Why Isn’t your 5G RAN Transport Flexible and Efficient?

5G services can’t succeed without flexible, efficient, and programmable transport. To support and capitalize on 5G services, 5G RAN transport architectures have evolved to support virtualization and slicing, strict latency, jitter, stringent synchronization, and multi-cloud interconnect architectures. Recent Cisco innovations have focused on segment routing and IPv6 to improve network reliability with traffic engineering and to simplify network complexity with programmable transport, providing 5G transport operators with more control and the ability to build performance-based service level agreements (SLAs).

SRv6 microSID for converged public and private 5G

A virtualized radio access network (RAN) architecture allows operators to rapidly and flexibly allocate resources across public and private 5G deployments. To accelerate time to market and bridge the skills gap, communication service providers (CSPs) are choosing to deploy their services in partnership with hyperscale cloud providers (HCPs). Additionally, as data centers move from centralized to distributed to increase coverage and reduce potential performance issues with cloud-based services, an agile and scalable transport network is critical as part of a hybrid or multi-cloud strategy.

Figure 1. CSP architecture transition to hybrid or public cloud

Flexible service placement requires traffic engineering and end-to-end service quality assurance from the transport network. As well, transport slicing is critical to maintain guaranteed service quality and offer RAN service differentiation.

Figure 2. Transport slicing awareness for service experience

Slice awareness between the radio and the 5G core network is addressed by 3GPP specifications. To select the most optimal user plane function (UPF) demands, the underlying transport network must also be slice aware. Specific slice characteristics are dependent on the underlay 5G transport and how it allocates resources. The network can inspect slice information like the VLAN or ethernet header, classify the radio traffic to different slices, and allocate transport resources to meet varying levels of service from latency sensitive to best effort.

Figure 3. Enabling multi-service support starting from the edge of the network

SRv6 excels when the network has many interconnected end points and complex traffic engineering requirements. It brings programmability to the 5G transport architecture. The packet processing program is expressed as a list of instructions which are represented as 128-bit segments called segment identifier (SID). In complex traffic engineering, there are scenarios that may require carrying several segments in the IPv6 packet headers. Reducing this overhead is useful to minimize the packet maximum transfer unit (MTU) and enable SRv6 on legacy hardware devices with limited processing capabilities.

The microSID (uSID) introduces extensions to the SRv6 programming model with each 16-byte SID able to carry micro-instructions called uSID. uSID are represented with two bytes, and up to six uSIDs can be carried in a SID.

SRv6 uSID benefits

With SRv6 uSID, the network can be programmed to handle complex scenarios with simplicity. This additional programmability comes with several advantages:

◉ No change to SRv6 control plane, data plane, or segment routing header (SRH)

◉ Any SID in the SID list can carry a uSID

◉ An SID can carry up to six program instructions

◉ No routing extension required to support

The result is an ultra-scalable network able to support multi-domain deployments with minimal MTU overhead.

SRv6 microSID and O-RAN ALLIANCE Plugfest

Cisco partnered with Keysight Technologies to successfully validate O-RAN ALLIANCE-specified 5G RAN traffic on an SRv6 microSID-based programmable 5G xHaul transport network. Traffic characteristics like latency, jitter, synchronization, and network convergence were measured for each service slice over a multihop ring topology architecture.

Figure 4. O-RAN ALLIANCE Plugfest Validation Environment

In the validation test, latency sensitive fronthaul control plane traffic was carried with an SRv6-uSID-based L2 transport slice over EVPN. Non-latency sensitive management traffic was carried with an SRv6 uSID-based L3 transport slice over L3VPN. Synchronization was provided by an aggregation router to all nodes including radio units and distributed units. The Keysight Novus tester was used to simulate multiple radio units and distributed units, while the Keysight Metronome Timing System (MTS) was used to measure synchronization accuracy and relative timing.

SRv6 microSID instructions programmed the network to ensure service assurance for each slice and traffic type with the following results:

◉ Latency sensitive slice: 11us and average jitter of ~600ns

◉ Non-latency sensitive slice: 28us

◉ Relative timing accuracy between radio nodes: <30ns relative |TE|

◉ Service convergence during transport link failure: <22ms

These results confirm that the 5G xHaul architecture with SRv6 microSID meets all characteristics defined by eCPRI, O-RAN, ITU-T, and 3GPP standards for fronthaul, midhaul, and backhaul traffic over converged multihop transport architecture.

