Communicating in an IP World 30 How Technology Is Transforming Business

CISCO SYSTEMS USERS MAGAZINE SECOND QUARTER 2004

19 Power over Ethernet

65 Service-Driven Metro Networks

80 Branch of the Future

57 Business Ready Data Center

cisco.com/packet Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. PACKET MAGAZINE FROM THE EDITOR DAVID BALL EDITOR-IN-CHIEF JERE KING PUBLISHER What’s in a Name? JENNIFER REDOVIAN MANAGING EDITOR SUSAN BORTON SENIOR EDITOR f the name is ip communications, the JOANIE WEXLER answer is lots. When I first heard the term used to refer CONTRIBUTING EDITOR to IP telephony service, I must admit, I didn’t like it. I R.J. SMITH thought it was far too broad and generic. After all, isn’t SUNSET CUSTOM PUBLISHING I PRODUCTION MANAGER e-mail a form of IP communications? As a matter of fact, it is. And so is IP telephony, and video telephony, and con- MICHELLE GERVAIS, NICOLE MAZZEI MARK RYAN, NORMA TENNIS ferencing, and voice mail, and unified messaging. SUNSET CUSTOM PUBLISHING IP communications, it turns out, is a great way to PRODUCTION describe the myriad ways in which we can communicate JEFF BRAND ART DIRECTOR and collaborate over an IP network. IP communications, EMILY BURCH as a solution from Cisco, not only encompasses the ser- DESIGNER vices noted above; it includes contact centers (or, more pre- ELLEN SOKOLOFF cisely, Customer Interaction Networks), voice gateways DIAGRAM ILLUSTRATOR and applications, security solutions, and network man- BILL LITTELL PRINT PRODUCTION MANAGER agement. These applications and services are not only CECELIA GLOVER TAYLOR incremental to your existing network investment, but they go a long way in boosting pro- CIRCULATION DIRECTOR ductivity and driving down total cost of ownership. Because of it, IP communications is SPENCER TOY transforming the way businesses communicate, internally and externally. COVER PHOTOGRAPH And that’s what we focus on in this issue of Packet® (starting on page 30). We share SPECIAL THANKS TO THE FOLLOWING CONTRIBUTORS: STEVE ANDERSON, GREG BEACH, with you real-life, innovative uses of IP telephony; audio and videoconferencing; unified KAREN DALAL, GRACE HU-MORLEY, JANICE KING, messaging; and other IP communications solutions in several industries, including trans- BRIAN MCDONALD, MARCUS PHIPPS, KARYN SCOTT, BILL STEPHENS, LAURA STIFF portation, manufacturing, government, and education (page 36). Learn how Cisco’s new

ADVERTISING INFORMATION: video telephony solution is helping to break down the cost and usage barriers associated Kristen Bergman, 408-525-2542 with traditional video telephony and conferencing systems (page 45). We also offer ten [email protected] top tips to help guide a successful IP telephony implementation—gleaned from Cisco’s View Packet magazine at cisco.com/packet. own IP telephony deployment and lessons learned such as the importance of under- PUBLISHER INFORMATION: standing your users’ expectations and requirements (page 48). Packet magazine (ISSN 1535-2439) is published quarterly by Cisco Systems and distributed free of Integral to many of these IP communications services and applications is the Cisco IP charge to users of Cisco products. Application to Phone. In fact, Cisco IP phones are displacing approximately 5000 circuit-based, tradi- mail at Periodicals Rates pending at San Jose, California, and additional mailing offices. tional phones each business day, up from 2000 per business day a year ago. While the POSTMASTER: Please send direct address corrections productivity gains associated with IP phones’ simple adds, moves, and changes are sub- and other correspondence to [email protected] stantial, the real business value is being realized by those companies that integrate their or to Packet in care of: business processes with their new communications infrastructure and tap into exciting Packet Magazine PO Box 2080 applications that make the network work for them. Skokie, Illinois 60076-9324 Many Cisco partners are developing easy-to-use applications based on open standards USA Phone: 847-647-2293 such as Extensible Markup Language (XML), which demonstrate the power of Cisco IP phones to solve business problems, streamline business communications, and bolster Aironet, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, Cisco IOS, Cisco Networking Academy, Cisco Press, the Cisco employee productivity and customer satisfaction (see page 41). Powered Network logo, the Cisco Systems logo, Cisco Unity, IOS, IP/TV, iQ, Packet, PIX, SMARTnet, and StackWise are registered As business-wise and increasingly popular as IP-based communications are, they do not trademarks or trademarks of Cisco Systems, Inc., and/or its affil- diminish the value of communicating face to face—which is exactly how we hope to speak iates in the USA and certain other countries. All other trademarks mentioned in this publication are the property of their respective with you at this year’s US Networkers conference in New Orleans, Louisiana (July 11 through owners. 16). Come “Meet the Editors” at the Packet booth in the World of Solutions. Talk to us about Packet copyright © 2004 by Cisco Systems, Inc. All rights your job, the network challenges you’ve overcome, and IP communications or other inno- reserved. Printed in the USA. vative applications or services you’ve recently deployed. We’re especially interested to hear No part of this publication may be reproduced in any form, or how your company or organization is leveraging network technology to compete or change by any means, without prior written permission from Cisco Systems, Inc. the rules in your respective industry.

This publication is distributed on an “as-is” basis, without war- We want to hear from you. Because when it comes to the pages of Packet, your voice ranty of any kind either express or implied, including but not is our greatest asset. limited to the implied warranties of merchantability, fitness for a particular purpose, or noninfringement. This publication could contain technical inaccuracies or typographical errors. Later issues may modify or update information provided in this issue. Neither the publisher nor any contributor shall have any liabili- ty to any person for any loss or damage caused directly or indi- Editor-in-Chief rectly by the information contained herein. Packet This magazine is printed on recycled paper. [email protected]

10% SECOND QUARTER 2004 PACKET 1 TOTAL RECOVERED FIBER

Tracking Down Top Talkers because in some situations Lightweight Directory Protocol (LDP) is also used Affan Basalamah presented a very inter- (although using LDP is not a good idea esting Reader Tip [First Quarter 2004] on for obvious reasons). I am interested in how to track down “top talkers” on a fully your comments on this. meshed network using alias commands to speed up the process. While the discus- Second, the article refers to EXP bits in sion of aliases is very useful, the tip never the shim header, but there are no EXP bits. I think that these are referred to as Tech Tips Top His List addressed the real problem in this situation. Without a network analysis module COS bits instead of EXP bits, which again creates confusion because the The First Quarter 2004 issue of (NAM) or other tools, how do you find the EXP bits terminology, though used in the Packet® was excellent with its cov- IP address of the top talker in the first past, is now deprecated. erage of security, IOS®, high avail- place? I believe this is of far more value in ability, etc. I read with particular a real-world situation, and is the first step —Noman Bari, CTTC PVT. Ltd., Karachi, Pakistan interest of the AutoSecure feature in solving a customer’s complaint that The following is a response by author in Cisco IOS Software Release 12.3 “the network is slow.” Santiago Alvarez.—Editors Mainline. But all the information is —Blue Beckham, APS, Phoenix, Arizona, USA very helpful to us because we’re Regarding the first point, MPLS does installing a Cisco infrastructure at The following is a response by Cisco not imply traffic engineering. Large our facilities. I am familiar with Hot Technical Support Engineer Phillip MPLS deployments worldwide don’t Standby Router Protocol (HSRP) Remaker.—Editors make use of MPLS-TE. Because TE tech- and Virtual Router Redundancy The tip is how to locate the port where an niques are applied at different levels Protocol (VRRP) but was not famil- IP address lives once you identify the IP (for example, TDM, SDH, ATM, etc.), iar with Gateway Load Balancing address. We assume you found a suspi- MPLS acts as a qualifier that defines the Protocol (GLBP) until now. The arti- cious IP address by other means. Using context under which TE is being dis- cle on GLBP written by Rick the Cisco Intrusion Detection System cussed. Regarding the second point, my Williams, “High Availability for (IDS) product line is an excellent way to notation is consistent with RFC 3032 Campus Networks,” is especially find devices with anomalous behavior. (www.faqs.org/rfcs/rfc3032.html) and useful to me. I probably will be You can also use NetFlow and NetFlow industrywide use. able to use GLBP for my dual-con- statistics on routers to find top talkers. nected remote sites to do load sharing. I also liked the security Point of Confusion best practices section of the article CORRECTION “Proactive Protection.” Last year In the article “Is It Time to Converge? The article “A Winning Game Plan” the NetFlow feature on the routers [Fourth Quarter 2003], I am confused on [First Quarter 2004, page 33] inac- helped me to track down most talk- two points. First, I think adding the TE curately stated that storage-area ing devices and shut them down to acronym to MPLS (MPLS-TE) is mislead- networks are often located offsite. prevent Slammer attacks. I also ing. Multiprotocol Label Switching In fact, storage-area networks are liked the other security articles on (MPLS) was designed for traffic engi- typically located in the data center. wireless and self-defending net- neering in the first place. It is true that We apologize for the error. works. But most of all, I like your MPLS uses RSVP-TE for the purposes of —Editors “Tech Tips & Training” section. traffic engineering, but not in every case, Please continue to provide technical tips so Packet readers can broaden their knowledge and skills. SEND YOUR COMMENTS TO PACKET

—Raj Lotwala, New York City Department We welcome your comments and questions. Reach us through of Correction, New York, USA e-mail at [email protected]. Be sure to include your name, company affiliation, and e-mail address. Letters may be edited for clarity and length. Note: The Packet editorial staff cannot provide help-desk services.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 3

Attend Networkers 365 Days a Year

T NETWORKERS ONLINE, “We wanted to find a way to you can experience nearly make the unique experience everything you would if you of Networkers available 12 Aattended a Cisco Networkers months a year,” says Pat users conference in person, with the Reardon, manager of Cisco exception of the World of Solutions and online event marketing. “We Customer Appreciation event. Watch and also wanted to give industry listen to every technical session and professionals who are not able keynote address, see Cisco Chief Executive to attend Networkers in person Officer John Chambers demo the hottest an equal opportunity to learn technology, and interact with other tech- the latest technology that will nical experts—all in the comfort of your help their companies and home or office. advance their careers.” Networkers Online gives you a few extras, too: Subscribe Today Monthly live, interactive Webcasts of VIRTUAL EDUCATION: It’s easy to learn any time of day—or One good reason to subscribe night—by accessing technical sessions, interactive current topics that meet Networkers’ Webcasts, demos, and discussion forums—all available at to Networkers Online is to high standards and allow you to ask Networkers Online. start taking courses now in questions and get answers from Cisco preparation for the New experts during the session Equal Opportunity Education Orleans conference, according to Reardon. Direct links to the Cisco Networking Access to Networkers Online 2004 will Visit Networkers Online at cisco.com/ Professionals (NetPro) community where be available by subscription in August packet/162_3b1. To learn more about you can join other technical experts and 2004 to those who who do not attend worldwide Networkers users conferences or discuss today’s networking challenges the conference. to register, visit cisco.com/go/networkers. and solutions Detailed abstracts and PDF versions of the Networkers presentations, plus white papers and other documents Cisco Worldwide Events

Credit Toward the Conference MAY 10–14 NETWORLD+INTEROP LAS VEGAS, NEVADA, USA Through July 2004, site content is from the JUNE 15–18 CABLE-TEC EXPO ORLANDO, FLORIDA, USA US 2003 Networkers events in Orlando JUNE 20–24 SUPERCOMM 2004 CHICAGO, ILLINOIS, USA and Los Angeles. If you attended either of those conferences, access the online site JULY 11–16 NETWORKERS NEW ORLEANS NEW ORLEANS, LOUISIANA, USA today. If you plan to attend Networkers SEPTEMBER 5–10 CISCO POWERED NETWORK PARIS, FRANCE 2004 in New Orleans, you can still sub- OPERATIONS SYMPOSIUM scribe to Networkers Online 2003 for OCTOBER 9–13 USTA TELECOM 2004 LAS VEGAS, NEVADA, USA US$150 and receive a $150 credit toward NOVEMBER 4–6 NETWORKERS CHINA BEIJING, CHINA your registration. Early registration for the 2004 conference also gives you immediate NOVEMBER 16–19 NETWORKERS MEXICO MEXICO CITY, MEXICO access to Networkers Online 2004, where DECEMBER 13–16 NETWORKERS EMEA CANNES, FRANCE you can complete all your introductory ses- MARCH 8–10, 2005 NETWORKERS KOREA SEOUL, KOREA sions online before the conference. In August, Networkers Online 2004 will offer cisco.com/warp/public/688/events.html the entire conference content at no charge to conference attendees.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 5

Cisco Certifications Among Top in Industry

ISCO CAREER CERTIFICATIONS in five of eight categories and were named as various national engineering associa- Cwere rated highly for “best support- in an additional category in the magazine’s tions, were included in the article. ing materials” and “best specialty certifi- November 2003 issue. To read the Certification Magazine cations,” among other categories, by Certification programs from compa- article in its entirety, visit www.certmag. Certification Magazine in its recent lists of nies such as Apple Computer, Hewlett com/top10list. To learn more about Cisco leading industry certifications. Packard, IBM, Microsoft, Novell, Oracle, Career Certifications, visit cisco.com/ Cisco certifications were mentioned first Red Hat, and Sun Microsystems, as well certifications.

Certification Category Category Description

CCIE® Certification and Cisco Best Hands-On Programs Require applicants to demonstrate Associate, Professional, and real-world skills and knowledge. Specialist certifications

CCIE Certification Most Technically Advanced Programs Consist of extremely high volumes of material or long lists of prerequisites.

Cisco Career Certifications Best Supporting Materials Have third-party support or provide superior training materials.

CCNA® Certification Best Entry-Level Certifications Represent the first step on the certification ladder.

Cisco Specialist Certifications Best Specialty Certifications Allow focused study of narrowly defined topics.

Cisco Career Certifications Toughest Recertification Requirements Entail renewal, repeated exams, or continued training.

Source: Certification Magazine

6 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Find a Service Provider That Meets Your Needs for Managing VPNs, Security, and More

S BUSINESSES INCORPORATE “When companies see the Cisco offering with this designation, the provider A advanced and emerging technology Powered Network mark now, they view it will have met network performance metrics services—such as virtual private networks as a sign of superior service,” Jorgenson related to delay and jitter—and will con- (VPNs), metro Ethernet, network security, says. He cites a recent survey that showed firm they are maintaining these levels of and voice over IP (VoIP)—into their busi- more than 70 percent of enterprise com- service as part of annual assessments. ness operations, outsourcing these func- panies are more likely to purchase a tions to experts becomes more attractive. service if it is provided over a network Service Provider Benefits “Companies want to focus on their built end to end with Cisco equipment. Service providers will benefit as well core competencies, plus the increasing com- According to Jorgenson, business leaders when the Cisco Powered Network service plexity of communications makes network know that when the company and its designations evolve to better meet their services a great candidate for outsourcing,” provider use the same vendor’s equip- enterprise customers’ needs. says Kirt Jorgenson, director of service ment, interoperability problems are less “Enhanced requirements will help provider strategic marketing programs at likely to arise, the service will be more our carrier partners set themselves even Cisco. “Selecting a provider can be difficult, reliable, and problems are likely to be further apart from their competition,” however, and businesses want some assur- resolved more quickly. observes Jorgenson. ances that their providers will meet their Some of the advanced technology des- business and technical needs.” Enhanced Technical Requirements ignations available from Cisco include “Technical leaders have been sharing with public wireless LAN, metro Ethernet, IP The Cisco Differentiater Cisco their business requirements for VPN, IP business voice, and managed The Cisco Powered Network Program— outsourcing network services,” Jorgenson firewall/intrusion detection systems (IDS). whose service provider members operate continues. “It’s clear they are more likely To find a member of the Cisco Powered networks built end to end with Cisco to ask a service provider to manage their Network Program to manage your network equipment and meet Cisco support stan- mission-critical traffic when they know services, visit cisco.com/go/cpn. dards—has helped ease the selection they can count on reliable performance.” process since its inception in 1997. The Cisco is responding by enhancing the addition of more stringent technical technical requirements within the Cisco requirements for program members will Powered Network service designations. soon make this standard even more For example, in the future, when a service important to businesses. provider brands its IP VPN Multiservice

RECENTLY ANNOUNCED CISCO ACQUISITIONS

Acquired Key Technology Employees Location

Riverhead Security technology that protects against distributed denial-of-service 44 Cupertino, California, USA Networks (DDOS) attacks and other threats to enterprise and service provider networks. Riverhead’s technology can quickly and accurately mitigate a broad range of known and previously unseen security attacks, and it complements the Cisco Intrusion Detection System (IDS) solution by cleaning malicious packets while allowing legitimate packets to pro- ceed to their destination. Riverhead’s business will become part of Cisco’s Internet Switching Business Unit.

Twingo Desktop security solutions for Secure Sockets Layer (SSL)-based virtual 4 Mountain View, California, USA Systems private networks (VPNs). Twingo’s technology helps deliver consistent application access to endpoint devices during SSL VPN sessions, and helps eliminate sensitive data on computers after sessions end. Cisco will use Twingo’s technology to bring the same quality of endpoint security available with IPSec VPNs to SSL VPN deployments. Twingo’s Virtual Secure Desktop software will be integrated into the Cisco VPN 3000 Series Concentrator. Its employees will join the Cisco VPN and Security Business Unit.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 7

Static and Policy Routing Enhancements Common Scenarios and Configurations

BY SHYAN WIGNARAJAH AND ASAD FARUQUI

NE PROBLEM WITH STATIC connected ISP provides flat rate service and solution, as the ISP may not be willing to routing and policy routing has higher bandwidth than the ISDN-con- run a routing protocol with you. been the inability for the router nected ISP (which could bill on a per Conversely, some customers may not want Oto determine the state of the minute basis). However, if the primary ISP to run a routing protocol with their ISP. next hop. Routing protocols typically use connection should fail, then the secondary “hello” mechanisms to determine if a neigh- ISP would be used. Enhancement to Static Routing bor is alive. However, policy and static rout- So how does the CPE router determine An alternative solution is an enhancement to ing offer no means to test whether the next when to use the primary ISP and when to static routing that will enable the CPE router hop is reachable. As a result, statically use the secondary ISP? The Ethernet inter- to check the primary ISP’s path by forcing routed or policy routed packets risk being face on the CPE router will remain up as test probes out via the interface to the pri- “black holed”—that unfortunate state of long as it’s plugged into the modem. mary ISP. This is achieved with policy rout- being forwarded to a dead neighbor. However, there could be a problem with ing. If the test probe is successful, the CPE the cable cloud or some other part of the router will install a default route into its rout- Scenario 1: Static Routing primary ISP’s network. In order to detect ing table to reach the Internet via the primary In scenario 1, the remote network has these problems, the CPE router can’t sim- ISP. If the test probe fails, the CPE will multiple paths to reach the Internet. ply rely on the state of its own interface. remove the primary default route, and a The preferred path is via the primary You could enable a dynamic routing floating secondary route will be installed to Internet service provider (ISP). The cable- protocol; however, this isn’t always a viable reach the Internet via the secondary ISP.

STATIC ROUTING

Cable 4.4.4.1 Cloud Primary ISP

Cable Modem

1.1.1.1. Corporate Network Internet Host 1

3.3.3.200 Corporate Remote 2.2.2.2 Router Firewall

Host 2 Secondary ISP 2.2.2.200 ISDN Cloud Remote Site

FIGURE 1: In a static routing scenario, the remote network has multiple paths to reach the Internet.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 9

SAA probes are used to test for connectivity. Since the purpose ip address 2.2.2.200 255.255.255.0 of the probes is to test the primary path, the probes are never sent encapsulation ppp via the secondary path. If they were, the test might falsely succeed, dialer pool 1 even though the primary path is not working. To achieve this, local dialer idle-timeout 20 policy routing is used so that the SAA probes are only forwarded dialer string 384000 out the primary interface. If the primary interface is in a DOWN dialer load-threshold 20 outbound state, the probes are discarded (forwarded to the null interface). dialer-group 1 Tracked objects is a generic mechanism in Cisco IOS® Software ppp multilink used to monitor items of interest, and notify applications if the item changes state. Tracked objects provide a loosely coupled set of build- dialer-list 1 protocol ip permit ing blocks that applications such as static routing or policy routing can use to build on. In this case, a tracked object is created to mon- The rest of the configuration is built in the following steps. itor the state of the SAA probe. Then a static route is configured and associated with the tracked object. Static routing only refers to the Step 1: A “favorite” address is chosen, and an SAA (RTR) probe tracked object and the tracked object refers to the SAA probe. is configured to ping the favorite address. In this case, the outside If the tracked object is UP (meaning the SAA probe succeeded), address of the corporate firewall is a good choice to ping. For this the route is installed in the routing table. Traffic to the Internet will example, the corporate firewall’s public address is 1.1.1.1. go via the primary ISP. If the tracked object is DOWN (meaning the SAA probe failed), then the route is removed from the routing rtr 1 table, and a floating backup route is installed into the routing table type echo protocol ipIcmpEcho 1.1.1.1 that allows traffic to reach the Internet via the secondary ISP. -> define rtr probe to ping 1.1.1.1 Instead of the static route directly monitoring the SAA probe, rtr schedule 1 start-time now life forever it monitors the probe via the tracked object. This might seem -> probe should run forever complex from a configuration standpoint, but it’s more efficient from a code development standpoint. If ten applications are all Step 2: Policy route the RTR probe’s packets so they only go out interested in monitoring two types of items, each application the primary interface. would have to create new functions to do it (10 applications x 2 items = 20 new functions). Using track objects, the same sce- access-list 101 permit icmp any host 1.1.1.1 echo nario would require a new function for each of the two tracked -> define ACL to only match rtr probe’s packets objects, and 10 new functions to monitor the tracked objects (10 new functions to monitor the tracked objects + 2 new functions ip local policy route-map MY_LOCAL_POLICY for the tracked objects to monitor the items = 12 new functions). -> define policy routing for router originated packets.

Sample Configuration #1: This doesn’t affect packets being switched through the router. Primary link’s address is learned via DHCP route-map MY_LOCAL_POLICY permit 10 The initial configuration of the CPE router is as follows: match ip address 101 -> match only the pings used by tracked objects interface Ethernet0/0 set ip next-hop dynamic dhcp description primary link -> set the next hop to the gateway learned via dhcp ip address dhcp set interface null0

interface Ethernet0/1 -> discard the packet if the dhcp next-hop is unknown. description remote LAN ip address 3.3.3.200 255.255.255.0 Step 3: Create a tracked object and associate the object with the SAA probe, which was previously configured. interface BRI1/0 description backup link - physical track 123 rtr 1 reachability -> creates track object# 123 to no ip address monitor service assurance agent# 1 encapsulation ppp dialer pool-member 1 Step 4: Associate the default route via the primary link with the isdn switch-type basic-5ess tracked object. ppp multilink ! interface Ethernet0/0 interface Dialer1 description primary link description backup link - logical ip dhcp client route track 123

10 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

-> dhcp installed default route will be associated with show route-map -> displays the route-map (which is used by track object local policy routing)

#123. route-map MY_LOCAL_POLICY, permit, sequence 10 ip address dhcp Match clauses: -> enable dhcp on the interface ip address (access-lists): 101 Set clauses: Step 5: Configure a floating static route via the secondary ISP. The interface Null0 administrative distance of the primary route must be lower than ip next-hop dynamic dhcp - current value is 4.4.4.1 the administrative distance of the secondary route. -> dhcp learned next hop Policy routing matches: 2265 packets, 144960 bytes ip dhcp-client default-router distance 1 -> dhcp installed route will have a distance of 1 If there is a problem reaching 1.1.1.1 via the primary ISP, the ip route 0.0.0.0 0.0.0.0 2.2.2.2 254 tracked object will transition to the DOWN state, the default route -> secondary route will have a distance of 254 will be removed, and the backup path will be used. The above commands will display the following in this situation: Step 6: Verify proper operation by displaying the routing table and other related items. show ip route -> display the routing table

show ip route -> display the routing table Gateway of last resort is 2.2.2.2 to network 0.0.0.0 -> gateway of last resort is secondary ISP Gateway of last resort is 4.4.4.1 to network 0.0.0.0 -> gateway of last resort is primary ISP 2.0.0.0/24 is subnetted, 1 subnets 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Dialer1 C 2.2.2.0 is directly connected, Dialer1 3.0.0.0/24 is subnetted, 1 subnets 3.0.0.0/24 is subnetted, 1 subnets C 3.3.3.0 is directly connected, Ethernet0/1 C 3.3.3.0 is directly connected, Ethernet0/1 4.0.0.0/24 is subnetted, 1 subnets 4.0.0.0/24 is subnetted, 1 subnets C 4.4.4.0 is directly connected, Ethernet0/0 C 4.4.4.0 is directly connected, Ethernet0/0 S* 0.0.0.0/0 [254/0] via 2.2.2.2 S* 0.0.0.0/0 [1/0] via 4.4.4.1 show ip route track-table -> display routes which are associ- show ip route track-table -> display routes which are associated with a tracked object. ated with a tracked object. ip route 0.0.0.0 0.0.0.0 4.4.4.1 track 123 state is [down] ip route 0.0.0.0 0.0.0.0 4.4.4.1 track 123 state is [up] -> object’s state is down

show track -> display the state of tracked objects and what show track -> display the state of tracked objects and what clients are tracking them clients are tracking them

Track 123 Track 123 Response Time Reporter 1 reachability Response Time Reporter 1 reachability Reachability is Up Reachability is Down -> object is reachable -> object is not reachable 5 changes, last change 00:09:07 8 changes, last change 00:04:56 Latest operation return code: OK Latest operation return code: Timeout Latest RTT (millisecs) 1 Tracked by: Tracked by: STATIC-IP-ROUTING 0 STATIC-IP-ROUTING 0 -> static routing is monitoring this object Sample Configuration #2: Primary link’s address is learned statically configured This example is similar to the previous one, except there is no DHCP and all the addresses are known in advance. The initial con- ® SHYAN WIGNARAJAH CCIE , is a software engineer for the Core IP figuration of the CPE router is as follows: Routing Group at Cisco. He can be reached at [email protected] ASAD FARUQUI CCNP, CCNA, is a software engineer for the Core IP Routing Group at Cisco. He can be reached at [email protected] interface Ethernet0/0

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 11

description primary link The rest of the configuration will be built in the following steps. ip address 4.4.4.200 255.0.0.0 Step 1: A “favorite” address is chosen, and an SAA (RTR) probe interface Ethernet0/1 is configured to ping the favorite address. In this case, the outside description remote LAN address of the corporate firewall is a good choice to ping. For this ip address 3.3.3.200 255.0.0.0 example, the corporate firewall’s public address is 1.1.1.1.

interface BRI1/0 rtr 1 description backup link - physical type echo protocol ipIcmpEcho 1.1.1.1 no ip address -> define rtr probe to ping 1.1.1.1 encapsulation ppp rtr schedule 1 start-time now life forever dialer pool-member 1 -> probe should run forever isdn switch-type basic-5ess ppp multilink Step 2: Policy route the RTR probe’s packets so they only go out ! the primary interface. interface Dialer1 description backup link - logical access-list 101 permit icmp any host 1.1.1.1 echo ip address 2.2.2.200 255.0.0.0 -> define ACL to only match rtr probe’s packets encapsulation ppp dialer pool 1 ip local policy route-map MY_LOCAL_POLICY dialer idle-timeout 20 -> define policy routing for router packets. This doesn’t dialer string 384000 affect packets being switched through the router. dialer load-threshold 20 outbound dialer-group 1 route-map MY_LOCAL_POLICY permit 10 ppp multilink match ip address 101 dialer-list 1 protocol ip permit -> Continued on page 88

12 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

The Penalty Box Cisco QoS features solve bandwidth problems by penalizing network abusers.

OST UNIVERSITIES TODAY Network Management Protocol (SNMP) the input and output policy for the switch offer LAN and Internet ser- programs that are locally written in Perl. port corresponding to that jack to rate-limit vices to their students, fac- These Perl/SNMP programs constantly incoming and outgoing off-campus traffic Multy, and staff. But high track all Address Resolution Protocol to 64 Kb. An access list is used so that only bandwidth usage from the rising recre- (ARP) information from Lehigh’s campus off-campus traffic is rate-limited and on- ational use of bandwidth-hogging peer- Cisco routers, so all IP addresses and the campus traffic can continue at full speed. to-peer applications such as Napster and corresponding Ethernet addresses are iden- The Perl scripts record the port that is Gnutella, coupled with an increase in online tified. Other Perl/SNMP programs record rate-limited and the time when the rate- administrative functions, such as curriculum and track all the Ethernet address moves limit was set. When the port’s traffic returns development and document management, and changes from the Cisco Catalyst 3550 to “normal,” the rate-limit is removed are putting an increasingly heavy technical Series switches so that the switch port that from the port after a 72-hour penalty burden on university networks. corresponds to the Ethernet and IP address delay. “A Web page is also updated so a Lehigh University (lehigh.edu), in student can check his or her jack’s current Bethlehem, Pennsylvania, tackled its status,” adds Miller. bandwidth problem by successfully con- “Students can run what- Other Perl scripts watch for students trolling the Internet usage of its on-campus who are hard-coding and changing their IP students through the use of quality of ever applications they addresses or their Ethernet address (easily service (QoS) features in Cisco switches want, but not too much done with programs downloaded over the and routers. Lehigh recently upgraded its Internet). “We call these users ‘cheaters’ network to 150 Cisco Catalyst® 3550 of them. It’s a fair system because they are trying to avoid detection Series switches in all of its on-campus by actively changing their address infor- residences for the QoS features to control because it only penalizes mation. These ports are also rate-limited its network’s usage. until this activity stops,” says Miller. Lehigh uses the per-port rate-limit the users running exces- Although it might sound complicated, features of the Catalyst 3550 Series to Miller claims the system is relatively simple control 50-Mbit/s Internet bandwidth sive bandwidth amounts, and very reliable. “It works very well and and 100 Mbit/s of Internet2 bandwidth. If scales because the limit processing is spread students use excessive amounts of off- while letting others run at out over all of our Catalyst 3550 switches.” campus bandwidth, their ports are rate- full speed.” However, even with the penalty box limited for off-campus traffic until their system in place, peer-to-peer traffic can usage returns to acceptable levels. —MARK MILLER, LEAD NETWORK ENGINEER, overwhelm off-campus connections at LEHIGH UNIVERSITY “This is what we call the ‘Penalty times. This usually occurs when Kazaa is Box,’”says Mark Miller, lead network installed and left to run unattended on a PC engineer at Lehigh. “Basically, students can of each user can be accurately identified. in an administrative office not currently run whatever applications they want, but NetFlow information from Lehigh’s controlled by the Penalty Box system. not too much of them. It’s a fair system, off-campus routers is constantly trans- When this happens, Lehigh uses Network- because it only penalizes the users using ferred to a computer running Linux. The Based Application Recognition (NBAR) excessive amounts of bandwidth while let- NetFlow data is processed hourly using on its off-campus Cisco 7206 routers to ting others run at full speed.” public domain NetFlow processing tools. identify and limit the usage of Internet file- Off-campus network usage for all campus sharing applications such as Kazaa and How It Works IP addresses is processed, and the source Morpheus. A policy map is used to limit the Lehigh gathers information from the jack for each flow is identified from the total of this type of traffic to 5 Mbit/s, switches and routers using custom Simple ARP and switch port information. Each allowing it to continue to function but not jack’s usage over the previous 72-hour overwhelm off-campus connections. Ask your peers and Cisco experts ques- period is then totaled and jacks that have tions or share your own knowledge about used more than 2 gigabytes of Internet Other Switch Features QoS in LAN switching and routing at the bandwidth are identified. Lehigh uses several other features of the Cisco Network Professionals Connection “Network Infrastructure” forum: These jacks are in violation of the uni- Cisco Catalyst 3550 Series to control cisco.com/discuss/infrastructure. versity’s usage policy and are added to the or eliminate common problems on its Penalty Box. An automated Perl script sets student network.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 13

Per-port access lists: Each user port has as bridges or wireless access points. This an incoming access list that denies action also reduces security concerns that Dynamic Host Control Protocol (DHCP) rely on MAC address flooding. reply packets. Prior to deploying the Management features: Lehigh also Cisco switches, Lehigh had an increasing uses other features such as Secure Shell problem of rogue DHCP servers. (SSH) over a separate management virtual FURTHER READING According to Miller, the per-port access LAN (VLAN), Network Time Protocol QoS Scheduling and Queuing on list feature of the Catalyst 3550 Series has (NTP), SNMP, PortFast, and automatic the Cisco Catalyst 3550 Series: completely eliminated that problem. error-disable (errDisable) recovery to cisco.com/packet/162_4b1 Storm control: Each user port is also make its network as reliable and high per- configured for storm control to limit the forming as possible. “Each switch port is QoS technology information: rate of broadcast and multicast transmis- also IEEE 802.1X capable and ready cisco.com/packet/162_4b2 sions. This action limits some types of when we are to implement tighter access Peak Performance with QoS: game playing or possible denial of service control into our network,” adds Miller. cisco.com/packet/162_4b3 (DoS) attacks that can otherwise over- LAN Solutions Guide for Higher ® whelm a network. Mark Miller, CCIE No. 12,409, and lead Education and Universities: Port security: Each port is limited in network engineer at Lehigh University, cisco.com/packet/162_4b4 the number of simultaneous Ethernet contributed to this article. He can be addresses allowed to control devices such reached at [email protected].

