Cisco Aggregation Services Router 9000-ASR 9000

Posted by Teacher of Cisco .
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks

Cisco Aggregation Services Router 9000-ASR 9000

Cisco Aggregation Services Router 9000-ASR 9000

Posted: 08 Mar 2010 12:36 PM PST


The ASR 9000 has 6 times more capacity and is 4 times faster than any other router in the same category. It is able to transmit data at a rate of 6.4 terabits per second. What does this mean? It means that it is capable of transmitting 200 dvd video / sec or 250.000 mp3s / sec or 500.000 e-books / second. Therefore, the bandwidth capacity of the ASR 9000 router is 10 times of the Cisco ASR 1000. For example, the ASR 9000 supports 100 megabits per second (Mbps) to homes, compared to common legacy E1 or T1 connections which used to have around 1.5 to 2 Mbps.

«We really believe that the IP (Internet Protocol) traffic on the Internet will be growing by 46% annually up to 2012 while the bulk of traffic, about 90%, will be consumed by video," said Pankaj Patel, senior vice president who manages the company's relationships with telecommunications carriers.

The ASR 9000 has innovative technology for proactive management of video signals which are particularly difficult. It can repair and offer an excellent image quality and performance for HDTV and other video services, state executives of Cisco. It is ideal for companies such as AT & T and Verizon because they offer more and faster Internet video to mobile phones and for the PC consumers.

As a corollary, the company adds that the ASR 9000 operates 40% more effectively than other competing products, helping to save the planet and saving money for the network operators.

So far, some of the largest telecommunications companies in the world, including Softbank Corp. Japan have signed for the acquisition of such devices. The ASR 9000 router is using the same operating system as the Cisco CRS – 1 that transmits data with rate of 92 trillion bits per second and which now 'runs' for more than 200 telecommunication operators in the high speed lanes of the world wide web. When the Cisco launched CRS-1 in 2004, some analysts said that these heavy duty network machines (weighing 2,300 pounds and having a height of 7 feet) did not satisfied customers' wishes. They even predicted that the San Jose company will not sell more than 50 units. Pankaj however stated that Cisco now sells at least 50 such routers per week. Last year, the company earned 39 billion U.S. dollars just from the sales of ASR routers.

Glen Hunt, an analyst at Current Analysis said that Cisco's new router will cost providers at least $ 80,000. The ASR 9000 can be installed close to homes and business premises of consumers. This model took 4 years to get out to production and had cost $200 million U.S. dollars. According to Ray Mota, director of sales strategy of Synergy Research Group, the ASR 9000 will fill a gap in the production chain of Cisco and will help the San Jose company to maintain its market share. Cisco competes with companies like Alcatel – Lucent and Juniper Networks in the sales of routers. However, Cisco controls 59% of the market compared with Alcatel – Lucent controlling 15% and 14% for Juniper.

New Cisco CCNP Certification Update

Posted: 02 Mar 2010 12:15 PM PST


One of the most popular Cisco certifications (probably after CCNA) is the Cisco Certified Network Professional (CCNP). A CCNP is like the Master's degree in the Cisco qualifications arena (CCNA can be considered the Bachelor's degree and CCIE is the PhD degree!!). With a CCNP certification, a networking professional proves to be a highly qualified specialist for planning, building and maintaining medium to large IP networks.

On January 25, 2010 Cisco announced drastic changes to CCNP certification. The most important one is that instead of taking 4 exams you now need only 3 (ROUTE exam, SWITCH exam and TSHOOT exam). The old 4-exam certification path option will be available until July 31 2010. After that date, only the new 3-exam option will be available. However, from now until July 31 you can mix and match between the old and new exams accordingly.

More details about the new CCNP update below:

• BSCI, BCMSN, ISCW, ONT exams are available until July 31 2010.
• ROUTE exam (642-902) and SWITCH exam (642-813) will be available from March 10, 2010.
• TSHOOT exam (642-832) will be available from April 30, 2010.
• Exams are becoming even more hands-on (for example the TSHOOT troubleshooting exam is mostly hands-on practical concepts).
• Before July 31, 2010 BSCI exam can substitute for ROUTE exam or vice versa.
• Before July 31, 2010 BCMSN exam can substitute for SWITCH exam or vice versa.
• Exam price will be $200 per exam instead of $150.