Source: cisco.com

Continue reading

Cisco 500-210 CSPOFE Certification- Questions & Answers with Syllabus

Cisco CSPOFE Exam Description:

This exam tests a candidate's knowledge and skills needed to configure, provision, and troubleshoot Cisco NCS 2000 product solutions.

Cisco 500-210 Exam Overview:

Exam Name- Cisco SP Optical Technology Field Engineer Representative

Exam Number - 500-210 CSPOFE

Exam Price- $300 USD

Duration- 75 minutes

Number of Questions- 45-55

Passing Score- Variable (750-850 / 1000 Approx.)

Recommended Training- SP Optical Technology Field Engineer Representative

Exam Registration- PEARSON VUE

Sample Questions- Cisco 500-210 Sample Questions

Practice Exam- Cisco Service Provider Optical Technology Specialization Practice Test

Related Article:-

 Follow Success with Cisco 500-210 CSPOFE Practice Test for your Career!

Continue reading

Deploy and manage networks globally with Cisco SD-WAN Multi-Region Fabric

How often do we prefer to avoid a detour to reach our home, office, restaurant, or subway station? The answer is – every time! We do not have the time for detours and delays in life as it affects our productivity and schedule. Similarly, business networks also need non-stop connectivity for greater performance and scalability.

As enterprises continue to grow and expand, they need a network that scales at the speed of their business. New business models drive the need for a network design that ensures seamless connectivity and greater application performance.

Multicloud infrastructure necessitates the need for networks with global connectivity

The accelerated adoption of a cloud-first strategy has changed how IT teams should design and deploy networks to manage global connectivity. With applications and workloads moving to multicloud architectures, businesses need to ensure that their SD-WAN design & architecture can scale easily without impacting connectivity and performance end-users expect across the globe. To achieve network scalability, organizations are pivoting to designs that involve splitting up the network into multiple regions, with geo-specific points-of-presence (PoPs) or Service Exchanges leading to a hierarchical architecture. This hierarchical architecture enables customers to use different traffic transport service providers for each region and for the central core-region network to optimize costs and deliver greater traffic and application performance. To make the best use of these different transports, enforce common- routing and business policy intent across regions, and leverage several rich features within SD-WAN, enterprises are leaning towards deploying end-to-end SD-WAN fabric across such networks.

Figure 1. The challenges of a tiered or hierarchical network design

Adopting a multi-region network design demands resolving a few network and operational challenges. To benefit from a multi-region type of network architecture, the use of a middle-mile WAN or global backbone WAN network is becoming increasingly prevalent. Enterprises are looking for ways to easily integrate middle-mile WANs with the rest of their network without the added complexity of operating, configuring, monitoring, and troubleshooting these networks as separate entities. As these deployments grow in complexity and scope, enterprises need a more effective way to scale connectivity across different regions to deliver greater application performance. An easy approach to accomplish this is to extend the SD-WAN fabric over the middle-mile WAN as well, thus enabling them to use SD-WAN to manage both intra- and inter-region site-to-cloud, site-to-site traffic via a single pane of glass.

Cisco SD-WAN Multi-Region Fabric – Your pathway to global network connectivity

Cisco SD-WAN Multi-Region Fabric is a new suite of capabilities that divides a single Cisco SD-WAN overlay network into multiple regions with a central core-region network for managing inter-regional traffic. You can scale the network architecturally and operationally by introducing the concept of regions and device roles natively into your SD-WAN solution. It enables you to extend the Cisco SD-WAN fabric across multiple regions within your network as well as the middle-mile, to provide:

◉ End-to-end SD-WAN capabilities and control​

◉ End-to-end encryption of inter-region traffic

◉ Transport independence​

◉ Performance measurements

◉ Greater control over traffic paths between domains

Figure 2. Multi-Region Fabric reducing operational complexity by introducing ‘regions’ and device ‘roles’ natively into Cisco SD-WAN

Multi-Region Fabric offers advanced capabilities such as region-aware routing, simplified site scalability for higher throughput, and reduces the complexity of network architecture and policy configuration. It provides the ability to enforce a common traffic steering policy across the entire WAN or on a per-region(s) basis and end-to-end WAN segmentation – all via a single dashboard (vManage) to configure, monitor, and troubleshoot the network. This new capability within the SD-WAN fabric allows the creation of a globally distributed network in minutes with just a couple of clicks.

