Sunday, 1 September 2019

Take bigger risks with the right trusted advisors

Cisco Tutorials and Materials, Cisco Guides, Cisco Certifications, Cisco Learning, Cisco Online Exam

When I look back at all the chances I have taken in my life – moving to New York City out of college having never visited prior, to leaving that career with no direction of what was next, to joining Cisco back in 2012 having no technology background whatsoever. I ask myself what gave me the strength and resolve to do so (after I ask myself was I crazy), and the overwhelming response is that I have always had a strong support system.  My parents packed me up and drove me from North Carolina to New York, and they also packed me up and drove me from New York back to North Carolina.  My husband and my friends helped me formulate my plan, provided me with sound advice and lent their shoulders to lean on when I took the leap of faith to come to Cisco.  Without any of these people, I would not be here today.

The same can be said for our customers and partners as they work to differentiate themselves in an ever-increasing competitive market.  Those who want to set themselves apart must be innovative, provide an amazing customer experience, but also insure a high level of security at the same time.

According to Steve Martino, SVP and CISO for Cisco; “Companies need to balance security vs business risk, and user experience. Once you have that balance, you need a program that applies defense with an active response for when things go wrong. Human error is a reality and there’s a multi-billion dollar cybercrime industry today that bets on it. You need to plan for that error and be able to respond quickly when it happens. Every day we find successful attempts to defeat our security defenses due to human error, or dedicated bad actors targeting our assets, or to software vulnerabilities; and every day we validate that our active detection and responses are finding and containing these attacks. That’s how I know we have a fully functional security program..”

When you have a strong incident response plan in place, you are able to take bigger risks, but where do you start if you don’t have a plan?

Cisco Tutorials and Materials, Cisco Guides, Cisco Certifications, Cisco Learning, Cisco Online Exam
All rights reserved to Sandra Cifo

Cisco Incident Response Service


You need proactive plans to help you prepare, and expertise to coordinate and carry out a response.  Cisco’s Incident Response Service provides everything a business needs to develop, implement, and manage the plan, including the option of setting up a flexible retainer to provide proactive and emergency defense services.  An elite team of experts is available and ready to respond within four hours, and they can be traveling to your site within 24 hours.

Cisco Talos is the world’s largest threat intelligence service, to back up the response team.  This is combined with the full Cisco portfolio, including AMP for Endpoints, Umbrella, and ThreatGrid.  These tools not only protect against exploits, but can also identify and trace attempts and breaches across the network.

With all of this, the customer receives the benefit of a stronger security posture through a robust and resilient SOC environment.  This results in a savings of money and reputation and can get a business back to normal operations quickly after a breach.  This solution also works with the existing security infrastructure.

When I came into Cisco, the smartest thing I ever did was partner with people who were smarter than me and could support my learning as I have grown in this career.  The same can be said for our customers – the smartest ones are the ones that realize they can’t do this on their own and reach out to trusted advisors for help.

Saturday, 31 August 2019

Drive Your Cloud Services Portfolio with Webex and the Jobs to be Done Framework

Cisco Tutorials and Materials, Cisco Certifications, Cisco Learning, Cisco Guides, Cisco Online Exam

How service providers (SPs) can use the Jobs to be Done (JTBD) framework to better engage with their customers and achieve superior results. In this post, we look at how JTBDs are applied for the Cisco Webex suite. We look at key elements of JTBD construction such as the buyer and purchase dynamics.  We then learn how you can extend Webex JTBDs to differentiate and target your own cloud services offer.

Jobs to be Done Overview


As we learned in Part 1, the JTBD framework is especially powerful when combined with advanced digital engagement methods and larger go-to-market transformation initiatives. In go-to-market transformations, SPs apply digital capabilities to better orchestrate customer interactions across digital and non-digital channels through the end-to-end customer lifecycle.

JTBDs are woven into customer touch points and achieve maximum impact where SPs deliver the right message and experience, to the right persona, at the right time.

Using this approach is especially important for cloud services where customer experience is king, and churn is your biggest enemy. Forbes recently reported that 89% of businesses now compete primarily on the basis of customer experience, up from 36% in 2010.

JTBDs take considerable effort to develop. Building these out requires deep customer engagement, rounds of working with product UI/UX, testing via focus groups, and then verifying via A/B testing and analytics. Finally, you bring your JTBD to life through creative teams and designers.

Apply Jobs to be Done for Webex


To give you some examples of this, we will walk through JTBD highlights for Webex. Note that these Webex JTBDs are new. Webex now incorporates a broader set of capabilities, delivering not only meetings, but Webex Teams, Webex Cloud Calling, and Webex Conferencing Devices. These can be packaged and delivered alongside Cisco handsets, headsets, and other enabling hardware. This powerful suite enables you to target more important jobs for your customers. In addition, the expanded Webex suite can be delivered via the Cisco cloud, offering open APIs to third-party applications and better support for customer cloud migration strategies.

One of the first and most important elements of JTBDs is the focus on the buyer. For Webex, there continues a focus on seamless user experience and industry-leading benefits for IT leadership.  With an expanded set of capabilities, Webex becomes even more important for the IT buyer, firm leadership, procurement activities, and businesses operations.

We see two ways that you can apply JTBDs as you engage IT leadership in their purchase process:

1. Buying groups: While IT may lead the procurement process, the decision itself is more likely done in a group setting with multiple interests or JTBDs represented. Sirius Decisions recently reported that 59% of B2B decision-making is now made by “buying groups.” This dynamic suggests a benefit in identifying multiple JTBDs and how they can appeal across different key purchase influencers or personas in these buying groups.

2. Consumption dynamics: Although Webex is typically purchased by an IT Director, CIO or business owner, the success of the implementation depends on user adoption and consumption. Buyers need to reflect the interests of the firm’s target “end users,” e.g., the broader base of employees who need communications and collaboration tools. Not to be too clever here, but one of the “jobs” of the buyer (and buyer group) is to represent the “jobs” of their end-users.

Cisco Tutorials and Materials, Cisco Certifications, Cisco Learning, Cisco Guides, Cisco Online Exam

Figure 1:  How JTBDs are “rolled up” to the CIO for communications solutions from 1) C-suite buyer groups and 2) end-user consumers

To address the above purchase dynamics, our Webex JTBDs focus on the IT leader but include the context of other key stakeholders. By taking related C-suite issues into account, Webex JTBDs give you an ability to target the majority of the C-suite as your potential buying group. We also worked in key end-user issues and common challenges related to mobility, device UX, and inter-generational demands.

Webex Jobs to be Done Summaries


In sum, we identified three starter Webex JTBDs and have presented them in the tables below.  These tables include the target C-suite personas, the C-level purchase priorities, the JTBD classic statement format, and a small amount of supporting third-party data:

JTBD 1
Workplace Transformation to Serve Agile Staff
Targets CEO, CIO, COO
Priorities CEO, CIO, COO
JTBD
statement
- Employee engagement
- Retain top talent
- Productivity & execution
JTBD
statement
“Agile workers are the future of our business but struggle with an antiquated and inconsistent communications experience. Webex offers ease-of-use, device flexibility, and analytics to transform the workplace and create a connected business environment. This helps us retain top talent and lets agile workers not only engage in the business but achieve greater productivity and execute against their targets.”

JTBD 1 key insight: Webex is not about meetings or calling but about managing your workforce, employee retention, getting the most from your talent, and the culture of your organization.

JTBD 2 Cloud Migration to Drive Growth Initiatives
Targets CIO, CFO, COO
Priorities - Drive growth initiatives
- Control costs
- Support distributed workforce
JTBD
statement
“Moving business applications to the cloud is a strategic imperative. The cloud is key to growth and better supports our distributed workforce. We need a path to the cloud with minimal disruption and at a pace that fits our unique mix of site needs and budget. Webex provides hybrid support, flexibility, and channel support to let me move mission-critical calling, collaboration, and contact center applications to the cloud with assurance and confidence.”
Snippets of supporting data “Data and Analytics” and “Cloud” are cited as #1 and #2 disruptive technologies (77% and 74% impact) affecting how businesses are running their operations, i.e., driving productivity, running workflows, moving goods and services, operating infrastructure, and carrying out business activities, according to KPMG, 2017.


JTBD 2 key insight: cloud migration is the number one initiative and all-consuming for many CIOs. It is a huge gating factor to growth and breakthrough leaps in efficiency.  Webex gets you to the cloud faster.  Tap into that.

JTBD 3 Secure Communications or Lose Our Jobs 
Targets CIO, CFO, COO
Priorities - Protect customer data
- Reduce loss of intellectual property
- Manage compliance & reduce regulatory risk
JTBD
statement
“Security is now a critical part of everything we do, especially with sensitive communications and customer data. I need communication and collaboration solution with security "baked-in" so we can focus on growth initiatives and sleep soundly at night.”
Snippets of supporting data The Conference Board reported that US CEOs rank cybersecurity as their #1 external concern for 2019. Security is the #1 management issue cited by CIOs and other IT executives surveyed by the Society for Information Management (SIM).

JTBD 3 key insight:  security is  non-negotiable.  It keeps CIOs and other C suite leaders up at night.  IT staff lose jobs over security.  Piece-part security solutions create enormous amounts of work and headaches for IT.  Do your customers an enormous favor and remind them of the depth and breadth of Webex and Cisco security capabilities.