Overall, the new CCNP update maps better to real-world network environments. Although the exams are less than before, I think it will be more difficult to pass without having actual practical experience with Cisco routers and switches (at least 2 years I would say).

For more details about the new CCNP certification, visit the Cisco link here.

Connecting two Cisco Unified Communication Manager Express with H323

Posted: 17 Feb 2010 09:09 AM PST


The Cisco Unified Communications Manager Express (CUCME) is the new brand name given by Cisco to the older Call Manager Express (CME) system. The concept is the same however: IP Telephony software running on Cisco routers. Therefore, the CUCME is a normal Cisco router (models supported are 1800, 2800, 2900, 3800, 3900 series) with a special IP Telephony software (call manager software) installed on the router's flash memory. The CUCME system serves as the call control node to facilitate IP Telephony communications in a small to medium size Enterprise.

Usually there is a single CUCME system in each LAN network, with several IP phones connected on the LAN switches. An enterprise with several sites connected over a private IP WAN network can establish full IP voice communications between sites by configuring H323 communication between each CUCME router. A simple example with a two-node topology is shown below.

CME-A node has local IP phones with numbering 500x and a WAN IP address of 1.1.1.1. On the other site, CME-B has local IP phones with numbering 600x and a WAN IP address of 2.2.2.2. By establishing H323 voip communication over the WAN (between 1.1.1.1 and 2.2.2.2) we can have full IP telephony conversations between the IP phones of both sites.

CAUTION: Because the actual VoIP RTP traffic communication between site A and site B will be running from one IP phone to another IP phone, there must be full IP routing established between the IP phone subnets.
The CUCME configuration to establish H323 between the two sites is shown below:

CME-A

CME-A#show running-config
dial-peer voice 6000 voip
destination-pattern 60..
session target ipv4:2.2.2.2
dtmf-relay h245-alphanumeric
codec g729r8

CME-B

CME-B#show running-config
dial-peer voice 5000 voip
destination-pattern 50..
session target ipv4:1.1.1.1
dtmf-relay h245-alphanumeric
codec g729r8

The dial-peer configuration on CME-A tells the system that in order to reach the destination pattern 60xx the session will be established with IP address 2.2.2.2 (i.e CME-B). The inverse applies for CME-B.

Note: Make sure to select one of the high compression codecs ( such as g729, g723) in order to save bandwidth for voice calls over the WAN network. Each VoIP conversation using a high compression codec (g729, g723) will use significantly less bandwidth compared with the traditional G711 codec.

Top four Reasons to Get a Cisco Certification

Posted: 24 Feb 2010 02:16 AM PST


I found the following interesting article about the advantages of getting a Cisco certification as an important step in your career advancement in networking. Another important reason that I would add for getting a Cisco certification is that you will force yourself to learn the theory behind network technology and not rely only on hands-on practical experience (which is also important of course). Learning the theory behind networking technology concepts will tremendously help you in troubleshooting (if you are a field engineer) or in properly designing networks (if you are a network designer and planner).

Article:

If you work in the information technology field, or if you are trying to break in to start your career, getting a certification is a crucial step. Companies often require at least one IT certification to qualify for a position. There are many choices for which certification to pursue, though. Here are four great reasons why you should consider a Cisco certification for career advancement:

