The ASR 9000 has 6 times more capacity and is 4 times faster than any other router in the same category. It is able to transmit data at a rate of 6.4 terabits per second. What does this mean? It means that it is capable of transmitting 200 dvd video / sec or 250.000 mp3s / sec or 500.000 e-books / second. Therefore, the bandwidth capacity of the ASR 9000 router is 10 times of the Cisco ASR 1000. For example, the ASR 9000 supports 100 megabits per second (Mbps) to homes, compared to common legacy E1 or T1 connections which used to have around 1.5 to 2 Mbps.

«We really believe that the IP (Internet Protocol) traffic on the Internet will be growing by 46% annually up to 2012 while the bulk of traffic, about 90%, will be consumed by video,” said Pankaj Patel, senior vice president who manages the company’s relationships with telecommunications carriers.

The ASR 9000 has innovative technology for proactive management of video signals which are particularly difficult. It can repair and offer an excellent image quality and performance for HDTV and other video services, state executives of Cisco. It is ideal for companies such as AT & T and Verizon because they offer more and faster Internet video to mobile phones and for the PC consumers.

As a corollary, the company adds that the ASR 9000 operates 40% more effectively than other competing products, helping to save the planet and saving money for the network operators.

So far, some of the largest telecommunications companies in the world, including Softbank Corp. Japan have signed for the acquisition of such devices. The ASR 9000 router is using the same operating system as the Cisco CRS – 1 that transmits data with rate of 92 trillion bits per second and which now ‘runs’ for more than 200 telecommunication operators in the high speed lanes of the world wide web. When the Cisco launched CRS-1 in 2004, some analysts said that these heavy duty network machines (weighing 2,300 pounds and having a height of 7 feet) did not satisfied customers’ wishes. They even predicted that the San Jose company will not sell more than 50 units. Pankaj however stated that Cisco now sells at least 50 such routers per week. Last year, the company earned 39 billion U.S. dollars just from the sales of ASR routers.

Glen Hunt, an analyst at Current Analysis said that Cisco’s new router will cost providers at least $ 80,000. The ASR 9000 can be installed close to homes and business premises of consumers. This model took 4 years to get out to production and had cost $200 million U.S. dollars. According to Ray Mota, director of sales strategy of Synergy Research Group, the ASR 9000 will fill a gap in the production chain of Cisco and will help the San Jose company to maintain its market share. Cisco competes with companies like Alcatel – Lucent and Juniper Networks in the sales of routers. However, Cisco controls 59% of the market compared with Alcatel – Lucent controlling 15% and 14% for Juniper.

DHCP, as we all know, is a broadcast protocol (shame on you if you don’t know that already !!) which normally works only on the same Layer 2 broadcast domain. Does this mean that you need to have your DHCP Server connected to the same network subnet as the DHCP clients? If this was the case it would not be flexible or economical at all. What if you have segmented your internal network into many different subnets and you have DHCP clients in all those subnets. Would this mean that you must have a DHCP server for every subnet? Fortunately, you don’t need to have this situation. With the Cisco “ip helper-address” command configured on the Layer3 interface which receives the client’s DHCP broadcast, you can transform the broadcast request into a unicast and send it to a centralized DHCP server which can be located to a different subnet in your network. The unicast DHCP request will be routed normally to the destination DHCP Server within the network, even if the server is far away from the DHCP client.

The DHCP server must have an appropriate IP Pool scope configured for the specific subnet from where the DHCP request came. Using this IP scope, the server will assign an appropriate IP address to the requesting client. For example, if the DHCP client subnet is 192.168.1.0/24, then the remote DHCP server must have an IP Pool configured to assign addresses within the range 192.168.1.0/24. The source DHCP client subnet is determined by the IP address assigned to the Layer3 interface which has the ip helper-address configured.

Let’s see an example scenario below with a configuration snapshot.

From the network diagram above, two DHCP client PCs are located behind Router A. Interface Fe0/0 of the router has IP address 192.168.1.1/24. The DHCP clients will start broadcasting DHCP requests in order to get their IP address information assigned from a server. By default, these DHCP broadcast requests will be confined within Switch A and will never reach any other subnet beyond Router A. By configuring an “ip helper-address 10.10.10.1” under interface Fe0/0 of Router A, we tell the router to turn the DHCP broadcast into a DHCP unicast and send it to destination DHCP server 10.10.10.1. The server will see that the DHCP request came from source subnet 192.168.1.0/24 and will therefore assign an appropriate IP address from a configured IP pool scope within the range 192.168.1.0.

Configuration on Router A

RouterA# conf t
RouterA(config)# interface fastethernet0/0
RouterA(config-if)# ip address 192.168.1.1 255.255.255.0
RouterA(config-if)# ip helper-address 10.10.10.1

Some other important considerations for ip helper-address

By default, the ip helper-address command forwards also some other broadcast protocols in addition to the DHCP (BOOTP) protocol. It forwards by default the following eight UDP broadcast protocols:

• UDP 37 (Time protocol)
• UDP 49 (TACACS)
• UDP 53 (DNS)
• UDP 67 (DHCP Server)
• UDP 68 (DHCP Client)
• UDP 69 (TFTP)
• UDP 137 (NetBios)
• UDP 138 (NetBios Datagram service)

If you want to add more broadcast protocols to be forwarded, or even remove some of the default forwarded protocols, you can use the “ip forward-protocol” command under global config mode.

Example: Remove the NetBios protocols (137,138) from being forwarded by default, and add NTP protocol 123 to be forwarded by ip helper-address.

RouterA(config)# no ip forward-protocol udp 137
RouterA(config)# no ip forward-protocol udp 138
RouterA(config)# ip forward-protocol udp 123

I was reading a security statistics report the other day and it seems that web vulnerabilities take up the majority of the pie. SQL injections, Cross Site Scripting, Code injections etc are found everywhere in web applications. Unfortunately secure coding (not only for HTML but for any software application) is not yet widely adopted, so we end up with applications that are vulnerable to all sorts of attacks. And because everyone is using the Web, we consequently find that security holes are more prevalent on Web Applications compared with anything else.

Legacy security architectures were designed with just perimeter and network security in mind. In the past, security experts were thinking that by installing a network firewall and maybe an Intrusion Detection System would provide all the required security. This is not true at all for protecting against modern attacks. Indeed a high-speed dedicated hardware firewall is still needed to provide low-level inspection and filtering (catching various attacks on the network and transport layers). After the legacy security infrastructure devices do their job (allowing only clean traffic to pass to the applications), an application firewall is also required for deeper inspection of incoming data and for discovering more complex application attacks that a regular firewall is not able to detect.

The ACE Web Application Firewall is a security appliance that is intended for deployment inside the DMZ segment, where your Web Applications are located. It fulfills all the requirements for companies that want to comply with PCI DSS regulations (companies that store and process credit card data) and combines deep Web application analysis with high-performance Extensible Markup Language (XML) inspection and management to address the full range of these threats. It secures and protects Web applications from common attacks such as identity theft, data theft, application disruption, fraud, SQL injection attacks, XSS attacks etc.

For more information of the ACE Web Application Firewall visit the Cisco link HERE.

The latest Cisco IOS version was 12.4 until recently when Cisco IOS version 15.0 was introduced. Have you noticed the jump from version 12 to 15? Do you wonder why versions 13 and 14 were skipped? Well, rumors say that Cisco avoided those version numbers because 13 is considered unlucky in the Western Culture and 14 is also considered unlucky in the Asian culture !!

As with any version upgrade, there are many new features on this release, most of them you will never use them in your life!! This is a characteristic of IOS anyway. It includes all features under the sun related with networking. It offers much flexibility, but also a lot of unnecessary stuff that you will never user them.

Before upgrading to version 15, I strongly recommend to use the Cisco Feature Navigator tool from cisco.com site in order to verify memory requirements (most important) and also to identify which features are supported.

Here are the release notes for IOS 15.0M and HERE is the main page for this release.