Multi-Region Fabric means reduced complexity, increased scalability & greater performance

This new architecture can provide significant benefits for customers, partners, and Managed Service Providers (MSPs) who are considering the adoption of a hierarchical network design (with a middle-mile) for use cases such as:

◉ Regionalization of network services such as Security, Identity Management, Netflow, Logging, WAN optimization, etc.

◉ Improving multicloud and SaaS user experience by providing high-quality onramps into Software as a Service (SaaS) and any cloud infrastructure providers like Amazon Web Services, Microsoft Azure, Google Cloud Platform) via regional PoPs.

◉ Reducing time spent on the last mile for user traffic.

◉ Adapting network scale, compliance, or resiliency in a geo/segment/region-specific manner.

The Multi-Region Fabric Advantage  

◉ Scalable architecture to address dynamic network needs & business intent across regions

◉ Simplified policy design brings operational simplicity by eliminating the need for complex business/routing policies

◉ Flexibility to select the best transport for each region provides better performance for traffic across geographical regions

◉ Operationally easier to deploy and manage

Your growing business needs a network that can keep up with it, and Cisco SD-WAN Multi-Region Fabric can help you build and manage that network for you!

We understand deciding how to deploy SD-WAN for the best network scalability can bring uncertainty. How you reduce costs and complexity, simplify policy management, provide secure, seamless connectivity, and ultimately deliver superior user experience may also be difficult to fully understand. Join us for a live webinar and demo to learn more. Our speakers Hamzah Kardame, Leader, Product Management for Cisco SD-WAN, and Tahir Ali, Technical Marketing Engineering Technical Leader for Cisco SD-WAN will discuss:

◉ Why do networks need more scalability and flexibility in today’s hybrid and multicloud environments?

◉ How are WAN architectures evolving today and rise of middle-mile WAN-based network designs?

◉ The challenges that come with adopting such next-gen WAN architectures

◉ Multi-Region Fabric capabilities are available within Cisco SD-WAN to help support this transition.

◉ How Cisco SD-WAN Multi-Region Fabric works and what is ahead

Source: cisco.com

Continue reading

Managing the environmental impacts of European roadways and intersections

When I was growing up in Scotland, my grandmother would pass knowledge on to me in the form of proverbs. When I’m waiting at a red traffic signal I remember one of her many sayings “If it’s fur ye, it’ll nae gae past ye”, roughly translated as “if it’s for you, it won’t go past you.” No need to worry, you’re green time will come. At traffic signals everybody loves a green light because it means “go”. I believe that for the entire smart roadways movement, green should mean go, too. There is an important focus on being green. From a transport point of view, this means careful management of the unwanted side effects of the transport process, while maximizing the good things that we desire – safety, efficiency, and great customer experience. It is a challenge to go for green while also attaining the other goals. It’s not easy, but it is absolutely possible with the right approach.

“Road transport constitutes the highest proportion of overall transport emissions (in 2019 it emitted 72% of all domestic and international transport GhG).”

What it means to be green

First, let’s define what it means to be green from a roadway point of view. The figure below captures the process that we need to follow. We can be greener by understanding challenges, developing appropriate responses, and implementing solutions that support responses.

Green has particular relevance for urban traffic signal control as every driver likes green traffic lights to keep going. More important is the ability to manage journeys through the road network in a way that optimizes traffic flow as it varies over the course of the day. Ideally, advanced traffic management will exactly align the green signal time with the traffic flow on each approach.

Greenness for roadways

Let’s discuss an ideal, one-way journey as depicted in the figure below.

The pink line represents the planned or ideal journey, the red represents the actual journey. The nodes represent stage points in the journey. They could be timing points for a transit service, or modal interchanges for a traveler. They might also be major intersections along a limited access highway. For example, at point 2, the traveler might switch from local bus to commuter rail. You can see that at point 1, the journey is taking longer than planned. Time is made up between points 1 and 2, but lost again between points 3, 4 and 5.

There are two points that I would like to make here:

1. First, the planned or ideal journey must be optimized for greenness: minimum carbon footprint, fuel consumption, and other factors that affect greenness. These include choosing the best mode of transport for the prevailing condition, matching the journey’s purpose. It also includes managing those modes as effectively as possible, adapting to changes in the demand for transport and prevailing operating conditions. It is also essential to inform travelers about the choices they have for any journey, for any purpose, and at any time. These might be pre-planned, scheduled journeys, or spontaneous travel decisions. Mobility as a Service techniques can be used to inform the traveler, help them make a single reservation across the entire journey from origin to destination and support a single, convenient electronic payment for the travel services to be used.