  1. Cisco is a trusted name in the industry. Cisco is one of the world's leading providers of IT and networking solutions. That gives them a lot of credibility in the technology world. As a result, employers place a lot of trust in Cisco to certify knowledgeable workers. After all, who better to test your skill with technology than the people who created that technology? Adding a Cisco certification to your resume lets you benefit from their very reliable name.
  2. There are a wide variety of Cisco certifications to choose from. Cisco may specialize in computer networking, but there are dozens of specializations to choose from in their catalog of certifications. Whatever your particular IT interest is, there is probably a Cisco certification that is right for you. Interested in network design? Try a CCNA, CCDA, or CCDP. Is network security your thing? Then look into getting a CCSP. You can even specialize in voice, wireless, or storage networking. Research the type of specialization that interests you, and then plan out the certification path that suits your goals.
  3. Cisco certifications follow a distinct career path. Cisco makes it very easy to turn your certification pursuits into a career track. There are seven main paths for Cisco certification: Routing and Switching, Design, Network Security, Service Provider, Storage Networking, Voice, and Wireless. Each path contains a separate set of certifications that build on one another and prepare you for increasing levels of responsibility in your field of specialization. You can use these certification paths as a guide to building your career. Just find a position that requires the entry certification level, and then continue increasing your certification level and seek out new positions or internal promotions that match your current level of certification.
  4. Getting a lower-level certification prepares you for certifications higher up the chain. Cisco structures their certification paths in a unique way, where lower level certifications qualify you for more specialized certifications further up in the hierarchy. Most IT pros start out with the basic CCENT certification, which is a prerequisite for most other Cisco certifications. The Associate level CCNA certification usually follows, since it qualifies you for more certifications at the Professional and Expert level. This makes those low-level certifications even more valuable. Not only do they give you a boost in your career, but they also open up certification doors for you should you choose to advance your education and continue to specialize.

If you are convinced, you can find out more about Cisco certifications, paths, and levels at http://www.cisco.com/web/learning/index.html. Once you decide on which path to take, consider enrolling at a qualified certification training school to help you prepare for your exam. With a little guidance and practice, you will be able to pass your Cisco certification exam the first time and start enjoying the benefits to your career right away.

Shawn Livengood works for TechSkills, a career training school with over 25 campuses nationwide. TechSkills offers career training programs for IT certifications, healthcare services, accounting, and project management.

Article Source:http://EzineArticles.com/?expert=Shawn_Livengood

Overview of Cisco ASA VPN Technologies

Posted: 15 Mar 2010 01:02 PM PDT


Cisco supports several types of VPN implementations on the ASA but they are generally categorized as either "IPSec Based VPNs" or "SSL Based VPNs". The first category uses the IPSec protocol for secure communications while the second category uses SSL. SSL Based VPNs are also called WebVPN in Cisco terminology. The two general VPN categories supported by Cisco ASA are further divided into the following VPN technologies.

IPSec Based VPNs:

  • Lan-to-Lan IPSec VPN: Used to connect remote LAN networks over unsecure media (e.g Internet). It runs between ASA-to-ASA or ASA-to-Cisco Router.
  • Remote Access with IPSec VPN Client: A VPN client software is installed on user's PC to provide remote access to the central network. Uses the IPSec protocol and provides full network connectivity to the remote user. The users use their applications at the central site as they normally would without a VPN in place.

SSL Based VPNs (WebVPN):

  • Clientless Mode WebVPN: This is the first implementation of SSL WebVPN supported from ASA version 7.0 and later. It lets users establish a secure remote access VPN tunnel using just a Web browser. There is no need for a software or hardware VPN client. However, only limited applications can be accessed remotely.
  • AnyConnect WebVPN: A special Java based client is installed on the user's computer providing an SSL secure tunnel to the central site. Provides full network connectivity (similar with IPSec remote access client). All applications at the central site can be accessed remotely.

From the description above you can understand that the AnyConnect WebVPN technology combines the best from both IPSec based VPNs and SSL based VPNs. It offers full network connectivity to the remote user without having to install a dedicated VPN software like the IPSec remote access client. The AnyConnect VPN client is a lightweight Java client (around 3MB) which can be installed or uninstalled from the remote user's PC dynamically.

DoS Protection on Cisco 7600 Routers

Posted: 26 Mar 2010 12:58 PM PDT


The Cisco 7600 router is in my opinion one of the most versatile High End routing machines on the planet!! It is one of my favorite networking devices. If you take a look at Cisco website under the Routers Product Category, you will notice that the 7600 can be used in Data Centers, in Service Provider networks, in WAN aggregation or as Internet Edge router. In Service Providers can be used as Provider Edge (PE) in IP MPLS networks aggregating many Customer Edge (CE) router devices. Its modularity and high port capacity allows the 7600 to work as both Layer2 aggregation and as Layer3 high performance router.

