ACI Segmentation and Migrations made easier with Endpoint Security Groups (ESG)

Let’s open with a question: “How are you handling security and segmentation requirements in your Cisco Application Centric Infrastructure (ACI) fabric?”

I expect most answers will relate to constructs of Endpoint Groups (EPGs), contracts and filters.  These concepts are the foundations of ACI. But when it comes to any infrastructure capabilities, designs and customers’ requirements are constantly evolving, often leading to new segmentation challenges. That is why I would like to introduce a relatively recent, powerful option called Endpoint Security Groups (ESGs). Although ESGs were introduced in Cisco ACI a while back (version 5.0(1) released in May 2020), there is still ample opportunity to spread this functionality to a broader audience.

For those who have not explored the topic yet, ESGs offer an alternate way of handling segmentation with the added flexibility of decoupling this from the earlier concepts of forwarding and security associated with Endpoint Groups. This is to say that ESGs handle segmentation separately from the forwarding aspects, allowing more flexibility and possibility with each.

EPG and ESG – Highlights and Differences

The easiest way to manage endpoints with common security requirements is to put them into groups and control communication between them. In ACI, these groups have been traditionally represented by EPGs. Contracts that are attached to EPGs are used for controlling communication and other policies between groups with different postures. Although EPG has been primarily providing network security, it must be married to a single bridge domain. This is because EPGs define both forwarding policy and security segmentation simultaneously. This direct relationship between Bridge Domain (BD) and an EPG prevents the possibility of an EPG to span more than one bridge domain. This design requirement can be alleviated by ESGs. With ESGs, networking (i.e., forwarding policy) happens on the EPG/BD level, and security enforcement is moved to the ESG level.

Operationally, the ESG concept is similar to, and more straightforward than the original EPG approach. Just like EPGs, communication is allowed among any endpoints within the same group, but in the case of ESGs, this is independent of the subnet or BD they are associated with. For communication between different ESGs, we need contracts. That sounds familiar, doesn’t it? ESGs use the same contract constructs we have been using in ACI since inception.

So, what are the benefits of ESGs then? In a nutshell, where EPGs are bound to a single BD, ESGs allow you to define a security policy that spans across multiple BDs. This is to say you can group and apply policy to any number of endpoints across any number of BDs under a given VRF.  At the same time, ESGs decouple the forwarding policy, which allows you to do things like VRF route leaking in a much more simple and more intuitive manner.

ESG. A Simple Use Case Example

To give an example of where ESGs could be useful, consider a brownfield ACI deployment that has been in operation for years. Over time things tend to grow organically. You might find you have created more and more EPG/BD combinations but later realize that many of these EPGs actually share the same security profile. With EPGs, you would be deploying and consuming more contract resources to achieve what you want, plus potentially adding to your management burden with more objects to keep an eye on. With ESGs, you can now simply group all these brownfield EPGs and their endpoints and apply the common security policies only once. What is important is you can do this without changing anything having to do with IP addressing or BD settings they are using to communicate.

So how do I assign an endpoint to an ESG? You do this with a series of matching criteria. In the first release of ESGs, you were limited in the kinds of matching criteria. Starting from ACI 5.2(1), we have expanded matching criteria to provide more flexibility for endpoint classification and ease for the user. Among them: Tag Selectors (based on MAC, IP, VM tag, subnet), whole EPG Selectors, and IP Subnet Selectors. All the details about different selectors can be found here: https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/6x/security-configuration/cisco-apic-security-configuration-guide-60x/endpoint-security-groups-60x.html.

EPG to ESG Migration Simplified

In case where your infrastructure is diligently segmented with EPGs and contracts that reflect application tiers’ dependencies, ESGs are designed to allow you to migrate your policy with just a little effort.

The first question that most probably comes to your mind is how to achieve that? With the EPG Selector, one of the new methods of classifying endpoints into ESGs, we enable a seamless migration to the new grouping concept by inheriting contracts from the EPG level. This is an easy way to quickly move all your endpoints within one or more EPGs into your new ESGs.