14 PACKET FOURTH QUARTER 2003 CISCO SYSTEMS

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. Why Should I Care About the Business Ready BUSINESS READY TELEWORKER The table below compares traditional and BRT teleworking Teleworker Solution? solutions. Only Cisco BRT offers the complete integration of A company’s ability to continue normal operations in the face At a Glance security, manageability, and Cisco QoS that extends all cor- of disruption can mean the difference between success and Courtesy of Cisco Enterprise Marketing porate office applications into the home office. failure. Enterprises that can sustain operations despite Part-Time/Full- unforeseen events have a competitive advantage and, as Business Ready Teleworker Occasional Time and Day such, they must provide access to the same information, Makes Full Range of Users Extenders No Advanced No Centralized Wireless LAN Security Applications Possible services, and tools no matter where or when their employees Applications Management. Users Issues. Opens Enterprise- work. Given an uncertain and changing business climate, it is Support (Voice, Have to Maintain Backdoors to the Unmanaged Class Video) Security Policies Corporate Network VPN Client not surprising that 80 percent of enterprises in the US expect Teleworker Broadband to support teleworking employees within the next two years. Yes Software Router/Access E-Mail Yes While many businesses have contingencies for power or VPN Client Corporate Point/Hub Network Web-Based Applications Yes Yes server failures, few are prepared for events that block Mission-Critical Applications Best Effort Prioritized employee access to workplace network resources. If your E-Mail Broadband Internet Encrypted VPN Tunnel Real-Time Collaboration Best Effort Prioritized employees can’t access applications, your business suffers. Apps Encrypted VPN Tunnel Voice Over IP Best Effort High Quality Voice VPN Concentrator Video VoD, Cisco, IP/TV® Unlikely High Quality PSTN Power Outage Failure of Server Workforce Residential Videoconferencing Unlikely High Quality Host, Application, Disruption Phone Software Corporate Line Traditional Teleworker Remote Configuration No Yes User and Management 88% of 70% of 13% of Basic Full Additional Phone No Differentiation Integrated Security Enterprises Enterprises Enterprises Relies on End- Costs. Not Integrated of Corporate and Resilience and Availability No Yes Prepared Prepared Prepared User Computer with Corporate Personal Users for Security Voicemail or Traffic Site-to-Site The Cisco Business Ready Teleworker (BRT) solution pro- “Always-On” vides an easy-to-deploy, centrally managed solution that VPN Connection The Business Ready Teleworker addresses worker requirements for teleworking—while tak- Advanced Supports Full ing into account an enterprise’s requirements for reduced The Cisco BRT solution differs from other work-at-home or Security Range of telecommuting scenarios in that it emphasizes providing Functions Extend Converged operational costs, security, productivity, resilience, and Corporate LAN to Desktop responsiveness. the same accessibility to applications and services in the the Home Office Applications home office as those available in the corporate office. With Key Discussion Points the BRT solution, IT staff can see, support, and manage the Remotely The four primary considerations for a networked-based teleworker connection using equipment that provides the Manage and Push Same Number teleworker solution are security, management, authentication, most comprehensive security and network management Corporate Reachability Policies and and quality of service (QoS). Any solution that attempts to available in a teleworking environment running over a stan- Standards extend the enterprise network to the teleworker home office dard cable/broadband connection. must be measured by its ability to deliver these features. With Cisco BRT, Teleworkers Have the Same Services at Home as at Their Office Security Management Advanced Centralized Identity-Based • Safeguarding the • Complexity of Support Applications Management. Network Services Home Office Components Corporate Network. • Loss of Corporate Control Support IT Managed Authenticate • Preventing Unguarded (Voice, Video) Security Policies Users and Devices The Cisco 830 Series Router is the backbone of the BRT solu- "Back Doors" tion. This Cisco IOS® Software-based access router provides IP Phone Corporate all the features for an always-on, business ready connection Authentication Quality of Service Cisco 831 Network Router in a single, cost-effective platform. Add on an optional IP • Who Gets Access • Application Availability phone to leverage the benefits of a centralized IP communi- to What • Application Behavior E-Mail Broadband Internet • Accommodating Encrypted VPN Tunnel cations system for additional cost savings and productivity. Personal Use Apps VPN Cisco 831 Voice Corporate Headend Video User Router Where Traditional Methods Fall Short Business Ready Teleworker Corporate-Pushed Corporate Phone Toll- Integrated Security Hardware While software VPN clients and “do-it-yourself” hardware- Security Policies Bypass, Centralized Services (Firewall, Acceleration based teleworking options provide teleworker connectivity, (Not User Managed) Voicemail Intrusion Detection) they lack QoS for simultaneous delivery of enterprise applications. In addition, security of the system relies heavily on Stateful 4-Port IDS and IPSec Out-of-Band QoS for Firewall 10/100 URL 3DES Management/ Voice and the end user, and IT staff has no way to see, support, or Switch Filtering Dial Backup Video manage the do-it-yourself device. Protect Optimize Grow Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. TECHReader TIPS & TRAINING Editor’s Note: This is a good tip, but it is more difficult than it needs to be. A simpler approach is to make two connections from the Packet® thanks all of the readers who submitted technical tips source machine instead of nesting Telnet sessions. this quarter. While every effort has been made to verify the following reader tips, Packet magazine and Cisco Systems cannot guarantee their accuracy or completeness, or be held responsible for their use. Maintenance Finding Router Interface Information I sometimes need to audit a listing of all interfaces on a router or Multiswitch Feature Card (MSFC) for the IP address and description. Configuration While there are ways to get either (for example, show ip int brief Connecting a New Switch to the Network and sh int desc), I have been looking for a command that enables When connecting a new switch to your network you can acciden- me to display both types of information at once. To find the exact tally change your current VLAN database if the new switch has a information that I need quickly, I use the following command: higher VLAN Trunking Protocol (VTP) revision number. To avoid this, show run | include interface | ip address | description you must clear the VTP revision number on the new switch. The eas- —Robert Yee, CCIE® 11716, J2 Global Communications, Hollywood, iest way is to change the VTP domain name to “something_else” California, USA and back to “your_VTP_domain” on the new switch. This sets the VTP revision number to 0 and you can connect the switch to the Editor’s Note: For information on the include command and the network without any problem. VTP version 3 (just released) has use of or bars, see the “Alternation” section in the document at another mechanism for avoiding this problem (see cisco.com/ cisco.com/packet/162_4d2 packet/162_4d1).

—Milan Kulík, Aliatel a.s., Prague, Czech Republic Adding Comments to Access Lists Network Management Although I have been to many Cisco classes (including a CCNA® boot- camp) and have been setting up access lists for many years, both on routers and Cisco PIX® firewalls, until recently I had never seen this Tracking User Logins Using CiscoWorks LMS simple syntax to add a comment to the middle of an access control The Campus Manager User Tracking tool in CiscoWorks LAN list (ACL). Instead of using a permit or deny, simply use the remark Management Solution (LMS) allows you to track user names with option, for example, access list 1 remark. This method works on a login script you place in the Windows Domain Controller: routers and PIX firewalls. When your file has these comments you can start %WINDIR%\UTLite33.exe -domain %USERDOMAIN% -host determine exactly what certain sections were originally intended to do, which should make those long ACLs easier to understand in the future. -port 16236 —Jim Matuska Jr., Nez Perce Tribe Information Systems, To track user names when users are logged in locally on their Lapwai, Idaho, USA Windows workstations, copy the UTLite33.exe file in the Windows directory of your users’ PCs and configure their workstations to run Changing the Enable Password on a Remote Router this script at startup: While reading a remote configuration tip in the Fourth Quarter 2003 start %WINDIR%\UTLite33.exe -domain %USERNAME% -host ing the enable password on a remote router. Telnet into the router -port 16236 and log in to enable mode, then Telnet out to another router to Telnet back into the same router again. Change the enable password, exit The Campus Manager User Tracking report will give you the local user to global configuration mode, and try to log in to enable mode. If this login name and the computer name (username@workstation). This fails, you can exit from the Telnet session twice until you get back is also an easy way to test the UTLite tool without a domain controller. to the same router where you are still in enable mode. This allows —Olivier Muguet, NextiraOne France, Saint Denis, France you to change the enable password again.

—Phil Burrows, Macquarie Corporate Telecommunications, Sydney, Australia

16 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. Submit a Tip Help your fellow IT professionals and show off to your peers by submitting your most ingenious technical tip to [email protected]. Who knows, you may see your name in the next issue of Packet. When submitting a tip, please tell Tips us your name, company, city, and country. Troubleshooting

Troubleshooting Dial-Peer Configurations Configuring WAN Links When troubleshooting dial-peers in a voice over IP (VoIP) environ- When changing or troubleshooting WAN link configuration, you can- ment, you can use the call simulate command to simulate calling not always be certain how remote routers will be affected. Before to a dial-peer’s destination pattern (csim start number). This com- you make any changes, use the reload in 60 command. Then if you mand enables you to verify that your dial-peer is configured properly, lose the connection to the remote routers because of a misconfig- that there are no hardware problems, and that you are reaching the uration, the router will automatically restore the old configuration destination you want (provided that a ringing device is connected to after 60 minutes. the called port). For example: —Yang Difei, Nokia Investment Co. Ltd., Beijing, China Router#csim start number where is the destination pattern of the dial-peer you are testing.

—Jose Gomez, CODETEL, Santiago City, Dominican Republic

Tech Tips Learn how to use the Cisco TAC Case Collection online Explore common causes of slow connectivity in campus support tool. An instructional video on demand (VOD) can switch networks. This technical note addresses the most help you quickly find solutions to common issues. The Case common issues that may contribute to slow inter-VLAN and Collection tool provides support for dial; Frame Relay; IP intra-VLAN connectivity. Includes classification of common routing protocols; LAN switching; router and Cisco IOS® symptoms of slow networks and approaches to problem Software architecture; network security; voice; and wireless. diagnosis and resolution. cisco.com/packet/162_4e1 (requires Cisco.com registration) cisco.com/packet/162_4e3

Use the Cisco Output Interpreter to get detailed analyses Use the Cisco PIX Firewall to handle voice over IP (VoIP) of the output for more than 125 show commands. This traffic. In this sample configuration, a PIX firewall is config- VOD explains how to use the Output Interpreter tool to trou- ured to allow the traversal of two different VoIP) protocols: bleshoot Cisco routers, switches, and Cisco PIX® firewalls H.323, and Session Initiation Protocol (SIP). running various operating system software, including the Cisco cisco.com/packet/162_4e4 Catalyst® OS, Cisco IOS® Software, Integrated IOS, and PIX OS. cisco.com/packet/162_4e2 (requires Cisco.com registration) Find the latest free seminars presented by Cisco experts in cities worldwide. Browse the online Cisco seminar catalog New version of CCIE Security exam available in June to find free events in your city, as well as streaming media on 2004. Through written tests and hands-on lab exams, the a variety of topics including security, wireless, IP telephony, CCIE® program identifies world-class Cisco experts capable and storage solutions. of creating and maintaining highly secure business-ready cisco.com/packet/162_4e5 networks. An updated version of the written Security exam is available beginning June 1, 2004. cisco.com/go/ccie

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 17

The Promise of PoE IEEE power standard signals new era for Ethernet.

EEE 802.3AF, THE WORLD’S FIRST UNIVERSAL in places where AC power is difficult to deploy. As power standard, unleashes countless opportunities the number of Ethernet-attached devices grows, for organizations to leverage their Ethernet net- eliminating the need for local power for each of hun- Iworks in new ways. dreds or thousands of end devices significantly Now that a global standard exists for combining reduces deployment costs and greatly simplifies Ethernet packets and DC-based power delivery on a their manageability. common cable, manufacturers of various device types will build 802.3af-compliant power over Ethernet Why Have a Power Standard? (PoE) support into their products. Surveillance cam- The initial driver for combining Ethernet signals and eras, biomedical equipment, Radio Frequency DC power over a common cable was to support Identification (RFID) readers, security card readers, Ethernet-connected IP phones. Shortly thereafter, and sensor devices are just a sampling of the equip- wireless LANs became popular. By definition, wire- ment destined to join Ethernet networks over the next less access points often reside in difficult-to-cable several years. locations, such as above ceiling panels, where power The basic premise of PoE—also called inline outlets are also scarce, so they became especially power—is fairly well understood. In short, the strong candidates for using PoE. Ethernet cabling that transports communications “It very quickly became clear that power over packets also supplies the electricity that powers Ethernet could support a broader range of devices, Ethernet-attached devices. This method eliminates one each with a range of power requirements over the set of cabling to those devices. initial innovation that Cisco delivered back in PoE is likely to see significant acceptance in the 2000,” explains Steven Shalita, senior manager, coming years. It is easy to install and manage, it worldwide product marketing at Cisco. “As a result, works with existing Ethernet cables, and customers PoE was submitted to the IEEE for standardization can freely and safely mix legacy and PoE-compatible to allow for broader support for this truly revolu- devices on a network. Managing remote devices is tionary technology.” also streamlined with PoE deployments, because During the standardization process, it became clear once a device is connected to the network, it can be that a higher range of power would be required to remotely monitored, reconfigured, or reset. And support the host of new devices that were becoming safety is enhanced because power is delivered only to available. Color telephones were already in develop- devices that require it. Because no voltage runs on the ment, and people envisioned powering video cameras Ethernet cable until a device that requires the power and other devices over a single Ethernet cable. is connected , the risk of accidental exposure to When the 802.3af PoE standard was ratified in late power on the wire is reduced. 2003, the IEEE body settled on 15.4 Watts as standard Aside from the simplicity and versatility benefits output power. This was a significant increase from of Ethernet, customers actually save money by Cisco’s initial implementation, which provided for installing and supporting one cabling plant instead of about 6.5 Watts of power per port. However, it was evi- two. An AC power outlet typically costs between dent that new devices, such as Cisco dual-radio mode US$100 and US$300, and many powered devices, access points, could take advantage of the higher power such as video surveillance cameras, will be installed range made available through the new standard.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 19

Industry’s First Gigabit Capability point-of-sale terminals, and industrial automation Cisco, which has offered prestandard PoE for power- products that take advantage of power delivery have ing IP phones and access points since 2000, recently already started to emerge. announced 802.3af-compliant Cisco Catalyst® intelli- But the possibilities don’t end there. Imagine being gent switches, line cards, and an IP phone. As a critical able to charge laptops, integrate security systems, and requirement for existing customer deployments, all automate buildings—all over a universal connection: ports on Cisco’s new 802.3af-compliant switches also Ethernet. A whole new range of new, easy-to-install fully support Cisco’s prestandard PoE to provide devices can be installed wherever an Ethernet cable customers with backward compatibility for all exist- can be deployed. ing end devices. Users can plug either a prestandard Some IP-based 802.3af-capable video cameras are compatible or 802.3af-compliant PoE device into already on the market. While video surveillance net- their Cisco switches, and either will be supported auto- works have been converging onto Ethernet for some matically, without preconfiguration. time, the advent of PoE will enable simplified deploy- Along with support for 802.3af, the new Cisco ments and allow for camera placement in locations offerings also include the industry’s first copper that were difficult in the past due to the limitations of 10/100/1000 gigabit-speed connections with deploying AC power. 802.3af-standard power. Gigabit PoE connections Equipment that is mobile usually communicates to are available on the Cisco Catalyst 6500 and 4500 the Ethernet wirelessly, using RFID technology. Tiny series chassis switches (see Figure 1). Recently, RFID tags in mobile devices gather and generate infor- deployments of Gigabit Ethernet to the desktop mation about the devices in which they are embedded, have increased significantly due to the incremental such as where the device is located at any time. RFID performance benefits users experience as a result of tags communicate to a cabled RFID reader, which col- having higher throughput. lects and displays the information (see “Understanding Says Shalita: “It’s not necessarily about a single RFID” on page 83). application, but the number of simultaneous appli- IEEE 802.3af-capable RFID readers could connect cations running on a user’s desktop computer. So to an Ethernet switch, enabling a whole new breed of now customers don’t have to choose between high location-tracking information to be transmitted over performance or PoE; they can have both along with the corporate Ethernet network. a future-proof solution that will allow the deploy- Exempla Healthcare, a group of hospitals and ment of higher performance devices without the need clinics in Denver, Colorado, for instance, envisions to upgrade the LAN port in the future.” adding both RFID readers and biomedical equipment to its Ethernet network using 802.3af power New Uses for Ethernet in its Cisco Catalyst intelligent switches (see sidebar, Many, if not all, network-attached devices require “Healthcare Facility Sees 802.3af Potential”). local power for their operation. PoE represents an Meanwhile, using Cisco PoE has already saved opportunity not only to provide the connectivity that Exempla considerably on its wireless infrastructure these devices need, but also to deliver power in a sim- costs. Chief Technology Officer Lots Pook estimates plified, easy-to-manage environment. IP cameras, that wireless network infrastructure costs alone

FIGURE 1: All new CISCO 802.3AF-COMPLIANT PRODUCTS offerings also support Cisco prestandard PoE, Power Source Equipment (PSE) so they are backward- compatible with exist- Catalyst 6500 Series 10/100/1000, 48-port 802.3af modules (RJ-45) ing Cisco IP phones 10/100, 96-port module (RJ-45) with optional 802.3af daughter card and wireless access 10/100, 48-port 802.3af module (RJ-45 and RJ-21) points. Catalyst 4500 Series 10/100/1000, 48-port line card (RJ-45) 10/100, 48-port line card (RJ-45) 10/100, 48-port line card (RJ-21)

Catalyst 3750 Series 10/100, 48-port stackable switch 10/100, 24-port stackable switch

Catalyst 3560 Series 10/100, 48-port fixed-configuration switch 10/100, 24-port fixed-configuration switch

Powered Device (PD)

7970G IP Phone Color touchscreen VoIP phone supporting 802.3af and Cisco prestandard PoE

20 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Healthcare Facility Sees 802.3af Potential Exempla Healthcare in Denver, Colorado, uses Cisco PoE In addition, Pook says, he’ll likely consider powering RFID products to power Cisco wireless LAN access points readers with his Cisco Catalyst intelligent switches when used in a mobile nurse charting application. It also uses 802.3af-capable readers become available. Exempla plans Cisco Catalyst intelligent switches to connect and power to use RFID readers to collect data from beds, wheelchairs, several hundred Cisco 7960 IP phones. X-ray machines, and other mobile equipment, which will help track the location of this inventory for quick redeploy- Exempla’s chief technology officer, Lots Pook, antici- ment to other locations when needed. pates adding intravenous (IV) pumps, digital blood pressure monitors, and fetal heart monitors to the healthcare Among the Exempla facilities are two hospitals in which IT facility’s Ethernet network. Doing so would enable med- staff use Cisco IP phones powered by Catalyst intelligent ical staff to remotely monitor the status of a patient’s switches. A third hospital under construction will use 100 condition and the status of a piece of equipment—as to percent voice over IP (VoIP) for telephony, which will whether it needs servicing or replenishing, for exam- require about 1100 handsets that all will use Cisco ple—in real time. Catalyst-supplied PoE, says Pook.

dropped 12 percent at one hospital and 22 percent at levels, so network managers must consider how to another, compared with an original budget that called manage a budget of available power in the LAN for installing AC power outlets for Cisco wireless switch. This becomes especially important for large- access points throughout the facilities. scale deployments where the amount of power “With 802.3af available in Cisco equipment, we’re required can quickly add up to thousands of Watts. now positioned to take advantage of new technologies To address this issue, the IEEE 802.3af standard over the next five to seven years,” Pook says. includes an optional feature called Power Classification, to help network implementers better manage the A Brief Power Tutorial power budget or power allocation available to Historically, there have been different power currents attached devices. and connectors all over the world. Now 802.3af PoE Power Classification, which is supported in all Cisco delivers a universal voltage (48 Volts DC), and plug (RJ- Catalyst 802.3af PoE products, is critical because many 45), simplifying the manufacture and deployment of PDs will not require the full 15.4 Watts of power avail- standards-based devices worldwide. able with 802.3af PoE. Being able to classify PDs helps In an IEEE 802.3af environment, power of up to to minimize building over capacity in the PSE and ulti- 15.4 Watts is available at the power source equipment mately extends the number of PDs supported. (PSE) or LAN switch port. The powered device (PD) uses this power for its operation. PSE is IEEE termi- PSE Output nology for the equipment providing power (such as Class Maximum (Watts) PD Input (Watts) ports in the Cisco Catalyst intelligent switches). PD 0 (default— refers to the end device or equipment that uses the no classification power (such as IP phones). detected) 15.4 .44 - 12.95 Deployments that use PoE require additional 1 4 .44 - 3.84 consideration for installation and configuration 2 7 3.84 - 6.49 over standard data-only environments. With PoE, 3 15.4 6.49 - 15.4 power is delivered to attached network devices, and 4 Future Use Future Use the additional power needs to come from the wall power outlet and through the LAN switch. So in Although all that power seemingly generates more addition to having enough capacity and power to heat, additional heat in the wiring closet is typically not run the switch itself, adequate power must be pro- a significant concern, according to Shalita. vided to support the aggregate requirements of the “The bulk of the heat is actually dissipated where powered devices. consumption of the power takes place, such as at the IP While the 802.3af standard calls for up to 15.4 telephone on a person’s desk,” says Shalita, “so PoE Watts of power per port, many of the PDs connected doesn’t usually require changes to cooling systems in to the network will not require the full power wiring closets.”

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 21

For delivering power, the IEEE 802.3af standard phones are sitting idle on the desktop, they might allows for using the spare pairs of unused wire typ- require just 3 Watts instead of 6, which is needed ically available with 10/100-Mbit/s connections. for ringing or speaker-phone use. So network admin- However, if unused pairs are not available, such as istrators can assume that only a certain number of with 10/100/1000 over copper, which uses all four devices would be in use at any given time and data pairs, it is possible to deliver (or “float”) power account for that when managing the available over the same cable pair as Ethernet. The standard power budget. specifies that PSE can choose to implement either In addition, IT managers can predefine power Calculate power method of power insertion, while the PD must sup- limits. For example, they could configure switches supply require- port both options to maintain interoperability. such that a particular port or set of ports is not ments for PoE configurations allowed to support high-power devices. Cisco PSEs with the Cisco Intelligent Power Management can also override the IEEE classification—so that no Power Calculator. Cisco Catalyst switches offer a range of intelligent matter what is plugged into a given port, the port The results show power management capabilities that give network can have a maximum amount of predefined power output current, output power, and managers a high degree of granular control and opti- it is allowed to deliver, thereby preventing unex- system heat dissi- mization of power delivery. Intelligent power man- pected power consumption from unexpected devices pation. For more agement allows enterprises to manage their power being connected to the network. information, visit http://tools.cisco. budgets efficiently. Each switch has an overall Finally, Cisco Catalyst switches can prioritize cisco.com/cpc/ power budget or maximum amount of power that it power delivery on ports. Network managers can launch.jsp (requires can supply to devices connected to it. This budget is configure certain ports to always receive power, for Cisco.com login). based upon the capacity of the switch’s power sup- example, in the case of an event during which a plies and available wall power. A typical chassis switch runs out of power and starts shutting down LAN switch needs between 400 and 800 Watts to devices to conserve power. Rather than completely run; to support PoE, however, it could quickly shutting down or randomly removing port from require thousands of Watts of additional power. ports, Cisco PSEs enable network managers to spec- While the IEEE power classification feature is ify which devices should remain powered. important, it is sometimes not granular enough to Cisco is unique in its support for IEEE 802.3af maximize power allocation for a wide range of across its family of Catalyst intelligent switches, power requirements for PDs. Cisco takes the IEEE which includes modular, stackable, and fixed-con- classification capability a step further by allowing figuration devices. PoE-enabled products from Cisco for the identification of the precise power require- are also all part of a unified product portfolio with ments of an attached device. So instead of being full intelligent switching functionality, allowing cus- identified as one of three classes as defined by tomers to take advantage of all of the intelligence 802.3af, a device has the option to precisely identify they are accustomed to in Cisco switches, plus its power requirements. added PoE functionality. To deliver this capability, Cisco Catalyst intelligent The architectural design of Cisco Catalyst PoE- switches use the Cisco Discovery Protocol to identify enabled products is unique in enabling high-density devices that connect to the switch. End devices tell the customer deployments of up to 48 ports using fixed switch how much power they require. If a device’s and stackable products and up to hundreds of devices requirements fall between 802.3af Class 2 and Class in a single chassis deployment. In addition to the abil- 3, requiring 9 Watts of power, for example, the device ity of the chassis to support a high density of powered can request exactly that much. Cisco Discovery devices, Cisco introduced a new 96-port 10/100 Protocol is built into Cisco switch ports and PDs and module for the Catalyst 6500 Series that enables even is also licensed to makers of devices that might con- higher densities per slot. nect to a Catalyst switch. “It is very efficient for a PD to communicate to the switch how much power it actually requires, so that the PSE doesn’t reserve surplus power and FURTHER READING unnecessarily drain the available power pool,” Cisco Power over Ethernet: observes Shalita. cisco.com/go/poe As deployments of PoE become larger, it will make sense for IT managers to purposely “over- Power over Ethernet Business Case: subscribe power,” similar to how bandwidth is cisco.com/packet/162_5a1 managed today, to extend power capacity and the IEEE 802.3af resources: ability to support a higher number of powered ieee802.org/3/af/ devices. For example, when devices such as IP

22 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

A Case for VPLS Virtual Private LAN Service is emerging as an alternative multipoint Ethernet technology.

BY SANTIAGO ALVAREZ

THERNET IS THE TECHNOLOGY OF LOGICAL VIEW OF A VPLS FIGURE 1: Each CE choice for LANs due to its relative low cost device requires a and simplicity compared to alternative tech- single connection to nologies. Ethernet has also gained recent the network to get full E connectivity to the PE popularity as a metropolitan-area network (MAN) devices and remain- technology, taking advantage of the large fiber deploying sites. ments in metro areas. Now, Virtual Private LAN CE PE PE CE Service (VPLS) helps extend the reach of Ethernet IP/MPLS further to enable it as a WAN technology. Other technologies also enable Ethernet across the WAN—for example, Ethernet over Multiprotocol Label Switching (MPLS), Ethernet over SONET/SDH, Ethernet bridg- PE ing over ATM, and ATM LAN Emulation (LANE)— however, they only provide point-to-point connectivity; their mass deployment is limited by high levels of complexity, or they require dedicated network archi- CE tectures that do not facilitate network convergence. The enterprise WAN is experiencing significant changes, which are driving the development of VPLS connecting three sites. Each customer edge (CE) device technology. Frame Relay and ATM have prevailed for requires a single connection to the network to get full many years as the technologies of choice for packet connectivity to the remaining sites. A multipoint tech- networks, and enterprises have commonly designed nology allows a user to reach multiple destinations their WAN connectivity with hub-and-spoke or through a single physical or logical connection, which partial-mesh topologies. These designs have been the requires the network to make a forwarding decision result of how applications make use of the network based on the destination of the packet. Within the infrastructure along with the price characteristics context of VPLS, this means that the network makes and point-to-point nature of Frame Relay and ATM. a forwarding decision based on the destination MAC A new generation of enterprise applications has address of the Ethernet frame. From the end customer’s created the need for an enterprise WAN architecture perspective, a multipoint service is attractive because that can offer more flexible topologies and higher fewer connections are required to get full connectivity bandwidth capacity. Recently, service providers have between multiple points. An equivalent level of resorted to private IP offerings based on MPLS Layer connectivity based on a point-to-point technology 3 virtual private network (VPN) to respond to these requires a much larger number of connections or the new requirements. Meanwhile, VPLS has been pro- use of suboptimal packet forwarding. posed by the industry as an additional alternative to implement high-bandwidth multipoint services across VPLS Technology Components the WAN based on Ethernet. In its simplest form, a VPLS consists of a collection of sites connected to a number of provider edge (PE) What Is VPLS? devices implementing the emulated LAN service. A A VPN technology, VPLS enables Ethernet multipoint virtual switching instance (VSI) is used at each PE to services over a packet-switched network infrastruc- implement the forwarding decisions of each VPLS. ture. VPN users get an emulated LAN segment that The PE devices make the forwarding decisions offers a Layer 2 broadcast domain. End users perceive between sites and encapsulate the Ethernet frames the service as a virtual private Ethernet switch that across a packet-switched network using an Ethernet forwards frames to their respective destination within virtual circuit (VC) or pseudo-wire. PEs use a full the VPN. Figure 1 shows the logical view of a VPLS mesh of Ethernet VCs to forward the Ethernet frames

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 23

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. Technology 24 FIGURE 2: frames betweenPEs. to forwardtheEthernet mesh ofEthernetVCs The PEsuseafull sions ofeachVPLS. the forwardingdeci- each PEtoimplement sites, aVSIisusedat that connectsthree Reprinted with permission from PACKET VPNs In thisVPLS EODQUARTERSECOND ingress PEduring packetforwarding. the labelstackimposedon Ethernet framesbythe advertises aVClabelmapping thatisusedaspartof point services.Usingadirected LDPsession,eachPE same LDPsignalingmechanism definedforpoint-to- Domain NameSystem(DNS). TheVCsetupusesthe RADIUS, LabelDistributionProtocol(LDP),and protocols, includingBorderGatewayProtocol(BGP), can beeasilyenhancedtosupportseveraldiscovery associations withinaVPLS.However, the architecture VPLS currentlyreliesonmanualconfigurationofPE involve signaling: example, SpanningTree Protocol,orSTP). intensive protocolstogeneratealoop-freetopology(for a VPLS,andthereisnoneedtousemoreresource- of VCsprovidesdirectconnectivitybetweenthePEsin loop-freetopology. Inthisway, thefullmesh to forma with aVSI.PEsusesplit-horizonforwardingontheVCs addresses arefloodedoverallportsandVCsassociated cast, multicast,anddestinationunknownMAC virtual circuits.Thesefunctionsimplythatallbroad- addresses learnedfromphysicalportsandthe forwarding informationisupdatedwiththeMAC functions the standardMACaddresslearningandaging within theVPLS.PEsacquirethisinformationusing forwarding informationrequiredtoswitchframes VPLS thatconnectsthreesites. MPLS transport.Figure2showsthecomponentsofa been initiallyspecifiedandimplementedoveran Gateway Protocol(IGP)ortransportlabel.VPLShas with acontrolword,VClabel,andanInterior removed, andtheremainingpayloadisencapsulated frame preambleandchecksequence(FCS)are defined forpoint-to-pointEthernetoverMPLS.The between PEs.VPLSreliesonthesameencapsulation VPLS COMPONENTS There aretwofunctionalcomponentsinVPLSthat PEs automaticallypopulatetheVSIwith CE 2004 Packet PE used inEthernetswitching.TheVSI ® magazine (Volume 16, No.2), copyright ©2004 byCisco Systems, Inc. Allrights reserved. PE discovery CE IP/MPLS PE and VC setup PE . Cisco CE point Layer2services. requirements forEthernetinterworkinginpoint-to- by avoidinglargeflatnetworkdomainsinthe connects totheVPLS—asituationthatcanbealleviated plane mightgrowrapidlyifalargenumberofhosts MAC addressesthatmaybelearnedfromthedata ing andmemoryresources.Inaddition,thenumberof replication canhaveanimportantimpactonprocess- that needtobegeneratedalsoincreases. PEs inaVPLSincreases,thenumberofpacketcopies needs toperformpacketreplication.Asthenumberof destination unknownunicastaddress),theingressPE to beflooded(becauseofbroadcast,multicast,or scaling concernsforthePEdevice.Whenpacketsneed amount ofaddressinformationarethetwomain limited scalability. to gainpopularitydueexcessivecomplexityand approach usedATM LANE.Thesealternativesfailed ATM VCsconnectingEthernetswitches,andasecond WAN. Oneapproachwastoimplementbridgingover used totransportEthernetacrosstheenterprise multipoint Ethernetservices.Previously, ATM was VPLS isnotthefirstindustryattempttoprovide VPLS ScalabilityCharacteristics tion requirementsontheCEdevicearesimilarto the PEusingabridgedencapsulation.Theconfigura- necting withnon-Ethernetlinksexchangepackets Relay, orPoint-to-PointProtocol).Thosesitescon- Layer 2technologies(forexample,ATM, Frame connect viaEthernet,theymightusingother aging thatwouldeventuallyflushtheinvalidaddresses. convergence optimizationoverthenormaladdress withdrawn fromtheVSI.Thismechanismprovidesa or allMACaddresseslearnedoveraVCneedtobe VCs canbeusedtoindicatearemotePEthatsome LDP signalingusedforsettingupandtearingdownthe mechanisms definedforEthernetbridging.However, the using standardaddresslearning,aging,andfiltering tocol. Thisinformationislearnedfromthedataplane ability (MACaddresses)informationviaasignalingpro- SANTIAGOALVAREZ Depending onthehardwarearchitecture,packet In thecaseofVPLS,packetreplicationand Even thoughmostVPLSsitesareexpectedto Cisco VPLSdoesnotrequiretheexchangeofreach- be [email protected]. periodic contributorto regular speakeratNetworkersanda QoS technologies.Hehasbeena 2000, AlvarezfocusesonMPLSand Internet Technologies Divisionsince technical marketingengineerinCisco’s in theTechnical AssistanceCenter. A 3621, joinedCiscoin1997asamember SANTIAGO ALVAREZ CISCO SYSTEMS Packet , CCIE . Hecan VPLS. ® No.

SPENCER TOY Technology VPNs

A hierarchical model can be used to improve the HIERARCHICAL VPLS ARCHITECTURE scalability characteristics of VPLS. Hierarchical VPLS (H-VPLS) reduces signaling overhead and .1Q QinQ EoMPLS QinQ .1Q packet replication requirements for the PE. Two types of PE devices are defined in this model: user- CE facing PE (u-PE) and network PE (n-PE). CE devices CE connect to u-PEs directly and aggregate VPLS traffic before it reaches the n-PE where the VPLS forwarding takes place based on the VSI. In this hierarchical u-PE u-PE n-PE n-PE model, u-PEs are expected to support Layer 2 switch- IP/MPLS ing functionality and perform normal bridging functions. Cisco VPLS uses IEEE 802.1Q tunneling, a double 802.1Q or Q-in-Q encapsulation, to aggregate traffic between u-PE and n-PE. The Q-in-Q n-PE trunk becomes an access port to a VPLS instance on CE CE an n-PE. Figure 3 shows the H-VPLS architecture. The H-VPLS model allows service providers to interconnect dispersed Metro Ethernet domains to extend the geographical coverage of the Ethernet service. Moreover, H-VPLS helps scale Metro Ethernet agnostic manner. Only PE devices have to implement FIGURE 3: In the services beyond their 4000 subscriber limit (imposed the signaling and encapsulation specifics of VPLS. PE H-VPLS model, Cisco by the VLAN address space). Conversely, having an devices do not have to be dedicated to one service or VPLS uses IEEE 802.1Q Ethernet access network contributes to the scalability another (for example, MPLS VPN, VPLS, Frame tunneling, a double 802.1Q or Q-in-Q of VPLS by distributing packet replication and reduc- Relay, or ATM). encapsulation, to ing signaling requirements. Metro Ethernet and VPLS aggregate traffic are complementary technologies that enable more The popularity of Ethernet and the flexibility of between the u-PE sophisticated Ethernet service offerings. VPLS as a multipoint service make it an attractive and n-PE. The Q-in-Q trunk becomes an option for some enterprises. VPLS is being consid- access port to a VPLS Cisco IOS MPLS Virtual Private LAN Service ered by many service providers as part of their com- instance on an n-PE. Cisco IOS® MPLS VPLS encompasses the Ethernet, plete service portfolio using an MPLS infrastructure. MPLS, and management components needed to While not the industry’s first attempt to provide a implement an end-to-end strategy, and is based on the multipoint Ethernet service over a WAN, Cisco IETF Internet-Draft draft-ietf-pppvpn-vpls-ldp, which VPLS strives to improve on previous solutions. But has industry-wide support. Cisco’s first implementa- VPLS is still a new technology, and there are areas tion of VPLS was on the Cisco 7600 Series Router, a that need work (for example, Ethernet OAM and product widely deployed in Metro Ethernet architec- Ethernet LMI) and areas that could also benefit from tures by service providers worldwide. Cisco has also deployment experience. Time will tell how popular introduced support for VPLS in Cisco IP Solution services based on VPLS become among service Center (ISC) 3.1 (in addition to MPLS VPN, Any providers and enterprises. Transport over MPLS, quality of service, and point- Discover more to-point Ethernet VPN). Cisco ISC is a provisioning about VPN tech- and management tool designed to provide manage- nologies from FURTHER READING Cisco experts and ment automation and intelligence while helping to your peers at the increase productivity of network operators. These Cisco IOS MPLS VPLS Statement of Direction: Cisco Networking components, along with Cisco’s portfolio of Metro cisco.com/packet/162_5b1 Professionals Con- nection “Virtual Cisco IOS MPLS VPLS Application Note: Ethernet equipment, provide a complete solution for Private Networks” Ethernet services. cisco.com/packet/162_5b2 forum: cisco.com/ In addition, Cisco VPLS is part of the service port- Moving Beyond Traditional VPNs, Q&A with discuss/vpn. folio that can be offered over a converged network Cisco’s Ali Sajassi: using Cisco MPLS. One of the benefits that service cisco.com/packet/162_5b3 providers seek when deploying MPLS is the ability to Cisco ISC Layer 2 VPN and VPLS concepts: offer multiple services over a single network infras- cisco.com/packet/162_5b4 tructure. Due to the inherent nature of MPLS, the core devices do not need to be aware of the service associ- Cisco ISC Layer 2 VPN management: ated with packets that travel through the network. As cisco.com/packet/162_5b5 such, the core devices switch traffic in a service-

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 25

Next-Generation Transport SCTP is becoming the transport protocol of choice for real-time, message-oriented applications.

BY HELEN M. ROBISON, RANDALL R. STEWART, AND KEN A. MORNEAULT

N OCTOBER 2000, STREAM CONTROL EXAMPLE OF HEAD-OF-LINE BLOCKING Transmission Protocol (SCTP) was standardized by the International Engineering Task Force (IETF) standards body as RFC 2960. Like I Network A Network A Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), SCTP is a transport protocol for sending data from one point to another over MGCSG MGC SG the Internet (IP) (see Figure 1). Authored by the IETF Signaling Transport Network B Network B Held in the Kernel Awaiting (sigtran) working group, SCTP was primarily Retransmission designed to provide a transport mechanism for message-oriented applications such as telephony signaling messages (for example, PSTN Signaling System 7 [SS7] and ISDN) over IP. However, by heartbeat mechanism and tunable timing controls so FIGURE 2: TCP is sus- building upon lessons learned from TCP, SCTP is a that applications can customize the efficiency of fail- ceptible to HoLB, which feature-rich, general-purpose transport protocol ure detection and retransmission. can cause unnecessary that can be used anywhere TCP is used, with several delay. notable advantages. Next-Generation Reliable Transport Why was a new protocol needed for next-generation Best of Both Worlds transport? TCP (IETF RFC 793), developed more Both stream oriented and datagram oriented, SCTP is than 20 years ago, does an excellent job of provid- a blend of TCP and UDP—and more. The decisive dif- ing reliable transport for applications that are rela- ferences between SCTP and TCP are multihoming tively insensitive to delay. TCP provides reliable data (two or more links to the same endpoint) and multi- delivery through acknowledgement mechanisms and ple streams within a single connection, which are strict order of transmission delivery. However, some called an association. While in TCP a stream refers to newer applications require reliable transport with- a sequence of bytes; in SCTP a stream represents a out sequence maintenance while others require only sequence of messages. partial ordering of data. TCP is susceptible to head- SCTP’s built-in features include congestion avoid- of-line blocking (HoLB) which can add unnecessary ance and resistance to flooding and masquerade delay to these types of applications (see Figure 2). attacks. It has several protocol extensions including In the left portion of Figure 2, the first message partially reliable data delivery. SCTP also provides a in the queue has been dropped because of congestion, etc. In the right portion of Figure 2, all mes- IP STACK MODEL sages except the first one have been received and must wait in the receive queue for retransmission of Adaptation Protocol the first message. As shown in Figure 2, HoLB can occur when UDP TCP SCTP multiple independent messages all share one transmit or receive queue. With HoLB, a message must IP wait until all messages ahead of it are received Physical before being sent to the application. Also, TCP has no built-in support for multihoming, and applications might have stringent reliability requirements

FIGURE 1: Like TCP and UDP, SCTP is a data transport proto- that require no single point of failure in the network. col used in IP.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 27

(MIS) and a requested number of outbound streams FIGURE 3: In an SCTP SCTP ASSOCIATION WITH TWO STREAMS association between (OS) for the association. two multihomed end- Machine A Machine Z Whenever a message is sent between endpoints, points, the transport it is placed in a stream. If complete ordering of mes- address is the port sages is required, then messages can only be sent in number plus the IP Process Process address(es). 1 2 a single stream. However, if partial ordering of messages (for example, signaling messages for different Port 2344 Port 1120 voice calls or a set of graphics to be downloaded from an HTML Web page) can be tolerated then IP:Y1 IP:X1 IP:X2 IP:Y2 messages can be sent over multiple streams. The Network X stream number and the stream sequence number Network Y control the message ordering within a stream and across multiple streams. Thus, using multiple streams can avoid HoLB. SCTP Association Figure 3 shows an example of an SCTP association SCTP Sublayers between two multihomed endpoints: machines A Figure 4 summarizes the functionality of SCTP sub- and Z. The transport address for each endpoint is layers. In SCTP, the user initiates a request for asso- the port number plus the IP address(es). Each end- ciation initialization and shutdown. During point lists its IP addresses, as well as its port num- initialization, a signed cookie is exchanged to pro- ber, as part of association initialization. Therefore, vide protection against security attacks. the sender or receiver of the SCTP packets has a list For sublayer 1, sequenced delivery within of transport addresses that share the same SCTP streams, the user specifies the number of streams to port number. be supported by the association at association In the example in Figure 3, if Network X failed, startup. For sublayer 2, user data fragmentation, the association would remain active and the SCTP supports fragmentation and reassembly of user machines would be able to continue sending data messages to ensure that the SCTP packet passed to over Network Y. On each retransmission attempt the lower layer conforms to the path MTU. over Network X, SCTP selects one or more alternate In sublayer 3, acknowledgement and congestion path so that endpoints A and Z can continue to avoidance, SCTP assigns a TSN to each user data mes- transmit data over Network Y while Network X sage (fragmented or unfragmented). The receiving end remains in a failed state. acknowledges all TSNs received, even if there are gaps Until a destination is actually marked down in the sequence. In sublayer 4, chunk bundling, the (typically after five retransmissions), the primary SCTP packet delivered to the lower layer consists of link is used and retransmissions travel across a common header followed by one or more chunks. alternate links. Because SCTP provides a built-in heartbeat mechanism and application-tunable FURTHER READING timers (for example, the retransmission timer), Cisco IOS® Software implementation of delay before failover can be tightly controlled. SCTP, release 2: Furthermore, because selective acknowledgement cisco.com/packet/162_5c1 (SACK) is built into the protocol, SCTP need only acknowledge the highest level of transmission SCTP Website: sequence number (TSN) that is complete, along with sctp.org the gaps. Dropped packets only need to be retrans- Stream Control Transmission Protocol: A mitted, rather than the entire group of packets since Reference, by Randall Stewart and Qiaobing the last acknowledgement. Xie (Addison-Wesley Publishing): www.awprofessional.com/bookstore/ Data Ordering product.asp?isbn=0201721864&redir=1 While 32-bit TSNs are used for reliability, SCTP SCTP Implementors’ e-mail list: uses streams and stream sequence numbers for [email protected] (visit sctp.org ordering of data. In SCTP, a stream is a unidirec- to subscribe) tional flow of messages. Each SCTP association can IETF Signaling Transport (sigtran) Website, have multiple streams; at association initialization, including SCTP RFC 2960: endpoints list the number of outbound streams ietf.org/html.charters/sigtran-charter.html desired and the maximum inbound streams they can support, resulting in maximum inbound streams

28 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

With sublayer 5, packet validation, a mandatory SCTP SUBLAYER FUNCTIONAL SUMMARY verification tag field and a 32-bit checksum field are included in the SCTP common header. And for sublayer 6, path management, the SCTP path-manage- Adaptation Layer (e.g. M3UA, SUA) ment function chooses the destination transport address for each outgoing SCTP packet based upon 1. Sequenced Delivery (Within Streams) the application’s instructions and the currently per- ceived reachability status of the eligible destination Association Startup and 2. User Data Fragmentation set. However, not all of these SCTP sublayers are Teardown required in a specific implementation. 3. Acknowledgement and A typical implementation includes sublayers for (Cookie Used During Congestion Control the following: Initialization SCTP 1: Sequenced delivery—in a stream or the ability for Security) 4. Chunk Bundling to bypass 2: User data fragmentation—large messages can 5. Packet Validation be cut into pieces 3: Acknowledgements and congestion control— very important in IP 6. Path Management 4: Multimessage (chunk) bundling—messages can be chunked together into a packet but each mes- IP Layer sage retains its boundary 5: Packet validation 6: Path management SCTP supports partial reliability and multimedia. FIGURE 4: SCTP is par- SCTP Enhancements Look forward to seeing many more implementations ticularly efficient for Two extensions that enhance the original features and applications of the SCTP next-generation transport real-time message and functionality of the SCTP transport protocol protocol coming soon. transport, including were created after the initial IETF RFC 2960 was built-in features for security, selective approved. The Add-IP extension allows for dynamic retransmission, and addition or deletion of IP addresses to an existing timely path failure SCTP association. An endpoint can also request that detection. a particular local address (to it) be made the peer’s primary address. The PR-SCTP extension allows optional choice of partial reliable or unreliable data delivery—for example, an application might require reliable delivery of control messages, while data messages require only partial reliability delivery (that is, if the data message has not been acknowledged within a certain time period, skip past it). This feature allows an endpoint to “skip” a message. Messages within a stream can be fully reliable or partially reliable based on application sending options. Currently, SCTP is used in an increasing variety of ways. Several groups are now studying or have adopted SCTP for transport, including IETF sigtran for signal- ...... ing transport over IP (IUA/SUA/M3UA); IETF megaco HELEN ROBISON is a senior voice technical marketing engi- for media gateway control; and AAA for authentica- neer in Service Provider Solution Engineering at Cisco. An engineering graduate of Stanford University, she has worked in ser- tion and authorization. The IETF ipfix working group vice provider voice protocols and technologies for 17 years, will use SCTP and its PR-SCTP extension; ITU Study including 9 at Cisco. She can be reached at [email protected]. Group 16 will use it for H.248; and ITU Study Group RANDALL STEWART, IP transport technologies senior soft- 11 will use SCTP for Bearer Independent Call Control ware engineer at Cisco and primary author of SCTP, can be (BICC), Multiprotocol Label Switching (MPLS), and reached at [email protected]. Label Distribution Protocol (LDP). KEN MORNEAULT, technical leader for voice architecture at Cisco, is a primary author of the sigtran IUA, M2UA, and M3UA There is also considerable interest in using SCTP for adaptation layer protocols. He can be reached at Session Initiation Protocol (SIP) and MPEG because [email protected].

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 29

TO ACHIEVE SUCCESS in life and in business, people need to understand one another. Everyone has wrestled with misunderstandings and differing interpretations. There is no way around it: interpersonal communication is challenging, and the globalization of business makes it more so. As project teams become more geographically dispersed, they need technologies that facilitate effective collaboration. These technologies should break down distance barriers, overcoming traditional limitations with new ways to share information and enhance discussions, BY GAIL ultimately leading to better decisions and business growth. That’s MEREDITH OTTESON why businesses need IP communications. IP communications encompasses IP telephony, video telephony, unified messaging and voice mail, IP video- and audioconferencing, customer contact solutions, voice gateways and applications, security solutions, and network management. It exemplifies the systemic approach inherent in intelligent networking. “Where the network has always provided connectivity, now it also solves business problems,” says Rob Redford, vice president of Product and Technology Marketing at Cisco. “With intelligent networking, the network, applications, and other components interact in a systemic way—the right function finds the right place in the system. This systemic approach is less complex, application-aware, and secure.”

30 PACKET SECOND QUARTER 2004

O I COMMUNICIPA T

ENABLING ANYTIME, ANYWHERE BUSINESS COMMUNICATIONS

Industry analysts and vendors alike agree that network convergence using IP technologies is inevitable, yet conversions occur only when there is a strong business case for them. According to META Group research, the business case for IP communications must prove operational cost savings, end user productivity gains, capital expenditure savings over private branch exchange (PBX) replacement, and a competitive advantage through new capabilities. According to findings from “Enterprise Convergence 2003: Issues and Trends, a META Group Multi-Client Study” (January 2004), some businesses wait for current PBX contracts to expire. Others deploy it in new facilities or branch offices. Still others—especially small and midsized businesses—will only converge as IP Centrex services become available from service providers.

What Enterprises Want A technology solution proves itself with a “killer” application— the thing that no one can live without. This application differs widely with IP communications depending on the nature of the business, according to Elizabeth Ussher, vice president of technology research at META Group. “The killer app is what is most useful to the customer, and that varies by vertical market and even by department,” she says. For example, a human resources professional might use video telephony to help manage personnel issues, while a customer support desk might need flexible automatic call distribution (ACD) capabilities, and sales people might need access to their e-mail via the telephone. Fortunately, the horizontal nature of IP communications allows deployment of not one but many killer applications, such as enterprise-wide employee communications deployed on IP phones, integrated access to data from enterprise business applications such as customer relationship management (CRM) or workforce management solutions, or Extensible Markup Language(XML)-based applications customized for a specific department or use in a vertical-market segment (for more on XML-based applications, see “Calling on Innovation,” page 41).

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. META Group research indicates that the number one applica- in place, users simply plug the Cisco VT Camera into their com- tion driving network convergence is conferencing. Other popular puters, install a small PC application, and obtain permission from drivers are IP phone-based productivity applications such as inte- the Cisco CallManager administrator to transmit video over the net- grated directories or local transit schedules, remote user access to work. When a call is placed, the IP phone automatically detects mission-critical applications, user mobility, and networked voice another video-enabled phone at the other end and makes the video mail. META Group’s January 2004 multi-client study shows that option available. “If you don’t want video, you can suppress it,” says these applications should come from a technology leader that Moran. “You have a ‘bad hair day’ button.” (For more on Cisco’s reduces risks associated with convergence, provides high-quality video telephony solution, see “The Video Advantage,” page 45.) service, reacts to changing customer needs, and helps enterprises With the economic and technology issues of video telephony target and address their own customers more effectively. solved, do enterprises really need it? “It has serious business “The enterprises that most successfully adopt IP communica- benefits,” says Moran. “We have had a lot of discussion about the tions are those with a solution-oriented corporate culture,” says impact of video telephony on corporate culture. Will it replace Ussher. “But first they have to converge their data and telephony face-to-face meetings? Absolutely not. Is it a great augmentation groups.” The converged staff should cross-train so that data people to voice? Absolutely. It changes the tenor of a conversation and acquire telephony skills, and telecom people learn IP. And despite builds bonds between people. If you’re looking at the person you’re dire predictions several years ago, network convergence does not talking to, you have to give the conversation your undivided atten- equal job loss. “I’ve never seen a client fire any telecom staff after tion. You can’t be composing e-mail or playing solitaire. Body cues converging their voice and data networks. Voice people are not help you guess how people are responding to your messages, and going away,” observes Ussher. “In fact, as they increase their skill you can modify your delivery.” sets, they command higher compensation.” Corporate users spend about half their time in conference Cisco has been a leader in the drive toward network conver- calls, and the Cisco video telephony solution supports multi- gence, starting with its 1998 acquisition of Selsius Systems and its point conferencing capabilities for any combination of video- IP telephony system. The recent acquisition of Latitude brings enabled and voice-only users. Video automatically switches to critical Web and audioconferencing technology to the Cisco port- the speaker during conferences. Users require minimal training, folio. And the latest innovation, Cisco VT Advantage, adds video because conferencing is transparently embedded into the Cisco telephony to the mix. IP communications infrastructure and is available on a scheduled or ad-hoc basis through the telephone interface. All of Video Telephony Cisco’s IP communications solutions offer productivity, mobility, The first video telephone was introduced at the World’s Fair in and resilience features designed to enhance communications 1964. “It was an interesting concept, many years ahead of its among employees, customers, vendors, and partners. Cisco’s IP time,” says Rick Moran, vice president of Product Technology communications portfolio includes enhancements that tie the net- Marketing for IP Communications at Cisco. Video telephony has work and applications into systems that solve customer problems. had a hopeful and stormy history, because vendors were unable to The most notable enhancements tighten communications security solve critical problems of economics, bandwidth, and ease of use. and improve user productivity. They include Cisco CallManager “I believe our implementation is different, because it is cheaper, it version 4.0, Cisco Security Agent for IP Communications, and is part of the phone call, and it doesn’t require any special gear. You Cisco MeetingPlace 8106 Rich-Media Conferencing Server. are really off to the races,” says Moran. Traditional videoconferencing and corporate television have Cisco CallManager Version 4.0 been cost-prohibitive for widespread business use. Cisco’s solution Among its many enhancements and new features, Cisco is an extension of an existing IP communications infrastructure, CallManager 4.0 enables video telephony and enhances voice secu- and the video telephony component itself is attractively priced, rity. It provides secure connectivity with media encryption (initially making it economically available to more users. supported in the Cisco IP Phone 7970G with future extension to Traditional video bandwidth, like traditional videoconfer- other end-station platforms) and signaling encryption. When media encing, is expensive, which limits deployment of in-house tele- encryption is active, the IP phone displays a small icon to confirm vision networks and videoconferencing systems. Ethernet is far secure call status. less expensive than television coax or leased lines, and the cost The 128-bit Advanced Encryption Standard (AES) media continues to drop. Enterprises can afford to install enough band- encryption is implemented via the Secure Real Time Protocol width to reach every user. For branch offices and teleworkers, the (SRTP), a standards-based extension to the protocol that transmits cost of broadband services has put video telephony within reach. voice in IP telephony environments. Because the latency introduced Picture quality does not suffer. Video compression techniques by SRTP is so small, “adding encryption has no detectable impact assure smooth, natural motion over broadband links. on call quality—users can’t tell the difference,” says Roger Also, traditional videoconferencing gear is notoriously difficult Farnsworth, senior manager in the Product and Technology to use, often requiring dedicated staff to operate it. Cisco’s new video Marketing Organization at Cisco. telephony solution—Cisco VT Advantage—integrates a Cisco IP Placing an encrypted call is easy and secure with new trust and Phone with an associated PC to deliver a rich-media video telephony identity management features. Where some vendor phones require experience. Once the requisite Cisco CallManager functionality is manual encryption authentication that can be spoofed, Cisco

32 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

O I COMMUNICIPA T

CallManager 4.0 and many Cisco IP phones now include support locations. Specialized gateways provide protocol translation for an X.509 version 3 digital certificate, which embeds the encryp- between legacy audio and video equipment and the primary IP tion key to automate the call encryption process. The solution also communications infrastructure. supports third-party certificate authorities, protecting existing While unified messaging has been available for more than a investments. “With the trust afforded by digital certificates, you decade, customer adoption has been slow. “The challenge was that have absolute certainty that you’re talking to the correct person,” it was difficult to implement. That’s not true any more,” says Moran. says Farnsworth. “So encryption is not only cool, it becomes use- Enhancements to Cisco Unity unified messaging simplify deployment ful.” What’s more, encryption and secure key exchange enables the and management. More enterprises are using the integration func- software images in the IP phones to be signed and verified using tions of Cisco Unity to support convenient message retrieval by the Message Digest 5 (MD5) Secure Hashing Algorithm (SHA), increasingly mobile workforces. For example, people can now con- certifying the legitimacy of the image. On top of that, when in nect their laptop to a public network such as an airport lounge or secure mode, the signaling used in the IP telephony system can be coffee shop, establish a VPN connection to their corporate network, encrypted through the use of Transport Layer Security (TLS), or and download both e-mail and voice-mail messages. Secure Sockets Layer (SSL) version 3.0, thereby preventing man- Cisco offers IP-based contact center functionality through its in-the-middle attacks from compromising system integrity. Customer Interaction Network architecture, which includes Cisco IP Contact Center (IPCC) Enterprise Edition, Cisco IPCC Express Cisco Security Agent Edition for companies that need an entry-level or midmarket con- Cisco CallManager 4.0 provides improved threat defense with an tact center solution, and Cisco Internet Service Node (ISN), which embedded version of Cisco Security Agent for IP Communications offers Web-based interactive voice response (IVR), queuing, and IP included at no additional cost, which contributes to the vision of switching services. While META Group notes that IP-based contact the Cisco Self-Defending Network by adding anomaly-based centers are not as important to enterprise IP communications strate- intrusion protection and policy control to the IP communications gies today as they were two years ago, Ussher suggests that IP-based infrastructure. (For more on the Self-Defending Network, see systems are more cost-effective and flexible than their traditional Packet® First Quarter 2004, cisco.com/packet/162_6a1.) Cisco counterparts, particularly for installations up to 75 agents. Security Agent is now also included with such Cisco IP commu- For management, the CiscoWorks product line includes com- nications applications as Cisco Unity™ and IP Contact Center. prehensive network management tools that cover the full management lifecycle, from planning and design through implementation/ Cisco MeetingPlace 8106 deployment, operations, and maintenance (for more on managing The new Cisco MeetingPlace 8106 conferencing system integrates IP communications networks, see page 42). secure multimedia conferencing with enterprise groupware applications. Conferencing capabilities support both ad-hoc and scheduled Building Understanding voice, video, and Web conferencing. It enhances user productivity IP communications offers tremendous potential for easing the logis- through integration with existing applications such as Microsoft tical barriers of time zones and geographic dispersion between com- Outlook and IBM Lotus Notes. It can also interact with Microsoft panies and their branch offices, teleworkers, customers, partners, NetMeeting, Lotus Sametime, or an intuitive Cisco MeetingPlace Web and vendors. For example, it can enhance collaboration between conferencing application for sharing presentations, applications, or design teams in the US and Europe, manufacturing in Asia, and desktops. Participants can “upgrade” a conference in progress to sales and distribution centers worldwide. It simplifies the process include another person or show everyone a document. of connecting with your customers, while enhancing the value of “Cisco is redefining voice as another application on the net- your interactions with rich-media sharing and video telephony. With work,” says Moran. “As an application, voice should seamlessly such enormous potential for increasing productivity and sales integrate with other applications and pass information back and through effective collaboration, can you afford to wait? forth.” This integration is intuitive and requires minimal user training. For example, a user can book a Cisco MeetingPlace conference FURTHER READING through the Cisco IP Phone, and then find it later on the Outlook calendar on the PC desktop. Conversely, she can book a conference Cisco IP Communications: through Outlook and it automatically communicates with Cisco cisco.com/go/ipc MeetingPlace to reserve the conference. Later, she can look up the Cisco CallManager 4.0: reservation using the IP phone interface, and then initiate the call. cisco.com/packet/162_6a2 Cisco VT Advantage: More IP Communications Solutions cisco.com/packet/162_6a3 The Cisco IP communications solution also includes voice gateways, unified messaging, IP-based contact centers, and manage- Cisco MeetingPlace: ment tools. Most Cisco switches and routers can become a voice cisco.com/go/meetingplace gateway with the addition of a module or software, allowing ubiq- Cisco IP Communications security: uitous deployment of IP communications systems throughout cisco.com/go/ipcsecurity enterprise campuses, full-service branch offices, and teleworker

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 33

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. CORBIS.COM; PHONE: SPENCER TOY CISCO SYSTEMS Reprinted with permission from LICENSE Packet IP COMMUNICATIONS more flexibilityandcanuseourspaceefficiently.” CallManager anditsExtensionMobilityfeature,we havefar manager ofelectronicsystemsandtechnology. “Now, withCisco wasted resources,”saysThomasTisch, theairport’s general been aproblemfortheairlineindustry,for creatingthepotential “The inabilitytoshiftunusedcountersanotherairline haslong PCs atthecounterinjustafewminutes,withsinglesign-on. counter: agentspersonalizetheCiscoIPphonesand management canassignanyairlinetounused Now theGreaterToronto AirportsAuthority(GTAA) dedicated totheairline’s ownextensionandspeed-dialnumbers. Pearson assignedeachairlineitsowncounters,withphones Toronto PearsonInternationalAirportinCanada.Untillastyear, ticket counterearlierintheday?Itcouldbesoifyou’reat WASN TO ® magazine (Volume 16, No.2), copyright ©2004 byCisco Systems, Inc. Allrights reserved. COMMUNICATE ’ HTARCANADA T THAT AIR IS TRANSFORMINGBUSINESS ticket counteraLufthansa AS USUALINMANYINDUSTRIES. SECOND QUARTER 2004 RAIDER RHONDA BY COMMUNIC PACKET IP 37

T I O N S IP Network as “Communications License” executives who remained behind—with no local IT staff. The com- Pearson’s application is a prime example of innovative uses of IP pany didn’t have the luxury of waiting weeks to order and deploy telephony across the spectrum of industries, including transporta- a small PBX and order phone service. Instead, Ingersoll-Rand had tion, manufacturing, government, education, insurance, healthcare, a fully functional IP telephony service just days later, by setting up and financial services. “In any industry, IP communications is chang- the office as a satellite off of an existing, centralized Cisco ing the way people work to make them more productive,” says Alex CallManager call-processing cluster in the company’s Huntersville, Hadden-Boyd, director of marketing for IP communications in the North Carolina office. Besides PCs and printers, the only new Product and Technology Marketing Organization at Cisco. “Just as hardware needed to bring up a fully functional new office was a a driver’s license gives you permission to drive any number of cars, Cisco 3745 Router and Cisco IP Phone 7960G’s. “All routing, an IP network gives you a license to communicate using any device— switching, and voice and data connections to the IP network and phone, PC, fax, or videoconferencing terminal from any location.” PSTN [public switched telephone network] terminate in that one little router,” says Damon Cahill, manager of infrastructure strat- Transportation: “Virtual Gate” Application egy at Ingersoll-Rand. The “virtual gate” application at Pearson International Airport Employees in the satellite office have access to all features runs over the GTAA’s optical backbone network, based enjoyed by their corporate counterparts, over the WAN. on the Cisco 7600 Series Router, and was introduced Should the WAN link fail, telephony service continues in 2003 to replace 82 separate data, telephony, and without interruption, thanks to the Survivable video networks. “Agents in our new terminal can Remote Site Telephony (SRST) feature, a standard customize both the PC and Cisco IP Phone feature of Cisco IOS® Software that, when 7960G’s at the gate with a single sign-on,” enabled, automatically begins routing calls over explains Ian Grant, manager of electronic sys- the public PSTN. “Centralized call processing tems for the GTAA. The first agent to arrive means we need less hardware at local sites and logs on to the airline’s Common Use Passenger less administrative burden, which translates to Processing System (CUPPS), which runs on a lower costs,” Cahill notes. PC. The airport uses the Cisco CallManager Ingersoll-Rand plans to use the same central- application programming interface (API) to instruct ized call-processing model for its other smaller CUPPS to alert Cisco CallManager when the airline sales offices. “The business case for centralized call pro- identity changes, at which time Cisco CallManager auto- cessing with SRST is very compelling for offices with 100 matically pushes the new airline’s profile to the Cisco IP phones or fewer users, and we can cost-justify it for certain larger sites, as at the gate. The profile includes the phone number as well as the well,” says Cahill. “It’s simple: the cost of a Cisco router and Cisco airline’s speed-dial numbers. “Those features make the Cisco IP IP phones is far less than that of a PBX.” Phone behave like the phones the agents are accustomed to, which eliminated our airlines’ training concerns,” says Grant. “Then we Unified Messaging Boosts Productivity took advantage of unique features of Cisco IP communications The Cisco CallManager cluster at Ingersoll-Rand’s Huntersville office solutions to add even more value.” also provides Cisco Unity™ unified messaging, which lets employees For instance, to make the directory more relevant for airline retrieve both voice mail and e-mail from their IBM Lotus Notes employees, the GTAA divided it into two branches: one with num- groupware e-mail inbox. “Before I leave for the airport, I replicate bers important to “above the wing” employees such as airline agents, my inbox locally so that I can compose responses when I’m on the and another for “below the wing” employees such as baggage han- plane,” says Cahill. “Next time I connect to the network I send them dlers and maintenance staff. And the airport also wrote another out. Now, with Cisco Unity, I can listen to and compose responses Extensible Markup Language (XML) application for the airport’s to voice-mail messages as well, with my laptop and headset.” Resource Management Group that lets employees receive calls per- Hadden-Boyd of Cisco has a similar approach to productivity taining to a particular function, such as baggage, simply by logging during airport layovers, but uses a cell phone instead of a PC. “If onto that screen on their Cisco IP phones. “IP telephony has created I’m in the airport and have ten minutes before my flight, I don’t new application possibilities that weren’t possible with standard necessarily have time to find an Internet connection to check e-mail phones,” says Grant. “Cisco CallManager and Cisco IP phones from my PC. With Cisco Unity unified messaging, I can call on my enable the airline industry to take advantage of a common format, cell phone and listen to both voice mail and e-mail using text-to- XML, to cut costs and to improve service for our passengers.” speech translation.” Unified messaging improves productivity during Ingersoll- Manufacturing: Rapid Response to Change Rand’s meetings, as well. Come break time, participants use their The ability within IP telephony to quickly set up new phones laptops on the Ingersoll-Rand wireless network to retrieve and solved a different business need for Ingersoll-Rand, a leading man- respond to e-mail and voice-mail messages. “In this case, people ufacturer of solutions for security and safety, climate control, and like the fact that they don’t have to listen to every voice mail in industrial solutions and infrastructure. In late 2003, the company order, as they would on their phones,” says Cahill. “They see all sold a division in Torrington, Connecticut, and needed a quick, the callers’ names or numbers in their inbox and can jump directly cost-effective way to set up a telephony network for the 30 to the most urgent.”

38 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

O I COMMUNICIPA T

In addition to unified messaging, the Cisco CallManager clus- been extremely cost-effective,” says Sira. “We expected to see ter at the Ingersoll-Rand Huntersville office supports a 25 to 30- ROI [return on investment] in 18 months; instead, Cisco person contact center whose agents field questions about MeetingPlace paid for itself in just 7 months, because our con- employees’ pensions and benefits. “Cisco IPCC Express Edition ferencing calling volume increased. And because we own software provides us more capabilities than we had on our small MeetingPlace, it won’t cost us more to conduct more confer- PBX system, like recording conversations, allowing supervisors ences as the business grows.” The company began with 360 to enter a call midstream, and historical reporting,” says Cahill. seats, recently added another 240, and expects to add another “And we no longer have to pay someone $250 an hour to add 240 by the end of 2004. a queue, for instance. Now we can make the change ourselves, using the simple interface. In the manufacturing industry, where Government: Low-Cost Application Delivery it’s fairly frequent that we would add or divest ourselves of a Located 20 miles northwest of Washington, DC, the Town of company, the ability to make changes easily is very valuable.” Herndon, Virginia took up IP telephony for one reason, and now appreciates it most for an entirely different one. “We adopted Measuring the Cost Savings IP telephony for scalability and to reduce our phone bills,” says Organizations in all industries are likely to cite cost savings as a Bill Ashton, the town’s director of IT. “We succeeded: we’re chief benefit of IP communications, and Ingersoll-Rand has the already saving 30 percent every month and expect that to rise metrics to prove it. For conference calls, the company tradition- to 50 percent when we add the police department to the system. ally has used a managed service. In the Huntersville facility, where But the more remarkable gain is that we’re using IP telephony executive meetings might have 100-plus participants, the bill as a low-cost platform to deliver applications.” amounted to US$15,000 a month. Now, the company has elim- For instance, the town has begun pushing AMBER alerts, inated the need for that service with Cisco Conference Connection about missing or abducted children, to its employees’ Cisco IP software, which integrates with Cisco CallManager to provide Phone 7900 Series, using the PhoneTop AMBER Alerts system audioconferencing. Total monthly costs have plummeted to from Cisco Premier Certified Partner AAC Inc. US$4000 for infrastructure. “Employees like being able to go into “When we see an AMBER alert for a child within a 50-mile a Web interface to schedule their own calls instead of calling the radius, we push it to all Cisco IP phones using XML,” says carrier,” says Cahill. People join the conference call by dialing a Ashton. A distinctive ring tone sounds, and then employees have four-digit extension, or by scrolling down on their Cisco IP phones the option to press soft keys on their phones to see more infor- to see the call and then pressing the Join button. Callers from mation, including suspect and victim pictures, on the phone outside the network can join over the PSTN. display. “With the PhoneTop AMBER Alerts application, we Ingersoll-Rand determined that the Cisco IP communications suddenly have six times the number of eyes looking for system will slash equipment costs by 38 percent, maintenance costs abductees than we have police officers alone,” notes Ashton. by 18 percent, and conference call costs by 70 percent. Factoring The Town of Herndon is also planning to deploy AAC’s in the one-time installation charges, the company estimates it will PhoneTop EAS Alert Service to push other critical information save US$1.17 million over five years. to employees’ Cisco IP phones. “If we receive any kind of emergency message from the county into our database—tornado Information Services: Combined Audio and Data watch, heightened terrorist alert, major accident on a heavily Conferencing Cuts Costs trafficked highway—we can immediately route it to municipal LexisNexis Group, the global legal publishing arm of Reed employees who need to see it,” says Ashton. Elsevier, the Anglo-Dutch world-leading publisher and infor- The benefit potential of IP telephony during disasters hit home mation provider, uses a large-scale Cisco conferencing solution, when Hurricane Isabelle struck in 2003. Local government offices Cisco MeetingPlace, both to cut costs and to safeguard its pro- were closed, but the Town of Herndon nonetheless had to call in prietary data presentations. Until 2002, the company had used certain employees to deal with problems with the water system. two different service providers for external audio and data con- Ashton plans to install Cisco IP SoftPhones on key employees’ ferencing. “We were paying US$1.29 million a year,” says Jeff home PCs so that they can work from home during hazardous Sira, manager of conference services. “As long as we were billed conditions, which will help to ensure their safety and alleviate per minute, we knew the costs would grow each year.” traffic on the roadways. The company not only wanted to slash its audio and data “If you give me enough money and time, I can deliver any conferencing costs, but also wanted to address a key security concern application you want me to,” Ashton continues. “But if you want regarding intellectual property. “Our data presentations deal with to save money and time, the Cisco IP Phone is a superior delivery strategic issues such as acquisitions, confidential communications platform. It’s low cost, always on, and I already have a phone with major shareholders, and R&D that we wouldn’t want our com- everywhere in the organization. I have fine control over the appli- petition to be aware of,” says Sira. “It bothered us to upload this cations because I subscribe employees to the service, which runs type of asset to someone else’s server and then just take their word in the background. To have that level of control if I delivered an that it was deleted when the meeting ended.” application to the computer, I’d have to deal with operating LexisNexis Group found the answer in Cisco MeetingPlace, system concerns, and buy and install backend software. This way, which it uses to handle both audio and data conferencing. “It’s everything I need is native to Cisco CallManager.”

