Cisco SPAN for Cisco Application Centric Infrastructure: A Modern Port Analyzer for the Next-Generation Data Center
|
|
- Julia Vivien Cooper
- 7 years ago
- Views:
Transcription
1 White Paper Cisco SPAN for Cisco Application Centric Infrastructure: A Modern Port Analyzer for the Next-Generation Data Center What You Will Learn Cisco Switched Port Analyzer (SPAN) on Cisco Application Centric Infrastructure (Cisco ACI ) offers new techniques for modern, multitenant data centers with transient (virtual) workloads. This document discusses the challenges presented by today s data centers and how Cisco ACI addresses through four types of SPAN: Tenant SPAN Fabric SPAN Access SPAN Virtual SPAN For each SPAN type, you will learn the available source and destination options and how to configure them. You will also learn the main benefits that each SPAN type can provide in your business and any restrictions that you need to consider. What Is Cisco SPAN? Cisco Switch Port Analyzer, or SPAN, is a Cisco standard widely adopted by the networking industry and available across a wide range of products that is used to copy traffic from one or more ports, port channels, or virtual port channels to a destination. The destination can be a local port or a remote device. This copied traffic can then be run through a variety of analysis tools to reach conclusions about its nature. SPAN is commonly used, for example, to monitor traffic to check for suspicious activity, copy traffic to meet regulatory compliance requirements, and inspect traffic for connectivity problems. Current Challenges for SPAN Traditional switches require the administrator to connect to a terminal and configure a SPAN session through the command-line interface (CLI). This requirement can be a problem in large and complex networks because the administrator will need to manually initiate a SPAN session on every required switch in the potential traffic path. This traffic path may not be known ahead of time, especially in modern, multitenant, transient data centers, in which applications can exist within containers that move between physical hardware outside the control of network engineers. A common example of this scenario is an application virtual machine that is automatically migrated to a new hypervisor when the current hypervisor reaches a predefined resource limit. With traditional switches, the network administrator would need to be informed of this move, end the original SPAN session, and create a new SPAN session on the appropriate switch. If this move is not communicated, problems occur both from a business perspective and from a technical perspective Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21
2 From a business perspective, required network traffic may not be appropriately mirrored. At best, the business may fail to learn operational or security information. At worst, traffic for which security is critical may not be inspected, or regulatory requirements may not be met. From a technical perspective, unnecessary network traffic will continue to be replicated on each switch in the original path until the SPAN sessions are ended manually, unnecessarily wasting network bandwidth. The network operator will need to be extremely diligent to remove any unnecessary SPAN sessions because they are a hardware-limited resource. The network operator also will need to find the location to which the virtual machine has been migrated and begin a whole new set of SPAN sessions to adequately capture the traffic, wasting valuable staff time. Organizations need a new way to capture and analyze traffic that solves this problem by adapting to modern data center trends. Introducing a New SPAN Concept with Cisco ACI Cisco ACI introduces a new layer of policy abstraction on top of the switch hardware. This layer includes the logical networking construct of endpoint groups (EPGs, see For More Information at the end of this document). EPGs consume switch hardware resources only when relevant endpoints are present. As workloads move around the data center, the EPG expands and contracts to meet resource needs. A SPAN session based on static hardware ports cannot address this scenario. Cisco ACI thus has introduced the new concept of Tenant SPAN. Tenant SPAN aggregates SPAN sessions across multiple leaf switches transparently and on demand. The administrator is free to describe semantically how traffic should be replicated, and the Cisco Application Policy Infrastructure Controller (APIC) will command the appropriate hardware resources to initiate SPAN sessions on demand to capture relevant traffic. Limitations of Solutions from Other Vendors In current software-only software-defined networking (SDN) solutions, the controller has no integration with the underlying switches, so it cannot initiate or control hardware SPAN sessions. Furthermore, unlike Cisco ACI, in which the copy operation is performed in optimized application-specific circuits (ASICs) and has no impact on the CPU, software-only SDN solutions must rely on software to copy traffic from virtual network ports. This approach limits SPAN to virtual machine only traffic. It also consumes precious CPU cycles on the hypervisor: an extremely valuable resource in any data center. Continued Support for SPAN, RSPAN, and ERSPAN Although Tenant SPAN is excellent for dynamic workloads in a multitenant Cisco ACI fabric, Cisco ACI is used in many different scenarios. Cisco ACI thus continues to make available, provide support for, and build on the tried and tested Remote SPAN (RSPAN) and Encapsulated RSPAN (ERSPAN) features. In addition, if virtual workloads need to be spanned directly within a virtual switch (vswitch), Cisco ACI can be paired with Cisco Application Virtual Switch (AVS) and used to create and manage Virtual SPAN (vspan) sessions, thus providing a full end-to-end SPAN feature set. Easy Deployment The process of configuring SPAN in Cisco ACI is straightforward, especially after you become familiar with the terminology and know the use case that is relevant to your requirements Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 21
3 Use of Filters to Capture Only the Traffic Needed Cisco ACI introduces a concept of SPAN filters. Different SPAN sources have different filtering options, which will be discussed in each use case presented in this document. In general, filters restrict traffic to specific EPGs, bridge domains, or Virtual Routing and Forwarding (VRF) instances, allowing the network operator to easily remove unnecessary traffic from a SPAN session. Identifying the ERSPAN Traffic Source In Cisco ACI, SPAN sessions can be dynamically initiated by the APIC on demand, so you need a way at the destination to identify the switch that is the traffic source, especially if multiple leaf switches are sourcing SPAN traffic in the same session. You can use the source IP prefix to provide this identification. The configured source IP prefix is combined with the sending switch s node ID to produce a unique IP address in the destination EPG. For example, Table 1 shows sample results for source IP prefix /24. Table 1. Identifying the ERSPAN Traffic Source Leaf Switch Node ID ERSPAN Source IP Address Leaf /24 Leaf /24 The SPAN source does not need a network path to the destination EPG. In fact, the source can be in an entirely different tenant, VRF instance, or bridge domain than the destination. Support for Local and Remote Destinations When traffic is replicated, it needs to be delivered to a destination. Originally SPAN traffic could be mirrored only locally on the switch. Extensions such as RSPAN and ERSPAN allowed traffic to be encapsulated and sent to a remote switch or device. Cisco ACI supports local and remote (ERSPAN) destinations in the various types of SPAN. Not all combinations are supported, however, as discussed later in this document. How ERSPAN Reaches the Destination When ERSPAN is used, the destination EPG must belong to a bridge domain that has unicast routing enabled and at least one subnet configured. The ERSPAN packet is injected into the destination EPG on the source leaf switch with the outer source address set to the generated IP address (See Identifying the ERSPAN Traffic Source earlier in this document) and the outer destination IP address set to the destination IP address. The packet then follows the same forwarding path as normal traffic in this EPG. Therefore, the destination must be reachable from this EPG. ERSPAN Types I and II When mirroring traffic to a remote destination, you need to consider the type of ERSPAN traffic that is generated. As previously mentioned, with Cisco ACI the copying and encapsulation of SPAN traffic is offloaded to the switch ASICs. This approach is beneficial because it eliminates the need for any CPU work and has no negative effect on control plane traffic that is dependent on CPU time. Because Cisco ACI uses a merchant+ methodology (in which Broadcom and Cisco chips are combined in one chassis), you must be aware of the way that the different chips implement ERSPAN. When generating remote (ERSPAN) traffic, you need to know which chip encapsulated the packet so that you can validate your remote device to decode the packet correctly Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 21
4 Tenant and Access SPAN use Type I (Broadcom chips) and Fabric SPAN uses Type II (Cisco chips). Note, though, that if you are using ERSPAN Type I and Wireshark, by default, Wireshark will not decode the packets. To decode them, you need to choose Preferences > Protocols > ERSPAN and then select Force to decode fake ERSPAN frame (Figure 1). Figure 1. Decoding ERSPAN Type I in Wireshark Use Cases This document discusses four use cases: Mirror all traffic to and from an EPG to a remote destination (Tenant SPAN) Mirror all traffic to and from my spine switches to a remote destination (Fabric SPAN) Mirror all traffic to and from leaf host ports locally or to a remote destination (Access SPAN) Mirror a virtual interface on a virtual machine to a remote destination (Virtual SPAN) Use Case Topology All the use cases use the same topology (Figure 2). The topology has: Two spine switches Two leaf switches Two local SPAN destinations Two remote SPAN destinations Two hypervisors Two tenants Three EPGs 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 21
5 Figure 2. Network Topology for Use Case Examples Use Case: Mirror All Traffic to and from an EPG to a Remote Destination Tenant SPAN Main Facts The source can be only an EPG. The destination can be only ERSPAN. ERSPAN encapsulation Type I The direction can be: Inbound Outbound Both No filtering is possible. In this use case, you want to mirror traffic when you do not know where the physical source interfaces are ahead of time, but you know that you want to capture all traffic in and out of any physical port that belongs to this EPG (Figure 3) Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 21
6 Figure 3. Tenant SPAN: Possible Sources and Destinations Configuring the Destination Choose Tenants > your tenant > Troubleshoot Policies > SPAN > SPAN Destination Groups Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 21
7 2. Click the + icon to add a destination. 2. Choose the destination EPG. a. This EPG must have connectivity to the destination IP address. (See How ERSPAN Reaches the Destination ) 3. Specify the EPG source IP prefix. a. Refer to the discussion earlier in this document for details about how the source IP address is generated (See Identifying the ERSPAN Traffic Source ). Configuring the Source Choose Tenants > your tenant > Troubleshoot Policies > SPAN > SPAN Source Groups Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 21
