Q. What is Cisco® Network Planning Solution (NPS)?
A. Cisco NPS is a decision support tool that helps network planning, engineering, and operations organizations to support growth, ensure network resiliency including during unplanned changes or failures, improve application and service continuity, plan for new technology deployments, and validate planned configuration changes. It uses a high-fidelity software model of the IT infrastructure, accurately simulating the behavior of routers, switches, protocols, and individual applications, to enable a broad scope of change impact ("what-if") analyses. Using current or projected traffic data, Cisco NPS automates network design and optimization to support the deployment of new applications and services and help ensure efficient use of resources. Cisco NPS also incorporates a rules-based engine for configuration analysis so that proposed changes can be validated prior to deployment.
Cisco NPS is a combination of integrated software applications: a Design and Analysis engine that actually builds a network model, performs analysis and design, and provides visualization and reporting and a Virtual Network Data Server that facilitates the creation of a high-fidelity network model based on configuration, topology, and traffic information.
An optional Cisco NPS Service Provider Module (SPM) extends support to encompass service provider-centric protocols and technologies, including Multiprotocol Label Switching (MPLS) and Intermediate System-to-Intermediate System (IS-IS).
Q. Is Cisco NPS part of the Cisco Network Application Performance Analysis (NAPA) solution?
A. Yes. The Cisco NAPA solution redefines how enterprises can monitor and manage application performance and network services to support business initiatives. For more information about the Cisco NAPA solution, please visit: www.cisco.com/go/napas.
Q. What types of users will benefit from Cisco NPS?
A. Cisco NPS is suitable for any medium-sized or large enterprise that operates an IP or ATM-based network to support critical business applications. It supports numerous planning and operational decision studies for network planning, operations, and engineering staff. Cisco NPS is unique in its broad and detailed support for Cisco devices and configuration commands, comprehensive and automated data-management capabilities, and integrated modeling of IP/MPLS (and ATM) networks.
Q. What are some typical studies a user would perform with Cisco NPS?
A. Typical studies include:
• Visualizing and understanding connectivity, routing, and link utilization in the production network
• Planning network capacity, including projecting future traffic demands and automatically sizing links
• Assessing network resiliency by predicting the impact of link, node, and resource group failures on application flows and link utilization
• Validating the integrity and effectiveness of a network change before deploying it, such as a configuration or topology change
• Planning for the deployment of new applications, or technologies and services such as VPNs, voice over IP (VoIP), and others
• Developing and "testing" alternative strategies for network convergence, consolidation, and migration
• With the optional Cisco NPS-SPM, planning for MPLS networks, including the initial deployment of MPLS Traffic Engineering, MPLS-based VPNs, VPLS, etc.
Q. What technologies and protocols does Cisco NPS support?
A. Cisco NPS helps enable modeling of hundreds of technologies and protocols. The following is a partial list, featuring primary examples:
• IP, ATM, Frame Relay
• Interior Gateway Routing Protocol (IGRP), Enhanced IGRP (EIGRP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Routing Information Protocol (RIP), RIP Next Generation
• Ethernet, Gigabit Ethernet, Spanning Tree Protocol, Token Ring, SONET, Fiber Distributed Data Interface (FDDI), VLAN, VPN, Virtual Private LAN Services (VPLS), and more
• IPv4, IP Multicast, Internetwork Packet Exchange (IPX) protocol, Hot Standby Router Protocol (HSRP)
• Quality of service (QoS) - committed access rate (CAR)/Policing, Custom Queuing, Distributed Weighted Fair Queuing (DWFQ), Class-Based Weighted Fair Queuing (CBWFQ), Deficit Weighted Round Robin (DWRR), Modified Deficit Round Robin (MDRR), Modified Weighted Round Robin (MWRR), FIFO, Low Latency Queuing (LLQ) with Rate Limit, Marking, Priority Queuing, Random Early Detection (RED), and Weighted RED (WRED)
• VoIP, HTTP, FTP, Telnet, e-mail, video, others
With the optional Cisco NPS-SPM the following additional protocols are supported:
• IPv6 and Private Network-Network Interface (PNNI)
