DOCSLIB.ORG

Cisco Services Cisco Service Provider Architecture Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cisco Services Cisco Service Provider Architecture Applications Security at the Speed of the Network: Automating and Accelerating Security Through SDN and NfV BRKSEC-2760 Hantzley Tauckoor – CISSP #472723, CCDE #2015::43 Consulting Systems Engineer – MANO & Programmability Global Virtual Engineering, Cisco Systems ./about_me Hantzley Tauckoor Consulting Systems Engineer – MANO & Programmability Global Virtual Engineering, Cisco Systems linkedin.com/in/hantzley Twitter: @hantzley [email protected] Agenda • Security from the Service Provider perspective • Putting SDN/NFV to work – DDoS • Automating Security in the SP Data Centre • Generating new revenue streams with hosted security services • SDN & NFV Infrastructure Security • Summary Agenda • Security from the Service Provider perspective • Putting SDN/NFV to work - DDoS • Automating Security in the SP Data Centre • Generating new revenue streams with hosted security services • SDN & NFV Infrastructure Security • Summary Security from the Service Provider Perspective Trends: New Opportunities … The world has gone mobile Traffic growth, driven by video 120,000 Other (43%, 25%) 10XDynamic Mobile Traffic Growth Threat100,000 LandscapeInternet Video (57%, 75%) From 2013-2019 80,000 Changing 23% Global Customer 60,000 CAGR 40,000 2013- 2018 Expectations Ubiquitous Access to Apps & Services 20,000 Petabytes Petabytes per Month 0 2013 2014 2015 2016 2017 2018 Rise of cloud computingIncreasing ThreatMachine Sophistication-to-Machine Risks to Service ProvidersEmergence of the Internet of Everything Soon to and Their Customers Change SP Architectures/ Changing Enterprise Service Delivery Business Models Efficiency & Capacity People Process Data Things Your Customers Are Being Attacked By DDoS 2015 Verizon Data Breach Investigations Report ~ 84% of initial ~ 65% of initial compromises compromises completed within undetected for hours months Compromise Detection Legacy Security: Costly & Complex Limited integration, security gaps Siloed Hinders realization of Manual Hard-coded processes open and programmable networks Inefficient Over-provisioned, static, and slow SDN Automation: The Speed of The Network DURING AFTER Threat Analytics BEFORE Control Visibility How Automated Are You Today? DURING AFTER Threat Analytics Automated Manual BEFORE Control Visibility Managing The Threat Lifecycle Protecting the Infrastructure and Offering Elastic Managed Services Attack Continuum BEFORE DURING AFTER Control Detect Scope Enforce Block Contain Harden Defend Remediate Firewall VPN NGIPS Advanced Malware Protection NGFW UTM Web Security Network Behaviour Analysis NAC + Identity Services Email Security Forensic Analytics DDoS Visibility/Mitigation Services Visibility, Context, Autonomics and BCPs Orchestration VMS Quantum WAVE HSS Cloud Services Orchestration WAN Orchestration UBIqube – MS Activator Real Time application of the right Real time topology and service service, in the right place, at the right Security Domain Management health information time Anatomy of the SP network Aggregation/ Access Service Edge Data Center Video Dist Core Transport Mobile Cell Site Router Residential CMTS, DSLAM Enterprise WAN Business FW, VPN, FW, VPN, MACsec Security CGNAT, NGIPS, MACsec, FW, NGIPS, AMP, Volumetric DDoS Features AMP VPN, NGIPS, AMP Volumetric DDoS VPN Mobile Inspection App DDoS App DDoS SP Security Best Practices - http://tools.cisco.com/security/center/serviceProviders.x?i=76 Security for Open & Programmable Networks Cisco Services Cisco Service Provider Architecture Applications & Services OPEN APIs OPEN APIs Service Broker Benefits: Evolved Services Catalog Service Orchestration Platform of Virtual • New Revenue StreamsProfile Engine SMART Functions SERVICE CAPABILITIES • Increased Business Agility OPEN APIs OPEN APIs • Lower OperatingEvolved Costs Programmable Network Compute Storage Network Security Network Programmability Network Bandwidth Load Monitoring Management Balancing