Autonomic Networking BRKGEN Michael Behringer
|
|
|
- Kristian Moore
- 6 years ago
- Views:
Transcription
1
2 Autonomic Networking BRKGEN-2999 Michael Behringer
3 Autonomic Networking Intro How We Got Here
4 Our First Goal Was: Automatic Network Security External NOC External How to Distinguish inside from outside without configuration? External 4
5 Certificates to Distinguish Internal from External External NOC External How to distribute certificates, securely, zero-touch? External 5
6 Autonomic Networking Background
7 Secure Domain Certificate Enrolment New device Proxy Registrar my domain certificate my unique device identifier (802.1AR / SUDI) new device with ID x Fundamental Idea: Using a secure vendor ID to bootstrap a domain ID Accept? Domain parameters For new device Domain enrolment Domain certificate Domain parameters For new device Domain enrolment Domain certificate See: 7
8 Result: Each Device has a Domain Cert External NOC External Now, we can find boundaries automatically! External See: 8
9 Demo: Secure Zero-Touch Bootstrap Configure a registrar Network bootstraps automatically AND: securely! 9 9
10 Would you use Cloud based device identification? Cisco Internet Cisco, is device A really my device? Internet Yes, this is your device! domain.com New device A Registrar
11 Secure Domain Certificate Enrolment New device Proxy Registrar Factory Cloud Service my unique device identifier (802.1AR / SUDI) my domain certificate new device with ID x Accept? new device ID x; domain y Authorization token Audit log for device Domain parameters Authorization token Domain parameters Authorization token Accept? Join? Domain enrolment Domain certificate Domain enrolment Domain certificate See: 11
12 Where Is The Catch? New device Proxy Registrar my domain certificate my unique device identifier (802.1AR / SUDI) new device with ID x How do nodes communicate without IP addressing? Accept? Domain parameters For new device Domain enrolment Domain certificate Domain parameters For new device Domain enrolment Domain certificate 12
13 The Autonomic Control Plane loopback VRF Secure Tunnel loopback VRF IPv6 link local IPv6 link local Self-forming and self-managing Follows network topology Not dependent on config or routing table* * Some exceptions apply 13
14 Connecting into the Autonomic Control Plane loopback VRF Secure Tunnel loopback VRF Like normal ip vrf forwarding command All devices on this interface have full access to ACP Can SSH, SNMP, etc to loopbacks Interface eth 2 autonomic connect ipv6 address 2000::10/64 Long term: Servers will be autonomic devices 14
15 Advantages of the Autonomic Control Plane (ACP) loopback VRF Secure Tunnel loopback VRF Completely self-managing No config! IPv6 link local IPv6 link local Secure Separate (VPN) and Encrypted (IPsec) Independent of Routing Only depends on link local addresses Independent of Configuration Only certificate visible in sh running Use as a Virtual Out-Of-Band Channel Visible Lots of show commands, debugs, etc.
16 Domain Certificates: Foundation for Autonomic Networking External External NOC External we can now secure the network automatically bring up OSPF automatically and PIM-SM!! we could enable guestnet, if a policy says so each device knows what to do we can find BGP speakers automatically! and secure the sessions! the admin can detect unauthorised devices reporting can be aggregated in the network See: 16
17 Autonomic Networking Work Flow
18 Create a Whitelist Devices joining the domain must be validated before handing out certificates Create a whitelist (text file) of UDIs that are allowed to join Automatically generated by Cisco (from Bill of Sale) for new devices Updated by operator for existing devices Load whitelist on the Registrar (manually) Find Unique Device Identifiers (UDI) on bill of sale Registrar Purchase Bill of Sale Operator updates for Existing devices 18
19 Configure a Registrar Router#configure terminal Router(config)#autonomic registrar Router(config-registrar)#domain-id cisco.com Router(config-registrar)#whitelist disk:whitelist.txt Router(config-registrar)#ca url <> Router(config-registrar)#no shut Enter Autonomic Registrar Config mode Configure domain-id any name will do Specify a local whitelist (Optional) Specify an external CA s url (Optional) Unshut the Registrar You re done! Registrar also can run an IOS CA locally If a whitelist is not used a deployment window is the recommended alternative Registrar CA 19
20 Registrar Redundancy A Registrar in an Autonomic domain: validates new devices (whitelist) Hands out domain certificate Registrar down no new devices can join the autonomic domain! Good practice to configure multiple registrars Registrars can be distributed no need to be neighbors! Registrar Registrar Identical Configuration 20