For a better understanding, let’s evaluate the below example. See Figure 1. We have a simple two EPGs setup that we will migrate to ESGs. Currently, the communication between them is achieved with contract Ctr-1.

High-level migration steps are as follows:

1. Migrate EPG 1 to ESG 1

2. Migrate EPG 2 to ESG 2

3. Replace the existing contract with the one applied between newly created ESGs.

Figure-1- Two EPGs with the contract in place

The first step is to create a new ESG 1 where EPG 1 is matched using the EPG Selector. It means that all endpoints that belong to this EPG become part of a newly created ESG all at once. These endpoints still communicate with the other EPG(s) because of an automatic contract inheritance (Note: You cannot configure an explicit contract between ESG and EPG).

This state, depicted in Figure 2, is considered as an intermediate step of a migration, which the APIC reports with F3602 fault until you migrate outstanding EPG(s) and contracts. This fault is a way for us to encourage you to continue with a migration process so that all security configurations are maintained by ESGs. This will keep the configuration and design simple and maintainable. However, you do not have to do it all at once. You can progress according to your project schedule.

Figure 2 – Interim migration step

As a next step, with EPG Selector, you migrate EPG 2 to ESG 2, respectively. Keep in mind that nothing stands in the way of placing other EPGs into the same ESG (even if these EPGs refer to different BDs). Communication between ESGs is still allowed with contract inheritance.

To complete the migration, as a final step, configure a new contract with the same filters as the original one – Ctr-1-1. Assign one ESG as a provider and the second as a consumer, which takes precedence over contract inheritance. Finally, remove the original Ctr-1 contract between EPG 1 and EPG 2. This step is shown in Figure 3.

Figure 3 – Final setup with ESGs and new contract

Easy Migration to ACI

The previous example is mainly applicable when segmentation at the EPG level is already applied according to the application dependencies. However, not everyone may realize that ESG also simplifies brownfield migrations from existing environments to Cisco ACI.

A starting point for many new ACI customers is how EPG designs are implemented.  Typically, the most common choice is to implement such that one subnet is mapped to one BD and one EPG to reflect old VLAN-based segmentation designs (Figure 4). So far, moving from such a state to a more application-oriented approach where an application is broken up into tiers based on function has not been trivial. It has often been associated with the need to transfer some workloads between EPGs, or re-addressing servers/services, which typically leads to disruptions.

Figure 4 – EPG = BD segmentation design

Introducing application-level segmentation in such a deployment model is challenging unless you use ESGs. So how do I make this migration from pure EPG to using ESG? With the new selectors available, you can start very broadly and then, when ready, begin to define additional detail and policy. It is a multi-stage process that still allows endpoints to communicate without disruption as we make the transition gracefully. In general, the steps of this process can be defined as follows:

1. Classify all endpoints into one “catch-all” ESG

2. Define new segmentation groups and seamlessly take out endpoints from “catch-all” ESG to newly created ESGs.

3. Continue until all endpoints are assigned to new security groups.

In the first step (Figure 5), you can enable free communication between EPGs, by classifying all of them using EPG selectors and putting them (temporarily) into one “catch-all” ESG. This is conceptually similar to any “permit-all” solutions you may have used prior to ESGs (e.g. vzAny, Preferred Groups).

Figure 5 – All EPGs are temporarily put into one ESG

In the second step (Figure 6), you can begin to shape and refine your security policy by seamlessly taking out endpoints from the catch-all ESG and putting them into other newly created ESGs that meet your security policy and desired outcome. For that, you can use other endpoint selector methods available – in this example – tag selectors. Keep in mind that there is no need to change any networking constructs related to these endpoints. VLAN binding to interfaces with EPGs remains the same. No need for re-addressing or moving between BDs or EPGs.

Figure 6 – Gradual migration from an existing network to Cisco ACI

As you continue to refine your security policies, you will end up in a state where all of your endpoints are now using the ESG model. As your data center fabric grows, you do not have to spend any time worrying about which EPG or which BD subnet is needed because ESG frees you of that tight coupling. In addition, you will gain detailed visibility into endpoints that are part of an ESG that represent a department (like IT or Sales in the above example) or application suite. This makes management, auditing, and other operational aspects easier.

Intuitive route-leaking

It is well understood that getting Cisco ACI to interconnect two VRFs in the same or different tenants is possible without any external router. However, two additional aspects must be ensured for this type of communication to happen. First is regular routing reachability and the second is security permission.

In this very blog, I stated that ESG decouples forwarding from security policy. This is also clearly visible when you need to configure inter-VRF connectivity. Refer to Figure 7 for high-level, intuitive configuration steps.

Figure 7. Simplified route-leaking configuration. Only one direction is shown for better readability

At the VRF level, configure the subnet to be leaked and its destined VRF to establish routing reachability. A leaked subnet must be equal to or be a subset of a BD subnet. Next attach a contract between the ESGs in different VRFs to allow desired communication to happen. Finally, you can put aside the need to configure subnets under the provider EPG (instead of under the BD only), and make adjustments to define the correct BD scope. These are not required anymore. The end result is a much easier way to set up route leaking with none of the sometimes confusing and cumbersome steps that were necessary using the traditional EPG approach.

Source: cisco.com

Continue reading

Meraki Network Management with ServiceNow Graph Connector

ServiceNow is a popular cloud-based platform that offers a wide range of IT services management solutions. Apart from being a great CRM tool, one of the key features of ServiceNow is its ability to integrate with other applications and systems.

The ServiceNow Graph Connector for Meraki is one such integration that provides a seamless way to monitor your Meraki organizations, networks, and devices. And create workflows to efficiently manage incidents and alerts.

How does Meraki integrate with ServiceNow?

The Service Graph Connector application or in short the SGC application is a native integration between Meraki and ServiceNow.

The application enables you to import your Meraki organizations and thus all its networks and devices into ServiceNow’s CMDB. Once imported, you can start receiving Meraki alerts and generate incidents that can be assigned and tracked. The application works by leveraging the Meraki Dashboard API and Webhooks.

How to set up a Service Graph connector to start receiving Meraki alerts?

First step is to install this application from the ServiceNow store.

Second step, head over to our detailed step-by-step configuration guide to connect your Meraki organizations with the application and start generating incidents.

What’s new in the Service Graph Connector v1.3

Recently the SGC application was updated to support the Tokyo version of ServiceNow.

With this new version update, some new features were included such as:

◉ Simplified and improved setup experience with a step by step configuration guide.

Guided Set Up

◉ New CMDB sync filters based on specific Meraki Organizations.

◉ Support for pre/post scripts in the import job so that users have the ability to adjust the data mappings as necessary.

◉ New administrative and debugging menus to add more troubleshooting.

◉ Enhanced ServiceNow security settings for receiving Meraki webhooks.

◉ Integration Dashboard to get a concise view of CMDB execution status and integration errors.

Integration Dashboard

The SGC application leverages Meraki Webhooks to send alerts to the ServiceNow instance. The built in ‘ServiceNow’ webhook payload template enables you to easily export these alerts in the format that is compatible with ServiceNow.

Built-in ServiceNow Webhook template

The ServiceNow Graph Connector for Meraki is a powerful and efficient tool for managing your Meraki network incidents. Coupled with the Meraki Dashboard platform, this integration helps ensure your network is always running smoothly.

Source: cisco.com

Continue reading

Greater Monitoring and Visibility for your Security Success

Managing network and security needs of a modern enterprise

Today’s digital transformation is fostering the modernization of enterprise networks. It’s very common for an enterprise to mix and match vendors to build its network and security infrastructure just like you would use different sources to build your home entertainment center. With the increasing adoption of different point products, SOC (Security Operations Center) engineers are getting overwhelmed with all the consoles they need to keep track of. They need a way to pool all the information together just like you would use a receiver to connect all the components of your home entertainment center

SIEM (Security Information and Event Management) is the “receiver” used to address this challenge by offering a common console to visualize data. Cisco has collaborated with Splunk, one of the market leaders in the SIEM space, to produce a comprehensive SOC dashboard.

Using Cisco SD-WAN and Splunk to create efficiencies 

Your enterprise solution often has comprehensive logging streams, and your SOC team needs an efficient approach to make sense of all the chaos around them. In addition, it’s becoming increasingly challenging to find and retain security professionals. All this and much more fuel the argument that a SIEM is becoming extremely important in enterprise networks.

Cisco has developed the SD-WAN Splunk application to ensure we are not leaving you ‘high and dry’. The application automatically parses the router’s security logs when they are sent to your Splunk environment and populates the data on a pre-built security dashboard.

How it works

You can locate and download the application on the Splunk marketplace, Splunkbase, using your existing Splunk license. The Cisco SD-WAN and Splunk integration can be achieved in a few simple steps

Figure 1 – Cisco SD-WAN / Splunk Topology

1. Download and install the Cisco SD-WAN Splunk App and App Add-on https://splunkbase.splunk.com/app/6657 Cisco SD-WAN Splunk App

https://splunkbase.splunk.com/app/6656 App Add-on

2. Under the application settings, add the Cisco SD-WAN IP and port number as a source for the log forwarding

On Cisco SD-WAN vManage, add the Splunk Application IP as a destination to forward logs

Figure 2 – Cisco SD-WAN App on Splunkbase

Deliver significant insights out of a mountain of alerts

You’re then able to make use of a comprehensive SOC dashboard to visualize all the threats captured by the SD-WAN router.

This will serve as a one-stop shop to gain a holistic view of the security events in your network. You can navigate through charts and graphs to drill down to device-level details and inspect what packet flows triggered a security event. These events are listed in three main sections.

Figure 3 – Threat Inspection Dashboard

Together, Cisco SD-WAN and Splunk enable you to transform your network and security operations

Enterprises rely on Cisco to build secure and agile networks that can safeguard their users and applications from bad actors and external threats. Just like an amplifier helps your receiver consume all the components of your home entertainment center for the best overall experience, the new Cisco SD-WAN Splunk Application helps enterprises collect vital security analytics and ensure their SOC team is on top of all the security events traversing their network.

Source: cisco.com

Continue reading

An Easier Way to Secure Your Endpoints

Why is it so hard to secure your endpoints? The most simplistic reason is because endpoints are in the hands of human beings who can inadvertently click on a link that introduces malware or unwittingly use an unsecure Internet connection which allows threat actors to access a corporate network.

Read More: 700-805: Cisco Renewals Manager (CRM)

Organizations became more prone to breaches over the course of the pandemic because more and more workers were not inside corporate walls (and firewalls) and instead worked from places like a home office or café. With more endpoints outside the confines of the corporate WAN, the attack surface abruptly increased, and with this came greater risk. Working to keep endpoints secure while having to grant access so workers can be productive makes for a difficult balancing act.

Endpoints are ground zero for organizations of all sizes and across all industry verticals. Cisco examined the nature of security incidents detected by sensors through Indication of Compromise (IOC), detecting suspicious behaviors and analyzing patterns of malicious activity. These are the top four critical severity IOCs we observed:

Without the capability to bring visibility via focused detection, breaches can go undetected for months, until the organization’s critical data have likely already been compromised.

So, if we know endpoints are so often targeted, then why are many organizations having such a problem securing them?

Customers tell us their primary challenges are expertise, time, and evidence:

Challenge: Expertise	Challenge: Time	Challenge: Evidence
“My team can’t be experts on every new threat, or all be experts in threat hunting.”	“I don’t have enough time to go after every new threat, alert, patch and compromised device.”	“We can’t always identify which threats to prioritize or get to the root cause of every attack.”

These quotes have got to be music to the ears of threat actors. They know, like you do, how hard it can be to find skilled resources to staff your security team. Studies show that most organizations’ internal Security Operations Centers (SOCs) are only able to handle 7 to 8 investigations per day, in part because teams are burdened with frequent, false, and often redundant alerts. This leads to more manual effort for already understaffed teams, making it harder to keep pace with constantly evolving threats and issues. The result? You end up with gaps in security, higher operational costs, and a less efficient and, honestly, burned out team.