Use Jobs to be Done for Your Offers


We feel that these JTBDs offer a strong starting point to engage prospects and customers. Instead of talking “product-out,” your sales teams and marketing content should lead with the customer concerns, or “customer-in” challenges. Instead of talking about specific features, hardware, or phone systems, the discussion might start with business objectives, growth plans, and customer experience.

These JTBDs are just the beginning for partners. As partners wrap their unique capabilities around Webex, even more compelling JTBDs are created. You can tackle the bigger and even more important “jobs” of your customers by combining Webex solutions with your broader solutions portfolio. Partner services that align with Webex include network solutions, managed services, migration services, systems integration, and overall service assurance. Not only does this help differentiate your Webex offer, but it can you drive an improved overall experience and set of outcomes for your customers.

Another important consideration is where you can enhance Webex JTBDs in combination with additional Cisco technologies and services. This includes Webex combined with Cisco networking, hardware, security, and channel certifications. These extended JTBDs bring even more tightly orchestrated and compelling value to customers, and even greater benefits for the CIO and key stakeholders.

In conclusion, SPs face an incredible opportunity to target and win the $2.1T enterprise spend on digital transformation that IDC forecasts  for 2019.

To best address this opportunity, you should:

1. Embrace digital engagement,
2. Lead with Webex and the greater Cisco portfolio, and
3. Use advanced go-to-market frameworks such as Jobs to be Done.

Friday, 30 August 2019

Secure and Compliant Collaboration with Webex Teams

Cisco Study Materials, Cisco Tutorials and Materials, Cisco Guides, Cisco Online Exam

Easy, Secure Collaboration


In today’s modern and digital workplaces, teamwork transcends organizational and functional boundaries. Effective, secure, and compliant collaboration with your stakeholders, partners and customers is paramount to improving productivity.

Compliance, administration security controls and policies vary greatly across organizations and industry verticals. For any modern collaboration platform, it’s critical to have the flexibility to facilitate communications with external participants outside of the user’s organization – coupled with security controls that minimize friction for users. Webex Teams has a rich set of features spanning compliance, administrative controls and visibility – giving you a secure collaboration experience.

Webex Teams is the easiest messaging platform to set up for cross company collaboration

By default, Webex Teams is an open platform allowing users to communicate with others both inside and outside the organization – while still maintaining end to end encryption and control.

Compliance


Organizations need to comply with internal and external rules and regulations. Companies in regulated industries have to meet regulatory mandates in addition to their own compliance and data loss prevention policies. Cisco Webex Teams allows organizations to ensure compliance around data loss prevention through integration with leading CASB solutions like Cisco Cloudlock. These integrations allow visibility into all user generated content with immediate detection and remediation of user actions and posts that violate your compliance policies.

In addition, Cisco Webex Teams also supports “legal hold” to help organizations with data retention requirements to support legal investigations for compliance. During a litigation proceeding, organizations may be required to preserve data for a period that may be longer than their normal retention policy. In this case, legal hold can be enabled to ensure that relevant information is not purged, but instead retained until the litigation or investigation is complete.

Control


Under certain circumstances and regulatory environments, it may be necessary to block communication with external users who belong to a different organization. Administrators can enforce this policy and block external communications easily with native controls built in Webex Teams. When configured appropriately, users in the organization will no longer be able to message users outside their organization. We are enhancing this capability to allow limited communication to users only in approved domains via a Whitelist created and maintained by admins.

Cisco Study Materials, Cisco Tutorials and Materials, Cisco Guides, Cisco Online Exam

Visibility


Communications with users outside an Organization represents a fairly significant surface area of risk and exposure. With some messaging solutions, administrators and compliance teams have no visibility when users communicate with people outside their organization. Webex Teams enables users from multiple companies to create cross-company channels and allows administrators or compliance officers from both companies to have visibility into all communications generated by users who belong to their respective organizations.

The built in ediscovery search tool provides Compliance officers the ability to search and extract content generated by specific custodians (users) across a time range of interest.

Cisco Study Materials, Cisco Tutorials and Materials, Cisco Guides, Cisco Online Exam

Additionally, many enterprises have invested in enterprise content management (ECM) solutions. Webex Teams allows integration with ECM solutions, such as Microsoft OneDrive and Sharepoint Online, and ensures that only files permitted by the ECM solution can be shared via Webex Teams. Access control policies and permissions configured in the content management system extend to users of Webex Teams in a seamless fashion without the need for any replication.

The setup has zero deployment cost, requiring just a simple toggle in Webex Control Hub. Additionally, it requires no change to an organization’s existing data loss prevention (DLP) policies, or the need to buy additional licenses. Moreover, Webex Teams also provides IT administrators with full control, so they can decide which SharePoint Online and OneDrive domains or Office 365 Tenant they want to use. This means that only IT-approved domains are available to users, thus minimizing the risk of data leakage while providing greater protection against malware threats.

