Intelligent Capture: The Magic Goggles for Wireless Troubleshooting

The COVID-19 outbreak has proved that the internet is not a luxury but a basic necessity. The internet has become an ever more crucial link in adapting to the new normal, and Wi-Fi is seeing an inevitable surge of all time. With networks getting so big and complex, the challenges in managing the network are getting more and more difficult. Wi-Fi Troubleshooting is one of the crucial challenges faced by network admins, involving complex data collection from various sources, followed by an intense analysis of the huge data to resolve the problem.

Read More: 350-901: Developing Applications Using Cisco Core Platforms and APIs (DEVCOR)

What if you possess a magic goggle?

A goggle that offers 360 views of the network.

A goggle that offers see-through power to uncover the cause of the problem.

A goggle that offers foresees power to predict an issue even before it occurs.

Introducing Intelligent Capture

Intelligent Capture is a built-in, enhanced issue detection and root-cause-analysis forensic capture solution, which makes the wireless troubleshooting process a lot easier with the ready-to-use packet captures, historical data charts, and self-diagnosed anomaly events.

As the name says, these data are intelligent that it masks all the complexities of Wi-Fi troubleshooting by presenting right and relevant data to root cause the issues faster, even if the client roams between the Access Points.

Solution Components – The Three Gears

Intelligent Capture solution comprises of Cisco DNA Center, Wireless LAN Controllers, and Cisco Access Points.

Design: The Cisco DNA Center offers a centralized, intuitive management system that makes it fast and easy to design, provision, and apply the policies on the controllers.

Deploy: The WLAN Controller deploys and manages the policies across the access points.

Operate: The Access Points operate on the policies by streaming the critical data to the Cisco DNA Center which is correlated with the events from the controller offering 360 views of the network.

The Cisco DNA Center intuitive UI provides end-to-end network visibility and live technical insight into various wireless metrics from both the client and access point perspective

Solution Categories – The Two Faces

Intelligent Capture solution is offered under two categories.

◉ AP Stats Capture: Always-on real-time RF monitoring service, offers an in-depth analytical view of various wireless metrics related to an AP’s radio. The trend view of historical metrics gives insight into why users experience poor signal, low throughout, and onboarding failures

◉ Spectrum Analysis: On-demand service, render charts on Channel and Interference, detailing the spectrum activities in the RF environment surrounding an AP.

◉ Live Capture: On-demand service, needed for troubleshooting a client onboarding failure in live time. This solution captures the management frames when a client joins and leaves the network. In addition to the packet capture, the access point also offers client statistics at a 5-second frequency for easy root cause analysis. This feature can target up to 16 clients at once.

◉ Scheduled Capture: On-demand service, required to triage a client join issue that occurs recursively at a specific time of the day. This solution offers the capability to schedule Live capture for a specific date and time. Furthermore, the user can control the length of the scheduling session from 30 minutes to 8 hours. This feature allows you to schedule up to 12 sessions at once.

◉ Data Capture: On-demand service, used for troubleshooting a client who is experiencing poor network performance with low throughput and onboarding failure. This feature provides the most granular packet capture than live capture offering both management and unencrypted data frames to analyze the issue in detail. This feature runs exclusively for a single client at once.

◉ Anomaly Stats Capture: Always-on service, proactively monitors the network and raises an anomaly in the event of failure. This feature notifies users with an immediate understanding of any client onboarding issue that has occurred, provides analysis, and presents a packet capture depicting the incident as proof.

Going Above and Beyond – The One Intelligence

Time Travel:  The Intelligent Capture solution is not limited to troubleshooting present issues, but it also stretches to the past and into the future.

- Past: Offers the capability to travel up to 14 days in the past to revisit the exact moment when everything went wrong. Pinpoint the cause and take action to prevent it from ever happening again.

- Future: Analytics on the enormous real-time and historical data helps in predicting the problem even before they arise.

Packet Stitching: The Intelligent Capture is not restricted to packet capture, but it also extends to packet stitching. In a client roaming scenario, the Cisco DNA Center manages to capture the packets from all the APs involved in the client movement trail.  The packets from multiple sources are stitched internally and return as a single concatenated file to the Cisco DNA Center for an easy download.

Unlock the Power of Wi-Fi 6

Wi-Fi 6 is opening new possibilities with a more consistent and dependable network connection that will deliver speeds up to four times faster with four times the capacity. Improved speed, capacity, and control will support existing applications with greater performance and drive new innovations.  Wi-Fi 6 began its ramp-up, and the market will soon start seeing large numbers of devices in Wi-Fi 6. Therefore, it is important to prepare your network for the new standard to gain all the benefits that Wi-Fi 6 offers.

Intelligent Capture combined with other Cisco DNA Assurance solutions unlocks the power of the Wi-Fi 6, by offering the exclusive Wi-Fi6 Dashboard which provides a visual representation of your wireless network showcasing the Wi-Fi 6 Readiness, and the efficiency of the Wi-Fi 6 networks compared to non-Wi-Fi 6 networks.

Notes from Hands-On Experiences

Cisco deployments and Pilot programs heavily utilize Cisco DNA Assurance’s Intelligent Capture to troubleshoot their network issues.  One notable experience from the field is where Intelligent Capture resolved the client disconnection/dropout issue by highlighting the missing response from the client for the AP’s request during roaming.

Your Eyes Need It

Instead of scrambling through the data or trying to replicate the issue, pick the magic goggles and with the see-through power find and resolve any complicated wireless issues in record time!

Source: cisco.com

Continue reading

Enterprise Network Availability: How to Calculate and Improve

Right now, I am sitting at home thinking about how the world is being held together by the Internet. So far, the Internet has stood up to our new reality amazingly well. This is despite redistributed traffic loads, and an explosive growth in interactive, high-bandwidth applications. For a brief time at least, even casual users are recognizing and appreciating the network’s robustness and availability.