21 Bring up Remote Sites: Channel Discovery Newly installed device is always passive Typically, VLAN based E-LINE services - each NID permits one VLAN Channel discovery helps discover the allowed VLAN ACP is kept separate from Data plane using QinQ service instance with fixed inner vlan = 4094 Third-Party Metro-Ethernet Cloud Probe for VLAN = 416 passes through NID only allows VLAN 416 Outer VLAN Inner VLAN 21
22 Restricting VLAN Ranges with Channel Discovery Intent configured on registrar Flooded through network Router#configure terminal Router(config)#autonomic intent Router(config-intent)#control-plane Router(config-intent)#vlan outer Router(config-intent)#vlan inner 4092 Registrar
23 Autonomic Networking Strategy
24 Next Generation Plug and Play (PnP) Device boots: Listen mode Received DHCP offer Use DHCP/DNS to establish connection Received nothing Received adjacency discovery y PnP server reachable? n Use helper device to enable network connectivity Domain certificate enrolment Join Autonomic Control Plane Download config Download image Zero touch bootstrap finished
25 More Ideas router bgp <as> autonomic authentication router isis autonomic authentication network-protection autonomic Secure remote device identification <Your idea here.> For each router: For each neighbor: Configure static password at the same time as neighbor Regularly update all passwords, at the same time For each router: For each isis interface: Configure password or chain For each area: Configure password or chain Regularly update all passwords Define Infrastructure ACL for your entire core address space On each edge router: Install iacl Configure management plane protection Configure control plane protection Update entire edge whenever address space changes
26 Autonomic Networking Complements SDN controller How does a Controller: Discover network elements? Autonomic discovery Enrol them securely? (without pre-staging?) Secure bootstrap process Domain certificates Reach them consistently? Autonomic Control Plane Independent of the data plane!
27 Autonomic Networking Complements SDN controller How does a Controller: Discover network elements? Autonomic discovery Enrol them securely? (without pre-staging?) Secure bootstrap process Domain certificates Reach them consistently? Autonomic Control Plane Independent of the data plane!
28 Autonomic Networking Complements SDN controller How does a Controller: Discover network elements? Autonomic discovery Enrol them securely? (without pre-staging?) Secure bootstrap process Domain certificates Reach them consistently? Autonomic Control Plane Independent of the data plane!
29 Autonomic Networking Complements SDN controller How does a Controller: Discover network elements? Autonomic discovery Enrol them securely? (without pre-staging?) Secure bootstrap process Domain certificates Reach them consistently? Autonomic Control Plane Independent of the data plane!
30 Autonomic Networking Infrastructure Autonomic Node Standard Network OS Features draft-irtf-nmrg-autonomic-network-definitions-04
31 Standardisation ANIMA Working Group: Early work A Framework for Autonomic Networking Making the Internet Secure by Default NMRG work Autonomic Networking: Definitions and Design Goals Gap Analysis for Autonomic Networking Use case drafts: Those are used to derive requirements for the Autonomic Networking Infrastructure Autonomic Networking Use Case for Network Bootstrap Autonomic Network Stable Connectivity Autonomic Prefix Management in Large-scale Networks Solution drafts: An Autonomic Control Plane Bootstrapping Key Infrastructures Bootstrapping Trust on a Homenet (this is in homenet, not ANIMA) A Generic Discovery and Neg. Protocol for Autonomic Networking 31
32 OpenDayLight: Secure Network Bootstrapping Infrastructure (SNBI) 32
33 Autonomic Networking Summary
34 Autonomic Networking: The Self-Managing Network Simpler controller Secure by default Network wide, abstract management Intelligent devices Michael Behringer
35 Device Support: SP, Enterprise and IoT Supported today: ASR 901, ASR 901s, ASR 903, ASR 920, ME 3600, ME 3800 Catalyst 2000, 3000, 4000, NG3k, IE 2000 Open Source: Secure Network Bootstrap Infrastructure (SNBI; part of OpenDayLight Helium release) Roadmap ASR 9000 ASR 1000, CSR 1000, ISR-G2, ISR-4000 (more to come) 35
36 References IEFT Drafts: See earlier slide OpenDayLight Project SNBI: Autonomic Networking Configuration Guide, Cisco IOS Release 15S s-book.html Cisco IOS Autonomic Networking Command Reference 36