In Service Provider networks one of the main concerns of network administrators is to protect the networking infrastructure from Denial of Service attacks. These DoS attacks are actually the most serious and popular security threat against Service Providers. Botnets are frequently the main source of such attacks. ICMP flooding, UDP flooding, spoofed addresses DoS, SYN attacks etc are a few examples of DoS or DDos (Distributed Denial of Service) attacks. Fortunately the Cisco 7600 router has many robust features and mechanisms to protect itself from such attacks.

In the company that I work (Service Provider) we have already implemented several security protection features on 7600 which are really effective against DoS attacks. A summary of the DoS protection mechanisms on 7600 follows below:

  • Security Access Control Lists (ACL): Applied on interfaces to block traffic at Layer3/4 layers.
  • QoS Rate Limiting: Using class-maps and policy-maps you can apply rate limiting to specific type of traffic (e.g ICMP)
  • uRPF (unicast Reverse Path Forwarding): protects against spoofing attacks.
  • Traffic Storm Control: Protects against broadcast storm attacks.
  • TCP Intercept: Protects against SYN attacks.
  • Hardware-Based Rate Limiters: Work on PFC3 engines. These rate limiters protect the MSFC routing engine from various packets that can overload its CPU (configured with the mls rate-limit command)
  • Control Plane Policing (CoPP)::Again used for protection of the MSFC routing engine by applying rate limiting to packets that flow from the data plane to the control plane.

Of course in addition to the above you must not forget other important security mechanisms such as strong password policy, proper Authentication and Accounting, logging, SNMP security, Routing Protocols security (MD5 authentication in OSPF, BGP etc) etc. All of these technical issues must be based on a thorough and carefully written security policy.

Cisco IOS Router Operation-CCNA Exam Prep

Posted: 09 Apr 2010 12:01 PM PDT


This is another CCNA Exam preparation article that covers the topic regarding the configuration of basic Sisco IOS router operation.

This article will cover a few points that you will be tested for the CCNA regarding the configuration of basic Cisco IOS router operation. IOS (Internetwork Operating System) is the software operating system running on most Cisco network devices, including switches and routers. To configure any Cisco network device you need to master the Cisco IOS Configuration Commands and use the Command Line Interface (CLI) to configure and troubleshoot a Cisco device.

How to connect to a Router in order to Configure it:

You can connect to a Cisco IOS Router either directly or remotely. For the first time when the device is not configured yet, you usually connect directly with a console cable via the CON port or remotely by dialing into a model connected to the AUX port. These are called "out-of-band" connection methods. After you configure the router and assign IP addresses to its interfaces, you can connect to the router from the network with an "in-band" connection method using Telnet or SSH.

Router Configuration Modes

After connecting to a Cisco Router (let's say using a console), you are presented with the Command Line Interface in which you type and enter configuration commands. After typing a command, you press enter and the command is automatically active on the device. For example using the "shutdown" command on an interface, automatically disables the interface. Now, there are two Router Configuration Modes (or access modes):

  • User EXEC Mode: Allows the administrator to access only limited monitoring commands. You can not actually make any configurations from this mode. The command prompt on this mode is "router>"
  • Privileged EXEC Mode: Allows the administrator to access all device commands, such as those used for configuration and management, and can be password protected to allow only authorized users to access the device at this "full-access" level. This mode is also called enable mode because you get to it with the enable command. The command prompt on this mode is "router#". From the privileged EXEC mode you can start configuring the device by typing "configure terminal"

Router Memory Types

A Cisco router has four memory types:

  • ROM: This is where the POST script of the router is located. The POST software (Power On Self Test) is used during startup to perform the initial hardware checking of the device. The ROM also holds a mini-IOS used for password recovery.
  • RAM: This is where the running configuration is located. After the device boots up, the IOS software is loaded into RAM. Also, RAM holds routing tables, network parameters during operation etc. When configuring the router, we actually change the running-configuration which as we said is stored into RAM
  • NVRAM: When we save the running-configuration (using the command "write") it is stored into the NVRAM and becomes the startup-configuration. After rebooting the router, the startup-configuration is loaded from the NVRAM.
  • Flash: This is like the hard-disk of a PC. It holds the IOS software image file and any backup configurations that you might save from time to time.

When you issue the "show running-configuration" command on the router you instruct the device to display the current running configuration in RAM. When you issue the "show startup-configuration" command you instruct the router to display the stored configuration in the NVRAM.

