Articles Tagged ‘networks’

Cisco Express Forwarding

Title:              Cisco Express Forwarding
Authors:        Nakia Stringfield , Russ White, Stacia McKee
ISBN-10(13):     1587052369
Publisher:      Cisco Press
Published:     May 4, 2007
Edition:         1st Edition
Language:     English

star-4   buy-now

Cisco Express Forwarding

Normally a book review shouldn't start with a warning, well this one does: This book is not for everyone. There's a huge number of Cisco books available, many of them dealing with the same technology (routing, switching), some more in-depth than others, and some dedicated to a specific technology.

Some people don't know that many packets in a router are switched from an input interface to an output interface. This means that the main CPU of a router is not directly, or is less, involved in the forwarding of a packet. Initially all packets traversing a router were process switched, this had some serious performance issues. So Cisco came up with the idea to cache information to the interface processors. This was the birth of fast switching.

Somewhere in the 90's Cisco realized that Fast Switching had its limitations, and a new switching technology was developed which led to CEF (Cisco Express Forwarding). This has become the default switching method in almost all Cisco routers. This book deals with this exclusively.

The book has two parts, one dealing with understanding, configuring and troubleshooting (4 chapters), and the second part (3 chapters) has some CEF case studies.

Chapter 1 deals mainly with the architecture of a router and has some very detailed information about how memory, buffers and interfaces relate to each other.

Chapters 2 and 3 deal with understanding of and enhancements to the original CEF implementations. These two chapters have many show commands to clarify CEF.

Chapter 4 has an IP connectivity troubleshooting example in which CEF can help you to understand the problem, an excellent chapter.

Chapter 5 describes CEF on a Cat6500, which is hardware based, and the differences when troubleshooting CEF on a Cat6500.

Chapter 6 is all about load sharing with CEF. This, for me, is the best chapter of this book. It gives you real world configurations and problems and shows how CEF plays a role in load sharing. Excellent!

Chapter 7 deals with CEF in an MPLS VPN environment. Together with chapter 6 it provides really useful information; information you can apply directly in your network.

In the beginning I mentioned that this book is not for everyone - let me clarify that.

Most people know how to drive a car: use the key to start the engine and off you go, sometimes you have to fill it up. For most people this is enough. Then there are people who understand some of the lights on the dashboard and how to take action on these. But only a few people really understand how a car works, and are capable of dealing with any mechanical problem that might occur.

In the same manner, this book will provide the insight required to understand how CEF truly works inside Cisco's routers and switches.

This book can promote you to the elite; it is the last piece of the puzzle that will tell exactly how packets are moved inside a router.


Cisco LAN Switching (CCIE Professional Development Series)

Title:              Cisco LAN Switching (CCIE Professional Development Series)
Authors:        Kennedy Clark, Kevin Hamilton
ISBN-10(13):     1578700949
Publisher:      Cisco Press
Published:     August 26, 1999
Edition:         1st Edition
Language:     English

Reviewer: John Korakis

star-4   buy-now

Cisco Lan Switching

If “Routing TCP/IP Vol 1 & 2” by Jeff Doyle and Jennifer Carroll is considered the bible of Routing, this book should definitely be considered the bible of LAN Switching.

The authors cover a wide spectrum of technologies in great detail, combining technical with easy to read writing. Theory, explanation and examples are smoothly integrated into the text, making complex technical issues fun to read and easy to understand. The fair amount of humor used aims in that direction too.

The only disadvantage of this book is its age. Published in 1999, it naturally lacks information regarding technologies created and adopted in more recent years such as the newer versions of Spanning Tree, while it covers outdated subjects such as Token Ring and Cat OS CLI. However, things have not changed that much in the LAN Switching field since then and learning some history never harmed anyone.

The book is organized in six parts which contain a total of eighteen chapters.

Foundational Issues

Part I (chapters 1 to 5) is called “Foundational Issues”. This part describes the technologies upon which the rest of the subjects described in the book are based.