2. The second point is that any deviation from the ideal or planned journey can be viewed as a “loss of greenness.” In this case, the cumulative journey time increase (the red areas) could be caused by congestion or delay, reducing the journey greenness. This comparison of an ideal to actual journey is a technique used in aviation but typically not in surface transportation. In order to attain green, it will be necessary to have sufficient data collection and analytics capability to plan the optimum journey and monitor deviation from ideal during the actual journey. It will also be necessary to have the degree of situational awareness and management capability to improve the actual journey in formative, near real time ways. It is interesting to note that taking this approach to defining and measuring greenness also enables other factors to be optimized including safety, efficiency, user experience, and equity. Equity is improved by operating cost reductions making transport more accessible to all by reducing travel costs. We must go green and use management tools to stay green, for every stage of every journey.

Achieving greenness

This is complicated and yes, as I said at the start, it is not easy, but it is entirely doable. It can be done by applying information and operational technologies such as those depicted in the figure below.

The operational technology is the part of the iceberg under water, unseen but irreplaceable. Information technology consists of various elements above the water, which deliver visible impacts but rely on the unseen operational technology. Together they support the range of customer facing applications that deliver greenness. Like the iceberg, I am focusing on just the tip of the greenness issue.

Technology can enable us to determine carbon impacts for different stages in the journey and all modes of transport. We can even look at the supply chains that deliver transport infrastructure and vehicles, ensuring that we optimize the bigger picture supporting circular economic approaches. Smart roadways and intersections are crucial elements in this due to the proportional impact that effective operations have on greenness. We can not only make our roadways greener, but also the entire transport system. From better intersection management to world-class high-speed highway operations, we have the tools available now to go green.

Green is for now

So why is it important for roadways to be greener now? We want to save the planet and reduce greenhouse gases (GhG)—bold political goals have been set. Transport contributes a significant amount of GhG, especially road transport, so even a relatively small improvement would be significant. If we are to achieve these bold goals within the required time, then it’s time to start planning and implementing. There are proven technology solutions that can be implemented off the shelf including advanced traffic management, electric cars and trucks, AI based decision support and advanced sensors. Robust, trusted OT networks can underpin the attainment of bold goals.

Grandma’s guide to greenness

In addition to her many sayings, my Grandmother would also give me sage advice. One piece of her advice was that to get what you want, there are two fundamental steps required. Step one is to decide what it is you want. Step two is to ask for it. We have obviously decided that we want greener roadways and transport. So now we have to ask for it by designing, specifying, and procuring it. It’s still not easy being green, but it is now easier than ever due to bold political action and capable technologies. Let’s go for green.

Source: cisco.com

Continue reading

Migrating to 6GHz

With more than 18 billion devices in use and 4.2 billion more to be shipping in 2022, the sheer size of existing Wi-Fi deployments worldwide is just mind-boggling. In view of the new Wi-Fi 6E and 6GHz adoption push, it is critical to evaluate what are the best ways to do a migration from existing Cisco on-prem legacy networks into the new world of 6GHz deployments.

For Cisco Enterprise customers, there are several aspects that need to be evaluated for any successful migration planning:

• Existing controller type:
• is it AireOS?
• Model? (Basically, can it  run 8.5 or 8.10?)
• is it IRCM capable (2504/wism2 can’t do mobility to 9800)
• Access point Inventory:
• Are there any 802.11n models still in use? (per example, 2600, 3600, 1520, 1600, etc)
• Are there any Wave1 APs? (last generation of IOS, per example 1700, 2700, 3700)
• Mesh deployments?
• PoE support:
• What is the maximum supported power standard? (802.3bt, 802.3at, etc)
• Any power budged constraints per port?
• Or APs are powered by power injectors?
• Current 5GHz TX power
• Is my network running on average at power level 3-4?
• or it is around 1-2?