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 39

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. Education: Facilitating Communication platform can handle voice-mail sessions for both hearing and The benefits of IP communications extend beyond cost and pro- deaf users. When a hearing person calls a deaf person’s exten- ductivity. In education, IP telephony is changing the way teachers, sion, the system issues a voice prompt that the person called does students, and parents communicate. The impact is especially not accept voice messages, and offers the caller the option to noticeable at Washington School for the Deaf (WSD) in Vancouver, either insert the telephone handset into the teletypewriter Washington. Since WSD transitioned from a traditional telephone (TTY) coupler to leave a text message or be routed to a hear- system to Cisco IP communications with NXi Telephony Services ing operator, who takes a TTY message. Either way, the message (NTS) text-messaging software from NXi Communications, all is delivered to the deaf user’s NTS client software on the desk- WSD employees—hearing and deaf—have enjoyed equal access to top. “With Unity and NTS, parents and others without TTY communications services. devices for the first time have the ability to leave messages for When WSD relied on a traditional telephone system, a teacher deaf staff and faculty,” says Myers. who was deaf and needed to talk to a hearing person by phone either needed to use a relay service or ask another staff member to call the Freedom to Innovate parent and then interpret using American Sign Language. “Apart “Before we built our Cisco IP communications network, I was from the obvious privacy and independence issues, this system in the business of saying ‘no’ to requests for telecommunications increased WSD’s phone bills because the relay service charged more service changes, because they were too costly and time- for long-distance calls than the school would pay if the caller had consuming,” says Ashton, from the Town of Herndon. “Now dialed directly using the low-cost, state-controlled access network,” I’m in the business of saying ‘yes.’” Case in point: the town is says Lorana Myers, supply officer at WSD. engaged in an ongoing debate about extending rail service to Now WSD staff and faculty, both deaf and hearing, can make Dulles International Airport. The train would roll just outside and receive calls independently using either their Cisco IP phones or the town limits, so at one point the town became a focal point NTS client software on their PC or laptop. “One of our deaf teach- for the media, and Ashton needed a media center for the major ers used to e-mail me if she had questions during her prep time,” says news services—and in a hurry. “Six months ago I would have Myers. “Sometimes we barely had enough time to resolve the issue declined,” he says. “But with the Extension Mobility feature in before class started—and that’s if I received and opened her e-mails Cisco CallManager, I just grabbed a few phones from stock,

“IF YOU GIVE ME ENOUGH MONEY AND TIME, I CAN DELIVER ANY APPLICATION YOU WANT ME TO. BUT IF YOU WANT TO SAVE MONEY AND TIME, THE CISCO IP PHONE IS A SUPERIOR DELIVERY PLATFORM. IT’S LOW COST, ALWAYS ON, AND I ALREADY HAVE A PHONE EVERYWHERE IN THE ORGANIZATION,“

BILL ASHTON, DIRECTOR OF IT, TOWN OF HERNDON, VIRGINIA immediately. Now she uses her NTS client software to call me and plugged them into a conference room, and added the news- we can converse in real time, resolving questions much more quickly. casters and their phone numbers to the system. Within 20 With our Cisco IP communications solution we can now do all the minutes we had our media center.” things that hearing people take for granted.” Communications is the lifeblood of many industries and, like Two redundant Cisco CallManager servers form the core of the Ashton, IT people are waxing creative with new, IP-based solutions solution, providing telephony services throughout the school’s 12- for improving productivity. For instance, when Cisco recently had building campus fiber network. One Cisco CallManager server a power outage, the company broadcast instructions on how to includes Cisco IPCC Express Edition software, which provides leave the building to employees’ Cisco IP phones, which remained automatic call distribution (ACD) of calls from hearing and non- on because they drew inline power from Cisco routers. hearing callers. People who call the school’s main number are given “IP is the universal translator that integrates voice, video, and a voice prompt to press 1 to continue. “Callers who don’t press 1 data,” according to Hadden-Boyd. “The end user has the freedom are presumed deaf and are automatically transferred to the NTS to choose what media they want, and what device they want to use server,” Myers explains. to receive it. Hearing about some of these applications, people Both the Cisco IP Phone and NTS client provide visual indica- might ask, ‘Weren’t they possible ten years ago?’ The answer is yes. tors not only for dial tone, but also for ringing, hold, call termi- The difference is that today, technologies like IP and XML have nation, message waiting, and the like. A strobe light connected to made it so much easier. Something that used to be either impossi- the Cisco ATA 186 Analog Telephone Adapter provides another ble or incredibly complicated, like walking down the hall talking indication of incoming calls. The dial-tone indicator enables deaf on a Cisco Wireless IP Phone 7920 and then switching to a Cisco employees to use the two-stage dialing required to access the low- IP Phone 7970G, with color touch-screen, when you arrive in your cost, state-controlled access network. office, or adding video to a call midstream with Cisco VT Remarkably, WSD now provides equal access to voice mail, Advantage software, can now be done with the press of a button. as well. A Cisco Unity server residing on a Cisco MCS 7835 What once was very difficult is now casual and ad hoc.”

40 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

O I COMMUNICIPA T

XML APPLICATIONS DEMONSTRATE THE POWER OF IP PHONES TO STREAMLINE BUSINESS PROCESSES AND BOLSTER PRODUCTIVITY.

CALLING ON INNOVATION

BY JENNIFER REDOVIAN

IN REAL ESTATE, it is oft-stated communications with business processes that the three most important consider- to boost employee productivity, drive new ations are location, location, location. In efficiencies and revenue, and enhance the world of IP communications, and customer service and satisfaction. specifically as it pertains to Cisco IP “In addition to the total-cost-of- phones, it can be said that the three top ownership benefits of running a considerations today are applications, converged network, IP telephony applications, applications. has the ability to transform The business value of a business processes and deliver converged voice and data improved user productivity network has grown beyond and satisfaction,” accord- the proven 20 to 50 percent ing to Zeus Kerravala, (or sometimes greater) savings vice president of enterprise companies yield by eliminating infrastructure at the Yankee Group. leased-line charges and lowering mainte- “The applications running on an IP nance fees and management costs. The phone over a converged network will value proposition now taps directly into transform enterprise communications a company’s existing investments in IP from a static, delayed communications communications and the customizable, environment to one that is more real easy-to-use nature of IP phones to time and proactive. . . . The IP telephony enable innovative, business-enhancing applications will make convergence applications. Viewed as a strategic busi- more of a business decision rather than ness asset, these applications marry one focused primarily on technology.”

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 41

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. Just ask Maurice Ficklin, director of conduct surveys and enable other pro- Faster moves, adds, and changes— technical services at the University of ductivity-boosting applications. “Of respondents report an average saving of Arkansas, Pine Bluff. For more than two course, the return on investment is very 1.5 hours per move years, Ficklin has managed approximately important to us, but we look far beyond Easier-to-use features on IP phones— 2000 Cisco IP phones and Cisco that now,” says Ficklin. “We have gone average saving of 5.5 hours per week for CallManager clusters in each of four from paying for something [the IP each IT employee involved in phone cores at the university campus with “no phones, for example] to receiving cost support complaints, no problems,” he notes. recovery on something.” Less “telephone tag” among employ- Slowly but surely, however, Ficklin moved A 2003 survey conducted by Sage ees—average saving of 3.9 hours per toward a more technologically self-suffi- Research offers further evidence of the week (or 25 days a year) per employee cient IP network, offering phone, data, benefits of IP communications. One hun- Improved remote worker productivity— and wireless services to students and fac- dred organizations that have deployed IP average benefit of 4.3 hours per week (or ulty, including using Cisco IP phones to communications reported the following: 28 days a year) for each remote worker

MANAGING YOUR IP COMMUNICATIONS NETWORK To successfully administer, maintain, and plan for the formance and capacity management data. Powerful tools, present and future of an IP communications network, such as CiscoWorks IP Phone Help Desk Utility, enable network managers must fully understand their voice and operations and help-desk staff to respond to customer data traffic and how it can affect the behavior of corpo- issues efficiently and maintain surveillance on the intro- rate networks. Establishing a process to evaluate, docu- duction and movement of IP phones in their environment. ment, and monitor this important operational resource is Another important application in the CiscoWorks ITEM imperative. The CiscoWorks product line includes com- suite—CiscoWorks IP Telephony Monitor 2.0—features a prehensive network management tools that cover the user interface with a Web-based operations screen that full management lifecycle, from planning and design gives you real-time network status and alerts of actual through implementation/deployment, operations, and and suspected problems in the underlying IP network and maintenance. They are designed to improve productivity IP telephony implementation. This Alerts and Activities and lower total cost of ownership (TCO) through automa- Display (AAD) can be customized to show all or selected tion, integration, and simplification. elements in the managed space. CiscoWorks software includes tools to centrally manage Call control is also critical in managing your IP communi- critical network characteristics such as availability, cations network. Management applications help to assess resilience, responsiveness, and security. Among these the aggregate number and distribution of calls, identify tools are CiscoWorks IP Telephony Environment Monitor peak hours, and monitor analog FXO/FXS connections and (ITEM), CiscoWorks QoS Policy Manager, and the Cisco PRI channel activity. This data can be used to assess best Catalyst® 6500 Series Network Analysis Module. The and worst performance and to support trend analysis and Cisco CallManager user interface also simplifies the most forecasting. Platform metrics such as CPU utilization and common subscriber and telephony configuration tasks by memory allocation can also be tracked. adding software and Web-based applications. Another IP communications management application, CiscoWorks ITEM, through the WAN Performance Utility CiscoWorks IP Phone Information Utility, can assist with (WPU), is used for both the planning phases as well as system maintenance, monitoring, and reporting by pro- routine operations phases of managing your IP communi- viding real-time fault analysis and management, including cations network. CiscoWorks ITEM uses Service fault history and information about all the phones on the Assurance Agent (SAA) functionality of Cisco IOS® network, their operational status, and implementation Software to measure latency and jitter between key details. Utilities such as CiscoWorks ITEM Gateway points in a network that deploys Cisco IP telephony. WPU Statistics Utility collect key performance and behavior is used to help assess IP telephony readiness of Cisco- statistics about the gateways and trunks to ensure sys- based IP networks. It also provides real-time health and temwide health and device availability. fault monitoring of converged IP networks, and the ability for operations and administrative staff to monitor and To learn more about managing your IP communications manage telephony resources to capture and record per- network, see cisco.com/packet/162_6c2.

42 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

O I COMMUNICIPA T

Open Standards, Easy-to-Deploy Apps hotels; emergency notification and audio Reductions,” and “Best Innovative Single Cisco IP phone applications are based on streaming systems for government and pub- Idea,” among others. open industry standards such as Extensible lic-safety personnel; and time-clock appli- The PhoneTop K-12 application from Markup Language (XML), Telephony cations for use on manufacturing floors, AAC Inc., for example, won for customer Applications Programming Interface (TAPI), and in hospitals, bank branch offices, and satisfaction and best innovative use of and Java-based TAPI (JTAPI), which provide other work environments with large num- technology in education and government. the ability for software developers to create bers of hourly-wage employees. PhoneTop K-12 (see Figure 1) lets grade- telephony applications. Because developers Likewise, enterprise applications readily school and high-school teachers use their write to the intuitive, point-and-click, available on desktop PCs—e-mail and uni- Cisco IP phones to perform tedious, oth- browser-based interface, there’s no need for fied messaging, corporate directories, con- erwise-manual administrative tasks such IT personnel and other end users to know ference-room booking, and expense as taking daily attendance and managing anything about the lower layers. reporting, for example—can be provided on student hall passes. Enterprises can take data from their IP phones. In this way, the phone serves as AAC’s application is helping Frederick back-office business applications and an always-on communications and infor- County Public Schools in Virginia streamline deliver select information to the LED mation vehicle for business, critical, and communications between its 20 networked screens of their Cisco IP phones. Softkeys time-sensitive communication with employ- facilities, and reduce costs by eliminating the on the phones are used to access and dis- ees—anytime and anywhere they are. No 20-plus different existing phone systems play data from the XML applications— doubt, the simplification of menu-driven (offered by half a dozen vendors) and cen- extending real-time business information, information access improves efficiency and tralizing telephone processes into a single, services, and enhanced images to every expedites day-to-day business processes. easy-to-manage voice and data IP commu- corner of an organization, even in settings Another benefit of Cisco IP phones: nications structure. where PCs are typically inaccessible to they are managed like PCs. Deploying new In the government arena, AAC is apply- employees such as warehouses, factory applications and services to the phone sets ing its PhoneTop AMBER Alert Services floors, and sterile lab environments. is as easy as distributing software and software to help find missing children in and XML support is available on the Cisco automating installation on a remote PC. around the Town of Herndon, Virginia. IP Phone 7905G and 7912G monochrome Upgrading business applications, enhancing For more on this and other IP communica- displays for text-based applications; the telephony services, and extending phone- tions applications being deployed in vertical Cisco IP Phone 7940G and 7960G with based transactions can be accomplished markets, see “License to Communicate,” monochrome displays for both text-based smoothly and rapidly (see the sidebar, page 36. and graphics-based applications; the new “Managing Your IP Communications Chosen best in the category of “Cost Cisco IP Phone 7970G model that features Network,” page 42). Controls and Reductions” was Aptigen high-resolution, 234-pixel color graphics on the phone display along with touch- IP Phone Productivity Applications screen access to features and applications; Many of the XML-based, off-the-shelf pro- and the Cisco IP Communicator ductivity applications are being developed (Softphone). For Cisco IP Phones 7940G by, and can be purchased from, Cisco part- and 7960G, Cisco CallManager Version ners for easy customization to suit a com- 3.1 or higher is required for XML support. pany’s business requirements. What’s more, Cisco IP Phones 7905G, 7912G, and these applications are already proving their 7970G require Cisco CallManager Version worth in both measurable productivity 3.3 or higher. CallManager upgrades are gains and cost savings, results that were available free; to download, visit the Cisco demonstrated with enthusiasm at the Cisco Software Center: cisco.com/packet/162_6c1 Innovation Through Convergence (ITC) (Cisco.com login is required for full access Expo last September. to the software downloads). More than 70 Cisco AVVID FIGURE 1: AAC’s PhoneTop K-12 application To date, the most prevalent Cisco IP (Architecture for Voice, Video and gives teachers the flexibility to perform routine, otherwise paper-based processes on their IP Phone applications have been developed for Integrated Data) IP communications and phones—freeing them up to devote more time to use in information-laden vertical-market wireless technology partners showcased students in the classroom. industries, notably in education, retail, their integrated voice and data software hospitality, and government. Among the applications for IP phones. An independent Designer from EDCi, a horizontal appli- many applications being deployed are panel of judges from the CIPTUG selected cation that allows anyone to create IP administrative and attendance solutions for 13 application developers that demon- telephony prototype solutions quickly and school districts and universities; inventory strated the most compelling benefits in cat- easily—no XML coding skills required. tracking and lookups for retail branches; egories such as “Employee Productivity,” “Ninety percent of Cisco CallManager concierge, restaurant listings/reservations, “Return on Investment and Innovation in deployments don’t have applications and other guest-service applications for a Vertical Market,” “Cost Controls and deployed to them,” says Aptigen Vice

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 43

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. NET IMPACT 2004: FROM CONNECTIVITY TO PRODUCTIVITY A newly released study by Momentum Research looks at tools), changed their business processes before deploying the effects of integrating Internet applications, networking a new application aimed at increasing efficiency, and auto- technologies, and business processes on the public sector mated business processes with Internet applications and in Europe. The study—called Net Impact 2004: From integrated those processes with other service functions. Connectivity to Productivity—asked nearly 1400 IT and Interestingly, but not surprisingly, a desire to accelerate business decision makers in eight European countries operations and improve citizen satisfaction ranked signifi- what technologies, applications, and processes they had cantly higher than cutting costs as the top goals among implemented to accelerate e-government or e-health. The respondents for improving productivity. survey found that organizations were between three and Net Impact 2004 is the fourth in a series of research seven times more productive than their peers if they projects sponsored by Cisco to evaluate the impact of invested in network functionality beyond the minimum Internet technologies on organizations and pro- required to support their applications (for example, deploy- ductivity. For more on the Net Impact research, see ing layered security or sophisticated traffic management netimpactstudy.com.

President Nick Tseffos. Aptigen Designer As Twisted Pair Solutions and many is helping to change that. other software developers are demon- With this application, you can design, strating, IP communications solutions can demonstrate, and deploy the full value of IP be considered strategic business assets phone technology immediately, emphasizes that are transforming how organizations Tseffos. Instead of merely talking through communicate—internally and externally. the productivity benefits of an IP phone Productivity gains result not simply from application, you can use Aptigen Designer's adding applications to your network, but Windows-based interface and drag-and- by integrating business processes with drop environment to create a custom appli- communications to tap into your net- cation, publish it to a phone emulator to work and the technology that will make check your work, and instantly deploy it to those applications work for you. the enterprise, thus increasing your ROI and FIGURE 2: ExtendTime 3.1, developed by Vytek, reducing development time to production. replaces traditional time clocks, automating time To learn more about the applications data collection, audits, and reporting via Cisco Named best in the “Return on Investment/ IP phones. showcased at ITC Expo 2003, and for Vertical Market” category was Vytek’s general information on developing and ExtendTime application. A complete time experience. Many of these users, for exam- deploying XML applications and IP phone and attendance solution targeted at a broad ple, are benefiting from an application devel- services, visit Cisco IP Communications range of industries, ExtendTime replaces oped by Twisted Pair Solutions called WAVE Applications Central (AppsCentral) at traditional time clocks, and automates time (Wide Area Voice Environment). Chosen for cisco.com/go/apps. data collection, auditing, and reporting via IP “Best Innovative Single Idea” at ITC Expo phones. With a unique employee ID number 2003, WAVE allows integration between IP- and password, workers can “clock in” and based networks and other systems such as “clock out” using any Cisco IP Phone in their IP telephony and mobile radio environ- FURTHER READING organization. They can also receive messages, ments—enabling you to create new, scalable view scheduled work hours and accrued group communications consisting of audio, “Thinking Outside the Talk Box,” ® benefits such as vacation or sick days, and video, and data content. Packet Third Quarter 2002: locate company-wide resources using the WAVE not only leverages your exist- cisco.com/packet/162_6c3 ExtendTime directory (see Figure 2). ing IP network but brings together com- Cisco IP communications: munications among previously disparate cisco.com/packet/162_6c4 Flexible, Instant Communications groups. A firefighter and a police officer, Cisco ITC Expo 2003 Video: The flexibility and advanced capabilities of for instance, with their different VHF cisco.com/packet/162_6c5 IP phones offer the opportunity for soft- and UHF radio communications, can CIPTUG: ware developers to use text, graphics, now instantly talk to each other while ciptug.org audio, alerts and now, with the Cisco IP their streams of audio are carried over an Phone 7970G, color to deliver a rich user IP infrastructure.

44 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

O I COMMUNICIPA T THE VIDEO Advantage EXPANDED IP COMMUNICATIONS PORTFOLIO ENABLES RICH-MEDIA CALLS AND CONFERENCES.

BY DAVID BAUM

STUDIES HAVE SHOWN that at least 60 percent of human communication is nonverbal—conveyed by hand motions, facial expressions, and body language—so a video image that enhances an audio conversation is a tremendous asset. Until recently, however, video telephony and conferencing systems have been expensive and difficult to use. The networks used were not architected for video, so the quality was poor and the pictures were grainy and jerky. Despite the lofty promises of converged IP networks that could seamlessly transmit voice, video, and data, only about 2 percent of today’s meeting rooms are equipped with videoconferencing equipment, much of that still running over ISDN, and video is almost nonexistent on the desktop.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 45

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. That’s changing fast with the introduc- of desktop computers, all calling function- nected into videoconferences simply by press- tion of Cisco CallManager Version 4.0. ality runs through the phone. The broad- ing the conference button on their phones. This mature, IP-based business communi- cast-quality video images can run at speeds “It’s much more convenient now than cations system is the heart of Cisco’s video of up to 30 frames per second in a window ever before,” says Lambert. “There’s no telephony (VT) solution. Along with the about one-fourth the size of a typical com- need to preschedule through a reservations new desktop product called Cisco VT puter screen.” center or Website—as you had to do in the Advantage, Cisco CallManager 4.0 adds Restrick believes Cisco’s forward-look- past. You just dial the phone and use the con- video telephony functionality to Cisco IP ing transition from time-division multi- ference button to add more people.” phones. Cisco’s video telephony solution plexing (TDM) to IP-based PBX systems enables real-time, person-to-person video makes it easy for customers to adopt Technology Convergence sessions to be transparently added to tele- Cisco CallManager and related video Evolving technologies have converged to phone calls and conferences. Video tele- telephony technology. They don’t need make Cisco’s video telephony solution pos- phony is now simply a phone call. separate networks for voice and video, sible: the advent of centralized configura- Instead of working as a standalone system and IP phones can be used as endpoints tion, management, and call control for with separate endpoints, administrative sys- for both types of calls. This makes it very scalability and ease of management; unified tems, and dial plans, Cisco’s new VT solution simple to deploy and use the technology. voice and video dial plans for ease of use; uses the same IP network that carries a “With Cisco VT Advantage, users have all merging voice, data, and video equipment company’s data and voice communications, the functionality of the PBX system,” he and applications on a single network; and enabling real-time videoconferencing and says. “They can put a call on hold, trans- the descending cost of network bandwidth. collaboration for an incremental cost of less fer the call, or press a conference button to Additionally, Cisco recently introduced than US$200 per seat. Cisco CallManager, initiate a group meeting.” the Cisco MeetingPlace 8106 Rich-Media enabled by Cisco AVVID (Architecture for Cisco VT Advantage works with Cisco’s Conferencing Solution, an IP-based meeting Voice, Video and Integrated Data), is the soft- midrange and high-end IP phones, includ- environment that provides organizations ware-based call-processing component of ing the 7940G, 7960G, and 7970G Cisco with easy access to secure, integrated, rich- the video telephony solution. IP phones. Video endpoints are config- media meetings that combine voice, Web, “We have finally delivered on the urable from 128 Kbit/s for low-resolution and instant messaging capabilities. Because promise of the second ‘V’ in AVVID,” video, to 4.5 Mbit/s for broadcast-quality MeetingPlace runs “on network,” behind explains Hank Lambert, director of prod- displays. Two-GHz Pentium processors are the corporate firewall, meeting content is uct marketing for Enterprise Call Control required to enjoy maximum resolution secure. Cisco MeetingPlace also allows at Cisco. “In the past, Cisco AVVID cus- video, and 1-GHz Pentium processors are users to participate in and control audio tomers could send H.323 video over the IP suggested for all video applications. and Web conferences through their Cisco IP backbone, but the video applications were phones, traditional phones, or network never closely coupled with IP telephony.” Cisco CallManager 4.0 connected desktop PCs. Cisco IP Phone Cisco CallManager 4.0 also provides users can easily view schedules, set up Cisco VT Advantage video telephony functionality to IP-based audio conferences, attend real-time meet- Cisco VT Advantage application software H.323 video endpoints from Cisco AVVID ings using soft keys on their phone display coupled with a Cisco Universal Serial Bus partners, allowing customers to preserve screens—even initiate a meeting through (USB) camera allows a PC co-located with and enhance their expensive videoconfer- the corporate instant messaging client. a Cisco IP Phone to add video to phone encing equipment without requiring a calls without requiring any extra button- complete upgrade to existing video equip- Video Revolution pushing or mouse-clicking. When registered ment. Calls can be made to and from end- Many corporate networks already have the to Cisco CallManager, the Cisco VT points, regardless if they are audio or fundamental infrastructure in place to enable Advantage-enabled IP phone has the fea- video calls. This increases call completion easy-to-use, easy-to-manage, broadcast-qual- tures and functionality of an IP video- rates, thus increasing productivity. ity video to the desktop. Cisco features the phone. With Cisco VT Advantage, call Calls can also be made to executive latest technology and advancements available features such as call forward, transfer, con- desktop and conference room video sys- with true IP communications today. ference, hold, and mute are now available tems from TANDBERG; the systems are Enterprises can now take full advantage of with video—and are easily initiated specifically enhanced for use with Cisco their IP networks to deliver enterprise-class through the Cisco IP Phone. CallManager 4.0 and employ a user inter- business communications that extends voice “By connecting a computer with a Cisco face that is the same as a Cisco IP Phone, and video to every user in their organization. IP Phone and equipping it with a small including hold, transfer, conference, and It is a dynamic solution that is designed camera, the PC monitor can work as the directory services buttons. to grow with new system capabilities. For phone’s video screen,” explains John Cisco CallManager version 4.0 also customers that already have Cisco Restrick, software development manager works with Cisco IP videoconferencing CallManager, it’s a simple upgrade to get for Cisco CallManager. “Although Cisco solutions such as the Cisco IP/VC 3500 started. If they also have Cisco IP/VC video VT Advantage harnesses the display power Series, enabling multiple users to be con- products, they can upgrade not only the call

46 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

O I COMMUNICIPA T manager, but also the IP/VC Multipoint network are starting to merge. PCs, PDAs, the Cisco IP communications system to inter- Conference Unit (MCU), to provide an pagers, wireless phones, desk phones, and operate with new and old PBX systems. SIP even tighter coupling of the video infras- video endpoints are coming together. Users is an IP telephony signaling protocol used by tructure. Cisco has sold more than two and want to integrate not just the devices them- a wide range of hardware and software, a half million IP phones to date—most of selves, but also the desktop applications that including the Cisco MeetingPlace conferenc- them with Cisco CallManager solutions— run on them. Audioconferencing, video- ing server. Q.SIG is the worldwide signaling creating a ready market for the new video conferencing, video telephony, Web confer- standard for PBX systems. telephony technology. encing—they can all be tied together Support for SIP allows Cisco “It is a technology whose time has through IP.” CallManager 4.0 to interoperate with a come,” emphasizes Lambert. “Many Cisco variety of current and future communica- customers have the necessary bandwidth for Enhanced Security, Migration, and tions systems, including Cisco MeetingPlace, video telephony on their local-area net- Interoperability the Cisco BTS 10200 Softswitch, and a works, and some customers have the infras- Important enhancements in Cisco variety of SIP proxy servers. These additions, tructure to transmit video over metropolitan CallManager 4.0 improve security and combined with H.323 voice and video inter- and wide-area networks as well. Typically, interoperability. “CallManager 4.0 has many operability, make it easy for customers to you will want Gigabit Ethernet or better for security features that help users verify the integrate Cisco IP communications systems the backbone.” identity of the devices and servers with with existing voice and video communica- Organizations that have already deployed which they communicate, and ensure data tions equipment. redundant data centers and have invested integrity,” says Restrick, “and with the Cisco heavily in their network infrastructure are IP Phone 7970G, they can also ensure pri- Freedom to Roam immediate candidates for Cisco’s video tele- vacy through encryption.” Hadden-Boyd sums up the advantage of phony technology. “We’re seeing a lot of Additionally, Cisco has added digital these expanded IP communications capabil- interest from customers in financial services, certificates into each IP phone. When a ities in a single word: freedom. telecommunications, healthcare, education, phone is first connected, it goes through an “I no longer have to worry about how I’m and some sectors of the manufacturing indus- authentication process. After that, when going to communicate at any particular try,” adds Lambert (for more information, calls are placed, the setup is authenticated time,” she says. “I have a lot of freedom over see “License to Communicate” on page 36). and audio data is encrypted. Cisco what medium I use, and when I’m going to CallManager 4.0 also features an intrusion use it. It doesn’t matter if I’m at home, at the Extending the Promise of IP detection system (IDS), firewall, and audit office, or at a hotel in New York. My phone Cisco CallManager 4.0 scales to support logging through the inclusion of the new number is associated with whatever com- thousands of phones at multiple locations Cisco Security Agent, a key component of munications device I’m using, and Cisco and offers a full set of business telephony fea- Cisco’s overall security strategy. Cisco CallManager knows how to deliver a mes- tures and a complete IP-based applications Security Agent provides proactive and sage to me—any time, anywhere—based on portfolio including unified messaging, unified adaptive threat protection for Cisco IP the preferences I specify. With IP, users communications, IP contact centers, and phones, servers, and desktop computing choose what works best for them.” advanced conferencing services. Small busi- systems. It brings together multiple levels of As Hadden-Boyd points out, when Cisco nesses with fewer than 100 users can use security functionality by combining host AVVID was introduced in 1999, the advan- Cisco CallManager Express to obtain some intrusion prevention, authentication to tage was at the network layer. “The primary of the same benefits. Cisco IP phones, distributed firewalls, mali- focus was on transport and its associated cost Running on the Cisco Media cious mobile code protection, operating savings—the cost and productivity advan- Convergence Server (MCS) platform, system integrity assurance, and audit log tages of running voice and data over a con- Cisco CallManager software delivers consolidation—all within a single agent verged intelligent infrastructure,” she enterprise telephony features and capa- package. Cisco CallManager 4.0 cus- explains. “Now that convergence is moving bilities to many types of packet telephony tomers, as well as Cisco Unity™ unified mes- to the application level.” network devices. This includes not only IP saging and Cisco IP Contact Center Both the Cisco VT Advantage and the phones, but also media-processing customers, receive all of these additional Cisco MeetingPlace solutions deliver on devices, voice over IP (VoIP) gateways, levels of safety and protection for their con- Cisco’s promise of a rich-media communi- and multimedia applications. verged networks at no extra cost. cations experience. “This is much more According to Alex Hadden-Boyd, director Restrick spearheaded the development of than just video to the desktop,” Restrick of marketing for IP communications in the video in Cisco CallManager 4.0 and coordi- concludes. “We’re introducing a cohesive Product and Technology Marketing nated the development of conference bridges, system for video communication. We have Organization at Cisco, VT Advantage is just PSTN gateways, and Cisco CallManager integrated access to the PSTN and pro- one aspect of Cisco’s complete strategy for IP integration with a wide range of video end- vided simple-to-use conferencing and sup- communications. “If you think of IP as a uni- point solutions. He says Cisco CallManager port for legacy systems—all with the versal translator,” says Hadden-Boyd, “the has native support for Q.SIG and Session scalability and manageability you expect various devices and applications on the Initiation Protocol (SIP) signaling, enabling from your phone system.”

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 47

TOP TEN TIPS TIPS FOR GUIDING A SUCCESSFUL IP TELEPHONY IMPLEMENTATION.

MIGRATING TO IP TELEPHONY?

OFTEN WHEN AN ORGANIZATION considers change that will impact every employee—such as an enterprise-wide IP telephony implementation—the process tends to focus on hardware, software, and getting the technology up to speed as quickly as possible. However, a company’s infrastructure is composed not just of hardware and software, but also of people. The successful conversion to IP BY STEPHANIE telephony does not rest solely on viability or L. CARHEE reliability. It requires a careful combination of the right products, people, processes, tools, services, best practices, and methodologies—all working in concert. While the needs of every enterprise are different, some things are universal. Planning, communication, teamwork, and understanding your users’ requirements are as important as technical expertise. With this key objective in mind, I have compiled the following top ten tips for project managing an enterprise-wide IP telephony implementation. They are not meant to tell you how to technically architect your network, but to share best practices gleaned from Cisco’s own experience as well as customer engage- ments with phased migrations to a converged voice and data network. If your company is in the planning stages of an IP communications implementation, read on.

48 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

O I COMMUNICIPA T

Tip 1. Build a Cross-Functional “Tiger” Team Know the tools and methods that can be used to analyze and The greatest up-front contributor to a successful, large technology manage change migration is building a cross-functional team that not only has the Plan and implement proactive change management principles requisite skills and technical expertise but represents users in every Understand the nature and impact of change in the program area in the organization impacted by the implementation. This environment team is responsible for ensuring rapid delivery of the migration that Manage the negative implications of change optimizes company investments. At Cisco, we called this group the Realign expectations “Tiger Team.” Build commitment Key members of the team include an executive program spon- Drive cultural acceptance sor and steering committee composed of organizational stakeholders; a project Tiger Team lead; technology experts; security Tip 3. Do Your Homework specialists; and subject matter experts in the areas of design and Corporate culture is often defined as “the way we do things around engineering, support, finance, and project management. When here.” Culture builds a common language and brings people global or multinational theaters are involved, include team leads together, enabling them to work toward a shared goal. Understanding for each theater who will represent the needs of that location and and working with your organization’s culture is critical to success- user community. fully implementing new technology on a large scale. Does your com- After skill sets are identified and all representatives chosen, this pany encourage risk taking? Is change incorporated often, and does well-represented team should start off the implementation by clearly the company embrace it? How has change been introduced and insti- defining the objectives and overall goals of the project, and identi- tutionalized in the past? Was the process successful or fraught with fying the tasks necessary to achieve those goals. Also begin defin- problems? Is new technology welcomed or resisted? Do employees ing the change management process, at-risk factors, and problem solve problems in a team environment? Is communication a top pri- escalation challenges, which will minimize the risks of ority? Is yours a virtual company with telecommuters or employees integrating an enterprise-wide IP telephony solution. scattered across the globe? What have previous technology deployments taught you about how users prefer to be Tip 2. Get Your Users On Board trained? All of these factors are part of your organiza- Resistance to change is normal and should tional culture and can influence your ability to integrate always be anticipated. Managing user expec- a new solution. Take the time to know your users. Do tations will be paramount to making the pro- your homework, capitalize on what has worked in the cess run as smooth as possible. One key way past, and learn from the mistakes of others. to achieve this is to take away the mystery and uncer- Equally important, it’s essential that you have the par- tainty among the individuals affected through education, and ticipation and cooperation of all Tiger Team members from open, honest, and frequent communication with the stakehold- the outset. A planning workshop will help you to educate and rally ers. Create a plan that gives you the ability to be flexible and cooperation among the team, as well as ensure that the initiative proactive. Anticipate the glitches and constantly improve the pro- stays true to the business requirements of your organization and cess along the way, tailoring it to the specific needs of the stake- meets implementation objectives. The team should work together holders and the users they represent. to plan project deliverables, address solution capabilities, define In addition to managing users’ expectations, an IP telephony hardware, software, and security requirements, assign third-party implementation typically will require significant business adjust- implementation services, identify the project critical path and mile- ments, staff training and education, and some redesigned business stones, and outline the migration strategy. There is plenty of processes and fundamental shifts within the organization. All of ground that should be covered, and you can use the “IP Telephony these changes must be identified early and continually managed, and Migration Questionnaire” on page 51 to get your project team change initiatives coordinated and integrated in a timely fashion. thinking and collaborating together. Your change management plan should be created only after change impacts have been identified and organizational change Tip 4. Ensure That User Requirements Drive Design readiness has been assessed. Consider first the impact change will Requirements have on employees—paying close attention to details and being Consider developing a “Voice of the Client” program that consists considerate of the timetable (ensuring that the implementation of client-targeted surveys and focus groups to benchmark and track cutover doesn’t take place during your company’s fiscal-quarter user-preferred services, products, solutions, and features. Use the close or other critical event, for example). And do it right the first survey as a tool to identify critical phone features, validate key time so that when users experience the change, the effect is mini- business needs, gauge risk tolerance and user discomfort, and iden- mal and expectations are met. tify key functionalities that are paramount to your business. You Managing change involves four important components: can also use the survey as an opportunity to incorporate features Sponsorship, Resistance, Cultural Alignment/Communications of the new IP telephony system and to help determine the prior- and Skills. All team members should strive to understand the pro- ity of which features should be enabled. cess in which change occurs, and incorporate the following rec- Survey results provide the design and engineering team with a ommendations into an effective organizational change plan: “report card” that validates their concept of the new design.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 49

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. Missing key design elements are a critical mis- MIGRATION IMPLEMENTATION APPROACH take that can be avoided by listening to your users, conducting traffic analysis, performing a network audit and readiness assessment, Benefits of this Approach understanding how the technology will Fully Deployed Gain End-User Acceptance impact your current infrastructure, and famil- iarizing yourself with the new technology. Manage Expectations And, as daunting and overwhelming as Site Retrofit Standardize Processes all this may sound, remember that IP tele- Campus Core Replacement Capture Best phony is simply a new application running Practices on your current network, not an entirely new network. Therefore, knowing how Identify Support Campus Peripheral Requirements your users use the system today, aligning Equipment Replacement their goals with the design requirements, Gain Infrastructure Measurements and setting the right expectations will go a Crawl Walk Run Approach long way in making sure that you design Low Risk Office, Limited User, Gain Site PBX Replacement your network right the first time. Experience

Tip 5. Crawl First, Walk Proudly, and Limited Deployment, Technology Trials, Run Aggressively Proof of Concept Your implementation strategy should allow Pilot you to progressively go faster as your experience levels become more efficient (see figure). AT YOUR PACE: Adopting a Crawl/Walk/Run approach will help you manage user expectations, identify You don’t want to go too fast or, conversely, critical support and infrastructure requirements, build on your knowledge gained, and overall minimize too slow. The number of employees, com- the risk of your technology implementation. plexity of user requirements, size of the campus, and how widely all are dispersed will, of course, affect your detail, and automating as much of the process as possible. Of all migration strategy. Like most organizations, you are not dealing with these important factors, planning weighs most heavily. In fact, a a static environment. There will always be employees changing loca- winning formula for migration success consists of 80 percent tions, getting hired or leaving, or exercising their mobility working preparation and 20 percent installation. Quite simply, if you focus on the road, at home, in the field, and places other than their office on your plan first, the implementation will go a lot smoother. desktop. To accommodate this ever-changing environment, develop The fruit of managing several implementations, Cisco’s “IP a migration strategy that takes into account all of the variables that Telephony Steps to Success Engagement Guide” is a knowledge can change, alter, or otherwise affect implementation of your new management portal designed to help Cisco IP telephony partners converged voice and data network. in creating their own implementation plans (cisco.com/go/ Make sure no one falls through the cracks by dividing your stepstosuccess, Cisco.com login required). Following is a con- migration into user- and/or site-defined categories. Your categories densed version of the high-level steps that should be considered might be, for example, new employees; existing employees who are when beginning and completing the implementation phase: moving to a new location; buildings coming online (greenfields); Step 1. Facilitate Implementation Planning retrofit of existing buildings; merger- and acquisition-related Step 2. Hold Implementation Planning Meeting facilities; or buildings with upcoming PBX lease renewals. Step 3. Define Project Monitoring and Control And, as noted, don’t forget to take the time to learn from your Step 4. Develop Status Reporting Structure mistakes, obtain feedback, build proven processes, and create stan- Step 5. Begin Site Preparation dards for the entire team to adhere to. Minimize your migration Step 6. Conduct Install and Configure risk by starting in the lab, developing your proof of concept, and Step 7. Manage Test and Acceptance allowing time for training and practice. Follow that success with Step 8. Deliver Knowledge Handoff implementation in a non-critical field office. Then, apply what Step 9. Ensure Customer Acceptance you’ve learned and start to build momentum by moving more Step 10. Complete Closeout aggressively with a campus-wide implementation. A comprehensive depiction of the key implementation steps, the “Road to IP Telephony” mini poster, is available to download free Tip 6. Follow the 80/20 Rule for Implementation at ciscopress.com/1587200880. When it comes to actual implementation, the success of your IP telephony migration will depend on several considerations: proper Tip 7. Ensure a Successful Day 2 Handoff planning, creating consistent standards, identifying at-risk factors, A successful Day 2 handoff requires a well thought out support plan having a ready backup/backout plan, customer service, doing the (Day 2 is defined as the time period immediately following cutover prep work up front, applying best practices, paying attention to of your new IP telephony solution). Four critical components are

50 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

O I COMMUNICIPA T required to enable efficient operation and responsive support of your converged network: the support team, support processes, IP TELEPHONY MIGRATION QUESTIONNAIRE support services, and support tools. Support Team. The primary goal of sup- Use the following questionnaire in your team planning workshop to jump start migration strategy discussions and identify key areas that need to be addressed port is to have all issues resolved quickly and in your converged network implementation. This abbreviated list is excerpted effectively. You need the right mix of people from the upcoming Cisco Press book, The Road to IP Telephony: How Cisco in place at the right time to resolve the entire Systems Migrated from PBX to IP Telephony. spectrum of issues that can arise in a converged network environment. To streamline PLANNING Are the implementation and support How will you determine if your current teams part of the design strategy? this process, consider creating a cost-effec- (They should be.) tive, three-tiered internal structure to resolve network is ready for convergence? Will the design requirements meet issues based on the type of problems that What specific hardware, software, and infrastructure changes are needed? users’ expectations? Has a survey been arise matched to the skill set required to conducted? What is your company’s security poli- resolve them. Escalation is based on severity Did you compare the PBX dump with and complexity of the issue. Easy-to-solve or cy? Determine how the new network will adhere to this policy. your new design? Are there gaps? repetitive issues, such as IP phone resets and Have you identified all the existing user access passwords, are handled by Tier What experience, tools, and methodologies are required to take advantage applications that will integrate with the 1. Tier 2 tackles more complex problems of converged technologies? new IP telephony solution? such as software issues, LAN support, and How will IT staff learn to manage the con- IMPLEMENTATION data problems. And Tier 3 requires the verged IP network? Who will manage it? involvement of individuals responsible for Who is the champion/sponsor of the How will the new technology impact migration? Are reasons for the conver- the design and engineering of the IP tele- end users? sion clearly articulated? phony solution. Who are the stakeholders company- Is your company’s culture factored into Support Process. Resist the temptation to wide? Which groups absolutely require the migration plan? completely reinvent your support model zero failure rate? What are the users’ expectations? How with each new application, a mistake often Have you assembled a ”Tiger Team” will users be trained? made during large-scale technology imple- and outlined their core requirements Have you identified a migration plan mentations. While the converged support for the design? Is there a chart of roles and responsibilties? for critical phone users? model requires collaboration among multi- Is there a site escalation path if some- ple groups who are likely unaccustomed to Has an IP telephony assessment been conducted? thing goes wrong during cutover? Are working together, you should still consider there backout procedures? and take advantage of much of your exist- Have all leased PBX equipment and lease expirations been identified? What is your selection process for the ing support processes. pilot site? Have acceptance criteria Support Services. Many companies do What are the risk factors? Is there a been identified? governance model to address and not have the resources required to ade- manage the risk factors? OPERATION quately plan, design, implement, operate, What is your content management Have you created customer service and optimize (PDIOO) a converged com- plan? Are there naming convention standards for all deployment members? munications environment. When making standards? How will you capture lessons learned the investment in an IP-based network, Are local site managers included in the and ensure that other sites benefit? organizations need to look closely at their planning discussions? Will you require spares at each site? Is ability to provide all the required services Is there a plan in place to minimize there a resource for allocating phones and support parameters. Key elements for customer impact? in a pinch? implementing, supporting, and optimizing What monitoring and troubleshooting IP-based communications consist of end-to- DESIGN tools will you need to manage the new end PDIOO capabilities, expert internal What core functionality is required by network? key stakeholders/business units? and external resources, cutting-edge man- Has a PBX decommission plan been agement tools, knowledge management and Who are the high-risk users for whom identified? Will the port reduction be transfer, and global coverage. failure is not an option? Have solutions monitored to ensure lower costs? or workarounds been established? Support Tools. Attentive management Do you have a policy for managing and monitoring of your new network will Have you defined the ”must-have” analog line disconnects? functionality for the network design? help to catch and resolve many problems Are there any unusual considerations Do you have a solid change manage- before they become visible to users. With the design should address? ment process in place? the right support tools, the network can Do you have a system for capturing maintain the highest level of reliability and FAQs to be used for the support team? stability, providing increased performance

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 51

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. and availability. The five key functional areas of the network must be managed to ensure the highest levels of availability: fault, configuration, accounting, performance, and security management. TAKE A PAGE FROM THIS BOOK Tip 8. Keep Your New Network Clean Most large enterprises have hundreds of lines and circuits that, through the years, have either been forgotten about or are simply The Road to IP Telephony: How unused. While this tip isn’t meant to cover all the technical consid- Cisco Systems Migrated from erations required to “clean out” your network, it’s an important PBX to IP Telephony (ISBN: 1- reminder to view your IP telephony implementation as an oppor- 58720-088-0), from Cisco Press, tunity to clean out your network to start anew, as well as clean, provides a roadmap for your IP groom, and prepare the IP infrastructure. So, when the implemen- telephony migration that tation team begins the conversion to IP telephony, remove as many includes deployment, installa- unused lines off the PBX as possible, and only convert those lines tion, management, and trou- that were proven as valid. Conduct a final cleanup at the end of the bleshooting guidance from conversion to ensure that the implementation team has ample time Cisco experts. Written by Stephanie Carhee, the to carefully review and trace all unidentified analog lines and circuits. book’s focus is not on technology but on the planning Take steps to verify that business-critical lines aren’t removed, and make it a point to only migrate what you use, not what you have, and business processes associated with a large IP so that you can help to keep the network clean. telephony implementation. Included are more than 200 best practices and lessons learned from Cisco Tip 9. Plan for PBX Lease Returns that every IP implementation team lead should know. At the time of implementation, you might have equipment that is The Road to IP Telephony will be available in June leased, which meant that your IP telephony implementation schedule was largely dictated by the PBX lease return dates. To ensure 2004. For more information, visit ciscopress.com/ that the massive effort of returning large quantities of leased equip- 1587200880. ment is organized and that items are returned on schedule, the team leader responsible for the retrofit cleanup should enter all PBX leases into a spreadsheet and develop a project plan to keep the OK, you’ve almost arrived. You can see your destination and returns on track. Carefully match the equipment list on the origi- it is a fully converged voice and data network with all users nal lease agreement to the inventory being returned, create a box- migrated to IP telephony. Before celebrating, however, there are still level inventory list, and get a signed receiving list from the vendor. a few important items that require your attention. You still need In addition to managing the return of all leased equipment, to be ready to address how to prepare your network for the future. there is also the process of removing all ancillary solutions and sys- Change management will be the toughest process to maintain tems that are tied to the main PBX. The process of completely once your new network is in place, but not because of routine decommissioning your main PBX will take longer than you changes or software upgrades. Maintaining a strict, yet manageable expect; therefore, assemble a project team to address the removal and scalable, process will be key to your success. Not only will your of all applications still running on it. methods and procedures require a solid execution plan, but so will the standards by which you communicate the plan. Eliminate as Tip 10. Look Back, Move Forward, and Prepare for many unknowns as possible by documenting your procedures, cap- the Future ture and incorporate lessons learned, and optimize your change man- Whether an IP telephony implementation involves 200 phones or agement process. Make the commitment to continually support your 20,000 phones, careful and comprehensive planning, communi- new, dynamic network by reevaluating contingency plans often, con- cation, teamwork, and knowing where the “gotchas” are hiding ducting ongoing audits of network performance, incorporating new will divert problems before they even arise. features through software upgrades, and reexamining the contract services that protect, monitor, and support your network.

STEPHANIE L. CARHEE is a senior project manager To prepare for the future, you must embrace being prepared for with Cisco’s IP Communications Services Marketing new IP telephony applications. As applications become available, team and author of The Road to IP Telephony: How a system must be in place to analyze the technology for applica- Cisco Systems Migrated from PBX to IP Telephony. bility, test it for feasibility, provide an adoption position, and Prior to her current role, Carhee was an IT project manager for voice services in the Strategic Program ensure that all teams are involved, in agreement, and ready to reap Management group, and was team lead for Cisco’s the benefits that will come from rolling out another new IP com- migration to IP telephony, the largest deployment of munications application. its kind in the industry to date. She can be reached at [email protected]. The author wishes to thank Debbie Hart for contributing to this STEPHANIE L. CARHEE article.

52 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. DUKE UNIVERSITY MEDICAL CENTER Enterprise T CISCO SYSTEMS Center ( lion ingrants.TheMedical morethanUS$400mil- attract and researchfacilitiesthat highly regardedmedicalschool, treats 700,000patientsayear, a hospitals intheUS,aclinicthat home tooneoftheforemost a is lina, BY GRANTELLIS Duke UniversityMedicalCenter. New networkopensdoorstoadvancedtechnologiesat Switching toLayer3 was seenbyeveryone, andanymalfunction or Rodriguez. “Itwasaflatnetwork, wherealltraffic DUMC AssociateChiefInformation OfficerRafael with multiplehubs. Each interfaceservedasanuplink toalocalcloset of 22hubswith10-Mbit/sEthernetsharedinterfaces. fiber distributeddatainterface(FDDI)ringconsisting medical centerbuildings.TheCSNwasa100-Mbit/s munications servicestothehospitalcampusand Common ServicesNetwork(CSN)toprovidecom- nications needs. system withspecializedcommu- This isagrowinghealthcare tals, homehealth,andhospice. viders, twocommunityhospi- that includes Duke of healthservices,calledthe the hubforaregionalnetwork “We had what IwouldcallonebigLAN,”says DUMC originallycreatedits Reprinted with permission from University HealthSystem, mc.duke.edu Durham, NorthCaro- Center (DUMC)in University Medical DUKE OF CAMPUS HE world ofitsown— clinics, carepro- ) servesas HUB OFACTIVITY: foremost hospitalsintheUS. Medical Centerishometooneofthe Packet ® magazine (Volume 16, No.2), copyright ©2004 byCisco Systems, Inc. Allrights reserved. Duke University AppleTalk, SNA,DECnet,andothers. Also,therewere TCP/IP, networkusers wereworkingwithIPX, number ofprotocolstheCSNdealt with.Inadditionto and figureouthowtorestartprocesses.” network wentdownandeverybody hadtogoback barely running.Ifanylittlethingwentwrong,the a DUMCsystemsanalyst.“Needlesstosay, itwas addresses registeredonthisnetwork,”saysTim Bell, And reliabilityhadbecomeamajorissue. Adding tothehighcostofmanagement wasthelarge “At anygiventime,therewere10,000MAC width toaccommodatethem. the networklackedband- and patientcaremissions,but carry outitseducational,research, were availabletohelpDUMC New network-basedtechnologies ical imagesinausefultimeframe. transfer high-qualitydigitalmed- with thenetwork’s inabilityto researchers becamefrustrated work. Faculty, physicians,and were 35,000nodesonthenet- added totheCSN.By2000,there campus clinics,neededtobe munity hospitals,aswelloff- network. Inaddition,twocom- the shortcomingsofthisunrouted Rapid growthsteadilymagnified Technologies Growth andChanging whole operation.” misconfiguration couldaffectthe SOLUTIONS SECOND QUARTER 2004 PACKET 53 Enterprise SOLUTIONS

two Class B IP addresses under the Duke domain, but security zones, patient and financial confidentiality, addresses were allocated to them more or less randomly. and HIPAA [Health Insurance Portability and All these factors made it a necessity for DUMC to Accountability Act] compliance.” migrate to a more effective networking technology. Vo and his colleagues built a Cisco technology- based switched network that would fill all current Making the Choice needs and scale to meet any future challenges. In 2001, “We sat down with our senior leadership to evaluate Bell was commissioned to develop the detailed net- our infrastructure,” says DUMC Director of work design for implementation. After six months of Networking Nhan Vo. “We invited leading network planning and design, Duke was ready to begin migra- technology companies to talk to us. In the end, we tion to the routed Layer 3 Duke Health Enterprise chose Cisco.” Network—a high-density, high-performance WAN Cisco was selected because a successful partner- that could scale reliably and cost-effectively to deal ship already existed between Cisco and Duke on the with growth and emerging technologies. academic side, where Rodriguez had worked prior The first phase of the implementation began in to assuming system and March 2000. ECI installed networking responsibilities “We’re using more automated the first four Cisco Catalyst® for the Medical Center. 6509 gigabit switches as the DUMC’s academic campus network management tools that new backbone, using the had already moved to a seg- CSN’s existing fiber-optic mented network using Cisco help us to be proactive as well cables. This new through- routing technology. Although put core increased the the academic and health as to react quickly to events. backplane transmission rate networks called for different from 800 megabits to 32 topologies—the academic So with basically the same staff, gigabits and instantly elimi- network was necessarily more we’re able to accommodate a nated the convergence and open and accessible than scalability problems of the the health network system, growth in users and increase old Layer 2 network. which functioned more as an intranet with greater security the availability and reliability of Moonlight Migration requirements—Duke saw The second phase of migra- advantages in standardizing the network.” tion was the segmenting

on Cisco as the primary —RAFAEL RODRIGUEZ, CHIEF INFORMATION OFFICER, and readdressing of the net- networking vendor. DUKE UNIVERSITY MEDICAL CENTER work—a daunting task. “My “As we considered who first thought was, ‘Wow, we should partner with, we looked at Cisco’s reputation what am I doing?’” says Rodriguez. “And I wasn’t even in the networking environment,” says Rodriguez. doing the hard part. I was thinking about the staff. I’m “They also had a facility not far away in RTP [Research glad they’re such dedicated people.” Triangle Park] and had approached us about forming ECI designated each of the 400 closets as a separate a strategic relationship.” virtual LAN (VLAN) to give workgroups of up to 200 Continues Rodriguez, “We developed an excellent users 10/100 Mbit/s per outlet and a gigabit uplink to relationship with Cisco all the way from the executive the core. TCP/IP is the only transport protocol on the level to the account rep. We had biweekly meetings with network. All other legacy protocols were eliminated. the account executive management at which we Dynamic Host Configuration Protocol (DHCP) provides discussed where we wanted to go and the benefits that client mobility across the network and reduces the labor went along with the choices we could make. That cost of IP address management. relationship has continued to flourish.” The migration was completed in just 56 weeks, with some 64,000 IP addresses deployed in more than 200 IP Six-Month Planning Cycle routed segments. With Cisco established as the vendor of choice, a The new network, now known as the Duke Health collaborative team that included Enterprise Enterprise Network, includes a LAN, a WAN, and an Communication Infrastructure (ECI), the Duke extended WAN. The LAN, which comprises multiple University Health System (DUHS) information group; Cisco Catalyst 6513 switches, connects Duke Hospital Cisco network engineers; and other vendors was formed. North, on-campus clinics, and more than 40 research “We felt we needed to move to a routed, segmented buildings on the campus. Each of the Catalyst 6513 network,” says Rodriguez, “and we wanted to think switches is equipped with a Supervisor Engine 720 through the other issues that faced us, including module that incorporates ASIC-based Cisco Express

54 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Forwarding technology, which supports up to 720 redundancy features, including Per-VLAN Rapid gigabits of throughput on the passive fabric backplane Spanning Tree Protocol (PVST), Hot Standby Router and forwards more than 400 million packets per second. Protocol (HSRP), and routing failover techniques, as The WAN provides gigabit bandwidth to nine well as Cisco SAFE blueprint design guidelines. campus buildings in the Durham area and the two Duke community hospitals. The extended WAN Enabling New Technologies provides access over T1 and T3 links to more than DUHS’s new level of network service has opened the 80 remote clinics throughout the state. It can scale door to a host of advancements that were not support- cost-effectively to accommodate a large number of able with the old technology. Many network-based pro- additional connections. jects have now been funded and are moving ahead on the strength of faster, more reliable network service. Instant Gratification Technology vendors had been patiently waiting for the The obvious immediate benefit of the migration, migration to offer products that were network-limited. apart from faster downloads, was sheer dependabil- One example is a recent major upgrade of compute sys- ity of service. tems. Another is access to high-quality digitized medical “We now have a significantly more reliable, more images such as MRIs, sonograms, and CT scans with secure network,” says Rodriguez. “And when issues do their supporting patient records. Images are available not occur, they’re isolated to specific sections of the network only to radiologists and others on the network, but also so we can quickly pinpoint them. We’re using more to referring physicians, who can access them securely automated network management tools that help us to be with a Web browser from any location over a VPN. proactive as well as to react quickly to events. So with “The migration enabled the movement of images to basically the same staff, we’re able to accommodate a happen,” says Bell. “Before, people could only move growth in users and increase the availability and very small images that were for the most part unusable. reliability of the network.” After the migration they could pretty much move There are no premigration statistics available to images that met the specifications the physicians require quantify the difference the new technology has made for their duties.” in network performance, but Vo sees a dramatic Other new applications enabled by the migration are change. “How do you quantify user satisfaction? It now coming online. DUHS is piloting wireless technol- used to be that anytime a user went to the Internet to ogy from Vocera that enables instant voice over IP (VoIP) download a lot of images, you could see the progress communication across the network. A physician wear- of the download, and hear people complaining about ing a Vocera Communications Badge at a patient’s bed- its impact. Now all users have their own Gigabit side will be able to speak the name of a colleague and Ethernet access. They can download all day long with- be instantly connected, accelerating diagnosis and treat- out having a negative affect on anyone.” ment and reducing the patient’s hospital stay. This is part Continues Vo: “We used to have a 20,000 broadcast of Duke Hospital’s expansion of its wireless network to domain; now we’ve segmented out to 400 VLANs, and give faculty and staff greater mobility while raising the each has fewer than 200 devices. We used to have 10- level of patient care. Mbit/s share up to the local closet for the user; now we “Electronic information technology is enabling us have Gigabit Ethernet. We used to have 10-Mbit/s to correlate activity from genomic research to clinical Layer 2; now we have gigabit Layer 3.” studies to highly personalized patient care,” says Bell measures the new network’s reliability by the Rodriguez. “It is producing patient care that is more way calls to the help desk have changed. “When some- proactive.” body expects something to work all the time, it’s a reli- FURTHER READING able service,” he says. “Before the migration, they wouldn’t call in unless the network was pretty much “Putting the IP in Hippocrates” [Packet® dead for a couple of hours. Now when there’s a tiny blip Third Quarter 2003]: people will call and say, ‘What’s wrong? What happened cisco.com/packet/162_7b1 to the network?’” “Deployment Diary” [Packet® First Quarter DUHS is now installing equipment that will give the 2004]: network the redundancy it needs to protect key pro- cisco.com/packet/162_7b2 cesses, including access to patient records. The redundancy already includes multiple paths across the WAN. Cisco SAFE: Soon it will include redundant Cisco Catalyst 6509 cisco.com/go/safe switches at the core, a redundant distribution layer, and Cisco Catalyst 6500 Series: increased Layer 3 firewalling protection. The design cisco.com/packet/162_7b3 incorporates the full range of Cisco’s resiliency and

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 55

Are You Business Ready? Protect, optimize, and grow your business through system networking. BY GAIL MEREDITH OTTESON

NETWORK DOES MORE THAN CON- tiple management systems, and the result is an expensive nect users with applications—it’s the network with limited flexibility, which slows efforts to foundation for applications and tech- adapt the network to changing business conditions. A nologies that enhance productivity—the “The decision to use Cisco for our enterprise hundreds of processes that facilitate business rela- architecture was based on technology, future vision, tionships; track manufacturing, inventory and finan- and support services for the entire end-to-end net- cials; assure product quality; and increase customer work,” says Lots Pook, chief technical officer at satisfaction. In a typical enterprise, the network Exempla Healthcare. “Cisco offered critical technol- encompasses a data center, campus, branch offices, ogy for Exempla’s immediate needs and its long-term WAN and mobile workers and teleworkers. This goal of securely delivering accurate patient informa- highly distributed infrastructure should support secure tion to caregivers, regardless of location. The Cisco business communications and processes, empowering sales and support staff worked closely with Exempla users to attain optimal productivity and organizations to understand those requirements and determine how to accelerate business growth. Cisco products could best meet Exempla’s long-term needs. We were impressed with the way the Cisco Is Your Network Business Ready? team sat down with us, rolled up their sleeves, and “Networks should no longer be viewed merely as a helped us design and architect the business ready solu- means of connectivity,” says Pierre-Paul Allard, vice tions that we have today.” president, Worldwide Enterprise Marketing at Cisco. A business ready systems strategy best supports By taking a systems-level view and adding intelligent business agility because it offers consistency, advanced capabilities to the network, organizations can imple- intelligence, and service integration throughout the ment resilient networks that allow their business to entire enterprise, allowing users to be more productive quickly adapt to changing requirements, rapidly and and respond faster to market opportunities. Enterprises securely enable new and emerging applications, and that are business ready use the network to protect, opti- streamline processes through improved access to mize, and grow their business. information and communications.” By shifting their focus from individual boxes to an Protect the Organization integrated systems approach, IT managers can make A Business Ready systems strategy uses many means to their networks more “business ready.” This means protect systems and information, such as scanning end- taking a planned, architectural approach instead of points to verify their identity and antivirus software sta- backend, point product integration. tus before allowing them access to enterprise resources. However, enterprises often purchase networking Defense-in-depth security measures, such as intrusion gear based on “speeds and feeds” or price, trusting detection and prevention systems and firewalls, protect that standards compliance can assure interoperability. resources. The network can secure business communi- “But standards don’t define how systems work,” says cations with data/voice encryption. A Business Ready Glen Fisher, business development manager in the strategy also supports regulations such as those under Enterprise Solutions Marketing group at Cisco. the Health Insurance Portability and Accountability Act “Standards are a foundation, but you really address (HIPAA) in the US, which requires that medical records bigger issues with an architectural approach. It gives transmitted through a network remain private. The net- you the most value from your IT investment. That is work assists regulatory compliance with technologies why it is important to work with a vendor that can such as virtual private networks (VPNs). The network design, test, and implement a complete solution, not can also increase business resilience through highly just make pieces of one.” redundant platforms and software features that provide Enterprises with point-product networks have to transparent failover to mirrored or backup systems. spend more time performing systems integration. They must also train staff on more platforms, and spend more Optimize Productivity time troubleshooting and planning. Add to this the cost Business ready enterprises can increase worker proof multiple sets of spare parts and the complexity of mul- ductivity through improved network access and better

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 57

performance, wherever workers are. “But productivity customer relationships, and accelerate business is not about access speeds—it is about accessing appli- responsiveness, which all contribute to revenues. cations and information and being able to act on them Perhaps the most striking example of using the Cisco when and where you need to,” says Fisher. The network Business Ready strategy to grow the business is in the can also support collaboration among geographically data center. dispersed workforces. Cisco IP communications solutions, such as the new Cisco MeetingPlace 8106 Rich- Cisco Business Ready Data Center Media Conferencing Server and Cisco Video Telephony As the nerve center of IT, the data center houses crit- Advantage for IP phones, improve information ical applications that make business operate. However, exchange, fostering greater collaboration among dis- during the rapid growth of the 1990s, data center tributed project teams (see “The Video Advantage,” managers focused more on time to deployment than page 36). On the backend, integrated equipment pro- on protection and optimization, and the typical result vides economies of scale for end-to-end management of was complex, disparate infrastructures with limited Cisco networks, improving operational efficiencies and flexibility and operational inefficiencies. Multiple iso- reducing complexity for IT staff, optimizing their own lated application environments, each with separate productivity. This is a critical benefit, because analysts servers, storage, and networks, were optimized for the estimate that up to 70 percent of IT staff time can be particular requirements of each application, yet were devoted toward maintaining IT infrastructure. Reducing difficult to manage and slow to change. this cost releases time and funds for new IT initiatives Today’s trend toward data center consolidation to that create value. reduce total cost of ownership (TCO) calls for close collaboration between data center and network man- Grow the Business agers to develop a network architecture with intelli- The final test of business readiness is how well the net- gence that enables rapid, secure, and reliable work and other IT systems interact to support business deployment of resources and applications. strategies, increase business effectiveness, improve “Successful data center consolidation begins with an

BUSINESS READY DATA CENTER ARCHITECTURE

Tiered Applications Information Development Intranet Communications Production Customer Test Applications Facing Lifecycle Enterprise

Storage Resources Compute Resources

Web Servers/ Database Application Blade IP RAID Tape NAS Servers Servers Servers Mainframe Communications

Embedded Data Replication and Distribution Application and Storage Virtualization Services Intelligent Application Services

Manageability Network Security System Intelligence Delivery Optimization READY AND ABLE: Availability The Cisco Business Ready Data Center con- Foundation FC GE solidates network Infrastructure iSCSI 10GE resources and provides end-to-end intelligent Campus WAN Optical services, thereby MAN enabling enterprises to Storage Network Data Network Data Center Interconnect protect, optimize, and grow their business.

58 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

architectural approach to the network,” says Jonathan uance through applications such asynchronous and Gilad, solutions marketing manager for Data Center synchronous replication. Networking at Cisco. “Data center managers can tie everything to a common network infrastructure that is Network System Intelligence much easier to manage, and can integrate intelligent ser- “Data center managers can realize the true value of the vices, such as security and application optimization, to Cisco approach when they consistently integrate intel- protect and enhance each application environment.” ligent services across the foundation infrastructure,” The Business Ready Data Center lets enterprises says Gilad. Available as software features and as inte- transform their data centers into secure, optimized, agile grated service modules for Cisco Catalyst 6500 and environments that closely align resources with today’s Cisco MDS 9000 Series platforms, these services business goals and readily adapt to future trends such as include security, delivery optimization, manageability, on-demand computing and service-oriented systems. and availability, enabling service levels not possible This initiative provides comprehensive solutions, archi- with independent appliances. For example, service tectural vision, roadmaps, partnerships, advanced ser- modules enable interaction between the load-balancing vices, and support. It includes reference architectures, function of the Cisco Content Switching Module proven best practices, and configuration templates. (CSM) and the security features of the Firewall Services Easily upgradable, modular products let enterprises Module (FWSM), illustrating Cisco’s vision of intelli- quickly embrace new technologies and integrate intelligent networking and providing system-level solutions gence into the network. Management tools facilitate end- to customer problems (see the sidebar, “The Role of to-end service deployment with automated configuration Intelligent Networking,” page 60). templates and greater device and traffic visibility. The Cisco Business Ready Data Center architecture Embedded Application and Storage Services has three tiers: The Cisco Business Ready Data Center embeds appli- Foundation infrastructure includes the intelligent IP cation and storage services for close interaction of the network infrastructure, intelligent storage network- network with attached resources. The network can ing, and data center interconnect centrally host third-party partner applications such as Network system intelligence includes security, deliv- data replication and storage virtualization, and enable ery optimization, manageability, and availability future intelligent application services. Embedded application and storage services include Data replication services in the storage network data replication, virtualization, and intelligent appli- support mirroring and snapshot applications. The cation services Cisco MDS 9500 platform supports two application modules that support copy and volume management Data Center Foundation Infrastructure services for specific storage vendor systems. Data and storage networks interconnect and provide The trend toward virtualization supports the emer- access to data center resources. The intelligent, gence of technologies such as blade servers, on- switched IP data network is comprised of Cisco demand computing, and n-tier server architectures. Catalyst® switches, which offer the rich feature sets of Virtualization allocates physical devices into logical Cisco IOS® Software in a range of modular and fixed- resources according to business need, allowing man- port platforms. For optimal value, Cisco recommends agement flexibility to align storage, compute, and net- the Catalyst 6500 Series Switch, which features high- work infrastructure with application needs. To this density 1-Gigabit and 10-Gigabit Ethernet, intelligent end, Cisco Catalyst switches support virtual LANs services modules, and virtualization capabilities for (VLANs), firewall virtualization, and load balancing, scalable, secure and reliable application deployment. and Cisco MDS 9000 Series switches feature virtual The modular platform supports incremental upgrades SANs (VSANs) and embedded storage virtualization. for flexibility and growth, and is easier to deploy and Intelligent application services facilitate application manage than multiple switches and appliances. communications, simplify application deployment, and In the storage network, Cisco offers the MDS 9000 enhance application performance and security. They Series Multilayer Switch, which supports a range of stor- will be made available as part of Cisco’s ongoing effort age protocols (such as Fibre Channel, FICON, and to optimize emerging application architectures. iSCSI) and advanced security and virtualization features. These switches enable scalable storage-area networks Achieving Business Continuance (SANs) that can be shared by multiple application, The data center network is central to the business server, and storage resources. continuance strategy. Data center interconnect solu- Between data centers, Cisco multiservice metro tions such as SAN extension over metro optical net- optical and WAN solutions offer cost-effective, high- works are critical for achieving Recovery Point capacity infrastructures that support business contin- Objective (RPO) and Recovery Time Objective

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 59

The Role of Intelligent Networking The role of the network is evolving. Organizations of all There are three key elements in Cisco’s intelligent net- kinds are facing the challenges of new and daily threats working strategy: adding network intelligence, providing from hackers and viruses, increasing scalability of infras- a systems-level approach to integration, and delivering tructure, the need to integrate new technology that may policies that help streamline costs. add complexity, and the escalating costs of systems Enabling intelligence inside the network allows the integration. These burdens are quickly sapping the abili- network to better understand the mechanics of appli- ty to respond to changing business conditions or new cations and services and to actively participate in their opportunities. Organizations the world over must find effective operation. ways to increase the agility needed to respond to and capitalize on change, while simultaneously decreasing The delivery of integrated systems reduces the com- ever-escalating costs. plexity of this added capability as well as reducing operational costs and total cost of ownership. Solving these increasingly complex problems will require more sophisticated systems and tools that deliver greater Policy mechanisms allow each organization or busi- capability with less complexity. The network plays a cru- ness to adapt this intelligence to its unique set of cial role—it is the foundation that touches every element requirements based on their business rules of the infrastructure, from end users to middleware, ser- Cisco’s vision of intelligent networking provides a founda- vices, applications, and servers. Adding key capabilities, tion for building a network infrastructure that helps meet or intelligence, to the network, will enable applications the customer’s strategic and continually changing busi- and services to operate more effectively. Intelligent net- ness objectives. To help customers to begin leveraging working increases the capability and adaptability of your intelligent networking today, Cisco has defined a infrastructure. If the network is aware of the goals and “Business Ready” initiative for each of the four key areas objectives of your applications and services, it can make of the enterprise network: data center, campus, branch, more informed decisions regarding the handling and pro- and teleworker. These system blueprints demonstrate cessing of those applications. This intelligence lays a how Cisco routing and switching technologies, along with strong foundation upon which to implement business pro- our advanced technologies (security, wireless, IP com- cess re-engineering and optimization in order to become munications, optical, and storage) work together to deliv- more agile and responsive. er intelligence throughout the network, enabling customers to protect, optimize, and grow their businesses.

(RTO) metrics. Equally important is the Recovery drives the protection, optimization, and growth Access Objective (RAO), which defines the time potential for our customers.” required to reconnect users to a recovered applica- “When you ask enterprises whether they are tion, regardless of where it is recovered. Without business ready, they’ll probably say yes, but that is RAO, achieving application RPO and RTO has lim- today,” says Gene Arantowicz, manager in Enterprise ited practical value. Therefore, business continuance Solutions Marketing at Cisco. “As requirements managers should provide alternative connectivity change, Cisco is adding value by increasing our net- measures such as VPN services and Global Site work intelligence over time. The Business Ready Selector Services that connect users to secondary data strategy gives our customers a business-oriented center resources in case of disruption. approach to networking that helps them respond more quickly and effectively to new opportunities Beyond the Data Center and threats. This reduces their total cost of owner- Being business ready is a horizontal strategy, accord- ship and improves their ability to do business.” ing to Allard. “It ties together the horizontal technologies—security, IP communications, network FURTHER READING management, network-based provisioning, and user Cisco Business Ready Architectures: mobility—throughout the campus, branch office, cisco.com/go/businessready data center, mobile workforce, and teleworker environments. This systems-level, end-to-end perspective

60 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

DMVPN Extends Business Ready Teleworker Cisco IOS DMVPN reinforces teleworker initiative with unmatched end-to-end security, connectivity, deployment, and management.

BY PLAMEN NEDELTCHEV, GAUTAM AGGARWAL, HELDER ANTUNES, AND DAVID IACOBACCI

HE EXISTING MYRIAD OF IP- BASED based on an enhanced set of CNS agents running on the virtual private network (VPN) solutions remote routers. allows enterprises to provide secure home At the remote site, the solution incorporates a low- T access to corporate resources for three main end router (typically Cisco 830 Series for home users) or categories of users: “road warriors” (workers who midrange router (Cisco 1700, 2600, or 3600 series for travel extensively), “day extenders” (employees who branch users), and easy-to-deploy IOS security features For an overview of access their corporate network from home after regular such as antitheft protection, configuration integrity the components that make up the business hours), and full-time telecommuters. Every protection, and a variety of authentication mechanisms Cisco Business Cisco VPN solution can be successfully used as a single including Auth-Proxy-AAA and port IEEE 802.1X- Ready Teleworker solution in each of these categories; however, client- or AAA. Based on configurable policies at the headend, the solution, see “Business Ready Web-based VPN solutions target mainly the needs of remote site can be enhanced with features such as Cisco Teleworker At a road warriors, while Cisco site-to-site IOS® VPN solu- Network Admission Control (NAC), Network-Based Glance,” page 15. tions address the needs of day extenders and small/ Application Recognition (NBAR), and intrusion detec- remote and branch offices. The latest Cisco IOS VPN tion system (IDS). solution reinforces the Business Ready Teleworker ini- To facilitate end-to-end interoperability, a great deal tiative. It extends and improves end-to-end connectivity, of automation is designed into the solution (see table, end-to-end deployment models, and end-to-end man- IOS End-to-End Management, page 62). agement. This VPN innovation also provides enterprise- class connectivity; enterprise-quality voice, video, data, End-to-End Connectivity and multicast; and unprecedented, layered IOS security Dynamic Multipoint VPN (DMVPN) is a key factor in features within a Cisco routing protocols framework. In achieving the end-to-end connectivity model, essentially its full evolution, the end-to-end solution will encompass incorporating Cisco routing protocols framework into secure, interoperable networks including data, voice- IP Security (IPSec) VPN framework, which converts the over-IP (VoIP), and wireless LAN (WLAN) networks for secure peer-to-peer VPN into a secure end-to-end VPN. enterprises and Internet service providers (ISPs). As a technology, DMVPN comprises IPSec, Next Hop From a features standpoint, this new extension Resolution Protocol (NHRP), and multipoint Generic divides into four major components: end-to-end lay- Routing Encapsulation (mGRE). ered security, IOS-based end-to-end connectivity, end- From a design perspective, DMVPN offers to-end deployment, and end-to-end management (see unmatched flexibility, allowing dynamic hub-to-spoke, table, page 62). An end-to-end model can significantly virtual partial-mesh architectures, and in its extreme reduce operational, support, and management costs, virtual full-mesh architectures (note that large full- which in general represent 80 percent of total cost of mesh architectures can be expensive and difficult to man- ownership (TCO), according to Sage Research. age in time-division multiplexing and Frame Relay environments). From a deployment perspective, The Headend and Remote Sites DMVPN simplifies the burden of headend management At the headend, the solution incorporates Cisco IP and thus reduces TCO. Solution Center (ISC), Intelligence Engine 2100 (IE2100) Series Cisco Networking Services (CNS) engine, IOS- Automated End-to-End Deployment based Public Key Infrastructure authentication, authori- In general, enterprises and ISPs apply the following basic zation, and accounting (PKI-AAA) integration, a security deployment models: management gateway, and numerous security data In-house model—IT team configures the router and gateways. The headend fully controls the remote site sends it to the branch or home user; the most cost-

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 61

END-TO-END VPN AT A GLANCE

IOS End-to-End Layered Security IOS End-to-End Connectivity IOS End-to-End Deployment IOS End-to-End Management

Device and User Authentication DMVPN Configuration Automation IP Ongoing Management IP and Antitheft Protection Solution Center Solution Center Failover/Load Balancing Secure RSA Lock Key Cisco CNS 2100 Series Cisco IE2100-Based CNS Dynamic Routing Intelligence Engine Notification Engine Secure ARP-Proxy Full-Mesh and Partial-Mesh CNS Configuration Engine CNS Configuration Engine Auth-Proxy-AAA Topologies CNS Notification Engine CNS Notification Engine IEEE 802.1X-AAA Hub-to-Spoke and Spoke-to- Spoke Tunnels; Permanent CNS Image Management CNS Image Management Engine IOS-Based PKI and On-Demand Tunnels Engine EMAN Framework Integration Certificate Server (CA and RA mGRE, IPSec, NHRP; Automated Zero Touch Modes) Transport and Tunnel Modes Deployment Automated User Service Application and Entitlement PKI-AAA Integration Multiple DMVPN Clouds per Bootstrap Configuration and Headend Router; Resilience PKI Certificates (EzSDD) Automated Configuration/ Auto-Enrollment Preconfiguration and Audit Full Support of IP Applications Dynamic Addressing Multiple Trust Points Automated Image Management Data Automated Policy Deployment, Underlying Security Features Redeployment, and Audit Automated Control, Monitoring, VoIP and Security Management IPSec (3DES or AES) DMVPN/IPSec QoS Interactive/Automated Decision Stateful Firewall Firewall Making and Service Termination Wi-Fi NBAR and IDS QoS Antivirus, Antiworm, and DoS Multicast Protection (per Identification) NAT Video Automated Event Log NBAR and IDS Management Automated Notification of the Support Teams

ineffective model. Works relatively well for small and extra cost associated. LOW TCO, BIG BENEFITS: An end-to- midsized businesses or deployments. Of course, these models can vary significantly, and their end, highly automated Outsource/out-task model—Some large enterprises comprehensive details and cost analyses are beyond the approach enables prefer to outsource to one big customer with global scope of this article. Suffice to say that Business Ready enterprises to maintain presence, who performs the initial task of configura- Teleworker supports all common deployment scenarios; low TCO even when increasing and enhanc- tion and logistics, while the enterprise ensures the pro- however, maintaining the lowest TCO requires the no- ing the feature set of visioning. This model adds to the cost of both the cost-associated model to be applied. As noted, in the the solution. acquisition of assets and deployment management. ZTD model, the remote site can be automatically Out-of-house model—Some large enterprises or ISPs deployed/decommissioned/redeployed. ZTD is based on can use their own staging facilities for initial or com- a new Cisco IOS Software feature called Easy Secure plete CPE configuration. The CPE is shipped to the end Device Deployment (EzSDD). While very simple for end user /administrator; adds an additional cost to the users, ZTD is not quite as simple on the backend. acquisition of the assets. Sometimes the cost can be sig- Therefore, ZTD is a “virtually simple,” fast process that nificant compared to the purchase price. requires all the components of the system work in sync Touchless or ZTD model—Requires presence of at and all scenarios be anticipated and automated. least one user with necessary credentials (AAA account Let’s assume the common case. A home user has sub- in the corporate AAA server); most frugal model; no scribed for cable ISP service, and the ISP has provided a cable modem for him. The user can connect his PC to PLAMEN NEDELTCHEV, Ph.D, network engineer with the the cable modem, obtain his IP address via Dynamic Intelligent Network Solutions team at Cisco, is author of Host Control Protocol (DHCP), and connect to the Troubleshooting Remote Access Networks, Cisco Press. He can be reached at [email protected]. Internet. In the most general case, the user can use GAUTAM AGGARWAL, CCIE® No. 4714, is a manager of Security Device Manager (SDM) to configure his router software development in the Internet Technologies Division at with Point-to-Point Protocol over Ethernet (PPPoE) or Cisco, specializing in VPN and network security. He can be Static IP and connect to the Internet. Meanwhile, the reached at [email protected]. home user applies for VPN service from his company, HELDER ANTUNES is a senior development manager in the obtains approval, and orders a new Cisco 830 Series Internet Technologies Division at Cisco, specializing in network security. He can be reached at [email protected]. Router. After he receives the router at his home office, he connects the router to his cable modem, obtains an DAVID IACOBACCI is a network engineer with the Intelligent Network Solutions team at Cisco, specializing in VPN and home IP address from the router (typically 10.10.10.0/24 networking. He can be reached at [email protected]. range), and gets connected to the Internet.

62 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

To be deployed as a VPN user with his company, tional features such as monitoring and performance there are three easy-to-understand steps (from the end trending, thresholds-based alerts and notifications, as user’s perspective): well as image management. In its ultimate functionality, Step one (welcome)—User launches a browser and management covers the whole spectrum of information types in the browser’s address filed: http://10.10.10.1/ services: monitoring, analyzing, and decision making. ezsdd/welcome. Cisco ISC introduces and supports the notion of fully Step two (introduction)—User prompted to type managed service (FMS). If any configuration changes a URL in the Web page, https://www.join-mycompany are scheduled and performed from ISC/EMAN, FMS .com/ezsdd/intro, and to press “Next.” will accept and register the change. If the change is orig- Step three (complete)—User prompted for user inated from a non-ISC/EMAN source, FMS triggers a name and one-time-password (“OTP,” this is provided set of functions to audit the CPE’s configuration and to the user by the IT group or integrator). After a while, notifies the supporting teams about configuration/pol- his browser will announce “Complete” state and icy change, security violation, connect/disconnect events, prompt him to release/renew his PC’s IP address. and the like. Furthermore, if a policy violation is iden- At the headend, this “virtually simple” process (as tified or virus/worm attack or DoS is discovered, the expected) is a little more complicated and includes a EMAN will trigger an automated/interactive process to preparation and an action phase. In the preparation prevent the violation. phase, while the user is waiting for his router to arrive, Non-Cisco customers can plug in additional logic the ISC will be configured and all policies will be in to adjust the system to the way they typically operate “Wait_to_deploy” (Pause) state. In the action phase, the or to their management system. The EMAN experi- user (Introducer) interacts with CPE (Petitioner), which ence and scripts and available APIs would allow every establishes Trusted Transitive Introduction (TTI) rela- enterprise or ISP to apply their own set of policies or tionship with a CERT router (Registrar). Registrar acts procedures to control and manage the security risks as a proxy for the user authentication. After successful in their environments. authentication, it intercepts the login_name and requests a general, customized initial bootstrap configuration Unmatched Integration from ISC, which is pasted into Petitioner’s (CPE’s) run- Cisco’s extension to the Business Ready Teleworker ning configuration. The CNS agent is activated. A CNS solution offers a level of networking and security inte- “connect” event is sent to CNS Engine, which forwards gration unmatched in the industry to date. Virtual sim- the “connect” message to ISC. All waiting policies are plicity, maximum automation of management, design sent to the CPE over the management tunnel. The last flexibility, and scalability are key factors in large-scale Service Request (policy) will complete the process, (global) deployment and management, and in achieving which on average lasts about 200 seconds. these factors, this Business Ready Teleworker solution effectively allows low TCO to be maintained. Automated End-to-End Management Cisco’s own global deployment includes architectural The first and foremost objective of Business Ready and design solutions that enable enterprise home, enter- Teleworker is managing security. For this solution, prise branch, and ISP deployment models, and provide based on a broad set of application programming enterprise-class connectivity, and enterprise-quality interfaces (APIs) and Simple Object Access Protocol/ voice, video, data, and multicast. The real potential Extensible Markup Language (SOAP/XML), every exists for other enterprises to incorporate or integrate new deployment can be integrated into the existing the whole solution, or a subset of it, into their existing enterprise or ISP infrastructure and interact with network environment. AAA, Domain Name System (DNS), and DHCP services. The remote site is fully controlled and managed, The authors express their appreciation to the following and the security policies can be applied, changed, and Cisco people, who contributed to this article: Mike audited. Therefore, many of the traditional headend Sullenberger, Max Pritikin, Henry White, Jennifer functions such as antivirus/antiworm protections and Redovian, Dalia Geller, Hom Bahmanyar, Ajith anti-DoS attacks can be managed at the remote site (if Thrivikramannair, and Pedro Leonardo. identified), effectively increasing the availability of the headend site and corporate network. FURTHER READING In Cisco’s global IT deployment, the headend is inte- Business Ready Teleworker portal: grated into the Cisco IT framework. With an in-house cisco.com/go/teleworker management tool suite created by Cisco IT, EMAN incorporates the built-in intelligence of the system using DMVPN white paper: a variety of available APIs and interacts with Cisco ISC cisco.com/packet/162_7c1 and IE2100-based CNS engines. EMAN brings addi-

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 63

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. CYBELLE B evc Provider Service to greatercustomersatisfactionandserviceproviderrevenues. A service-firstapproachinmetroandlong-haulnetworksleads Metro Network Building aService-Driven BY JANETKREILING division multiplexed (TDM)network.Personnel have Frame Relaynetworkortwo, aSONET/SDHtime- nologies, notservices:building anATM network,a adds. Typically, serviceprovidershavedeployedtech- whole—a substantivechangefrom thepast,Brockners needs andnewprofitableserviceofferings.” be drivenbyspecificbusinessrequirementssuchasuser Brockners, atechnologistatCisco,“Everychoicemust adapt, augment,orexpandit.But,emphasizesFrank work hasthosecapabilitiesandwhereyouneedto you canbeginthinkingaboutwhereyourcurrentnet- customers andthetechnologiesthatcansatisfythem, fiber-coax orbyallfiber. residential customermightbewellservedbyhybrid statistical multiplexingcankeepcostsdown.Andthe 2 orLayer3link;oversubscribingcapacityandusing by localEthernetswitchesandtransportedoveraLayer recovery times,youmightusenativeEthernet,delivered SONET/SDH opticalring.Forbandwidthwithlonger the 50-msfailovertime,bestchoicemightbea video, andhigh-speedInternetaccess. A residentialcustomerwantsa“tripleplay”ofvoice, accept aslowerrecoverytime—evenupto10seconds. time. Asmallbusinesswantscheapbandwidthandcan enterprise’s foremostrequirementisa50-msfailover tomers actuallywantandwhere. with aconcreteunderstandingofwhatservicescus- will come.Theroadtorevenuesinthefutureispaved CISCO SYSTEMS The service-drivennetworkmust beconsideredasa After you’vedefinedtheneedsofyourspecific What’s thebestwaytodelivertheseservices?To meet Consider somespecificend-userneeds:Afinancial Reprinted with permission from they willcome.”Farbettertobuildit Too COME often,itreallymeans“Buildandhope WILL THEY never beenaneffectivemarketingstrategy. AND IT UILD Packet ® magazine (Volume 16, No.2), copyright ©2004 byCisco Systems, Inc. Allrights reserved. so ” they HAS potential benefits. vice-driven modelopensupopportunitieswithbig impetus tochange.Likeanychange,adoptingaser- providers mustfindanewbusinessmodelismajor constrained intheirflexibilityaredecliningandservice that bestsuitedtheirneeds. ogy oranotherandhaven’t always gotten thesolution tomers havehadtodealwithspecialistsinonetechnol- talk totheexpertsonFrameRelayorIP. Too oftencus- Technical andsalesexpertsonATM don’t necessarily been organizedinsilosaroundthetechnologies. will becomemore commonandflexibleasproviders based onsomethingmorethan pricing.Bundling services toachieverealcompetitive differentiation Benefit 2: Layers 2and3. revenues fromhighernetwork layersaswell Benefit 1: The realitythatrevenuesfromtraditionalservices Service providerscanbundlepackages of New servicescangeneratesignificant SOLUTIONS SECOND QUARTER 2004 PACKET 65 Service Provider SOLUTIONS

move away from the traditional revenue model works well with other transport and service technolo- wherein pricing is based on time and distance to gies, and it provides for a very wide range of bandwidth new ones based on bandwidth, services, content, capabilities. “All these services can be delivered over a and customer experience. flexible Ethernet User Network Interface [UNI],” says Wesley Mukai, product manager for metro Ethernet at Start with Services and SLAs Cisco. “The Ethernet UNI can scale bandwidth easily This is not a time to think narrowly. You’ll want to from a few kbit/s to 10 Gbit/s depending on the end offer some services that neither customers nor service user’s service requirements—a granularity that is not providers have even thought of yet, so the network possible with other formats. And it can be delivered must be capacious and capable well into the future. through a wide variety of technology options—Layer 1, Consider the services you can offer now or very 2, or 3 transport format—SONET/SDH, ATM or soon. Already, many customer want Layer 2 or Layer Frame Relay, or IP/MPLS.” 3 virtual private networking (VPN) services to connect By offering an Ethernet UNI, the service provider their headquarters with remote offices. As communi- tailors its edge network to what its customers are cations become more integral to every aspect of an already using—even, to a surprising extent, in the res- enterprise, business customers want the triple play of idential market. Many enterprise customers already voice, video, and data, usually all IP-based. They’re rely internally on the high bandwidth and QoS pro- also moving on to Web hosting, network storage, visions possible with Ethernet—with an Ethernet intrusion detection, surveillance, disaster recovery, UNI, traffic retains these characteristics as it enters the hosted IP telephony, and others. Residential cus- service provider’s network. Ethernet and IP go tomers want voice, video, and broadband Internet together: IP traffic is easily encapsulated in Ethernet access, and they are also finding other services attrac- packets, retaining the IP priority and QoS information. tive, such as VCR on demand, pay per view, gaming, “Most people still think of Ethernet as an enterprise VoIP, instant messaging, sending photos, and others. technology,” Mukai points out, “but it’s for service Ethernet is central to delivering this wide range of providers, too.” Carrier-class Ethernet switches, routers, services for two reasons: It’s an efficient protocol that and other network components are now available that

Ethernet Equal Access Networks Some 40 European cities are already building or planning City of Malmo, Sweden. The company wanted its own Equal Access Networks (EANs) for broadband services network to offer tenants in its 20,000 apartments a vari- based on Ethernet, according to Gloria Formenti, Cisco’s ety of voice, video, and data services from different metro Ethernet solution manager for Europe, the Middle providers over the 10 Mbit/s provided to each unit. East, and Africa. EANs embody a new concept in com- Tenants can self-provision the services they choose, in munications delivery: an independent urban network any combination. MKB Fastighets AB also uses the net- built, owned, and operated by a private company, com- work to handle online booking of apartments, communi- munity, or other organization. cations with tenants, and fire, burglar, and safety alarms. “Multiple service and content providers have access to FastWeb, a service provider in Milan, Italy, and the network to deliver services to multiple market seg- Bredband, a Swedish company, have experienced dra- ments, and enterprise, small business, and residential matic growth in their EANs. FastWeb has added more customers pick and choose the services they want from than 180,000 subscribers in the past 18 months, and among them,” Formenti says. Both service and content Bredband has added some 270,000. providers and customers have broad access, and if the All three networks employ Cisco Catalyst 6500 Series network is owned by a communications service provider, switches in the core linked by fiber to Catalyst 2950 it might deliver its own services as well as leasing capac- Series switches in the access network. ity to others. Providers can use a combination of pricing formulas, such as flat-rate, per-byte, per-application, or “EANs are becoming central to the economies of urban on-demand to create a wide range of attractive packages economies—appropriate for communities of as few as to appeal to different customers and market segments. 10,000 end users,” Formenti adds. And she points out that the shorthand for these networks is ETTx—Ethernet As an example of an EAN, Formenti cites the one built by to the anything. MKB Fastighets AB, a real estate company owned by the

66 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

enable service providers to carry Ethernet not just in the home; along with the Catalyst 6500 Series, it can deliver metro network, but also across the core, if desired. fast failover times for those customers that need them. Consider service-level agreements (SLAs), too. The Catalyst 3750 Metro Series, which is installed on They alone will dictate much of how you design your the customer’s premises, can tunnel traffic using MPLS. network, determining where certain levels of band- Mukai points out that it also offers advanced QoS with width and QoS must be available. For example, one hierarchical queuing, in which packets can be prioritized customer’s SLA can specify availability (three nines on according to three policy levels—at the physical, logical, certain services, five nines on others?), delay or jitter or class level—for a very high degree of granularity in (50 ms? 20? 100?), data delivery rate (99.99 percent? traffic management. 99.999 percent?), sequence preservation (yes, no, Larger systems can be employed at the edge as well varies with different types of traffic?), and bandwidth as in aggregation or core networks. The Cisco Catalyst (committed and peak rates?). 6500 Series Switch and 7600 Series Router provide an The requirements for availability, for example, help edge gateway to 10-Gbit/s transport, as well as a you plan where certain features, redundancy, and high degree of scalability. “These systems enable the An Ethernet net- resiliency of equipment and software—and security— provider to control flows with traffic engineering at the work is enabling must be provided. For example, features such as MPLS network edge and deliver advanced QoS—and it can SureWest Broadband to Fast Reroute, Rapid Spanning Tree, subnetwork con- be a transition point between Layer 2 and MPLS net- offer voice, video, nection protection, and others can all improve avail- works,” Mukai says. and Internet con- ability. Sequence preservation will invoke QoS Optical equipment also plays a role on the metro nections to customers. Find out mechanisms and transport choices. QoS, incidentally, edge—for example, the Cisco ONS 15302 and 15305 more at cisco.com/ benefits the provider as well as the end user: It increases multiservice customer access platforms deliver support packet/162_8a3. the transport capacity of the network. By using intelli- for TDM and Ethernet services in compact form. gent packet processing with QoS, service providers can Their plug-in slots accommodate a variety of services, oversubscribe their networks to make better use of their helping the provider deliver precisely those needed on existing interfaces and bandwidth. Other SLA specifi- given transport routes. cations determine where in the network other capabil- In the aggregation layer, which can include hybrid ities must be available. fiber-coax access networks, the provider might choose mid- to large-scale switches and routers, along with Architecture and Technologies somewhat larger optical networking systems. The Essentially, Brockners says, “a flexible network will network core calls for high-speed, high-performance need to expose all layers to service delivery. In addition, routers with excellent QoS capabilities and an inte- a layered approach will allow for scalability and SLA grated core and edge feature set, such as the 7600 control at each of the layers in the network, which is far Series Router, and perhaps the ONS 15454 and ONS more scalable and flexible than just delivering every- 15600 optical platforms. thing across one layer.” As providers build service- Using Ethernet in the edge network permits delivery driven metro networks, they can use all three layers for of all of the types of connectivity end users now employ. service delivery and scalability, rather than a single layer. Cisco’s Ethernet Private Line Service (EPL) provides ded- Of course, the metro network architecture depends in icated point-to-point connections. Ethernet Wire Service part on the installed base—what’s in the ground and (EWS) provides point-to-point connections over a what it’s connected to. shared infrastructure. Ethernet Relay Service (ERS) When you know what capabilities you need where, provides point-to-multipoint links. Ethernet Multipoint the next step is mapping products and technologies to Service (EMS) provides multipoint-to-multipoint con- the different network roles and the complete develop- nections and can carry Layer 3 services. Ethernet Relay ment of the network. A comprehensive, service-driven Multipoint Service (ERMS) provides any-to-any con- network solution employs multiple technology and nectivity and supports service multiplexing. Ethernet product options. A single device or several devices Private Ring (EPR) is a multipoint service using Layer might fulfill each role in the network, depending on the 1 transport technology (see figure). service and SLA requirements, the network architecture, and the technologies that have been deployed. FURTHER READING For example, Mukai says, at the network edge ser- Toward a Service-Driven Metro Network—A vice providers might deploy fixed or modular switches Service Provider Guide for Enabling Metro such as Cisco Catalyst® 3750 Metro Series switches, Business Services: Catalyst 6500 or 4500 series switches, or the Cisco 7200 cisco.com/packet/162_8a1 Series VPN Router. The Catalyst 4500 Series is a cost- effective and modular option; it can serve a mix of Managed Metro Ethernet Services: residential and business customers. In addition, it can cisco.com/packet/162_8a2 support single-fiber connections to the business or

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 67

NEW PARADIGM: In SERVICE-DRIVEN METRO NETWORK the new service-driven business model, the Ethernet Connectivity Services traditional transport- Ethernet Access-Based Value-Added Services driven approach is EMS/ERMS/EWS/ERS/EPL/L3VPN being replaced by one Data/Voice/Video that is business driven. Services and solutions can incorporate multi- 1. Service ple technologies and Gluing Together Deﬁnition SLAs network layers to satis- Product, Features, and fy specific, individual Cross-Platform Functions customer needs. Delivery of Service Architecture via 5. Solution 2. SLA Alignment of Products: Deployment Deﬁnition Network Service Cisco Optical, and Customer Catalyst Switching, Requirements and Routing

4. Technology 3. Architecture Deployment Aspects Deployment Technology- for Services and Agnostic Architecture Building Architecture Blocks Service Interworking: Availability; Multicast; Scalability, Integration of QoS for SLA Delivery; MPLS; Transmission and Transport; VPLS; 802.1Q Tunneling End-to-End Capabilities (Q-in-Q); Redundancy; Cost for Service Delivery; Identiﬁcation and Control Roles Deﬁnition

EMS Ethernet Multipoint Service; EPL Ethernet Private Line; ERS Ethernet Relay Service; ERMS Ethernet Relay Multipoint Service; EWS Ethernet Wire Service

“These services all interwork,” Brockners says, “so standing price/performance ratio of Gigabit and 10 any combination can be employed in different parts of Gigabit Ethernet. the network to achieve optimal communications.” MPLS is another effective means of inter-metro area transport. Service providers can connect any Layer 2 Beyond the Ethernet Island transport over a single IP/MPLS converged infrastruc- After the metro architecture has been defined, service ture, with the advantages of resiliency, policy control, providers can begin thinking about how to intercon- and service flexibility. And Cisco’s MPLS now incorpo- nect islands of metro Ethernet. Enough experience has rates bandwidth-assured Layer 2 services with tight now been logged with MPLS and virtual private LAN guarantees for packet loss, latency, and jitter to meet very service (VPLS) for wide-area networks so that precise SLAs. providers can begin to make decisions about their abil- Brockners offers this perspective on a service- ity to deliver specific services. driven network: “Look at the difference between Brockners explains that using pure Layer 2 control what you can do with your landline phone and what protocols between metro Ethernet islands is not feasi- you can do with your mobile. We’re looking at that ble because Layer 2 requires Spanning Tree Protocol, magnitude of change.” For example, he points out, which does not scale to span wide areas. But Layer 2 “Mobile operators offer different services and service transport technologies can still be used in the core bundles along with a wide variety of pricing options through VPLS, which supplies high-bandwidth, multi- and pricing. The differences in offerings allow point-to-multipoint Layer 2 connectivity across an providers to differentiate themselves from others, and IP/MPLS network. More than 45 Cisco customers the healthy competition drives further diversity.” worldwide are now evaluating VPLS architectures for Most service providers, he adds, “are going to need Layer 2 multipoint services. to scale up their networks in the next few years. The time According to Santiago Alvarez, technical marketing is now to take a step back, assess customer needs, and engineer at Cisco, VPLS improves the scalability and build a metro network that will meet service needs now reliability of traditional switched Ethernet networks, and in the future.” simplifies their provisioning for both the customer and the service provider, and takes advantage of the out-

68 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Make Your Mark with MPLS Embedded OAM tools help monitor MPLS networks and services—fostering new value-added offerings.

ANY SERVICE PROVIDERS ARE REAL- Cisco recently significantly enhanced its MPLS izing operational efficiencies and cost Management portfolio to include Cisco IOS® MPLS savings by backhauling multiple types Embedded Management tools and new versions of Cisco Mof network traffic over a common Info Center VPN Policy Manager and Cisco CNS Multiprotocol Label Switching (MPLS) backbone. NetFlow Collection Engine (see sidebar, “Effectively MPLS technology brings virtual circuit-like characteris- Correlate Service Assurance Information,” page 71, for tics to IP networks, giving network operators greater more on Cisco Info Center and Cisco CNS NetFlow control over network performance. In addition to Collection Engine). using integrated MPLS backbone networks for efficient transport, most service providers would like to MPLS Embedded Management offer value-added services off their MPLS platforms to With important MPLS operation, administration, and generate greater revenues. Such offerings require the management (OAM) requirements folded in, MPLS ability to guarantee bandwidth to certain traffic, Embedded Management brings the robust set of OAM such as voice over IP (VoIP) and IP virtual private net- tools to MPLS environments that have long been avail- works (VPNs), with assurances similar to Frame able for Frame Relay/ATM WAN backbones. Integrated Relay and ATM committed information rates (CIRs), in Cisco IOS Software Release 12.0(27)S, MPLS and the capability to closely monitor MPLS net- Embedded Management features such as LSP Ping, LSP works and their services to keep such traffic-sensitive Traceroute, Virtual Circuit Connection Verification, offerings as VoIP running smoothly. and AutoTunnel Traffic Engineering (TE) and AutoMesh Offering premium services across a converged MPLS TE consolidate the operations support systems (OSSs) network requires a multiple-service management view of that handle fault, configuration, accounting, perfor- the network, says Ripin Checker, product manager in mance, and security (FCAPS) management functions Cisco’s Internet Technologies Division. “Several legacy across the different service types (see Figure 1, page 70). revenue-generating subscriber services—Frame Relay, Cisco MPLS Embedded Management capabilities are ATM, leased lines, and, increasingly, Ethernet transpar- based on emerging Internet Engineering Task Force ent LAN services—are starting to ride the MPLS back- (IETF) draft standards for MPLS OAM. They enable bone,” Checker says. Subscribers accustomed to these service providers to guarantee service levels across services’ characteristics and guarantees would like those MPLS-based IP VPNs, regardless of the subscriber attributes preserved, regardless of the WAN infrastruc- interface connecting customers to the WAN service. For ture their provider runs. example, the availability of MPLS MIBs (management To successfully enforce service-level agreements information bases), accessible by third-party manage- (SLAs) for premium and legacy services, service ment systems via the industry-standard Simple Network providers require the ability to verify connectivity and Management Protocol (SNMP), stitch together the var- quickly find and troubleshoot failed paths and measure ious service views needed to quickly troubleshoot a con- IP SLAs for each service and customer. Automation and verged MPLS network. proactive connectivity testing is essential and helps to The traditional Cisco command-line interface (CLI) reduce time to repair and operational costs. This can also be used to access MIB information, and Cisco requires cohesive management of all MPLS networks is working on making a programmable Web-based and the subscriber services associated with them. Extensible Markup Language (XML) management The Cisco suite of standards-based MPLS man- interface available, says Checker. In addition, the abil- agement tools and technologies enables service ity to automate the MPLS OAM tools via Cisco Service providers to increase the overall reliability, avail- Assurance Agent (SAA), for example, will help service ability, and serviceability of MPLS networks and providers in automating critical fault isolation and services. Simplified provisioning and automated detection mechanisms in MPLS networks. troubleshooting lower the total cost of ownership (TCO) and boost productivity. Cisco offers an LSP Ping and LSP Traceroute integrated suite for network and service manage- These tools provide diagnostics and troubleshooting ment that provides an end-to-end, flexible, intelli- for MPLS Label Switch Paths (LSPs). LSP Ping helps gent solution for business agility. to detect fault, and LSP Traceroute helps in isolating

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 69

the fault. Analogous to the Internet Control Message AToM deployment, edge routers encapsulate incoming Protocol (ICMP) ping function in native IP networks, native Layer 2 traffic in MPLS labels and tunnel it an “MPLS echo request” message is sent over an through the MPLS backbone via virtual connections MPLS LSP from an originating provider edge (PE) called pseudo-wires. An MPLS LSP Ping is sufficient to router to a target PE router. If the MPLS data plane is monitor the PE-PE tunnel, but not the individual cus- up and running, the target PE router will send back an tomers’ virtual circuits inside of that tunnel. “MPLS echo reply.” If there is no reply, it can be So the newly embedded Virtual Circuit Connection assumed that there is a fault somewhere along the LSP. Verification (VCCV) tool creates an in-band control At that point, the originating PE router automatically channel between two PE devices. The channel is used performs a traceroute for hop-by-hop fault localization to identify the connectivity verification packets from and LSP path tracing. It sends an MPLS ping to each of Layer 2 payloads. VCCV enables troubleshooting and the interim routers, one at a time, on the LSP. When the diagnostics on the Layer 2 tunnel in aggregate, as well originating PE router fails to receive a reply from one of as on each customer circuit within the tunnel. the routers along the way, it can deduce that the problem lies on that particular hop. For a graphic depiction Automating TE Tunnel Setup of the role LSP Ping and Traceroute play in trou- Cisco MPLS Embedded Management has also auto- bleshooting MPLS LSPs, see cisco.com/packet/162_8b1. mated the process of building a mesh of MPLS TE tunnels between MPLS PEs. The Cisco AutoTunnel TE tool OAM for Layer 2 Tunneled Traffic automates the configuration of primary and backup tun- It is not only necessary to automate end-to-end fault nels, as well as full or partial meshes of logical TE tun- detection for Layer 3 MPLS traffic. Layer 2 traffic tunnels over the physical infrastructure. AutoMesh TE can neled through MPLS using Cisco Any Transport over be used to “automatically self-configure a mesh of TE MPLS (AToM) technologies—as specified by the IETF tunnels between PEs similar to a manual mesh of ATM Pseudo Wire Emulation Edge to Edge (PWE3) working virtual circuits between ATM edges,” says Checker. For group—requires the same level of management. In an example, network operators can use a combination of

MPLS MANAGEMENT ARCHITECTURE Operations Software GUI Support System Partners • CORBA • SNMP • TL1 • XML Accounting and Element Fault Configuration Performance Management System

• Alarm Notification • Configuration • Data Collection • Alarm Upload • Data Export Synchronization • Incremental SNMP Get Security • Threshold Alerts Configuration and GetBulk MD5 • Diagnostic • Change Bulk File Authentication Monitoring Notification Transfer SNMP Get, Programmatic NetFlow GetBulk, Traps Interface Syslogs CLI MIBs Performance • RMON TFTP SAA

CNS Bus MPLS P HTTP Telnet FCAPS SNM SSH NetFlow OAM XML MPLS LSP Ping Accounting SNMP CLI Embedded Traceroute NetFlow Management VCCV

Cisco IOS Infrastructure Programmatic Protocol Interface Enhancements AutoTunnel Cisco IOS Software AutoMesh

FIGURE 1: MPLS Embedded Management FCAPS features and important OAM tools are now available in Cisco IOS Software Release 12.0(27)S.

70 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Effectively Correlate Service Assurance Information Cisco recently updated key network tion changes, or other events. This desktop includes drop-down menus management applications to auto- capability substantially improves SLA to easily launch Cisco MPLS mate the correlation of event and management and automates escala- Embedded Management tools for provisioning information in MPLS tion procedures. faster fault resolution. networks. Cisco Info Center VPN “Before, critical alerts would be In addition, the Cisco Info Center Policy Manager 3.1 and Cisco CNS displayed [in Cisco Info Center],” integrates with the Cisco CNS NetFlow Collection Engine 5.0 help explains John Gaudin, product man- NetFlow Collection Engine 5.0. A network operators improve their ager in Cisco’s Network Management new Web-based interface allows mean time to resolution (MTTR) Technology group. “Someone would NOC personnel to define which com- more quickly on a per-customer note the IP address, node name, binations of packet fields they would basis, automate escalations to main- and other information about the like to see aggregated into reports tain SLAs, and provide flexible, scal- affected devices. Then, that per- about traffic flows. able access to critical NetFlow data. son would look up which, if any, “This helps network operators bet- The VPN Policy Manager, for exam- customer VPNs are affected in ter understand the traffic profiles on ple, integrates the fault-event collec- Cisco IP Solution Center.” their networks,” explains Ken Ross, tion capabilities of Cisco Info Center Now, Gaudin says, events reported manager of product partner market- with Cisco IP Solution Center, an ele- to the Cisco Info Center are auto- ing in Cisco’s Network Management ment-level provisioning application matically passed through the VPN Technology group. With flexible, for Layer 2 and Layer 3 VPNs. With Policy Manager, which queries the scalable access to NetFlow data, this combined view, network opera- Cisco IP Solution Center real time operators can better understand tions center (NOC) personnel can and displays the affected customer traffic patterns, which in turn, aids in immediately see which customers’ VPNs. Network operators can quick- capacity planning and performance VPNs are affected by network faults, ly prioritize and act based on cus- monitoring. The application works performance thresholds, configura- tomer SLAs. The Cisco Info Center with both IP and MPLS networks.

AutoMesh TE along with Differentiated Services FURTHER READING (DiffServ)-TE to automatically add a mesh of TE tunnels between the newly added VoIP PE gateway and the rest Cisco IOS MPLS Embedded Management Q&A: of the PE VoIP gateways in the network—thus surpass- cisco.com/packet/162_8b2 ing ATM in not only guaranteeing traffic in the network MPLS-Aware NetFlow: but in automatically discovering and configuring PEs. cisco.com/go/netflow Accounting and SLA Measurement Tools Cisco IOS SAA: Cisco NetFlow and SAA, two network-management cisco.com/packet/162_8b3 features in Cisco IOS Software originally designed for Cisco IOS MPLS: native IP networks, have also gained “MPLS aware- cisco.com/packet/162_8b4 ness.” Combined, NetFlow and SAA performance IETF MPLS OAM Requirements Internet-Draft: metrics provide a complete view of how a network is ietf.org/internet-drafts/draft-ietf-mpls-oam- behaving, both historically and in real time. The requirements-02.txt NetFlow accounting feature provides highly granular Detecting MPLS data plane failures Internet- traffic statistics for Cisco router-based networks on a Draft: per-flow basis. A “flow” is a unidirectional set of ietf.org/internet-drafts/draft-ietf-mpls-lsp- packets that all arrive at a router on the same ping-05.txt subinterface and have the following additional variables in common: source and destination IP addresses, IETF Pseudowire VCCV Internet-Draft: Layer 4 protocol, TCP/UDP source and destination ietf.org/internet-drafts/draft-ietf-pwe3-vccv- ports, and IP type of service (ToS) byte. 02.txt Continued on page 89

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 71

High-End Innovation The Changing High-End Routing Landscape . . . Where It’s Headed

BY DAVID BARRY

ROM ITS MODEST BEGINNINGS AT managing multiple overlay networks by moving to Stanford University in 1984 when Cisco a converged architecture. This movement will also founders Len Bosack and Sandy Lerner allow them to deliver innovative, profitable services Fdevised a new method to exchange e-mail faster and more efficiently. Most important, they between two incompatible computer systems, Cisco will need to simplify their IP/MPLS networks has continued to be the innovation leader of the through POP [point of presence] consolidation and networking market. The multiprotocol router flattening, to eliminate costly that evolved from their exchange of e-mail went redundancy and overly complex on to completely redefine the then nascent tiered architectures.” “internetworking” industry and set the stage for the coming Internet boom. A History of Innovation As Cisco has grown along with the enormous Cisco software and hardware have changes in networking and the Internet, it has often defined the direction of the continued to lead in delivering networking networking industry. With its intro- innovations, especially in its high-end routing duction of the AGS multiprotocol platforms. These platforms, router in 1986, Cisco transformed combined with the industry- the landscape of the internetwork- proven, ubiquitous Cisco ing market, at that time dominated IOS® Software have helped by bridged networks. With the service providers respond to AGS router companies overwhelming market changes could, for the first as the worlds of telco and data time, build larger, networking merged. more reliable net- Voice and time- works without division multi- concerns about plexing (TDM) issues such as networks gave broadcast storms way to Frame and suboptimal Relay and ATM, logical topology. which in turn FIGURE 1: Recent enhancements to the Cisco 12000 Series routers deliver 40 Gbit/s By 1994, Cisco gave way to of capacity per slot—doubling the world’s largest IP/MPLS core networks without a showed its strength forklift upgrade. optical and IP in software with networking the introduction and then to IP/Multiprotocol Label Switching of IP Multicast technologies that would enable mas- (IP/MPLS). Today, those innovations continue with sively scalable, efficient distribution of data, voice, and the recent announcements of enhancements to the video streams to hundreds, thousands, and even mil- best-in-class Cisco 12000 and 7600 series router lions of users. product lines. The Cisco 7500 Series Router, introduced in Looking ahead, service providers face equally dra- 1995, again moved the industry into a new phase, matic challenges as they seek to transform their playing a key role at the foundation of the Internet. infrastructures for the next networking evolution. In 2000, Network Computing magazine named the “Innovations, especially in the network core, Cisco 7500 Series the third most important product have always defined Cisco as the networking mar- of the decade to shape the networking industry. The ket leader and will continue to do so in the future,” first two products were the NCSA Mosaic Web says John Doyle, director of marketing for Core and browser and Novell Netware 3.x. Edge products at Cisco. “The new challenges our Technology innovations for the Cisco 7500 Series service provider customers face will be to dramati- included a new distributed architecture and switch- cally decrease capital and operational burdens of ing engine that pioneered the use of shared port

72 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

adapters via Versatile Interface Processor (VIP) Innovative Investment Protection cards. The Cisco 7500 Series was the first multi- Cisco recently introduced significant enhancements gigabit backplane router from Cisco. The distributed to the Cisco 12000 Series that reveal another unique architecture allowed service providers to begin scal- perspective on Cisco innovation—protecting the ing their networks by taking the processing load off investments of its customers. The Cisco 12800 the main CPU and distributing it to line cards with Series delivers 40 Gbit/s of capacity per slot and their own processing capabilities. Another first on doubles the capacity of the world’s largest IP/MPLS the Cisco 7500: it had a packet-over-SONET (POS) core networks. interface—a revolution in simplifying how Internet “What’s really significant here is that our longtime and IP traffic are carried over long distances. customers who have Cisco 12016, 12416, and 12410 The new, market-changing products from Cisco routers can install the new switch fabric cards in these began enabling service providers to rearchitect their platforms in the field—immediately doubling the networks—from multiple, disparate networks built capacity of their existing networks without complete largely on circuits and the PSTN to networks built equipment upgrades or changes to their power or cool- around packets. Over time, the concept of the net- ing infrastructures. Customers also can use all of their work as a service-delivery platform began to emerge. Cisco 12000 Series line cards in 40-Gbit/s-per slot Rather than merely deliver pipes, the new packet Cisco 12800 Series routers,” says Mike Volpi, senior network would provide a single point of control, vice president and general manager in Cisco’s Routing offer a ubiquity of implementations, provide end-to- Technology group. end services, and bring dramatic cost advantages. Cisco also introduced new 2-port OC-192 POS and 8-port OC-48 POS line cards that add archi- Cisco 12000 and the Shift to IP/MPLS tectural flexibility to the Cisco 12000 Series and FIGURE 2: The greatly As bandwidth demand continued to escalate on the allow these platforms to migrate to the edge in an simplified POP will consist of one or a few Internet, service providers looked not only for more IP/MPLS network. These 50 million-pps line cards core routers with inter- performance from their core routers, but also for the deliver wire-speed performance with a rich set of faces and features for ability to rise above commodity pricing by delivering IP/MPLS features including Nonstop Forwarding core, peering, and edge services. Each slot on more intelligent services. In 1997, Cisco delivered the (NSF) and Stateful Switchover (SSO), extending this carrier-class router 12000 Series, the first router built specifically for ser- access control list (ACL) support for more than will generate revenue vice providers and carrier customers seeking to meet 32,000 entries and enhanced scalability for VPN and because it will no the extraordinary demands of scaling the Internet multicast applications. longer be needed to provide connections backbone and IP networks. The Cisco 12000 Series Another example of investment protection and with aggregation or offered the first completely distributed, modular further strengthening edge MPLS services, Cisco peering routers. router with the ability to seamlessly scale—more than 100 times the original capacity to date—without THE CONSOLIDATED POP being taken out of the network and replaced by an entirely new appliance. The Cisco 12000 Series helped usher in the era of MPLS, an Internet Engineering Task Force (IETF) industry standard that was based on the Cisco innovation “Tag Switching,” which combined the scalability Core and control of Layer 3 routing with the performance Peer Edge and traffic management of Layer 2 switching techniques. Using a system of labels (tags) to associate data with destination and quality of service (QoS), and Peer employing Layer 3 and Layer 3 techniques, enables high-performance services, packet- or cell-based infrastructures, and end-to-end service definitions and QoS. Broadband By combining the intelligence of IP routing with the performance of switching through label-switched paths, MPLS allowed service providers to perform traffic engineering in their network backbones, and enabled scalable virtual private networks (VPNs) and end-to-end QoS. This gave providers the ability to deliver highly scalable, differentiating end-to-end IP services with simpler configuration, management, and provisioning for both themselves and their subscribers.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 73

recently introduced a new route processor, the improve service flexibility and reach that will be Supervisor Engine 720-3BXC for the Cisco 7600 provided by IP/MPLS ubiquity. And it will deliver Series. This supervisor engine enhances the role of economies of scale by leveraging investments in one Cisco 7600 as an edge device: as a label edge router technology instead of many. for pure MPLS-based networks and as a provider Look at Telecom Italia, for example. Eighty per- edge device for MPLS VPN networks. The numer- cent of Telecom Italia’s voice traffic and 50 percent ous interface speeds and media types available on of its international European voice calls now run the Cisco 7600 enable the aggregation of various over a converged IP/MPLS network. With its voice types of transport traffic across an MPLS-based over IP/MPLS network—the largest VoIP network in Layer 3 core. Europe—Telecom Italia is saving two-thirds of its transit operating expenses and providing better ser- New Demand for Edge Services Drives Further vice to its customers. Innovation in High-End Routing The road to a simplified, next-generation net- While service provider networks are scaling to han- work requires that POP architectures be flattened dle continued bandwidth growth and new demand and consolidated, says Doyle. POPs will begin to for edge services on IP/MPLS networks, most service flatten as the aggregation layer is eliminated. Instead provider networks still comprise many disparate net- of many routers deployed for aggregation and peer- works: Layer 2 Frame Relay and ATM; the PSTN; ing, these functions will merge into a much larger, optical networks; mobile networks; and others. more capable core router with interfaces and fea- And while this patchwork of networks is meeting tures for core, peering, and edge services. Therefore, customer demands, it is no longer the most efficient each POP will consist of few or even one much method for service providers to operate. larger, capable router. These POPs will easily scale “We see several pressing factors hindering service into the tens of terabits. Multiservice edge features provider profitability,” says Doyle. “First, voice rev- will enable new services and will support consoli- enues are in decline and data services are becoming dation of overlay networks. commoditized due to a maturing marketplace and The full realization of this vision will occur with flat-rate, bandwidth-based revenue models. Also, the fully consolidated POP (see Figure 2, page 73). legacy circuit networks based on TDM, Frame Relay, Here, adding capacity will be nondisruptive and can and ATM are offering little revenue growth potential be done in-service; core routers will offer a multi- because they can’t deliver innovative or unique new decade lifespan. Because slots will no longer be services. Most challenging is that they require indi- needed for connectivity to aggregation or peering vidual management, monitoring, and provisioning routers, all slots on these core routers will generate systems, which contributes to high OPEX [operating revenue. POPs will scale easily to tens of Terabits. expenses] and slow service delivery.” To become more profitable in the changing mar- Cisco’s commitment to innovation and to helping ser- ket and landscape, service providers are looking for vice providers meet their technical challenges forges ways to decrease the capital and operational burdens on—and will continue to help redefine the next gen- imposed by maintaining and managing multiple eration of service provider networks. overlay networks, while continuing to support their existing service offerings for the foreseeable future. They must also be able to deliver innovative, differentiating, and profitable new services to a broad market while avoiding commoditization. And they must simplify their IP/MPLS network infrastructures using highly available routing systems to eliminate costly redundancy and overly complex tiered architectures. To achieve these goals, service providers are focusing on convergence—the consolidation of FURTHER READING legacy Frame Relay, ATM, and voice traffic onto a common IP/MPLS packet network. This will enable Cisco 12000 Series Router: them to reduce the capital and operational expenses cisco.com/packet/162_8c1 of operating multiple overlay networks. It will also Cisco 7600 Series Router: improve manageability—only one network with cisco.com/packet/162_8c2 vastly fewer networking elements will need to be managed, monitored, and provisioned. It will

74 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. JOHN MCFAUL Small I voice anddatanetworks. The legalindustryismakingprogressivemovestowardconverged Law FirmsPartnerwithTechnology CISCO SYSTEMS satisfaction, whileloweringoperationalexpenses. increasing productivity, collaboration,andcustomer tremendous improvementsintheiroverallbusinessby work-enabled collaborativetools,whichhavedriven IP communications,security, videoconferencing,andnet- adopting newhorizontalbusinessapplications,suchas databases moreaccessibletotheirattorneys.They’realso unified messaging,timetracking,andcorporate as firms aremakingmission-criticalapplicationssuch mobility, andWeb applicationoptimization.These network solutions,includingintegratedvoice,video, information systemsthatallowforapplication-enabled sized” theirnetworks,creatingpowerful,intelligent not beenseensince theopeningofOldWorld trade explore newwaysofstreamlining businessoperations. els forcelawfirmstomaximize efficienciesand of servicesintofixed-priceproducts. Thesenewmod- from time-basedbillingmodels toacommoditization mergers andacquisitions,whileothersaremoving increasing emphasisonhigh-valuework,suchas access toattorneysandinformation. Clients demandnewservicesandmoreimmediate stay competitive.Theclientprofileischanging,too: among thechangesthatleavelawfirmsstrugglingto dation andincreasedcompetitionfortopclientsare legal industry’s landscape.Ongoingindustry consoli- The lastdecadehasseenamajorreshapingacrossthe Changes AfootinBusinessClimate “Some verydramaticchangesare inplaythathave In parallelwiththesechanges,somefirmsplace asset. Accordingly, severaltopUSfirmshave“right- a lawfirm’s networkcanbeastrategicbusiness industry, whereleadersarecomingtorecognizethat T Reprinted with permission from ’ UVVLO H ITS NTELEGAL THE IN FITTEST THE OF SURVIVAL S Packet ® magazine (Volume 16, No.2), copyright ©2004 byCisco Systems, Inc. Allrights reserved. BY JOANNAHOLMES AND Midsized Supporting more than70percentofthetoplaw firms The EmpoweredLawFirm critical successfactors. improved responsivenesstoclients—three mission- nal teamcommunication,client collaboration,and responsiveness toclients.Theyalsoenableopeninter- costs andincreaseboththeirproductivity data networks.Suchinvestmentscanhelplowertheir are nowmovingtheirbusinesstointegratedvoiceand world ofthelegalindustry, manyforward-looking firms to begatewaysinformation,ratherthangatekeepers.” Internet isdrivingbothlawfirmsandlegaldepartments instrumental inhelpinglawfirmsstaycompetitive.The The Internetandnewnetworkingtechnologiescanbe increased exponentially. Thelegalindustryisnot exempt. technological advances,businessproductivityhas legal servicesandgeneralcounsel.“Inpartasaresultof routes,” saysMarkChandler, Cisco’s vicepresidentof That’s why, inthetraditionally technology-shy BUSINESSES SECOND QUARTER 2004 PACKET 75 Small AND Midsized BUSINESSES

in the US, Cisco offers a “right-sized” suite of network Network Resilience solutions for the legal sector, including application- More than ever, law firms rely on networks to serve enabling voice, security, and wireless network services. clients effectively. In the connected workplace, the net- In 2003, Cisco unveiled its vision for the “Empowered work infrastructure must be highly resilient, minimizing Law Firm” at LegalTech Chicago. “As a basis for that unplanned downtime and providing unstoppable sup- vision, we partnered with Gartner research analysts to port for critical applications. conduct custom research with business and technical Among those law firms most attentive to network decision makers to find out their needs,” says Rod Kay, resilience are those who experienced firsthand the director of marketing for Cisco professional services. events of September 11, 2001. One year after those “We’re confident, based on the positive response, that attacks, the 381-employee firm of Thacher, Proffitt & our Empowered Law Firm solutions hits the mark.” Wood, formerly located in Tower Two of the World The Empowered Law Firm targets several key solu- Trade Center, rebuilt its offices in downtown tion sets geared to create workplaces that are: Manhattan. The calamity afforded TPW an opportu- Collaborative nity to completely rebuild, and they opted for a network Connected core based on Cisco products, replacing their PBX- Streamlined based telephony system with a Cisco-based IP com- Responsive munications system. Protected “Everything we do now is redundant, because of 9/11,” says Dierk Eckart, TPW’s IT director. To ensure Efficiency and Improved Collaboration that no outage interferes with vital communications, Law firms increasingly recognize that innovative, net- TPW uses redundant Cisco CallManager and Unity worked applications can help them differentiate them- servers in its New York and New Jersey offices. “It selves from competitors by delivering superior client would have been entirely cost-prohibitive to do that with service. A converged Cisco network paves the way for a traditional phone system, or even a hybrid system, and a collaborative workplace where legal organizations can achieve the level of redundancy that we’ve established improve overall efficiency and enable staff to be more with a few redundant Cisco CallManager instances,” productive, responsive, and client-focused. Using the Eckart notes. network for processes such as knowledge and document Like TPW, New York-based Hahn & Hessen took management; time management and billing; client col- advantage of its corporate relocation to upgrade its net- laboration; and e-discovery and research, applications work. The 70-year-old firm of 100 employees moved can boost productivity, lower costs, and strengthen from the Empire State Building to a more upscale mid- client relationships. town Manhattan address, and in the process installed an Support for these advanced applications calls for a end-to-end Cisco network encompassing voice and network infrastructure that provides performance and data communications. ease of use for employees and clients. One way that law “Our clients are very sophisticated financial institu- firms can boost efficiencies and collaboration is through tions, and they’re at the leading edge of technology,” says IP telephony. Cisco IP communications solutions and John Amato, Hahn and Hessen attorney and member of products like Cisco call-processing software and Cisco the firm’s management and IT committees. Like any Unity™ Unified Messaging can introduce voice capabil- business, though, Hahn & Hessen couldn’t risk down- ities that save time and increase attorneys’ ability to time or network outages. respond rapidly to clients. The IP communications component of the new net- At the Los Angeles-based law firm of Alschuler work is one that Hahn & Hessen reviewed particu- Grossman Stein & Kahan LLP, IS Director Ali Shahidi larly carefully before approving the decision. recently led a migration to a converged, Cisco-based “IP-based voice technology was still maturing in voice and data infrastructure when the company of 260 2002, and not many law firms were going that route employees moved to new offices. The Cisco solution’s back then,” says Nicholas Lucenko, Jr., IT manager ease of use has been a catalyst for enhanced productiv- for Hahn and Hessen. ity throughout the firm. For example, Shahidi says, Ultimately, the solution’s rich capabilities were what “Attorneys can listen to their e-mail on the telephone, or, sold them. “We’ve actually increased our core phone sys- with Cisco Unity, they can get all their voice mail in a tem resiliency by 500 percent,” Lucenko comments. unified mailbox. They can even forward voice messages that originated internally to an external client, via e- Mobile and Responsive mail.” Previously, Shahidi explains, those same voice Attorneys are under escalating pressure to be responsive messages would have been transcribed by a member of around the clock, both inside and outside the office. support staff and sent as memos—a far slower and more They travel to client sites, working from hotels, airports, labor-intensive process. or home. To respond to clients and colleagues quickly

76 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Streamlined Operations for IT Staff While law firms are coming to recognize the network as At AGSK, “very easy” is how Ali Shahidi describes his a strategic business element, many firms have limited firm’s Cisco IP telephony network administration. “If technical resources. They need networks that provide someone has already done some PBX setup, they can robust administration and troubleshooting tools, yet are easily adjust and use the IP telephony system,” he says. easy to deploy, manage, and maintain. “But better still is that IP telephony administration is much closer to network administration, so the adminis- Replacing a PBX phone system with the rich voice capa- trative resources you need would be the same resources bilities of a Cisco network is one way law firms can you need for your data network.” streamline their network administration. For Thacher, Profitt & Wood, that simplification started from day one. Shahidi recalls the labor-intensive process of managing “When we moved into our new building,” says TPW’s moves, adds and changes in the days when AGSK used Dierck Eckart, “we didn’t even run wiring for phones— a PBX for its voice network. These days, the firm’s net- just data jack wiring.” work administration is a centralized process that relies on the flexible Cisco IOS® Software. and maximize productivity, legal professionals need a The Hidden ROI responsive, protected workplace that provides secure, Law firms that invest in the advanced capabilities of real-time access to case information and communication Cisco networks are often surprised by many fringe ben- tools, wherever they are. efits that bolster the firms’ bottom lines. Virtual private networks (VPNs) are an increasingly The Pearl Law Group in San Francisco, named in vital tool in this network landscape, because they afford 2002 as one of Inc. Magazine’s fastest-growing US com- not only reliable connectivity, but also a high level of panies, created a streamlined workplace by deploying a security. Likewise, Cisco products such as the Cisco PIX® sophisticated Cisco network infrastructure to support its 501 Firewall enable legal staff to work securely from service-based business model. A small company of 32 home or in small, remote offices. employees, PLG built a client-facing extranet that At Hahn & Hessen, Nicholas Lucenko plans an ini- enables the firm to fast-track business processes through tiative to give attorneys broadband access in their an Amazon.com-like self-service model for clients. But homes, improving productivity and adding more bill- what PLG CEO and co-founder Julie Pearl didn’t able hours to the work week. His vision calls for direct expect was how the network technology would draw VPN access into the firm’s network, with not only soft some attractive clients, not to mention a strong talent phones, but even hard phones (handsets) in attorneys’ pool from all over North America. home offices. “For example,” Lucenko says, “using a “Our ROI is most measurable in terms of new Cisco 501 PIX Firewall, we could tunnel from a part- clients,” says Pearl. “We recently received a call from a ner’s home office directly into our network through a large biotech firm; they found us on the Web. Their in- VPN. The connection would be up 24x7 at the home house counsel felt that attorneys with a strong Web pres- office, and the partner would use a handset phone to ence would also be technologically savvy. Reading on make calls that are routed through our system and our site that we’re promoting the technology we’re using billed to clients. And the calls would be billed to the firm brought them to us.” at better rates than if the call was placed on the attor- “Possibly the strongest case for investing in technol- ney’s home phone.” ogy is something you can’t see—the clients you’re not Lucenko sees firsthand how his firm’s Cisco IP com- getting today,” Pearl concludes. munications deployment has enabled new degrees of Law firms that fail to address to address the chal- mobility—and responsiveness to clients—among attor- lenges and business opportunities in today’s turbulent neys. Lucenko recalls two partners at Hahn and Hessen legal marketplace are unlikely to thrive in the coming whom he describes as “not really technically savvy.” But, decades. The winners will be those firms that can he observes, “Every morning on their commute, they’re reengineer their operations to dynamically connect peo- listening to their e-mail through their voice mail.” The ple, expertise, and resources across multiple offices— text-to-speech feature of Cisco Unity Unified Messaging regardless of geographic location—into highly converts text to a user-friendly wave format, so these responsive virtual organizations. In realizing this goal, partners can listen and respond to messages long before law firms will reduce costs and develop high-value, flex- they reach the office. ible, cost-effective support capabilities.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 77

Smooth Sailing A robust network helps SMBs navigate choppy waters.

BY JAMES A. MARTIN

This article is excerpted from iQ Magazine. Newly simply scaled-down versions of enterprise products,” refocused, iQ addresses the challenges faced by small notes Andy Bose, chief executive officer of research and midsized businesses (SMBs) and explores how firm AMI-Partners, Inc. (see sidebar, “New Solutions technology can help them succeed and grow. For the Just for SMBs,” page 79). full article, along with a wealth of other content to Indeed, many SMBs are already realizing that a help SMB executives improve their bottom line and robust network isn’t out of reach. A Gartner study work smarter, see the Second Quarter 2004 edition of estimates that overall IT spending by SMBs from 2003 iQ Magazine at cisco.com/go/iqmagazine. —Editors to 2004 will increase by 5 percent. Among organizations with 5 to 99 employees, 36 percent say they will For many SMBs trying to sail to success in an increas- increase spending; likewise, 44 percent of organiza- ingly networked economy, the waters have grown tions with 100 to 499 employees, and 36 percent of choppy. Computer viruses, worms, spyware, and organizations with 500 to 999 employees say they will hacker attacks are now a daily threat to network secu- make increases. Networking/telecommunications was rity, and SMBs that lack the IT resources of larger the highest-ranked IT spending priority among orga- enterprises can be particularly vulnerable. Moreover, nizations with 500 to 999 employees and a close many SMBs face new government regulations that second in the other two SMB categories. place even higher demands on securing digital assets. And unpredictable events, such as power outages Securing the Network resulting from severe weather, natural disasters, or To determine the network solutions that best suit their strains on an aging electrical infrastructure, affect all needs, SMBs must first assess their current and poten- businesses, whether it’s a small restaurant in Toledo, tial business challenges and determine how a robust Ohio, or a large bank in New York City. SMBs must network can help overcome them. For instance, in this put systems in place to recover rapidly from these era of rampant computer viruses and other threats, events to keep their businesses running smoothly. security is often an SMB’s No. 1 network concern. Meanwhile, many of these SMBs are still compet- Security is particularly essential to organizations that ing with large corporations equipped with sophisti- have highly confidential data, such as healthcare and cated, global network infrastructures, as well as financial institutions. trying to satisfy the operational demands of their Often, it’s necessary to secure parts of a network enterprise customers. Wal-Mart Stores, for instance, from internal users as well as from potential outside only works with SMB suppliers or partners who can intruders. Rocket Software, a software development electronically interact with them for invoicing, ship- company with 210 employees, maintains multiple ping and receiving, and other business-to-business levels of security throughout its Cisco IP network to transactions. prevent engineers working on one proprietary project “To compete in an increasingly networked econ- from accessing information related to another pro- omy, SMBs must understand the relevance of a prietary project, says Troy Heindel, Rocket’s chief robust network architecture and how it can apply to information officer. “We have significant confiden- their particular business,” says Kneko Burney, chief tiality agreements with the large companies we design market strategist for customer and service provider software for,” he explains. “Segmenting our network markets for research firm In-Stat/MDR. “A strong with multiple levels of security enables us to satisfy our network can help small companies grow bigger and customers’ needs.” help them save time, which is their most precious asset. SMBs simply don’t have enough time to do all Being Fast on Your Feet the things they need to do.” Agility and resilience—the abilities to be flexible and Fortunately, many networking-hardware compo- responsive to changing conditions even in adverse sit- nents, applications, and other products and services uations—are vital to any business. Change can come today are designed specifically for SMBs to address the suddenly in the form of unexpected events men- new business environment. “These products aren’t tioned earlier. Change can also be positive, such as the

78 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

New Solutions Just for SMBs Kevin Outcalt, senior director of commercial marketing variety of e-learning resources that provide a much for the Worldwide Commercial Market segment at Cisco, deeper technical understanding. SMB Class also offers explains the elements and benefits of the recently a quick and easy application process for financing, fast unveiled SMB Class solutions. turnaround, and aggressive pricing on a variety of lease options on such solutions as IP telephony. And we have iQ: What is SMB Class? developed appropriately sized applications that increase Outcalt: SMB Class provides SMBs with a suite of easy- an SMB’s ability to collaborate, such as Cisco Unity™ to-use network solutions designed specifically to help Express unified messaging solution and Cisco IP them meet their top business challenges, such as pro- Contact Center. We’ve also partnered with Microsoft to ductivity, security, customer satisfaction, profitability, promote its Microsoft CRM application with our IP com- and business agility. With the help of our channel part- munications platform to help SMBs more effectively ners, we can now deliver complete network solutions respond to their customers. that are appropriately sized for each customer, rather iQ: What is the value of SMB Class? than offering a one-size-fits-all package or a scaled-down version of a larger network solution. Outcalt: We listened to the SMB market, and now we’re delivering to SMBs what they need: a complete end-to- iQ: What are the elements of SMB Class? end network solution. Along with that, SMB Class pro- Outcalt: SMB Class solutions include service and sup- vides world-class local support, intelligent networking ser- port; training; financing; and applications. For example, vices across the infrastructure, security, and scalability. we’ve priced our service and support solution, And most of all, SMB Class provides businesses with SMARTnet®, to provide SMBs with a better value. SMBs peace of mind, because they know that all the pieces of often have only one or two people on staff performing their network fit together. all IT functions, so SMB Class solutions offer a wide

need to quickly add new employees to meet growing It’s About Time customer demand. Ether way, a robust network archi- To be sure, some SMBs may question the return on tecture and the applications that run on it can provide investment (ROI) a sophisticated network infrastruc- SMBs with high reliability, backup, and redundancy ture can deliver, or the relevancy of such a network to as well as scalability and flexibility. their business. But to be a player in the global, net- Out of Rocket’s 210 employees, 60 engineers devel- worked economy, the question SMBs should be ask- oping mainframe software work remotely and collab- ing themselves about an advanced network shouldn’t oratively from far-flung locations, such as China, be, “Why?” but “When?” Denmark, and Russia. “Without a flexible, robust net- “Though the payback is certainly there, it’s not all work,” Heindel says, “that wouldn’t be possible.” about ROI,” says Rocket Software’s Heindel. A networked economy “is where the world is going, and Leveling the Playing Field you’ll be left behind if you don’t seriously look at how A robust, secure network can help SMBs better an expanded network applies to your business.” compete with larger companies, and an advanced net- Put another way, a sophisticated network can work infrastructure can also help SMBs meet the help SMBs navigate through choppy seas, adeptly demands of their enterprise customers. Rocket has dodge bigger boats, and have the time to relax when, built a Web-based application that allows Rocket engi- at last, they reach calmer waters. neers to collaborate online with its large corporate customers, says Heindel. The application breaks down the barriers that existed between internal and external users in differ- FURTHER READING ent companies and across varying time zones. The cus- Cisco SMB Class products and services: tomers require that level of online collaboration, cisco.com/packet/162_9b1 Heindel adds, and without a strong network foundation, Rocket could not offer it.

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 79

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. hough many predicted its demise with the growth of Internet banking, the bank and credit union branch By GENE KNAUER Toffice has not gone the way of the dinosaur. Far from it. Today, the branch is the epicenter of a major transformation as separate point-to-point networks with limited services give way to converged data, voice, and video networks running over IP. Cisco is focusing an array of products and technologies to meet the needs of branch environments. Financial insti- (OPX) lines that could conference the customer to the tutions in particular have been quick to embrace right person, these lines were limited in capacity and features. At Cascade’s home office, the phone system branch transformation. was also “failing.” Working with a local Cisco partner, NEC BNS, “Bank and credit union customers want to be able Cascade chose Cisco AVVID (Architecture for Voice, to use all of the different channels of communica- Video and Integrated Data) to consolidate T1 lines tion—the branch, the Internet, ATMs [automated under one service provider cloud and build an inte- teller machines], and contact centers,” says Jim grated voice and data network. By converging to a Bright, industry marketing manager at Cisco. voice over IP (VoIP) phone system and using Cisco “Sometimes you can solve things face to face that you CallManager call-processing software for call routing can’t solve otherwise. With a big deposit or transac- and Cisco Unity™ Unified Messaging for voice mail, tion, many people want to come to the branch to do employee productivity, cost savings, and customer sat- that. But the branch customer is more sophisticated isfaction have all increased dramatically. now; they want to know about their accounts and “We’ve reduced overall network costs by 25 per- find out about other products. And institutions see cent,” says Gamboa. “By using the AVVID toll the opportunity to migrate off of older, less efficient bypass feature, we have seen a significant decrease in networks and computing platforms and to become our long-distance bill, because many calls are more efficient and competitive.” between branches.” Many financial institutions have already warmed According to Gamboa, the bandwidth available for to the idea of lower total cost of ownership from data was doubled when the bank eliminated all of the converged IP data, voice, and video networks in separate network interfaces, which provided the addi- their branches. The benefits in higher reliability and tional capacity for voice applications. easier management of vertically integrated net- “By introducing an IP contact center, we no longer works are clear. They are enabling higher employee have stopped, dropped, or lost calls,” says Gamboa, productivity, better customer service, and better “and the functionality increase is considerable. We can security with network applications such as IP tele- now route calls right to any handset within our oper- phony; IP public branch exchanges (PBXs); video ations, help desk, and information services depart- applications for staff and branch customers; IP- ments. We’re clearly seeing improved service and enabled ATMs and kiosks; IP video surveillance sys- response times.” Using the unified messaging capa- tems; and wireless LANs. Branches are beginning to bility of Cisco Unity, bank employees can view voice view their networks as platforms for doing business mail in their e-mail inboxes. better, more efficiently, and more profitably. First Albany Capital—Reducing Costs, Cascade Bank Converges Voice Networks Increasing Reliability of Hoot ‘N Holler Network Serving the greater Seattle, Washington, area, Cascade Independent investment bank and asset management Bank was one of the first institutions of its kind to firm First Albany Companies, Inc., based in Albany, offer online banking. Yet when the bank looked at New York, has used an always-on Hoot ’N Holler net- enhancing efficiency in the branches, Robert Gamboa, work for high-level customer service. Hoot ’N Holler senior vice president of information services, saw 14 networks are specialized audioconference networks branches, each with its own phone system and vary- commonly used in the brokerage industry. Brokerage ing system capabilities from branch to branch. firms can spend millions in monthly leased-line charges Customers calling one branch phone number couldn’t to pay for dedicated circuit-switched Hoot ’N Holler be transferred to bank personnel in another branch. long-distance connections. The application provides an

Although Cascade had some Off-Premises Extension open channel for audio-conferencing between traders JOHN RITTER

80 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

in different locations, especially during a morning call. Cisco 7507 routers in each of three main offices in During the rest of the day, the channel is open for Albany, NewYork City, and Boston. instant communication of stock-related information “We use two service providers for even greater and customer orders. redundancy,” says David Hughes, manager of network “It was expensive, and because it was an analog and server infrastructure at First Albany, who estimates system it required individual drops to each remote that uptime on the WAN is close to 99.999 percent. office, so it was costly,” says Chat Herrgott, First Future plans include expanding access to the Albany chief technology officer. HHoIP solution beyond end terminals to desktop PCs, The system was also vulnerable to failure; if any of home offices, and, if First Albany implements VoIP, to the leased lines or analog connections went down, that IP phones. office lost its connection with the Hoot ’N Holler service. The cost for creating redundant connections to Municipal Credit Union of New York—Branch each office was prohibitively expensive. Video Programming for Entertainment and Profit First Albany Capital chose to replace its old solu- The Municipal Credit Union of New York serves tion with Cisco Hoot ’N Holler over IP (HHoIP), 350,000 members and manages US$1.1 billion in deployed on the organization’s existing Cisco-based assets. With 10 branches, the organization has a lot WAN. Cisco 2621XM routers were upgraded with of customer foot traffic each week. Chief NM-2V voice modules and voice interface cards. Technology Officer Barry Grant concentrated first Two Cisco 2621 routers connect each office with dual on expediting the waiting time in branches by

G Branch I N Financial institutions transform the way they do business with the Out Cisco “Branch of the Future.”