Chapter 1, “Desktop Technologies” covers Ethernet (Legacy, Fast Ethernet, Gigabit Ethernet) and Token Ring.

Chapter 2 covers some ways of “Segmenting LANs”.

Chapter 3 is about “Bridging Technologies”, in particular Transparent Bridging, Token Ring Bridging and Token Ring Switching.

Chapter 4, “Configuring the Catalyst” explores general Catalyst configuration issues using detailed command examples. This chapter’s configuration examples, as well as the vast majority of them throughout this book, are based on the so called Cat OS CLI, which is seldom used nowadays. It is worth noting, however, that anyone who has used the native IOS CLI used on the more recent Catalysts should be able to recognize the similarities with the good old Cat OS.

Chapter 5, finally, covers “VLANs”.

Spanning Tree

Part II (chapters 6 and 7) is dedicated to “Spanning Tree”. These two are among the best (if not the best of all) chapters ever written in a networking book. They simply contain everything about Spanning Tree.

Chapter 6, “Understanding Spanning Tree”.

Chapter 7, “Advanced Spanning Tree”.


Part III (chapters 8 to 10) covers “Trunking”.

Chapter 8, “Trunking Technologies and Applications” describes Ethernet Trunks, FDDI Trunks and ATM Trunks, as well as some Trunking Options.

Chapter 9, “Trunking with LAN Emulation” begins with a brief ATM tutorial and continues with explaining ATM LAN Emulation (LANE). The LANE part begins with the amusing skit “Let’s go to the LANE Bar”, attempting to describe this complex technology in an original and fun way.

Chapter 10, “Trunking with Multiprotocol over ATM” explains MPOA. No skit this time!

Advanced Features

Part IV (chapters 11 to 13) introduce some “Advanced Features”.

Chapter 11, “Layer 3 Switching” covers Router-on-a-Stick, RSM, MLS, HSRP and Integration between Routing and Bridging.

Chapter 12, “VLAN Trunking Protocol”, covers Cisco’s VTP theory and configuration.

Chapter 13, “Multicast and Broadcast services” is about CGMP, IGMP, IGMP Snooping and Broadcast Suppression.

Part V (chapters 14 to 18), “Real-World Campus Design and Implementation”.

Chapter 14, “Campus Design Models” contains some theory regarding Campus Design.

Chapter 15, “Campus Design Implementation” contains advice and best practices on implementing all the previously described technologies in the book.

Chapter 16, “Troubleshooting” introduces a couple of troubleshooting philosophies and tools.

Chapter 17, “Case Studies: Implementing Switches” covers two real-world design examples with sample configurations.

Chapter 18, “Catalyst 6000 Technology” describes the Catalyst 6000/6500 switches technology and introduces the Native IOS Mode Configuration, found in today’s Catalysts.


Cisco LAN Switching is mainly focused on Network Engineers looking for a quality reference book on LAN Switching or preparing for the CCIE certification. However, it could be extremely useful to anyone looking for expert level knowledge on Layer 2 LAN technologies.

Although the book is Cisco oriented, many of the subjects covered are open industry standards, making it a great choice for literally everybody.


Network Fundamentals

A network is simply a group of two or more Personal Computers linked together. Many types of networks exist, but the most common types of networks are Local-Area Networks (LANs), and Wide-Area Networks (WANs).

In a LAN, computers are connected together within a "local" area (for example, an office or home). In a WAN, computers are further apart and are connected via telephone/communication lines, radio waves or other means of connection.

How are Networks Categorized?

Networks are usually classified using three properties: Topology, Protocols and Architecture. 

Topology specifies the geometric arrangement of the network. Common topologies are a bus, ring and star.You can check out a figure showing the three common types of network topologies here.

Protocol specifies a common set of rules and signals the computers on the network use to communicate. Most networks use Ethernet, but some networks may use IBM's Token Ring protocol. We recommend Ethernet for both home and office networking. For more information, please select the Ethernet link on the left.

Architecture refers to one of the two major types of network architecture: Peer-to-peer or client/server. In a Peer-to-Peer networking configuration, there is no server, and computers simply connect with each other in a workgroup to share files, printers and Internet access.

This is most commonly found in home configurations and is only practical for workgroups of a dozen or less computers. In a client/server network there is usually an NT Domain Controller, to which all of the computers log on. This server can provide various services, including centrally routed Internet Access, mail (including e-mail), file sharing and printer access, as well as ensuring security across the network. This is most commonly found in corporate configurations, where network security is essential.

Palo Alto Firewall Application-based Policy Enforcement (App-ID), User Identification (User-ID) and Application Control Centre (ACC) Features for Enterprise Networks

Our previous article examined the benefits of Palo Alto Networks Firewall Single Pass Parallel Processing (SP3) architecture and how its combine with the separate Data and Control planes to boost firewall performance and handle large amounts of traffic without and performance impact. This article focuses on the traffic flow logic inside the Palo Alto Firewall and two unique features that separate it from the competition: Application-based policy enforcement (App-ID) & User Identification (User-ID).

For more Technical articles on Palo Alto Networks Firewalls, visit our Palo Alto Networks Firewall Section

Flow Logic of the Next-Generation Firewall

The diagram below is a simplified version of the flow logic of a packet travelling through a Palo Alto Networks Next-Generation Firewall and this can be always used a reference to study the packet processing sequence:


Figure 1. Flow Logic of a packet inside the Palo Alto Networks Next Generation Firewall

Palo Alto Networks Next-Generation Firewalls works with the concepts of zones not interfaces, once a packet enters the firewall, the Palo Alto Networks Next-Generation Firewalls identifies from which zone the packet came and where it is destined to go. This is similar to Cisco IOS Routers Zone-based Firewalls and Cisco ASA Firewalls.

Users interested can also download for free the Palo Alto Networks document “Day in the Life of a Packet” found in our Palo Alto Networks Download section which explains in great detail the packet flow sequence inside the Palo Alto Networks Firewall.

App-ID & User-ID – Features That Set Palo Alto Apart from the Competition

App-ID and User-ID are two really interesting features not found on most competitors’ firewalls and really help set Palo Alto Networks apart from the competition. Let’s take a look at what App-ID and User-ID are and how they help protect the enterprise network.

App-ID: Application-based Policy Enforcement

App-ID is the biggest asset of Palo Alto Networks Next-Generation Firewalls. Traditional firewalls block traffic based on protocol and/or ports, which years ago seemed to be the best way of securing the network perimeter, however this approach today is inadequate as applications (including SSL VPNs) can easily bypass a port-based firewall by hopping between ports or using well-known open ports such as tcp-http (80) or tcp/udp-dns (53) normally found open.

A traditional firewall that allows the usage of TCP/UDP port 53 for DNS lookups, will allow any application using that port to pass through without asking second questions. This means that any application can use port 53 to send/receive traffic, including evasive applications like BitTorrent for P2P file sharing, which is quite dangerous:

Palo Alto Network’s App-ID effectively blocks unwanted BitTorrent traffic

Figure 2. Palo Alto Network’s App-ID effectively blocks unwanted BitTorrent traffic

With App-ID, Palo Alto Networks Next-Generation Firewalls uses multiple identification mechanisms to determine the exact identity of applications traversing the network. Following is the order in which traffic is examined and classified:

SDN and OpenFlow for Beginners with Hands-on Labs

Title:              SDN and OpenFlow for Beginners with Hands-on Labs
Authors:        Vivek Tiwari
ISBN-10(13):     B00EZE46D4
Publisher:      Amazon Digital Services, Inc.
Published:     4th September 2013
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

star-4   buy-now

SDN and openflow

Software Defined Network, or SDN, as a concept, is quite new in the networking world (at least for me). What it essentially means is that through SDN, management and control of a network is decoupled from a strict hardware architecture and handed over to a software application.