8 2. Select the destination group. 3. Click the + icon to add a source. 1. Specify the span source name. 2. Choose the direction. 3. Select the source EPG. You will need to configure a remote collector or analysis tool to capture the ERSPAN traffic and decode it to view the original packet. For example, a common remote collector, Wireshark, can capture the ERSPAN traffic, decode the outer ERSPAN encapsulation, and display the original packet header and payload, including the original source and destination IP and MAC addresses. Use Case: Mirror All Traffic to and from My Spine Switches to a Remote Destination Fabric SPAN Main Facts The source must be a fabric (uplink) port on a leaf or spine switch. 1/49 to 1/60 on Cisco Nexus 9396 (leaf switch) 1/49 to 1/54 on Cisco Nexus 9372 (leaf switch) 1/1 to 1/36 on Cisco Nexus 9336 (spine switch) The destination can be only ERSPAN. ERSPAN encapsulation Type II 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 21
9 The direction can be: Inbound Outbound Both The filter options are: Private network Bridge domain Multiple source paths are supported. You can have multiple switches (leaf or spine) with the same SPAN policy. In this use case, you want to mirror traffic that is traversing the spine switches within the fabric (Figure 4). You can choose one or more fabric ports (on leaf or spine) and then replicate the traffic to a remote location. Figure 4. Fabric SPAN: Possible Sources and Destinations 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 21
10 Configuring the Destination Choose Fabric > Fabric Policies > Troubleshoot Policies > SPAN > SPAN Destination Groups. 2. Click the + icon to add a destination. 2. Choose the destination EPG. a. This EPG must have connectivity to the destination IP address (See How ERSPAN Reaches the Destination ). 3. Specify the EPG source IP prefix. a. Refer to the discussion earlier in this document for details about how the source IP address is generated (See Identifying the ERSPAN Traffic Source ) Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 10 of 21
11 Configuring the Source Choose Fabric > Fabric Policies > Troubleshoot Policies > SPAN > SPAN Source Groups. 2. Select the destination group. 3. Click the + icon to add a source. 2. Choose the direction. 3. (Optional) Select a filter. 4. Add one or more paths Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 11 of 21
12 Use Case: Mirror All Traffic to and from a Switch Port Locally or to a Remote Destination Access SPAN Main Facts The source port can be any access port. The destination can be another access port (not a port channel or virtual port channel [vpc]) or ERSPAN. ERSPAN encapsulation Type I The direction can be: Inbound Outbound Both The filter options are: Tenant Application profile Endpoint group Multiple source paths are supported. In this use case, you want to mirror traffic that is flowing to and from any host-facing ports on a leaf switch (Figure 5). You can locally mirror the traffic to a switch port, or you can send it to a remote destination. A local destination is useful when you want to help ensure that the mirrored traffic does not leave this switch: an important decision to make when planning network capacity. Figure 5. Access SPAN: Possible Sources and Destinations 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 12 of 21
13 Configuring the Destination Choose Fabric > Access Policies > Troubleshoot Policies > SPAN > SPAN Destination Groups. 2. Click the + icon to add a destination. Adding an EPG Destination 2. Choose the destination EPG. a. This EPG must have connectivity to the destination IP address (See How ERSPAN Reaches the Destination ). 3. Specify the EPG source IP prefix. a. Refer to the discussion earlier in this document for details about how the source IP address is generated (See Identifying the ERSPAN Traffic Source ) Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 13 of 21
14 Adding a Switch Interface Destination 2. Choose the destination path Configuring the Source Choose Fabric > Access Policies > Troubleshoot Policies > SPAN > SPAN Source Groups. 2. Select the destination group. 3. Click the + icon to add a source Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 14 of 21
15 2. Choose the direction. 3. (Optional) Select a filter. 4. Select the source. Use Case: Mirror a Virtual Interface on a Virtual Machine to a Remote Destination Virtual SPAN Main Facts vspan requires Cisco Application Virtual Switch. The source can be an EPG or a virtual interface. The destination can be ERSPAN or a virtual interface. No filtering is possible. The direction can be: Inbound Outbound Both In this use case, you want to take advantage of the Application Virtual Switch to mirror traffic from a virtual switch (Figure 6). This approach is useful when traffic is being switched locally within the hypervisor and therefore cannot be captured by the physical leaf switch Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 15 of 21
16 Figure 6. Virtual SPAN: Possible Sources and Destinations Configuring the Destination Choose Fabric > Access Policies > Troubleshoot Policies > VSPAN > VSPAN Destination Groups Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 16 of 21
17 2. Click the + icon to create a destination group. 2. Select the destination type. a. ERSPAN (remote destination) Note: vspan ERSPAN traffic is sourced differently. Traffic is sourced from the tunnel endpoint (TEP) address of the Application Virtual Switch in the infrastructure EPG. Verify that the remote IP address is reachable from this context Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 17 of 21
18 b. LSPAN (virtual interface) i. Choose a tenant, application, and EPG. ii. Select the virtual machine interface of the endpoint to which traffic should be sent. Note: Service graph enabled virtual machine interfaces are not available. Configuring the Source Choose Fabric > Access Policies > Troubleshoot Policies > VSPAN > VSPAN Sessions Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 18 of 21