37 Call to Action Visit: BRKSPG Autonomic Networking: Simplifying Service Provider Access Deployments Thursday, 11:30, Suite 8, Mezzanine, South Wing, Level 2 Demo on Autonomics World of Solutions, in the Service Provider area Meet the Engineer Lunch Time Table Topic: Autonomic Networking Thursday, Level 0 North Catering Area Contact us: autonomic-team@cisco.com Twitter: #autonomic 37
38 Complete Your Online Session Evaluation Please complete your online session evaluations after each session. Complete 4 session evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt. All surveys can be completed via the Cisco Live Mobile App or the Communication Stations 38
39
Autonomic Control Plane A Virtual Out Of Band Channel
Autonomic Control Plane A Virtual Out Of Band Channel Alvaro Retana (aretana@cisco.com) Distinguished Engineer, Cisco Services Slides by Michael Behringer. We all know: SDN Will Save The World Yes, but
Configuring Autonomic Networking
Autonomic Networking, page 1 Autonomic Networking Autonomic networking makes network devices intelligent by introducing self-management concepts that simplify network management for the network operator.
A Reference Model for Autonomic Networking draft-behringer-anima-reference-model-03.txt
A Reference Model for Autonomic Networking 93 rd IETF, 20 July 2015 Michael Behringer Brian Carpenter Toerless Eckert 1 Reference Model High Level View Autonomic Function B ASA ASA Registrar ASA ASAs deployed
An Autonomic Control Plane
An Autonomic Control Plane draft-ietf-anima-autonomic-control-plane update for ietf99:08 ietf100:12 100 th IETF, November 2017, Singapore Michael Behringer (editor), Toerless Eckert (editor), Steinthor
Remote Access MPLS-VPNs
First Published: August 12, 2002 Last Updated: May 4, 2009 The feature allows the service provider to offer a scalable end-to-end Virtual Private Network (VPN) service to remote users. This feature integrates
MPLS in the DCN. Introduction CHAPTER
CHAPTER 5 First Published: January 3, 2008 Last Updated: January 3, 2008 Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images Use Cisco Feature Navigator to find information
ANIMA WG (Autonomic Networking Integrated Model and Approach) Rechartering Consideration
ANIMA WG (Autonomic Networking Integrated Model and Approach) Rechartering Consideration By co-authors Sheng Jiang & Toerless Eckert ANIMA WG History of ANIMA WG Primary presentations in 2013 Dedicated
A Reference Model for Autonomic Networking draft-behringer-anima-reference-model-00.txt
A Reference Model for Autonomic Networking 92 nd IETF, 27 Mar 2015 Michael Behringer Brian Carpenter Toerless Eckert 1 Background History A Framework for Autonomic Networking Jun 2012 draft-behringer-autonomic-network-framework-00.txt
Managing Site-to-Site VPNs: The Basics
CHAPTER 23 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels
Cisco SD-Access Building the Routed Underlay
Cisco SD-Access Building the Routed Underlay Rahul Kachalia Sr. Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
BGP-MVPN SAFI 129 IPv6
Subsequent Address Family Identifier (SAFI) 129, known as VPN Multicast SAFI, provides the capability to support multicast routing in the service provider's core IPv6 network. Border Gateway Protocol (BGP)
CCIE Routing & Switching
CCIE Routing & Switching Cisco Certified Internetwork Expert Routing and Switching (CCIE Routing and Switching) certifies the skills required of expert-level network engineers to plan, operate and troubleshoot
Routing Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
[Actual4Exams] Actual & valid exam test dumps for your successful pass
![[Actual4Exams] Actual & valid exam test dumps for your successful pass](/thumbs/96/128057934.jpg "[Actual4Exams] Actual & valid exam test dumps for your successful pass")
[Actual4Exams] http://www.actual4exams.com Actual & valid exam test dumps for your successful pass Exam : 300-135 Title : Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Vendor : Cisco Version
Managing Site-to-Site VPNs
CHAPTER 21 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels
PnP Deep Dive Hands-on with APIC-EM and Prime Infrastructure
LTRNMS-2007 PnP Deep Dive Hands-on with APIC-EM and Prime Infrastructure Thomas Gerneth, Julian Mueller,Tobias Huelsdau Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after
Cisco Implementing Cisco IP Routing v2.0 (ROUTE)
Course Overview ROUTE v2.0, a five-day ILT course, includes major updates and follows an updated blueprint. (However, note that this course does not cover all items listed on the blueprint.) Some older
MPLS LDP Autoconfiguration
First Published: November 8, 2004 Last Updated: November 25, 2009 The feature enables you to globally configure Label Distribution Protocol (LDP) on every interface associated with a specified Interior
Cisco Plug and Play Feature Guide Cisco Services. Cisco Plug and Play Feature Guide Cisco and/or its affiliates.