Q. How is the software model of a network created?
A. The model of an existing network can be created automatically through the Cisco NPS Virtual Network Data Server. This integrated component of Cisco NPS automatically maintains a detailed, near real-time data model of the production network comprising configuration, topology, and traffic information. You can obtain data automatically directly from a broad scope of network devices using Telnet/Secure Shell (SSH) Protocol and Simple Network Management Protocol (SNMP), including Cisco routers, Cisco Catalyst® switches, the Cisco PIX® Security Appliance, and devices from many other vendors. You can import data from CiscoWorks (including Resource Manager Essentials and Campus Manager) for supported devices, as well as Cisco WAN Manager for wide-area ATM networks. Topology data can be imported from Cisco Connectivity Center, HP OpenView NNM, SMARTS InCharge, and others. Alternatively, integrated Layer 2 and 3 connectivity can be inferred automatically by analyzing neighbor protocol information, content-addressable memory (CAM) and Address Resolution Protocol (ARP) tables, and other sources. You can import traffic information from Cisco NetFlow Flow Collector, or a broad scope of third-party tools. The Cisco NPS Virtual Network Data Server can also poll devices directly for baseline interface utilization statistics.
For a relatively simple network, you can create a model by importing static device-configuration files. ATM network configuration information can be imported through ASCII files. You can also use the GUI to create a model.
Q. How can I apply changes to the network model to analyze impact?
A. You can apply modifications to an existing network through the GUI. The configuration of Cisco devices in the model can also be modified using a "virtual" CLI. If the model was initially created by importing static device-configuration files, it can be "updated" by incrementally importing new or revised files that contain the changes to be analyzed.
Q. How does Cisco NPS support network security?
A. Cisco NPS supports network security through configuration analysis and validation, with nearly 100 rules for security-related issues. It includes rule suites for authentication, authorization, and accounting (AAA), kerberos, RADIUS, TACACS+, SNMP, system logging, device administration, and others. A "test" traffic matrix that includes both valid and invalid flows can be used in a "Security Demands" simulation to predict whether unauthorized flows could penetrate the infrastructure. Unlike typical online vulnerability testing, a Security Demands analysis can be conducted under simulated failure conditions, to ensure that the backup network configuration is secure. It also pinpoints nodes that inappropriately block valid network traffic.
Q. Is Cisco NPS based on solutions from OPNET Technologies?
A. Yes. Cisco NPS is based on OPNET applications and modules to provide comprehensive network planning and operations support.
Q. With what (other) Cisco products does Cisco NPS integrate?
A. Cisco NPS Virtual Network Data Server obtains network data automatically through Telnet/SSH and SNMP from Cisco routers (running Cisco IOS® Software), Cisco Catalyst switches (running Catalyst OS, Cisco IOS Software), and the Cisco PIX Security Appliance. Data can be imported from CiscoWorks (including Resource Manager Essentials and Campus Manager) for supported devices, as well as Cisco WAN Manager for wide-area ATM switches. Topology data can be imported from Cisco Connectivity Center. Traffic data can be imported from Cisco CNS Netflow Collection Engine.
The Virtual Network Data Server can be configured to integrate with Cisco Info Center to obtain real-time awareness of network events that may indicate a configuration change, and automatically update its data for the affected devices. For topology and configuration information, the Virtual Network Data Server will automatically reconcile conflicting or overlapping data based on user-configurable priorities.
Cisco NPS can also integrate with Cisco Application Analysis Solution (AAS). Cisco AAS is a software application that provides a detailed, quantitative understanding of the complex interactions among applications, servers, and networks to efficiently and cost-effectively deploy and support networked applications. Application flows that have been captured, profiled, and analyzed in Cisco AAS can be imported into Cisco NPS to perform detailed network planning to support the target application, including capacity, QoS, and resiliency. Additionally, the detailed network data model from the Virtual Network Data Server of Cisco NPS can be imported into Cisco AAS. Cisco AAS provides the ability to map profiled application flows over a simple network model inferred directly from the application traces. A more accurate, detailed network model can be created in Cisco AAS by utilizing the data model from the Virtual Network Data Server. It should be noted that while Cisco AAS provides some high-level network planning capabilities, these are significantly less detailed and narrower in scope than those supported in Cisco NPS.
Q. Does Cisco NPS provide multiple-vendor device support? How does this support differ from support for Cisco devices?
A. Cisco NPS supports Check Point, Extreme, Foundry, Juniper, Nokia, Nortel, and Tellabs devices. In every case, support is more robust for Cisco devices. That is, the scope of supported configuration commands and device attributes is significantly broader for Cisco devices.
Q. Does Cisco NPS integrate with Cisco CNS Netflow Collection Engine 5.0?
A. Yes. Cisco NPS 1.1 supports obtaining flow data from Cisco CNS Netflow Collection Engine 5.0. This support is limited to output files with CSV-formatted headers.
Optional Cisco NPS-SPM
Q. Is Cisco NPS suitable for service provider networks?
A. Cisco NPS-SPM offers support for service provider-centric technologies such as MPLS and IS-IS. Additionally, Cisco NPS-SPM supports networks that have a large number of internal Border Gateway Protocol (I-BGP) speakers, like those of network service providers, which are considered to be service provider class. Without the optional Cisco NPS-SPM, Cisco NPS supports networks that incorporate up to 30 I-BGP speakers. (There is no limit in any case to the number of external BGP [E-BGP] speakers).
Cisco NPS-SPM supports planning for the initial deployment of resilient MPLS Traffic Engineering, automatically defining primary and secondary explicit Label Switched Paths (LSPs) that are link/node disjoint (subject to topological constraints of the physical network). Additional design operations include minimum-cost MPLS network design, which automatically places and sizes a set of LSPs subject to cost constraints, and MPLS network design based on defined traffic flows.
Q. Does Cisco NPS-SPM increase scalability?
A. Addition of the optional Cisco NPS-SPM does not affect Cisco NPS scalability (the number of supported devices).
Q. Is the Virtual Network Data Server installed with Cisco NPS-SPM functionally different?
A. No. There are no functional differences between the Virtual Network Data Server installed with Cisco NPS and Cisco NPS-SPM.
Q. When upgrading to add the Cisco NPS-SPM to an existing installation of Cisco NPS, does the Virtual Network Data Server also need to be upgraded?
A. There is no functional requirement to upgrade the Virtual Network Data Server when upgrading Cisco NPS to add Cisco NPS-SPM. However, the program structure represented in the Windows start menu ("Startà ProgramsàCisco NPS 1.1...") is slightly different between the two cases. Cisco NPS 1.1 Installation Guide provides detailed information about these installation options and implications.
Installation and Implementation
Q. Does installation require multiple platforms?
A. Yes. As noted previously, Cisco NPS contains a Design and Analysis engine and Virtual Network Data Server, each on separate installation CDs. A large library of technology, protocol, and device models accompanies the Design and Analysis engine to provide the appropriate modeling "behavior" during a simulation. The Design and Analysis engine is typically implemented on the user desktop. The Virtual Network Data Server is generally implemented on a dual-processor platform with the prerequisite database environment located in the network operations center (NOC). Both components are provided with online user documentation that is installed with the product.
Q. Can the Virtual Network Data Server and prerequisite Oracle data systems be implemented on separate platforms?
A. Yes. These components can be implemented on separate platforms. However, it is highly recommended that they be installed on the same dual-processor server. If they are implemented on separate platforms, then these should feature a fast FSB (~800MHz) and be connected via a high-speed link (not over a WAN) that is unimpeded by a firewall. Implementing the database at a location that is remote from the Virtual Network Data Server is not supported.
Q. Do multiple concurrent users require more than one license?
A. Yes. Concurrent users require an equivalent number of Cisco NPS licenses. Alternatively, multiple users may share a single license for Cisco NPS but not concurrently. A License Server allows each user to "check out" a license on an as-needed basis and return it automatically when completed.
Q. What is the difference between a restricted license for Cisco NPS and an unrestricted license?
A. The Cisco NPS restricted license confines use within a single IP network by default subnet class. The Cisco NPS unrestricted license offers the most flexibility for organizations that operate multiple IP networks. Licenses can be accessed by users of workstations on the same IP network as the License Server and up to 100 additional IP networks. Users must maintain connectivity to the designated IP network(s) in order to use each license.
Q. What is provided with Cisco NPS Additional User License?
A. As noted previously, Cisco NPS contains two components: the Design and Analysis engine and Virtual Network Data Server. Cisco NPS Additional User License does not include the Virtual Network Data Server component. The Virtual Network Data Server that is part of Cisco NPS can be used in a single network management environment with an additional Cisco NPS license added per concurrent user to provide design and analysis capability. Some customers will require separate network management environments (such as North America, Europe, etc.) and therefore will require multiple Virtual Network Data Servers.
Q. What are the various licensing options?
A. All the components of Cisco NPS obtain a license from a License Server at the time of startup. The Design and Analysis engine is implemented on a user desktop. The License Server can be implemented on the user desktop as well, if the license is not intended to be shared among multiple users. Alternatively, the license can be shared from a License Server accessible to all the intended users. Only a single user at a time can "check out" a license for the Design and Analysis engine. Multiple licenses are required for multiple concurrent users.
The Virtual Network Data Server operates automatically, rather than being operated by multiple users. It is essentially licensed per instance. It is recommended that the License Server be implemented on the same platform as the Virtual Network Data Server for availability reasons. Note that it is possible to use the same License Server for all Cisco NPS software or two separate servers, one for the Design and Analysis users, and the other for the Virtual Network Data Server.
Q. Is a separate license required for Cisco NPS-SPM?
A. Yes. Installation requires a separate Cisco NPS-SPM license, as well as a license for the underlying Cisco NPS.
Q. What skill level is required to implement and use Cisco NPS?
A. A basic working understanding is required of the network technologies, protocols, and devices that are to be analyzed in Cisco NPS, such as IP/ATM; EIGRP, IGRP, OSPF, BGP, and others; and routers, switches, and firewalls. In general, enough expertise is required to understand what types of questions or studies are reasonable - for example, how OSPF link weight metrics might be changed to achieve a particular operational objective to "test" these in Cisco NPS.
Cisco NPS actually provides an excellent training environment. It provides a better understanding of "real-world" network behavior, and accelerates learning for new technologies such as VPNs and VoIP by simulating their operational characteristics in the "virtual" network.
Q. How much time and effort is required to implement Cisco NPS? Are professional services needed for implementation?
A. The time and effort required to implement the Cisco NPS Design and Analysis engine is small - very little "configuration" is required. Sample models and tutorials are provided to introduce users to the GUI, product features, scope of technology, and protocol support, etc., thereby accelerating their "learning curve." Additionally, detailed methodology guides are included in the product documentation to walk the user through workflows and approaches for common analyses, such as network capacity planning.
The Virtual Network Data Server component of Cisco NPS is integrated with the production network and management environment, and requires thoughtful planning, some assessment and configuration of target data sources to enable integration, custom configuration of the Virtual Network Data Server, and subsequent validation of the end-to-end workflow. Troubleshooting is often required to resolve unanticipated issues that result from target devices or network management platforms not being configured properly, device credentials being inaccurate, source data being unreliable, etc.
Cisco NPS requires professional services to accelerate solution deployment. Engagements vary depending on the scope and complexity of the target network and data sources, but are typically two to four weeks long. These services are priced, contracted, and delivered separately.