But I’m here to tell you it doesn’t have to be like that. Consider our solution offer, Cisco Secure MDR for Endpoint (formerly Cisco Secure Endpoint Pro):

◉ We do the heavy lifting of securing your endpoints: Our dedicated elite team of Cisco security experts performs 24x7x365 endpoint monitoring, detection, and response—so you don’t have to.

◉ We detect and respond to threats in minutes, not hours: Cisco specialists use automation and advanced playbooks, powered by the Cisco SecureX platform, and backed by Talos threat intelligence, to drastically reduce detection and response times.

◉ We investigate every threat and prioritize the most critical ones: We conduct an in-depth investigation of every incident you have and enable you to approve or reject remediation actions based on evidence from our experts.

Cisco Secure MDR for Endpoint can identify and then stop threats, block malware, and contain and remediate even advanced threats that evade frontline defenses. We look at all alert-able threats, investigate and prioritize them, and recommend response actions. We do this around the clock and around the globe, from dedicated, global Cisco SOCs.

By the way, let me tell you a bit more about the incredible Talos threat intelligence standing behind our detection and response capabilities. Talos is a recognized leader in threat intelligence research and proactive and emergency response security services. Their research work includes identifying over 30 billion events per day and then vetting those events with Talos’ 400+ researchers and investigators—benefitting our ability to detect and respond.

We built Secure MDR for Endpoint as a solution, so you don’t have to spend the time and money to build a SOC, develop or acquire the tools to make it work, and then recruit and train the personnel to staff it. Secure MDR for Endpoint takes the time, expense, and complexity out of identifying and responding to threats on endpoints. Our SOC experts use AI and machine learning to separate all the false positive alarms from the real issues that need to be pursued and managed.

Source: cisco.com

Continue reading

The Rise and Rise of DevOps Adoption

Thriving in the fast-changing world of technology means staying abreast of the latest trends and advancements. In recent years, one such trend—DevOps— has surged in popularity and usage. DevOps has become one of the most sought-after cultures to be adopted by organizations, with DevOps engineering roles among the IT industry’s highest in demand.

What led to the rise of DevOps? Why are organizations prioritizing DevOps adoption? Let’s take a step back and review what the term refers to, its benefits, and what we can learn from its impact on organizations and tech professionals shifting to the DevOps approach.

Demystifying DevOps

What is DevOps? Allow me to explain how the term received its name. The Development (Dev) team writes the code and performs extensive testing. The Operations (Ops) team builds the platform and manages the product’s infrastructure. As the software development lifecycle gets complex over time, it becomes difficult to assign responsibilities. The result is delayed rollouts and shortcomings in the feature’s quality.

That is exactly what DevOps fixes.

DevOps combines the Development and Operations team into a single cohesive unit. (See Figure 1.)

Figure 1. DevOps collaboration cycle between Development and Operations teams.

DevOps aims to improve the collaboration between the two teams. When development and operations work together, the result is a lessened delivery time for a feature to make its way from ‘whiteboard’ to ‘production.’

Benefits of DevOps adoption

DevOps offers a wide range of benefits to organizations, as well. Here are several reasons they choose to adopt DevOps:

1. Helps organizations move faster with feature rollouts maintaining product quality.

2. Defines the role and responsibilities of everyone involved, thus streamlining the delivery process.

3. Promotes transition to a more automated and integrated system management approach.

4. Provides reduced deployment frequency, lesser failure of new releases, and shorter time between patch fixes.  

Statistics on DevOps adoption

Figure 2. Impact of DevOps on organizations. (Source: Atlassian)

Recent surveys and studies complement the steady increase in the adoption of DevOps in organizations. In a Global Market Insights study, the DevOps market size exceeded US$7 billion in 2021 and is expected to grow at a CAGR of over 20% from 2022 to 2028 to a value of over US$30 billion.*

Predictive analysis reveals Asia-Pacific’s DevOps market size is set to experience massive growth of around 25% by 2028. And with the staggering growth of the DevOps market, organizations are actively hiring engineers skilled in DevOps technologies.

Presently, there are over 17,000 DevOps engineer roles advertised on Indeed in the United States alone, with an average salary range of $96,600-$122,000.

Extensive research by Atlassian showed that once DevOps impacted their organization, 78% of the total respondents had to learn a new skill, 61% say it helped them produce higher quality deliverables and 49% say they see a faster time to market.

Organizations experience a multitude of positive impacts post-DevOps adoption, as shown in Figure 2. As DevOps practices continue to gain traction, businesses need to ensure it fits into their objectives and adds value to deliveries. As such, 83% of IT decision-makers report their organization is implementing DevOps practices.

The transition has its challenges, however. Only 18% of organization’s and teams have adopted a DevOps approach. Meanwhile, 78% consider themselves to be evolved to a middle level and 4% to a low level.**

Figure 3. (Source: Atlassian)

Atlassian’s trend survey showed 84% of respondents have faced barriers to their DevOps implementation. As illustrated in Figure 3, the most common hurdles are a lack of skills in employees, legacy infrastructure and adjusting corporate culture. 

Outlook for DevOps in the  Future

While the transition to DevOps is rewarding for organizations, it comes with challenges. Management needs to carefully plan DevOps’ integration in the development lifecycle. Ideally, organizations should promote learnings on DevOps technologies to their employees and encourage them to take DevOps training and certifications to hone their skills in the area.

The Cisco Certified DevNet Expert certification recognizes NetDevOps leaders with the expertise to leverage automation methodologies, technologies and practices to improve networking—securely and at scale.

As we move further into future, DevOps will continue to evolve along with its rising compatriots; Cloud, Edge and IoT. Coming up, I’ll take a deep dive into DevOps and touch base with the technologies associated and provide a complete learning roadmap. Stay tuned! 

How has the adoption of DevOps impacted your organization? Have you faced challenges such as learning barriers or skills shortages? Please share your experience with me in the comments below. If you are an IT professional, I invite you to join me in the DevNet Certifications Community, where we can continue the conversation about how you can upskill into this highly sought-after field. 

* DevOps Market Size By Component (Solution [Management DevOps {Continuous Business Planning, Testing & Development, DevOps Analytics}, Delivery DevOps {Continuous Integration, Software Delivery Management}, Operation DevOps {Continuous Deployment, Monitoring & Performance Management}], Service [Professional Service, Managed Service]), By Deployment Model (On-premise, Cloud [Public Cloud, Private Cloud, Hybrid Cloud]), By Enterprise Size (Large Enterprises, SMEs), By Application (BFSI, IT & Telecom, Healthcare, Retail, Government, Manufacturing, Media & Entertainment), COVID-19 Impact Analysis, Regional Outlook, Growth Potential, Competitive Market Share & Forecast, 2022 – 2028, Global Market Insights, March 2022

** DevOps Stats And Facts – All The Numbers You Might Ever Need On DevOps In 2022, K&C, May 27, 2022

Source: cisco.com

Continue reading

Getting to the Core of the Digital Divide with 5G Fixed Wireless Access

Even today, there is a sizeable U.S. population without internet connectivity. The majority of this population are rural households who either lack in-home broadband service or have few options for in-home broadband. And so, for this community, affordable connectivity remains largely out of reach. While fiber broadband would be the ideal solution, developing new infrastructure and even the trenching work required for fiber remains a significant challenge for broadband connectivity providers. A number of promising policies including the Global Connect Initiative and Advancing the Deployment of Broadband Through Dig Once are offering hope. Both were launched to bring cost savings, increase access to reliable broadband, and assist with faster deployment when a conduit is already in place. These policy initiatives are meant to help realize public and economic benefits. Improving access to broadband leads to prosperity and new opportunities where service is affordable and available.

At Cisco, we believe that affordability and connectivity should not be at odds with one another. To change this dynamic, and build towards a more inclusive future, we have been working to change the economics of the internet. The digital divide came to the forefront during the shift to remote work and learning prompted by the 2020 pandemic, exposing under-served communities and their lack of access to broadband. For communities without infrastructure already trenched in the ground, the use of mobile wireless broadband has become a lifeline for remote work, learning, and even telehealth. In this new era of hybrid work, 5G mobile broadband is an effective solution for extending reliable connectivity into underserved rural and suburban areas. While mobile broadband technology has been around awhile, it is just now, at the tail end of the 4G era and the beginnings of 5G with access to new mid-band and high-band spectrum, that mobile wireless broadband is becoming a serviceable reality. Communication Service Providers (CSPs) that have been slowed or even disincentivized by the time and cost of trenching new cable are recalculating and redressing the value of the last mile using Fixed Wireless Access (FWA) service for rural and suburban communities.

Why Fixed Wireless Access?

Fixed Wireless Access is a great tool for reducing the digital divide when it comes to accessibility and affordability. The economics for providing Internet services were in need of a change and FWA offers some good ones – reducing trenching requirements, increasing serviceable area, offering self-install customer equipment (CPE), and even providing a common wireless network architecture that can serve both Fixed Wireless Access and Mobile Access services.

When considering our approach to designing 5G networks, a guiding principle has been to improve through simplification, because managing one network and one core is simpler than managing two. The architectural differences between 4G and 5G are significant and many operators saw 5G NSA as the simplest route to early 5G, where you can introduce some limited 5G functions and features on top of existing 4G infrastructure. But 5G NSA is just a half-measure, affording a small amount of the 5G goodness we hear so much about. The next step, getting to 5G SA, is a significant achievement in network transformation for the few CSPs who have managed to accomplish the task.

Growing Fixed Wireless Access from 4G to 5G

With 5G SA new service capabilities can be explored without the limitations of the legacy architecture. Take 5G Fixed Wireless Access for example, unlike previous generations’ architectures, a 5G SA’s network architecture can flexibly deploy User Plane Function (UPF) nodes to anchor a FWA subscriber’s user plane traffic for peering at the nearest edge aggregation point. Unlike a typical mobile device such as a cell phone, fixed wireless devices are meant to be always-on and connected for serving end user devices. Meaning that the latency and reliability we commonly expect from traditional wireline services is expected from fixed wireless services too.

Even though Fixed Wireless Access isn’t new and 4G LTE FWA services have existed for several years, transitioning into 5G technologies for FWA services is a big step towards achieving the scale that rivals FTTx offerings. As a matter of fact, T-Mobile has already begun scaling up their 5G Fixed Wireless Access services, smoothly transitioning from their initial 4G service offering, using our Cisco Converged Core. The process has been so smooth, that in the 2022, T-Mobile became the fastest growing Internet service provider—doubling their number of FWA customers in the past six months. With over 2 million FWA subscribers and counting, the scalability and flexibility of having a Converged Core has proven invaluable. Being able to deploy UPF nodes for Fixed Wireless Access in remote locations while managing the Session Management Function (SMF) nodes at a central site(s) is effective for scaling the network, optimizing the usage of the transport infrastructure to deliver better end-user latency

Scaling and extending Fixed Wireless Access with the flexible deployment of UPF nodes, optimizing the routing for user plane traffic.

Of course, having a Converged Core is just a piece of the 5G puzzle. A service like Fixed Wireless Access leverages the Radio Access Network (RAN), converged Software Defined Network (SDN) transport, and a whole host of policy, security, management, and automation components. Additionally, managing the spectral efficiency and capacity available on the existing network infrastructure for FWA services are important for delivering wireless broadband. It is estimated that around 70 percent of communication service providers today offer a form of Fixed Wireless Access services, most of them still using 4G LTE which delivers a fraction of the performance of fiber. Upgrading network architectures to meet the needs of new 5G services needs a smooth plan for the transition and at Cisco, we believe that can begin in the core. With a Converged Core, communication service providers can migrate from 4G to 5G without disruption while scaling to serve the needs of millions of new subscribers.