6GHz adoption is only supported in the Catalyst 9800 IOS-XE controllers, running 17.7 or higher. This imposes some additional considerations either on controller type migration, or about legacy access points that may need to either be migrated, or supported through Inter Release Controller Mobility (IRCM) solutions

Legacy Access Points

Figure 1. Legacy APs

Over the years, it has always been possible to do co-existence of previous generations of access points with the newly introduced models, ensuring both smooth network upgrades and capacity expansion. Adding new APs is normally not an issue until we hit the scenario of inter-generation gaps.

If a network that for any reason is still running devices 2 generations away (for example, a 2602 AP), and now needs to include new 802.11ax models (for example 9130) or jump to the  9136/9166/9164  for 6GHz support, this will need more complex migration paths.

When there are multiple generation gaps, if the legacy controllers can support IRCM to the IOS-XE 9800,  it is perfectly possible to design a migration plan, without the need to do a “forklift” installation.  This will ensure very little pain to users, and keep the network running until everything is migrated to the new hardware and standards

In the following table, we can see a summary of software support ranges and migration options for most access points models from 11n generation models:

Model/Series	Last AireOS Support	IOS-XE support	IOS-XE AP equivalent	Migration Notes
700/700W Series	8.10	Not supported	9105	Migration through IRCM
1040	8.3	Not supported	9115	AP needs to be replaced
1260	8.3	Not supported	9115	AP needs to be replaced
1600	8.3	Not supported	9115	Either 8.5 IRCM, or Hardware replaced
1700	8.10	17.3	9115	Migration through IRCM
2700	8.10	17.3	9120	Migration through IRCM
3700	8.10	17.3	9130	Migration through IRCM
1810/1810W	8.10	Up to 17.3	9105	Hardware replaced or IRCM between IOS-XE versions
1830/1840/1850	8.10	Supported	9105	Directly supported
AP802/AP802H	8.5	Not Supported	ISR10xx	Migration through IRCM
2600	8.5	Not Supported	1920	Migration through IRCM
2800/3800/4800	8.10	Supported		Directly supported
1540	8.10	Supported		Directly supported
1550	8.5	Not supported		Migration through IRCM
1560	8.10	Supported		Directly supported
1570	8.10	Up to 17.3		Migration through IRCM

For a complete list, you can check the Cisco Wireless Solutions Software Compatibility Matrix, alternatively, you can run the Wireless Config Analyzer Express, to check your migration readiness

Figure 2. AP Migration Decision Flow

Legacy Controllers

Figure 3. Legacy Controller

Depending on the existing controller type, the migration may take different paths. Some scenarios will be simple, allowing a smooth transition. Others may need additional steps to successfully migrate into a Wi-Fi 6E network

What to expect:

◉ “Generation 1” controllers: 5508, 8510. They can support up to 8.5 AireOS version, which will allow mobility scenarios between them and new IOS-XE 9800 controllers (Inter-release Controller Mobility, IRCM support).  Also, they will support  both IOS and AP-COS access points, from 1700 to 3800 models (Wave1, Wave2 802.11ac )

◉ “Generation 2” controllers: 5520, 8540, 3504 . All of these can support up to 8.10 AireOS, also allowing IRCM scenarios with 9800. AP support will additionally include 802.11ax models, like the new Catalyst 9105, 9120, and 9130. etc.

◉ “Generation 1” controllers without IRCM: 2504, WiSM2, vWLC, 7510. No mobility is possible between them and IOS-XE, so additional steps with different migration scenarios are needed

Figure 4. Controller Migration Decision Flow

Migration Scenarios

In general, we should try to migrate “per RF blocks”, defining it as a roaming area or domain where clients can move normally between access points, before hitting idle timeout. Basically, move these RF blocks completely, into the new APs, and IOS-XE controllers. For example, either move a building or a complete floor into the new hardware and software.  We should avoid “salt & pepper” deployments, mixing APs on different controllers at the same time. Not because it is not supported, but because mobility will be more complex, and it may lead to issues sooner or later (just a problem prevention action)

For scenarios where it is impossible to break the RF environment into differentiated blocks (for example a very large building like an airport, or a fully open space office), we will have to either set up artificial boundaries based on roaming frequency and usage or do a forklift upgrade

Figure 5. Example of RF area/building migration

What happens if the AP model is not supported in any IRCM version?

This could be the scenario of a legacy controller, still working in 8.3, with some AP models that are not supported beyond that version. For example, the scenario of 20 APs of 2700 Series, and 10 APs of 1042 Series.

The 1040s are not supported in 8.5. In this case, the preferred option is to prioritize the replacement of those APs first, moving the impacted area into 9800 as the first step. Sometimes, customers have mixed models across a given building. For example, the mix of 2700 and 2600. In those scenarios, the best option is to consolidate models per supported version, moving all APs of a given type together, so they are contained in a specific RF space  in order to facilitate migration in blocks

Scenario 1: Legacy Controller supports IRCM

This will be the most common scenario, where we have either 8.5  (5508/8510) or 8.10 (5520/3504/8540) AireOS controller.  The migration picture will start with the creation of  IRCM setup between AireOS and 9800 controllers, then either replace APs in RF areas connecting them to the new controller, allowing mobility to act when a client needs to roam between legacy and new RF areas.

This method allows the smooth coexistence of both controllers, with RF areas migrated as needed, without any overnight switchover.

Things to keep in mind:

◉ If the controller is limited to 8.5 (5508, 8510), we will need a special IRCM version (8.5.182.104), to connect them to IOS-XE

◉ In general, it is best to split the RF network into different areas, configuring different RF group names between the legacy and IOS-XE controllers. This way each group can do the best calculations that their respective version allows. We should make sure that “Avoid Foreign AP Interference” is enabled on RRM/DCA configuration (it is by default)

◉ Always configure the primary/secondary controller name in access points. The new controllers will reject unsupported APs, but if any AP could work in both controller types, this will avoid APs joining the wrong one, or flip-flopping between them, until the migration is ready to proceed

Scenario 2: Legacy Controller not supporting IRCM

If the legacy network is running on a controller model WiSM2, 2504, 7510, vWLC, it is not possible to establish an IRCM connection between the old controller to the new 9800 handling the 6E APs. This limits significantly the options that are available, and it forces a more aggressive migration process

Migration alternatives:

◉ Keep the two networks separated, and migrate physical RF areas as new APs are added, replacing the old ones. No roaming is possible, and it is very important to keep client VLANs different between controllers, to avoid ARP proxy issues between both controllers. During this process, we must take care on preventing roaming events as client identity, address, etc, will be lost on the change between controller types.  For example, the ideal scenario is to move a complete building from one controller to the new one, doing a forklift AP replacement overnight.

◉ Avoid migrations “per floor”, as in most building types, it is normal to see clients roaming between APs on different floors

◉ Temporarily, replace the legacy controller with one that supports IRCM

Scenario 3: AP is supported up to 17.3 but not in later versions

This will happen when “Wave1” APs are still present, for example, 1700/2700/3700 AP models. For this type of migration, it is possible to move all APs into IOS-XE, with the 17.3 release, then add a secondary wlc to host the new Wi-Fi 6E APs, using 17.9, and establish an IRCM link between both controllers.

On this option, it is possible to do a graceful AP replacement from Wave1, into Wi-Fi 6E models, always trying to do the technology migration, per physical roaming RF area as described (per building, floor, etc). Once all APs are migrated, the 17.3 controllers can be decommissioned

In some instances, the customer may deploy a 9800-CL in 17.3 as a temporary controller to host the legacy APs

6GHz RF Coverage vs 5GHz. AP replacement scenarios

One common discussion point is: How different is going to be the cell coverage, in 6GHz, when compared to a 5GHz AP?

People will want to take a 5GHz AP and do a 1:1 replacement with a 6GHz supported AP, this may seem reasonable, but there are some aspects to consider:

◉ As WiFi-6E uses a higher frequency, the propagation characteristics are different, the signal drops slightly faster in 6 than in 5GHz. The difference should be around 2 dBm on measurements over the same distance. Material absorption will be different as well.

◉ 6GHz has different regulatory power constraints than 5GHz. Currently, most deployments will be using Low Power APs (for simplicity sake’s, let’s say 24dBm in FCC, 23 dBm in ETSI). This means that depending on the current network AP radio’s power levels,  using 6GHz may result in a slightly lower power output

Rule of thumb:

◉ If your power level average is around 3-4, it is possible to do a 1:1 AP replacement, and have a similar coverage level in 5 and 6 GHz

◉ If the power level is in 1-2, then you may need around 10 to 20% additional access points

The easiest way to know the average power level per site is to use WCAE tool and check the “Channel Stats 5GHz” tab. This will present a summary per channel, either at controller, or site tag level, of the average power levels (among other information).  For example, this is a network where migration to 6GHz may need additional access points:

Figure 6. Example of site with low 5GHz coverage

Versus this other one, where the deployment is running on low power, so fitting without issues into 6GHz requirements:

Figure 7. Example of site with good 5GHz coverage

If you use the latest version (0.9.11) of WCAE, you can also get a “6GHz predictive” view of how the power distribution, Nearby relationships, and RSSI for clients would look, if you replaced your current APs with 6GHz capable hardware. The tool will match ETSI or FCC regulatory requirements, adapting powers and differences as needed. This is useful to get a taste of how the network would look, doing a direct migration, without adding any APs.

Figure 8. 6GHz Predictive RRM modeling

For complex or demanding deployment scenarios, the recommendation will always be: do a site survey

Source: cisco.com

Continue reading

Scale security on the fly in Microsoft Azure Cloud with Cisco Secure Firewall

The release of Microsoft Azure Gateway Load Balancer is great news for customers, empowering them to simply and easily add Cisco Secure Firewall capabilities to their Azure cloud infrastructure. By combining Azure Gateway Load Balancer with Cisco Secure Firewall, organizations can quickly scale their firewall presence across their Azure cloud environment, providing protection for infrastructure and applications exactly where and when they need it.

With applications and resources hyper-distributed across hybrid-multicloud environments, organizations require agile security to protect their environment at each control point. This integration empowers organizations to dynamically insert Cisco’s security controls and threat defense capabilities in their Azure environment, removing the clunkiness of provisioning and deploying firewalls, as well as the need to rearchitect the network. Organizations can now enjoy highly available threat defense on the fly, protecting their infrastructure and applications from known and unknown threats.

Securing cloud infrastructure while reducing complexity

Combining Secure Firewall with Azure Gateway Load Balancer offers a significant reduction in operational complexity when securing cloud infrastructure. Azure Gateway Load Balancer provides bump-in-the-wire functionality ensuring Internet traffic to and from an Azure VM, such as an application server, is inspected by Secure Firewall without requiring any routing changes. It also offers a single entry and exit point at the firewall and allows organizations to maintain visibility of the source IP address. Complementing these features, organizations can take advantage of our new Cloud-delivered Firewall Management Center. It enables organizations to manage their firewall presence 100% through the cloud with the same look and feel as they’ve grown accustomed to with Firewall Management Center. With Cloud-delivered Firewall Management Center, organizations will achieve faster time-to-value with simplified firewall deployment and management.

Benefits of Cisco Secure Firewall with Azure Gateway Load Balancer

◉ Secure Firewall lowers cloud spend with Azure Autoscale support – Quickly and seamlessly scale virtual firewall instances up and down to meet demand.

◉ De-risk projects by removing the need to re-architect – Effortlessly insert Cisco Secure Firewall in existing network architecture without changes, providing win/win outcomes across NetOps, SecOps, DevOps, and application teams.

◉ Firewalling where and when you need it – Easily deploy and remove Secure Firewall and its associated security services, including IPS, application visibility and control, malware defense, and URL filtering as needed in the network path.

◉ Greater visibility for your applications – Simplify enablement of your intended infrastructure by eliminating the need for source and destination NAT. No additional configuration needed.

◉ Health monitoring – Ensure efficient routing with continuous health-checks that monitor your virtual firewall instances via Gateway Load Balancer.

◉ Included Cisco Talos® Threat Intelligence – Protect your organization from new and emerging threats with rapid and actionable threat intelligence updated hourly from one of the world’s largest commercial threat intelligence teams, Cisco Talos.

Use-cases
Inbound

Figure 1: Inbound traffic flow to Cisco Secure Firewall with Azure Gateway Load Balancer

Figure 2: Inbound traffic flow to a stand-alone server

Outbound

Figure 3: Internal server is behind a public load balancer. Flow is the same as outbound flow for an inbound connection.

Figure 4: Outbound flow where the internal server is a stand-alone server.

Azure Gateway Load Balancer support for Cisco Secure Firewall Threat Defense Virtual is available now. To learn more about how Cisco Secure Firewall drives security resilience across your hybrid-multicloud environment, see the additional resources below and reach out to your Cisco sales representative.

Source: cisco.com

Continue reading

Get Hands-on with the Meraki API in the DevNet Sandbox

One of the strongest components of the Meraki platform is the consistent and simplified operational management of the network. The modern API, as an extension to the cloud managed service, makes it amazingly simple to programmatically control and manage all aspects of your network. There are customers that fully automate the onboarding of devices via the Meraki portal using routine automation scripts. Or, front-end systems or operational teams with lookup tools that pull analytics or data from the API. Thus, greatly streamlining operational processes required to support an organization.

This blog will showcase some of the techniques that can be used and built upon to integrate the Meraki API programmatically. To do this we will use the DevNet always-on sandbox lab. With this we will only be making read (get) requests into the always-on sandbox. And to make this easy to use, we are going to use the Google Collaboratory environment, which allows you to use Google cloud to run these examples.

Explore the Meraki API using the DevNet Sandbox

To begin exploring the Meraki API using the DevNet Sandbox, I have created a Collaboratory on Google at the below link. To use this, you will need a few things,

1. A personal Gmail account. This will share a copy of the example that you can modify in drive. If you use your corporate account, it will only allow this if your corporation has drive access.

2. You will then access the link below and file/save a copy into drive, from which point a read only copy will become writable, and modifiable to you.

Here is the link:

https://colab.research.google.com/drive/15qs6TFn8gtsTM0PTUUbuubGLYwHJw8hV

The first thing we will do is save a copy of this read only sheet into your drive, which will make it read/write. From the file menu you can click “save a copy to drive”

Once this is done you can evaluate the sheet. Within this sheet there are text blocks, code blocks, and results blocks. The code blocks are fully modifiable, and represent code running in a real python environment located in the Google cloud. To execute the code within a block, you can click the play button to the left of the block. When you do this, any results will show up.

Where this becomes particularly interesting is when we pair this cloud based development environment with the DevNet always-on Meraki Sandbox. This is a functional Meraki instance sponsored and managed through the DevNet organization. For a list of all Sandboxes, you can evaluate devnetsandbox.cisco.com.

For our particular sandbox, we will be using the always-on sandbox. This is available at the below link, but should this link change, you can find it by selecting networking sandboxes from devnetsandbox.cisco.com. (or searching Meraki, or many other ways :)).

https://devnetsandbox.cisco.com/RM/Diagram/Index/a9487767-deef-4855-b3e3-880e7f39eadc?diagramType=Topology

Setting Variables

What we will do in the below code segments, is we set a few variables we can use further on in the code. This makes it so that you can take your real Meraki environment, and change a few URLS, and search for meaningful information in these variables (such as YOUR device, or YOUR network), and use the code to create tables and graphs that you can modify as you see fit.

After setting the variables, we do a very simple get request from Meraki, that we will do many times for different information throughout the sample on Colab.

We then print the results, which will show up in a text string of JSON data.

To translate this into real JSON we can use, we use the below command and then print it so we can see.

This is exceptionally useful as we have useful data formatted as JSON. Building upon this, we can use a library called Pandas which is well known in the data science and ML communities, and is essentially “Excel on Steroids for Python.” What becomes interesting is its native support for reading in our JSON, into a table.

Using the Pandas module

Below we load the Pandas module as the name pd, which we can reference. We then import the JSON, and print out a table with the columns we are interested in. What is elegant about this is the simplicity, we import the module, read in the JSON in a single intuitive command, and create a table with the headings we are interested in.

After doing a few more operations in the code, following through the colab sheet, we make a few more get requests, store as a few different tables, and do different things. (You can explore the sheet.) We search out the network in the organization that we referenced at the outset of this sheet, and we get the top talkers for this via doing a get on the URI and storing it as JSON. Then importing into Pandas (like below), and spitting out the table.

We now have a list of clients and their bandwidth usage. We can then very easily create graphs for usage. This can also all be done easily via a webapp for your network teams. We do this using the Pandas built-in graph capability, as well as an example of using Seaborn, which is used for data visualization.

This is just a high level of some of the capabilities that can be exposed easily via the Meraki API. The purpose of the colab sheet that was created, as well as the DevNet sandbox, is to enable you to be able to play with and evaluate the API. The examples in the colab sheet are intended to be functional code, and stepping stones that reduce the barrier to leveraging programmability to create meaningful results.

I hope this blog was helpful. It explored using the Meraki API via using the always-on DevNet Sandbox. When you have an always-on sandbox, creating, sharing, and reusing examples in Google Colaboratory is a natural fit.

Source: cisco.com

Continue reading