Cisco Catalyst

Abstract: Flow-based DDoS attack detection is typically performed by analysis applications that are installed on or close to a flow collector. Although this approach allows for easy deployment, it makes detection far from real-time and susceptible to DDoS attacks for the following reasons. First, the fact that the flow export process is timeout-based and that flow collectors typically provide data to analysis applications in chunks, can result in detection delays in the order of several minutes. Second, by the nature of flow export, attack traffic may be amplified by the flow export process if the original packets are small enough and are part of small flows. We have shown in a previous work how to perform DDoS attack detection on a flow exporter instead of a flow collector, i.e., close to the data source and in a real-time fashion, which however required access to a fully-extendible flow monitoring infrastructure. In this work, we investigate whether it is possible to operate the same detection system on a widely deployed networking platform: Cisco IOS. Since our ultimate goal is to identify besides the presence of an attack also attackers and targets, we rely on NetFlow. In this context, we present our DDoS attack detection prototype that has shown to generate a constant load on the underlying platform — even under attacks — underlining that DDoS attack detection can be performed on a Cisco Catalyst 6500 in production networks, if enough spare capacity is available.

Abstract: This paper studies a unique network feature, Ethernet bridge, in the Linux kernel and conducts an extensive experiment to measure its performance as defined in RFC2544. The result shows that Linux bridge yields satisfactory performance if the system occupancy is less than 56% where its latency and throughput are comparable to Cisco Catalyst 2950 switch. The performance is considered acceptable until system occupancy reaches 85%. We also compared the performance between Linux bridge and Linux router, and the results are almost the same as measured by latency and throughput. The contributions of this study are summarized as follows: 1. With its open source, Linux bridge is like programmable switch for education and research. We are encouraged by the performance results of this study, and plan for more advanced research on Linux bridge in load balancing and high availability. 2. The performance result shows that Linux can be deployed as an effective network device if its occupancy is properly engineered for targeted applications. One example is network firewall where the Wide Area Network (WAN) link is usually than 10M. 3. Our experiment of bridge and router configuration can be used for classroom demo and lab exercise on data network education. The use of RFC-2544 serves as a useful guide to learn network benchmark testing and performance measurements.

Abstract: The most complete guide to Cisco Catalyst(r) switch network design, operation, and configuration * Master key foundation topics such as high-speed LAN technologies, LAN segmentation, bridging, the Catalyst command-line environment, and VLANs * Improve the performance of your campus network by utilizing effective Cisco Catalyst design, configuration, and troubleshooting techniques * Benefit from the most comprehensive coverage of Spanning-Tree Protocol, including invaluable information on troubleshooting common Spanning Tree problems * Master trunking concepts and applications, including ISL, 802.1Q, LANE, and MPOA * Understand when and how to utilize Layer 3 switching techniques for maximum effect * Understand Layer 2 and Layer 3 switching configuration with the Catalyst 6000 family, including coverage of the powerful MSFC Native IOS Mode Cisco LAN Switchingprovides the most comprehensive coverage of the best methods for designing, utilizing, and deploying LAN switching devices and technologies in a modern campus network. Divided into six parts, this book takes you beyond basic switching concepts by providing an array of proven design models, practical implementation solutions, and troubleshooting strategies. Part I discusses important foundation issues that provide a context for the rest of the book, including Fast and Gigabit Ethernet, routing versus switching, the types of Layer 2 switching, the Catalyst command-line environment, and VLANs. Part II presents the most detailed discussion of Spanning-Tree Protocol in print, including common problems, troubleshooting, and enhancements, such as PortFast, UplinkFast, BackboneFast, and PVST+. Part III examines the critical issue of trunk connections, the links used to carry multiple VLANs through campus networks. Entire chapters are dedicated to LANE and MPOA. Part IV addresses advanced features, such as Layer 3 switching, VTP, and CGMP and IGMP. Part V covers real-world campus design and implementation issues, allowing you to benefit from the collective advice of many LAN switching experts. Part VI discusses issues specific to the Catalyst 6000/6500 family of switches, including the powerful Native IOS Mode of Layer 3 switching. Several features in Cisco LAN Switchingare designed to reinforce concepts covered in the book and to help you prepare for the CCIE exam. In addition to the practical discussion of advanced switching issues, this book also contains case studies that highlight real-world design, implementation, and management issues, as well as chapter-ending review questions and exercises. This book is part of the Cisco CCIE Professional Development Series from Cisco Press, which offers expert-level instruction on network design, deployment, and support methodologies to help networking professionals manage complex networks and prepare for CCIE exams.

Abstract: IPv6 for Enterprise Networks The practical guide to deploying IPv6 in campus, WAN/branch, data center, and virtualized environments Shannon McFarland, CCIENo. 5245 Muninder Sambi, CCIE No. 13915 Nikhil Sharma, CCIE No. 21273 Sanjay Hooda, CCIE No. 11737 IPv6 for Enterprise Networks brings together all the information you need to successfully deploy IPv6 in any campus, WAN/branch, data center, or virtualized environment. Four leading Cisco IPv6 experts present a practical approach to organizing and executing your large-scale IPv6 implementation. They show how IPv6 affects existing network designs, describe common IPv4/IPv6 coexistence mechanisms, guide you in planning, and present validated configuration examples for building labs, pilots, and production networks. The authors first review some of the drivers behind the acceleration of IPv6 deployment in the enterprise. Next, they introduce powerful new IPv6 services for routing, QoS, multicast, and management, comparing them with familiar IPv4 features and behavior. Finally, they translate IPv6 concepts into usable configurations. Up-to-date and practical, IPv6 for Enterprise Networks is an indispensable resource for every network engineer, architect, manager, and consultant who must evaluate, plan, migrate to, or manage IPv6 networks. Shannon McFarland, CCIE No. 5245, is a Corporate Consulting Engineer for Cisco serving as a technical consultant for enterprise IPv6 deployment and data center design with a focus on application deployment and virtual desktop infrastructure. For more than 16 years, he has worked on large-scale enterprise campus, WAN/branch, and data center network design and optimization. For more than a decade, he has spoken at IPv6 events worldwide, including Cisco Live. Muninder Sambi, CCIE No. 13915, is a Product Line Manager for Cisco Catalyst 4500/4900 series platform, is a core member of the Cisco IPv6 development council, and a key participant in IETFs IPv6 areas of focus. Nikhil Sharma, CCIE No. 21273, is a Technical Marketing Engineer at Cisco Systems where he is responsible for defining new features for both hardware and software for the Catalyst 4500 product line. Sanjay Hooda, CCIE No. 11737, a Technical Leader at Cisco, works with embedded systems, and helps to define new product architectures. His current areas of focus include high availability and messaging in large-scale distributed switching systems. n Identify how IPv6 affects enterprises n Understand IPv6 services and the IPv6 features that make them possible n Review the most common tranisition mechanisms including dual-stack (IPv4/IPv6) networks, IPv6 over IPv4 tunnels, and IPv6 over MPLS n Create IPv6 network designs that reflect proven principles of modularity, hierarchy, and resiliency n Select the best implementation options for your organization n Build IPv6 lab environments n Configure IPv6 step-by-step in campus, WAN/branch, and data center networks n Integrate production-quality IPv6 services into IPv4 networks n Implement virtualized IPv6 networks n Deploy IPv6 for remote access n Manage IPv6 networks efficiently and cost-effectively This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.