Webex Teams also allows IT managers to disable storage of user documents in the Webex cloud without impacting user workflows. All user files are stored only in IT’s selected file storage system- including file previews. Content Management settings are very easy to configure as shown below.

Cisco Study Materials, Cisco Tutorials and Materials, Cisco Guides, Cisco Online Exam

Thursday, 29 August 2019

The Agility Quadrant

Last evening, I had a lively discussion with my friend Paul on the state of agility in his organization, a midsize company of about 6000 employees. He mentioned that agile is the flavor of the year in his organization and that their executive Samuel had set a goal “We shall be agile by the end of this fiscal year!” He further mentioned that Samuel had directed all his reportees to comply and put Melissa in charge of the transformation

Melissa was Paul’s manager and – guess what – in their last one-on-one discussion, she tasked Paul with this responsibility. So, the responsibility of agile transformation had been delegated to Paul.

My next question to Paul was on his action plan. Paul mentioned that he had been given a good budget. So, he had reached out to the best vendor in the market to come in and ensure that “We shall be agile by the end of this fiscal year!”

Clearly, Paul and his organization had not heard of the Law of Conservation of Agility, which states that:

Agility can neither be delegated nor be outsourced; it can only be cultivated by self and instilled, ingrained by leadership, within and outside.

Let’s try understanding the implications of delegation and outsourcing of Agility. I love to explain this through the LIDO Quadrant.



1. DI —The Quadrant of FRUSTRATION

This is where Paul’s organization started. Leaders have heard the buzzword “agile” and wish they could use the adjective for their organization. There is no effort in place to change things from the top. Agile is considered as a thing for IT and more specifically software development portion of the entire value stream. Leaders expect the people to adopt agile practices. Leaders believe that agile is a shiny cloak that can be worn over the same old dirty clothes without any effort of cleansing the clothes and the body that clads the cloak.

Organizations in this quadrant have a bunch of employees with fancy certifications who are expected to help transform people into agile beings. Employees in such organizations end up taking the same instructions as before from the leadership by standing up instead of sitting down(through Daily Stand Ups). Concepts of continuous prioritization at the portfolio; framing and evaluating the hypothesis behind portfolio initiatives; funding value streams as opposed to projects remain alien concepts.

The empowerment and transparency tenets of Agile are conveniently overlooked. Employees continue to work on fixed scope and delivery date mechanisms but are expected to provide status updates daily.

This is the quadrant of demotivation and frustration where employees feel micromanaged in the garb of Agility. The most likely comment that you may hear from organizations in this quadrant is “Agile doesn’t work!”

2. LO — The Quadrant of INSECURITY


This quadrant is a mixed bag. Leaders understand the basic but outsource the transformation completely to outside consultants. Outside consultants can be wonderful agents to educate an organization and kick start the process of transformation. However, familiarity and respect for the organization’s culture is very important and is the critical missing piece here.


An internal Agile Centre of Excellence can vastly mitigate the cultural shock. Purists may agree that you cannot do “part time” agile. At the same time, agility is not a cookie cutter that can be applied to any organization. The focus needs to be on values and principles of agility and not on mechanics of Agility like how to use an agile project management tool or how to settle the debate on a user story being five story points or three. An internal Centre of Excellence with the right coaches can be a great recipe for success as it helps people soak in these concepts.

Organizations in this quadrant may see initial signs of success due to “compliance” but it ultimately wears off as the outsider vs insider debate catches on. Employees tend to have a sense of insecurity as they are often expected to change their way of working based on the view of people who do not have a complete stake in their success. The most likely comment that you may hear from organizations in this quadrant is “Do we really need agile?”

3. DO — The Quadrant of INDIFFERENCE


This is the quadrant that Paul’s organization landed in after starting with DI, the quadrant of frustration. Organizations with large wallets often end up in this because they think that agility can be bought. Statements of Work with outside vendors are created with the expectation that they bring the magic potion that can transform the organization. There is a lack of sincere attempt by the leadership to imbibe and practise the basics.


This quadrant gives you the myth of agility. Leaders feel they are agile because they have invested in the best vendor and the vendors provide vanity metrics to show the organization is now agile. Everyone is happy and the organization claims victory. The myth “we are agile” has engulfed the organization.

Organizations in this quadrant end up going nowhere. Agility, which talks about taking a product view as opposed to project-centric view, itself ends up being a project! And once the project ends, things are back to the old ways. The most likely comment that you may hear from organizations in this quadrant is “Who cares!”

4. LI —The Quadrant of RELENTLESS IMPROVEMENT


This is the quadrant where leaders inspire the organization to agile maturity through their actions and practices. Leaders understand the values and principles of agility and catalyze the mindset transformation of their organizations. They do so by empowering in-house change agents and leaders. These change agents are mindful of the culture of the organization and have a good understanding of the precise areas to focus.


People feel happy about the change as they see every level of the organization living those values. They get the feeling that “we are all together in this.” They understand that it is not a directive but a transformation. This is the quadrant of relentless improvement.

Organizations in this quadrant are likely to be on the path to relentless improvement through continuous learning with the help of small experiments and sticking to the ones that are helpful; all the while remaining grounded to the values and principles of agile.

The most likely comment that you may hear from organizations in this quadrant is “Agile makes sense!”

Which quadrant is your organization in? A lot of organizations start with DO or DI. The really successful ones make it to LI, the quadrant of relentless improvement. Paul’s organization may take some time to reach there.

Wednesday, 28 August 2019

Six Essentials for B2B Email Marketing Success

Cisco Prep, Cisco Tutorial and Materials, Cisco Learning, Cisco Certifications, Cisco Guides, Cisco Online Exam

“That might work in B2C, but we’re B2B,” said my client, as if B2B marketers are from Mars and B2C from Venus. And true, while it sometimes seems that way the good news is we’re both inhabiting planet Earth which is populated by human beings. Luckily human beings – whether they’re receiving email in a business or a consumer context – tend to think and act in remarkably predictable ways.

So now whenever I hear the all too common “but we’re B2B” refrain, I sympathetically respond that whether your company sells to other businesses or to consumers, people are on the other end of your email making decisions about if and how to engage.

Nonetheless, as a B2B marketer myself I am acutely aware of the differences between B2B and B2C. I know the challenges we face specific to email; like smaller email list sizes, longer and more complex sales cycles, business models that don’t (or can’t) support ecommerce, and difficulty in reaching the inboxes of (let alone influencing) decision-makers.

With the business-to-business marketer’s unique distinctions in mind, here are six essentials for B2B email marketing success. As we explore them in more detail, let’s also take a lesson or two from our B2C cousins who’ve paved the way to optimal performance in this powerful marketing channel.

Right Mindset: Long-term Commitment


It’s time for B2B marketers to take the channel as seriously as B2C marketers do. Consumer-facing retailers and ecommerce brands have mastered the use of email to directly drive sales revenue (and a lot of it). Even though the path to sales may be indirect vs. directfor B2B marketers, email goes a long way toward progressing prospects through the sales funnel faster, empowering the customer journey, and strengthening confidence and loyalty. “Taking it seriously” means committing toconsistentintentional messaging, a channel budget, integration with sales, human/agency resources, and strategy while avoiding an on-again, off-again approach.

Think Dialog, not Blast


The days of “batch and blast” email campaigns are long gone (or should be!).B2C email marketers learned this during the fledgling days of marketing automation when they began pioneering “sense-and-respond” emails that were deployed to recognize high-value actions or prevent conversion attrition; like welcome, onboarding, repurchase and abandonment-recovery campaigns. Programs such as these are intentionally designed and sequenced to align tightly with the customer lifecycle and natural inflection points on the customer journey. They mirror a conversation vs. simple one-way communication. It’s time for B2B email to do so as well.

Mine Data for Gold


B2C email marketers have long treated their email lists as a high-value asset, but also know data isn’t limited to merely the subscriber information they collect and campaign response metrics tracked. When married with CDP (customer data platform) and ecommerce data, email subscriber data can be mined for all sorts of nuggets that make segmentation and customization a powerful reality. Gone are the days of one-size-fits-all campaigns. Now that we can identify subscriber segments based on behavior, we can dynamically and intentionally message them to reflect their actions preferences, present ultra-relevant offers and entice with timely calls to action. Today’s more advanced systems, APIs and middleware solutions mean data integration from across multiple platforms is practically seamless and far from the painful tech miasma it once was.

Content is King 


Because of B2B’s longer sales cycles often necessitating prospect nurturing to foster eventual conversion, content marketingplays a more important role in B2B than B2C. Yet even with their often direct route from inbox to sales, B2C emailers know that constant promotional messaging without breaks for education, entertainment and information lead to subscriber fatigue and eventual burnout – or worse yet, complaints. So, content-oriented messages designed more to sell by way of serving are an integral part of the mix. B2B marketers are often content-rich and should leverage and extend their content assets into email. Content like case studies, success stories, white papers, webinars, worksheets, comparison grids, feature lists, and research findings make for excellent subscriber engagement and confidence builders. Plus, interaction with content can be scored to identify hot vs. warm vs. cold leads and segment them for unique and appropriate automated follow-up emails

Personality Please!


