Approximate Fair Drop (AFD) and Dynamic Packet Prioritization (DPP) – help to speed initial flow establishment, reduce flow-completion time, avoid congestion buildup, and maintain buffer headroom for absorbing microbursts.

AFD uses in-built hardware capabilities to separate individual 5-tuple flows into two categories – elephant flows and mouse flows:

◉ Elephant flows are longer-lived, sustained bandwidth flows that can benefit from congestion control signals such as Explicit Congestion Notification (ECN) Congestion Experienced (CE) marking, or random discards, that influence the windowing behavior of Transmission Control Protocol (TCP) stacks. The TCP windowing mechanism controls the transmission rate of TCP sessions, backing off the transmission rate when ECN CE markings, or un-acknowledged sequence numbers, are observed (see the “More Information” section for additional details).

◉ Mouse flows are shorter-lived flows that are unlikely to benefit from TCP congestion control mechanisms. These flows consist of the initial TCP 3-way handshake that establishes the session, along with a relatively small number of additional packets, and are subsequently terminated. By the time any congestion control is signaled for the flow, the flow is already complete.

As shown in Figure 2, with AFD, elephant flows are further characterized according to their relative bandwidth utilization – a high-bandwidth elephant flow has a higher probability of experiencing ECN CE marking, or discards, than a lower-bandwidth elephant flow. A mouse flow has a zero probability of being marked or discarded by AFD.

Figure 2 – AFD with Elephant and Mouse Flows

For readers familiar with the older Weighted Random Early Detect (WRED) mechanism, you can think of AFD as a kind of “bandwidth-aware WRED.” With WRED, any packet (regardless of whether it’s part of a mouse flow or an elephant flow) is potentially subject to marking or discards. In contrast, with AFD, only packets belonging to sustained-bandwidth elephant flows may be marked or discarded – with higher-bandwidth elephants more likely to be impacted than lower-bandwidth elephants – while a mouse flow is never impacted by these mechanisms.

Additionally, AFD marking or discard probability for elephants increases as the queue becomes more congested. This behavior ensures that TCP stacks back off well before all the available buffer is consumed, avoiding further congestion and ensuring that abundant buffer headroom still remains to absorb instantaneous bursts of back-to-back packets on previously uncongested queues.

DPP, another hardware-based capability, promotes the initial packets in a newly observed flow to a higher priority queue than it would have traversed “naturally.” Take for example a new TCP session establishment, consisting of the TCP 3-way handshake. If any of these packets sit in a congested queue, and therefore experience additional delay, it can materially affect application performance.

As shown in Figure 3, instead of enqueuing those packets in their originally assigned queue, where congestion is potentially more likely, DPP will promote those initial packets to a higher-priority queue – a strict priority (SP) queue, or simply a higher-weighted Deficit Weighted Round-Robin (DWRR) queue – which results in expedited packet delivery with a very low chance of congestion.

Figure 3 – Dynamic Packet Prioritization (DPP)

If the flow continues beyond a configurable number of packets, packets are no longer promoted – subsequent packets in the flow traverse the originally assigned queue. Meanwhile, other newly observed flows would be promoted and enjoy the benefit of faster session establishment and flow completion for short-lived flows.

AFD and UDP Traffic

One frequently asked question about AFD is if it’s appropriate to use it with User Datagram Protocol (UDP) traffic. AFD by itself does not distinguish between different protocol types, it only determines if a given 5-tuple flow is an elephant or not. We generally state that AFD should not be enabled on queues that carry non-TCP traffic. That’s an oversimplification, of course – for example, a low-bandwidth UDP application would never be subject to AFD marking or discards because it would never be flagged as an elephant flow in the first place.

Recall that AFD can either mark traffic with ECN, or it can discard traffic. With ECN marking, collateral damage to a UDP-enabled application is unlikely. If ECN CE is marked, either the application is ECN-aware and would adjust its transmission rate, or it would ignore the marking completely. That said, AFD with ECN marking won’t help much with congestion avoidance if the UDP-based application is not ECN-aware.

On the other hand, if you configure AFD in discard mode, sustained-bandwidth UDP applications may suffer performance issues. UDP doesn’t have any inbuilt congestion-management mechanisms – discarded packets would simply never be delivered and would not be retransmitted, at least not based on any UDP mechanism. Because AFD is configurable on a per-queue basis, it’s better in this case to simply classify traffic by protocol, and ensure that traffic from high-bandwidth UDP-based applications always uses a non-AFD-enabled queue.

What Is a VXLAN/EVPN Fabric?

VXLAN/EVPN is one of the fastest growing Data Center fabric technologies in recent memory. VXLAN/EVPN consists of two key elements: the data-plane encapsulation, VXLAN; and the control-plane protocol, EVPN.

You can find abundant details and discussions of these technologies on cisco.com, as well as from many other sources. While an in-depth discussion is outside the scope of this blog post, when talking about QOS and congestion management in the context of a VXLAN/EVPN fabric, the data-plane encapsulation is the focus. Figure 4 illustratates the VXLAN data-plane encapsulation, with emphasis on the inner and outer DSCP/ECN fields.

Figure 4 – VXLAN Encapsulation

As you can see, VXLAN encapsulates overlay packets in IP/UDP/VXLAN “outer” headers. Both the inner and outer headers contain the DSCP and ECN fields.

With VXLAN, a Cisco Nexus 9000 switch serving as an ingress VXLAN tunnel endpoint (VTEP) takes a packet originated by an overlay workload, encapsulates it in VXLAN, and forwards it into the fabric. In the process, the switch copies the inner packet’s DSCP and ECN values to the outer headers when performing encapsulation.

Transit devices such as fabric spines forward the packet based on the outer headers to reach the egress VTEP, which decapsulates the packet and transmits it unencapsulated to the final destination. By default, both the DSCP and ECN fields are copied from the outer IP header into the inner (now decapsulated) IP header.

In the process of traversing the fabric, overlay traffic may pass through multiple switches, each enforcing QOS and queuing policies defined by the network administrator. These policies might simply be default configurations, or they may consist of more complex policies such as classifying different applications or traffic types, assigning them to unique classes, and controlling the scheduling and congestion management behavior for each class.

How Do the Intelligent Buffer Capabilities Work in a VXLAN Fabric?

Given that the VXLAN data-plane is an encapsulation, packets traversing fabric switches consist of the original TCP, UDP, or other protocol packet inside a IP/UDP/VXLAN wrapper. Which leads to the question: how do the Intelligent Buffer mechanisms behave with such traffic?

As discussed earlier, sustained-bandwidth UDP applications could potentially suffer from performance issues if traversing an AFD-enabled queue. However, we should make a very key distinction here – VXLAN is not a “native” UDP application, but rather a UDP-based tunnel encapsulation. While there is no congestion awareness at the tunnel level, the original tunneled packets can carry any kind of application traffic –TCP, UDP, or virtually any other protocol.

Thus, for a TCP-based overlay application, if AFD either marks or discards a VXLAN-encapsulated packet, the original TCP stack still receives ECN marked packets or misses a TCP sequence number, and these mechanisms will cause TCP to reduce the transmission rate. In other words, the original goal is still achieved – congestion is avoided by causing the applications to reduce their rate.

Similarly, high-bandwidth UDP-based overlay applications would respond just as they would to AFD marking or discards in a non-VXLAN environment. If you have high-bandwidth UDP-based applications, we recommend classifying based on protocol and ensuring those applications get assigned to non-AFD-enabled queues.

As for DPP, while TCP-based overlay applications will benefit most, especially for initial flow-setup, UDP-based overlay applications can benefit as well. With DPP, both TCP and UDP short-lived flows are promoted to a higher priority queue, speeding flow-completion time. Therefore, enabling DPP on any queue, even those carrying UDP traffic, should provide a positive impact.

Key Takeaways

VXLAN/EVPN fabric designs have gained significant traction in recent years, and ensuring excellent application performance is paramount. Cisco Nexus 9000 Series switches, with their hardware-based Intelligent Buffering capabilities, ensure that even in an overlay application environment, you can maximize the efficient utilization of available buffer, minimize network congestion, speed flow-establishment and flow-completion times, and avoid drops due to microbursts.

Source: cisco.com

Continue reading

What is Cisco SD-WAN? Understanding the Basics of Software-Defined Wide Area Networking

Introduction

As the demand for secure, high-speed connectivity between geographically dispersed locations continues to grow, more and more businesses are turning to Software-Defined Wide Area Networking (SD-WAN) to simplify their networks and reduce costs. Among the leading providers of SD-WAN technology is Cisco, a multinational technology company that has been at the forefront of networking innovation for decades.

In this article, we'll take a closer look at what Cisco SD-WAN is, how it works, and what benefits it offers businesses of all sizes.

What is SD-WAN?

Before diving into the specifics of Cisco SD-WAN, it's important to have a basic understanding of what SD-WAN is in general. At its core, SD-WAN is a technology that simplifies the management and operation of a Wide Area Network (WAN) by separating the networking hardware from the software that controls it.

This means that instead of relying on physical appliances to route traffic between different locations, SD-WAN uses software to manage and direct traffic in the most efficient way possible. SD-WAN also allows businesses to connect to multiple types of networks, including MPLS, broadband, and cellular, making it a flexible and versatile solution for businesses of all sizes.

How Does Cisco SD-WAN Work?

Cisco SD-WAN is a complete solution that includes both hardware and software components. At its core is the Cisco vEdge router, a compact and versatile device that connects to the internet or other networks and handles traffic routing and security functions.

The vEdge router is powered by Cisco's proprietary software, which includes a centralized controller known as the Cisco vSmart controller. This controller is responsible for managing traffic routing policies and distributing them to the vEdge routers in the network.

One of the key advantages of Cisco SD-WAN is its ability to optimize traffic routing in real-time, based on the conditions of the network. This is done through a process called path selection, which allows the network to choose the best path for traffic based on factors like network congestion, link quality, and application requirements.

Benefits of Cisco SD-WAN

Now that we understand how Cisco SD-WAN works, let's take a closer look at some of the benefits it offers businesses of all sizes:

1. Improved Performance and Reliability

By optimizing traffic routing in real-time, Cisco SD-WAN helps ensure that network performance remains high, even in the face of changing network conditions. This means that businesses can rely on their networks to deliver the performance and reliability they need to stay productive and competitive.

2. Enhanced Security

Cisco SD-WAN includes a number of advanced security features, including encryption, firewall protection, and intrusion prevention. This helps ensure that sensitive data remains secure, even when transmitted across public networks.

3. Simplified Network Management

By separating the networking hardware from the software that controls it, Cisco SD-WAN simplifies network management and reduces costs. This means that businesses can focus on growing their operations, rather than spending time and resources managing their networks.

4. Scalability and Flexibility

Cisco SD-WAN is a highly scalable solution that can grow with your business. It also allows businesses to connect to multiple types of networks, including MPLS, broadband, and cellular, making it a flexible and versatile solution for businesses of all sizes.

Conclusion

In conclusion, Cisco SD-WAN is a powerful and versatile solution for businesses of all sizes that want to simplify their networks, improve performance and reliability, enhance security, and reduce costs. By leveraging the power of software-defined networking, Cisco SD-WAN allows businesses to optimize their networks for the unique needs of their operations, and stay competitive in an increasingly connected world.

Continue reading

Need Help Passing the Cisco ECMS 500-220 Exam? Here’s Our Comprehensive Guide

Are you interested in becoming a Cisco Meraki Solutions Engineer? If so, you must pass the Engineering Cisco Meraki Solutions (ECMS 500-220) exam. This exam tests a candidate's knowledge and skills for troubleshooting, monitoring, implementing, designing, and cloud management. In this article, we'll overview the exam, share some exam tips, and discuss the benefits of taking a practice exam.

Overview of the Cisco 500-220 Exam

The ECMS 500-220 exam is a 90-minute exam that consists of 55-65 multiple-choice questions. The exam is designed to test your knowledge and skills in the following areas:

Cisco Meraki Cloud Management (15%)

Design (30%)

Implementation (25%)

Monitoring and Troubleshooting (30%)

Pearson VUE administers the exam, which can be taken online or at a testing center. The cost of the exam is $300.

Cisco ECMS 500-220 Exam Tips

Here are some tips to help you prepare for and pass the ECMS 500-220 exam:

Understand the Exam Objectives: Make sure you understand the exam objectives before you begin studying. The Cisco website provides a detailed exam blueprint that outlines the topics covered on the exam.

Study the Official Study Material: Cisco offers an official ECMS 500-220 course that covers all the topics on the exam. This course includes hands-on labs and interactive activities to help you better understand the material.

Practice with Meraki Equipment: If possible, get your hands on it and practice configuring and managing it. This will help you gain practical experience and prepare you for the hands-on labs on the exam.

Take ECMS 500-220 Practice Exam: Taking ECMS 500-220 practice exams is a great way to assess your knowledge and identify areas to focus your study. Cisco offers an official practice exam for the ECMS 500-220 exam and other third-party practice exams.

Manage Your Time: The ECMS 500-220 exam is 90 minutes long, so you must manage your time effectively. Read the questions carefully and answer them as quickly and accurately as possible.

Benefits of Taking a Cisco ECMS 500-220 Practice Exam

Taking a practice exam can provide several benefits, including:

Identifying Knowledge Gaps: Practice exams can help you identify areas where you must focus your study. This can help you create a more targeted study plan and maximize your time.

Familiarizing Yourself with the Exam Format: Practice exams can help you get familiar with the exam format, including the types of questions you can expect and the time constraints you'll be under.

Reducing Exam Anxiety: A practice exam can help minimize exam anxiety by providing a sense of what to expect on exam day. This can help you feel more confident and relaxed during the actual exam.

Improving Test Scores: Studies have shown that taking practice exams can improve test scores by up to 10%. This is because practice exams help reinforce the material and provide an opportunity to practice applying it in a test-taking environment.

Benefits of Passing Cisco ECMS 500-220 Exam

Passing the ECMS 500-220 exam can provide several benefits, including:

Increased Job Opportunities: Passing the ECMS 500-220 exam can open new Cisco Meraki Solutions Engineering job opportunities. Many employers require certification as a prerequisite for employment, so having this certification can give you a competitive edge over other job applicants.

Improved Career Growth: Becoming a Cisco Meraki Solutions Engineer can provide career growth and advancement opportunities. You can expect to be involved in challenging and exciting projects and continue to learn and grow your skills throughout your career.

Enhanced Professional Credibility: Certification proves your knowledge and skills to potential clients and employers. It can improve your professional credibility and increase your value in the eyes of your clients and colleagues.

Increased Earning Potential: With certification, you can earn a higher salary than your non-certified counterparts. According to PayScale, the average salary for a Cisco Meraki Solutions Engineer is $97,000 per year.

Conclusion

The ECMS 500-220 exam is essential to becoming a successful Cisco Meraki Solutions Engineer. By understanding the exam objectives, studying the official material, practicing with Meraki equipment, taking practice exams, and managing your time effectively, you can confidently pass the exam. Additionally, passing the exam can provide many benefits, including increased job opportunities, career growth, professional credibility, and earning potential. So, if you're interested in pursuing a career in Cisco Meraki Solutions Engineering, prepare for the ECMS 500-220 exam today!

Continue reading

Unifying Experiences Starts By Unifying SASE

Over the years, advancements in technology and the endless waves of new innovations have created an unintended problem for most organizations today—overcomplexity. 53% of senior decision-makers say their IT environment is more complex than it was just two years ago.

I explained how Secure Access Service Edge (SASE) and the convergence of networking and security are key to reducing operational complexity. Now, more than ever, organizations need an efficient way to securely connect distributed workforces and build a consistent operational model that extends from on-premises to the cloud, bridging a hyper-dispersed landscape and creating secure and seamless experiences anywhere.

Answering that call are two general SASE approaches that may deliver those desired outcomes. The first, a “best of breed” solution, is comprised of separate networking (SD-WAN) and security service edge (SSE) products, typically from multiple vendors, which inherently will lack a consistent operational model, leading to a more fragmented experience given the increased integration required to produce a complete SASE solution. This may also lead to a solution that is less secure.

The second approach is a unified SASE solution that delivers networking and security components as a simplified, turnkey cloud service featuring unified management from a single dashboard. A well-designed SASE solution removes complexity by providing centralized management with intelligent and consistent distributed enforcement, along with controls and visibility across endpoints, enterprise edge, and cloud edge to deliver a more secure end-to-end solution that further enhances the end-user experience. Unified SASE embraces a platform approach, seamlessly converging networking and security technologies into one experience that makes management easy.

Acknowledging the importance of a unified, single-vendor approach, Gartner predicts that… “By 2025, 50% of new SD-WAN purchases will be part of a single-vendor SASE offering, up from 10% in 2022.” 

Converging the Best of Networking with Security on a Single Platform

Cisco+ Secure Connect is Cisco’s premier unified solution that provides a blueprint for SASE made easy. This unified SASE solution is built on a converged cloud-first platform that connects Cisco’s industry-leading networking and security technology and delivers several key outcomes:

◉ Creates a streamlined IT management experience, which in turn helps deliver a more seamless experience for end users so they can access the resources they need, wherever and whenever they need them

◉ Simplifies the management of networking and security domains within a single dashboard, providing greater visibility and insight to ITand allowing them to proactively stay on top of threats and vulnerabilities across the network, ensuring greater resiliency and security

◉ Harmonizes the networking and security domains by interconnecting everything and providing security everywhere to build a unified SASE fabric, removing complexity and creating a simple, consistent operating model

Figure 1. Cisco+ Secure Connect Dashboard

Every organization has an installed technology base, and there may be a temptation to simply add the missing SASE functionalities to whatever currently exists. However, it’s important to note that SASE is a long-term strategic choice and simply deploying all the components of a SASE model without a high level of integration does not constitute a fully functional SASE solution and will not deliver the desired outcomes. For this reason, unified SASE is the simplest and easiest path to realizing true SASE benefits that “stick” – ultimately, delivering better experiences.