Cisco Services TABLE OF CONTENTS Configuring Cisco Plug and Play... 14 Contents Introduction... 3 Cisco Plug and Play Components... 3 Plug-n-Play Agent... 3 Key Benefits... 4 Plug and Play Server... 4
Cisco SD-Access Hands-on Lab
LTRCRS-2810 Cisco SD-Access Hands-on Lab Larissa Overbey - Technical Marketing Engineer, Cisco Derek Huckaby - Technical Marketing Engineer, Cisco https://cisco.box.com/v/ltrcrs-2810-bcn2018 Password:
Supported Platforms for Cisco Path Trace, Release x. This document describes the supported platforms for the Cisco Path Trace, Release x.
Cisco Path Trace Application for APIC-EM Supported Platforms, Release 1.5.0.x First Published: 2017-06-23, Release 1.5.0.x This document describes the supported platforms for the Cisco Path Trace, Release
Managing Site-to-Site VPNs: The Basics
CHAPTER 21 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels
ITBraindumps. Latest IT Braindumps study guide
ITBraindumps http://www.itbraindumps.com Latest IT Braindumps study guide Exam : 400-151 Title : CCIE Data Center v2.0 Vendor : Cisco Version : DEMO Get Latest & Valid 400-151 Exam's Question and Answers
Cisco CCNP ROUTE: Implementing Cisco IP Routing (ROUTE) 2.0. Upcoming Dates. Course Description. Course Outline
Cisco CCNP ROUTE: Implementing Cisco IP Routing (ROUTE) 2.0 Implementing Cisco IP Routing (ROUTE) v2.0 is an instructor-led five day training course developed to help students prepare for Cisco CCNP certification.
PREREQUISITES TARGET AUDIENCE. Length Days: 5
Cisco Implementing Cisco IP Routing v2.0 (ROUTE) ROUTE v2.0 includes major updates and follows an updated blueprint. However, note that this course does not cover all items listed on the blueprint. Some
Configuring Bridge Domain Interfaces
The Cisco ASR 1000 Series Aggregation Services Routers support the bridge domain interface (BDI) feature for packaging Layer 2 Ethernet segments into Layer 3 IP. Restrictions for Bridge Domain Interfaces,
MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution
MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution This feature enables you to configure your carrier supporting carrier network to enable Border Gateway Protocol (BGP) to transport routes
Cisco IOS IPv6. Cisco IOS IPv6 IPv6 IPv6 service provider IPv6. IPv6. data link IPv6 Cisco IOS IPv6. IPv6
IP6FD v6 Fundamentals, Design, and Deployment v3.0 Cisco IOS IPv6 Cisco IOS IPv6 IPv6 IPv6 service provider IPv6 IP IPv6 IPv6 data link IPv6 Cisco IOS IPv6 IPv6 IPv6 DHCP DNS DHCP DNS IPv6 IPv4 IPv6 multicast
Implementing Cisco IP Routing (ROUTE)
Implementing Cisco IP Routing (ROUTE) COURSE OVERVIEW: Implementing Cisco IP Routing (ROUTE) v2.0 is an instructor-led five-day training course developed to help students prepare for Cisco CCNP certification.
ipv6 mobile home-agent (global configuration)
ipv6 mobile home-agent (global configuration) ipv6 mobile home-agent (global configuration) To enter home agent configuration mode, use the ipv6 mobile home-agent command in global configuration mode.
Configuring VRF-lite CHAPTER
CHAPTER 36 Virtual Private Networks (VPNs) provide a secure way for customers to share bandwidth over an ISP backbone network. A VPN is a collection of sites sharing a common routing table. A customer
CCIE ROUTING & SWITCHING V5.0
CCIE ROUTING & SWITCHING V5.0 Overview The CCIE Routing and Switching Lab Exam version 5.0 is an eight-hour, hands-on exam which requires you to configure and troubleshoot a series of complex networks
CCNP TSHOOT. Quick Reference Sheet Exam
CCNP TSHOOT Quick Reference Sheet Exam 300-135 Chapter 1. Network Principles Troubleshooting Steps Problem Identification Collection of Information Examination and Action Plan Verification Basic Troubleshooting
MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution
MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution This feature lets you configure your carrier supporting carrier network to enable Border Gateway Protocol (BGP) to transport routes and Multiprotocol
GRE and DM VPNs. Understanding the GRE Modes Page CHAPTER
CHAPTER 23 You can configure Generic Routing Encapsulation (GRE) and Dynamic Multipoint (DM) VPNs that include GRE mode configurations. You can configure IPsec GRE VPNs for hub-and-spoke, point-to-point,
MLDP In-Band Signaling/Transit Mode
This module contains information for configuring Multicast Label Distribution Protocol (MLDP) in-band signaling to enable the MLDP core to create (S,G) or (*,G) state without using out-of-band signaling
Chapter 5. Security Components and Considerations.
Chapter 5. Security Components and Considerations. Technology Brief Virtualization and Cloud Security Virtualization concept is taking major portion in current Data Center environments in order to reduce
Configuring Multicast VPN Inter-AS Support
Configuring Multicast VPN Inter-AS Support Last Updated: December 23, 2011 The Multicast VPN Inter-AS Support feature enables Multicast Distribution Trees (MDTs) used for Multicast VPNs (MVPNs) to span
MPLS VPN Inter-AS Option AB
First Published: December 17, 2007 Last Updated: September 21, 2011 The feature combines the best functionality of an Inter-AS Option (10) A and Inter-AS Option (10) B network to allow a Multiprotocol
26 CHAPTER Virtual Private Networks (VPNs) provide a secure way for customers to share bandwidth over an ISP backbone network. A VPN is a collection of sites sharing a common routing table. A customer
UniNets MPLS LAB MANUAL MPLS. UNiNets Multiprotocol label Switching MPLS LAB MANUAL. UniNets MPLS LAB MANUAL
MPLS UNiNets Multiprotocol label Switching MPLS LAB MANUAL CCNP TOPOLOGY Lab: OSPF Routing VPN Topology: Task1: Perform the basic Configuration to provide the reachability as per diagram. SW1 Configuration
Cisco Service Advertisement Framework Deployment Guide
Cisco Service Advertisement Framework Deployment Guide What You Will Learn Cisco Service Advertisement Framework (SAF) is a network-based, scalable, bandwidth-efficient approach to service advertisement
Multicast only Fast Re-Route
First Published: November 24, 2010 Last Updated: November 24, 2010 (MoFRR) is an IP solution that minimizes packet loss in a network when there is a link or node failure. It works by making simple enhancements
PIM Allow RP. Finding Feature Information. Restrictions for PIM Allow RP
This module describes how to configure the feature in IPv4 or IPv6 networks for inter-connecting Protocol Independent Multicast (PIM) Sparse Mode (SM) domains with different rendezvous points (RPs). enables
Serviceability of SD-WAN
BRKCRS-2112 Serviceability of SD-WAN Chandrabalaji Rajaram & Ali Shaikh Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live
Introduction to OpenConfig
DEVNET-1775 Introduction to OpenConfig Santiago Álvarez, TME Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App
Fundamentals and Deployment of Cisco SD-WAN Duration: 3 Days (24 hours) Prerequisites
Fundamentals and Deployment of Cisco SD-WAN Duration: 3 Days (24 hours) Prerequisites The recommended knowledge and skills that a learner must have before attending this course are as follows: Knowledge
Using Cloud VPN Service
To begin, log in to the VMS Service Interface using your consumer credentials. In case of association with several tenants, choose a customer name from the drop-down on the left pane of the Welcome page.