Source: cisco.com

Continue reading

Boost Your Cisco 200-301 Exam Score with CCNA Practice Test

To earn the Cisco Certified Network Associate (CCNA) certification, you must pass the Cisco 200-301 exam. This exam tests your knowledge and skills in networking fundamentals, network access, IP connectivity, IP services, security fundamentals, automation, and programmability. To prepare for the exam, you need to have a solid understanding of CCNA syllabus, and the best way to do so is by taking CCNA practice test.

This article will discuss different study resources, why CCNA practice tests are essential, and how they can help you ace the Cisco 200-301 exam.

Helpful Study Resources to Ace Cisco 200-301 Exam

Preparing for the Cisco 200-301 exam can be daunting, but with the right study resources, you can ace the exam and take your networking career to the next level. This article will explore the best study resources for the Cisco 200-301 exam that will help you prepare for the test and achieve your certification.

Cisco Learning Network

The Cisco Learning Network is a comprehensive resource for anyone studying for a Cisco certification. This platform offers a variety of resources, including self-paced e-learning courses, study groups, and practice exams. The Cisco Learning Network also has a community of experts available to answer your questions and provide guidance throughout your studying process.

Official Cert Guide

The Official Cert Guide is a comprehensive study resource written by Cisco experts. This guide provides in-depth coverage of all exam objectives, with detailed explanations of concepts and practice questions to help you gauge your understanding. The guide also comes with access to an online practice test engine, which provides you with practice questions and simulates the exam environment.

Cisco Press Books

Cisco Press is the official publisher of Cisco certification and technology books. Their books cover a wide range of topics related to networking and provide detailed explanations of concepts and technologies. For the Cisco 200-301 exam, Cisco Press offers a variety of books, including the Official Cert Guide, Exam Cram, and study guides.

CCNA Practice Test

Evaluating your preparedness for an exam by taking a CCNA practice test is advisable, as it can give you an idea of your readiness for the actual exam. Once you have taken the exam, you can examine your performance and make improvements in areas where you need to. It is also recommended that you take a complete practice test, as this can help you tackle the daunting task of taking the actual exam and the anxiety that comes with it.

Why Are CCNA Practice Tests Important?

CCNA practice tests are a great way to prepare for the Cisco 200-301 exam. These tests mimic the exam and allow you to practice and assess your knowledge and skills in a simulated environment. By taking practice tests, you can identify your strengths and weaknesses and focus on areas that need improvement.

Practice tests also help you familiarize yourself with the exam format, types of questions, and time constraints. This familiarity will help you feel more confident and less anxious when taking the exam.

How CCNA Practice Tests Can Help You Ace the Cisco 200-301 Exam

Identify Knowledge Gaps: CCNA practice tests can help you identify knowledge gaps in each exam topic. By doing so, you can focus on areas that need improvement and reduce the chances of missing questions during the exam.

Time Management: The Cisco 200-301 exam has a time limit of 120 minutes, and you need to answer 100-120 questions. CCNA practice tests can help you manage your time better by allowing you to practice answering questions within the time limit. This practice will help you understand the time required for each question and the pace you must maintain during the exam.

Exam Format: The Cisco 200-301 exam consists of multiple-choice, drag-and-drop, simulation, and testlet questions. CCNA practice tests can help you familiarize yourself with these questions and provide the necessary experience to answer them confidently.

Build Confidence: Taking CCNA practice tests can help build your confidence by making you feel more familiar with the exam format, types of questions, and time constraints. This familiarity will help you feel less anxious and more confident when taking the exam.

How to Find CCNA Practice Tests

There are many resources available online that provide CCNA practice tests. You can find free and paid options, and choosing a resource that meets your needs and budget is essential.

Some popular resources for CCNA practice tests include Cisco's Official Practice Test and the nwexam website. Both platforms offer a comprehensive official practice test that explains each question.

Conclusion

Taking CCNA practice tests is essential to preparing for the Cisco 200-301 exam. These practice tests can help you identify areas where you need improvement, build your confidence, reduce your anxiety, get used to the exam format, and experience different types of questions. By taking advantage of CCNA practice tests, you can increase your chances of success and become a certified Cisco network associate.

Continue reading