Source: cisco.com

Continue reading

Top Study Resources for Cisco 300-425 ENWLSD Exam

Cisco is one of the world's leading technology companies that offer numerous certifications to professionals who aspire to establish a career in the networking domain. Cisco certifications validate an individual's skills and expertise in designing, implementing, and managing complex network infrastructure. One of the popular certifications offered by Cisco is the Designing Cisco Enterprise Wireless Networks 300-425 ENWLSD exam, designed for network professionals seeking to earn the CCNP Enterprise certification. This exam validates their skills in implementing and troubleshooting advanced routing technologies and services. This article will discuss the best study resources for preparing for the Cisco 300-425 exam and the importance of practice tests in ensuring exam success.

Overview of the Cisco 300-425 ENWLSD Certification Exam

The Cisco 300-425 certification exam, also known as the Designing Cisco Enterprise Wireless Networks (300-425 ENWLSD) exam, tests your knowledge and skills in designing Cisco wireless networks. This exam is part of the Cisco Certified Specialist - Enterprise Wireless Design certification track. It is intended for IT professionals who want to validate their skills in implementing Cisco wireless network solutions.

The Cisco 300-425 ENWLSD certification exam consists of 55-65 questions you must answer in 90 minutes. The exam measures your proficiency in the following topics:

Passing this exam requires thorough preparation, and you must deeply understand the exam topics and objectives. The next section of this article will discuss some of the best study resources for the Cisco 300-425 ENWLSD certification exam.

Study Resources for Cisco 300-425 ENWLSD Certification Exam

Cisco Learning Network

The Cisco Learning Network is a comprehensive learning platform that provides various resources for the Cisco 300-425 certification exam. This platform offers self-paced learning modules, practice exams, and study groups to help you prepare for the exam. You can access the Cisco Learning Network for free, and it is an excellent resource for anyone preparing for the Cisco 300-425 ENWLSD certification exam.

Cisco Press Books

Cisco Press is a leading publisher of Cisco certification study materials. They offer a variety of books, eBooks, and video courses that cover different topics related to Cisco enterprise wireless networks. These materials help you learn quickly and reinforce your understanding of the exam concepts.

Instructor-Led Training

If you prefer classroom-style learning, instructor-led training is an excellent option. Cisco offers instructor-led training course that cover the exam objectives in-depth. These courses are led by certified Cisco instructors with real-world experience designing and implementing Cisco wireless networks.

Cisco 300-425 ENWLSD Practice Tests

Practice tests are an excellent way to assess your knowledge and understanding of the exam objectives. They help you identify your weak areas and enable you to focus on them in your exam preparation. Practice tests also help you familiarize yourself with the exam format and structure, making you more comfortable during the exam.

Importance of Practice Tests in Cisco 300-425 ENWLSD Exam Preparation

Practice tests are crucial to any exam preparation strategy, including the Cisco 300-425 ENWLSD exam. Here are some of the reasons why practice tests are essential in your exam preparation:

1. Identifying Knowledge Gaps

Practice tests help you identify your knowledge gaps and weak areas. By taking practice tests, you can assess your understanding of the exam objectives and identify areas where you need to focus more in your exam preparation.

2. Time Management

Time management is critical during the actual exam. Practice tests help you familiarize yourself with the exam format and structure, enabling you to manage your time effectively during the exam.

3. Reducing Exam Anxiety

Exam anxiety is a common issue faced by many candidates during the exam. By taking practice tests, you can get familiar with the exam format and structure, making you more comfortable and confident during the exam.

4. Reinforcing Concepts

Practice tests help reinforce your understanding of the exam concepts. By taking practice tests, you can apply the concepts you have learned in real-world scenarios, helping you gain hands-on experience designing and implementing Cisco wireless networks.

Try Free Cisco 300-425 ENWLSD Exam Questions Now!

Tips for Passing the Cisco 300-425 Certification Exam

Understand the Exam Topics and Objectives

Create a Study Plan and Stick to It

Use Multiple Study Resources

Take Practice Tests

Join Study Groups and Forums

If you are an aspiring CCNP Enterprise professional, taking the necessary steps to prepare for and pass the Cisco 300-425 certification exam is essential. The CCNP Enterprise certification is a highly respected and sought-after credential in the IT industry, and it can help you advance your career and open up new opportunities.

Conclusion

Preparing for the Cisco 300-425 ENWLSD exam requires adequate preparation and dedication. By using the study resources, we have discussed in this article and taking practice tests; you can increase your chances of passing the exam on your first attempt. Remember to identify your knowledge gaps, manage your time effectively, reduce exam anxiety, and reinforce your understanding of the exam concepts.

Continue reading

Enabling Predictive Networks with Cisco SD-WAN and ThousandEyes WAN Insights

With the increasing complexity of Enterprise networks, there is a need for self-correcting and self-healing mechanisms that learn, predict, and plan. Cisco is announcing our newest SD-WAN innovation with Predictive Path Recommendation (PPR) powered by Cisco ThousandEyes WAN Insights. This is a significant capability to simplify network operations by leveraging recommendations from Cisco’s Predictive Networks. Predictive Path Recommendations provide proactive guidance for maintaining network stability and improving the performance of critical Application Groups distributed across the SD-WAN fabric. IT defines applications that require a specific SLA into groups so that PPR can predict which paths will meet those criteria.

Cisco SD-WAN provides IT with scalable, secure, cloud-managed WAN fabrics with extensive capabilities for visibility and troubleshooting of day-to-day network operations. The simplicity of management and exceptional Application Quality of Experience (AQE) are the key driving factors for all innovations underpinning Cisco SD-WAN.

AQE is achieved by constantly monitoring application path metrics and making intelligent choices among all the available paths. Cisco SD-WAN leverages existing capabilities of Application-Aware Routing (AAR) to adapt to unexpected degradation or outages by switching to the most optimal path. This ability to react quickly and automatically to changes in network KPIs provides an optimal Application Experience.

PPR, in combination with AAR, is a powerful tool that helps organizations optimize the performance of their wide area networks. One of the key benefits of PPR is its ability to generate long-term recommendations for network optimization. Rather than simply reacting to network issues as they arise, PPR takes a proactive approach, continuously monitoring the network and issuing recommendations whenever a better path is available. This helps to ensure sustained improvement over a long period of time. Figure 1 illustrates the three phases of the Predictive Path Recommendation cycle.

Figure 1: Three phases of the Predictive Path Recommendation cycle.

SD-WAN continuously monitors application behavior in relation to characteristics of all available paths within the WAN fabric and then generates long-term recommendations for paths that will reduce the probability of experiencing an SLA violation.

As changes to the WAN occur, the predictive models evaluate historical path metrics and usage to provide an early-detection system by warning of potential SLA violations before they occur and providing recommendations for alternate network paths per Application Group.

Network Admins/Operators can leverage the visualizations that are available in Cisco ThousandEyes and SD-WAN to view, monitor, and validate the effectiveness of the predictive model recommendations.

Operators select which policy changes that are recommended by the predictive models to apply in the SD-WAN fabric.

Workflow-Review & Application of Recommendations

PPR generates recommendations on a per Application Group per Site basis and these are available to visualize, explore and review before applying policy changes to the Network. From Cisco SD-WAN vManage UI, administrators can launch the Predictive Networks tab to view and explore all available recommendations.

Figure 2: Cisco SD-WAN vManage Predictive Path Recommendations tab with site map.

Figure 3: Cisco SD-WAN vManage PPR tab with Card-View

SD-WAN administrators can find additional insights into the historical performance of the current path versus recommended path in terms of path quality and impacted users specific to an Application Group at a specific site. In addition, the aggregated metrics for the entire site are also available, which helps Admins identify circuits and paths which are problematic. This view is helpful in understanding the impact of policy change based on model recommendations.

Figure 4: Cisco SD-WAN vManage Predictive Path Recommendation view for a site

Path and Quality of Service (QoS) details for path endpoints help admins verify the path recommendations. The visualization helps compare and correlate the historical Network KPI information presented with path quality variations, number of users, and application experience over time.

Figure 5: Cisco SD-WAN vManage PPR Endpoint Pair Path & QoS details

The Future of Connectivity Relies on Self-Healing Networks

Integrating Cisco ThousandEyes Predictive Path Recommendation with Cisco SD-WAN vManage provides IT with a proactive solution with actionable recommendations to reduce disruptions in network fabric while simplifying network operations. The predictive solution helps to improve the application experience by avoiding network degradation before it happens. It enables operations personnel to work more efficiently and to focus on strategic activities rather than reactive triage. Moreover, Predictive Path Recommendation provides the foundation for intelligent closed-loop network automation.

Source: cisco.com

Continue reading

Crucial Drivers for Passing the Cisco 300-410 ENARSI Exam

The 300-410 ENARSI exam is required to obtain the CCNP Enterprise certification and also qualifies individuals for the Cisco Certified Specialist - Enterprise Advanced Infrastructure Implementation certification. It evaluates one's ability to implement and resolve complex issues related to advanced routing technologies and services such as VPN, Layer 3, infrastructure services, infrastructure security, and infrastructure automation.

The Cisco 300-410 exam lasts 1.5 hours and comprises 55-65 questions. It is available in both English and Japanese languages. Individuals can register for the exam through Pearson VUE, and the standard fee for taking the test is $300. They can take the exam either at a testing center or online.

Ways to Prepare for Cisco 300-410 ENARSI Exam

Sufficient preparation is necessary for the Cisco 300-410 ENARSI exam; individuals should approach it seriously. There are various study materials available to specialists, and below are some practical options they can explore:

1. Understand Cisco 300-410 ENARSI Exam Syllabus

The main priority for candidates is to become familiar with the topics covered in the Cisco 300-410 exam. They can achieve this by using the blueprint on the official website, which provides an overview of the domains tested. Using this information, candidates can identify their strengths and weaknesses and tailor their preparation process accordingly to focus on specific areas.

2. Enroll in a Training Course

Professionals can use the official training course to enhance their abilities in working with enterprise networks, implementing, configuring, and resolving issues. This training opportunity encompasses advanced infrastructure technologies and routing. More information about this course can be found on the Cisco website.

3. Learn from a Study Guide

The official study guide may be helpful for individuals who prefer to prepare for the certification exam independently and manage their own study time. Cisco Press's Official Cert Guide aims to help you study, prepare, and practice for the exam, to ensure you are fully ready for your certification test.

4. Try Out a Cisco 300-410 ENARSI Practice Test

Candidates may use Cisco 300-410 practice tests to become familiar with the question patterns of the actual exam beforehand. This is also an excellent opportunity to refine the skillset needed for the Cisco ENARSI exam.

5. Learn from Experts

Interacting with other test-takers aiming to excel in different exams and obtaining relevant certifications from various parts of the world is crucial. These individuals may have their tips and strategies for preparation, which can be beneficial to learn from through communication.

Key Motives to Pass the Cisco 300-410 Certification Exam

Obtaining the CCNP Enterprise certification by passing the 300-410 ENARSI and 350-401 ENCOR exams can provide numerous advantages. Here are how you can benefit:

It confirms your skills. Successfully passing the Cisco 300-410 exam indicates that you possess the essential competencies and understanding to implement and troubleshoot advanced routing technologies and services. Furthermore, the certification you receive proves to hire managers that you can perform intricate tasks. Many organizations are seeking individuals with these proficiencies.

It will broaden your knowledge. Passing the Cisco 300-410 ENARSI exam is not only about obtaining the certification but also an excellent opportunity to enhance your expertise in implementing and troubleshooting advanced technologies and services. As you undergo intensive preparation, you will gain a wealth of knowledge and acquire valuable skills.

Earning the Cisco 300-410 certification will increase your employment prospects. Individuals who hold Cisco certification are often more attractive to employers than those who do not have it. With CCNP Enterprise, you will have an advantage over job seekers who lack this certification, and employers may prefer to hire you for available positions.

The certification can bring a feeling of accomplishment, which is personally satisfying. The CCNP Enterprise certification can bring about a sense of personal contentment and accomplishment many aspire to attain. It can enhance the self-assurance of network administrators and IT professionals in their competence to create, diagnose, and implement networks and showcase their proficiency in this area.

Conclusion

If you aspire to progress in IT, consider taking the 300-410 ENARSI exam and earning a professional certification. Nonetheless, it's vital to adequately prepare for this test by using various resources, including the official training course, certification guidebook, practice tests, and more, and choosing the ones that align with your requirements. Once you've finished preparing, you can concentrate and confidently take the exam.

Continue reading

Make your network yours with CML 2.5 annotations

Cisco Modeling Labs (CML) 2.5 arrives with annotations, a new feature for all CML license levels. When learning and designing, annotations let you get the most out of your labs. Annotations allow you to include all the documentation on how parts of the network work, details about your learning objectives and next steps, or ways the network elements fit together. In short, the annotations feature in CML 2.5 lets you make your network yours. Here’s how it works.

Add context with annotations in CML

Annotations allow you to provide additional context to your lab topology and organize the elements in a helpful, meaningful way. For example, you can use annotations to show routing, IP addressing, and VLAN information, as shown below: 

Annotations in CML are persistent. This means annotations will be included in the lab definition if exported, allowing you to share your annotated labs with others.  

A grid background and node/annotation grid snapping are enabled by default. Snapping will automatically snap nodes and annotations to ensure they are properly aligned when drawing or moving them. You can turn off snapping for a lab by unchecking the snap to grid option in the toolbar settings. You can also temporarily disable snapping by holding the Alt key when you add or move a node/annotation. 

Additionally, annotations support transparency and layering, allowing you to stack annotations.

How to add annotations to labs in CML 2.5

You can add annotations to labs in the workbench via one of the four annotation tools in the toolbar. 

 There is one tool for each type of annotation: 

◉ Rectangle  

◉ Ellipsis 

◉ Text 

◉ Line

For all annotation types except text, you can add the annotations by first selecting the tool. Then click and hold the mouse where you want the annotation to start, and drag it to where you want it to end. Releasing the mouse will create the annotation, and you will see a sidebar with other properties you can change for the annotation. 

The process of adding a text annotation is similar, starting with selecting the tool. Next, click and release where you want the text. Finally, the sidebar will open, allowing you to enter the text you wish to use. 

New options in toolbar settings

Click the gear icon in the toolbar to open the canvas settings menu, which provides these new options for CML 2.5: 

1. Toggles the grid on/off 

2. Turns node/annotation snapping on/off 

3. Turns annotations off, hiding the drawn annotations and annotation tools 

NOTE: You can temporarily disable the snap-to-grid option by holding the Alt key (or Option key on a Mac) when moving or resizing an annotation/node. This lets you keep snapping enabled while precisely placing an annotation/node.  

Edit annotations

Selecting an annotation will toggle the visibility of the resize handles for the currently selected annotation. Additionally, a sidebar will be opened, allowing you to edit the annotation properties further

1. Resize Handles 

2. Sidebar 

Future annotations in CML

The CML development team is currently exploring adding an image annotation type in a future release to allow the addition of images inside a topology. 

Source: cisco.com

Continue reading

Something New: AP Discovery Methods for 6GHz Wi-Fi – Part 2

In Part 1 (Something Old) we looked at basic changes to the physical layer provided by wave 1 of 801.11ax, how these changes can affect performance, and how OFDMA enables the optimal use of the 6GHz spectrum. In this second article, we’ll explore “something new:” the challenges of discovery in 6GHz, new methods used for solving this, and how these new methods open 6GHz for many different use cases.

Is There Anybody Out There?

In previous generations, Wi-Fi clients would scan channels and send unsolicited probe requests to discover access points (APs). Scanning channels can be a timely process as beacons are only broadcast every 102400us so the client must dwell long enough to detect the beacon. At 6GHz this is 102400us x 59 channels (there are 59 20MHz channels in the new 6GHz spectrum) which is over 6 seconds. For the client, this loss in time represents a disruption in communication. Creating intolerable latency in voice and lost opportunity to hundreds of megabytes of data every time the client decides to scan. Furthermore, the previous process would be to send unsolicited probe requests (wildcard requests) to see how APs would respond. Now, remember, this is all a contention-based medium, so these probe requests and responses on every channel for every client create a significant amount of interference and at the very least, inefficient use of the spectrum.

Read More: 300-710: Securing Networks with Cisco Firepower (SNCF)

Over the years the IEEE has introduced measures to address these roaming challenges. 802.11k was introduced to provide clients with a list of neighboring APs, 802.11v was introduced to provide a recommended AP candidate, and 802.11r was introduced to reduce the roaming time for 802.1x clients. Not all clients and infrastructure support these measures so while they helped, they did not eliminate the need for clients to send unsolicited probes.

While these IEEE updates are still available for 6GHz, the strategy for AP discovery fundamentally changes. To start with, unsolicited probe requests are no longer allowed (with one limited exception we will discuss shortly).

Three New Methods to Improve AP Discovery

Since we have already established scanning channels at 6GHz is not allowed, there are three new methods introduced in Wi-Fi 6E for finding AP candidates.

The primary method (and the one that clients typically respond to best) is called Reduced Neighbor Report (RNR). Since most, if not all, clients will have legacy band capability, there is an Information Element (IE) embedded in the legacy band beacons that list the 6GHz SSID(s) that are available on the serving AP. The client first scans the 5GHz or 2.4GHz channels and looks for this RNR element. The RNR report contains information about the 6GHz channel, SSID, BSSID, a bit of information on the AP, and the allowed power levels (Power Spectral Density). This effectively makes the 2.4GHz and 5GHz channels a control channel for the 6GHz. Clients can then send a directed probe request to those channels that are learned in the RNR to determine which 6GHz AP to join. It is important to note there can be multiple 6GHz SSIDs included in the RNR and they do not have to match the legacy SSIDs.

The information contained in an RNR is very similar to the information provided in the previously introduced 802.11v action frame. The RNR below is from a 5GHz beacon and is advertising two SSIDs on the 6GHz channel number 5. The legacy 802.11v action report below shows similar information to the RNR but the fundamental difference is twofold:

◉ This is an action frame not part of the beacon like the RNR. It is a request-response type transaction. An RNR is broadcast in the legacy band beacons.

◉ The information in the 802.11v action frame contains information about other APs on the same frequency band. The RNR only lists SSIDs broadcasted from the 6GHz band (different frequency band) as this same AP.

Figure 1: RNR on 5GHz beacon

Figure 2: 802.11v Action Frame

What if the AP is only broadcasting 6GHz? This is an unlikely condition, but nonetheless a potential one. First, scanning can be reduced by limiting the number of channels to be scanned. This is called Preferred Scanning Channels (PSC). The PSCs are the primary channels (20MHz subchannel) of the 80MHz channels. This works well since 80MHz will often be the preferred bandwidth to operate for reasons previously discussed in part 1 of this blog series. If however, lower bandwidth channels are used without RNR or additional support from the methods below, it would be very easy for a client to miss this channel which should be a consideration when using PSC with narrower band channels.

Figure 3: Preferred Scanning Channels (red)

There are two mutually exclusive options to further enhance the AP discovery in which the AP will broadcast messages an additional 4 times between the beacons or about every 20ms (configurable from 5ms to 25ms). The first method is called Fast Initial Link Setup (FILS) and is based on a previous standard of 802.11ai. This is a very lightweight message (somewhere around 100 bytes as compared to a beacon which is 500+ bytes). The second method is called “Broadcast Probe Response” or “Unsolicited Probe Response” (UPR). Like FILS, this advertisement will be broadcast at a higher rate than the beacon. However, the UPR broadcasts everything in the probe response so while it supplies the client with more information, it is a bit heavier in the amount of data transmitted repeatedly.

Teamwork Makes the Discovery Dream Work

So how do these four methods work together? First, if there are legacy band SSIDs transmitted on the AP the expectation is that the RNR will do the work of discovering the 6GHz channel, and no other method is required. In the case where only 6GHz is broadcast from the AP the most likely scenario would be the use of PSC with either FILS or UPR. Notice UPR and FILS are exclusive options, you can only use one or the other. Early testing of client devices has seen some issues with 6GHz standalone APs not being discovered with only PSC and it is needed to have FILS (or UPR) enabled to assist a client in discovering the AP. This may change over time but for the early implementations, deploying 6GHz with only 80MHz channels and PSC enabled is a good option. This allows the primary channel to match the PSC channels. In addition, enabling FILS can provide further assistance for discovery with minimal impact on performance.

Source: cisco.com

Continue reading

Wi-Fi 6E, Something Old, Something New, Something Borrowed, Something Blue – Part 1

With the recent release of a number of Wi-Fi 6E-enabled devices at the Consumer Electronics Show (CES), now is a good time to take into account some of the benefits that Wi-Fi 6/6E provides. Wi-Fi 6/6E was not an “incremental” change, it was a major leap forward with the new innovations and most importantly, the addition of the newly allocated 6GHz spectrum (which varies across regions). In this series, we will provide the reader with an in-depth understanding of some of these advanced features in Wi-Fi 6 and how some of these features benefit them. Furthermore, we will discuss some of the new innovations built around the Wi-Fi 6E standard and how IT leaders are just starting to realize the potential for 6GHz wireless.

“Something Old”

While the ability to support multiple simultaneous users has been available prior to Wi-Fi 6E this is one “old” feature that becomes enhanced in Wi-Fi 6E. In part 1 we want to look at some of the changes to the physical layer, what changed, and how this helps your WiFi performance.

Of all the features added to Wi-Fi 6, one, in particular, will have a very significant effect on the new 6GHz band and deserves some in-depth consideration and that is OFDMA. Remember all that old 802.11ax optional capability is now mandatory at 6GHz as there is no requirement for brownfield support. There were other technologies added to the legacy bands in Wi-Fi 6 that really paved the way for substantial improvements in performance. For example, increased modulation rates (up to 1024 QAM, think of this as higher maximum throughput), better spatial isolation (BSSID Coloring/OBSS and multiple timers for IBSS and OBSS, think of this as better performance in an area with lots of clients and APs), Target Wait Time (better battery life for clients), and others.

Digging into OFDM – The Virtual Wires of Wi-Fi

OFDM is the “baseband” signal which is the underlying waveform that is used to generate the RF signal we think of as Wi-Fi from the digital input. This baseband signal is comprised of multiple “tones”. The combination of these tones is called Orthogonal Frequency Division Multiplexing (OFDM). Each tone is orthogonal to the other tones which means the information on that tone can be detected with limited interference from other tones even though they are tightly spaced together. Think of each of these tones as a wire that information can be conducted. Fewer tones mean fewer wires but higher throughput for any one wire, more tones mean more wires but lower throughput per wire. The total “available” throughput, in either case, ends up being basically the same. In 802.11ax a change was made to move from 64 tones to 256 tones (4x) in a 20MHz channel.

Figure 1. OFDM changes from Wi-Fi 5 to Wi-Fi 6

As discussed, this increase in tones has very little impact on the link available throughput but, there are other trade-offs. First, the 4x increase in tones improves the robustness of multipath (improved resistance to inter-symbol interference) but loses some effectiveness in a high-speed mobile environment (doppler shift). So, under typical indoor use, we get a benefit of a more reliable connection. The second, and biggest change is the ability to better “sub-channelize” the physical layer. This access method is called Orthogonal Frequency Division Multiple Access or OFDMA. A sub-channel or group of tones at a given time slot is considered a “resource unit” often referred to as an “RU”.

Since the ratio of the number of tones is relative to the bandwidth, in a 20MHz channel there can be up to 9 RUs (26 tone groups) for any one frame and in a 160MHz channel this could go up to 74 RUs (notice this is not 72 as there are some efficiencies due to higher ratio of usable tones at higher bandwidths). RUs can come in larger sizes also to match the resource demand. For example, with a 20Hz channel, you can additionally have 52 tones, 106 tones, or the full band on 242 tones. Furthermore, you can to some degree mix and match these different-sized RUs in the same frame. These RUs provide a mechanism to transmit to multi-users (MU) at the same time without having to rely on spatial diversity. Let’s put a number to why this is important. Take a 64-byte packet operating at some typical rate like 256 QAM with ¾ rate coding (MCS8). With 40MHz channels, one slot is capable of around 380 bytes. What happens if a 64-byte packet (typical packet) is transmitted over this 40MHz channel? Less than 20% of the channel is used, and over 80% of that resource is wasted! With the use of RU’s, we can send multiple packets at the same time and pretty much eliminate that inefficiency. Granted not all packets are 64 bytes but larger packets are broken into smaller physical layer packets called Protocol Data Units (PDUs) to be transmitted and again will not fill up the entire spectrum for all PDUs.

So how does the AP signal the client when and where its RUs are allocated since there are now multiple client packets in a time slot? This is accomplished using two mechanisms. First, there is now a new field in the preamble that provides the “where” called SIG-B. This field provides how the resource units are allocated over the slot and the per-client information that specifies which resource units are allocated for my specific client.

There are really 3 options to transmit multi-user packets at the same time:

◉ Multiple simultaneous users’ signals are transmitted using the full band but the spatial characteristics of the channel allow them to communicate with limited interference (spatial separation).

◉ Multi-User with different users assigned to different RUs (frequency separation).

◉ A combination of both.

Option 1 is a multiplier – If the channel permits sending multiple streams over the same channel the capacity of the channel grows proportional to the number of users. There are limitations to this, for example, the number of uplink spatial streams is equal to or less than the number of uplink receivers in the access point. If the AP and the environment support option 1 it would typically be used.

Option 2 is an optimization – If the network has multiple clients that support Wi-Fi 6 that have traffic to send at the same time the network will optimize by sending the traffic at the same time.

The second function that facilitates the “when” the use of multiple clients is the “trigger frame”. When the AP is ready for the clients to simultaneously send uplink information it transmits a trigger frame with the client information. The client waits for one short interframe spacing (SIF) and then transmits the uplink data on the appropriate RUs. The AP can then send back a “multi-Station ACK” allowing the multiple client uplink packets to be acknowledged simultaneously. Uplink ACKs are transmitted similarly to the uplink data with a trigger frame on the allocated RUs.

Figure 2. Trigger Frame Sequence

Given 6GHz has a much larger block of spectrum and the most common FCC regulation to deploy is based on power spectral density (PSD), which allows for more power with wider channels, it is expected that most deployments will use 80MHz or 160MHz (see 6-GHz Unlicensed Spectrum Regulations and Deployment Options White Paper). With the previous generation of one packet per time slot, 80MHz channels became very inefficient, and hence why you rarely saw this type of operation for multiple access. With 802.11ax the ability to do both frequency and spatial division, the clients can be assigned only the resources necessary for their needs no matter how wide the channel is thus making the use of these wider channels much more effective. In the 2.4GHz and 5GHz bands clients capable of supporting OFDMA had to contend for a slot with legacy clients and of course since it requires more than one client to participate in “multiple access” it would only contend for a multiuser slot if there were multiple clients that could support OFDMA with packets to transfer. At 6GHz all clients support OFDMA and hence no need to contend with legacy clients for access, every slot can transmit multiple packets. With the addition of the 6GHz channels, we will just now begin to fully benefit from the use of OFDMA.

With Wi-Fi 6 the link can now be divided into both bandwidth and time so specific chunks of resources can be “scheduled” for delivery further improving efficiency and latency (see Figure 2 below).

In addition to the improvement of efficiency in the wider band channels the “triggered multi-user access” allows for the scheduling of packets in a much more predictable manner. The 802.11ax standard does not dictate all the necessary details for managing the packet scheduling and hence this is an area where there can be some differentiation in performance between implementations. Cisco, a company with a rich history of packet scheduling and optimization is obviously exploring this area also. For example, in the data below we can see the latency comparison between a typical Wi-Fi 5 network, a Wi-Fi 6 network, and a Wi-Fi 6 network with optimization in scheduling. Notice with Wi-Fi 6 there is a substantial reduction in outlying packets exceeding the 25ms delay bound and with some optimization, a further reduction in latency can be seen. This is an example of the value of optimized scheduling with 802.11ax multi-user capability provides.

Figure 3. Packet Scheduling Improvements

Wi-Fi 6E provided a leap forward in capability. Some we could not fully recognize until 6GHz was made available. Benefits in capacity, latency, and stability are all a part of the 802.11ax update. In addition, vendors like Cisco can provide optimized packet scheduling to further enhance the user’s experience. Deploying Wi-Fi 6E capable access points will allow the operator to begin to experience these significant new enhancements in performance.

Source: cisco.com

Continue reading