This new eBook, from author Vivek Tiwari, is a technical overview of SDN, its meaning, concepts, working principle and, finally, a glimpse of its future.

In a broad sense, this book is a brief glimpse of the author's journey to becoming familiarised with SDN, its impact and its future.

As well as imparting knowledge, it helps us avoid hours of online searches by providing a consolidated approach towards concepts and technology, and a thorough understanding of SDN via hands on experience through labs.

I had initial doubts about reading an eBook. I am old school when it comes to books. I need the reassuring feel of the weight in my hands, the uninhibited freedom of moving through the pages, but since I have read a few titles by the same author, I thought I should give this eBook a chance.

The book consists of two parts, Part 1 deals with the theory and concepts, Part 2 deals with the hands on experience of SDN.

Part 1 - The Theory

Lets start with what we encounter in part 1.

The obvious approach of core concept explanation precedes critical analysis of this new trend. We come across the history lesson followed by a quick overview of the most important terms that are essential to grasp the concepts of SDN.

Readers should not be dissuaded by the number of chapters (23 in total), as I observed later that every chapter included is essential.

Chapters 1 to 4 set the foundation of SDN and then open up the discussion for Openflow. As explained by the author, Openflow is the protocol that intertwines with the architecture which is SDN.

Chapters 6 and 7 go though the concepts of Openflow and demonstrate its capabilities. This is followed by a brief synopsis of the different versions of this new protocol.

Once Openflow has been dealt with, the author starts making a case for SDN by extolling its advantages. Even though the chapter on this topic is quite small, each point discussed under this banner is quite concise and relevant. Individually each reason stated makes its own case depending on the nature of SDN deployment.

There are several scenarios explained in subsequent chapters where SDN can be deployed. These include infrastructures like enterprise networks, service provider, wan and datacentres.

What follows the case studies is quite interesting. By now the reader must be intrigued thinking of the future of all network hardware providers, once the network itself can be virtualised. The author provides the involvement of salient players in the network hardware market, e.g. Cisco, juniper etc. This discussion also includes key network users like Google and Facebook, users for whom the network is regarded as the main computing platform.

The author then opens up the field for a very candid and interesting topic. This is where he weighs out the feasibility of SDN itself, while performing a critical analysis. He tries to prove or disprove whether it is hype or the imminent future.

The future is then discussed in chapter 16. This is of course the author’s predictions. However, after reading it, I felt more in agreement with it than against it. I have a strong feeling that the author has made a valid point. The outcome of SDN and the future of network are intertwined and fundamentally inseparable.

Part 2 - Hands-on Experience with Labs

The second part, as mentioned earlier, is all about the hands on experience of SDN. The author lists the requirements before the SDN theory can be put to action. All of this is discussed in chapter 17. Then from chapter 18 to chapter 23 we not only get a ringside view of SDN in action, but also indulge in being part of the excitement of practising SDN as well.

As is customary the concluding section of the book contains appendices, providing more support information about SDN, related softwares, projects etc., which only enhance the understanding of SDN.

After reading the book and being enlightened about SDN, I must say I am more than intrigued about this new concept. I will be watching the progress of it very closely and, who knows, I might end up jumping onto the SDN bandwagon very soon. It would be a folly not to do so. I presume key stakeholders in network based institutions and vendors are already getting involved to a great depth.


This book certainly succeeds in arousing a great amount of interest in not just SDN but how this is probably going the shape the future of the network as a whole. I would recommend this book to all CTO and CEOs who are looking to move with the times and embrace technology. SDN is here to stay, and this book is a very good platform to start getting acclimatised with it. The book is a good initiation of SDN, which might, or should I say will definitely, end up being a game changer in our future.



Articles To Read Next:


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup