Wednesday, 1 April 2020

Implementing Cisco SD-WAN deployments with Cisco Action Orchestrator

Cisco SD-WAN, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Cert Exam

Since the Cisco developer program (DevNet) began five years ago, we have seen huge growth and maturity of tools and platforms that enable engineers, operations teams, and software developers to deliver critical outcomes for their businesses. From the surge in growth of services in the public cloud to all of the open-source automation and orchestration platforms – such as Chef, Puppet, Ansible, so there has never been a better time to increase the way we tackle the challenges.

Our networks are composed of multiple operational domains (for example campus, data center, and security), that are tightly interconnected. However, engineers need more than interconnected domains to support customer and business needs. They need security, and an access policy that spans domains. And they need the agility to support new needs as they arise, with complete end-to-end visibility.

The need for tight integration, despite the differences in the domains, is one of the biggest drivers for moving to a controller-based, fully abstracted architecture.

Cisco Action Orchestrator provides a unified solution


Using Cisco Action Orchestrator we built a complete workflow. Action Orchestrator is a powerful workflow automation and technology-agnostic cross-domain orchestration product. This orchestration platform easily binds Cisco products together and connects smoothly to third-party products and open-source solutions, providing a unified solution. The following designs are applicable to provide advanced automation.

Imagine that your company wants to open a new store or remote office. When the company employees or customers connect on the network they need access to all their resources. This could be to enable applications to check stock, take payment, process invoices, or even just to safely surf the web. Ensuring your business is connecting safely and securely can be a challenge, this is where automation will help solve many of these once teething issue.

Cisco SD-WAN, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Cert Exam

Let’s look at how we can deliver this, quickly and securely. Here we will focus on connecting the store to our data center and other locations and how we do this with Cisco SD-WAN API’s and Cisco Action Orchestrator.

Multi-Domain with Cisco SD-WAN


Our infrastructure must be flexible enough to accommodate those restraints. An intelligent, software-layer, such as SD-WAN, can change the inflexible and often slow networking models of the past. In the largest awareness, it is DevOps meets networking, this can be (and often is) referred to as ‘NetDevOps’.

When using Cisco Action Orchestrator we can use REST API calls to authenticate, to get a list of devices that are part of the SD-WAN fabric, and get device status deploying templates instantly connects our stores/remote office and data center networks. Now our routing algorithms accommodate application requirements and can adapt to real-time link conditions. The ability to connect any data services into the SD-WAN gives organizations amazing elasticity.

Let’s go over the steps that are required


You must first establish an HTTPS session to the server. To do this, you send a call to log in to the server with the following parameters: URL to send the request to use URL: `https://{vmanage-ip-address/j_security_check` which performs the login operation and security check on the vManage web server at the specified IP address.  The API call payload. The payload contains the username and password in the format j_username=username&j_password=password.
After we have established the HTTPS session, we can list the devices attached to the fabric, we use the call that retrieves a list of all devices in the network. To retrieve this list, use the following URL: https://vmanage-ip-address/dataservice/device.  In the templates table, the Device Templates column indicates how many device configuration templates are using a particular feature template the next URL being called is URL: `https://{vmanage-ip-address/dataservice/template/feature` which show the devices in to which the feature template is deployed.
Once the new site/devices are identified we push and attach the feature template to the devices with URL: `https://{vmanage-ip-address/dataservice/template/device/config/attachfeature`.  Validation of the feature template is completed by URL: `https://{vmanage-ip-address/dataservice/template/device/config/attached/[id]` validates which sites/device.

Cisco SD-WAN, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Cert Exam

Building the workflow in Cisco Action Orchestrator


Now we know our API’s we are using from Cisco SD-WAN, we can add these into Cisco Action Orchestrator. A workflow is basically a constructed workflow that consists of activities, invocations of child workflows, and logic components that can be included to complete the workflow. Action Orchestrator allows you to automate IT processes based on our requirements using a workflow format. Once we have added in our Cisco SD-WAN workflow the whole thing looks like this.

Cisco SD-WAN, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Cert Exam

To kick this off, we simply hit the “RUN”. When you create a workflow, you must specify where you want the workflow to run. You can also specify that the workflow runs on a specific target or target group. The target group can be defined once and reused in several processes. For example, you might have a database maintenance process that is scheduled to run every month on all database servers. Instead of scheduling the process multiple times to run on each database server, you can create a target group that includes all the database servers and schedule the process to run on all the servers at the same time. If you choose to execute the process on a target group, you can further specify to run the process on all objects that are included in the target group or run the process on a specific object within the target group.

Cisco SD-WAN, Cisco Tutorial and Materials, Cisco Learning, Cisco Guides, Cisco Cert Exam

The colors associated with the individual activities determine the status of the process and activity instances, upon completion we see green which means our process has completed successfully (if any of the steps failed we would see these as red which means the process has failed and did not complete the process execution). We also see a 200 OK,  as our request succeeded, STATUS 200 OK appears in the results area, here our request was successful and we see a STATUS 200 OK and the result is contained in the response body.

Now our new device and location have had its template pushed to the end device and the traffic will begin to flow as expected and our new device has all our router, policy and security feature that our requirements for our company.

Tuesday, 31 March 2020

Cisco DNA Center with Cisco 1800S Active Sensors: Better than Helpdesk Tickets Alone

As the networking director of San Jose State University – or rather, a small city of about 40K people where the wireless network is the most visible service – I have always struggled with the gap between what my network management tools tell me about the wireless network and what the actual user experience is.

For some time, I have argued that just because my network assurance solution shows all green, it doesn’t mean that zero users are having a dismal wireless experience. I have to ask myself, are the four service tickets we get a week on average representative of the wireless network issues as a whole or are they a proxy indicator? Let’s face it, some users don’t open helpdesk tickets, they just vent on social media. These have been my user experience pickles!

Measuring the user experience has been something I have been trying to get my hands around – for me it is the proverbial pot of gold at the end of the rainbow. Probably one of the reasons I have been so intrigued with wireless sensors is because they are not a synthetic client, they’re a “real” client with vast automation. My initial attempts at leveraging wireless sensors proved to be quite time consuming. For me, the 30 sensors required 4-6 hours of setup time before the actual testing could commence. Both sensors and test setup consuming the better part of a day really isn’t conducive to measuring the highly dynamic fluctuations of a wireless network.

Happily, things changed markedly for the better when we upgraded our sensors and our Cisco DNA Center to version 1.3.3. Our Cisco DNA Advantage for Wireless software subscription includes upgrades to the latest innovations and any new capabilities (like new sensor software and workflows) developed within the IBN (intent-based networking) framework and the assurance platform within DNA Center.

From Hours to Minutes


With the new workflows in Cisco DNA Center 1.3.3, those same 30 sensors are automatically discovered and easily onboarded in about 20 minutes. Once the sensors are onboarded, the complete wireless sensor test setup from beginning to end takes less than 10 minutes. Now we’re getting somewhere and we can easily measure our user’s experience! Additionally, the sensors themselves are integrated into the issues dashboard for real time monitoring.

Cisco DNA, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Guides

Wireless Network Assessment Using Sensor Tests


With the new software and workflow, we test and measure onboarding, DHCP performance, DNS response time and Web site performance. There are some additional tests which don’t apply to us such as FTP, radius, e-mail and more. Some of the test options we use are pictured below:

Cisco DNA, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Guides

Cisco DNA, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Guides

One particular capability that we rely on: Each sensor can now run a test against a preset number of access points in the “neighborhood”. Meaning a single sensor can target and validate multiple access points in the area assuming a minimal level of RSSI (we prefer -70dBm). This has helped us identify problematic APs in our network and zero in on wireless channel interference.

Consolidated Test Result Dashboard


So now for the smile moment: Inside the Cisco DNA Center Assurance under dashboards, the “Wireless Sensor” page paints the user experience picture very quickly. This dashboard provides summarized results and also contextual location results based on sites, buildings or floors. As I had hoped, the speed tests were working consistently; this is an important measurement point as this is a common wireless complaint (slow wireless).

Cisco DNA, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Guides

The dashboard also indirectly provides guidance on where not to place sensors (see the two red locations in the below screenshot). As you can see, we placed two sensors in locations that were convenient for us (in a data closet for easy POE access), but not optimal for wireless testing. Think about what you are trying to test and where to test it. The dashboard showed us that we needed to relocate those two sensors to areas closer to where our users congregate.

Cisco DNA, Cisco Tutorial and Material, Cisco Exam Prep, Cisco Learning, Cisco Guides

I would like to encourage readers who are planning on using the sensors to keep a subset of sensors to move around to monitor special events or install them in reported trouble areas. This is immensely important for high profile meetings where measuring after the fact is pointless. When moving or relocating the sensors, all you have to do is assign their new location in the Provision Devices section and the test suite will “automagically” start testing in that area.

Overall, I am very happy with the new workflow and capabilities of the sensor and how Cisco DNA Center has provided me with a true user experience measurement capability. I am planning on adding many more sensors – in classrooms, meeting spaces and study spaces on campus – to provide us with an even more holistic and granular view of our users’ experience (and get me even closer to that pot of gold!).

Monday, 30 March 2020

Navigating supply chain disruptions for agile retail

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning

Business continuity is so important for retailers that face disruption to their supply chain. Between overseas shipments decreasing and physical stores closing, it’s no secret that the retail industry is coming face to face with the changing business landscape. Retailers that have solely relied on in-store offerings are now looking to quickly take their business to the web with a secure network. Luxury brands that rely heavily on global supply chains are particularly looking to creatively pivot their business model. Some sectors of retail are experiencing an uptick, particularly those leveraging delivery services and curbside pickup (such as quick service restaurants). The surge in remote workers and the need for visibility across both the network and across business operations, calls for agility for all retailers alike.

Cisco Prep, Cisco Exam Prep, Cisco Tutorial and Material, Cisco Learning

The largest question for retail brands around COVID-19 quickly becomes how to manage resources when they see interruptions to their supply chain. The best way to combat these disruptions is to engage employees, associates, suppliers and consumers with the right digital solutions. The goal of course being to find business continuity and a rhythm across the value chain, however manageable. Here’s a look at what how retailers can leverage the power of IT, and even look ahead to the increasingly evolving end consumer.

◉ Information and communication Real-time insight around product availability levels is especially important, as the continuous flow of updates requires up-to-the-minute inventory management. Retailers that can leverage a unified communication platform to support timely product information is key for all workers across the distribution center, to the customer service centers, to those managing stock in stores, and newly remote workers supporting retail operations from home.  For broader internal communications, collaboration and video conferencing enables retailers to ensure alignment around priorities and company strategy. Ramping up additional licenses to scale efforts aimed at helping organizations move as a unit has become top of mind as well.

◉ A whole new network A timely approach to setting up virtual firewalls is another beneficial move for retailers. A newly mobile workforce that can leverage a VPN connection allows workers to more effectively help customers in their online purchase journey while keeping transactional data secure. That in mind, threat detection and protection for an increasingly remote workforce is the best way to not only protect customer information but, to keep integrated retail systems secure as well across the network.

◉ Lock down on secure data Increased online presence for shoppers who are no longer visiting physical stores means online retail platforms may have to support a higher volume of traffic. An agile IT infrastructure and the right data storage for your network can up-level digital capabilities to grow that ecommerce channel and improve overall customer sentiment.

◉ Unified commerce The right contact center solution can help get customers the answers to their delivery or pickup questions more quickly, and location awareness can speed up the pickup process. From an omni-channel perspective, direct to consumer communication such as click to chat features can improve that customer experience and awareness around their order. This simply pushes the envelope around click-and-collect fulfillment methods that the industry has seen consumers gravitate to for years. What was a convenience has just become more of a necessity. Retailers that can support unified commerce are able to remain fluid during dynamic and uncertain times, as the consumer behaviors continue to evolve.

Sunday, 29 March 2020

Remote Working: Endpoints Have Left the Building

Got DNS?


So, my first answer to address this challenge often surprises them; does your agency have DNS for your remote workforce? Talking it over, most agree that many remote employees consume web and cloud applications without turning on their VPN. This means that roaming users will likely be at the mercy of a random, unknown DNS provider. Why would anyone accept this risk?

Enhancing your agency’s endpoints with DNS security should be a no-brainer. Cisco Umbrella Roaming protects employees when they are off the enterprise VPN by:

◉ Blocking malicious domain requests and IP responses while DNS queries are resolved

◉ Enforcing security at the DNS-layer so malicious connections cannot be established and malicious files will not be downloaded

◉ Preventing malware from infecting laptops and command & control (C2) callbacks, or phishing from exfiltrating data over any port

◉ Plus, any infected laptop that exhibits any C2 activity can be immediately identified.

Hence, with an integrated, security-minded approach to DNS, Cisco Umbrella protects users from malicious Internet destinations whether they are on the enterprise VPN or roaming off the network. Delivered from the cloud, Umbrella makes it easy to protect users everywhere in minutes – without any performance degradation. Even better, Umbrella Roaming is fully integrated into AnyConnect client for Windows or Mac OS X.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

How to secure endpoint access


After my friends pull me down off my soapbox about needing DNS for your remote workforce, our discussion changes to what you should expect from your VPN. It’s one thing for a VPN to simply enable an employee to work outside the office and provide the means to securely connect to the corporate network. However, any modern, security-minded VPN should enable a wide range of security services—to include functions such as remote access, posture enforcement, web security features, and roaming protection.

For government customers whose endpoints must maintain a level of posture compliancy, advances in VPN technology now enable security checks to be conducted on endpoints to ensure they meet posture requirements before connecting to the enterprise.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

In the context of Department of Defense (DoD) Comply-to-Connect (C2C) efforts, I have previously discussed the need to think “bigger picture” in terms of adopting a Zero Trust lifestyle. Much more than a VPN, Cisco AnyConnect VPN Client, among its security capabilities, contains an endpoint compliance module that includes significant functionality essential to Federal C2C efforts and taking a Zero Trust approach. The Federal government can take advantage of a Remote Access VPN that enables the very foundation of C2C endpoint compliance and an essential Zero Trust capability via the same desktop application.

Simply put, far more than a VPN, Cisco AnyConnect Secure Mobility Client empowers remote working from anywhere on government laptops or mobile devices; whether connected to the enterprise or when needing roaming DNS protection. It also provides visibility and control for Federal agency enterprise operators and security teams to identify who (what devices and the compliance status of those devices) is accessing the enterprise infrastructure.

Remote working needs multi-factor authentication


It almost goes without saying, but multi-factor authentication is a must these days, especially for remote working. It is a must to verify the identity of all users with effective, strong authentication (two-factor authentication) before granting access to your agency’s enterprise VPN, applications and data resources.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Exam Prep

Duo Security enables agencies to verify users’ identities and establish device trust before granting access to applications and data. By employing a Zero Trust model, Duo decreases the attack surface and reduces risk by helping to define and enforce policies that limit access to the users and devices according to a Federal agency’s risk tolerance levels.

Cybersecurity for remote working


Although it may sound daunting, when it comes to remote working, Federal agencies must be able to defend against threats, no matter where they are and no matter where their employees are working. This can be done using:

◉ Duo’s adaptive multi-factor authentication (MFA) provides the means for verifying user identities in order to gain secure remote access

◉ Cisco Umbrella Roaming, extends protection when employees are roaming off the enterprise VPN

◉ Integrated with Cisco AnyConnect Secure Mobility Client, employees can not only securely access enterprise resources, but network security teams can also prevent noncompliant devices from accessing the network in accordance with C2C Policy and according to a Zero Trust lifestyle.

Saturday, 28 March 2020

Cisco Announces Kubeflow Starter Pack

Recently the Kubeflow Community released Kubeflow 1.0. Kubeflow brings together features such as TensorFlow, PyTorch, and other machine learning capabilities into a cohesive tool – from data ingestion to inferencing. Cisco is one of the top contributors to Kubeflow, helping to make operationalizing machine learning for large scale deployments easier for everyone. As a result, we are announcing Cisco Kubeflow Starter Pack.

Here are are the major components of Kubeflow 1.0:

Jupyter Notebook


Many data science teams live on Jupyter notebook since it allows them to collaborate and share their projects, with multi-tenant support. Personally, I use it to develop Python code because I like its ability to single step my code, with immediate results. Within the data science context, Jupyter becomes the primary user interface for data scientists, machine learning engineers.

TensorFlow and Other Deep Learning Frameworks


Originally designed to only support TensorFlow, Kubeflow version 1.0 now supports other deep learning frameworks, including PyTorch. These are two of the leading deep learning frameworks that customers are asking about today.

Model Serving


Once a machine learning model is created, the data science team often must create an application or web page to feed new data and execute the trained model.  With Kubeflow, there are built-in capabilities with TFServing enabling models to be used without worrying about the detailed logistics of a custom application.  As you can see in the screen shot below, the data pipeline enables data model to be served.  In fact, the model can be called through a URL.

Cisco Prep, Cisco Tutorial and Materials, Cisco Learning, Cisco Kubeflow, Cisco Certifications

Kubeflow Data Pipeline. Note the Deploy Stage for Trained Model Serving

Cisco Prep, Cisco Tutorial and Materials, Cisco Learning, Cisco Kubeflow, Cisco Certifications

Kubeflow Model Serving. Note the “Service endpoint” URL where the trained model can be accessed

Other Components


There are many other components to Kubeflow, including integration with other open source projects that enable more advanced model inferencing, such as Seldon Core. The Kubeflow Pipelines platform, currently in beta, allows users to define a machine learning workflow from data ingestion through training and inferencing.

As you can see, Kubeflow is an open source integrated tool chain for data science teams.  At the same time, Kubeflow enables the IT team to manage the infrastructure for the resulting data pipeline.

Cisco Kubeflow Starter Pack


To enable IT teams to work more closely with their data science counterparts, Cisco is introducing the Cisco Kubeflow Starter Pack, which provides IT teams with a baseline set of tools to get started with Kubeflow. The Cisco Kubeflow Starter Pack includes:

     ◉ Kubeflow Installer: Deploys Kubeflow on Cisco UCS and HyperFlex

     ◉ Kubeflow Ready Checker: Checks the system requirements for Kubeflow deployment. It also checks whether the particular prescribed Kubernetes distribution is able to support Kubeflow.

     ◉ Sample Kubeflow Data Pipelines: Cisco will be releasing multiple Kubeflow pipelines to provide data science teams working Kubeflow use cases for them to experiment with and enhance.

     ◉ Cisco Kubeflow Community Support:  Cisco will be providing free community support for Cisco customers who would like to check out Kubeflow.

Friday, 27 March 2020

Simplify Multi-domain Automation with Cisco Action Orchestrator

Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Learning, Cisco Exam Prep

I’ve been working in software development/IT/technology my entire 17-year career. Time and time again I’m confronted with what ends up being the same challenge: how do I/we cobble together different pieces of software, platforms, and/or functionality to build one cohesive and observable solution.

Piecing solutions together


My first development job out of school was with a mortgage origination software company.  We provided custom installations depending on how your bank did business.  To provide viable tools for our bank customers to use, we had to piece together credit reporting, payment, and government regulation systems all onto our platform.

A few years later, I had a similar experience at a hospital billing software firm.  In this instance, we had to manage connections from scanned OCR documents, Medicare, insurance billing, and mainframe hospital systems. (The software that interacted with the mainframe emulators was SO COOL!)  These fed into a common billing database that took into account the incongruencies of all of those systems.

Finally, I’ve come across this same kind of challenge at least a half dozen times in my career here at Cisco!  Likely we all have, whether we realize or not. Because that’s what IT solutions (hardware and/or software) really are.

A multi-domain solution consolidates deployments


That brings us to the concept of Multi-domain solutions.  Cisco products cover enterprise/campus, data center, security, and WAN.  Depending on the need, these products are deployed individually or as a combination for a larger solution.  Organizations then choose to manage these deployments via the device, the controller GUI, or API.  A multi-domain solution consolidates these deployments “as one.” This offers the capability of provisioning and configuring all necessary components of the solution.

The Scenario


Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Learning, Cisco Exam Prep
Consider we have a number of retail branches being set up and a centralized data center.  The POS system at each branch needs secure access to the datacenter price list.  In addition, there is a need for a local network at the sites, requiring wireless access over a standardized SSID.  Finally, a local web server and ad server is required for advertisement.  This scenario is ripe for a multi-domain solution.

First, let’s look at access to the data center.  This is achieved through Cisco SD-WAN (or Cisco Meraki), and makes each added branch device part of the organization’s WAN.  Next, we provision wireless networking devices at the branches through Cisco DNA Center (or Cisco Meraki). This provides our local network SSID.  Finally, we deploy our branch host servers via Cisco UCS and manage their application connectivity via Cisco ACI.  Now, we could deploy and provision all of these elements for each branch manually through various GUIs for each platform. But why? There is a better way!

Multi-Domain Automation with Cisco Action Orchestrator


Cisco Prep, Cisco Tutorial and Material, Cisco Study Material, Cisco Learning, Cisco Exam Prep

All of the platforms mentioned above have robust APIs as part of their platforms.  This allows for applications and scripts to be written to automate repeatable tasks.  Now, a network automation engineer may take a look at this problem and think, “well, I could script all of this out in Python using REST APIs. Or maybe Ansible would be a good solution.”  Those would both be valid tactics. But they could take some time to develop, and come with a list of requirements. This is where Cisco Action Orchestrator can help.

Cisco Action Orchestrator saves time and effort in automation tasks


Cisco Action Orchestrator (CAO) allows a network automation engineer to create individual tasks, like making calls to REST APIs, that can be linked together to repeatedly perform complex linear and parallel workflows.  In our example, tasks can be created to call Cisco SD-WAN vManage API. And when that completes (or in parallel) the task to call Cisco DNA Center intent APIs to setup wireless networks is triggered.  We can also implement messages to platforms like Webex Teams for monitoring the success of the tasks and workflows.  CAO abstracts the necessity of writing code or YAML from scratch and lets you focus on building the solution.

Thursday, 26 March 2020

How To Make 100G Pluggable Optics In Massive Volume

We’ve been talking about Single-Lambda 100G and why it’s so important for the next generation of 100G pluggable optics. I use the term “pluggable optics” because even though 100G is all about the QSFP28 form factor these days, the next generation should be an SFP of some sort.

Let’s back up a little and get back to where the previous post left off. We said that we’re working toward the vision of simpler 100G pluggable optics. And to facilitate that, we’re using PAM4 modulation so that we can get by with only one laser instead of four, and therefore one wavelength (a.k.a. “lambda”), to carry a full 100Gb/s stream of data.

Why is it important to minimize the components in the module? Consider the diagram in Figure 1. It shows what goes into today’s 100G QSFP28 pluggable optical modules. Notice that they are inherently four-channel devices, both in the optical interface facing right, and the electrical interface facing left. Each of the four channels carries 25G of NRZ data, for a total of 100G.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Certification, Cisco Exam Prep
Figure 1. Block diagram and application of a typical 100G QSFP28 transceiver for duplex SMF.

Compare this with the diagram in Figure 2, a typical 10G SFP+ transceiver. It’s pretty simple. There is only one lane that carries 10G of data. There is typically only a laser, a photodiode, and simple driver circuits for optical-to-electrical and electrical-to-optical conversion. This simplicity is key to why manufacturers are able to make 20 million 10G SFP+ modules per year.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Certification, Cisco Exam Prep
Figure 2. Block diagram and application of a typical 10G SFP+ pluggable transceiver module.

Eventually, when 100G SerDes (serializer – deserializer) is available on switch and router ports, the ASIC behind the ports can take over the FEC (Forward Error Correction) and PAM4 (Pulse Amplitude Modulation with 4 levels) functionality, leaving the pluggable module to perform only the optical-to-electrical and electrical-to-optical conversion. Then we could increase faceplate bandwidth density by using the smaller SFP form factor, with a single 100G lane on the electrical side that interfaces with the switch or router port. This form factor will likely be called SFP112 (Figure 3). Note that the block diagrams in Figures 2 and 3 look nearly the same.

Cisco Prep, Cisco Tutorial and Material, Cisco Learning, Cisco Certification, Cisco Exam Prep
Figure 3. Block diagram and application of a future 100G SFP pluggable transceiver module. It will likely be called SFP112.

We’re not there yet, though. In the meantime, we have QSFP28 modules that perform the FEC and PAM4 inside the module, as well as convert the electrical 4x25G lanes to the single 100G lane. This is what happens in our recently released QSFP28 100G FR module. The benefit of adopting this QSFP28 now is that when the SFP112 becomes available, today’s switches and routers using QSFP28 modules will interoperate with the future ones that accept SFP112 modules. And there won’t be any need for 4x25G-to-100G conversion because both the electrical interface and the optical signal will be single-lane 100G. This forward compatibility is highly advantageous for network upgrade strategies, as it prevents your existing QSFP28 modules from becoming obsolete as you add new SFP112-based hardware.