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. 82 the creditunion’s firewall. will connectemployeessecurelyoutsideof network isinplace atAmericanSavings legacy phonesystems. failover solution,replacingnonredundant gained adependabledisaster recovery institution, withmorethan700 offices,also annually onconferencecallingalone.This Alabama, isexpectedtosaveUS$1million South Trust at Bank inBirmingham, newly convergeddataandvoicenetwork A VoIP projectusingCiscosolutionsona Other BranchoftheFutureInitiatives using CiscofeaturesinIOS personnel. Virtual privatenetworks(VPNs) offices—to functionascall-centersupport any employee—eventhosebasedinhome the existingCiscoWAN, whichwillallow next tocreationofIPcontactcentersusing it availableinthemorning. overnight duringoff-peakhoursandhave quarters. Contentenginescancachevideo employees andbroadcastsfromhead- be usedtoconducte-learningforbranch monitors inthebranches. promotional andinformationalcontentto A CiscoContentEngine507AV pushes about shippingvideotapestothebranches. ily updateitsplaylistswithoutworrying Municipal CreditUniontoquicklyandeas- deployed atthebranchoffices,allowing content totheCiscoContentEngines (CDM) isusedtomanageanddistribute Cisco ContentDistributionManager using theIPnetworkalreadyinplace.A streaming videocontenttobranchoffices System (ACNS)solutiontodeliverrich Application andContentNetworking Union productsandservices. with commercialsonMunicipalCredit ing inlinedailynewsfeedsinterspersed would givecustomersstand- delivery networksolutionthat to implementavideocontent phony, thecredituniondecided line toseetellers. tomers wouldalwayswaitin for certaintransactions,cus- for self-servicebutrealizedthat installing ATMs andkiosks A convergedCiscoIPdataand voice The MunicipalCreditUnionismoving The contentdeliverynetworkcanalso The creditunionchosetheCisco Already runningIPtele- Reprinted with permission from PACKET EODQUARTERSECOND 2004 ® Packet Software ® magazine (Volume 16, No.2), copyright ©2004 byCisco Systems, Inc. Allrights reserved. Quarter 2004issueof “The Self-DefendingNetwork”intheFirst made Cisco’s self-defendingnetwork (see “Increased governmentregulationshave New Trends intheFullService Branch pass auditsfrom regulators.Thatincludes tomers toimplementbranchsolutions that vices companies.“We arehelpingourcus- manager forsmalltomidsizedfinancial ser- Rune Olslund,Cisco’s industrysolution major interesttofinancialinstitutions,” says the CiscoSAFEblueprintforsecurityof everything worked.” the newoffices,pluggedthemin,and phones fromtheiroldlocations,movedto Lee. “We literallyunpluggedtheCiscoIP our newcorporateheadquarters,”says VoIP system,wemoved70employeesto and collaborativecontactcentersolutions. fied messaging,multimediaconferencing, tures tobranchphonesandsupportsuni- software extendsenterprisetelephonyfea- Cisco IOSSoftware.CallManager Encryption Standard(3DES)featuresin IP Security(IPSec)andTriple Data Series IPphonesanddesktopPCs. switches connectthenetworktoCisco7960 nections toT1lines.CiscoCatalyst3524XL 3640 seriesmultiserviceroutersforVPNcon- switches. BranchofficesuseCisco3660and nected toCiscoCatalyst and qualityofservice(QoS),arecon- Series routersthatprovidedataencryption force ontheroad.” from homeafterhours,andoursales on callaroundtheclock,thoseworking Lee. “Thisisagreatbenefittoemployees Bank ChiefInformationOfficerCraig the network,”saysAmericanSavings office andmobileworkerssecureaccessto multimedia services. “A weekafterweactivatedourCisco Data andvoicepacketsareprotectedby Two hubsiteshavetwoCisco7200 “Cisco VPNproductsgiveourremote VPNs. CiscoPIX Blueprint forsecurityand solution usestheSAFE throughut Hawaii.TheCisco Bank, whichhas68branches cialized securityforvoiceand intrusion protection,andspe- col andapplicationinspection, Inspection Firewalling,proto- firewalls deliverStateful Packet ® 6006 distribution ® ) featuresand ® 500 Series Jim BrightofCisco. measurable benefitsfromdayone,”says adaptable platformfordoingbusinesswith optimized networkplatformbutabetter, vice atthebranchamongCiscocustomers. network solutionsarekeydriversoffullser- tomer servicefromnewlyimplemented works, higherproductivity, andbettercus- platform tomakeithappen.” branch networktechnologiesprovidethe and cutdownonfraud.Cisco’s fullservice ity willprovidegreateroperationalefficiency immediately andverifysignatureauthentic- allow businessestoverifyfundsavailability believes Olslund.“Puttingsystemsinplaceto tructure toprocesschecksonthenetwork,” drive institutionstoimplementtheinfras- compared withhandlingpaperchecks,will of thecheckforclearance. retailers, andotherscantransmittheimage tions. With Check21,banks,creditunions, to manybottlenecksforfinancialinstitu- checks writtenintheUSeachyearcanlead expedite checkprocessing.The38billion images inplaceoforiginalcheckstogreatly later thisyear, willallowtheuseofcheck Check 21—whichwillbecomeeffective Check Clearingforthe21stCenturyAct— control, andintrusiondetection.” of catastrophicfailures, case in full solutionsforbusinesscontinuity “We’re givingourcustomersnotjustan Meanwhile, savingsfromconvergednet- “The savingsfromfasterprocessing, A newUSgovernmentinitiative,the FURTHER READING default.htm paymentsystems/truncation/ federalreserve.gov/ Century Act(Check21): Check Clearingforthe21st cisco.com/packet/162_10a3 for BranchTransformation: Article onCiscoandIBMAlliance cisco.com/packet/162_10a2 Branch: Article ontheCiscoFullService cisco.com/packet/162_10a1 transformation: Cisco FullServiceBranch cisco.com/go/bank Cisco BranchoftheFuture: CISCO SYSTEMS network access

JOHN RITTER Technically Speaking

Understanding RFID

BY ROB REDFORD

HANCES ARE THAT YOU’ RE your credit card (see “A Trip to the Future of knowing where each unit of your entire already familiar with RFID, or Store,” Fourth Quarter 2003 issue of Packet® inventory is any time or knowing exactly Radio Frequency Identification. at cisco.com/packet/162_11a1). which items on your display shelf will expire CEssentially, RFID is an “elec- in a week. With detailed information readily tronic bar code,” and RFID tags are used to Why Is RFID Hot? available over the network, businesses can wirelessly identify inventory or products. RFID technology has existed for years, so implement revolutionary inventory, distri- Do you have an employee badge that you why is it now such a hot topic? The cost of bution, and retail processes. place near a card reader, rather than swiping tags has been steadily declining, from a few RFID can benefit a wide range of busi- it through the reader? An E-ZPass tag on cents today to a fraction of a cent in the near nesses. For example, a healthcare worker your windshield for automatic toll deduc- future as volume increases. The “tipping could instantly locate the nearest emergency tion? These are examples of RFID. point” is about one-half cent US. At this low medical equipment. This requires an inter- Combined with a network, RFID cost, it is economically feasible to build an connected network throughout the entire promises to realize its full potential and fun- RFID tag into every product or package. supply chain at each stage of the business damentally change the way businesses man- Furthermore, carbon ink can now be used to process, as well as with suppliers and part- ufacture, distribute, and sell products, as well “print” the antenna, increasing flexibility ners. This network must also possess the as the way consumers buy and use them. and making the tags more reliable. A recent right enabling technologies such as quality of study by Venture Development Corporation service (QoS), security, and management. How RFID Works projects a 37 percent compound annual Networking the readers could be accom- RFID tags exploit the basic properties of growth rate (CAGR) for RFID by 2005. plished with power over Ethernet (PoE), a electromagnetic (EM) fields to power a While RFID is a “wireless” technology, standard that is quickly taking hold in the small radio frequency (RF) transmitter. An it differs from IEEE 802.11 Wi-Fi data net- process automation industry (for more on antenna collects the EM radiation and the working technology. But it’s the combina- PoE, see page 19), or fixed or mobile RFID resulting energy is used to transmit a tion of RFID with network technology readers that use 802.11 Wi-Fi connectivity. unique ID code. Currently, this code can be that’s creating excitement. Because RFID is The implications for consumers are up to 128 bits, which is far more informa- just an identification mechanism, networks equally significant. One example: With tion than can be encoded in a bar code. So have to connect data from the RFID read- RFID readers in your kitchen, your com- significantly more information can be asso- ers and transmit this information to the puter could give you a list of recipes you can ciated with an item—color, place of pur- application or database. To enable an entire make with the items you have available. The chase, model, size, expiration date, etc. The supply chain, networks at different loca- possibilities are endless. tags are also unique to the unit, unlike a bar tions must be connected and tied into a cen- All of the elements are in place for RFID code that only identifies a whole category. tral tracking application. technology to take off in the near future: the The advantages of this wireless approach RFID-ready networks based on new, declining cost of RFID tags, open industry are that units can be tracked individually, open standards such as Electronic Product standards, and enabling technologies such as line-of-sight access to the item is not required Code (ePC), ePC Information Systems (eIS), PoE and 802.11 Wi-Fi. to sense it, and multiple tags can be read and Physical Markup Language simultaneously. Imagine an auto manufac- (PML) will significantly reduce ROB REDFORD is vice president turer that can determine every car part by infrastructure costs and enable of Product and Technology serial number simply by scanning it, or an much greater scalability than today’s Marketing at Cisco. A frequent overnight delivery service that can locate proprietary reader/server imple- presenter at conferences, he has published many technical and busi- every package in its system any time. Finally, mentations. The benefit for business papers and articles and is a consider the consumer implications: truly nesses is real-time collection of member of the editorial advisory enabling the “store of the future,” where you end-to-end supply-chain data, cre- board of Telecommunications place items in your shopping cart and bypass ating an opportunity for radical Magazine. He can be reached at [email protected]. the checkout line because the RFID scanners business process optimization. ROB REDFORD detected all of your purchases and charged Consider the business implications

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 83

(PoE) line cards provide 48V DC power at 15.4 watts per port over standard Category Cisco IOS 5 unshielded twisted-pair (UTP) cable up to 100 meters. The cards provide 48-port Software 10/100 Ethernet (RJ-45 or RJ-21 options) or Cisco IOS MPLS Virtual Private a 48-port 10/100/1000 Gigabit Ethernet LAN Service (RJ-45) option with support for IEEE Cisco IOS® Multiprotocol Label Switching 802.3af and the Cisco prestandard PoE (MPLS) Virtual Private LAN Service Cisco 2600, 3660, and 3700 Series implementation. (VPLS) technology connects a large number Routers: Network Analysis Module cisco.com/go/catalyst4500 of geographically-dispersed sites into a sin- The new network analysis module (NM- gle LAN infrastructure. Network resilience NAM) for selected Cisco 2600, 3660, Cisco Catalyst 6500 Series Switches: is increased with innovative services such and 3700 series routers provides multi- New Modules and Integrated Services as MPLS Fast Reroute for Any Transport service traffic monitoring in enterprise The Cisco Catalyst 6500 Series offers two over MPLS (AToM) circuits, quality of ser- branch offices for troubleshooting, new high density modules, a set of Power vice (QoS) guarantees using Differentiated capacity planning, and managing net- over Ethernet (PoE) modules, Supervisor Services (DiffServ), and better bandwidth work-based services. An embedded, Forwarding Engine and 10 Gigabit Ethernet utilization with MPLS Traffic Engineering. Web-based traffic analyzer supports real- XENPAKs, and integrated services soft- VPLS technologies emulate the traditional time and historical monitoring of LAN ware. High Density Modules—A 96-port Layer 2 infrastructure enabling a smooth and WAN traffic as well as network ser- 10/100 Ethernet module delivers industry- mitigation to an IP/MPLS network. VPLS vices such as quality of service (QoS) and leading 10/100 port density for flexible technology is covered in greater detail on voice over IP (VoIP). The NM-NAM deployments in compact form factors in the page 23. optimizes performance with two moni- wiring closet, and a 48-port Gigabit Ethernet cisco.com/packet/162_npd8 toring interfaces (one internal and one mixed media module for high density, high- external) and a single processor archi- performance Gigabit aggregation in the tecture that supports processing with distribution, core, and data center. PoE dedicated 256-MB RAM. Offerings—A 48-port 10/100 IEEE 802.3af Edge Routing, cisco.com/go/nam PoE module, available in RJ-45 or RJ-21 connectors, and 48-port 10/100/1000 Access, and 802.3af PoE modules for both value and premium wiring closet applications have Aggregation Switching been added to the Catalyst 6500 Series. In Cisco 7600 Series Routers and Cisco Cisco Catalyst 4500 Series Switches: addition, 802.3af PoE daughter card Catalyst 6500 Series Switches: New New Chassis, Supervisor Engine, upgrades are available for the 10/100 and Gigabit Ethernet Module and Power over Ethernet Line Cards 10/100/1000 Ethernet modules for maxi- The 48-port Mixed-Media Gigabit Ethernet New hardware choices expand deployment mum investment protection when migrating Module for Cisco Catalyst® 6500 Series options for enterprise or metro Ethernet cus- to converged networks. Supervisor switches and Cisco 7600 Series routers tomers using Cisco Catalyst® 4500 Series Forwarding Engine and 10 Gigabit Ethernet offers service providers increased flexibility switches. The 10-slot Catalyst 4510R chas- XENPAKs—With an enhanced field- and scalability in high-performance metro sis offers scalability up to 336 ports of upgradable Policy Feature Card (PFC3BXL), networks. The module provides 48 small 10/100/1000 Ethernet as well as two dedi- the Supervisor Engine 720 delivers form-factor pluggable (SFP) optics to cated Supervisor Engine slots for redun- enhanced security and scalability to the net- address a mix of media types and dis- dancy. The Supervisor Engine V, available work, and enables deployment of scalable, tances. Features supported by the module for all Catalyst 4500 Series chassis, offers secure, manageable switch-integrated ser- include 40-Gbit/s switch fabric connections capacity of 96 Gbit/s for scalable, non- vices throughout the network. New 10 for 48 Gigabit Ethernet ports; 9K Jumbo blocking Layer 2/3/4 switching with enhan- Gigabit Ethernet XENPAK options for the Frame-size support, and upgrade to ced hardware-based features such as 10 Gigabit Ethernet modules provide mul- Distributed Forwarding capability with broadcast and multicast suppression and Q- timode fiber and copper XENPAK support daughter card options. in-Q encapsulation. Three new Cisco for 10 Gigabit Ethernet deployment in enter- cisco.com/go/catalyst6500 Catalyst 4500 Series Power over Ethernet prise and data center networks. Integrated

84 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Services Software—Software enhancements Enhanced Services uplink ports. With flex- Cisco Persistent Storage Device to the Content Switching Module, Secure ible software options, the Cisco Catalyst The Cisco Persistent Storage Device (PSD) Sockets Layer (SSL) Services Module, IP 3750 Metro Series provides a cost-effective extends storage on a Cisco Content Services Security (IPSec) VPN Services Module, and path for meeting current and future service Gateway (CSG) card to assure capture of Network Analysis Module 1 and 2 provide requirements. billing data for mobile services. If a service additional security defense, application cisco.com/packet/162_npd1 provider’s billing system is unavailable, awareness, and visibility of network traffic. the Cisco CSG will redirect call detail cisco.com/go/catalyst6500 Cisco Catalyst 3750 Series Switches: records (CDRs) to the Cisco PSD for stor- New Power over Ethernet and 10 age and later transmission. With 37 GB of Cisco Catalyst 3560 Series Switches Gigabit Ethernet Models onboard storage space, the Cisco PSD can The new Cisco Catalyst 3560 Series offers New models in the Cisco Catalyst 3750 save up to 264 million CDRs from up to fixed-configuration, multilayer switches Series of enterprise switches support IEEE three Cisco CSGs. The Cisco PSD is imple- that deliver IEEE 802.3af Power over 802.3af Power over Ethernet (PoE). The mented as a single services module card on Ethernet (PoE), Layer 2/3/4 intelligent Catalyst 3750-48PS provides 48-port Cisco Catalyst® 6500 Series switches or services, and advanced Layer 3 routing 10/100 Ethernet and four SFP ports; the Cisco 7600 Series routers. with integrated security and QoS. Two Catalyst 3750-24PS provides 24-port cisco.com/go/mobile models are available now, providing the 10/100 Ethernet and two SFP ports. IEEE standard or enhanced multilayer software 802.3af PoE and Cisco Catalyst switches image (SMI or EMI) with either 24 or 48 are covered in greater detail on page 19. ports for 10/100 Ethernet connections Ideal for wiring-closet deployments or Network and two or four SFP ports. Cisco Catalyst server aggregation in a small data center, 3560 Series switches are ideal for use in the new Cisco Catalyst 3750G-16TD pro- Management small enterprises and branch offices to vides 16 copper ports for 10/100/1000 Cisco Transport Manager Version 4.6 connect IP phones, wireless access points, Ethernet with a single 10 Gigabit Ethernet Cisco Transport Manager delivers intelli- video surveillance systems, and building uplink. Each model occupies a single rack gent element management software for the management devices. IEEE 802.3af PoE unit and supports installation with Cisco Cisco ONS family of optical networking and Cisco Catalyst switches are covered in StackWise™. products. Major new features available in greater detail on page 19. cisco.com/go/catalyst3750 Cisco Transport Manager Version 4.6 cisco.com/go/catalyst3560 include automatic subnetwork grouping, integrated Multiservice Transport Platform Cisco Catalyst 3750 Metro Series (MSTP) and dense wavelength-division Switches Wireless multiplexing (DWDM) management, and The new Cisco Catalyst 3750 Metro Series Cisco Aironet Family: New Client link-layer network model. is a unique line of fixed-configuration, cus- Adapters cisco.com/packet/162_npd2 tomer-located switches that bring greater New Cisco Aironet® IEEE 802.11a/b/g intelligence for metro Ethernet access. The Wireless CardBus and PCI Adapters Cisco Mobile Wireless Center switches are ideal for service providers provide seamless connectivity to any Version 2.0 offering differentiated metro services with compliant network as well as Cisco Cisco Mobile Wireless Center (MWC) greater bandwidth and service-level agree- Aironet 1100 and Aironet 1200 Series software gives service providers an intel- ment (SLA) flexibility. The switches support access points. Both adapters are Wi-Fi ligent network management system for hierarchical quality of service (QoS) and compliant, support 54-Mbit/s commu- Cisco Mobile Exchange and other Cisco traffic shaping, intelligent IEEE 802.1Q nications in the 2.4-GHz and 5-GHz products in mobile wireless networks tunneling, virtual LAN (VLAN) translation, bands, and provide an intuitive user based on 2.5-GHz, 2.75-GHz, and 3-GHz Multiprotocol Label Switching (MPLS), interface for easy configuration, moni- technologies. Cisco MWC Version 2.0 and Ethernet over MPLS. The Cisco toring, and management. The CardBus provides device configuration and net- Catalyst 3750 Metro Series is a single rack client adapter is ideal for laptops and work services provisioning, fault media- unit with redundant AC or DC power, 24 tablet PCs; the low-profile PCI client tion, and performance mediation for ports of 10/100 Ethernet, two small form- adapter is ideal for slim desktop and Cisco service selection gateways, content factor pluggable (SFP) ports for Gigabit point-of-sale devices. services gateways, Packet Data Serving Ethernet access, and two SFP-based cisco.com/go/aironet Node and Home Agent, and Gateway General Packet Radio Service (GPRS) Support Node on the Cisco Catalyst® 6500/Cisco 7600 Multiprocessor WAN Application Module and on Cisco 7200 Series routers. cisco.com/go/mwc

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 85

Enhanced Management Tools for based on media files and controls defined through Cisco CallManager. The features MPLS Networks by the ISN Application Server. Other sup- and benefits of Cisco VT Advantage are An enhanced suite of Cisco software tools ported capabilities include call queuing and covered in greater detail on page 45. eases management of Multiprotocol Label agent-initiated or outpulse call transfers. cisco.com/packet/162_npd4 Switching (MPLS) networks. Embedded Cisco ISN 2.1 integrates with Cisco ICM MPLS management capabilities in the Cisco Enterprise Edition, Cisco ICM Hosted Cisco IPCC Hosted Edition, Cisco IOS® Software encompass unique Cisco Edition, Cisco IPCC Enterprise Edition, IPCC Enterprise Edition 6.0, and technologies—Label Switched Path (LSP) and Cisco IPCC Hosted Edition. Cisco IPCC Express Edition 3.5 Ping/Traceroute, Virtual Circuit Connectivity cisco.com/packet/162_npd7 New Cisco IP contact center (IPCC) soft- Verification (VCCV), AutoTunnel/ ware editions offer expanded capabilities for AutoMesh Traffic Engineering, and Cisco Cisco 2600XM, 2691, and 3700 Series customer contact centers. The new Cisco Auto Service Assurance Agent (SAA)— Routers: IP Communications Modules IPCC Hosted Edition software enables ser- which make it easier to deploy, operate, and Three new IP Communications High- vice providers to offer managed customer monitor MPLS enhanced services. These Density Digital Voice/Fax Network contact services. Installed on servers located enhancements are compatible with new Modules (NM-HDV2, NM-HDV2- in a central office or customer data center, MPLS features in three Cisco network 1T1/E1, and NM-HDV2-2T1/E1) sup- Cisco IPCC Hosted Edition supports appli- management products. Cisco Info Center port high-density digital voice traffic, cations such as virtual call center, intelligent VPN Policy Manager Version 3.1 offers analog voice traffic, WAN connectivity, call routing, and network-based automatic faster correlation of MPLS network events and conferencing and transcoding capa- call distribution (ACD) and interactive voice and supports the MPLS troubleshooting bilities for Cisco 2600XM, Cisco 2691, response (IVR) functionality. Cisco IPCC tools in Cisco IOS Software. Enhancements and Cisco 3700 series multiservice access Enterprise Edition 6.0 software offers new in Cisco CNS NetFlow Collection Engine routers. Designed for both enterprise features such as Java-based computer-tele- Version 5.0 include a MPLS VPN provider- and service provider applications, the phony integration (CTI) capabilities and a edge-to-provider edge (PE-PE) module for modules directly connect PSTN, tradi- redesigned agent desktop with enhanced collecting traffic data. The new Cisco CNS tional telephony equipment, and WAN redundancy for large contact centers. Cisco Performance Engine Version 2.1 captures to the router for toll bypass or IP com- IPCC Express Edition 3.5 software provides LSP Ping and Traceroute results in MPLS munications capabilities offered by Cisco a unified implementation of ACD, IVR, and networks and supports PE-to-PE aggrega- CallManager with Survivable Remote CTI capabilities in a single-server platform tion of NetFlow MPLS VPN usage. These Site Telephony (SRST) or Cisco that is scalable up to 200 agents. new IOS MPLS management tools are cov- CallManager Express. The modules have cisco.com/go/ipcc ered in greater detail on page 69. a single voice interface card (VIC) or cisco.com/go/mplsmanagement voice/WAN interface card (VWIC) slot, Cisco CallManager Version 4.0 four digital signal processing slots, and A new version of Cisco CallManager intro- CiscoView Device Manager for Cisco offer options for one or two built-in duces a videoconferencing capability, Catalyst 6500 Series T1/E1 ports. A new embedded device manager, cisco.com/packet/162_npd5 CiscoView Device Manager (CVDM) pro- ABOUT NEW vides Web-based, graphical user interface Cisco Video Telephony Advantage (GUI) for easy configuration and manage- Release 1.0 PRODUCT DISPATCHES ment of Cisco Catalyst 6500 and integrated The new Cisco Video Telephony (VT) Keeping up with Cisco’s myriad new services modules. CVDM further simplifies Advantage Release 1.0 software allows products can be a challenge. To help readers stay informed, Packet® maga- deployment and manageability of flexible, real-time, person-to-person video sessions zine’s “New Product Dispatches” pro- integrated services network designs. to be added transparently to telephone vide snapshots of the latest products cisco.com/packet/162_npd3 calls. With Cisco VT Advantage and Cisco released by Cisco between January CallManager 4.0, users can create an and April 2004. For real-time instant, face-to-face video call with access announcements of the most recently to the familiar hold, transfer, and confer- released products, see “News Voice and Video ence features of their Cisco IP phone. Archive, News Releases by Date” at newsroom.cisco.com/dlls/index.shtml. Cisco Internet Service Node 2.1 Enabled by integrating the Cisco VT Cisco Internet Service Node (ISN) 2.1 Advantage software with any Cisco IP ABOUT SOFTWARE: For the latest software provides Web-based IVR, queu- phone, a PC, and a USB video camera— updates, versions, and releases of all Cisco software products—from IOS ing, and IP switching services on both IP the Cisco VT Camera—this solution to management to wireless—regis- and traditional telephony networks to sup- allows enterprises to deliver IP telephony tered Cisco.com users can visit the port speech-enabled, customer self-service and IP video telephony to every employee Software Center at cisco.com/ applications. The ISN Voice Browser han- using a unified dial plan and a common kobayashi/sw-center/index.shtml. dles speech interaction with the caller, directory, over a single infrastructure

86 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

security enhancements, and new options for native support for Q.SIG and Session 120 QAM channels, or a mix of switch- private branch exchange (PBX) interoper- Initiation Protocol (SIP) signaling. These ing and QAM architectures. ability. The Cisco Video Telephony (VT) new CallManager 4.0 features are covered cisco.com/packet/162_npd6 Advantage software enables a user to in greater detail on page 45. activate an instant, face-to-face video cisco.com/go/ipcommunications Cisco MeetingPlace 8106 Rich-Media session while on a telephone call by inte- Conferencing Server grating any Cisco IP Phone, a PC, and a Cisco uMG9820 QAM Gateway and The Cisco MeetingPlace 8106 Rich- Cisco universal serial bus (USB) video uMG9850 QAM Module Media Conferencing Server allows users camera. Security enhancements in Cisco A new series of digital video quadrature to participate in and control secure audio CallManager 4.0 include industry-standard amplitude modulation (QAM) products and Web conferences through a Cisco IP digital certificates to confirm the identity of help cable operators deliver video-on- phone, traditional telephone, or PC. Cisco network devices, standards-based encryp- demand services with lower costs and MeetingPlace 8106 operates on carrier- tion for end-to-end privacy of voice calls, greater flexibility. The Cisco uMG9820 grade hardware and advanced system soft- and integration of Cisco Security Agent QAM Gateway and the Cisco uMG9850 ware that is connected to a PBX, IP (CSA) to provide proactive and adaptive QAM Module serve as gateways telephony system, or the public switched threat protection for Cisco IP phones, between an IP-based Gigabit Ethernet telephone network (PSTN). Suitable as an servers, and desktop computing systems. transport network and a hybrid fiber- enterprise conferencing solution, or a CSA brings together multiple levels of secu- coaxial (HFC) cable network carrying managed or hosted offering from a service rity by combining host intrusion prevention, MPEG-2 signals. The standalone provider, Cisco MeetingPlace 8106 sup- authentication to Cisco IP phones, dis- uMG9820 is a QAM-only platform opti- ports deployments up to 480 IP ports tributed firewall, malicious mobile code mized for smaller deployments, sup- within a single system; scalability is enabled protection, operating system integrity assur- porting up to 24 QAM channels in a by connecting to distributed servers over ance, and audit log consolidation. Also in single-rack-unit chassis. The uMG9850 the network. Cisco MeetingPlace is covered Cisco CallManager 4.0, enhanced interop- is installed in a Cisco Catalyst® 4500 in greater detail on page 45. erability with PBX systems is delivered by Series chassis for deployments with up to cisco.com/go/meetingplace

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 87

Policy Routing, Continued from page 12 match only the pings used by tracked objects ip route 0.0.0.0 0.0.0.0 2.2.2.2 254 set ip next-hop 4.4.4.1 -> secondary route will have a distance of 254 -> set the next hop to be the primary ISP’s router set interface null0 Step 6: Verify proper operation by displaying the routing table and -> discard the packet if it wasn’t forwarded to 4.4.4.1 other related items as in the previous scenario.

Step 3: Create a tracked object and associate the object with the More Scenarios and Configurations Online! SAA probe, which was previously configured. This is just a sample of the ways in which you can configure your network to determine when to use the primary or secondary ISP. For track 123 rtr 1 reachability more scenarios with sample configurations, including injecting routes -> creates track object# 123 to monitor service assurance into routing protocols based on reachability of hosts, non-ICMP test agent# 1 of server reachability, server running a given application, and Policy Routing, visit Packet Online at cisco.com/packet/162_4a1. Step 4: Associate the default route via the primary link with the tracked object.

ip route 0.0.0.0 0.0.0.0 4.4.4.1 track 123 FURTHER READING -> default route via primary ISP will be associated with track object #123. Policy-based Routing Support for Multiple Tracking Since the distance isn’t specified, the distance has a Options: value of one. cisco.com/packet/162_4a2 Reliable Static Routing Backup Using Object Tracking: Step 5: Configure a floating static route via the secondary ISP. The cisco.com/packet/162_4a3 administrative distance of the primary route must be lower than the administrative distance of the secondary route.

88 PACKET SECOND QUARTER 2004 CISCO SYSTEMS

Reprinted with permission from Packet® magazine (Volume 16, No. 2), copyright © 2004 by Cisco Systems, Inc. All rights reserved. MPLS Management, Continued from page 71 Cisco SAA is complementary to they can also create services that support called a responder can be placed on any NetFlow. It measures latency, jitter, and usage-based billing and service-class Cisco router, including customer equip- packet-loss metrics between two end- differentiation. ment, to gather real-time service-level mea- points to verify each customer’s service MPLS-Aware NetFlow. MPLS-Aware surements on a per-customer basis from the levels and generate statistical network NetFlow captures MPLS traffic that con- POP to the edge router, POP to POP, or CE trending information. Measurements can tains IP and non-IP packets. Network to CE. For example, service providers could be made end to end—between customer operators activate MPLS-Aware NetFlow offer a special managed service that enables VPN locations—or across the service inside an MPLS cloud on a subset of core customers running SAA on their customer provider backbone between either two backbone routers. These routers export premises equipment (CPE) to validate their MPLS PE routers or two “shadow” MPLS-Aware NetFlow data to an external own SLAs. SAA data also can be compiled routers. Shadow routers connect to edge NetFlow collector for further processing into monthly customer performance reports. routers to offload SAA processing so as and analysis. This mechanism provides a In addition to Layer 3 MPLS networks, not to impede forwarding performance. way to get accounting and capacity-plan- network operators can use MPLS-Aware SAA is also essential for connectivity test- ning data via an MPLS label. For example, NetFlow and MPLS-Aware SAA to gather ing and proactive verification of MPLS network operators can discover which accounting information and to monitor networks, and can be used to notify the points of presence (POPs) are forwarding Layer 2 VPNs built on AToM technology. network management system (NMS) of traffic and measure traffic volumes for- threshold violations for performance or warded by each POP. This article puts forth a basic introduction connectivity; path operations can be used MPLS-Aware NetFlow uses the Cisco to the new Cisco tools that network man- to isolate problem areas in the MPLS NetFlow Version 9 export format. The IETF agers can use to preserve the integrity of core. With NetFlow and SAA running in has chosen NetFlow Version 9 as a standard their existing revenue-generating services an MPLS network, operators can guar- template for the Internet Protocol while also offering premium Layer 2 and IP antee customer network service levels Information Export (IPFIX) of router-based services off of a common MPLS network and monitor per-customer SLAs in real flow information to data-collection devices platform. For more details on these capa- time. By gathering flow-by-flow account- and network management systems. bilities, refer to the links in the “Further ing data using MPLS-Aware NetFlow, MPLS-Aware SAA. An SAA feature Reading” box, page 71.

ADVERTISER INDEX ADVERTISER URL PAGE ADC—The Broadband Company www.adc.com/performance D AdTran www.adtran.com/info/wanemulation 2 Aladdin Knowledge Systems www.eAladdin.com/Cisco IFC American Power Conversion (APC) www.apc.com 4 BellSouth Business www.bellsouth.com/business OBC Boson Software www.boson.com/NetSim A Cisco Press www.ciscopress.com B Cisco Systems www.cisco.com/securitynow 34/35 eiQ Networks www.eiqnetworks.com 14 GL Communications www.gl.com/packet 87 NIKSUN www.niksun.com/packet 18 OPNET Technologies www.opnet.com 64 Panduit www.panduit.com/vip05 IBC RedSiren www.redsiren.com/packet.htm 26 SMARTS www.smarts.com 56 Solsoft www.solsoft.com/packet 8 The Siemon Company www.siemon.com/go/10Gip/pa 88 WANDL www.wandl.com 12 Websense www.websense.com F

CISCO SYSTEMS SECOND QUARTER 2004 PACKET 89

VIRUS NAMING Deskbar Searches ETIQUETTE Net Lingo and Wireless Top Ever since “Brain,” the first Sheepdip—The process of computer virus, was created in checking physical media, Internet Trends 1986, the antivirus researcher such as CD-ROMs, for who discovers a new worm viruses before they are he growth of mobility, wireless connectivity, and voice or virus is generally given the honor of naming it, according used in a computer. Tover IP are among the top Internet trends for 2004, to Wired News. A name is Typically, a computer that expected to have some rela- sheepdips is used only for according to the Web Talk Guys (webtalkguys.com/ tion to the capabilities or concept behind the virus, and that process and is isolated 10604.shtml). High on the trends list is the decline of desk- researchers are loosely bound from other computers and by a few other conventions. the network. Comes from top Web browsers as a way to obtain content, making room For example, viruses are not supposed to be named after the practice of dipping instead for deskbar-enabled direct Web searches (such as businesses or brand-name sheep in chemical solu- products. Using the name of a tions to clean their wool of Google Deskbar). It’s projected that the biggest growth in famous person is also frowned fleas and lice on, and no matter how peeved wireless connectivity will be among mice and keyboards, as a virus researcher is feeling, (webopedia.com). obscene or offensive names these all go wireless and their cost drops. are forbidden.

CYBER QUOTE Higher ROI for Aligning IT and Biz Strategies THE 5th WAVE “Man IS STILL Businesses that align their THE most IT and business strategies are significantly more likely extraordinary to achieve a high return on IT investment, according to computer OF ALL.” a recent survey of senior —John F. Kennedy, financial officers conducted 35th US President by Computer Sciences Corporation (csc.com) and Financial Executives International (fei.org). The sixth annual Technology Issues for Financial WANT TO BE A WEBMASTER? Executives survey, which Check out this article: looked at the IT trends most “Becoming a Webmaster: critical for chief financial One Man’s Journey” at officers and other senior clickfire.com/viewpoints/ finance executives, also found that only 10 percent articles/webmaster_become. of companies achieve a high php. From the correct rate of ROI for IT projects. spelling of Webmaster, to Among those companies where to look for a job, to with a business-aligned IT the right skills needed to suc- plan, however, the percent- ceed, this article lays it out. age more than doubles to 24 percent. ©The 5th Wave, www.the5thwave.com