Programmatic Interface Controller Topological awareness CLI Policy resolution Netconf : - OpenFlow ) REST APIs Programmability Across Multiple Controllers Threat Defense Security Policy Service Orchestrator Campus / WAN Data Centre APIC-EM / WAE Controller APIC Controller App App A Plethora of Controllers Open Source Data Center Campus WAN Projects APIC WAE SDN Controller Under Linux Foundation Security extensions Common vendor supported framework Service Chaining User/Things Network Application Network Profile Traffic Optimization Flow Profile QoS, Security, SLA, SLA, Security, QoS, Monitor for path Load Balancing Device, Location, Role Cloud Orchestration constraint violations Objective: Extend OpenStack Neutron’s networking model with new policy APIs Automate network VTS changes to ensure Openstack “Sister-project” to group based policy in OpenDaylight path compliance Overlay Automation Transition to All-virtualised Services? All SP services are virtualising … Drivers: Some services move straight to Scansafe SAAS Webex2 • Reducing total Service SDVPN SP OpEx and CapEx Video HCS • Increased service Can be leveraged to velocity and System HCS offer SAAS agility Offering L2 / L3 SP • Increasing VPN VideoVideo GWs Mobile SP infrastructure revenue services services transitioning to Product Ent CPE Managed NFV Services IAAS HW Appliance Virtualise existing functions SAAS-based solutions Implementation Network Function Virtualization • Movement of Network functions to the cloud • Control, services and data plane components • NFV is not applicable to all network applications • However most service functions are in the frame • High performance plumbing is not at the moment • NFV is an architecture rather than simply virtualizing functions • Virtual services, compute • service chaining, overlays • Orchestration and redirection • Covered a number of use cases See also: http://www.etsi.org/deliver/etsi_gs/NFV/001_099/002/01.01.01_60/gs_NFV002v010101p.pdf Evolving The Network Software Stack Application Unified Evolved VPN: Custom CCS … Software Communications CloudVPN,… Apps Orchestration: Management: Optimization: … NSO, .. Prime, .. WAE, .. Infrastructure Software Base Control Infrastructure Network OS: Plugins: Embedded IOS-XE, NX-OS, … Puppet, Guest shell,… Software virtual physical Base OS: Protocols: Linux, … IETF, IEEE, … Summary: The Building Blocks Service Orchestration Orchestration Automation, provisioning and interworking of physical and virtual resources NFV SDN NFV Network functions and software running on any open standards-based hardware SDN Separation of control and data plane, controllers Traditional Traditional Distributed control plane components, physical entities Agenda • Security from the Service Provider perspective • Putting SDN/NFV to work - DDoS • Automating Security in the SP Data Centre • Generating new revenue streams with hosted security services • SDN & NFV Infrastructure Security • Summary Putting SDN/NFV to Work: Security Services Virtualization & SDN DDoS Mitigation Distributed Denial of Service Attack Mitigation Controller Distributed Denial of Service Attack Mitigation Controller Traffic Statistics Distributed Denial of Service Attack Mitigation DoS Controller Traffic Statistics Distributed Denial of Service Attack Mitigation DoS Controller Traffic Statistics Traffic Redirection Distributed Denial of Service Attack Mitigation DoS Controller Traffic Statistics Traffic Redirection Cisco ASR 9000 vDDoS Protection Arbor Networks ASR 9000 with Cisco ASR 9000 Threat Management System (TMS) Virtual Services Module (VSM) vDDoS Protection “Powered By Arbor Networks” Architectural Unified Scalable Reduced Flexible Superiority Management Performance OPEX Deployment ASR 9000 vDDoS Solution Components • Virtualized Peakflow SP Collects Flow records Detects abnormal network behavior DDoS and trigger alerts DDoS Mitigation Can influence the routing, injecting Detection BGP routes in the network Supports BGP FlowSpec as a Controller Virtualized Arbor Peakflow Sets up and monitors the TMS SP remotely ASR 9000 • Virtual DDoS SW (running on A9K VSM)ASR Configured by SP, receives diverted9000 traffic and proceeds to in-depth packet analysis VSM running Discards the attack packets and vDDoS SW transmits the legit ones Licenses Provides real-time monitoring info to operators How Peakflow works? 1 – Anomaly detection 2 – Volumetric DDoS: ACL, BGP FlowSpec 3 – L4-L7 DDoS: redirect to ASR 9K for intelligent mitigation Enterprise A Peering Point ASR 9K ACL PE Arbor Peakflow SP6000 ACL Core Router Peering Enterprise C Point PE 5 – Forward 4 – Identify and filter the legitimate traffic: the malicious GRE, MPLS, … requests Enterprise B Integrated Security Services “at Scale” Legacy Security: Siloed, Inefficient & Expensive 1001 1001 0001011 1001 0001011 1001 0001011 1100010 Data 0001011 1100010 1110 1100010 1110 1100010 1110 Packet 1110 DDoS WAF Sandbo 1001 x 1001 0001011 1001 0001011 0001011 1100010 1100010 1110 1100010 1110 1110 Sandbox DDoS Platform WAF Platform Platform SSL FW IPS / SSL Platform FW Platform IPS Platform Reduced Effectiveness Increased Latency Slows Network Static & Manual Cisco Transforms Security Service Integration Data Packet Siloed Sandbo DDoS WAF x Key: Cisco Service DDoS Platform WAF Platform Sandbox 3rd Party Service 1001 Data SSL000101 FW IPS 111000 SSL DDoS FW WAF NGIPS AMP Packet 101110 1001 0001011 1100010 SSL Platform FW Platform IPS Platform 1110 Integrated Limited effectiveness Increased latencyUnified PlatformSlows network Static & Manual Maximum protection Highly efficient Scalable processing Dynamic Firepower 9300 Platform NEW High-Speed,
Load more

Recommended publications
  • Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 5.3.X
    Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 5.3.x First Published: 2015-01-12 Last Modified: 2015-08-27 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide Cisco IOS XR Release 3.7.2 March 2009
    Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide Cisco IOS XR Release 3.7.2 March 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: OL-17241-01 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • System Setup and Software Installation Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.7.X
    System Setup and Software Installation Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.7.x First Published: 2020-08-01 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Deployment Guides Deploying Reactive Ddos Protection Using
    DEPLOYMENT GUIDE DEPLOYING REACTIVE DDOS PROTECTION USING A10 AGALAXY SYSTEM Building and operating DDoS defenses is a critical first step for IT administrators in protecting their OVERVIEW infrastructure and application from crushing DDoS attacks. Learning the nuances of a new platform requires reading reference manuals and in many cases, hands-on trial and error experience. We have written this deployment guide to give you a simple-to-understand jumpstart in building your defenses. This deployment guide provides the instructions with screenshots from the A10 Networks aGalaxy® management system to speed up your ability to configure, monitor, and manage the A10 Thunder TPS™ Mitigator and Thunder TPS Detector. The deployment mode shown in this document is flow-based static detection with BGP traffic redirection to an asymmetric reactive mitigation scrubbing platform. A10 components covered in this deployment guide include: • aGalaxy management system • Thunder TPS Mitigator • Thunder TPS Detector (configured with peacetime baselining using Detection 1.0 setting) Who is the reader? IT administrators What is the challenge? The many steps in setting up an A10 Thunder TPS DDoS defense system in a reactive mode What is the solution? A step-by-step guide for TALK configuring aGalaxy and Thunder TPS WITH A10 What is the goal? To educate IT administrators on how to set up DDoS defense with aGalaxy CONTACT US a10networks.com/contact TABLE OF CONTENTS OVERVIEW ...........................................................................................................................................................................
    [Show full text]
  • System Management Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 7.3.X
    System Management Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 7.3.x First Published: 2021-02-01 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • System Security Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.6.X
    System Security Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.6.x First Published: 2019-04-01 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide, Release 5.3.X
    Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide, Release 5.3.x First Published: 2015-01-15 Last Modified: 2015-09-11 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Deploying Carrier Ethernet Services on ASR-9000
    Deploying Carrier Ethernet Services on ASR-9000 Kashif Islam – Solutions Architect BRKSPG-2202 Cisco Spark Questions? Use Cisco Spark to chat with the speaker after the session How 1. Find this session in the Cisco Live Mobile App 2. Click “Join the Discussion” 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be cs.co/ciscolivebot#BRKSPG-2202 available until July 3, 2017. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Agenda • Cisco EPN and Agile Carrier Ethernet Architecture • ASR-9000 and IOS-XR Recap • ASR-9000 Configuration Toolset • Services Evolution with EVPN • Services Management and Orchestration • Summary © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco EPN and Agile Carrier Ethernet Architecture Market Trend: Network Infrastructure Convergence Single Any-Service Network for Lower CAPEX & OPEX • One efficiently utilized network • One operational model Mobile Backhaul • All services on a single network Business / Private Cloud Residential Triple Play SONET/ATM Multiple under-utilized networks • Up to 75% CAPEX savings No integration between services • OPEX efficiency – one skill set Different operational skill sets • Revenue opportunities – one access, multiple services BRKSPG-2202 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Cisco EPN Vision On-Demand Automated Services Anywhere Policy Always “ON” Real-Time Fully Dynamic Scale Analytics Virtualized Intelligent Open and Convergence Programmable Agility Application Seamless Interaction Experience Business VM CDN VM Core ApplicationsService Broker “Businessand Services Intents” Optimize APIs Edge Cloud Service Profile Orchestration Catalog of Virtual “Operational Intent” Engine Functions Access CORE Provisioning / AssuranceNCS NCS / ProgrammingEDGE Mobility £ APIs Access Revenue ¥$€ Evolved Programmable Transport Network BRKSPG-2202 © 2017 Cisco and/or its affiliates.
    [Show full text]
  • Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Cisco IOS XR Software Release 3.7
    DRAFT —Cisco Confidential Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Cisco IOS XR Software Release 3.7 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-17502-01 DRAFT —Cisco Confidential CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks
    [Show full text]
  • System Security Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 7.3.X
    System Security Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 7.3.x First Published: 2021-02-01 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Netflow Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 7.1.X
    Netflow Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 7.1.x First Published: 2020-01-29 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Cisco ASR 9000 Series 400G and 200G Modular Line Cards Data Sheet
    Data Sheet Cisco ASR 9000 Series 400G and 200G Modular Line Cards Product Overview The new Cisco® ASR 9000 Series 400G (Figure 1) and 200G Modular Line Cards provide customers with a highly flexible solution. They support multiple combinations of Ethernet ports, all in a single slot of the Cisco ASR 9000 Series Aggregation Services Routers (ASR 9000 Series). These modular line cards have two open bays (bay 0 and bay 1) for plugging in ASR 9000 Series modular port adapters (MPA), which gives network operators the flexibility to choose the ideal port density, speed, and optic based on their network requirements. With ASR 9000 Series modular line cards and the MPA portfolio, Cisco continues to focus on investment protection, along with consistent feature support, broad interface availability, and the latest technology. The latest additions to the MPA portfolio include the Cisco ASR 9000 Series 20-Port 10GE Modular Port Adapter (Figure 2), the 2-Port 100GE Modular Port Adapter (Figure 3), and the 1-port 100G Modular Port Adapter (Figure 4). The minimum software release versions for these new MPAs are shown in Table 5 and Table 6. Supported pluggable interfaces are shown in Table 4. Using modular line cards along with port adapters, the ASR 9000 Series can support a wide range of customer applications, including video on demand, Internet Protocol Television (IPTV), point-to-point video, Internet video, and cloud-based computing. The line cards can also be used to deliver economical, scalable, highly available, line-rate Ethernet, and IP/Multiprotocol Label Switching (IP/MPLS) edge services.
    [Show full text]