We shouldn’t bask in this success yet. Failures will happen. And some of these failures might result in application impacts which could have been avoided. If you are an Enterprise Operator, now is the perfect time to examine your design assumptions against the new reality of your network. What weaknesses have become exposed based on the shift to Telework? What needs upgrading considering the shift in application mix and resulting performance requirements? 

One way or another, your end users will adapt to what you are providing. And it is best if your network is flexible and robust enough to meet new expectations. Nobody wants end-users to acclimate themselves to a degraded Enterprise network experience.

Key to supporting today’s needs is understanding the flexibility–or lack thereof—of the end-to-end network architecture. For your architecture you need to understand:

◉ the behavior of deployed technologies/protocols,
◉ the strengths and weakness of embedded platforms, and
◉ how your topology can handle application demands while remaining resilient to failures.

Each of these impacts the resulting end-user experience, especially during failures.

But where do you start this architectural analysis? You need to first establish a quantitative basis that measures end-user application availability and performance under various failure scenarios.  It is possible to do this as there is a direct relationship between the probability of failure and the end user’s perception of network availability. Such a quantitative basis is essential as availability with acceptable performance is ultimately how a network is judged. 

Getting to Five Nines

The best-known metric of network availability is known as “five nines”. What five nines means is that the end-user perceives that their application is available 99.999% of the time. This permits only 5.26 minutes of downtime a year. Depending on the application and network topology, this can be a very stringent standard.

Consider Figure 1 below which shows serially connected routers, switches, access points, servers, and transited clouds.  When these ten elements are connected without any redundancy, each of these elements must be up and available 99.9999% (or six nines) of the time for the end-user to perceive five nines of availability.  As six nines allows only 32 seconds of downtime, having a single reboot a year could prove problematic.

Figure 1: Serial Transport Availability

The good news is that with the proper network, application, and services architecture, the individual devices making up the Internet do not need to support six nines of availability. All we need to do is add some redundancy. The following network design includes such a well-architected redundancy-based design. For this network design, if each element is fully independent, and if each element is available just 99.9% of the time, then the end-user will experience 99.999% availability.

Figure 2: Parallel Transport Availability

Despite the user’s experience being identical, the difference between the two figures above is huge. We have reduced the availability requirements of all component parts by three orders of magnitude. And we have made something highly reliable from less reliable parts. This really shouldn’t be surprising however. From its very beginnings, the Internet was designed to be available even when devices were lost to nuclear attacks.

In the decades since the Internet’s conception, Cisco has documented many technologies and approaches to achieving a very high degree of availability. A small subset of these includes quickly converging routing and switching protocols, device and link redundancy, and boot time reduction. But such technologies and approaches are only part of the availability equation. Network operators have the ultimate say in deploying these technologies to maximize network availability. Strategies include the distribution of application servers across geographically and organizationally diverse datacenters, as well as redundancy of access and core networks all the way to ensuring that fiber-optic cables from different service providers don’t run in the same fiber conduit. These strategies are proven to be effective at providing high availability.

The result of all this good network design and planning is that the majority of application availability failures don’t come from equipment failures. Instead they come from equipment misconfiguration. Protecting the consistency of the network configuration is non-trivial and becomes more difficult as you add new technologies to the network. In fact, protecting network consistency is a key reason network operators are choosing to deploy controllers to manage device configuration based on higher level expressions of intent. One of the main goals of network controllers is to automatically ensure correct and consistent configuration of all of the equipment in the network.

Intent, while very useful in this role, might not address every dimension of application availability. Consider the picture below of an Enterprise network integrated with a Public-Cloud topology.

Figure 3: Public Cloud Apps need Enterprise Authentication

In this network design, the Public cloud-based applications accessed solely through cellular data do not just depend on the cloud. They still depend on the accessibility of an Enterprise’s RADIUS Authentication infrastructure. In other words, at best a cloud-based application will only be as available as access to your Enterprise Data Center. This is a nuance which very few end-users will be able to recognize or troubleshoot as a cause of availability issues.

New Technologies Add Risks to Availability

It is not just the Enterprise’s Authentication infrastructure which we need to consider when thinking about the future of availability. There is a set of forces which are changing network design. Geoffrey Moore has done much work describing the continuous technology invention and deployment cycle. Based on this, it is best to think of the network as a continually changing entity.

Figure 4 below shows a subset of the forces and technologies which are top-of-mind Enterprise network design. Each of these have the opportunity to improve or degrade application availability if they are not taken into consideration during the network design.

Figure 4: Emerging Technologies Use Controllers

With the advent of Software-Defined Networking (SDN), the emergence and growth of new types of controllers is a trend which broadly impacts network availability calculations. Above in Figure 4, you can see a number of starred* technologies. Each star represents a new controller involved in the establishment and maintenance of an application flow. And the result of each star is the addition of a transactional subsystem which impacts the calculation of network availability.

What are examples of these transactional subsystems? Historically we have depended on transactional subsystems as DNS, BGP, DHCP, and Wireless LAN Controllers. As networks evolve, we are seeing the proposal or introduction of new transactional subsystems such as OpenFlow servers. We are also seeing the evolution of existing transactional subsystems such as RADIUS/Identity. The RADIUS/Identity evolution is quite important here. The evolution of user and workload identification is becoming more complex as cloud systems are integrated into the Enterprise. It is worth considering the impacts to application availability as corporate access control gets more deeply integrated into the cloud via technologies like Azure AD, Google IAP, SPIFFE, and ADFS.