IPv6 Commands: n to re
IPv6 Commands: n to re nai (proxy mobile IPv6), page 3 neighbor override-capability-neg, page 4 neighbor send-label, page 6 neighbor translate-update, page 9 network (IPv6), page 12 nis address, page 14
BGP Support for the L2VPN Address Family
BGP Support for the L2VPN Address Family Last Updated: November 21, 2012 BGP support for the Layer 2 Virtual Private Network (L2VPN) address family introduces a BGP-based autodiscovery mechanism to distribute
Implementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN
This module provides conceptual information for VXLAN in general and configuration information for layer 2 VXLAN on Cisco ASR 9000 Series Router. For configuration information of layer 3 VXLAN, see Implementing
This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and
This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNP: Building Scalable
BGP Support for the L2VPN Address Family
BGP support for the Layer 2 Virtual Private Network (L2VPN) address family introduces a BGP-based autodiscovery mechanism to distribute L2VPN endpoint provisioning information. BGP uses a separate L2VPN
Improving IoT Security: the role of the manufacturer. Eliot Lear
Improving IoT Security: the role of the manufacturer Eliot Lear Introduction A View Through a Light Bulb Connected Spaces is a big deal Automated and efficient lighting Room assignment and scheduling Changing
Use Plug and Play to Deploy New Devices
About Plug and Play, page 1 Prerequisites for Using Plug and Play, page 2 Plug and Play Workflow, page 2 Use the Plug and Play Dashboard to Monitor New Device Deployments, page 4 Create Plug and Play Profiles
MPLS VPN over mgre. Finding Feature Information. Last Updated: November 1, 2012
MPLS VPN over mgre Last Updated: November 1, 2012 The MPLS VPN over mgre feature overcomes the requirement that a carrier support multiprotocol label switching (MPLS) by allowing you to provide MPLS connectivity
MPLS VPN--Inter-AS Option AB
The feature combines the best functionality of an Inter-AS Option (10) A and Inter-AS Option (10) B network to allow a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) service provider
OSPF Commands on Cisco ASR 9000 Series Router
OSPF Commands on Cisco ASR 9000 Series Router This module describes the commands used to configure and monitor the Open Shortest Path First (OSPF) routing protocol. For detailed information about OSPF
Prepare.csv (Comma-Separated Value) Files to Import New Devices on FND
Prepare.csv (Comma-Separated Value) Files to Import New Devices on FND Contents Introduction Prerequisites Requirements Components Used.csv Files to Add Devices in FND FAR Head-End Router (HER) Connected
High Availability Synchronization PAN-OS 5.0.3
High Availability Synchronization PAN-OS 5.0.3 Revision B 2013, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Device Configuration... 4 Network Configuration... 9 Objects Configuration...
IGMP Proxy. Finding Feature Information. Prerequisites for IGMP Proxy
This module describes how to configure IGMP proxy to enable a device to send an IGMP report to a specified destination IP address. Finding Feature Information, page 1 Prerequisites for, page 1 Information
Transportní paketová infrastruktura poskytovatelů služeb
Transportní paketová infrastruktura poskytovatelů služeb David Jakl Cisco Systems Engineer Motivation: What are Service Operator Challenges? Explosive Bandwidth growth Static or reduced Budgets OTT services,
Using Cloud VPN Service
To begin, log in to the VMS Service Interface using your consumer credentials. In case of association with several tenants, choose a customer name from the drop-down in the left pane of the Welcome page.