19 2. Select the destination group. 3. Click the + icon to add a source. 2. Choose the capture direction. 3. Select the source type. a. EPG i. Select the desired tenant, application profile, and EPG. ii. Choose a source path (port channel, vpc, or port). b. CEP (virtual endpoint) i. Select the desired tenant, application profile, and EPG. ii. iii. Select the source client endpoint (CEP). Choose a source path (port channel, vpc, or port). Using SPAN to Troubleshoot Two Endpoints Quickly You now know the four SPAN types, their usefulness in a modern data center, and how to configure them. However, sometimes, in a troubleshooting session, you may need to quickly configure a SPAN session to capture traffic between two endpoints. To do so, you can use the Troubleshooting SPAN Wizard. The Troubleshooting SPAN Wizard is especially useful for network operations teams. It does not use a different SPAN method, but relies on Access SPAN. It is a feature of the Cisco ACI Visibility and Troubleshooting Tool (See ACI Visibility and Troubleshooting Tool in the For More Information section at the end of this document), which can be viewed as a one-stop shop for network operations teams. Given two endpoints, the troubleshooting tool will dynamically build a temporary Access SPAN session to mirror the necessary traffic to capture the flow. After the capture is complete, the SPAN session is taken down Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 19 of 21
20 Two distinct destinations are introduced here: the APIC and the host through the APIC. Both require in-band management to be configured for the fabric (See Configuring In-Band Management Access in the For More Information section at the end of this document). For the APIC destination type, the APIC acts as a capture device from which the mirrored traffic can be downloaded or inspected. The host through the APIC destination type causes the APIC to act as a proxy, forwarding mirrored traffic to an external analyzer. The Visibility and Troubleshooting Tool is available from the Operations tab (Figure 7). Figure 7. Troubleshooting SPAN Wizard SPAN Type Comparison Table Table 2 provides a summary that shows the differences among the SPAN types. Table 2. SPAN Type Comparison SPAN Type Source Filter Destination Fabric SPAN Fabric port Bridge domain Private network Access SPAN Access port Tenant Application profile Endpoint group Remote (ERSPAN Type II) Remote (ERSPAN Type I) Local Tenant SPAN Endpoint group Remote (ERSPAN Type I) Virtual SPAN Virtual machine interface Remote (ERSPAN Type I) LSPAN (virtual machine interface) Scalability As with all network devices, you must plan capacity appropriately when you use SPAN with Cisco ACI. For each leaf, you can have: Four Tenant or Access SPAN sessions Four Fabric SPAN sessions For each SPAN session, you may have: Up to all leaf access ports as the source (Access SPAN) Up to all fabric ports as the source (Fabric SPAN) 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 20 of 21
21 Up to 280 EPGs or bridge domains as the source (Tenant SPAN) Note that after SPAN traffic has been captured, it will compete with normal traffic on the fabric to be delivered. Be sure to plan for SPAN traffic accordingly to avoid link oversubscription. For more information, please see the current verified scalability guide (Version 1.2(1i) at the time of writing). Conclusion In a modern, multitenant datacenter with transient (virtual) workloads, you need a network that can shift at the speed of your business while still delivering all the capabilities available to the switch hardware. Cisco ACI with Cisco SPAN is the only SDN solution that offers all these features while continuing to innovate with new ideas such as Tenant SPAN. The Cisco solution offers robust capabilities well known to network engineers and tried and tested throughout the world in thousands of data centers. If you need SPAN, you need Cisco ACI. For More Information For additional information, see the following: Cisco APIC Troubleshooting Guide Cisco ACI SPAN Guidelines and Restrictions Video: Cisco APIC Configuring a SPAN Session Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design Cisco ACI Visibility and Troubleshooting Tool Configuring In-Band Management Access Printed in USA C / Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 21 of 21
Virtual Machine Manager Domains
This chapter contains the following sections: Cisco ACI VM Networking Supports Multiple Vendors' Virtual Machine Managers, page 1 VMM Domain Policy Model, page 2 Virtual Machine Manager Domain Main Components,
More informationInstallation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure
Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure August 2015 Table of Contents 1 Introduction... 3 Purpose... 3 Products... 3
More informationTransform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure
White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure
More informationStretched Active- Active Application Centric Infrastructure (ACI) Fabric
Stretched Active- Active Application Centric Infrastructure (ACI) Fabric May 12, 2015 Abstract This white paper illustrates how the Cisco Application Centric Infrastructure (ACI) can be implemented as
More informationOVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight
More informationExpert Reference Series of White Papers. VMware vsphere Distributed Switches
Expert Reference Series of White Papers VMware vsphere Distributed Switches info@globalknowledge.net www.globalknowledge.net VMware vsphere Distributed Switches Rebecca Fitzhugh, VCAP-DCA, VCAP-DCD, VCAP-CIA,
More informationVMDC 3.0 Design Overview
CHAPTER 2 The Virtual Multiservice Data Center architecture is based on foundation principles of design in modularity, high availability, differentiated service support, secure multi-tenancy, and automated
More informationCCNA R&S: Introduction to Networks. Chapter 5: Ethernet
CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.
More informationUsing the Advanced GUI
This chapter contains the following sections: Toggling Between Basic and Advanced GUI Modes, page 1 About Getting Started with APIC Examples, page 2 Switch Discovery with the APIC, page 2 Configuring Network
More informationTRILL for Service Provider Data Center and IXP. Francois Tallet, Cisco Systems
for Service Provider Data Center and IXP Francois Tallet, Cisco Systems 1 : Transparent Interconnection of Lots of Links overview How works designs Conclusion 2 IETF standard for Layer 2 multipathing Driven
More informationVirtual PortChannels: Building Networks without Spanning Tree Protocol
. White Paper Virtual PortChannels: Building Networks without Spanning Tree Protocol What You Will Learn This document provides an in-depth look at Cisco's virtual PortChannel (vpc) technology, as developed
More informationEnhancing Cisco Networks with Gigamon // White Paper
Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,
More informationVXLAN Bridging & Routing
VXLAN Bridging & Routing Darrin Machay darrin@arista.com CHI-NOG 05 May 2015 1 VXLAN VM-1 10.10.10.1/24 Subnet A ESX host Subnet B ESX host VM-2 VM-3 VM-4 20.20.20.1/24 10.10.10.2/24 20.20.20.2/24 Load
More informationRedefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance
White Paper Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance What You Will Learn Modern data centers power businesses through a new generation of applications,
More informationSimplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014
Simplify IT With Cisco Application Centric Infrastructure Barry Huang bhuang@cisco.com Nov 13, 2014 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow
More informationLab - Using Wireshark to View Network Traffic
Topology Objectives Part 1: (Optional) Download and Install Wireshark Part 2: Capture and Analyze Local ICMP Data in Wireshark Start and stop data capture of ping traffic to local hosts. Locate the IP
More informationInstalling Intercloud Fabric Firewall
This chapter contains the following sections: Information About the Intercloud Fabric Firewall, page 1 Prerequisites, page 1 Guidelines and Limitations, page 2 Basic Topology, page 2 Intercloud Fabric
More informationDemystifying Cisco ACI for HP Servers with OneView, Virtual Connect and B22 Modules
Technical white paper Demystifying Cisco ACI for HP Servers with OneView, Virtual Connect and B22 Modules Updated: 7/7/2015 Marcus D Andrea, HP DCA Table of contents Introduction... 3 Testing Topologies...
More informationNetwork Agent Quick Start
Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationDeploy Application Load Balancers with Source Network Address Translation in Cisco Programmable Fabric with FabricPath Encapsulation
White Paper Deploy Application Load Balancers with Source Network Address Translation in Cisco Programmable Fabric with FabricPath Encapsulation Last Updated: 5/19/2015 2015 Cisco and/or its affiliates.
More informationAVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM INTEGRATION WITH CISCO APPLICATION CENTRIC INFRASTRUCTURE
TECH BRIEF AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM INTEGRATION WITH CISCO APPLICATION CENTRIC INFRASTRUCTURE Application Centric Infrastructure The Cisco Application Centric Infrastructure (ACI)
More informationVMware Virtual SAN Network Design Guide TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER Table of Contents Intended Audience.... 3 Overview.... 3 Virtual SAN Network... 3 Physical Network Infrastructure... 4 Data Center Network... 4 Host Network Adapter.... 5 Virtual
More informationCisco ACI Simulator Release Notes, Release 1.2(1i)
Cisco ACI Simulator Release Notes, Release 1.2(1i) This document provides the compatibility information, usage guidelines, and the scale values that were validated in testing this Cisco ACI Simulator release.
More informationHow To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan
Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Table of Contents Virtualization Fueling New Possibilities Virtual Private Cloud Offerings... 2 Current Approaches
More informationEVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE
EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need
More informationDisaster Recovery Design with Cisco Application Centric Infrastructure
White Paper Disaster Recovery Design with Cisco Application Centric Infrastructure 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 46 Contents
More informationCitrix XenServer Design: Designing XenServer Network Configurations
Citrix XenServer Design: Designing XenServer Network Configurations www.citrix.com Contents About... 5 Audience... 5 Purpose of the Guide... 6 Finding Configuration Instructions... 6 Visual Legend... 7
More informationData Center Infrastructure of the future. Alexei Agueev, Systems Engineer
Data Center Infrastructure of the future Alexei Agueev, Systems Engineer Traditional DC Architecture Limitations Legacy 3 Tier DC Model Layer 2 Layer 2 Domain Layer 2 Layer 2 Domain Oversubscription Ports
More informationLiveAction Application Note
LiveAction Application Note Layer 2 Monitoring and Host Location Using LiveAction to monitor and identify inter-/intra-switch VLAN configurations, and locating workstations within the network infrastructure.
More informationCLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE
CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business
More informationQuick Start for Network Agent. 5-Step Quick Start. What is Network Agent?
What is Network Agent? Websense Network Agent software monitors all internet traffic on the machines that you assign to it. Network Agent filters HTTP traffic and more than 70 other popular internet protocols,
More informationFlow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
More informationA Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM
Presenter: Vinit Jain, STSM, System Networking Development, IBM System & Technology Group A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio
More informationVMware Network Virtualization Design Guide. January 2013
ware Network Virtualization Technical WHITE PAPER January 2013 ware Network Virtualization Table of Contents Intended Audience.... 3 Overview.... 3 Components of the ware Network Virtualization Solution....
More informationINTEGRATING RECOVERPOINT FOR VIRTUAL MACHINES AND CISCO ACI
INTEGRATING RECOVERPOINT FOR VIRTUAL MACHINES AND CISCO ACI Overview and configuration steps ABSTRACT This white paper provides describes how to properly setup a configuration consisting of Cisco ACI,
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationSoftware Defined Networks
Software Defined Networks Dr. Uttam Ghosh, CDAC, Bangalore uttamg@cdac.in Outline Networking Planes OpenFlow Software Defined Network (SDN) SDN Origin What is SDN? SDN Architecture SDN Operation Why We
More informationNetwork Virtualization and Software-defined Networking. Chris Wright and Thomas Graf Red Hat June 14, 2013
Network Virtualization and Software-defined Networking Chris Wright and Thomas Graf Red Hat June 14, 2013 Agenda Problem Statement Definitions Solutions She can't take much more of this, captain! Challenges
More informationPacket Tracer 3 Lab VLSM 2 Solution
Packet Tracer 3 Lab VLSM 2 Solution Objective Create a simulated network topology using Packet Tracer Design an IP addressing scheme using a Class B subnetwork address and VLSM Apply IP addresses to the
More informationExtending Networking to Fit the Cloud
VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at
More informationCisco Nexus 1000V Switch for Microsoft Hyper-V
Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.
More informationBASIC ANALYSIS OF TCP/IP NETWORKS
BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks
More informationSDN CENTRALIZED NETWORK COMMAND AND CONTROL
SDN CENTRALIZED NETWORK COMMAND AND CONTROL Software Defined Networking (SDN) is a hot topic in the data center and cloud community. The geniuses over at IDC predict a $2 billion market by 2016
More informationDisaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs
Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more
More informationVMware vsphere 5.0 Evaluation Guide
VMware vsphere 5.0 Evaluation Guide Advanced Networking Features TECHNICAL WHITE PAPER Table of Contents About This Guide.... 4 System Requirements... 4 Hardware Requirements.... 4 Servers.... 4 Storage....
More informationCisco NetFlow Generation Appliance (NGA) 3140
Q&A Cisco NetFlow Generation Appliance (NGA) 3140 General Overview Q. What is Cisco NetFlow Generation Appliance (NGA) 3140? A. Cisco NetFlow Generation Appliance 3140 is purpose-built, high-performance
More informationOverview of Routing between Virtual LANs
Overview of Routing between Virtual LANs This chapter provides an overview of virtual LANs (VLANs). It describes the encapsulation protocols used for routing between VLANs and provides some basic information
More informationVirtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches
Virtual Networking Features of the vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches What You Will Learn With the introduction of ESX, many virtualization administrators are managing virtual
More informationCourse Contents CCNP (CISco certified network professional)
Course Contents CCNP (CISco certified network professional) CCNP Route (642-902) EIGRP Chapter: EIGRP Overview and Neighbor Relationships EIGRP Neighborships Neighborship over WANs EIGRP Topology, Routes,
More informationVirtual PortChannel Quick Configuration Guide
Virtual PortChannel Quick Configuration Guide Overview A virtual PortChannel (vpc) allows links that are physically connected to two different Cisco Nexus 5000 Series devices to appear as a single PortChannel
More information基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器
基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器 楊 竹 星 教 授 國 立 成 功 大 學 電 機 工 程 學 系 Outline Introduction OpenFlow NetFPGA OpenFlow Switch on NetFPGA Development Cases Conclusion 2 Introduction With the proposal
More informationVisibility into the Cloud and Virtualized Data Center // White Paper
Executive Summary IT organizations today face unprecedented challenges. Internal business customers continue to demand rapid delivery of innovative services to respond to outside threats and opportunities.
More informationData Center Migration Lift and Shift Use Case Scenario
Why Datacenter Migration Is Challenging for Enterprises Datacenter migration projects are usually complex and involve considerable planning and coordination between multiple teams, including network, security,
More informationAnalysis of Network Segmentation Techniques in Cloud Data Centers
64 Int'l Conf. Grid & Cloud Computing and Applications GCA'15 Analysis of Network Segmentation Techniques in Cloud Data Centers Ramaswamy Chandramouli Computer Security Division, Information Technology
More informationTRILL for Data Center Networks
24.05.13 TRILL for Data Center Networks www.huawei.com enterprise.huawei.com Davis Wu Deputy Director of Switzerland Enterprise Group E-mail: wuhuajun@huawei.com Tel: 0041-798658759 Agenda 1 TRILL Overview
More informationSDN Applications in Today s Data Center
SDN Applications in Today s Data Center Harry Petty Director Data Center & Cloud Networking Cisco Systems, Inc. Santa Clara, CA USA October 2013 1 Customer Insights: Research/ Academia OpenFlow/SDN components
More informationWhat is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates
What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates 1 Goals of the Presentation 1. Define/describe SDN 2. Identify the drivers and inhibitors of SDN 3. Identify what
More informationWhy Software Defined Networking (SDN)? Boyan Sotirov
Why Software Defined Networking (SDN)? Boyan Sotirov Agenda Current State of Networking Why What How When 2 Conventional Networking Many complex functions embedded into the infrastructure OSPF, BGP, Multicast,
More informationData Center Use Cases and Trends
Data Center Use Cases and Trends Amod Dani Managing Director, India Engineering & Operations http://www.arista.com Open 2014 Open Networking Networking Foundation India Symposium, January 31 February 1,
More informationIntegrated Analytics. A Key Element of Security-Driven Networking
Integrated Analytics A Key Element of Security-Driven Networking What if your network offered monitoring and visibility into both the overlay and the underlay? What if you could monitor all application
More informationCCT vs. CCENT Skill Set Comparison
Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification
More information100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)
100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationCisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack
Solution Overview Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack What You Will Learn Cisco and Canonical extend the network virtualization offered by the Cisco Nexus 1000V
More informationvsphere Networking vsphere 6.0 ESXi 6.0 vcenter Server 6.0 EN-001391-01
vsphere 6.0 ESXi 6.0 vcenter Server 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more
More informationQuick Start for Network Agent. 5-Step Quick Start. What is Network Agent?
What is Network Agent? The Websense Network Agent software component uses sniffer technology to monitor all of the internet traffic on the network machines that you assign to it. Network Agent filters
More informationSoftware Defined Network (SDN)
Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario
More informationhp ProLiant network adapter teaming
hp networking june 2003 hp ProLiant network adapter teaming technical white paper table of contents introduction 2 executive summary 2 overview of network addressing 2 layer 2 vs. layer 3 addressing 2
More informationVirtual Machine in Data Center Switches Huawei Virtual System
Virtual Machine in Data Center Switches Huawei Virtual System Contents 1 Introduction... 3 2 VS: From the Aspect of Virtualization Technology... 3 3 VS: From the Aspect of Market Driving... 4 4 VS: From
More informationImplementing Intercluster Lookup Service
Appendix 11 Implementing Intercluster Lookup Service Overview When using the Session Initiation Protocol (SIP), it is possible to use the Uniform Resource Identifier (URI) format for addressing an end
More informationMany network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.
RimApp RoadBLOCK goes beyond simple filtering! Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. However, traditional
More informationvcloud Air - Virtual Private Cloud OnDemand Networking Guide
vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationSecure ACI Data Centers: Deploying Highly Available Services with Cisco and F5 White Paper May 2015. 1 P age
Secure ACI Data Centers: Deploying Highly Available Services with Cisco and F5 White Paper May 2015 1 P age Contents Secure ACI Data Center: Deploying Highly Available Services with Cisco and F5 Next-
More informationCloudEngine 1800V Virtual Switch
CloudEngine 1800V Virtual Switch CloudEngine 1800V Virtual Switch Product Overview Huawei CloudEngine 1800V (CE1800V) is a distributed Virtual Switch (vswitch) designed by Huawei for data center virtualization
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationEnhancing Cisco Networks with Gigamon // White Paper
The Smart Route To Visibility Enhancing Cisco s with Many Fortune 000 companies and beyond implement a Cisco switching architecture. When implementing a large scale Cisco network, the infrastructure to
More informationDCB for Network Virtualization Overlays. Rakesh Sharma, IBM Austin IEEE 802 Plenary, Nov 2013, Dallas, TX
DCB for Network Virtualization Overlays Rakesh Sharma, IBM Austin IEEE 802 Plenary, Nov 2013, Dallas, TX What is SDN? Stanford-Defined Networking Software-Defined Networking Sexy-Defined Networking Networking
More informationWHITE PAPER. Network Virtualization: A Data Plane Perspective
WHITE PAPER Network Virtualization: A Data Plane Perspective David Melman Uri Safrai Switching Architecture Marvell May 2015 Abstract Virtualization is the leading technology to provide agile and scalable
More informationMonitoring Load-Balancing Services
CHAPTER 8 Load-balancing is a technology that enables network traffic to follow multiple paths to a specific destination. It distributes incoming service requests evenly among multiple servers in such
More informationNETFORT LANGUARDIAN MONITORING WAN CONNECTIONS. How to monitor WAN connections with NetFort LANGuardian Aisling Brennan
NETFORT LANGUARDIAN MONITORING WAN CONNECTIONS How to monitor WAN connections with NetFort LANGuardian Aisling Brennan LANGuardian gives you the information you need to troubleshoot problems and monitor
More informationBROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE
BROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE Network Switch Business Unit Infrastructure and Networking Group 1 TOPICS SDN Principles Open Switch Options Introducing OF-DPA
More informationBlue Coat Systems. Reference Guide. WCCP Reference Guide. For SGOS 5.3
Blue Coat Systems Reference Guide WCCP Reference Guide For SGOS 5.3 Contact Information Blue Coat Systems Inc. 420 North Mary Ave Sunnyvale, CA 94085-4121 http://www.bluecoat.com/support/contact.html bcs.info@bluecoat.com
More informationVirtualizing the SAN with Software Defined Storage Networks
Software Defined Storage Networks Virtualizing the SAN with Software Defined Storage Networks Introduction Data Center architects continue to face many challenges as they respond to increasing demands
More informationSILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE
VSPEX IMPLEMENTATION GUIDE SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE Silver Peak Abstract This Implementation Guide describes the deployment of Silver Peak
More informationConfiguring a Load-Balancing Scheme
Configuring a Load-Balancing Scheme Finding Feature Information Configuring a Load-Balancing Scheme Last Updated: August 15, 2011 This module contains information about Cisco Express Forwarding and describes
More informationPersonal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address
NAT Introduction: Vidyo Conferencing in Firewall and NAT Deployments Vidyo Technical Note Section 1 The VidyoConferencing platform utilizes reflexive addressing to assist in setup of Vidyo calls. Reflexive
More informationNetwork Virtualization
Network Virtualization What is Network Virtualization? Abstraction of the physical network Support for multiple logical networks running on a common shared physical substrate A container of network services
More informationEnd-to-End Visibility
End-to-End Visibility for Your Cisco Infrastructure SOLUTIONS GUIDE GIGAMON TABLE OF Contents Introduction... 1 Overview of Cisco Technologies... 1.Monitoring Cisco Application Centric Infrastructure (ACI)...
More informationLifeSize Transit Deployment Guide June 2011
LifeSize Transit Deployment Guide June 2011 LifeSize Tranist Server LifeSize Transit Client LifeSize Transit Deployment Guide 2 Firewall and NAT Traversal with LifeSize Transit Firewalls and Network Address
More informationWhat s New in VMware vsphere 5.0 Networking TECHNICAL MARKETING DOCUMENTATION
What s New in ware vsphere 5.0 TECHNICAL MARKETING DOCUMENTATION v 1.0/Updated April 2011 What s New in ware vsphere 5.0 Table of Contents Introduction.... 3 Network Monitoring And Troubleshooting....
More informationIP Office Technical Tip
IP Office Technical Tip Tip no: 195 Release Date: October 26, 2007 Region: GLOBAL Using Packet Capture Software To Verify IP Network VoIP Quality Of Service (QoS) Operation Converged networks can experience
More informationCisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)
Page 1 of 20 Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW) Document ID: 50036 Contents Introduction Prerequisites Requirements Components Used Network Diagram The Role of Switched
More informationThe Impact of Virtualization on Cloud Networking Arista Networks Whitepaper
Virtualization takes IT by storm The Impact of Virtualization on Cloud Networking The adoption of virtualization in data centers creates the need for a new class of networking designed to support elastic
More informationReference to common tasks
APPENDIXA This section provides how-to information for common tasks that you need to know how to do before you can effectively work with the vcom Command Center. Creating and editing domains Working with
More informationExpert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts
Expert Reference Series of White Papers vcloud Director 5.1 Networking Concepts 1-800-COURSES www.globalknowledge.com vcloud Director 5.1 Networking Concepts Rebecca Fitzhugh, VMware Certified Instructor
More informationvsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN-001074-02
vsphere 5.5 ESXi 5.5 vcenter Server 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more
More informationRECORDING VoIP TRAFFIC via PORT MIRRORING
Recording. Solutions. Redefined. OrecX will easily record your VoIP traffic once your VoIP traffic is seen on the server interface. Use (SPAN, port spanning or port monitoring) to get the right traffic
More information