Calculating the Availability of a Component Subsystem

The emerging technologies listed above are changing established network availability profiles. As a result, now is a good time for you to revisit any previous calculations. And if you do not have previous calculations then this may be an excellent time to calculate your availability and determine if it is appropriate.  

If you are looking to get started, an excellent primer is the Cisco Press book “High Availability Network Fundamentals“. Although it is from 2001, it is still excellent.  Within the book the free introduction chapter discusses two base concepts upon which system level availability calculations are ultimately constructed. The first concept is Mean Time Between Failures (MTBF).  MTBF is equal to the total time a component is in service divided by the number of failures. The second concept is Mean Time To Repair (MTTR). MTTR is equal to the total down time divided by the number of failures. You can also think about MTTR is the mean total time to detect a problem, diagnosis the problem, and resolve the problem. Using these two concepts, it becomes possible to calculate expected component availability via the equation:

In this equation, “A” stands for availability, which is expressed as a probability of 0% to 100%.  Key in the equation are the words “component subsystem”.  A component subsystem can be one device. A component subsystem can also be a network of devices. A component subsystem can even be infrastructure software running on a cloud of virtual hardware. What is critical for the equation is that the failure modes of this component subsystem are understood and can be quantified.

While the equation itself is simple, quantifying MTBF and MTTR for any component subsystem does take some effort. To begin with you should acquire MTBF estimates for equipment provided by your vendor. You may then choose to adjust these vendor MTBF estimates by considering factors as diverse the age of the equipment and even your local weather.  But equipment MTBF is only part of the picture. MTBF for transmission links should also be considered. When estimating these numbers, you need consider questions such as “how often do you see cable cuts or other failures in your environment” and “how well secured are your networking patch panels?”

Beyond MTBF is MTTR of your component subsystem. Getting a history of your MTTR is easy — as all you need to do is divide the total outage time by the total number of repairs during a given reporting interval. But your historical MTTR might not be an accurate predictor of your future MTTR. The longest (and most painful) outages are infrequent. The best way to predict future MTTR is to estimate the average time it takes to make a repair across the universe of all conceivable repairs. This helps you start quantifying infrequent issues. Especially if you are a small Enterprise, you really want to understand the hours or days it might take to diagnosis a new issue type and then a get a spare part installed or a cable fixed by a qualified local support.

If you are interested in quantified examples of MTBF and MTTR, again I recommend “High Availability Network Fundamentals“. This book explores specifics at a useful level of depth.

Looking back at the component subsystem availability equation, it is important to remember that the perception of what a failure is at the overall system level is unlikely to be the same as the definition of a failure in a component subsystem. For example in Figure 2, a failure of any single router component should be invisible at the overall system layer. I.e., MTBF is zero at the system level as there is no user perceived system failure.

However, if there are concurrent failures in redundant subsystems, there will be outages at the system level. We need to account for this in our availability calculations.

Luckily most network failures are independent events. And where networks do have cascading outages, this is often the result of underestimating the traffic needing support during failure events. As a result, simulating traffic during peak usage periods while a network is under load should result in the provisioning of adequate link capacity.  And assuming link capacities are properly dimensioned, traditional system level availability equations, such as we describe in this article, can then be applied.

As a network designer, it is important to remember where there are failure domains which can span subsystems. For example, if a clustered database is shared between two nodes, then a failure here will potentially impact what you considered your redundant subsystem. When this is a possibility, it is necessary to dimension this failure type at the system level, being careful not to also double-count that outage type at the component subsystem level.

Once you have a handle on your subsystems, you can start assembling larger availability estimates using the three probability equations listed below:

Serial Transport Availability

The first of these probability equations is used to calculate availability when several transport systems exist in serial. Here each transport subsystem encompasses its own failure domain, with its own availability estimate. The availability of a serial transport subsystems is the product of all the subsystems, as the component subsystem failure domains are serialized. That is, if any subsystem in the chain fails the whole system fails. Below is an example of how such a network availability calculation might be made for a simple Enterprise topology where the user application is connected via WiFi to a server located in an Enterprise data center.

Parallel Transport Systems Availability

The second of these equations is where transport systems exist in parallel. In other words, one transport subsystem backs up another. These are, unsurprisingly, known as parallel transport subsystems. The availability of a parallel transport subsystem is 1 minus the chance the multiple subsystems are out at the same time. A good example of such a design would be your home Wi-Fi which is backed up by your service provider wireless data service.

In practice, parallel transport subsystems will eventually connect to some serial subsystem. This is because application servers will typically exist within a single administrative domain. A more complex example of parallel subsystems in practice is shown in the figure below. Here an SD-WAN service is used to back up an Enterprise core network, but the application servers exist in a single datacenter.

Business Critical Transactional System Availability

The third equation calculates business critical transactional availability. This calculation is much like that of the serial transport calculation in that the product of all subsystems is included. However, as a transactional subsystem might only be required at or before flow initiation, it is sometimes useful to separate out this calculation, as shown in the figure below. Here the application user is accessing the network via campus WiFi, the application is itself sitting in public cloud, and the Application Authentication Server (such as a RADIUS single sign-on server) is in the Enterprise datacenter.

Such a calculation shows that the availability of cloud service is dependent on the availability of the enterprise Application Authentication Server. It is interesting to note that perhaps only once a day a user might need to acquire authentication credentials needed to access a cloud service during the remainder of the day. Such caching of transactional information itself can improve availability and scale.

As you use these equations, remember that your results can be no better than the underlying assumptions. For example, each equation is most easily applied where there is a strict hierarchical topology consisting of uniformly deployed equipment types. Topologies with rings and irregular layering either need far more complex equations, or you need to make simplifying assumptions, such as users having slightly different experiences based on where they sit within your topology.

Results of Modeling

After you have constructed these system and component level equations, measure them! It is this measurement data which will enable you to prove or disprove the MTBF and MTTR assumptions which you have made. They might even enable you to make changes before a more serious outage adversely impacts your business.

When you have modeled and measured for a while, you will see that a well-designed, redundant network architecture plays a paramount role in achieving excellent and predictable availability. Additionally, you will internalize how good design results in networks which are capable of five nines to be constructed out of subsystems which individually are not nearly as available.

The results of such calculation efforts might even provide you the business justification needed to make fundamental changes in your network architecture allowing you to achieve five nines. This should not be surprising. This result has been borne out by decades of network operator experience across a variety of deployment environments.

What are your experiences?

As mentioned above, these methods of calculating availability are not new. However they can seem heavyweight, especially to network operators not used to such quantification. As a result, network operators sometimes make simplifying assumptions. For example, some Enterprise operators will assume that their Internet backbone providers are 100% available. Such assumptions can provide reasonable simplification as the backbone might not be part of that individual’s personal operational metrics.  

So how do you measure the availability of your operational environment? It would be great to hear from you below on any rules of thumb you use, as well as any simplifying assumptions you make!

Continue reading

How to Defend Against Command-and-Control attacks: Don’t let your network turn into a Zombie

Your network is increasingly targeted by cybercriminals. One of the most clever and damaging way they strike is through command and control attacks – a technique often executed over DNS. A command-and-control (also referred to as C&C or C2) server is an endpoint compromised and controlled by an attacker. Devices on your network can be commandeered by a cybercriminal to become a command center or a bonet (a term coined by a combination of the words “robot” and “network”) with the intention of obtaining full network control. Establishing C&C communications via a Trojan horse is an important step for them to move laterally inside your network, infecting machines with the intent to exfiltrate data.

Going After the Command-and-Control Servers

What does your new investigation workflow look like? Today we take a closer look at how a C&C server attack can gain a foothold into your network, and how Cisco can identify, detect and block this type of threat using an integrated approach to security.

Imagine a security analyst whose enterprise has invested in network traffic analysis. Let’s call him Sam. He works for large financial services organization with over 10,000 employees and more than 80,000 user accounts. It’s 6:00 PM on a Friday evening and Sam is getting ready to catch the latest Zombie apocalypse movie with his buddies. A notification pops up on his Cisco Umbrella console telling him that Umbrella has blocked malware from communicating with a C&C channel.

Sam investigates this threat using the Cisco Security

Sam is tired. He spends copious amounts of time running down rabbit holes every time his SIEM registers an alert as suspicious. He is ready for a faster, more effective way to block threats and protect his environment. He is excited to see if Cisco Umbrella, a secure internet gateway, will make his life easier. Cisco Umbrella offers both real-time threat Intelligence, as well as the capabilities to mitigate attacks across an organization in a split second. It acts as the first line of defense against internet-borne threats like C&C communications attempting to exfiltrate data. Sam knows a DNS block on the Umbrella can simply be a symptom of persistent malware on your endpoints. He investigates further.

Sam identifies the malicious domain that is the epicenter of a C&C activity using Umbrella. Umbrella automatically proxies, decrypts, and inspects all subsequent requests with AMP for Endpoint to make a determination about the threat. Sam can also choose to block newly seen domains outright on the console. Now, while Sam knows that not all newly seen domains are bad, he knows this could be part of an emerging malware campaign or associated with another threat. In this case, Sam sees that Umbrella is working and has successfully blocked the threat.

Figure1: Identify the C&C Domain in Umbrella

But Sam is curious. He wants to know more. Sam decides to analyze the malicious code and try to identify samples in Threat Grid, Cisco’s dynamic file analysis solution that referenced this domain. Umbrella Investigate shows him samples in Threat Grid that referenced this domain. He drills down deeper.

Figure 2: Sightings in Threat Grid that referenced this domain

Using the Threat Grid console, Sam quickly realizes the file is malicious. He sees two internal targets that can be potentially compromised with this attack. If successful, this infected server could connect to another server, ready to receive commands and do the botnet owner’s bidding by compromising systems and exfiltrating your data.

Figure 3: The Aha! moment: The Malicious Verdict

Sam is close to the Aha moment! He drills down to understand the behavioral indicators in Threat Grid. He gets every scrap of detail about this threat artifact. And sure enough, there’s our C&C connection. Victory!

Figure 4: Discovery: There’s our C&C connection.

But Sam wants more. Threat Grid also shows him the internal target that might need further analysis. It analyzes the files and suspicious behavior across his environment to deliver context-rich malware analytics and threat intelligence. Now that he is armed with insights into what the file is doing, he is ready to explore how this threat has impacted the network. Sam kick starts a threat investigation for observed internal targets in Cisco Threat Response using the Browser Plugin. The Plugin enables Sam to research any observable (e.g. Domain, IP-address, File-Hash, URL, etc.), on any HTML-based webpage, in Chrome. Interested in what Sam is doing? 

Sam now knows which systems inside our network have seen the malicious file. This information is provided by AMP for Endpoint, our cloud-delivered endpoint protection, detection and response solution, that helps you simplify this investigations with a broader context from endpoint, web, email, and network data.

Figure 5: The Pivot to Threat Response

Figure 6: Getting the Full Picture – the Relations Graph in Threat Response

Upon investigation, Sam confirms that the malware is already correctly identified and blocked. With Cisco Threat Response, Sam can now achieve faster detections, simpler investigations, and immediate responses.

Figure 7: Malware Identified and Blocked

For all the Sam’s of the world, this analysis can be at your fingertips too. With Threat Grid, you can easily construct a query using the Orbital Advanced Search feature, a new advanced capability in Cisco AMP for Endpoints based on the behavior observed when the sample executed. This feature accelerates your hunt for threats and enables you to shrink the lifecycle of an incident– mitigating any or further damaging cost of the breach to your business.

Figure 8: Orbital Advanced Search Query in Threat Grid

This Orbital query enables you to gain deeper visibility so you may discern whether this is an isolated incident in your network, or there are other devices that may have seen this in your network. Additionally, Threat Grid can shine a light on other techniques like code injection that attackers might be using based on key behavioral indicators of malware. Security teams can save time by quickly prioritizing attacks with the biggest potential impact. In our investigation, we have discovered important details about this attack, as well as the malicious, forged documents that the attackers are using.

Figure 9: Orbital Query, Figure 10: Potential Code Injection Detected

Cisco Advanced Malware Protection (AMP) for Endpoints Prevents Fileless Attacks

AMP for Endpoints’ Exploit Prevention engine prevents all variants of fileless malware without needing any prior knowledge of the attacks. There are thousands of threats attempting to embed malicious code that can take over your workflows. Sam makes sure that the Exploit Prevention engine is enabled in AMP to catch any such activity.

Sounds too good to be true. No way?

Figure 11: File is quarantined

AMP’s Exploit Prevention Engine remaps the runtime environment and its components (such as libraries and DLL entry and exit points) and places a decoy or a facade of these resources in their original locations. It then only let’s legitimate applications know their newly randomized address spaces. The end result is that legitimate processes continue to run seamlessly without experiencing any performance penalty, but anything else that attempts to execute in-memory can’t find its target, and therefore, cannot execute. Exploit Prevention’s remapping of the runtime environment effectively protects you against all variants of in-memory attacks, whether they are pre-existing or undiscovered zero-days deterministically. With that done, Sam is on his way to the movies.

Cisco’s Security Platform

Can you imagine flying an Airbus A380 without an air traffic controller? Cisco’s vision for a security platform is built from a simple idea that security solutions should act as a team, learning from each other, listening and responding as a coordinated unit. Our platform, Cisco SecureX,connects the breadth of Cisco’s integrated security portfolio and your entire security infrastructure for a consistent experience that unifies visibility, enables automation, and strengthens your security across your network, endpoints, cloud, and applications.

Try AMP for Endpoint

You could test out AMP for Endpoints and decide whether it’s right for you in under an hour. Don’t let C&C servers sit dormant in your environment and turn your computers become someone else’s malicious botnet!

Continue reading

Enterprise Networking Business 2019 Year in Review

Towards the end of this busy and innovative year, Cisco leadership decided to combine several businesses under one leader, SVP/GM Scott Harrell, to create the Intent-Based Networking Group. So, what is the meaning in a change of names? The new organization consists of engineering and product marketing teams from Enterprise Networking and Data Center, with a renewed focus on creating deep multi-domain integrations across wireless, wired, data center, cloud, and SD-WAN/edge computing.

The name change represents how we are focusing on solving customer challenges with complete intent-based networking solutions. As enterprises enhance the ways their workforce connects and collaborates, Cisco is there. As organizations move applications and data resources to multiple cloud platforms to improve flexibility and responsiveness of business processes, Cisco is there. When branch offices need to connect to SaaS applications over the internet, Cisco is there to secure the data, devices, and provide high quality of experience to the distributed workforce.

In this review of 2019 achievements, both technical and cultural, we will take a closer look at how our engineering teams’ accomplishments have benefited enterprises large and small, in every region in the world. Throughout this post, I’ll highlight products and solutions with links to past blog posts and external articles for deeper dives.

Solving Customer Digital Transformation Challenges

Everything we design, code, and manufacture is created to support our customers’ digital transformation journey with multi-domain connectivity, built-in security, and high-availability.

Expanding Wireless Connectivity with Wi-Fi 6

Top of mind for many organizations in 2019 was the arrival of Wi-Fi 6. Wireless connectivity is the preferred method of connecting devices to enterprise networks, applications in the cloud, and internet data sources. The next generation of faster, lower latency, and higher density wireless communications is already replacing the existing wireless LAN infrastructure and it is expected to be a high-priority, multi-year project for organizations of all sizes. To support this major transition, Cisco engineering created the Catalyst Access Points and Wireless LAN Controllers to exceed the Wi-Fi 6 standard, incorporating innovative features such as Flexible Radio Assignment, real-time analytics, integrated security, and intelligent capture. In addition, we introduced new Catalyst 9000 switches to unite the new faster and higher bandwidth wireless networks with the wired campus.

Many new enterprise endeavors are already relying on Cisco Wi-Fi 6 wireless technology to bring fast connections in high-density sites and in complex facilities, such as manufacturing, where older Wi-Fi bersions struggled to work at all. There will be even more innovations ahead as we work to connect the proliferation of IoT devices with Wi-Fi 6 with its power-saving capabilities to conserve IoT device battery life and the new Catalyst IE3k Rugged Series Switches.

As telecommunications service providers expand their 5G footprints, Cisco is providing methods for integrating the two wireless networks to deliver seamless connectivity and take full advantage of network slicing to provide specialized services to enterprise applications governed by common security policies. Wi-Fi 6 was a big leap in 2019 and will be even more important as enterprise workforces continue to be more distributed and mobile, while the business applications people need to access are hosted in multiple cloud platforms.

Uniting Campus and Branch with Cloud Resources using SD-WAN

2019 was also the year that Cisco SD-WAN powered by Viptela became the go-to solution for uniting a distributed workforce in branch offices, retail stores, and partners’ systems with cloud and SaaS applications. We built-in full stack security to ensure that using direct internet connections at branch locations to connect to cloud applications doesn’t expose data and devices to external and internal security threats. With centralized cloud management, Cisco SD-WAN connects remote offices with zero-touch edge routers, traffic segmentation, and threat detection using built-in Application-Aware Enterprise Firewall, intrusion detection system, and URL-filtering with Cisco Umbrella. As a result of these enhancements, Cisco SD-WAN was given a coveted CRN Product of the Year award.

Our next goal for SD-WAN last year was to ensure a high quality of experience (QoE) for cloud and SaaS applications being accessed by a distributed workforce. Working with cloud application providers, such as Microsoft and their Office 365 applications, we built Cloud OnRamps that automatically connect workers at branch offices with the nearest, or most efficient, point of presence for the desired application via the SD-WAN. Cisco Cloud OnRamps monitor and adjust traffic to ensure the best level of performance for the primary cloud application providers.

Taking the OnRamp concept one step further, we developed Cloud OnRamps for CoLocation for regional point of presence and IaaS centers. This advancement creates transport-independent connections to regional hubs to service multiple branches and business sites to provide high QoE for applications. The regional aspect of the colocation also addresses the need for some enterprises to keep certain types of personal data local, versus storing it in global clouds, while providing an SD-WAN fabric that is easy to manage from a central console.

Augmenting NetOps Skills with AI and Machine Reasoning

Just because networks grow in complexity doesn’t mean they have to be complicated to manage. But trying to make sense of the billions of data points generated by campus-sized networks of switches, routers, and access points can quickly overwhelm an IT team. Using machine learning, machine reasoning, and artificial intelligence algorithms to analyze the vast data lakes of telemetry to determine norms and anomalies, we developed Cisco AI Network Analytics to help IT navigate the torrents of network telemetry to zero-in on time-critical problems. Applying machine reasoning to the analysis of network anomalies leverages thousands of man-hours of Cisco troubleshooting knowledge to suggest the correct remedies for many challenging issues.

Empowering IT with an Architecture for Access Control

To simplify the complexity of campus to branch to cloud connectivity, we augmented Cisco SD-Access with additional intelligence to translate business intents into segmentation and security polices—a foundational aspect of intent-based networking. SD-Access shifts the workload from IT staff performing routine tasks of onboarding individual devices and managing network configurations, to building intelligence into the network. The network learns to manage itself by, for example, automatically onboarding specific device types with pre-determined security and access policies that follow people and devices across the wired and wireless fabrics, from ground to cloud.

We also improved the Cisco Identity Services Engine (ISE) to work with multiple Cisco DNA Centers. This enables regional Cisco DNA Centers to leverage a master instance of Cisco ISE so that SD-Access can apply access and segmentation policies across each region. With this capability, SD-Access ensures that security and access policies defined by corporate IT are implemented consistently across global networks, while enabling regional control over specific aspects of workforce and device rules.

Focusing on Innovations in Connectivity Solutions

At several 2019 events, Cisco had the opportunity to demonstrate OpenRoaming, an open method of enabling mobile devices to automatically and securely connect to Wi-Fi networks without entering IDs and passwords. We created the OpenRoaming Federation ecosystem with partners such as Apple, Intel, and Samsung. As the Federation grows with additional device and access providers, the general public will be able to seamlessly connect to authorized Wi-Fi networks in stores, public spaces, and offices without manually signing in to captive portals with IDs and passwords. OpenRoaming unites wireless connectivity from LTE, 5G, and Wi-Fi to provide continuous internet connectivity to the applications people depend on for collaboration, finance, shopping, and community. Last year, OpenRoaming was demonstrated in real-world environments such as Mobile World Congress in Barcelona, Cisco Live in San Diego, Cisco Impact in Las Vegas, and a public trial at the Canary Wharf Group business center in London.

Building on the premise of always-on connectivity for mobile devices with OpenRoaming, we released the Cisco DNA Spaces Cloud Location Platform to empower property managers to interact with guests’ devices to offer location-specific services, wayfinding, and customized experiences. For sites that already use Cisco access points, capabilities such as Operational Insights, Locate, and Detect are available through Cisco DNA Center and the DNA Spaces SDK for building custom location apps, with no need for additional hardware or software overlays. Physical spaces become digital spaces that improve customer service by measuring and understanding the habits and preferences of guests using wireless devices.

Worldwide Events Bring Cisco Customers and Engineers Together

Like most technology companies, Cisco often announces new solutions sets in conjunction with customer and partner events that provide an opportunity to receive immediate feedback from customers, industry analysts, and the technology press. This year we used events to unveil and demonstrate:

◉ OpenRoaming and DNA Spaces Cloud Platform at Cisco Live Barcelona

◉ Wi-Fi 6 Catalyst Access Points and Wireless Controllers at Cisco Live Melbourne

◉ Cisco AI Network Analytics at Cisco Live San Diego

◉ SD-WAN integration with MS Azure vWAN and Office 365 at Partner Summit

◉ SD-WAN integration with AWS Transit Gateway at AWS re:Invent

Being Inclusive and Innovative Makes Cisco the #1 Place to Work

Cisco stands committed to empowering business, society, and people to help develop a more Inclusive Future for all stakeholders. Our investments in Country Digital Acceleration (CDA) goes hand in hand with our People, Culture, and Social Impact initiatives to solve some of the world’s most challenging problems.

Our innovation mindset in Enterprise Network engineering produces an average of 300 patents a year. To turbocharge our internal thinking, we host or participate in multiple events throughout the year. For example, our annual EN Hackathon combines team building with technical prowess and a healthy portion of fun, to generate original prototypes that could one day become products that solve customer challenges. The Pioneer Awards represent a similar take on innovation, but with a focus on solutions brought to market that are making a significant impact—the Cisco AP4800 with Location-based Intelligent Capture was this year’s best product, and the best productivity solution went to WARP (Workflow Architecture Renewal Program), which is key to keeping the IOS XE network operating system up-to-date. Engineers also attend external events—such as the Grace Hopper Celebration and Women of Impact—to broaden their thinking and make new professional connections.

One result of these internal and external celebrations of innovation is that Cisco was named #1 World’s Best Workplaces by Great Place to Work in 2019, capping off a year of employee engagement and Cisco’s Corporate Social Responsibility (CSR) in a wide variety of social endeavors around the world.

Enterprise Network Engineering is a significant driver of Cisco solutions. We take great pride in our innovations and progress in producing quality solutions for our worldwide customers. Now that we are an integral part of the larger Intent-Based Networking Group, I personally look forward to the amazing journey ahead in 2020.

Continue reading

Wi-Fi 6E: The evolution of next generation wireless access

Wi-Fi 6 just arrived, bringing better speed and more capacity to wireless networks. And soon it’s going to get even better, thanks to the FCC opening up of all-new 6 GHz frequencies for Wi-Fi 6. The name of this extension to the standard: Wi-Fi 6E.

When the new 1.2 GHz of spectrum (500 MHz in the EU) starts getting built into devices later this year, it will unleash new potentials for networks, and help them meet the growing demand for high-performance connectivity.

The Need for More Unlicenced Spectrum

Moving from one Wi-Fi generation to the next – currently in the sixth generation – all wireless devices share the crowded 2.4 and 5 GHz bands. They are constantly competing for bandwidth. The limited spectrum and channels in those bands cause significant issues for users. There are very few non-overlapping 80 MHz or 160 MHz (in 5 GHz band) channels to prevent interference caused by devices on overlapping channels. In fact, it’s almost impractical to enable these wide band channels in dense environments such as venues with hundreds of access points. Besides, the 20 MHz and 40 MHz channels are not wide enough to support high data throughput for bandwidth-intensive applications.

These problems have been exacerbated by the proliferation of wirelessly connected IoT devices and data growth. For example, Wi-Fi and mobile devices will account for more than 75 percent of all Internet traffic by 2022.

We need more unlicensed spectrum to deliver on the Wi-Fi brand promise, and that’s what the new 6 GHz frequencies will deliver.

The Promise of Wi-Fi 6E

To keep unlicensed Wi-Fi devices running in the 6 GHz band from interfering with incumbent users of the band such as microwaves links, the FCC is proposing some technical restrictions. These rules divide the overall spectrum into 4 separate bands with their own boundaries. For example, a Wi-Fi device could only operate indoors at low power in order to ensure unlicensed services can coexist safely with existing incumbents. (Figure 1)

Figure 1 – 6 GHz Wi-Fi Channels

Wi-Fi 6E brings the following improvements and enables important use cases:

1. More spectrum

An additional 1.2 GHz spectrum, twice the size of the current Wi-Fi bandwidth, offers more non-overlapping channels i.e. 59 additional 20 MHz channels  And only Wi-Fi 6 devices are allowed in this new spectrum. No legacy (Wi-Fi 5 or earlier) devices will have access to it. Wi-Fi 6 not only gets the additional bandwidth of Wi-Fi 6E, it uses that bandwidth more efficiently, which makes this new spectrum great for solving capacity problems in large public venues, such as concert venues or sports stadiums. This not only enables better user experience but opens the gateway for quality live streaming connections.

2. Higher throughputs

As envisioned, Wi-Fi 6E makes available large contiguous blocks of spectrum. With 14 additional 80 MHz and 7 additional 160 MHz wide channels, it allows for high-throughput and concurrent data transmission. This enhances applications that require high bandwidth such as augmented and virtual reality (AR/VR) and real-time immersive gaming on Wi-Fi 6 devices. It will further the current Wi-Fi 6 capabilities for the next generation of learning where every student in a classroom or in a school can use a VR headset for their education at the same time.

3. Lower latency

The high frequency spectrum of Wi-Fi 6E opens up entirely new horizons for ultra-low latency and emerging data-intensive applications and services, such as telehealth. Wi-Fi 6E is able to provide reliable and consistent low-latency connectivity for critical applications that can’t afford data delays. This allows, for example, patients to connect virtually with doctors and get real-time diagnostics on their high-quality 3D CAT exam or MRI.

All in all, Wi-Fi 6E expands the horizon of user connectivity, opens opportunities for emerging use cases, and enables enterprises to push boundaries with innovations. Cisco is actively partnering with the regulatory agencies working on Wi-Fi expansion. We will keep you updated as regulators finalize the operational requirements. Watch for product announcements from Cisco that will seize upon this new spectrum.

Continue reading

Enterprise Networking in 2020: 5 Trends to Watch in Wireless, SD-WAN, More

Networking isn’t what it used to be. A few years ago, the epicenter of networking began to move. It shifted from company-owned datacenters, out to the cloud. For users, the focus of networking moved from computers connected with wires, to mobile devices connected over the air. These fundamental shifts, in where business processes run and how they’re accessed, is changing how we connect our locations together, how we think about security, the economics of networking, and what we ask of the people who take care of them.

So it is going to be an exciting year. Here’s how:

Wireless: It’s Wi-Fi, It’s 5G. It’s Both.

In 2020, Wi-Fi 6 will enter the enterprise, through the employee door and through enterprise access point refreshes. 5G will also appear, although in 2020, it will be mostly for consumers.