Understanding the Transport Layer and Port Numbers CCNA Tutorial

Posted: 04 Apr 2010 11:53 AM PDT


This is another CCNA exam preparation tutorial about the Transport Layer of the TCP/IP suite. Understanding the purpose and functionality of the Transport Layer (Layer 4 in the OSI model) is fundamental for understanding how data is transmitted in network environments. When preparing for the Cisco CCNA 640-802 exam, you need to have strong knowledge of the Transport Layer of the OSI model and also about TCP/UDP port numbers and their associated applications. Read below for a CCNA prep tutorial about the Transport Layer.

The Transport Layer resides between Application and Network layers and has the critical role of providing communication services directly to the application processes running on different hosts. As message data arrives from an Application Layer to the Transport Layer, the latter places a header on the data in order to identify from which application the data was received. This Transport Layer header contains a Source Port Number and a Destination Port Number. The Port Numbers identify the application from which the data was received or is destined to. Read more on port numbers later in this article.

Another role of the Transport Layer is to provide reliable communication and flow control. The two most well known protocols that work in the Transport Layer are TCP and UDP. TCP is a connection-oriented reliable protocol that uses flow control mechanisms and acknowledged data delivery to offer reliable communication. UDP on the other hand is a connectionless and unacknowledged protocol.

Now, the Network Layer (IP layer 3), which is below the Transport Layer and is responsible to route packets between hosts, does not offer reliability for data delivery. That is why we use TCP on top of IP (hence the TCP/IP suite) in order to provide reliable and error free data flow communication.

As we mentioned above, the Transport Layer uses Port Numbers to differentiate between various applications that might need communication services. You should be ready to get questions in the CCNA exam regarding port numbers and their association with different applications. You should know that port numbers below 1024 are reserved for several well-known applications. Some examples are shown below:

FTP (TCP Port 21)
Telnet (TCP port 23)
SMTP email (TCP port 25)
POP3 email (TCP port 110)
DNS (TCP or UDP port 53)
TFTP (UDP port 69)
SNMP (UDP port 161)
RIP (UDP port 520)

You need to learn the mapping between the basic port numbers with their respective application for your CCNA exam. The above port examples are very important.

This is the new domain home for Cisco-Tips

Posted: 10 Apr 2010 01:35 PM PDT


Hello there, this is Harris Andrea. Today I have redirected my older blog Cisco-Tips.com to its new domain home which is the website you are viewing now (NetworksTraining.com). Please update your bookmarks accordingly. I have configured a permanent 301 domain redirect (using .htaccess file) for the whole cisco-tips.com website and I have moved the old database to a new one which is used by a fresh Wordpress installation on the new domain. This means that every single page of my old site will be redirected to its corresponding page on the new domain. All content from the older domain will be preserved. If you click on a link in Google search results with domain www.cisco-tips.com/xyz, this will be redirected automatically to www.networkstraining.com/xyz.

OK, many of you might be wondering why I decided to change the domain name of a site which was embraced by so many professionals. Well, it has to do with trademark issues with Cisco. After reading a post from Jeremy Cioara at ciscoblog.com (read post here), he is forced by Cisco to close down his existing blog because the domain name includes the Trademarked name "Cisco" in it. Before receiving any letters from Cisco lawyers, I decided to move away from cisco-tips.com and get a more generic domain name. I Don't want to face any legal issues with Cisco. Before calling me a coward, let me tell you that by violating Cisco's Trademark policy, you are also violating their certification NDA agreement. I wouldn't want to risk my certification status for a domain name right?

Well, the only thing that I promise you is that I will continue to update this new blog with fresh content related to IP Networking with focus on Cisco technologies. So keep visiting often !!

Cisco ASA version 8.3 is here

Posted: 21 Mar 2010 03:55 AM PDT


On March 8, 2010 Cisco announced the newest Cisco ASA 5500 firewall software version 8.3. This is a release with the most radical changes compared to the previous releases since version 7.x. The most important change regarding configuration is the way Network Address Translation (NAT) is implemented. Also, another big change regarding hardware is that you will need a serious memory upgrade to be able to run this software. Let's see some important points about this release below:

Network Address Translation changes

NAT is disabled by default on Cisco ASA however is one of the most important mechanisms that almost all firewall administrators use. The majority of network implementations make use of private IP addressing inside the Enterprise network and then employee Network Address Translation to translate their private IP addresses into publicly routable addresses in order to access the Internet. The task of NAT is usually carried by the border firewall. NAT in Cisco ASA 8.3 has been completely redesigned compared with previous versions. It is now configured under a network object.

ASA versions prior to 8.3

To configure dynamic NAT: Use the nat (internal interface name) command to specify the internal addresses to be translated together with the global (outside interface name) command to specify the mapped IP pool which all internal addresses will be translated to.

To configure static NAT: Use the static (internal if, external if) command to specify the static mapping between an internal host/network and an external public host/network.

ASA version 8.3

Now forget everything you know about NAT configuration. In this version, NAT is implemented using network objects. Basically you create a network object which defines the Real IP/Network to be translated (e.g the internal LAN network) and inside the network object you can use a nat statement which specifies whether the translation will be dynamic or static together with the Mapped IP/network. The Cisco ASA Firewall Fundamentals – 2nd edition ebook describes all details about the NAT differences in 8.3 version.

Memory upgrade changes

The downside of the new ASA version is that it requires significant memory upgrade for ASA models up to 5540 (5505, 5510, 5520, 5540). Newest ASA units purchased after February 2010 will have the minimum memory required by 8.3 version, however if you already have an older unit running a version prior to 8.3 then you will need to purchase extra memory if you want to upgrade to 8.3.
The minimum memory requirements for ASA 8.3 are the following:

Cisco ASA Model

Minimum RAM Required for 8.3

5505 10-user

256MB

5505 50-user

256MB

5505 Unlimited user

512MB

5505 Security Plus

512MB

5510

1 GB

5510 Security Plus

1 GB

5520

2 GB

5540

2 GB

5550

4 GB

5580-20

8 GB

5580-40

12 GB

My opinion about the new version

What I see in the new version is an attempt from Cisco to move away from the "Interface based" policy implementation and adopt a more "global based" or "object based" approach. The policy enforcement in Cisco ASA firewalls is mostly based on the "interface" concept. Access lists are applied to interfaces, modular policy framework configurations are applied to interfaces (and globally also), Network Address Translation is implemented based on interfaces, security levels are configured per interface etc etc. On the other hand, some competitor vendors (like Checkpoint for example) are based on "object based" approach with a "global policy" concept which is applied on objects irrespective of interfaces. Hmm, I think Cisco is moving towards the Checkpoint firewall approach :) . Well, it's not a bad thing to adopt some concepts from your competitors to make you even better.

Regarding upgrading to the new version, I would not recommend it for the time being. The older ASA versions (7.x, 8.0, 8.1, 8.2) are so stable and reliable that I would not rush to change them on my security infrastructure for the moment. Also, the extra memory required for older units is another prohibitive factor for upgrading now.

Nifty Java bug could lead to attack

Posted: 10 Apr 2010 09:00 AM PDT


A Google researcher has published details of a Java virtual machine bug that could be used to run unauthorized programs on a computer.

Indian outsourcers emphasize cosmetic security measures, Forrester warns

Posted: 09 Apr 2010 09:00 AM PDT


U.S. companies that send software development work to India need to make sure that their vendors take data protection seriously and aren't just "checking the box" on security issues, a Forrester researcher says.

Ikea gift card scam takes in nearly 40,000 Facebook users

Posted: 09 Apr 2010 09:00 AM PDT


A scam Facebook page offering the site's users a US$1,000 Ikea gift card took in nearly 40,000 victims Friday.

Researcher warns of impending PDF attack wave

Posted: 09 Apr 2010 09:00 AM PDT


A design flaw in Adobe's popular PDF format will quickly be exploited by hackers to install financial malware on users' computers, a security company argued today.

Teleflirtation: The latest hot way to hook up

Posted: 09 Apr 2010 09:00 AM PDT


The realistic audio-visual atmosphere of telepresence combined with off-channel instant messaging is giving rise to a new social phenomenon dubbed teleflirtation.

0 comments:

Subscribe to: Post Comments (Atom)
Post a Comment