Configuring Route Maps to Control the Distribution of MPLS Labels Between Routers in an MPLS VPN
Configuring Route Maps to Control the Distribution of MPLS Labels Between Routers in an MPLS VPN Route maps enable you to specify which routes are distributed with Multiprotocol Label Switching (MPLS)
VRF, MPLS and MP-BGP Fundamentals
VRF, MPLS and MP-BGP Fundamentals Jason Gooley, CCIEx2 (RS, SP) #38759 Twitter: @ccie38759 LinkedIn: http://www.linkedin.com/in/jgooley Agenda Introduction to Virtualization VRF-Lite MPLS & BGP Free Core
OTV Loopback Join Interface
This chapter contains the following sections: Finding Feature Information, page 1 Information About, page 1 Licensing Information for, page 2 Guidelines and Limitationsfor, page 2 Prerequisites for, page
PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 640-864 Title : Designing for Cisco Internetwork Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 640-864
DNA Automation Services Offerings
DNA Automation Services Offerings Jamie Owen, Solutions Architect, Cisco Advanced Services Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
Web Services Management Agent Configuration Guide, Cisco IOS XE Release 3S
Web Services Management Agent Configuration Guide, Cisco IOS XE Release 3S First Published: March 29, 2013 Last Modified: March 29, 2013 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive
MPLS Label Distribution Protocol (LDP)
MPLS Label Distribution Protocol (LDP) First Published: January 1, 1999 Last Updated: May 1, 2008 Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) enables peer label switch routers
Internet of Things Field Network Director
Internet of Things Field Network Director Prithvi Manduva, IoT Escalation Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
Configuring FlexVPN Spoke to Spoke
Last Published Date: March 28, 2014 The FlexVPN Spoke to Spoke feature enables a FlexVPN client to establish a direct crypto tunnel with another FlexVPN client leveraging virtual tunnel interfaces (VTI),
ECMP Load Balancing. MPLS: Layer 3 VPNs Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series) 1
Equal-cost multi-path routing (ECMP) is a routing strategy where next-hop packet forwarding to a single destination can occur over multiple "best paths" which tie for top place in routing metric calculations.
"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary
Description Course Summary The Cisco CCNA curriculum includes a third course, Interconnecting Cisco Networking Devices: Accelerated (CCNAX), consisting of Interconnecting Cisco Networking Devices, Part
OpenStack and OpenDaylight, the Evolving Relationship in Cloud Networking Charles Eckel, Open Source Developer Evangelist
OpenStack and OpenDaylight, the Evolving Relationship in Cloud Networking Charles Eckel, Open Source Developer Evangelist Agenda Introduction OpenStack OpenDaylight OPNFV Putting it all Together Conclusion
MPLS VPN Carrier Supporting Carrier Using LDP and an IGP
MPLS VPN Carrier Supporting Carrier Using LDP and an IGP Last Updated: December 14, 2011 Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Carrier Supporting Carrier (CSC) enables one
OSPFv3 Route Filtering Using Distribute-List
The OSPFv3 route filtering using distribute-list feature allows users to filter the incoming routes that are programmed in routing table, and the outgoing routes that are advertised. Finding Feature Information,
Implementing Management Plane Protection
The Management Plane Protection (MPP) feature in Cisco IOS XR software provides the capability to restrict the interfaces on which network management packets are allowed to enter a device. The MPP feature
CCNA ROUTING & SWITCHING
CCNA ROUTING & SWITCHING Curriculum Overview The CCNA Routing and Switching curriculum consists of four courses that make up the recommended learning path. Students will be prepared to take the Cisco CCENT
Connecting to a Service Provider Using External BGP
Connecting to a Service Provider Using External BGP First Published: May 2, 2005 Last Updated: August 21, 2007 This module describes configuration tasks that will enable your Border Gateway Protocol (BGP)
VRF, MPLS and MP-BGP Fundamentals
, MPLS and MP-BGP Fundamentals Jason Gooley, CCIEx2 (RS, SP) #38759 Twitter: @Jason_Gooley LinkedIn: http://www.linkedin.com/in/jgooley Agenda Introduction to Virtualization -Lite MPLS & BGP Free Core
Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller
Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table