The latest smartphones from Apple, Samsung, and other manufacturers are Wi-Fi 6 enabled, and Wi-Fi 6 access points are currently shipping to businesses and consumers. 5G phones are not yet in wide circulation, although that will begin to change in 2020. We project that through 2020 more people will be using Wi-Fi 6 than 5G.

2020 will also see the beginning of a big improvement in how people use Wi-Fi networks. The growth of the OpenRoaming project will make joining participating Wi-Fi networks as easy as using a cell phone in a new town: Users won’t have to think about it.

While “5G” service will roll out in 2020 (some is already switched on today), almost none of it will be the ultra-high speed connectivity that we have been promised or that we will see in future years. With 5G unable to deliver on that promise initially, we will see a lot of high-speed wireless traffic offloaded to Wi-Fi networks.

2020 will also see the adoption of new frequency bands, including the beginning of the rollout of “millimeter wave” (24Ghz to 100Ghz) spectrum for ultra-fast, but short-range 5G; and of CBRS, at about 3.5Ghz, which may lead to the creation of new private networks that use LTE and 5G technology, especially for IoT applications. We will also see continued progress in opening up the 6 GHz range for unlicensed Wi-Fi usage in the United States and the rest of world.

Eventually, having even more pervasive, high-speed, secure wireless connectivity will open up new kinds of business opportunities in all industries, from healthcare to transportation. In combination with the improved performance of both Wi-Fi 6 and (eventually) 5G, we are in for a large – and long-lived – period of innovation in access networking.

The Network as Intelligent Sensor

Businesses have started to use their networks for more than data transmission. Now they’re being used to sense their environments as well. This is going to have big impacts on business – not just for network operators, but directly to the bottom line as well.

With software that is able to profile and classify the devices, end points, and applications (even when they are sending fully encrypted data), the network will be able to place the devices into virtual networks automatically, enable the correct rule set to protect those devices, and eventually identify security issues extremely quickly. Ultimately, systems will be able to remediate issues on their own, or at least file their own help desk tickets. This becomes increasingly important as networks grow increasingly complex.

Wireless networking equipment can also collect data on how people and things move through and use physical spaces – for example, IoT devices in a business; or medical devices in a hospital. That data can directly help facility owners optimize their physical spaces, for productivity, ease of navigation, or even to improve retail sales. These are capabilities that have been rolling out in 2019, but as business execs become aware of the power of this location data, the use of this technology will begin to snowball.

SD-WAN Plans Solidify in 2020

The workplace is becoming virtual, not physical. Businesses now hire talent wherever it is, and these dispersed employees are connecting to increasing numbers of cloud services. This dispersal of connectivity – the growth of multicloud networking – will force many businesses to re-tool their networks in favor of SD-WAN technology. IDC research shows that almost 95% of the enterprises they surveyed expect to be using SD-WAN within 24 months.

Meanwhile the large cloud service providers, like Amazon, Microsoft, and Google are connecting to networking companies (like Cisco), to forge deep partnership links between networking stacks and services.

When it comes to their own WAN solutions, each enterprise is different. Some enterprises, looking for security solutions that align with compliance regulations, need on-premise security. Smaller businesses often want their security solutions in the cloud. Many businesses will need hybrid solutions that combine elements of traditional on-premise control for compliance, with cloud-based solutions for flexibility and agility. Security, and workloads, have to be installed where they meet the needs of the business.

This is going to lead to a growth in business for managed service providers (MSPs), many more of which will begin to offer SD-WAN as a service. We expect MSPs to grow at about double the rate of the SD-WAN market itself, in line with IDC’s predictions. We also expect that MSPs will begin to hyper-specialize, by industry and network size.

Multidomain Needs Spur Controller-Based Integration

The intent based networking model that enterprises began adopting in 2019 is making network management more straightforward by absorbing the complexities of the network. However, networking systems are made up of multiple networks themselves (for example, campus networks and WANs), as well as domains of technology that are traditionally managed in their own domains (for example, security). For better management, agility, and especially for security, these multiple domains need to work together. Each domain’s controller needs to work in a coordinated manner to enable automation, analytics and security across the various domains.

Increasing network complexity fuels adoption of multidomain technologies.

The next generation of controller-first architectures for network fabrics allow the unified management of loosely-coupled systems using APIs and defined data structures for inter-device and inter-domain communication. With the way networks are changing, there is no other solution to keep ahead of system growth and complexity.

From Network Engineer to Network Programmer

The standard way that network operators work – provisioning network equipment using command-line interfaces like CLI – is nearing the end of the line. Today, intent-based networking lets us tell the network what we want it to do, and leave the individual device configuration to the larger system itself. We can also now program our updates, rollouts, and changes using centralized networking controllers, again not working directly with devices or their own unique interfaces. But new networks run by APIs require programming skills to manage. Code is the resource behind the creation of new business solutions.

If maximizing the value of these controllers means getting up to speed with programming them, there’s a big opportunity for the people who get ahead of this trend. But it will not be an easy change. Retraining yourself (or your team) is expensive, and not everyone will adapt to the new order. For those that do, the benefits are big. Network operators will be closer to the businesses they work for, able to better help businesses achieve their digital transformations. The speed and agility they gain thanks to having a programmable network, plus telemetry and analytics, opens up vast new opportunities.

It remains critical for individuals to validate their proficiency with new infrastructure and network engineering concepts. With training, network operators will be able to stay closer to the businesses they work for, providing value beyond maintenance and support. Networks in 2020 will become even more central to how businesses function. As always, CEOs will direct resources into infrastructure projects that directly generate revenue.       

2020 Will be Transformative

Together, new capabilities will make networks into even more important business assets, and companies will leverage them in ways that we have not imagined.

We just finished surveying over 2,000 network executives and operators on the future of networking.

Continue reading