Episode 158 - Smarter Routers

Episode 158 - Smarter Routers

 We recently had a chance to showcase the new ISR 4000 Series.  ISR remains the acronym for this family as it stands in for ‘Integrated Services Router.’  I am sure we made this argument before, but one way to characterize this one is to see just how much the innovation swings towards the ‘I’ and the ’S’ these days.  It makes sense. 

Read More

Networking 101: Auto-Negotiation

Auto-negotiation enables devices to automatically exchange information over a link about speed and duplex abilities. When it doesn't work, you need to resolve the problem quickly. Jimmy Ray Purser provides a few tips about how auto negotiation works and what to look for when you get the dreaded "my connection is slow" call.

 

TWTV119: Next Generation Encryption

There is so something intriguing about ‘secrets’ and the ability to communicate openly yet know that only your intended recipient can ‘decode’ your message. The concept is of course not a new one.  Its the practice of this in our now digital age that has had to advance and withstand increasingly complex challenges to survive.  

This show signals the new shift now happening as we move to the latest set of secure protocols needed for the next decade and beyond.  We brought in Cisco’s NGE (Next Generation Encryption) expert, Dr. David McGrew.  David is a Cisco Fellow who not only specializes in secure communications within our Router and Switch Security Group, but somewhere along the line got his Ph.D. In Theoretical Nuclear Physics. Geeez.  

David was our sole guest on this show so that we could cover several aspects of NGE. He has some very good blog entries to review on this for further coverage.  (Panos Kampanakis also covered NGE). Another good one to read for background here is David’s blog entry on the importance of the key…no matter how strong the cipher.

Understand Cryptography?

 Secure communication includes encryption, message authentication, key establishment, digital signatures and hashing.  Over the past 30 years, public key cryptography has become a mainstay for secure communications over the Internet and throughout many other forms of communications. They form the basis for key management and authentication for IP encryption (IKE/IPSEC), web traffic (SSL/TLS) and secure electronic mail.For digital signatures, public key cryptography is used to authenticate the origin of data and protect the integrity of that data. 

 

Fascinating spy vs spy stuff for just about any audience - but also required knowledge for the networking geek.  Why is that?  

Two big reasons: 

1. Moore’s Law - Moore’s law ensures that our crypto security gets just a little weaker every day. This means that we need to deploy cryptographic protocols that will remain secure for the NEXT 10 to 15 years. There is no way to know when an attacker has broken your cipher and is reading your traffic. 

2. Mobility and Performance - New techniques have been developed which offer both better performance and higher security than these first generation public key techniques. The best assured group of new public key techniques is built on the arithmetic of elliptic curves and is ideal for our increasingly smaller devices. 

Cisco Fellow, David McGrew has been instrumental in the development of GCM, or the Galois/Counter Mode algorithm which is also key to his work advancing Next Generation Encryption. With David’s help, we explore and explain what you need to know about cryptography from the basics to the advanced so you can properly prepare yourself and your network for the next 10 years and beyond. 

 1. Why We Need Cryptographic Awareness

Learn how and why encryption can be a challenging subject to master but valuable even at the beginning levels. 

 2. Introduction to Next Generation Encryption 

Securing your communications data requires a 10 year plan and the time to start is now. Join TechWiseTV and Cisco Fellow David McGrew as we introduce the need for Next Generation Encryption by fully understanding the suite of cryptographic protocols in use today.  Know what to watch for and where certain protocols make more sense than others. 

 3. Roadblocks to Next Generation Encryption

NGE or Next Generation Encryption has technically been around since the 1980’s. Couple this with our claim today that it is a superior encryption method and it begs the question - why is not in place already?  Cisco Fellow and Cryptanalyst David McGrew returns to answer this question and more as we continue our cryptographic awareness series.  What you really need for commercial grade communications and more. 

 4. Elliptic Curve Cryptography - Master Class

Public-key cryptography is based on the intractability of certain mathematical problems. Early public-key systems are secure assuming that it is difficult to factor a large integer composed of two or more large prime factors. For elliptic-curve-based protocols, it is assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible. The size of the elliptic curve determines the difficulty of the problem. The primary benefit promised by ECC is a smaller key size, reducing storage and transmission requirements.  Watch this TechWiseTV segment to watch an Engineer from Tennessee simply these concepts with nothing but a whiteboard.  

5. Cisco, NGE and You

Robb and Jimmy Ray wrap up the Next Generation Internet story with an important review of deployment techniques and best practices. 

LINKS OF INTEREST:

Breaking Germany's Enigma Code
FLAME
RSA Factoring Challenge

 

Contributors: Emma Kilcoyne, David McGrew

Guest: Dr. David McGrew, Cisco Fellow

 

As always...thank you for watching!

 

________
Robb Boyd
Managing Editor/Producer/Host

@robbboyd

Watch our fan film: Raiders of the Lost Ark

Keep up: techwisetv.com, fundamentals.techwisetv.com, blog.techwisetv.com
facebook.com/techwise, twitter

TWTV118: Maximize your WAN with Cisco ISR

Episode 118, Project ID 1206

Taped July 10, 2012, Released August 3, 2012

Guests: Vasanth Raghavan, Manu Parbhakar, Adam Groudan 

Don't leave the 'S' out of your ISR...

Are you getting all the value you can out of your router? Chances are high that you either have a high performance machine at the edge of your network that is just idling or you will soon. The value of this show applies equally to those of you who roll your own as well as leverage services from our service provider partners.

We include actionable information in at least four areas - 
1. Security - secure services…managed VPN enhancements, virtual office and traditional security
2. Cloud Connectors - Specifically Cloud Enhanced Voice and Video (HCS)
3. A field trip!  - Smart Guidance for architecture deployment (SBA) - who likes being first?  You don’t have to…chances are high that the SBA guys have already failed first..and then published the ‘architectural manual’
4. Machine to Machine - the high growth potential that network intelligence can bring to your most critical functions like transportation, vending machines, people…you can put a router on anything!

 

Don't miss the workshop!

 

Fundamentals of VXLAN

FUN25, Project 1200

Virtual AND Extensible

Find out how Virtual Extensible LAN (VXLAN) delivers the scalability required for multi-tenancy isolation in the cloud. See why this joint effort from Cisco, VMWare, Citrix, and Red Hat is fast becoming the first choice of engineers around the world. Host Robb Boyd guides you through the technical differences that make VXLAN a smarter, more scalable choice in your enterprise than the traditional VLAN

TWTV117: Cloud Intelligent Network

Episode 117, Project ID 1060

Taped May 15, 2012, Released June 13, 2012

Guests: Anurag Gurtu, Matt Bolick, Vijay Sagar, Prashanth Shenoy, Zeus Kerravala 

Network Intelligence

As a fundamental and critical part of a successful cloud implementation, the network is poised for incredible leaps of intelligence.  The WAN has been re-defined as Weak Area Network contributing to poor performance, inadequate security, lack of visibility and complex management.  An intelligent network endows the WAN with the  efficiency of cloud and and the confidence of a private network.  This TechWiseTV episode is stuffed with incredible innovations that deliver on a cloud journey you can embrace. 

Live@Interop: Network Management

Project 1061, Taped at Interop 2012 in Las Vegas and released same day

Closing the Loop for Effective Network Operations Management

Industry analyst Jim Frey of Enterprise Management Associates discusses how Cisco Prime and Prime Assurance Manager addresses the challenges of managing effective application and service delivery.

Managing Beyond BYOD

Concerned about the proliferation of mobile devices in your enterprise IT -   Cisco experts will demonstrate how Cisco Prime can be used to simplify the management of BYOD - live from Interop. Guest: Tomer Hagay

Netflow Next Generation Appliance

You can't manage what you can't see. The Netflow Next Generation Appliance converts packet level details from the data center switching fabric and converts data into normalized and correlated Netflow data to provide visibility for visibility and troubleshooting of application performance.  Jimmy Ray Purser from TechWiseTV checks out the latest tools from Interop with special guest engineer Damien Lim.

Cisco Prime Update

Lower operating expenses and improve network availability – Cisco Prime Update live from Interop.  The latest updates to Cisco Prime network strategy and recent updates to the Cisco Prime product portfolio. Guest Engineer: Obaid Vanjara