Thursday, 11 May 2023

Spend Less Time Managing the Network, More Time Innovating with the Network

Cisco Exam, Cisco Exam Prep, Cisco Exam Preparation, Cisco Tutorial and Materials, Cisco Guides

As networks evolve to keep up with the requirements of a distributed hybrid workforce and the need for new B2B and B2C cloud applications, an increasingly complex workload for IT is an inevitable byproduct. Remote workers, collaborative applications, and smart building IoT devices have all added management challenges to the hybrid workplace network. IT teams, already responsible for network device onboarding, availability, and resilience, are taking on AIOps responsibilities for ensuring high application experience. They’re also picking up SecOps oversight for monitoring various endpoints for spoofing threats and malware intrusions. With this growing load of responsibilities, how is IT going to scale and not break?

The answer lies in the past as well as in the future. Twenty years ago, Cisco developed one of the first machine-learning toolsets to analyze vast quantities of telemetry collected from switches, routers, and access points to assist in technical problem resolution. The system, created by the Cisco Advanced Services team, was called Network Profile (NP). Built on top of one of the first network-specific data lakes, NP helped customers understand the current state of their networks and enabled Cisco technicians to quickly troubleshoot network issues.

Since then, Cisco has worked diligently to augment the intelligence inherent in the network. Today, the continuously evolving NP is an integral part of the Cisco CX Cloud and is tightly integrated with Cisco DNA Center. Cisco DNA Center Analytics, like NP and Site Analytics, and automations like the Machine Reasoning Engine, make network pros more effective by offloading repetitive, complex, and time-sensitive tasks that do not directly add new value to the organization.

A key value of applying Machine Learning and Artificial Intelligence engines in conjunction with volumes of operational telemetry is to do simple things simply well and thus enable less experienced NetOps technicians to handle a broader range of maintenance tasks.

Automating Compliance Checks


A great example of this intelligent automation lies in the area of compliance. Cisco DNA Center automates configuration checks of settings—such as certificates and SNMP—across hundreds of controllers. What is usually a time-consuming and tedious task is greatly simplified. Guided automations recommend fixes that IT can quickly implement with a single click. And since this scanning is always on, in real-time, technicians don’t need to remember to set aside time every week to run a network compliance scan. That’s simplification!

Simplifying Device Maintenance


Similarly, when managing thousands of networking devices across campuses, branches, and remote offices, what IT doesn’t know about lingering security issues forces technicians to be reactive rather than proactive. It takes time and expertise to keep up with PSIRT vulnerabilities and patches to network software on thousands of access points and switches.

Cisco DNA Center provides preventative measures for device maintenance. By connecting Cisco DNA Center to Cisco CX Cloud, fixes for known PSIRTs and software patches that IT can identify by existing TAC cases are shared automatically through a Cisco DNA Center dashboard with IT teams operating with relevant infrastructures. The granularity of these notifications extends from controller OS images down to specific device configurations, so only features in use are included in notifications. As a result, instead of discovering that an issue causes a network problem with a known resolution, Cisco DNA Center proactively recommends an appropriate resolution even before a problem occurs. And if a configuration is not using any of the affected features, the controllers will bypass installing unnecessary patches. The result is complexity simplified.

Moving From Reactive to Preventative


Predictive analytics with DNA Center’s Trends and Insights dashboard is an AIOps tool for monitoring the network for changes and anomalies that, while not causing an immediate issue, could become a problem in the future. For example, early warning alerts for events like a gradual increase in wireless interference, a sudden increase in the number of devices connected to the same Access Point, or an IoT device that is pulling 20% more power from a switch can help IT take preventative actions before issues impact workforce performance or network availability. By identifying the signs of looming network problems, Cisco DNA Center keeps NetOps teams ahead of issues instead of constantly chasing them—the empowerment of being proactive versus reactive.

Cisco Exam, Cisco Exam Prep, Cisco Exam Preparation, Cisco Tutorial and Materials, Cisco Guides
Figure 1. Out of complexity, simplicity with Cisco DNA Center AI/ML and Cisco Knowledgebase.

Optimizing the Network Fabric for Application Performance


Reducing complexity with AI/ML processes that assist IT in optimizing the network enables the best application experience for the workforce and customers. Increasingly this is even more critical as applications are literally everywhere, and so are the people who rely on them to keep operations rolling and interact with the business. Gaining visibility into application usage everywhere in the distributed network enables IT to prioritize network resources for business-critical applications and deprioritize irrelevant business applications.

