The IOS Difference
Not all IP routers are created equal.
|
Snapshot: Not all routing software is created equal. Cisco IOS® Software runs on 82 Cisco router platforms within 27 router families and supports more than 1000 standard technologies. As important as the number of software features supported is how well they are implemented and the level of integration among them. And that's what sets Cisco IOS Software apart from the rest of the pack. This article details key development areas for IOS, including quality of service (QoS), security, and high-availability networking.
Keywords: Cisco Globally Resilient IP (GRIP), Cisco IOS Software, Cisco Policer, high availability, Network-Based Application Recognition (NBAR), QoS
|
It might seem that all IP routers that run the major routing protocols, deliver respectable throughput, and support a mix of network interfaces would deliver comparable value. However, for organizations that expect more from their networks than getting packets from point A to point B with best-effort service, all routing software has not been created equal.
The breadth of value-added features and how well they integrate with one another across the various network segments contribute substantially to an IP network's performance and manageability. Cisco IOS® Software, which runs on 82 Cisco router platforms within 27 router families, supports more than 1000 standard technologies defined in Internet Engineering Task Force (IETF) RFCs.
"However, at least as important as the number of software features supported is how well they are implemented and the level of integration among them," says Sachin Gupta, manager of technical marketing in Cisco's Internet Technologies Division.
Consider, for example, the ability of quality-of-service (QoS) and security features to communicate with one another so that a network policy set using one feature triggers appropriate corresponding behavior in the other. This integration and automation enhances and simplifies the network administrator's ability to implement policy-based rules for classifying, treating, and filtering traffic generated by specific applications and users.
QoS and security, along with high-availability networking, are key development areas for Cisco IOS Software that will be discussed here in some detail.
The QoS Advantage
Routers play a large role in a network's ability to deliver the end-to-end performance required by each application. Tightly controlling bandwidth allocation, delay, jitter (delay variation), and packet loss on a circuit carrying voice or transaction-based traffic alongside traditional data, for example, is the responsibility of an integrated QoS feature set within Cisco IOS Software.
To create networkwide QoS policies for the treatment of different types of traffic based on application, protocol, user, or other criteria, administrators can use the Cisco Modular QoS Command-Line Interface (MQC). The MQC is a high-level language that represents a common configuration and command structure.
"Use of the MQC -- a single framework for QoS-enabling the network -- simplifies and lowers the cost of provisioning policies across the LAN and WAN," says Vijay Krishnamoorthy, Cisco product manager for IP and Multiprotocol Label Switching (MPLS) QoS.
Identifying Traffic
It is important that the network provide the appropriate services to the applications and noncritical applications do not hamper the performance of critical ones. To that end, Network-Based Application Recognition (NBAR) is an intelligent classification engine in Cisco IOS Software that recognizes a wide variety of applications, including Web-based and client-server applications. After the applications are recognized, the network can invoke the required services for that particular application. With the rapid deployment of QoS, new requirements for packet classification have emerged.
NBAR currently recognizes 75 protocols and applications, though the list is continually growing, notes Chetan Khetani, product manager for NBAR and QoS. These include applications that have dynamically assigned TCP and UDP port numbers, as well as applications that require deep inspection (classifying applications by looking deeper into the packets). Examples include HTTP traffic, identified by the URL, host name or MIME type; Citrix Independent Computing Architecture (ICA) traffic; and Real-Time Transport Protocol (RTP)-based voice and video bearer traffic, classified by the type of codec used. Cisco QoS features use NBAR and other classification capabilities within MQC to guarantee a certain amount of bandwidth to critical applications, limit bandwidth available to less important applications, mark packets for appropriate treatment, and drop selected packets to avoid congestion.
An NBAR functionality called Protocol Discovery calculates how much network bandwidth each application is consuming. NBAR might discover that a noncritical application such as Gnutella (peer-to-peer file sharing application) is hogging the WAN link to the detriment of higher-priority applications. At that point, the network administrator can invoke class-based Policer, a Cisco QoS feature, to restrict the amount of bandwidth Gnutella is permitted to consume.
Policing Enhancements
Policing has two components: rate limiting and packet marking. Rate limiting monitors traffic and takes appropriate action when traffic conforms to or exceeds a defined Committed Information Rate (CIR). In-profile traffic (within CIR) can be marked at a lower drop-probability level than out-of-profile traffic (which exceeds CIR). Weighted Random Early Detection (WRED) can then be applied to an outbound interface to monitor traffic loads in an effort to anticipate and avoid congestion.
"Packet queues on router interfaces begin to fill during periods of congestion," explains Ramya Venkatraman, Cisco technical marketing engineer for IP QoS. "WRED drops out-of-profile packets with a higher probability than in-profile packets when queue depth exceeds a certain threshold." In this way, packet bursts can be accommodated without violating service-level agreements while maximizing network utilization, says Venkatraman.
Cisco Policer has recently been enhanced with two new features. Two-Rate Policer, which complies with IETF RFC 2698, was introduced in Cisco IOS Software Release 12.2(4)T. It enables traffic policing according to two separate rates: a CIR and a Peak Information Rate (PIR). PIR is in force during periods of time when, for example, an enterprise wishes to exceed the CIR of its WAN service in a continuous burst.
Policer Enhancements-Multiple Actions allows network managers to specify multiple marking actions for in- and out-of-profile traffic using either single- or dual-rate Policer. Users can set multiple "exceed" commands at a time. These commands involve a combination of up to four of the following: IP Precedence value, IP Differentiated Services Code Point (DSCP) value, MPLS experimental (EXP) value, ATM cell loss priority (CLP) bit, and Frame Relay discard eligibility (DE) bit. These markings are enforced depending on whether traffic traverses a native IP, MPLS, ATM, or Frame Relay backbone -- or a combination of backbones.
"In a typical deployment, configuring two actions suffices -- one for a Layer 2 network and another for a Layer 3 network," notes Sangita Pandya, a Cisco technical marketing engineer.
Securing the Network
As mentioned, QoS and security both entail setting and enforcing policies for identifying and treating traffic. On the security side, network administrators can assign 16 levels of user privileges. They can authenticate access on a user-by-user basis and even authorize the execution of each command, says Mark Denny, manager of IP services and security at Cisco.
The core security features bundled into Cisco IOS Software embrace the general areas of access control, virtual private network (VPN) technology such as IP Security (IPSec), stateful firewall filtering, and intrusion detection. They are implemented consistently across the breadth of Cisco router platforms, Denny notes.
These features integrate with one another and with other Cisco IOS Software technologies. For example, Cisco IPSec VPNs support many features that rely on the manipulation of an IP address header. These include Network Address Translation (NAT), Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and QoS markings for voice over IP (VoIP). To enable these capabilities across encrypted IPSec tunnels, the service markings are applied before encryption, then are copied to the new outward-facing IPSec address. "Cisco never develops a feature without considering if and how other Cisco IOS Software features can be integrated with it for a more robust implementation," says Denny.
Maximizing Uptime
As business success increasingly relies on the network, it is imperative to maximize network availability. In June, Cisco announced a suite of nine high-availability features in Cisco IOS Software under the Cisco Globally Resilient IP (GRIP) initiative. The features slash network convergence times in the event of unplanned outages and increase the stability of IP networks using a number of innovative techniques (see "Getting a GRIP on Network Resilience," Packet® Third Quarter 2002).
Several of these capabilities will begin shipping in the latter part of this year in Cisco IOS Software. These include Incremental SPF Optimization, which streamlines the way routing tables are rebuilt after faults for faster network convergence. In addition, Stateful NAT and Stateful IPSec, which enable existing NAT sessions and IPSec tunnels to be preserved during a switchover between routers, such as is accomplished with Hot Standby Routing Protocol (HSRP). "Furthermore, we are simplifying the deployment of load balancing across HSRP routers," adds Charles Goldberg, manager, product management for IOS. "Later this year, we will introduce Gateway Load Balancing Protocol, which allows traffic to spread across multiple routers and switches by enabling a single command. This is much simplified over the current multiple subnet or VLAN load-balancing techniques used today."
Key among the high-availability capabilities is support for routing protocol enhancements available in Cisco IOS Software Release 12.0(22)S for Cisco 12000 and 10000 Internet routers and the 7500 Series Router. These enhancements work with redundant route processors to enable immediate recovery after a route processor failure.
Cisco Nonstop Forwarding (NSF), for example, supports Border Gateway Protocol (BGP) extensions currently described in an IETF Internet-Draft called "Graceful Restart Mechanism for BGP." A similar capability has been introduced by Cisco to the IETF for the Open Shortest Path First (OSPF) routing protocol.
The protocol extensions specify how these routing protocols will notify a peer router that a local device can still forward traffic even if its route processor fails, explains Purnam Sheth, senior manager for high-availability engineering at Cisco. "Using BGP extensions, one router, in effect, tells its neighbor, ÔIf I go away, I'll be right back, so don't change your routing table yet,' " Sheth explains. Only when the failed primary route processor is in service again (or its backup has taken over), will the peer router send all routing advertisements to it to build a new routing table.
"These extensions are needed for network scalability, preventing routing update messages from going to every adjacent router in the network while one route processor fails over," says Sheth. This contributes greatly to network stability, he says.
* * *
This article has provided an introductory overview of the breadth, depth, and level of integration of Cisco IOS Software features, which together deliver a value greater than the sum of its parts. For more information, see the accompanying sidebar, "Q&A: Straight Talk About IOS."
Q&A: Straight Talk About IOS
Packet editors recently interviewed Sachin Gupta, manager of technical marketing in the Cisco Internet Technologies Division, to answer some common customer questions about Cisco router software and to look ahead at the Cisco IOS Software roadmap.
Packet: Are there such things as "IOS-compatible" routers by other vendors?
Gupta: Yes and no. Some router vendors have reengineered Interior Gateway Routing Protocol (IGRP) and Enhanced IGRP, the routing protocols developed by Cisco and optimized for use in Cisco networks. So some non-Cisco routers support Cisco's own routing protocols. However, being compatible in this area does not mean that a device supports all Cisco IOS Software features or Cisco's level of feature integration.
Packet: What are the biggest advantages of Cisco IOS Software?
Gupta: There are three big advantages. First, its feature richness and level of integration between technologies on the widest range of platforms. Second, the sophisticated troubleshooting and management capabilities. Third, the worldwide Cisco support structure and customer knowledge base. And these last two advantages, in turn, lower a customer's total cost of ownership.
Packet: Does implementing network services in software slow down router performance?
Gupta: Where you need very high performance numbers is in the service provider network core and edge. Here, Cisco platforms implement IOS features in silicon, leaving the software to handle the control plane functions. In these implementations (such as in the Cisco 7600, 10000, and 12000 Series Internet routers), you can run huge volumes of Cisco IOS features simultaneously at line rates. Several Cisco routers (such as the 7500 Series Router and 7600 and 12000 Series Internet routers) also feature distributed packet forwarding to further enhance performance with network services.
As you move to the enterprise edge and backbone, people don't necessarily need (nor are they willing to pay for) that level of performance. Still, some branch-office access routers, including the Cisco 3700 Series Router, have gained processor enhancements that enable Cisco IOS Software features to run virtually at line rate in these network segments, too.
Packet: Why are there multiple versions of IOS?
Gupta: The large number of software trains evolved to meet the diverse needs of the broad number of markets and customers we serve. The volume and sophistication of features required by large service providers, for example, usually differ greatly from the needs (and budgets) of small businesses. However, Cisco is working on a software unification plan that will consolidate several major releases and should result in simplifying customer decisions regarding which release to deploy. There are also plans to deliver fewer feature sets targeted toward market segment needs, further simplifying the release selection process.
Packet: How can customers determine which IOS release and router platform(s) to select?
Gupta: The Cisco IOS Feature Navigator tool at cisco.com/go/fn helps determine which release to select. For router platforms, customers should refer to Cisco.com or contact their cisco account team. (For more help on determining the release(s) of IOS right for your network, see "Four Steps to the Right IOS" -- Editors.)
|
Reader Feedback: Tell us what you think.
Return to the Fourth Quarter 2002 Table of Contents
Download a PDF of this article.
(Or download a PDF of this issue of Packet.)
FOURTH QUARTER 2002 ARCHIVE ISSUE