Once upon a time, B2B marketing became synonymous with “boring” while B2C marketing was allowed to be edgy, creative and fun. I say no more! B2B email can be just as personality-driven as B2C, and is more memorable and welcomed when it is. Take Phrasee for example (a language optimization AI company). They have a distinct brand personality and tone unmistakable in every one of their weekly email newsletters, down to the emojis in subject lines. If your brand or company has a unique personality – or is known for the personality of your founder (think Steve Jobs and Apple) – your email should be letting it shine. In fact, we need more B2B email with personality and style like this one:

Cisco Prep, Cisco Tutorial and Materials, Cisco Learning, Cisco Certifications, Cisco Guides, Cisco Online Exam

Measure Engagement Every Step of the Way


Finally, B2B marketers must close the loop by measuring the results of all our hard work. B2C marketers invest heavily in accountability and attribution, tracking both basic process and key success metrics like completed CTAs, Average Order Value (AOV), sales, revenue, and repeat buyers. Even if channel attribution is more difficult in B2B than B2C, you still need to know what’s working and what isn’t to generate opens, clicks, completed CTAs and more on a campaign-to-campaign or month-over-month basis. But don’t stop there!

What does engagement mean to you? Is it an open, a click, time spent with content, time on site, a call to a sales rep, or some other measure of response such as time to conversion, # of emails opened/clicked per quarter/year, content downloads? Take the time to define what types of engagement prompted by your email are meaningful measures for you, then keep track of them.

If you’re a B2B marketer, there’s no reason that second “B” needs to equate to “blast” or “boring”. With a little ingenuity and a quick study of your B2C contemporaries, B2B email can be just as relevant, timely, tech-savvy and fun as B2C email. Remember these lessons and challenge yourself the next time you’re tempted to say “… but we’re B2B”.

Tuesday, 27 August 2019

VXLANv6 – VXLANv-what?

Virtual Extensible LAN (also known as VXLAN) is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. With the recent launch of Cisco’s VXLANv6, we’ve added the the Cisco overlay, and run it over an IPv6 transport network (underlay). Not only is our VXLANv6 fully capable of transporting IPv6, it can also handle IPv4 payloads, an important distinction as many application and services still require IPv4.

In the near future, VXLANv6 will allow a consistent IPv6 approach, both in the underlay as well as the overlay. With the newly shipped Cisco NX-OS 9.3(1) release that delivers VXLANv6, our customers can take advantage of this new exciting technology today.

In this blog we are going to talk about

◈ A brief overview of VXLANv6

◈ Expansibility and Investment Protection with VXLANv6

◈ IPv4 and IPv6 Coexistence

◈ Where are we going with VXLANv6

Cisco Tutorials and Materials, Cisco Guides, Cisco Certifications, Cisco Online Exam

Many years ago whenI was struggling to get my modem working, I remember reading that an IETF draft for Internet Protocol version 6 (IPv6) had been filed. At that point of time, the reality of IPv6 was so far away we talked about retirement before we even considered widespread adoption. But as it always is in tech, everything comes around much sooner than one anticipates. While IPv6 had a difficult start, it’s now become a table stakes requirement for Applications and Services.

With Network Virtualization, it became easy to tunnel both IPv6 and IPv4 over the top of networks built with IPv4. In these traditional IPv4-Overlay cases, the Tunnel Endpoint (TEP) as well as the transport network (Underlay) reside in the IPv4 address space. The Applications and Services exist in a different addressing space (Overlay), which could be IPv4, IPv6 or Dual-Stack enabled; v4v6-over-v4 is a common theme these days. In the last few years, VXLAN has become a defacto standard for an overlay as it is employed both as a network-based overlay as well as a host-based overlay. VXLAN as the data plane, together with BGP EVPN as a control-plane, has become the prime choice of deployment for the new-age spine-leaf based data centers.

With the expansion of network virtualization using virtual machine and container workloads, infrastructure resources like IP addresses have to be reserved not only for the applications and services, but also for the infrastructure components itself. As a result, overlap of the IP address space is often seen between the underlay and overlay, given the exhaustion in the uniqueness of RFC1918 addresses.

Below are the top reasons you should care about VXLANv6


Reason 1: One of the most difficult scenarios for overlapping address space is when it comes to network operations, trouble-shooting, and monitoring. The IP addresses used for the management and monitoring of the infrastructure are often required to be unique across the different devices. Also, the IP subnets for the management and monitoring stations have the same requirement, and, there should be no overlap between management and managed devices.The alternative is network address translation (NAT).

Reason 2: The exhaustion of unique IP addresses is just one of many cases that drives us towards IPv6. Other use-cases include government regulation, compliancy demands, or simple ease of infrastructure IP addressing. While we were reviewing the use-cases around IPv6 infrastructure addressing together with the current install base of technology and devices, one simple solution became obvious – VXLAN over an IPv6 underlay or in short VXLANv6.

Reason 3: VXLANv6 allows us to use a well-known overlay technology, namely VXLAN, and run it over an IPv6 transport network (Underlay). In the case of VXLANv6, the VXLAN Tunnel Endpoints (VTEPs) are addressed with a global IPv6 address associated with a loopback interface. The reachability of the VTEPs is achieved by using either IPv6 Link-Local or IPv6 global addressing along with an IPv6 capable routing protocol like IS-IS, OSPFv3 or BGP. Considering the option of using IPv6 Link-Local addressing, the subnet calculation and address assignment can be optimized and the underlay setup duration can be significantly reduced.

In addition to the VTEP and underlay topology and reachability, the overlay control-plane also needs to be IPv6 enabled. This is true in the case of Multi-Protocol BGP, especially with the EVPN address-family, peering, next-hop handling, and exchange of routes has been enabled for IPv6.

At this point, we have not configured a single IPv4 address for the purpose of routing or reachability, neither for the underlay nor for the overlay itself because IPv6 does the job well. Remaining numbering that leverages an IPv4 notation are the fields like Router-ID and Route Distinguisher. Even as these numbers look like IPv4 addresses, they are only identifiers that could be of any combination of numbers.

Capabilities


VXLANv6 and vPC: Connecting Servers Redundantly 

Once the VTEPs are running VXLANv6, the next step is to connect servers redundantly. VPC is the answer. The vPC Peer Keepalive has been elevated to employ IPv6, either on the management interface or via the front panel ports. With VXLAN and vPC, we used the concept of Anycast to share the same VTEP IP address between both vPC members. While in secondary IP addresses are used in IPv4, in IPv6 all the addresses on a given interface are of equal priority. This little detail led us to expand the VTEPs source-interface command to allow the selection of the loopback for the Primary IP (PIP) and the loopback for the Virtual IP (VIP) separately.

There is no IPv4 address configured for the purpose of routing or reachability.With vPC you’re good to go.

IPv4 and VXLANv6: Transporting IPv4 and IPv6 payloads

At this point we probably have some Applications or Services that require IPv4. WithVXLANv6, you can transport not only IPv6, but also IPv4 payloads. The Distributed IP Anycast Gateway (DAG) that provides the integrated routing and bridging (IRB) function of EVPN is supported for IPv4, IPv6, and dual-stacked endpoints residing in the overlay networks. Seamless host-mobility and Multi-Tenant IP Subnet routing is also supported, along with the counterpart VXLAN deployment running over an IPv4 transport network (VXLANv4). Cisco also supports Layer-2 transport over VXLANv6. Broadcast, Unknown Unicast, and Multicast (BUM) is handled through Ingress-Replication (aka Head-End Replication).

With IPv4, IPv6 or both payloads in VXLANv6, we have to somehow make the associated endpoints reachable to the rest of the world. The Border node has the capability to terminate VXLANv6 encapsulated traffic, whereas the decapsulated payload is sent via Sub-Interfaces with per-VRF peering (aka inter-AS Option A) to the External Router. Again, no IPv4 addressing in the infrastructure necessary.

What’s next for VXLANv6?


Overlays went a long way to support IPv6 migrations. Even so, underlays are predominantly deployed with IPv4 addressing. VXLANv6 changes the landscape and allows a consistent IPv6 approach, in the underlay, in the overlay, or wherever you need it.

VXLANv6 is enabled for individual VTEPs, vPC VTEPs, Spines with BGP Route-Reflector, and in the role as a Border node. In the near future, VXLANv6 will use PIMv6 for BUM replication in the underlay and subsequently Tenant Routed Multicast (TRM) over VXLANv6 will become a reality. And, VXLANv6 will be enabled on the Border Gateway (BGW), where our Multi-Site architecture can be used with a complete IPv6 only infrastructure, with new DCNM functionality enabling support for all these newer functionalities for all NX-OS devices.

Thursday, 22 August 2019

Network automation: offering choices now key

Since that time, the approach has not evolved much. But some of the solutions available have, as well as moving past the SDN term towards network automation. So it’s a perfect time to revisit the subject and explore some of options now available for turnkey and open source solutions around network automation.

Options for network automation


Every IT organization is at a different stage of their in-house operational expertise and business requirements to execute and deliver IT services faster. Plus, no two network environments are the same. And it’s almost certain that 90%+ of the IT organizations looking to leverage automation, have a current install base they need to support. This is where the approach of offering various levels of network automation is critical.

Cisco Tutorials and Materials, Cisco Learning, Cisco Online Exam, Cisco SD-WAN

Figure 1. The three categories of options for network automation.

The various options available can be aligned into three categories (see figure 1) that give IT organizations the power of choice. While the solutions themselves have evolved, these three categories have not. They are:

◈ Prescriptive “turnkey”
◈ Open source/standard tools and API’s with Cisco hardware/virtual network functions (VNF)
◈ Support for Heterogeneous Hardware/VNF Environments.

Prescriptive “turnkey”


The prescriptive “turnkey” options work best for organizations that have a limited amount of automation and programmability skill sets within the operations teams. Cisco’s offerings in this option have a set of common attributes, such as:

◈ Hiding of complex configurations that are typically done via the CLI
◈ Prescriptive on-boarding of new network elements (plug-n-play, zero-touch-provisioning)
◈ Pre-built GUI application
◈ A controlled fabric domain
◈ Some form of analytics and assurance
◈ And an “under the covers” device/fabric configuration which normal operations (CLI) could take days/weeks to accomplish.

Turnkey solutions typically target Cisco-specific hardware/software to allow the simplification of all of these tasks and offerings. Examples of these solutions include Cisco Software Defined-Access (SDA) with the DNA Center controller, Cisco Software Defined WAN (SD-WAN), Cisco Application Centric Infrastructure (ACI) for on-prem data center build-outs, and in the large enterprise and SP space, the recent Cisco CrossWork framework for closed-loop automation.

Open source/standard tools and VNF


Open source/standard tools and API’s with Cisco hardware/virtual network functions (VNF) can be used by those wanting to use Cisco hardware and/or VNF’s, but who prefer to leverage a more open set of controllers (API’s, SDK’s and open source tool sets and applications).

The typical customer using this approach already embraced a NetDevOps model and “do it yourself” mentality within their IT operations team. Plus, they have the in-house expertise to support it on a daily basis. And they are driving Cisco hardware/VNF’s to offer and support a rich set of standard API’s and overall management stack to allow them to leverage this type of NetDevOps approach.

Cisco Tutorials and Materials, Cisco Learning, Cisco Online Exam, Cisco SD-WAN

Figure 2. The Model-Driven Manageability Stack

To support IT operations team using this approach, Cisco has created an open source management protocol stack (see figure 2) in some of its new software releases. This gives do-it-yourself type IT operations the ability to configure and collect valuable telemetry from Cisco hardware/VNF’s via third-party API’s (YANG models) and open protocols to/from the Cisco devices.

Leveraging YANG models


The goal of this model-driven protocol stack is to decouple the protocol, encoding and transport options from one another while leveraging the YANG models for both device configuration and telemetry collection. The result is that any application north of the network element has a consistent protocol stack to leverage for development of applications.

For example, an application written in Python can take advantage of the YANG Development Kit for Python (YDK-py) SDK. It leverages gRPC, with GBP encoding, using either native Cisco YANG models or OpenConfig models for configuration and operations of the Cisco device.

The exact same combination can also be used to stream telemetry from the devices to some collection stack, further simplifying the communication channels required. For customers embracing Cisco hardware/VNF’s, but who prefer developing their own applications to configure/modify the devices and collect telemetry, the model-driven management stack offers those capabilities through open source protocols, encoding and API’s (YANG models).

While there are many other open source tools that fit into this category, Ansible is a highly regarded one in the network operations space. This is because it doesn’t require a device agent to communicate with the device, it’s modules are widely available, it’s open source, and it’s viewed by many as a more readable language.

Heterogeneous hardware/VNF environments


The third option, support for heterogeneous hardware/VNF environments, targets customers like those in option two. They’ve embraced the NetDevOps model and have critical in-house expertise to fully support it. They’re able to leverage the exact same approach and capabilities as option two (if all their vendors can support the management protocol stack offerings).

What differentiates this multi-vendor option is the additional need to support an open standard transport (control and data plane) common to all of the vendors in the network. This could include IPv4/v6 and Multiprotocol Label Switching (MPLS) with multi-protocol BGP (MP-BGP), which has existed in multi-vendor environments for years. More recently, E-VPN/VXLAN in data center and campus fabrics, as well as Segment Routing with a Path Computational Element (PCE), is gaining traction in large service capable backbones.

Empowering network automation


As I discussed in the first blog, offering options similar to those above empowers customers with a variety of approaches as their network operations teams transition to automation.

As with any transformational shift of this scale, there are trade-offs to consider; ones that clearly align with the operational skill set of the organization (specifically the DevOps skills they are capable of injecting into their daily operations).

In the end, offering choices to customers as they move down the path of SDN, automation and programmability is, in my opinion, no longer an option but a necessity. But the choices offered should include common ground for supporting automation in a multi-vendor environment. The key challenge will be aligning the options offered by single or multiple vendors to the business needs of the IT organization. Lastly, if your IT organization is new to automation, don’t attempt to boil the entire ocean. Just focus on automating the day-to-day repeatable processes found in your network operations. By doing that, your organization can more quickly gain value from network automation.