Configuring High Availability (HA)
4 CHAPTER This chapter covers the following topics: Adding High Availability Cisco NAC Appliance To Your Network, page 4-1 Installing a Clean Access Manager High Availability Pair, page 4-3 Installing
Routing Configuration Guide, Cisco IOS XE Everest a (Catalyst 9300 Switches)
Routing Configuration Guide, Cisco IOS XE Everest 16.5.1a (Catalyst 9300 Switches) First Published: 2017-06-20 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA
IPv6 Module 6 ibgp and Basic ebgp
ISP Workshop Lab IPv6 Module 6 ibgp and Basic ebgp Objective: Using IPv6, simulate four different interconnected ISP backbones using a combination of ISIS, internal BGP, and external BGP. Prerequisites:
Configuring MSDP. Overview. How MSDP operates. MSDP peers
Contents Configuring MSDP 1 Overview 1 How MSDP operates 1 MSDP support for VPNs 6 Protocols and standards 6 MSDP configuration task list 7 Configuring basic MSDP functions 7 Configuration prerequisites
Constraining IP Multicast in a Switched Ethernet Network
Constraining IP Multicast in a Switched Ethernet Network This module describes how to configure routers to use the Cisco Group Management Protocol (CGMP) in switched Ethernet networks to control multicast
DNA SA Border Node Support
Digital Network Architecture (DNA) Security Access (SA) is an Enterprise architecture that brings together multiple building blocks needed for a programmable, secure, and highly automated fabric. Secure
Configuring IP Unnumbered Interface
CHAPTER 14 This chapter discusses the IP Unnumbered Interface feature, which allows you to enable IP processing on an interface without assigning an explicit IP address. This chapter contains these sections:
Multicast Subsecond Convergence
Multicast Subsecond Convergence First Published: July 22, 2002 Last Updated: September 10, 2010 The Multicast Subsecond Convergence feature comprises a comprehensive set of features and protocol enhancements
Interconnecting Cisco Networking Devices: Accelerated
Interconnecting Cisco Networking Devices: Accelerated CCNAX v3.0; 5 days, Instructor-led Course Description The Cisco CCNA curriculum includes a third course, Interconnecting Cisco Networking Devices:
Configuring Ethernet Virtual Connections on the Cisco ASR 1000 Series Router
Configuring Ethernet Virtual Connections on the Cisco ASR 1000 Series Router Ethernet virtual circuit (EVC) infrastructure is a Layer 2 platform-independent bridging architecture that supports Ethernet
Cisco Network Plug and Play Agent Configuration Guide, Cisco IOS XE Everest b
Cisco Network Plug and Play Agent Configuration Guide, Cisco IOS XE Everest 16.5.1b Feature Information for Cisco Network Plug and Play Agent 2 Finding Feature Information 3 Prerequisites for Cisco Network
IPv6 Module 6x ibgp and Basic ebgp
IPv6 Module 6x ibgp and Basic ebgp Objective: Using IPv6, simulate four different interconnected ISP backbones using a combination of IS-IS, internal BGP, and external BGP. Topology : Figure 1 BGP AS Numbers
vcloud Director Tenant Portal Guide vcloud Director 8.20
vcloud Director Tenant Portal Guide vcloud Director 8.20 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,
BGP mvpn BGP safi IPv4
The BGP mvpn BGP safi 129 IPv4 feature provides the capability to support multicast routing in the service provider s core IPv4 network This feature is needed to support BGP-based MVPNs BGP MVPN provides
Cisco IOS LISP Application Note Series: Access Control Lists
Cisco IOS LISP Application Note Series: Access Control Lists Version 1.1 (28 April 2011) Background The LISP Application Note Series provides targeted information that focuses on the integration and configuration
CCNA Routing & Switching
CCNA Routing & Switching 1.0 LAN Switching Technologies 1. VLANs,Trunk, DTP 2. VLANs, Trunks and DTP Configuration 3. Voice Vlan Configuration 4. VTP 5. VTP - Configuration 6. Spanning-tree 7. STP - PVST+
IEEE 802.1X Multiple Authentication
The feature provides a means of authenticating multiple hosts on a single port. With both 802.1X and non-802.1x devices, multiple hosts can be authenticated using different methods. Each host is individually
An Autonomic Control Plane draft-ietf-anima-autonomic-control-plane- 05 (ietf98:06 - ietf99:08)
An Autonomic Control Plane draft-ietf-anima-autonomic-control-plane- 05 (ietf98:06 - ietf99:08) 99 th IETF, July 2017 Michael Behringer (editor), Toerless Eckert (editor), Steinthor Bjarnasson 1 06-07: