Cisco Systems OL-12518-01 Cisco Encryption Solutions, VPNSM-DES, 3DES MDS MPS-DES, 3DES, AES192

Page 6

Chapter 4 FCIP over IP/MPLS Core

Typical Customer Requirements

SPs providing VPN service to transport FCIP traffic to provide additional security

Using an MPLS extranet for application-specific security

Cisco Encryption Solutions

For selecting compression solutions for FCIP SAN extension, a user needs to determine the requirements for the encryption solution. These requirements may include the speed of the link that needs encryption, the type of encryption required, and the security requirements of the network. Cisco offers three hardware-based encryption solutions in the data center environment. The SA-VAM and SA-VAM2 service modules for the Cisco 7200 VXR and 7400 series routers and the IPSec VPN Services Module (VPNSM) for the Catalyst 6500 switch and the Cisco 7600 router.

Each of these solutions offers the same configuration steps, although the SA-VAM2 and IPSec VPNSM have additional encryption options. The SA-VAM and SA-VAM2 are used only in WAN deployments, whereas the IPSec VPNSM can support 1.6 Gb/sec throughput, making it useful in WAN, LAN, and MAN environments.

The SA-VAM is supported on the 7100, 7200 VXR, and 7401 ASR routers with a minimum Cisco IOS version of 12.1(9)E or 12.1(9)YE. For use in the 7200 VXR routers, the SA-VAM has a bandwidth cost of 300 bandwidth points. The SA-VAM has a maximum throughput of 140 Mps, making it suitable for WAN links up to DS3 or E3 line rates.

The SA-VAM2 is supported on the 7200 VXR routers with a minimum Cisco IOS version of 12.3(1). The SA-VAM2 has a bandwidth cost of 600 bandwidth points. The SA-VAM2 has a maximum throughput of 260 Mps, making it suitable for WAN links up to OC-3 line rates.

The IPSec VPNSM is supported on the Catalyst 6500 switch and the Cisco 7600 router with a minimum Native IOS level of 12.2(9)YO. For increased interoperability with other service modules and additional VPN features, it is recommended that a minimum of 12.2(14)SY be used when deploying this service module.

The choice between these solutions should be based primarily on the following two factors:

Available link speed or bandwidth

Security encryption policies and encryption methods required

The Cisco MDS 9000 with MLS14/2 and the Cisco 9216i support encryption with no performance impact. The MPS Service Module and the Cisco 9216i support line rate Ethernet throughput with AES encryption.

The following are encryption methods supported per module:

SA-VAM—DES, 3DES

SA-VAM2—DES, 3DES, AES128, AES192, AES256

VPNSM—DES, 3DES

MDS MPS—DES, 3DES, AES192

Note An encrypted data stream is not compressible because it results in a bit stream that appears random. If encryption and compression are required together, it is important to compress the data before encrypting it.

Data Center High Availability Clusters Design Guide

4-6

OL-12518-01

 

 

Image 6
Contents Overview A P T E RTypical Customer Requirements SAN Extension Through SP NetworkCompression Compression Support in Cisco MDS2shows a comparison of the Cisco compression solutions Compression Modes and RateCisco Compression Solutions SecurityCisco Encryption Solutions VPNSM-DES, 3DES MDS MPS-DES, 3DES, AES192Using Fcip Tape Acceleration Write AccelerationTCP Operations TCP ParametersTCP Window Size TCP Maximum BandwidthTCP Minimum Available Bandwidth Cisco Round Trip TimeIPS Module Cisco MDS Cisco FcipMultiprotocol Services Module CPE Selection-Choosing between the 9216iQoS Requirements in Fcip Applications Synchronous ReplicationAsynchronous Replication Service Offerings over Fcip Service Offering Scenario A-Disaster RecoveryService Offering Scenario B-Connecting Multiple Sites Fcip over SP IP/MPLS Core for Disaster Recovery SolutionsService Offering Scenario C-Host-based Mirroring SP MplsMpls VPN Core CPEUsing VRF VPNs Mpls VPN for Storage ArchitectureTesting Scenarios and Results Lab Setup and TopologyTest Objectives VPN VRF-Specific Configurations MP BGP Configuration-PE1MP BGP Configuration-PE2 Gigabit Ethernet Interface Configuration-PE1VRF Configuration-PE1 Gigabit Ethernet Interface Configuration-PE2VRF Configuration-PE2 Scenario 1-MDS 9216i Connection to GSR Mpls CoreConfiguring TCP Parameters on CPE Cisco MDS Configuring the MTUScenario 2-Latency Across the GSR Mpls Core ThroughputScenario 3-Cisco MDS 9216i Connection to Cisco 7500 PE/GSR P Scenario 4-Impact of Failover in the Core Scenario 5-Impact of Core Performance17shows the MDS Fcip and compression latency Application Requirements Compression Ratio ComparisonsRemote Tape-Backup Applications Conclusion

OL-12518-01 specifications

Cisco Systems OL-12518-01, also known as the Cisco Management Services for Wireless LAN Controller, is a key component for businesses seeking to enhance their wireless networking capabilities. This product offers a comprehensive management solution designed to ensure high performance and security of wireless networks.

One of the main features of OL-12518-01 is its centralized management interface, which simplifies the deployment and operation of multiple access points across an organization. This centralized approach allows network administrators to manage all wireless devices from a single pane of glass, significantly improving operational efficiency and reducing the potential for human error.

The product is built upon various robust technologies that enhance its performance. It includes advanced features like Quality of Service (QoS) support, which prioritizes bandwidth for critical applications. This ensures that mission-critical operations run smoothly, even in environments with high user density. Furthermore, the Wireless LAN Controller supports a variety of security protocols, including WPA3, ensuring that user data and wireless networks are protected against unauthorized access.

A significant characteristic of OL-12518-01 is its scalability. As businesses grow, their network requirements can change dramatically. The Cisco Management Services solution is designed to scale easily alongside the organization’s needs, allowing for the addition of more access points and the integration of advanced features seamlessly. This adaptability makes it suitable for both small businesses and large enterprises, ensuring consistent wireless connectivity across diverse spaces.

Moreover, OL-12518-01 features robust analytics and reporting capabilities. It provides valuable insights into network performance and user behavior, enabling administrators to make informed decisions about resource allocation and troubleshooting. With real-time monitoring tools, IT staff can quickly identify and resolve issues, minimizing downtime and enhancing overall user experience.

In summary, Cisco Systems OL-12518-01 is a powerful wireless LAN management solution that combines centralized management, advanced security features, scalability, and comprehensive analytics. These characteristics make it an ideal choice for organizations aiming to optimize their wireless networking performance while ensuring security and reliability in their operations. By investing in OL-12518-01, businesses can achieve a robust wireless infrastructure that meets their current and future needs.