Cisco Exam, Cisco Exam Prep, Cisco Exam Preparation, Cisco Tutorial and Materials, Cisco Guides

Take, for example, the fast-growing use of collaboration applications incorporating audio and video, screen sharing, recording, and translation. Cisco DNA Center AIOps features enable IT to proactively manage Microsoft Teams and Cisco WebEx performance. The Applications Dashboard in Cisco DNA Center displays the audio, video, and application share quality of experience for individual or team sessions for both platforms, enabling IT to quickly determine if a problem is inside or outside the network. The dashboard also provides remediation suggestions, such as increasing Wi-Fi coverage in specific areas—before operations are affected. Suppose the problem is outside the enterprise network. In that case, IT can activate Cisco ThousandEyes WAN Insights directly from the dashboard to determine the internet bottleneck or provider causing the issue, along with alternate routing suggestions to fix the performance degradation.

Simplify Networks with a Foundation of Automation and Analytics


We are weaving AI and ML capabilities throughout Cisco software, controllers, and network fabrics to simplify the management of complex networks, including innovations like AI Network Analytics, Machine Reasoning Engine Workflows, Networking Chatbots, AI Spoofing Detection, Group-Based Policy Analytics, and Trust Analytics. These solutions assist IT in directing talent to more innovative projects that add value to the organization, such as securing the remote workforce, managing multi-cloud applications, and implementing a Secure Access Service Edge (SASE) for holistic security across the enterprise.

Cisco DNA Center enables IT to hide complexity and operate massive networks at scale, securely, and with agility. The value of AI/ML in Cisco DNA Center is in the ability of the network to enable an excellent experience for IT personas, which in turn provides an optimal experience for the workforce, along with trust in knowing the network is always watching and self-adjusting.

Source: cisco.com

Wednesday, 10 May 2023

How to Pass Cisco 300-420 ENSLD Exam Using Various Study Materials?


Getting certified by Cisco is the recommended path to establishing a career in Cisco products. Countless companies, regardless of their size, rely on Cisco’s network software and equipment. It’s evident that Cisco’s products surpass those of their competitors because they continuously enhance and add new features to their technologies. If your career goal is to work in enterprise design, passing the Cisco 300-420 ENSLD exam will significantly benefit you and give you a significant advantage when job hunting.

Cisco 300-420 ENLSD Exam Overview

To obtain the new CCNP certification, you must pass two tests, one of which is the Cisco 300-420 ENSLD. This exam is a concentration test chosen from a pool of six others. It is mandatory to take the 300-420 exam and the core Cisco 350-401 test to be eligible for the certification. The 300-420 exam encompasses diverse topics that students must be familiar with before attempting. These objectives include:

  • Advanced Addressing and Routing Solutions (25%)
  • Advanced Enterprise Campus Networks (25%)
  • WAN for Enterprise Networks (20%)
  • Network Services (20%)
  • Automation (10%)
  • These topics are intended to aid in your exam preparation, consisting of 55-65 questions and last 90 minutes. Once you grasp these topics well, you will be well-prepared to take the Cisco 300-420 exam and pass it successfully.

    Best Study Resources for CCNP Enterprise 300-420 ENSLD Exam

    You must have the right study resources to prepare for the CCNP Enterprise 300-420 ENSLD exam. Here are some of the best resources that you can use:

    1. Official Cisco Learning Resources

    The official Cisco Learning Resources is a great place to start your preparation for the CCNP Enterprise 300-420 ENSLD exam. Cisco offers a range of training courses, study materials, and practice tests that can help you learn the exam topics and get hands-on experience with Cisco technologies and solutions. You can find these resources on the Cisco website or through Cisco’s authorized learning partners.

    2. CCNP Enterprise 300-420 ENSLD Study Guide

    The CCNP Enterprise 300-420 ENSLD Study Guide is a comprehensive resource covering all the exam blueprint topics. The guide includes detailed explanations, examples, and practice exercises to help you understand the exam concepts and prepare for the test. You can find the study guide on Amazon or other online bookstores.

    3. Cisco 300-420 ENSLD Practice Tests

    Practice tests are essential to your preparation for the CCNP Enterprise 300-420 ENSLD exam. They help you identify your strengths and weaknesses, get familiar with the exam format and time constraints, and build your confidence for the test. You can find practice tests on the Cisco website, through Cisco’s authorized learning partners, or on online learning platforms such as nwexam website.

    Tips for Passing CCNP Enterprise 300-420 ENSLD Exam

    Here are some tips that can help you pass the CCNP Enterprise 300-420 ENSLD exam:

    1. Understand the Exam Blueprint

    The CCNP Enterprise 300-420 ENSLD exam blueprint outlines the topics and subtopics the exam covers. Ensure you understand the blueprint and focus your study efforts on the areas you need to improve.

    2. Get Hands-on Experience

    The CCNP Enterprise 300-420 ENSLD exam tests your ability to design enterprise networks using Cisco technologies and solutions. You must have hands-on experience with Cisco devices and software to prepare for the exam. Set up a lab environment or use simulation tools for the necessary expertise.

    3. Join Study Groups

    Joining study groups can help you stay motivated and learn from other candidates preparing for the CCNP Enterprise 300- 420 ENSLD exam. You can find study groups on social media platforms like LinkedIn, Facebook, or Reddit.

    4. Use Mind Mapping and Note-taking Techniques

    Mind mapping and note-taking techniques can help you organize your thoughts, understand complex topics, and remember important concepts. Use these techniques to create summaries, diagrams, and charts that capture the exam topics and subtopics.

    5. Practice Time Management

    The CCNP Enterprise 300-420 ENSLD exam lasts for 90 minutes, which means you have limited time to answer 60-70 questions. Practice time management techniques, such as skipping difficult questions and returning to them later, to ensure you answer all the questions within the allotted time.

    Conclusion

    The CCNP Enterprise 300-420 ENSLD exam is a challenging test requiring extensive knowledge and experience designing enterprise networks using Cisco technologies and solutions. To prepare for the exam, you must have the right study resources, such as official Cisco learning resources, study guides, and practice tests. Additionally, you need to follow some tips, such as understanding the exam blueprint, getting hands-on experience, joining study groups, using mind mapping and note-taking techniques, and practicing time management. With the proper preparation and dedication, you can pass the CCNP Enterprise 300-420 ENSLD exam and advance your career in the networking field.

    Tuesday, 9 May 2023

    Disaster Recovery Solutions for the Edge with HyperFlex and Cohesity

    The edge computing architecture comes with a variety of benefits. Placement of compute, storage, and network resources close to the location at which data is being generated typically improves response times and may reduce WAN based network traffic between an Edge site and central data center. This stated the distributed nature of edge site architectures also introduces several challenges related to data protection and disaster recovery. One requirement is performing local backups with the ability to conduct local recovery operations. Another formidable challenge involves edge site disaster recovery. Planning for the inevitable edge site outage, be it temporary, elongated, or permanent is the problem this blog takes a deeper look into.

    Cisco Career, Cisco Skills, Cisco Jobs, Cisco Tutorial and Materials, Cisco Certification, Cisco Guides, Cisco Learning

    Business continuity planning focuses on items such as Recovery Point Objective (RPO) and Recovery Time Objective (RTO). These measurements are generally expressed in terms of a Service Level Agreement (SLA). Under the covers exists a collection of infrastructure building blocks that make adherence to an SLA possible. In simplistic terms, the building blocks include the ability to perform backups, the ability to create additional copies of backups, provide a methodology to transport backup copies to remote locations (replication), an intuitive management interface, and connects to a preconfigured recovery infrastructure.

    From an operational standpoint, an edge site disaster recovery solution includes workflows that enable the ability to:

    ◉ Perform workload failover from an edge site to a central site.
    ◉ Protect failed over workload at a central site.
    ◉ Reverse replicate protected workloads from a central site back to an edge site at the point where the edge site is ready to receive inbound replication traffic.
    ◉ Failover again such that the edge site once again hosts production workloads.
    ◉ Test these operations without impacting production workloads.

    Should an edge site failure or outage occur, workload failover to a disaster recovery site may become necessary. (Quite obviously, disaster recovery operations should be tested on an ongoing basis rather than just hoping things will work.) At the point where workload failover has been completed successfully, the failed over workload requires data protection. At the point where the edge site has been returned to an operational state, backup copies should be replicated back to the edge site. Alternatively, a new or different edge site may replace the original edge site. At some point, workload transition from the central site back to the edge site will occur.

    HyperFlex with Cohesity Data Protect


    Cohesity provides a number of DataProtect solutions to assist users in meeting data protection and disaster recovery business requirements. The Cohesity DataProtect product is available as a Virtual Edition and can be deployed as a single virtual machine hosted on a HyperFlex Edge cluster. A predefined small or large configuration is available for selection when the product is installed. The Cohesity DataProtect solution is also available in a ROBO Edition, running on a single Cisco UCS server.

    Cohesity DataProtect edge solutions provide local protection of virtual machine workloads and can also replicate local backups to a larger centralized Cohesity cluster deployed on Cisco UCS servers.

    Cisco Career, Cisco Skills, Cisco Jobs, Cisco Tutorial and Materials, Cisco Certification, Cisco Guides, Cisco Learning

    Cohesity protection groups are configured and define the workloads to protect. Protection groups also include a policy that defines the frequency and retention period for local backups. The policy also defines a replication destination, replication frequency, as well as the retention period for replicated backups.

    In summary, Cisco HyperFlex with Cohesity DataProtect has built-in workflows that enable easy workload failover and failover testing. At the point where reverse replication can be initiated, a simple policy modification is all that is required. Cohesity also features Helios, a centralized management facility that enables the entire solution to be managed from a single web-based console.

    Source: cisco.com

    Saturday, 6 May 2023

    Securing the #1 threat vector is a key part of an effective XDR strategy

    There are many ways to build out an extended detection and response (XDR) solution; that may be why so many options exist in the marketplace. However, email security is an undeniably critical component in most customer scenarios. Its strengths lie in its ability to enrich incidents, gather actionable telemetry, provide visibility for greater context, and empower quicker response times. This analysis and understanding of data intent — and the subsequent ability to speed remediation — make email security foundational to an effective XDR strategy.

    What should be built into your XDR strategy?

    ◉ Ability to share data rapidly between existing security layers
    ◉ Greater context and enriched threat investigation and response
    ◉ Automated security responses

    What should an XDR solution provide?

    ◉ A visual representation of real threats you are investigating
    ◉ Easy to understand, quick to comprehend results
    ◉ A seamless way to extend your existing security product

    Email administrators use this XDR strategy when investigating threats against end-users in your organization. Using Cisco Secure Email Threat Defense, Cisco bakes this in from the start.

    A single email contains many identifiable data dispositions that your email security platform already uses to analyze and act against – IP addresses, URLs, hostnames, and attachments (SHA-256 hash). This data is a gold mine of information used in your XDR platform.

    Cisco Career, Cisco Skill, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Tutorial and Materials, Cisco Guides, Cisco Learning
    Figure 1: Snapshot of threat techniques in a phishing email

    Message tracking shows the verdict of the message and the techniques used to categorize and score the email as a threat. In addition, you’ll see pertinent information such as Sender, Recipient, Attachments, and URLs – the expected data points. Email Threat Defense provides these powerful search capabilities to give you quick access to these message details that empower more informed responses. Remediating threats directly in Cisco XDR and Threat Response streamlines processes and saves valuable time.

    Share data between existing security layers


    Your XDR strategy needs to deliver this data between security layers. Cisco XDR builds a data correlation map of a message and all related dispositions. Direct results allow further queries and information gathering by giving you a visual, interactive investigation representation.

    Cisco Career, Cisco Skill, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Tutorial and Materials, Cisco Guides, Cisco Learning
    Figure 2: Example of an XDR investigation starting with a threat message.

    IP addresses seen can be added to an inbound policy outside the email platform. Interact with the URL and see judgments, or perhaps sandbox and re-evaluate it in real time. Add the SHA256 to your Secure Endpoint blocklist. These are all now key functionalities of XDR that empower you and your team to make faster, data driven decisions.

    Aid and enrich threat investigation and response


    Your XDR extensibility should continue with more than just Cisco security products. You can use your existing third-party products for additional intelligence and include extensions to help build your response action.

    Cisco Career, Cisco Skill, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Tutorial and Materials, Cisco Guides, Cisco Learning
    Figure 3: Extensible options to quarantine and isolate observables

    Cisco and Cisco Talos Intelligence Group provide excellent detection and response, rule sets, and a vast intelligence library. In addition, we work closely with partners and additional third-party providers that help to defend against known and emerging threats, new vulnerability discovery, and threat interdiction. Utilizing an external threat feed provider or incorporating your direct private intelligence are vital drivers to XDR collaboration techniques.

    Automate security responses


    Cisco XDR rounds out the strategy with orchestration, allowing you to automate responses with various solutions, specifically providing additional detections and actions.

    Cisco Career, Cisco Skill, Cisco Jobs, Cisco Prep, Cisco Preparation, Cisco Tutorial and Materials, Cisco Guides, Cisco Learning
    Figure 4: Pre-built orchestrations in XDR, this example blocks user access.

    Orchestration allows prebuilt workflows ready to combine the telemetry, security need, and subsequent actions readily available to execute. This automation alleviates the need for redundant or recurring motions that take up your team’s valuable resources and allows them to focus on more strategic initiatives.

    Source: cisco.com

    Monday, 1 May 2023

    Top Tips and Tricks to Pass Cisco 700-150 ICS Exam Utilizing Practice Exam

    The 700-150 ICS certification, also known as Introduction to Cisco Sales, has been developed to equip sales engineers and salespeople with the basic knowledge required for selling Cisco solutions.

    The Introduction to Cisco Sales (700-150 ICS) is a 90-minute test comprising 55 to 65 multiple-choice questions. Candidates are expected to grasp various topics such as selling using the approach, selling Cisco cloud architecture and DC, selling enterprise and digital networks, selling security solutions, selling collaboration solutions, and Cisco certification.

    Top Tips for Cisco 700-150 ICS Exam Preparation

    Here are some essential tips and strategies to help you pass the Cisco Sales 700-150 exam with flying colors.

    1. Understand the Exam Format

    The first step to passing the Cisco Sales 700-150 exam is understanding the format. The exam consists of 55-65 multiple-choice and drag-and-drop questions, and you will have 90 minutes to complete the exam. The exam tests your knowledge of Cisco’s sales solutions, including hardware, software, and services.

    2. Study the Exam Objectives

    The Cisco Sales 700-150 exam tests your knowledge of Cisco’s sales solutions. You must have a solid understanding of the exam objectives to pass the exam. The exam objectives include the following:

  • Cisco Certification (10%)
  • Selling Collaboration Solutions (16%)
  • Selling Security Solutions (18%)
  • Selling Cisco’s Enterprise and Digital Network (22%)
  • Selling Cisco’s DC and Cloud Architecture (18%)
  • Cisco’s Approach to Selling (16%)
  • To ensure that you are fully prepared for the exam, thoroughly study all of the exam objectives.

    3. Utilize Cisco’s Study Materials

    Cisco offers a variety of study materials that can help you prepare for the Cisco Sales 700-150 exam. These materials include:

  • Cisco Sales Essentials (CSE) training
  • SalesConnect
  • Cisco Learning Network
  • Partner Education Connection (PEC)
  • Using these study materials, you can better understand Cisco’s sales solutions and increase your chances of passing the exam.

    4. Take Cisco 700-150 ICS Practice Exam

    Attempting practice exams is essential in preparing for the Cisco 700-150 ICS exam. Practice exams help you identify areas to improve your knowledge and skills. Cisco offers a variety of practice exams that can help you prepare for the exam. By taking these practice exams, you can better understand the exam format and increase your chances of passing the exam.

    5. Join a Study Group

    Joining a study group can be an effective way to prepare for the Introduction to Cisco Sales 700-150 ICS exam. Study groups allow you to discuss exam topics with other candidates and share study materials and strategies. Cisco offers a variety of study groups that can help you prepare for the exam. By joining a study group, you can gain valuable insights and tips from other candidates and increase your chances of passing the exam.

    Benefits of Cisco 700-150 ICS Practice Exam

    Now, let’s explore why taking a practice exam can be crucial to your success in passing the Cisco 700-150 ICS certification exam.

    1. Identifying Knowledge Gaps

    A practice exam is an excellent tool for identifying your knowledge gaps. By taking the exam, you can determine which topics to focus on and study more.

    2. Familiarizing with Exam Format

    The Cisco 700-150 ICS exam is not only challenging but also requires you to have a good understanding of the exam format. The practice exam provides a simulated test environment that allows you to become familiar with the exam format, question types, and time management.

    3. Building Confidence

    Taking a practice exam can help build your confidence. By identifying your knowledge gaps and becoming familiar with the exam format, you can reduce your anxiety and feel more confident in your ability to pass the exam.

    4. Improving Time Management

    Time management is a crucial factor in passing any certification exam. The practice exam can help you improve your time management skills by allowing you to practice completing the exam within the allotted time.

    5. Enhancing Retention

    Studies have shown that taking practice exams can enhance retention. By taking the practice exam, you’re reinforcing what you’ve learned and increasing the chances of retaining the information for the exam.

    Conclusion

    Passing the Introduction to Cisco Sales 700-150 exam is an important step in your career as a Cisco sales professional. Following these essential tips and strategies can increase your chances of passing the exam on the first try. Remember to study the exam objectives thoroughly, utilize Cisco’s study materials, take practice exams, and join a study group. You can become a Cisco Sales 700-150 certified professional with hard work and dedication.

    Your Guide to Victory: True North on Your Introduction to Cisco Sales 700-150 ICS Exam

    Saturday, 29 April 2023

    Cisco Nexus 9000 Intelligent Buffers in a VXLAN/EVPN Fabric

    As customers migrate to network fabrics based on Virtual Extensible Local Area Network/Ethernet Virtual Private Network (VXLAN/EVPN) technology, questions about the implications for application performance, Quality of Service (QoS) mechanisms, and congestion avoidance often arise. This blog post addresses some of the common areas of confusion and concern, and touches on a few best practices for maximizing the value of using Cisco Nexus 9000 switches for Data Center fabric deployments by leveraging the available Intelligent Buffering capabilities.

    What Is the Intelligent Buffering Capability in Nexus 9000?


    Cisco Nexus 9000 series switches implement an egress-buffered shared-memory architecture, as shown in Figure 1. Each physical interface has 8 user-configurable output queues that contend for shared buffer capacity when congestion occurs. A buffer admission algorithm called Dynamic Buffer Protection (DBP), enabled by default, ensures fair access to the available buffer among any congested queues.

    Cisco Nexus 9000, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Jobs, Cisco Learning, Cisco Certification
    Figure 1 – Simplified Shared-Memory Egress Buffered Switch
     
    In addition to DBP, two key features – Approximate Fair Drop (AFD) and Dynamic Packet Prioritization (DPP) – help to speed initial flow establishment, reduce flow-completion time, avoid congestion buildup, and maintain buffer headroom for absorbing microbursts.

    AFD uses in-built hardware capabilities to separate individual 5-tuple flows into two categories – elephant flows and mouse flows:

    ◉ Elephant flows are longer-lived, sustained bandwidth flows that can benefit from congestion control signals such as Explicit Congestion Notification (ECN) Congestion Experienced (CE) marking, or random discards, that influence the windowing behavior of Transmission Control Protocol (TCP) stacks. The TCP windowing mechanism controls the transmission rate of TCP sessions, backing off the transmission rate when ECN CE markings, or un-acknowledged sequence numbers, are observed (see the “More Information” section for additional details).

    ◉ Mouse flows are shorter-lived flows that are unlikely to benefit from TCP congestion control mechanisms. These flows consist of the initial TCP 3-way handshake that establishes the session, along with a relatively small number of additional packets, and are subsequently terminated. By the time any congestion control is signaled for the flow, the flow is already complete.

    As shown in Figure 2, with AFD, elephant flows are further characterized according to their relative bandwidth utilization – a high-bandwidth elephant flow has a higher probability of experiencing ECN CE marking, or discards, than a lower-bandwidth elephant flow. A mouse flow has a zero probability of being marked or discarded by AFD.

    Cisco Nexus 9000, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Jobs, Cisco Learning, Cisco Certification
    Figure 2 – AFD with Elephant and Mouse Flows

    For readers familiar with the older Weighted Random Early Detect (WRED) mechanism, you can think of AFD as a kind of “bandwidth-aware WRED.” With WRED, any packet (regardless of whether it’s part of a mouse flow or an elephant flow) is potentially subject to marking or discards. In contrast, with AFD, only packets belonging to sustained-bandwidth elephant flows may be marked or discarded – with higher-bandwidth elephants more likely to be impacted than lower-bandwidth elephants – while a mouse flow is never impacted by these mechanisms.

    Additionally, AFD marking or discard probability for elephants increases as the queue becomes more congested. This behavior ensures that TCP stacks back off well before all the available buffer is consumed, avoiding further congestion and ensuring that abundant buffer headroom still remains to absorb instantaneous bursts of back-to-back packets on previously uncongested queues.

    DPP, another hardware-based capability, promotes the initial packets in a newly observed flow to a higher priority queue than it would have traversed “naturally.” Take for example a new TCP session establishment, consisting of the TCP 3-way handshake. If any of these packets sit in a congested queue, and therefore experience additional delay, it can materially affect application performance.

    As shown in Figure 3, instead of enqueuing those packets in their originally assigned queue, where congestion is potentially more likely, DPP will promote those initial packets to a higher-priority queue – a strict priority (SP) queue, or simply a higher-weighted Deficit Weighted Round-Robin (DWRR) queue – which results in expedited packet delivery with a very low chance of congestion.

    Cisco Nexus 9000, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Jobs, Cisco Learning, Cisco Certification
    Figure 3 – Dynamic Packet Prioritization (DPP)

    If the flow continues beyond a configurable number of packets, packets are no longer promoted – subsequent packets in the flow traverse the originally assigned queue. Meanwhile, other newly observed flows would be promoted and enjoy the benefit of faster session establishment and flow completion for short-lived flows.

    AFD and UDP Traffic


    One frequently asked question about AFD is if it’s appropriate to use it with User Datagram Protocol (UDP) traffic. AFD by itself does not distinguish between different protocol types, it only determines if a given 5-tuple flow is an elephant or not. We generally state that AFD should not be enabled on queues that carry non-TCP traffic. That’s an oversimplification, of course – for example, a low-bandwidth UDP application would never be subject to AFD marking or discards because it would never be flagged as an elephant flow in the first place.

    Recall that AFD can either mark traffic with ECN, or it can discard traffic. With ECN marking, collateral damage to a UDP-enabled application is unlikely. If ECN CE is marked, either the application is ECN-aware and would adjust its transmission rate, or it would ignore the marking completely. That said, AFD with ECN marking won’t help much with congestion avoidance if the UDP-based application is not ECN-aware.

    On the other hand, if you configure AFD in discard mode, sustained-bandwidth UDP applications may suffer performance issues. UDP doesn’t have any inbuilt congestion-management mechanisms – discarded packets would simply never be delivered and would not be retransmitted, at least not based on any UDP mechanism. Because AFD is configurable on a per-queue basis, it’s better in this case to simply classify traffic by protocol, and ensure that traffic from high-bandwidth UDP-based applications always uses a non-AFD-enabled queue.

    What Is a VXLAN/EVPN Fabric?


    VXLAN/EVPN is one of the fastest growing Data Center fabric technologies in recent memory. VXLAN/EVPN consists of two key elements: the data-plane encapsulation, VXLAN; and the control-plane protocol, EVPN.

    You can find abundant details and discussions of these technologies on cisco.com, as well as from many other sources. While an in-depth discussion is outside the scope of this blog post, when talking about QOS and congestion management in the context of a VXLAN/EVPN fabric, the data-plane encapsulation is the focus. Figure 4 illustratates the VXLAN data-plane encapsulation, with emphasis on the inner and outer DSCP/ECN fields.

    Cisco Nexus 9000, Cisco Career, Cisco Prep, Cisco Tutorial and Materials, Cisco Jobs, Cisco Learning, Cisco Certification
    Figure 4 – VXLAN Encapsulation

    As you can see, VXLAN encapsulates overlay packets in IP/UDP/VXLAN “outer” headers. Both the inner and outer headers contain the DSCP and ECN fields.

    With VXLAN, a Cisco Nexus 9000 switch serving as an ingress VXLAN tunnel endpoint (VTEP) takes a packet originated by an overlay workload, encapsulates it in VXLAN, and forwards it into the fabric. In the process, the switch copies the inner packet’s DSCP and ECN values to the outer headers when performing encapsulation.

    Transit devices such as fabric spines forward the packet based on the outer headers to reach the egress VTEP, which decapsulates the packet and transmits it unencapsulated to the final destination. By default, both the DSCP and ECN fields are copied from the outer IP header into the inner (now decapsulated) IP header.

    In the process of traversing the fabric, overlay traffic may pass through multiple switches, each enforcing QOS and queuing policies defined by the network administrator. These policies might simply be default configurations, or they may consist of more complex policies such as classifying different applications or traffic types, assigning them to unique classes, and controlling the scheduling and congestion management behavior for each class.

    How Do the Intelligent Buffer Capabilities Work in a VXLAN Fabric?


    Given that the VXLAN data-plane is an encapsulation, packets traversing fabric switches consist of the original TCP, UDP, or other protocol packet inside a IP/UDP/VXLAN wrapper. Which leads to the question: how do the Intelligent Buffer mechanisms behave with such traffic?

    As discussed earlier, sustained-bandwidth UDP applications could potentially suffer from performance issues if traversing an AFD-enabled queue. However, we should make a very key distinction here – VXLAN is not a “native” UDP application, but rather a UDP-based tunnel encapsulation. While there is no congestion awareness at the tunnel level, the original tunneled packets can carry any kind of application traffic –TCP, UDP, or virtually any other protocol.

    Thus, for a TCP-based overlay application, if AFD either marks or discards a VXLAN-encapsulated packet, the original TCP stack still receives ECN marked packets or misses a TCP sequence number, and these mechanisms will cause TCP to reduce the transmission rate. In other words, the original goal is still achieved – congestion is avoided by causing the applications to reduce their rate.

    Similarly, high-bandwidth UDP-based overlay applications would respond just as they would to AFD marking or discards in a non-VXLAN environment. If you have high-bandwidth UDP-based applications, we recommend classifying based on protocol and ensuring those applications get assigned to non-AFD-enabled queues.

    As for DPP, while TCP-based overlay applications will benefit most, especially for initial flow-setup, UDP-based overlay applications can benefit as well. With DPP, both TCP and UDP short-lived flows are promoted to a higher priority queue, speeding flow-completion time. Therefore, enabling DPP on any queue, even those carrying UDP traffic, should provide a positive impact.

    Key Takeaways


    VXLAN/EVPN fabric designs have gained significant traction in recent years, and ensuring excellent application performance is paramount. Cisco Nexus 9000 Series switches, with their hardware-based Intelligent Buffering capabilities, ensure that even in an overlay application environment, you can maximize the efficient utilization of available buffer, minimize network congestion, speed flow-establishment and flow-completion times, and avoid drops due to microbursts.

    Source: cisco.com

    Thursday, 27 April 2023

    What is Cisco SD-WAN? Understanding the Basics of Software-Defined Wide Area Networking

    Cisco SD-WAN, Cisco Exam, Cisco Exam Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco Learning

    Introduction


    As the demand for secure, high-speed connectivity between geographically dispersed locations continues to grow, more and more businesses are turning to Software-Defined Wide Area Networking (SD-WAN) to simplify their networks and reduce costs. Among the leading providers of SD-WAN technology is Cisco, a multinational technology company that has been at the forefront of networking innovation for decades.

    In this article, we'll take a closer look at what Cisco SD-WAN is, how it works, and what benefits it offers businesses of all sizes.

    What is SD-WAN?


    Before diving into the specifics of Cisco SD-WAN, it's important to have a basic understanding of what SD-WAN is in general. At its core, SD-WAN is a technology that simplifies the management and operation of a Wide Area Network (WAN) by separating the networking hardware from the software that controls it.

    This means that instead of relying on physical appliances to route traffic between different locations, SD-WAN uses software to manage and direct traffic in the most efficient way possible. SD-WAN also allows businesses to connect to multiple types of networks, including MPLS, broadband, and cellular, making it a flexible and versatile solution for businesses of all sizes.

    How Does Cisco SD-WAN Work?


    Cisco SD-WAN is a complete solution that includes both hardware and software components. At its core is the Cisco vEdge router, a compact and versatile device that connects to the internet or other networks and handles traffic routing and security functions.

    The vEdge router is powered by Cisco's proprietary software, which includes a centralized controller known as the Cisco vSmart controller. This controller is responsible for managing traffic routing policies and distributing them to the vEdge routers in the network.

    One of the key advantages of Cisco SD-WAN is its ability to optimize traffic routing in real-time, based on the conditions of the network. This is done through a process called path selection, which allows the network to choose the best path for traffic based on factors like network congestion, link quality, and application requirements.

    Benefits of Cisco SD-WAN


    Now that we understand how Cisco SD-WAN works, let's take a closer look at some of the benefits it offers businesses of all sizes:

    1. Improved Performance and Reliability

    By optimizing traffic routing in real-time, Cisco SD-WAN helps ensure that network performance remains high, even in the face of changing network conditions. This means that businesses can rely on their networks to deliver the performance and reliability they need to stay productive and competitive.

    2. Enhanced Security

    Cisco SD-WAN includes a number of advanced security features, including encryption, firewall protection, and intrusion prevention. This helps ensure that sensitive data remains secure, even when transmitted across public networks.

    3. Simplified Network Management

    By separating the networking hardware from the software that controls it, Cisco SD-WAN simplifies network management and reduces costs. This means that businesses can focus on growing their operations, rather than spending time and resources managing their networks.

    4. Scalability and Flexibility

    Cisco SD-WAN is a highly scalable solution that can grow with your business. It also allows businesses to connect to multiple types of networks, including MPLS, broadband, and cellular, making it a flexible and versatile solution for businesses of all sizes.

    Conclusion

    In conclusion, Cisco SD-WAN is a powerful and versatile solution for businesses of all sizes that want to simplify their networks, improve performance and reliability, enhance security, and reduce costs. By leveraging the power of software-defined networking, Cisco SD-WAN allows businesses to optimize their networks for the unique needs of their operations, and stay competitive in an increasingly connected world.